rename machines
-> hosts
- shorter. - congruent with `nixos-rebuild .` choosing what to build based on `hostname`. - more widely used within other nix repos i've seen. - more accurate in the case that i migrate a host to a different machine (which i plan to do with servo).
This commit is contained in:
parent
8fc6b05c07
commit
43fa7fdd9f
28
flake.nix
28
flake.nix
|
@ -45,7 +45,7 @@
|
||||||
nixpkgsFor = local: target: import (patchedPkgs target) { crossSystem = target; localSystem = local; };
|
nixpkgsFor = local: target: import (patchedPkgs target) { crossSystem = target; localSystem = local; };
|
||||||
# evaluate ONLY our overlay, for the provided system
|
# evaluate ONLY our overlay, for the provided system
|
||||||
customPackagesFor = local: target: import ./pkgs/overlay.nix (nixpkgsFor local target) (nixpkgsFor local target);
|
customPackagesFor = local: target: import ./pkgs/overlay.nix (nixpkgsFor local target) (nixpkgsFor local target);
|
||||||
decl-machine = { name, local, target }:
|
decl-host = { name, local, target }:
|
||||||
let
|
let
|
||||||
nixosSystem = import ((patchedPkgs target) + "/nixos/lib/eval-config.nix");
|
nixosSystem = import ((patchedPkgs target) + "/nixos/lib/eval-config.nix");
|
||||||
in (nixosSystem {
|
in (nixosSystem {
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
specialArgs = { inherit mobile-nixos home-manager impermanence; };
|
specialArgs = { inherit mobile-nixos home-manager impermanence; };
|
||||||
modules = [
|
modules = [
|
||||||
./modules
|
./modules
|
||||||
(import ./machines/instantiate.nix name)
|
(import ./hosts/instantiate.nix name)
|
||||||
home-manager.nixosModule
|
home-manager.nixosModule
|
||||||
impermanence.nixosModule
|
impermanence.nixosModule
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
|
@ -77,8 +77,8 @@
|
||||||
];
|
];
|
||||||
});
|
});
|
||||||
|
|
||||||
decl-bootable-machine = { name, local, target }: rec {
|
decl-bootable-host = { name, local, target }: rec {
|
||||||
nixosConfiguration = decl-machine { inherit name local target; };
|
nixosConfiguration = decl-host { inherit name local target; };
|
||||||
# this produces a EFI-bootable .img file (GPT with a /boot partition and a system (/ or /nix) partition).
|
# this produces a EFI-bootable .img file (GPT with a /boot partition and a system (/ or /nix) partition).
|
||||||
# after building this:
|
# after building this:
|
||||||
# - flash it to a bootable medium (SD card, flash drive, HDD)
|
# - flash it to a bootable medium (SD card, flash drive, HDD)
|
||||||
|
@ -91,23 +91,23 @@
|
||||||
# - boot
|
# - boot
|
||||||
# - if fs wasn't resized automatically, then `sudo btrfs filesystem resize max /`
|
# - if fs wasn't resized automatically, then `sudo btrfs filesystem resize max /`
|
||||||
# - checkout this flake into /etc/nixos AND UPDATE THE FS UUIDS.
|
# - checkout this flake into /etc/nixos AND UPDATE THE FS UUIDS.
|
||||||
# - `nixos-rebuild --flake './#<machine>' switch`
|
# - `nixos-rebuild --flake './#<host>' switch`
|
||||||
img = nixosConfiguration.config.system.build.img;
|
img = nixosConfiguration.config.system.build.img;
|
||||||
};
|
};
|
||||||
machines.servo = decl-bootable-machine { name = "servo"; local = "aarch64-linux"; target = "aarch64-linux"; };
|
hosts.servo = decl-bootable-host { name = "servo"; local = "aarch64-linux"; target = "aarch64-linux"; };
|
||||||
machines.desko = decl-bootable-machine { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
hosts.desko = decl-bootable-host { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
machines.lappy = decl-bootable-machine { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
hosts.lappy = decl-bootable-host { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
machines.moby = decl-bootable-machine { name = "moby"; local = "aarch64-linux"; target = "aarch64-linux"; };
|
hosts.moby = decl-bootable-host { name = "moby"; local = "aarch64-linux"; target = "aarch64-linux"; };
