Set up deploy-rs

2021-01-23 22:21:51 +03:00 · 2021-01-23 22:21:51 +03:00 · b970fa7651
commit b970fa7651
parent 9b08252935
12 changed files with 141 additions and 59 deletions
--- a/flake.lock
+++ b/flake.lock
@ -49,6 +49,43 @@
        "type": "github"
      }
    },
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "naersk": "naersk",
+        "nixpkgs": "nixpkgs",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1611390584,
+        "narHash": "sha256-KajML9i3j8Hrxv8AfG0NjJWttpgRgeldhWZbwPi5rkU=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "726d758768d7b8071dcffa14560a14f588460406",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1606424373,
+        "narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
    "haskell-nix": {
      "locked": {
        "lastModified": 1587989559,
@ -67,7 +104,7 @@
    },
    "home-manager": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1610405518,
@ -85,7 +122,7 @@
    },
    "lambda-launcher": {
      "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1610540707,
@ -133,10 +170,31 @@
        "type": "github"
      }
    },
+    "naersk": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1610392286,
+        "narHash": "sha256-3wFl5y+4YZO4SgRYK8WE7JIS3p0sxbgrGaQ6RMw+d98=",
+        "owner": "nmattia",
+        "repo": "naersk",
+        "rev": "d7bfbad3304fd768c0f93a4c3b50976275e6d4be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nmattia",
+        "ref": "master",
+        "repo": "naersk",
+        "type": "github"
+      }
+    },
    "nix": {
      "inputs": {
        "lowdown-src": "lowdown-src",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
        "lastModified": 1608754232,
@ -168,16 +226,18 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1610452587,
-        "narHash": "sha256-2WYSBb7NxNJ6YTTVB6B1WLn6J/S9zMX2A6cmD3U3/Ug=",
+        "lastModified": 1610942247,
+        "narHash": "sha256-PKo1ATAlC6BmfYSRmX0TVmNoFbrec+A5OKcabGEu2yU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5322c1f7d77a99b3f44130a029db42e40c22a399",
+        "rev": "7d71001b796340b219d1bfa8552c81995017544a",
        "type": "github"
      },
      "original": {
-        "id": "nixpkgs",
-        "type": "indirect"
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
      }
    },
    "nixpkgs-old": {
@ -214,6 +274,20 @@
      }
    },
    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1610452587,
+        "narHash": "sha256-2WYSBb7NxNJ6YTTVB6B1WLn6J/S9zMX2A6cmD3U3/Ug=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5322c1f7d77a99b3f44130a029db42e40c22a399",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1592810120,
        "narHash": "sha256-1xlD1OIs75DvjkWpyZcQBjdu/IgugspPpz8CsBeutaM=",
@ -229,7 +303,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1602702596,
        "narHash": "sha256-fqJ4UgOb4ZUnCDIapDb4gCrtAah5Rnr2/At3IzMitig=",
@ -244,7 +318,7 @@
        "type": "indirect"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1610842533,
        "narHash": "sha256-6hW8CML8RnNrRJMv7E56rXAhsCNgUM97HIVSqWxnO64=",
@ -260,7 +334,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
      "locked": {
        "lastModified": 1599773960,
        "narHash": "sha256-5bL52aaUOOyOBjgKh9/6jQlFbeE+WfVX7dpvjohmD+w=",
@ -275,7 +349,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1587390417,
        "narHash": "sha256-dLQebnBviLNiN2Ei3Iqyxm73EFwz77YcvitvMYwRNA8=",
@ -294,12 +368,13 @@
      "inputs": {
        "NUR": "NUR",
        "base16-unclaimed-schemes": "base16-unclaimed-schemes",
+        "deploy-rs": "deploy-rs",
        "home-manager": "home-manager",
        "lambda-launcher": "lambda-launcher",
        "materia-theme": "materia-theme",
        "nix": "nix",
        "nixos-fhs-compat": "nixos-fhs-compat",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_5",
        "nixpkgs-old": "nixpkgs-old",
        "nixpkgs-wayland": "nixpkgs-wayland",
        "simple-nixos-mailserver": "simple-nixos-mailserver",
@ -328,7 +403,7 @@
    "simple-osd-daemons": {
      "inputs": {
        "crate2nix": "crate2nix",
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_6"
      },
      "locked": {
        "lastModified": 1610453489,
@ -344,6 +419,21 @@
        "type": "github"
      }
    },
+    "utils": {
+      "locked": {
+        "lastModified": 1610051610,
+        "narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "weechat-notify-send": {
      "flake": false,
      "locked": {
@ -379,7 +469,7 @@
    "yt-utilities": {
      "inputs": {
        "haskell-nix": "haskell-nix",
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_7"
      },
      "locked": {
        "lastModified": 1588006875,
--- a/flake.nix
+++ b/flake.nix
@ -6,6 +6,7 @@
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    # nixpkgs-mesa.url = github:nixos/nixpkgs-channels/bdac777becdbb8780c35be4f552c9d4518fe0bdb;
    lambda-launcher.url = "github:balsoft/lambda-launcher";
+    deploy-rs.url = "github:serokell/deploy-rs";
    NUR = {
      url = "github:nix-community/NUR";
      flake = false;
@ -48,7 +49,7 @@
    simple-osd-daemons.url = "github:balsoft/simple-osd-daemons";
  };

