From 7b8c08c0683fd10631e1b8c0e920bdaeee64a428 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Thu, 27 Jul 2023 21:08:00 +0200
Subject: [PATCH] deployment module

---
 base.nix                           |  1 +
 machines/core-security/default.nix |  6 ------
 machines/lambda/default.nix        |  6 ++++--
 modules/deployment/default.nix     | 22 ++++++++++++++++++++++
 4 files changed, 27 insertions(+), 8 deletions(-)
 create mode 100644 modules/deployment/default.nix

diff --git a/base.nix b/base.nix
index 89b3bae..5de4683 100644
--- a/base.nix
+++ b/base.nix
@@ -6,6 +6,7 @@
   #luj.secrets.enable = true;
   luj.ssh-server.enable = true;
   luj.programs.mosh.enable = true;
+  luj.deployment.enable = true;
 
   sops.defaultSopsFile = ./secrets/secrets.yaml;
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
diff --git a/machines/core-security/default.nix b/machines/core-security/default.nix
index 9a9a933..3476571 100644
--- a/machines/core-security/default.nix
+++ b/machines/core-security/default.nix
@@ -14,12 +14,6 @@
   boot.loader.grub.device = "/dev/sda";
   boot.loader.grub.useOSProber = true;
 
-  deployment = {
-    targetHost = "core-security.luj";
-    targetPort = 45;
-    targetUser = "root";
-  };
-
   security.acme.defaults.email = "julien@malka.sh";
 
   networking.hostName = "core-security"; # Define your hostname.
diff --git a/machines/lambda/default.nix b/machines/lambda/default.nix
index 97d83e7..77f1c91 100644
--- a/machines/lambda/default.nix
+++ b/machines/lambda/default.nix
@@ -12,6 +12,8 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  deployment.buildOnTarget = true;
+
   networking.hostName = "lambda";
 
   time.timeZone = "Europe/Paris";
@@ -56,7 +58,7 @@
     };
   };
 
-  security.acme.certs."uptime.luj".server = "https://ca.luj:8444/acme/acme/directory";
+  security.acme.certs."uptime.luj".server = "https://ca.luj/acme/acme/directory";
 
   services.nginx.virtualHosts."uptime.luj" = {
     forceSSL = true;
@@ -92,7 +94,7 @@
   };
 
 
-  security.acme.certs."prometheus.luj".server = "https://ca.luj:8444/acme/acme/directory";
+  security.acme.certs."prometheus.luj".server = "https://ca.luj/acme/acme/directory";
   services.nginx.virtualHosts."prometheus.luj" = {
     forceSSL = true;
     enableACME = true;
diff --git a/modules/deployment/default.nix b/modules/deployment/default.nix
new file mode 100644
index 0000000..ae87716
--- /dev/null
+++ b/modules/deployment/default.nix
@@ -0,0 +1,22 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.luj.deployment;
+  hostname = config.networking.hostName;
+in
+{
+
+  options.luj.deployment.enable = mkEnableOption "activate deployment on machine";
+
+  config = mkIf cfg.enable {
+
+    deployment = {
+      targetHost = "${hostname}.${lib.luj.machines.${hostname}.tld}";
+      targetPort = 45;
+      targetUser = "root";
+      allowLocalDeployment = true;
+    };
+
+  };
+}
+