diff --git a/flake.lock b/flake.lock index 5bd3a42..dd15e9e 100644 --- a/flake.lock +++ b/flake.lock @@ -72,6 +72,28 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat_2", + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1718194053, + "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -141,6 +163,22 @@ "type": "github" } }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -212,7 +250,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1710146030, @@ -230,7 +268,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1710146030, @@ -381,7 +419,7 @@ }, "neovim-nightly-overlay": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-parts": [ "flake-parts" ], @@ -574,7 +612,7 @@ "nifoc-overlay", "nixpkgs" ], - "systems": "systems_4", + "systems": "systems_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -593,7 +631,7 @@ }, "pre-commit-hooks-nix": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" @@ -618,6 +656,7 @@ "inputs": { "agenix": "agenix", "attic": "attic", + "deploy-rs": "deploy-rs", "disko": "disko", "flake-parts": "flake-parts", "flake-root": "flake-root", @@ -679,6 +718,21 @@ } }, "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -733,6 +787,24 @@ "repo": "treefmt-nix", "type": "github" } + }, + "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b8e0eb5..9b395c1 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,11 @@ flake-root.url = "github:srid/flake-root"; + deploy-rs = { + url = "github:serokell/deploy-rs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + treefmt-nix = { url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -82,12 +87,13 @@ }; }; - outputs = inputs@{ self, flake-parts, ... }: + outputs = inputs@{ flake-parts, lix-module, deploy-rs, ... }: flake-parts.lib.mkFlake { inherit inputs; } { flake = let Styx = import ./system/flakes/Styx.nix { - inherit (inputs) nixpkgs lix-module home-manager nix-darwin agenix; + inherit (inputs) nixpkgs home-manager nix-darwin agenix; + inherit lix-module; inherit inputs; }; @@ -98,6 +104,7 @@ mediaserver = import ./system/flakes/mediaserver.nix { inherit (inputs) nixpkgs home-manager agenix; + inherit lix-module; inherit inputs; }; @@ -107,8 +114,8 @@ }; neon = import ./system/flakes/neon.nix { - inherit (inputs) nixpkgs nixos-hardware home-manager agenix; - inherit inputs; + inherit (inputs) nixpkgs nixos-hardware home-manager agenix neovim-nightly-overlay nifoc-overlay; + inherit lix-module; }; adsb-antenna = import ./system/flakes/adsb-antenna.nix { @@ -129,26 +136,20 @@ adsb-antenna = adsb-antenna.system; }; - colmena = + deploy.nodes = let - nixosConf = self.nixosConfigurations; + mkDeployConfig = node: node.deployment // { + profiles.system = { + path = deploy-rs.lib.${node.arch}.activate.nixos node.system; + }; + }; in { - meta = { - # Since I'm only deploying from Styx ... - nixpkgs = import inputs.nixpkgs { - system = "aarch64-darwin"; - }; - - nodeNixpkgs = builtins.mapAttrs (_name: value: value.pkgs) nixosConf; - nodeSpecialArgs = builtins.mapAttrs (_name: value: value._module.specialArgs) nixosConf; - }; - - tanker = tanker.colmena; - mediaserver = mediaserver.colmena; - argon = argon.colmena; - neon = neon.colmena; - adsb-antenna = adsb-antenna.colmena; + tanker = mkDeployConfig tanker; + mediaserver = mkDeployConfig mediaserver; + argon = mkDeployConfig argon; + neon = mkDeployConfig neon; + adsb-antenna = mkDeployConfig adsb-antenna; }; }; @@ -199,7 +200,7 @@ packages = [ inputs'.agenix.packages.agenix - pkgs.colmena + inputs'.deploy-rs.packages.default pkgs.nix-output-monitor ]; diff --git a/home/programs/scripts/nixpkgs-switch b/home/programs/scripts/nixpkgs-switch index dbef3b0..d794642 100755 --- a/home/programs/scripts/nixpkgs-switch +++ b/home/programs/scripts/nixpkgs-switch @@ -35,7 +35,10 @@ if test "$other_hostname" = "" end else git pull - colmena apply --on $other_hostname -v + nom build --eval-store auto --store "ssh-ng://$other_hostname.ts.kempkens.network" ".