nixos-config/lib/deploy.nix

{ self
, system ? "x86_64-linux"
, modules ? [ ]
}:

let
  inherit (self.inputs) nixpkgs;
  inherit (self) nixosConfigurations;

  helpers = system:
    let
      inherit (nixpkgs.lib) concatMapStrings;
      inherit (nixpkgs.legacyPackages.${system}) pkgs;

      sshKnownHostsTxt = pkgs.writeText "known_hosts" (concatMapStrings
        (hostName:
          let m = nixosConfigurations.${hostName}.config.sconfig;
          in concatMapStrings (key: "${m.deployment.targetHost} ${key}\n") m.sshPublicKeys
        )
        (builtins.attrNames nixosConfigurations)
      );

      hostSshConfigs = concatMapStrings
        (hostName: ''
          Host ${hostName}
          HostName ${nixosConfigurations.${hostName}.config.sconfig.deployment.targetHost}
        '')
        (builtins.attrNames nixosConfigurations);

      sshConfig = pkgs.writeText "ssh_config" ''
        StrictHostKeyChecking yes
        GlobalKnownHostsFile ${sshKnownHostsTxt}
        ${hostSshConfigs}
        Host *
        User root
      '';

      jump = pkgs.writeShellScript "jump" ''
        set -eu
        echo ${self}
        ip="$(nix eval --raw ".#nixosConfigurations.\"$1\".config.sconfig.deployment.targetHost")"
        NIX_SSHOPTS="-F${sshConfig}" nix copy --to ssh://root@$ip ${self}
        exec ssh -oForwardAgent=yes -F"${sshConfig}" "root@$ip" -t "cd ${self}; nix develop"
      '';

      livecd-deploy = pkgs.writeShellScript "livecd-deploy" ''
        set -eux
        config=".#nixosConfigurations.\"$1\".config"
        ip="$(nix eval --raw "$config.sconfig.deployment.targetHost")"
        ssh-copy-id root@$ip
        sys="$(nix eval --raw "$config.system.build.toplevel")"
        nix build "$config.system.build.toplevel" --out-link "$(mktemp -d)/result"
        nix copy --to ssh://root@$ip?remote-store=local?root=/mnt "$sys"
        ssh root@$ip nix-env --store /mnt -p /mnt/nix/var/nix/profiles/system --set "$sys"
        ssh root@$ip mkdir /mnt/etc
        ssh root@$ip touch /mnt/etc/NIXOS
        ssh root@$ip ln -sfn /proc/mounts /mnt/etc/mtab
        ssh root@$ip NIXOS_INSTALL_BOOTLOADER=1 nixos-enter \
            --root /mnt -- /run/current-system/bin/switch-to-configuration boot
      '';

      check-updates = pkgs.writeShellScript "check-updates" ''
        set -eu
        export SSH_CONFIG_FILE=${sshConfig}
        c="${pkgs.colmena}/bin/colmena"
        j="$($c eval -E '{nodes,...}: builtins.mapAttrs (n: v: v.config.system.build.toplevel) nodes')"
        $c exec -- '[ "$(echo '"'$j'"' | jq -r .$(hostname))" = "$(readlink /run/current-system)" ]'
      '';

      check-reboots = pkgs.writeShellScript "check-reboots" ''
        set -eu
        export SSH_CONFIG_FILE=${sshConfig}
        c="${pkgs.colmena}/bin/colmena"
        $c exec -- '[ "$(readlink /run/booted-system/kernel)" = "$(readlink /run/current-system/kernel)" ]'
      '';

    in
    { inherit check-updates check-reboots jump livecd-deploy pkgs sshConfig; };

in
{
  devShell = system: with helpers system;
    pkgs.mkShell {
      buildInputs = [ pkgs.colmena ];
      shellHook = ''
        export SSH_CONFIG_FILE=${sshConfig}
        alias ssh='ssh -F${sshConfig}'
        alias jump=${jump}
        alias check-updates=${check-updates}
        alias check-reboots=${check-reboots}
        alias livecd-deploy=${livecd-deploy}
        alias c=colmena
      '';
    };


