108 lines
3.5 KiB
Nix
108 lines
3.5 KiB
Nix
{self, ...} @ inputs: let
|
|
nixpkgs = inputs.nixpkgs-unstable;
|
|
lib = nixpkgs.lib;
|
|
|
|
hosts = import ./hosts inputs;
|
|
in
|
|
{
|
|
nixosConfigurations = hosts.nixosConfigurations;
|
|
#darwinConfigurations = hosts.darswinConfigurations;
|
|
|
|
deploy.nodes = import ./deployNodes.nix {
|
|
nixosConfigurations = self.nixosConfigurations;
|
|
deploy-rs = inputs.deploy-rs;
|
|
};
|
|
}
|
|
// (inputs.flake-utils.lib.eachDefaultSystem (system: let
|
|
pkgs = import nixpkgs {
|
|
inherit system;
|
|
overlays = [
|
|
(import ./overlay)
|
|
];
|
|
};
|
|
|
|
secretsLib = import ./modules/nixos/secrets-lib/lib.nix {
|
|
inherit (nixpkgs) lib;
|
|
inherit pkgs;
|
|
};
|
|
|
|
secretsInitScriptForSystem = system_name: let
|
|
systemConfig = self.nixosConfigurations.${system_name}.config;
|
|
systemSecretsConfig = systemConfig.services.secrets;
|
|
in
|
|
secretsLib.mkSecretsInitScript systemSecretsConfig "${system_name}";
|
|
|
|
secretsInitScriptForSystemContainer = system_name: container_name: let
|
|
systemConfig = self.nixosConfigurations.${system_name}.config;
|
|
containerConfig = systemConfig.containers.${container_name}.config;
|
|
containerSecretsConfig = containerConfig.services.secrets;
|
|
in
|
|
secretsLib.mkSecretsInitScript containerSecretsConfig "${system_name}-${container_name}";
|
|
|
|
secretsInitAppForSystem = system_name: packages: let
|
|
name = "secrets-init-${system_name}";
|
|
package = packages."${name}";
|
|
in {
|
|
type = "app";
|
|
program = "${package}/bin/${name}";
|
|
};
|
|
|
|
secretsInitAppForSystemContainer = system_name: container_name: packages: let
|
|
name = "secrets-init-${system_name}-${container_name}";
|
|
package = packages."${name}";
|
|
in {
|
|
type = "app";
|
|
program = "${package}/bin/${name}";
|
|
};
|
|
in {
|
|
devShell = pkgs.mkShell {
|
|
VAULT_API_ADDR = "https://vault.owo.monster";
|
|
packages =
|
|
(with pkgs; [
|
|
git
|
|
nano
|
|
bat
|
|
nix
|
|
vault-bin
|
|
])
|
|
++ (with self.packages."${system}"; [
|
|
mk-enc-usb
|
|
mk-normal-enc-ssd
|
|
mk-dual-enc-ssd
|
|
]);
|
|
};
|
|
|
|
apps = let
|
|
packages = self.packages."${system}";
|
|
in {
|
|
mk-enc-usb = {
|
|
type = "app";
|
|
program = "${packages.mk-enc-usb}/bin/mk-enc-usb";
|
|
};
|
|
mk-normal-enc-ssd = {
|
|
type = "app";
|
|
program = "${packages.mk-normal-enc-ssd}/bin/mk-normal-enc-ssd";
|
|
};
|
|
mk-dual-enc-ssd = {
|
|
type = "app";
|
|
program = "${packages.mk-dual-enc-ssd}/bin/mk-dual-enc-ssd";
|
|
};
|
|
secrets-init-lappy-t495 = secretsInitAppForSystem "lappy-t495" packages;
|
|
secrets-init-vault = secretsInitAppForSystem "vault" packages;
|
|
secrets-init-hetzner-vm = secretsInitAppForSystem "hetzner-vm" packages;
|
|
secrets-init-hetzner-vm-storage = secretsInitAppForSystemContainer "hetzner-vm" "storage" packages;
|
|
secrets-init-raspberry = secretsInitAppForSystem "raspberry" packages;
|
|
};
|
|
|
|
packages = {
|
|
inherit (pkgs) comic-code comic-sans;
|
|
inherit (pkgs) mk-enc-usb mk-normal-enc-ssd mk-dual-enc-ssd;
|
|
inherit (pkgs) gotosocial;
|
|
secrets-init-lappy-t495 = secretsInitScriptForSystem "lappy-t495";
|
|
secrets-init-vault = secretsInitScriptForSystem "vault";
|
|
secrets-init-hetzner-vm = secretsInitScriptForSystem "hetzner-vm";
|
|
secrets-init-hetzner-vm-storage = secretsInitScriptForSystemContainer "hetzner-vm" "storage";
|
|
secrets-init-raspberry = secretsInitScriptForSystem "raspberry";
|
|
};
|
|
}))
|