#nixosConfigurations.$other_hostname.config.system.build.toplevel" + if test $status -eq 0 + deploy --skip-checks ".#$other_hostname" + end end if test $status -eq 0 diff --git a/system/flakes/adsb-antenna.nix b/system/flakes/adsb-antenna.nix index 884a841..963726a 100644 --- a/system/flakes/adsb-antenna.nix +++ b/system/flakes/adsb-antenna.nix @@ -20,7 +20,9 @@ let }; }; in -rec { +{ + arch = default-system; + system = nixpkgs.lib.nixosSystem { system = default-system; modules = [ @@ -44,16 +46,13 @@ rec { ]; }; - colmena = { - deployment = { - targetHost = "adsb-antenna"; - targetPort = 22; - targetUser = "root"; + deployment = { + hostname = "adsb-antenna"; + sshUser = "root"; + remoteBuild = false; + autoRollback = false; + magicRollback = false; - tags = [ "home" "rpi4" ]; - }; - - nixpkgs.system = default-system; - imports = system._module.args.modules; + activationTimeout = 600; }; } diff --git a/system/flakes/argon.nix b/system/flakes/argon.nix index ff88e21..c0c6246 100644 --- a/system/flakes/argon.nix +++ b/system/flakes/argon.nix @@ -3,7 +3,6 @@ let default-system = "aarch64-linux"; - nixpkgsConfig = { overlays = [ inputs.neovim-nightly-overlay.overlays.default @@ -14,13 +13,13 @@ let allowUnfree = true; allowBroken = true; - permittedInsecurePackages = [ - "openssl-1.1.1t" - ]; + permittedInsecurePackages = [ ]; }; }; in -rec { +{ + arch = default-system; + system = nixpkgs.lib.nixosSystem { system = default-system; modules = [ @@ -46,17 +45,11 @@ rec { ]; }; - colmena = { - deployment = { - targetHost = "argon"; - targetPort = 22; - targetUser = "root"; - buildOnTarget = true; - - tags = [ "home" "rpi4" ]; - }; - - nixpkgs.system = default-system; - imports = system._module.args.modules; + deployment = { + hostname = "argon"; + sshUser = "root"; + remoteBuild = true; + autoRollback = false; + magicRollback = false; }; } diff --git a/system/flakes/mediaserver.nix b/system/flakes/mediaserver.nix index 5d927e3..3343a7d 100644 --- a/system/flakes/mediaserver.nix +++ b/system/flakes/mediaserver.nix @@ -1,4 +1,4 @@ -{ nixpkgs, home-manager, agenix, inputs, ... }: +{ nixpkgs, lix-module, home-manager, agenix, inputs, ... }: let default-system = "x86_64-linux"; @@ -13,47 +13,46 @@ let allowUnfree = true; allowBroken = true; - permittedInsecurePackages = [ - "openssl-1.1.1t" - ]; + permittedInsecurePackages = [ ]; }; }; in -rec { +{ + arch = default-system; + system = nixpkgs.lib.nixosSystem { system = default-system; modules = [ - ../hosts/mediaserver.nix - - home-manager.nixosModules.home-manager - - agenix.nixosModules.default - { nixpkgs = nixpkgsConfig; - nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; - nix.registry.nixpkgs.flake = nixpkgs; + nix = { + registry.nixpkgs.to = { type = "path"; path = nixpkgs.outPath; }; + nixPath = nixpkgs.lib.mkForce [ "nixpkgs=flake:nixpkgs" ]; + }; + } + lix-module.nixosModules.default + + home-manager.nixosModules.home-manager + { home-manager = { useGlobalPkgs = true; useUserPackages = true; users.daniel = import ../../home/hosts/mediaserver.nix; }; } + + agenix.nixosModules.default + + ../hosts/mediaserver.nix ]; }; - colmena = { - deployment = { - targetHost = "mediaserver"; - targetPort = 22; - targetUser = "root"; - buildOnTarget = true; - - tags = [ "home" ]; - }; - - nixpkgs.system = default-system; - imports = system._module.args.modules; + deployment = { + hostname = "mediaserver"; + sshUser = "root"; + remoteBuild = true; + autoRollback = false; + magicRollback = false; }; } diff --git a/system/flakes/neon.nix b/system/flakes/neon.nix index fbc084e..22440ca 100644 --- a/system/flakes/neon.nix +++ b/system/flakes/neon.nix @@ -1,61 +1,60 @@ -{ nixpkgs, nixos-hardware, home-manager, agenix, inputs, ... }: +{ nixpkgs, lix-module, nixos-hardware, home-manager, agenix, neovim-nightly-overlay, nifoc-overlay }: let default-system = "aarch64-linux"; nixpkgsConfig = { overlays = [ - inputs.neovim-nightly-overlay.overlays.default - inputs.nifoc-overlay.overlay + neovim-nightly-overlay.overlays.default + nifoc-overlay.overlay ]; config = { allowUnfree = true; allowBroken = true; - permittedInsecurePackages = [ - "openssl-1.1.1t" - ]; + permittedInsecurePackages = [ ]; }; }; in -rec { +{ + arch = default-system; + system = nixpkgs.lib.nixosSystem { system = default-system; modules = [ - ../hosts/neon.nix + { + nixpkgs = nixpkgsConfig; + nix = { + registry.nixpkgs.to = { type = "path"; path = nixpkgs.outPath; }; + nixPath = nixpkgs.lib.mkForce [ "nixpkgs=flake:nixpkgs" ]; + }; + } nixos-hardware.nixosModules.raspberry-pi-4 + lix-module.nixosModules.default + home-manager.nixosModules.home-manager - - agenix.nixosModules.default - { - nixpkgs = nixpkgsConfig; - nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; - nix.registry.nixpkgs.flake = nixpkgs; - home-manager = { useGlobalPkgs = true; useUserPackages = true; users.daniel = import ../../home/hosts/neon.nix; }; } + + agenix.nixosModules.default + + ../hosts/neon.nix ]; }; - colmena = { - deployment = { - targetHost = "neon"; - targetPort = 22; - targetUser = "root"; - buildOnTarget = true; - - tags = [ "home" "rpi4" ]; - }; - - nixpkgs.system = default-system; - imports = system._module.args.modules; + deployment = { + hostname = "neon"; + sshUser = "root"; + remoteBuild = true; + autoRollback = false; + magicRollback = false; }; } diff --git a/system/flakes/tanker.nix b/system/flakes/tanker.nix index 65d2e2e..fa40420 100644 --- a/system/flakes/tanker.nix +++ b/system/flakes/tanker.nix @@ -18,7 +18,9 @@ let }; }; in -rec { +{ + arch = default-system; + system = nixpkgs.lib.nixosSystem { system = default-system; modules = [ @@ -49,17 +51,11 @@ rec { ]; }; - colmena = { - deployment = { - targetHost = "tanker"; - targetPort = 22; - targetUser = "root"; - buildOnTarget = true; - - tags = [ "remote" ]; - }; - - nixpkgs.system = default-system; - imports = system._module.args.modules; + deployment = { + hostname = "tanker"; + sshUser = "root"; + remoteBuild = true; + autoRollback = false; + magicRollback = false; }; } diff --git a/system/hosts/mediaserver.nix b/system/hosts/mediaserver.nix index b3f3c0f..e99d9df 100644 --- a/system/hosts/mediaserver.nix +++ b/system/hosts/mediaserver.nix @@ -55,8 +55,6 @@ in system.stateVersion = "22.11"; nix = { - package = pkgs.nixVersions.stable; - settings = { experimental-features = [ "nix-command" "flakes" ]; extra-platforms = [ "aarch64-linux" ]; @@ -71,6 +69,7 @@ in "https://attic.cache.daniel.sx/nifoc-ci?priority=35" "https://nix-community.cachix.org?priority=50" "https://cache.garnix.io?priority=60" + "https://cache.lix.systems?priority=70" ]; extra-trusted-public-keys = [ @@ -78,6 +77,7 @@ in "nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ]; trusted-users = [ diff --git a/system/hosts/neon.nix b/system/hosts/neon.nix index 89ebf0d..b32cee9 100644 --- a/system/hosts/neon.nix +++ b/system/hosts/neon.nix @@ -34,8 +34,6 @@ in system.stateVersion = "23.11"; nix = { - package = pkgs.nixVersions.stable; - settings = { experimental-features = [ "nix-command" "flakes" ]; @@ -49,6 +47,7 @@ in "https://attic.cache.daniel.sx/nifoc-ci?priority=35" "https://nix-community.cachix.org?priority=50" "https://cache.garnix.io?priority=60" + "https://cache.lix.systems?priority=70" ]; extra-trusted-public-keys = [ @@ -56,6 +55,7 @@ in "nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ]; connect-timeout = 5;