dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Modularise deploy-rs and add home-manager configs

Browse Source
This commit is contained in:
Jack O'Sullivan 2022-02-20 20:16:49 +00:00
parent 15b10f22cf
commit c258230d74
8 changed files with 151 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
deploy-rs.nix Normal file
View File

@ -0,0 +1,58 @@
{ lib, config, ... }:
let
inherit (builtins) replaceStrings attrNames mapAttrs;
inherit (lib) nameValuePair mapAttrs' intersectLists filterAttrs mkOption;
cfg = config.deploy-rs;
systems = config.nixos.systems;
# deploy can't handle the `@`
homes = mapAttrs' (n: v: nameValuePair (replaceStrings ["@"] ["-at-"] n) v) config.home-manager.homes;
nodesFor = systemsOrHomes: filterAttrs (_: m: m != null) (mapAttrs (_: c:
if c.configuration.config.my.deploy.enable
# Since we're using the submodule, we need to take the defintions. By importing them, the submodule type checking
# and merging can still work at this level. Also gotta make the module a function or else it'll just be treated as
# configuration only (aka shorthandOnlyDefinesConfig = true)
then { ... }: { imports = c.configuration.options.my.deploy.node.definitions; }
else null
) systemsOrHomes);
in
{
options.deploy-rs = with lib.types; {
inherit (lib.my.deploy-rs) deploy;
rendered = mkOption {
type = attrsOf unspecified;
default = null;
internal = true;
description = "Rendered deploy-rs configuration.";
};
};
config = {
assertions = [
(let
duplicates = intersectLists (attrNames systems) (attrNames homes);
in
{
assertion = duplicates == [ ];
message = "Duplicate-ly named NixOS systems: ${toString duplicates}";
})
];
deploy-rs = {
deploy = {
nodes = (
(nodesFor systems) //
(nodesFor homes)
);
autoRollback = true;
magicRollback = true;
};
# Filter out null values so deploy merges overriding options correctly
rendered = lib.my.deploy-rs.filterOpts cfg.deploy;
};
};
}

14
flake.nix
View File

@ -40,7 +40,7 @@
}: }:
let let
inherit (builtins) mapAttrs; inherit (builtins) mapAttrs;
inherit (lib) recurseIntoAttrs filterAttrs evalModules; inherit (lib) recurseIntoAttrs evalModules;
inherit (lib.flake) flattenTree eachDefaultSystem; inherit (lib.flake) flattenTree eachDefaultSystem;
inherit (lib.my) mkDefaultSystemsPkgs flakePackageOverlay; inherit (lib.my) mkDefaultSystemsPkgs flakePackageOverlay;
@ -108,8 +108,12 @@
}; };
} }
# Not an internal part of the module system apparently, but it doesn't have any dependencies other than lib
"${pkgsFlakes.unstable}/nixos/modules/misc/assertions.nix"
./nixos ./nixos
./home-manager ./home-manager
./deploy-rs.nix
] ++ configs; ] ++ configs;
}; };
in in
@ -125,13 +129,7 @@
nixosConfigurations = mapAttrs (_: s: s.configuration) nixfiles.config.nixos.systems; nixosConfigurations = mapAttrs (_: s: s.configuration) nixfiles.config.nixos.systems;
homeConfigurations = mapAttrs (_: s: s.configuration) nixfiles.config.home-manager.homes; homeConfigurations = mapAttrs (_: s: s.configuration) nixfiles.config.home-manager.homes;
deploy = { deploy = nixfiles.config.deploy-rs.rendered;
nodes = filterAttrs (_: n: n != null)
(mapAttrs (_: system: system.config.my.deploy.rendered) self.nixosConfigurations);
autoRollback = true;
magicRollback = true;
};
} // } //
(eachDefaultSystem (system: (eachDefaultSystem (system:
let let

4
home-manager/configs/castle.nix
View File

@ -11,6 +11,10 @@
targets.genericLinux.enable = true; targets.genericLinux.enable = true;
my = { my = {
deploy.node = {
hostname = "h.nul.ie";
sshOpts = [ "-4" "-p" "8022" ];
};
ssh.matchBlocks = { ssh.matchBlocks = {
home = { home = {
host = host =

1
home-manager/modules/_list.nix
View File

@ -2,5 +2,6 @@
home-manager.modules = { home-manager.modules = {
common = ./common.nix; common = ./common.nix;
gui = ./gui.nix; gui = ./gui.nix;
deploy-rs = ./deploy-rs.nix;
}; };
} }

