diff --git a/configuration.nix b/configuration.nix index 4226082..58a98db 100644 --- a/configuration.nix +++ b/configuration.nix @@ -164,7 +164,7 @@ in { sshKey = "/var/lib/syncoid/.ssh/id_ed25519"; commands."system" = { source = "system"; - target = "backup@home.rhelmot.io:main/backup/daisy/system"; + target = "backup@home.rhelmot.io:main/backup/${config.networking.hostName}/system"; # xeni note - option w is weeeeeeeird but the only consequnce is a lack of encryption #sendOptions = "w"; recursive = true; diff --git a/deploy.nix b/deploy.nix new file mode 100644 index 0000000..2a61f50 --- /dev/null +++ b/deploy.nix @@ -0,0 +1,42 @@ +{ + flakeInputs, + platform, + site, +}: +let + pkgs = flakeInputs.nixpkgs.legacyPackages.${platform}; + lib = pkgs.lib; + mkDeploy = { site, targetPkg, profileName, extraCommands ? "" }: pkgs.substituteAll { + name = "deploy-${profileName}"; + src = builtins.toFile "deploy-template" '' + #!@runtimeShell@ + set -ex + nix-copy-closure --to @site@ @targetPkg@ + ssh @site@ sudo nix-env --set -p /nix/var/nix/profiles/@profileName@ @targetPkg@ + @extraCommands@ + ''; + env = { + inherit site targetPkg profileName extraCommands; + inherit (pkgs) runtimeShell; + }; + isExecutable = true; + passthru.site = site; + }; + deployments = builtins.map mkDeploy [ + { + profileName = "blog-rhelmot-io"; + site = "sunflower"; + targetPkg = flakeInputs."blog-rhelmot-io".packages.${platform}.blog; + } + ]; + filteredDeployments = builtins.filter (deployment: deployment.site == site) deployments; + filteredDeploymentsAttrs = builtins.listToAttrs (builtins.map (value: { name = value.profileName; inherit value; }) filteredDeployments); + targetSystem = flakeInputs.self.packages.${platform}.${site}.system; + deployAll = pkgs.writeShellScriptBin "deploy-all-${site}" ('' + set -ex + # TODO take advantage of the nixos-rebuild infrastructure + nix-copy-closure --to ${site} ${targetSystem} + ssh ${site} 'sudo nix-env --set -p /nix/var/nix/profiles/system ${targetSystem} && sudo ${targetSystem}/bin/switch-to-configuration switch' + set +e + '' + lib.concatStringsSep "\n" filteredDeployments); +in deployAll // filteredDeploymentsAttrs diff --git a/flake.lock b/flake.lock index eae3cc3..19afcea 100644 --- a/flake.lock +++ b/flake.lock @@ -15,6 +15,49 @@ "type": "github" } }, + "blog-rhelmot-io": { + "inputs": { + "coricamu": "coricamu", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745178146, + "narHash": "sha256-O+i/U/cWdhsO0xIjd3EgWJooI7+CsIMPxAhuNKluzso=", + "ref": "refs/heads/main", + "rev": "eb251b99807f1b5ee041755cb313b4880315eff6", + "revCount": 5, + "type": "git", + "url": "https://git.lain.faith/rhelmot/blog.rhelmot.io" + }, + "original": { + "type": "git", + "url": "https://git.lain.faith/rhelmot/blog.rhelmot.io" + } + }, + "coricamu": { + "inputs": { + "nixpkgs": [ + "blog-rhelmot-io", + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1745178120, + "narHash": "sha256-2CQDWkN475WFzYXvUciYhzEn7+UcmR2iLoqZxJq9pcM=", + "owner": "rhelmot", + "repo": "coricamu", + "rev": "b6440b4763a202d727e7a89d8fc3e503c55329f1", + "type": "github" + }, + "original": { + "owner": "rhelmot", + "repo": "coricamu", + "type": "github" + } + }, "flake-compat": { "locked": { "lastModified": 1733328505, @@ -47,7 +90,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -219,11 +262,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1743367904, - "narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { @@ -252,6 +295,7 @@ "root": { "inputs": { "bingosync": "bingosync", + "blog-rhelmot-io": "blog-rhelmot-io", "lix-module": "lix-module", "nixbsd": "nixbsd", "nixpkgs": "nixpkgs_2" @@ -271,6 +315,39 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index e0aff66..de7aba0 100644 --- a/flake.nix +++ b/flake.nix @@ -8,8 +8,10 @@ }; bingosync.url = "github:rhelmot/bingosync"; + blog-rhelmot-io.url = "git+https://git.lain.faith/rhelmot/blog.rhelmot.io"; + blog-rhelmot-io.