disable tailscale on installers

base substitutor list on whether it is an installer
2024-11-06 09:08:58 +01:00 · 2024-11-06 09:08:16 +01:00
5 changed files with 28 additions and 22 deletions
--- a/machine/not522/installer/default.nix
+++ b/machine/not522/installer/default.nix
@ -39,9 +39,5 @@ in {
      exec ${pkgs.disko}/bin/disko-install --flake "${nixos-config}#not522" --disk main "${nixos-config.nixosConfigurations.not522.config.disko.devices.disk.main.device}"
    '')
  ];
-  nix.settings.substituters = lib.mkForce [
-    "https://attic.chir.rs/chir-rs/"
-    "https://hydra.chir.rs"
-    "https://cache.nixos.org"
-  ];
+  isInstaller = true;
 }
--- a/machine/pc-installer/default.nix
+++ b/machine/pc-installer/default.nix
@ -18,9 +18,5 @@
      ./graphical.nix
    ];
  };
-  nix.settings.substituters = lib.mkForce [
-    "https://attic.chir.rs/chir-rs/"
-    "https://hydra.chir.rs"
-    "https://cache.nixos.org"
-  ];
+  isInstaller = true;
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -16,4 +16,5 @@ with lib; {
    "${home-manager}/nixos"
  ];
  options.isGraphical = mkEnableOption "Whether or not this configuration is a graphical install";
+  options.isInstaller = mkEnableOption "Whether or not this configuration is an installer and has no access to secrets";
 }
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@ -1,13 +1,19 @@
-{config, ...}: {
+{
+  config,
+  lib,
+  ...
+}:
+with lib; {
  imports = [
    ./link-inputs.nix
    ./lix.nix
    ./autoupdater.nix
  ];
  nix.settings = {
-    substituters = [
-      "https://attic.chir.rs/chir-rs/"
-      "https://hydra.int.chir.rs"
+    substituters = mkMerge [
+      ["https://attic.chir.rs/chir-rs/"]
+      (mkIf (!config.isInstaller) ["https://hydra.int.chir.rs"])
+      (mkIf config.isInstaller ["https://hydra.chir.rs"])
    ];
    trusted-public-keys = [
      "nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="
--- a/services/tailscale.nix
+++ b/services/tailscale.nix
@ -1,10 +1,17 @@
-{config, ...}: {
-  services.tailscale = {
-    enable = true;
-    authKeyFile = config.sops.secrets."services/tailscale/authKey".path;
+{
+  config,
+  lib,
+  ...
+}:
+with lib; {
+  config = mkIf (!config.isInstaller) {
+    services.tailscale = {
+      enable = true;
+      authKeyFile = config.sops.secrets."services/tailscale/authKey".path;
+    };
+    sops.secrets."services/tailscale/authKey".sopsFile = ./tailscale.yaml;
+    environment.persistence."/persistent".directories = [
+      "/var/lib/tailscale"
+    ];
  };
-  sops.secrets."services/tailscale/authKey".sopsFile = ./tailscale.yaml;
-  environment.persistence."/persistent".directories = [
-    "/var/lib/tailscale"
-  ];
 }
Author	SHA1	Message	Date
Charlotte 🦝 Delenk	5df99ba01d	disable tailscale on installers Some checks reported errors Hydra devShells.x86_64-linux.default Hydra build #23874 of nixos-config:pr618:devShells.x86_64-linux.default Details Hydra nixosConfigurations.not522 Hydra build #23891 of nixos-config:pr618:nixosConfigurations.not522 Details Hydra nixosConfigurations.container-default-riscv64-linux Hydra build #23889 of nixos-config:pr618:nixosConfigurations.container-default-riscv64-linux Details Hydra nixosConfigurations.container-default-x86_64-linux Hydra build #23890 of nixos-config:pr618:nixosConfigurations.container-default-x86_64-linux Details Hydra nixosConfigurations.container-default-aarch64-linux Hydra build #23888 of nixos-config:pr618:nixosConfigurations.container-default-aarch64-linux Details Hydra nixosConfigurations.pc-installer Hydra build #23893 of nixos-config:pr618:nixosConfigurations.pc-installer Details Hydra checks.x86_64-linux.containers-default Hydra build #23887 of nixos-config:pr618:checks.x86_64-linux.containers-default Details Hydra nixosConfigurations.not522-installer Hydra build #23892 of nixos-config:pr618:nixosConfigurations.not522-installer Details	2024-11-06 09:08:58 +01:00
Charlotte 🦝 Delenk	c6e07e644a	base substitutor list on whether it is an installer	2024-11-06 09:08:16 +01:00