jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
extremist-software/flake.nix

68 lines
2 KiB
Nix
Raw Blame History

{
description = "NixOS Configuration for extremist.software Hetzner VPS";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
mymx.url = "git+https://git.extremist.software/jet/mymx";
mymx.inputs.nixpkgs.follows = "nixpkgs";
website.url = "git+https://git.extremist.software/jet/website";
website.inputs.nixpkgs.follows = "nixpkgs";
noisebell.url = "git+https://git.extremist.software/jet/noisebell";
noisebell.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, disko, ... }@inputs: {
nixosConfigurations.extremist-software = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
disko.nixosModules.disko
inputs.mymx.nixosModules.default
inputs.website.nixosModules.default
inputs.agenix.nixosModules.default
inputs.noisebell.nixosModules.default
./disk-config.nix
./configuration.nix
];
};
devShells.x86_64-linux.default = let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
deploy = pkgs.writeShellScriptBin "nhs" ''
nh os switch --hostname extremist-software --target-host root@extremist-software path:. "$@"
'';
check-secrets = pkgs.writeShellScriptBin "check-secrets" ''
set -euo pipefail
failed=0
for f in secrets/*.age; do
last=$(agenix -d "$f" | tail -c 1 | od -An -tx1 | tr -d ' \n')
if [ "$last" = "0a" ]; then
echo "FAIL: $f has trailing newline"
failed=1
fi
done
if [ "$failed" -eq 0 ]; then
echo "All secrets OK: no trailing newlines"
fi
exit $failed
'';
in pkgs.mkShell {
packages = [
pkgs.nh
inputs.agenix.packages.x86_64-linux.default
deploy
check-secrets
];
};
};
}
Reference in a new issue View git blame Copy permalink