diff --git a/README.md b/README.md index f0cdd95..b939dd7 100644 --- a/README.md +++ b/README.md @@ -16,4 +16,4 @@ Before a NixOS definition can be deployed, some prerequite preparational steps m ### NixOS deployment -Finally, the NixOS definition can be deployed as follows: `nixos-rebuild switch -j auto --target-host root@jefke.hyp --flake ".#jefke"`. \ No newline at end of file +Finally, the NixOS definition can be deployed as follows: `nix run github:serokell/deploy-rs`. diff --git a/configuration.nix b/configuration.nix index a2fe2e4..47e479c 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,11 +1,5 @@ -{ - pkgs, - server, - ... -}: { - imports = [ - server.hardware-configuration - ]; +{ pkgs, ... }: { + imports = [ ./hardware-configuration.nix ]; boot.loader = { systemd-boot.enable = true; @@ -56,14 +50,16 @@ programs.ssh = { knownHosts = { dmz = { - hostNames = ["*.dmz"]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x"; + hostNames = [ "*.dmz" ]; + publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x"; certAuthority = true; }; hypervisors = { - hostNames = ["*.hyp"]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb"; + hostNames = [ "*.hyp" ]; + publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb"; certAuthority = true; }; }; @@ -76,12 +72,7 @@ nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - vim - neofetch - cowsay - python3 - ]; + environment.systemPackages = with pkgs; [ vim neofetch cowsay python3 ]; networking.firewall.enable = false; @@ -115,12 +106,8 @@ networks = { "30-main-nic" = { matchConfig.Name = "en*"; - networkConfig = { - DHCP = "yes"; - }; - vlan = [ - "vlandmz" - ]; + networkConfig = { DHCP = "yes"; }; + vlan = [ "vlandmz" ]; }; "40-vlandmz" = { matchConfig.Name = "vlandmz"; diff --git a/flake.lock b/flake.lock index 83c429e..c313649 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,58 @@ { "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1698921442, + "narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "660180bbbeae7d60dad5a92b30858306945fd427", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "nixpkgs": { + "locked": { + "lastModified": 1671417167, + "narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1699169573, "narHash": "sha256-cvUb1xZkvOp3W2SzylStrTirhVd9zCeo5utJl9nSIhw=", @@ -18,7 +70,23 @@ }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "deploy-rs": "deploy-rs", + "nixpkgs": "nixpkgs_2" + } + }, + "utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 301d2cd..936f340 100644 --- a/flake.nix +++ b/flake.nix @@ -3,34 +3,49 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + deploy-rs.url = "github:serokell/deploy-rs"; }; - outputs = {nixpkgs, ...}: let - servers = { - jefke = { - hardware-configuration = import ./hardware-configuration/jefke.nix; - system-arch = "x86_64-linux"; - }; - }; - serverNames = builtins.attrNames servers; - serverWithNameAttr = name: (builtins.getAttr name servers) // {name = name;}; - - genNixosConfigurations = config: - nixpkgs.lib.genAttrs serverNames ( - serverName: - nixpkgs.lib.nixosSystem (config (serverWithNameAttr serverName)) - ); - in { - formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra; - - nixosConfigurations = genNixosConfigurations ( - server: { - system = server.system-arch; - specialArgs = {inherit server;}; - modules = [ - ./configuration.nix + outputs = { self, nixpkgs, deploy-rs, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { inherit system; }; + deployPkgs = import nixpkgs { + inherit system; + overlays = [ + deploy-rs.overlay + (self: super: { + deploy-rs = { + inherit (pkgs) deploy-rs; + lib = super.deploy-rs.lib; + }; + }) ]; - } - ); - }; + }; + + in { + + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt; + + nixosConfigurations.hypervisor = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./configuration.nix ]; + }; + + deploy = { + sshUser = "root"; + user = "root"; + + nodes.jefke = { + hostname = "jefke.hyp"; + profiles.hypervisor = { + path = deployPkgs.deploy-rs.lib.activate.nixos + self.nixosConfigurations.hypervisor; + }; + }; + }; + + checks = builtins.mapAttrs + (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + }; } diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..37e8dd0 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,28 @@ +{ config, lib, modulesPath, ... }: { + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = + [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/b78f591c-c9b6-4dae-9837-56716d38990b"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/6936-84C2"; + fsType = "vfat"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/79fbd322-e58d-4e45-8969-06ef494cefea"; }]; + + networking.useDHCP = false; + + nixpkgs.hostPlatform = "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hardware-configuration/jefke.nix b/hardware-configuration/jefke.nix deleted file mode 100644 index e182a54..0000000 --- a/hardware-configuration/jefke.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - lib, - modulesPath, - server, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/b78f591c-c9b6-4dae-9837-56716d38990b"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/6936-84C2"; - fsType = "vfat"; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/79fbd322-e58d-4e45-8969-06ef494cefea";} - ]; - - networking.useDHCP = false; - - nixpkgs.hostPlatform = server.system-arch; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -}