2020-11-14 10:15:41 +01:00
|
|
|
|
let
|
|
|
|
|
sources = import ./nix/sources.nix;
|
|
|
|
|
pkgs = import sources.nixpkgs { };
|
2020-08-22 17:44:39 +02:00
|
|
|
|
|
2020-11-14 10:15:41 +01:00
|
|
|
|
nix-pre-commit-hooks = import sources."pre-commit-hooks.nix";
|
|
|
|
|
|
|
|
|
|
pre-commit-check = nix-pre-commit-hooks.run {
|
|
|
|
|
src = ./.;
|
|
|
|
|
hooks = {
|
|
|
|
|
nixpkgs-fmt.enable = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
2020-12-13 16:02:55 +01:00
|
|
|
|
|
2020-12-13 16:10:18 +01:00
|
|
|
|
scripts = {
|
|
|
|
|
update-sources = ''
|
|
|
|
|
set -e
|
|
|
|
|
git diff --exit-code -s nix/sources.json || (echo "File nix/sources.json has unstaged changes, refusing to update." >&2 && exit 1)
|
|
|
|
|
git diff --cached --exit-code -s nix/sources.json || (echo "File nix/sources.json has staged changes, refusing to update." >&2 && exit 1)
|
|
|
|
|
niv update
|
|
|
|
|
git diff --exit-code -s nix/sources.json && echo "Already up to date." && exit 0
|
|
|
|
|
git commit -m "Update sources" nix/sources.json
|
|
|
|
|
'';
|
2020-12-17 11:27:53 +01:00
|
|
|
|
|
|
|
|
|
deploy = ''
|
|
|
|
|
set -e
|
2021-01-29 16:04:38 +01:00
|
|
|
|
# If a deployment to localhost introduces an evaluation error, future
|
|
|
|
|
# deployments will fail since the overlay compat can’t parse the
|
|
|
|
|
# configuration. Overlays aren’t needed to build the krops deploy script.
|
|
|
|
|
export NIX_PATH="$(sed 's/:nixpkgs-overlays=[^:]*//' <<< "$NIX_PATH")"
|
2020-12-17 11:27:53 +01:00
|
|
|
|
$(nix-build --no-out-link deploy.nix -A "$1")
|
|
|
|
|
'';
|
2021-01-28 19:02:19 +01:00
|
|
|
|
|
|
|
|
|
unlock = ''
|
|
|
|
|
set -eo pipefail
|
|
|
|
|
machine="$1"
|
|
|
|
|
hostname="$(nix-instantiate --eval --json machines -A "$1".target | ${pkgs.jq}/bin/jq -r . | cut -d@ -f2)"
|
2021-02-16 15:54:22 +01:00
|
|
|
|
# opening luks fails if gpg-agent is not unlocked yet
|
|
|
|
|
pass "devices/$machine/luks" >/dev/null
|
2021-01-28 19:02:19 +01:00
|
|
|
|
ssh \
|
|
|
|
|
-oStrictHostKeyChecking=no \
|
|
|
|
|
-oGlobalKnownHostsFile=<(echo "[$hostname]:2222 ssh-ed25519 $(ssh-keygen -l -f <(ssh-keygen -y -f<(pass "nixos/machines/$machine/initrd-ssh-host-key")) | cut -d' ' -f2)") \
|
|
|
|
|
-4 \
|
|
|
|
|
-p 2222 \
|
|
|
|
|
"root@$hostname" \
|
|
|
|
|
"cat > /crypt-ramfs/passphrase" < <(pass "devices/$machine/luks")
|
|
|
|
|
'';
|
2020-12-13 16:10:18 +01:00
|
|
|
|
};
|
2020-11-14 10:15:41 +01:00
|
|
|
|
in
|
2020-08-22 17:44:39 +02:00
|
|
|
|
pkgs.mkShell {
|
2020-12-13 16:03:34 +01:00
|
|
|
|
buildInputs = (with pkgs; [
|
2020-11-14 10:15:41 +01:00
|
|
|
|
git
|
|
|
|
|
niv
|
2020-08-22 17:44:39 +02:00
|
|
|
|
nixpkgs-fmt
|
2020-12-13 16:10:18 +01:00
|
|
|
|
]) ++ (builtins.attrValues (builtins.mapAttrs pkgs.writeShellScriptBin scripts));
|
2020-10-02 17:15:46 +02:00
|
|
|
|
shellHook = ''
|
2020-11-14 10:15:41 +01:00
|
|
|
|
${pre-commit-check.shellHook}
|
2020-08-22 17:44:39 +02:00
|
|
|
|
'';
|
|
|
|
|
}
|