cry/cerulean
2
2
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions

Compare commits

base: cry:e7fdbf416ccb3e7e6bf30042e4aacd065983ddad
Branches Tags
cry:main
cry:refactor/snowflake
cry:v0.2.6-alpha
cry:feature/snow-cli
cry:v0.2.5-alpha
cry:feature/cli
cry:v0.2.4-alpha
cry:latest
cry:v0.2.4-alpha
cry:v0.2.3-alpha
cry:v0.2.2-alpha
cry:v0.2.1-alpha
cry:v0.2.0-alpha
..
compare: cry:f1eddd8e500352a753b6bdf82ad6f9c1b3359260
Branches Tags
cry:refactor/snowflake
cry:v0.2.6-alpha
cry:feature/snow-cli
cry:main
cry:v0.2.5-alpha
cry:feature/cli
cry:v0.2.4-alpha
cry:latest
cry:v0.2.4-alpha
cry:v0.2.3-alpha
cry:v0.2.2-alpha
cry:v0.2.1-alpha
cry:v0.2.0-alpha

No commits in common. "e7fdbf416ccb3e7e6bf30042e4aacd065983ddad" and "f1eddd8e500352a753b6bdf82ad6f9c1b3359260" have entirely different histories.
e7fdbf416c ... f1eddd8e50

30 changed files with 324 additions and 958 deletions
Download patch file Download diff file Expand all files Collapse all files

53
flake.lock generated
View file

@ -9,11 +9,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1770019181,
"narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=",
"lastModified": 1766051518,
"narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171",
"rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa",
"type": "github"
},
"original": {
@ -68,11 +68,11 @@
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1773018425,
"narHash": "sha256-fpgZBmZpKoEXEowBK/6m8g9FcOLWQ4UxhXHqCw2CpSM=",
"lastModified": 1771365290,
"narHash": "sha256-1XJOslVyF7yzf6yd/yl1VjGLywsbtwmQh3X1LuJcLI4=",
"owner": "microvm-nix",
"repo": "microvm.nix",
"rev": "25ebda3c558e923720c965832dc9a04f559a055c",
"rev": "789c90b164b55b4379e7a94af8b9c01489024c18",
"type": "github"
},
"original": {
@ -129,11 +129,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1773375660,
"narHash": "sha256-SEzUWw2Rf5Ki3bcM26nSKgbeoqi2uYy8IHVBqOKjX3w=",
"lastModified": 1768323494,
"narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3e20095fe3c6cbb1ddcef89b26969a69a1570776",
"rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
"type": "github"
},
"original": {
@ -166,11 +166,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1773738366,
"narHash": "sha256-oH22HyNHEdCoCQo734sQCHUr6C0jmGQJMZ13dsgEHkk=",
"lastModified": 1770975056,
"narHash": "sha256-ZXTz/P3zUbbM6lNXzt91u8EwfNqhXpYMu8+wvFZqQHE=",
"owner": "cry128",
"repo": "nt",
"rev": "f32c3a726a3d608d30aaaa1df2301c1eaf5ef8f4",
"rev": "f42dcdd49a7921a7f433512e83d5f93696632412",
"type": "github"
},
"original": {
@ -185,38 +185,17 @@
"microvm": "microvm",
"nixpkgs": "nixpkgs",
"nt": "nt",
"sops-nix": "sops-nix",
"systems": "systems_3"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773096132,
"narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1772189877,
"narHash": "sha256-i1p90Rgssb//aNiTDFq46ZG/fk3LmyRLChtp/9lddyA=",
"lastModified": 1759482047,
"narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
"ref": "refs/heads/main",
"rev": "fe39e122d898f66e89ffa17d4f4209989ccb5358",
"revCount": 1255,
"rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
"revCount": 996,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},

2
flake.nix
View file

@ -44,7 +44,7 @@
nt,
...
} @ inputs:
import ./nix
import ./cerulean
{
inherit inputs self nt;
inherit (nt) mix;

12
nix/default.nix
View file

@ -15,14 +15,8 @@
mix,
inputs,
...
} @ args: let
mixArgs =
args
// {
inherit (inputs.nixpkgs) lib;
};
in
mix.newMixture mixArgs (mixture: {
} @ args:
mix.newMixture args (mixture: {
submods.public = [
./snow
];
@ -39,4 +33,4 @@ in
default = cerulean;
cerulean = ./nixos;
};
})
})

