diff --git a/README.md b/README.md index c353203a..479d103b 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ In the above configuration, `deploy-rs` is built from the flake, not from nixpkg deployPkgs = import nixpkgs { inherit system; overlays = [ - deploy-rs.overlay # or deploy-rs.overlays.default + deploy-rs.overlays.default (self: super: { deploy-rs = { inherit (pkgs) deploy-rs; lib = super.deploy-rs.lib; }; }) ]; }; diff --git a/examples/darwin/flake.nix b/examples/darwin/flake.nix index d5d7ae8c..29948c0d 100644 --- a/examples/darwin/flake.nix +++ b/examples/darwin/flake.nix @@ -4,36 +4,47 @@ inputs.deploy-rs.url = "github:serokell/deploy-rs"; inputs.darwin.url = "github:LnL7/nix-darwin"; - outputs = { self, nixpkgs, deploy-rs, darwin }: { - darwinConfigurations.example = darwin.lib.darwinSystem { - system = "x86_64-darwin"; - modules = [ - ({lib, config, pkgs, ...}: { - services.nix-daemon.enable = true; - nix = { - settings = { - trusted-users = [ "rvem" ]; - }; - extraOptions = '' - experimental-features = flakes nix-command - ''; + outputs = + { + self, + deploy-rs, + darwin, + }: + { + darwinConfigurations.example = darwin.lib.darwinSystem { + system = "x86_64-darwin"; + modules = [ + ( + { + ... + }: + { + services.nix-daemon.enable = true; + nix = { + settings = { + trusted-users = [ "rvem" ]; + }; + extraOptions = '' + experimental-features = flakes nix-command + ''; + }; + # nix commands are added to PATH in the zsh config + programs.zsh.enable = true; + } + ) + ]; + }; + deploy = { + # remoteBuild = true; # Uncomment in case the system you're deploying from is not darwin + nodes.example = { + hostname = "localhost"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-darwin.activate.darwin self.darwinConfigurations.example; }; - # nix commands are added to PATH in the zsh config - programs.zsh.enable = true; - }) - ]; - }; - deploy = { - # remoteBuild = true; # Uncomment in case the system you're deploying from is not darwin - nodes.example = { - hostname = "localhost"; - profiles.system = { - user = "root"; - path = deploy-rs.lib.x86_64-darwin.activate.darwin self.darwinConfigurations.example; }; }; - }; - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; - }; + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + }; } diff --git a/examples/simple/flake.lock b/examples/simple/flake.lock index fc92f40c..466c155e 100644 --- a/examples/simple/flake.lock +++ b/examples/simple/flake.lock @@ -3,16 +3,15 @@ "deploy-rs": { "inputs": { "flake-compat": "flake-compat", - "naersk": "naersk", "nixpkgs": "nixpkgs", "utils": "utils" }, "locked": { - "lastModified": 1603740297, - "narHash": "sha256-yeTrA8AaLzDFICApX725gQhKoHNI2TCqWAeOl9axVZE=", + "lastModified": 1749105467, + "narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=", "owner": "serokell", "repo": "deploy-rs", - "rev": "426fb3c489dcbb4ccbf98a3ab6a7fe25e71b95ca", + "rev": "6bc76b872374845ba9d645a2f012b764fecd765f", "type": "github" }, "original": { @@ -24,11 +23,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1600853454, - "narHash": "sha256-EgsgbcJNZ9AQLVhjhfiegGjLbO+StBY9hfKsCwc8Hw8=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "94cf59784c73ecec461eaa291918eff0bfb538ac", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -37,34 +36,13 @@ "type": "github" } }, - "naersk": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1602173141, - "narHash": "sha256-m6wU6lP0wf2OMw3KtJqn27ITtg29+ftciGHicLiVSGE=", - "owner": "nmattia", - "repo": "naersk", - "rev": "22b96210b2433228d42bce460f3befbdcfde7520", - "type": "github" - }, - "original": { - "owner": "nmattia", - "ref": "master", - "repo": "naersk", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1601961544, - "narHash": "sha256-uuh9CkDWkXlXse8IcergqoIM5JffqfQDKsl1uHB7XJI=", + "lastModified": 1743014863, + "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89281dd1dfed6839610f0ccad0c0e493606168fe", + "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", "type": "github" }, "original": { @@ -76,11 +54,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1603739127, - "narHash": "sha256-mdLESpo4jXrAynLp7ypRaqkx6IS1jx2l78f1tg9iiJU=", + "lastModified": 1749401433, + "narHash": "sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d699505277b99e4698d90563c5eb1b62ba5ba0ea", + "rev": "08fcb0dcb59df0344652b38ea6326a2d8271baff", "type": "github" }, "original": { @@ -94,13 +72,31 @@ "nixpkgs": "nixpkgs_2" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1601282935, - "narHash": "sha256-WQAFV6sGGQxrRs3a+/Yj9xUYvhTpukQJIcMbIi7LCJ4=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "588973065fce51f4763287f0fda87a174d78bf48", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { diff --git a/examples/simple/flake.nix b/examples/simple/flake.nix