diff --git a/flake.nix b/flake.nix index fabf8c5..c01eb82 100644 --- a/flake.nix +++ b/flake.nix @@ -5,12 +5,12 @@ let mypkgs = import ./pkgs; - morphHosts = import lib/morph.nix; - hardware = import lib/hardware.nix; + deploy = import lib/deploy.nix; + hardware = import lib/hardware.nix "${nixpkgs}/nixos/modules"; forAllSystems = f: builtins.listToAttrs (map (name: { inherit name; value = f name; }) - (with nixpkgs.lib.systems.supported; tier1 ++ tier2)); + [ "x86_64-linux" "aarch64-linux" ]); pins = { nix.registry.nixpkgs.flake = nixpkgs; @@ -23,7 +23,7 @@ in { - lib = { inherit forAllSystems morphHosts hardware; }; + lib = { inherit forAllSystems hardware deploy; }; nixosModules = { inherit pins; } // diff --git a/lib/morph.nix b/lib/deploy.nix similarity index 64% rename from lib/morph.nix rename to lib/deploy.nix index 0a1d397..72ae979 100644 --- a/lib/morph.nix +++ b/lib/deploy.nix @@ -1,22 +1,20 @@ { self -, extraMorphModules ? [ ] +, system ? "x86_64-linux" +, modules ? [ ] }: -# to use this library, add the following to "morph.nix" in your repo: -# (builtins.getFlake (toString ./.)).morph-entrypoint builtins.currentSystem - let inherit (self.inputs) nixpkgs; inherit (self) nixosConfigurations; helpers = system: let - pkgs = nixpkgs.legacyPackages.${system}; inherit (nixpkgs.lib) concatMapStrings; + inherit (nixpkgs.legacyPackages.${system}) pkgs; sshKnownHostsTxt = pkgs.writeText "known_hosts" (concatMapStrings (hostName: - let m = nixosConfigurations.${hostName}.config.sconfig.morph; + let m = nixosConfigurations.${hostName}.config.sconfig; in concatMapStrings (key: "${m.deployment.targetHost} ${key}\n") m.sshPublicKeys ) (builtins.attrNames nixosConfigurations) @@ -25,7 +23,7 @@ let hostSshConfigs = concatMapStrings (hostName: '' Host ${hostName} - HostName ${nixosConfigurations.${hostName}.config.sconfig.morph.deployment.targetHost} + HostName ${nixosConfigurations.${hostName}.config.sconfig.deployment.targetHost} '') (builtins.attrNames nixosConfigurations); @@ -40,24 +38,15 @@ let jump = pkgs.writeShellScript "jump" '' set -eu echo ${self} - ip="$(nix eval --raw ".#nixosConfigurations.\"$1\".config.sconfig.morph.deployment.targetHost")" + ip="$(nix eval --raw ".#nixosConfigurations.\"$1\".config.sconfig.deployment.targetHost")" NIX_SSHOPTS="-F${sshConfig}" nix copy --to ssh://root@$ip ${self} exec ssh -oForwardAgent=yes -F"${sshConfig}" "root@$ip" -t "cd ${self}; nix develop" ''; - check-updates = pkgs.writeShellScript "check-updates" '' - set -eu - export SSH_CONFIG_FILE=${sshConfig} - res="$(morph build morph.nix)" - diff \ - <(find $res -type l | xargs readlink | sort) \ - <(morph exec morph.nix 'readlink /run/current-system' |& grep '^/nix/store/' | sort) - ''; - livecd-deploy = pkgs.writeShellScript "livecd-deploy" '' set -eux config=".#nixosConfigurations.\"$1\".config" - ip="$(nix eval --raw "$config.sconfig.morph.deployment.targetHost")" + ip="$(nix eval --raw "$config.sconfig.deployment.targetHost")" ssh-copy-id root@$ip sys="$(nix eval --raw "$config.system.build.toplevel")" nix build "$config.system.build.toplevel" --out-link "$(mktemp -d)/result" @@ -70,6 +59,19 @@ let --root /mnt -- /run/current-system/bin/switch-to-configuration boot ''; + check-updates = pkgs.writeShellScript "check-updates" '' + set -eu + export SSH_CONFIG_FILE=${sshConfig} + c="${pkgs.colmena}/bin/colmena" + diff <( + $c exec -v -- readlink /run/current-system |& grep /nix/store | sed 's/.*| //g' | sort + ) <( + $c eval -E ' + { nodes, ... }: map (x: x.config.system.build.toplevel) (builtins.attrValues nodes) + ' | jq .[] -r | sort + ) + ''; + in { inherit check-updates jump livecd-deploy pkgs sshConfig; }; @@ -77,39 +79,25 @@ in { devShell = system: with helpers system; pkgs.mkShell { - buildInputs = [ pkgs.morph ]; + buildInputs = [ pkgs.colmena ]; shellHook = '' export SSH_CONFIG_FILE=${sshConfig} alias ssh='ssh -F${sshConfig}' alias jump=${jump} alias check-updates=${check-updates} alias livecd-deploy=${livecd-deploy} + alias c=colmena ''; }; - morph-entrypoint = system: - let - globalHealthChecks.cmd = [ - { - cmd = [ "nixos-check-reboot" ]; - description = "Check for pending reboot"; - } - { - cmd = [ "systemctl is-system-running" ]; - description = "Check services are running"; - } - ]; - - getConfig = name: value: { ... }: { - imports = extraMorphModules ++ nixosConfigurations.${name}.extraArgs.modules; - config = nixpkgs.lib.mkMerge [ - { inherit (value.config.sconfig.morph) deployment; } - { deployment.healthChecks = globalHealthChecks; } + colmena = + { meta.nixpkgs = nixpkgs.legacyPackages.${system}; } // + builtins.mapAttrs + (name: value: { + imports = value.extraArgs.modules ++ [ + ({ config, ... }: { inherit (config.sconfig) deployment; }) ]; - }; - - in - { network.pkgs = nixpkgs.legacyPackages.${system}; } // - builtins.mapAttrs getConfig nixosConfigurations; + }) + (nixosConfigurations); } diff --git a/lib/hardware.nix b/lib/hardware.nix index 0c4ca09..0d88fbf 100644 --- a/lib/hardware.nix +++ b/lib/hardware.nix @@ -1,18 +1,18 @@ -{ - physical = { lib, modulesPath, ... }: lib.mkMerge +modulesPath: { + physical = { lib, ... }: lib.mkMerge [ (import "${modulesPath}/installer/scan/not-detected.nix" { inherit lib; }) { hardware.cpu.amd.updateMicrocode = true; } { hardware.cpu.intel.updateMicrocode = true; } ]; - qemu = { lib, modulesPath, ... }: lib.mkMerge + qemu = { lib, ... }: lib.mkMerge [ (import "${modulesPath}/profiles/qemu-guest.nix" { }) { services.qemuGuest.enable = true; } ]; - vmware = { lib, modulesPath, ... }: lib.mkMerge + vmware = { lib, ... }: lib.mkMerge [ { virtualisation.vmware.guest.enable = true; } { boot.initrd.availableKernelModules = [ "mptspi" ]; } diff --git a/modules/deploy.nix b/modules/deploy.nix new file mode 100644 index 0000000..fdf729b --- /dev/null +++ b/modules/deploy.nix @@ -0,0 +1,17 @@ +{ lib, ... }: +with lib.types; +{ + options.sconfig = { + + sshPublicKeys = lib.mkOption { + type = listOf str; + default = [ ]; + }; + + deployment = lib.mkOption { + type = attrs; + default = { }; + }; + + }; +}