10
nix/nixos/default.nix
View file

@ -18,13 +18,13 @@
node,
pkgs,
lib,
_snow,
_cerulean,
...
} @ args: {
imports =
[
_snow.inputs.sops-nix.nixosModules.sops
# _snow.inputs.microvm.nixosModules.microvm
_cerulean.inputs.sops-nix.nixosModules.sops
# _cerulean.inputs.microvm.nixosModules.microvm
# add support for `options.legacyImports`
# ./legacy-imports.nix
@ -36,7 +36,7 @@
(import /${root}/nixpkgs.nix)
]
# homemanager options declarations
++ (lib.optional (_snow.homeManager != null) ./home.nix)
++ (lib.optional (_cerulean.homeManager != null) ./home.nix)
# remote deployment configuration
++ (lib.optional (node.deploy.ssh.host != null) ./remote-deploy);
@ -46,7 +46,7 @@
(with pkgs; [
sops
])
++ (with _snow.inputs; [
++ (with _cerulean.inputs; [
deploy-rs.packages.${system}.default
]);
}

6
nix/nixos/home.nix
View file

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
{
_snow,
_cerulean,
config,
root,
lib,
@ -30,7 +30,7 @@
;
in {
imports = [
_snow.homeManager.nixosModules.default
_cerulean.homeManager.nixosModules.default
];
options = {
@ -69,7 +69,7 @@ in {
_module.args.username = name;
});
extraSpecialArgs = _snow.specialArgs;
extraSpecialArgs = _cerulean.specialArgs;
sharedModules = [
../home

178
nix/snow/default.nix
View file

@ -12,16 +12,180 @@
# See the License for the specific language governing permissions and
# limitations under the License.
{
this,
self,
inputs,
systems,
nt,
mix,
...
} @ args:
mix.newMixture (removeAttrs args ["this"]) (mixture: {
submods.public = [
./lib
} @ args: let
inherit
(builtins)
all
attrNames
elem
mapAttrs
warn
;
inherit (inputs.nixpkgs) lib;
inherit (nt) findImport;
in
mix.newMixture args (mixture: let
inherit (mixture) mapNodes;
in {
includes.private = [
./lib/nodes.nix
];
includes.public = [
./flake
inherit findImport;
# snow.flake
flake = flakeInputs: root: let
module = lib.evalModules {
class = "snowflake";
# TODO: abort if inputs contains reserved names
specialArgs =
(flakeInputs
// {
inherit systems root;
inherit (this) snow;
inputs = flakeInputs;
})
|> (x: builtins.removeAttrs x ["self" "nodes"]);
modules = [
./module.nix
({config, ...}: {
_module.args = {
self = config;
nodes = config.nodes.nodes;
};
})
];
})
};
nodes = module.config.nodes;
in rec {
nixosConfigurations = mapNodes nodes (
{
base,
lib,
name,
node,
groupModules,
...
}: let
homeManager =
if node.homeManager != null
then node.homeManager
else if nodes.homeManager != null
then nodes.homeManager
else
warn ''
[snowflake] Neither `nodes.homeManager` nor `nodes.nodes.${name}.homeManager` were specified!
[snowflake] home-manager will NOT be used! User configuration will be ignored!
''
null;
userArgs = nodes.args // node.args;
ceruleanArgs = {
inherit systems root base nodes node;
inherit (node) system;
inherit (this) snow;
hostname = name;
_cerulean = {
inherit inputs userArgs ceruleanArgs homeManager;
specialArgs = userArgs // ceruleanArgs;
};
};
specialArgs = assert (userArgs
|> attrNames
|> all (argName:
! ceruleanArgs ? argName
|| abort ''
`specialArgs` are like super important to Cerulean my love... </3
But `args.${argName}` is a reserved argument name :(
''));
ceruleanArgs._cerulean.specialArgs;
in
lib.nixosSystem {
inherit (node) system;
inherit specialArgs;
modules =
[
self.nixosModules.default
(findImport /${root}/hosts/${name})
]
++ (groupModules root)
++ node.modules
++ nodes.modules;
}
);
deploy.nodes = mapNodes nodes ({
name,
node,
...
}: let
inherit
(node.deploy)
ssh
user
interactiveSudo
remoteBuild
rollback
autoRollback
magicRollback
activationTimeout
confirmTimeout
;
nixosFor = system: inputs.deploy-rs.lib.${system}.activate.nixos;
in {
hostname =
if ssh.host != null
then ssh.host
else "";
profilesOrder = ["default"]; # profiles priority
profiles.default = {
path = nixosFor node.system nixosConfigurations.${name};
user = user;
sudo = "sudo -u";
interactiveSudo = interactiveSudo;
fastConnection = false;
autoRollback = autoRollback -> rollback;
magicRollback = magicRollback -> rollback;
activationTimeout = activationTimeout;
confirmTimeout = confirmTimeout;
remoteBuild = remoteBuild;
sshUser = ssh.user;
sshOpts =
ssh.opts
++ (
if elem "-p" ssh.opts
then []
else ["-p" (toString ssh.port)]
)
++ (
if elem "-A" ssh.opts
then []
else ["-A"]
);
};
});
checks =
inputs.deploy-rs.lib
|> mapAttrs (system: deployLib:
deployLib.deployChecks deploy);
};
})

68
nix/snow/flake/default.nix
View file

@ -1,68 +0,0 @@
{
self,
this,
inputs,
systems,
...
}: let
inherit
(builtins)
attrNames
concatStringsSep
filter
length
warn
;
inherit (inputs.nixpkgs) lib;
in {
# snow.flake
# XXX: TODO: stop taking in root as parameter (maybe take self instead?)
flake = flakeInputs: root: let
snowflake = lib.evalModules {
class = "snowflake";
specialArgs = let
reservedSpecialArgs = {
# inherit (this) snow;
snow = this;
inherit systems root;
inputs = flakeInputs;
_snowFlake = {
inherit self inputs;
};
};
warnIfReserved = let
getReservedNames = names:
reservedSpecialArgs
|> attrNames
|> filter (name: names?${name});
reservedNames =
flakeInputs
|> attrNames
|> getReservedNames;
in
(length reservedNames == 0)
|| warn ''
[snow] Your `flake.nix` declares inputs with reserved names!
[snow] These will be accessible only via `inputs.''${NAME}`
[snow] Please rename the following:
[snow] ${concatStringsSep reservedNames ", "}
''
true;
in
assert warnIfReserved;
flakeInputs // reservedSpecialArgs;
modules = [
./nodes
./modules
./outputs
(this.lib.findImport /${root}/snow)
];
};
in
snowflake.config.outputs;
}

3
nix/snow/flake/modules/README.md
View file

@ -1,3 +0,0 @@
# Snow Module Backend
This source code was tedious so it's just a modified version of the module backend of
[github:hercules-ci/flake-parts](https://github.com/hercules-ci/flake-parts/tree/main/modules).

69
nix/snow/flake/modules/apps.nix
View file

@ -1,69 +0,0 @@
{
lib,
snow,
...
}: let
inherit
(lib)
mkOption
types
;
inherit
(snow.lib)
mkPerSystemFlakeOutput
;
derivationType =
lib.types.package
// {
check = lib.isDerivation;
};
programType = lib.types.coercedTo derivationType lib.getExe lib.types.str;
appType = lib.types.submodule {
options = {
type = mkOption {
type = lib.types.enum ["app"];
default = "app";
description = ''
A type tag for `apps` consumers.
'';
};
program = mkOption {
type = programType;
description = ''
A path to an executable or a derivation with `meta.mainProgram`.
'';
};
meta = mkOption {
type = types.lazyAttrsOf lib.types.raw;
default = {};
# TODO refer to Nix manual 2.25
description = ''
Metadata information about the app.
Standardized in Nix at <https://github.com/NixOS/nix/pull/11297>.
Note: `nix flake check` is only aware of the `description` attribute in `meta`.
'';
};
};
};
in
mkPerSystemFlakeOutput {
name = "apps";
option = mkOption {
type = types.lazyAttrsOf appType;
default = {};
description = ''
Programs runnable with nix run `<name>`.
'';
example = lib.literalExpression ''
{
default.program = "''${config.packages.hello}/bin/hello";
}
'';
};
file = ./apps.nix;
}

26
nix/snow/flake/modules/checks.nix
View file

@ -1,26 +0,0 @@
{
lib,
snow,
...
}: let
inherit
(lib)
mkOption
types
;
inherit
(snow.lib)
mkPerSystemFlakeOutput
;
in
mkPerSystemFlakeOutput {
name = "checks";
option = mkOption {
type = types.lazyAttrsOf types.package;
default = {};
description = ''
Derivations to be built by [`nix flake check`](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake-check.html).
'';
};
file = ./checks.nix;
}

15
nix/snow/flake/modules/default.nix
View file

@ -1,15 +0,0 @@
{...}: {
imports = [
./outputs.nix
./apps.nix
./checks.nix
./devShells.nix
./formatter.nix
./legacyPackages.nix
./nixosConfigurations.nix
./nixosModules.nix
./overlays.nix
./packages.nix
];
}

