difftreelog
feat lenient nixosModules type
in: trunk
8 files changed
README.adocdiffbeforeafterboth--- a/README.adoc
+++ b/README.adoc
@@ -63,18 +63,14 @@
# nixosModules section of fleet config declares modules, which are used for all configured nixos hosts.
nixosModules = [
lanzaboote.nixosModules.lanzaboote
- ({
- config,
- lib,
- ...
- }: {
+ {
# Make `nix shell nixpkgs#thing` use the same nixpkgs, as used to build the system.
nix.registry.nixpkgs = {
from = { id = "nixpkgs"; type = "indirect"; };
flake = nixpkgs;
exact = false;
};
- })
+ }
];
# Those modules are used to configure all the machines in cluster at the same time, good example of global modules
@@ -97,12 +93,12 @@
./controlplane-1/hardware-configuration.nix
./controlplane-1/configuration.nix
# Configuration may also be specified inline, as in any nixos config.
- ({...}: {
+ {
services.ray = {
gpus = 4;
cpus = 128;
};
- })
+ }
];
};
};
flake.nixdiffbeforeafterboth1{2 description = "NixOS configuration management";34 inputs = {5 nixpkgs.url = "github:nixos/nixpkgs/master";6 nixpkgs-stable-for-tests.url = "github:nixos/nixpkgs/nixos-24.05";7 rust-overlay = {8 url = "github:oxalica/rust-overlay";9 inputs = {10 nixpkgs.follows = "nixpkgs";11 };12 };13 flake-parts.url = "github:hercules-ci/flake-parts";14 crane = {15 url = "github:ipetkov/crane";16 inputs.nixpkgs.follows = "nixpkgs";17 };18 };19 outputs = {20 self,21 rust-overlay,22 flake-parts,23 nixpkgs,24 nixpkgs-stable-for-tests,25 crane,26 }:27 flake-parts.lib.mkFlake {28 # Not passing inputs through inputs for better visibility.29 inputs = {};30 } {31 flake = {32 lib = import ./lib {33 fleetPkgsForPkgs = pkgs:34 import ./pkgs {35 inherit (pkgs) callPackage;36 craneLib = crane.mkLib pkgs;37 };38 };39 # To be used with https://github.com/NixOS/nix/pull/889240 schemas = {41 fleetConfigurations = {42 version = 1;43 doc = ''44 The `fleetConfigurations` flake output defines fleet cluster configurations.45 '';46 inventory = output: {47 children =48 builtins.mapAttrs (configName: cluster: {49 what = "fleet cluster configuration";5051 children =52 builtins.mapAttrs (hostName: host: {53 what = "host [${host.system}]";54 })55 cluster.config.hosts;56 # It is possible to implement this inventory right now, but I want to57 # get rid of `fleet.nix` file in the future.58 # children.secrets = { };59 })60 output;61 };62 };63 };64 };65 # Supported and tested list of deployment targets.66 systems = ["x86_64-linux" "aarch64-linux" "armv7l-linux" "armv6l-linux"];67 perSystem = {68 config,69 system,70 pkgs,71 ...72 }: let73 # Can also be built for darwin, through it is not usual to deploy nixos systems from macos machines.74 # I have no hardware for such testing, thus only adding machines I actually have and use.75 #76 # It is not possible to deploy any host from armv6/armv7 hardware, and I don't think it even makes sense.77 deployerSystems = ["aarch64-linux" "x86_64-linux"];78 deployerSystem = builtins.elem system deployerSystems;79 lib = pkgs.lib;80 rust = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;81 craneLib = (crane.mkLib pkgs).overrideToolchain rust;82 in {83 _module.args.pkgs = import nixpkgs {84 inherit system;85 overlays = [(rust-overlay.overlays.default)];86 };87 # Reference fleet package should be built with nightly rust, specified in rust-toolchain.toml.88 packages = lib.mkIf deployerSystem (let89 packages = import ./pkgs {90 