serokell/deploy-rs
1
1
Fork 0
mirror of https://github.com/serokell/deploy-rs.git synced 2024-11-22 13:22:10 +03:00
Code Issues Projects Releases Wiki Activity

[#210] Add activation script for darwin system and provide a usage example

Browse Source 
Problem: It's possible to use 'deploy-rs' for deploying 'darwinSystem'
configuration from 'nix-darwin' to a darwin system. However, there is no
dedicated activatiot script for darwin and thus one has to come up with
'custom' activation script.

Solution:
1) Add 'darwin' attribute to 'lib.activate' that provides a script that
   should be used to activate 'darwinSystem' config with 'deploy-rs'.
2) Add a new 'examples/darwin' example that provides simple flake for
   deploying configuration to a darwin target.
This commit is contained in:
Roman Melnikov 2023-05-11 11:58:02 +08:00
parent 64160276cd
commit f406295680
No known key found for this signature in database
GPG Key ID: 8931E8ED1EE2E537
4 changed files with 191 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
examples/darwin/README.md Normal file
View File

@ -0,0 +1,19 @@
<!--
SPDX-FileCopyrightText: 2023 Serokell <https://serokell.io/>
SPDX-License-Identifier: MPL-2.0
-->
# Example nix-darwin system deployment
## Prerequisites
1) Install `nix` and `nix-darwin` (the latter creates `/run` sets up `/etc/nix/nix.conf` symlink and so on)
on the target machine.
2) Enable remote login on the mac to allow ssh access.
3) `deploy-rs` doesn't support password provisioning for `sudo`, so the `sshUser` should
have passwordless `sudo` access.
## Deploying
Run `nix run github:serokell/deploy-rs -- --ssh-user <user>`.

126
examples/darwin/flake.lock Normal file
View File

@ -0,0 +1,126 @@
{
"nodes": {
"darwin": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1683754942,
"narHash": "sha256-L+Bj8EL4XLmODRIuOkk9sI6FDECVzK+C8jeZFv7q6eY=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "252541bd05a7f55f3704a3d014ad1badc1e3360d",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
},
"locked": {
"lastModified": 1683515103,
"narHash": "sha256-vWlnZ0twW+ekOC6JuAHDfupv+u4QNvWawG7+DaQJ4VA=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "64160276cd6569694131ed8864d4d35470a84ec3",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1668650906,
"narHash": "sha256-JuiYfDO23O8oxUUOmhQflmOoJovyC5G4RjcYQMQjrRE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3a86856a13c88c8c64ea32082a851fefc79aa700",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1671417167,
"narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1683717387,
"narHash": "sha256-b4GSeKtDH+7wzw9VptHqIWOyIq28j7++rvRqhCEWFQ8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1e8ab5db89c84b1bb29d8d10ea60766bb5cee1f2",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"darwin": "darwin",
"deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs_3"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

39
examples/darwin/flake.nix Normal file
View File

@ -0,0 +1,39 @@
{
description = "Deploy simple 'darwinSystem' to a darwin machine";
inputs.deploy-rs.url = "github:serokell/deploy-rs";
inputs.darwin.url = "github:LnL7/nix-darwin";
outputs = { self, nixpkgs, deploy-rs, darwin }: {
darwinConfigurations.example = darwin.lib.darwinSystem {
system = "x86_64-darwin";
modules = [
({lib, config, pkgs, ...}: {
services.nix-daemon.enable = true;
nix = {
settings = {
trusted-users = [ "rvem" ];
};
extraOptions = ''
experimental-features = flakes nix-command
'';
};
# nix commands are added to PATH in the zsh config
programs.zsh.enable = true;
})
];
};
deploy = {
# remoteBuild = true; # Uncomment in case the system you're deploying from is not darwin
nodes.example = {
hostname = "localhost";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-darwin.activate.darwin self.darwinConfigurations.example;
};
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
}

7
flake.nix
View File

@ -106,6 +106,13 @@
home-manager = base: custom base.activationPackage "$PROFILE/activate";
# Activation script for 'darwinSystem' from nix-darwin.
# 'HOME=/var/root' is needed because 'sudo' on darwin doesn't change 'HOME' directory,
# while 'darwin-rebuild' (which is invoked under the hood) performs some nix-channel
# checks that rely on 'HOME'. As a result, if 'sshUser' is different from root,
# deployment may fail without explicit 'HOME' redefinition.
darwin = base: custom base.config.system.build.toplevel "HOME=/var/root $PROFILE/activate";
noop = base: custom base ":";
};