From ccfd97c48f81109a2e719f868550b5af60ec1cd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Geoffrey=20=E2=80=9CFrogeye=E2=80=9D=20Preud=27homme?= Date: Sat, 6 Apr 2024 13:36:04 +0200 Subject: [PATCH 1/6] deploy-flake: Replace rsync with nix flake archive This changes the way to transfer the flake from the local to the remote machine. This removes the dependency on `rsync` (and eventually `git` if the flake has `git` inputs), and also private and local (e.g. for development) inputs to be transferred without special setup. This repurposes `lollypops.deployment.config-dir` to simply store the link to the flake. Potentially breaking change: The user needs to be able to write in the Nix store, as I haven't figured a way to make nix flake archive use sudo on the receiving side. --- README.md | 10 ++-------- flake.nix | 34 +++++++++++++++------------------- module.nix | 4 ---- 3 files changed, 17 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 1f96fda..2b23382 100644 --- a/README.md +++ b/README.md @@ -217,14 +217,8 @@ Setting `lollypops.deployment.local-evaluation` to true, will result in evaluation being done on the local side. This requires `nixos-rebuild` in your `$PATH` -**Note:** Rsync is required on the remote for remote evaluation to work. While -the lollypops module will add the package to `environment.systemPackages` it may -be missing still on the first deployment. To fix this, either add it to your -$PATH on the remote side or do your first deployment with -`lollypops.deployment.local-evaluation` set to `true`. - -**Note:** If your flake includes remote Git repositories in its inputs, `git` is -required to be installed on the remote host. +**Note:** If using `sudo`, the user you're connecting as still needs to be able +to access the Nix daemon. This is the default in NixOS. ### Secrets diff --git a/flake.nix b/flake.nix index ad1a8fb..2154fcc 100644 --- a/flake.nix +++ b/flake.nix @@ -186,9 +186,11 @@ --target-host {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ ${optionalString useSudo "--use-remote-sudo"} '' else '' + flake="$({{.REMOTE_COMMAND}} {{.REMOTE_SSH_OPTS}} {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ + "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} readlink -f '{{.REMOTE_CONFIG_DIR}}/flake'")" {{.REMOTE_COMMAND}} {{.REMOTE_SSH_OPTS}} {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ - "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} nixos-rebuild {{.REBUILD_ACTION}} \ - --flake '{{.REMOTE_CONFIG_DIR}}#{{.HOSTNAME}}'" + "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} nixos-rebuild {{.REBUILD_ACTION}} \ + --flake '$flake#{{.HOSTNAME}}'" '') ]; }; @@ -200,23 +202,17 @@ cmds = [ ''echo "Deploying flake to: {{.HOSTNAME}}"'' '' - source_path={{.LOCAL_FLAKE_SOURCE}} - if test -d "$source_path"; then - source_path=$source_path/ - fi - ${pkgs.rsync}/bin/rsync \ - --verbose \ - -e "{{.REMOTE_COMMAND}} -l {{.REMOTE_USER}} -T {{.REMOTE_SSH_OPTS}}" \ - -FD \ - --checksum \ - --times \ - --perms \ - --recursive \ - --links \ - --delete-excluded \ - --mkpath \ - ${optionalString useSudo ''--rsync-path="{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}} rsync"''} \ - $source_path {{.REMOTE_USER}}\@{{.REMOTE_HOST}}:{{.REMOTE_CONFIG_DIR}} + flake="$(NIX_SSHOPTS="{{.REMOTE_SSH_OPTS}}" \ + nix flake archive \ + --to ssh://{{.REMOTE_USER}}@{{.REMOTE_HOST}} \ + --json \ + {{.LOCAL_FLAKE_SOURCE}} \ + | ${pkgs.jq}/bin/jq -r .path\ + )" + {{.REMOTE_COMMAND}} {{.REMOTE_SSH_OPTS}} {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ + "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} mkdir -p \"{{.REMOTE_CONFIG_DIR}}\"" + {{.REMOTE_COMMAND}} {{.REMOTE_SSH_OPTS}} {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ + "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} ln -snf \"$flake\" \"{{.REMOTE_CONFIG_DIR}}/flake\"" '' ]; }; diff --git a/module.nix b/module.nix index e81399f..5e59d8c 100644 --- a/module.nix +++ b/module.nix @@ -190,8 +190,4 @@ in }; }; - - config = { - environment.systemPackages = with pkgs; [ rsync ]; - }; } From b8f814df5e34d6780d0e9995cdded0092654fe3a Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Sun, 7 Apr 2024 17:15:24 +0200 Subject: [PATCH 2/6] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12) → 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/e4ad989506ec7d71f7302cc3067abd82730a4beb' (2023-11-19) → 'github:nixos/nixpkgs/ff0dbd94265ac470dda06a657d5fe49de93b4599' (2024-04-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c0a1cbd..94ed893 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1700390070, - "narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=", + "lastModified": 1712439257, + "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb", + "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", "type": "github" }, "original": { From 820d8d91539e220d725bd1ccf6f0947e16aaca0d Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Sun, 7 Apr 2024 17:28:25 +0200 Subject: [PATCH 3/6] Re-introduce config dir and use it for a symlink --- flake.nix | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/flake.nix b/flake.nix index 2154fcc..e89b803 100644 --- a/flake.nix +++ b/flake.nix @@ -186,11 +186,9 @@ --target-host {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ ${optionalString useSudo "--use-remote-sudo"} '' else '' - flake="$({{.REMOTE_COMMAND}} {{.REMOTE_SSH_OPTS}} {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ - "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} readlink -f '{{.REMOTE_CONFIG_DIR}}/flake'")" {{.REMOTE_COMMAND}} {{.REMOTE_SSH_OPTS}} {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} nixos-rebuild {{.REBUILD_ACTION}} \ - --flake '$flake#{{.HOSTNAME}}'" + --flake "$(readlink -f {{.REMOTE_CONFIG_DIR}}/flake)#{{.HOSTNAME} '') ]; }; @@ -202,17 +200,13 @@ cmds = [ ''echo "Deploying flake to: {{.HOSTNAME}}"'' '' - flake="$(NIX_SSHOPTS="{{.REMOTE_SSH_OPTS}}" \ - nix flake archive \ + NIX_SSHOPTS="{{.REMOTE_SSH_OPTS}}" nix flake archive \ --to ssh://{{.REMOTE_USER}}@{{.REMOTE_HOST}} \ - --json \ - {{.LOCAL_FLAKE_SOURCE}} \ - | ${pkgs.jq}/bin/jq -r .path\ - )" - {{.REMOTE_COMMAND}} {{.REMOTE_SSH_OPTS}} {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ - "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} mkdir -p \"{{.REMOTE_CONFIG_DIR}}\"" + {{.LOCAL_FLAKE_SOURCE}} + '' + '' {{.REMOTE_COMMAND}} {{.REMOTE_SSH_OPTS}} {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ - "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} ln -snf \"$flake\" \"{{.REMOTE_CONFIG_DIR}}/flake\"" + "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} ln -sfn {{.LOCAL_FLAKE_SOURCE}} {{.REMOTE_CONFIG_DIR}}/flake" '' ]; }; @@ -241,7 +235,7 @@ version = "3"; output = "prefixed"; - # Don't print excuted commands. Can be overridden by -v + # Don't print executed commands. Can be overridden by -v silent = true; # Import the tasks once for each host, setting the HOST From