From b400acd18ebdf1926acf689df8d20409c1341d02 Mon Sep 17 00:00:00 2001 From: yukkop Date: Thu, 23 Oct 2025 11:28:56 +0000 Subject: [PATCH] some fixes --- flake.lock | 155 +++++++++++++++++- flake.nix | 6 +- .../module/hectic/hardware/hetzner-cloud.nix | 1 + package/default.nix | 4 +- package/deploy/default.nix | 7 +- package/deploy/deploy.sh | 6 +- 6 files changed, 170 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 8853f47..207721c 100644 --- a/flake.lock +++ b/flake.lock @@ -75,6 +75,28 @@ "type": "github" } }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749200714, + "narHash": "sha256-W8KiJIrVwmf43JOPbbTu5lzq+cmdtRqaNbOsZigjioY=", + "owner": "nix-community", + "repo": "disko", + "rev": "17d08c65c241b1d65b3ddf79e3fac1ddc870b0f6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -108,6 +130,27 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -493,6 +536,53 @@ "type": "github" } }, + "nix-vm-test": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748765518, + "narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=", + "owner": "Mic92", + "repo": "nix-vm-test", + "rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "nix-vm-test", + "type": "github" + } + }, + "nixos-anywhere": { + "inputs": { + "disko": "disko_2", + "flake-parts": "flake-parts", + "nix-vm-test": "nix-vm-test", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1760107790, + "narHash": "sha256-7zuh0xtYZnfyibIRCiK4KthXNZIV/9pa7wSjNJUV3Qk=", + "owner": "nix-community", + "repo": "nixos-anywhere", + "rev": "25d23ef77d2c54ad1c08caafee022834265804dc", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-anywhere", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1760106635, @@ -508,6 +598,47 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749086071, + "narHash": "sha256-4+fY7i+q78F3t6APz0cMC4kRxsyCb+UTyfhbckkCd7Q=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "aa38dbbdf0e955baef7e03dfc4265ae3fdac4808", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1749086602, + "narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4792576cb003c994bd7cc1edada3129def20b27d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1760423683, @@ -526,7 +657,7 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ], @@ -601,6 +732,7 @@ "home-manager": "home-manager", "hyprland": "hyprland", "impermanence": "impermanence", + "nixos-anywhere": "nixos-anywhere", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixvim": "nixvim", @@ -687,6 +819,27 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749194973, + "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems" diff --git a/flake.nix b/flake.nix index bd65a98..4fd3297 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,10 @@ url = "github:NixOS/nixos-hardware"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-anywhere = { + url = "github:nix-community/nixos-anywhere"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -64,7 +68,7 @@ system, pkgs, }: { - packages.${system} = import ./package { inherit system self pkgs; }; + packages.${system} = import ./package { inherit system self pkgs inputs; }; devShells.${system} = import ./devshell { inherit system self pkgs; }; legacyPackages.${system} = import ./legacy { inherit system self; diff --git a/nixos/module/hectic/hardware/hetzner-cloud.nix b/nixos/module/hectic/hardware/hetzner-cloud.nix index 38b4116..ce0bbb3 100644 --- a/nixos/module/hectic/hardware/hetzner-cloud.nix +++ b/nixos/module/hectic/hardware/hetzner-cloud.nix @@ -62,6 +62,7 @@ in { "xen_blkfront" ] ++ (if pkgs.system != "aarch64-linux" then [ "vmw_pvscsi" ] else []); + networking.useDHCP = lib.mkDefault true; systemd.network.enable = true; systemd.network.networks."30-wan" = { matchConfig.Name = "ens3"; diff --git a/package/default.nix b/package/default.nix index 54fd04d..b24a827 100644 --- a/package/default.nix +++ b/package/default.nix @@ -1,4 +1,4 @@ -{ self, system, pkgs }: let +{ self, system, pkgs, inputs }: let rust = { nativeBuildInputs = [ pkgs.pkgsBuildHost.rust-bin.stable."1.81.0".default @@ -239,7 +239,7 @@ in { support-bot = pkgs.callPackage ./support-bot {}; nix-derivation-hash = pkgs.callPackage ./nix-derivation-hash {}; "sentinèlla" = pkgs.callPackage (./. + "/sentinèlla") {}; - deploy = pkgs.callPackage ./deploy {}; + deploy = pkgs.callPackage ./deploy { inherit inputs; }; shellplot = pkgs.callPackage ./shellplot {}; sops = pkgs.callPackage ./sops.nix {}; onlinepubs2man = pkgs.callPackage ./onlinepubs2man {}; diff --git a/package/deploy/default.nix b/package/deploy/default.nix index 4429eb6..466a47f 100644 --- a/package/deploy/default.nix +++ b/package/deploy/default.nix @@ -1,4 +1,4 @@ -{ symlinkJoin, writeTextFile, socat, dash, hectic, curl, gawk, jq }: +{ inputs, symlinkJoin, dash, hectic, ssh-to-age, system }: let shell = "${dash}/bin/dash"; bashOptions = [ @@ -9,7 +9,10 @@ let deploy = hectic.writeShellApplication { inherit shell bashOptions; name = "deploy"; - runtimeInputs = []; + runtimeInputs = [ + ssh-to-age + inputs.nixos-anywhere.packages.${system}.nixos-anywhere + ]; text = builtins.readFile ./deploy.sh; }; diff --git a/package/deploy/deploy.sh b/package/deploy/deploy.sh index e8d06e6..70191a8 100644 --- a/package/deploy/deploy.sh +++ b/package/deploy/deploy.sh @@ -57,7 +57,7 @@ if ! [ ${target_host+x} ]; then exit 1 fi -if ssh "$target_host" 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' \ +if ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$target_host" 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' \ | grep -q '^NAME=NixOS$' then is_target_host_nixos=1 @@ -79,9 +79,9 @@ if [ "$server_init" -eq 1 ]; then fi # shellcheck disable=SC2068 - nix run nixos-anywhere -- $@ # --flake .#x86_64-linux --target-host proxydoe + nixos-anywhere -- $@ # --flake .#x86_64-linux --target-host proxydoe - server_public_age_key=$(ssh "$target_host" cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age) + server_public_age_key=$(ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$target_host" cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age) # shellcheck disable=SC2016 printf 'server'"'"'s public age key is `%s` use it in sops file and run regular deploys' "$server_public_age_key"