feat: remove colmena
This commit is contained in:
parent
9efaa63cca
commit
c07f768854
14
README.md
14
README.md
|
@ -18,11 +18,9 @@
|
|||
- `hardware/` configuration for hardware components
|
||||
- `impermanence/` impermanence modules for hosts
|
||||
- `nix/` additional nix functions
|
||||
- `checks.nix` pre-commit checks
|
||||
- `colmena.nix` Setup for using colmena to deploy
|
||||
- `devshell.nix` Development shell
|
||||
- `extra-builtins.nix` Extra builtin plugin file to enable repository secrets
|
||||
- `generate-node.nix` logic to generate nodes for colmena
|
||||
- TODO
|
||||
- `lib.nix` additional library functions
|
||||
- `secrets/` global secrets
|
||||
- `<name>.key.pub` public key handles to decrypt secrets using yubikey
|
||||
|
@ -56,9 +54,8 @@
|
|||
- `rekey-save-output` only internal use
|
||||
- `checks` linting and other checks for this repository
|
||||
- `pre-commit-check` automatic checks executed as pre-commit hooks
|
||||
- `colmena` outputs used by colmena
|
||||
- `colmenaNodes` per node configuration
|
||||
- `nodes` alias to `colmenaNodes`
|
||||
- `nixosNodes` top level configs for hosts
|
||||
- `nodes` alias to `nixosNodes`
|
||||
- `devshell` development shell using devshell
|
||||
- `formatter` nix code formatter
|
||||
- `hosts` host meta declaration
|
||||
|
@ -86,14 +83,11 @@
|
|||
- you can get the path using `nix path-info .#packages.<target-system>.installer-package.<target>`
|
||||
4. Export all zpools and reboot into system
|
||||
6. Retrieve hostkeys using `ssh-keyscan <host> | grep -o 'ssh-ed25519.*' > host/<target>/secrets/host.pub
|
||||
5. Deploy system using colmena
|
||||
5. Deploy system
|
||||
|
||||
|
||||
## Deploy
|
||||
|
||||
```bash
|
||||
colmena apply --on <hostname>
|
||||
```
|
||||
If deploying from a host not containing the necessary nix configuration option append
|
||||
```bash
|
||||
--nix-option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --nix-option extra-builtins-file ./nix/extra-builtins`
|
||||
|
|
72
flake.lock
72
flake.lock
|
@ -67,31 +67,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"colmena": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"stable": "stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688224393,
|
||||
"narHash": "sha256-rsAvFNhRFzTF7qyb6WprLFghJnRxMFjvD2e5/dqMp4I=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "colmena",
|
||||
"rev": "19384f3ee2058c56021e4465a3ec57e84a47d8dd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"repo": "colmena",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"flake-compat": [
|
||||
|
@ -229,22 +204,6 @@
|
|||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1650374568,
|
||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
|
@ -260,7 +219,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_4": {
|
||||
"flake-compat_3": {
|
||||
"locked": {
|
||||
"lastModified": 1688025799,
|
||||
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
|
||||
|
@ -275,7 +234,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_5": {
|
||||
"flake-compat_4": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
|
@ -291,7 +250,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_6": {
|
||||
"flake-compat_5": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
|
@ -564,7 +523,7 @@
|
|||
"lanzaboote": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-parts": "flake-parts",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
|
@ -779,7 +738,7 @@
|
|||
},
|
||||
"nixpkgs-wayland": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_4",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"lib-aggregate": "lib-aggregate",
|
||||
"nix-eval-jobs": "nix-eval-jobs",
|
||||
"nixpkgs": [
|
||||
|
@ -928,7 +887,7 @@
|
|||
},
|
||||
"pre-commit-hooks_2": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_5",
|
||||
"flake-compat": "flake-compat_4",
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
|
@ -956,7 +915,6 @@
|
|||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"agenix-rekey": "agenix-rekey",
|
||||
"colmena": "colmena",
|
||||
"devshell": "devshell_2",
|
||||
"disko": "disko",
|
||||
"flake-utils": "flake-utils",
|
||||
|
@ -1000,26 +958,10 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"stable": {
|
||||
"locked": {
|
||||
"lastModified": 1669735802,
|
||||
"narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "731cc710aeebecbf45a258e977e8b68350549522",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-22.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"stylix": {
|
||||
"inputs": {
|
||||
"base16": "base16",
|
||||
"flake-compat": "flake-compat_6",
|
||||
"flake-compat": "flake-compat_5",
|
||||
"home-manager": "home-manager_2",
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
|
|
14
flake.nix
14
flake.nix
|
@ -53,12 +53,6 @@
|
|||
|
||||
templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";
|
||||
|
||||
colmena = {
|
||||
url = "github:zhaofengli/colmena";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
|
@ -88,10 +82,11 @@
|
|||
self,
|
||||
nixpkgs,
|
||||
flake-utils,
|
||||
colmena,
|
||||
agenix-rekey,
|
||||
nixos-generators,
|
||||
pre-commit-hooks,
|
||||
devshell,
|
||||
nixpkgs-wayland,
|
||||
...