7
home-manager/modules/common.nix
View File

@ -1,4 +1,4 @@
{ lib, pkgs, pkgs', inputs, options, config, ... }@args: { lib, pkgs, pkgs', inputs, config, ... }@args:
let let
inherit (builtins) mapAttrs readFile; inherit (builtins) mapAttrs readFile;
inherit (lib) concatMapStrings concatStringsSep optionalAttrs versionAtLeast mkMerge mkIf mkDefault mkOption; inherit (lib) concatMapStrings concatStringsSep optionalAttrs versionAtLeast mkMerge mkIf mkDefault mkOption;
@ -153,6 +153,7 @@ in
home = { home = {
packages = with pkgs; [ packages = with pkgs; [
file
tree tree
iperf3 iperf3
]; ];
@ -170,7 +171,9 @@ in
(mkIf (config.my.isStandalone || !args.osConfig.home-manager.useGlobalPkgs) { (mkIf (config.my.isStandalone || !args.osConfig.home-manager.useGlobalPkgs) {
# Note: If globalPkgs mode is on, then these will be overridden by the NixOS equivalents of these options # Note: If globalPkgs mode is on, then these will be overridden by the NixOS equivalents of these options
nixpkgs = { nixpkgs = {
overlays = [ ]; overlays = [
inputs.deploy-rs.overlay
];
config = { config = {
allowUnfree = true; allowUnfree = true;
}; };

38
home-manager/modules/deploy-rs.nix Normal file
View File

@ -0,0 +1,38 @@
{ lib, pkgs, config, ... }:
let
inherit (builtins) head;
inherit (lib) mkMerge mkIf mkDefault;
inherit (lib.my) mkBoolOpt';
cfg = config.my.deploy;
in
{
options.my.deploy = with lib.types; {
enable = mkBoolOpt' true "Whether to expose deploy-rs configuration for this home configuration.";
inherit (lib.my.deploy-rs) node;
generate = {
home.enable = mkBoolOpt' true "Whether to generate a deploy-rs profile for this home config.";
};
};
config = mkMerge [
{
my.deploy.enable = mkIf (!config.my.isStandalone) false;
}
(mkIf cfg.enable {
my.deploy.node = {
profiles = {
home = mkIf cfg.generate.home.enable {
path = pkgs.deploy-rs.lib.activate.home-manager { inherit (config.home) activationPackage; };
profilePath = "/nix/var/nix/profiles/per-user/${config.home.username}/profile";
};
};
sshUser = mkDefault config.home.username;
user = config.home.username;
sudo = mkDefault "sudo -u";
};
})
];
}

24
lib.nix
View File

@ -91,7 +91,7 @@ rec {
sshUser = nullOrOpt' str "Username deploy-rs will deploy with."; sshUser = nullOrOpt' str "Username deploy-rs will deploy with.";
user = nullOrOpt' str "Username deploy-rs will deploy with."; user = nullOrOpt' str "Username deploy-rs will deploy with.";
sudo = nullOrOpt' str "Command to elevate privileges with (used if the deployment user != profile user)."; sudo = nullOrOpt' str "Command to elevate privileges with (used if the deployment user != profile user).";
sshOpts = nullOrOpt' (listOf str) sshOpts = mkOpt' (listOf str) [ ]
"Options deploy-rs will pass to ssh. Note: overriding at a lower level _merges_ options."; "Options deploy-rs will pass to ssh. Note: overriding at a lower level _merges_ options.";
fastConnection = nullOrOpt' bool "Whether to copy the whole closure instead of using substitution."; fastConnection = nullOrOpt' bool "Whether to copy the whole closure instead of using substitution.";
autoRollback = nullOrOpt' bool "Whether to roll back the profile if activation fails."; autoRollback = nullOrOpt' bool "Whether to roll back the profile if activation fails.";
@ -104,18 +104,30 @@ rec {
path = mkOpt' package "" "Derivation to build (should include activation script)."; path = mkOpt' package "" "Derivation to build (should include activation script).";
profilePath = nullOrOpt' str "Path to profile location"; profilePath = nullOrOpt' str "Path to profile location";
} // globalOpts; } // globalOpts;
profile = submodule { options = profileOpts; }; profileType = submodule { options = profileOpts; };
nodeOpts = { nodeOpts = {
hostname = mkOpt' str "" "Hostname deploy-rs will connect to."; hostname = mkOpt' str "" "Hostname deploy-rs will connect to.";
profilesOrder = nullOrOpt' (listOf str) profilesOrder = nullOrOpt' (listOf str)
"Order to deploy profiles in (remainder will be deployed in arbitrary order)."; "Order to deploy profiles in (remainder will be deployed in arbitrary order).";
profiles = mkOpt' (attrsOf profile) { } "Profiles to deploy."; profiles = mkOpt' (attrsOf profileType) { } "Profiles to deploy.";
} // globalOpts; } // globalOpts;
nodeType = submodule { options = nodeOpts; };
deployOpts = {
nodes = mkOption {
type = attrsOf nodeType;
default = { };
internal = true;
description = "deploy-rs node configurations.";
};
} // globalOpts;
deployType = submodule { options = deployOpts; };
in in
rec { {
inherit profile; inherit globalOpts;
node = submodule { options = nodeOpts; }; node = mkOpt' nodeType { } "deploy-rs node configuration.";
deploy = mkOpt' deployType { } "deploy-rs configuration.";
filterOpts = filterAttrsRecursive (_: v: v != null); filterOpts = filterAttrsRecursive (_: v: v != null);
}; };

