5f19e8e6a7
This is currently done ad-hoc in a bunch of our systems, but we should just do it centrally. The commit message is a bit of a lie, as this doesn't yet update grfn's systems. Change-Id: Ic771c1a1da78ec5de9cffbf94c296dce5e11fd84 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3047 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
52 lines
1.4 KiB
Nix
52 lines
1.4 KiB
Nix
# Helper functions for instantiating depot-compatible NixOS machines.
|
|
{ depot, lib, pkgs, ... }@args:
|
|
|
|
let inherit (lib) findFirst isAttrs;
|
|
in rec {
|
|
# This provides our standard set of arguments to all NixOS modules.
|
|
baseModule = { ... }: {
|
|
_module.args = {
|
|
inherit (args) depot;
|
|
};
|
|
|
|
# Ensure that pkgs == third_party.nix
|
|
nixpkgs.pkgs = depot.third_party.nixpkgs;
|
|
nix.nixPath = [
|
|
"nixos=${pkgs.path}"
|
|
"nixpath=${pkgs.path}"
|
|
];
|
|
};
|
|
|
|
nixosFor = configuration: (depot.third_party.nixos {
|
|
configuration = { ... }: {
|
|
imports = [
|
|
baseModule
|
|
configuration
|
|
];
|
|
};
|
|
});
|
|
|
|
findSystem = hostname:
|
|
(findFirst
|
|
(system: system.config.networking.hostName == hostname)
|
|
(throw "${hostname} is not a known NixOS host")
|
|
(map nixosFor depot.ops.machines.all-systems));
|
|
|
|
rebuild-system = pkgs.writeShellScriptBin "rebuild-system" ''
|
|
set -ue
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "Oh no! Only root is allowed to rebuild the system!" >&2
|
|
exit 1
|
|
fi
|
|
|
|
echo "Rebuilding NixOS for $HOSTNAME"
|
|
system=$(nix-build -E "((import ${toString depot.path} {}).ops.nixos.findSystem \"$HOSTNAME\").system" --no-out-link --show-trace)
|
|
|
|
nix-env -p /nix/var/nix/profiles/system --set $system
|
|
$system/bin/switch-to-configuration switch
|
|
'';
|
|
|
|
# Systems that should be built in CI
|
|
whitbySystem = (nixosFor depot.ops.machines.whitby).system;
|
|
meta.targets = [ "whitbySystem" ];
|
|
}
|