blob: 14572d7d5d0c5fd84ccfd8a4316bcdf43486fb6f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
{
description = "NixOS configurations development environment";
inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
inputs.nixpkgs-stable-release.url = "github:NixOS/nixpkgs/release-25.11";
inputs.nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
inputs.disko.url = "github:nix-community/disko/v1.12.0";
inputs.disko.inputs.nixpkgs.follows = "nixpkgs-stable";
inputs.sops-nix.url = "github:Mic92/sops-nix";
inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs-stable";
inputs.nixos-anywhere.url = "github:nix-community/nixos-anywhere/1.13.0";
inputs.nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs-stable";
inputs.home-manager.url = "github:nix-community/home-manager/release-25.11";
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs-stable";
inputs.lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
inputs.lanzaboote.inputs.nixpkgs.follows = "nixpkgs-stable";
inputs.determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
inputs.deploy-rs.url = "github:serokell/deploy-rs";
inputs.deploy-rs.inputs.nixpkgs.follows = "nixpkgs-stable";
inputs.attic.url = "github:zhaofengli/attic";
inputs.attic.inputs.nixpkgs.follows = "nixpkgs-stable";
outputs = { self, nixpkgs-stable, nixos-anywhere, lanzaboote, deploy-rs, ... }@inputs:
let
nixpkgs = nixpkgs-stable;
nixpkgsFor = system: import nixpkgs { inherit system; };
systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
forAllSystems = nixpkgs.lib.genAttrs systems;
in
{
nixosConfigurations.labsrv01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./machines/labsrv01
];
};
deploy.nodes.labsrv01 = {
hostname = "labsrv01";
magicRollback = false;
profiles.system = {
sshUser = "kjtsanaktsidis";
interactiveSudo = true;
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.labsrv01;
};
};
packages = forAllSystems (system:
let
pkgs = nixpkgs.legacyPackages.${system};
ruby = pkgs.ruby.withPackages (ps: [
pkgs.rubyPackages.tty-command
]);
in
{
nixos-update = pkgs.writeShellApplication {
name = "nixos-update";
runtimeInputs = [
pkgs.sops
pkgs.nixos-anywhere
pkgs.nixos-rebuild-ng
];
text = ''
exec "${ruby}/bin/ruby" "${./nixos-update.rb}" "$@"
'';
};
}
);
devShells = forAllSystems (system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
default = pkgs.mkShell {
buildInputs = [
nixos-anywhere.packages.${system}.default
pkgs.sops
pkgs.ruby
pkgs.age
pkgs.mkpasswd
inputs.deploy-rs.packages.${system}.default
self.packages.${system}.nixos-update
];
};
}
);
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
apps = forAllSystems (system: {
nixos-update = {
type = "app";
program = "${self.packages.${system}.nixos-update}/bin/nixos-update";
};
});
};
}
|
