Commit graph

115 commits

Author SHA1 Message Date
Bjørn Forsman
4106a73e75 Allow selecting ssh user dynamically
...by setting `deployment.targetUser = null`.

This allows sharing a deployment file (hive.nix/flake.nix) between
multiple admins, without having to use a shared root account.
2021-10-23 15:06:56 +02:00
Zhaofeng Li
d0c89302be .github: Fix job :/ 2021-09-19 22:05:51 -07:00
Zhaofeng Li
1d6ec530ca .github: Add job to test flake-compat build 2021-09-19 22:03:39 -07:00
Zhaofeng Li
6f5d7aa29b flake.nix: Clean up and add overlay 2021-09-19 22:03:39 -07:00
Zhaofeng Li
37b43cd6d7 eval.nix: Support autocall for hive configuration 2021-08-26 19:59:22 -07:00
Zhaofeng Li
7cc6552ee3 hive.rs: Remove unwrap in builder_args() 2021-08-26 19:59:22 -07:00
Zhaofeng Li
886b4c9dea default.nix: Use cargoLock.lockFile
Support for directly passing the Cargo.lock was added in
<https://github.com/NixOS/nixpkgs/pull/122158>.
2021-08-26 13:21:18 -07:00
Zhaofeng Li
db563caad9 .envrc: Use nix-direnv with use flake 2021-08-26 13:15:04 -07:00
Zhaofeng Li
7b69946d98 Ensure key ownerships are set correctly
Depending on when keys are uploaded (`deployment.keys.<name>.uploadAt`):

`pre-activation`:
We set the ownerships in the uploader script opportunistically and
continue if the user/group does not exist. Then, in the activation
script, we set the ownerships of all pre-activation keys.

`post-activation`:
We set the ownerships in the uploader script and fail if the
user/group does not exist.

The ownerships will be correct regardless of which mode is in use.

Fixes #23. Also a more complete solution to #10.
2021-08-26 12:54:41 -07:00
Zhaofeng Li
e98a66bc2e Cargo.lock: Update 2021-08-25 09:51:48 -07:00
Zhaofeng Li
24339bcca7 Add deployment.keys.<name>.uploadAt
This mirrors the functionality recently added in morph and allows
for the uploading of keys after system profile activation.

Fixes #10.
2021-08-24 23:25:46 -07:00
Zhaofeng Li
e788fb02d0 LICENSE: Add contributors 2021-08-01 14:20:14 -07:00
Zhaofeng Li
36fd513740 flake.lock: Update
A properly-licensed version of flake-compat is now included:

https://github.com/edolstra/flake-compat/pull/23
2021-08-01 14:18:08 -07:00
Zhaofeng Li
135a42b20f eval.nix: Add meta.specialArgs 2021-07-16 22:52:23 -07:00
Zhaofeng Li
671cf38796 hive.rs: Pass --builders to nix-instantiate as well 2021-07-13 01:38:52 -07:00
Zhaofeng Li
56aa6bf3ce README.md: Mention that colmena apply also builds 2021-06-29 15:09:52 -07:00
Zhaofeng Li
3c86de06d9 README.md: Add deployment.tags to example 2021-06-29 11:31:51 -07:00
Zhaofeng Li
c6ac93152c flake.nix: Pin <nixpkgs> for dev/CI 2021-06-29 02:04:54 -07:00
Zhaofeng Li
c644f79ad1 cli.rs: Indicate support for flakes 2021-06-29 01:19:13 -07:00
Zhaofeng Li
652c66548d .github: Update test command 2021-06-29 01:15:36 -07:00
Zhaofeng Li
2d1821b20c .github: Remove wrong Nix installer option 2021-06-29 01:14:08 -07:00
Zhaofeng Li
67db0e73d1 Add check for Flakes support 2021-06-29 01:02:43 -07:00
Zhaofeng Li
e50ba82bf2 Add basic Flakes support
Co-authored-by: Alex Zero <joseph@marsden.space>
2021-06-29 01:02:43 -07:00
Zhaofeng Li
9d8153ee6d Make dev environment flake-compatible
Co-authored-by: Alex Zero <joseph@marsden.space>
2021-06-29 01:02:43 -07:00
Zhaofeng Li
8a95ee87b6 default.nix: Fix shell auto-complete generation 2021-06-29 01:02:43 -07:00
Zhaofeng Li
ac67d87be5 Update vendor checksum after update 2021-05-24 00:26:13 -07:00
Zhaofeng Li
22ae18f5e7 Exit with non-zero code if any node fails to deploy
The exit codes are in flux and should not be relied upon.

Fixes #28.
2021-05-24 00:15:38 -07:00
Zhaofeng Li
960af8f793 Add deployment.privilegeEscalationCommand
This adds a NixOps-equivalent option for non-root deployment
on remote hosts.

Fixes #27.
2021-05-24 00:15:38 -07:00
Zhaofeng Li
2581f33dad nix: Update Nixpkgs 2021-05-24 00:15:38 -07:00
Zhaofeng Li
6517cd9555 Add .envrc for dev shell 2021-05-24 00:15:38 -07:00
Zhaofeng Li
39d612a5e7 ssh: Remove dead code 2021-05-24 00:15:38 -07:00
Zhaofeng Li
99ba8db335
Merge pull request #21 from jasonrm/machines-file
eval.nix: Adds meta.machinesFile option that is passed to Nix as builder option
2021-05-07 16:25:36 -07:00
Zhaofeng Li
16ccdbc700 Better handling of killed processes 2021-04-28 15:09:40 -07:00
Zhaofeng Li
90647ed6e9 README.md: Fix typo (mode -> permissions)
Fixes #24.
2021-04-20 16:55:45 -07:00
Zhaofeng Li
44b421c2c7 key.rs: Fix typo (user -> group)
Fixes #22.
2021-04-19 15:40:19 -07:00
Zhaofeng Li
a165520076
Merge pull request #20 from jasonrm/unknown-profiles
Warn on unknown remote profiles replacement, error out if node-level option is explicitly enabled
2021-04-10 20:18:45 -07:00
Jason R. McNeil
3ee97c2a76 apply: Add deployment.replaceUnknownProfiles option and --force-replace-unknown-profiles switch
If `deployment.replaceUnknownProfiles` is set to false, a diverged hive
config (in a shared git repo for example) won't result in accidentally
undoing another applied configuration profile.

The deployment option is set to true so that fiction is minimized from
aggressive garbage collection, first time profile application and low
contention hives.
2021-04-10 13:42:38 -07:00
Jason R. McNeil
e0465567b2 eval.nix: Adds meta.machinesFile option that is passed to Nix as builders argument 2021-04-09 23:54:13 -07:00
Zhaofeng Li
0927fe9dc1 cli: Add hidden command to generate shell autocompletion 2021-03-23 14:14:04 -07:00
Zhaofeng Li
53b55a102e cli: Set bin_name to be lower case 2021-03-23 14:14:04 -07:00
Zhaofeng Li
ba2574755a Separate global CLI setup into module 2021-03-23 14:14:04 -07:00
Zhaofeng Li
8abcd5d53b "Successfully built" -> "Build successful" for consistency 2021-03-18 15:13:34 -07:00
Zhaofeng Li
b44dd1f877 apply_local: Don't bother evaluating other hosts 2021-03-18 15:05:05 -07:00
Zhaofeng Li
e9487ced9e host: Use the key uploader script for both SSH and local 2021-03-17 22:39:05 -07:00
Zhaofeng Li
29cfd45141 Miscellaneous doc fixes 2021-03-17 19:07:26 -07:00
Zhaofeng Li
610a725ba2 Add --keep-result to create GC roots for profiles
This resembles the behavior of morph.

Reference: #18
2021-03-17 14:59:57 -07:00
Zhaofeng Li
81375e71b2 deployment: Display the resulting paths if the goal is to build only
Reference: #18
2021-03-17 14:59:43 -07:00
Zhaofeng Li
0047a0dc91 niv: Follow unstable Nixpkgs 2021-03-17 14:59:05 -07:00
Zhaofeng Li
180d2f2435
Merge pull request #17 from jasonrm/nix-copy-ssh-options
Makes SSH options available to nix-copy-closure
2021-03-14 23:06:04 -07:00
Jason R. McNeil
4098bf73bc Makes SSH options available to nix-copy-closure 2021-03-14 22:20:47 -07:00