feat: manage dependencies with flakes

.versions/home-manager.json

@@ -1,11 +0,0 @@
-{
-  "url": "https://github.com/nix-community/home-manager.git",
-  "rev": "697cc8c68ed6a606296efbbe9614c32537078756",
-  "date": "2021-12-19T00:59:29+01:00",
-  "path": "/nix/store/fb46bv10azrag2jjlzhil6j11f4x8glw-home-manager",
-  "sha256": "1c8gxm86zshr2zj9dvr02qs7y3m46gqavr6wyv01r09jfd99dxz9",
-  "fetchLFS": false,
-  "fetchSubmodules": false,
-  "deepClone": false,
-  "leaveDotGit": false
-}

.versions/krops.json

@@ -1,11 +0,0 @@
-{
-  "url": "https://cgit.krebsco.de/krops",
-  "rev": "13ae434b140035e7e2664bd5a8ef4c475413b2e0",
-  "date": "2021-11-20T15:46:09+01:00",
-  "path": "/nix/store/ig76yx6z8wmc9papmxg5xnjhl9l22dvb-krops",
-  "sha256": "0mzn213dh3pklvdzfpwi4nin4lncdap447zvl11j81r809jll76j",
-  "fetchLFS": false,
-  "fetchSubmodules": false,
-  "deepClone": false,
-  "leaveDotGit": false
-}

.versions/nix-writers.json

@@ -1,11 +0,0 @@
-{
-  "url": "https://cgit.krebsco.de/nix-writers",
-  "rev": "c528cf970e292790b414b4c1c8c8e9d7e73b2a71",
-  "date": "2019-04-02T20:05:33+02:00",
-  "path": "/nix/store/wm5zhsha1a2iy0d582nlfi7604ayd1vz-nix-writers",
-  "sha256": "0xdivaca1hgbxs79jw9sv4gk4f81vy8kcyaff56hh2dgq2awyvw4",
-  "fetchLFS": false,
-  "fetchSubmodules": false,
-  "deepClone": false,
-  "leaveDotGit": false
-}

.versions/nixpkgs-mozilla.json

@@ -1,11 +0,0 @@
-{
-  "url": "https://github.com/mozilla/nixpkgs-mozilla",
-  "rev": "7c1e8b1dd6ed0043fb4ee0b12b815256b0b9de6f",
-  "date": "2021-12-07T09:28:33-05:00",
-  "path": "/nix/store/pqwcw589i2y2w2116wn3ifl834adjsa0-nixpkgs-mozilla",
-  "sha256": "1a71nfw7d36vplf89fp65vgj3s66np1dc0hqnqgj5gbdnpm1bihl",
-  "fetchLFS": false,
-  "fetchSubmodules": false,
-  "deepClone": false,
-  "leaveDotGit": false
-}

.versions/nixpkgs-unstable.json

@@ -1,11 +0,0 @@
-{
-  "url": "https://github.com/NixOS/nixpkgs.git",
-  "rev": "f01adc7b35a8f80e82f3466e6d873b8b9c8f1b28",
-  "date": "2021-12-22T23:05:28+01:00",
-  "path": "/nix/store/zhfrvg77dzpc3hq02v9zv20dfgqwpzk6-nixpkgs",
-  "sha256": "17iyf2iiizi7c1wr71day3wvgalbkkm2zgc9lpy7y42rl4frq9sf",
-  "fetchLFS": false,
-  "fetchSubmodules": false,
-  "deepClone": false,
-  "leaveDotGit": false
-}

.versions/nixpkgs.json

@@ -1,11 +0,0 @@
-{
-  "url": "https://github.com/NixOS/nixpkgs.git",
-  "rev": "9ab7d12287ced0e1b4c03b61c781901f178d9d77",
-  "date": "2021-12-21T10:09:48+01:00",
-  "path": "/nix/store/minmlh0avkwvvc3p7flhpbglp13kr585-nixpkgs",
-  "sha256": "0bbd2pgcyavqn5wgq0xp8p67lha0kv9iqnh49i9w5fb5g29q7i30",
-  "fetchLFS": false,
-  "fetchSubmodules": false,
-  "deepClone": false,
-  "leaveDotGit": false
-}