51
nixos/modules/deploy-rs.nix
View File

@ -1,56 +1,47 @@
{ lib, extendModules, pkgs, options, config, baseModules, ... }: { lib, pkgs, config, ... }:
let let
inherit (builtins) head; inherit (builtins) head;
inherit (lib) mkOption mkMerge mkIf mkDefault; inherit (lib) mkMerge mkIf mkDefault;
inherit (lib.my) mkOpt' mkBoolOpt'; inherit (lib.my) mkOpt' mkBoolOpt';
cfg = config.my.deploy; cfg = config.my.deploy;
in in
{ {
options.my.deploy = with lib.types; rec { options.my.deploy = with lib.types; {
authorizedKeys = { authorizedKeys = {
keys = mkOpt' (listOf singleLineStr) [ ] "SSH public keys to add to the default deployment user."; keys = mkOpt' (listOf singleLineStr) [ ] "SSH public keys to add to the default deployment user.";
keyFiles = mkOpt' (listOf str) [ ] "SSH public key files to add to the default deployment user."; keyFiles = mkOpt' (listOf str) [ ] "SSH public key files to add to the default deployment user.";
}; };
enable = mkBoolOpt' true "Whether to expose deploy-rs configuration for this system."; enable = mkBoolOpt' true "Whether to expose deploy-rs configuration for this system.";
node = mkOpt' lib.my.deploy-rs.node { } "deploy-rs node configuration."; inherit (lib.my.deploy-rs) node;
generate = { generate = {
system.enable = mkBoolOpt' true "Whether to generate a deploy-rs profile for this system's config."; system.enable = mkBoolOpt' true "Whether to generate a deploy-rs profile for this system's config.";
}; };
rendered = mkOption {
type = nullOr (attrsOf anything);
default = null;
internal = true;
description = "Rendered deploy-rs node configuration.";
};
}; };
config = mkMerge [ config = mkMerge [
{ {
my.deploy = { my.deploy.enable = mkIf config.my.build.isDevVM false;
enable = mkIf config.my.build.isDevVM false;
node = {
hostname = mkDefault config.networking.fqdn;
profiles = {
system = mkIf cfg.generate.system.enable {
path = pkgs.deploy-rs.lib.activate.nixos { inherit config; };
user = "root";
};
};
sshUser = "deploy";
user = mkDefault "root";
sudo = mkDefault (if config.security.doas.enable then "doas -u" else "sudo -u");
sshOpts = mkDefault [ "-p" (toString (head config.services.openssh.ports)) ];
};
rendered = mkIf cfg.enable (lib.my.deploy-rs.filterOpts cfg.node);
};
} }
(mkIf cfg.enable { (mkIf cfg.enable {
my.deploy.node = {
hostname = mkDefault config.networking.fqdn;
profiles = {
system = mkIf cfg.generate.system.enable {
path = pkgs.deploy-rs.lib.activate.nixos { inherit config; };
user = "root";
};
};
sshUser = "deploy";
user = mkDefault "root";
sudo = mkDefault (if config.security.doas.enable then "doas -u" else "sudo -u");
sshOpts = mkDefault [ "-p" (toString (head config.services.openssh.ports)) ];
};
users = { users = {
users."${cfg.node.sshUser}" = { users."${cfg.node.sshUser}" = {
isSystemUser = true; isSystemUser = true;