From c97e83e9f4a580b3d6a2eb2e9e2b96789711981b Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm@sourcephile.fr>
Date: Wed, 22 Jul 2020 04:18:42 +0200
Subject: [PATCH] nix: reorganize a few things
---
machines.nix | 23 ++--
nixpkgs/patches/installer.ssh-nixos.diff | 32 +++---
nixpkgs/patches/ssh-nixos.diff | 131 +++++++++++++++++++++++
shell.nix | 26 ++---
shell/modules.nix | 40 -------
5 files changed, 165 insertions(+), 87 deletions(-)
create mode 100644 nixpkgs/patches/ssh-nixos.diff
delete mode 100644 shell/modules.nix
diff --git a/machines.nix b/machines.nix
index 852936a..05a1cb8 100644
--- a/machines.nix
+++ b/machines.nix
@@ -1,14 +1,13 @@
-with builtins;
let
- buildMachine = machines: name: config:
- (import <nixpkgs/nixos/lib/eval-config.nix> (config // {
- extraArgs = { inherit name machines; } // config.extraArgs;
- }));
- buildMachines = machines:
- let machinesOut = mapAttrs (buildMachine machinesOut) machines; in
- mapAttrs (n: system: system.config) machinesOut;
-in
-buildMachines {
- mermet = import machines/mermet.nix;
- losurdo = import machines/losurdo.nix;
+buildMachine = machines: name: config:
+ let cfg = if builtins.isPath config then import config else config; in
+ (import <nixpkgs/nixos/lib/eval-config.nix> (cfg // {
+ extraArgs = { inherit name machines; } // config.extraArgs;
+ }));
+buildMachines = machines:
+ let machinesOut = builtins.mapAttrs (buildMachine machinesOut) machines; in
+ builtins.mapAttrs (n: system: system.config) machinesOut;
+in buildMachines {
+ mermet = machines/mermet.nix;
+ losurdo = machines/losurdo.nix;
}
diff --git a/nixpkgs/patches/installer.ssh-nixos.diff b/nixpkgs/patches/installer.ssh-nixos.diff
index d73503c..4064058 100644
--- a/nixpkgs/patches/installer.ssh-nixos.diff
+++ b/nixpkgs/patches/installer.ssh-nixos.diff
@@ -1,21 +1,21 @@
diff --git a/nixos/modules/installer/ssh-nixos.nix b/nixos/modules/installer/ssh-nixos.nix
new file mode 100644
-index 00000000000..52ac88799ee
+index 00000000000..6d1b03eea0a
--- /dev/null
+++ b/nixos/modules/installer/ssh-nixos.nix
-@@ -0,0 +1,112 @@
+@@ -0,0 +1,104 @@
+{ pkgs, lib, config, ... }:
+let
+ inherit (lib) types;
+ inherit (config) networking;
+ cfg = config.installer.ssh-nixos;
+ nixRunDefaultCommand = "bash";
++ # Wraps ssh so that nix copy or calls to ssh added to cfg.script
++ # use cfg.sshFlags and $SSH_FLAGS.
+ ssh = pkgs.writeShellScriptBin "ssh" ''
+ set -eu
+ PATH=$OLDPATH
-+ set -x
-+ ssh -l '${cfg.login}' \
-+ ${lib.escapeShellArgs cfg.sshFlags} ''${SSH_FLAGS:-} "$@"
++ ssh ${lib.escapeShellArgs cfg.sshFlags} ''${SSH_FLAGS:-} "$@"
+ '';
+in
+{
@@ -32,18 +32,16 @@ index 00000000000..52ac88799ee
+ example = ''
+ lib.mkBefore ''''''
+ gpg --decrypt initrd/ssh.key.gpg |
-+ ssh root@''${config.installer.ssh-nixos.target} \
++ ssh ''${config.installer.ssh-nixos.target} \
+ install -D -m 400 -o root -g root /dev/stdin /root/initrd/ssh.key
+ '''''';
+ '';
+ description = ''
-+ Install script copying the configured NixOS to the <link linkend="opt-install.ssh-nixos.target">target</link>
++ Install script copying through SSH the configured NixOS system
++ to the <link linkend="opt-install.ssh-nixos.target">target</link>
+ and switching to the new configuration.
-+ It is made available here for prepending or appending commands
++ This option is made available here for prepending or appending commands
+ with the usual <literal>mkBefore</literal> and <literal>mkAfter</literal>.
-+ In case you run it often or add multiple ssh calls to it,
-+ consider configuring the OpenSSH client with <literal>ControlMaster auto</literal>
-+ to keep the SSH connexion alive between calls to <literal>literal</literal>.