-  outputs = { nixpkgs, nix, self, ... }@inputs: {
+  outputs = { nixpkgs, nix, self, deploy-rs, ... }@inputs: {
    nixosModules = import ./modules;

    nixosProfiles = import ./profiles;
@ -59,12 +60,7 @@
        mkHost = name:
          nixosSystem {
            system = builtins.readFile (./machines + "/${name}/system");
-            modules = [
-              (import (./machines + "/${name}"))
-              {
-                device = name;
-              }
-            ];
+            modules = [ (import (./machines + "/${name}")) { device = name; } ];
            specialArgs = { inherit inputs; };
          };
      in genAttrs hosts mkHost;
@ -72,16 +68,16 @@
    legacyPackages.x86_64-linux =
      (builtins.head (builtins.attrValues self.nixosConfigurations)).pkgs;

-    # nix run github:serokell/deploy
-    # Because sudo requires local presence of my Yubikey, we have to manually activate the system
-    # sudo nix-env -p /nix/var/nix/profiles/system --set /nix/var/nix/profiles/per-user/balsoft/system;
-    # sudo /nix/var/nix/profiles/system/bin/switch-to-configuration switch
+    defaultApp = deploy-rs.defaultApp;
+
    deploy = {
-      user = "balsoft";
-      nodes = builtins.mapAttrs (_: conf: {
-        hostname = conf.config.networking.hostName;
-        profiles.system.path = conf.config.system.build.toplevel;
-      }) self.nixosConfigurations;
+      user = "root";
+      nodes.T420-Laptop = {
+        hostname =
+          self.nixosConfigurations.T420-Laptop.config.networking.hostName;
+        profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos
+          self.nixosConfigurations.T420-Laptop;
+      };
    };
  };
 }
--- a/machines/T420-Laptop/default.nix
+++ b/machines/T420-Laptop/default.nix
@ -1,7 +1,7 @@
 { inputs, ... }: {
  imports = with inputs.self.nixosModules; [
    ./hardware-configuration.nix
-    inputs.self.nixosProfiles.desktop
+    inputs.self.nixosProfiles.base
    gitea
    jitsi
    mailserver
--- a/machines/T420-Laptop/hardware-configuration.nix
+++ b/machines/T420-Laptop/hardware-configuration.nix
@ -13,20 +13,15 @@
  boot.extraModulePackages = [ ];

  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/29edff1b-4457-4d0c-9dfc-2cf5b6afcb46";
+    device = "/dev/disk/by-uuid/d3a1bd83-db4d-4e98-9231-b7c7f19a2cfc";
    fsType = "ext4";
  };

  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/4976-D10F";
+    device = "/dev/disk/by-uuid/D36A-068D";
    fsType = "vfat";
  };

-  fileSystems."/var" = {
-    device = "/dev/disk/by-uuid/ad3f31e2-e6d1-43a0-a1ef-7f493fd3a9e2";
-    fsType = "ext4";
-  };
-
  swapDevices = [ ];

