squibid/flake-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

deploy-rs + nixos-anywhere

Browse source
This commit is contained in:
Squibid 2025-11-25 10:42:04 -05:00
parent 469f4dcd43
commit d28ec06ae9
Signed by: squibid
GPG key ID: BECE5684D3C4005D
8 changed files with 182 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -9,9 +9,9 @@ keys:
- &users:
- &dev age14d55nfxlzm8t2yzplxpprygxmt99javafz9a8dh5llu87aww4qlswf6g0c
- &hosts:
- &dev-vm age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4
- &crayon age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv
- &blobercraft age167gn88rldpmqmjhm9nl0gv05ms4tn37jx2nxwklfvs3xymfp9y7sa8vurh
- &dev-vm age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4
- &crayon age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv
- &blobercraft age167gn88rldpmqmjhm9nl0gv05ms4tn37jx2nxwklfvs3xymfp9y7sa8vurh
creation_rules:
- path_regex: secrets.yaml$
key_groups:

24
Makefile
View file

@ -1,25 +1,35 @@
IP ?=
HOST ?=
deploy:
# push flake config to a remote server
init:
ifeq ($(IP),)
$(error IP not set)
endif
ifeq ($(HOST),)
$(error HOST not set)
endif
nix run github:nix-community/nixos-anywhere -- --flake .#$(HOST) --generate-hardware-config nixos-generate-config ./hosts/$(HOST)/hardware-configuration.nix --target-host nixos@$(IP)
deploy:
# no impurity allowed
ifneq ($(shell git diff),)
git add .
git commit -m "auto commit on build" -m "`PAGER=cat git diff --name-only --cached`"
endif
rsync -azr ./ crown@$(IP):~/flake-config
ssh crown@$(IP) "sudo NIX_CONFIG='experimental-features = flakes pipe-operators' nixos-rebuild switch --flake ~/flake-config#$(HOST)"
# push flake config to a remote server(s)
nix run github:serokell/deploy-rs .
sops:
# update sops keys
# For setting up a new host: to generate a sops key from an existing ssh key
# just run `cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age` and then add
# that to the .sops.yaml file
sops updatekeys secrets.yaml
.DEFAULT_GOAL := default
.PHONY: default deploy sops
.PHONY: default deploy init sops
default:
# noop
# This is my tiny makefile to create new machines and update existing ones
# it requires you to have nix and sops installed to correctly setup a new
# system and nix to deploy to an existing one.
#
# I'm not using just cause I've already got make installed everywhere and I
# know how to use it.

93
flake.lock generated
View file

@ -22,6 +22,64 @@
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1762286984,
"narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1764017209,
"narHash": "sha256-RoJGCtKExXXkNCZUmmxezG3eOczEOTBw38DaZGSYJC0=",
"owner": "nix-community",
"repo": "disko",
"rev": "ec8eabe00c4ee9a2ddc50162c125f0ec2a7099e1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nid": {
"inputs": {
"nixpkgs": [
@ -60,6 +118,8 @@
"root": {
"inputs": {
"declarative-jellyfin": "declarative-jellyfin",
"deploy-rs": "deploy-rs",
"disko": "disko",
"nid": "nid",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix",
@ -100,6 +160,21 @@
"type": "indirect"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -135,6 +210,24 @@
"ref": "nixos-unstable",
"type": "indirect"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

27
flake.nix
View file

@ -12,6 +12,12 @@
declarative-jellyfin.url = "github:Sveske-Juice/declarative-jellyfin";
declarative-jellyfin.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, unstable, ... }@inputs: let
base = [
@ -34,6 +40,8 @@
# use comma just in case I need to do some sysadmin stuff
inputs.nid.nixosModules.nix-index
{ programs.nix-index-database.comma.enable = true; }
# disko for completly declarative machines
inputs.disko.nixosModules.disko
];
# ts so DRY it makes me wanna cry
@ -47,11 +55,30 @@
] ++ modules;
}
)) <| hosts;
mkNodes = nodes:
(builtins.mapAttrs (name: options:
nixpkgs.lib.attrsets.recursiveUpdate {
hostname = name;
profiles.system = {
user = "root";
sshUser = "crown";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${name};
};
} options
)) <| nodes;
in {
# define all of my machines
nixosConfigurations = mkHosts {
blobercraft = [];
crayon = [];
};
# and where they get deployed to
deploy.nodes = mkNodes {
crayon = { hostname = "squi.bid"; };
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
};
}

6
hosts/blobercraft/default.nix
View file

@ -1,6 +1,10 @@
{ ... }:
{ modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disko.nix
./hardware-configuration.nix # Include the results of the hardware scan.
./jellyfin.nix
./minecraft.nix

36
hosts/blobercraft/disko.nix Normal file
View file

@ -0,0 +1,36 @@
{ lib, ... }:
{
disko.devices = {
disk.main = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
}

13
hosts/blobercraft/hardware-configuration.nix
View file

@ -13,19 +13,6 @@
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/59b4c37b-b8c6-4b95-96af-e343161381bb";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/E8A3-780D";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction

1
modules/os.nix
View file

@ -4,6 +4,7 @@
settings = {
experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
auto-optimise-store = true;
trusted-users = [ "@wheel" ];
};
gc = {
dates = "weekly";