From 03603119e5c48387218ac97cde80d6e205011ffa Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Fri, 21 Apr 2023 18:57:06 -0600 Subject: [PATCH] Fix invalid import issue. --- common/machine-info/default.nix | 178 +++++++++++++++-------------- common/machine-info/moduleless.nix | 6 + secrets/secrets.nix | 4 +- 3 files changed, 103 insertions(+), 85 deletions(-) diff --git a/common/machine-info/default.nix b/common/machine-info/default.nix index d51c1cb..e993914 100644 --- a/common/machine-info/default.nix +++ b/common/machine-info/default.nix @@ -12,100 +12,110 @@ in ./roles.nix ]; - options.machines.hosts = lib.mkOption { - type = lib.types.attrsOf - (lib.types.submodule { - options = { + options.machines = { + # For some reason (presumably a bug), using the best value of "../../machines" + # as the path causes nix to search for invalid paths for flake imports but *not* + # secrets.nix for agenix. + machinesPath = lib.mkOption { + type = lib.types.path; + default = ../..; + }; - hostNames = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = '' - List of hostnames for this machine. The first one is the default so it is the target of deployments. - Used for automatically trusting hosts for ssh connections. - ''; - }; + hosts = lib.mkOption { + type = lib.types.attrsOf + (lib.types.submodule { + options = { - arch = lib.mkOption { - type = lib.types.enum [ "x86_64-linux" "aarch64-linux" ]; - description = '' - The architecture of this machine. - ''; - }; + hostNames = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = '' + List of hostnames for this machine. The first one is the default so it is the target of deployments. + Used for automatically trusting hosts for ssh connections. + ''; + }; - systemRoles = lib.mkOption { - type = lib.types.listOf lib.types.str; # TODO: maybe use an enum? - description = '' - The set of roles this machine holds. Affects secrets available. (TODO add service config as well using this info) - ''; - }; + arch = lib.mkOption { + type = lib.types.enum [ "x86_64-linux" "aarch64-linux" ]; + description = '' + The architecture of this machine. + ''; + }; - hostKey = lib.mkOption { - type = lib.types.str; - description = '' - The system ssh host key of this machine. Used for automatically trusting hosts for ssh connections - and for decrypting secrets with agenix. - ''; - }; + systemRoles = lib.mkOption { + type = lib.types.listOf lib.types.str; # TODO: maybe use an enum? + description = '' + The set of roles this machine holds. Affects secrets available. (TODO add service config as well using this info) + ''; + }; - remoteUnlock = lib.mkOption { - default = null; - type = lib.types.nullOr (lib.types.submodule { - options = { + hostKey = lib.mkOption { + type = lib.types.str; + description = '' + The system ssh host key of this machine. Used for automatically trusting hosts for ssh connections + and for decrypting secrets with agenix. + ''; + }; + + remoteUnlock = lib.mkOption { + default = null; + type = lib.types.nullOr (lib.types.submodule { + options = { + + hostKey = lib.mkOption { + type = lib.types.str; + description = '' + The system ssh host key of this machine used for luks boot unlocking only. + ''; + }; + + clearnetHost = lib.mkOption { + default = null; + type = lib.types.nullOr lib.types.str; + description = '' + The hostname resolvable over clearnet used to luks boot unlock this machine + ''; + }; + + onionHost = lib.mkOption { + default = null; + type = lib.types.nullOr lib.types.str; + description = '' + The hostname resolvable over tor used to luks boot unlock this machine + ''; + }; - hostKey = lib.mkOption { - type = lib.types.str; - description = '' - The system ssh host key of this machine used for luks boot unlocking only. - ''; }; + }); + }; - clearnetHost = lib.mkOption { - default = null; - type = lib.types.nullOr lib.types.str; - description = '' - The hostname resolvable over clearnet used to luks boot unlock this machine - ''; - }; + userKeys = lib.mkOption { + default = [ ]; + type = lib.types.listOf lib.types.str; + description = '' + The list of user keys. Each key here can be used to log into all other systems as `googlebot`. - onionHost = lib.mkOption { - default = null; - type = lib.types.nullOr lib.types.str; - description = '' - The hostname resolvable over tor used to luks boot unlock this machine - ''; - }; + TODO: consider auto populating other programs that use ssh keys such as gitea + ''; + }; + + deployKeys = lib.mkOption { + default = [ ]; + type = lib.types.listOf lib.types.str; + description = '' + The list of deployment keys. Each key here can be used to log into all other systems as `root`. + ''; + }; + + configurationPath = lib.mkOption { + type = lib.types.path; + description = '' + The path to this machine's configuration directory. + ''; + }; - }; - }); }; - - userKeys = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - The list of user keys. Each key here can be used to log into all other systems as `googlebot`. - - TODO: consider auto populating other programs that use ssh keys such as gitea - ''; - }; - - deployKeys = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - The list of deployment keys. Each key here can be used to log into all other systems as `root`. - ''; - }; - - configurationPath = lib.mkOption { - type = lib.types.path; - description = '' - The path to this machine's configuration directory. - ''; - }; - - }; - }); + }); + }; }; config = { @@ -193,6 +203,6 @@ in in lib.concatMap (d: propertiesFiles' "${dir}/${d}" d) dirPaths ++ builtins.map (p: { "${dirName}" = p; }) propFiles; in - properties ../../machines; + properties config.machines.machinesPath; }; } diff --git a/common/machine-info/moduleless.nix b/common/machine-info/moduleless.nix index 2045124..44e66ac 100644 --- a/common/machine-info/moduleless.nix +++ b/common/machine-info/moduleless.nix @@ -2,6 +2,7 @@ { nixpkgs ? import { } , assertionsModule ? +, machinesPath ? null }: { @@ -10,6 +11,11 @@ modules = [ ./default.nix assertionsModule + { + config = nixpkgs.lib.mkIf (machinesPath != null) { + machines.machinesPath = machinesPath; + }; + } ]; }).config.machines; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7fe5b8d..e343709 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,6 +1,8 @@ let lib = (import { }).lib; - sshKeys = (import ../common/machine-info/moduleless.nix { }).machines.ssh; + sshKeys = (import ../common/machine-info/moduleless.nix { + machinesPath = ../machines; + }).machines.ssh; # add userkeys to all roles so that I can r/w the secrets from my personal computers roles = lib.mapAttrs (role: hosts: hosts ++ sshKeys.userKeys) sshKeys.hostKeysByRole;