starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-03-24 02:11:29 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: deploy remotely via colmena(instead of nixos-rebuild)

Browse Source
This commit is contained in:
Ryan Yin
2023-08-16 00:10:27 +08:00
parent b635efba09
commit f682523804
5 changed files with 129 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
Makefile
View File

@@ -64,31 +64,11 @@ ha-debug: darwin-set-proxy
#
############################################################################
add-idols-ssh-key:
ssh-add ~/.ssh/ai-idols
aqua: add-idols-ssh-key
nixos-rebuild --flake .#aquamarine --target-host aquamarine --build-host aquamarine switch --use-remote-sudo
aqua-debug: add-idols-ssh-key
nixos-rebuild --flake .#aquamarine --target-host aquamarine --build-host aquamarine switch --use-remote-sudo --show-trace --verbose
ruby: add-idols-ssh-key
nixos-rebuild --flake .#ruby --target-host ruby --build-host ruby switch --use-remote-sudo
ruby-debug: add-idols-ssh-key
nixos-rebuild --flake .#ruby --target-host ruby --build-host ruby switch --use-remote-sudo --show-trace --verbose
kana: add-idols-ssh-key
nixos-rebuild --flake .#kana --target-host kana --build-host kana switch --use-remote-sudo
kana-debug: add-idols-ssh-key
nixos-rebuild --flake .#kana --target-host kana --build-host kana switch --use-remote-sudo --show-trace --verbose
idols: aqua ruby kana
idols-debug: aqua-debug ruby-debug kana-debug
idols: add-idols-ssh-key
colmena apply --on '@dist-build' --show-trace
# only used once to setup the virtual machines
idols-image:

11
README.md
View File

@@ -148,15 +148,12 @@ Once the virtual machine `aquamarine` is created, we can deploy updates to it wi
# 1. add the ssh key to ssh-agent
ssh-add ~/.ssh/ai-idols
# 2. deploy the configuration to the remote host, using the ssh key we added in step 1
# and the username defaults to `$USER`, it's `ryan` in my case.
nixos-rebuild --flake .#aquamarine --target-host aquamarine --build-host aquamarine switch --use-remote-sudo --verbose
# or we can replace the command above with the following command, which is defined in Makefile
make aqua
# 2. deploy the configuration to all the remote host with tag `@dist-build`
# using the ssh key we added in step 1
colmena apply --on '@dist-build' --show-trace
```
The commands above will build & deploy the configuration to `aquamarine`, the build process will be executed on `aquamarine` too, and the `--use-remote-sudo` option indicates that we will use `sudo` on the remote host.
If you're not familiar with remote deployment, please read this tutorial first: [Remote Deployment - NixOS & Flakes Book](https://nixos-and-flakes.thiscute.world/best-practices/remote-deployment)
## References

143
flake.nix
View File

@@ -32,75 +32,98 @@
nixosSystem = import ./lib/nixosSystem.nix;
macosSystem = import ./lib/macosSystem.nix;
colemnaSystem = import ./lib/colmenaSystem.nix;
# 星野 アイ, Hoshino Ai
idol_ai_modules_i3 = {
nixos-modules = [
./hosts/idols/ai
./modules/nixos/i3.nix
];
home-module = import ./home/linux/desktop-i3.nix;
};
idol_ai_modules_hyprland = {
nixos-modules = [
./hosts/idols/ai
./modules/nixos/hyprland.nix
];
home-module = import ./home/linux/desktop-hyprland.nix;
};
# 星野 愛久愛海, Hoshino Akuamarin
idol_aquamarine_modules = {
nixos-modules = [
./hosts/idols/aquamarine
];
home-module = import ./home/linux/server.nix;
};
idol_aquamarine_tags = ["dist-build"];
# 星野 瑠美衣, Hoshino Rubii
idol_ruby_modules = {
nixos-modules = [
./hosts/idols/ruby
];
home-module = import ./home/linux/server.nix;
};
idol_ruby_tags = ["dist-build"];
# 有馬 かな, Arima Kana
idol_kana_modules = {
nixos-modules = [
./hosts/idols/kana
];
home-module = import ./home/linux/server.nix;
};
idol_kana_tags = ["dist-build"];
x64_specialArgs =
{
inherit username userfullname useremail;
# use unstable branch for some packages to get the latest updates
pkgs-unstable = import nixpkgs-unstable {
system = x64_system; # refer the `system` parameter form outer scope recursively
# To use chrome, we need to allow the installation of non-free software
config.allowUnfree = true;
};
}
// inputs;
in {
nixosConfigurations = let
# 星野 アイ, Hoshino Ai
idol_ai_modules_i3 = {
nixos-modules = [
./hosts/idols/ai
./modules/nixos/i3.nix
];
home-module = import ./home/linux/desktop-i3.nix;
};
idol_ai_modules_hyprland = {
nixos-modules = [
./hosts/idols/ai
./modules/nixos/hyprland.nix
];
home-module = import ./home/linux/desktop-hyprland.nix;
};
# 星野 愛久愛海, Hoshino Akuamarin
idol_aquamarine_modules = {
nixos-modules = [
./hosts/idols/aquamarine
];
home-module = import ./home/linux/server.nix;
};
# 星野 瑠美衣, Hoshino Rubii
idol_ruby_modules = {
nixos-modules = [
./hosts/idols/ruby
];
home-module = import ./home/linux/server.nix;
};
# 有馬 かな, Arima Kana
idol_kana_modules = {
nixos-modules = [
./hosts/idols/kana
];
home-module = import ./home/linux/server.nix;
};
system = x64_system;
specialArgs =
{
inherit username userfullname useremail;
# use unstable branch for some packages to get the latest updates
pkgs-unstable = import nixpkgs-unstable {
system = x64_system; # refer the `system` parameter form outer scope recursively
# To use chrome, we need to allow the installation of non-free software
config.allowUnfree = true;
};
}
// inputs;
base_args = {
inherit home-manager nixos-generators system specialArgs;
inherit home-manager nixos-generators;
nixpkgs = nixpkgs; # or nixpkgs-unstable
system = x64_system;
specialArgs = x64_specialArgs;
};
stable_args = base_args // {inherit nixpkgs;};
unstable_args = base_args // {nixpkgs = nixpkgs-unstable;};
in {
# ai with i3 window manager
ai_i3 = nixosSystem (idol_ai_modules_i3 // stable_args);
ai_i3 = nixosSystem (idol_ai_modules_i3 // base_args);
# ai with hyprland compositor
ai_hyprland = nixosSystem (idol_ai_modules_hyprland // stable_args);
ai_hyprland = nixosSystem (idol_ai_modules_hyprland // base_args);
# three virtual machines without desktop environment.
aquamarine = nixosSystem (idol_aquamarine_modules // stable_args);
ruby = nixosSystem (idol_ruby_modules // stable_args);
kana = nixosSystem (idol_kana_modules // stable_args);
aquamarine = nixosSystem (idol_aquamarine_modules // base_args);
ruby = nixosSystem (idol_ruby_modules // base_args);
kana = nixosSystem (idol_kana_modules // base_args);
};
# colmena - remote deployment via SSH
colmena = let
base_args = {
inherit home-manager;
nixpkgs = nixpkgs; # or nixpkgs-unstable
specialArgs = x64_specialArgs;
};
in {
meta = {
nixpkgs = import nixpkgs { system = x64_system; };
specialArgs = x64_specialArgs;
};
aquamarine = colemnaSystem (idol_aquamarine_modules // base_args // { host_tags = idol_aquamarine_tags; });
ruby = colemnaSystem (idol_ruby_modules // base_args // { host_tags = idol_ruby_tags; });
kana = colemnaSystem (idol_kana_modules // base_args // { host_tags = idol_kana_tags; });
};
# take system images for idols

39
lib/colmenaSystem.nix Normal file
View File

@@ -0,0 +1,39 @@
# colemena - Remote Deployment via SSH
{
nixpkgs,
home-manager,
specialArgs,
nixos-modules,
home-module,
host_tags,
}: let
username = specialArgs.username;
in
{ name, nodes, ... }: {
deployment = {
targetHost = name; # hostName or IP address
targetUser = username;
tags = host_tags;
};
imports =
nixos-modules
++ [
{
# make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
nix.registry.nixpkgs.flake = nixpkgs;
# make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
nix.nixPath = ["/etc/nix/inputs"];
}
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = specialArgs;
home-manager.users."${username}" = home-module;
}
];
}

1
modules/nixos/core-desktop.nix
View File

@@ -39,6 +39,7 @@
]
))
psmisc # killall/pstree/prtstat/fuser/...
colmena # nixos's remote deployment tool
];
programs = {