35
nix/snow/flake/modules/devShells.nix
View file

@ -1,35 +0,0 @@
{
lib,
snow,
...
}: let
inherit
(lib)
mkOption
types
literalExpression
;
inherit
(snow.lib)
mkPerSystemFlakeOutput
;
in
mkPerSystemFlakeOutput {
name = "devShells";
option = mkOption {
type = types.lazyAttrsOf types.package;
default = {};
description = ''
An attribute set of packages to be used as shells.
[`nix develop .#<name>`](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-develop.html) will run `devShells.<name>`.
'';
example = literalExpression ''
{
default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [ wget bat cargo ];
};
}
'';
};
file = ./devShells.nix;
}

26
nix/snow/flake/modules/formatter.nix
View file

@ -1,26 +0,0 @@
{
lib,
snow,
...
}: let
inherit
(lib)
mkOption
types
;
inherit
(snow.lib)
mkPerSystemFlakeOutput
;
in
mkPerSystemFlakeOutput {
name = "formatter";
option = mkOption {
type = types.nullOr types.package;
default = null;
description = ''
A package used by [`nix fmt`](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-fmt.html).
'';
};
file = ./apps.nix;
}

26
nix/snow/flake/modules/legacyPackages.nix
View file

@ -1,26 +0,0 @@
{
lib,
snow,
...
}: let
inherit
(lib)
mkOption
types
;
inherit
(snow.lib)
mkPerSystemFlakeOutput
;
in
mkPerSystemFlakeOutput {
name = "legacyPackages";
option = mkOption {
type = types.lazyAttrsOf types.raw;
default = {};
description = ''
Used for nixpkgs packages, also accessible via `nix build .#<name>` [`nix build .#<name>`](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-build.html).
'';
};
file = ./legacyPackages.nix;
}

35
nix/snow/flake/modules/nixosConfigurations.nix
View file

@ -1,35 +0,0 @@
{lib, ...}: let
inherit
(lib)
mkOption
types
literalExpression
;
in {
options = {
outputs.nixosConfigurations = mkOption {
type = types.lazyAttrsOf types.raw;
default = {};
description = ''
Instantiated NixOS configurations. Used by `nixos-rebuild`.
`nixosConfigurations` is for specific machines. If you want to expose
reusable configurations, add them to [`nixosModules`](#opt-flake.nixosModules)
in the form of modules (no `lib.nixosSystem`), so that you can reference
them in this or another flake's `nixosConfigurations`.
'';
example = literalExpression ''
{
my-machine = inputs.nixpkgs.lib.nixosSystem {
# system is not needed with freshly generated hardware-configuration.nix
# system = "x86_64-linux"; # or set nixpkgs.hostPlatform in a module.
modules = [
./my-machine/nixos-configuration.nix
config.nixosModules.my-module
];
};
}
'';
};
};
}

29
nix/snow/flake/modules/nixosModules.nix
View file

@ -1,29 +0,0 @@
{
lib,
moduleLocation,
...
}: let
inherit
(lib)
mapAttrs
mkOption
types
;
in {
options = {
outputs.nixosModules = mkOption {
type = types.lazyAttrsOf types.deferredModule;
default = {};
apply = mapAttrs (k: v: {
_class = "nixos";
_file = "${toString moduleLocation}#nixosModules.${k}";
imports = [v];
});
description = ''
NixOS modules.
You may use this for reusable pieces of configuration, service modules, etc.
'';
};
};
}

46
nix/snow/flake/modules/outputs.nix
View file

@ -1,46 +0,0 @@
{
lib,
config,
...
}: let
inherit
(lib)
mkOption
types
;
in {
options = {
outputs = mkOption {
type = types.submoduleWith {
modules = [
{
freeformType =
types.lazyAttrsOf
(types.unique
{
message = ''
No option has been declared for this flake output attribute, so its definitions can't be merged automatically.
Possible solutions:
- Load a module that defines this flake output attribute
- Declare an option for this flake output attribute
- Make sure the output attribute is spelled correctly
- Define the value only once, with a single definition in a single module
'';
}
types.raw);
}
];
};
description = ''
Raw flake output attributes. Any attribute can be set here, but some
attributes are represented by options, to provide appropriate
configuration merging.
'';
};
};
config = {
# ensure a minimal version is set
outputs = {};
};
}

31
nix/snow/flake/modules/overlays.nix
View file

@ -1,31 +0,0 @@
{lib, ...}: let
inherit
(lib)
mkOption
types
;
in {
options = {
outputs.overlays = mkOption {
# uniq -> ordered: https://github.com/NixOS/nixpkgs/issues/147052
# also update description when done
type = types.lazyAttrsOf (types.uniq (types.functionTo (types.functionTo (types.lazyAttrsOf types.unspecified))));
# This eta expansion exists for the sole purpose of making nix flake check happy.
apply = lib.mapAttrs (_k: f: final: prev: f final prev);
default = {};
example = lib.literalExpression ''
{
default = final: prev: {};
}
'';
description = ''
An attribute set of [overlays](https://nixos.org/manual/nixpkgs/stable/#chap-overlays).
Note that the overlays themselves are not mergeable. While overlays
can be composed, the order of composition is significant, but the
module system does not guarantee sufficiently deterministic
definition ordering, across versions and when changing `imports`.
'';
};
};
}

29
nix/snow/flake/modules/packages.nix
View file

@ -1,29 +0,0 @@
{
lib,
snow,
...
}: let
inherit
(lib)
mkOption
types
;
inherit
(snow.lib)
mkPerSystemFlakeOutput
;
in
mkPerSystemFlakeOutput {
name = "packages";
option = mkOption {
type = types.lazyAttrsOf types.package;
default = {};
description = ''
An attribute set of packages to be built by [`nix build`](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-build.html).
`nix build .#<name>` will build `packages.<name>`.
'';
};
file = ./packages.nix;
}

10
nix/snow/flake/outputs/checks.nix
View file

@ -1,10 +0,0 @@
{
config,
_snowFlake,
...
}: {
outputs.checks =
_snowFlake.inputs.deploy-rs.lib
|> builtins.mapAttrs (system: deployLib:
deployLib.deployChecks config.outputs.deploy);
}

7
nix/snow/flake/outputs/default.nix
View file

@ -1,7 +0,0 @@
{...}: {
imports = [
./checks.nix
./deploy.nix
./nixosConfigurations.nix
];
}

63
nix/snow/flake/outputs/deploy.nix
View file

@ -1,63 +0,0 @@
{
_snowFlake,
snow,
config,
...
}: {
outputs.deploy.nodes = snow.lib.mapNodes config.nodes ({
name,
node,
...
}: let
inherit
(node.deploy)
ssh
user
interactiveSudo
remoteBuild
rollback
autoRollback
magicRollback
activationTimeout
confirmTimeout
;
nixosFor = system: _snowFlake.inputs.deploy-rs.lib.${system}.activate.nixos;
in {
hostname =
if ssh.host != null
then ssh.host
else "";
profilesOrder = ["default"]; # profiles priority
profiles.default = {
path = nixosFor node.system config.outputs.nixosConfigurations.${name};
user = user;
sudo = "sudo -u";
interactiveSudo = interactiveSudo;
fastConnection = false;
autoRollback = autoRollback -> rollback;
magicRollback = magicRollback -> rollback;
activationTimeout = activationTimeout;
confirmTimeout = confirmTimeout;
remoteBuild = remoteBuild;
sshUser = ssh.user;
sshOpts =
ssh.opts
++ (
if builtins.elem "-p" ssh.opts
then []
else ["-p" (toString ssh.port)]
)
++ (
if builtins.elem "-A" ssh.opts
then []
else ["-A"]
);
};
});
}

84
nix/snow/flake/outputs/nixosConfigurations.nix
View file

@ -1,84 +0,0 @@
{
_snowFlake,
snow,
config,
systems,
root,
...
}: let
inherit
(builtins)
all
attrNames
warn
;
inherit
(config)
nodes
;
in {
outputs.nixosConfigurations = let
groups = snow.lib.parseGroupDecls root config.nodes.groups;
in
snow.lib.mapNodes nodes (
{
base,
lib,
name,
node,
...
}: let
nodeGroups =
(node.groups groups)
|> snow.lib.resolveGroupsInheritance
|> snow.lib.groupModules;
homeManager =
if node.homeManager != null
then node.homeManager
else if nodes.homeManager != null
then nodes.homeManager
else
warn ''
[snowflake] Neither `nodes.homeManager` nor `nodes.nodes.${name}.homeManager` were specified!
[snowflake] home-manager will NOT be used! User configuration will be ignored!
''
null;
userArgs = nodes.args // node.args;
snowArgs = {
inherit systems snow root base nodes node;
inherit (node) system;
hostname = name;
_snow = {
inherit (_snowFlake) inputs;
inherit userArgs snowArgs homeManager;
specialArgs = userArgs // snowArgs;
};
};
specialArgs = assert (userArgs
|> attrNames
|> all (argName:
! snowArgs ? argName
|| abort ''
`specialArgs` are like super important to Snow my love... </3
But `args.${argName}` is a reserved argument name :(
''));
snowArgs._snow.specialArgs;
in
lib.nixosSystem {
inherit (node) system;
inherit specialArgs;
modules =
[
_snowFlake.self.nixosModules.default
(snow.lib.findImport /${root}/hosts/${name})
]
++ nodeGroups
++ node.modules
++ nodes.modules;
}
);
}

