diff options
Diffstat (limited to '')
-rw-r--r-- | examples/system/README.md | 10 | ||||
-rw-r--r-- | examples/system/bare.nix | 6 | ||||
-rw-r--r-- | examples/system/common.nix | 30 | ||||
-rw-r--r-- | examples/system/configuration.nix | 11 | ||||
-rw-r--r-- | examples/system/flake.lock | 25 | ||||
-rw-r--r-- | examples/system/flake.nix | 46 | ||||
-rw-r--r-- | examples/system/hello.nix | 27 | ||||
-rw-r--r-- | examples/system/nix-pub.pem | 1 | ||||
-rw-r--r-- | examples/system/nix.key | 1 |
9 files changed, 157 insertions, 0 deletions
diff --git a/examples/system/README.md b/examples/system/README.md new file mode 100644 index 0000000..1dea41f --- /dev/null +++ b/examples/system/README.md @@ -0,0 +1,10 @@ +# Example nixos system deployment + +This is an example of how to deploy a full nixos system with a separate user unit to a bare machine. + +1. Run bare system from `.#nixosConfigurations.bare` + - `nix build .#nixosConfigurations.bare.config.system.build.vm` + - `QEMU_NET_OPTS=hostfwd=tcp::2221-:22 ./result/bin/run-bare-system-vm` +2. `nix run github:serokell/deploy --prime` +3. ??? +4. PROFIT!!! diff --git a/examples/system/bare.nix b/examples/system/bare.nix new file mode 100644 index 0000000..282080f --- /dev/null +++ b/examples/system/bare.nix @@ -0,0 +1,6 @@ +{ + imports = [ ./common.nix ]; + + # Use that when deploy scripts asks you for a hostname + networking.hostName = "bare-system"; +} diff --git a/examples/system/common.nix b/examples/system/common.nix new file mode 100644 index 0000000..7e7448e --- /dev/null +++ b/examples/system/common.nix @@ -0,0 +1,30 @@ +{ + boot.loader.systemd-boot.enable = true; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/00000000-0000-0000-0000-000000000000"; + fsType = "btrfs"; + }; + + users.users.admin = { + isNormalUser = true; + extraGroups = [ "wheel" "sudo" ]; + password = "123"; + }; + + services.openssh = { enable = true; }; + + # Another option would be root on the server + security.sudo.extraRules = [{ + groups = [ "wheel" ]; + commands = [{ + command = "ALL"; + options = [ "NOPASSWD" ]; + }]; + }]; + + nix.binaryCachePublicKeys = [ + (builtins.readFile ./nix-pub.pem) + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; +} diff --git a/examples/system/configuration.nix b/examples/system/configuration.nix new file mode 100644 index 0000000..b2b55cf --- /dev/null +++ b/examples/system/configuration.nix @@ -0,0 +1,11 @@ +{ + imports = [ ./common.nix ]; + + networking.hostName = "example-nixos-syyyystem"; + + users.users.hello = { + isNormalUser = true; + password = ""; + uid = 1010; + }; +} diff --git a/examples/system/flake.lock b/examples/system/flake.lock new file mode 100644 index 0000000..a57ff9d --- /dev/null +++ b/examples/system/flake.lock @@ -0,0 +1,25 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1592491430, + "narHash": "sha256-7WNpr16iUyjG4caad137nCqxXNTdct202jy05lslZXA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "07299ff81e58e16b282fe602ce5e629854dfd544", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/examples/system/flake.nix b/examples/system/flake.nix new file mode 100644 index 0000000..383960b --- /dev/null +++ b/examples/system/flake.nix @@ -0,0 +1,46 @@ +{ + description = "Deploy a full system with hello service as a separate profile"; + + + outputs = { self, nixpkgs }: { + nixosConfigurations.example-nixos-system = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./configuration.nix ]; + }; + + nixosConfigurations.bare = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./bare.nix "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" ]; + }; + + # This is the application we actually want to run + defaultPackage.x86_64-linux = import ./hello.nix nixpkgs; + + deploy.nodes.example = { + sshOpts = [ "-p" "2221" ]; + hostname = "localhost"; + fastConnection = true; + profiles = { + system = { + sshUser = "admin"; + activate = "$PROFILE/bin/switch-to-configuration switch"; + path = self.nixosConfigurations.example-nixos-system.config.system.build.toplevel; + user = "root"; + }; + hello = { + sshUser = "hello"; + activate = "$PROFILE/bin/activate"; + path = self.defaultPackage.x86_64-linux; + user = "hello"; + }; + }; + }; + + checks = builtins.mapAttrs (_: pkgs: { + jsonschema = pkgs.runCommandNoCC "jsonschema-deploy-system" { } + "${pkgs.python3.pkgs.jsonschema}/bin/jsonschema -i ${ + pkgs.writeText "deploy.json" (builtins.toJSON self.deploy) + } ${../../interface/deploy.json} && touch $out"; + }) nixpkgs.legacyPackages; + }; +} diff --git a/examples/system/hello.nix b/examples/system/hello.nix new file mode 100644 index 0000000..8c207f1 --- /dev/null +++ b/examples/system/hello.nix @@ -0,0 +1,27 @@ +nixpkgs: +let + pkgs = nixpkgs.legacyPackages.x86_64-linux; + generateSystemd = type: name: config: + (nixpkgs.lib.nixosSystem { + modules = [{ systemd."${type}s".${name} = config; }]; + system = "x86_64-linux"; + }).config.systemd.units."${name}.${type}".text; + + mkService = generateSystemd "service"; + + service = pkgs.writeTextFile { + name = "hello.service"; + text = mkService "hello" { + unitConfig.WantedBy = [ "multi-user.target" ]; + path = [ pkgs.hello ]; + script = "hello -g lel; touch $HOME/oof"; + }; + }; +in +pkgs.writeShellScriptBin "activate" '' + mkdir -p $HOME/.config/systemd/user + rm $HOME/.config/systemd/user/hello.service + ln -s ${service} $HOME/.config/systemd/user/hello.service + systemctl --user daemon-reload + systemctl --user restart hello +'' diff --git a/examples/system/nix-pub.pem b/examples/system/nix-pub.pem new file mode 100644 index 0000000..926f44c --- /dev/null +++ b/examples/system/nix-pub.pem @@ -0,0 +1 @@ +cache.example.com:ic28PY7OIOQtoU282iaiizvA5WIOtYx5h6c9ePn3hDQ=
\ No newline at end of file diff --git a/examples/system/nix.key b/examples/system/nix.key new file mode 100644 index 0000000..9157587 --- /dev/null +++ b/examples/system/nix.key @@ -0,0 +1 @@ +cache.example.com:dPNdwv04QPIEpcWnGioZmX9dvaGe7GCo7BZJFymDBnSJzbw9js4g5C2hTbzaJqKLO8DlYg61jHmHpz14+feENA==
\ No newline at end of file |