f9ae2afbca56ebd228f0cc4bbd34d37a529ae3ee Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Sun, 7 Apr 2024 19:46:14 +0200 Subject: [PATCH 4/6] Fix string quoting --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index e89b803..041a7d4 100644 --- a/flake.nix +++ b/flake.nix @@ -187,8 +187,8 @@ ${optionalString useSudo "--use-remote-sudo"} '' else '' {{.REMOTE_COMMAND}} {{.REMOTE_SSH_OPTS}} {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ - "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} nixos-rebuild {{.REBUILD_ACTION}} \ - --flake "$(readlink -f {{.REMOTE_CONFIG_DIR}}/flake)#{{.HOSTNAME} + '${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} nixos-rebuild {{.REBUILD_ACTION}} \ + --flake "$(readlink -f {{.REMOTE_CONFIG_DIR}}/flake)#{{.HOSTNAME}}"' '') ]; }; From 6cb53adabccc06975c2731c242d56f248055845b Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Mon, 8 Apr 2024 16:30:02 +0200 Subject: [PATCH 5/6] Use substituters for nix flake archive --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 041a7d4..77f533b 100644 --- a/flake.nix +++ b/flake.nix @@ -202,6 +202,7 @@ '' NIX_SSHOPTS="{{.REMOTE_SSH_OPTS}}" nix flake archive \ --to ssh://{{.REMOTE_USER}}@{{.REMOTE_HOST}} \ + --option builders-use-substitutes true \ {{.LOCAL_FLAKE_SOURCE}} '' '' From 75a618aeb9995e08578423931c5307a53204f95e Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Mon, 8 Apr 2024 17:02:53 +0200 Subject: [PATCH 6/6] Make copy method configurable --- flake.nix | 22 ++++++++++++++++------ module.nix | 15 +++++++++++++++ 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index 77f533b..9097abe 100644 --- a/flake.nix +++ b/flake.nix @@ -199,12 +199,22 @@ desc = "Deploy flake repository to: ${hostName}"; cmds = [ ''echo "Deploying flake to: {{.HOSTNAME}}"'' - '' - NIX_SSHOPTS="{{.REMOTE_SSH_OPTS}}" nix flake archive \ - --to ssh://{{.REMOTE_USER}}@{{.REMOTE_HOST}} \ - --option builders-use-substitutes true \ - {{.LOCAL_FLAKE_SOURCE}} - '' + (if hostConfig.config.lollypops.deployment.deploy-method == "archive" then + '' + NIX_SSHOPTS="{{.REMOTE_SSH_OPTS}}" nix flake archive \ + --to ssh://{{.REMOTE_USER}}@{{.REMOTE_HOST}} \ + --option builders-use-substitutes true \ + {{.LOCAL_FLAKE_SOURCE}} + '' + else + '' + NIX_SSHOPTS="{{.REMOTE_SSH_OPTS}}" nix copy \ + --to ssh://{{.REMOTE_USER}}@{{.REMOTE_HOST}} \ + --substitute-on-destination \ + --option builders-use-substitutes true \ + {{.LOCAL_FLAKE_SOURCE}} + '' + ) '' {{.REMOTE_COMMAND}} {{.REMOTE_SSH_OPTS}} {{.REMOTE_USER}}@{{.REMOTE_HOST}} \ "${optionalString useSudo "{{.REMOTE_SUDO_COMMAND}} {{.REMOTE_SUDO_OPTS}}"} ln -sfn {{.LOCAL_FLAKE_SOURCE}} {{.REMOTE_CONFIG_DIR}}/flake" diff --git a/module.nix b/module.nix index 5e59d8c..e69b23b 100644 --- a/module.nix +++ b/module.nix @@ -89,6 +89,21 @@ in description = "Evaluate locally instead of on the remote when rebuilding"; }; + deploy-method = mkOption { + type = types.enum [ "copy" "archive" ]; + default = "copy"; + description = '' + Method for copying flake to the remote. Using the default (`copy`) will + only deploy the flake itself, while `archive` deploys the flake and + all it's inputs to the remote machine. This is slower when deploying + from a connection with slow upload speed, but allows using inputs + which are not accessible from the remote. + + When using `copy` all inputs of the flake will be substituted or + pulled from configured caches. + ''; + }; + config-dir = mkOption { type = types.str; default = "/var/src/lollypops";