From ed939607b20310b6043f4cf636f01b4da803cdc0 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Tue, 18 Jun 2024 23:46:58 -0500 Subject: [PATCH 1/6] first run at cachix deploy --- flake.lock | 269 +++++++++++++++++++++++++++++++++++++++++++++++++++-- flake.nix | 171 +++++++++++++++++----------------- 2 files changed, 346 insertions(+), 94 deletions(-) diff --git a/flake.lock b/flake.lock index 9bedcb6..4194150 100644 --- a/flake.lock +++ b/flake.lock @@ -1,8 +1,72 @@ { "nodes": { + "cachix-deploy-flake": { + "inputs": { + "darwin": "darwin", + "disko": "disko", + "home-manager": "home-manager", + "nixos-anywhere": "nixos-anywhere", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1716236735, + "narHash": "sha256-/VTQfiobFPcEyBjWgvI1NBDBIoolPNhvRvbnTekLav8=", + "owner": "cachix", + "repo": "cachix-deploy-flake", + "rev": "63ad0e83b5873909902ea55a69663e8122bd3b56", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "cachix-deploy-flake", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "cachix-deploy-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715871485, + "narHash": "sha256-ywapEXmBBI+DVRx/YYC6+6Lk+W8vhShz1uJNvqPKzng=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "cb02884fa1ff5a619a44ab5f1bcc4dedd2d623c2", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, "disko": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "cachix-deploy-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715822638, + "narHash": "sha256-Z4ZoyK8jYRmBZwMaEZLEmAilrfdpekwwwohliqC14/E=", + "owner": "nix-community", + "repo": "disko", + "rev": "476eef8d85aa09389ae7baf6e6b60357f6a01432", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_2": { + "inputs": { + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1718588625, @@ -18,22 +82,152 @@ "type": "github" } }, - "nixpkgs": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "cachix-deploy-flake", + "nixos-anywhere", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1718276985, - "narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=", + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "cachix-deploy-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715486357, + "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-anywhere": { + "inputs": { + "disko": [ + "cachix-deploy-flake", + "disko" + ], + "flake-parts": "flake-parts", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "cachix-deploy-flake", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1715150548, + "narHash": "sha256-pb2xIGuzzkPOjUlZnBahpfQWVvtCSOcW8vLL7rQUiEY=", + "owner": "numtide", + "repo": "nixos-anywhere", + "rev": "242444d228636b1f0e89d3681f04a75254c29f66", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nixos-anywhere", + "type": "github" + } + }, + "nixos-images": { + "inputs": { + "nixos-2311": [ + "cachix-deploy-flake", + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "cachix-deploy-flake", + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702375325, + "narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1702233072, + "narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3f84a279f1a6290ce154c5531378acc827836fbb", + "rev": "781e2a9797ecf0f146e81425c822dca69fe4a348", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs": { + "locked": { + "lastModified": 1713995372, + "narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=", + "path": "/nix/store/22chir190mpfvp59lgh39q7fp7w77br9-source", + "rev": "dd37924974b9202f8226ed5d74a252a9785aedf8", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1718478900, @@ -51,6 +245,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1718276985, + "narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3f84a279f1a6290ce154c5531378acc827836fbb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1718437845, "narHash": "sha256-ZT7Oc1g4I4pHVGGjQFnewFVDRLH5cIZhEzODLz9YXeY=", @@ -66,7 +276,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1718541509, "narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=", @@ -84,8 +294,10 @@ }, "root": { "inputs": { - "disko": "disko", - "nixpkgs": "nixpkgs_2", + "cachix-deploy-flake": "cachix-deploy-flake", + "disko": "disko_2", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3", "sops-nix": "sops-nix", "srvos": "srvos" } @@ -113,7 +325,7 @@ }, "srvos": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1718585173, @@ -128,6 +340,43 @@ "repo": "srvos", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "cachix-deploy-flake", + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702376629, + "narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 9fc8c89..08f0062 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,8 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; srvos.url = "github:numtide/srvos"; disko.url = "github:nix-community/disko"; + cachix-deploy-flake.url = "github:cachix/cachix-deploy-flake"; + flake-utils.url = "github:numtide/flake-utils"; # sops-nix - secrets with mozilla sops # https://github.com/Mic92/sops-nix sops-nix = { @@ -13,91 +15,92 @@ }; }; - outputs = { self, sops-nix, nixpkgs, srvos, disko, ... }@inputs: - let - lib = nixpkgs.lib; - inherit (self) outputs; - in { - nixosConfigurations = - { - "fj-hetzner-aarch64-01" = lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = {inherit inputs outputs;}; - modules = [ - sops-nix.nixosModules.sops - srvos.nixosModules.hardware-hetzner-cloud - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-hetzner-aarch64.nix - (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-hetzner-aarch64-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - }]; + outputs = { self, sops-nix, nixpkgs, srvos, disko, cachix-deploy-flake, flake-utils, ... }@inputs: + flake-utils.lib.eachDefaultSystem ( + system: { + defaultPackage = let + pkgs = import nixpkgs { inherit system; }; + cachix-deploy-lib = cachix-deploy-flake.lib pkgs; + in + cachix-deploy-lib.spec + { + agents = { + "fj-hetzner-aarch64-01" = cachix-deploy-lib.nixos { + # system = "aarch64-linux"; + imports = [ + sops-nix.nixosModules.sops + srvos.nixosModules.hardware-hetzner-cloud + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + ./agents/fj-hetzner-aarch64.nix + (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-hetzner-aarch64-01"; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + }]; + }; + "fj-shadowfax-01" = cachix-deploy-lib.nixos { + # system = "x86_64-linux"; + imports = [ + sops-nix.nixosModules.sops + ./hardware/shadowfax-kubevirt.nix + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + ./agents/fj-shadowfax-x86_64.nix + (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-shadowfax-01"; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + }]; + }; + "fj-shadowfax-02" = cachix-deploy-lib.nixos { + # system = "x86_64-linux"; + imports = [ + sops-nix.nixosModules.sops + ./hardware/shadowfax-kubevirt.nix + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + ./agents/fj-shadowfax-x86_64.nix + (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-shadowfax-02"; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + }]; + }; + }; }; - "fj-shadowfax-01" = lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = {inherit inputs outputs;}; - modules = [ - sops-nix.nixosModules.sops - ./hardware/shadowfax-kubevirt.nix - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-shadowfax-x86_64.nix - (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-shadowfax-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - }]; - }; - "fj-shadowfax-02" = lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = {inherit inputs outputs;}; - modules = [ - sops-nix.nixosModules.sops - ./hardware/shadowfax-kubevirt.nix - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-shadowfax-x86_64.nix - (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-shadowfax-02"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - }]; - }; - }; + }); # Convenience output that aggregates the outputs for home, nixos. # Also used in ci to build targets generally. - top = - let - nixtop = nixpkgs.lib.genAttrs - (builtins.attrNames inputs.self.nixosConfigurations) - (attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel); - in - nixtop; - }; + # top = + # let + # nixtop = nixpkgs.lib.genAttrs + # (builtins.attrNames inputs.self.nixosConfigurations) + # (attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel); + # in + # nixtop; } From 1dff38cc97a7daf8b917b6db6c34433ec355a918 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 19 Jun 2024 00:48:47 -0500 Subject: [PATCH 2/6] second stab at cachix deploy --- flake.lock | 314 +++++++++++++++++++++++++++++++++++++++++++++++++++-- flake.nix | 152 +++++++++++++------------- 2 