diff --git a/.gitignore b/.gitignore index 7041d03..9e92574 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ /configuration.nix -/result* +result* /host/*/result* *.qcow2 /.direnv diff --git a/.vscode/settings.json b/.vscode/settings.json index 9239aa2..5769ef6 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,5 +1,5 @@ { "nix.enableLanguageServer": true, - "nix.formatterPath": "nixfmt", + "nix.formatterPath": "nix fmt", "nix.serverPath": "nixd", } \ No newline at end of file diff --git a/dev-shells/default.nix b/dev-shells/default.nix index ba8c83a..1b4f803 100644 --- a/dev-shells/default.nix +++ b/dev-shells/default.nix @@ -9,12 +9,12 @@ name = "qois-infrastructure-shell"; buildInputs = let - vscode-with-extensions = pkgs.vscode-with-extensions.override { + vscodium-with-extensions = pkgs.vscode-with-extensions.override { vscodeExtensions = with pkgs.vscode-extensions; [ jnoortheen.nix-ide ]; vscode = pkgs.vscodium; }; in - [ vscode-with-extensions ] + [ vscodium-with-extensions ] ++ (with self.packages.${system}; [ cache deploy-qois diff --git a/packages/all.nix b/packages/all.nix deleted file mode 100644 index 6b03325..0000000 --- a/packages/all.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - system, - pkgs, - ... -}: -with pkgs.lib; -let - nixosConfigs = mapAttrsToList (n: v: v.config.system.build.toplevel) self.nixosConfigurations; -in -pkgs.linkFarmFromDrvs "allHosts" (nixosConfigs ++ [ self.packages.${system}.docs ]) diff --git a/packages/cache.nix b/packages/cache/default.nix similarity index 85% rename from packages/cache.nix rename to packages/cache/default.nix index f7fb517..5a7c983 100644 --- a/packages/cache.nix +++ b/packages/cache/default.nix @@ -1,11 +1,17 @@ -{ pkgs, ... }: -pkgs.writeShellApplication { +{ + attic-client, + findutils, + gnugrep, + writeShellApplication, + ... +}: +writeShellApplication { name = "cache"; meta.description = "Access the infrastructure's attic cache. Mostly used in CI."; runtimeInputs = [ - pkgs.attic-client - pkgs.findutils - pkgs.gnugrep + attic-client + findutils + gnugrep ]; text = '' SERVER="https://attic.qo.is/" diff --git a/packages/default.nix b/packages/default.nix index 4c3e54b..c4dc1bf 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -1,17 +1,37 @@ -{ system, ... }@inputs: +{ + self, + system, + pkgs, + ... +}: +with pkgs.lib; { ${system} = let - all = import ./all.nix inputs; + packages = pipe (self.lib.foldersWithNix ./.) [ + (map (name: { + inherit name; + path = path.append ./. "./${name}/default.nix"; + })) + (map ( + { name, path }: + { + inherit name; + value = pkgs.callPackage path { + inherit self; + inherit system; + }; + } + )) + listToAttrs + ]; in - { - inherit all; - default = all; - cache = import ./cache.nix inputs; - deploy-qois = import ./deploy-qois.nix inputs; - docs = import ./docs.nix inputs; - sops = import ./sops.nix inputs; - sops-config = import ./sops-config.nix inputs; - sops-rekey = import ./sops-rekey.nix inputs; + packages + // { + default = + let + nixosConfigs = mapAttrsToList (n: v: v.config.system.build.toplevel) self.nixosConfigurations; + in + pkgs.linkFarmFromDrvs "all" (nixosConfigs ++ (attrValues packages)); }; } diff --git a/packages/deploy-qois.nix b/packages/deploy-qois/default.nix similarity index 65% rename from packages/deploy-qois.nix rename to packages/deploy-qois/default.nix index 4504dff..ee3f0ac 100644 --- a/packages/deploy-qois.nix +++ b/packages/deploy-qois/default.nix @@ -1,13 +1,13 @@ { - pkgs, + deploy-rs, self, - system, + writeShellApplication, ... }: -pkgs.writeShellApplication { +writeShellApplication { name = "deploy-qois"; meta.description = "Deploy configuration to specificed targets."; - runtimeInputs = [ pkgs.deploy-rs ]; + runtimeInputs = [ deploy-rs ]; text = '' deploy --interactive --targets "''${@:-${self}}" ''; diff --git a/packages/docs.nix b/packages/docs/default.nix similarity index 60% rename