rename machines
-> hosts
- shorter. - congruent with `nixos-rebuild .` choosing what to build based on `hostname`. - more widely used within other nix repos i've seen. - more accurate in the case that i migrate a host to a different machine (which i plan to do with servo).
This commit is contained in:
parent
8fc6b05c07
commit
43fa7fdd9f
28
flake.nix
28
flake.nix
|
@ -45,7 +45,7 @@
|
|||
nixpkgsFor = local: target: import (patchedPkgs target) { crossSystem = target; localSystem = local; };
|
||||
# evaluate ONLY our overlay, for the provided system
|
||||
customPackagesFor = local: target: import ./pkgs/overlay.nix (nixpkgsFor local target) (nixpkgsFor local target);
|
||||
decl-machine = { name, local, target }:
|
||||
decl-host = { name, local, target }:
|
||||
let
|
||||
nixosSystem = import ((patchedPkgs target) + "/nixos/lib/eval-config.nix");
|
||||
in (nixosSystem {
|
||||
|
@ -54,7 +54,7 @@
|
|||
specialArgs = { inherit mobile-nixos home-manager impermanence; };
|
||||
modules = [
|
||||
./modules
|
||||
(import ./machines/instantiate.nix name)
|
||||
(import ./hosts/instantiate.nix name)
|
||||
home-manager.nixosModule
|
||||
impermanence.nixosModule
|
||||
sops-nix.nixosModules.sops
|
||||
|
@ -77,8 +77,8 @@
|
|||
];
|
||||
});
|
||||
|
||||
decl-bootable-machine = { name, local, target }: rec {
|
||||
nixosConfiguration = decl-machine { inherit name local target; };
|
||||
decl-bootable-host = { name, local, target }: rec {
|
||||
nixosConfiguration = decl-host { inherit name local target; };
|
||||
# this produces a EFI-bootable .img file (GPT with a /boot partition and a system (/ or /nix) partition).
|
||||
# after building this:
|
||||
# - flash it to a bootable medium (SD card, flash drive, HDD)
|
||||
|
@ -91,23 +91,23 @@
|
|||
# - boot
|
||||
# - if fs wasn't resized automatically, then `sudo btrfs filesystem resize max /`
|
||||
# - checkout this flake into /etc/nixos AND UPDATE THE FS UUIDS.
|
||||
# - `nixos-rebuild --flake './#<machine>' switch`
|
||||
# - `nixos-rebuild --flake './#<host>' switch`
|
||||
img = nixosConfiguration.config.system.build.img;
|
||||
};
|
||||
machines.servo = decl-bootable-machine { name = "servo"; local = "aarch64-linux"; target = "aarch64-linux"; };
|
||||
machines.desko = decl-bootable-machine { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||
machines.lappy = decl-bootable-machine { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||
machines.moby = decl-bootable-machine { name = "moby"; local = "aarch64-linux"; target = "aarch64-linux"; };
|
||||
hosts.servo = decl-bootable-host { name = "servo"; local = "aarch64-linux"; target = "aarch64-linux"; };
|
||||
hosts.desko = decl-bootable-host { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||
hosts.lappy = decl-bootable-host { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||
hosts.moby = decl-bootable-host { name = "moby"; local = "aarch64-linux"; target = "aarch64-linux"; };
|
||||
# special cross-compiled variant, to speed up deploys from an x86 box to the arm target
|
||||
# note that these *do* produce different store paths, because the closure for the tools used to cross compile
|
||||
# v.s. emulate differ.
|
||||
# so deploying foo-cross and then foo incurs some rebuilding.
|
||||
machines.servo-cross = decl-bootable-machine { name = "servo"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
||||
machines.moby-cross = decl-bootable-machine { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
||||
machines.rescue = decl-bootable-machine { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||
hosts.servo-cross = decl-bootable-host { name = "servo"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
||||
hosts.moby-cross = decl-bootable-host { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
||||
hosts.rescue = decl-bootable-host { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||
in {
|
||||
nixosConfigurations = builtins.mapAttrs (name: value: value.nixosConfiguration) machines;
|
||||
imgs = builtins.mapAttrs (name: value: value.img) machines;
|
||||
nixosConfigurations = builtins.mapAttrs (name: value: value.nixosConfiguration) hosts;
|
||||
imgs = builtins.mapAttrs (name: value: value.img) hosts;
|
||||
packages = let
|
||||
allPkgsFor = sys: (customPackagesFor sys sys) // {
|
||||
nixpkgs = nixpkgsFor sys sys;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# trampoline from flake.nix into the specific machine definition, while doing a tiny bit of common setup
|
||||
# trampoline from flake.nix into the specific host definition, while doing a tiny bit of common setup
|
||||
|
||||
hostName: { ... }: {
|
||||
imports = [
|
|
@ -29,7 +29,7 @@ in
|
|||
sane.allocations.colin-uid = mkId 1000;
|
||||
sane.allocations.guest-uid = mkId 1100;
|
||||
|
||||
# found on all machines
|
||||
# found on all hosts
|
||||
sane.allocations.sshd-uid = mkId 2001; # 997
|
||||
sane.allocations.sshd-gid = mkId 2001; # 997
|
||||
sane.allocations.polkituser-gid = mkId 2002; # 998
|
||||
|
@ -39,15 +39,15 @@ in
|
|||
sane.allocations.systemd-oom-uid = mkId 2005;
|
||||
sane.allocations.systemd-oom-gid = mkId 2005;
|
||||
|
||||
# found on graphical machines
|
||||
# found on graphical hosts
|
||||
sane.allocations.nm-iodine-uid = mkId 2101; # desko/moby/lappy
|
||||
|
||||
# found on desko machine
|
||||
# found on desko host
|
||||
sane.allocations.usbmux-uid = mkId 2204;
|
||||
sane.allocations.usbmux-gid = mkId 2204;
|
||||
|
||||
|
||||
# originally found on moby machine
|
||||
# originally found on moby host
|
||||
sane.allocations.avahi-uid = mkId 2304;
|
||||
sane.allocations.avahi-gid = mkId 2304;
|
||||
sane.allocations.colord-uid = mkId 2305;
|
||||
|
|
|
@ -27,8 +27,8 @@ let
|
|||
};
|
||||
in {
|
||||
# map hostname -> something suitable for known_keys
|
||||
hosts = builtins.mapAttrs (machine: keys: withHost machine keys.host) keys;
|
||||
hosts = builtins.mapAttrs (host: keys: withHost host keys.host) keys;
|
||||
# map hostname -> something suitable for authorized_keys to allow access to colin@<hostname>
|
||||
users = builtins.mapAttrs (machine: keys: withUser "colin@${machine}" keys.users.colin) keys;
|
||||
users = builtins.mapAttrs (host: keys: withUser "colin@${host}" keys.users.colin) keys;
|
||||
}
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
# add the result to .sops.yaml
|
||||
# since we specify ssh pubkeys in the nix config, you can just grep for `ssh-ed25519` here and use those instead
|
||||
#
|
||||
# for each machine you want to decrypt secrets:
|
||||
# for each host you want to decrypt secrets:
|
||||
# $ cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
||||
# add the result to .sops.yaml
|
||||
# $ sops updatekeys secrets/example.yaml
|
||||
|
|
Loading…
Reference in New Issue
Block a user