diff --git a/README.md b/README.md index c78b2f6..2b39123 100644 --- a/README.md +++ b/README.md @@ -14,4 +14,4 @@ > Deine Configs sind wunderschön <3 —[flxai](https://github.com/flxai/) ## To do -- [ ] get rid of `nixinate` +🦗 diff --git a/configs/sshd.nix b/configs/sshd.nix index c24e91d..3624f08 100644 --- a/configs/sshd.nix +++ b/configs/sshd.nix @@ -8,7 +8,7 @@ services.openssh = { enable = true; - ports = [ pkgs.lib.niveum.sshPort ]; + ports = [ pkgs.lib.niveum.systems.${config.networking.hostName}.sshPort ]; settings = { PasswordAuthentication = false; X11Forwarding = true; diff --git a/flake.lock b/flake.lock index 2236148..86da749 100644 --- a/flake.lock +++ b/flake.lock @@ -885,24 +885,6 @@ "type": "github" } }, - "nixinate_2": { - "inputs": { - "nixpkgs": "nixpkgs_6" - }, - "locked": { - "lastModified": 1742737607, - "narHash": "sha256-rXR5zT+/ivE5JTi6m5tCvqN4obQPIT0mgmrBHkdjwEs=", - "owner": "matthewcroughan", - "repo": "nixinate", - "rev": "617b9bb5297147e35cbb24c93e2f30129f31bb9d", - "type": "github" - }, - "original": { - "owner": "matthewcroughan", - "repo": "nixinate", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1693636127, @@ -1000,22 +982,6 @@ } }, "nixpkgs_10": { - "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1659446231, "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=", @@ -1031,7 +997,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1744536153, "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", @@ -1047,7 +1013,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_12": { "locked": { "lastModified": 1615532953, "narHash": "sha256-SWpaGjrp/INzorEqMz3HLi6Uuk9I0KAn4YS8B4n3q5g=", @@ -1122,22 +1088,6 @@ } }, "nixpkgs_6": { - "locked": { - "lastModified": 1653060744, - "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dfd82985c273aac6eced03625f454b334daae2e8", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { "locked": { "lastModified": 1764983851, "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=", @@ -1153,7 +1103,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1765186076, "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", @@ -1169,7 +1119,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1744536153, "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", @@ -1185,6 +1135,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nmd": { "flake": false, "locked": { @@ -1251,7 +1217,7 @@ "nur_2": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1765367248, @@ -1380,8 +1346,7 @@ "menstruation-backend": "menstruation-backend_2", "menstruation-telegram": "menstruation-telegram_2", "nix-index-database": "nix-index-database", - "nixinate": "nixinate_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nixpkgs-old": "nixpkgs-old_2", "nixpkgs-unstable": "nixpkgs-unstable_2", "nur": "nur_2", @@ -1443,7 +1408,7 @@ }, "rust-overlay_2": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1765593578, @@ -1461,7 +1426,7 @@ }, "rust-overlay_3": { "inputs": { - "nixpkgs": "nixpkgs_12" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1765593578, @@ -1534,7 +1499,7 @@ "inputs": { "buildbot-nix": "buildbot-nix", "nix-writers": "nix-writers", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1763891069, @@ -1696,7 +1661,7 @@ }, "telebots_2": { "inputs": { - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1765657917, @@ -1927,7 +1892,7 @@ "wallpaper-generator_2": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_13" + "nixpkgs": "nixpkgs_12" }, "locked": { "lastModified": 1615819231, diff --git a/flake.nix b/flake.nix index 2c62e6a..f729d40 100644 --- a/flake.nix +++ b/flake.nix @@ -11,7 +11,6 @@ menstruation-backend.url = "github:kmein/menstruation.rs"; menstruation-telegram.url = "github:kmein/menstruation-telegram"; nix-index-database.url = "github:nix-community/nix-index-database"; - nixinate.url = "github:matthewcroughan/nixinate"; nixpkgs-old.url = "github:NixOS/nixpkgs/50fc86b75d2744e1ab3837ef74b53f103a9b55a0"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/master"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; @@ -52,7 +51,6 @@ home-manager, agenix, retiolum, - nixinate, coptic-dictionary, menstruation-backend, menstruation-telegram, @@ -73,14 +71,13 @@ eachSupportedSystem = lib.genAttrs lib.systems.flakeExposed; in { - apps = { - x86_64-linux = + apps = let localSystem = "x86_64-linux"; in { + ${localSystem} = let - pkgs = nixpkgs.legacyPackages.x86_64-linux; + pkgs = nixpkgs.legacyPackages.