  colmena =
    { meta.nixpkgs = nixpkgs.legacyPackages.${system}; } //
    builtins.mapAttrs
      (name: value: {
        nixpkgs.system = value.config.nixpkgs.system; # needed for multi-arch deployments
        imports = value.extraArgs.modules ++ [
          ({ config, ... }: { inherit (config.sconfig) deployment; })
        ];
      })
      (nixosConfigurations);
}
add jump script 2021-12-15 06:25:58 +00:00			`{ self`
morph -> colmena 2021-12-27 18:21:16 +00:00			`, system ? "x86_64-linux"`
			`, modules ? [ ]`
add morph library 2021-09-10 03:46:13 +00:00			`}:`

simplify morph library 2021-12-06 23:42:54 +00:00			`let`
add jump script 2021-12-15 06:25:58 +00:00			`inherit (self.inputs) nixpkgs;`
			`inherit (self) nixosConfigurations;`

simplify morph library 2021-12-06 23:42:54 +00:00			`helpers = system:`
			`let`
			`inherit (nixpkgs.lib) concatMapStrings;`
morph -> colmena 2021-12-27 18:21:16 +00:00			`inherit (nixpkgs.legacyPackages.${system}) pkgs;`
simplify morph library 2021-12-06 23:42:54 +00:00
			`sshKnownHostsTxt = pkgs.writeText "known_hosts" (concatMapStrings`
			`(hostName:`
morph -> colmena 2021-12-27 18:21:16 +00:00			`let m = nixosConfigurations.${hostName}.config.sconfig;`
simplify morph library 2021-12-06 23:42:54 +00:00			`in concatMapStrings (key: "${m.deployment.targetHost} ${key}\n") m.sshPublicKeys`
			`)`
			`(builtins.attrNames nixosConfigurations)`
			`);`

morph: update SSH configs 2021-12-21 05:39:24 +00:00			`hostSshConfigs = concatMapStrings`
			`(hostName: ''`
			`Host ${hostName}`
morph -> colmena 2021-12-27 18:21:16 +00:00			`HostName ${nixosConfigurations.${hostName}.config.sconfig.deployment.targetHost}`
morph: update SSH configs 2021-12-21 05:39:24 +00:00			`'')`
			`(builtins.attrNames nixosConfigurations);`

simplify morph library 2021-12-06 23:42:54 +00:00			`sshConfig = pkgs.writeText "ssh_config" ''`
			`StrictHostKeyChecking yes`
			`GlobalKnownHostsFile ${sshKnownHostsTxt}`
morph: update SSH configs 2021-12-21 05:39:24 +00:00			`${hostSshConfigs}`
fix SSH user 2021-12-21 15:06:06 +00:00			`Host *`
			`User root`
simplify morph library 2021-12-06 23:42:54 +00:00			`'';`

morph: move jump command 2021-12-21 06:41:01 +00:00			`jump = pkgs.writeShellScript "jump" ''`
			`set -eu`
			`echo ${self}`
morph -> colmena 2021-12-27 18:21:16 +00:00			`ip="$(nix eval --raw ".#nixosConfigurations.\"$1\".config.sconfig.deployment.targetHost")"`
morph: move jump command 2021-12-21 06:41:01 +00:00			`NIX_SSHOPTS="-F${sshConfig}" nix copy --to ssh://root@$ip ${self}`
			`exec ssh -oForwardAgent=yes -F"${sshConfig}" "root@$ip" -t "cd ${self}; nix develop"`
			`'';`

move livecd-deploy script 2021-12-21 14:58:43 +00:00			`livecd-deploy = pkgs.writeShellScript "livecd-deploy" ''`
			`set -eux`
			`config=".#nixosConfigurations.\"$1\".config"`
morph -> colmena 2021-12-27 18:21:16 +00:00			`ip="$(nix eval --raw "$config.sconfig.deployment.targetHost")"`
move livecd-deploy script 2021-12-21 14:58:43 +00:00			`ssh-copy-id root@$ip`
			`sys="$(nix eval --raw "$config.system.build.toplevel")"`
			`nix build "$config.system.build.toplevel" --out-link "$(mktemp -d)/result"`
			`nix copy --to ssh://root@$ip?remote-store=local?root=/mnt "$sys"`
			`ssh root@$ip nix-env --store /mnt -p /mnt/nix/var/nix/profiles/system --set "$sys"`
			`ssh root@$ip mkdir /mnt/etc`
			`ssh root@$ip touch /mnt/etc/NIXOS`
			`ssh root@$ip ln -sfn /proc/mounts /mnt/etc/mtab`
			`ssh root@$ip NIXOS_INSTALL_BOOTLOADER=1 nixos-enter \`
			`--root /mnt -- /run/current-system/bin/switch-to-configuration boot`
			`'';`

