setup colmena for deployment
This commit is contained in:
Joakim Repomaa
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,2 +1,3 @@
|
||||
/result
|
||||
/.direnv
|
||||
/.gcroots
|
||||
|
||||
105
flake.lock
generated
105
flake.lock
generated
@@ -43,6 +43,30 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"colmena": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"nix-github-actions": "nix-github-actions",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"stable": "stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1734897875,
|
||||
"narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "colmena",
|
||||
"rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"repo": "colmena",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"commander-nvim": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
@@ -113,6 +137,22 @@
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1650374568,
|
||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
@@ -204,6 +244,21 @@
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
@@ -221,7 +276,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
},
|
||||
@@ -239,7 +294,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
},
|
||||
@@ -259,7 +314,7 @@
|
||||
},
|
||||
"frontend": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"pnpm2nix": "pnpm2nix"
|
||||
},
|
||||
@@ -402,7 +457,7 @@
|
||||
},
|
||||
"ketchup": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_3",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
@@ -456,7 +511,7 @@
|
||||
"lanzaboote": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-parts": "flake-parts_4",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
|
||||
@@ -498,6 +553,27 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-github-actions": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"colmena",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729742964,
|
||||
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-github-actions",
|
||||
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-github-actions",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1738816619,
|
||||
@@ -681,7 +757,7 @@
|
||||
},
|
||||
"pnpm2nix": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
@@ -729,6 +805,7 @@
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"auto-cpufreq": "auto-cpufreq",
|
||||
"colmena": "colmena",
|
||||
"commander-nvim": "commander-nvim",
|
||||
"dnote": "dnote",
|
||||
"flake-parts": "flake-parts",
|
||||
@@ -769,6 +846,22 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"stable": {
|
||||
"locked": {
|
||||
"lastModified": 1730883749,
|
||||
"narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
|
||||
55
flake.nix
55
flake.nix
@@ -60,8 +60,12 @@
|
||||
url = "github:dnote/dnote";
|
||||
flake = false;
|
||||
};
|
||||
colmena = {
|
||||
url = "github:zhaofengli/colmena";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
outputs = { flake-parts, agenix, nixpkgs, self, ... }@inputs:
|
||||
};
|
||||
outputs = { flake-parts, agenix, nixpkgs, self, colmena, ... }@inputs:
|
||||
flake-parts.lib.mkFlake { inherit inputs; } (
|
||||
let
|
||||
ssh.publicKeys.yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
|
||||
@@ -70,36 +74,51 @@
|
||||
in
|
||||
{
|
||||
systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
|
||||
perSystem = { pkgs, ... }: {
|
||||
perSystem = { pkgs, system, ... }: {
|
||||
devShells.default = pkgs.mkShell {
|
||||
packages = with pkgs; [
|
||||
(writeShellScriptBin "switch" ''
|
||||
${nh}/bin/nh os switch .
|
||||
agenix.packages.${system}.default
|
||||
colmena.packages.${system}.colmena
|
||||
colmena.packages.${system}.manual
|
||||
(pkgs.writeShellScriptBin "build" ''
|
||||
colmena --experimental-flake-eval build --keep-result "$@"
|
||||
'')
|
||||
(writeShellScriptBin "deploy" ''
|
||||
${openssh}/bin/ssh -t "$1" nh os switch sourcehut:~repomaa/NixOS -- --option tarball-ttl 0
|
||||
(pkgs.writeShellScriptBin "apply" ''
|
||||
colmena --experimental-flake-eval apply --keep-result "$@"
|
||||
'')
|
||||
(writeShellScriptBin "evaluate" ''
|
||||
${nix}/bin/nix build --dry-run ".#nixosConfigurations.$1.config.system.build.toplevel" | ${nix-output-monitor}/bin/nom
|
||||
(pkgs.writeShellScriptBin "apply-local" ''
|
||||
colmena --experimental-flake-eval apply-local --sudo "$@"
|
||||
'')
|
||||
agenix.packages.${pkgs.system}.default
|
||||
];
|
||||
};
|
||||
};
|
||||
flake.nixosConfigurations = {
|
||||
freun-dev = lib.nixosSystem {
|
||||
flake = {
|
||||
colmenaHive = colmena.lib.makeHive self.outputs.colmena;
|
||||
|
||||
colmena = {
|
||||
meta = {
|
||||
inherit specialArgs;
|
||||
modules = [ ./modules ./hosts/freun.dev ];
|
||||
|
||||
nixpkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
overlays = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
radish = lib.nixosSystem {
|
||||
inherit specialArgs;
|
||||
modules = [ ./modules ./hosts/radish ];
|
||||
defaults = { name, ... }: {
|
||||
imports = [ ./modules ./hosts/${name} ];
|
||||
};
|
||||
|
||||
apu = nixpkgs.lib.nixosSystem {
|
||||
inherit specialArgs;
|
||||
modules = [ ./modules ./hosts/apu ];
|
||||
radish = { ... }: {
|
||||
deployment = {
|
||||
allowLocalDeployment = true;
|
||||
targetHost = null;
|
||||
};
|
||||
};
|
||||
|
||||
freun-dev = { ... }: { };
|
||||
|
||||
apu = { ... }: { };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -23,6 +23,8 @@
|
||||
kernel.sysctl = {
|
||||
"vm.max_map_count" = 262144;
|
||||
};
|
||||
|
||||
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
Reference in New Issue
Block a user