index e5003c79..d6318091 100644 --- a/examples/simple/flake.nix +++ b/examples/simple/flake.nix @@ -7,15 +7,21 @@ inputs.deploy-rs.url = "github:serokell/deploy-rs"; - outputs = { self, nixpkgs, deploy-rs }: { - deploy.nodes.example = { - hostname = "localhost"; - profiles.hello = { - user = "balsoft"; - path = deploy-rs.lib.x86_64-linux.setActivate nixpkgs.legacyPackages.x86_64-linux.hello "./bin/hello"; + outputs = + { + self, + nixpkgs, + deploy-rs, + }: + { + deploy.nodes.example = { + hostname = "localhost"; + profiles.hello = { + user = "balsoft"; + path = deploy-rs.lib.x86_64-linux.setActivate nixpkgs.legacyPackages.x86_64-linux.hello "./bin/hello"; + }; }; - }; - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; - }; + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + }; } diff --git a/examples/system/README.md b/examples/system/README.md index 07033e39..03ea4fb6 100644 --- a/examples/system/README.md +++ b/examples/system/README.md @@ -9,8 +9,11 @@ SPDX-License-Identifier: MPL-2.0 This is an example of how to deploy a full nixos system with a separate user unit to a bare machine. 1. Run bare system from `.#nixosConfigurations.bare` - - `nix build .#nixosConfigurations.bare.config.system.build.vm` - - `QEMU_NET_OPTS=hostfwd=tcp::2221-:22 ./result/bin/run-bare-system-vm` -2. `nix run github:serokell/deploy-rs` -3. ??? -4. PROFIT!!! + +- `nix build .#nixosConfigurations.bare.config.system.build.vm` +- `QEMU_NET_OPTS=hostfwd=tcp::2221-:22 ./result/bin/run-bare-system-vm` + +2. `nix run github:serokell/deploy-rs -- .#example.system` (password for `admin`: `123`) +3. `nix run github:serokell/deploy-rs -- .#example.hello` (password for `hello`: `abc`) +4. ??? +5. PROFIT!!! diff --git a/examples/system/common.nix b/examples/system/common.nix index 83ea2253..aeb50f58 100644 --- a/examples/system/common.nix +++ b/examples/system/common.nix @@ -3,32 +3,46 @@ # SPDX-License-Identifier: MPL-2.0 { - boot.loader.systemd-boot.enable = true; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/00000000-0000-0000-0000-000000000000"; - fsType = "btrfs"; - }; - users.users.admin = { isNormalUser = true; - extraGroups = [ "wheel" "sudo" ]; + extraGroups = [ + "wheel" + "sudo" + ]; password = "123"; }; - services.openssh = { enable = true; }; + services.openssh.enable = true; # Another option would be root on the server - security.sudo.extraRules = [{ - groups = [ "wheel" ]; - commands = [{ - command = "ALL"; - options = [ "NOPASSWD" ]; - }]; - }]; - - nix.binaryCachePublicKeys = [ - (builtins.readFile ./nix-pub.pem) - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + security.sudo.extraRules = [ + { + groups = [ "wheel" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } ]; + + nix.settings = { + # allow users in the weel group to upload unsigned nars + trusted-users = [ "@wheel" ]; + trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; + }; + + # these settings are needed in order for there to be a `/boot` + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + # settings for the vm + virtualisation = { + useBootLoader = true; + writableStore = true; + useEFIBoot = true; + }; } diff --git a/examples/system/configuration.nix b/examples/system/configuration.nix index 6d4234af..9051fd18 100644 --- a/examples/system/configuration.nix +++ b/examples/system/configuration.nix @@ -9,7 +9,8 @@ users.users.hello = { isNormalUser = true; - password = ""; + password = "abc"; + extraGroups = [ "wheel" ]; uid = 1010; }; } diff --git a/examples/system/flake.lock b/examples/system/flake.lock index fc92f40c..ea14677d 100644 --- a/examples/system/flake.lock +++ b/examples/system/flake.lock @@ -3,16 +3,15 @@ "deploy-rs": { "inputs": { "flake-compat": "flake-compat", - "naersk": "naersk", "nixpkgs": "nixpkgs", "utils": "utils" }, "locked": { - "lastModified": 1603740297, - "narHash": "sha256-yeTrA8AaLzDFICApX725gQhKoHNI2TCqWAeOl9axVZE=", + "lastModified": 1749105467, + "narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=", "owner": "serokell", "repo": "deploy-rs", - "rev": "426fb3c489dcbb4ccbf98a3ab6a7fe25e71b95ca", + "rev": "6bc76b872374845ba9d645a2f012b764fecd765f", "type": "github" }, "original": { @@ -24,11 +23,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1600853454, - "narHash": "sha256-EgsgbcJNZ9AQLVhjhfiegGjLbO+StBY9hfKsCwc8Hw8=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "94cf59784c73ecec461eaa291918eff0bfb538ac", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -37,34 +36,13 @@ "type": "github" } }, - "naersk": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1602173141, - "narHash": "sha256-m6wU6lP0wf2OMw3KtJqn27ITtg29+ftciGHicLiVSGE=", - "owner": "nmattia", - "repo": "naersk", - "rev": "22b96210b2433228d42bce460f3befbdcfde7520", - "type": "github" - }, - "original": { - "owner": "nmattia", - "ref": "master", - "repo": "naersk", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1601961544, - "narHash": "sha256-uuh9CkDWkXlXse8IcergqoIM5JffqfQDKsl1uHB7XJI=", + "lastModified": 