From 33f7ac0cda56fc5c08c7dc977c3b077eb9846545 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Sun, 17 Nov 2024 20:29:04 +0100 Subject: [PATCH] move authorized keys to flake input --- config/common/users.nix | 9 ++------ flake.lock | 19 ++++++++++++++++ flake.nix | 50 ++++++++++++++++++++++++----------------- 3 files changed, 51 insertions(+), 27 deletions(-) diff --git a/config/common/users.nix b/config/common/users.nix index 400a106..fd0c1bb 100644 --- a/config/common/users.nix +++ b/config/common/users.nix @@ -6,15 +6,10 @@ # - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix # - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, inputs, ... }: let - authorizedKeysRepo = builtins.fetchGit { - url = "forgejo@git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git"; - ref = "trunk"; - rev = "686a6af22f6696f0c0595c56f463c078550049fc"; - }; - authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys")); + authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${inputs.authorizedKeysRepo}/authorized_keys")); in { users.mutableUsers = false; diff --git a/flake.lock b/flake.lock index a41bdb5..bd78ff8 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,23 @@ { "nodes": { + "authorizedKeysRepo": { + "flake": false, + "locked": { + "lastModified": 1731276342, + "narHash": "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=", + "ref": "trunk", + "rev": "686a6af22f6696f0c0595c56f463c078550049fc", + "revCount": 17, + "type": "git", + "url": "https://git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git" + }, + "original": { + "ref": "trunk", + "rev": "686a6af22f6696f0c0595c56f463c078550049fc", + "type": "git", + "url": "https://git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git" + } + }, "nixlib": { "locked": { "lastModified": 1731200463, @@ -68,6 +86,7 @@ }, "root": { "inputs": { + "authorizedKeysRepo": "authorizedKeysRepo", "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs_2", "sops-nix": "sops-nix" diff --git a/flake.nix b/flake.nix index 5d1d5e3..349e530 100644 --- a/flake.nix +++ b/flake.nix @@ -20,10 +20,18 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + authorizedKeysRepo = { + url = "git+https://git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git?ref=trunk&rev=686a6af22f6696f0c0595c56f463c078550049fc"; + flake = false; + }; }; - outputs = { self, nixpkgs, nixos-generators, sops-nix, ... }: + outputs = { self, nixpkgs, nixos-generators, sops-nix, ... }@inputs: let + specialArgs = { + inherit inputs; + }; system = "x86_64-linux"; in { @@ -43,7 +51,7 @@ }; nixosConfigurations = { audio-hauptraum-kueche = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -53,7 +61,7 @@ }; audio-hauptraum-tafel = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -63,7 +71,7 @@ }; esphome = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -72,7 +80,7 @@ }; public-reverse-proxy = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -81,7 +89,7 @@ }; netbox = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -92,7 +100,7 @@ }; matrix = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -103,7 +111,7 @@ }; public-web-static = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -114,7 +122,7 @@ }; git = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -125,7 +133,7 @@ }; forgejo-actions-runner = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -136,7 +144,7 @@ }; ptouch-print-server = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -145,7 +153,7 @@ }; eh22-wiki = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -155,7 +163,7 @@ }; nix-box-june = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -165,7 +173,7 @@ }; yate = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -174,7 +182,7 @@ }; mqtt = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -183,7 +191,7 @@ }; mjolnir = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -194,7 +202,7 @@ }; woodpecker = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -205,7 +213,7 @@ }; status = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -215,7 +223,7 @@ }; penpot = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -226,7 +234,7 @@ }; hydra = nixpkgs.lib.nixosSystem { - inherit system; + inherit system specialArgs; modules = [ self.nixosModules.common self.nixosModules.proxmox-vm @@ -238,6 +246,7 @@ packages.x86_64-linux = { proxmox-nixos-template = nixos-generators.nixosGenerate { + inherit specialArgs; system = "x86_64-linux"; modules = [ ./config/nixos-generators/proxmox.nix @@ -248,6 +257,7 @@ }; proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate { + inherit specialArgs; system = "x86_64-linux"; modules = [ ./config/nixos-generators/proxmox-chaosknoten.nix