Provide all 3 deployment tools as flake packages

This is to tie the version of the deployment tools to the flake lock,
to improve reproducibility.

For example, instead of running `nix run home-manager/release-23.05`,
one may run `nix run .#home-manager`, to use exactly the home-manager
binary the dotfile repo was tested against.

Something similar happens for `nixos-rebuild`: on a fresh NixOS install,
`nixos-rebuild` is installed on the system from whatever nixpkgs version
was used to provision the system. By running `nix run .#nixos-rebuild`,
one uses the version from this flake's nixpkgs.
pull/1/head
Tudor Roman 2023-06-04 14:40:19 +02:00
parent 7ac3567628
commit 80fb039aa5
3 changed files with 14 additions and 9 deletions

View File

@ -19,7 +19,7 @@ Then:
Desktop:
1. Clone this repo somewhere on the machine.
2. `nixos-rebuild boot --flake .#<hostname> --use-remote-sudo`
2. `nix run .#nixos-rebuild -- boot --flake .#<hostname> --use-remote-sudo`
Remote server:
1. `nix run .#deploy-rs -- .#<hostname>`
@ -29,7 +29,7 @@ Remote server:
1. Provision a machine with a "normal" Linux distro (my personal choice is Fedora)
2. Install Nix (my installer of choice is [nix-installer][nix-installer]).
3. Clone this repo somewhere on the machine
4. `nix run home-manager/release-<nixos_release> -- switch --flake .#tudor`
4. `nix run .#home-manager -- switch --flake .#tudor`
## Considerations for encrypting secrets

View File

@ -41,6 +41,7 @@
stateVersion = "22.05";
username = "tudor";
};
mkDeployPkgs = system: let
pkgs = import nixpkgs { inherit system; };
in import nixpkgs {
@ -52,6 +53,7 @@
})
];
};
mkPkgs = system: import nixpkgs {
inherit system;
config.allowUnfree = true;
@ -92,10 +94,12 @@
}
./hosts/${name}
];
mkNixOSSystem = name: system: nixpkgs.lib.nixosSystem {
inherit system;
modules = mkNixOSModules name system;
};
mkNonNixOSEnvironment = name: user: system: inputs.home-manager.lib.homeManagerConfiguration rec {
pkgs = mkPkgs system;
extraSpecialArgs = {inherit inputs vars; configName = "normal-linux"; };
@ -112,9 +116,6 @@
sessionVariables = {
GIT_SSH = "/usr/bin/ssh";
};
packages = [
pkgs.home-manager
];
};
programs.bash.profileExtra = ''
@ -124,6 +125,9 @@
(./users + "/${name}" + /home.nix)
];
};
x64Pkgs = mkPkgs "x86_64-linux";
x64DeployPkgs = mkDeployPkgs "x86_64-linux";
in
{
nixosConfigurations."ceres" = mkNixOSSystem "ceres" "x86_64-linux";
@ -132,14 +136,16 @@
homeConfigurations."tudor" = mkNonNixOSEnvironment "tudor" "tudor" "x86_64-linux";
packages.x86_64-linux."tudor" = self.homeConfigurations."tudor".activationPackage;
packages.x86_64-linux.default = (mkPkgs "x86_64-linux").nix;
packages.x86_64-linux.default = x64Pkgs.nix;
apps.x86_64-linux.deploy-rs = deploy-rs.apps.x86_64-linux.deploy-rs;
packages.x86_64-linux.home-manager = x64Pkgs.home-manager;
packages.x86_64-linux.nixos-rebuild = x64Pkgs.nixos-rebuild;
deploy.nodes."ceres" = let deployPkgs = mkDeployPkgs "x86_64-linux"; in {
deploy.nodes."ceres" = {
hostname = "ceres.lamb-monitor.ts.net";
profiles.system = {
sshUser = "root";
path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations."ceres";
path = x64DeployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations."ceres";
};
};

View File

@ -3,7 +3,6 @@
with lib;
let
cfg = config.systemModules.basePackages;
home-manager-package = (import inputs.home-manager { inherit pkgs; }).home-manager;
in
{
options.systemModules.basePackages = {