+
+ This script is usually run with:
+ <screen>
@@ -68,17 +66,11 @@ index 00000000000..52ac88799ee
+ ${script}
+ '';
+ };
-+ login = lib.mkOption {
-+ type = types.str;
-+ default = "root";
-+ example = "admin";
-+ description = "Login name passed to ssh.";
-+ };
+ target = lib.mkOption {
+ type = types.str;
-+ default = "${networking.hostName}.${networking.domain}";
-+ example = "192.168.1.10";
-+ description = "Destination where to install NixOS passed to ssh.";
++ default = "root@${networking.hostName}.${networking.domain}";
++ example = "root@192.168.1.10";
++ description = "SSH destination where to install NixOS.";
+ };
+ sshFlags = lib.mkOption {
+ type = types.listOf types.str;
diff --git a/nixpkgs/patches/ssh-nixos.diff b/nixpkgs/patches/ssh-nixos.diff
new file mode 100644
index 0000000..059c3a2
--- /dev/null
+++ b/nixpkgs/patches/ssh-nixos.diff
@@ -0,0 +1,131 @@
+diff --git a/nixos/modules/installer/ssh-nixos.nix b/nixos/modules/installer/ssh-nixos.nix
+new file mode 100644
+index 00000000000..2822c8814c0
+--- /dev/null
++++ b/nixos/modules/installer/ssh-nixos.nix
+@@ -0,0 +1,113 @@
++{ pkgs, lib, config, ... }:
++let
++ inherit (lib) types;
++ inherit (config) networking;
++ cfg = config.installer.ssh-nixos;
++ nixRunDefaultCommand = "bash";
++ ssh = pkgs.writeShellScriptBin "ssh" ''
++ set -eu
++ PATH=$OLDPATH
++ set -x
++ ssh -l '${cfg.login}' \
++ ${lib.escapeShellArgs cfg.sshFlags} ''${SSH_FLAGS:-} "$@"
++ '';
++in
++{
++options.installer.ssh-nixos = {
++ PATH = lib.mkOption {
++ type = types.listOf types.package;
++ default = [];
++ apply = lib.makeBinPath;
++ description = "Packages to be appended to the <literal>PATH<literal> of the script.";
++ };
++ script = lib.mkOption {
++ type = types.lines;
++ default = "";
++ example = ''
++ lib.mkBefore ''''''
++ gpg --decrypt initrd/ssh.key.gpg |
++ ssh root@''${config.installer.ssh-nixos.target} \
++ install -D -m 400 -o root -g root /dev/stdin /root/initrd/ssh.key
++ '''''';
++ '';
++ description = ''
++ Install script copying the configured NixOS via SSH
++ to the <link linkend="opt-install.ssh-nixos.target">target</link>
++ and switching to the new configuration.
++ It is made available here for prepending or appending commands
++ with the usual <literal>mkBefore</literal> and <literal>mkAfter</literal>.
++ In case you run it often or add multiple ssh calls to it,
++ consider configuring the OpenSSH client with <literal>ControlMaster auto</literal>
++ to keep the SSH connexion alive between calls to <literal>literal</literal>.
++
++ This script is usually run with:
++ <screen>
++ <prompt>$ </prompt> nix run system.config.installer.ssh-nixos -f nixos.nix
++ </screen>
++ where <literal>nixos.nix</literal> can be:
++ <screen>
++ import <nixpkgs/nixos> {
++ system = "x86_64-linux";
++ configuration = { config, lib, pkgs }: {
++ # Your usual configuration.nix content can go here
++ };
++ }
++ </screen>
++ '';
++ apply = script: pkgs.writeShellScriptBin nixRunDefaultCommand ''
++ set -eu
++ set -o pipefail
++ export OLDPATH=$PATH:${cfg.PATH}
++ PATH="${ssh}/bin:$OLDPATH"
++ set -x
++ ${script}
++ '';
++ };
++ login = lib.mkOption {
++ type = types.str;
++ default = "root";
++ example = "admin";
++ description = "Login name passed to ssh.";
++ };
++ target = lib.mkOption {
++ type = types.str;
++ default = "${networking.hostName}.${networking.domain}";
++ example = "192.168.1.10";
++ description = "Destination where to install NixOS passed to ssh.";
++ };
++ sshFlags = lib.mkOption {
++ type = types.listOf types.str;
++ default = ["-o" "ControlMaster=auto"];
++ description = ''
++ Extra flags passed to <literal>ssh</literal>.
++ Environment variable <literal>SSH_FLAGS</literal> can also be used at runtime.
++ '';
++ };
++ nixCopyFlags = lib.mkOption {
++ type = types.listOf types.str;
++ default = ["--substitute-on-destination"];
++ description = ''
++ Extra flags passed to <literal>nix copy</literal>.
++ Environment variable <literal>NIX_COPY_FLAGS</literal> can also be used at runtime.
