commit
e7b46dfd92
10 changed files with 159 additions and 11 deletions
|
@ -23,4 +23,6 @@
|
|||
- [iso](./doc/flk/iso.md)
|
||||
- [install](./doc/flk/install.md)
|
||||
- [home](./doc/flk/home.md)
|
||||
- [Integrations](doc/integrations/index.md)
|
||||
- [deploy-rs](./doc/integrations/deploy.md)
|
||||
- [Contributing](./doc/README.md)
|
||||
|
|
49
doc/integrations/deploy.md
Normal file
49
doc/integrations/deploy.md
Normal file
|
@ -0,0 +1,49 @@
|
|||
# deploy-rs
|
||||
[Deploy-rs][d-rs] is a tool for managing NixOS remote machines. It was
|
||||
chosen for nixflk after the author experienced some frustrations with the
|
||||
stateful nature of nixops' db. It was also designed from scratch to support
|
||||
flake based deployments, and so is an excellent tool for the job.
|
||||
|
||||
By default, all the [hosts](../../hosts) are also available as deploy-rs nodes,
|
||||
configured with the hostname set to `networking.hostName`; overridable via
|
||||
the command line.
|
||||
|
||||
## Usage
|
||||
|
||||
Just add your ssh key to the host:
|
||||
```nix
|
||||
{ ... }:
|
||||
{
|
||||
users.users.${sshUser}.openssh.authorizedKeys.keyFiles = [
|
||||
../secrets/path/to/key.pub
|
||||
];
|
||||
}
|
||||
```
|
||||
|
||||
And the private key to your user:
|
||||
```nix
|
||||
{ ... }:
|
||||
{
|
||||
home-manager.users.${sshUser}.programs.ssh = {
|
||||
enable = true;
|
||||
|
||||
matchBlocks = {
|
||||
${host} = {
|
||||
host = hostName;
|
||||
identityFile = ../secrets/path/to/key;
|
||||
extraOptions = { AddKeysToAgent = "yes"; };
|
||||
};
|
||||
};
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
And run the deployment:
|
||||
```sh
|
||||
deploy "flk#hostName" --hostname host.example.com
|
||||
```
|
||||
|
||||
> ##### _Note:_
|
||||
> Your user will need sudo access
|
||||
|
||||
[d-rs]: https://github.com/serokell/deploy-rs
|
5
doc/integrations/index.md
Normal file
5
doc/integrations/index.md
Normal file
|
@ -0,0 +1,5 @@
|
|||
# Integrations
|
||||
This section explores some of the optional tools included with nixflk to provide
|
||||
a solution to common concerns such as ci and remote deployment. An effort is
|
||||
made to choose tools that treat nix, and where possible flakes, as first class
|
||||
citizens.
|
3
extern/default.nix
vendored
3
extern/default.nix
vendored
|
@ -8,6 +8,9 @@
|
|||
overlays = [
|
||||
nur.overlay
|
||||
devshell.overlay
|
||||
(final: prev: {
|
||||
deploy-rs = deploy.packages.${prev.system}.deploy-rs;
|
||||
})
|
||||
];
|
||||
|
||||
# passed to all nixos modules
|
||||
|
|
51
flake.lock
51
flake.lock
|
@ -27,6 +27,35 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"deploy": {
|
||||
"inputs": {
|
||||
"flake-compat": [
|
||||
"flake-compat"
|
||||
],
|
||||
"naersk": [
|
||||
"naersk"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"override"
|
||||
],
|
||||
"utils": [
|
||||
"utils"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1612864896,
|
||||
"narHash": "sha256-pbsvxe05kAWJzPeC6fs4t0Mk8mTZs6u/WQDMBqoA5tA=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "fecc7e723db40c7e056371467275186b3bbb9ef3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"devshell": {
|
||||
"locked": {
|
||||
"lastModified": 1612486691,
|
||||
|
@ -79,6 +108,26 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"naersk": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"override"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1612192764,
|
||||
"narHash": "sha256-7EnLtZQWP6511G1ZPA7FmJlqAr3hWsAYb24tvTvJ/ec=",
|
||||
"owner": "nmattia",
|
||||
"repo": "naersk",
|
||||
"rev": "6e149bfd726a8ebefa415f2d713ba6d942435abd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nmattia",
|
||||
"repo": "naersk",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos": {
|
||||
"locked": {
|
||||
"lastModified": 1612690903,
|
||||
|
@ -156,9 +205,11 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"ci-agent": "ci-agent",
|
||||
"deploy": "deploy",
|