morph -> colmena 2021-12-27 18:21:16 +00:00			`check-updates = pkgs.writeShellScript "check-updates" ''`
			`set -eu`
			`export SSH_CONFIG_FILE=${sshConfig}`
			`c="${pkgs.colmena}/bin/colmena"`
deploy: make check-updates nicer 2022-01-02 22:34:13 +00:00			`j="$($c eval -E '{nodes,...}: builtins.mapAttrs (n: v: v.config.system.build.toplevel) nodes')"`
			`$c exec -- '[ "$(echo '"'$j'"' \| jq -r .$(hostname))" = "$(readlink /run/current-system)" ]'`
morph -> colmena 2021-12-27 18:21:16 +00:00			`'';`

move check-reboot script to deploy lib 2022-01-02 22:40:07 +00:00			`check-reboots = pkgs.writeShellScript "check-reboots" ''`
			`set -eu`
			`export SSH_CONFIG_FILE=${sshConfig}`
			`c="${pkgs.colmena}/bin/colmena"`
			`$c exec -- '[ "$(readlink /run/booted-system/kernel)" = "$(readlink /run/current-system/kernel)" ]'`
			`'';`

simplify morph library 2021-12-06 23:42:54 +00:00			`in`
move check-reboot script to deploy lib 2022-01-02 22:40:07 +00:00			`{ inherit check-updates check-reboots jump livecd-deploy pkgs sshConfig; };`
simplify morph library 2021-12-06 23:42:54 +00:00
			`in`
add morph library 2021-09-10 03:46:13 +00:00			`{`
simplify morph library 2021-12-06 23:42:54 +00:00			`devShell = system: with helpers system;`
			`pkgs.mkShell {`
morph -> colmena 2021-12-27 18:21:16 +00:00			`buildInputs = [ pkgs.colmena ];`
simplify morph library 2021-12-06 23:42:54 +00:00			`shellHook = ''`
			`export SSH_CONFIG_FILE=${sshConfig}`
morph: update SSH configs 2021-12-21 05:39:24 +00:00			`alias ssh='ssh -F${sshConfig}'`
morph: move jump command 2021-12-21 06:41:01 +00:00			`alias jump=${jump}`
morph: move check-updates command 2021-12-21 06:47:07 +00:00			`alias check-updates=${check-updates}`
move check-reboot script to deploy lib 2022-01-02 22:40:07 +00:00			`alias check-reboots=${check-reboots}`
move livecd-deploy script 2021-12-21 14:58:43 +00:00			`alias livecd-deploy=${livecd-deploy}`
morph -> colmena 2021-12-27 18:21:16 +00:00			`alias c=colmena`
simplify morph library 2021-12-06 23:42:54 +00:00			`'';`
			`};`


morph -> colmena 2021-12-27 18:21:16 +00:00			`colmena =`
			`{ meta.nixpkgs = nixpkgs.legacyPackages.${system}; } //`
			`builtins.mapAttrs`
			`(name: value: {`
enable rpi4 hardware 2022-01-02 21:37:05 +00:00			`nixpkgs.system = value.config.nixpkgs.system; # needed for multi-arch deployments`
morph -> colmena 2021-12-27 18:21:16 +00:00			`imports = value.extraArgs.modules ++ [`
			`({ config, ... }: { inherit (config.sconfig) deployment; })`
add morph library 2021-09-10 03:46:13 +00:00			`];`
morph -> colmena 2021-12-27 18:21:16 +00:00			`})`
			`(nixosConfigurations);`
add morph library 2021-09-10 03:46:13 +00:00			`}`