SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 12:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Rename directory flake to flake-parts

Browse source
This commit is contained in:
SebastianStork 2025-09-23 20:49:01 +02:00
parent 8cdb87769c
commit 121d7364f7
7 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
flake-parts/dev-shell.nix Normal file
View file

@ -0,0 +1,13 @@
_: {
perSystem =
{ inputs', pkgs, ... }:
{
devShells.default = pkgs.mkShellNoCC {
packages = [
pkgs.just
pkgs.nh
inputs'.deploy-rs.packages.default
];
};
};
}

17
flake-parts/formatter.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, ... }:
{
perSystem =
{ pkgs, ... }:
{
formatter =
(inputs.treefmt.lib.evalModule pkgs {
projectRootFile = "flake.nix";
programs = {
nixfmt.enable = true;
prettier.enable = true;
just.enable = true;
};
settings.formatter.nixfmt.excludes = [ "modules/home/programs/shell/aliases.nix" ];
}).config.build.wrapper;
};
}

59
flake-parts/hosts.nix Normal file
View file

@ -0,0 +1,59 @@
{
inputs,
self,
lib,
...
}:
let
mkHost =
hostName:
inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs self; };
modules =
let
hostFiles =
"${self}/hosts/${hostName}"
|> lib.filesystem.listFilesRecursive
|> lib.filter (lib.hasSuffix ".nix");
userFiles =
"${self}/users"
|> builtins.readDir
|> lib.filterAttrs (_: type: type == "directory")
|> lib.attrNames
|> map (user: "${self}/users/${user}/@${hostName}")
|> lib.filter (path: lib.pathExists path);
in
[
{ networking = { inherit hostName; }; }
"${self}/hosts/common.nix"
]
++ hostFiles
++ userFiles;
};
mkDeployNode = hostname: {
inherit hostname;
sshUser = "root";
profiles.system.path =
inputs.deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.${hostname};
};
in
{
flake = {
nixosConfigurations =
"${self}/hosts"
|> builtins.readDir
|> lib.filterAttrs (_: type: type == "directory")
|> lib.mapAttrs (name: _: mkHost name);
deploy.nodes =
"${self}/hosts"
|> builtins.readDir
|> lib.filterAttrs (_: type: type == "directory")
|> lib.mapAttrs (name: _: mkDeployNode name);
checks = lib.mapAttrs (_: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
};
}

10
flake-parts/modules.nix Normal file
View file

@ -0,0 +1,10 @@
{ self, lib, ... }:
let
modulesOf = dir: dir |> lib.filesystem.listFilesRecursive |> lib.filter (lib.hasSuffix ".nix");
in
{
flake = {
nixosModules.default.imports = modulesOf "${self}/modules/system";
homeManagerModules.default.imports = modulesOf "${self}/modules/home";
};
}

61
flake-parts/scripts.nix Normal file
View file

@ -0,0 +1,61 @@
_: {
perSystem =
{ pkgs, ... }:
{
packages.install-anywhere = pkgs.writeShellApplication {
name = "install-anywhere";
runtimeInputs = [
pkgs.sops
pkgs.ssh-to-age
pkgs.bitwarden-cli
pkgs.jq
];
text = ''
if [[ $# -ne 2 ]]; then
echo "Usage: $0 <host> <destination>"
exit 1
fi
host="$1"
destination="$2"
root="/tmp/anywhere/$host"
impermanence="$(nix eval ".#nixosConfigurations.$host.config.custom.impermanence.enable")"
if [ "$impermanence" = true ]; then
ssh_dir="$root/persist/etc/ssh"
else
ssh_dir="$root/etc/ssh"
fi
if [ ! -f "$ssh_dir/ssh_host_ed25519_key" ]; then
echo "==> Generating new SSH host keys..."
mkdir --parents "$ssh_dir"
ssh-keygen -C "root@$host" -f "$ssh_dir/ssh_host_ed25519_key" -N "" -q
echo "==> Replacing old age key with new age key..."
new_age_key="$(ssh-to-age -i "$ssh_dir/ssh_host_ed25519_key.pub")"
sed -i -E "s|(agePublicKey\s*=\s*\")[^\"]*(\";)|\1$new_age_key\2|" "hosts/$host/default.nix"
echo "==> Updating SOPS secrets..."
if BW_SESSION="$(bw login --raw)"; then
export BW_SESSION
fi
SOPS_AGE_KEY="$(bw get item 'admin age-key' | jq -r '.notes')"
export SOPS_AGE_KEY
SOPS_CONFIG="$(nix build .#sops-config --print-out-paths)"
export SOPS_CONFIG
sops updatekeys --yes "hosts/$host/secrets.json"
fi
echo "==> Installing system..."
nix run github:nix-community/nixos-anywhere -- \
--extra-files "$root" \
--flake ".#$host" \
--target-host "$destination"
'';
};
};
}

63
flake-parts/sops.nix Normal file
View file

@ -0,0 +1,63 @@
{ self, ... }:
{
perSystem =
{
self',
pkgs,
lib,
...
}:
{
packages.sops-config =
let
adminKey = "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5";
mkCreationRule = sopsCfg: {
path_regex = sopsCfg.secretsFile;
key_groups = lib.singleton {
age = [
adminKey
sopsCfg.agePublicKey
];
};
};
hostCreationRules =
self.nixosConfigurations
|> lib.filterAttrs (_: value: value.config.custom.sops.enable or false)
|> lib.mapAttrsToList (_: value: mkCreationRule value.config.custom.sops);
userCreationRules =
self.nixosConfigurations
|> lib.filterAttrs (_: value: value.config.home-manager.users.seb.custom.sops.enable or false)
|> lib.mapAttrsToList (_: value: mkCreationRule value.config.home-manager.users.seb.custom.sops);
jsonConfig = { creation_rules = hostCreationRules ++ userCreationRules; } |> lib.strings.toJSON;
in
pkgs.runCommand "sops.yaml" { buildInputs = [ pkgs.yj ]; } ''
echo '${jsonConfig}' | yj -jy > $out
'';
devShells.sops = pkgs.mkShellNoCC {
packages = [
pkgs.sops
pkgs.age
pkgs.ssh-to-age
];
nativeBuildInputs = [
pkgs.bitwarden-cli
pkgs.jq
];
shellHook = ''
if BW_SESSION="$(bw login --raw)"; then
export BW_SESSION
fi
SOPS_AGE_KEY="$(bw get item 'admin age-key' | jq -r '.notes')"
export SOPS_AGE_KEY
SOPS_CONFIG="${self'.packages.sops-config}"
export SOPS_CONFIG
'';
};
};
}