${localSystem}; lib = nixpkgs.lib; in lib.mergeAttrsList [ - (nixinate.nixinate.x86_64-linux self) { mock-secrets = { type = "app"; @@ -91,50 +88,57 @@ ); }; } - # the following error prevents remote building of ful: https://github.com/NixOS/nixpkgs/issues/177873 (builtins.listToAttrs ( map ( hostname: let - targets = { - ful = "root@ful"; - zaatar = "root@zaatar"; - makanek = "root@makanek"; - manakish = "root@manakish"; - tahina = "root@tahina"; - tabula = "root@tabula"; - kabsa = "root@kabsa"; - fatteh = "root@fatteh"; - kibbeh = "root@kibbeh"; - }; + niveumSystems = import lib/systems.nix; + systemAddresses = + system: + lib.optionals (system ? "internalIp") [ system.internalIp ] + ++ lib.optionals (system ? "externalIp") [ system.externalIp ] + ++ lib.optionals (system ? "retiolum") [ + system.retiolum.ipv6 + system.retiolum.ipv4 + ] + ++ lib.optionals (system ? "mycelium") [ system.mycelium.ipv6 ]; + addresses = lib.listToAttrs ( + map (name: { + inherit name; + value = systemAddresses (niveumSystems.${hostname}); + }) (builtins.attrNames self.nixosConfigurations) + ); + deployScript = pkgs.writers.writeBash "deploy-${hostname}" '' + # try to connect to any of the known addresses + targets=( + ${lib.concatStringsSep " " (map (addr: "\"root@${addr}\"") addresses.${hostname})} + ) + for target in "''${targets[@]}"; do + nc -z -w 2 "$(echo $target | cut -d'@' -f2)" ${ + toString niveumSystems.${hostname}.sshPort + } && reachable_target=$target && break + done + if [ -z "$reachable_target" ]; then + echo "No reachable target found for ${hostname}" >&2 + exit 1 + fi + echo "Deploying to ${hostname} via $reachable_target" + export NIX_SSHOPTS='-p ${toString niveumSystems.${hostname}.sshPort}' + ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \ + --max-jobs 2 \ + --log-format internal-json \ + --flake .#${hostname} \ + --target-host "$reachable_target" \ + ${lib.optionalString (localSystem != niveumSystems.${hostname}.system) "--build-host $reachable_target"} \ + |& ${pkgs.nix-output-monitor}/bin/nom --json + ''; in lib.attrsets.nameValuePair "deploy-${hostname}" { type = "app"; - program = toString ( - pkgs.writers.writeDash "deploy-${hostname}" '' - exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \ - --max-jobs 2 \ - --log-format internal-json \ - --flake .#${hostname} \ - --target-host ${targets.${hostname}} 2>&1 \ - | ${pkgs.nix-output-monitor}/bin/nom --json - '' - ); + program = toString deployScript; } ) (builtins.attrNames self.nixosConfigurations) )) - { - deploy-ful = { - type = "app"; - program = toString ( - pkgs.writers.writeDash "deploy-ful" '' - exec ${pkgs.nix}/bin/nix run .#nixinate.ful \ - --log-format internal-json 2>&1 \ - | ${pkgs.nix-output-monitor}/bin/nom --json - '' - ); - }; - } ]; }; @@ -342,15 +346,6 @@ retiolum.nixosModules.retiolum nur.modules.nixos.default { nixpkgs.overlays = [ stockholm.overlays.default ]; } - { - _module.args.nixinate = { - host = "ful"; - sshUser = "root"; - buildOn = "remote"; - substituteOnTarget = true; - hermetic = false; - }; - } ]; }; zaatar = nixpkgs.lib.nixosSystem rec { @@ -517,7 +512,6 @@ q qrpaste radio-news - radioStreams random-zeno rfc scanned diff --git a/lib/systems.nix b/lib/systems.nix index 10af107..4e2cd3b 100644 --- a/lib/systems.nix +++ b/lib/systems.nix @@ -1,3 +1,6 @@ +let + sshPort = 22022; +in { kabsa = { sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk"; @@ -7,6 +10,8 @@ ipv6 = "42:0:3c46:861f:a118:8e9a:82c9:3d"; }; mycelium.ipv6 = "432:e30:d5d8:9311:e34b:6587:96ee:3fcb"; + inherit sshPort; + system = "x86_64-linux"; }; manakish = { sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB"; @@ -16,6 +21,8 @@ ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27"; }; mycelium.ipv6 = "512:d3bd:3cd9:fcc8:ae34:81fa:385f:8c21"; + inherit sshPort; + system = "x86_64-linux"; }; fatteh = { sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByreBjBEMJKjgpKLd5XZHIUUwIhNafVqN6OUOQpJa3y"; @@ -25,6 +32,8 @@ ipv4 = "10.243.2.77"; }; mycelium.ipv6 = "463:a0d4:daa3:aa8d:a9b1:744a:46a5:7a80"; + inherit sshPort; + system = "x86_64-linux"; }; kibbeh = { syncthingId = "HLQSG3D-WSKLA6S-MEYQ3EU-GDBGABE-PY53RQ6-SWQAP2I-Z5MVBVX-MYPJXAM"; @@ -36,6 +45,8 @@ ipv6 = "42:0:3c46:2c8b:a564:1213:9fb4:1bc4"; }; mycelium.ipv6 = "5bf:d60e:bebf:5163:f495:8787:880c:6d41"; + inherit sshPort; + system = "aarch64-linux"; }; zaatar = { retiolum = { @@ -43,6 +54,8 @@ ipv6 = "42:0:3c46:156e:10b6:3bd6:6e82:b2cd"; }; mycelium.ipv6 = "5c5:49e0:7793:f017:59e1:1715:9e0e:3fc8"; + inherit sshPort; + system = "x86_64-linux"; }; makanek = { externalIp = "88.99.83.173"; @@ -51,6 +64,8 @@ ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050"; }; mycelium.ipv6 = "43f:ad4f:fa67:d9f7:8a56:713c:7418:164b"; + inherit sshPort; + system = "x86_64-linux"; }; officejet = { internalIp = "192.168.0.251"; @@ -63,11 +78,15 @@ ipv4 = "10.243.2.78"; ipv6 = ""; }; + inherit sshPort; + system = "x86_64-linux"; }; tahina = { retiolum = { ipv4 = "10.243.2.74"; ipv6 = "42:0:3c46:2923:1c90:872:edd6:306"; }; + inherit sshPort; + system = "x86_64-linux"; }; }