From 84f00250d3ecedf52489a57e082287bbbee6362c Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 13 Nov 2024 17:00:34 +0100 Subject: [PATCH] serve the website from the git repo - move the impure single-node deploy helper here it's not used anywhere else - reuse the pins from the website this needs to be cleaned up later - don't copy the config to the server it's impure (can't even build that without jumping through hoops), and useless when building via SSH --- .gitignore | 3 +++ server/README.md | 15 +++++++++++++ server/configuration.nix | 8 ------- server/default.nix | 46 ++++++++++++++++++++++++++++++++++++++++ server/shell.nix | 1 + services/README.md | 10 --------- services/deploy.nix | 13 ------------ services/flake.nix | 6 ------ 8 files changed, 65 insertions(+), 37 deletions(-) create mode 100644 .gitignore create mode 100644 server/README.md create mode 100644 server/default.nix create mode 100644 server/shell.nix delete mode 100644 services/deploy.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..fbfad60a --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.envrc +.direnv +result diff --git a/server/README.md b/server/README.md new file mode 100644 index 00000000..8b544140 --- /dev/null +++ b/server/README.md @@ -0,0 +1,15 @@ +# fediversity.eu webserver + +This directory contains the configuration for the server hosting https://fediversity.eu + +Build the configuration: + +```bash +nix-build -A machine +``` + +Deploy via SSH: + +```bash +env SSH_OPTS="..." nix-shell --run deploy-webserver +``` diff --git a/server/configuration.nix b/server/configuration.nix index 11319fdc..d779f5a7 100644 --- a/server/configuration.nix +++ b/server/configuration.nix @@ -245,9 +245,6 @@ }) wget git - hugo - go - nodejs ]; # List services that you want to enable: @@ -258,11 +255,6 @@ # Enable xe-guest-utilities services.xe-guest-utilities.enable = true; - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - system.copySystemConfiguration = true; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/server/default.nix b/server/default.nix new file mode 100644 index 00000000..e4699854 --- /dev/null +++ b/server/default.nix @@ -0,0 +1,46 @@ +{ sources ? import ../website/npins +, system ? builtins.currentSystem +, pkgs ? import sources.nixpkgs { + inherit system; + config = { }; + overlays = [ ]; + } +, lib ? import "${sources.nixpkgs}/lib" +}: +let + # TODO: don't hard code target hosts; wire all of it up with NixOps4 + host = "vm02117.procolix.com"; + deploy = pkgs.writeShellApplication { + name = "deploy-webserver"; + text = '' + # HACK: decouple system evaluation from shell evaluation + # the structured way for using this hack is encoded in https://github.com/fricklerhandwerk/lazy-drv + result="$(nix-build ${toString ./.} -A machine --no-out-link --eval-store auto --store ssh-ng://${host})" + # shellcheck disable=SC2087 + ssh ${host} << EOF + nix-env -p /nix/var/nix/profiles/system --set "$result" + "$result"/bin/switch-to-configuration switch + EOF + ''; + }; + nixos-configuration = config: + import "${pkgs.path}/nixos/lib/eval-config.nix" { + modules = [ + config + ]; + system = null; + }; +in +rec { + nixos = nixos-configuration ./configuration.nix; + machine = nixos.config.system.build.toplevel; + shell = pkgs.mkShellNoCC { + packages = with pkgs; [ + deploy + ]; + env = { + # TODO: reusing other pins for now; wire up the whole repo to use the same dependencies + NPINS_DIRECTORY = toString ../website/npins; + }; + }; +} diff --git a/server/shell.nix b/server/shell.nix new file mode 100644 index 00000000..a6bdf202 --- /dev/null +++ b/server/shell.nix @@ -0,0 +1 @@ +(import ./. { }).shell diff --git a/services/README.md b/services/README.md index 66114e72..6ef0b938 100644 --- a/services/README.md +++ b/services/README.md @@ -57,16 +57,6 @@ nix build .#installers.peertube Upload the image in `./result` to Proxmox when creating a VM. Booting the image will format the disk and install NixOS with the desired configuration. -# Deploying an updated machine configuration - -> TODO: There is currently no way to specify an actual target machine by name. - -Assuming you have SSH configuration with access to the remote `root` user stored for a machine called e.g. `peertube`, deploy the configuration by the same name: - -```bash -nix run .#deploy.peertube -``` - ## debugging notes - it is sometimes useful to `cat result/bin/run-nixos-vm` to see what's really going on (e.g. which ports are getting forwarded) diff --git a/services/deploy.nix b/services/deploy.nix deleted file mode 100644 index 232b7e34..00000000 --- a/services/deploy.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ writeShellApplication }: -name: _config: -writeShellApplication { - name = "deploy"; - text = '' - result="$(nix build --print-out-paths ${./.}#nixosConfigurations#${name} --eval-store auto --store ssh-ng://${name})" - # shellcheck disable=SC2087 - ssh ${name} << EOF - nix-env -p /nix/var/nix/profiles/system --set "$result" - "$result"/bin/switch-to-configuration switch - EOF - ''; -} diff --git a/services/flake.nix b/services/flake.nix index 7836171d..aec006b7 100644 --- a/services/flake.nix +++ b/services/flake.nix @@ -114,12 +114,6 @@ mkInstaller = import ./installer.nix; installers = lib.mapAttrs (_: config: self.mkInstaller nixpkgs config) self.nixosConfigurations; - deploy = - let - deployCommand = (pkgs.callPackage ./deploy.nix { }); - in - lib.mapAttrs (name: config: deployCommand name config) self.nixosConfigurations; - checks.${system} = { mastodon-garage = import ./tests/mastodon-garage.nix { inherit pkgs self; }; pixelfed-garage = import ./tests/pixelfed-garage.nix { inherit pkgs self; };