1743014863, + "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89281dd1dfed6839610f0ccad0c0e493606168fe", + "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", "type": "github" }, "original": { @@ -76,12 +54,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1603739127, - "narHash": "sha256-mdLESpo4jXrAynLp7ypRaqkx6IS1jx2l78f1tg9iiJU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d699505277b99e4698d90563c5eb1b62ba5ba0ea", - "type": "github" + "lastModified": 1748889542, + "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=", + "path": "/nix/store/malv0jrc9p3nm4rqjqg1y3v7h3bck176-source", + "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922", + "type": "path" }, "original": { "id": "nixpkgs", @@ -94,13 +71,31 @@ "nixpkgs": "nixpkgs_2" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1601282935, - "narHash": "sha256-WQAFV6sGGQxrRs3a+/Yj9xUYvhTpukQJIcMbIi7LCJ4=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "588973065fce51f4763287f0fda87a174d78bf48", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { diff --git a/examples/system/flake.nix b/examples/system/flake.nix index d8a19bf2..4e9b8271 100644 --- a/examples/system/flake.nix +++ b/examples/system/flake.nix @@ -7,41 +7,53 @@ inputs.deploy-rs.url = "github:serokell/deploy-rs"; - outputs = { self, nixpkgs, deploy-rs }: { - nixosConfigurations.example-nixos-system = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ ./configuration.nix ]; - }; + outputs = + { + self, + nixpkgs, + deploy-rs, + }: + { + nixosConfigurations.example-nixos-system = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" + ]; + }; - nixosConfigurations.bare = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = - [ ./bare.nix "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" ]; - }; + nixosConfigurations.bare = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./bare.nix + "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" + ]; + }; - # This is the application we actually want to run - defaultPackage.x86_64-linux = import ./hello.nix nixpkgs; + # This is the application we actually want to run + packages.x86_64-linux.default = import ./hello.nix nixpkgs; - deploy.nodes.example = { - sshOpts = [ "-p" "2221" ]; - hostname = "localhost"; - fastConnection = true; - interactiveSudo = true; - profiles = { - system = { - sshUser = "admin"; - path = - deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.example-nixos-system; - user = "root"; - }; - hello = { - sshUser = "hello"; - path = deploy-rs.lib.x86_64-linux.activate.custom self.defaultPackage.x86_64-linux "./bin/activate"; - user = "hello"; + deploy.nodes.example = { + sshOpts = [ + "-p" + "2221" + ]; + hostname = "localhost"; + fastConnection = true; + profiles = { + system = { + sshUser = "admin"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.example-nixos-system; + user = "root"; + }; + hello = { + sshUser = "hello"; + path = deploy-rs.lib.x86_64-linux.activate.custom self.packages.x86_64-linux.default "./bin/activate"; + user = "hello"; + }; }; }; - }; - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; - }; + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + }; } diff --git a/examples/system/hello.nix b/examples/system/hello.nix index df573088..5f5d868e 100644 --- a/examples/system/hello.nix +++ b/examples/system/hello.nix @@ -5,9 +5,10 @@ nixpkgs: let pkgs = nixpkgs.legacyPackages.x86_64-linux; - generateSystemd = type: name: config: + generateSystemd = + type: name: config: (nixpkgs.lib.nixosSystem { - modules = [{ systemd."${type}s".${name} = config; }]; + modules = [ { systemd."${type}s".${name} = config; } ]; system = "x86_64-linux"; }).config.systemd.units."${name}.${type}".text; @@ -21,7 +22,8 @@ let script = "hello"; }; }; -in pkgs.writeShellScriptBin "activate" '' +in +pkgs.writeShellScriptBin "activate" '' mkdir -p $HOME/.config/systemd/user rm $HOME/.config/systemd/user/hello.service ln -s ${service} $HOME/.config/systemd/user/hello.service diff --git a/examples/system/nix-pub.pem b/examples/system/nix-pub.pem deleted file mode 100644 index 926f44c3..00000000 --- a/examples/system/nix-pub.pem +++ /dev/null @@ -1 +0,0 @@ -cache.example.com:ic28PY7OIOQtoU282iaiizvA5WIOtYx5h6c9ePn3hDQ= \ No newline at end of file diff --git a/examples/system/nix.key b/examples/system/nix.key deleted file mode 100644 index 91575875..00000000 --- a/examples/system/nix.key +++ /dev/null @@ -1 +0,0 @@ -cache.example.com:dPNdwv04QPIEpcWnGioZmX9dvaGe7GCo7BZJFymDBnSJzbw9js4g5C2hTbzaJqKLO8DlYg61jHmHpz14+feENA== \ No newline at end of file