commit 4f470678055f8b1a2dc835a6fc1cb87f429e5b35
parent 026367bf78ca7ced9ee25b91f81d8afa82924cd2
Author: Katja (ctucx) <git@ctu.cx>
Date: Thu, 6 Mar 2025 18:27:41 +0100
parent 026367bf78ca7ced9ee25b91f81d8afa82924cd2
Author: Katja (ctucx) <git@ctu.cx>
Date: Thu, 6 Mar 2025 18:27:41 +0100
replace `colmena` with `deploy-rs`
13 files changed, 140 insertions(+), 186 deletions(-)
diff --git a/configurations/common/common.nix b/configurations/common/common.nix @@ -15,6 +15,8 @@ in { ctucxConfig.programs.tmux ctucxConfig.programs.htop + ctucxConfig.programs.deploymentUtilities + ctucxConfig.programs.shellUtilities ctucxConfig.programs.networkUtilities @@ -43,11 +45,9 @@ in { experimental-features = [ "nix-command" "flakes" ]; extra-substituters = [ "https://cache.lix.systems" - "https://colmena.cachix.org" ]; trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" ]; }; };
diff --git a/configurations/common/programs/deploymentUtilities.nix b/configurations/common/programs/deploymentUtilities.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: + +{ + + home-manager.users.katja = { + home.packages = with pkgs; [ + agenix + age + + deploy-rs + + ]; + }; + +}
diff --git a/configurations/common/programs/scripts.nix b/configurations/common/programs/scripts.nix @@ -16,16 +16,6 @@ let nix-store --optimise ''; - colmena-remote = pkgs.writeShellScriptBin "colmena-remote" '' - set -euo xtrace - - NIXFILES="`git rev-parse --show-toplevel`/" - SSH_HOST="''${HOST:-briefkasten.ctu.cx}" - - rsync -Pavh $NIXFILES $SSH_HOST:/home/katja/nixfiles/ - ssh -A -S none $SSH_HOST nix shell nixpkgs#colmena --command colmena -f ./nixfiles/flake.nix "$@" - ''; - backupToSSD = pkgs.writeShellScriptBin "backupToSSD" '' set -euo pipefail IFS=$'\n\t' @@ -148,7 +138,7 @@ let in { - home-manager.users.katja.home.packages = [ nix-cleanup colmena-remote ] ++ lib.optionals ( config.nixpkgs.system == "x86_64-linux") [ + home-manager.users.katja.home.packages = [ nix-cleanup ] ++ lib.optionals ( config.nixpkgs.system == "x86_64-linux") [ backupToSSD ];
diff --git a/configurations/common/programs/shellUtilities.nix b/configurations/common/programs/shellUtilities.nix @@ -34,10 +34,6 @@ home.packages = with pkgs; [ coreutils - colmena - - agenix - age wget curl
diff --git a/configurations/nixos/default.nix b/configurations/nixos/default.nix @@ -1,4 +1,4 @@ -{ inputs, config, ctucxConfig, lib, pkgs, ... }@args: +{ inputs, nodeName, config, ctucxConfig, lib, pkgs, ... }: let katja-pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIHFm/bePR+HT5MAuMslUHt68nTrEhlqcKIS+9Rfi9FzRKAia/DdLbwpfC1iXuM+iQd8fIMp4Ir+kBMqoZaVzyCtqKH6QHbhwBiWIdMA7FndMbfDcO9BzUcqCAVt8HxcGd1Z4bE9ZgZZuIsJiPbqJ+QbK1rkY8uJLDVR2MXI5jpU/m+9RJzrwVZ6JxwjdY4cNaIYwoOW6ZxL+ukLRwy+spBWmWdcHeq6zeLsl/OjUV6WIh2pM9O0o9nsiDekhOBf2MJLlM+e8rWICwYsfLqGAeRAuDe03BFBXsbDg/lqTYB5G8XSaT2R8ty2RyeEBySS32pUyErdKVXnyHNBEvxC6+cJiZtL8rhkpU1qRg/MIUjprMVUWisMlYnai2K0VpNpc5w09YXQl7aXSge8L/5+IzugPj17+FK4FVwRptXxynnYeKiwWEsOiiFe3IVaQ6vyRN66fbMjx/d0JSfadbwV7L++aT85bsb05zhNDpaqK1I5sGs3uV3CglkmhxBmky67Eq/qkMlJZMVtgE7i88H8+XzTiofJaKYTeyq+XQnK6a6OVGyca2dEorBFmBTEtz70nQnSrhPqQrS4zgr4OTSFtUtdFVDzgHaxRC+y4/SP5zCA8Xfwp0q1M0jVE9XpVpGydXtGGV08uXOsDPv5E4euxq6qgv8d2azDeBHXp+kEHm4w== (none)"; @@ -12,16 +12,9 @@ in { boot.loader.efi.canTouchEfiVariables = lib.mkDefault