From ecc02f4b595feb0ec19b82c79cc93066dbcd3ca6 Mon Sep 17 00:00:00 2001 From: Joakim Repomaa Date: Fri, 14 Feb 2025 01:49:38 +0200 Subject: [PATCH] setup colmena for deployment --- .gitignore | 1 + flake.lock | 105 +++++++++++++++++- flake.nix | 61 ++++++---- .../configuration.nix | 0 hosts/{freun.dev => freun-dev}/default.nix | 0 .../hardware-configuration.nix | 0 hosts/{freun.dev => freun-dev}/secrets.nix | 0 hosts/{freun.dev => freun-dev}/services.nix | 0 hosts/radish/boot.nix | 2 + 9 files changed, 142 insertions(+), 27 deletions(-) rename hosts/{freun.dev => freun-dev}/configuration.nix (100%) rename hosts/{freun.dev => freun-dev}/default.nix (100%) rename hosts/{freun.dev => freun-dev}/hardware-configuration.nix (100%) rename hosts/{freun.dev => freun-dev}/secrets.nix (100%) rename hosts/{freun.dev => freun-dev}/services.nix (100%) diff --git a/.gitignore b/.gitignore index acf271d..35a5fb5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /result /.direnv +/.gcroots diff --git a/flake.lock b/flake.lock index b2ff408..2941f13 100644 --- a/flake.lock +++ b/flake.lock @@ -43,6 +43,30 @@ "type": "github" } }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ], + "stable": "stable" + }, + "locked": { + "lastModified": 1734897875, + "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, "commander-nvim": { "flake": false, "locked": { @@ -113,6 +137,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -204,6 +244,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_2" }, @@ -221,7 +276,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": "systems_3" }, @@ -239,7 +294,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "inputs": { "systems": "systems_4" }, @@ -259,7 +314,7 @@ }, "frontend": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": "nixpkgs", "pnpm2nix": "pnpm2nix" }, @@ -402,7 +457,7 @@ }, "ketchup": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ] @@ -456,7 +511,7 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_4", "nixpkgs": "nixpkgs_3", "pre-commit-hooks-nix": "pre-commit-hooks-nix", @@ -498,6 +553,27 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1738816619, @@ -681,7 +757,7 @@ }, "pnpm2nix": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs_2" }, "locked": { @@ -729,6 +805,7 @@ "inputs": { "agenix": "agenix", "auto-cpufreq": "auto-cpufreq", + "colmena": "colmena", "commander-nvim": "commander-nvim", "dnote": "dnote", "flake-parts": "flake-parts", @@ -769,6 +846,22 @@ "type": "github" } }, + "stable": { + "locked": { + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 46210fa..7248d74 100644 --- a/flake.nix +++ b/flake.nix @@ -60,8 +60,12 @@ url = "github:dnote/dnote"; flake = false; }; + colmena = { + url = "github:zhaofengli/colmena"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = { flake-parts, agenix, nixpkgs, self, ... }@inputs: + outputs = { flake-parts, agenix, nixpkgs, self, colmena, ... }@inputs: flake-parts.lib.mkFlake { inherit inputs; } ( let ssh.publicKeys.yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4="; @@ -70,36 +74,51 @@ in { systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; - perSystem = { pkgs, ... }: { + perSystem = { pkgs, system, ... }: { devShells.default = pkgs.mkShell { packages = with pkgs; [ - (writeShellScriptBin "switch" '' - ${nh}/bin/nh os switch . + agenix.packages.${system}.default + colmena.packages.${system}.colmena + colmena.packages.${system}.manual + (pkgs.writeShellScriptBin "build" '' + colmena --experimental-flake-eval build --keep-result "$@" '') - (writeShellScriptBin "deploy" '' - ${openssh}/bin/ssh -t "$1" nh os switch sourcehut:~repomaa/NixOS -- --option tarball-ttl 0 + (pkgs.writeShellScriptBin "apply" '' + colmena --experimental-flake-eval apply --keep-result "$@" '') - (writeShellScriptBin "evaluate" '' - ${nix}/bin/nix build --dry-run ".#nixosConfigurations.$1.config.system.build.toplevel" | ${nix-output-monitor}/bin/nom + (pkgs.writeShellScriptBin "apply-local" '' + colmena --experimental-flake-eval apply-local --sudo "$@" '') - agenix.packages.${pkgs.system}.default ]; }; }; - flake.nixosConfigurations = { - freun-dev = lib.nixosSystem { - inherit specialArgs; - modules = [ ./modules ./hosts/freun.dev ]; - }; + flake = { + colmenaHive = colmena.lib.makeHive self.outputs.colmena; - radish = lib.nixosSystem { - inherit specialArgs; - modules = [ ./modules ./hosts/radish ]; - }; + colmena = { + meta = { + inherit specialArgs; - apu = nixpkgs.lib.nixosSystem { - inherit specialArgs; - modules = [ ./modules ./hosts/apu ]; + nixpkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [ ]; + }; + }; + + defaults = { name, ... }: { + imports = [ ./modules ./hosts/${name} ]; + }; + + radish = { ... }: { + deployment = { + allowLocalDeployment = true; + targetHost = null; + }; + }; + + freun-dev = { ... }: { }; + + apu = { ... }: { }; }; }; } diff --git a/hosts/freun.dev/configuration.nix b/hosts/freun-dev/configuration.nix similarity index 100% rename from hosts/freun.dev/configuration.nix rename to hosts/freun-dev/configuration.nix diff --git a/hosts/freun.dev/default.nix b/hosts/freun-dev/default.nix similarity index 100% rename from hosts/freun.dev/default.nix rename to hosts/freun-dev/default.nix diff --git a/hosts/freun.dev/hardware-configuration.nix b/hosts/freun-dev/hardware-configuration.nix similarity index 100% rename from hosts/freun.dev/hardware-configuration.nix rename to hosts/freun-dev/hardware-configuration.nix diff --git a/hosts/freun.dev/secrets.nix b/hosts/freun-dev/secrets.nix similarity index 100% rename from hosts/freun.dev/secrets.nix rename to hosts/freun-dev/secrets.nix diff --git a/hosts/freun.dev/services.nix b/hosts/freun-dev/services.nix similarity index 100% rename from hosts/freun.dev/services.nix rename to hosts/freun-dev/services.nix diff --git a/hosts/radish/boot.nix b/hosts/radish/boot.nix index 7b627cb..c9228e3 100644 --- a/hosts/radish/boot.nix +++ b/hosts/radish/boot.nix @@ -23,6 +23,8 @@ kernel.sysctl = { "vm.max_map_count" = 262144; }; + + binfmt.emulatedSystems = [ "aarch64-linux" ]; }; environment.systemPackages = with pkgs; [