diff --git a/.envrc b/.envrc deleted file mode 100644 index c4b17d7..0000000 --- a/.envrc +++ /dev/null @@ -1 +0,0 @@ -use_flake diff --git a/README.md b/README.md index 7abf427..369cfca 100644 --- a/README.md +++ b/README.md @@ -17,8 +17,6 @@ Currently, our three main machines and all virtual machines run NixOS! 1. Install the Nix package manager or NixOS ([link](https://nixos.org/download)) 2. Enable flake and nix commands ([link](https://nixos.wiki/wiki/Flakes#Enable_flakes_permanently_in_NixOS)) -3. Install Direnv ([link](https://direnv.net/)) -4. Allow direnv for this repository: `direnv allow` ### Bootstrapping @@ -30,12 +28,12 @@ Additionally, it deploys an age identity, which is later used for decrypting sec 1. Make sure your have a [Secret service](https://www.gnu.org/software/emacs/manual/html_node/auth/Secret-Service-API.html) running (such as Keepassxc) that provides the age identity. 2. Ensure you have root SSH access to the server. -3. Run nixos-anywhere: `./bootstrap.sh ` +3. Run nixos-anywhere: `nix run .#bootstrap ` ### Deployment -To deploy all servers at once: `deploy -k` -To deploy only one server: `deploy -k --targets .#` +To deploy all servers at once: `nix run .#deploy -- -k` +To deploy only one server: `nix run.#deploy -- -k --targets .#` ## Known bugs @@ -43,5 +41,5 @@ When deploying a new virtiofs share, the error `Failed to connect to '.soc This seems to be a bug in `microvm.nix` and I opened a bug report [here](https://github.com/astro/microvm.nix/issues/200). A workaround is to deploy the share without `deploy-rs`'s rollback feature enabled: ``` -deploy -k --targets .#lewis --auto-rollback false --magic-rollback false +nix run .#deploy -- -k --targets .# --auto-rollback false --magic-rollback false ``` diff --git a/bootstrap.sh b/bootstrap.sh index 213a7ab..daccc3e 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash + set -euo pipefail IFS=$'\n\t' @@ -42,4 +43,4 @@ secret-tool lookup age-identity "$servername" > "$temp/etc/age_ed25519" chmod 600 "$temp/etc/age_ed25519" # Install NixOS to the host system with our age identity -nix run github:numtide/nixos-anywhere -- --extra-files "$temp" --flake ".#${servername}" "root@${hostname}" +nixos-anywhere --extra-files "$temp" --flake ".#${servername}" "root@${hostname}" diff --git a/flake.nix b/flake.nix index 5f368bc..94185ef 100644 --- a/flake.nix +++ b/flake.nix @@ -1,3 +1,5 @@ +# TODO: good way to improve flake design: https://gist.github.com/lucperkins/437600b6aaaf0e1e8f91fb22fe421234 +# Good tutorial for multiple architectures { description = "NixOS definitions for our physical servers"; @@ -105,5 +107,25 @@ }) ) deploy-rs.lib; + + packages.${controllerArch}.bootstrap = + let + name = "bootstrap"; + buildInputs = with pkgs; [ libsecret coreutils pkgs-unstable.nixos-anywhere ]; + script = (pkgs.writeScriptBin name (builtins.readFile ./bootstrap.sh)).overrideAttrs (old: { + buildCommand = "${old.buildCommand}\n patchShebangs $out"; + }); + in + pkgs.symlinkJoin { + inherit name; + paths = [ script ] ++ buildInputs; + buildInputs = [ pkgs.makeWrapper ]; + postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin"; + }; + + apps.${controllerArch}.deploy = { + type = "app"; + program = "${pkgs-unstable.deploy-rs}/bin/deploy"; + }; }; }