files changed, 380 insertions(+), 86 deletions(-) diff --git a/flake.lock b/flake.lock index 4194150..b9f1949 100644 --- a/flake.lock +++ b/flake.lock @@ -22,6 +22,29 @@ "type": "github" } }, + "cachix-flake": { + "inputs": { + "devenv": "devenv", + "flake-compat": "flake-compat_2", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1718730519, + "narHash": "sha256-9/Jmflf9vs97uG0UyJXBSxsZzkpH9xOdeMMwBYhfHfQ=", + "owner": "cachix", + "repo": "cachix", + "rev": "7913ce3dce4439907a259480cf03ca3c5dd75725", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "cachix", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -43,6 +66,35 @@ "type": "github" } }, + "devenv": { + "inputs": { + "flake-compat": [ + "cachix-flake", + "flake-compat" + ], + "nix": "nix", + "nixpkgs": "nixpkgs_2", + "poetry2nix": "poetry2nix", + "pre-commit-hooks": [ + "cachix-flake", + "pre-commit-hooks" + ] + }, + "locked": { + "lastModified": 1708704632, + "narHash": "sha256-w+dOIW60FKMaHI1q5714CSibk99JfYxm0CzTinYWr+Q=", + "owner": "cachix", + "repo": "devenv", + "rev": "2ee4450b0f4b95a1b90f2eb5ffea98b90e48c196", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "python-rewrite", + "repo": "devenv", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -66,7 +118,7 @@ }, "disko_2": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1718588625, @@ -82,6 +134,54 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -108,6 +208,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -122,6 +240,28 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "cachix-flake", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -143,6 +283,54 @@ "type": "github" } }, + "nix": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "cachix-flake", + "devenv", + "nixpkgs" + ], + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1708577783, + "narHash": "sha256-92xq7eXlxIT5zFNccLpjiP7sdQqQI30Gyui2p/PfKZM=", + "owner": "domenkozar", + "repo": "nix", + "rev": "ecd0af0c1f56de32cbad14daa1d82a132bf298f8", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.21", + "repo": "nix", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "cachix-flake", + "devenv", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688870561, + "narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "165b1650b753316aa7f1787f3005a8d2da0f5301", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixos-anywhere": { "inputs": { "disko": [ @@ -228,7 +416,39 @@ "type": "indirect" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1718478900, "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", @@ -245,6 +465,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1692808169, + "narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9201b5ff357e781bf014d0330d18555695df7ba8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1718276985, "narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=", @@ -260,7 +496,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1718437845, "narHash": "sha256-ZT7Oc1g4I4pHVGGjQFnewFVDRLH5cIZhEzODLz9YXeY=", @@ -276,7 +512,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1718541509, "narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=", @@ -292,12 +528,61 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "cachix-flake", + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1692876271, + "narHash": "sha256-IXfZEkI0Mal5y1jr6IRWMqK8GW2/f28xJenZIPQqkY0=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "d5006be9c2c2417dafb2e2e5034d83fabd207ee3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils_2", + "gitignore": "gitignore", + "nixpkgs": [ + "cachix-flake", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1715609711, + "narHash": "sha256-/5u29K0c+4jyQ8x7dUIEUWlz2BoTSZWUP2quPwFCE7M=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "c182c876690380f8d3b9557c4609472ebfa1b141", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "cachix-deploy-flake": "cachix-deploy-flake", + "cachix-flake": "cachix-flake", "disko": "disko_2", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "sops-nix": "sops-nix", "srvos": "srvos" } @@ -307,7 +592,7 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1718506969, @@ -325,7 +610,7 @@ }, "srvos": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1718585173, @@ -356,6 +641,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 08f0062..13cceae 