gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-10 04:49:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/modules/extern/nixos/nix.nix
arcnmx 292f54b28f chore(extern): nix improvements
2024-04-09 14:48:29 -07:00

157 lines
4.3 KiB
Nix
Raw Blame History

{
config,
options,
lib,
gensokyo-zone,
...
}: let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkDefault;
inherit (gensokyo-zone.lib) unmerged mkAlmostOptionDefault;
cfg = config.gensokyo-zone.nix;
nixModule = {
gensokyo-zone,
nixosConfig,
nixosOptions,
config,
...
}: let
inherit (gensokyo-zone.lib) unmerged domain;
inherit (nixosConfig.gensokyo-zone) access;
in {
options = with lib.types; {
enable = mkEnableOption "nix settings";
cache = {
arc.enable = mkEnableOption "arc cache";
infrastructure.enable =
mkEnableOption "gensokyo-infrastructure cache"
// {
default = true;
};
};
builder = {
enable = mkEnableOption "aya nixbld remote builder";
domain = mkOption {
type = str;
default = "nixbld.${domain}";
};
protocol = mkOption {
type = enum ["ssh" "ssh-ng"];
default = "ssh";
};
ssh = {
commonKey = mkEnableOption "shared secret nixbld key" // {
default = true;
};
user = mkOption {
type = str;
default = "nixbld";
};
key = mkOption {
type = nullOr path;
default = null;
};
};
jobs = mkOption {
type = int;
default = 16;
};
systems = mkOption {
type = listOf str;
default = ["x86_64-linux"];
};
features = mkOption {
type = listOf str;
default = ["nixos-test" "benchmark" "big-parallel" "kvm"];
};
setBuildMachine = mkOption {
type = unmerged.types.attrs;
default = {};
};
};
setNixSettings = mkOption {
type = unmerged.type;
default = {};
};
setNixBuildMachines = mkOption {
type = unmerged.type;
default = [];
};
};
config = {
setNixSettings = mkMerge [
(mkIf config.cache.arc.enable {
extra-substituters = [
"https://arc.cachix.org"
];
extra-trusted-public-keys = [
"arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY="
];
})
(mkIf config.cache.infrastructure.enable {
extra-substituters = [
"https://gensokyo-infrastructure.cachix.org"
];
extra-trusted-public-keys = [
"gensokyo-infrastructure.cachix.org-1:CY6ChfQ8KTUdwWoMbo8ZWr2QCLMXUQspHAxywnS2FyI="
];
})
];
builder = {
domain = mkMerge [
(mkIf access.tail.enabled (mkAlmostOptionDefault "nixbld.tail.${domain}"))
(mkIf access.local.enable (mkDefault "nixbld.local.${domain}"))
];
ssh.key = let
inherit (nixosConfig.sops) secrets;
in mkIf (nixosOptions ? sops.secrets && secrets ? gensokyo-zone-nix-bld-key) (mkAlmostOptionDefault
nixosConfig.sops.secrets.gensokyo-zone-nix-bld-key.path
);
setBuildMachine = {
hostName = config.builder.domain;
protocol = config.builder.protocol;
sshUser = config.builder.ssh.user;
sshKey = config.builder.ssh.key;
maxJobs = config.builder.jobs;
systems = config.builder.systems;
supportedFeatures = config.builder.features;
};
};
setNixBuildMachines = mkIf config.builder.enable [
(
unmerged.mergeAttrs config.builder.setBuildMachine
)
];
};
};
in {
options.gensokyo-zone.nix = mkOption {
type = lib.types.submoduleWith {
modules = [nixModule];
specialArgs = {
inherit gensokyo-zone;
inherit (gensokyo-zone) inputs;
nixosConfig = config;
nixosOptions = options;
};
};
default = { };
};
config = {
nix = mkIf cfg.enable {
settings = unmerged.merge cfg.setNixSettings;
buildMachines = unmerged.merge cfg.setNixBuildMachines;
};
${if options ? sops.secrets then "sops" else null}.secrets = let
sopsFile = mkDefault ../secrets/nix.yaml;
in mkIf cfg.enable {
gensokyo-zone-nix-bld-key = mkIf cfg.builder.ssh.commonKey {
inherit sopsFile;
};
};
lib.gensokyo-zone.nix = {
inherit cfg nixModule;
};
};
}
Reference in a new issue View git blame Copy permalink