|
||||
} @ inputs: let
|
||||
inherit (nixpkgs) lib;
|
||||
|
@ -111,7 +106,6 @@
|
|||
inherit stateVersion;
|
||||
inherit
|
||||
(import ./nix/hosts.nix inputs)
|
||||
colmena
|
||||
hosts
|
||||
microvmConfigurations
|
||||
nixosConfigurations
|
||||
|
@ -133,7 +127,9 @@
|
|||
import ./lib inputs
|
||||
++ import ./pkgs
|
||||
++ [
|
||||
inputs.nixpkgs-wayland.overlay
|
||||
nixpkgs-wayland.overlay
|
||||
devshell.overlays.default
|
||||
agenix-rekey.overlays.default
|
||||
];
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
|
|
|
@ -6,10 +6,10 @@
|
|||
}: {
|
||||
environment.systemPackages = [
|
||||
# For debugging and troubleshooting Secure Boot.
|
||||
pkgs.sbctl.override
|
||||
(pkgs.sbctl.override
|
||||
{
|
||||
databasePath = "/run/secureboot";
|
||||
}
|
||||
})
|
||||
];
|
||||
age.secrets.secureboot.rekeyFile = ../../hosts/${config.node.name}/secrets/secureboot.tar.age;
|
||||
system.activationScripts.securebootuntar = {
|
||||
|
@ -29,7 +29,8 @@
|
|||
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
enrollKeys = true;
|
||||
# Not usable anyway
|
||||
#enrollKeys = true;
|
||||
pkiBundle = "/run/secureboot";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,18 +1,11 @@
|
|||
{
|
||||
self,
|
||||
nixpkgs,
|
||||
colmena,
|
||||
devshell,
|
||||
agenix-rekey,
|
||||
...
|
||||
}: system: let
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
overlays = [
|
||||
devshell.overlays.default
|
||||
agenix-rekey.overlays.default
|
||||
];
|
||||
};
|
||||
pkgs = self.pkgs.${system};
|
||||
in
|
||||
pkgs.devshell.mkShell {
|
||||
name = "nix-config";
|
||||
|
@ -31,31 +24,29 @@ in
|
|||
rage
|
||||
nix
|
||||
];
|
||||
commands = with pkgs; [
|
||||
commands = [
|
||||
{
|
||||
package =
|
||||
colmena.packages.${system}.colmena;
|
||||
help = "Apply nix configurations";
|
||||
package = pkgs.deploy;
|
||||
help = "build and deploy nix configurations";
|
||||
}
|
||||
{
|
||||
package = pkgs.agenix-rekey;
|
||||
help = "Edit and rekey repository secrets";
|
||||
}
|
||||
{
|
||||
package =
|
||||
alejandra;
|
||||
package = pkgs.alejandra;
|
||||
help = "Format nix code";
|
||||
}
|
||||
{
|
||||
package = statix;
|
||||
package = pkgs.statix;
|
||||
help = "Linter for nix";
|
||||
}
|
||||
{
|
||||
package = deadnix;
|
||||
package = pkgs.deadnix;
|
||||
help = "Remove dead nix code";
|
||||
}
|
||||
{
|
||||
package = update-nix-fetchgit;
|
||||
package = pkgs.update-nix-fetchgit;
|
||||
help = "Update fetcher inside nix files";
|
||||
}
|
||||
];
|
||||
|
|
|
@ -11,8 +11,6 @@ inputs: let
|
|||
nixosSystem
|
||||
;
|
||||
|
||||
mapNixosConfigs = f: mapAttrs (_: f) self.nixosConfigurations;
|
||||
|
||||
# Creates a new nixosSystem with the correct specialArgs, pkgs and name definition
|
||||
mkHost = name: system: let
|
||||
pkgs = self.pkgs.${system};
|
||||
|
@ -49,22 +47,6 @@ inputs: let
|
|||
# Process each nixosHosts declaration and generatea nixosSystem definitions
|
||||
nixosConfigurations = flip mapAttrs nixosHosts (name: hostCfg: mkHost name hostCfg.system);
