divnix/digga
1
1
Fork 0
mirror of https://github.com/divnix/digga.git synced 2024-12-22 15:41:46 +03:00
Code Issues Projects Releases Wiki Activity

Merge branch 'main' into hotfix-exported-overlays

Browse Source
This commit is contained in:
chris montgomery 2022-07-10 18:26:02 -04:00 committed by GitHub
commit abae75b6dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 79 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/SUMMARY.md
View File

@ -3,8 +3,6 @@
- [Introduction](../README.md)
- [Quick Start](./start/index.md)
- [ISO](./start/iso.md)
- [Bootstrapping](./start/bootstrapping.md)
- [From NixOS](./start/from-nixos.md)
- [Key Concepts](./concepts/index.md)
- [Hosts](./concepts/hosts.md)
- [Overrides](./concepts/overrides.md)
@ -18,8 +16,6 @@
- [Concerns]()
- [Secrets](./secrets.md)
- [Tests](./tests.md)
- [Helper Script `bud`](./bud/index.md)
- [get](./bud/get.md)
- [Integrations](./integrations/index.md)
- [Cachix](./integrations/cachix.md)
- [Deploy RS](./integrations/deploy.md)

10
doc/bud/get.md
View File

@ -1,10 +0,0 @@
# get
The `get` subcommand is useful for getting a bare copy of devos without the
git history.
## Usage
```sh
bud get DEST-DIR
```
If DEST-DIR is ommitted, it defaults to _./devos_.

24
doc/bud/index.md
View File

@ -1,24 +0,0 @@
# [`bud`][bud] command
The template incudes a convenient script for managing your system called [`bud`][bud].
It is a portable and highly composable system control tool that work anywhere on your host
or in the flake's devshell.
Although it comes with some predefined standard helpers,
it is very extensible and you are encouraged to write your own script snippets
to ease your workflows. An example is the bud module for a `get` command that
comes included with `devos`.
While writing scripts you can convenientely access smart environment variables
that can tell the current architecture, user or host name, among others, regardless
wether you invoke `bud` within the devshell or as the system-wide installed `bud`.
For details, please review the [bud repo][bud].
## Usage
```sh
bud help
```
[bud]: https://github.com/divnix/bud

22
doc/concepts/users.md
View File

@ -8,8 +8,7 @@
Users are a special case of [profiles](profiles.md) that define system
users and [home-manager][home-manager] configurations. For your convenience,
home manager is wired in by default so all you have to worry about is declaring
your users. For a fully fleshed out example, check out the developers personal
[branch](https://github.com/divnix/devos/tree/nrd/users/nrd/default.nix).
your users.
## Basic Usage
`users/myuser/default.nix`:
@ -49,22 +48,11 @@ argument that gets passed to your home-manager users.
## External Usage
You can easily use the defined home-manager configurations outside of NixOS
using the `homeConfigurations` flake output. The [bud](../bud/index.md) helper
script makes this even easier.
using the `homeConfigurations` flake output.
This is great for keeping your environment consistent across Unix systems,
including OSX.
This is great for keeping your environment consistent across Unix-like systems,
including macOS.
### From within the projects devshell:
```sh
# builds the nixos user defined in the NixOS host
bud home NixOS nixos
# build and activate
bud home NixOS nixos switch
```
### Manually from outside the project:
```sh
# build
nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPackage"
@ -74,5 +62,5 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac
```
[home-manager]: https://nix-community.github.io/home-manager
[modules-list]: https://github.com/divnix/devos/tree/main/users/modules/module-list.nix
[modules-list]: https://github.com/divnix/digga/tree/main/users/modules/module-list.nix
[portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers

102
doc/start/bootstrapping.md
View File

@ -1,102 +0,0 @@
# Bootstrapping
This will help you boostrap a bare host with the help of the
[bespoke iso](./iso.md) live installer.
_Note: nothing prevents you from remotely executing the boostrapping
process. See below._
Once your target host has booted into the live iso, you need to partition
and format your disk according to the [official manual][manual].
## Mount partitions
Then properly mount the formatted partitions at `/mnt`, so that you can
install your system to those new partitions.
Mount `nixos` partition to `/mnt` and — for UEFI — `boot`
partition to `/mnt/boot`:
```console
$ mount /dev/disk/by-label/nixos /mnt
$ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only
$ swapon /dev/disk/by-label/swap
```
Add some extra space to the store. In the iso, it's running on a tmpfs
off your RAM:
```console
$ mkdir -p /mnt/tmpstore/{work,store}
$ mount -t overlay overlay -olowerdir=/nix/store,upperdir=/mnt/tmpstore/store,workdir=/mnt/tmpstore/work /nix/store
```
## Install
Install off of a copy of devos from the time the iso was built:
```console
$ cd /iso/devos
$ nixos-install --flake .#NixOS
```
## Notes of interest
### Remote access to the live installer
The iso live installer comes preconfigured with a network configuration
which announces it's hostname via [MulticastDNS][mDNS] as `hostname.local`,
that is `bootstrap.local` in the [iso example](./iso).
In the rare case that [MulticastDNS][mDNS] is not availabe or turned off
in your network, there is a static link-local IPv6 address configured to
`fe80::47`(mnemonic from the letter's position in the english alphabet:
`n=14 i=9 x=24; 47 = n+i+x`).
Provided that you have added your public key to the authorized keys of the
`root` user _(hint: [`deploy-rs`](../integrations/deploy.md) needs passwordless
sudo access)_:
```nix
{ ... }:
{
users.users.root.openssh.authorizedKeys.keyFiles = [
../secrets/path/to/key.pub
];
}
```
You can then ssh into the live installer through one of the
following options:
```console
ssh root@bootstrap.local
ssh root@fe80::47%eno1 # where eno1 is your network interface on which you are linked to the target
```
_Note: the [static link-local IPv6 address][staticLLA] and [MulticastDNS][mDNS] is only
configured on the live installer. If you wish to enable [MulticastDNS][mDNS]
for your environment, you ought to configure that in a regular [profile](../concepts/profiles.md)._
### EUI-64 LLA & Host Identity
The iso's IPv6 Link Local Address (LLA) is configured with a static 64-bit Extended
Unique Identifiers (EUI-64) that is derived from the host interface's Message
Authentication Code (MAC) address.
After a little while (a few seconds), you can remotely discover this unique and host
specific address over [NDP][NDP] for example with:
```console
ip -6 neigh show # also shows fe80::47
```
***This LLA is stable for the host, unless you need to swap that particular network card.***
Under this reservation, though, you may use this EUI-64 to wire up a specific
(cryptographic) host identity.
[manual]: https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning
[mDNS]: https://en.wikipedia.org/wiki/Multicast_DNS
[NDP]: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
[staticLLA]: https://tools.ietf.org/html/rfc7404

57
doc/start/from-nixos.md
View File

@ -1,57 +0,0 @@
# From NixOS
## Generate Configuration
Assuming you're happy with your existing partition layout, you can generate a
basic NixOS configuration for your system using:
```sh
bud up
```
This will make a new folder `hosts/$(hostname)`, which you can edit to
your liking.
You must then add a host to `nixos.hosts` in flake.nix:
```nix
{
# ...
nixos = {
hosts = {
/* set host specific properties here */
NixOS = { };
$(hostname) = { };
};
};
# ...
}
```
Make sure your `i18n.defaultLocale` and `time.timeZone` are set properly for
your region. Keep in mind that `networking.hostName` will be automatically
set to the name of your host;
Now might be a good time to read the docs on [suites](../concepts/suites.md) and
[profiles](../concepts/profiles.md) and add or create any that you need.
> ##### _Note:_
> While the `up` sub-command is provided as a convenience to quickly set up and
> install a "fresh" NixOS system on current hardware, committing these files is
> discouraged.
>
> They are placed in the git staging area automatically because they would be
> invisible to the flake otherwise, but it is best to move what you need from
> them directly into a host module of your own making, and commit that instead.
# Installation
Once you're ready to deploy `hosts/$(hostname)`:
```sh
bud rebuild $(hostname) switch
```
This calls `nixos-rebuild` with sudo to build and install your configuration.
> ##### _Notes:_
> - Instead of `switch`, you can pass `build`, `test`, `boot`, etc just as with
> `nixos-rebuild`.