|
||||||
# special cross-compiled variant, to speed up deploys from an x86 box to the arm target
|
# special cross-compiled variant, to speed up deploys from an x86 box to the arm target
|
||||||
# note that these *do* produce different store paths, because the closure for the tools used to cross compile
|
# note that these *do* produce different store paths, because the closure for the tools used to cross compile
|
||||||
# v.s. emulate differ.
|
# v.s. emulate differ.
|
||||||
# so deploying foo-cross and then foo incurs some rebuilding.
|
# so deploying foo-cross and then foo incurs some rebuilding.
|
||||||
machines.servo-cross = decl-bootable-machine { name = "servo"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
hosts.servo-cross = decl-bootable-host { name = "servo"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
||||||
machines.moby-cross = decl-bootable-machine { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
hosts.moby-cross = decl-bootable-host { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
||||||
machines.rescue = decl-bootable-machine { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
hosts.rescue = decl-bootable-host { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
in {
|
in {
|
||||||
nixosConfigurations = builtins.mapAttrs (name: value: value.nixosConfiguration) machines;
|
nixosConfigurations = builtins.mapAttrs (name: value: value.nixosConfiguration) hosts;
|
||||||
imgs = builtins.mapAttrs (name: value: value.img) machines;
|
imgs = builtins.mapAttrs (name: value: value.img) hosts;
|
||||||
packages = let
|
packages = let
|
||||||
allPkgsFor = sys: (customPackagesFor sys sys) // {
|
allPkgsFor = sys: (customPackagesFor sys sys) // {
|
||||||
nixpkgs = nixpkgsFor sys sys;
|
nixpkgs = nixpkgsFor sys sys;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# trampoline from flake.nix into the specific machine definition, while doing a tiny bit of common setup
|
# trampoline from flake.nix into the specific host definition, while doing a tiny bit of common setup
|
||||||
|
|
||||||
hostName: { ... }: {
|
hostName: { ... }: {
|
||||||
imports = [
|
imports = [
|
|
@ -29,7 +29,7 @@ in
|
||||||
sane.allocations.colin-uid = mkId 1000;
|
sane.allocations.colin-uid = mkId 1000;
|
||||||
sane.allocations.guest-uid = mkId 1100;
|
sane.allocations.guest-uid = mkId 1100;
|
||||||
|
|
||||||
# found on all machines
|
# found on all hosts
|
||||||
sane.allocations.sshd-uid = mkId 2001; # 997
|
sane.allocations.sshd-uid = mkId 2001; # 997
|
||||||
sane.allocations.sshd-gid = mkId 2001; # 997
|
sane.allocations.sshd-gid = mkId 2001; # 997
|
||||||
sane.allocations.polkituser-gid = mkId 2002; # 998
|
sane.allocations.polkituser-gid = mkId 2002; # 998
|
||||||
|
@ -39,15 +39,15 @@ in
|
||||||
sane.allocations.systemd-oom-uid = mkId 2005;
|
sane.allocations.systemd-oom-uid = mkId 2005;
|
||||||
sane.allocations.systemd-oom-gid = mkId 2005;
|
sane.allocations.systemd-oom-gid = mkId 2005;
|
||||||
|
|
||||||
# found on graphical machines
|
# found on graphical hosts
|
||||||
sane.allocations.nm-iodine-uid = mkId 2101; # desko/moby/lappy
|
sane.allocations.nm-iodine-uid = mkId 2101; # desko/moby/lappy
|
||||||
|
|
||||||
# found on desko machine
|
# found on desko host
|
||||||
sane.allocations.usbmux-uid = mkId 2204;
|
sane.allocations.usbmux-uid = mkId 2204;
|
||||||
sane.allocations.usbmux-gid = mkId 2204;
|
sane.allocations.usbmux-gid = mkId 2204;
|
||||||
|
|
||||||
|
|
||||||
# originally found on moby machine
|
# originally found on moby host
|
||||||
sane.allocations.avahi-uid = mkId 2304;
|
sane.allocations.avahi-uid = mkId 2304;
|
||||||
sane.allocations.avahi-gid = mkId 2304;
|
sane.allocations.avahi-gid = mkId 2304;
|
||||||
sane.allocations.colord-uid = mkId 2305;
|
sane.allocations.colord-uid = mkId 2305;
|
||||||
|
|
|
@ -27,8 +27,8 @@ let
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
# map hostname -> something suitable for known_keys
|
# map hostname -> something suitable for known_keys
|
||||||
hosts = builtins.mapAttrs (machine: keys: withHost machine keys.host) keys;
|
hosts = builtins.mapAttrs (host: keys: withHost host keys.host) keys;
|
||||||
# map hostname -> something suitable for authorized_keys to allow access to colin@<hostname>
|
# map hostname -> something suitable for authorized_keys to allow access to colin@<hostname>
|
||||||
users = builtins.mapAttrs (machine: keys: withUser "colin@${machine}" keys.users.colin) keys;
|
users = builtins.mapAttrs (host: keys: withUser "colin@${host}" keys.users.colin) keys;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
# add the result to .sops.yaml
|
# add the result to .sops.yaml
|
||||||
# since we specify ssh pubkeys in the nix config, you can just grep for `ssh-ed25519` here and use those instead
|
# since we specify ssh pubkeys in the nix config, you can just grep for `ssh-ed25519` here and use those instead
|
||||||
#
|
#
|
||||||
# for each machine you want to decrypt secrets:
|
# for each host you want to decrypt secrets:
|
||||||
# $ cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
# $ cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
||||||
# add the result to .sops.yaml
|
# add the result to .sops.yaml
|
||||||
# $ sops updatekeys secrets/example.yaml
|
# $ sops updatekeys secrets/example.yaml
|
||||||
|
|
|
@ -4,6 +4,12 @@ to deploy:
|
||||||
nixos-rebuild --flake "./#servo" {build,switch}
|
nixos-rebuild --flake "./#servo" {build,switch}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
if the target is the same as the host, nix will grab the hostname automatically:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
nixos-rebuild --flake . {build,switch}
|
||||||
|
```
|
||||||
|
|
||||||
more options (like building packages defined in this repo):
|
more options (like building packages defined in this repo):
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
|
Loading…
Reference in New Issue
Block a user