use deploy-rs

closes #2
2023-11-12 00:04:37 +01:00 · 2023-11-12 00:04:37 +01:00 · 1faea2dd28
commit 1faea2dd28
parent 840628740b
6 changed files with 151 additions and 88 deletions
--- a/README.md
+++ b/README.md
@ -16,4 +16,4 @@ Before a NixOS definition can be deployed, some prerequite preparational steps m

 ### NixOS deployment

-Finally, the NixOS definition can be deployed as follows: `nixos-rebuild switch -j auto --target-host root@jefke.hyp --flake ".#jefke"`.
+Finally, the NixOS definition can be deployed as follows: `nix run github:serokell/deploy-rs`.
--- a/configuration.nix
+++ b/configuration.nix
@ -1,11 +1,5 @@
-{
-  pkgs,
-  server,
-  ...
-}: {
-  imports = [
-    server.hardware-configuration
-  ];
+{ pkgs, ... }: {
+  imports = [ ./hardware-configuration.nix ];

  boot.loader = {
    systemd-boot.enable = true;
@ -56,14 +50,16 @@
  programs.ssh = {
    knownHosts = {
      dmz = {
-        hostNames = ["*.dmz"];
-        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
+        hostNames = [ "*.dmz" ];
+        publicKey =
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
        certAuthority = true;
      };

      hypervisors = {
-        hostNames = ["*.hyp"];
-        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
+        hostNames = [ "*.hyp" ];
+        publicKey =
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
        certAuthority = true;
      };
    };
@ -76,12 +72,7 @@

  nixpkgs.config.allowUnfree = true;

-  environment.systemPackages = with pkgs; [
-    vim
-    neofetch
-    cowsay
-    python3
-  ];
+  environment.systemPackages = with pkgs; [ vim neofetch cowsay python3 ];

  networking.firewall.enable = false;

@ -115,12 +106,8 @@
    networks = {
      "30-main-nic" = {
        matchConfig.Name = "en*";
-        networkConfig = {
-          DHCP = "yes";
-        };
-        vlan = [
-          "vlandmz"
-        ];
+        networkConfig = { DHCP = "yes"; };
+        vlan = [ "vlandmz" ];
      };
      "40-vlandmz" = {
        matchConfig.Name = "vlandmz";
--- a/flake.lock
+++ b/flake.lock
@ -1,6 +1,58 @@
 {
  "nodes": {
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1698921442,
+        "narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "660180bbbeae7d60dad5a92b30858306945fd427",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1668681692,
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
+      "locked": {
+        "lastModified": 1671417167,
+        "narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
      "locked": {
        "lastModified": 1699169573,
        "narHash": "sha256-cvUb1xZkvOp3W2SzylStrTirhVd9zCeo5utJl9nSIhw=",
@ -18,7 +70,23 @@
    },
    "root": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "deploy-rs": "deploy-rs",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -3,34 +3,49 @@

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+    deploy-rs.url = "github:serokell/deploy-rs";
  };

-  outputs = {nixpkgs, ...}: let
-    servers = {
-      jefke = {
-        hardware-configuration = import ./hardware-configuration/jefke.nix;
-        system-arch = "x86_64-linux";
-      };
-    };
-    serverNames = builtins.attrNames servers;
-    serverWithNameAttr = name: (builtins.getAttr name servers) // {name = name;};
-
-    genNixosConfigurations = config:
-      nixpkgs.lib.genAttrs serverNames (
-        serverName:
-          nixpkgs.lib.nixosSystem (config (serverWithNameAttr serverName))
-      );
-  in {
-    formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
-
-    nixosConfigurations = genNixosConfigurations (
-      server: {
-        system = server.system-arch;
-        specialArgs = {inherit server;};
-        modules = [
-          ./configuration.nix
+  outputs = { self, nixpkgs, deploy-rs, ... }:
+    let
+      system = "x86_64-linux";
+      pkgs = import nixpkgs { inherit system; };
+      deployPkgs = import nixpkgs {
+        inherit system;
+        overlays = [
+          deploy-rs.overlay
+          (self: super: {
+            deploy-rs = {
+              inherit (pkgs) deploy-rs;
+              lib = super.deploy-rs.lib;
+            };
+          })
        ];
-      }
-    );
-  };
+      };
+
+    in {
+
+      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
+
+      nixosConfigurations.hypervisor = nixpkgs.lib.nixosSystem {
+        inherit system;
+        modules = [ ./configuration.nix ];
+      };
+
+      deploy = {
+        sshUser = "root";
+        user = "root";
+
+        nodes.jefke = {
+          hostname = "jefke.hyp";
+          profiles.hypervisor = {
+            path = deployPkgs.deploy-rs.lib.activate.nixos
+              self.nixosConfigurations.hypervisor;
+          };
+        };
+      };
+
+      checks = builtins.mapAttrs
+        (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+    };
 }
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@ -0,0 +1,28 @@
+{ config, lib, modulesPath, ... }: {
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/b78f591c-c9b6-4dae-9837-56716d38990b";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/6936-84C2";
+    fsType = "vfat";
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/79fbd322-e58d-4e45-8969-06ef494cefea"; }];
+
+  networking.useDHCP = false;
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hardware-configuration/jefke.nix
+++ b/hardware-configuration/jefke.nix
@ -1,35 +0,0 @@
-{
-  config,
-  lib,
-  modulesPath,
-  server,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/b78f591c-c9b6-4dae-9837-56716d38990b";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/6936-84C2";
-    fsType = "vfat";
-  };
-
-  swapDevices = [
-    {device = "/dev/disk/by-uuid/79fbd322-e58d-4e45-8969-06ef494cefea";}
-  ];
-
-  networking.useDHCP = false;
-
-  nixpkgs.hostPlatform = server.system-arch;
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}