From a73714a93c2d5e1ce2f9e52f23eaf3019a5d46ed Mon Sep 17 00:00:00 2001 From: Griffin Smith Date: Fri, 3 Jul 2020 00:26:33 -0400 Subject: feat(ops/nixos): Add generic rebuild-system script This adds a first crack at one idea for a generic, non-user-specific rebuild-system script to ops.nixos.rebuild-system. The idea here is that we enumerate all the nixos systems stored in the monorepo (similarly to what we do for ci-builds right now) then search through them by hostname to find the one matching the hostname of the current system, which is an attempt at a more generic version of tazjin's rebuilder script which does the same thing but with an explicit case block. As a caveat, it feels like there's a slight possibility that this way of finding systems is going to get slow to evaluate - on my system it feels fine but if it grows out of hand it's probably feasible to just bake this into the built script as a dynamically generated case statement. Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/894 Tested-by: BuildkiteCI Reviewed-by: lukegb --- bin/__dispatch.sh | 3 +++ bin/rebuild-system | 1 + ci-builds.nix | 20 +++++++--------- ops/nixos/all-systems.nix | 14 +++++++++++ ops/nixos/default.nix | 36 ++++++++++++++++++++++++++-- ops/nixos/whitby/default.nix | 6 +---- users/glittershark/system/system/default.nix | 4 +--- 7 files changed, 63 insertions(+), 21 deletions(-) create mode 120000 bin/rebuild-system create mode 100644 ops/nixos/all-systems.nix diff --git a/bin/__dispatch.sh b/bin/__dispatch.sh index e8d54fec39..fa954ae29c 100755 --- a/bin/__dispatch.sh +++ b/bin/__dispatch.sh @@ -52,6 +52,9 @@ case "${TARGET_TOOL}" in hash-password) attr="tools.hash-password" ;; + rebuild-system) + attr="ops.nixos.rebuild-system" + ;; *) echo "The tool '${TARGET_TOOL}' is currently not installed in this repository." exit 1 diff --git a/bin/rebuild-system b/bin/rebuild-system new file mode 120000 index 0000000000..8390ec9c96 --- /dev/null +++ b/bin/rebuild-system @@ -0,0 +1 @@ +__dispatch.sh \ No newline at end of file diff --git a/ci-builds.nix b/ci-builds.nix index 26f7e105d9..437804eef9 100644 --- a/ci-builds.nix +++ b/ci-builds.nix @@ -16,6 +16,10 @@ let owo = lib.generators.toPretty {} exp; }; + systemFor = configuration: (depot.third_party.nixos { + inherit configuration; + }).system; + in lib.fix (self: { __apprehendEvaluators = throw '' Do not evaluate this attribute set directly. It exists only to group builds @@ -28,18 +32,10 @@ in lib.fix (self: { # used to trigger builds for each key. __evaluatable = filter (key: (substring 0 2 key) != "__") (attrNames self); - # List of non-public targets, these are only used in local builds - # and not in CI. - __nonpublic = with depot; [ - users.tazjin.nixos.camdenSystem - users.tazjin.nixos.frogSystem - ]; - # Combined list of all the targets, used for building everything locally. __allTargets = (with depot.nix.yants; list drv) - (foldl' (x: y: x ++ y) self.__nonpublic - (map (k: getAttr k self) self.__evaluatable)); + (foldl' (x: y: x ++ y) [] (map (k: getAttr k self) self.__evaluatable)); fun = with depot.fun; [ amsterdump @@ -57,7 +53,7 @@ in lib.fix (self: { journaldriver kontemplate mq_cli - nixos.whitby + (systemFor nixos.whitby) ]; third_party = with depot.third_party; [ @@ -98,10 +94,12 @@ in lib.fix (self: { emacs finito homepage + (systemFor nixos.camden) + (systemFor nixos.frog) ]; glittershark = with depot.users.glittershark; [ - system.system.chupacabra + (systemFor system.system.chupacabra) xanthous ]; }) diff --git a/ops/nixos/all-systems.nix b/ops/nixos/all-systems.nix new file mode 100644 index 0000000000..ba63de2f2d --- /dev/null +++ b/ops/nixos/all-systems.nix @@ -0,0 +1,14 @@ +{ depot, ... }: + +(with depot.ops.nixos; [ + whitby +]) ++ + +(with depot.users.tazjin.nixos; [ + camden + frog +]) ++ + +(with depot.users.glittershark.system.system; [ + chupacabra +]) diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index a0d7630d00..40431a79af 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -6,8 +6,40 @@ # # TODO(tazjin): Find a more elegant solution for the whole module # situation. -{ ... }@args: +{ lib, pkgs, depot, ... }@args: -{ +let + inherit (lib) findFirst isAttrs; +in + +rec { whitby = import ./whitby/default.nix args; + + # System installation + + allSystems = import ./all-systems.nix args; + + nixosFor = configuration: depot.third_party.nixos { + inherit configuration; + }; + + findSystem = hostname: + (findFirst + (system: system.config.networking.hostName == hostname) + (throw "${hostname} is not a known NixOS host") + (map nixosFor allSystems)); + + rebuild-system = pkgs.writeShellScriptBin "rebuild-system" '' + set -ue + if [[ $EUID -ne 0 ]]; then + echo "Oh no! Only root is allowed to rebuild the system!" >&2 + exit 1 + fi + + echo "Rebuilding NixOS for $HOSTNAME" + system=$(nix-build -E "((import ${toString depot.depotPath} {}).ops.nixos.findSystem \"$HOSTNAME\").system" --no-out-link --show-trace) + + nix-env -p /nix/var/nix/profiles/system --set $system + $system/bin/switch-to-configuration switch + ''; } diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix index 73066d6b9c..b1055ddd2e 100644 --- a/ops/nixos/whitby/default.nix +++ b/ops/nixos/whitby/default.nix @@ -12,11 +12,7 @@ let mkdir -p $out/bin ln -s ${depot.ops.besadii}/bin/besadii $out/bin/post-command ''; - - systemForConfig = configuration: (depot.third_party.nixos { - inherit configuration; - }).system; -in systemForConfig { +in { inherit depot; imports = [ "${depot.depotPath}/ops/nixos/depot.nix" diff --git a/users/glittershark/system/system/default.nix b/users/glittershark/system/system/default.nix index 75e93d533b..7c241de86b 100644 --- a/users/glittershark/system/system/default.nix +++ b/users/glittershark/system/system/default.nix @@ -1,9 +1,7 @@ { depot, ... }: rec { - chupacabra = (depot.third_party.nixos { - configuration = import ./machines/chupacabra.nix; - }).system; + chupacabra = import ./machines/chupacabra.nix; rebuilder = let -- cgit 1.4.1