  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
--- a/machines/iso-image/default.nix
+++ b/machines/iso-image/default.nix
@ -5,6 +5,6 @@
  ];
  networking.wireless.enable = lib.mkForce false;
  services.openssh.permitRootLogin = lib.mkForce "no";
-  services.mingetty.autologinUser = lib.mkForce "balsoft";
+  services.getty.autologinUser = lib.mkForce "balsoft";
  disabledModules = [ "installer/cd-dvd/channel.nix" ];
 }
--- a/modules/applications/packages.nix
+++ b/modules/applications/packages.nix
@ -6,7 +6,7 @@
      curl
      unrar
      neochat
-    ] ++ lib.optionals config.deviceSpecific.goodMachine ([
+    ] ++ lib.optionals config.deviceSpecific.goodMachine [
      steamcmd
      steam
      haskellPackages.hoogle
@ -38,5 +38,5 @@
      pass-wayland
      papirus-icon-theme
      gnome3.simple-scan
-    ]);
+    ];
 }
--- a/modules/boot.nix
+++ b/modules/boot.nix
@ -1,15 +1,10 @@
 { lib, pkgs, config, ... }: {
  boot = {
    loader = {
-      timeout = 1;
-    } // (if config.deviceSpecific.devInfo.legacy or false then { # Non-UEFI config
-      grub.enable = true;
-      grub.version = 2;
-      grub.useOSProber = true;
-      grub.device = "/dev/sda";
-    } else { # UEFI config
-      systemd-boot.enable = true;
-    });
+      timeout = lib.mkForce 1;
+      grub.enable = lib.mkForce false;
+      systemd-boot.enable = pkgs.system == "x86_64-linux";
+    };
    kernelParams = [ "quiet" "scsi_mod.use_blk_mq=1" "modeset" "nofb" ]
      ++ lib.optionals (pkgs.system == "x86_64-linux") [
        "rd.systemd.show_status=auto"
--- a/modules/secrets-envsubst.nix
+++ b/modules/secrets-envsubst.nix
@ -97,13 +97,17 @@ let
  mkIndividualSecrets = name: cfg:
    map (x: {
      "${name}-envsubst-${x}" = {
-        encrypted = "/home/balsoft/.password-store/${lib.optionalString (! isNull cfg.directory) "${cfg.directory}/"}${x}.gpg";
+        encrypted = "/home/balsoft/.password-store/${
+            lib.optionalString (!isNull cfg.directory) "${cfg.directory}/"
+          }${x}.gpg";
        services = [ ];
      };
    }) cfg.secrets;
 in {
-  options.secrets-envsubst =
-    lib.mkOption { type = attrsOf (submodule envsubstSecrets); };
+  options.secrets-envsubst = lib.mkOption {
+    type = attrsOf (submodule envsubstSecrets);
+    default = { };
+  };
  config.systemd.services =
    mkMerge (concatLists (mapAttrsToList mkServices config.secrets-envsubst));
  config.secrets = mkMerge
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@ -94,13 +94,15 @@ let

  mkServices = name: cfg: [ (decrypt name cfg) (addDependencies name cfg) ];

-  allServices = toString
-    (map (name: "${name}-envsubst.service")
+  allServices = toString (map (name: "${name}-envsubst.service")
    (builtins.attrNames config.secrets-envsubst)
    ++ map (name: "${name}-secrets.service")
    (builtins.attrNames config.secrets));
 in {
-  options.secrets = lib.mkOption { type = attrsOf (submodule secret); };
+  options.secrets = lib.mkOption {
+    type = attrsOf (submodule secret);
+    default = { };
+  };
  config.systemd.services =
    mkMerge (concatLists (mapAttrsToList mkServices config.secrets));

--- a/modules/security.nix
+++ b/modules/security.nix
@ -62,7 +62,7 @@
        then args="-s"
        else args="-san"
      fi
-      ${lib.optionalString (config.deviceSpecific.isLaptop) ''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''}
+      # ${lib.optionalString (config.deviceSpecific.isLaptop) ''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''}
    '')
  ];

--- a/profiles/base.nix
+++ b/profiles/base.nix
@ -16,5 +16,6 @@
    git
    gpg
    zsh
+    misc
  ];
 }
--- a/profiles/desktop.nix
+++ b/profiles/desktop.nix
@ -25,7 +25,6 @@
    kde
    light
    mako
-    misc
    simple-osd-daemons
    sway
    xresources