54
nix/snow/lib/nixpkgs.nix
View file

@ -1,54 +0,0 @@
{
inputs,
lib,
...
}: let
inherit
(lib)
mkOption
types
;
# A best effort, lenient estimate. Please use a recent nixpkgs lib if you
# override it at all.
minVersion = "23.05pre-git";
isNixpkgsValidVersion = let
revInfo =
if inputs.nixpkgs?rev
then " (nixpkgs-lib.rev: ${inputs.nixpkgs.rev})"
else "";
in
(builtins.compareVersions lib.version minVersion >= 0)
|| abort ''
The nixpkgs dependency of snow was overridden but is too old.
The minimum supported version of nixpkgs-lib is ${minVersion},
but the actual version is ${lib.version}${revInfo}.
'';
in
assert isNixpkgsValidVersion; {
# Helper function for defining a per-system option that
# gets transposed by the usual flake system logic to a
# top-level outputs attribute.
mkPerSystemFlakeOutput = {
name,
option,
file,
}: {
_file = file;
options = {
outputs.${name} = mkOption {
type = types.attrsWith {
elemType = option.type;
lazy = true;
placeholder = "system";
};
default = {};
description = ''
See {option}`perSystem.${name}` for description and examples.
'';
};
};
};
}

117
nix/snow/lib/nodes.nix
View file

@ -1,8 +1,17 @@
{
this,
nt,
...
}: let
# Copyright 2025-2026 _cry64 (Emile Clark-Boman)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{nt, ...}: let
inherit
(builtins)
concatLists
@ -14,9 +23,53 @@
typeOf
;
inherit (nt.prim) uniq;
rootGroupName = "all";
parseGroupsDecl = groups: let
validGroup = g:
isAttrs g
|| throw ''
Cerulean Nexus groups must be provided as attribute sets, got "${typeOf g}" instead!
Ensure all the group definitions are attribute sets under your call to `cerulean.mkNexus`.
NOTE: Groups can be accessed via `self.groups.PATH.TO.YOUR.GROUP`
'';
delegate = parent: gName: g: let
result =
(g
// {
_name = gName;
_parent = parent;
})
|> mapAttrs (name: value:
if elem name ["_name" "_parent"]
# ignore metadata fields
then value
else assert validGroup value; (delegate result name value));
in
result;
in
assert validGroup groups;
delegate null rootGroupName groups;
getGroupModules = root: groups:
# ensure root group is always added
groups
# add all inherited groups via _parent
|> map (let
delegate = g:
if g._parent == null
then [g]
else [g] ++ delegate (g._parent);
in
delegate)
# flatten recursion result
|> concatLists
# find import location
|> map (group: nt.findImport /${root}/groups/${group._name})
# filter by uniqueness
|> nt.prim.unique
# ignore missing groups
|> filter pathExists;
in {
mapNodes = nodes: f:
nodes.nodes
@ -29,7 +82,7 @@ in {
then nodes.base
else
abort ''
snow cannot construct nodes node "${name}" without a base package source.
Cerulean cannot construct nodes node "${name}" without a base package source.
Ensure `nodes.nodes.*.base` or `nodes.base` is a flake reference to the github:NixOS/nixpkgs repository.
'';
in
@ -37,51 +90,7 @@ in {
inherit name node base;
inherit (base) lib;
inherit (node) groups;
groups = node.groups (parseGroupsDecl nodes.groups);
groupModules = root: getGroupModules root groups;
});
groupModules = map (group: group._module);
parseGroupDecls = root: groupDecls: let
validGroup = g:
isAttrs g
|| throw ''
Snow node groups must be provided as attribute sets, got "${typeOf g}" instead!
Ensure all the group definitions are attribute sets under your call to `snow.flake`.
'';
delegate = parent: gName: g: let
result =
(g
// {
_name = gName;
_parent = parent;
_module = this.lib.findImport /${root}/groups/${gName};
})
|> mapAttrs (name: value:
if elem name ["_name" "_parent" "_module"]
# ignore metadata fields
then value
else assert validGroup value; (delegate result name value));
in
result;
in
assert validGroup groupDecls;
delegate null rootGroupName groupDecls;
resolveGroupsInheritance = groups:
groups
# add all inherited groups via _parent
|> map (let
delegate = g:
if g._parent == null
then [g]
else [g] ++ delegate (g._parent);
in
delegate)
# flatten recursion result
|> concatLists
# ignore missing groups
|> filter (group: pathExists group._module)
# filter by uniqueness
|> uniq;
}

