From fe91fd0cf540753a693b5ffc39433013c2355edd Mon Sep 17 00:00:00 2001 From: Manuel Hutter Date: Wed, 10 Jan 2024 09:42:58 +0100 Subject: [PATCH] Use deploy-rs for deployment While `nixos-rebuild` does the job, it does not offer advanced features like magic rollbacks. Signed-off-by: Manuel Hutter --- README.md | 3 ++- deploy.sh | 12 --------- flake.lock | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 35 ++++++++++++++++++++++---- 4 files changed, 104 insertions(+), 18 deletions(-) delete mode 100755 deploy.sh diff --git a/README.md b/README.md index d9c51eb..320ee4c 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,11 @@ # mhnet NixOS configurations -Usage: `./deploy.sh HOST` +Usage: `deploy` ## Backlog +- [ ] Manage secret data with `agenix` - [ ] https://xeiaso.net/blog/paranoid-nixos-2021-07-18/ - [ ] https://xeiaso.net/blog/paranoid-nixos-aws-2021-08-11/ diff --git a/deploy.sh b/deploy.sh deleted file mode 100755 index 0b78477..0000000 --- a/deploy.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -set -e -u - -if [ "$#" -ne 1 ]; then - echo >&2 "usage: $0 HOST" - exit 1 -fi - -host="$1" - -set -x -nixos-rebuild switch --fast --flake ".#${host}" --target-host "$host" --build-host "$host" diff --git a/flake.lock b/flake.lock index b2633cc..5d15501 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,43 @@ { "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1703087360, + "narHash": "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "b709d63debafce9f5645a5ba550c9e0983b3d1f7", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1704811223, @@ -18,8 +56,42 @@ }, "root": { "inputs": { + "deploy-rs": "deploy-rs", "nixpkgs": "nixpkgs" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 0d4915e..5b97fc7 100644 --- a/flake.nix +++ b/flake.nix @@ -1,19 +1,44 @@ { - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + description = "Deployment for my server(s)"; - outputs = { self, nixpkgs }: + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + deploy-rs = { + url = "github:serokell/deploy-rs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, deploy-rs }: let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; in { - devShell."${system}" = pkgs.mkShell { - packages = with pkgs; [ nixos-rebuild ]; + # Ensure necessary tooling is available + devShells."${system}".default = pkgs.mkShell { + packages = [ pkgs.deploy-rs ]; }; + # NixOS configurations nixosConfigurations.rhea = nixpkgs.lib.nixosSystem { - inherit system; + system = "x86_64-linux "; modules = [ ./configuration.nix ]; }; + + # Deployment specifications + deploy.nodes.rhea = { + hostname = "rhea"; + sshUser = "root"; + remoteBuild = true; + + profiles.system = { + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.rhea; + }; + }; + + # FIXME: reenable; will pull a gig of dependencies ... + # checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; }; } +