summaryrefslogtreecommitdiff
path: root/system-profiles/rebuild-machines/default.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2024-08-12 11:01:16 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2024-08-12 11:01:16 +0200
commitfb9d0e3ebd7f5b3edd6746b9f247f16c51dce19d (patch)
tree149476f20dea4bf3be643a7042d74f02bdcdf8fb /system-profiles/rebuild-machines/default.nix
parente4d6497bbb8ebc9ee0e9caaa2151fc0ee37e142e (diff)
downloadnixos-fb9d0e3ebd7f5b3edd6746b9f247f16c51dce19d.tar
nixos-fb9d0e3ebd7f5b3edd6746b9f247f16c51dce19d.tar.gz
nixos-fb9d0e3ebd7f5b3edd6746b9f247f16c51dce19d.tar.bz2
nixos-fb9d0e3ebd7f5b3edd6746b9f247f16c51dce19d.tar.xz
nixos-fb9d0e3ebd7f5b3edd6746b9f247f16c51dce19d.zip
...
Diffstat (limited to 'system-profiles/rebuild-machines/default.nix')
-rw-r--r--system-profiles/rebuild-machines/default.nix12
1 files changed, 7 insertions, 5 deletions
diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix
index cc01f66b..544f47e1 100644
--- a/system-profiles/rebuild-machines/default.nix
+++ b/system-profiles/rebuild-machines/default.nix
@@ -15,7 +15,7 @@ let
15 ''; 15 '';
16 16
17 knownHostsFile = pkgs.writeText "known_hosts" (concatMapStringsSep "\n" (kPath: cfg.repoHost + " " + readFile kPath) (attrValues cfg.repoPubkeys)); 17 knownHostsFile = pkgs.writeText "known_hosts" (concatMapStringsSep "\n" (kPath: cfg.repoHost + " " + readFile kPath) (attrValues cfg.repoPubkeys));
18 18
19 rebuildScript = pkgs.stdenv.mkDerivation { 19 rebuildScript = pkgs.stdenv.mkDerivation {
20 name = "rebuild-${hostName}"; 20 name = "rebuild-${hostName}";
21 21
@@ -52,7 +52,7 @@ in {
52 Name of the script wrapping <literal>nixos-rebuild</literal> 52 Name of the script wrapping <literal>nixos-rebuild</literal>
53 ''; 53 '';
54 }; 54 };
55 55
56 flake = mkOption { 56 flake = mkOption {
57 type = types.submodule { 57 type = types.submodule {
58 options = { 58 options = {
@@ -79,7 +79,7 @@ in {
79 type = types.str; 79 type = types.str;
80 default = "git.yggdrasil.li"; 80 default = "git.yggdrasil.li";
81 }; 81 };
82 82
83 repoUser = mkOption { 83 repoUser = mkOption {
84 type = types.str; 84 type = types.str;
85 default = "gitolite"; 85 default = "gitolite";
@@ -88,11 +88,13 @@ in {
88 repoPubkeys = mkOption { 88 repoPubkeys = mkOption {
89 type = types.attrsOf types.path; 89 type = types.attrsOf types.path;
90 default = genAttrs ["rsa" "ed25519"] (kType: ./ssh-pub + "/${cfg.repoHost}-${kType}.pub"); 90 default = genAttrs ["rsa" "ed25519"] (kType: ./ssh-pub + "/${cfg.repoHost}-${kType}.pub");
91 defaultText = literalExpression ''genAttrs ["rsa" "ed25519"] (kType: ./ssh-pub + "/''${cfg.repoHost}-''${kType}.pub")'';
91 }; 92 };
92 93
93 repoPrivkey = mkOption { 94 repoPrivkey = mkOption {
94 type = types.path; 95 type = types.path;
95 default = ./ssh + "/${hostName}/private"; 96 default = ./ssh + "/${hostName}/private";
97 defaultText = literalExpression ''./ssh + "/''${hostName}/private"'';
96 }; 98 };
97 99
98 sopsName = mkOption { 100 sopsName = mkOption {
@@ -115,14 +117,14 @@ in {
115 }; 117 };
116 }; 118 };
117 }; 119 };
118 120
119 config = { 121 config = {
120 assertions = [ 122 assertions = [
121 { assertion = isNull cfg.sopsConfig || (!(isNull cfg.sopsName)); 123 { assertion = isNull cfg.sopsConfig || (!(isNull cfg.sopsName));
122 message = "If option sopsConfig is not null option sopsName may not be null"; 124 message = "If option sopsConfig is not null option sopsName may not be null";
123 } 125 }
124 ]; 126 ];
125 127
126 sops.secrets = mkIf (!(isNull cfg.sopsConfig)) { 128 sops.secrets = mkIf (!(isNull cfg.sopsConfig)) {
127 "${cfg.sopsName}" = { 129 "${cfg.sopsName}" = {
128 sopsFile = cfg.repoPrivkey; 130 sopsFile = cfg.repoPrivkey;