Merge branch 'hci-improvements'

2022-05-25 09:50:13 +02:00 · 2022-05-25 09:50:13 +02:00 · 8d1bef0c74
commit 8d1bef0c74
parent e5918d019b 6bec47379d
3 changed files with 81 additions and 14 deletions
--- a/flake.lock
+++ b/flake.lock
@ -295,11 +295,11 @@
        "pre-commit-hooks-nix": "pre-commit-hooks-nix"
      },
      "locked": {
-        "lastModified": 1650986041,
-        "narHash": "sha256-D3tzjgLOt7I25iT0THEP2dz8PQHpWgJ2zPt7C5VeOrY=",
+        "lastModified": 1653393452,
+        "narHash": "sha256-d0GasBxQxvNBXt614BCohYVy448KCGEekZWX2Ck8wC4=",
        "owner": "hercules-ci",
        "repo": "hercules-ci-agent",
-        "rev": "2da921cf6f6d95fba10ba7ec93578bcb02d89231",
+        "rev": "44b7776f36934cd588612069679ec308f0efba78",
        "type": "github"
      },
      "original": {
@ -308,6 +308,24 @@
        "type": "github"
      }
    },
+    "hercules-ci-effects": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1653415319,
+        "narHash": "sha256-h+YUX7ZYujf73KL1R07LsEnhV7uV8oxSKEhH4bDj0Jc=",
+        "owner": "hercules-ci",
+        "repo": "hercules-ci-effects",
+        "rev": "1f904af1824e7393702daaf40a8fed56ebead0d7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "hercules-ci-effects",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -424,7 +442,7 @@
    "nix": {
      "inputs": {
        "lowdown-src": "lowdown-src",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
        "lastModified": 1606150835,
@ -482,15 +500,16 @@
    },
    "nixos-unstable": {
      "locked": {
-        "lastModified": 1649417654,
-        "narHash": "sha256-IKC+25OiNIGPIGs0iBg/gx1lrGR4N5MGe5x+sGi7vzw=",
+        "lastModified": 1650701402,
+        "narHash": "sha256-XKfstdtqDg+O+gNBx1yGVKWIhLgfEDg/e2lvJSsp9vU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5df8b35e4f4074bd8b77eed10b267b6e5d029d6c",
+        "rev": "bc41b01dd7a9fdffd32d9b03806798797532a5fe",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -555,6 +574,22 @@
      }
    },
    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1647297614,
+        "narHash": "sha256-ulGq3W5XsrBMU/u5k9d4oPy65pQTkunR4HKKtTq0RwY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1602702596,
        "narHash": "sha256-fqJ4UgOb4ZUnCDIapDb4gCrtAah5Rnr2/At3IzMitig=",
@ -569,7 +604,7 @@
        "type": "indirect"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
      "locked": {
        "lastModified": 1650998007,
        "narHash": "sha256-NcJnbGDBBN023x8s3ll3HZxBcQoPq1ry9E2sjg+4flc=",
@ -670,11 +705,12 @@
        "devshell": "devshell",
        "dream2nix": "dream2nix",
        "hercules-ci-agent": "hercules-ci-agent",
+        "hercules-ci-effects": "hercules-ci-effects",
        "home-manager": "home-manager",
        "mms": "mms",
        "nar-serve": "nar-serve",
        "nix-super": "nix-super",
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_6"
      }
    },
    "utils": {
--- a/flake.nix
+++ b/flake.nix
@ -28,6 +28,7 @@
    mms.inputs.nixpkgs.follows = "nixpkgs";
    
    hercules-ci-agent.url = "github:hercules-ci/hercules-ci-agent";
+    hercules-ci-effects.url = "github:hercules-ci/hercules-ci-effects";
  };
  outputs = { self, nixpkgs, home-manager, ... }@inputs:
    let
@ -61,6 +62,26 @@
      };
      mkNixOS = mkNixOS' lib;  

+      mkDeployEffect = branch: name: host: let
+        subdomain = hosts.enterprise.subdomain or "services";
+        hostname = "${lib.toLower name}.${subdomain}.${meta.domain}";
+      in effects.runIf (branch == "master") (effects.runNixOS {
+        requiredSystemFeatures = [ "hci-deploy-agent-nixos" ];
+        config = self.nixosConfigurations.${name}.config // { outPath = "wtfwtfwtfwtfwtfwtf"; };
+        secretsMap.ssh = "deploy-ssh";
+
+        userSetupScript = ''
+          writeSSHKey ssh
+          cat >>~/.ssh/known_hosts <<EOF
+          ${hostname} ${host.ssh.id.publicKey}
+          EOF
+        '';
+        ssh.destination = "root@${hostname}";
+      });
+
+      mkDeployEffects = branch: hostnames: lib.genAttrs hostnames
+        (name: mkDeployEffect branch name hosts.${name});
+
      mkDeploy = name: let
        host = hosts.${name};
        subdomain = host.enterprise.subdomain or "services";
@ -82,6 +103,7 @@
        pkgs = nixpkgsFor system;
      });

+      effects = inputs.hercules-ci-effects.lib.withPkgs (nixpkgsFor "x86_64-linux");
    in {
      nixosModules = aspect.modules;

@ -100,5 +122,7 @@
        systems = lib.mapAttrs (_: x: x.config.system.build.toplevel) self.nixosConfigurations;
        inherit (self) packages;
      };
+
+      effects = { branch, ... }: mkDeployEffects branch nixosHosts;
    };
 }
--- a/packages/patched-inputs.nix
+++ b/packages/patched-inputs.nix
@ -1,9 +1,16 @@
-let tools = import ./lib/tools.nix;
+{ inputs, pkgs, system, ... }:
+let
+  tools = import ./lib/tools.nix;
+  packages = builtins.mapAttrs (_: v: v.packages.${system}) inputs;
 in with tools;
-{ inputs, pkgs, system, ... }: rec {
-  inherit (inputs.deploy-rs.packages.${system}) deploy-rs;
+rec {
+  inherit (packages.deploy-rs) deploy-rs;

-  nix-super = inputs.nix-super.defaultPackage.${system};
+  nix-super = packages.nix-super.nix;

-  agenix = inputs.agenix.packages.${system}.agenix.override { nix = nix-super; };
+  agenix = packages.agenix.agenix.override { nix = nix-super; };
+
+  hercules-ci-agent = packages.hercules-ci-agent.hercules-ci-agent;
+
+  hci = packages.hercules-ci-agent.hercules-ci-cli;
 }