3
doc/start/index.md
View File

@ -43,9 +43,8 @@ In addition, the [binary cache](../integrations/cachix.md) is added for faster d
> you can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"`
## Next Steps:
- [Make installable ISO](./iso.md)
- [Bootstrap Host](./bootstrapping.md)
- [Already on NixOS](./from-nixos.md)
[install-nix]: https://nixos.org/manual/nix/stable/#sect-multi-user-installation

40
doc/start/iso.md
View File

@ -1,22 +1,36 @@
# ISO
# Installation Media
This project leverages [nix-community/nixos-generators][nixos-generators] for
building machine images. In most cases, you'll probably want to use the
`install-iso` format.
Making an installable ISO for `hosts/bootstrap.nix` is as simple as:
Making and writing an installable iso for `hosts/bootstrap.nix` is as simple as:
```sh
bud build bootstrap bootstrapIso
sudo -E $(which bud) burn
nix run github:nix-community/nixos-generators -- \
--format install-iso \
--flake '.#bootstrap'
```
This works for any host.
Then "burn" the ISO to your USB stick (or CD-R if you like!) following the
[instructions in the NixOS manual][burn] (or using your preferred USB burner).
## ISO image nix store & cache
You can also swap out the `--format` for [any of the others][formats] supported
by nixos-generators.
The iso image holds the store to the live environment and _also_ acts as a binary cache
to the installer. To considerably speed up things, the image already includes all flake
`inputs` as well as the `devshell` closures.
Continue by following the usual installation instructions in the NixOS manual.
While you _could_ provision any machine with a single stick, a custom-made iso for
the host you want to install DevOS to, maximises those local cache hits.
## ISO Nix Store and Cache
For hosts that don't differ too much, a single usb stick might be ok, whereas when
there are bigger differences, a custom-made usb stick will be considerably faster.
The ISO image holds the Nix store for the live environment and _also_ acts as a
binary cache to the installer. To considerably speed things up, the image
already includes all flake `inputs` as well as the `devshell` closures.
While you _could_ provision any NixOS machine with the same USB stick, an ISO
custom-made for your target host will maximise those local cache hits. For hosts
that don't differ too much, a single USB stick might be ok, whereas when there
are bigger differences, a custom-made USB stick will be considerably faster.
[nixos-generators]: https://github.com/nix-community/nixos-generators
[burn]: https://nixos.org/manual/nixos/stable/index.html#sec-booting-from-usb
[formats]: https://github.com/nix-community/nixos-generators/tree/master/formats

5
examples/devos/.gitignore vendored
View File

@ -2,9 +2,4 @@ result
.direnv
doc/index.html
# Result of bud commands
vm
iso
doi
pkgs/_sources/.shake*

12
examples/devos/flake.nix
View File

@ -8,7 +8,7 @@
inputs =
{
# Track channels with commits tested and built by hydra
nixos.url = "github:nixos/nixpkgs/nixos-21.11";
nixos.url = "github:nixos/nixpkgs/nixos-22.05";
latest.url = "github:nixos/nixpkgs/nixos-unstable";
# For darwin hosts: it can be helpful to track this darwin-specific stable
# channel equivalent to the `nixos-*` channels for NixOS. For one, these
@ -16,7 +16,7 @@
# But, perhaps even more usefully, it provides a place for adding
# darwin-specific overlays and packages which could otherwise cause build
# failures on Linux systems.
nixpkgs-darwin-stable.url = "github:NixOS/nixpkgs/nixpkgs-21.11-darwin";
nixpkgs-darwin-stable.url = "github:NixOS/nixpkgs/nixpkgs-22.05-darwin";
digga.url = "github:divnix/digga";
digga.inputs.nixpkgs.follows = "nixos";
@ -24,11 +24,7 @@
digga.inputs.home-manager.follows = "home";
digga.inputs.deploy.follows = "deploy";
bud.url = "github:divnix/bud";
bud.inputs.nixpkgs.follows = "nixos";
bud.inputs.devshell.follows = "digga/devshell";
home.url = "github:nix-community/home-manager/release-21.11";
home.url = "github:nix-community/home-manager/release-22.05";
home.inputs.nixpkgs.follows = "nixos";
darwin.url = "github:LnL7/nix-darwin";
@ -56,7 +52,6 @@
outputs =
{ self
, digga
, bud
, nixos
, home
, nixos-hardware
@ -115,7 +110,6 @@
digga.nixosModules.nixConfig
home.nixosModules.home-manager
agenix.nixosModules.age
bud.nixosModules.bud
];
};

