about summary refs log tree commit diff
path: root/ops/nixos.nix
blob: c0410046c6267662163626efa82adfbe8ed3de3e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Helper functions for instantiating depot-compatible NixOS machines.
{ depot, lib, pkgs, ... }@args:

let inherit (lib) findFirst isAttrs;
in rec {
  # This provides our standard set of arguments to all NixOS modules.
  baseModule = { ... }: {
    # Ensure that pkgs == third_party.nix
    nixpkgs.pkgs = depot.third_party.nixpkgs;
    nix.nixPath =
      let
        # Due to nixpkgsBisectPath, pkgs.path is not always in the nix store
        nixpkgsStorePath =
          if lib.hasPrefix builtins.storeDir (toString pkgs.path)
          then builtins.storePath pkgs.path # nixpkgs is already in the store
          else pkgs.path; # we need to dump nixpkgs to the store either way
      in
      [
        ("nixos=" + nixpkgsStorePath)
        ("nixpkgs=" + nixpkgsStorePath)
      ];
  };

  nixosFor = configuration: (depot.third_party.nixos {
    configuration = { ... }: {
      imports = [
        baseModule
        configuration
      ];
    };

    specialArgs = {
      inherit (args) depot;
    };
  });

  findSystem = hostname:
    (findFirst
      (system: system.config.networking.hostName == hostname)
      (throw "${hostname} is not a known NixOS host")
      (map nixosFor depot.ops.machines.all-systems));

  rebuild-system = rebuildSystemWith (
    # HACK: use the string of the original source to avoid copying the whole
    # depot into the store just for this
    builtins.toString depot.path.origSrc);

  rebuildSystemWith = depotPath: pkgs.writeShellScriptBin "rebuild-system" ''
    set -ue
    if [[ $EUID -ne 0 ]]; then
      echo "Oh no! Only root is allowed to rebuild the system!" >&2
      exit 1
    fi

    echo "Rebuilding NixOS for $HOSTNAME"
    system=$(${pkgs.nix}/bin/nix-build -E "((import ${depotPath} {}).ops.nixos.findSystem \"$HOSTNAME\").system" --no-out-link --show-trace)

    ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $system
    $system/bin/switch-to-configuration switch
  '';

  # Systems that should be built in CI
  whitbySystem = (nixosFor depot.ops.machines.whitby).system;
  sandunySystem = (nixosFor depot.ops.machines.sanduny).system;
  nixeryDev01System = (nixosFor depot.ops.machines.nixery-01).system;
  volgaSprintCacheSystem = (nixosFor depot.ops.machines.volgasprint-cache).system;
  meta.ci.targets = [ "sandunySystem" "whitbySystem" "nixeryDev01System" ];
}