From c9b0fd25e15f9ed39a4a0b0cb08106ab5776eb36 Mon Sep 17 00:00:00 2001
From: Tom Prince <tom.prince@private.storage>
Date: Fri, 27 Aug 2021 02:47:43 -0600
Subject: [PATCH] stuff
---
flake.lock | 79 ++++++++++++++++++++++++++++++++++++++++++++++
flake.nix | 40 +++++++++++++++++++++++
morph/lib/base.nix | 39 +++++++++++++++++++++++
nix.conf | 9 ++++++
4 files changed, 167 insertions(+)
create mode 100644 flake.lock
create mode 100644 flake.nix
create mode 100644 morph/lib/base.nix
create mode 100644 nix.conf
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..a3a0b77
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,79 @@
+{
+ "nodes": {
+ "arion-src": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1630050960,
+ "narHash": "sha256-rWJCFu/RJLlUaW9XaPuI89wHnWipWQ10hbjnIeVwVWw=",
+ "owner": "tp-la",
+ "repo": "arion",
+ "rev": "3d45133a627a5aa1bb0c195f169ca1247e91c748",
+ "type": "github"
+ },
+ "original": {
+ "owner": "tp-la",
+ "ref": "hack",
+ "repo": "arion",
+ "type": "github"
+ }
+ },
+ "flake-utils": {
+ "locked": {
+ "lastModified": 1629481132,
+ "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "997f7efcb746a9c140ce1f13c72263189225f482",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "narHash": "sha256-FfgFiOVzSNqsdBAu0nu7ErfEShESh84i0Ct7aALbXwA=",
+ "type": "tarball",
+ "url": "https://releases.nixos.org/nixos/21.05/nixos-21.05.804.5de44c15758/nixexprs.tar.xz"
+ },
+ "original": {
+ "narHash": "sha256-FfgFiOVzSNqsdBAu0nu7ErfEShESh84i0Ct7aALbXwA=",
+ "type": "tarball",
+ "url": "https://releases.nixos.org/nixos/21.05/nixos-21.05.804.5de44c15758/nixexprs.tar.xz"
+ }
+ },
+ "ourpkgs": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1629944853,
+ "narHash": "sha256-/VRt93pML2HV/+34yc2M2x9P9go/5AgJ1dAMVlpgddM=",
+ "owner": "tp-la",
+ "repo": "nixpkgs",
+ "rev": "f0dbe36042a70e3601f287a887274fe82e3a95fd",
+ "type": "github"
+ },
+ "original": {
+ "owner": "tp-la",
+ "ref": "update-haskell.nix",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "arion-src": "arion-src",
+ "flake-utils": "flake-utils",
+ "nixpkgs": "nixpkgs",
+ "ourpkgs": "ourpkgs"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..d6a55c0
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,40 @@
+{
+ description = "A very basic flake";
+
+ inputs = {
+ nixpkgs = {
+ type = "tarball";
+ url = "https://releases.nixos.org/nixos/21.05/nixos-21.05.804.5de44c15758/nixexprs.tar.xz";
+ narHash = "sha256-FfgFiOVzSNqsdBAu0nu7ErfEShESh84i0Ct7aALbXwA=";
+ };
+ ourpkgs = {
+ type = "github";
+ owner = "tp-la";
+ repo = "nixpkgs";
+ ref = "update-haskell.nix";
+ flake = false;
+ };
+ arion-src = {
+ type = "github";
+ owner = "tp-la";
+ repo = "arion";
+ ref = "hack";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+ flake-utils.url = "github:numtide/flake-utils";
+ };
+
+ outputs = { self, flake-utils, nixpkgs, ourpkgs, arion-src }:
+ let
+ build-output = import "${self}/arion.nix";
+ system = "x86_64-linux";
+ lib = nixpkgs.lib;
+ outputs = build-output rec {
+ inherit self arion-src;
+ pkgs = nixpkgs.legacyPackages.${system};
+ lib = nixpkgs.legacyPackages.${system}.lib;
+ ourpkgs = import ourpkgs.outPath { inherit system; };
+ arion-eval = args: arion-src.lib.eval ({inherit pkgs;} // args);
+ };
+ in {x = outputs; y = self.outputs;};
+}
diff --git a/morph/lib/base.nix b/morph/lib/base.nix
new file mode 100644
index 0000000..bf120bb
--- /dev/null
+++ b/morph/lib/base.nix
@@ -0,0 +1,39 @@
+{ lib, config, ...}:
+{
+ options.grid = {
+ publicKeyPath = lib.mkOption {
+ type = lib.types.path;
+ description = ''
+ A path on the deployment system of a directory containing all of the
+ public keys for the system. For example, this holds Wireguard public keys
+ for the VPN configuration and SSH public keys to configure SSH
+ authentication.
+ '';
+ };
+ privateKeyPath = lib.mkOption {
+ type = lib.types.path;
+ description = ''
+ A path on the deployment system of a directory containing all of the
+ corresponding private keys for the system.
+ '';
+ };
+ };
+
+ imports = [
+ # Give it a good SSH configuration.
+ ../../nixos/modules/ssh.nix
+ # Allow us to remotely trigger updates to this system.
+ ../../nixos/modules/deployment.nix
+ ];
+
+ config = {
+ passthru.vpn-ip = config.monitoringvpnIPv4;
+ # The morph default deployment target the name of the node in the network
+ # attrset. We don't always want to give the node its proper public address
+ # there (because it depends on which domain is associated with the grid
+ # being configured and using variable names complicates a lot of things).
+ # Instead, just tell morph how to reach the node here - by using its fully
+ # qualified domain name.
+ deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
+ };
+}
diff --git a/nix.conf b/nix.conf
new file mode 100644
index 0000000..227bfba
--- /dev/null
+++ b/nix.conf
@@ -0,0 +1,9 @@
+sandbox = false
+experimental-features = nix-command flakes
+substitute = true
+substituters = https://cache.nixos.org/ http://saxtons.private.storage/ https://hydra.iohk.io
+trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= saxtons.private.storage:MplOcEH8G/6mRlhlKkbA8GdeFR3dhCFsSszrspE/ZwY= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=
+
+keep-outputs = true
+keep-env-derivations = true
+
--
GitLab