6
examples/devos/hosts/nixos/bootstrap.nix
View File

@ -1,9 +1,5 @@
{ profiles, ... }:
{
# build with: `bud build bootstrap bootstrapIso`
# reachable on the local link via ssh root@fe80::47%eno1
# where 'eno1' is replaced by your own machine's network
# interface that has the local link to the target machine
imports = [
# profiles.networking
profiles.core.nixos
@ -13,6 +9,6 @@
boot.loader.systemd-boot.enable = true;
# will be overridden by the bootstrapIso instrumentation
# Required, but will be overridden in the resulting installer ISO.
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; };
}

4
examples/devos/shell/default.nix
View File

@ -1,8 +1,6 @@
{ self, inputs, ... }:
{
modules = with inputs; [
bud.devshellModules.bud
];
modules = with inputs; [];
exportedModules = [
./devos.nix
];

8
examples/devos/shell/devos.nix
View File

@ -43,7 +43,6 @@ in
commands = [
(devos nixUnstable)
(devos agenix)
(devos inputs.deploy.packages.${pkgs.system}.deploy-rs)
{
category = "devos";
@ -57,9 +56,12 @@ in
(docs mdbook)
]
++ lib.optional (!pkgs.stdenv.buildPlatform.isi686)
++ lib.optionals (!pkgs.stdenv.buildPlatform.isi686) [
(devos cachix)
++ lib.optional (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin)
]
++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [
(devos inputs.nixos-generators.defaultPackage.${pkgs.system})
(devos inputs.deploy.packages.${pkgs.system}.deploy-rs)
]
;
}

6
examples/groupByConfig/flake.nix
View File

@ -3,7 +3,7 @@
inputs = {
# Track channels with commits tested and built by hydra
nixos.url = "github:nixos/nixpkgs/nixos-21.11";
nixos.url = "github:nixos/nixpkgs/nixos-22.05";
# For darwin hosts: it can be helpful to track this darwin-specific stable
# channel equivalent to the `nixos-*` channels for NixOS. For one, these
@ -11,7 +11,7 @@
# But, perhaps even more usefully, it provides a place for adding
# darwin-specific overlays and packages which could otherwise cause build
# failures on Linux systems.
nixpkgs-darwin-stable.url = "github:NixOS/nixpkgs/nixpkgs-21.11-darwin";
nixpkgs-darwin-stable.url = "github:NixOS/nixpkgs/nixpkgs-22.05-darwin";
digga.url = "github:divnix/digga";
digga.inputs.nixpkgs.follows = "nixos";
@ -19,7 +19,7 @@
darwin.url = "github:LnL7/nix-darwin";
darwin.inputs.nixpkgs.follows = "nixpkgs-darwin-stable";
home.url = "github:nix-community/home-manager/release-21.11";
home.url = "github:nix-community/home-manager/release-22.05";
home.inputs.nixpkgs.follows = "nixos";
};

4
examples/hmOnly/flake.nix
View File

@ -2,11 +2,11 @@
description = "A DevOS example. And also a digga test bed.";
inputs = {
nixos.url = "github:nixos/nixpkgs/nixos-21.11";
nixos.url = "github:nixos/nixpkgs/nixos-22.05";
digga.url = "github:divnix/digga";
digga.inputs.nixpkgs.follows = "nixos";
digga.inputs.home-manager.follows = "home";
home.url = "github:nix-community/home-manager/release-21.11";
home.url = "github:nix-community/home-manager/release-22.05";
home.inputs.nixpkgs.follows = "nixos";
};

