git.delta.rocks / jrsonnet / refs/commits / 20a41a30344f

difftreelog

source

flake.nix7.5 KiBsourcehistory
1{2  description = "NixOS cluster configuration management";34  inputs = {5    nixpkgs.url = "github:nixos/nixpkgs/release-25.11";6    rust-overlay = {7      url = "github:oxalica/rust-overlay";8      inputs.nixpkgs.follows = "nixpkgs";9    };10    flake-parts = {11      url = "github:hercules-ci/flake-parts";12      inputs.nixpkgs-lib.follows = "nixpkgs";13    };14    crane.url = "github:ipetkov/crane";15    shelly.url = "github:CertainLach/shelly";16    fleet-tf = {17      url = "github:CertainLach/fleet-tf";18      inputs.nixpkgs.follows = "nixpkgs";19      inputs.shelly.follows = "shelly";20      inputs.flake-parts.follows = "flake-parts";21    };22    treefmt-nix = {23      url = "github:numtide/treefmt-nix";24      inputs.nixpkgs.follows = "nixpkgs";25    };26    # DeterminateSystem's nix fork is controversial, but I don't mind it,27    # and it has lazy-trees support which is useful for fleet.28    nix = {29      url = "github:deltarocks/nix/fleet";30      inputs.nixpkgs.follows = "nixpkgs";31      inputs.flake-parts.follows = "flake-parts";32    };33  };34  outputs =35    inputs:36    inputs.flake-parts.lib.mkFlake37      {38        inherit inputs;39      }40      {41        imports = [ inputs.shelly.flakeModule ];42        flake = rec {43          lib =44            (import ./lib {45              inherit (inputs.nixpkgs) lib;46            })47            // {48              fleetConfiguration = throw "function-based interface is deprecated, use flake-parts syntax instead";49            };50          flakeModules.default = import ./lib/flakePart.nix {51            inherit (inputs) crane;52          };53          flakeModule = flakeModules.default;5455          flakeModules.fleet-tf = ./modules/extras/tf.nix;5657          # Used to test nix-eval bindings58          testData = {59            testObj = {60              v = "Hello";61            };62            testString = "hello";63            testPrimop = op: "PREFIX_" + (op "body" "_SUFFIX");64          };6566          # To be used with https://github.com/NixOS/nix/pull/889267          schemas =68            let69              inherit (inputs.nixpkgs.lib) mapAttrs;70            in71            {72              fleetConfigurations = {73                version = 1;74                doc = ''75                  The `fleetConfigurations` flake output defines fleet cluster configurations.76                '';77                inventory = output: {78                  children = mapAttrs (configName: cluster: {79                    what = "fleet cluster configuration";8081                    children = mapAttrs (hostName: host: {82                      what = "host [${host.system}]";83                    }) cluster.config.hosts;84                    # It is possible to implement this inventory right now, but I want to85                    # get rid of `fleet.nix` file in the future.86                    # children.secrets = { };87                  }) output;88                };89              };90            };91        };92        # Supported and tested list of deployment targets.93        systems = [94          "x86_64-linux"95          "aarch64-linux"96          "armv7l-linux"97          "armv6l-linux"98        ];99        perSystem =100          {101            config,102            system,103            pkgs,104            self,105            inputs',106            ...107          }:108          let109            inherit (lib.attrsets) mapAttrs';110            inherit (lib.lists) elem;111            # Can also be built for darwin, through it is not usual to deploy nixos systems from macos machines.112            # I have no hardware for such testing, thus only adding machines I actually have and use.113            #114            # It is not possible to deploy any host from armv6/armv7 hardware, and I don't think it even makes sense.115            deployerSystems = [116              "aarch64-linux"117              "x86_64-linux"118            ];119            deployerSystem = elem system deployerSystems;120            lib = pkgs.lib;121            rust = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;122            craneLib = (inputs.crane.mkLib pkgs).overrideToolchain rust;123            treefmt = (inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build;124          in125          {126            _module.args.pkgs = import inputs.nixpkgs {127              inherit system;128              overlays = [129                (inputs.rust-overlay.overlays.default)130                (final: prev: {131                  boehmgc = prev.boehmgc.overrideAttrs (prevAttrs: {132                    configureFlags = prevAttrs.configureFlags ++ [133                      "--enable-gc-assertions"134                    ];135                  });136                  # Libsecret is stupidly huge137                  # https://github.com/oxalica/rust-overlay/issues/211138                  libsecret = final.stdenv.mkDerivation {139                    name = "fake-libsecret";140                    version = "1.0.0";141                    unpackPhase = "true";142                    buildPhase = "true";143                    installPhase = ''144                      mkdir -p $out/lib/145                      echo "" | gcc -shared -o $out/lib/libsecret-1.so.0 -x c -146                    '';147                  };148                })149              ];150            };151            # Reference fleet package should be built with nightly rust, specified in rust-toolchain.toml.152            packages = lib.mkIf deployerSystem (153              let154                packages = pkgs.callPackages ./pkgs {155                  inherit craneLib inputs';156                };157              in158              packages // { default = packages.fleet; }159            );160            # fleet-install-secrets will not be built normally, because they are not ran directly by user most of the time.161            # checks there build packages for default nixpkgs rustPlatform packages.162            checks =163              let164                nixpkgsCraneLib = inputs.crane.mkLib pkgs;165                packages = pkgs.callPackages ./pkgs {166                  craneLib = nixpkgsCraneLib;167                  inherit inputs;168                };169                prefixAttrs =170                  prefix: attrs:171                  mapAttrs' (name: value: {172                    name = "${prefix}${name}";173                    value = value.overrideAttrs (prev: {174                      pname = "${prefix}${prev.pname}";175                    });176                  }) attrs;177              in178              # fleet-install-secrets is installed to remote systems, thus needs to work179              # with rust in nixpkgs.180              (prefixAttrs "nixpkgs-" {181                inherit (packages) fleet-install-secrets;182              })183              // {184                formatting = treefmt.check self;185              };186            # TODO: It should be possible to move lib.mkIf to default attribute, instead of disabling the whole187            # devShells block, yet nix flake check fails here, due to no default shell found. It is nix or flake-parts bug?188            shelly.shells.default = lib.mkIf deployerSystem {189              factory = craneLib.devShell;190              packages = with pkgs; [191                rust192193                pkg-config194                openssl195                rustPlatform.bindgenHook196                inputs'.nix.packages.nix-expr-c197                inputs'.nix.packages.nix-flake-c198                inputs'.nix.packages.nix-fetchers-c199                inputs'.nix.packages.nix-store-c200                inputs'.nix.packages.nix201202                (rage.overrideAttrs { cargoFeatures = [ "plugin" ]; })203              ];204              environment.PROTOC = "${pkgs.protobuf}/bin/protoc";205            };206            formatter = treefmt.wrapper;207          };208      };209}