deploy-rs: init support

SUMMARY.md

@@ -23,4 +23,6 @@
   - [iso](./doc/flk/iso.md)
   - [install](./doc/flk/install.md)
   - [home](./doc/flk/home.md)
+- [Integrations](doc/integrations/index.md)
+  - [deploy-rs](./doc/integrations/deploy.md)
 - [Contributing](./doc/README.md)

doc/integrations/deploy.md

@@ -0,0 +1,49 @@
+# deploy-rs
+[Deploy-rs][d-rs] is a tool for managing NixOS remote machines. It was
+chosen for nixflk after the author experienced some frustrations with the
+stateful nature of nixops' db. It was also designed from scratch to support
+flake based deployments, and so is an excellent tool for the job.
+
+By default, all the [hosts](../../hosts) are also available as deploy-rs nodes,
+configured with the hostname set to `networking.hostName`; overridable via
+the command line.
+
+## Usage
+
+Just add your ssh key to the host:
+```nix
+{ ... }:
+{
+  users.users.${sshUser}.openssh.authorizedKeys.keyFiles = [
+    ../secrets/path/to/key.pub
+  ];
+}
+```
+
+And the private key to your user:
+```nix
+{ ... }:
+{
+  home-manager.users.${sshUser}.programs.ssh = {
+    enable = true;
+
+    matchBlocks = {
+      ${host} = {
+        host = hostName;
+        identityFile = ../secrets/path/to/key;
+        extraOptions = { AddKeysToAgent = "yes"; };
+      };
+    };
+  }
+}
+```
+
+And run the deployment:
+```sh
+deploy "flk#hostName" --hostname host.example.com
+```
+
+> ##### _Note:_
+> Your user will need sudo access
+
+[d-rs]: https://github.com/serokell/deploy-rs

doc/integrations/index.md

@@ -0,0 +1,5 @@
+# Integrations
+This section explores some of the optional tools included with nixflk to provide
+a solution to common concerns such as ci and remote deployment. An effort is
+made to choose tools that treat nix, and where possible flakes, as first class
+citizens.

extern/default.nix

@@ -8,6 +8,9 @@
   overlays = [
     nur.overlay
     devshell.overlay
+    (final: prev: {
+      deploy-rs = deploy.packages.${prev.system}.deploy-rs;
+    })
   ];
 
   # passed to all nixos modules

flake.nix

@@ -14,27 +14,35 @@
       ci-agent.inputs.nixos-20_09.follows = "nixos";
       ci-agent.inputs.nixos-unstable.follows = "override";
       ci-agent.inputs.flake-compat.follows = "flake-compat";
+      deploy.url = "github:serokell/deploy-rs";
+      deploy.inputs.utils.follows = "utils";
+      deploy.inputs.naersk.follows = "naersk";
+      deploy.inputs.nixpkgs.follows = "override";
+      deploy.inputs.flake-compat.follows = "flake-compat";
+      naersk.url = "github:nmattia/naersk";
+      naersk.inputs.nixpkgs.follows = "override";
       flake-compat.url = "github:edolstra/flake-compat";
       flake-compat.flake = false;
     };
 
   outputs =
-    inputs@{ self
-    , ci-agent
+    inputs@{ ci-agent
+    , deploy
+    , devshell
     , home
     , nixos
+    , nixos-hardware
+    , nur
     , override
+    , self
     , utils
-    , nur
-    , devshell
-    , nixos-hardware
     , ...
     }:
     let
       inherit (utils.lib) eachDefaultSystem flattenTreeSystem;
       inherit (nixos.lib) recursiveUpdate;
       inherit (self.lib) overlays nixosModules genPackages genPkgs
-        genHomeActivationPackages;
+        genHomeActivationPackages mkNodes;
 
       extern = import ./extern { inherit inputs; };
 
@@ -63,6 +71,12 @@
           templates.flk.description = "flk template";
 
           defaultTemplate = self.templates.flk;
+
+          deploy.nodes = mkNodes deploy self.nixosConfigurations;
+
+          checks = builtins.mapAttrs
+            (system: deployLib: deployLib.deployChecks self.deploy)
+            deploy.lib;
         };
 
       systemOutputs = eachDefaultSystem (system:

lib/default.nix

@@ -42,6 +42,21 @@ let
     in
     map fullPath (attrNames (readDir overlayDir));
 
+  /**
+  Synopsis: mkNodes _nixosConfigurations_
+
+  Generate the `nodes` attribute expected by deploy-rs
+  where _nixosConfigurations_ are `nodes`.
+  **/
+  mkNodes = deploy: mapAttrs (_: config: {
+    hostname = config.config.networking.hostName;
+
+    profiles.system = {
+      user = "root";
+      path = deploy.lib.x86_64-linux.activate.nixos config;
+    };
+  });
+
   /**
   Synopsis: importDefaults _path_
 
@@ -72,7 +87,7 @@ let
 in
 {
   inherit importDefaults mapFilterAttrs genAttrs' pkgImport
-    pathsToImportedAttrs;
+    pathsToImportedAttrs mkNodes;
 
   overlays = pathsToImportedAttrs overlayPaths;
 

nix/ci.nix

@@ -1,10 +1,18 @@
 let
-  inherit (default.inputs.nixos.lib) recurseIntoAttrs;
+  inherit (default.inputs.nixos.lib) mapAttrs recurseIntoAttrs;
 
   default = (import "${../.}/compat").defaultNix;
   packages = import ../default.nix;
 in
 {
+  checks = recurseIntoAttrs (mapAttrs (_: v: recurseIntoAttrs v) {
+    inherit (default.checks)
+      aarch64-linux
+      i686-linux
+      x86_64-linux
+      ;
+  });
+
   # platforms supported by our hercules-ci agent
   inherit (packages)
     aarch64-linux

profiles/core/default.nix

@@ -12,6 +12,7 @@ in
       binutils
       coreutils
       curl
+      deploy-rs
       direnv
       dnsutils
       dosfstools
@@ -22,8 +23,8 @@ in
       iputils
       jq
       manix
-      nix-index
       moreutils
+      nix-index
       nmap
       ripgrep
       tealdeer

shell/default.nix

@@ -23,7 +23,7 @@ pkgs.devshell.mkShell {
     nixos-install
     nixos-generate-config
     nixos-enter
-  ];
+  ] ++ lib.optional (system == "x86_64-linux") deploy-rs;
 
   env = { inherit name; };