-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathflake.nix
More file actions
204 lines (198 loc) · 7.35 KB
/
flake.nix
File metadata and controls
204 lines (198 loc) · 7.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
{
description = "NixOS cluster configuration management";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/release-25.11";
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
crane.url = "github:ipetkov/crane";
shelly.url = "github:CertainLach/shelly";
fleet-tf = {
url = "github:CertainLach/fleet-tf";
inputs.nixpkgs.follows = "nixpkgs";
inputs.shelly.follows = "shelly";
inputs.flake-parts.follows = "flake-parts";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# DeterminateSystem's nix fork is controversial, but I don't mind it,
# and it has lazy-trees support which is useful for fleet.
nix = {
url = "github:deltarocks/nix/fleet";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
};
};
outputs =
inputs:
inputs.flake-parts.lib.mkFlake
{
inherit inputs;
}
{
imports = [ inputs.shelly.flakeModule ];
flake = rec {
lib =
(import ./lib {
inherit (inputs.nixpkgs) lib;
})
// {
fleetConfiguration = throw "function-based interface is deprecated, use flake-parts syntax instead";
};
flakeModules.default = import ./lib/flakePart.nix {
inherit (inputs) crane;
};
flakeModule = flakeModules.default;
flakeModules.fleet-tf = ./modules/extras/tf.nix;
# Used to test nix-eval bindings
testData = {
testObj = {
v = "Hello";
};
testString = "hello";
testPrimop = op: "PREFIX_" + (op "body" "_SUFFIX");
};
# To be used with https://github.com/NixOS/nix/pull/8892
# schemas =
# let
# inherit (inputs.nixpkgs.lib) mapAttrs;
# in
# {
# fleetConfigurations = {
# version = 1;
# doc = ''
# The `fleetConfigurations` flake output defines fleet cluster configurations.
# '';
# inventory = output: {
# children = mapAttrs (configName: cluster: {
# what = "fleet cluster configuration";
#
# children = mapAttrs (hostName: host: {
# what = "host [${host.system}]";
# }) cluster.config.hosts;
# # It is possible to implement this inventory right now, but I want to
# # get rid of `fleet.nix` file in the future.
# # children.secrets = { };
# }) output;
# };
# };
# };
};
# Supported and tested list of deployment targets.
systems = [
"x86_64-linux"
"aarch64-linux"
"armv7l-linux"
"armv6l-linux"
];
perSystem =
{
config,
system,
pkgs,
self,
inputs',
...
}:
let
inherit (lib.attrsets) mapAttrs';
inherit (lib.lists) elem;
# Can also be built for darwin, through it is not usual to deploy nixos systems from macos machines.
# I have no hardware for such testing, thus only adding machines I actually have and use.
#
# It is not possible to deploy any host from armv6/armv7 hardware, and I don't think it even makes sense.
deployerSystems = [
"aarch64-linux"
"x86_64-linux"
];
deployerSystem = elem system deployerSystems;
lib = pkgs.lib;
rust = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
craneLib = (inputs.crane.mkLib pkgs).overrideToolchain rust;
treefmt = (inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build;
in
{
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
overlays = [
(inputs.rust-overlay.overlays.default)
(final: prev: {
# Libsecret is stupidly huge
# https://github.com/oxalica/rust-overlay/issues/211
libsecret = final.stdenv.mkDerivation {
name = "fake-libsecret";
version = "1.0.0";
unpackPhase = "true";
buildPhase = "true";
installPhase = ''
mkdir -p $out/lib/
echo "" | gcc -shared -o $out/lib/libsecret-1.so.0 -x c -
'';
};
})
];
};
# Reference fleet package should be built with nightly rust, specified in rust-toolchain.toml.
packages = lib.mkIf deployerSystem (
let
packages = pkgs.callPackages ./pkgs {
inherit craneLib inputs';
};
in
packages // { default = packages.fleet; }
);
# fleet-install-secrets will not be built normally, because they are not ran directly by user most of the time.
# checks there build packages for default nixpkgs rustPlatform packages.
checks =
let
nixpkgsCraneLib = inputs.crane.mkLib pkgs;
packages = pkgs.callPackages ./pkgs {
craneLib = nixpkgsCraneLib;
inherit inputs;
};
prefixAttrs =
prefix: attrs:
mapAttrs' (name: value: {
name = "${prefix}${name}";
value = value.overrideAttrs (prev: {
pname = "${prefix}${prev.pname}";
});
}) attrs;
in
# fleet-install-secrets is installed to remote systems, thus needs to work
# with rust in nixpkgs.
(prefixAttrs "nixpkgs-" {
inherit (packages) fleet-install-secrets;
})
// {
formatting = treefmt.check self;
};
# TODO: It should be possible to move lib.mkIf to default attribute, instead of disabling the whole
# devShells block, yet nix flake check fails here, due to no default shell found. It is nix or flake-parts bug?
shelly.shells.default = lib.mkIf deployerSystem {
factory = craneLib.devShell;
packages = with pkgs; [
rust
pkg-config
openssl
rustPlatform.bindgenHook
inputs'.nix.packages.nix-expr-c
inputs'.nix.packages.nix-flake-c
inputs'.nix.packages.nix-fetchers-c
inputs'.nix.packages.nix-store-c
inputs'.nix.packages.nix
(rage.overrideAttrs { cargoFeatures = [ "plugin" ]; })
];
environment.PROTOC = "${pkgs.protobuf}/bin/protoc";
};
formatter = treefmt.wrapper;
};
};
}