Compare commits

..

No commits in common. "main" and "v0.2.2-alpha" have entirely different histories.

9 changed files with 141 additions and 189 deletions

View file

@ -1,25 +0,0 @@
# Changelog
## v0.2.0-alpha
Initial "stable" release. Cerulean is currently usable and supports:
1. local & remote deployment configuration
2. nixos/homemanager module-level support for any number of nixpkg branches
3. use of the [nix-systems standard](https://github.com/nix-systems/nix-systems), the introduction of the `snow/flake` standard, and the introduction of the `nixpkgs.nix` standard module.
4. hierarchical groups for NixOS hosts via `snow.nix`
This is still a alpha-build of Cerulean. Everything will break in the future as I change the internals a bunch. I'll aim to write documentation in future cause currently there's no guide.
## v0.2.1-alpha
Minor patches
- cerulean no longer has a `inputs.nixpkgs-unstable` (the `nixpkgs.nix` is the new alternative)
- `home-manager.nixosModules.default` and `microvm.nixosModules.microvm` are added as default modules
- fixed `groups.all` not being added to nodes with `groups = []`
## v0.2.2-alpha
Minor patches
- fixed `nexus.groups.all` not added to empty `nexus.nodes.*.groups` declarations
- fixed bad propagation of inputs
- forced system architecture to be specified per node
- cerulean no longer depends on `nixpkgs`, `base` package set should be set instead
- rename `extraModules` -> `modules`
- rename `specialArgs` -> `args`