true; boot.loader.systemd-boot.enable = lib.mkDefault true; - networking.hostName = lib.mkDefault args.name; + networking.hostName = lib.mkDefault nodeName; networking.domain = lib.mkDefault "ctu.cx"; - deployment = { - buildOnTarget = lib.mkDefault false; - targetUser = lib.mkDefault "root"; - targetHost = lib.mkDefault config.networking.fqdn; - targetPort = lib.mkDefault (lib.head config.services.openssh.ports); - }; - i18n.defaultLocale = "en_US.UTF-8"; i18n.supportedLocales = ["de_DE.UTF-8/UTF-8" "en_US.UTF-8/UTF-8"];
diff --git a/configurations/nixos/services/dns-server.nix b/configurations/nixos/services/dns-server.nix @@ -1,4 +1,4 @@ -{ nodes, config, dnsNix, ctucxLib, lib, pkgs, ...}: +{ inputs, config, dnsNix, ctucxLib, lib, pkgs, ...}: let acmeZone = "acme.ctu.cx"; @@ -8,12 +8,12 @@ let ); nodesWithACMERecords = ( - nodes + inputs.self.nixosConfigurations |> lib.filterAttrs (hostName: nodeCfg: nodeCfg.config.security.acme.certs != {}) ); getAllDomainsPerNode = hostName: ( - nodes.${hostName}.config.security.acme.certs + inputs.self.nixosConfigurations.${hostName}.config.security.acme.certs |> lib.mapAttrsToList (domain: cfg: [ domain ] ++ cfg.extraDomainNames) |> lib.flatten ); @@ -40,8 +40,6 @@ let in { - deployment.tags = [ "dnsServer" ]; - age.secrets = lib.mkIf config.dns.primary { knotKeys = { file = ./. + "/../../../secrets/${config.networking.hostName}/knot-keys.age"; @@ -125,8 +123,14 @@ in { inherit SOA NS CAA; subdomains = { - ns1 = (host nodes.hector.config.networking.primaryIP4 nodes.hector.config.networking.primaryIP); - ns2 = (host nodes.wanderduene.config.networking.primaryIP4 nodes.wanderduene.config.networking.primaryIP); + ns1 = (host + inputs.self.nixosConfigurations.hector.config.networking.primaryIP4 + inputs.self.nixosConfigurations.hector.config.networking.primaryIP + ); + ns2 = (host + inputs.self.nixosConfigurations.wanderduene.config.networking.primaryIP4 + inputs.self.nixosConfigurations.wanderduene.config.networking.primaryIP + ); "acme".NS = [ "ns1" "ns2" ];
diff --git a/configurations/nixos/services/restic-server.nix b/configurations/nixos/services/restic-server.nix @@ -2,8 +2,6 @@ { - deployment.tags = [ "resticServer" ]; - age.secrets.restic-server-htpasswd = { file = ./. + "/../../../secrets/${config.networking.hostName}/restic-server-htpasswd.age"; owner = "nginx";
diff --git a/configurations/nixos/websites/prometheus.ctu.cx.nix b/configurations/nixos/websites/prometheus.ctu.cx.nix @@ -1,4 +1,4 @@ -{ nodes, config, lib, pkgs, ... }: +{ inputs, config, lib, pkgs, ... }: { @@ -25,7 +25,7 @@ host.config.networking.hostName != "" && host.config.networking.domain != "" ) host.config.networking.fqdn - ) nodes); + ) inputs.self.nixosConfigurations); }]; } @@ -41,7 +41,7 @@ host.config.networking.hostName != "" && host.config.networking.domain != "" ) host.config.networking.fqdn - ) nodes); + ) inputs.self.nixosConfigurations); }]; } @@ -57,7 +57,7 @@ host.config.networking.hostName != "" && host.config.networking.domain != "" ) host.config.networking.fqdn - ) nodes); + ) inputs.self.nixosConfigurations); }]; }
