diff options
author | notgne2 | 2020-10-26 21:05:03 -0700 |
---|---|---|
committer | notgne2 | 2020-10-26 21:05:03 -0700 |
commit | 997d1151fd3d303eaa9c2c41312ff87eee986418 (patch) | |
tree | 229deae6687a5b454cf2417fcb022a78f8ac20b8 /examples/system | |
parent | 30197f8a352c879f0070e059ebc117dc17e8270f (diff) | |
parent | df002c31a64409350a3cb8825364542c65a4d00a (diff) |
Merge branch 'master' into review
Diffstat (limited to '')
-rw-r--r-- | examples/system/README.md | 16 | ||||
-rw-r--r-- | examples/system/bare.nix | 10 | ||||
-rw-r--r-- | examples/system/common.nix | 34 | ||||
-rw-r--r-- | examples/system/configuration.nix | 15 | ||||
-rw-r--r-- | examples/system/flake.lock | 115 | ||||
-rw-r--r-- | examples/system/flake.lock.license | 3 | ||||
-rw-r--r-- | examples/system/flake.nix | 46 | ||||
-rw-r--r-- | examples/system/hello.nix | 30 | ||||
-rw-r--r-- | examples/system/nix-pub.pem | 1 | ||||
-rw-r--r-- | examples/system/nix-pub.pem.license | 3 | ||||
-rw-r--r-- | examples/system/nix.key | 1 | ||||
-rw-r--r-- | examples/system/nix.key.license | 3 |
12 files changed, 277 insertions, 0 deletions
diff --git a/examples/system/README.md b/examples/system/README.md new file mode 100644 index 0000000..daf649a --- /dev/null +++ b/examples/system/README.md @@ -0,0 +1,16 @@ +<!-- +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0 +--> + +# Example nixos system deployment + +This is an example of how to deploy a full nixos system with a separate user unit to a bare machine. + +1. Run bare system from `.#nixosConfigurations.bare` + - `nix build .#nixosConfigurations.bare.config.system.build.vm` + - `QEMU_NET_OPTS=hostfwd=tcp::2221-:22 ./result/bin/run-bare-system-vm` +2. `nix run github:serokell/deploy --prime` +3. ??? +4. PROFIT!!! diff --git a/examples/system/bare.nix b/examples/system/bare.nix new file mode 100644 index 0000000..46ba3b2 --- /dev/null +++ b/examples/system/bare.nix @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +{ + imports = [ ./common.nix ]; + + # Use that when deploy scripts asks you for a hostname + networking.hostName = "bare-system"; +} diff --git a/examples/system/common.nix b/examples/system/common.nix new file mode 100644 index 0000000..83ea225 --- /dev/null +++ b/examples/system/common.nix @@ -0,0 +1,34 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +{ + boot.loader.systemd-boot.enable = true; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/00000000-0000-0000-0000-000000000000"; + fsType = "btrfs"; + }; + + users.users.admin = { + isNormalUser = true; + extraGroups = [ "wheel" "sudo" ]; + password = "123"; + }; + + services.openssh = { enable = true; }; + + # Another option would be root on the server + security.sudo.extraRules = [{ + groups = [ "wheel" ]; + commands = [{ + command = "ALL"; + options = [ "NOPASSWD" ]; + }]; + }]; + + nix.binaryCachePublicKeys = [ + (builtins.readFile ./nix-pub.pem) + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; +} diff --git a/examples/system/configuration.nix b/examples/system/configuration.nix new file mode 100644 index 0000000..6d4234a --- /dev/null +++ b/examples/system/configuration.nix @@ -0,0 +1,15 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +{ + imports = [ ./common.nix ]; + + networking.hostName = "example-nixos-system"; + + users.users.hello = { + isNormalUser = true; + password = ""; + uid = 1010; + }; +} diff --git a/examples/system/flake.lock b/examples/system/flake.lock new file mode 100644 index 0000000..fc92f40 --- /dev/null +++ b/examples/system/flake.lock @@ -0,0 +1,115 @@ +{ + "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "naersk": "naersk", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1603740297, + "narHash": "sha256-yeTrA8AaLzDFICApX725gQhKoHNI2TCqWAeOl9axVZE=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "426fb3c489dcbb4ccbf98a3ab6a7fe25e71b95ca", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1600853454, + "narHash": "sha256-EgsgbcJNZ9AQLVhjhfiegGjLbO+StBY9hfKsCwc8Hw8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "94cf59784c73ecec461eaa291918eff0bfb538ac", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1602173141, + "narHash": "sha256-m6wU6lP0wf2OMw3KtJqn27ITtg29+ftciGHicLiVSGE=", + "owner": "nmattia", + "repo": "naersk", + "rev": "22b96210b2433228d42bce460f3befbdcfde7520", + "type": "github" + }, + "original": { + "owner": "nmattia", + "ref": "master", + "repo": "naersk", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1601961544, + "narHash": "sha256-uuh9CkDWkXlXse8IcergqoIM5JffqfQDKsl1uHB7XJI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "89281dd1dfed6839610f0ccad0c0e493606168fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1603739127, + "narHash": "sha256-mdLESpo4jXrAynLp7ypRaqkx6IS1jx2l78f1tg9iiJU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d699505277b99e4698d90563c5eb1b62ba5ba0ea", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "deploy-rs": "deploy-rs", + "nixpkgs": "nixpkgs_2" + } + }, + "utils": { + "locked": { + "lastModified": 1601282935, + "narHash": "sha256-WQAFV6sGGQxrRs3a+/Yj9xUYvhTpukQJIcMbIi7LCJ4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "588973065fce51f4763287f0fda87a174d78bf48", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/examples/system/flake.lock.license b/examples/system/flake.lock.license new file mode 100644 index 0000000..9e9897d --- /dev/null +++ b/examples/system/flake.lock.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0
\ No newline at end of file diff --git a/examples/system/flake.nix b/examples/system/flake.nix new file mode 100644 index 0000000..021f9db --- /dev/null +++ b/examples/system/flake.nix @@ -0,0 +1,46 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +{ + description = "Deploy a full system with hello service as a separate profile"; + + inputs.deploy-rs.url = "github:serokell/deploy-rs"; + + outputs = { self, nixpkgs, deploy-rs }: { + nixosConfigurations.example-nixos-system = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./configuration.nix ]; + }; + + nixosConfigurations.bare = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = + [ ./bare.nix "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" ]; + }; + + # This is the application we actually want to run + defaultPackage.x86_64-linux = import ./hello.nix nixpkgs; + + deploy.nodes.example = { + sshOpts = [ "-p" "2221" ]; + hostname = "localhost"; + fastConnection = true; + profiles = { + system = { + sshUser = "admin"; + path = + deploy-rs.lib.x86_64-linux.setActivate self.nixosConfigurations.example-nixos-system.config.system.build.toplevel "./bin/switch-to-configuration switch"; + user = "root"; + }; + hello = { + sshUser = "hello"; + path = deploy-rs.lib.x86_64-linux.setActivate self.defaultPackage.x86_64-linux "./bin/activate"; + user = "hello"; + }; + }; + }; + + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + }; +} diff --git a/examples/system/hello.nix b/examples/system/hello.nix new file mode 100644 index 0000000..df57308 --- /dev/null +++ b/examples/system/hello.nix @@ -0,0 +1,30 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +nixpkgs: +let + pkgs = nixpkgs.legacyPackages.x86_64-linux; + generateSystemd = type: name: config: + (nixpkgs.lib.nixosSystem { + modules = [{ systemd."${type}s".${name} = config; }]; + system = "x86_64-linux"; + }).config.systemd.units."${name}.${type}".text; + + mkService = generateSystemd "service"; + + service = pkgs.writeTextFile { + name = "hello.service"; + text = mkService "hello" { + unitConfig.WantedBy = [ "multi-user.target" ]; + path = [ pkgs.hello ]; + script = "hello"; + }; + }; +in pkgs.writeShellScriptBin "activate" '' + mkdir -p $HOME/.config/systemd/user + rm $HOME/.config/systemd/user/hello.service + ln -s ${service} $HOME/.config/systemd/user/hello.service + systemctl --user daemon-reload + systemctl --user restart hello +'' diff --git a/examples/system/nix-pub.pem b/examples/system/nix-pub.pem new file mode 100644 index 0000000..926f44c --- /dev/null +++ b/examples/system/nix-pub.pem @@ -0,0 +1 @@ +cache.example.com:ic28PY7OIOQtoU282iaiizvA5WIOtYx5h6c9ePn3hDQ=
\ No newline at end of file diff --git a/examples/system/nix-pub.pem.license b/examples/system/nix-pub.pem.license new file mode 100644 index 0000000..9e9897d --- /dev/null +++ b/examples/system/nix-pub.pem.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0
\ No newline at end of file diff --git a/examples/system/nix.key b/examples/system/nix.key new file mode 100644 index 0000000..9157587 --- /dev/null +++ b/examples/system/nix.key @@ -0,0 +1 @@ +cache.example.com:dPNdwv04QPIEpcWnGioZmX9dvaGe7GCo7BZJFymDBnSJzbw9js4g5C2hTbzaJqKLO8DlYg61jHmHpz14+feENA==
\ No newline at end of file diff --git a/examples/system/nix.key.license b/examples/system/nix.key.license new file mode 100644 index 0000000..9e9897d --- /dev/null +++ b/examples/system/nix.key.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0
\ No newline at end of file |