diff --git a/.versions/home-manager.json b/.versions/home-manager.json deleted file mode 100644 index 73e5c38..0000000 --- a/.versions/home-manager.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "url": "https://github.com/nix-community/home-manager.git", - "rev": "697cc8c68ed6a606296efbbe9614c32537078756", - "date": "2021-12-19T00:59:29+01:00", - "path": "/nix/store/fb46bv10azrag2jjlzhil6j11f4x8glw-home-manager", - "sha256": "1c8gxm86zshr2zj9dvr02qs7y3m46gqavr6wyv01r09jfd99dxz9", - "fetchLFS": false, - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/.versions/krops.json b/.versions/krops.json deleted file mode 100644 index bdb4556..0000000 --- a/.versions/krops.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "url": "https://cgit.krebsco.de/krops", - "rev": "13ae434b140035e7e2664bd5a8ef4c475413b2e0", - "date": "2021-11-20T15:46:09+01:00", - "path": "/nix/store/ig76yx6z8wmc9papmxg5xnjhl9l22dvb-krops", - "sha256": "0mzn213dh3pklvdzfpwi4nin4lncdap447zvl11j81r809jll76j", - "fetchLFS": false, - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/.versions/nix-writers.json b/.versions/nix-writers.json deleted file mode 100644 index 81fdf94..0000000 --- a/.versions/nix-writers.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "url": "https://cgit.krebsco.de/nix-writers", - "rev": "c528cf970e292790b414b4c1c8c8e9d7e73b2a71", - "date": "2019-04-02T20:05:33+02:00", - "path": "/nix/store/wm5zhsha1a2iy0d582nlfi7604ayd1vz-nix-writers", - "sha256": "0xdivaca1hgbxs79jw9sv4gk4f81vy8kcyaff56hh2dgq2awyvw4", - "fetchLFS": false, - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/.versions/nixpkgs-mozilla.json b/.versions/nixpkgs-mozilla.json deleted file mode 100644 index b0b48e3..0000000 --- a/.versions/nixpkgs-mozilla.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "url": "https://github.com/mozilla/nixpkgs-mozilla", - "rev": "7c1e8b1dd6ed0043fb4ee0b12b815256b0b9de6f", - "date": "2021-12-07T09:28:33-05:00", - "path": "/nix/store/pqwcw589i2y2w2116wn3ifl834adjsa0-nixpkgs-mozilla", - "sha256": "1a71nfw7d36vplf89fp65vgj3s66np1dc0hqnqgj5gbdnpm1bihl", - "fetchLFS": false, - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/.versions/nixpkgs-unstable.json b/.versions/nixpkgs-unstable.json deleted file mode 100644 index 9e8c6f5..0000000 --- a/.versions/nixpkgs-unstable.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "url": "https://github.com/NixOS/nixpkgs.git", - "rev": "f01adc7b35a8f80e82f3466e6d873b8b9c8f1b28", - "date": "2021-12-22T23:05:28+01:00", - "path": "/nix/store/zhfrvg77dzpc3hq02v9zv20dfgqwpzk6-nixpkgs", - "sha256": "17iyf2iiizi7c1wr71day3wvgalbkkm2zgc9lpy7y42rl4frq9sf", - "fetchLFS": false, - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/.versions/nixpkgs.json b/.versions/nixpkgs.json deleted file mode 100644 index bc03f9a..0000000 --- a/.versions/nixpkgs.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "url": "https://github.com/NixOS/nixpkgs.git", - "rev": "9ab7d12287ced0e1b4c03b61c781901f178d9d77", - "date": "2021-12-21T10:09:48+01:00", - "path": "/nix/store/minmlh0avkwvvc3p7flhpbglp13kr585-nixpkgs", - "sha256": "0bbd2pgcyavqn5wgq0xp8p67lha0kv9iqnh49i9w5fb5g29q7i30", - "fetchLFS": false, - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/.versions/retiolum.json b/.versions/retiolum.json deleted file mode 100644 index 576c6f8..0000000 --- a/.versions/retiolum.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "url": "https://github.com/krebs/retiolum", - "rev": "b72b0a987767b587c79cba8499b5114d69fceeef", - "date": "2021-12-28T19:46:45+00:00", - "path": "/nix/store/kyaqwf89v6id9mda92x4b0hf778j987x-retiolum", - "sha256": "19hjzzlfk1m9ign33w4ppqgmg23v7c6k8l0fm7f33spq8982w7rb", - "fetchLFS": false, - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/.versions/stockholm.json b/.versions/stockholm.json deleted file mode 100644 index dd0ea7d..0000000 --- a/.versions/stockholm.