++ '';
++ };
++ profile = lib.mkOption {
++ type = types.str;
++ default = "/nix/var/nix/profiles/system";
++ };
++};
++config = {
++ installer.ssh-nixos.PATH = with pkgs; [nix openssh];
++ installer.ssh-nixos.script =
++ let nixos = config.system.build.toplevel; in ''
++ nix ''${NIX_FLAGS:-} copy \
++ --to ssh://'${cfg.target}' \
++ ${lib.escapeShellArgs cfg.nixCopyFlags} ''${NIX_COPY_FLAGS:-} \
++ ${nixos}
++ ssh '${cfg.target}' \
++ nix-env --profile '${cfg.profile}' --set '${nixos}' '&&' \
++ '${cfg.profile}'/bin/switch-to-configuration "''${NIXOS_SWITCH:-switch}"
++ '';
++};
++meta.maintainers = [ lib.maintainers.julm ];
++}
+diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
+index f361163ca63..15659fde11b 100644
+--- a/nixos/modules/module-list.nix
++++ b/nixos/modules/module-list.nix
+@@ -80,6 +80,7 @@
+ ./i18n/input-method/ibus.nix
+ ./i18n/input-method/nabi.nix
+ ./i18n/input-method/uim.nix
++ ./installer/ssh-nixos.nix
+ ./installer/tools/tools.nix
+ ./misc/assertions.nix
+ ./misc/crashdump.nix
diff --git a/shell.nix b/shell.nix
index 49e6b73..45c9e78 100644
--- a/shell.nix
+++ b/shell.nix
@@ -35,7 +35,6 @@ let
*/
];
localNixpkgsPatches = [
- #/home/julm/src/nix/nixpkgs/wip.patch
nixpkgs/patches/transmission+apparmor.diff
nixpkgs/patches/installer.ssh-nixos.diff
nixpkgs/patches/security.pass.diff
@@ -58,11 +57,9 @@ let
overlays = import nixpkgs/overlays.nix;
};
- lib = pkgs.lib;
- nixos = pkgs.nixos {};
# Configuration of shell/modules/
# to expand shellHook and buildInputs of this shell.nix
- configuration = {config, ...}: {
+ shellConfig = {config, ...}: {
imports = [
shell/gnupg.nix
];
@@ -110,11 +107,10 @@ let
# Using modules enables to separate specific configurations
# from reusable code in shell/modules.nix and shell/modules/
# which may find its way in another git repository one day.
- modules =
- (import shell/modules.nix {
- inherit pkgs lib;
- modules = [ configuration ];
- }).config;
+ shell = (pkgs.lib.evalModules {
+ modules = [ shellConfig ] ++ map import (pkgs.lib.findFiles ".*\\.nix" shell/modules);
+ args = { inherit pkgs; };
+ }).config;
pwd = toString (./. + "");
sourcephile-shred-tmp = pkgs.writeShellScriptBin "sourcephile-shred-tmp" ''
@@ -132,11 +128,11 @@ pkgs.mkShell {
src = null;
#preferLocalBuild = true;
#allowSubstitutes = false;
- buildInputs = modules.nix-shell.buildInputs ++ [
+ buildInputs = shell.nix-shell.buildInputs ++ [
sourcephile-shred-tmp
- nixos.nixos-generate-config
- nixos.nixos-install
- nixos.nixos-enter
+ (pkgs.nixos []).nixos-generate-config
+ (pkgs.nixos []).nixos-install
+ (pkgs.nixos []).nixos-enter
#pkgs.binutils
pkgs.coreutils
pkgs.cryptsetup
@@ -196,7 +192,7 @@ pkgs.mkShell {
# Nix
PATH=$NIX_SHELL_PATH:$PATH
- export NIX_PATH="${lib.concatStringsSep ":" [
+ export NIX_PATH="${pkgs.lib.concatStringsSep ":" [
"machines=$PWD/machines.nix"
#"pass=$PASSWORD_STORE_DIR"
"nixpkgs=${toString pkgs.path}"
@@ -209,7 +205,7 @@ pkgs.mkShell {
# hence shred at startup, which is not ideal.
sourcephile-shred-tmp
- ${modules.nix-shell.shellHook}
+ ${shell.nix-shell.shellHook}
# gpg
export GPG_TTY=$(tty)
diff --git a/shell/modules.nix b/shell/modules.nix
deleted file mode 100644
index c838ffe..0000000
--- a/shell/modules.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ pkgs
-, lib ? pkgs.lib
-, modules ? []
-, extraArgs ? {}
-, specialArgs ? {}
-, check ? true
-, prefix ? []
-}:
-let extraArgs_ = extraArgs;
- pkgs_ = pkgs;
- baseModules = map import (lib.findFiles ".*\\.nix" ./modules );
- pkgsModule = rec {
- _file = ./modules.nix;
- key = _file;
- config = {
- _module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_);
- };
- };
-in
-rec {
- # Merge the option definitions in all modules,
- # forming the full system configuration.
- inherit (lib.evalModules {
- inherit prefix;
- inherit check;
- modules = modules ++ baseModules ++ [ pkgsModule ];
- args = extraArgs;
- inherit specialArgs;
- #specialArgs = { modulesPath = config/modules.nix; } // specialArgs;
- }) config options;
-
- # These are the extra arguments passed to every module.
- # In particular, Nixpkgs is passed through the "pkgs" argument.
- extraArgs = extraArgs_ // {
- inherit modules;
- inherit baseModules;
- };
-
- inherit (config._module.args) pkgs;
-}
--
2.47.2