3
nix/snow/lib/util.nix
View file

@ -1,3 +0,0 @@
{nt, ...}: {
inherit (nt) findImport;
}

16
nix/snow/lib/default.nix → nix/snow/module.nix
View file

@ -12,14 +12,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
{
nt,
mix,
root,
snow,
...
} @ args:
mix.newMixture args (mixture: {
includes.public = [
./util.nix
./nixpkgs.nix
./nodes.nix
}: {
imports = [
./nodes
(snow.findImport /${root}/snow)
];
})
}

35
nix/snow/flake/nodes/default.nix → nix/snow/nodes/default.nix
View file

@ -12,7 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
{
_snowFlake,
lib,
specialArgs,
...
@ -26,20 +25,38 @@
in
mkOption {
description = ''
Snowflake node declarations.
Cerulean node declarations.
'';
type = types.submoduleWith {
inherit specialArgs;
modules = [
./nodes.nix
{
imports = [./shared.nix];
options = {
groups = mkOption {
type = types.attrs;
default = {};
example = lib.literalExpression "{ servers = { staging = {}; production = {}; }; }";
description = ''
Hierarchical groups that nodes can be a member of.
'';
};
nodes = mkOption {
type = types.attrsOf (types.submoduleWith {
inherit specialArgs;
modules = [(import ./submodule.nix)];
});
# example = { ... }; # TODO
description = ''
Node (host systems) declarations.
'';
};
};
}
];
};
};
config = {
nodes = {
base = _snowFlake.inputs.nixpkgs;
};
};
}

55
nix/snow/flake/nodes/nodes.nix → nix/snow/nodes/shared.nix
View file

@ -11,15 +11,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{
_snowFlake,
snow,
root,
lib,
config,
specialArgs,
...
}: let
{lib, ...}: let
inherit
(lib)
mkOption
@ -27,11 +19,6 @@
;
flakeRef = types.either types.str types.path;
groupLibs = import ./groups.nix {
inherit snow root;
inherit (_snowFlake.inputs) nt;
};
in {
options = {
base = lib.mkOption {
@ -62,18 +49,6 @@ in {
'';
};
homeManager = mkOption {
type = types.nullOr flakeRef;
default = null;
example = lib.literalExpression "inputs.home-manager";
description = ''
The path to the home-manager source. A `homeManager` flake reference
is required to be set for `homes/` to be evaluated, and can be specified via either:
1. `options.nodes.homeManager` (default `homManager` used for all systems)
2. `options.nodes.nodes.<name>.homeManager` (takes prescedence over `options.nodes.homeManager`)
'';
};
modules = mkOption {
type = types.listOf types.raw;
default = [];
@ -92,27 +67,15 @@ in {
'';
};
groups = mkOption {
type = types.attrs;
default = {};
example = lib.literalExpression "{ servers = { staging = {}; production = {}; }; }";
homeManager = mkOption {
type = types.nullOr flakeRef;
default = null;
example = lib.literalExpression "inputs.home-manager";
description = ''
Hierarchical groups that nodes can be a member of.
'';
};
nodes = mkOption {
type = types.attrsOf (types.submoduleWith {
specialArgs =
specialArgs
// {
nodesConfig = config;
inherit groupLibs;
};
modules = [./node.nix];
});
description = ''
Node (host systems) declarations.
The path to the home-manager source. A `homeManager` flake reference
is required to be set for `homes/` to be evaluated, and can be specified via either:
1. `options.nodes.homeManager` (default `homManager` used for all systems)
2. `options.nodes.nodes.<name>.homeManager` (takes prescedence over `options.nodes.homeManager`)
'';
};
};

