This PR removes the requirement to use NixOps for eris/haumea deployment. Specifically:
It fixes some impure dependencies to local files on bastion, incl. Nix expressions that were previous unversioned.
It imports into the repository some state that was implicitly maintained by NixOps.
It replaces NixOps secrets management with agenix.
It fixes and simplifies a few things regarding stateVersion and delft/common.nix that were confusing and caused issues during the port.
This has been successfully test-deployed with:
$ nixos-rebuild --flake .#eris --target-host root@eris.nixos.org --use-substitutes test
$ nixos-rebuild --flake .#haumea --target-host root@haumea.nixos.org --use-substitutes test
Ref #324.
There are a ton of things left to clean up here, but most of the ugliness is ugliness that already existed unversioned on bastion before, and it just makes it explicit. We can start doing extensive cleanups faster now that we don't need to use bastion anymore to build/test the NixOS configs for those machines.
This PR removes the requirement to use NixOps for eris/haumea deployment. Specifically:
bastion, incl. Nix expressions that were previous unversioned.stateVersionanddelft/common.nixthat were confusing and caused issues during the port.This has been successfully test-deployed with:
Ref #324.
There are a ton of things left to clean up here, but most of the ugliness is ugliness that already existed unversioned on
bastionbefore, and it just makes it explicit. We can start doing extensive cleanups faster now that we don't need to usebastionanymore to build/test the NixOS configs for those machines.