Skip to content
Snippets Groups Projects
Select Git revision
1 result Searching

default.nix

Blame
    • Tom Prince's avatar
      52255d18
      Add a derivation that builds all three grids. · 52255d18
      Tom Prince authored 
      This is the derivation I use when running `nix store diff-closures` for the
weekly nixpkgs update.

The derivation also includes some attributes that are useful for exploring the
various grid configurations in the nix repl.
      52255d18
      History
      Add a derivation that builds all three grids.
      Tom Prince authored 
      This is the derivation I use when running `nix store diff-closures` for the
weekly nixpkgs update.

The derivation also includes some attributes that are useful for exploring the
various grid configurations in the nix repl.
    grid.nix 4.30 KiB 
    let
  pkgs = import <nixpkgs> { };

  gridlib = import ../../lib;
  grid-config = pkgs.lib.trivial.importJSON ./config.json;

  ssh-users = let
    ssh-users-file = ./public-keys/users.nix;
  in
    if builtins.pathExists ssh-users-file then
      import ssh-users-file
    else
      # Use builtins.toString so that nix does not add the file
      # to the nix store before including it in the string.
      throw ''
        ssh-keys for local grid are not configured.
        Refusing to build a possibly inaccessible configuration.
        Please create ${builtins.toString ssh-users-file} before building.
        See ${builtins.toString ./README.rst} for more information.
      '';

  # Module with per-grid configuration
  grid-module = {config, ...}: {
    imports = [
      gridlib.base
      # Allow us to remotely trigger updates to this system.
      ../../../nixos/modules/deployment.nix
      # Give it a good SSH configuration.
      ../../../nixos/modules/ssh.nix
      # Configure things specific to the virtualisation environment.
      gridlib.hardware-vagrant
    ];
    services.private-storage.sshUsers = ssh-users;

    # Include the ssh-users config in a form that can be read by nix,
    # so the self-update deployment system can access it.
    # nixos/modules/update-deployment imports the nix file into
    # the checkout of this repository it creates.
    environment.etc."nixos/ssh-users.json" = {
      # Output the loaded value, rather than just copying the file, in case the
      # file has external references.
      mode = "0666";
      text = builtins.toJSON ssh-users;
    };
    environment.etc."nixos/ssh-users.nix" = {
      # This is the file that is imported by update-deployment.
      # We don't directly read the JSON so that the script doesn't
      # depend on the format we use.
      mode = "0666";
      text = ''
        # Include the ssh-users config
        builtins.fromJSON (builtins.readFile ./ssh-users.json)
      '';
    };

    networking.domain = grid-config.domain;
    # Convert relative paths to absolute so library code can resolve names
    # correctly.
    grid = {
      publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
      privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
    };
    # Configure deployment management authorization for all systems in the grid.
    services.private-storage.deployment = {
      authorizedKey = builtins.readFile "${config.grid.publicKeyPath}/deploy_key.pub";
      gridName = "local";
    };
  };