Last active
January 14, 2024 11:37
-
-
Save eyJhb/a1bee280d82ecf018a9dd888d29888c1 to your computer and use it in GitHub Desktop.
nixus sources test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
let | |
sources = import ./sources.nix; | |
in import sources.nixus { | |
specialArgs.sources = sources; | |
} ({ config, ... }: { | |
defaults = { lib, name, ... }: { | |
configuration = { | |
config._module.args.sources = sources; | |
config.networking.hostName = lib.mkDefault name; | |
}; | |
nixpkgs = lib.mkDefault sources.nixpkgs-stable; | |
}; | |
nodes.foo = { | |
host = "nix-deployer@127.0.0.1"; | |
configuration = { sources, ... }: { | |
imports = [ | |
./state.nix | |
]; | |
config.fileSystems."/" = { | |
device = "/dev/vda1"; | |
fsType = "ext4"; | |
}; | |
config.boot.loader.grub.devices = [ (builtins.trace sources "/dev/sda1") ]; | |
}; | |
}; | |
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"nixpkgs": { | |
"branch": "nixos-unstable", | |
"description": "Nix Packages collection", | |
"homepage": null, | |
"owner": "NixOS", | |
"repo": "nixpkgs", | |
"rev": "6c43a3495a11e261e5f41e5d7eda2d71dae1b2fe", | |
"sha256": "16f329z831bq7l3wn1dfvbkh95l2gcggdwn6rk3cisdmv2aa3189", | |
"type": "tarball", | |
"url": "https://github.com/NixOS/nixpkgs/archive/6c43a3495a11e261e5f41e5d7eda2d71dae1b2fe.tar.gz", | |
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" | |
}, | |
"nixpkgs-stable": { | |
"branch": "nixos-23.11", | |
"description": "Nix Packages collection & NixOS", | |
"homepage": "", | |
"owner": "NixOS", | |
"repo": "nixpkgs", | |
"rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356", | |
"sha256": "0a30jv7s6qpy7i98jznc6iirq68344byrgpvcvarpjrdvfp84sv1", | |
"type": "tarball", | |
"url": "https://github.com/NixOS/nixpkgs/archive/3dc440faeee9e889fe2d1b4d25ad0f430d449356.tar.gz", | |
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" | |
}, | |
"nixus": { | |
"branch": "master", | |
"description": "Experimental deployment tool supporting multi-host abstractions", | |
"homepage": "", | |
"owner": "infinisil", | |
"repo": "nixus", | |
"rev": "3d829c74b3dff74f211ef21d64def233532e9e5d", | |
"sha256": "1vwg567jafcwaikkbdgckyirhnb0hd7r8x25j5wsb5a5563bpi65", | |
"type": "tarball", | |
"url": "https://github.com/infinisil/nixus/archive/3d829c74b3dff74f211ef21d64def233532e9e5d.tar.gz", | |
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" | |
}, | |
"impermanence": { | |
"branch": "master", | |
"description": "Modules to help you handle persistent state on systems with ephemeral root storage [maintainer=@talyz]", | |
"homepage": "", | |
"owner": "nix-community", | |
"repo": "impermanence", | |
"rev": "033643a45a4a920660ef91caa391fbffb14da466", | |
"sha256": "16x067nv146igqfxq8b3a0rf6715z5vpl0hz27dp2a29s6lr8944", | |
"type": "tarball", | |
"url": "https://github.com/nix-community/impermanence/archive/033643a45a4a920660ef91caa391fbffb14da466.tar.gz", | |
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file has been generated by Niv. | |
let | |
# | |
# The fetchers. fetch_<type> fetches specs of type <type>. | |
# | |
fetch_file = pkgs: name: spec: | |
let | |
name' = sanitizeName name + "-src"; | |
in | |
if spec.builtin or true then | |
builtins_fetchurl { inherit (spec) url sha256; name = name'; } | |
else | |
pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; | |
fetch_tarball = pkgs: name: spec: | |
let | |
name' = sanitizeName name + "-src"; | |
in | |
if spec.builtin or true then | |
builtins_fetchTarball { name = name'; inherit (spec) url sha256; } | |
else | |
pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; | |
fetch_git = name: spec: | |
let | |
ref = | |
spec.ref or ( | |
if spec ? branch then "refs/heads/${spec.branch}" else | |
if spec ? tag then "refs/tags/${spec.tag}" else | |
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!" | |
); | |
submodules = spec.submodules or false; | |
submoduleArg = | |
let | |
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0; | |
emptyArgWithWarning = | |
if submodules | |
then | |
builtins.trace | |
( | |
"The niv input \"${name}\" uses submodules " | |
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit " | |
+ "does not support them" | |
) | |
{ } | |
else { }; | |
in | |
if nixSupportsSubmodules | |
then { inherit submodules; } | |
else emptyArgWithWarning; | |
in | |
builtins.fetchGit | |
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg); | |
fetch_local = spec: spec.path; | |
fetch_builtin-tarball = name: throw | |
''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. | |
$ niv modify ${name} -a type=tarball -a builtin=true''; | |
fetch_builtin-url = name: throw | |
''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. | |
$ niv modify ${name} -a type=file -a builtin=true''; | |
# | |
# Various helpers | |
# | |
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 | |
sanitizeName = name: | |
( | |