from packages/docs.nix rename to packages/docs/default.nix index 2e79eed..f16736d 100644 --- a/packages/docs.nix +++ b/packages/docs/default.nix @@ -1,16 +1,24 @@ -{ pkgs, self, ... }: +{ + mdbook-cmdrun, + mdbook-plantuml, + mdbook, + plantuml, + self, + stdenv, + ... +}: let version = self.rev or self.dirtyRev; in -pkgs.stdenv.mkDerivation { +stdenv.mkDerivation { inherit version; name = "qois-docs-${version}"; - buildInputs = with pkgs; [ + buildInputs = [ mdbook mdbook-cmdrun mdbook-plantuml plantuml ]; - src = ../.; + src = self; buildPhase = "mdbook build --dest-dir $out"; } diff --git a/packages/sops-config.nix b/packages/sops-config/default.nix similarity index 75% rename from packages/sops-config.nix rename to packages/sops-config/default.nix index c78b95d..1daf54a 100644 --- a/packages/sops-config.nix +++ b/packages/sops-config/default.nix @@ -1,19 +1,24 @@ { - pkgs, + gnugrep, + gnupg, + lib, + runCommand, self, - system, + ssh-to-age, + writeText, ... }: +with lib; let - metaHostConfigs = import ../defaults/meta/hosts.nix { inherit pkgs; }; + metaHostConfigs = import ../../defaults/meta/hosts.nix { }; userPgpKeys = let keysFolder = "${self.inputs.private}/sops_keys"; gpgFingerprintsFile = - pkgs.runCommand "userPgpKeys" + runCommand "userPgpKeys" { src = keysFolder; - buildInputs = with pkgs; [ + buildInputs = [ gnupg gnugrep ]; @@ -36,13 +41,13 @@ let userAgeKeys = [ ]; serverAgeKeys = let - getHostsWithSshKeys = pkgs.lib.filterAttrs (name: cfg: cfg ? sshKey); - mapHostToAgeKey = builtins.mapAttrs ( + getHostsWithSshKeys = filterAttrs (name: cfg: cfg ? sshKey); + mapHostToAgeKey = mapAttrs ( name: cfg: - pkgs.lib.readFile ( - pkgs.runCommand "sshToAgeKey" + readFile ( + runCommand "sshToAgeKey" { - buildInputs = [ pkgs.ssh-to-age ]; + buildInputs = [ ssh-to-age ]; } '' echo "${cfg.sshKey}" | ssh-to-age -o $out @@ -51,14 +56,14 @@ let ); in mapHostToAgeKey (getHostsWithSshKeys metaHostConfigs.qois.meta.hosts); - toCommaList = builtins.concatStringsSep ","; + toCommaList = concatStringsSep ","; in -pkgs.writeText ".sops.yaml" ( +writeText ".sops.yaml" ( '' # This file was generated by nix, see packages/sops-config.nix for details. '' - + builtins.toJSON { - keys = userPgpKeys ++ userAgeKeys ++ builtins.attrValues serverAgeKeys; + + strings.toJSON { + keys = userPgpKeys ++ userAgeKeys ++ attrValues serverAgeKeys; creation_rules = [ # Secrets for administrators (a.k.a. passwords) @@ -78,7 +83,7 @@ pkgs.writeText ".sops.yaml" ( ++ # Server specific secrets - (pkgs.lib.mapAttrsToList (serverName: serverKey: { + (mapAttrsToList (serverName: serverKey: { path_regex = "private/nixos-configurations/${serverName}/secrets\.sops\.(yaml|json|env|ini)$"; pgp = toCommaList userPgpKeys; age = toCommaList (userAgeKeys ++ [ serverKey ]); diff --git a/packages/sops-rekey.nix b/packages/sops-rekey/default.nix similarity index 77% rename from packages/sops-rekey.nix rename to packages/sops-rekey/default.nix index a345e24..5f3d2ec 100644 --- a/packages/sops-rekey.nix +++ b/packages/sops-rekey/default.nix @@ -1,14 +1,15 @@ { - pkgs, + findutils, self, system, + writeShellApplication, ... }: -pkgs.writeShellApplication { +writeShellApplication { name = "sops-rekey"; meta.description = "Rekey all sops secrets with changed keys"; runtimeInputs = [ - pkgs.findutils + findutils self.packages.${system}.sops ]; text = '' diff --git a/packages/sops.nix b/packages/sops/default.nix similarity index 77% rename from packages/sops.nix rename to packages/sops/default.nix index e37608e..dc239ab 100644 --- a/packages/sops.nix +++ b/packages/sops/default.nix @@ -1,13 +1,14 @@ { - pkgs, - self, - system, + gitMinimal, + nix, + sops, + writeShellApplication, ... }: -pkgs.writeShellApplication { +writeShellApplication { name = "sops"; meta.description = "Run SOPS with the generated configuration"; - runtimeInputs = with pkgs; [ + runtimeInputs = [ sops gitMinimal nix