blob: e5e5e04138aeff2150c7f53905a8191899c6bb66 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
with import <stockholm/lib>;
{ name
, dummy_secrets ? getEnv "dummy_secrets" == "true"
, override ? {}
, secure ? false
}@host: let
builder = if dummy_secrets then "buildbot" else "tv";
_file = <stockholm> + "/tv/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
nixpkgs.git = {
# nixos-17.09
ref = mkDefault "53e6d671a9662922080635482b7e1c418d2cdc72";
url = https://github.com/NixOS/nixpkgs;
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/tv/dummy_secrets>;
tv = "/home/tv/secrets/${name}";
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
}
(mkIf (builder == "tv") {
secrets-common.file = "/home/tv/secrets/common";
})
(mkIf (builder == "tv" && secure) {
secrets-master.file = "/home/tv/secrets/master";
})
override
]
|