diff --git a/flake.lock b/flake.lock @@ -45,34 +45,6 @@ "type": "gitlab" } }, - "colmena": { - "inputs": { - "flake-compat": [ - "flakeCompat" - ], - "flake-utils": [ - "flakeUtils" - ], - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ], - "stable": "stable" - }, - "locked": { - "lastModified": 1739900653, - "narHash": "sha256-hPSLvw6AZQYrZyGI6Uq4XgST7benF/0zcCpugn/P0yM=", - "owner": "zhaofengli", - "repo": "colmena", - "rev": "2370d4336eda2a9ef29fce10fa7076ae011983ab", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "repo": "colmena", - "type": "github" - } - }, "crane": { "inputs": { "nixpkgs": [ @@ -154,6 +126,32 @@ "url": "https://git.ctu.cx/website" } }, + "deploy-rs": { + "inputs": { + "flake-compat": [ + "flakeCompat" + ], + "nixpkgs": [ + "nixpkgs" + ], + "utils": [ + "flakeUtils" + ] + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "dnsNix": { "inputs": { "flake-utils": [ @@ -494,27 +492,6 @@ "url": "https://git.ctu.cx/mqtt-webui" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "colmena", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nixDarwin": { "inputs": { "nixpkgs": [ @@ -660,10 +637,10 @@ "root": { "inputs": { "agenix": "agenix", - "colmena": "colmena", "ctucxGallery": "ctucxGallery", "ctucxThings": "ctucxThings", "ctucxWebsite": "ctucxWebsite", + "deploy-rs": "deploy-rs", "dnsNix": "dnsNix", "firefoxGnomeTheme": "firefoxGnomeTheme", "flakeCompat": "flakeCompat", @@ -744,22 +721,6 @@ "type": "gitlab" } }, - "stable": { - "locked": { - "lastModified": 1730883749, - "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "stagit": { "inputs": { "nixpkgs": [
diff --git a/flake.nix b/flake.nix @@ -1,4 +1,4 @@ -{ + { description = "A flake for building my infra"; @@ -15,7 +15,6 @@ if name == [] then value else ( if (builtins.hasAttr "default" value) then value.default else value ) - ); loadDir = path: inputs.haumea.lib.load { @@ -35,12 +34,12 @@ in { - ctucxConfig.common = loadDir ./configurations/common; - ctucxConfig.nixos = inputs.nixpkgs.lib.recursiveUpdate inputs.self.ctucxConfig.common (loadDir ./configurations/nixos); - ctucxConfig.darwin = inputs.nixpkgs.lib.recursiveUpdate inputs.self.ctucxConfig.common (loadDir ./configurations/darwin); + ctucxConfig.common = loadDir ./configurations/common; + ctucxConfig.nixos = inputs.nixpkgs.lib.recursiveUpdate inputs.self.ctucxConfig.common (loadDir ./configurations/nixos); + ctucxConfig.darwin = inputs.nixpkgs.lib.recursiveUpdate inputs.self.ctucxConfig.common (loadDir ./configurations/darwin); - nixosModules = loadDir ./modules/nixos; - darwinModules = loadDir ./modules/darwin; + nixosModules = loadDir ./modules/nixos; + darwinModules = loadDir ./modules/darwin; lib = inputs.haumea.lib.load { src = ./lib; @@ -63,57 +62,23 @@ transformer = transformer; }; - - nixosConfigurations = (inputs.colmena.lib.makeHive inputs.self.outputs.colmena).nodes; - darwinConfigurations = builtins.mapAttrs (name: machine: inputs.nixDarwin.lib.darwinSystem { - pkgs = import inputs.nixpkgsDarwin { - system = machine.system; - overlays = [ - inputs.self.overlays.unstable - inputs.self.overlays.packages - inputs.self.overlays.darwinPackages - inputs.self.overlays.darwinOverlay - - inputs.ctucxWebsite.overlays.default - ]; - }; + nixosConfigurations = builtins.mapAttrs (name: machine: inputs.nixpkgs.lib.nixosSystem { + system = machine.system; specialArgs = { inputs = inputs; - ctucxConfig = inputs.self.ctucxConfig.darwin; - ctucxLib = inputs.self.lib; - nixStd = inputs.nixStd.lib; - }; - - modules = [ - inputs.lixModule.nixosModules.default - inputs.homeManager.darwinModules.default - inputs.agenix.darwinModules.default - inputs.self.darwinModules.default - inputs.self.ctucxConfig.darwin.default - machine.configuration - ]; - - }) darwinMachines; - - colmena = { - meta.allowApplyAll = false; - meta.nixpkgs = import inputs.nixpkgs { system = "x86_64-linux"; }; - meta.specialArgs = { - inputs = inputs; + nodeName = name; ctucxConfig = inputs.self.ctucxConfig.nixos; ctucxLib = inputs.self.lib; dnsNix = inputs.dnsNix.lib; nixStd = inputs.nixStd.lib; }; - meta.nodeNixpkgs = builtins.mapAttrs (name: machine: import inputs.nixpkgs { - system = machine.system; - overlays = [ + modules = [ + ({ ... }: { nixpkgs.overlays = [ inputs.self.overlays.packages inputs.self.overlays.unstable - inputs.colmena.overlays.default inputs.stagit.overlays.default inputs.travelynx2fedi.overlays.default @@ -125,10 +90,8 @@ inputs.flauschehornSexy.overlays.default inputs.gpxMap.overlays.default inputs.mobileCoverageMap.overlays.default - ]; - }) nixosMachines; + ]; }) - defaults.imports = [ inputs.lixModule.nixosModules.default inputs.impermanence.nixosModules.default inputs.homeManager.nixosModules.default @@ -138,8 +101,47 @@ inputs.ctucxThings.nixosModules.default inputs.self.nixosModules.default inputs.self.ctucxConfig.nixos.default + machine.configuration ]; - } // builtins.mapAttrs (name: machine: machine.configuration) nixosMachines; + }) nixosMachines; + + darwinConfigurations = builtins.mapAttrs (name: machine: inputs.nixDarwin.lib.darwinSystem { + pkgs = import inputs.nixpkgsDarwin { + system = machine.system; + overlays = [ + inputs.self.overlays.unstable + inputs.self.overlays.packages + inputs.self.overlays.darwinPackages + inputs.self.overlays.darwinOverlay + + inputs.ctucxWebsite.overlays.default + ]; + }; + + specialArgs = { + inputs = inputs; + ctucxConfig = inputs.self.ctucxConfig.darwin; + ctucxLib = inputs.self.lib; + nixStd = inputs.nixStd.lib; + }; + + modules = [ + inputs.lixModule.nixosModules.default + inputs.homeManager.darwinModules.default + inputs.agenix.darwinModules.default + inputs.self.darwinModules.default + inputs.self.ctucxConfig.darwin.default + machine.configuration + ]; + + }) darwinMachines; + + deploy.sshUser = "root"; + deploy.nodes = builtins.mapAttrs (name: machine: { + hostname = inputs.self.nixosConfigurations."${name}".config.networking.fqdn; + profiles.system.user = "root"; + profiles.system.path = inputs.deploy-rs.lib."${machine.system}".activate.nixos inputs.self.nixosConfigurations."${name}"; + }) nixosMachines; packages = forAllSystems (pkgs: let loader = path: path: pkgs.callPackage path {}; @@ -151,10 +153,10 @@ src = ./pkgs/darwin; }) else {})); + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) (inputs.nixpkgs.lib.filterAttrs (key: value: key != "x86_64-darwin") inputs.deploy-rs.lib); }; inputs = { - # these are just dependencies of other inputs flakeCompat.url = "github:edolstra/flake-compat"; flakeyProfile.url = "github:lf-/flakey-profile"; @@ -173,6 +175,17 @@ nixDarwin.url = "github:lnl7/nix-darwin/nix-darwin-24.11"; nixDarwin.inputs.nixpkgs.follows = "nixpkgs"; + + nixStd.url = "github:chessai/nix-std"; + impermanence.url = "github:nix-community/impermanence"; + + haumea.url = "github:nix-community/haumea"; + haumea.inputs.nixpkgs.follows = "nixpkgs"; + + dnsNix.url = "git+https://git.ctu.cx/dns.nix"; + dnsNix.inputs.nixpkgs.follows = "nixpkgs"; + dnsNix.inputs.flake-utils.follows = "flakeUtils"; + homeManager.url = "github:nix-community/home-manager/release-24.11"; homeManager.inputs.nixpkgs.follows = "nixpkgs"; @@ -198,21 +211,10 @@ lixModule.inputs.flakey-profile.follows = "flakeyProfile"; lixModule.inputs.nixpkgs.follows = "nixpkgs"; - - nixStd.url = "github:chessai/nix-std"; - impermanence.url = "github:nix-community/impermanence"; - - colmena.url = "github:zhaofengli/colmena"; - colmena.inputs.nixpkgs.follows = "nixpkgs"; - colmena.inputs.flake-utils.follows = "flakeUtils"; - colmena.inputs.flake-compat.follows = "flakeCompat"; - - haumea.url = "github:nix-community/haumea"; - haumea.inputs.nixpkgs.follows = "nixpkgs"; - - dnsNix.url = "git+https://git.ctu.cx/dns.nix"; - dnsNix.inputs.nixpkgs.follows = "nixpkgs"; - dnsNix.inputs.flake-utils.follows = "flakeUtils"; + deploy-rs.url = "github:serokell/deploy-rs"; + deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; + deploy-rs.inputs.utils.follows = "flakeUtils"; + deploy-rs.inputs.flake-compat.follows = "flakeCompat"; stagit.url = "git+https://git.ctu.cx/stagit";
diff --git a/machines/seifenkiste/default.nix b/machines/seifenkiste/default.nix @@ -12,8 +12,6 @@ ctucxConfig.wm.gnome ]; - deployment.allowLocalDeployment = true; - boot = { loader.systemd-boot.enable = lib.mkForce false;
diff --git a/machines/wanderduene/default.nix b/machines/wanderduene/default.nix @@ -1,10 +1,7 @@ { system = "x86_64-linux"; - configuration = { nodes, config, dnsNix, ctucxConfig, lib, pkgs, ... }: { - - deployment.buildOnTarget = false; - + configuration = { config, dnsNix, ctucxConfig, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix
diff --git a/modules/nixos/dns.nix b/modules/nixos/dns.nix @@ -1,4 +1,4 @@ -{ dnsNix, nodes, config, lib, pkgs, ... }: +{ inputs, dnsNix, config, lib, pkgs, ... }: # # this module requires lix' experimental `pipe-operator` feature! @@ -9,8 +9,8 @@ with lib; let cfg = config.dns; - filterDNSServerAddresses = nodes: isPrimary: lib.flatten ( - nodes + dnsServerAddresses = isPrimary: lib.flatten ( + inputs.self.nixosConfigurations |> lib.filterAttrs (hostName: nodeCfg: nodeCfg.config.dns.enable && nodeCfg.config.dns.primary == isPrimary) |> lib.mapAttrsToList ( hostName: nodeCfg: [ @@ -20,8 +20,8 @@ let ) ); - filterDNSServerSecondaries = nodes: ( - nodes + dnsServerSecondaries = ( + inputs.self.nixosConfigurations |> lib.filterAttrs (hostName: nodeCfg: nodeCfg.config.dns.enable && !nodeCfg.config.dns.primary) |> lib.mapAttrs( hostName: nodeCfg: { @@ -100,7 +100,7 @@ in { # serve records defined in all host configs dns.allZones = mkMerge ( - nodes + inputs.self.nixosConfigurations |> mapAttrsToList ( name: host: host.config.dns.zones ) ); @@ -113,9 +113,9 @@ in { ); services.knot = let - primaryAddresses = filterDNSServerAddresses nodes true; - secondaryAddresses = filterDNSServerAddresses nodes false; - secondaries = filterDNSServerSecondaries nodes; + primaryAddresses = dnsServerAddresses true; + secondaryAddresses = dnsServerAddresses false; + secondaries = dnsServerSecondaries; in { enable = true; keyFiles = lib.mkIf (cfg.keyFiles != []) cfg.keyFiles;