home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

split flake into multiple parts

Browse source
This commit is contained in:
Pim Kunis 2024-03-02 13:58:17 +01:00
parent 81b81695c2
commit e80a3d65ac
7 changed files with 85 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
flake.lock
View file

@ -248,22 +248,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1707588924,
"narHash": "sha256-0e1ce6X5ghapv6cAF9rxLZKeNyFHHXsLbGxN2cQQE8U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "10b813040df67c4039086db0f6eaf65c536886c6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1707514827, "lastModified": 1707514827,
@ -289,8 +273,7 @@
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"microvm": "microvm", "microvm": "microvm",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2"
"nixpkgs-unstable": "nixpkgs-unstable"
} }
}, },
"spectrum": { "spectrum": {

97
flake.nix
View file

@ -1,11 +1,8 @@
# TODO: good way to improve flake design: https://gist.github.com/lucperkins/437600b6aaaf0e1e8f91fb22fe421234
# Good tutorial for multiple architectures: https://ertt.ca/nix/shell-scripts/
{ {
description = "NixOS definitions for our physical servers"; description = "NixOS definitions for our physical servers";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
@ -32,87 +29,19 @@
}; };
outputs = outputs =
{ self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, dns, microvm, nixos-hardware, flake-utils, ... }: inputs@{ self, nixpkgs, deploy-rs, disko, agenix, dns, microvm, nixos-hardware, flake-utils, ... }:
(flake-utils.lib.eachDefaultSystem (system:
let let
pkgs = nixpkgs.legacyPackages.${system}; hostSystem = "x86_64-linux";
lib = pkgs.lib; hostPkgs = import nixpkgs { system = hostSystem; };
pkgs-unstable = nixpkgs-unstable.legacyPackages.${system}; machines = (hostPkgs.lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines;
machines = (lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines; physicalMachines = hostPkgs.lib.filterAttrs (n: v: v.isPhysical) machines;
in in
{ flake-utils.lib.meld (inputs // { inherit hostPkgs machines physicalMachines; }) [
formatter = pkgs.nixfmt; ./nixos/flake/bootstrap
./nixos/flake/checks.nix
checks = deploy-rs.lib.${system}.deployChecks (self.deploy // { ./nixos/flake/deploy.nix
nodes = (lib.attrsets.filterAttrs ./nixos/flake/nixos.nix
(name: node: ] // (flake-utils.lib.eachDefaultSystem (system: {
machines.${name}.arch == system formatter = nixpkgs.legacyPackages.${system}.nixfmt;
) }));
self.deploy.nodes);
});
packages.bootstrap =
let
name = "bootstrap";
buildInputs = with pkgs; [ libsecret coreutils pkgs-unstable.nixos-anywhere ];
script = (pkgs.writeScriptBin name (builtins.readFile ./bootstrap.sh)).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
pkgs.symlinkJoin {
inherit name;
paths = [ script ] ++ buildInputs;
buildInputs = [ pkgs.makeWrapper ];
postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin";
};
apps.deploy = {
type = "app";
program = "${pkgs-unstable.deploy-rs}/bin/deploy";
};
})) //
(
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
lib = pkgs.lib;
machines = (lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines;
physicalMachines = lib.filterAttrs (n: v: v.isPhysical) machines;
mkNixosSystems = systemDef:
builtins.mapAttrs
(name: machine:
nixpkgs.lib.nixosSystem (systemDef name machine)
)
physicalMachines;
mkDeployNodes = nodeDef:
builtins.mapAttrs
(name: machine: nodeDef name machine)
physicalMachines;
in
{
nixosConfigurations = mkNixosSystems (name: machine: {
system = machine.arch;
specialArgs = { inherit machines machine dns microvm disko agenix nixos-hardware; };
modules = [
./nixos
{ networking.hostName = name; }
];
});
deploy = {
sshUser = "root";
user = "root";
nodes = mkDeployNodes (name: machine: {
hostname = self.nixosConfigurations.${name}.config.networking.fqdn;
profiles.system = {
remoteBuild = machine.arch != system;
path = deploy-rs.lib."${machine.arch}".activate.nixos
self.nixosConfigurations.${name};
};
});
};
}
);
} }

2
bootstrap.sh → nixos/flake/bootstrap/bootstrap.sh
View file

@ -43,4 +43,4 @@ secret-tool lookup age-identity "$servername" > "$temp/etc/age_ed25519"
chmod 600 "$temp/etc/age_ed25519" chmod 600 "$temp/etc/age_ed25519"
# Install NixOS to the host system with our age identity # Install NixOS to the host system with our age identity
nixos-anywhere --extra-files "$temp" --flake ".#${servername}" "root@${hostname}" nixos-anywhere --help #--extra-files "$temp" --flake ".#${servername}" "root@${hostname}"

16
nixos/flake/bootstrap/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ flake-utils, hostPkgs, ... }: flake-utils.lib.eachDefaultSystem (system: {
packages.bootstrap =
let
name = "bootstrap";
buildInputs = with hostPkgs; [ libsecret coreutils nixos-anywhere ];
script = (hostPkgs.writeScriptBin name (builtins.readFile ./bootstrap.sh)).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
hostPkgs.symlinkJoin {
inherit name;
paths = [ script ] ++ buildInputs;
buildInputs = [ hostPkgs.makeWrapper ];
postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin";
};
})

11
nixos/flake/checks.nix Normal file
View file

@ -0,0 +1,11 @@
{ self, hostPkgs, machines, flake-utils, deploy-rs, ... }: flake-utils.lib.eachDefaultSystem (system: {
# Deploy-rs' flake checks seem broken for architectures different from the deployment machine.
# We skip these here.
checks = deploy-rs.lib.${system}.deployChecks (self.deploy // {
nodes = (hostPkgs.lib.attrsets.filterAttrs
(name: node:
machines.${name}.arch == system
)
self.deploy.nodes);
});
})

23
nixos/flake/deploy.nix Normal file
View file

@ -0,0 +1,23 @@
{ self, hostPkgs, physicalMachines, deploy-rs, ... }:
let
mkDeployNodes = nodeDef:
builtins.mapAttrs
(name: machine: nodeDef name machine)
physicalMachines;
in
{
deploy = {
sshUser = "root";
user = "root";
nodes = mkDeployNodes (name: machine: {
hostname = self.nixosConfigurations.${name}.config.networking.fqdn;
profiles.system = {
remoteBuild = machine.arch != hostPkgs.stdenv.hostPlatform.system;
path = deploy-rs.lib.${machine.arch}.activate.nixos
self.nixosConfigurations.${name};
};
});
};
}

20
nixos/flake/nixos.nix Normal file
View file

@ -0,0 +1,20 @@
{ nixpkgs, machines, physicalMachines, dns, microvm, disko, agenix, nixos-hardware, ... }:
let
mkNixosSystems = systemDef:
builtins.mapAttrs
(name: machine:
nixpkgs.lib.nixosSystem (systemDef name machine)
)
physicalMachines;
in
{
nixosConfigurations = mkNixosSystems (name: machine: {
system = machine.arch;
specialArgs = { inherit machines machine dns microvm disko agenix nixos-hardware; };
modules = [
../.
{ networking.hostName = name; }
];
});
}