mirror of
https://github.com/kmein/niveum
synced 2026-03-16 10:11:08 +01:00
70 lines
2.2 KiB
Nix
70 lines
2.2 KiB
Nix
{ inputs, system, name }:
|
|
let
|
|
inherit (inputs) nixpkgs;
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
ensureFiles = paths: pkgs.runCommand "directory" {} ''
|
|
set -efu
|
|
mkdir $out
|
|
cd $out
|
|
${nixpkgs.lib.concatMapStringsSep "\n" (path: ''
|
|
mkdir -p "$(dirname ${nixpkgs.lib.escapeShellArg path})"
|
|
echo foo > ${nixpkgs.lib.escapeShellArg path}
|
|
'') paths}
|
|
'';
|
|
nixPath = nixpkgs.lib.concatStringsSep ":" ([
|
|
"niveum=${toString ./.}"
|
|
"nixos-config=${toString ./.}/systems/${name}/configuration.nix"
|
|
"system-secrets=${systemSecrets}"
|
|
"secrets=${sharedSecrets}"
|
|
] ++ nixpkgs.lib.mapAttrsToList (name: value: "${name}=${value}") inputs);
|
|
# cd ~/.password-store/shared && find * -type f | sed 's/.gpg$//'
|
|
sharedSecrets = ensureFiles [
|
|
"di.fm/key"
|
|
"eduroam/identity"
|
|
"eduroam/password"
|
|
"fritznas.smb"
|
|
"mail/cock"
|
|
"mail/fastmail"
|
|
"mail/gmail/amroplay"
|
|
"mail/gmail/kieran.meinhardt"
|
|
"mail/meinhaki"
|
|
"mail/meinhaki.cert"
|
|
"mail/posteo"
|
|
"nextcloud-fysi/password"
|
|
"nextcloud/password"
|
|
"openweathermap.key"
|
|
"posteo/password"
|
|
"spotify/password"
|
|
"spotify/username"
|
|
"traadfri.key"
|
|
"wifi/Aether.psk"
|
|
];
|
|
systemSecrets = let basic = [ "retiolum.ed25519" "retiolum.key" "syncthing/cert.pem" "syncthing/key.pem"]; in {
|
|
zaatar = ensureFiles ([ "moodle.token" "telegram/moodle-dl.token" ] ++ basic);
|
|
kabsa = ensureFiles basic;
|
|
manakish = ensureFiles basic;
|
|
makanek = ensureFiles ([
|
|
"irc/retiolum"
|
|
"irc/hackint"
|
|
"irc/libera"
|
|
"irc/oftc"
|
|
"matrix/nibbana"
|
|
"maxmind/license.key"
|
|
"moodle-dl/faye.token"
|
|
"nextcloud/admin"
|
|
"nextcloud/database"
|
|
"telegram/nachtischsatan.token"
|
|
"telegram/reverse.token"
|
|
"telegram/odyssey.token"
|
|
"telegram/betacode.token"
|
|
"telegram/moodle-dl.token"
|
|
"telegram/proverb.token"
|
|
"telegram/menstruation.token"
|
|
"telegram/cool_village.token"
|
|
"telegram/kmein.token"
|
|
"telegram/prometheus.token"
|
|
"weechat/relay"
|
|
] ++ basic);
|
|
}.${name};
|
|
in toString (pkgs.writers.writeDash "build" "NIX_PATH=${nixPath} nix-build '<nixpkgs/nixos>' -A system --dry-run")
|