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "url": "https://cgit.lassul.us/stockholm", - "rev": "e652f40200e5d86240be8f6cea0b9d1ddbbd0ad6", - "date": "2021-12-30T03:22:40+01:00", - "path": "/nix/store/l3bj9xb2bbs23314qwn0vjbvirksjllh-stockholm", - "sha256": "0rjjaqg6jfzfr61gg6jgknhc147rc9qwmyl8cwrfjv63vc60fyqs", - "fetchLFS": false, - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/deploy.nix b/deploy.nix deleted file mode 100644 index 2207556..0000000 --- a/deploy.nix +++ /dev/null @@ -1,49 +0,0 @@ -let - importJson = (import ).importJSON; - - krops = let kropsVersion = importJson .versions/krops.json; in builtins.fetchGit { - rev = kropsVersion.rev; - url = kropsVersion.url; - }; - lib = import "${krops}/lib"; - pkgs = import "${krops}/pkgs" {}; - - gitFromJson = path: - let - object = importJson path; - in { - inherit (object) url; - ref = object.rev; - }; - - source = name: { - niveum.file = toString ./.; - nixos-config.symlink = "niveum/systems/${name}/configuration.nix"; - - nixpkgs.git = gitFromJson .versions/nixpkgs.json // { shallow = true; }; - nixpkgs-unstable.git = gitFromJson .versions/nixpkgs-unstable.json // { shallow = true; }; - home-manager.git = gitFromJson .versions/home-manager.json; - stockholm.git = gitFromJson .versions/stockholm.json; - nix-writers.git = gitFromJson .versions/nix-writers.json; - retiolum.git = gitFromJson .versions/retiolum.json; - nixpkgs-mozilla.git = gitFromJson .versions/nixpkgs-mozilla.json; - system-secrets.pass = { - dir = toString ~/.password-store; - name = "systems/${name}"; - }; - secrets.pass = { - dir = toString ~/.password-store; - name = "shared"; - }; - }; - - system = {name, host}: let inherit (import ./lib/default.nix) sshPort; in pkgs.krops.writeDeploy "deploy-${name}" { - source = lib.evalSource [ (source name) ]; - target = "root@${host}:${toString sshPort}"; - }; -in { - zaatar = system { name = "zaatar"; host = "zaatar.r"; }; - kabsa = system { name = "kabsa"; host = "kabsa.r"; }; - makanek = system { name = "makanek"; host = "makanek.r"; }; - manakish = system { name = "manakish"; host = "manakish.r"; }; -} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..3d6f267 --- /dev/null +++ b/flake.lock @@ -0,0 +1,187 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1597053966, + "narHash": "sha256-f9lbPS/GJ1His8fsDqM6gfa8kSqREU4eKiMCS5hrKg4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ec20f52e2ff61e9c36c2b894b62fc1b4bd04c71b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1639871969, + "narHash": "sha256-6feWUnMygRzA9tzkrfAzpA5/NBYg75bkFxnqb1DtD7E=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "697cc8c68ed6a606296efbbe9614c32537078756", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-21.11", + "repo": "home-manager", + "type": "github" + } + }, + "krops": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1632420452, + "narHash": "sha256-ncK6vABW/Ku9XI0kqj1otarUfblryoQzSaOCnaZ0oSs=", + "owner": "Mic92", + "repo": "krops", + "rev": "0388970c568905fedcbf429e5745aacd4f7a6633", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "krops", + "type": "github" + } + }, + "nix-writers": { + "flake": false, + "locked": { + "lastModified": 1554228333, + "narHash": "sha256-hG/PlcCvCQhNcU55NpHfATkyH9k6cZmO7uvBoJjasXU=", + "ref": "master", + "rev": "c528cf970e292790b414b4c1c8c8e9d7e73b2a71", + "revCount": 32, + "type": "git", + "url": "https://cgit.krebsco.de/nix-writers" + }, + "original": { + "type": "git", + "url": "https://cgit.krebsco.de/nix-writers" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1640860570, + "narHash": "sha256-k43dodTc3IUH2cJfdzHFhZZOILQeAdtB1mBxbVSu7vw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8d373df05fb709a00b78648d1a63dbce7678bf79", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-mozilla": { + "flake": false, + "locked": { + "lastModified": 1638887313, + "narHash": "sha256-FMYV6rVtvSIfthgC1sK1xugh3y7muoQcvduMdriz4ag=", + "owner": "mozilla", + "repo": "nixpkgs-mozilla", + "rev": "7c1e8b1dd6ed0043fb4ee0b12b815256b0b9de6f", + "type": "github" + }, + "original": { + "owner": "mozilla", + "repo": "nixpkgs-mozilla", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1640874390, + "narHash": "sha256-wAmjdulrW1tZQHEUgnK3LmycEfEVi/sq/9nD/22PdI4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7771661d93bad2f3d1d7c65852a918afd2a2bcf1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, + "retiolum": { + "flake": false, + "locked": { + "lastModified": 1640791306, + "narHash": "sha256-qplHzXbpzx3drdSyRkXLfTAqWPlXO7UsHknOiNpZIl4=", + "owner": "krebs", + "repo": "retiolum", + "rev": "f1be75011ac833807d6cdcd436887705935577eb", + "type": "github" + }, + "original": { + "owner": "krebs", + "repo": "retiolum", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "home-manager": "home-manager", + "krops": "krops", + "nix-writers": "nix-writers", + "nixpkgs": "nixpkgs", + "nixpkgs-mozilla": "nixpkgs-mozilla", + "nixpkgs-unstable": "nixpkgs-unstable", + "retiolum": "retiolum", + "stockholm": "stockholm" + } + }, + "stockholm": { + "flake": false, + "locked": { + "lastModified": 