Zuckerberg
71baa09bd2
Highlights - No need to update flake for every machine anymore, just add a properties.nix file. - Roles are automatically generated from all machine configurations. - Roles and their secrets automatically are grouped and show up in agenix secrets.nix - Machines and their service configs may now query the properties of all machines. - Machine configuration and secrets are now competely isolated into each machine's directory. - Safety checks to ensure no mixing of luks unlocking secrets and hosts with primary ones. - SSH pubkeys no longer centrally stored but instead per machine where the private key lies for better cleanup.
20 lines
424 B
Nix
20 lines
424 B
Nix
{ config, lib, ... }:
|
|
|
|
# Maps roles to their hosts
|
|
|
|
{
|
|
options.machines.roles = lib.mkOption {
|
|
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
|
|
};
|
|
|
|
config = {
|
|
machines.roles = lib.zipAttrs
|
|
(lib.mapAttrsToList
|
|
(host: cfg:
|
|
lib.foldl (lib.mergeAttrs) { }
|
|
(builtins.map (role: { ${role} = host; })
|
|
cfg.systemRoles))
|
|
config.machines.hosts);
|
|
};
|
|
}
|