kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 2 Actions Projects 2 Releases Wiki Activity
Files
issue51
infrastructure/outputs.nix
ahtlon d242562544
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 4m7s
Details
[packages] make scripts available in shell without nix run
2025-01-18 20:04:22 +01:00

140 lines
4.3 KiB
Nix
Raw Permalink Blame History

{ self
, utils
, nixpkgs
, nixpkgs-unstable
, nixos-generators
, sops-nix
, microvm
, ...
} @inputs:
# filter i686-liux from defaultSystem to run nix flake check successfully
let filter_system = name: if name == utils.lib.system.i686-linux then false else true;
in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems) ( system:
let
pkgs-unstable = nixpkgs-unstable.legacyPackages."${system}";
pkgs = nixpkgs.legacyPackages."${system}";
in
{
devShells.default =
let
sops = sops-nix.packages."${pkgs.system}";
microvmpkg = microvm.packages."${pkgs.system}";
installed = builtins.attrNames self.packages."${pkgs.system}".scripts;
in
pkgs.mkShell {
sopsPGPKeyDirs = [
"./machines/secrets/keys/hosts"
"./machines/secrets/keys/users"
];
nativeBuildInputs = [
sops.ssh-to-pgp
sops.sops-import-keys-hook
sops.sops-init-gpg-key
pkgs.sops
pkgs.age
pkgs.python310Packages.grip
pkgs.mdbook
microvmpkg.microvm
];
packages = builtins.map (pkgName: self.packages."${pkgs.system}".scripts.${pkgName}) installed;
shellHook = ''echo "Available scripts: ${builtins.concatStringsSep " " installed}"'';
};
packages = {
scripts.remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
scripts.boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
docs = pkgs.stdenv.mkDerivation {
name = "malobeo-docs";
phases = [ "buildPhase" ];
buildInputs = [ pkgs.mdbook ];
inputs = pkgs.lib.sourceFilesBySuffices ./doc/. [ ".md" ".toml" ];
buildPhase = ''
dest=$out/share/doc
mkdir -p $dest
cp -r --no-preserve=all $inputs/* ./
mdbook build
ls
cp -r ./book/* $dest
'';
};
} //
builtins.foldl'
(result: host:
let
inherit (self.nixosConfigurations.${host}) config;
in
result // {
# boot any machine in a microvm
"${host}-vm" = (self.nixosConfigurations.${host}.extendModules {
modules = [{
microvm = {
mem = pkgs.lib.mkForce 4096;
hypervisor = pkgs.lib.mkForce "qemu";
socket = pkgs.lib.mkForce null;
shares = pkgs.lib.mkForce [{
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}];
interfaces = pkgs.lib.mkForce [{
type = "user";
id = "eth0";
mac = "02:23:de:ad:be:ef";
}];
};
boot.isContainer = pkgs.lib.mkForce false;
users.users.root.password = "";
fileSystems."/".fsType = pkgs.lib.mkForce "tmpfs";
services.getty.helpLine = ''
Log in as "root" with an empty password.
Use "reboot" to shut qemu down.
'';
}] ++ pkgs.lib.optionals (! config ? microvm) [
microvm.nixosModules.microvm
];
}).config.microvm.declaredRunner;
})
{ }
(builtins.attrNames self.nixosConfigurations);
apps = {
docs = {
type = "app";
program = builtins.toString (pkgs.writeShellScript "docs" ''
${pkgs.mdbook}/bin/mdbook serve --open ./doc
'');
};
};
})) // rec {
nixosConfigurations = import ./machines/configuration.nix (inputs // {
inherit inputs;
self = self;
});
nixosModules.malobeo = {
host.imports = [ ./machines/durruti/host_config.nix ];
microvm.imports = [ ./machines/modules/malobeo/microvm_host.nix ];
vpn.imports = [ ./machines/modules/malobeo/wireguard.nix ];
initssh.imports = [ ./machines/modules/malobeo/initssh.nix ];
disko.imports = [ ./machines/modules/disko ];
};
hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) (
let
getBuildEntry = name: nixosSystem:
if (nixpkgs.lib.hasPrefix "sdImage" name) then
nixosSystem.config.system.build.sdImage
else
nixosSystem.config.system.build.toplevel;
in
nixpkgs.lib.mapAttrs getBuildEntry self.nixosConfigurations
);
}
Reference in New Issue View Git Blame Copy Permalink