Comments (8)
What I usually do is, I get rid of channels and /etc/nixos
when I use morph and system.autoUpgrade
.
Something like this:
{ config, lib, pkgs, ... }:
let
nixpkgsVersion = (import <nixpkgs> { }).lib.version;
nixpkgsChannel = builtins.substring 0 5 nixpkgsVersion;
nixosConfig =
let
repo = pkgs.nix-gitignore.gitignoreSource [ ] ../..;
configDir = "${repo}/deployments/${config.networking.hostName}";
in
pkgs.writeText "configuration.nix" ''
{ ... }: {
imports = [
${configDir}/hardware-configuration.nix
${configDir}/configuration.nix
];
}
'';
in
{
nix.nixPath =
let
nixpkgsUrl = "https://releases.nixos.org/nixos/${nixpkgsChannel}/nixos-${nixpkgsVersion}/nixexprs.tar.xz";
in
lib.mkForce [
"nixpkgs=${nixpkgsUrl}"
"nixos-config=${nixosConfig}"
];
system.autoUpgrade.enable = true;
systemd.services.nixos-upgrade.environment.NIX_PATH =
let
nixpkgsUrl = "https://nixos.org/channels/nixos-${nixpkgsChannel}/nixexprs.tar.xz";
nixPath = [
"nixpkgs=${nixpkgsUrl}"
"nixos-config=${nixosConfig}"
];
in
lib.mkForce (builtins.concatStringsSep ":" nixPath);
}
The idea is to have pinned channels (via url) in NIX_PATH and always the latest channel (via url) during update.
Please note:
- I recently changed/refactored this, so it might be full of bugs.
- Also, this only works if your config repo (or directory) has the same layout as mine, for which it copies the config of all deployments to each machine, so make sure to not have any secrets in there.
from morph.
Hi @evrim ,
Since nix.autoUpgrade
just runs nixos-rebuild switch --upgrade
, nixos-rebuild by default will use the NIX_PATH to search for a nixos-config, defaulting to /etc/nixos/configuration.nix.
Morph doesn't copy your configuration to the remote host automatically or anything, hence - by default - nixos-rebuild
won't work with morph'ed hosts unless you manually do things to make it work, e.g. maintain a clone of your config on the box itself or redirect the search-path for nixos-rebuild to some remote config location.
Hope this answered your question. :)
from morph.
Hey there,
Thanks for the quick answer. Are there any unit/timer definitions somewhere for morph that I can employ for a nix.autoUpgrade replacement on my local machine?
evrim.
from morph.
Thnx for your clever solution. It led me thinking.
{ config, lib, pkgs, ... }@args:
let repo = pkgs.nix-gitignore.gitignoreSource [] ./..;
nixos-config = "${repo}/network/${config.networking.hostName}/default.nix";
nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixos-config=${nixos-config}"
"nixpkgs-overlays=${repo}/modules/overlays-compat/compat/"
"/nix/var/nix/profiles/per-user/root/channels/nixos"
];
in {
nix.nixPath = lib.mkForce nixPath;
system.autoUpgrade.enable = true;
systemd.services.nixos-upgrade.environment.NIX_PATH = lib.mkForce (builtins.concatStringsSep ":" nixPath);
}
This solution actually works if you always update the system via morph. However, there are drawbacks:
- It is impossible to use nixos-rebuild locally on the machine since nix-gitignore.gitignoreSource path will grow indefinetly.
- etc environment is updated every time I run nixos-rebuild switch locally on the machine,
- there is no way to see whether there is something new or not.
Other than these above, everything seem to work. The solution I believe is making a pkg of nixos-config git, push it and refer to it. This way, the config paths will be the same contrary to what nix.gitignore does and nixos-rebuild switch will work as expected on the local machine.
from morph.
Hm, I thought I could find a fixpoint for the configs yet no luck. Any ideas?
from morph.
Thanks for finding the issue with the growing store path. I had that one before and fixed it in an earlier version. But now I created that bug again.
Fixing this should work if we create a pkg for nixos-config. I like that idea.
I stopped trying to create a fixpoint. The issue at the moment is, that a new config is always built form the old one, so it's basically a chain. But for me the config repo is really tiny and it gets cleaned up after some weeks anyway.
Things that might work:
- A hack like "always link the current nixos config to /etc/nixos in e.g. an activation script".
- Find a way to do something like: If it's a store path, use it directly, if not, use gitignoreSource. Maybe I'll find some time to investigate this idea.
from morph.
Finally I got it working. Basically the derivation outputs its path to config for the next time.
Meh, spent so many hours on this :(
Let's see whether the GC has any love for us.
2 let
5 repo = if (config ? deployment)
6 then pkgs.callPackage ../pkg.nix {hostname = config.networking.hostName;}
7 else config.nixos-config-in-store;
31 in {
33 environment.etc."nixos".source = repo;
34 system.autoUpgrade.enable = true;
35 }
1 {hostname, pkgs, stdenv, lib, ...}:
6 with lib;
7 let path = "/etc/nixos/network/${hostname}/default.nix";
8 in stdenv.mkDerivation {
9 name = "nixos-config-core";
10 version = "1.0";
11 src = ./.;
17 builder = pkgs.writeText "builder.sh" ''
18 #!/bin/sh
19 source $stdenv/setup
20 mkdir -p $out
21 cp -r $src/* $out/
22 rm $out/result || true
23 rm $out/configuration.nix || true
24 cat > $out/configuration.nix << EOF
25 {config, lib, ...}@args: {
26 options = {
27 nixos-config-in-store = lib.mkOption {
28 type = lib.types.str;
29 default = "$out";
30 };
31 };
32 imports = [ "${path}" ];
33 }
34 EOF
35 '';
36 }
from morph.
Just add the following that will prevent GC collecting the nixos-config.
environment.systemPackages = [ repo ];
Hope we'll never have to deal with this again.
evrim.
from morph.
Related Issues (20)
- Pass build options to nix HOT 3
- Check target architecture before deploying HOT 5
- How to configure non-native target? HOT 1
- Document what names are not possible as machine names.
- Deployment is slow HOT 2
- Morph requires experimental nix-commands to be enabled HOT 5
- Push nodes into their own attrset
- set targetHost at runtime
- add `?compress=true` to ssh store urls
- Require Nix 2.4? HOT 2
- warning: The extraArgs argument to eval-config.nix is deprecated HOT 1
- Check for target host disk space before copying
- Maintaining a per-host gc-root
- Issues with repairing broken path in server HOT 6
- How to use repl to inspect configs? HOT 2
- (option to) use `nix build` instead of `nix-build` HOT 1
- Support alternative sudo authentication methods
- Enhance README with an example and instructions? HOT 1
- Error when building system, caused by extraModuleSources
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from morph.