|
||||
|
||||
# We now wrap nixosConfigurations so that colmena understands it
|
||||
colmena =
|
||||
{
|
||||
meta = {
|
||||
# Just a required dummy for colmena, overwritten on a per-node basis by nodeNixpkgs below.
|
||||
nixpkgs = self.pkgs.x86_64-linux;
|
||||
nodeNixpkgs = mapNixosConfigs (v:
|
||||
import inputs.nixpkgs {
|
||||
inherit (v._module.args.pkgs.stdenv.hostPlatform) system;
|
||||
inherit (v._module.args.pkgs) config;
|
||||
});
|
||||
nodeSpecialArgs = mapNixosConfigs (v: v._module.specialArgs);
|
||||
};
|
||||
}
|
||||
// mapNixosConfigs (v: {imports = v._module.args.modules;});
|
||||
|
||||
# True NixOS nodes can define additional microvms (guest nodes) that are built
|
||||
# together with the true host. We collect all defined microvm nodes
|
||||
# from each node here to allow accessing any node via the unified attribute `nodes`.
|
||||
|
@ -74,7 +56,6 @@ inputs: let
|
|||
(node.config.meta.microvms.vms or {}));
|
||||
in {
|
||||
inherit
|
||||
colmena
|
||||
hosts
|
||||
microvmConfigurations
|
||||
nixosConfigurations
|
||||
|
|
|
@ -2,5 +2,6 @@
|
|||
(_self: super: {
|
||||
zsh-histdb-skim = super.callPackage ./zsh-histdb-skim.nix {};
|
||||
zsh-histdb = super.callPackage ./zsh-histdb.nix {};
|
||||
deploy = super.callPackage ./deploy.nix {};
|
||||
})
|
||||
]
|
||||
|
|
158
pkgs/deploy.nix
Normal file
158
pkgs/deploy.nix
Normal file
|
@ -0,0 +1,158 @@
|
|||
{
|
||||
stdenv,
|
||||
symlinkJoin,
|
||||
writeShellApplication,
|
||||
}: let
|
||||
deploy = writeShellApplication {
|
||||
name = "deploy";
|
||||
text = ''
|
||||
set -euo pipefail
|
||||
|
||||
function die { echo "error: $*" >&2; exit 1;}
|
||||
function show_help() {
|
||||
echo ' Usage: deploy [OPTIONS] <host,...> [ACTION]'
|
||||
echo 'ACTION:'
|
||||
echo ' switch [default] build, push and switch to the new configuration'
|
||||
echo ' boot switch on next boot'
|
||||
echo ' test switch to config but do not make it the boot default'
|
||||
echo ' dry-activate just show what an activation would do'
|
||||
echo ""
|
||||
echo 'OPTIONS:'
|
||||
echo ' --help show this help menu'
|
||||
}
|
||||
|
||||
USER_FLAKE_DIR=$(git rev-parse --show-toplevel 2>/dev/null || pwd) \
|
||||
|| die "Could not determine current directory"
|
||||
|
||||
cd "$USER_FLAKE_DIR"
|
||||
|
||||
[[ $# -gt 0 ]] || {
|
||||
show_help
|
||||
exit 1
|
||||
}
|
||||
|
||||
OPTIONS=()
|
||||
POSITIONAL_ARGS=()
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
"help"|"--help"|"-h")
|
||||
show_help
|
||||
exit 1
|
||||
;;
|
||||
-*)
|
||||
OPTIONS+=("$1")
|
||||
;;
|
||||
*)
|
||||
POSITIONAL_ARGS+=("$1")
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
[[ ! ''${#POSITIONAL_ARGS[@]} -lt 1 ]] \
|
||||
|| die "Missing argument: <hosts,...>"
|
||||
[[ ! ''${#POSITIONAL_ARGS[@]} -gt 2 ]] \
|
||||
|| die "Too many arguments"
|
||||
|
||||
shopt -s lastpipe
|
||||
tr , '\n' <<< "''${POSITIONAL_ARGS[0]}" | sort -u | readarray -t HOSTS
|
||||
|
||||
ACTION="''${POSITIONAL_ARGS[1]-switch}"
|
||||
|
||||
function main() {
|
||||
local config
|
||||
config=".#nixosConfigurations.$1.config.system.build.toplevel"
|
||||
local top_level
|
||||
top_level=$(nix build --no-link --print-out-paths "''${OPTIONS[@]}" "$config" 2>/dev/null)
|
||||
|
||||
echo -e "Copying toplevel for \033[0;32m$1\033[0m"
|
||||
nix copy --to "ssh://$1" "$top_level" \
|
||||
|| die "Failed copying closure to $1"
|
||||
|
||||
echo -e "Applying toplevel for \033[0;32m$1\033[0m"
|
||||
(
|
||||
exec > >(trap "" INT TERM; sed "s/^/[0;32m$1:[0m /")
|
||||
exec 2> >(trap "" INT TERM; sed "s/^/[0;32m$1:[0m /" >&2)
|
||||
# shellcheck disable=SC2029
|
||||
ssh "$1" "$top_level/bin/switch-to-configuration" "$ACTION" \
|
||||
|| die "Error activating toplevel for $1"
|
||||
)
|
||||
}
|
||||
|
||||
NIXOS_CONFIGS=()
|
||||
for host in "''${HOSTS[@]}"; do
|
||||
NIXOS_CONFIGS+=(".#nixosConfigurations.$host.config.system.build.toplevel")
|
||||
done
|
||||
echo -e "Building toplevels for \033[0;32m''${#HOSTS[*]} hosts\033[0m"
|
||||
nix build --no-link "''${OPTIONS[@]}" "''${NIXOS_CONFIGS[@]}" \
|
||||
|| die "Failed building derivations"
|
||||
|
||||
for host in "''${HOSTS[@]}"; do
|
||||
main "$host" &
|
||||
done
|
||||
wait
|
||||
'';
|
||||
};
|
||||
build = writeShellApplication {
|
||||
name = "build";
|
||||
text = ''
|
||||
set -euo pipefail
|
||||
|
||||
function die { echo "error: $*" >&2; exit 1;}
|
||||
function show_help() {
|
||||
echo ' Usage: build [OPTIONS] <host,...>'
|
||||
echo 'Build the toplevel nixos configuration for hosts'
|
||||
}
|
||||
|
||||
USER_FLAKE_DIR=$(git rev-parse --show-toplevel 2>/dev/null || pwd) \
|
||||
|| die "Could not determine current directory"
|
||||
|
||||
cd "$USER_FLAKE_DIR"
|
||||
|
||||
[[ $# -gt 0 ]] || {
|
||||
show_help
|
||||
exit 1
|
||||
}
|
||||
|
||||
OPTIONS=()
|
||||
POSITIONAL_ARGS=()
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
"help"|"--help"|"-h")
|
||||
show_help
|
||||
exit 1
|
||||
;;
|
||||
-*)
|
||||
OPTIONS+=("$1")
|
||||
;;
|
||||
*)
|
||||
POSITIONAL_ARGS+=("$1")
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
[[ ! ''${#POSITIONAL_ARGS[@]} -lt 1 ]] \
|
||||
|| die "Missing argument: <hosts,...>"
|
||||
[[ ! ''${#POSITIONAL_ARGS[@]} -gt 1 ]] \
|
||||
|| die "Too many arguments"
|
||||
|
||||
shopt -s lastpipe
|
||||
tr , '\n' <<< "''${POSITIONAL_ARGS[0]}" | sort -u | readarray -t HOSTS
|
||||
|
||||
NIXOS_CONFIGS=()
|
||||
for host in "''${HOSTS[@]}"; do
|
||||
NIXOS_CONFIGS+=(".#nixosConfigurations.$host.config.system.build.toplevel")
|
||||
done
|
||||
|
||||
|
||||
echo -e "Building toplevels for \033[0;32m''${#HOSTS[*]} hosts\033[0m"
|
||||
nix build --print-out-paths --no-link "''${OPTIONS[@]}" "''${NIXOS_CONFIGS[@]}" \
|
||||
|| die "Failed building derivations"
|
||||
|
||||
'';
|
||||
};
|
||||
in
|
||||
symlinkJoin {
|
||||
name = "deploy and build";
|
||||
paths = [deploy build];
|
||||
}
|
|
@ -34,12 +34,11 @@ let
|
|||
];
|
||||
|
||||
workspaceOutputAssign = let
|
||||
output = out: workspaces:
|
||||
output = out:
|
||||
map (x: {
|
||||
workspace = x;
|
||||
output = out;
|
||||
})
|
||||
workspaces;
|
||||
});
|
||||
in
|
||||
{
|
||||
"desktopnix" =
|
||||
|
|
|
@ -25,6 +25,5 @@
|
|||
|
||||
zf = "zathura --fork";
|
||||
gdb = "${pkgs.pwndbg}/bin/pwndbg";
|
||||
build = "nix build --no-link --print-out-paths";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue