aboutsummaryrefslogtreecommitdiff
path: root/examples/system
diff options
context:
space:
mode:
Diffstat (limited to 'examples/system')
-rw-r--r--examples/system/README.md10
-rw-r--r--examples/system/bare.nix6
-rw-r--r--examples/system/common.nix30
-rw-r--r--examples/system/configuration.nix11
-rw-r--r--examples/system/flake.lock25
-rw-r--r--examples/system/flake.nix46
-rw-r--r--examples/system/hello.nix27
-rw-r--r--examples/system/nix-pub.pem1
-rw-r--r--examples/system/nix.key1
9 files changed, 157 insertions, 0 deletions
diff --git a/examples/system/README.md b/examples/system/README.md
new file mode 100644
index 0000000..1dea41f
--- /dev/null
+++ b/examples/system/README.md
@@ -0,0 +1,10 @@
+# Example nixos system deployment
+
+This is an example of how to deploy a full nixos system with a separate user unit to a bare machine.
+
+1. Run bare system from `.#nixosConfigurations.bare`
+ - `nix build .#nixosConfigurations.bare.config.system.build.vm`
+ - `QEMU_NET_OPTS=hostfwd=tcp::2221-:22 ./result/bin/run-bare-system-vm`
+2. `nix run github:serokell/deploy --prime`
+3. ???
+4. PROFIT!!!
diff --git a/examples/system/bare.nix b/examples/system/bare.nix
new file mode 100644
index 0000000..282080f
--- /dev/null
+++ b/examples/system/bare.nix
@@ -0,0 +1,6 @@
+{
+ imports = [ ./common.nix ];
+
+ # Use that when deploy scripts asks you for a hostname
+ networking.hostName = "bare-system";
+}
diff --git a/examples/system/common.nix b/examples/system/common.nix
new file mode 100644
index 0000000..7e7448e
--- /dev/null
+++ b/examples/system/common.nix
@@ -0,0 +1,30 @@
+{
+ boot.loader.systemd-boot.enable = true;
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/00000000-0000-0000-0000-000000000000";
+ fsType = "btrfs";
+ };
+
+ users.users.admin = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" "sudo" ];
+ password = "123";
+ };
+
+ services.openssh = { enable = true; };
+
+ # Another option would be root on the server
+ security.sudo.extraRules = [{
+ groups = [ "wheel" ];
+ commands = [{
+ command = "ALL";
+ options = [ "NOPASSWD" ];
+ }];
+ }];
+
+ nix.binaryCachePublicKeys = [
+ (builtins.readFile ./nix-pub.pem)
+ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+ ];
+}
diff --git a/examples/system/configuration.nix b/examples/system/configuration.nix
new file mode 100644
index 0000000..b2b55cf
--- /dev/null
+++ b/examples/system/configuration.nix
@@ -0,0 +1,11 @@
+{
+ imports = [ ./common.nix ];
+
+ networking.hostName = "example-nixos-syyyystem";
+
+ users.users.hello = {
+ isNormalUser = true;
+ password = "";
+ uid = 1010;
+ };
+}
diff --git a/examples/system/flake.lock b/examples/system/flake.lock
new file mode 100644
index 0000000..a57ff9d
--- /dev/null
+++ b/examples/system/flake.lock
@@ -0,0 +1,25 @@
+{
+ "nodes": {
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1592491430,
+ "narHash": "sha256-7WNpr16iUyjG4caad137nCqxXNTdct202jy05lslZXA=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "07299ff81e58e16b282fe602ce5e629854dfd544",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "root": {
+ "inputs": {
+ "nixpkgs": "nixpkgs"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/examples/system/flake.nix b/examples/system/flake.nix
new file mode 100644
index 0000000..383960b
--- /dev/null
+++ b/examples/system/flake.nix
@@ -0,0 +1,46 @@
+{
+ description = "Deploy a full system with hello service as a separate profile";
+
+
+ outputs = { self, nixpkgs }: {
+ nixosConfigurations.example-nixos-system = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [ ./configuration.nix ];
+ };
+
+ nixosConfigurations.bare = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [ ./bare.nix "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" ];
+ };
+
+ # This is the application we actually want to run
+ defaultPackage.x86_64-linux = import ./hello.nix nixpkgs;
+
+ deploy.nodes.example = {
+ sshOpts = [ "-p" "2221" ];
+ hostname = "localhost";
+ fastConnection = true;
+ profiles = {
+ system = {
+ sshUser = "admin";
+ activate = "$PROFILE/bin/switch-to-configuration switch";
+ path = self.nixosConfigurations.example-nixos-system.config.system.build.toplevel;
+ user = "root";
+ };
+ hello = {
+ sshUser = "hello";
+ activate = "$PROFILE/bin/activate";
+ path = self.defaultPackage.x86_64-linux;
+ user = "hello";
+ };
+ };
+ };
+
+ checks = builtins.mapAttrs (_: pkgs: {
+ jsonschema = pkgs.runCommandNoCC "jsonschema-deploy-system" { }
+ "${pkgs.python3.pkgs.jsonschema}/bin/jsonschema -i ${
+ pkgs.writeText "deploy.json" (builtins.toJSON self.deploy)
+ } ${../../interface/deploy.json} && touch $out";
+ }) nixpkgs.legacyPackages;
+ };
+}
diff --git a/examples/system/hello.nix b/examples/system/hello.nix
new file mode 100644
index 0000000..8c207f1
--- /dev/null
+++ b/examples/system/hello.nix
@@ -0,0 +1,27 @@
+nixpkgs:
+let
+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
+ generateSystemd = type: name: config:
+ (nixpkgs.lib.nixosSystem {
+ modules = [{ systemd."${type}s".${name} = config; }];
+ system = "x86_64-linux";
+ }).config.systemd.units."${name}.${type}".text;
+
+ mkService = generateSystemd "service";
+
+ service = pkgs.writeTextFile {
+ name = "hello.service";
+ text = mkService "hello" {
+ unitConfig.WantedBy = [ "multi-user.target" ];
+ path = [ pkgs.hello ];
+ script = "hello -g lel; touch $HOME/oof";
+ };
+ };
+in
+pkgs.writeShellScriptBin "activate" ''
+ mkdir -p $HOME/.config/systemd/user
+ rm $HOME/.config/systemd/user/hello.service
+ ln -s ${service} $HOME/.config/systemd/user/hello.service
+ systemctl --user daemon-reload
+ systemctl --user restart hello
+''
diff --git a/examples/system/nix-pub.pem b/examples/system/nix-pub.pem
new file mode 100644
index 0000000..926f44c
--- /dev/null
+++ b/examples/system/nix-pub.pem
@@ -0,0 +1 @@
+cache.example.com:ic28PY7OIOQtoU282iaiizvA5WIOtYx5h6c9ePn3hDQ= \ No newline at end of file
diff --git a/examples/system/nix.key b/examples/system/nix.key
new file mode 100644
index 0000000..9157587
--- /dev/null
+++ b/examples/system/nix.key
@@ -0,0 +1 @@
+cache.example.com:dPNdwv04QPIEpcWnGioZmX9dvaGe7GCo7BZJFymDBnSJzbw9js4g5C2hTbzaJqKLO8DlYg61jHmHpz14+feENA== \ No newline at end of file