Skip to content
Snippets Groups Projects
Select Git revision
1 result Searching

default.nix

Blame
    • Tom Prince's avatar
      52255d18
      Add a derivation that builds all three grids. · 52255d18
      Tom Prince authored
      This is the derivation I use when running `nix store diff-closures` for the
      weekly nixpkgs update.
      
      The derivation also includes some attributes that are useful for exploring the
      various grid configurations in the nix repl.
      52255d18
      History
      Add a derivation that builds all three grids.
      Tom Prince authored
      This is the derivation I use when running `nix store diff-closures` for the
      weekly nixpkgs update.
      
      The derivation also includes some attributes that are useful for exploring the
      various grid configurations in the nix repl.
    grid.nix 4.30 KiB
    let
      pkgs = import <nixpkgs> { };
    
      gridlib = import ../../lib;
      grid-config = pkgs.lib.trivial.importJSON ./config.json;
    
      ssh-users = let
        ssh-users-file = ./public-keys/users.nix;
      in
        if builtins.pathExists ssh-users-file then
          import ssh-users-file
        else
          # Use builtins.toString so that nix does not add the file
          # to the nix store before including it in the string.
          throw ''
            ssh-keys for local grid are not configured.
            Refusing to build a possibly inaccessible configuration.
            Please create ${builtins.toString ssh-users-file} before building.
            See ${builtins.toString ./README.rst} for more information.
          '';
    
      # Module with per-grid configuration
      grid-module = {config, ...}: {
        imports = [
          gridlib.base
          # Allow us to remotely trigger updates to this system.
          ../../../nixos/modules/deployment.nix
          # Give it a good SSH configuration.
          ../../../nixos/modules/ssh.nix
          # Configure things specific to the virtualisation environment.
          gridlib.hardware-vagrant
        ];
        services.private-storage.sshUsers = ssh-users;
    
        # Include the ssh-users config in a form that can be read by nix,
        # so the self-update deployment system can access it.
        # nixos/modules/update-deployment imports the nix file into
        # the checkout of this repository it creates.
        environment.etc."nixos/ssh-users.json" = {
          # Output the loaded value, rather than just copying the file, in case the
          # file has external references.
          mode = "0666";
          text = builtins.toJSON ssh-users;
        };
        environment.etc."nixos/ssh-users.nix" = {
          # This is the file that is imported by update-deployment.
          # We don't directly read the JSON so that the script doesn't
          # depend on the format we use.
          mode = "0666";
          text = ''
            # Include the ssh-users config
            builtins.fromJSON (builtins.readFile ./ssh-users.json)
          '';
        };
    
        networking.domain = grid-config.domain;
        # Convert relative paths to absolute so library code can resolve names
        # correctly.
        grid = {
          publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
          privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
          inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
        };
        # Configure deployment management authorization for all systems in the grid.
        services.private-storage.deployment = {
          authorizedKey = builtins.readFile "${config.grid.publicKeyPath}/deploy_key.pub";
          gridName = "local";
        };
      };