rfc39: switch to using a flake input

delroth · Feb 8, 2024 · 880bc20 · 880bc20
1 parent 68348b2
commit 880bc20
Show file tree

Hide file tree

Showing 4 changed files with 105 additions and 36 deletions.
diff --git a/delft/flake.lock b/delft/flake.lock
diff --git a/delft/flake.nix b/delft/flake.nix
@@ -2,45 +2,60 @@
   inputs.nixpkgs.url = "nixpkgs/nixos-23.05-small";
   inputs.nix-netboot-serve.url = "github:DeterminateSystems/nix-netboot-serve";
 
+  inputs.rfc39.url = "github:NixOS/rfc39";
+  inputs.rfc39.inputs.nixpkgs.follows = "nixpkgs";
+
   inputs.agenix = {
     url = "github:ryantm/agenix";
     inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = flakes @ { self, agenix, nixpkgs, nix-netboot-serve }:
-    let inherit (nixpkgs) lib;
-  in {
-    nixosConfigurations.eris = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-
-      modules = [
-        ./eris.nix
-        ./eris-physical.nix
-        agenix.nixosModules.age
-        nix-netboot-serve.nixosModules.nix-netboot-serve
-      ];
-    };
+  outputs = flakes @ { self, agenix, nixpkgs, nix-netboot-serve, rfc39 }:
+    let
+      inherit (nixpkgs) lib;
 
-    nixosConfigurations.haumea = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
+      flakesModule = {
+        imports = [
+          agenix.nixosModules.age
+          nix-netboot-serve.nixosModules.nix-netboot-serve
+        ];
 
-      modules = [
-        ./haumea.nix
-        ./haumea-physical.nix
-      ];
-    };
+        nixpkgs.overlays = [
+          rfc39.overlays.default
+        ];
+      };
+    in {
+      nixosConfigurations.eris = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+
+        modules = [
+          flakesModule
+          ./eris.nix
+          ./eris-physical.nix
+        ];
+      };
 
-    nixopsConfigurations.default =
-      { inherit nixpkgs; }
-      // import ./network.nix flakes;
-
-    # TODO: flake-utils.lib.eachDefaultSystem
-    devShell.x86_64-linux = let
-      pkgs = import nixpkgs { system = "x86_64-linux"; };
-    in pkgs.mkShell {
-      buildInputs = with pkgs; [
-        agenix.packages.x86_64-linux.agenix
-      ];
+      nixosConfigurations.haumea = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+
+        modules = [
+          flakesModule
+          ./haumea.nix
+          ./haumea-physical.nix
+        ];
+      };
+
+      nixopsConfigurations.default =
+        { inherit nixpkgs; }
+        // import ./network.nix flakes;
+
+      # TODO: flake-utils.lib.eachDefaultSystem
+      devShell.x86_64-linux = let
+        pkgs = import nixpkgs { system = "x86_64-linux"; };
+      in pkgs.mkShell {
+        buildInputs = with pkgs; [
+          agenix.packages.x86_64-linux.agenix
+        ];
+      };
     };
-  };
 }
diff --git a/delft/network.nix b/delft/network.nix
@@ -7,6 +7,7 @@ in
     imports = [
       # flakes.dwarffs.nixosModules.dwarffs # broken by Nix 2.6
       {
+        nixpkgs.overlays = [ flakes.rfc39.overlays.default ];
       }
     ];
   };

diff --git a/modules/rfc39.nix b/modules/rfc39.nix
@@ -1,8 +1,6 @@
 # This module fetches nixpkgs master and syncs the GitHub maintainer team.
 { config, pkgs, ... }:
 let
-  rfc39 = import /home/deploy/src/rfc39 { inherit pkgs; };
-
   rfc39Secret = f: { file = f; owner = "rfc39"; };
 in {
   age.secrets.rfc39-credentials = rfc39Secret ../delft/secrets/rfc39-credentials.age;
@@ -24,7 +22,7 @@ in {
 
   systemd.services.rfc39-sync = {
     description = "Sync the Maintainer Team ";
-    path  = [ config.nix.package pkgs.git pkgs.openssh rfc39 ];
+    path  = [ config.nix.package pkgs.git pkgs.openssh pkgs.rfc39 ];
     startAt = "*:0/30";
     serviceConfig.User = "rfc39";
     serviceConfig.Group = "keys";