commit
e7b46dfd92
10 changed files with 159 additions and 11 deletions
|
@ -23,4 +23,6 @@
|
||||||
- [iso](./doc/flk/iso.md)
|
- [iso](./doc/flk/iso.md)
|
||||||
- [install](./doc/flk/install.md)
|
- [install](./doc/flk/install.md)
|
||||||
- [home](./doc/flk/home.md)
|
- [home](./doc/flk/home.md)
|
||||||
|
- [Integrations](doc/integrations/index.md)
|
||||||
|
- [deploy-rs](./doc/integrations/deploy.md)
|
||||||
- [Contributing](./doc/README.md)
|
- [Contributing](./doc/README.md)
|
||||||
|
|
49
doc/integrations/deploy.md
Normal file
49
doc/integrations/deploy.md
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
# deploy-rs
|
||||||
|
[Deploy-rs][d-rs] is a tool for managing NixOS remote machines. It was
|
||||||
|
chosen for nixflk after the author experienced some frustrations with the
|
||||||
|
stateful nature of nixops' db. It was also designed from scratch to support
|
||||||
|
flake based deployments, and so is an excellent tool for the job.
|
||||||
|
|
||||||
|
By default, all the [hosts](../../hosts) are also available as deploy-rs nodes,
|
||||||
|
configured with the hostname set to `networking.hostName`; overridable via
|
||||||
|
the command line.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
Just add your ssh key to the host:
|
||||||
|
```nix
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
users.users.${sshUser}.openssh.authorizedKeys.keyFiles = [
|
||||||
|
../secrets/path/to/key.pub
|
||||||
|
];
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
And the private key to your user:
|
||||||
|
```nix
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
home-manager.users.${sshUser}.programs.ssh = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
matchBlocks = {
|
||||||
|
${host} = {
|
||||||
|
host = hostName;
|
||||||
|
identityFile = ../secrets/path/to/key;
|
||||||
|
extraOptions = { AddKeysToAgent = "yes"; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
And run the deployment:
|
||||||
|
```sh
|
||||||
|
deploy "flk#hostName" --hostname host.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
> ##### _Note:_
|
||||||
|
> Your user will need sudo access
|
||||||
|
|
||||||
|
[d-rs]: https://github.com/serokell/deploy-rs
|
5
doc/integrations/index.md
Normal file
5
doc/integrations/index.md
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# Integrations
|
||||||
|
This section explores some of the optional tools included with nixflk to provide
|
||||||
|
a solution to common concerns such as ci and remote deployment. An effort is
|
||||||
|
made to choose tools that treat nix, and where possible flakes, as first class
|
||||||
|
citizens.
|
3
extern/default.nix
vendored
3
extern/default.nix
vendored
|
@ -8,6 +8,9 @@
|
||||||
overlays = [
|
overlays = [
|
||||||
nur.overlay
|
nur.overlay
|
||||||
devshell.overlay
|
devshell.overlay
|
||||||
|
(final: prev: {
|
||||||
|
deploy-rs = deploy.packages.${prev.system}.deploy-rs;
|
||||||
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
# passed to all nixos modules
|
# passed to all nixos modules
|
||||||
|
|
51
flake.lock
51
flake.lock
|
@ -27,6 +27,35 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"deploy": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": [
|
||||||
|
"flake-compat"
|
||||||
|
],
|
||||||
|
"naersk": [
|
||||||
|
"naersk"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"override"
|
||||||
|
],
|
||||||
|
"utils": [
|
||||||
|
"utils"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1612864896,
|
||||||
|
"narHash": "sha256-pbsvxe05kAWJzPeC6fs4t0Mk8mTZs6u/WQDMBqoA5tA=",
|
||||||
|
"owner": "serokell",
|
||||||
|
"repo": "deploy-rs",
|
||||||
|
"rev": "fecc7e723db40c7e056371467275186b3bbb9ef3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "serokell",
|
||||||
|
"repo": "deploy-rs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"devshell": {
|
"devshell": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1612486691,
|
"lastModified": 1612486691,
|
||||||
|
@ -79,6 +108,26 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"naersk": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"override"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1612192764,
|
||||||
|
"narHash": "sha256-7EnLtZQWP6511G1ZPA7FmJlqAr3hWsAYb24tvTvJ/ec=",
|
||||||
|
"owner": "nmattia",
|
||||||
|
"repo": "naersk",
|
||||||
|
"rev": "6e149bfd726a8ebefa415f2d713ba6d942435abd",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nmattia",
|
||||||
|
"repo": "naersk",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixos": {
|
"nixos": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1612690903,
|
"lastModified": 1612690903,
|
||||||
|
@ -156,9 +205,11 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"ci-agent": "ci-agent",
|
"ci-agent": "ci-agent",
|
||||||
|
"deploy": "deploy",
|
||||||
"devshell": "devshell",
|
"devshell": "devshell",
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"home": "home",
|
"home": "home",
|
||||||
|
"naersk": "naersk",
|
||||||
"nixos": "nixos",
|
"nixos": "nixos",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nur": "nur",
|
"nur": "nur",
|
||||||
|
|
28
flake.nix
28
flake.nix
|
@ -14,27 +14,35 @@
|
||||||
ci-agent.inputs.nixos-20_09.follows = "nixos";
|
ci-agent.inputs.nixos-20_09.follows = "nixos";
|
||||||
ci-agent.inputs.nixos-unstable.follows = "override";
|
ci-agent.inputs.nixos-unstable.follows = "override";
|
||||||
ci-agent.inputs.flake-compat.follows = "flake-compat";
|
ci-agent.inputs.flake-compat.follows = "flake-compat";
|
||||||
|
deploy.url = "github:serokell/deploy-rs";
|
||||||
|
deploy.inputs.utils.follows = "utils";
|
||||||
|
deploy.inputs.naersk.follows = "naersk";
|
||||||
|
deploy.inputs.nixpkgs.follows = "override";
|
||||||
|
deploy.inputs.flake-compat.follows = "flake-compat";
|
||||||
|
naersk.url = "github:nmattia/naersk";
|
||||||
|
naersk.inputs.nixpkgs.follows = "override";
|
||||||
flake-compat.url = "github:edolstra/flake-compat";
|
flake-compat.url = "github:edolstra/flake-compat";
|
||||||
flake-compat.flake = false;
|
flake-compat.flake = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
inputs@{ self
|
inputs@{ ci-agent
|
||||||
, ci-agent
|
, deploy
|
||||||
|
, devshell
|
||||||
, home
|
, home
|
||||||
, nixos
|
, nixos
|
||||||
, override
|
|
||||||
, utils
|
|
||||||
, nur
|
|
||||||
, devshell
|
|
||||||
, nixos-hardware
|
, nixos-hardware
|
||||||
|
, nur
|
||||||
|
, override
|
||||||
|
, self
|
||||||
|
, utils
|
||||||
, ...
|
, ...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit (utils.lib) eachDefaultSystem flattenTreeSystem;
|
inherit (utils.lib) eachDefaultSystem flattenTreeSystem;
|
||||||
inherit (nixos.lib) recursiveUpdate;
|
inherit (nixos.lib) recursiveUpdate;
|
||||||
inherit (self.lib) overlays nixosModules genPackages genPkgs
|
inherit (self.lib) overlays nixosModules genPackages genPkgs
|
||||||
genHomeActivationPackages;
|
genHomeActivationPackages mkNodes;
|
||||||
|
|
||||||
extern = import ./extern { inherit inputs; };
|
extern = import ./extern { inherit inputs; };
|
||||||
|
|
||||||
|
@ -63,6 +71,12 @@
|
||||||
templates.flk.description = "flk template";
|
templates.flk.description = "flk template";
|
||||||
|
|
||||||
defaultTemplate = self.templates.flk;
|
defaultTemplate = self.templates.flk;
|
||||||
|
|
||||||
|
deploy.nodes = mkNodes deploy self.nixosConfigurations;
|
||||||
|
|
||||||
|
checks = builtins.mapAttrs
|
||||||
|
(system: deployLib: deployLib.deployChecks self.deploy)
|
||||||
|
deploy.lib;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemOutputs = eachDefaultSystem (system:
|
systemOutputs = eachDefaultSystem (system:
|
||||||
|
|
|
@ -42,6 +42,21 @@ let
|
||||||
in
|
in
|
||||||
map fullPath (attrNames (readDir overlayDir));
|
map fullPath (attrNames (readDir overlayDir));
|
||||||
|
|
||||||
|
/**
|
||||||
|
Synopsis: mkNodes _nixosConfigurations_
|
||||||
|
|
||||||
|
Generate the `nodes` attribute expected by deploy-rs
|
||||||
|
where _nixosConfigurations_ are `nodes`.
|
||||||
|
**/
|
||||||
|
mkNodes = deploy: mapAttrs (_: config: {
|
||||||
|
hostname = config.config.networking.hostName;
|
||||||
|
|
||||||
|
profiles.system = {
|
||||||
|
user = "root";
|
||||||
|
path = deploy.lib.x86_64-linux.activate.nixos config;
|
||||||
|
};
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Synopsis: importDefaults _path_
|
Synopsis: importDefaults _path_
|
||||||
|
|
||||||
|
@ -72,7 +87,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
inherit importDefaults mapFilterAttrs genAttrs' pkgImport
|
inherit importDefaults mapFilterAttrs genAttrs' pkgImport
|
||||||
pathsToImportedAttrs;
|
pathsToImportedAttrs mkNodes;
|
||||||
|
|
||||||
overlays = pathsToImportedAttrs overlayPaths;
|
overlays = pathsToImportedAttrs overlayPaths;
|
||||||
|
|
||||||
|
|
10
nix/ci.nix
10
nix/ci.nix
|
@ -1,10 +1,18 @@
|
||||||
let
|
let
|
||||||
inherit (default.inputs.nixos.lib) recurseIntoAttrs;
|
inherit (default.inputs.nixos.lib) mapAttrs recurseIntoAttrs;
|
||||||
|
|
||||||
default = (import "${../.}/compat").defaultNix;
|
default = (import "${../.}/compat").defaultNix;
|
||||||
packages = import ../default.nix;
|
packages = import ../default.nix;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
checks = recurseIntoAttrs (mapAttrs (_: v: recurseIntoAttrs v) {
|
||||||
|
inherit (default.checks)
|
||||||
|
aarch64-linux
|
||||||
|
i686-linux
|
||||||
|
x86_64-linux
|
||||||
|
;
|
||||||
|
});
|
||||||
|
|
||||||
# platforms supported by our hercules-ci agent
|
# platforms supported by our hercules-ci agent
|
||||||
inherit (packages)
|
inherit (packages)
|
||||||
aarch64-linux
|
aarch64-linux
|
||||||
|
|
|
@ -12,6 +12,7 @@ in
|
||||||
binutils
|
binutils
|
||||||
coreutils
|
coreutils
|
||||||
curl
|
curl
|
||||||
|
deploy-rs
|
||||||
direnv
|
direnv
|
||||||
dnsutils
|
dnsutils
|
||||||
dosfstools
|
dosfstools
|
||||||
|
@ -22,8 +23,8 @@ in
|
||||||
iputils
|
iputils
|
||||||
jq
|
jq
|
||||||
manix
|
manix
|
||||||
nix-index
|
|
||||||
moreutils
|
moreutils
|
||||||
|
nix-index
|
||||||
nmap
|
nmap
|
||||||
ripgrep
|
ripgrep
|
||||||
tealdeer
|
tealdeer
|
||||||
|
|
|
@ -23,7 +23,7 @@ pkgs.devshell.mkShell {
|
||||||
nixos-install
|
nixos-install
|
||||||
nixos-generate-config
|
nixos-generate-config
|
||||||
nixos-enter
|
nixos-enter
|
||||||
];
|
] ++ lib.optional (system == "x86_64-linux") deploy-rs;
|
||||||
|
|
||||||
env = { inherit name; };
|
env = { inherit name; };
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue