deploy/flake.nix

   1 {
   2   inputs = {
   3     devshell.url = "github:numtide/devshell";
   4     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable?dir=lib";
   5     secrets = {
   6       type = "git";
   7       url = "git+ssh://gitolite@git.immae.eu/perso/Immae/Config/Nix/Nixops/Secrets";
   8       ref = "master";
   9     };
  10     main-flake.url = "path:../flakes";
  11     main-flake.inputs.secrets.follows = "secrets";
  12   };
  13   outputs = inputs@{ self, nixpkgs, main-flake, devshell, ... }: {
  14     sops-vars-file = inputs.secrets.vars-file;
  15     devShells.x86_64-linux.default = devshell.legacyPackages.x86_64-linux.mkShell {
  16       env = [
  17         { name = "NIX_BUILD_TOP"; value = ""; }
  18         { name = "SOPS_VARS_FILE"; value = builtins.toString self.sops-vars-file; }
  19       ];
  20     };
  21     colmena =
  22       let
  23         nodeFlakes = main-flake.subflakes.nodes;
  24         hosts = builtins.attrNames nodeFlakes;
  25         toHostNixpkgs = name: nodeFlakes.${name}.colmena.meta.nixpkgs;
  26         toHostSpecialArgs = name: nodeFlakes.${name}.colmena.meta.specialArgs;
  27         toHostColmena = name: nodeFlakes.${name}.colmena.${name};
  28
  29       in nixpkgs.lib.genAttrs hosts toHostColmena
  30         // {
  31         meta = {
  32           # nixpkgs is required for colmena, but only lib is actually used
  33           nixpkgs.lib = nixpkgs.lib;
  34           specialArgs.secrets = main-flake.subflakes.secrets;
  35           nodeNixpkgs = nixpkgs.lib.genAttrs hosts toHostNixpkgs;
  36           nodeSpecialArgs = nixpkgs.lib.genAttrs hosts toHostSpecialArgs;
  37         };
  38       };
  39   };
  40 }