||||
"devshell": "devshell",
|
||||
"flake-compat": "flake-compat",
|
||||
"home": "home",
|
||||
"naersk": "naersk",
|
||||
"nixos": "nixos",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nur": "nur",
|
||||
|
|
28
flake.nix
28
flake.nix
|
@ -14,27 +14,35 @@
|
|||
ci-agent.inputs.nixos-20_09.follows = "nixos";
|
||||
ci-agent.inputs.nixos-unstable.follows = "override";
|
||||
ci-agent.inputs.flake-compat.follows = "flake-compat";
|
||||
deploy.url = "github:serokell/deploy-rs";
|
||||
deploy.inputs.utils.follows = "utils";
|
||||
deploy.inputs.naersk.follows = "naersk";
|
||||
deploy.inputs.nixpkgs.follows = "override";
|
||||
deploy.inputs.flake-compat.follows = "flake-compat";
|
||||
naersk.url = "github:nmattia/naersk";
|
||||
naersk.inputs.nixpkgs.follows = "override";
|
||||
flake-compat.url = "github:edolstra/flake-compat";
|
||||
flake-compat.flake = false;
|
||||
};
|
||||
|
||||
outputs =
|
||||
inputs@{ self
|
||||
, ci-agent
|
||||
inputs@{ ci-agent
|
||||
, deploy
|
||||
, devshell
|
||||
, home
|
||||
, nixos
|
||||
, override
|
||||
, utils
|
||||
, nur
|
||||
, devshell
|
||||
, nixos-hardware
|
||||
, nur
|
||||
, override
|
||||
, self
|
||||
, utils
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (utils.lib) eachDefaultSystem flattenTreeSystem;
|
||||
inherit (nixos.lib) recursiveUpdate;
|
||||
inherit (self.lib) overlays nixosModules genPackages genPkgs
|
||||
genHomeActivationPackages;
|
||||
genHomeActivationPackages mkNodes;
|
||||
|
||||
extern = import ./extern { inherit inputs; };
|
||||
|
||||
|
@ -63,6 +71,12 @@
|
|||
templates.flk.description = "flk template";
|
||||
|
||||
defaultTemplate = self.templates.flk;
|
||||
|
||||
deploy.nodes = mkNodes deploy self.nixosConfigurations;
|
||||
|
||||
checks = builtins.mapAttrs
|
||||
(system: deployLib: deployLib.deployChecks self.deploy)
|
||||
deploy.lib;
|
||||
};
|
||||
|
||||
systemOutputs = eachDefaultSystem (system:
|
||||
|
|
|
@ -42,6 +42,21 @@ let
|
|||
in
|
||||
map fullPath (attrNames (readDir overlayDir));
|
||||
|
||||
/**
|
||||
Synopsis: mkNodes _nixosConfigurations_
|
||||
|
||||
Generate the `nodes` attribute expected by deploy-rs
|
||||
where _nixosConfigurations_ are `nodes`.
|
||||
**/
|
||||
mkNodes = deploy: mapAttrs (_: config: {
|
||||
hostname = config.config.networking.hostName;
|
||||
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
path = deploy.lib.x86_64-linux.activate.nixos config;
|
||||
};
|
||||
});
|
||||
|
||||
/**
|
||||
Synopsis: importDefaults _path_
|
||||
|
||||
|
@ -72,7 +87,7 @@ let
|
|||
in
|
||||
{
|
||||
inherit importDefaults mapFilterAttrs genAttrs' pkgImport
|
||||
pathsToImportedAttrs;
|
||||
pathsToImportedAttrs mkNodes;
|
||||
|
||||
overlays = pathsToImportedAttrs overlayPaths;
|
||||
|
||||
|
|
10
nix/ci.nix
10
nix/ci.nix
|
@ -1,10 +1,18 @@
|
|||
let
|
||||
inherit (default.inputs.nixos.lib) recurseIntoAttrs;
|
||||
inherit (default.inputs.nixos.lib) mapAttrs recurseIntoAttrs;
|
||||
|
||||
default = (import "${../.}/compat").defaultNix;
|
||||
packages = import ../default.nix;
|
||||
in
|
||||
{
|
||||
checks = recurseIntoAttrs (mapAttrs (_: v: recurseIntoAttrs v) {
|
||||
inherit (default.checks)
|
||||
aarch64-linux
|
||||
i686-linux
|
||||
x86_64-linux
|
||||
;
|
||||
});
|
||||
|
||||
# platforms supported by our hercules-ci agent
|
||||
inherit (packages)
|
||||
aarch64-linux
|
||||
|
|
|
@ -12,6 +12,7 @@ in
|
|||
binutils
|
||||
coreutils
|
||||
curl
|
||||
deploy-rs
|
||||
direnv
|
||||
dnsutils
|
||||
dosfstools
|
||||
|
@ -22,8 +23,8 @@ in
|
|||
iputils
|
||||
jq
|
||||
manix
|
||||
nix-index
|
||||
moreutils
|
||||
nix-index
|
||||
nmap
|
||||
ripgrep
|
||||
tealdeer
|
||||
|
|
|
@ -23,7 +23,7 @@ pkgs.devshell.mkShell {
|
|||
nixos-install
|
||||
nixos-generate-config
|
||||
nixos-enter
|
||||
];
|
||||
] ++ lib.optional (system == "x86_64-linux") deploy-rs;
|
||||
|
||||
env = { inherit name; };
|
||||
|
||||
|
|
Loading…
Reference in a new issue