flake: Specify apps in the way nix expects it
It has to be a flat attribute set of { type = "app"; program = "…"; },
otherwise nix will still run it, but `nix flake show` fails.
This commit is contained in:
parent
d19bfb9c2c
commit
54610a130a
GPG key ID:
8D3C82F9F309F8EC
130
flake.nix
130
flake.nix
|
|
@ -69,74 +69,78 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
apps = {
|
apps = lib.mapAttrs
|
||||||
deploy = lib.mapAttrs
|
(name: program: { type = "app"; program = toString program; })
|
||||||
(hostname: machine:
|
(flake-utils.lib.flattenTree {
|
||||||
let
|
deploy = lib.recurseIntoAttrs (lib.mapAttrs
|
||||||
inherit (krops.packages.${system}) writeCommand;
|
(hostname: machine:
|
||||||
inherit (krops) lib;
|
let
|
||||||
in
|
inherit (krops.packages.${system}) writeCommand;
|
||||||
writeCommand "/bin/deploy-${hostname}" {
|
inherit (krops) lib;
|
||||||
target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // {
|
in
|
||||||
extraOptions = [
|
writeCommand "deploy-${hostname}" {
|
||||||
# force allocation of tty to allow aborting with ^C and to show build progress
|
target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // {
|
||||||
"-t"
|
extraOptions = [
|
||||||
];
|
# force allocation of tty to allow aborting with ^C and to show build progress
|
||||||
};
|
"-t"
|
||||||
source = lib.evalSource (lib.singleton {
|
|
||||||
config.file = {
|
|
||||||
path = toString ./.;
|
|
||||||
useChecksum = true;
|
|
||||||
filters = [
|
|
||||||
{
|
|
||||||
type = "include";
|
|
||||||
pattern = "/machines/${hostname}/";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
type = "exclude";
|
|
||||||
pattern = "/machines/*/";
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
});
|
source = lib.evalSource (lib.singleton {
|
||||||
command = targetPath: ''
|
config.file = {
|
||||||
nixos-rebuild switch --flake ${targetPath}/config -L --keep-going
|
path = toString ./.;
|
||||||
'';
|
useChecksum = true;
|
||||||
})
|
filters = [
|
||||||
self.nixosConfigurations;
|
{
|
||||||
|
type = "include";
|
||||||
|
pattern = "/machines/${hostname}/";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
type = "exclude";
|
||||||
|
pattern = "/machines/*/";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
});
|
||||||
|
command = targetPath: ''
|
||||||
|
nixos-rebuild switch --flake ${targetPath}/config -L --keep-going
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
)
|
||||||
|
self.nixosConfigurations);
|
||||||
|
|
||||||
unlock = lib.mapAttrs
|
unlock = lib.recurseIntoAttrs (lib.mapAttrs
|
||||||
(hostname: machine:
|
(hostname: machine:
|
||||||
let
|
let
|
||||||
inherit (machine.config.deployment)
|
inherit (machine.config.deployment)
|
||||||
targetHost
|
targetHost
|
||||||
unlockOverV4;
|
unlockOverV4;
|
||||||
in
|
in
|
||||||
pkgs.writeShellScriptBin hostname ''
|
pkgs.writeShellScript "unlock-${hostname}" ''
|
||||||
set -exo pipefail
|
set -exo pipefail
|
||||||
# opening luks fails if gpg-agent is not unlocked yet
|
# opening luks fails if gpg-agent is not unlocked yet
|
||||||
pass "devices/${hostname}/luks" >/dev/null
|
pass "devices/${hostname}/luks" >/dev/null
|
||||||
ssh \
|
ssh \
|
||||||
${lib.optionalString unlockOverV4 "-4"} \
|
${lib.optionalString unlockOverV4 "-4"} \
|
||||||
-p 2222 \
|
-p 2222 \
|
||||||
"root@${targetHost}" \
|
"root@${targetHost}" \
|
||||||
"cat > /crypt-ramfs/passphrase" < <(pass "devices/${hostname}/luks")
|
"cat > /crypt-ramfs/passphrase" < <(pass "devices/${hostname}/luks")
|
||||||
'')
|
'')
|
||||||
self.nixosConfigurations;
|
self.nixosConfigurations);
|
||||||
|
|
||||||
updateInputs = pkgs.writeShellScriptBin "updateInputs" ''
|
updateInputs = pkgs.writeShellScript "update-inputs" ''
|
||||||
set -e
|
set -e
|
||||||
git diff --exit-code -s flake.lock || (echo "Lockfile has unstaged changes, refusing to update." >&2 && exit 1)
|
git diff --exit-code -s flake.lock || (echo "Lockfile has unstaged changes, refusing to update." >&2 && exit 1)
|
||||||
git diff --cached --exit-code -s flake.lock || (echo "Lockfile has staged changes, refusing to update." >&2 && exit 1)
|
git diff --cached --exit-code -s flake.lock || (echo "Lockfile has staged changes, refusing to update." >&2 && exit 1)
|
||||||
nix flake update
|
nix flake update
|
||||||
git diff --exit-code -s flake.lock && echo "Already up to date." && exit 0
|
git diff --exit-code -s flake.lock && echo "Already up to date." && exit 0
|
||||||
git commit -m "Update flake inputs" flake.lock
|
git commit -m "Update flake inputs" flake.lock
|
||||||
'';
|
'';
|
||||||
|
|
||||||
showKeyFingerprint = pkgs.writeShellScriptBin "showKeyFingerprint" ''
|
showKeyFingerprint = pkgs.writeShellScript "show-key-fingerprint" ''
|
||||||
gpg --with-fingerprint --with-colons --show-key "keys/''${1}.asc" | awk -F: '$1 == "fpr" { print $10; exit }'
|
gpg --with-fingerprint --with-colons --show-key "keys/''${1}.asc" | awk -F: '$1 == "fpr" { print $10; exit }'
|
||||||
'';
|
'';
|
||||||
};
|
|
||||||
|
});
|
||||||
|
|
||||||
devShell = pkgs.mkShell {
|
devShell = pkgs.mkShell {
|
||||||
buildInputs = (with pkgs; [
|
buildInputs = (with pkgs; [
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue