- withNarKey = dep: moduleAttrs:
- let module = dep.${moduleAttrs};
- in if builtins.isFunction module
- then args@{ config, lib, pkgs, ... }: (module args // { key = dep.narHash; })
- else module // { key = dep.narHash; };
+ ${nixos-anywhere.packages.${system}.nixos-anywhere}/bin/nixos-anywhere \
+ -f .#${name}WithEncryption ${targetUser}@${targetHost} \
+ --disk-encryption-keys /run/decrypt-key <(echo -n "$password") \
+ --extra-files "$TEMPDIR"
+ '';
+ };
+
+ };
+ flake = {
+ nixosConfigurations.${name} = (colmena.lib.fromRawFlake self).nodes.${name};
+ nixosConfigurations."${name}WithEncryption" = let
+ selfWithEncryption = nixpkgs.lib.recursiveUpdate self { outputs.colmena.meta.specialArgs.cryptKeyFile = "/run/decrypt-key"; };
+ in
+ (colmena.lib.fromRawFlake selfWithEncryption).nodes.${name};
+ colmena = {
+ meta.nixpkgs = nixpkgs.legacyPackages.${system};
+ meta.specialArgs = moduleArgs;
+ "${name}" = {
+ deployment = { inherit targetHost targetUser; };
+ imports = builtins.attrValues self.nixosModules;
+ };
+ };
+ nixosModules = {
+ _diskoModules = disko.nixosModules.disko;
+ } // nixosModules;
+ };
+ };