2 description = "The deployment flake for the awful.systems cluster";
5 nixpkgs.url = "nixpkgs/nixos-23.05";
6 flake-utils.url = "github:numtide/flake-utils";
7 pkgs-unstable.url = "nixpkgs/nixos-unstable";
8 sops-nix.url = "github:Mic92/sops-nix";
9 lemmy.url = "git://these.awful.systems/lemmy.git";
10 lemmy-ui.url = "git://these.awful.systems/lemmy-ui.git";
11 sneer-archive-site.url = "git://these.awful.systems/sneer-archive-site.git";
14 outputs = { self, nixpkgs, flake-utils, sops-nix, lemmy, lemmy-ui
15 , sneer-archive-site, ... }@attrs:
17 nixosConfigurations = {
18 these = nixpkgs.lib.nixosSystem {
21 [ ./hosts/these/configuration.nix sops-nix.nixosModules.sops ];
23 more = nixpkgs.lib.nixosSystem {
26 [ ./hosts/more/configuration.nix sops-nix.nixosModules.sops ];
29 } // flake-utils.lib.eachDefaultSystem (system:
31 pkgs = nixpkgs.legacyPackages.${system};
32 deploy = name: target:
33 pkgs.writeShellScriptBin "deploy-${name}" ''
34 nixos-rebuild switch --fast --flake .#${name} \
35 --target-host ${target} \
39 pkgs.writeShellScriptBin "go-${name}" ''
42 init-secrets = pkgs.writeShellScriptBin "init-secrets" ''
43 mkdir -p ~/.config/sops/age
44 cp "$1" /tmp/init-secrets-key &&
45 ${pkgs.openssh}/bin/ssh-keygen -p -N "" -f /tmp/init-secrets-key &&
46 ${pkgs.ssh-to-age}/bin/ssh-to-age -private-key -i /tmp/init-secrets-key > ~/.config/sops/age/keys.txt
47 rm /tmp/init-secrets-key
48 echo Your age public key is:
49 ${pkgs.age}/bin/age-keygen -y ~/.config/sops/age/keys.txt
51 rekey-secrets = pkgs.writeShellScriptBin "rekey-secrets" ''
52 ${pkgs.sops}/bin/sops updatekeys "$1"
55 devShells.default = pkgs.mkShell {
60 (deploy "these" "root@these.awful.systems")
61 (go "these" "root@these.awful.systems")
62 (deploy "more" "root@more.awful.systems")
63 (go "more" "root@more.awful.systems")
67 # cache these packages:
68 lemmy.packages.${system}.lemmy-server
69 lemmy-ui.packages.${system}.lemmy-ui
70 sneer-archive-site.packages.${system}.default
73 packages.maint-mode = (pkgs.callPackage ./maint-mode/site.nix { });