10
TODO.md
View file

@ -1,7 +1,3 @@
- [ ] base should automatically be set as the default (dont do anything with the default)
- [ ] try to remove common foot guns, ie abort if the user provides the home-manager or microvm nixosModules
since cerulean ALREADY provides these
- [ ] deploy port should default to the first port given to `services.openssh` - [ ] deploy port should default to the first port given to `services.openssh`
- [ ] use the Nix module system instead of projectOnto for `cerulean.mkNexus` - [ ] use the Nix module system instead of projectOnto for `cerulean.mkNexus`
@ -27,8 +23,8 @@
- [ ] allow multiple privesc methods, the standard is pam_ssh_agent_auth - [ ] allow multiple privesc methods, the standard is pam_ssh_agent_auth
## Low Priority ## Low Priority
- [X] rename extraModules to modules? - [ ] rename extraModules to modules?
- [X] rename specialArgs to args? - [ ] rename specialArgs to args?
- [ ] make an extension to the nix module system (different to mix) - [ ] make an extension to the nix module system (different to mix)
that allows transformations (ie a stop post config, ie outputs, which that allows transformations (ie a stop post config, ie outputs, which
@ -44,8 +40,6 @@
- [ ] rewrite the ceru cli in rust - [ ] rewrite the ceru cli in rust
- [ ] make `ceru` do local and remote deployments - [ ] make `ceru` do local and remote deployments
- [ ] support `legacyImports`
```nix ```nix
# REF: foxora # REF: foxora
vms = { vms = {

View file

@ -20,7 +20,6 @@
}: let }: let
inherit inherit
(builtins) (builtins)
all
attrNames attrNames
concatLists concatLists
concatStringsSep concatStringsSep
@ -54,7 +53,6 @@
base = null; base = null;
modules = []; modules = [];
args = Terminal {}; args = Terminal {};
homeManager = null;
groups = Terminal {}; groups = Terminal {};
nodes = Terminal {}; nodes = Terminal {};
@ -94,13 +92,13 @@
Cerulean Nexus config must be provided as an attribute set, got "${typeOf nexus}" instead! Cerulean Nexus config must be provided as an attribute set, got "${typeOf nexus}" instead!
Ensure the `nexus` declaration is an attribute set under your call to `cerulean.mkNexus`. Ensure the `nexus` declaration is an attribute set under your call to `cerulean.mkNexus`.
''; let ''; let
decl = nt.projectOnto templateNexus nexus; base = nt.projectOnto templateNexus nexus;
in in
# XXX: TODO: create a different version of nt.projectOnto that can actually # XXX: TODO: create a different version of nt.projectOnto that can actually
# XXX: TODO: handle applying a transformation to the result of each datapoint # XXX: TODO: handle applying a transformation to the result of each datapoint
decl base
// { // {
groups = parseGroupDecl decl.groups; groups = parseGroupDecl base.groups;
}; };
parseDecl = outputsBuilder: let parseDecl = outputsBuilder: let
@ -186,52 +184,33 @@ in {
outputs = rec { outputs = rec {
nixosConfigurations = mapNodes nexus ( nixosConfigurations = mapNodes nexus (
{ {
base,
lib, lib,
nodeName, nodeName,
node, node,
... ...
}: let }: let
nixosDecl = let nixosDecl = lib.nixosSystem rec {
homeManager = system = node.system;
if node.homeManager != null specialArgs =
then node.homeManager nexus.args
else nexus.homeManager; // node.args
// {
userArgs = nexus.args // node.args; inherit root specialArgs;
ceruleanArgs = { inherit (node) system;
inherit root base; _deploy-rs = inputs.deploy-rs;
inherit (node) system;
_cerulean = {
inherit inputs userArgs ceruleanArgs homeManager;
specialArgs = userArgs // ceruleanArgs;
}; };
}; modules =
specialArgs = assert (userArgs [
|> attrNames self.nixosModules.default
|> all (argName: (findImport (root + "/hosts/${nodeName}"))
! ceruleanArgs ? argName
|| abort ''
`specialArgs` are like super important to Cerulean my love... </3
But `args.${argName}` is a reserved argument name :(
''));
ceruleanArgs._cerulean.specialArgs;
in
lib.nixosSystem {
inherit (node) system;
inherit specialArgs;
modules =
[
self.nixosModules.default
(findImport (root + "/hosts/${nodeName}"))
# inputs.microvm.nixosModules.microvm inputs.home-manager.nixosModules.default
] # inputs.microvm.nixosModules.microvm
++ (homeManager.nixosModules.default or []) ]
++ (getGroupModules root nodeName node) ++ (getGroupModules root nodeName node)
++ node.modules ++ node.modules
++ nexus.modules; ++ nexus.modules;
}; };
in in
nixosDecl nixosDecl
); );

View file

@ -38,8 +38,6 @@ in rec {
modules = []; modules = [];
args = Terminal {}; args = Terminal {};
homeManager = null;
base = null; base = null;
deploy = { deploy = {
@ -95,7 +93,7 @@ in rec {
''; '';
in in
f { f {
inherit nodeName node base; inherit nodeName node;
inherit (base) lib; lib = base.lib;
}); });
} }

View file

@ -14,23 +14,19 @@
{ {
root, root,
system, system,
_cerulean, _deploy-rs,
... ...
} @ args: { } @ args: {
imports = imports = [
[ # user configuration
# user configuration (import (root + "/nixpkgs.nix"))
(import (root + "/nixpkgs.nix")) # options declarations
# options declarations (import ./nixpkgs.nix (args // {contextName = "hosts";}))
(import ./nixpkgs.nix (args // {contextName = "hosts";}))
]
++ (
if _cerulean.homeManager != null
then [./home-manager.nix]
else []
);
environment.systemPackages = with _cerulean.inputs; [ ./home-manager.nix
deploy-rs.packages.${system}.default ];
environment.systemPackages = [
_deploy-rs.packages.${system}.default
]; ];
} }

View file

@ -13,9 +13,10 @@
# limitations under the License. # limitations under the License.
{ {
root, root,
system,
config, config,
lib, lib,
_cerulean, specialArgs,
... ...
} @ args: let } @ args: let
inherit inherit
@ -25,21 +26,25 @@
pathExists pathExists
; ;
in { in {
home-manager = { config = {
users = home-manager = {
config.users.users users =
|> attrNames config.users.users
|> filter (x: pathExists (root + "/homes/${x}")) |> attrNames
|> (x: |> filter (x: pathExists (root + "/homes/${x}"))
lib.genAttrs x (y: |> (x: lib.genAttrs x (y: import (root + "/homes/${y}")));
import (root + "/homes/${y}")));
extraSpecialArgs = _cerulean.specialArgs; extraSpecialArgs = {inherit root system;} // (specialArgs.inputs or {});
