diff --git a/README.md b/README.md index 283d1f4..bc39466 100644 --- a/README.md +++ b/README.md @@ -18,11 +18,9 @@ - `hardware/` configuration for hardware components - `impermanence/` impermanence modules for hosts - `nix/` additional nix functions - - `checks.nix` pre-commit checks - - `colmena.nix` Setup for using colmena to deploy - `devshell.nix` Development shell - `extra-builtins.nix` Extra builtin plugin file to enable repository secrets - - `generate-node.nix` logic to generate nodes for colmena + - TODO - `lib.nix` additional library functions - `secrets/` global secrets - `.key.pub` public key handles to decrypt secrets using yubikey @@ -56,9 +54,8 @@ - `rekey-save-output` only internal use - `checks` linting and other checks for this repository - `pre-commit-check` automatic checks executed as pre-commit hooks -- `colmena` outputs used by colmena -- `colmenaNodes` per node configuration -- `nodes` alias to `colmenaNodes` +- `nixosNodes` top level configs for hosts +- `nodes` alias to `nixosNodes` - `devshell` development shell using devshell - `formatter` nix code formatter - `hosts` host meta declaration @@ -86,14 +83,11 @@ - you can get the path using `nix path-info .#packages..installer-package.` 4. Export all zpools and reboot into system 6. Retrieve hostkeys using `ssh-keyscan | grep -o 'ssh-ed25519.*' > host//secrets/host.pub -5. Deploy system using colmena +5. Deploy system ## Deploy -```bash -colmena apply --on -``` If deploying from a host not containing the necessary nix configuration option append ```bash --nix-option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --nix-option extra-builtins-file ./nix/extra-builtins` diff --git a/flake.lock b/flake.lock index 2bf8469..b27b635 100644 --- a/flake.lock +++ b/flake.lock @@ -67,31 +67,6 @@ "type": "github" } }, - "colmena": { - "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "stable": "stable" - }, - "locked": { - "lastModified": 1688224393, - "narHash": "sha256-rsAvFNhRFzTF7qyb6WprLFghJnRxMFjvD2e5/dqMp4I=", - "owner": "zhaofengli", - "repo": "colmena", - "rev": "19384f3ee2058c56021e4465a3ec57e84a47d8dd", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "repo": "colmena", - "type": "github" - } - }, "crane": { "inputs": { "flake-compat": [ @@ -229,22 +204,6 @@ } }, "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { "flake": false, "locked": { "lastModified": 1673956053, @@ -260,7 +219,7 @@ "type": "github" } }, - "flake-compat_4": { + "flake-compat_3": { "locked": { "lastModified": 1688025799, "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", @@ -275,7 +234,7 @@ "type": "github" } }, - "flake-compat_5": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1673956053, @@ -291,7 +250,7 @@ "type": "github" } }, - "flake-compat_6": { + "flake-compat_5": { "flake": false, "locked": { "lastModified": 1673956053, @@ -564,7 +523,7 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "flake-parts": "flake-parts", "flake-utils": "flake-utils_2", "nixpkgs": [ @@ -779,7 +738,7 @@ }, "nixpkgs-wayland": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", "nixpkgs": [ @@ -928,7 +887,7 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_4", "flake-utils": [ "flake-utils" ], @@ -956,7 +915,6 @@ "inputs": { "agenix": "agenix", "agenix-rekey": "agenix-rekey", - "colmena": "colmena", "devshell": "devshell_2", "disko": "disko", "flake-utils": "flake-utils", @@ -1000,26 +958,10 @@ "type": "github" } }, - "stable": { - "locked": { - "lastModified": 1669735802, - "narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "731cc710aeebecbf45a258e977e8b68350549522", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, "stylix": { "inputs": { "base16": "base16", - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_5", "home-manager": "home-manager_2", "nixpkgs": "nixpkgs_4" }, diff --git a/flake.nix b/flake.nix index 2a3b0b2..4cd13e6 100644 --- a/flake.nix +++ b/flake.nix @@ -53,12 +53,6 @@ templates.url = "git+https://git.lel.lol/patrick/nix-templates.git"; - colmena = { - url = "github:zhaofengli/colmena"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; - impermanence.url = "github:nix-community/impermanence"; nixos-hardware.url = "github:nixos/nixos-hardware"; @@ -88,10 +82,11 @@ self, nixpkgs, flake-utils, - colmena, agenix-rekey, nixos-generators, pre-commit-hooks, + devshell, + nixpkgs-wayland, ... } @ inputs: let inherit (nixpkgs) lib; @@ -111,7 +106,6 @@ inherit stateVersion; inherit (import ./nix/hosts.nix inputs) - colmena hosts microvmConfigurations nixosConfigurations @@ -133,7 +127,9 @@ import ./lib inputs ++ import ./pkgs ++ [ - inputs.nixpkgs-wayland.overlay + nixpkgs-wayland.overlay + devshell.overlays.default + agenix-rekey.overlays.default ]; inherit system; config.allowUnfree = true; diff --git a/modules/optional/secureboot.nix b/modules/optional/secureboot.nix index 0a460c4..6136158 100644 --- a/modules/optional/secureboot.nix +++ b/modules/optional/secureboot.nix @@ -6,10 +6,10 @@ }: { environment.systemPackages = [ # For debugging and troubleshooting Secure Boot. - pkgs.sbctl.override - { - databasePath = "/run/secureboot"; - } + (pkgs.sbctl.override + { + databasePath = "/run/secureboot"; + }) ]; age.secrets.secureboot.rekeyFile = ../../hosts/${config.node.name}/secrets/secureboot.tar.age; system.activationScripts.securebootuntar = { @@ -29,7 +29,8 @@ boot.lanzaboote = { enable = true; - enrollKeys = true; + # Not usable anyway + #enrollKeys = true; pkiBundle = "/run/secureboot"; }; } diff --git a/nix/devshell.nix b/nix/devshell.nix index 073027c..c03cbb8 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -1,18 +1,11 @@ { self, nixpkgs, - colmena, devshell, agenix-rekey, ... }: system: let - pkgs = import nixpkgs { - inherit system; - overlays = [ - devshell.overlays.default - agenix-rekey.overlays.default - ]; - }; + pkgs = self.pkgs.${system}; in pkgs.devshell.mkShell { name = "nix-config"; @@ -31,31 +24,29 @@ in rage nix ]; - commands = with pkgs; [ + commands = [ { - package = - colmena.packages.${system}.colmena; - help = "Apply nix configurations"; + package = pkgs.deploy; + help = "build and deploy nix configurations"; } { package = pkgs.agenix-rekey; help = "Edit and rekey repository secrets"; } { - package = - alejandra; + package = pkgs.alejandra; help = "Format nix code"; } { - package = statix; + package = pkgs.statix; help = "Linter for nix"; } { - package = deadnix; + package = pkgs.deadnix; help = "Remove dead nix code"; } { - package = update-nix-fetchgit; + package = pkgs.update-nix-fetchgit; help = "Update fetcher inside nix files"; } ]; diff --git a/nix/hosts.nix b/nix/hosts.nix index 9ad5203..120463e 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -11,8 +11,6 @@ inputs: let nixosSystem ; - mapNixosConfigs = f: mapAttrs (_: f) self.nixosConfigurations; - # Creates a new nixosSystem with the correct specialArgs, pkgs and name definition mkHost = name: system: let pkgs = self.pkgs.${system}; @@ -49,22 +47,6 @@ inputs: let # Process each nixosHosts declaration and generatea nixosSystem definitions nixosConfigurations = flip mapAttrs nixosHosts (name: hostCfg: mkHost name hostCfg.system); - # We now wrap nixosConfigurations so that colmena understands it - colmena = - { - meta = { - # Just a required dummy for colmena, overwritten on a per-node basis by nodeNixpkgs below. - nixpkgs = self.pkgs.x86_64-linux; - nodeNixpkgs = mapNixosConfigs (v: - import inputs.nixpkgs { - inherit (v._module.args.pkgs.stdenv.hostPlatform) system; - inherit (v._module.args.pkgs) config; - }); - nodeSpecialArgs = mapNixosConfigs (v: v._module.specialArgs); - }; - } - // mapNixosConfigs (v: {imports = v._module.args.modules;}); - # True NixOS nodes can define additional microvms (guest nodes) that are built # together with the true host. We collect all defined microvm nodes # from each node here to allow accessing any node via the unified attribute `nodes`. @@ -74,7 +56,6 @@ inputs: let (node.config.meta.microvms.vms or {})); in { inherit - colmena hosts microvmConfigurations nixosConfigurations diff --git a/pkgs/default.nix b/pkgs/default.nix index 89419b3..eb0d101 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,5 +2,6 @@ (_self: super: { zsh-histdb-skim = super.callPackage ./zsh-histdb-skim.nix {}; zsh-histdb = super.callPackage ./zsh-histdb.nix {}; + deploy = super.callPackage ./deploy.nix {}; }) ] diff --git a/pkgs/deploy.nix b/pkgs/deploy.nix new file mode 100644 index 0000000..1a58731 --- /dev/null +++ b/pkgs/deploy.nix @@ -0,0 +1,158 @@ +{ + stdenv, + symlinkJoin, + writeShellApplication, +}: let + deploy = writeShellApplication { + name = "deploy"; + text = '' + set -euo pipefail + + function die { echo "error: $*" >&2; exit 1;} + function show_help() { + echo ' Usage: deploy [OPTIONS] [ACTION]' + echo 'ACTION:' + echo ' switch [default] build, push and switch to the new configuration' + echo ' boot switch on next boot' + echo ' test switch to config but do not make it the boot default' + echo ' dry-activate just show what an activation would do' + echo "" + echo 'OPTIONS:' + echo ' --help show this help menu' + } + + USER_FLAKE_DIR=$(git rev-parse --show-toplevel 2>/dev/null || pwd) \ + || die "Could not determine current directory" + + cd "$USER_FLAKE_DIR" + + [[ $# -gt 0 ]] || { + show_help + exit 1 + } + + OPTIONS=() + POSITIONAL_ARGS=() + while [[ $# -gt 0 ]]; do + case "$1" in + "help"|"--help"|"-h") + show_help + exit 1 + ;; + -*) + OPTIONS+=("$1") + ;; + *) + POSITIONAL_ARGS+=("$1") + esac + shift + done + + [[ ! ''${#POSITIONAL_ARGS[@]} -lt 1 ]] \ + || die "Missing argument: " + [[ ! ''${#POSITIONAL_ARGS[@]} -gt 2 ]] \ + || die "Too many arguments" + + shopt -s lastpipe + tr , '\n' <<< "''${POSITIONAL_ARGS[0]}" | sort -u | readarray -t HOSTS + + ACTION="''${POSITIONAL_ARGS[1]-switch}" + + function main() { + local config + config=".#nixosConfigurations.$1.config.system.build.toplevel" + local top_level + top_level=$(nix build --no-link --print-out-paths "''${OPTIONS[@]}" "$config" 2>/dev/null) + + echo -e "Copying toplevel for \033[0;32m$1\033[0m" + nix copy --to "ssh://$1" "$top_level" \ + || die "Failed copying closure to $1" + + echo -e "Applying toplevel for \033[0;32m$1\033[0m" + ( + exec > >(trap "" INT TERM; sed "s/^/$1: /") + exec 2> >(trap "" INT TERM; sed "s/^/$1: /" >&2) + # shellcheck disable=SC2029 + ssh "$1" "$top_level/bin/switch-to-configuration" "$ACTION" \ + || die "Error activating toplevel for $1" + ) + } + + NIXOS_CONFIGS=() + for host in "''${HOSTS[@]}"; do + NIXOS_CONFIGS+=(".#nixosConfigurations.$host.config.system.build.toplevel") + done + echo -e "Building toplevels for \033[0;32m''${#HOSTS[*]} hosts\033[0m" + nix build --no-link "''${OPTIONS[@]}" "''${NIXOS_CONFIGS[@]}" \ + || die "Failed building derivations" + + for host in "''${HOSTS[@]}"; do + main "$host" & + done + wait + ''; + }; + build = writeShellApplication { + name = "build"; + text = '' + set -euo pipefail + + function die { echo "error: $*" >&2; exit 1;} + function show_help() { + echo ' Usage: build [OPTIONS] ' + echo 'Build the toplevel nixos configuration for hosts' + } + + USER_FLAKE_DIR=$(git rev-parse --show-toplevel 2>/dev/null || pwd) \ + || die "Could not determine current directory" + + cd "$USER_FLAKE_DIR" + + [[ $# -gt 0 ]] || { + show_help + exit 1 + } + + OPTIONS=() + POSITIONAL_ARGS=() + while [[ $# -gt 0 ]]; do + case "$1" in + "help"|"--help"|"-h") + show_help + exit 1 + ;; + -*) + OPTIONS+=("$1") + ;; + *) + POSITIONAL_ARGS+=("$1") + ;; + esac + shift + done + + [[ ! ''${#POSITIONAL_ARGS[@]} -lt 1 ]] \ + || die "Missing argument: " + [[ ! ''${#POSITIONAL_ARGS[@]} -gt 1 ]] \ + || die "Too many arguments" + + shopt -s lastpipe + tr , '\n' <<< "''${POSITIONAL_ARGS[0]}" | sort -u | readarray -t HOSTS + + NIXOS_CONFIGS=() + for host in "''${HOSTS[@]}"; do + NIXOS_CONFIGS+=(".#nixosConfigurations.$host.config.system.build.toplevel") + done + + + echo -e "Building toplevels for \033[0;32m''${#HOSTS[*]} hosts\033[0m" + nix build --print-out-paths --no-link "''${OPTIONS[@]}" "''${NIXOS_CONFIGS[@]}" \ + || die "Failed building derivations" + + ''; + }; +in + symlinkJoin { + name = "deploy and build"; + paths = [deploy build]; + } diff --git a/users/common/graphical/sway3.nix b/users/common/graphical/sway3.nix index 1889144..ca4f502 100644 --- a/users/common/graphical/sway3.nix +++ b/users/common/graphical/sway3.nix @@ -34,12 +34,11 @@ let ]; workspaceOutputAssign = let - output = out: workspaces: + output = out: map (x: { workspace = x; output = out; - }) - workspaces; + }); in { "desktopnix" = diff --git a/users/common/shells/alias.nix b/users/common/shells/alias.nix index 7368fb7..74ee00c 100644 --- a/users/common/shells/alias.nix +++ b/users/common/shells/alias.nix @@ -25,6 +25,5 @@ zf = "zathura --fork"; gdb = "${pkgs.pwndbg}/bin/pwndbg"; - build = "nix build --no-link --print-out-paths"; }; }