concatMapStrings (s: if builtins.isList s then "-" else s) | |
( | |
builtins.split "[^[:alnum:]+._?=-]+" | |
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name) | |
) | |
); | |
# The set of packages used when specs are fetched using non-builtins. | |
mkPkgs = sources: system: | |
let | |
sourcesNixpkgs = | |
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; | |
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; | |
hasThisAsNixpkgsPath = <nixpkgs> == ./.; | |
in | |
if builtins.hasAttr "nixpkgs" sources | |
then sourcesNixpkgs | |
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then | |
import <nixpkgs> { } | |
else | |
abort | |
'' | |
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or | |
add a package called "nixpkgs" to your sources.json. | |
''; | |
# The actual fetching function. | |
fetch = pkgs: name: spec: | |
if ! builtins.hasAttr "type" spec then | |
abort "ERROR: niv spec ${name} does not have a 'type' attribute" | |
else if spec.type == "file" then fetch_file pkgs name spec | |
else if spec.type == "tarball" then fetch_tarball pkgs name spec | |
else if spec.type == "git" then fetch_git name spec | |
else if spec.type == "local" then fetch_local spec | |
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name | |
else if spec.type == "builtin-url" then fetch_builtin-url name | |
else | |
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; | |
# If the environment variable NIV_OVERRIDE_${name} is set, then use | |
# the path directly as opposed to the fetched source. | |
replace = name: drv: | |
let | |
saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name; | |
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; | |
in | |
if ersatz == "" then drv else | |
# this turns the string into an actual Nix path (for both absolute and | |
# relative paths) | |
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; | |
# Ports of functions for older nix versions | |
# a Nix version of mapAttrs if the built-in doesn't exist | |
mapAttrs = builtins.mapAttrs or ( | |
f: set: with builtins; | |
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) | |
); | |
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 | |
range = first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1); | |
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 | |
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); | |
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 | |
stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); | |
concatMapStrings = f: list: concatStrings (map f list); | |
concatStrings = builtins.concatStringsSep ""; | |
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 | |
optionalAttrs = cond: as: if cond then as else { }; | |
# fetchTarball version that is compatible between all the versions of Nix | |
builtins_fetchTarball = { url, name ? null, sha256 }@attrs: | |
let | |
inherit (builtins) lessThan nixVersion fetchTarball; | |
in | |
if lessThan nixVersion "1.12" then | |
fetchTarball ({ inherit url; } // (optionalAttrs (name != null) { inherit name; })) | |
else | |
fetchTarball attrs; | |
# fetchurl version that is compatible between all the versions of Nix | |
builtins_fetchurl = { url, name ? null, sha256 }@attrs: | |
let | |
inherit (builtins) lessThan nixVersion fetchurl; | |
in | |
if lessThan nixVersion "1.12" then | |
fetchurl ({ inherit url; } // (optionalAttrs (name != null) { inherit name; })) | |
else | |
fetchurl attrs; | |
# Create the final "sources" from the config | |
mkSources = config: | |
mapAttrs | |
( | |
name: spec: | |
if builtins.hasAttr "outPath" spec | |
then | |
abort | |
"The values in sources.json should not have an 'outPath' attribute" | |
else | |
spec // { outPath = replace name (fetch config.pkgs name spec); } | |
) | |
config.sources; | |
# The "config" used by the fetchers | |
mkConfig = | |
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null | |
, sources ? if sourcesFile == null then { } else builtins.fromJSON (builtins.readFile sourcesFile) | |
, system ? builtins.currentSystem | |
, pkgs ? mkPkgs sources system | |
}: rec { | |
# The sources, i.e. the attribute set of spec name to spec | |
inherit sources; | |
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers | |
inherit pkgs; | |
}; | |
in | |
mkSources (mkConfig { }) // { __functor = _: settings: mkSources (mkConfig settings); } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ sources, config, lib, ... }: | |
with lib; | |
{ | |
options.mine.state.enable = mkOption { | |
type = types.bool; | |
default = false; | |
}; | |
imports = [ | |
(sources.impermanence + "/nixos.nix") | |
]; | |
config = mkIf config.mine.state.enable { | |
environment.persistence = { | |
root = { | |
persistentStoragePath = "/state/root"; | |
directories = [ | |
"/var/lib/nixos" | |
"/var/lib/nixus-secrets" | |
"/var/log" | |
]; | |
}; | |
}; | |
}; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment