flake.nix

   1 {
   2   description = "The deployment flake for the awful.systems cluster";
   3
   4   inputs = {
   5     nixpkgs.url = "nixpkgs/nixos-23.05";
   6     flake-utils.url = "github:numtide/flake-utils";
   7     pkgs-unstable.url = "nixpkgs/nixos-unstable";
   8     sops-nix.url = "github:Mic92/sops-nix";
   9     lemmy.url = "git://these.awful.systems/lemmy.git";
  10     lemmy-ui.url = "git://these.awful.systems/lemmy-ui.git";
  11     sneer-archive-site.url = "git://these.awful.systems/sneer-archive-site.git";
  12   };
  13
  14   outputs = { self, nixpkgs, flake-utils, sops-nix, lemmy, lemmy-ui
  15     , sneer-archive-site, ... }@attrs:
  16     {
  17       nixosConfigurations = {
  18         these = nixpkgs.lib.nixosSystem {
  19           specialArgs = attrs;
  20           modules =
  21             [ ./hosts/these/configuration.nix sops-nix.nixosModules.sops ];
  22         };
  23         more = nixpkgs.lib.nixosSystem {
  24           specialArgs = attrs;
  25           modules =
  26             [ ./hosts/more/configuration.nix sops-nix.nixosModules.sops ];
  27         };
  28       };
  29     } // flake-utils.lib.eachDefaultSystem (system:
  30       let
  31         pkgs = nixpkgs.legacyPackages.${system};
  32         deploy = name: target:
  33           pkgs.writeShellScriptBin "deploy-${name}" ''
  34             nixos-rebuild switch --fast --flake .#${name} \
  35             --target-host ${target} \
  36             $@
  37           '';
  38         go = name: target:
  39           pkgs.writeShellScriptBin "go-${name}" ''
  40             ssh ${target} $@
  41           '';
  42         init-secrets = pkgs.writeShellScriptBin "init-secrets" ''
  43           mkdir -p ~/.config/sops/age
  44           cp "$1" /tmp/init-secrets-key &&
  45           ${pkgs.openssh}/bin/ssh-keygen -p -N "" -f /tmp/init-secrets-key &&
  46           ${pkgs.ssh-to-age}/bin/ssh-to-age -private-key -i /tmp/init-secrets-key > ~/.config/sops/age/keys.txt
  47           rm /tmp/init-secrets-key
  48           echo Your age public key is:
  49           ${pkgs.age}/bin/age-keygen -y ~/.config/sops/age/keys.txt
  50         '';
  51         rekey-secrets = pkgs.writeShellScriptBin "rekey-secrets" ''
  52           ${pkgs.sops}/bin/sops updatekeys "$1"
  53         '';
  54       in {
  55         devShells.default = pkgs.mkShell {
  56           buildInputs = [
  57             pkgs.sops
  58             pkgs.ssh-to-age
  59             pkgs.age
  60             (deploy "these" "root@these.awful.systems")
  61             (go "these" "root@these.awful.systems")
  62             (deploy "more" "root@more.awful.systems")
  63             (go "more" "root@more.awful.systems")
  64             init-secrets
  65             pkgs.bashInteractive
  66
  67             # cache these packages:
  68             lemmy.packages.${system}.lemmy-server
  69             lemmy-ui.packages.${system}.lemmy-ui
  70             sneer-archive-site.packages.${system}.default
  71           ];
  72         };
  73         packages.maint-mode = (pkgs.callPackage ./maint-mode/site.nix { });
  74       });
  75 }