diff --git a/common/default.nix b/common/default.nix index 1911aea..7cbe6a4 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, inputs, ... }: { imports = [ ./users.nix + ../modules/deployment.nix # Monitoring is applicable to all hosts, thus placing it here ../services/monitoring ]; diff --git a/flake.nix b/flake.nix index 8e78f4a..fb6cab5 100644 --- a/flake.nix +++ b/flake.nix @@ -57,7 +57,7 @@ }; defaults = { name, config, ... }: { deployment = { - tags = if name == "shirley" then [ "prod" ] else [ "dev" ]; + tags = [ config.cj.deployment.environment ]; targetHost = config.networking.fqdn; targetUser = null; }; diff --git a/hosts/goldberg/configuration.nix b/hosts/goldberg/configuration.nix index c91e495..8bb417a 100644 --- a/hosts/goldberg/configuration.nix +++ b/hosts/goldberg/configuration.nix @@ -1,5 +1,5 @@ { lib, pkgs, baseDomain, ... }: { - _module.args.baseDomain = "dev.chaos.jetzt"; + cj.deployment.environment = "dev"; imports = [ ./hardware-config.nix diff --git a/hosts/shirley/configuration.nix b/hosts/shirley/configuration.nix index 941355d..061d246 100644 --- a/hosts/shirley/configuration.nix +++ b/hosts/shirley/configuration.nix @@ -1,5 +1,5 @@ { pkgs, baseDomain, ... }: { - _module.args.baseDomain = "chaos.jetzt"; + cj.deployment.environment = "prod"; imports = [ ./hardware-config.nix diff --git a/modules/deployment.nix b/modules/deployment.nix new file mode 100644 index 0000000..187a997 --- /dev/null +++ b/modules/deployment.nix @@ -0,0 +1,26 @@ +{ config +, options +, lib +, ... }: + +let + inherit (lib) mkOption types optionalString; + + cfg = config.cj.deployment; + isDev = cfg.environment == "dev"; +in +{ + options.cj.deployment = { + environment = mkOption { + description = "Environment this host will be used for. Affects both colmena deploy groups and the baseDomain"; + type = types.enum [ "dev" "prod" ]; + }; + }; + + config = { + _module.args = { + inherit isDev; + baseDomain = "${optionalString isDev "dev."}chaos.jetzt"; + }; + }; +} diff --git a/services/dokuwiki.nix b/services/dokuwiki.nix index 42b6579..cf12a52 100644 --- a/services/dokuwiki.nix +++ b/services/dokuwiki.nix @@ -1,10 +1,12 @@ -{ - pkgs, - config, - lib, - baseDomain, - ... -}: let +{ pkgs +, config +, lib +, baseDomain +, isDev +, ... +}: + +let fpm_pool = "dokuwiki-${dw_domain}"; fpm_cfg = config.services.phpfpm.pools.${fpm_pool}; dw_domain = "wiki.${baseDomain}"; @@ -143,7 +145,7 @@ in { }; plugin.oauthkeycloak = { key = get_secret "dokuwiki/keycloak_key"; - openidurl = "https://sso.chaos.jetzt/auth/realms/chaos-jetzt/.well-known/openid-configuration"; + openidurl = "https://sso.chaos.jetzt/auth/realms/${if isDev then "dev" else "chaos-jetzt"}/.well-known/openid-configuration"; }; }; diff --git a/services/monitoring/default.nix b/services/monitoring/default.nix index 2de2fbd..275292d 100644 --- a/services/monitoring/default.nix +++ b/services/monitoring/default.nix @@ -37,7 +37,7 @@ isMe = host: host.config.networking.fqdn == fqdn; others = filterAttrs (_: !isMe) outputs.nixosConfigurations; - isDev = host: (substring 0 3 host._module.args.baseDomain) == "dev"; + isDev = host: host._module.args.isDev; allHosts = outputs.nixosConfigurations // externalTargets; /* Right now we only have one non-dev host in our NixOS setup (the ansible hosts don't monitor the NixOS hosts). diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix index 313ed74..51eca02 100644 --- a/services/vaultwarden.nix +++ b/services/vaultwarden.nix @@ -1,9 +1,13 @@ -{ lib, config, pkgs, baseDomain, ... }: +{ lib +, config +, pkgs +, baseDomain +, isDev +, ... }: let vwDbUser = config.users.users.vaultwarden.name; vwDbName = config.users.users.vaultwarden.name; - isDev = (builtins.substring 0 3 baseDomain) == "dev"; isDevStr = lib.optionalString isDev; in { sops.secrets = { diff --git a/services/website.nix b/services/website.nix index 4820024..b7e3d26 100644 --- a/services/website.nix +++ b/services/website.nix @@ -1,4 +1,10 @@ -{ lib, pkgs, config, baseDomain, ...}: +{ lib +, pkgs +, config +, baseDomain +, isDev +, ...}: + let matrixWellKnown = { client."m.homeserver".base_url = "https://matrix.${baseDomain}/"; @@ -6,7 +12,6 @@ let }; toJSONFile = name: value: pkgs.writeText name (builtins.toJSON value); matrixWellKnownDir = pkgs.linkFarm "matrix-well-known" (builtins.mapAttrs toJSONFile matrixWellKnown); - isDev = (builtins.substring 0 3 baseDomain) == "dev"; webroot = "${config.users.users."web-deploy".home}/public"; deployPubKey = if isDev then "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINRmpgMjXQCjA/YPNJvaNdKMjr0jnLtwKKbLCIisjeBw dev-deploykey@chaos.jetzt"