From ed939607b20310b6043f4cf636f01b4da803cdc0 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Tue, 18 Jun 2024 23:46:58 -0500 Subject: [PATCH] first run at cachix deploy --- flake.lock | 269 +++++++++++++++++++++++++++++++++++++++++++++++++++-- flake.nix | 171 +++++++++++++++++----------------- 2 files changed, 346 insertions(+), 94 deletions(-) diff --git a/flake.lock b/flake.lock index 9bedcb6..4194150 100644 --- a/flake.lock +++ b/flake.lock @@ -1,8 +1,72 @@ { "nodes": { + "cachix-deploy-flake": { + "inputs": { + "darwin": "darwin", + "disko": "disko", + "home-manager": "home-manager", + "nixos-anywhere": "nixos-anywhere", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1716236735, + "narHash": "sha256-/VTQfiobFPcEyBjWgvI1NBDBIoolPNhvRvbnTekLav8=", + "owner": "cachix", + "repo": "cachix-deploy-flake", + "rev": "63ad0e83b5873909902ea55a69663e8122bd3b56", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "cachix-deploy-flake", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "cachix-deploy-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715871485, + "narHash": "sha256-ywapEXmBBI+DVRx/YYC6+6Lk+W8vhShz1uJNvqPKzng=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "cb02884fa1ff5a619a44ab5f1bcc4dedd2d623c2", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, "disko": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "cachix-deploy-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715822638, + "narHash": "sha256-Z4ZoyK8jYRmBZwMaEZLEmAilrfdpekwwwohliqC14/E=", + "owner": "nix-community", + "repo": "disko", + "rev": "476eef8d85aa09389ae7baf6e6b60357f6a01432", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_2": { + "inputs": { + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1718588625, @@ -18,22 +82,152 @@ "type": "github" } }, - "nixpkgs": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "cachix-deploy-flake", + "nixos-anywhere", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1718276985, - "narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=", + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "cachix-deploy-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1715486357, + "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-anywhere": { + "inputs": { + "disko": [ + "cachix-deploy-flake", + "disko" + ], + "flake-parts": "flake-parts", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "cachix-deploy-flake", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1715150548, + "narHash": "sha256-pb2xIGuzzkPOjUlZnBahpfQWVvtCSOcW8vLL7rQUiEY=", + "owner": "numtide", + "repo": "nixos-anywhere", + "rev": "242444d228636b1f0e89d3681f04a75254c29f66", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nixos-anywhere", + "type": "github" + } + }, + "nixos-images": { + "inputs": { + "nixos-2311": [ + "cachix-deploy-flake", + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "cachix-deploy-flake", + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702375325, + "narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1702233072, + "narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3f84a279f1a6290ce154c5531378acc827836fbb", + "rev": "781e2a9797ecf0f146e81425c822dca69fe4a348", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs": { + "locked": { + "lastModified": 1713995372, + "narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=", + "path": "/nix/store/22chir190mpfvp59lgh39q7fp7w77br9-source", + "rev": "dd37924974b9202f8226ed5d74a252a9785aedf8", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1718478900, @@ -51,6 +245,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1718276985, + "narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3f84a279f1a6290ce154c5531378acc827836fbb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1718437845, "narHash": "sha256-ZT7Oc1g4I4pHVGGjQFnewFVDRLH5cIZhEzODLz9YXeY=", @@ -66,7 +276,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1718541509, "narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=", @@ -84,8 +294,10 @@ }, "root": { "inputs": { - "disko": "disko", - "nixpkgs": "nixpkgs_2", + "cachix-deploy-flake": "cachix-deploy-flake", + "disko": "disko_2", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3", "sops-nix": "sops-nix", "srvos": "srvos" } @@ -113,7 +325,7 @@ }, "srvos": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1718585173, @@ -128,6 +340,43 @@ "repo": "srvos", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "cachix-deploy-flake", + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702376629, + "narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 9fc8c89..08f0062 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,8 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; srvos.url = "github:numtide/srvos"; disko.url = "github:nix-community/disko"; + cachix-deploy-flake.url = "github:cachix/cachix-deploy-flake"; + flake-utils.url = "github:numtide/flake-utils"; # sops-nix - secrets with mozilla sops # https://github.com/Mic92/sops-nix sops-nix = { @@ -13,91 +15,92 @@ }; }; - outputs = { self, sops-nix, nixpkgs, srvos, disko, ... }@inputs: - let - lib = nixpkgs.lib; - inherit (self) outputs; - in { - nixosConfigurations = - { - "fj-hetzner-aarch64-01" = lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = {inherit inputs outputs;}; - modules = [ - sops-nix.nixosModules.sops - srvos.nixosModules.hardware-hetzner-cloud - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-hetzner-aarch64.nix - (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-hetzner-aarch64-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - }]; + outputs = { self, sops-nix, nixpkgs, srvos, disko, cachix-deploy-flake, flake-utils, ... }@inputs: + flake-utils.lib.eachDefaultSystem ( + system: { + defaultPackage = let + pkgs = import nixpkgs { inherit system; }; + cachix-deploy-lib = cachix-deploy-flake.lib pkgs; + in + cachix-deploy-lib.spec + { + agents = { + "fj-hetzner-aarch64-01" = cachix-deploy-lib.nixos { + # system = "aarch64-linux"; + imports = [ + sops-nix.nixosModules.sops + srvos.nixosModules.hardware-hetzner-cloud + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + ./agents/fj-hetzner-aarch64.nix + (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-hetzner-aarch64-01"; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + }]; + }; + "fj-shadowfax-01" = cachix-deploy-lib.nixos { + # system = "x86_64-linux"; + imports = [ + sops-nix.nixosModules.sops + ./hardware/shadowfax-kubevirt.nix + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + ./agents/fj-shadowfax-x86_64.nix + (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-shadowfax-01"; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + }]; + }; + "fj-shadowfax-02" = cachix-deploy-lib.nixos { + # system = "x86_64-linux"; + imports = [ + sops-nix.nixosModules.sops + ./hardware/shadowfax-kubevirt.nix + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + ./agents/fj-shadowfax-x86_64.nix + (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-shadowfax-02"; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + }]; + }; + }; }; - "fj-shadowfax-01" = lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = {inherit inputs outputs;}; - modules = [ - sops-nix.nixosModules.sops - ./hardware/shadowfax-kubevirt.nix - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-shadowfax-x86_64.nix - (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-shadowfax-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - }]; - }; - "fj-shadowfax-02" = lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = {inherit inputs outputs;}; - modules = [ - sops-nix.nixosModules.sops - ./hardware/shadowfax-kubevirt.nix - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-shadowfax-x86_64.nix - (import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-shadowfax-02"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - }]; - }; - }; + }); # Convenience output that aggregates the outputs for home, nixos. # Also used in ci to build targets generally. - top = - let - nixtop = nixpkgs.lib.genAttrs - (builtins.attrNames inputs.self.nixosConfigurations) - (attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel); - in - nixtop; - }; + # top = + # let + # nixtop = nixpkgs.lib.genAttrs + # (builtins.attrNames inputs.self.nixosConfigurations) + # (attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel); + # in + # nixtop; }