From f4062956807a0a9703de166ac4a160a7aca1133c Mon Sep 17 00:00:00 2001 From: Roman Melnikov Date: Thu, 11 May 2023 11:58:02 +0800 Subject: [PATCH 1/2] [#210] Add activation script for darwin system and provide a usage example Problem: It's possible to use 'deploy-rs' for deploying 'darwinSystem' configuration from 'nix-darwin' to a darwin system. However, there is no dedicated activatiot script for darwin and thus one has to come up with 'custom' activation script. Solution: 1) Add 'darwin' attribute to 'lib.activate' that provides a script that should be used to activate 'darwinSystem' config with 'deploy-rs'. 2) Add a new 'examples/darwin' example that provides simple flake for deploying configuration to a darwin target. --- examples/darwin/README.md | 19 ++++++ examples/darwin/flake.lock | 126 +++++++++++++++++++++++++++++++++++++ examples/darwin/flake.nix | 39 ++++++++++++ flake.nix | 7 +++ 4 files changed, 191 insertions(+) create mode 100644 examples/darwin/README.md create mode 100644 examples/darwin/flake.lock create mode 100644 examples/darwin/flake.nix diff --git a/examples/darwin/README.md b/examples/darwin/README.md new file mode 100644 index 00000000..b377ce88 --- /dev/null +++ b/examples/darwin/README.md @@ -0,0 +1,19 @@ + + +# Example nix-darwin system deployment + +## Prerequisites + +1) Install `nix` and `nix-darwin` (the latter creates `/run` sets up `/etc/nix/nix.conf` symlink and so on) + on the target machine. +2) Enable remote login on the mac to allow ssh access. +3) `deploy-rs` doesn't support password provisioning for `sudo`, so the `sshUser` should + have passwordless `sudo` access. + +## Deploying + +Run `nix run github:serokell/deploy-rs -- --ssh-user `. \ No newline at end of file diff --git a/examples/darwin/flake.lock b/examples/darwin/flake.lock new file mode 100644 index 00000000..5f3b2d65 --- /dev/null +++ b/examples/darwin/flake.lock @@ -0,0 +1,126 @@ +{ + "nodes": { + "darwin": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1683754942, + "narHash": "sha256-L+Bj8EL4XLmODRIuOkk9sI6FDECVzK+C8jeZFv7q6eY=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "252541bd05a7f55f3704a3d014ad1badc1e3360d", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_2", + "utils": "utils" + }, + "locked": { + "lastModified": 1683515103, + "narHash": "sha256-vWlnZ0twW+ekOC6JuAHDfupv+u4QNvWawG7+DaQJ4VA=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "64160276cd6569694131ed8864d4d35470a84ec3", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1668650906, + "narHash": "sha256-JuiYfDO23O8oxUUOmhQflmOoJovyC5G4RjcYQMQjrRE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3a86856a13c88c8c64ea32082a851fefc79aa700", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1671417167, + "narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1683717387, + "narHash": "sha256-b4GSeKtDH+7wzw9VptHqIWOyIq28j7++rvRqhCEWFQ8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1e8ab5db89c84b1bb29d8d10ea60766bb5cee1f2", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "darwin": "darwin", + "deploy-rs": "deploy-rs", + "nixpkgs": "nixpkgs_3" + } + }, + "utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/examples/darwin/flake.nix b/examples/darwin/flake.nix new file mode 100644 index 00000000..d5d7ae8c --- /dev/null +++ b/examples/darwin/flake.nix @@ -0,0 +1,39 @@ +{ + description = "Deploy simple 'darwinSystem' to a darwin machine"; + + inputs.deploy-rs.url = "github:serokell/deploy-rs"; + inputs.darwin.url = "github:LnL7/nix-darwin"; + + outputs = { self, nixpkgs, deploy-rs, darwin }: { + darwinConfigurations.example = darwin.lib.darwinSystem { + system = "x86_64-darwin"; + modules = [ + ({lib, config, pkgs, ...}: { + services.nix-daemon.enable = true; + nix = { + settings = { + trusted-users = [ "rvem" ]; + }; + extraOptions = '' + experimental-features = flakes nix-command + ''; + }; + # nix commands are added to PATH in the zsh config + programs.zsh.enable = true; + }) + ]; + }; + deploy = { + # remoteBuild = true; # Uncomment in case the system you're deploying from is not darwin + nodes.example = { + hostname = "localhost"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-darwin.activate.darwin self.darwinConfigurations.example; + }; + }; + }; + + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + }; +} diff --git a/flake.nix b/flake.nix index 9b8e6eb4..0616cf83 100644 --- a/flake.nix +++ b/flake.nix @@ -106,6 +106,13 @@ home-manager = base: custom base.activationPackage "$PROFILE/activate"; + # Activation script for 'darwinSystem' from nix-darwin. + # 'HOME=/var/root' is needed because 'sudo' on darwin doesn't change 'HOME' directory, + # while 'darwin-rebuild' (which is invoked under the hood) performs some nix-channel + # checks that rely on 'HOME'. As a result, if 'sshUser' is different from root, + # deployment may fail without explicit 'HOME' redefinition. + darwin = base: custom base.config.system.build.toplevel "HOME=/var/root $PROFILE/activate"; + noop = base: custom base ":"; }; From 8ef5b948e308d809cb7882036007e0ef9743acc8 Mon Sep 17 00:00:00 2001 From: Roman Melnikov Date: Fri, 12 May 2023 10:59:19 +0800 Subject: [PATCH 2/2] fixup! [#210] Add activation script for darwin system and provide a usage example --- examples/darwin/flake.lock | 126 ------------------------------------- 1 file changed, 126 deletions(-) delete mode 100644 examples/darwin/flake.lock diff --git a/examples/darwin/flake.lock b/examples/darwin/flake.lock deleted file mode 100644 index 5f3b2d65..00000000 --- a/examples/darwin/flake.lock +++ /dev/null @@ -1,126 +0,0 @@ -{ - "nodes": { - "darwin": { - "inputs": { - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1683754942, - "narHash": "sha256-L+Bj8EL4XLmODRIuOkk9sI6FDECVzK+C8jeZFv7q6eY=", - "owner": "LnL7", - "repo": "nix-darwin", - "rev": "252541bd05a7f55f3704a3d014ad1badc1e3360d", - "type": "github" - }, - "original": { - "owner": "LnL7", - "repo": "nix-darwin", - "type": "github" - } - }, - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_2", - "utils": "utils" - }, - "locked": { - "lastModified": 1683515103, - "narHash": "sha256-vWlnZ0twW+ekOC6JuAHDfupv+u4QNvWawG7+DaQJ4VA=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "64160276cd6569694131ed8864d4d35470a84ec3", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1668650906, - "narHash": "sha256-JuiYfDO23O8oxUUOmhQflmOoJovyC5G4RjcYQMQjrRE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3a86856a13c88c8c64ea32082a851fefc79aa700", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1671417167, - "narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1683717387, - "narHash": "sha256-b4GSeKtDH+7wzw9VptHqIWOyIq28j7++rvRqhCEWFQ8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1e8ab5db89c84b1bb29d8d10ea60766bb5cee1f2", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "root": { - "inputs": { - "darwin": "darwin", - "deploy-rs": "deploy-rs", - "nixpkgs": "nixpkgs_3" - } - }, - "utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -}