2020-12-16 05:21:26 +01:00
# Colmena
2022-01-02 22:15:41 +01:00
[![Matrix Channel ](https://img.shields.io/badge/Matrix-%23colmena%3Anixos.org-blueviolet )](https://matrix.to/#/#colmena:nixos.org)
2022-05-14 04:14:58 +02:00
[![Stable Manual ](https://img.shields.io/badge/Manual-Stable-informational )](https://colmena.cli.rs/stable)
[![Unstable Manual ](https://img.shields.io/badge/Manual-Unstable-orange )](https://colmena.cli.rs/unstable)
2024-11-08 05:00:46 +01:00
[![Build ](https://github.com/zhaofengli/colmena/actions/workflows/build.yml/badge.svg )](https://github.com/zhaofengli/colmena/actions/workflows/build.yml)
2021-02-11 20:55:45 +01:00
2021-11-18 07:21:00 +01:00
Colmena is a simple, stateless [NixOS ](https://nixos.org ) deployment tool modeled after [NixOps ](https://github.com/NixOS/nixops ) and [morph ](https://github.com/DBCDK/morph ), written in Rust.
2020-12-16 05:21:26 +01:00
It's a thin wrapper over Nix commands like `nix-instantiate` and `nix-copy-closure` , and supports parallel deployment.
2021-06-29 10:02:43 +02:00
Now with 100% more flakes! See *Tutorial with Flakes* below.
2021-02-10 09:19:39 +01:00
< pre >
$ < b > colmena apply --on @tag -a</ b >
[INFO ] Enumerating nodes...
[INFO ] Selected 7 out of 45 hosts.
2021-03-18 23:13:34 +01:00
(...) ✅ 0s Build successful
2021-02-10 09:19:39 +01:00
< b > sigma< / b > 🕗 7s copying path '/nix/store/h6qpk8rwm3dh3zsl1wlj1jharzf8aw9f-unit-haigha-agent.service' to 'ssh://root@sigma.redacted'...
< b > theta< / b > ✅ 7s Activation successful
< b > gamma< / b > 🕘 8s Starting...
< b > alpha< / b > ✅ 1s Activation successful
< b > epsilon< / b > 🕗 7s copying path '/nix/store/fhh4rfixny8b21l6jqzk7nqwxva5k20h-nixos-system-epsilon-20.09pre-git' to 'ssh://root@epsilon.redacted'...
< b > beta< / b > 🕗 7s removing obsolete file /boot/kernels/z28ayg10kpnlrz0s2qrb9pzv82lc20s2-initrd-linux-5.4.89-initrd
< b > kappa< / b > ✅ 2s Activation successful
< / pre >
2021-01-14 01:58:18 +01:00
## Installation
2021-12-08 08:13:31 +01:00
`colmena` is included in Nixpkgs beginning with 21.11.
Use the following command to enter a shell environment with the `colmena` command:
2021-11-19 01:10:30 +01:00
```bash
2021-12-08 08:13:31 +01:00
nix-shell -p colmena
2021-11-19 01:10:30 +01:00
```
### Unstable Version
2021-12-08 08:13:31 +01:00
To install the latest development version to your user profile:
2021-01-14 01:58:18 +01:00
2021-11-18 22:15:20 +01:00
```bash
nix-env -if https://github.com/zhaofengli/colmena/tarball/main
2021-01-14 01:58:18 +01:00
```
2021-11-18 22:15:20 +01:00
Alternatively, if you have a local clone of the repo:
```bash
2021-01-14 01:58:18 +01:00
nix-env -if default.nix
```
2021-11-18 07:21:00 +01:00
A public binary cache is available at https://colmena.cachix.org, courtesy of Cachix.
2021-11-18 22:15:20 +01:00
This binary cache contains unstable versions of Colmena built by [GitHub Actions ](https://github.com/zhaofengli/colmena/actions ).
2021-11-18 07:21:00 +01:00
2020-12-16 06:51:37 +01:00
## Tutorial
2021-06-29 10:02:43 +02:00
*See Tutorial with Flakes for usage with Nix Flakes.*
2021-11-18 07:21:00 +01:00
Colmena should work with your existing NixOps and morph configurations with minimal modification.
