1{2 description = "NixOS cluster configuration management";34 inputs = {5 nixpkgs.url = "github:nixos/nixpkgs/release-25.11";6 rust-overlay = {7 url = "github:oxalica/rust-overlay";8 inputs.nixpkgs.follows = "nixpkgs";9 };10 flake-parts = {11 url = "github:hercules-ci/flake-parts";12 inputs.nixpkgs-lib.follows = "nixpkgs";13 };14 crane.url = "github:ipetkov/crane";15 shelly.url = "github:CertainLach/shelly";16 fleet-tf = {17 url = "github:CertainLach/fleet-tf";18 inputs.nixpkgs.follows = "nixpkgs";19 inputs.shelly.follows = "shelly";20 inputs.flake-parts.follows = "flake-parts";21 };22 treefmt-nix = {23 url = "github:numtide/treefmt-nix";24 inputs.nixpkgs.follows = "nixpkgs";25 };26 # DeterminateSystem's nix fork is controversial, but I don't mind it,27 # and it has lazy-trees support which is useful for fleet.28 nix = {29 url = "github:deltarocks/nix/fleet";30 inputs.nixpkgs.follows = "nixpkgs";31 inputs.flake-parts.follows = "flake-parts";32 };33 };34 outputs =35 inputs:36 inputs.flake-parts.lib.mkFlake37 {38 inherit inputs;39 }40 {41 imports = [ inputs.shelly.flakeModule ];42 flake = rec {43 lib =44 (import ./lib {45 inherit (inputs.nixpkgs) lib;46 })47 // {48 fleetConfiguration = throw "function-based interface is deprecated, use flake-parts syntax instead";49 };50 flakeModules.default = import ./lib/flakePart.nix {51 inherit (inputs) crane;52 };53 flakeModule = flakeModules.default;5455 flakeModules.fleet-tf = ./modules/extras/tf.nix;5657 # Used to test nix-eval bindings58 testData = {59 testObj = {60 v = "Hello";61 };62 testString = "hello";63 testPrimop = op: "PREFIX_" + (op "body" "_SUFFIX");64 };6566 # To be used with https://github.com/NixOS/nix/pull/889267 # schemas =68 # let69 # inherit (inputs.nixpkgs.lib) mapAttrs;70 # in71 # {72 # fleetConfigurations = {73 # version = 1;74 # doc = ''75 # The `fleetConfigurations` flake output defines fleet cluster configurations.76 # '';77 # inventory = output: {78 # children = mapAttrs (configName: cluster: {79 # what = "fleet cluster configuration";80 #81 # children = mapAttrs (hostName: host: {82 # what = "host [${host.system}]";83 # }) cluster.config.hosts;84 # # It is possible to implement this inventory right now, but I want to85 # # get rid of `fleet.nix` file in the future.86 # # children.secrets = { };87 # }) output;88 # };89 # };90 # };91 };92 # Supported and tested list of deployment targets.93 systems = [94 "x86_64-linux"95 "aarch64-linux"96 "armv7l-linux"97 "armv6l-linux"98 ];99 perSystem =100 {101 config,102 system,103 pkgs,104 self,105 inputs',106 ...107 }:108 let109 inherit (lib.attrsets) mapAttrs';110 inherit (lib.lists) elem;111 # Can also be built for darwin, through it is not usual to deploy nixos systems from macos machines.112 # I have no hardware for such testing, thus only adding machines I actually have and use.113 #114 # It is not possible to deploy any host from armv6/armv7 hardware, and I don't think it even makes sense.115 deployerSystems = [116 "aarch64-linux"117 "x86_64-linux"118 ];119 deployerSystem = elem system deployerSystems;120 lib = pkgs.lib;121 rust = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;122 craneLib = (inputs.crane.mkLib pkgs).overrideToolchain rust;123 treefmt = (inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build;124 in125 {126 _module.args.pkgs = import inputs.nixpkgs {127 inherit system;128 overlays = [129 (inputs.rust-overlay.overlays.default)130 (final: prev: {131 # Libsecret is stupidly huge132 # https://github.com/oxalica/rust-overlay/issues/211133 libsecret = final.stdenv.mkDerivation {134 name = "fake-libsecret";135 version = "1.0.0";136 unpackPhase = "true";137 buildPhase = "true";138 installPhase = ''139 mkdir -p $out/lib/140 echo "" | gcc -shared -o $out/lib/libsecret-1.so.0 -x c -141 '';142 };143 })144 ];145 };146 # Reference fleet package should be built with nightly rust, specified in rust-toolchain.toml.147 packages = lib.mkIf deployerSystem (148 let149 packages = pkgs.callPackages ./pkgs {150 inherit craneLib inputs';151 };152 in153 packages // { default = packages.fleet; }154 );155 # fleet-install-secrets will not be built normally, because they are not ran directly by user most of the time.156 # checks there build packages for default nixpkgs rustPlatform packages.157 checks =158 let159 nixpkgsCraneLib = inputs.crane.mkLib pkgs;160 packages = pkgs.callPackages ./pkgs {161 craneLib = nixpkgsCraneLib;162 inherit inputs;163 };164 prefixAttrs =165 prefix: attrs:166 mapAttrs' (name: value: {167 name = "${prefix}${name}";168 value = value.overrideAttrs (prev: {169 pname = "${prefix}${prev.pname}";170 });171 }) attrs;172 in173 # fleet-install-secrets is installed to remote systems, thus needs to work174 # with rust in nixpkgs.175 (prefixAttrs "nixpkgs-" {176 inherit (packages) fleet-install-secrets;177 })178 // {179 formatting = treefmt.check self;180 };181 # TODO: It should be possible to move lib.mkIf to default attribute, instead of disabling the whole182 # devShells block, yet nix flake check fails here, due to no default shell found. It is nix or flake-parts bug?183 shelly.shells.default = lib.mkIf deployerSystem {184 factory = craneLib.devShell;185 packages = with pkgs; [186 rust187188 pkg-config189 openssl190 rustPlatform.bindgenHook191 inputs'.nix.packages.nix-expr-c192 inputs'.nix.packages.nix-flake-c193 inputs'.nix.packages.nix-fetchers-c194 inputs'.nix.packages.nix-store-c195 inputs'.nix.packages.nix196197 (rage.overrideAttrs { cargoFeatures = [ "plugin" ]; })198 ];199 environment.PROTOC = "${pkgs.protobuf}/bin/protoc";200 };201 formatter = treefmt.wrapper;202 };203 };204}difftreelog
source
flake.nix7.3 KiBsourcehistory