nixinate/README.md

# Nixinate 🕶️


> Forked from https://github.com/MatthewCroughan/nixinate
>
> As the original version seems somewhat abandoned.
>
> Changes so far:
> - Merged a helpful PR for ssh config hostnames https://git.vlt81.de/tristan/nixinate/pulls/49
> - Fixed nix run on non-posix compliant shells like fish by explicitly adding a bash shim to the script
> - Solved https://git.vlt81.de/tristan/nixinate/issues/12 by renaming apps from `nixinate.{$machine_name}` to `nixinate-${machine_name]}`
>
> PR's welcome :)


Nixinate is a proof of concept that generates a deployment script for each
`nixosConfiguration` you already have in your flake, which can be ran via `nix
run`, thanks to the `apps` attribute of the [flake
schema](https://nixos.wiki/wiki/Flakes#Flake_schema).

## Usage

To add and configure `nixinate` in your own flake, you need to:

1. Add the result of `nixinate self` to the `apps` attribute of your flake.
2. Add and configure `_module.args.nixinate` to the `nixosConfigurations` you want to deploy

Below is a minimal example:

```nix
{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
    nixinate.url = "git+https://git.vlt81.de/tristan/nixinate.git";
  };

  outputs = { self, nixpkgs, nixinate }: {
    apps = nixinate.nixinate.x86_64-linux self;
    nixosConfigurations = {
      myMachine = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          (import ./my-configuration.nix)
          {
            _module.args.nixinate = {
              host = "itchy.scratchy.com";
              sshUser = "matthew";

              # Or optionally pass a 'short' hostname that is defined in ssh config
              sshConfigHost = "itchy-scratchy";

              buildOn = "remote"; # valid args are "local" or "remote"
              substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
              hermetic = false;
            };
          }
          # ... other configuration ...
        ];
      };
    };
  };
}
```

Each `nixosConfiguration` you have configured should have a deployment script in
`apps.nixinate`, visible in `nix flake show` like this:

```
$ nix flake show
git+file:///etc/nixos
├───apps
│   └───nixinate
│       └───myMachine: app
└───nixosConfigurations
    └───myMachine: NixOS configuration
```

To finally execute the deployment script, use `nix run .#apps.nixinate-myMachine`

#### Example Run

```
[root@myMachine:/etc/nixos]# nix run .#apps.nixinate-myMachine
🚀 Deploying nixosConfigurations.myMachine from /nix/store/279p8aaclmng8kc3mdmrmi6q3n76r1i7-source
👤 SSH User: matthew
🌐 SSH Host: itchy.scratchy.com
🚀 Sending flake to myMachine via nix copy:
(matthew@itchy.scratchy.com) Password:
🤞 Activating configuration on myMachine via ssh:
(matthew@itchy.scratchy.com) Password:
[sudo] password for matthew:
building the system configuration...
activating the configuration...
setting up /etc...
reloading user units for matthew...
setting up tmpfiles
Connection to itchy.scratchy.com closed.
```

# Available arguments via `_module.args.nixinate`

- `host` *`string`*

   A string representing the hostname or IP address of a machine to connect to
   via ssh.

- `sshUser` *`string`*

   A string representing the username a machine to connect to via ssh.

- `sshConfigHost` *`string`*

   A string representing an entry in ssh config. If provided, it takes precedence
   over `host` and `sshUser`.

- `buildOn` *`"remote"`* or *`"local"`*

  - `"remote"`

    Push the flake to the remote, build and activate entirely remotely,
    returning logs via SSH.

  - `"local"`

    Build the system closure locally, copy to the remote and activate.

- `hermetic` *`bool`*

  Whether to copy Nix to the remote for usage when building and activating,
  instead of using the Nix which is already installed on the remote.

- `substituteOnTarget` *`bool`*

  Whether to fetch closures and paths from the remote, even when building
  locally. This makes sense in most cases, because the remote will have already
  built a lot of the paths from the previous deployment. However, if the remote
  has a slow upload bandwidth, this would not be a good idea to enable.

# Project Principles

* No Premature Optimization: Make it work, then optimize it later if the
  optimization is taking a lot of time to figure out now.
* KISS: Keep it simple, stupid. Unnecesary complexity should be avoided.

