pfzetto
/
obscuresecure-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
obscuresecure-infra/flake.nix

70 lines
2.0 KiB
Nix
Raw Permalink Blame History

{
description = "obscuresecure.dev NixOS Infrastructure";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgs-unstable.url ="github:NixOS/nixpkgs/nixos-unstable";
agenix.url = "github:ryantm/agenix";
zettoitBin = {
url = "git+https://git2.zettoit.eu/zettoit/bin";
inputs.nixpkgs.follows = "nixpkgs";
};
zettoitArs = {
url = "git+https://git2.zettoit.eu/zettoit/ars";
inputs.nixpkgs.follows = "nixpkgs";
};
arion = {
url = "github:hercules-ci/arion";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, nixpkgs-unstable, agenix, zettoitBin, zettoitArs, arion, deploy-rs }@inputs:
let
defaultSystem = module: nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay ]; })
agenix.nixosModules.default
arion.nixosModules.arion
module
];
};
overlay = final: prev: {
unstable = nixpkgs-unstable.legacyPackages.${prev.system};
zettoitBin = zettoitBin.packages.${prev.system};
zettoitArs = zettoitArs.packages.${prev.system};
};
defaultDeploySystem = name: {
"${name}" = {
hostname = self.nixosConfigurations."${name}".config.networking.fqdn;
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."${name}";
};
};
};
in
{
nixosConfigurations = {
"gitea" = defaultSystem(./hosts/de-dus01/gitea);
"kanidm" = defaultSystem(./hosts/de-dus01/kanidm);
};
deploy = {
sshOpts = [ "-J" "fw.de-dus01.zettoit.eu" ];
nodes = defaultDeploySystem "gitea" //
defaultDeploySystem "kanidm";
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
}
Reference in New Issue View Git Blame Copy Permalink