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, nixbsd, lix-module, bingosync, ... }: let + outputs = { self, nixpkgs, nixbsd, lix-module, bingosync, ... }@flakeInputs: let sitesFiles = builtins.readDir ./sites; sitesNames = builtins.filter (name: builtins.pathExists ./sites/${name}/configuration.nix) (builtins.attrNames sitesFiles); systemTypes = { @@ -31,6 +33,7 @@ }; in { inherit (evaluated) config options; system = evaluated.config.system.build.toplevel; + deploy = import ./deploy.nix { inherit flakeInputs platform; site = name; }; }; }) sitesNames); in { diff --git a/sites/sunflower/configuration.nix b/sites/sunflower/configuration.nix index 6ee25cf..d7a9eeb 100644 --- a/sites/sunflower/configuration.nix +++ b/sites/sunflower/configuration.nix @@ -45,60 +45,73 @@ recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."rhelmot.io" = { - default = true; - forceSSL = true; - enableACME = true; - locations."/" = { - root = "/var/www/rhelmot.io/"; + virtualHosts = { + "rhelmot.io" = { + default = true; + forceSSL = true; + enableACME = true; + locations."/" = { + root = "/var/www/rhelmot.io/"; + }; + locations."/secret/" = { + basicAuthFile = "/var/lib/rhelmot.io/secret"; + root = "/var/www/rhelmot.io/"; + }; }; - locations."/secret/" = { - basicAuthFile = "/var/lib/rhelmot.io/secret"; - root = "/var/www/rhelmot.io/"; + "www.rhelmot.io" = { + globalRedirect = "rhelmot.io"; + enableACME = true; + }; + "blog.rhelmot.io" = { + forceSSL = true; + enableACME = true; + locations."/" = { + root = "/nix/var/nix/profiles/blog-rhelmot-io"; + }; + }; + "www.blog.rhelmot.io" = { + globalRedirect = "blog.rhelmot.io"; + enableACME = true; }; - }; - virtualHosts."www.rhelmot.io" = { - globalRedirect = "rhelmot.io"; - enableACME = true; - }; - virtualHosts."bingosync.rhelmot.io" = { - locations."/" = { - proxyPass = "https://bingosync.com/"; - proxyWebsockets = true; + "bingosync.rhelmot.io" = { + locations."/" = { + proxyPass = "https://bingosync.com/"; + proxyWebsockets = true; + }; + }; + # proxy conf generated by services.bingosync + "celestebingo.rhelmot.io" = { + forceSSL = true; + enableACME = true; + }; + "sockets-celestebingo.rhelmot.io" = { + forceSSL = true; + enableACME = true; + }; + "www.celestebingo.rhelmot.io" = { + globalRedirect = "celestebingo.rhelmot.io"; + enableACME = true; }; - }; - # proxy conf generated by services.bingosync - virtualHosts."celestebingo.rhelmot.io" = { - forceSSL = true; - enableACME = true; - }; - virtualHosts."sockets-celestebingo.rhelmot.io" = { - forceSSL = true; - enableACME = true; - }; - virtualHosts."www.celestebingo.rhelmot.io" = { - globalRedirect = "celestebingo.rhelmot.io"; - enableACME = true; - }; - virtualHosts."minal.rhelmot.io" = { - forceSSL = true; - enableACME = true; - locations."/".root = "/var/www/minal.rhelmot.io/"; - }; - virtualHosts."www.minal.rhelmot.io" = { - globalRedirect = "minal.rhelmot.io"; - enableACME = true; - }; - virtualHosts."mimispastrypost.com" = { - forceSSL = true; - enableACME = true; - locations."/".root = "/var/www/mimispastrypost.com/"; - }; - virtualHosts."www.mimispastrypost.com" = { - globalRedirect = "mimispastrypost.com"; - enableACME = true; + "minal.rhelmot.io" = { + forceSSL = true; + enableACME = true; + locations."/".root = "/var/www/minal.rhelmot.io/"; + }; + "www.minal.rhelmot.io" = { + globalRedirect = "minal.rhelmot.io"; + enableACME = true; + }; + "mimispastrypost.com" = { + forceSSL = true; + enableACME = true; + locations."/".root = "/var/www/mimispastrypost.com/"; + }; + "www.mimispastrypost.com" = { + globalRedirect = "mimispastrypost.com"; + enableACME = true; + }; }; }; }