diff --git a/.github/workflows/build.yml b/.github/workflows/ci.yml similarity index 57% rename from .github/workflows/build.yml rename to .github/workflows/ci.yml index 9aa7ec3..98b9361 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: build overlay +name: nix ci on: push: @@ -10,7 +10,7 @@ jobs: outputs: matrix: ${{ steps.eval.outputs.matrix }} - + steps: - uses: actions/checkout@v4 - uses: DeterminateSystems/nix-installer-action@v9 @@ -18,7 +18,7 @@ jobs: - name: evaluate packages id: eval run: echo "matrix=$(nix eval --json .#ghaMatrix)" >> "$GITHUB_OUTPUT" - + build: needs: eval strategy: @@ -38,4 +38,29 @@ jobs: authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: build - run: nix build -L --accept-flake-config .#${{ matrix.pkg }} \ No newline at end of file + run: nix build -L --accept-flake-config .#${{ matrix.pkg }} + + deploy: + needs: build + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@v9 + + - name: connect to tailscale + uses: tailscale/github-action@v2 + with: + oauth-client-id: ${{ secrets.TS_CLIENT_ID }} + oauth-secret: ${{ secrets.TS_OAUTH_SECRET }} + tags: tag:gha + + - name: copy known_hosts + run: | + set -eux + + [ ! -d ~/.ssh ] && mkdir -p ~/.ssh + cp .known_hosts ~/.ssh/known_hosts + + - name: deploy + run: nix run --inputs-from . 'nixpkgs#deploy-rs' -- -s diff --git a/.known_hosts b/.known_hosts new file mode 100644 index 0000000..59a5409 --- /dev/null +++ b/.known_hosts @@ -0,0 +1 @@ +etna ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnkKSd4IV+PM88WKHHfEhSTlknHT0FVXzA0JUcCzOp+ \ No newline at end of file diff --git a/deploy.nix b/deploy.nix new file mode 100644 index 0000000..3bf843d --- /dev/null +++ b/deploy.nix @@ -0,0 +1,37 @@ +{ + lib, + self, + inputs, + ... +}: let + systems = ["etna"]; + + getDeploy = pkgs: + (pkgs.appendOverlays [ + inputs.deploy-rs.overlay + (_: prev: { + deploy-rs = { + inherit (pkgs) deploy-rs; + inherit (prev.deploy-rs) lib; + }; + }) + ]) + .deploy-rs; + + toDeployNode = hostname: system: { + inherit hostname; + sshUser = "root"; + + profiles.system.path = let deploy = getDeploy system.pkgs; in deploy.lib.activate.nixos system; + }; +in { + flake = { + deploy = { + remoteBuild = true; + fastConnection = false; + nodes = lib.mapAttrs toDeployNode (lib.getAttrs systems self.nixosConfigurations); + }; + + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; + }; +} diff --git a/flake.lock b/flake.lock index e92288b..46ee4f4 100644 --- a/flake.lock +++ b/flake.lock @@ -81,6 +81,28 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1704875591, + "narHash": "sha256-eWRLbqRcrILgztU/m/k7CYLzETKNbv0OsT2GjkaNm8A=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "1776009f1f3fb2b5d236b84d9815f2edee463a9b", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -97,6 +119,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -119,7 +157,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1705309234, @@ -201,7 +239,7 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-parts": [ "flake-parts" ], @@ -257,21 +295,6 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1705331948, - "narHash": "sha256-qjQXfvrAT1/RKDFAMdl8Hw3m4tLVvMCc8fMqzJv0pP4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b8dd8be3c790215716e7c12b247f45ca525867e2", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.11", - "type": "indirect" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -307,11 +330,11 @@ "inputs": { "agenix": "agenix", "catppuccin": "catppuccin", + "deploy-rs": "deploy-rs", "flake-parts": "flake-parts", "home-manager": "home-manager_2", "lanzaboote": "lanzaboote", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs": "nixpkgs" } }, "rust-overlay": { @@ -368,6 +391,39 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b6f6559..7b3714c 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,6 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "nixpkgs/nixos-23.11"; flake-parts = { url = "github:hercules-ci/flake-parts"; @@ -34,6 +33,11 @@ url = "github:uku3lig/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + deploy-rs = { + url = "github:serokell/deploy-rs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = {flake-parts, ...} @ inputs: @@ -43,6 +47,7 @@ imports = [ ./ci.nix ./dev.nix + ./deploy.nix ./systems ]; };