git.delta.rocks / jrsonnet / refs/commits / 89d8c5f2ad38

difftreelog

doc: flake example

Yaroslav Bolyukin2024-03-02parent: #989a90d.patch.diff
in: trunk

1 file changed

modifiedREADME.adocdiffbeforeafterboth
12- Secrets can be securely stored in Git (No one except target hosts can decrypt them), automatically regenerated, reencrypted, etc.12- Secrets can be securely stored in Git (No one except target hosts can decrypt them), automatically regenerated, reencrypted, etc.
13- Automatic rollback on deployment failure, which will work, as long as system is passing initrd stage (So still be carefull with root filesystem mount)13- Automatic rollback on deployment failure, which will work, as long as system is passing initrd stage (So still be carefull with root filesystem mount)
1414
15== Flake example
16
17{
18  description = "My cluster configuration";
19  inputs = {
20    nixpkgs.url = "github:nixos/nixpkgs";
21    fleet = {
22      url = "github:CertainLach/fleet";
23      inputs.nixpkgs.follows = "nixpkgs";
24    };
25    lanzaboote = {
26      url = "github:nix-community/lanzaboote/v0.3.0";
27      inputs.nixpkgs.follows = "nixpkgs";
28    };
29  };
30  outputs = {
31    nixpkgs,
32    fleet,
33    lanzaboote,
34    ...
35  }: {
36    # TODO: This section of documentation needs to use flake-utils.
37    formatter.x86_64-linux = let
38      pkgs = import nixpkgs {system = "x86_64-linux";};
39    in
40      pkgs.alejandra;
41
42    devShell.x86_64-linux = let
43      pkgs = import nixpkgs {
44        system = "x86_64-linux";
45      };
46    in
47      pkgs.mkShell {
48        buildInputs = with pkgs; [
49          fleet.packages.x86_64-linux.fleet
50        ];
51      };
52
53    # Single flake may contain multiple fleet configurations, default one is called... `default`
54    fleetConfigurations.default = fleet.lib.fleetConfiguration {
55      # nixpkgs used to build the systems
56      inherit nixpkgs;
57      # fleet wants to pass some data, like secrets, to do that - fleet writes all the encrypted secrets to fleet.nix
58      # treat the contents of this file as implementation detail
59      data = import ./fleet.nix;
60      
61      # globalModules section of fleet config declares modules, which are used for all configured nixos hosts.
62      globalModules = [
63        lanzaboote.nixosModules.lanzaboote
64        ({
65          config,
66          lib,
67          ...
68        }: {
69          # Make `nix shell nixpkgs#thing` use the same nixpkgs, as used to build the system.
70          nix.registry.nixpkgs = {
71            from = { id = "nixpkgs"; type = "indirect"; };
72            flake = nixpkgs;
73            exact = false;
74          };
75        })
76      ];
77
78      # Those modules are used to configure all the machines in cluster at the same time, good example of global modules
79      # Is I.e wiring up the mesh VPN, or deploying kubernetes, or other things.
80      #
81      # Modules use the same semantics as standard nixos module system, they are just configuring all the hosts at once.
82      modules = [
83        ./wireguard
84        # Multi-instancible modules example
85        (import ./kubernetes {hosts = ["a" "b"];})
86        (import ./kubernetes {hosts = ["c" "d"];})
87      ];
88
89      # Hosts attribute (may also be defined/extended using modules attribute) configures hosts...
90      hosts.controlplane-1 = {
91        # Every host has some system, for which the system configuration needs to be built
92        system = "x86_64-linux";
93        # And nixos modules
94        modules = [
95          ./controlplane-1/hardware-configuration.nix
96          ./controlplane-1/configuration.nix
97          # Configuration may also be specified inline, as in any nixos config.
98          ({...}: {
99            services.ray = {
100              gpus = 4;
101              cpus = 128;
102            };
103          })
104        ];
105      };
106    };
107  };
108}
109
15== Secret generator example110== Secret generator example
16111