inherit (pkgs) callPackage;91 inherit craneLib;92 };93 in94 packages // {default = packages.fleet;});95 # TODO: It should be possible to move lib.mkIf to default attribute, instead of disabling the whole96 # devShells block, yet nix flake check fails here, due to no default shell found. It is nix or flake-parts bug?97 devShells = lib.mkIf deployerSystem {98 default = craneLib.devShell {99 packages = with pkgs; [100 rust101 alejandra102 cargo-edit103 cargo-udeps104 cargo-fuzz105 cargo-watch106 cargo-outdated107108 pkg-config109 openssl110 bacon111 ];112 };113 };114 # fleet-install-secrets will not be built normally, because they are not ran directly by user most of the time.115 # checks there build packages for default nixpkgs rustPlatform packages.116 checks = let117 packages = import ./pkgs {118 inherit (pkgs) callPackage;119 craneLib = crane.mkLib (import nixpkgs {inherit system;});120 };121 packages-with-nixpkgs-stable = import ./pkgs {122 inherit (pkgs) callPackage;123 craneLib = crane.mkLib (import nixpkgs-stable-for-tests {inherit system;});124 };125 prefixAttrs = prefix: attrs:126 nixpkgs.lib.attrsets.mapAttrs' (name: value: {127 name = "${prefix}${name}";128 value = value.overrideAttrs (prev: {129 pname = "${prefix}${prev.pname}";130 });131 })132 attrs;133 in134 # `fleet` crate wants nightly rust, also little sense of supporting it on stable nixpkgs.135 (prefixAttrs "nixpkgs-" (removeAttrs packages ["fleet"]))136 // (prefixAttrs "nixpkgs-stable-" (removeAttrs packages-with-nixpkgs-stable ["fleet"]));137 formatter = pkgs.alejandra;138 };139 };140}lib/fleetLib.nixdiffbeforeafterboth--- a/lib/fleetLib.nix
+++ b/lib/fleetLib.nix
@@ -2,8 +2,11 @@
{
nixpkgs,
hostNames,
-}:
-with nixpkgs.lib; rec {
+}: let
+ inherit (nixpkgs) lib;
+ inherit (lib) listToAttrs remove unique crossLists sort elemAt mkOptionType mkOverride optionalString;
+ inherit (lib.types) listOf coercedTo oneOf submodule;
+in rec {
hostsToAttrs = f:
listToAttrs (
map (name: {
@@ -34,6 +37,27 @@
then "${this}-${other}"
else "${other}-${this}";
+ types = rec {
+ anyModule = mkOptionType {
+ name = "submodule";
+ inherit (submodule {}) check;
+ merge = lib.options.mergeOneOption;
+ description = "Nixos module";
+ };
+ listOfAnyModuleStrict =
+ listOf anyModule;
+ listOfAnyModule =
+ coercedTo (oneOf [listOfAnyModuleStrict anyModule]) (
+ v:
+ if builtins.isAttrs v
+ then [v]
+ else if builtins.isFunction v
+ then [v]
+ else v
+ )
+ listOfAnyModuleStrict;
+ };
+
# mkDefault = mkOverride 1000
# For places, where fleet knows better than nixpkgs defaults.
mkFleetDefault = mkOverride 999;
modules/fleet/assertions.nixdiffbeforeafterboth--- a/modules/fleet/assertions.nix
+++ b/modules/fleet/assertions.nix
@@ -1,8 +1,10 @@
-{lib, ...}:
-with lib; {
+{lib, ...}: let
+ inherit (lib) mkOption;
+ inherit (lib.types) listOf unspecified str;
+in {
options = {
assertions = mkOption {
- type = types.listOf types.unspecified;
+ type = listOf unspecified;
internal = true;
default = [];
example = [
@@ -21,7 +23,7 @@
warnings = mkOption {
internal = true;
default = [];
- type = types.listOf types.str;
+ type = listOf str;
example = ["The `foo' service is deprecated and will go away soon!"];
description = ''
This option allows modules to show warnings to users during
modules/fleet/meta.nixdiffbeforeafterboth--- a/modules/fleet/meta.nix
+++ b/modules/fleet/meta.nix
@@ -4,58 +4,53 @@
config,
nixpkgs,
...
-}:
-with lib;
-with fleetLib; let
- hostModule = with types;
- {...} @ hostConfig: let
- hostName = hostConfig.config._module.args.name;
- in {
- options = {
- nixosModules = mkOption {
- type = listOf (mkOptionType {
- name = "submodule";
- inherit (submodule {}) check;
- merge = lib.options.mergeOneOption;
- description = "Nixos module";
- });
- description = "List of nixos modules";
- default = [];
- };
- system = mkOption {
- type = str;
- description = "Type of system";
- };
- encryptionKey = mkOption {
- type = str;
- description = "Encryption key";
- };
- nixosSystem = mkOption {
- type = unspecified;
- description = "Nixos configuration";
- };
- nixpkgs = mkOption {
- type = unspecified;
- description = "Nixpkgs override";
- default = nixpkgs;
- };
+}: let
+ inherit (fleetLib) hostsToAttrs mkFleetGeneratorDefault;
+ inherit (fleetLib.types) listOfAnyModule;
+ inherit (lib) mkOption mkOptionType;
+ inherit (lib.types) str unspecified attrsOf listOf submodule;
+ hostModule = {...} @ hostConfig: let
+ hostName = hostConfig.config._module.args.name;
+ in {
+ options = {
+ nixosModules = mkOption {
+ # Not too strict, but nixos module system will fix everything.
+ type =
+ listOfAnyModule;
+
+ description = "List of nixos modules";
+ default = [];
+ };
+ system = mkOption {
+ type = str;
+ description = "Type of system";
+ };
+ encryptionKey = mkOption {
+ type = str;
+ description = "Encryption key";
+ };
+ nixosSystem = mkOption {
+ type = unspecified;
+ description = "Nixos configuration";
+ };
+ nixpkgs = mkOption {
+ type = unspecified;
+ description = "Nixpkgs override";
+ default = nixpkgs;
};
- config = {
- nixosSystem = hostConfig.config.nixpkgs.lib.nixosSystem {
- inherit (hostConfig.config) system;
- modules = hostConfig.config.nixosModules;
- specialArgs = {
- inherit fleetLib;
- fleet = hostsToAttrs (host: config.hosts.${host}.nixosSystem.config);
- };
+ };
+ config = {
+ nixosSystem = hostConfig.config.nixpkgs.lib.nixosSystem {
+ inherit (hostConfig.config) system;
+ modules = hostConfig.config.nixosModules;
+ specialArgs = {
+ inherit fleetLib;
+ fleet = hostsToAttrs (host: config.hosts.${host}.nixosSystem.config);
};
- nixosModules = [
- ({...}: {
- networking.hostName = mkFleetGeneratorDefault hostName;
- })
- ];
};
+ nixosModules.networking.hostName = mkFleetGeneratorDefault hostName;
};
+ };
overlayType = mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
@@ -63,19 +58,14 @@
merge = lib.mergeOneOption;
};
in {
- options = with types; {
+ options = {
hosts = mkOption {
type = attrsOf (submodule hostModule);
default = {};
description = "Configurations of individual hosts";
};
nixosModules = mkOption {
- type = listOf (mkOptionType {
- name = "submodule";
- inherit (submodule {}) check;
- merge = lib.options.mergeOneOption;
- description = "Nixos modules";
- });
+ type = listOfAnyModule;
description = "Modules, which should be added to every system";
default = [];
};
@@ -89,9 +79,9 @@
nixosModules =
config.nixosModules
++ [
- ({...}: {
+ {
nixpkgs.overlays = config.overlays;
- })
+ }
];
});
nixosModules = import ../../nixos/modules/module-list.nix;
modules/fleet/secrets.nixdiffbeforeafterboth--- a/modules/fleet/secrets.nix
+++ b/modules/fleet/secrets.nix
@@ -3,11 +3,13 @@
fleetLib,
config,
...