.versions/retiolum.json

@@ -1,11 +0,0 @@
-{
-  "url": "https://github.com/krebs/retiolum",
-  "rev": "b72b0a987767b587c79cba8499b5114d69fceeef",
-  "date": "2021-12-28T19:46:45+00:00",
-  "path": "/nix/store/kyaqwf89v6id9mda92x4b0hf778j987x-retiolum",
-  "sha256": "19hjzzlfk1m9ign33w4ppqgmg23v7c6k8l0fm7f33spq8982w7rb",
-  "fetchLFS": false,
-  "fetchSubmodules": false,
-  "deepClone": false,
-  "leaveDotGit": false
-}

.versions/stockholm.json

@@ -1,11 +0,0 @@
-{
-  "url": "https://cgit.lassul.us/stockholm",
-  "rev": "e652f40200e5d86240be8f6cea0b9d1ddbbd0ad6",
-  "date": "2021-12-30T03:22:40+01:00",
-  "path": "/nix/store/l3bj9xb2bbs23314qwn0vjbvirksjllh-stockholm",
-  "sha256": "0rjjaqg6jfzfr61gg6jgknhc147rc9qwmyl8cwrfjv63vc60fyqs",
-  "fetchLFS": false,
-  "fetchSubmodules": false,
-  "deepClone": false,
-  "leaveDotGit": false
-}

deploy.nix

@@ -1,49 +0,0 @@
-let
-  importJson = (import <nixpkgs/lib>).importJSON;
-
-  krops = let kropsVersion = importJson .versions/krops.json; in builtins.fetchGit {
-    rev = kropsVersion.rev;
-    url = kropsVersion.url;
-  };
-  lib = import "${krops}/lib";
-  pkgs = import "${krops}/pkgs" {};
-
-  gitFromJson = path:
-    let
-      object = importJson path;
-    in {
-      inherit (object) url;
-      ref = object.rev;
-    };
-
-  source = name: {
-    niveum.file = toString ./.;
-    nixos-config.symlink =  "niveum/systems/${name}/configuration.nix";
-
-    nixpkgs.git = gitFromJson .versions/nixpkgs.json // { shallow = true; };
-    nixpkgs-unstable.git = gitFromJson .versions/nixpkgs-unstable.json // { shallow = true; };
-    home-manager.git = gitFromJson .versions/home-manager.json;
-    stockholm.git = gitFromJson .versions/stockholm.json;
-    nix-writers.git = gitFromJson .versions/nix-writers.json;
-    retiolum.git = gitFromJson .versions/retiolum.json;
-    nixpkgs-mozilla.git = gitFromJson .versions/nixpkgs-mozilla.json;
-    system-secrets.pass = {
-      dir = toString ~/.password-store;
-      name = "systems/${name}";
-    };
-    secrets.pass = {
-      dir = toString ~/.password-store;
-      name = "shared";
-    };
-  };
-
-  system = {name, host}: let inherit (import ./lib/default.nix) sshPort; in pkgs.krops.writeDeploy "deploy-${name}" {
-    source = lib.evalSource [ (source name) ];
-    target = "root@${host}:${toString sshPort}";
-  };
-in {
-  zaatar = system { name = "zaatar"; host = "zaatar.r"; };
-  kabsa = system { name = "kabsa"; host = "kabsa.r"; };
-  makanek = system { name = "makanek"; host = "makanek.r"; };
-  manakish = system { name = "manakish"; host = "manakish.r"; };
-}

flake.lock

@@ -0,0 +1,187 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1638122382,
+        "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "locked": {
+        "lastModified": 1597053966,
+        "narHash": "sha256-f9lbPS/GJ1His8fsDqM6gfa8kSqREU4eKiMCS5hrKg4=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "ec20f52e2ff61e9c36c2b894b62fc1b4bd04c71b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1639871969,
+        "narHash": "sha256-6feWUnMygRzA9tzkrfAzpA5/NBYg75bkFxnqb1DtD7E=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "697cc8c68ed6a606296efbbe9614c32537078756",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-21.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "krops": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1632420452,
+        "narHash": "sha256-ncK6vABW/Ku9XI0kqj1otarUfblryoQzSaOCnaZ0oSs=",
+        "owner": "Mic92",
+        "repo": "krops",
+        "rev": "0388970c568905fedcbf429e5745aacd4f7a6633",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "krops",
+        "type": "github"
+      }
+    },
+    "nix-writers": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1554228333,
+        "narHash": "sha256-hG/PlcCvCQhNcU55NpHfATkyH9k6cZmO7uvBoJjasXU=",
+        "ref": "master",
+        "rev": "c528cf970e292790b414b4c1c8c8e9d7e73b2a71",
+        "revCount": 32,
+        "type": "git",
+        "url": "https://cgit.krebsco.de/nix-writers"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://cgit.krebsco.de/nix-writers"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1640860570,
+        "narHash": "sha256-k43dodTc3IUH2cJfdzHFhZZOILQeAdtB1mBxbVSu7vw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8d373df05fb709a00b78648d1a63dbce7678bf79",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-21.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-mozilla": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1638887313,
+        "narHash": "sha256-FMYV6rVtvSIfthgC1sK1xugh3y7muoQcvduMdriz4ag=",
+        "owner": "mozilla",
+        "repo": "nixpkgs-mozilla",
+        "rev": "7c1e8b1dd6ed0043fb4ee0b12b815256b0b9de6f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "mozilla",
+        "repo": "nixpkgs-mozilla",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1640874390,
+        "narHash": "sha256-wAmjdulrW1tZQHEUgnK3LmycEfEVi/sq/9nD/22PdI4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7771661d93bad2f3d1d7c65852a918afd2a2bcf1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "retiolum": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1640791306,
+        "narHash": "sha256-qplHzXbpzx3drdSyRkXLfTAqWPlXO7UsHknOiNpZIl4=",
+        "owner": "krebs",
+        "repo": "retiolum",
+        "rev": "f1be75011ac833807d6cdcd436887705935577eb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "krebs",
+        "repo": "retiolum",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "home-manager": "home-manager",
+        "krops": "krops",
+        "nix-writers": "nix-writers",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-mozilla": "nixpkgs-mozilla",
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "retiolum": "retiolum",
+        "stockholm": "stockholm"
+      }
+    },
+    "stockholm": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1640830960,
+        "narHash": "sha256-GnsHDNvDbOkyZ4j6ynFi+ZDAoJ1PmveCye47aR5WUmY=",
+        "ref": "master",
+        "rev": "e652f40200e5d86240be8f6cea0b9d1ddbbd0ad6",
+        "revCount": 10234,
+        "type": "git",
+        "url": "https://cgit.lassul.us/stockholm"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://cgit.lassul.us/stockholm"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,124 @@
+{
+  description = "niveum: packages, modules, systems";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/release-21.11";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
+    flake-utils.url = "github:numtide/flake-utils";
+    home-manager = {
+      url = "github:nix-community/home-manager/release-21.11";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    krops = {