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,10 @@ srvos.url = "github:numtide/srvos"; disko.url = "github:nix-community/disko"; cachix-deploy-flake.url = "github:cachix/cachix-deploy-flake"; - flake-utils.url = "github:numtide/flake-utils"; + cachix-flake = { + url = "github:cachix/cachix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # sops-nix - secrets with mozilla sops # https://github.com/Mic92/sops-nix sops-nix = { @@ -15,85 +18,76 @@ }; }; - outputs = { self, sops-nix, nixpkgs, srvos, disko, cachix-deploy-flake, flake-utils, ... }@inputs: - flake-utils.lib.eachDefaultSystem ( - system: { - defaultPackage = let - pkgs = import nixpkgs { inherit system; }; - cachix-deploy-lib = cachix-deploy-flake.lib pkgs; - in - cachix-deploy-lib.spec - { - agents = { - "fj-hetzner-aarch64-01" = cachix-deploy-lib.nixos { - # system = "aarch64-linux"; - imports = [ - sops-nix.nixosModules.sops - srvos.nixosModules.hardware-hetzner-cloud - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-hetzner-aarch64.nix - (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-hetzner-aarch64-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - }]; - }; - "fj-shadowfax-01" = cachix-deploy-lib.nixos { - # system = "x86_64-linux"; - imports = [ - sops-nix.nixosModules.sops - ./hardware/shadowfax-kubevirt.nix - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-shadowfax-x86_64.nix - (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-shadowfax-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - }]; - }; - "fj-shadowfax-02" = cachix-deploy-lib.nixos { - # system = "x86_64-linux"; - imports = [ - sops-nix.nixosModules.sops - ./hardware/shadowfax-kubevirt.nix - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-shadowfax-x86_64.nix - (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-shadowfax-02"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - }]; - }; - }; + outputs = { self, sops-nix, nixpkgs, srvos, disko, cachix-flake, cachix-deploy-flake, ... }@inputs: + let + lib = nixpkgs.lib; + common = system: rec { + pkgs = import nixpkgs { + inherit system; + overlays = [ + (final: prev: { + cachix = cachix-flake.packages.${system}.default; + }) + ]; }; - }); + cachix-deploy-lib = cachix-deploy-flake.lib pkgs; + }; + in + { + packages.aarch64-linux.default = + let + inherit (common "aarch64-linux") cachix-deploy-lib pkgs; + in + cachix-deploy-lib.nixos { + # system = "aarch64-linux"; + imports = [ + sops-nix.nixosModules.sops + srvos.nixosModules.hardware-hetzner-cloud + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + ./agents/fj-hetzner-aarch64.nix + (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-hetzner-aarch64-01"; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + }]; + }; + packages.x86_64-linux.default = + let + inherit (common "x86_64-linux") cachix-deploy-lib pkgs; + in + cachix-deploy-lib.nixos { + imports = [ + sops-nix.nixosModules.sops + ./hardware/shadowfax-kubevirt.nix + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + ./agents/fj-shadowfax-x86_64.nix + (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-shadowfax-01"; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + } + ]; + }; + }; + # Convenience output that aggregates the outputs for home, nixos. # Also used in ci to build targets generally. # top = From 4efab49fff93bcac054ff403c96b65f6094b6513 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 19 Jun 2024 01:08:44 -0500 Subject: [PATCH 3/6] merged cachix deploy in with nixos configurations for manual deploy --- flake.nix | 96 +++++++++++++++++++++++++++++++++---------------------- 1 file changed, 57 insertions(+), 39 deletions(-) diff --git a/flake.nix b/flake.nix index 13cceae..1c32799 100644 --- a/flake.nix +++ b/flake.nix @@ -32,16 +32,8 @@ }; cachix-deploy-lib = cachix-deploy-flake.lib pkgs; }; - in - { - packages.aarch64-linux.default = - let - inherit (common "aarch64-linux") cachix-deploy-lib pkgs; - in - cachix-deploy-lib.nixos { - # system = "aarch64-linux"; - imports = [ - sops-nix.nixosModules.sops + aarch64-linux-modules = [ + sops-nix.nixosModules.sops srvos.nixosModules.hardware-hetzner-cloud srvos.nixosModules.server srvos.nixosModules.mixins-systemd-boot @@ -58,43 +50,69 @@ ]; services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "without-password"; - }]; + } + ]; + x86_64-linux-modules = [ + sops-nix.nixosModules.sops + ./hardware/shadowfax-kubevirt.nix + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + ./agents/fj-shadowfax-x86_64.nix + (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-shadowfax-01"; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + } + ]; + in + { + nixosConfigurations = + { + "fj-hetzner-aarch64-01" = lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = {inherit inputs; }; + modules = [ aarch64-linux-modules ]; + }; + + "fj-shadowfax-01" = lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs; }; + modules = [ x86_64-linux-modules ]; + }; + }; + + packages.aarch64-linux.default = + let + inherit (common "aarch64-linux") cachix-deploy-lib pkgs; + in + cachix-deploy-lib.nixos { + # system = "aarch64-linux"; + imports = aarch64-linux-modules; }; packages.x86_64-linux.default = let inherit (common "x86_64-linux") cachix-deploy-lib pkgs; in cachix-deploy-lib.nixos { - imports = [ - sops-nix.nixosModules.sops - ./hardware/shadowfax-kubevirt.nix - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-shadowfax-x86_64.nix - (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-shadowfax-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - } - ]; + imports = x86_64-linux-modules; }; - }; # Convenience output that aggregates the outputs for home, nixos. # Also used in ci to build targets generally. - # top = - # let - # nixtop = nixpkgs.lib.genAttrs - # (builtins.attrNames inputs.self.nixosConfigurations) - # (attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel); - # in - # nixtop; + top = + let + nixtop = nixpkgs.lib.genAttrs + (builtins.attrNames inputs.self.nixosConfigurations) + (attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel); + in + nixtop; + }; } From 01c3ed9e7a33238981203beb615b76cf0c342e76 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 19 Jun 2024 02:28:19 -0500 Subject: [PATCH 4/6] Added cachix deploy json config --- flake.nix | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 1c32799..1996f44 100644 --- a/flake.nix +++ b/flake.nix @@ -74,6 +74,7 @@ ]; in { + # NixOS configurations for manual deployment nixosConfigurations = { "fj-hetzner-aarch64-01" = lib.nixosSystem { @@ -88,7 +89,7 @@ modules = [ x86_64-linux-modules ]; }; }; - + # Cachix deploy for automated deployments packages.aarch64-linux.default = let inherit (common "aarch64-linux") cachix-deploy-lib pkgs; @@ -105,6 +106,30 @@ imports = x86_64-linux-modules; }; + deploy-json = + let + inherit (common "aarch64-linux") cachix-deploy-lib; + in + cachix-deploy-lib.spec + { + agents = { + "fj-hetzner-aarch64-01" = + let + inherit (common "aarch64-linux") cachix-deploy-lib pkgs; + in + cachix-deploy-lib.nixos { + # system = "aarch64-linux"; + imports = aarch64-linux-modules; + }; + "fj-shadowfax-01" = + let + inherit (common "x86_64-linux") cachix-deploy-lib pkgs; + in + cachix-deploy-lib.nixos { + imports = x86_64-linux-modules; + }; + }; + }; # Convenience output that aggregates the outputs for home, nixos. # Also used in ci to build targets generally. top = From 15e0e48de10f93a78f1c837564b0bbfd93615d4f Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 19 Jun 2024 09:45:36 -0500 Subject: [PATCH 5/6] deploy-json docs --- flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake.nix b/flake.nix index 1996f44..97cd7d7 100644 --- a/flake.nix +++ b/flake.nix @@ -106,6 +106,8 @@ imports = x86_64-linux-modules; }; + # Constructs a deploy.json output that can be used to deploy the runners + # https://docs.cachix.org/deploy/reference#deploy-json deploy-json = let inherit (common "aarch64-linux") cachix-deploy-lib; From fed3977de5cd8f0e04ecf306e2080192196333bf Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 19 Jun 2024 10:03:50 -0500 Subject: [PATCH 6/6] remove nested array --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 97cd7d7..2b1621a 100644 --- a/flake.nix +++ b/flake.nix @@ -80,13 +80,13 @@ "fj-hetzner-aarch64-01" = lib.nixosSystem { system = "aarch64-linux"; specialArgs = {inherit inputs; }; - modules = [ aarch64-linux-modules ]; + modules = aarch64-linux-modules; }; "fj-shadowfax-01" = lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs; }; - modules = [ x86_64-linux-modules ]; + modules = x86_64-linux-modules; }; }; # Cachix deploy for automated deployments