aboutsummaryrefslogtreecommitdiff
path: root/examples/system
diff options
context:
space:
mode:
authornotgne22020-10-26 21:05:03 -0700
committernotgne22020-10-26 21:05:03 -0700
commit997d1151fd3d303eaa9c2c41312ff87eee986418 (patch)
tree229deae6687a5b454cf2417fcb022a78f8ac20b8 /examples/system
parent30197f8a352c879f0070e059ebc117dc17e8270f (diff)
parentdf002c31a64409350a3cb8825364542c65a4d00a (diff)
Merge branch 'master' into review
Diffstat (limited to '')
-rw-r--r--examples/system/README.md16
-rw-r--r--examples/system/bare.nix10
-rw-r--r--examples/system/common.nix34
-rw-r--r--examples/system/configuration.nix15
-rw-r--r--examples/system/flake.lock115
-rw-r--r--examples/system/flake.lock.license3
-rw-r--r--examples/system/flake.nix46
-rw-r--r--examples/system/hello.nix30
-rw-r--r--examples/system/nix-pub.pem1
-rw-r--r--examples/system/nix-pub.pem.license3
-rw-r--r--examples/system/nix.key1
-rw-r--r--examples/system/nix.key.license3
12 files changed, 277 insertions, 0 deletions
diff --git a/examples/system/README.md b/examples/system/README.md
new file mode 100644
index 0000000..daf649a
--- /dev/null
+++ b/examples/system/README.md
@@ -0,0 +1,16 @@
+<!--
+SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+
+SPDX-License-Identifier: MPL-2.0
+-->
+
+# Example nixos system deployment
+
+This is an example of how to deploy a full nixos system with a separate user unit to a bare machine.
+
+1. Run bare system from `.#nixosConfigurations.bare`
+ - `nix build .#nixosConfigurations.bare.config.system.build.vm`
+ - `QEMU_NET_OPTS=hostfwd=tcp::2221-:22 ./result/bin/run-bare-system-vm`
+2. `nix run github:serokell/deploy --prime`
+3. ???
+4. PROFIT!!!
diff --git a/examples/system/bare.nix b/examples/system/bare.nix
new file mode 100644
index 0000000..46ba3b2
--- /dev/null
+++ b/examples/system/bare.nix
@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+{
+ imports = [ ./common.nix ];
+
+ # Use that when deploy scripts asks you for a hostname
+ networking.hostName = "bare-system";
+}
diff --git a/examples/system/common.nix b/examples/system/common.nix
new file mode 100644
index 0000000..83ea225
--- /dev/null
+++ b/examples/system/common.nix
@@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+{
+ boot.loader.systemd-boot.enable = true;
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/00000000-0000-0000-0000-000000000000";
+ fsType = "btrfs";
+ };
+
+ users.users.admin = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" "sudo" ];
+ password = "123";
+ };
+
+ services.openssh = { enable = true; };
+
+ # Another option would be root on the server
+ security.sudo.extraRules = [{
+ groups = [ "wheel" ];
+ commands = [{
+ command = "ALL";
+ options = [ "NOPASSWD" ];
+ }];
+ }];
+
+ nix.binaryCachePublicKeys = [
+ (builtins.readFile ./nix-pub.pem)
+ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+ ];
+}
diff --git a/examples/system/configuration.nix b/examples/system/configuration.nix
new file mode 100644
index 0000000..6d4234a
--- /dev/null
+++ b/examples/system/configuration.nix
@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+{
+ imports = [ ./common.nix ];
+
+ networking.hostName = "example-nixos-system";
+
+ users.users.hello = {
+ isNormalUser = true;
+ password = "";
+ uid = 1010;
+ };
+}
diff --git a/examples/system/flake.lock b/examples/system/flake.lock
new file mode 100644
index 0000000..fc92f40
--- /dev/null
+++ b/examples/system/flake.lock
@@ -0,0 +1,115 @@
+{
+ "nodes": {
+ "deploy-rs": {
+ "inputs": {
+ "flake-compat": "flake-compat",
+ "naersk": "naersk",
+ "nixpkgs": "nixpkgs",
+ "utils": "utils"
+ },
+ "locked": {
+ "lastModified": 1603740297,
+ "narHash": "sha256-yeTrA8AaLzDFICApX725gQhKoHNI2TCqWAeOl9axVZE=",
+ "owner": "serokell",
+ "repo": "deploy-rs",
+ "rev": "426fb3c489dcbb4ccbf98a3ab6a7fe25e71b95ca",
+ "type": "github"
+ },
+ "original": {
+ "owner": "serokell",
+ "repo": "deploy-rs",
+ "type": "github"
+ }
+ },
+ "flake-compat": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1600853454,
+ "narHash": "sha256-EgsgbcJNZ9AQLVhjhfiegGjLbO+StBY9hfKsCwc8Hw8=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "94cf59784c73ecec461eaa291918eff0bfb538ac",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "naersk": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1602173141,
+ "narHash": "sha256-m6wU6lP0wf2OMw3KtJqn27ITtg29+ftciGHicLiVSGE=",
+ "owner": "nmattia",
+ "repo": "naersk",
+ "rev": "22b96210b2433228d42bce460f3befbdcfde7520",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nmattia",
+ "ref": "master",
+ "repo": "naersk",
+ "type": "github"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1601961544,
