gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/modules/extern/nixos/nix.nix
arcnmx 9903866044 chore: nf-fmt-nix
2024-05-13 15:31:34 -07:00

176 lines
4.8 KiB
Nix
Raw Blame History

{
config,
options,
lib,
gensokyo-zone,
...
}: let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkDefault;
inherit (gensokyo-zone.lib) unmerged mkAlmostOptionDefault;
cfg = config.gensokyo-zone.nix;
nixModule = {
lib,
gensokyo-zone,
nixosConfig,
nixosOptions,
config,
...
}: let
inherit (gensokyo-zone.lib) unmerged domain;
inherit (lib.modules) mkOptionDefault;
inherit (nixosConfig.gensokyo-zone) access;
in {
options = with lib.types; {
enable = mkEnableOption "nix settings";
cache = {
arc.enable = mkEnableOption "arc cache";
infrastructure.enable =
mkEnableOption "gensokyo-infrastructure cache"
// {
default = true;
};
};
builder = {
enable = mkEnableOption "aya nixbld remote builder";
cross = {
aarch64 = mkEnableOption "qemu-aarch64";
armv7l = mkEnableOption "qemu arm";
};
domain = mkOption {
type = str;
default = "nixbld.${domain}";
};
protocol = mkOption {
type = enum ["ssh" "ssh-ng"];
default = "ssh";
};
ssh = {
commonKey =
mkEnableOption "shared secret nixbld key"
// {
default = true;
};
user = mkOption {
type = str;
default = "nixbld";
};
key = mkOption {
type = nullOr path;
default = null;
};
};
jobs = mkOption {
type = int;
default = 16;
};
systems = mkOption {
type = listOf str;
default = ["x86_64-linux"];
};
features = mkOption {
type = listOf str;
default = ["nixos-test" "benchmark" "big-parallel" "kvm"];
};
setBuildMachine = mkOption {
type = unmerged.types.attrs;
default = {};
};
};
setNixSettings = mkOption {
type = unmerged.type;
default = {};
};
setNixBuildMachines = mkOption {
type = unmerged.type;
default = [];
};
};
config = {
setNixSettings = mkMerge [
(mkIf config.cache.arc.enable {
extra-substituters = [
"https://arc.cachix.org"
];
extra-trusted-public-keys = [
"arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY="
];
})
(mkIf config.cache.infrastructure.enable {
extra-substituters = [
"https://gensokyo-infrastructure.cachix.org"
];
extra-trusted-public-keys = [
"gensokyo-infrastructure.cachix.org-1:CY6ChfQ8KTUdwWoMbo8ZWr2QCLMXUQspHAxywnS2FyI="
];
})
];
builder = {
systems = mkMerge [
(mkIf config.builder.cross.aarch64 (mkOptionDefault ["aarch64-linux"]))
(mkIf config.builder.cross.armv7l (mkOptionDefault ["armv7l-linux"]))
];
domain = mkMerge [
(mkIf access.tail.enabled (mkAlmostOptionDefault "nixbld.tail.${domain}"))
(mkIf access.local.enable (mkDefault "nixbld.local.${domain}"))
];
ssh.key = let
inherit (nixosConfig.sops) secrets;
in
mkIf (nixosOptions ? sops.secrets && secrets ? gensokyo-zone-nix-bld-key) (
mkAlmostOptionDefault
nixosConfig.sops.secrets.gensokyo-zone-nix-bld-key.path
);
setBuildMachine = {
hostName = config.builder.domain;
protocol = config.builder.protocol;
sshUser = config.builder.ssh.user;
sshKey = config.builder.ssh.key;
maxJobs = config.builder.jobs;
systems = config.builder.systems;
supportedFeatures = config.builder.features;
};
};
setNixBuildMachines = mkIf config.builder.enable [
(
unmerged.mergeAttrs config.builder.setBuildMachine
)
];
};
};
in {
options.gensokyo-zone.nix = mkOption {
type = lib.types.submoduleWith {
modules = [nixModule];
specialArgs = {
inherit gensokyo-zone;
inherit (gensokyo-zone) inputs;
nixosConfig = config;
nixosOptions = options;
};
};
default = {};
};
config = {
nix = mkIf cfg.enable {
settings = unmerged.merge cfg.setNixSettings;
buildMachines = unmerged.merge cfg.setNixBuildMachines;
};
${
if options ? sops.secrets
then "sops"
else null
}.secrets = let
sopsFile = mkDefault ../secrets/nix.yaml;
in
mkIf cfg.enable {
gensokyo-zone-nix-bld-key = mkIf cfg.builder.ssh.commonKey {
inherit sopsFile;
};
};
lib.gensokyo-zone.nix = {
inherit cfg nixModule;
};
};
}
Reference in a new issue View git blame Copy permalink