move authorized keys to flake input

This commit is contained in:
jopejoe1 2024-11-17 20:29:04 +01:00
parent 53e33a6641
commit 33f7ac0cda
Signed by: jopejoe1
SSH key fingerprint: SHA256:iesNfL4WU4CO65/llSGLFqmep76oYWfWLfl6HUPt2nk
3 changed files with 51 additions and 27 deletions

View file

@ -6,15 +6,10 @@
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix # - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings # - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
{ config, pkgs, lib, ... }: { config, pkgs, lib, inputs, ... }:
let let
authorizedKeysRepo = builtins.fetchGit { authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${inputs.authorizedKeysRepo}/authorized_keys"));
url = "forgejo@git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git";
ref = "trunk";
rev = "686a6af22f6696f0c0595c56f463c078550049fc";
};
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
in in
{ {
users.mutableUsers = false; users.mutableUsers = false;

View file

@ -1,5 +1,23 @@
{ {
"nodes": { "nodes": {
"authorizedKeysRepo": {
"flake": false,
"locked": {
"lastModified": 1731276342,
"narHash": "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=",
"ref": "trunk",
"rev": "686a6af22f6696f0c0595c56f463c078550049fc",
"revCount": 17,
"type": "git",
"url": "https://git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git"
},
"original": {
"ref": "trunk",
"rev": "686a6af22f6696f0c0595c56f463c078550049fc",
"type": "git",
"url": "https://git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git"
}
},
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1731200463, "lastModified": 1731200463,
@ -68,6 +86,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"authorizedKeysRepo": "authorizedKeysRepo",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"

View file

@ -20,10 +20,18 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
authorizedKeysRepo = {
url = "git+https://git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git?ref=trunk&rev=686a6af22f6696f0c0595c56f463c078550049fc";
flake = false;
};
}; };
outputs = { self, nixpkgs, nixos-generators, sops-nix, ... }: outputs = { self, nixpkgs, nixos-generators, sops-nix, ... }@inputs:
let let
specialArgs = {
inherit inputs;
};
system = "x86_64-linux"; system = "x86_64-linux";
in in
{ {
@ -43,7 +51,7 @@
}; };
nixosConfigurations = { nixosConfigurations = {
audio-hauptraum-kueche = nixpkgs.lib.nixosSystem { audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -53,7 +61,7 @@
}; };
audio-hauptraum-tafel = nixpkgs.lib.nixosSystem { audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -63,7 +71,7 @@
}; };
esphome = nixpkgs.lib.nixosSystem { esphome = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -72,7 +80,7 @@
}; };
public-reverse-proxy = nixpkgs.lib.nixosSystem { public-reverse-proxy = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -81,7 +89,7 @@
}; };
netbox = nixpkgs.lib.nixosSystem { netbox = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -92,7 +100,7 @@
}; };
matrix = nixpkgs.lib.nixosSystem { matrix = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -103,7 +111,7 @@
}; };
public-web-static = nixpkgs.lib.nixosSystem { public-web-static = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -114,7 +122,7 @@
}; };
git = nixpkgs.lib.nixosSystem { git = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -125,7 +133,7 @@
}; };
forgejo-actions-runner = nixpkgs.lib.nixosSystem { forgejo-actions-runner = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -136,7 +144,7 @@
}; };
ptouch-print-server = nixpkgs.lib.nixosSystem { ptouch-print-server = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -145,7 +153,7 @@
}; };
eh22-wiki = nixpkgs.lib.nixosSystem { eh22-wiki = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -155,7 +163,7 @@
}; };
nix-box-june = nixpkgs.lib.nixosSystem { nix-box-june = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -165,7 +173,7 @@
}; };
yate = nixpkgs.lib.nixosSystem { yate = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -174,7 +182,7 @@
}; };
mqtt = nixpkgs.lib.nixosSystem { mqtt = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -183,7 +191,7 @@
}; };
mjolnir = nixpkgs.lib.nixosSystem { mjolnir = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -194,7 +202,7 @@
}; };
woodpecker = nixpkgs.lib.nixosSystem { woodpecker = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -205,7 +213,7 @@
}; };
status = nixpkgs.lib.nixosSystem { status = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -215,7 +223,7 @@
}; };
penpot = nixpkgs.lib.nixosSystem { penpot = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -226,7 +234,7 @@
}; };
hydra = nixpkgs.lib.nixosSystem { hydra = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -238,6 +246,7 @@
packages.x86_64-linux = { packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate { proxmox-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./config/nixos-generators/proxmox.nix ./config/nixos-generators/proxmox.nix
@ -248,6 +257,7 @@
}; };
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate { proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./config/nixos-generators/proxmox-chaosknoten.nix ./config/nixos-generators/proxmox-chaosknoten.nix