1640830960, + "narHash": "sha256-GnsHDNvDbOkyZ4j6ynFi+ZDAoJ1PmveCye47aR5WUmY=", + "ref": "master", + "rev": "e652f40200e5d86240be8f6cea0b9d1ddbbd0ad6", + "revCount": 10234, + "type": "git", + "url": "https://cgit.lassul.us/stockholm" + }, + "original": { + "type": "git", + "url": "https://cgit.lassul.us/stockholm" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..8abec99 --- /dev/null +++ b/flake.nix @@ -0,0 +1,124 @@ +{ + description = "niveum: packages, modules, systems"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/release-21.11"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/master"; + flake-utils.url = "github:numtide/flake-utils"; + home-manager = { + url = "github:nix-community/home-manager/release-21.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + krops = { + url = "github:Mic92/krops"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + stockholm = { + url = "git+https://cgit.lassul.us/stockholm"; + flake = false; + }; + nix-writers = { + url = "git+https://cgit.krebsco.de/nix-writers"; + flake = false; + }; + retiolum = { + url = "github:krebs/retiolum"; + flake = false; + }; + nixpkgs-mozilla = { + url = "github:mozilla/nixpkgs-mozilla"; + flake = false; + }; + }; + + outputs = + { self + , flake-utils + , home-manager + , krops + , nix-writers + , nixpkgs + , nixpkgs-mozilla + , nixpkgs-unstable + , retiolum + , stockholm + }: + let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + # having to declare the git upstream urls here is suboptimal, but the inputs don't remember where they're from + source = name: { + niveum.file = toString ./.; + nixos-config.symlink = "niveum/systems/${name}/configuration.nix"; + nixpkgs.git = { url = "https://github.com/NixOS/nixpkgs"; ref = nixpkgs.rev; shallow = true; }; + nixpkgs-unstable.git = { url = "https://github.com/NixOS/nixpkgs"; ref = nixpkgs-unstable.rev; shallow = true; }; + home-manager.git = { url = "https://github.com/nix-community/home-manager"; ref = home-manager.rev; }; + stockholm.git = { url = "https://cgit.lassul.us/stockholm"; ref = stockholm.rev; }; + nix-writers.git = { url = "https://cgit.krebsco.de/nix-writers"; ref = nix-writers.rev; }; + retiolum.git = { url = "https://github.com/krebs/retiolum"; ref = retiolum.rev; }; + nixpkgs-mozilla.git = { url = "https://github.com/mozilla/nixpkgs-mozilla"; ref = nixpkgs-mozilla.rev; }; + + system-secrets.pass = { + dir = toString ~/.password-store; + name = "systems/${name}"; + }; + secrets.pass = { + dir = toString ~/.password-store; + name = "shared"; + }; + }; + deployScriptFor = {name, host}: let inherit (import ./lib/default.nix) sshPort; in toString (krops.packages.${system}.writeDeploy "deploy-${name}" { + source = krops.lib.evalSource [ (source name) ]; + target = "root@${host}:${toString sshPort}"; + }); + in { + apps.${system} = let + deployScripts = builtins.listToAttrs (map (system: { + name = "deploy-${system}"; + value = { + type = "app"; + program = deployScriptFor { name = system; host = "${system}.r"; }; + }; + }) (builtins.attrNames (builtins.readDir ./systems))); + in deployScripts // { + deploy-all = { + type = "app"; + program = toString (pkgs.writers.writeDash "deploy-all" + (nixpkgs.lib.concatMapStringsSep "\n" (script: script.program) (builtins.attrValues deployScripts))); + }; + niveum-status = { + type = "app"; + program = let + statusCommand = pkgs.writers.writeDash "niveum-status-one" '' + [ $# -eq 1 ] || { + echo "Please provide a niveum system hostname." >&2 + exit 1 + } + + hostname="$1" + version_file=/etc/niveum/version + + if commit_id="$(${pkgs.coreutils}/bin/timeout 2s ${pkgs.openssh}/bin/ssh "$hostname" cat $version_file 2>/dev/null)"; then + ${pkgs.git}/bin/git log -1 --oneline "$commit_id" + else + echo offline + fi + ''; + in toString (pkgs.writers.writeDash "niveum-status" '' + if [ $# -gt 0 ]; then + systems="$@" + else + systems="$(ls ${toString ./.}/systems)" + fi + ${pkgs.parallel}/bin/parallel --line-buffer --tagstring '{}' -q ${statusCommand} '{1}' ::: $systems + ''); + }; + }; + + nixosConfigurations = {}; + hydraJobs = + nixpkgs.lib.mapAttrs' + (name: config: nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) + self.nixosConfigurations; + }; +}