diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
tree | 1b9df4838f894577a09b9b260151756272efeb53 /deploy/flake.nix | |
parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'deploy/flake.nix')
-rw-r--r-- | deploy/flake.nix | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/deploy/flake.nix b/deploy/flake.nix new file mode 100644 index 0000000..f613b19 --- /dev/null +++ b/deploy/flake.nix | |||
@@ -0,0 +1,45 @@ | |||
1 | { | ||
2 | inputs = { | ||
3 | devshell.url = "github:numtide/devshell"; | ||
4 | nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable?dir=lib"; | ||
5 | # Uncomment temporarily below value and replace with local path to | ||
6 | # your secrets, and replace "follows" key below to use it. | ||
7 | #secrets-local.url = "path:/home/immae/projets/mes_sites/nixops-secrets"; | ||
8 | secrets = { | ||
9 | type = "git"; | ||
10 | url = "git+ssh://gitolite@git.immae.eu/perso/Immae/Config/Nix/Nixops/Secrets"; | ||
11 | ref = "master"; | ||
12 | }; | ||
13 | main-flake.url = "path:../flakes"; | ||
14 | main-flake.inputs.secrets.follows = "secrets"; | ||
15 | }; | ||
16 | outputs = inputs@{ self, nixpkgs, main-flake, devshell, ... }: { | ||
17 | sops-vars-file = (inputs.secrets-local or inputs.secrets).vars-file; | ||
18 | # FIXME: next line Can be removed in nix 2.16.* | ||
19 | devShell.x86_64-linux = self.devShells.x86_64-linux.default; | ||
20 | devShells.x86_64-linux.default = devshell.legacyPackages.x86_64-linux.mkShell { | ||
21 | env = [ | ||
22 | { name = "NIX_BUILD_TOP"; value = ""; } | ||
23 | { name = "SOPS_VARS_FILE"; value = builtins.toString self.sops-vars-file; } | ||
24 | ]; | ||
25 | }; | ||
26 | colmena = | ||
27 | let | ||
28 | nodeFlakes = main-flake.subflakes.nodes; | ||
29 | hosts = builtins.attrNames nodeFlakes; | ||
30 | toHostNixpkgs = name: nodeFlakes.${name}.colmena.meta.nixpkgs; | ||
31 | toHostSpecialArgs = name: nodeFlakes.${name}.colmena.meta.specialArgs; | ||
32 | toHostColmena = name: nodeFlakes.${name}.colmena.${name}; | ||
33 | |||
34 | in nixpkgs.lib.genAttrs hosts toHostColmena | ||
35 | // { | ||
36 | meta = { | ||
37 | # nixpkgs is required for colmena, but only lib is actually used | ||
38 | nixpkgs.lib = nixpkgs.lib; | ||
39 | specialArgs.secrets = main-flake.subflakes.secrets; | ||
40 | nodeNixpkgs = nixpkgs.lib.genAttrs hosts toHostNixpkgs; | ||
41 | nodeSpecialArgs = nixpkgs.lib.genAttrs hosts toHostSpecialArgs; | ||
42 | }; | ||
43 | }; | ||
44 | }; | ||
45 | } | ||