diff --git a/flake.nix b/flake.nix index e88852d..20b83be 100644 --- a/flake.nix +++ b/flake.nix @@ -69,74 +69,78 @@ }; }; - apps = { - deploy = lib.mapAttrs - (hostname: machine: - let - inherit (krops.packages.${system}) writeCommand; - inherit (krops) lib; - in - writeCommand "/bin/deploy-${hostname}" { - target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // { - extraOptions = [ - # force allocation of tty to allow aborting with ^C and to show build progress - "-t" - ]; - }; - source = lib.evalSource (lib.singleton { - config.file = { - path = toString ./.; - useChecksum = true; - filters = [ - { - type = "include"; - pattern = "/machines/${hostname}/"; - } - { - type = "exclude"; - pattern = "/machines/*/"; - } + apps = lib.mapAttrs + (name: program: { type = "app"; program = toString program; }) + (flake-utils.lib.flattenTree { + deploy = lib.recurseIntoAttrs (lib.mapAttrs + (hostname: machine: + let + inherit (krops.packages.${system}) writeCommand; + inherit (krops) lib; + in + writeCommand "deploy-${hostname}" { + target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // { + extraOptions = [ + # force allocation of tty to allow aborting with ^C and to show build progress + "-t" ]; }; - }); - command = targetPath: '' - nixos-rebuild switch --flake ${targetPath}/config -L --keep-going - ''; - }) - self.nixosConfigurations; + source = lib.evalSource (lib.singleton { + config.file = { + path = toString ./.; + useChecksum = true; + filters = [ + { + type = "include"; + pattern = "/machines/${hostname}/"; + } + { + type = "exclude"; + pattern = "/machines/*/"; + } + ]; + }; + }); + command = targetPath: '' + nixos-rebuild switch --flake ${targetPath}/config -L --keep-going + ''; + } + ) + self.nixosConfigurations); - unlock = lib.mapAttrs - (hostname: machine: - let - inherit (machine.config.deployment) - targetHost - unlockOverV4; - in - pkgs.writeShellScriptBin hostname '' - set -exo pipefail - # opening luks fails if gpg-agent is not unlocked yet - pass "devices/${hostname}/luks" >/dev/null - ssh \ - ${lib.optionalString unlockOverV4 "-4"} \ - -p 2222 \ - "root@${targetHost}" \ - "cat > /crypt-ramfs/passphrase" < <(pass "devices/${hostname}/luks") - '') - self.nixosConfigurations; + unlock = lib.recurseIntoAttrs (lib.mapAttrs + (hostname: machine: + let + inherit (machine.config.deployment) + targetHost + unlockOverV4; + in + pkgs.writeShellScript "unlock-${hostname}" '' + set -exo pipefail + # opening luks fails if gpg-agent is not unlocked yet + pass "devices/${hostname}/luks" >/dev/null + ssh \ + ${lib.optionalString unlockOverV4 "-4"} \ + -p 2222 \ + "root@${targetHost}" \ + "cat > /crypt-ramfs/passphrase" < <(pass "devices/${hostname}/luks") + '') + self.nixosConfigurations); - updateInputs = pkgs.writeShellScriptBin "updateInputs" '' - set -e - git diff --exit-code -s flake.lock || (echo "Lockfile has unstaged changes, refusing to update." >&2 && exit 1) - git diff --cached --exit-code -s flake.lock || (echo "Lockfile has staged changes, refusing to update." >&2 && exit 1) - nix flake update - git diff --exit-code -s flake.lock && echo "Already up to date." && exit 0 - git commit -m "Update flake inputs" flake.lock - ''; + updateInputs = pkgs.writeShellScript "update-inputs" '' + set -e + git diff --exit-code -s flake.lock || (echo "Lockfile has unstaged changes, refusing to update." >&2 && exit 1) + git diff --cached --exit-code -s flake.lock || (echo "Lockfile has staged changes, refusing to update." >&2 && exit 1) + nix flake update + git diff --exit-code -s flake.lock && echo "Already up to date." && exit 0 + git commit -m "Update flake inputs" flake.lock + ''; - showKeyFingerprint = pkgs.writeShellScriptBin "showKeyFingerprint" '' - gpg --with-fingerprint --with-colons --show-key "keys/''${1}.asc" | awk -F: '$1 == "fpr" { print $10; exit }' - ''; - }; + showKeyFingerprint = pkgs.writeShellScript "show-key-fingerprint" '' + gpg --with-fingerprint --with-colons --show-key "keys/''${1}.asc" | awk -F: '$1 == "fpr" { print $10; exit }' + ''; + + }); devShell = pkgs.mkShell { buildInputs = (with pkgs; [