# License

You can find the original Project license at ./LICENSE.original.md all commits upto including ab2face8e37aaaee98404cd2f499940775b4776f are licensed under this (MIT)

All of my contributions are licensed under AGPL which you can find at ./LICENSE.md
init 2022-01-03 10:50:50 +00:00			`# Nixinate 🕶️`

Fork - added new LICENSE (agpl), all existing code stays under the existing LICENSE - added note abt fork to README.md - added note abt new LICENSE to README.md Signed-off-by: tristan <tristan@gitea@vault81.de> 2023-12-11 19:41:21 +01:00
			`> Forked from https://github.com/MatthewCroughan/nixinate`
			`>`
			`> As the original version seems somewhat abandoned.`
			`>`
			`> Changes so far:`
			`> - Merged a helpful PR for ssh config hostnames https://git.vlt81.de/tristan/nixinate/pulls/49`
			`> - Fixed nix run on non-posix compliant shells like fish by explicitly adding a bash shim to the script`
Flatten apps (nixinate-name instead nixinate.name) - Solves https://git.vlt81.de/tristan/nixinate/issues/12 2023-12-11 21:02:13 +01:00			> - Solved https://git.vlt81.de/tristan/nixinate/issues/12 by renaming apps from `nixinate.{$machine_name}` to `nixinate-${machine_name]}`
Fork - added new LICENSE (agpl), all existing code stays under the existing LICENSE - added note abt fork to README.md - added note abt new LICENSE to README.md Signed-off-by: tristan <tristan@gitea@vault81.de> 2023-12-11 19:41:21 +01:00			`>`
			`> PR's welcome :)`



init 2022-01-03 10:50:50 +00:00			`Nixinate is a proof of concept that generates a deployment script for each`
			`nixosConfiguration` you already have in your flake, which can be ran via `nix
			run`, thanks to the `apps` attribute of the [flake
			`schema](https://nixos.wiki/wiki/Flakes#Flake_schema).`

			`## Usage`

			To add and configure `nixinate` in your own flake, you need to:

			1. Add the result of `nixinate self` to the `apps` attribute of your flake.
			2. Add and configure `_module.args.nixinate` to the `nixosConfigurations` you want to deploy

			`Below is a minimal example:`

			```nix
			`{`
			`inputs = {`
update README.md 2023-06-30 10:35:53 +02:00			`nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";`
Fix flake url in README.md 2023-12-11 20:55:44 +01:00			`nixinate.url = "git+https://git.vlt81.de/tristan/nixinate.git";`
init 2022-01-03 10:50:50 +00:00			`};`

			`outputs = { self, nixpkgs, nixinate }: {`
			`apps = nixinate.nixinate.x86_64-linux self;`
			`nixosConfigurations = {`
			`myMachine = nixpkgs.lib.nixosSystem {`
update README.md 2023-06-30 10:35:53 +02:00			`system = "x86_64-linux";`
init 2022-01-03 10:50:50 +00:00			`modules = [`
			`(import ./my-configuration.nix)`
			`{`
			`_module.args.nixinate = {`
			`host = "itchy.scratchy.com";`
			`sshUser = "matthew";`
Allow ssh config hostnames (#49) I prefer to keep my ssh configurations centralized, and refer to destinations by 'short names' every where else. This patch enables that. It might be a niche usecase so feel free to reject, but figured I'd make it public for anyone else that wants to use it. Co-authored-by: Jimmy Reichley <jimmyqpublik@gmail.com> Reviewed-on: https://git.vlt81.de/tristan/nixinate/pulls/49 2023-12-11 19:35:56 +01:00
			`# Or optionally pass a 'short' hostname that is defined in ssh config`
			`sshConfigHost = "itchy-scratchy";`

flake: add local building This adds the ability to build a system closure locally and push it to the remote using `nix copy` 2022-01-26 22:19:36 +00:00			`buildOn = "remote"; # valid args are "local" or "remote"`
Add option to substitute on the target machine if local build Signed-off-by: Magic_RB <magic_rb@redalder.org> Co-authored-by: matthewcroughan <matt@croughan.sh> 2022-06-07 23:19:09 +02:00			`substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"`
Update README.md 2022-06-02 00:18:44 +01:00			`hermetic = false;`
init 2022-01-03 10:50:50 +00:00			`};`
			`}`
			`# ... other configuration ...`
			`];`
			`};`
			`};`
			`};`
			`}`
			```

			Each `nixosConfiguration` you have configured should have a deployment script in
			`apps.nixinate`, visible in `nix flake show` like this:

			```
Update README.md 2022-06-02 00:18:44 +01:00			`$ nix flake show`
init 2022-01-03 10:50:50 +00:00			`git+file:///etc/nixos`
			`├───apps`
			`│ └───nixinate`
			`│ └───myMachine: app`
			`└───nixosConfigurations`
			`└───myMachine: NixOS configuration`
			```

Flatten apps (nixinate-name instead nixinate.name) - Solves https://git.vlt81.de/tristan/nixinate/issues/12 2023-12-11 21:02:13 +01:00			To finally execute the deployment script, use `nix run .#apps.nixinate-myMachine`
init 2022-01-03 10:50:50 +00:00
			`#### Example Run`