109
nix/snow/flake/nodes/node.nix → nix/snow/nodes/submodule.nix
View file

@ -14,24 +14,16 @@
{
lib,
systems,
nodesConfig,
groups,
groupLibs,
...
}: {
imports = [./shared.nix];
options = let
inherit
(lib)
mkOption
types
;
inherit
(groupLibs)
resolveGroupsInheritance
;
flakeRef = types.either types.str types.path;
in {
enabled = lib.mkOption {
type = types.bool;
@ -51,65 +43,6 @@
'';
};
base = lib.mkOption {
# In newer Nix versions, particularly with lazy trees, outPath of
# flakes becomes a Nix-language path object. We deliberately allow this
# to gracefully come through the interface in discussion with @roberth.
#
# See: https://github.com/NixOS/nixpkgs/pull/278522#discussion_r1460292639
type = types.nullOr flakeRef;
default = nodesConfig.base;
defaultText = "nodes.base";
example = lib.literalExpression "inputs.nixpkgs";
description = ''
The path to the nixpkgs source used to build a system. A `base` package set
is required to be set, and can be specified via either:
1. `options.nodes.base` (default `base` used for all systems)
2. `options.nodes.nodes.<name>.base` (takes prescedence over `options.nodes.base`)
This can also be optionally set if the NixOS system is not built with a flake but still uses
pinned sources: set this to the store path for the nixpkgs sources used to build the system,
as may be obtained by `fetchTarball`, for example.
Note: the name of the store path must be "source" due to
<https://github.com/NixOS/nix/issues/7075>.
'';
};
homeManager = mkOption {
type = types.nullOr flakeRef;
default = nodesConfig.homeManager;
defaultText = "nodes.homeManager";
example = lib.literalExpression "inputs.home-manager";
description = ''
The path to the home-manager source. A `homeManager` flake reference
is required to be set for `homes/` to be evaluated, and can be specified via either:
1. `options.nodes.homeManager` (default `homManager` used for all systems)
2. `options.nodes.nodes.<name>.homeManager` (takes prescedence over `options.nodes.homeManager`)
'';
};
modules = mkOption {
type = types.listOf types.raw;
default = [];
example = lib.literalExpression "[ { environment.systemPackages = [ pkgs.git ]; } ]";
description = ''
Shared modules to import; equivalent to the NixOS module system's `extraModules`.
'';
};
args = mkOption {
type = types.attrs;
default = {};
example = lib.literalExpression "{ inherit inputs; }";
description = ''
Shared args to provided for each node; equivalent to the NixOS module system's `specialArgs`.
'';
};
groups = mkOption {
# TODO: write a custom group type that validates better than types.attrs lol
type = types.functionTo (types.listOf types.attrs);
@ -118,9 +51,6 @@
description = ''
A function from the `groups` hierarchy to a list of groups this node inherits from.
'';
# apply = groupsFn:
# groupsFn nodesConfig.groups |> resolveGroupsInheritance;
};
deploy = {
@ -161,7 +91,7 @@
example = false;
description = ''
Whether to enable interactive sudo (password based sudo).
NOT RECOMMENDED. Use one of Snowflake's recommended auth methods instead.
NOT RECOMMENDED. Use one of Cerulean's recommended auth methods instead.
'';
};
@ -234,7 +164,7 @@
user = mkOption {
type = types.str;
default = "snowbld";
default = "cerubld";
example = "custom-user";
description = ''
The user to connect to over ssh during deployment.
@ -253,7 +183,7 @@
publicKeys = mkOption {
type = types.listOf types.str;
default = [];
example = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeyZuUUmyUYrYaEJwEMvcXqZFYm1NaZab8klOyK6Imr me@myputer"];
example = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeyZuUUmyUYrYaEJwEMvcXqZFYm1NaZab8klOyK6Imr me@puter"];
description = ''
SSH public keys that will be authorized to the deployment user.
This key is intended solely for deployment, allowing for fine-grained permission control.
@ -271,33 +201,4 @@
};
};
};
# config = let
# throwGotNull = name:
# throw ''
# [snow] `nodes.<name>.${name}` must be set for all nodes! (got: <null>)
# '';
# givenSystem =
# (config.system != null)
# || throwGotNull "system";
# givenBase =
# (config.base != null)
# || throwGotNull "base";
# givenHomeManager =
# (config.homeManager != null)
# || throwGotNull "homeManager";
# givenDeployHost =
# (config.deploy.ssh.host != null)
# || throwGotNull "deploy.ssh.host";
# in
# assert givenSystem
# && givenBase
# && givenHomeManager
# && givenDeployHost; {
# # extend these from the nodes configuration
# inherit (nodesConfig) modules args;
# };
}