2020-12-16 06:51:37 +01:00
Here is a sample `hive.nix` with two nodes, with some common configurations applied to both nodes:
```nix
{
2020-12-20 00:07:29 +01:00
meta = {
2020-12-16 06:51:37 +01:00
# Override to pin the Nixpkgs version (recommended). This option
# accepts one of the following:
# - A path to a Nixpkgs checkout
# - The Nixpkgs lambda (e.g., import < nixpkgs > )
# - An initialized Nixpkgs attribute set
nixpkgs = < nixpkgs > ;
2020-12-20 00:07:29 +01:00
# You can also override Nixpkgs by node!
nodeNixpkgs = {
node-b = ./another-nixos-checkout;
};
2021-04-10 08:43:31 +02:00
# If your Colmena host has nix configured to allow for remote builds
# (for nix-daemon, your user being included in trusted-users)
# you can set a machines file that will be passed to the underlying
# nix-store command during derivation realization as a builders option.
# For example, if you support multiple orginizations each with their own
# build machine(s) you can ensure that builds only take place on your
# local machine and/or the machines specified in this file.
# machinesFile = ./machines.client-a;
2020-12-16 06:51:37 +01:00
};
defaults = { pkgs, ... }: {
# This module will be imported by all hosts
environment.systemPackages = with pkgs; [
vim wget curl
];
2021-04-08 10:14:28 +02:00
# By default, Colmena will replace unknown remote profile
# (unknown means the profile isn't in the nix store on the
# host running Colmena) during apply (with the default goal,
# boot, and switch).
# If you share a hive with others, or use multiple machines,
# and are not careful to always commit/push/pull changes
# you can accidentaly overwrite a remote profile so in those
2022-01-08 10:20:36 +01:00
# scenarios you might want to change this default to false.
2021-04-08 10:14:28 +02:00
# deployment.replaceUnknownProfiles = true;
2020-12-16 06:51:37 +01:00
};
host-a = { name, nodes, ... }: {
# The name and nodes parameters are supported in Colmena,
# allowing you to reference configurations in other nodes.
networking.hostName = name;
time.timeZone = nodes.host-b.config.time.timeZone;
boot.loader.grub.device = "/dev/sda";
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
};
host-b = {
2021-11-18 07:21:00 +01:00
# Like NixOps and morph, Colmena will attempt to connect to
2020-12-16 06:51:37 +01:00
# the remote host using the attribute name by default. You
# can override it like:
deployment.targetHost = "host-b.mydomain.tld";
2021-02-10 06:02:00 +01:00
# It's also possible to override the target SSH port.
# For further customization, use the SSH_CONFIG_FILE
# environment variable to specify a ssh_config file.
deployment.targetPort = 1234;
2021-04-08 10:14:28 +02:00
# Override the default for this target host
deployment.replaceUnknownProfiles = false;
2021-06-29 20:31:51 +02:00
# You can filter hosts by tags with --on @tag -a,@tag-b.
# In this example, you can deploy to hosts with the "web" tag using:
# colmena apply --on @web
# You can use globs in tag matching as well:
# colmena apply --on '@infra-*'
deployment.tags = [ "web" "infra-lax" ];
2020-12-16 06:51:37 +01:00
time.timeZone = "America/Los_Angeles";
boot.loader.grub.device = "/dev/sda";
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
};
}
```
2022-05-14 04:14:58 +02:00
The full set of options can be found in [the manual ](https://colmena.cli.rs/unstable/reference ).
2021-06-30 00:09:52 +02:00
Run `colmena build` in the same directory to build the configuration, or do `colmena apply` to build and deploy it to all nodes.
2021-06-29 10:02:43 +02:00
## Tutorial with Flakes
To use with Nix Flakes, create `outputs.colmena` in your `flake.nix` .
Here is a short example:
```nix
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }: {
colmena = {
meta = {
2021-10-29 02:10:58 +02:00
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
2021-06-29 10:02:43 +02:00
};
# Also see the non-Flakes hive.nix example above.
host-a = { name, nodes, pkgs, ... }: {
boot.isContainer = true;
time.timeZone = nodes.host-b.config.time.timeZone;
};
host-b = {
deployment = {
targetHost = "somehost.tld";
targetPort = 1234;
targetUser = "luser";
};
boot.isContainer = true;
time.timeZone = "America/Los_Angeles";
};
};
};
}
```
2022-05-14 04:14:58 +02:00
The full set of options can be found in [the manual ](https://colmena.cli.rs/unstable/reference ).
2021-06-30 00:09:52 +02:00
Run `colmena build` in the same directory to build the configuration, or do `colmena apply` to build and deploy it to all nodes.
2020-12-16 06:51:37 +01:00
2021-11-18 07:21:00 +01:00
## Manual
2020-12-18 10:27:44 +01:00
2022-05-14 04:14:58 +02:00
Read [the Colmena Manual ](https://colmena.cli.rs ).
2021-02-10 09:19:39 +01:00
2021-11-18 22:15:20 +01:00
## Environment Variables
2021-02-10 06:02:00 +01:00
- `SSH_CONFIG_FILE` : Path to a `ssh_config` file
2021-11-18 22:15:20 +01:00
## Current Limitations
2020-12-16 06:51:37 +01:00
- It's required to use SSH keys to log into the remote hosts, and interactive authentication will not work.
- Error reporting is lacking.
2020-12-16 05:21:26 +01:00
## Licensing
Colmena is available under the MIT License.