			```
Flatten apps (nixinate-name instead nixinate.name) - Solves https://git.vlt81.de/tristan/nixinate/issues/12 2023-12-11 21:02:13 +01:00			`[root@myMachine:/etc/nixos]# nix run .#apps.nixinate-myMachine`
init 2022-01-03 10:50:50 +00:00			`🚀 Deploying nixosConfigurations.myMachine from /nix/store/279p8aaclmng8kc3mdmrmi6q3n76r1i7-source`
			`👤 SSH User: matthew`
			`🌐 SSH Host: itchy.scratchy.com`
fix README 2022-03-06 17:18:07 +00:00			`🚀 Sending flake to myMachine via nix copy:`
Update README.md 2022-06-02 00:18:44 +01:00			`(matthew@itchy.scratchy.com) Password:`
init 2022-01-03 10:50:50 +00:00			`🤞 Activating configuration on myMachine via ssh:`
Update README.md 2022-06-02 00:18:44 +01:00			`(matthew@itchy.scratchy.com) Password:`
			`[sudo] password for matthew:`
init 2022-01-03 10:50:50 +00:00			`building the system configuration...`
			`activating the configuration...`
			`setting up /etc...`
			`reloading user units for matthew...`
			`setting up tmpfiles`
			`Connection to itchy.scratchy.com closed.`
			```
Add support for hermetic remote builds A hermetic remote rebuild is when Nixinate sends a specific Nix binary to the remote first, then uses it when activating a system closure, rather than using the Nix that is already on the remote. This is defaulted to false for the time being, as the bandwidth usage can be high. This allows users to avoid the need to bootstrap the remote first by enabling flakes on the remote Nix binary. 2022-05-23 18:57:50 +01:00
			# Available arguments via `_module.args.nixinate`

			- `host` `string`

			`A string representing the hostname or IP address of a machine to connect to`
			`via ssh.`

			- `sshUser` `string`

			`A string representing the username a machine to connect to via ssh.`

Allow ssh config hostnames (#49) I prefer to keep my ssh configurations centralized, and refer to destinations by 'short names' every where else. This patch enables that. It might be a niche usecase so feel free to reject, but figured I'd make it public for anyone else that wants to use it. Co-authored-by: Jimmy Reichley <jimmyqpublik@gmail.com> Reviewed-on: https://git.vlt81.de/tristan/nixinate/pulls/49 2023-12-11 19:35:56 +01:00			- `sshConfigHost` `string`

			`A string representing an entry in ssh config. If provided, it takes precedence`
			over `host` and `sshUser`.

Add support for hermetic remote builds A hermetic remote rebuild is when Nixinate sends a specific Nix binary to the remote first, then uses it when activating a system closure, rather than using the Nix that is already on the remote. This is defaulted to false for the time being, as the bandwidth usage can be high. This allows users to avoid the need to bootstrap the remote first by enabling flakes on the remote Nix binary. 2022-05-23 18:57:50 +01:00			- `buildOn` `"remote"` or `"local"`

			- `"remote"`

			`Push the flake to the remote, build and activate entirely remotely,`
			`returning logs via SSH.`

			- `"local"`

			`Build the system closure locally, copy to the remote and activate.`

			- `hermetic` `bool`

			`Whether to copy Nix to the remote for usage when building and activating,`
			`instead of using the Nix which is already installed on the remote.`
Update README.md 2022-06-08 13:38:14 +01:00
Add option to substitute on the target machine if local build Signed-off-by: Magic_RB <magic_rb@redalder.org> Co-authored-by: matthewcroughan <matt@croughan.sh> 2022-06-07 23:19:09 +02:00			- `substituteOnTarget` `bool`

			`Whether to fetch closures and paths from the remote, even when building`
			`locally. This makes sense in most cases, because the remote will have already`
			`built a lot of the paths from the previous deployment. However, if the remote`
			`has a slow upload bandwidth, this would not be a good idea to enable.`

Update README.md 2022-06-08 13:38:14 +01:00			`# Project Principles`

			`* No Premature Optimization: Make it work, then optimize it later if the`
			`optimization is taking a lot of time to figure out now.`
			`* KISS: Keep it simple, stupid. Unnecesary complexity should be avoided.`
Fork - added new LICENSE (agpl), all existing code stays under the existing LICENSE - added note abt fork to README.md - added note abt new LICENSE to README.md Signed-off-by: tristan <tristan@gitea@vault81.de> 2023-12-11 19:41:21 +01:00
			`# License`

			`You can find the original Project license at ./LICENSE.original.md all commits upto including ab2face8e37aaaee98404cd2f499940775b4776f are licensed under this (MIT)`

			`All of my contributions are licensed under AGPL which you can find at ./LICENSE.md`