flake: Specify apps in the way nix expects it
It has to be a flat attribute set of { type = "app"; program = "…"; },
otherwise nix will still run it, but `nix flake show` fails.
pull/52/head
parent
d19bfb9c2c
commit
54610a130a
GPG Key ID:
8D3C82F9F309F8EC
130
flake.nix
130
flake.nix
|
|
@ -69,74 +69,78 @@
|
|||
};
|
||||
};
|
||||
|
||||
apps = {
|
||||
deploy = lib.mapAttrs
|
||||
(hostname: machine:
|
||||
let
|
||||
inherit (krops.packages.${system}) writeCommand;
|
||||
inherit (krops) lib;
|
||||
in
|
||||
writeCommand "/bin/deploy-${hostname}" {
|
||||
target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // {
|
||||
extraOptions = [
|
||||
# force allocation of tty to allow aborting with ^C and to show build progress
|
||||
"-t"
|
||||
];
|
||||
};
|
||||
source = lib.evalSource (lib.singleton {
|
||||
config.file = {
|
||||
path = toString ./.;
|
||||
useChecksum = true;
|
||||
filters = [
|
||||
{
|
||||
type = "include";
|
||||
pattern = "/machines/${hostname}/";
|
||||
}
|
||||
{
|
||||
type = "exclude";
|
||||
pattern = "/machines/*/";
|
||||
}
|
||||
apps = lib.mapAttrs
|
||||
(name: program: { type = "app"; program = toString program; })
|
||||
(flake-utils.lib.flattenTree {
|
||||
deploy = lib.recurseIntoAttrs (lib.mapAttrs
|
||||
(hostname: machine:
|
||||
let
|
||||
inherit (krops.packages.${system}) writeCommand;
|
||||
inherit (krops) lib;
|
||||
in
|
||||
writeCommand "deploy-${hostname}" {
|
||||
target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // {
|
||||
extraOptions = [
|
||||
# force allocation of tty to allow aborting with ^C and to show build progress
|
||||
"-t"
|
||||
];
|
||||
};
|
||||
});
|
||||
command = targetPath: ''
|
||||
nixos-rebuild switch --flake ${targetPath}/config -L --keep-going
|
||||
'';
|
||||
})
|
||||
self.nixosConfigurations;
|
||||
source = lib.evalSource (lib.singleton {
|
||||
config.file = {
|
||||
path = toString ./.;
|
||||
useChecksum = true;
|
||||
filters = [
|
||||
{
|
||||
type = "include";
|
||||
pattern = "/machines/${hostname}/";
|
||||
}
|
||||
{
|
||||
type = "exclude";
|
||||
pattern = "/machines/*/";
|
||||
}
|
||||
];
|
||||
};
|
||||
});
|
||||
command = targetPath: ''
|
||||
nixos-rebuild switch --flake ${targetPath}/config -L --keep-going
|
||||
'';
|
||||
}
|
||||
)
|
||||
self.nixosConfigurations);
|
||||
|
||||
unlock = lib.mapAttrs
|
||||
(hostname: machine:
|
||||
let
|
||||
inherit (machine.config.deployment)
|
||||
targetHost
|
||||
unlockOverV4;
|
||||
in
|
||||
pkgs.writeShellScriptBin hostname ''
|
||||
set -exo pipefail
|
||||
# opening luks fails if gpg-agent is not unlocked yet
|
||||
pass "devices/${hostname}/luks" >/dev/null
|
||||
ssh \
|
||||
${lib.optionalString unlockOverV4 "-4"} \
|
||||
-p 2222 \
|
||||
"root@${targetHost}" \
|
||||
"cat > /crypt-ramfs/passphrase" < <(pass "devices/${hostname}/luks")
|
||||
'')
|
||||
self.nixosConfigurations;
|
||||
unlock = lib.recurseIntoAttrs (lib.mapAttrs
|
||||
(hostname: machine:
|
||||
let
|
||||
inherit (machine.config.deployment)
|
||||
targetHost
|
||||
unlockOverV4;
|
||||
in
|
||||
pkgs.writeShellScript "unlock-${hostname}" ''
|
||||
set -exo pipefail
|
||||
# opening luks fails if gpg-agent is not unlocked yet
|
||||
pass "devices/${hostname}/luks" >/dev/null
|
||||
ssh \
|
||||
${lib.optionalString unlockOverV4 "-4"} \
|
||||
-p 2222 \
|
||||
"root@${targetHost}" \
|
||||
"cat > /crypt-ramfs/passphrase" < <(pass "devices/${hostname}/luks")
|
||||
'')
|
||||
self.nixosConfigurations);
|
||||
|
||||
updateInputs = pkgs.writeShellScriptBin "updateInputs" ''
|
||||
set -e
|
||||
git diff --exit-code -s flake.lock || (echo "Lockfile has unstaged changes, refusing to update." >&2 && exit 1)
|
||||
git diff --cached --exit-code -s flake.lock || (echo "Lockfile has staged changes, refusing to update." >&2 && exit 1)
|
||||
nix flake update
|
||||
git diff --exit-code -s flake.lock && echo "Already up to date." && exit 0
|
||||
git commit -m "Update flake inputs" flake.lock
|
||||
'';
|
||||
updateInputs = pkgs.writeShellScript "update-inputs" ''
|
||||
set -e
|
||||
git diff --exit-code -s flake.lock || (echo "Lockfile has unstaged changes, refusing to update." >&2 && exit 1)
|
||||
git diff --cached --exit-code -s flake.lock || (echo "Lockfile has staged changes, refusing to update." >&2 && exit 1)
|
||||
nix flake update
|
||||
git diff --exit-code -s flake.lock && echo "Already up to date." && exit 0
|
||||
git commit -m "Update flake inputs" flake.lock
|
||||
'';
|
||||
|
||||
showKeyFingerprint = pkgs.writeShellScriptBin "showKeyFingerprint" ''
|
||||
gpg --with-fingerprint --with-colons --show-key "keys/''${1}.asc" | awk -F: '$1 == "fpr" { print $10; exit }'
|
||||
'';
|
||||
};
|
||||
showKeyFingerprint = pkgs.writeShellScript "show-key-fingerprint" ''
|
||||
gpg --with-fingerprint --with-colons --show-key "keys/''${1}.asc" | awk -F: '$1 == "fpr" { print $10; exit }'
|
||||
'';
|
||||
|
||||
});
|
||||
|
||||
devShell = pkgs.mkShell {
|
||||
buildInputs = (with pkgs; [
|
||||
|
|
|
|||
Loading…
Reference in New Issue