+      url = "github:Mic92/krops";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    stockholm = {
+      url = "git+https://cgit.lassul.us/stockholm";
+      flake = false;
+    };
+    nix-writers = {
+      url = "git+https://cgit.krebsco.de/nix-writers";
+      flake = false;
+    };
+    retiolum = {
+      url = "github:krebs/retiolum";
+      flake = false;
+    };
+    nixpkgs-mozilla = {
+      url = "github:mozilla/nixpkgs-mozilla";
+      flake = false;
+    };
+  };
+
+  outputs =
+  { self
+  , flake-utils
+  , home-manager
+  , krops
+  , nix-writers
+  , nixpkgs
+  , nixpkgs-mozilla
+  , nixpkgs-unstable
+  , retiolum
+  , stockholm
+  }:
+  let
+    system = "x86_64-linux";
+    pkgs = nixpkgs.legacyPackages.${system};
+    # having to declare the git upstream urls here is suboptimal, but the inputs don't remember where they're from
+    source = name: {
+      niveum.file = toString ./.;
+      nixos-config.symlink = "niveum/systems/${name}/configuration.nix";
+      nixpkgs.git = { url = "https://github.com/NixOS/nixpkgs"; ref = nixpkgs.rev; shallow = true; };
+      nixpkgs-unstable.git = { url = "https://github.com/NixOS/nixpkgs"; ref = nixpkgs-unstable.rev; shallow = true; };
+      home-manager.git = { url = "https://github.com/nix-community/home-manager"; ref = home-manager.rev; };
+      stockholm.git = { url = "https://cgit.lassul.us/stockholm"; ref = stockholm.rev; };
+      nix-writers.git = { url = "https://cgit.krebsco.de/nix-writers"; ref = nix-writers.rev; };
+      retiolum.git = { url = "https://github.com/krebs/retiolum"; ref = retiolum.rev; };
+      nixpkgs-mozilla.git = { url = "https://github.com/mozilla/nixpkgs-mozilla"; ref = nixpkgs-mozilla.rev; };
+
+      system-secrets.pass = {
+        dir = toString ~/.password-store;
+        name = "systems/${name}";
+      };
+      secrets.pass = {
+        dir = toString ~/.password-store;
+        name = "shared";
+      };
+    };
+    deployScriptFor = {name, host}: let inherit (import ./lib/default.nix) sshPort; in toString (krops.packages.${system}.writeDeploy "deploy-${name}" {
+      source = krops.lib.evalSource [ (source name) ];
+      target = "root@${host}:${toString sshPort}";
+    });
+  in {
+    apps.${system} = let
+      deployScripts = builtins.listToAttrs (map (system: {
+        name = "deploy-${system}";
+        value = {
+          type = "app";
+          program = deployScriptFor { name = system; host = "${system}.r"; };
+        };
+      }) (builtins.attrNames (builtins.readDir ./systems)));
+    in deployScripts // {
+      deploy-all = {
+        type = "app";
+        program = toString (pkgs.writers.writeDash "deploy-all"
+          (nixpkgs.lib.concatMapStringsSep "\n" (script: script.program) (builtins.attrValues deployScripts)));
+      };
+      niveum-status = {
+        type = "app";
+        program = let
+          statusCommand = pkgs.writers.writeDash "niveum-status-one" ''
+            [ $# -eq 1 ] || {
+              echo "Please provide a niveum system hostname." >&2
+              exit 1
+            }
+
+            hostname="$1"
+            version_file=/etc/niveum/version
+
+            if commit_id="$(${pkgs.coreutils}/bin/timeout 2s ${pkgs.openssh}/bin/ssh "$hostname" cat $version_file 2>/dev/null)"; then
+              ${pkgs.git}/bin/git log -1 --oneline "$commit_id"
+            else
+              echo offline
+            fi
+          '';
+        in toString (pkgs.writers.writeDash "niveum-status" ''
+          if [ $# -gt 0 ]; then
+            systems="$@"
+          else
+            systems="$(ls ${toString ./.}/systems)"
+          fi
+          ${pkgs.parallel}/bin/parallel --line-buffer --tagstring '{}' -q ${statusCommand} '{1}' ::: $systems
+        '');
+      };
+    };
+
+    nixosConfigurations = {};
+    hydraJobs =
+      nixpkgs.lib.mapAttrs'
+        (name: config: nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel)
+        self.nixosConfigurations;
+  };
+}