-}:
-with lib;
-with fleetLib; let
- sharedSecret = with types; ({config, ...}: {
- freeformType = types.lazyAttrsOf unspecified;
+}: let
+ inherit (fleetLib) hostsToAttrs;
+ inherit (lib) mkOption mapAttrsToList mapAttrs filterAttrs concatStringsSep;
+ inherit (lib.types) lazyAttrsOf unspecified nullOr listOf str bool attrsOf submodule;
+
+ sharedSecret = {config, ...}: {
+ freeformType = lazyAttrsOf unspecified;
options = {
expectedOwners = mkOption {
type = nullOr (listOf str);
@@ -66,9 +68,9 @@
default = [];
};
};
- });
- hostSecret = with types; {
- freeformType = types.lazyAttrsOf unspecified;
+ };
+ hostSecret = {
+ freeformType = lazyAttrsOf unspecified;
options = {
createdAt = mkOption {
type = nullOr str;
@@ -81,7 +83,7 @@
};
};
in {
- options = with types; {
+ options = {
version = mkOption {
type = str;
default = "";
@@ -128,11 +130,7 @@
});
# TODO: Should this attribute be moved to `nixpkgs.overlays`?
overlays = [
- (final: prev: let
- lib = final.lib;
- inherit (lib) strings;
- inherit (strings) concatStringsSep;
- in {
+ (final: prev: {
mkSecretGenerators = {recipients}: rec {
# TODO: Merge both generators to one with consistent options syntax?
# Impure generator is built on local machine, then built closure is copied to remote machine,
nixos/meta.nixdiffbeforeafterboth--- a/nixos/meta.nix
+++ b/nixos/meta.nix
@@ -2,11 +2,13 @@
lib,
pkgs,
...
-}:
-with lib; {
- options = with types; {
+}: let
+ inherit (lib) mkOption;
+ inherit (lib.types) listOf str submodule;
+in {
+ options = {
nixpkgs.resolvedPkgs = mkOption {
- type = types.pkgs // {description = "nixpkgs.pkgs";};
+ type = lib.types.pkgs // {description = "nixpkgs.pkgs";};
description = "Value of pkgs";
};
tags = mkOption {
@@ -30,9 +32,6 @@
};
};
description = "Network definition of host";
- };
- buildTarget = mkOption {
- type = enum ["toplevel" "sd-image" "installation-cd"];
};
};
config = {
nixos/secrets.nixdiffbeforeafterboth--- a/nixos/secrets.nix
+++ b/nixos/secrets.nix
@@ -3,16 +3,17 @@
config,
pkgs,
...
-}:
-with lib; let
+}: let
inherit (lib.strings) hasPrefix removePrefix;
+ inherit (lib) mkOption mkOptionDefault mapAttrs stringAfter;
+ inherit (lib.types) submodule str attrsOf nullOr unspecified lazyAttrsOf;
plaintextPrefix = "<PLAINTEXT>";
plaintextNewlinePrefix = "<PLAINTEXT-NL>";
sysConfig = config;
secretPartType = secretName:
- types.submodule ({config, ...}: {
- options = with types; {
+ submodule ({config, ...}: {
+ options = {
raw = mkOption {
description = "Secret in fleet-specific undocumented format, do not use. Import from fleet.nix";
internal = true;
@@ -49,11 +50,11 @@
stablePath = mkOptionDefault "/run/secrets/${secretName}/${partName}";
};
});
- secretType = types.submodule ({config, ...}: let
+ secretType = submodule ({config, ...}: let
secretName = config._module.args.name;
in {
- freeformType = types.lazyAttrsOf (secretPartType secretName);
- options = with types; {
+ freeformType = lazyAttrsOf (secretPartType secretName);
+ options = {
shared = mkOption {
description = "Is this secret owned by this machine, or propagated from shared secrets";
default = false;
@@ -112,7 +113,7 @@
in {
options = {
secrets = mkOption {
- type = types.attrsOf secretType;
+ type = attrsOf secretType;
default = {};
description = "Host-local secrets";
};