feat: remove colmena

This commit is contained in:
Patrick 2023-09-25 21:28:30 +02:00
parent 9efaa63cca
commit c07f768854
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
10 changed files with 191 additions and 129 deletions

View file

@ -18,11 +18,9 @@
- `hardware/` configuration for hardware components - `hardware/` configuration for hardware components
- `impermanence/` impermanence modules for hosts - `impermanence/` impermanence modules for hosts
- `nix/` additional nix functions - `nix/` additional nix functions
- `checks.nix` pre-commit checks
- `colmena.nix` Setup for using colmena to deploy
- `devshell.nix` Development shell - `devshell.nix` Development shell
- `extra-builtins.nix` Extra builtin plugin file to enable repository secrets - `extra-builtins.nix` Extra builtin plugin file to enable repository secrets
- `generate-node.nix` logic to generate nodes for colmena - TODO
- `lib.nix` additional library functions - `lib.nix` additional library functions
- `secrets/` global secrets - `secrets/` global secrets
- `<name>.key.pub` public key handles to decrypt secrets using yubikey - `<name>.key.pub` public key handles to decrypt secrets using yubikey
@ -56,9 +54,8 @@
- `rekey-save-output` only internal use - `rekey-save-output` only internal use
- `checks` linting and other checks for this repository - `checks` linting and other checks for this repository
- `pre-commit-check` automatic checks executed as pre-commit hooks - `pre-commit-check` automatic checks executed as pre-commit hooks
- `colmena` outputs used by colmena - `nixosNodes` top level configs for hosts
- `colmenaNodes` per node configuration - `nodes` alias to `nixosNodes`
- `nodes` alias to `colmenaNodes`
- `devshell` development shell using devshell - `devshell` development shell using devshell
- `formatter` nix code formatter - `formatter` nix code formatter
- `hosts` host meta declaration - `hosts` host meta declaration
@ -86,14 +83,11 @@
- you can get the path using `nix path-info .#packages.<target-system>.installer-package.<target>` - you can get the path using `nix path-info .#packages.<target-system>.installer-package.<target>`
4. Export all zpools and reboot into system 4. Export all zpools and reboot into system
6. Retrieve hostkeys using `ssh-keyscan <host> | grep -o 'ssh-ed25519.*' > host/<target>/secrets/host.pub 6. Retrieve hostkeys using `ssh-keyscan <host> | grep -o 'ssh-ed25519.*' > host/<target>/secrets/host.pub
5. Deploy system using colmena 5. Deploy system
## Deploy ## Deploy
```bash
colmena apply --on <hostname>
```
If deploying from a host not containing the necessary nix configuration option append If deploying from a host not containing the necessary nix configuration option append
```bash ```bash
--nix-option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --nix-option extra-builtins-file ./nix/extra-builtins` --nix-option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --nix-option extra-builtins-file ./nix/extra-builtins`

View file

@ -67,31 +67,6 @@
"type": "github" "type": "github"
} }
}, },
"colmena": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"stable": "stable"
},
"locked": {
"lastModified": 1688224393,
"narHash": "sha256-rsAvFNhRFzTF7qyb6WprLFghJnRxMFjvD2e5/dqMp4I=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "19384f3ee2058c56021e4465a3ec57e84a47d8dd",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"crane": { "crane": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -229,22 +204,6 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -260,7 +219,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_4": { "flake-compat_3": {
"locked": { "locked": {
"lastModified": 1688025799, "lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -275,7 +234,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": { "flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -291,7 +250,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_6": { "flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -564,7 +523,7 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
@ -779,7 +738,7 @@
}, },
"nixpkgs-wayland": { "nixpkgs-wayland": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_3",
"lib-aggregate": "lib-aggregate", "lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs", "nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [ "nixpkgs": [
@ -928,7 +887,7 @@
}, },
"pre-commit-hooks_2": { "pre-commit-hooks_2": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_4",
"flake-utils": [ "flake-utils": [
"flake-utils" "flake-utils"
], ],
@ -956,7 +915,6 @@
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"agenix-rekey": "agenix-rekey", "agenix-rekey": "agenix-rekey",
"colmena": "colmena",
"devshell": "devshell_2", "devshell": "devshell_2",
"disko": "disko", "disko": "disko",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
@ -1000,26 +958,10 @@
"type": "github" "type": "github"
} }
}, },
"stable": {
"locked": {
"lastModified": 1669735802,
"narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "731cc710aeebecbf45a258e977e8b68350549522",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"stylix": { "stylix": {
"inputs": { "inputs": {
"base16": "base16", "base16": "base16",
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_5",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },

View file

@ -53,12 +53,6 @@
templates.url = "git+https://git.lel.lol/patrick/nix-templates.git"; templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";
colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
@ -88,10 +82,11 @@
self, self,
nixpkgs, nixpkgs,
flake-utils, flake-utils,
colmena,
agenix-rekey, agenix-rekey,
nixos-generators, nixos-generators,
pre-commit-hooks, pre-commit-hooks,
devshell,
nixpkgs-wayland,
... ...
} @ inputs: let } @ inputs: let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
@ -111,7 +106,6 @@
inherit stateVersion; inherit stateVersion;
inherit inherit
(import ./nix/hosts.nix inputs) (import ./nix/hosts.nix inputs)
colmena
hosts hosts
microvmConfigurations microvmConfigurations
nixosConfigurations nixosConfigurations
@ -133,7 +127,9 @@
import ./lib inputs import ./lib inputs
++ import ./pkgs ++ import ./pkgs
++ [ ++ [
inputs.nixpkgs-wayland.overlay nixpkgs-wayland.overlay
devshell.overlays.default
agenix-rekey.overlays.default
]; ];
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;

View file

@ -6,10 +6,10 @@
}: { }: {
environment.systemPackages = [ environment.systemPackages = [
# For debugging and troubleshooting Secure Boot. # For debugging and troubleshooting Secure Boot.
pkgs.sbctl.override (pkgs.sbctl.override
{ {
databasePath = "/run/secureboot"; databasePath = "/run/secureboot";
} })
]; ];
age.secrets.secureboot.rekeyFile = ../../hosts/${config.node.name}/secrets/secureboot.tar.age; age.secrets.secureboot.rekeyFile = ../../hosts/${config.node.name}/secrets/secureboot.tar.age;
system.activationScripts.securebootuntar = { system.activationScripts.securebootuntar = {
@ -29,7 +29,8 @@
boot.lanzaboote = { boot.lanzaboote = {
enable = true; enable = true;
enrollKeys = true; # Not usable anyway
#enrollKeys = true;
pkiBundle = "/run/secureboot"; pkiBundle = "/run/secureboot";
}; };
} }

View file

@ -1,18 +1,11 @@
{ {
self, self,
nixpkgs, nixpkgs,
colmena,
devshell, devshell,
agenix-rekey, agenix-rekey,
... ...
}: system: let }: system: let
pkgs = import nixpkgs { pkgs = self.pkgs.${system};
inherit system;
overlays = [
devshell.overlays.default
agenix-rekey.overlays.default
];
};
in in
pkgs.devshell.mkShell { pkgs.devshell.mkShell {
name = "nix-config"; name = "nix-config";
@ -31,31 +24,29 @@ in
rage rage
nix nix
]; ];
commands = with pkgs; [ commands = [
{ {
package = package = pkgs.deploy;
colmena.packages.${system}.colmena; help = "build and deploy nix configurations";
help = "Apply nix configurations";
} }
{ {
package = pkgs.agenix-rekey; package = pkgs.agenix-rekey;
help = "Edit and rekey repository secrets"; help = "Edit and rekey repository secrets";
} }
{ {
package = package = pkgs.alejandra;
alejandra;
help = "Format nix code"; help = "Format nix code";
} }
{ {
package = statix; package = pkgs.statix;
help = "Linter for nix"; help = "Linter for nix";
} }
{ {
package = deadnix; package = pkgs.deadnix;
help = "Remove dead nix code"; help = "Remove dead nix code";
} }
{ {
package = update-nix-fetchgit; package = pkgs.update-nix-fetchgit;
help = "Update fetcher inside nix files"; help = "Update fetcher inside nix files";
} }
]; ];

View file

@ -11,8 +11,6 @@ inputs: let
nixosSystem nixosSystem
; ;
mapNixosConfigs = f: mapAttrs (_: f) self.nixosConfigurations;
# Creates a new nixosSystem with the correct specialArgs, pkgs and name definition # Creates a new nixosSystem with the correct specialArgs, pkgs and name definition
mkHost = name: system: let mkHost = name: system: let
pkgs = self.pkgs.${system}; pkgs = self.pkgs.${system};
@ -49,22 +47,6 @@ inputs: let
# Process each nixosHosts declaration and generatea nixosSystem definitions # Process each nixosHosts declaration and generatea nixosSystem definitions
nixosConfigurations = flip mapAttrs nixosHosts (name: hostCfg: mkHost name hostCfg.system); nixosConfigurations = flip mapAttrs nixosHosts (name: hostCfg: mkHost name hostCfg.system);
# We now wrap nixosConfigurations so that colmena understands it
colmena =
{
meta = {
# Just a required dummy for colmena, overwritten on a per-node basis by nodeNixpkgs below.
nixpkgs = self.pkgs.x86_64-linux;
nodeNixpkgs = mapNixosConfigs (v:
import inputs.nixpkgs {
inherit (v._module.args.pkgs.stdenv.hostPlatform) system;
inherit (v._module.args.pkgs) config;
});
nodeSpecialArgs = mapNixosConfigs (v: v._module.specialArgs);
};
}
// mapNixosConfigs (v: {imports = v._module.args.modules;});
# True NixOS nodes can define additional microvms (guest nodes) that are built # True NixOS nodes can define additional microvms (guest nodes) that are built
# together with the true host. We collect all defined microvm nodes # together with the true host. We collect all defined microvm nodes
# from each node here to allow accessing any node via the unified attribute `nodes`. # from each node here to allow accessing any node via the unified attribute `nodes`.
@ -74,7 +56,6 @@ inputs: let
(node.config.meta.microvms.vms or {})); (node.config.meta.microvms.vms or {}));
in { in {
inherit inherit
colmena
hosts hosts
microvmConfigurations microvmConfigurations
nixosConfigurations nixosConfigurations

View file

@ -2,5 +2,6 @@
(_self: super: { (_self: super: {
zsh-histdb-skim = super.callPackage ./zsh-histdb-skim.nix {}; zsh-histdb-skim = super.callPackage ./zsh-histdb-skim.nix {};
zsh-histdb = super.callPackage ./zsh-histdb.nix {}; zsh-histdb = super.callPackage ./zsh-histdb.nix {};
deploy = super.callPackage ./deploy.nix {};
}) })
] ]

158
pkgs/deploy.nix Normal file
View file

@ -0,0 +1,158 @@
{
stdenv,
symlinkJoin,
writeShellApplication,
}: let
deploy = writeShellApplication {
name = "deploy";
text = ''
set -euo pipefail
function die { echo "error: $*" >&2; exit 1;}
function show_help() {
echo ' Usage: deploy [OPTIONS] <host,...> [ACTION]'
echo 'ACTION:'
echo ' switch [default] build, push and switch to the new configuration'
echo ' boot switch on next boot'
echo ' test switch to config but do not make it the boot default'
echo ' dry-activate just show what an activation would do'
echo ""
echo 'OPTIONS:'
echo ' --help show this help menu'
}
USER_FLAKE_DIR=$(git rev-parse --show-toplevel 2>/dev/null || pwd) \
|| die "Could not determine current directory"
cd "$USER_FLAKE_DIR"
[[ $# -gt 0 ]] || {
show_help
exit 1
}
OPTIONS=()
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
case "$1" in
"help"|"--help"|"-h")
show_help
exit 1
;;
-*)
OPTIONS+=("$1")
;;
*)
POSITIONAL_ARGS+=("$1")
esac
shift
done
[[ ! ''${#POSITIONAL_ARGS[@]} -lt 1 ]] \
|| die "Missing argument: <hosts,...>"
[[ ! ''${#POSITIONAL_ARGS[@]} -gt 2 ]] \
|| die "Too many arguments"
shopt -s lastpipe
tr , '\n' <<< "''${POSITIONAL_ARGS[0]}" | sort -u | readarray -t HOSTS
ACTION="''${POSITIONAL_ARGS[1]-switch}"
function main() {
local config
config=".#nixosConfigurations.$1.config.system.build.toplevel"
local top_level
top_level=$(nix build --no-link --print-out-paths "''${OPTIONS[@]}" "$config" 2>/dev/null)
echo -e "Copying toplevel for \033[0;32m$1\033[0m"
nix copy --to "ssh://$1" "$top_level" \
|| die "Failed copying closure to $1"
echo -e "Applying toplevel for \033[0;32m$1\033[0m"
(
exec > >(trap "" INT TERM; sed "s/^/$1: /")
exec 2> >(trap "" INT TERM; sed "s/^/$1: /" >&2)
# shellcheck disable=SC2029
ssh "$1" "$top_level/bin/switch-to-configuration" "$ACTION" \
|| die "Error activating toplevel for $1"
)
}
NIXOS_CONFIGS=()
for host in "''${HOSTS[@]}"; do
NIXOS_CONFIGS+=(".#nixosConfigurations.$host.config.system.build.toplevel")
done
echo -e "Building toplevels for \033[0;32m''${#HOSTS[*]} hosts\033[0m"
nix build --no-link "''${OPTIONS[@]}" "''${NIXOS_CONFIGS[@]}" \
|| die "Failed building derivations"
for host in "''${HOSTS[@]}"; do
main "$host" &
done
wait
'';
};
build = writeShellApplication {
name = "build";
text = ''
set -euo pipefail
function die { echo "error: $*" >&2; exit 1;}
function show_help() {
echo ' Usage: build [OPTIONS] <host,...>'
echo 'Build the toplevel nixos configuration for hosts'
}
USER_FLAKE_DIR=$(git rev-parse --show-toplevel 2>/dev/null || pwd) \
|| die "Could not determine current directory"
cd "$USER_FLAKE_DIR"
[[ $# -gt 0 ]] || {
show_help
exit 1
}
OPTIONS=()
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
case "$1" in
"help"|"--help"|"-h")
show_help
exit 1
;;
-*)
OPTIONS+=("$1")
;;
*)
POSITIONAL_ARGS+=("$1")
;;
esac
shift
done
[[ ! ''${#POSITIONAL_ARGS[@]} -lt 1 ]] \
|| die "Missing argument: <hosts,...>"
[[ ! ''${#POSITIONAL_ARGS[@]} -gt 1 ]] \
|| die "Too many arguments"
shopt -s lastpipe
tr , '\n' <<< "''${POSITIONAL_ARGS[0]}" | sort -u | readarray -t HOSTS
NIXOS_CONFIGS=()
for host in "''${HOSTS[@]}"; do
NIXOS_CONFIGS+=(".#nixosConfigurations.$host.config.system.build.toplevel")
done
echo -e "Building toplevels for \033[0;32m''${#HOSTS[*]} hosts\033[0m"
nix build --print-out-paths --no-link "''${OPTIONS[@]}" "''${NIXOS_CONFIGS[@]}" \
|| die "Failed building derivations"
'';
};
in
symlinkJoin {
name = "deploy and build";
paths = [deploy build];
}

View file

@ -34,12 +34,11 @@ let
]; ];
workspaceOutputAssign = let workspaceOutputAssign = let
output = out: workspaces: output = out:
map (x: { map (x: {
workspace = x; workspace = x;
output = out; output = out;
}) });
workspaces;
in in
{ {
"desktopnix" = "desktopnix" =

View file

@ -25,6 +25,5 @@
zf = "zathura --fork"; zf = "zathura --fork";
gdb = "${pkgs.pwndbg}/bin/pwndbg"; gdb = "${pkgs.pwndbg}/bin/pwndbg";
build = "nix build --no-link --print-out-paths";
}; };
} }