70 lines
2.0 KiB
Nix
70 lines
2.0 KiB
Nix
{
|
|
description = "obscuresecure.dev NixOS Infrastructure";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
|
nixpkgs-unstable.url ="github:NixOS/nixpkgs/nixos-unstable";
|
|
agenix.url = "github:ryantm/agenix";
|
|
zettoitBin = {
|
|
url = "git+https://git2.zettoit.eu/zettoit/bin";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
zettoitArs = {
|
|
url = "git+https://git2.zettoit.eu/zettoit/ars";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
arion = {
|
|
url = "github:hercules-ci/arion";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
deploy-rs = {
|
|
url = "github:serokell/deploy-rs";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
outputs = { self, nixpkgs, nixpkgs-unstable, agenix, zettoitBin, zettoitArs, arion, deploy-rs }@inputs:
|
|
let
|
|
defaultSystem = module: nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
specialArgs = inputs;
|
|
modules = [
|
|
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay ]; })
|
|
agenix.nixosModules.default
|
|
arion.nixosModules.arion
|
|
module
|
|
];
|
|
};
|
|
overlay = final: prev: {
|
|
unstable = nixpkgs-unstable.legacyPackages.${prev.system};
|
|
zettoitBin = zettoitBin.packages.${prev.system};
|
|
zettoitArs = zettoitArs.packages.${prev.system};
|
|
};
|
|
|
|
defaultDeploySystem = name: {
|
|
"${name}" = {
|
|
hostname = self.nixosConfigurations."${name}".config.networking.fqdn;
|
|
profiles.system = {
|
|
user = "root";
|
|
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."${name}";
|
|
};
|
|
};
|
|
};
|
|
in
|
|
{
|
|
nixosConfigurations = {
|
|
"gitea" = defaultSystem(./hosts/de-dus01/gitea);
|
|
"kanidm" = defaultSystem(./hosts/de-dus01/kanidm);
|
|
};
|
|
|
|
|
|
deploy = {
|
|
sshOpts = [ "-J" "fw.de-dus01.zettoit.eu" ];
|
|
nodes = defaultDeploySystem "gitea" //
|
|
defaultDeploySystem "kanidm";
|
|
};
|
|
|
|
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
|
};
|
|
}
|