58
flake.lock
View File

@ -22,11 +22,11 @@
]
},
"locked": {
"lastModified": 1650976225,
"narHash": "sha256-PGM65SQHS63Dd5MmLJo3GJsZP9lJVZmpWxluQoG1Dt8=",
"lastModified": 1651916036,
"narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "bb3baef6e115ae47bc2ab4973bd3a486488485b0",
"rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba",
"type": "github"
},
"original": {
@ -44,11 +44,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1648475189,
"narHash": "sha256-gAGAS6IagwoUr1B0ohE3iR6sZ8hP4LSqzYLC8Mq3WGU=",
"lastModified": 1653594315,
"narHash": "sha256-kJ0ENmnQJ4qL2FeYKZba9kvv1KmIuB3NVpBwMeI7AJQ=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "83e0c78291cd08cb827ba0d553ad9158ae5a95c3",
"rev": "184349d8149436748986d1bdba087e4149e9c160",
"type": "github"
},
"original": {
@ -65,11 +65,11 @@
]
},
"locked": {
"lastModified": 1650389807,
"narHash": "sha256-GFRBdHMJ/T/ifaE2GS58RWpxyufH0LqI3oGS6oWAnHk=",
"lastModified": 1655976588,
"narHash": "sha256-VreHyH6ITkf/1EX/8h15UqhddJnUleb0HgbC3gMkAEQ=",
"owner": "numtide",
"repo": "devshell",
"rev": "5a53bbf3eb4c908d83884d725a86b3a3bde35979",
"rev": "899ca4629020592a13a46783587f6e674179d1db",
"type": "github"
},
"original": {
@ -130,11 +130,11 @@
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1652704544,
"narHash": "sha256-UTKE33tYgCmDszaVyWA33a8mtegM5xfH4fH8w4y6TxA=",
"lastModified": 1657226504,
"narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "f8d6d1f87b6177e3bc674c29f247bdbf897ba274",
"rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
"type": "github"
},
"original": {
@ -165,27 +165,27 @@
]
},
"locked": {
"lastModified": 1649887911,
"narHash": "sha256-Af0Ppb1RZ7HWuxUvF0/O7h3cy8tqU2eKFyVwyA1ZD+w=",
"lastModified": 1656169755,
"narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7244c6715cb8f741f3b3e1220a9279e97b2ed8f5",
"rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-21.11",
"ref": "release-22.05",
"repo": "home-manager",
"type": "github"
}
},
"latest": {
"locked": {
"lastModified": 1650701402,
"narHash": "sha256-XKfstdtqDg+O+gNBx1yGVKWIhLgfEDg/e2lvJSsp9vU=",
"lastModified": 1657265485,
"narHash": "sha256-PUQ9C7mfi0/BnaAUX2R/PIkoNCb/Jtx9EpnhMBNrO/o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bc41b01dd7a9fdffd32d9b03806798797532a5fe",
"rev": "b39924fc7764c08ae3b51beef9a3518c414cdb7d",
"type": "github"
},
"original": {
@ -197,11 +197,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1650761098,
"narHash": "sha256-pllwIuJiY3HDOg5JfO19NnnoHQZ8ZZtrAJMQ9/BX3Y0=",
"lastModified": 1656809537,
"narHash": "sha256-pwXBYG3ThN4ccJjvcdNdonQ8Wyv0y/iYdnuesiFUY1U=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "50b30201342fd191180fa95948ee4ba4c1e67183",
"rev": "40e271f69106323734b55e2ba74f13bebde324c0",
"type": "github"
},
"original": {
@ -212,27 +212,27 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1650728030,
"narHash": "sha256-VfCYsC/0mZQlQqsXf5o5Cib1ncJQ5l7WHN7hEIMmZNw=",
"lastModified": 1657296039,
"narHash": "sha256-Ghh39+aS+pw5sTP/ZO8VIKE6sBhMadDaQZtf+3yu4Vc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5fb3a179605141bfa4c9c423f9b1c33658b059c8",
"rev": "71d7a4c037dc4f3e98d5c4a81b941933cf5bf675",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-21.11",
"ref": "nixos-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1650726686,
"narHash": "sha256-hE5PCqQlsdgWH3AUTwesvjZWs5ZUZ8SjMS5cnFB6W54=",
"lastModified": 1657292830,
"narHash": "sha256-ldfVSTveWceDCmW6gf3B4kR6vwmz/XS80y5wsLLHFJU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3c0f57e36ed0cf9947281e3b31f1bebb7ce5d4a1",
"rev": "334ec8b503c3981e37a04b817a70e8d026ea9e84",
"type": "github"
},
"original": {

4
flake.nix
View File

@ -8,7 +8,7 @@
inputs =
{
# Track channels with commits tested and built by hydra
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
latest.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nixlib.url = "github:nix-community/nixpkgs.lib";
@ -19,7 +19,7 @@
deploy.url = "github:serokell/deploy-rs";
deploy.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager/release-21.11";
home-manager.url = "github:nix-community/home-manager/release-22.05";
home-manager.inputs.nixpkgs.follows = "nixlib";
darwin.url = "github:LnL7/nix-darwin";