+ "narHash": "sha256-uuh9CkDWkXlXse8IcergqoIM5JffqfQDKsl1uHB7XJI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "89281dd1dfed6839610f0ccad0c0e493606168fe",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1603739127,
+ "narHash": "sha256-mdLESpo4jXrAynLp7ypRaqkx6IS1jx2l78f1tg9iiJU=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d699505277b99e4698d90563c5eb1b62ba5ba0ea",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "root": {
+ "inputs": {
+ "deploy-rs": "deploy-rs",
+ "nixpkgs": "nixpkgs_2"
+ }
+ },
+ "utils": {
+ "locked": {
+ "lastModified": 1601282935,
+ "narHash": "sha256-WQAFV6sGGQxrRs3a+/Yj9xUYvhTpukQJIcMbIi7LCJ4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "588973065fce51f4763287f0fda87a174d78bf48",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/examples/system/flake.lock.license b/examples/system/flake.lock.license
new file mode 100644
index 0000000..9e9897d
--- /dev/null
+++ b/examples/system/flake.lock.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+
+SPDX-License-Identifier: MPL-2.0 \ No newline at end of file
diff --git a/examples/system/flake.nix b/examples/system/flake.nix
new file mode 100644
index 0000000..021f9db
--- /dev/null
+++ b/examples/system/flake.nix
@@ -0,0 +1,46 @@
+# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+{
+ description = "Deploy a full system with hello service as a separate profile";
+
+ inputs.deploy-rs.url = "github:serokell/deploy-rs";
+
+ outputs = { self, nixpkgs, deploy-rs }: {
+ nixosConfigurations.example-nixos-system = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [ ./configuration.nix ];
+ };
+
+ nixosConfigurations.bare = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules =
+ [ ./bare.nix "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" ];
+ };
+
+ # This is the application we actually want to run
+ defaultPackage.x86_64-linux = import ./hello.nix nixpkgs;
+
+ deploy.nodes.example = {
+ sshOpts = [ "-p" "2221" ];
+ hostname = "localhost";
+ fastConnection = true;
+ profiles = {
+ system = {
+ sshUser = "admin";
+ path =
+ deploy-rs.lib.x86_64-linux.setActivate self.nixosConfigurations.example-nixos-system.config.system.build.toplevel "./bin/switch-to-configuration switch";
+ user = "root";
+ };
+ hello = {
+ sshUser = "hello";
+ path = deploy-rs.lib.x86_64-linux.setActivate self.defaultPackage.x86_64-linux "./bin/activate";
+ user = "hello";
+ };
+ };
+ };
+
+ checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+ };
+}
diff --git a/examples/system/hello.nix b/examples/system/hello.nix
new file mode 100644
index 0000000..df57308
--- /dev/null
+++ b/examples/system/hello.nix
@@ -0,0 +1,30 @@
+# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+nixpkgs:
+let
+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
+ generateSystemd = type: name: config:
+ (nixpkgs.lib.nixosSystem {
+ modules = [{ systemd."${type}s".${name} = config; }];
+ system = "x86_64-linux";
+ }).config.systemd.units."${name}.${type}".text;
+
+ mkService = generateSystemd "service";
+
+ service = pkgs.writeTextFile {
+ name = "hello.service";
+ text = mkService "hello" {
+ unitConfig.WantedBy = [ "multi-user.target" ];
+ path = [ pkgs.hello ];
+ script = "hello";
+ };
+ };
+in pkgs.writeShellScriptBin "activate" ''
+ mkdir -p $HOME/.config/systemd/user
+ rm $HOME/.config/systemd/user/hello.service
+ ln -s ${service} $HOME/.config/systemd/user/hello.service
+ systemctl --user daemon-reload
+ systemctl --user restart hello
+''
diff --git a/examples/system/nix-pub.pem b/examples/system/nix-pub.pem
new file mode 100644
index 0000000..926f44c
--- /dev/null
+++ b/examples/system/nix-pub.pem
@@ -0,0 +1 @@
+cache.example.com:ic28PY7OIOQtoU282iaiizvA5WIOtYx5h6c9ePn3hDQ= \ No newline at end of file
diff --git a/examples/system/nix-pub.pem.license b/examples/system/nix-pub.pem.license
new file mode 100644
index 0000000..9e9897d
--- /dev/null
+++ b/examples/system/nix-pub.pem.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+
+SPDX-License-Identifier: MPL-2.0 \ No newline at end of file
diff --git a/examples/system/nix.key b/examples/system/nix.key
new file mode 100644
index 0000000..9157587
--- /dev/null
+++ b/examples/system/nix.key
@@ -0,0 +1 @@
+cache.example.com:dPNdwv04QPIEpcWnGioZmX9dvaGe7GCo7BZJFymDBnSJzbw9js4g5C2hTbzaJqKLO8DlYg61jHmHpz14+feENA== \ No newline at end of file
diff --git a/examples/system/nix.key.license b/examples/system/nix.key.license
new file mode 100644
index 0000000..9e9897d
--- /dev/null
+++ b/examples/system/nix.key.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+
+SPDX-License-Identifier: MPL-2.0 \ No newline at end of file