sharedModules = [ sharedModules = [
# user configuration # user configuration
(import (root + "/nixpkgs.nix")) (import (root + "/nixpkgs.nix"))
# options declarations # options declarations
(import ./nixpkgs.nix (args // {contextName = "homes";})) (import ./nixpkgs.nix (args // {contextName = "homes";}))
]; ];
# disable home-manager trying anything fancy
# we control the pkgs now!!
# useGlobalPkgs = true;
};
}; };
} }

View file

@ -12,7 +12,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
{ {
base,
lib, lib,
system, system,
config, config,
@ -27,66 +26,74 @@
cfg = config.nixpkgs.channels; cfg = config.nixpkgs.channels;
in { in {
options.nixpkgs.channels = lib.mkOption { options.nixpkgs.channels = lib.mkOption {
type = lib.types.attrs; type = lib.types.attrsOf (lib.types.attrs);
default = {}; default = {};
description = "Declare package repositories"; description = "Declare package repositories per module context (nixos, home-manager, etc)";
example = { example = {
"pkgs" = { "homes" = {
source = "inputs.nixpkgs"; "pkgs" = {
system = "x86-64-linux"; source = "inputs.nixpkgs";
config = { system = "x86-64-linux";
allowUnfree = true; config = {
allowBroken = false; allowUnfree = true;
allowBroken = false;
};
}; };
}; "upkgs" = {
"upkgs" = { source = "inputs.nixpkgs-unstable";
source = "inputs.nixpkgs-unstable"; system = "x86-64-linux";
system = "x86-64-linux"; config = {
config = { allowUnfree = true;
allowUnfree = false; allowBroken = false;
allowBroken = true; };
}; };
}; };
}; };
}; };
config = let config = let
# TODO: use lib.types.submodule to restrict what options
# TODO: can be given to `nixpkgs.channels.${moduleName}.${name}`
decl =
cfg.${contextName} or cfg.default;
repos = repos =
cfg decl
|> (xs: removeAttrs xs ["default"])
|> mapAttrs ( |> mapAttrs (
name: args: name: args:
lib.mkForce ( lib.mkForce (
assert args ? source assert args ? source
|| abort '' || abort ''
`nixpkgs.channels.${name}` missing required attribute "source" ${toString ./.}
`nixpkgs.channels.${contextName}.${name}` missing required attribute "source"
''; '';
import args.source ({inherit system;} // (removeAttrs args ["source"])) ((removeAttrs args ["source"])
// {inherit system;})
|> import args.source
) )
); );
# XXX: TODO: would it work to use `base` instead of having default?
defaultPkgs =
cfg.default or (throw ''
Your `nixpkgs.nix` file does not declare a default package source.
Ensure you set `nixpkgs.channels.*.default = ...;`
'');
in { in {
# NOTE: _module.args is a special option that allows us to # NOTE: _module.args is a special option that allows us to
# NOTE: set extend specialArgs from inside the modules. # NOTE: set extend specialArgs from inside the modules.
# WARNING: pkgs is a reserved specialArg _module.args = repos;
_module.args = removeAttrs repos ["pkgs"];
nixpkgs = nixpkgs = let
defaultPkgs =
decl.default or (throw ''
Your `nixpkgs.nix` file does not declare a default package source.
Ensure you set `nixpkgs.channels.*.default = ...;`
'');
in
if contextName == "hosts" if contextName == "hosts"
then { then {
flake.source = lib.mkOverride 200 base; # DEBUG: temp while getting base to work flake.source = lib.mkOverride 200 defaultPkgs.source;
overlays = lib.mkOverride 200 (defaultPkgs.overlays or {}); config = lib.mkOverride 200 defaultPkgs.config;
config = lib.mkOverride 200 (defaultPkgs.config or {});
} }
else if contextName == "homes" else if contextName == "homes"
then { then {
# XXX: XXX: XXX: OH OH OH OMG, its because aurora never defines pkgs
config = lib.mkOverride 200 (defaultPkgs.config or {}); config = lib.mkOverride 200 (defaultPkgs.config or {});
# XXX: WARNING: TODO: modify options so overlays must always be given as the correct type
overlays = lib.mkOverride 200 (defaultPkgs.overlays or []); overlays = lib.mkOverride 200 (defaultPkgs.overlays or []);
} }
else {}; else {};

81
flake.lock generated
View file

@ -3,9 +3,7 @@
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"nixpkgs": [ "nixpkgs": "nixpkgs",
"nixpkgs"
],
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
@ -60,27 +58,6 @@
"type": "github" "type": "github"
} }
}, },
"microvm": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1771365290,
"narHash": "sha256-1XJOslVyF7yzf6yd/yl1VjGLywsbtwmQh3X1LuJcLI4=",
"owner": "microvm-nix",
"repo": "microvm.nix",
"rev": "789c90b164b55b4379e7a94af8b9c01489024c18",
"type": "github"
},
"original": {
"owner": "microvm-nix",
"repo": "microvm.nix",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -128,6 +105,38 @@
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": {
"lastModified": 1743014863,
"narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1768305791,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1768323494, "lastModified": 1768323494,
"narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=", "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
@ -143,7 +152,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1767313136, "lastModified": 1767313136,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
@ -162,7 +171,7 @@
"nt": { "nt": {
"inputs": { "inputs": {
"nix-unit": "nix-unit", "nix-unit": "nix-unit",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
@ -182,28 +191,12 @@
"root": { "root": {
"inputs": { "inputs": {
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"microvm": "microvm", "nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable",
"nt": "nt", "nt": "nt",
"systems": "systems_3" "systems": "systems_3"
} }
}, },
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1759482047,
"narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
"ref": "refs/heads/main",
"rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
"revCount": 996,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

View file

@ -23,6 +23,11 @@
nt.url = "github:cry128/nt"; nt.url = "github:cry128/nt";
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs = { deploy-rs = {
url = "github:serokell/deploy-rs"; url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";