diff --git a/.envrc b/.envrc index 1d953f4b..3550a30f 100644 --- a/.envrc +++ b/.envrc @@ -1 +1 @@ -use nix +use flake diff --git a/Dockerfile.tools b/Dockerfile.tools index d33b7891..10a5bda9 100644 --- a/Dockerfile.tools +++ b/Dockerfile.tools @@ -1,5 +1,5 @@ FROM nixos/nix -COPY shell.nix shell.nix +COPY flake.nix flake.nix -RUN nix-shell --command exit +RUN nix --experimental-features 'nix-command flakes' develop --command true diff --git a/Makefile b/Makefile index 61527fe7..257a1b68 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,7 @@ tools: --volume homelab-tools-cache:/root/.cache \ --volume homelab-tools-nix:/nix \ --workdir $(shell pwd) \ - nixos/nix nix-shell + nixos/nix nix --experimental-features 'nix-command flakes' develop test: make -C test diff --git a/docs/concepts/tools-container.md b/docs/concepts/tools-container.md index 92eb4e7f..e7fc6823 100644 --- a/docs/concepts/tools-container.md +++ b/docs/concepts/tools-container.md @@ -15,7 +15,7 @@ You can use the default Docker wrapper, or use Nix if you have Nix installed: === "Nix" ```sh - nix-shell + nix develop ``` !!! tip @@ -25,15 +25,15 @@ You can use the default Docker wrapper, or use Nix if you have Nix installed: It will open a shell like this: ``` -[nix-shell:/home/khuedoan/Documents/homelab]# echo hello +[khuedoan@ryzentower:~/Documents/homelab]$ echo hello hello ``` ## How it works -- All dependencies are defined in `./shell.nix` +- All dependencies are defined in `./flake.nix` - When you run `make tools`, it will run a thin Docker wrapper with the `nixos/nix` image (because not everyone has Nix installed) and mount some required volumes -- `nix-shell` will start an interactive shell based on the Nix expression in `./shell.nix` and install everything from there +- `nix develop` will start an interactive shell based on the Nix expression in `./flake.nix` and install everything from there ## Known issues diff --git a/docs/installation/production/configuration.md b/docs/installation/production/configuration.md index 5df750f3..3d9ce6ee 100644 --- a/docs/installation/production/configuration.md +++ b/docs/installation/production/configuration.md @@ -11,7 +11,7 @@ Open the [tools container](../../concepts/tools-container.md), which includes al === "Nix" ```sh - nix-shell + nix develop ``` !!! note diff --git a/docs/installation/production/deployment.md b/docs/installation/production/deployment.md index 1562e3f2..416b3d16 100644 --- a/docs/installation/production/deployment.md +++ b/docs/installation/production/deployment.md @@ -11,7 +11,7 @@ Open the tools container if you haven't already: === "Nix" ```sh - nix-shell + nix develop ``` Build the lab: diff --git a/docs/installation/sandbox.md b/docs/installation/sandbox.md index 7359f765..add92336 100644 --- a/docs/installation/sandbox.md +++ b/docs/installation/sandbox.md @@ -37,7 +37,7 @@ Open the tools container, which includes all the tools needed: === "Nix" ```sh - nix-shell + nix develop ``` Build a development cluster and bootstrap it: diff --git a/docs/reference/architecture/decision-records.md b/docs/reference/architecture/decision-records.md index fbd9215c..eb3b127f 100644 --- a/docs/reference/architecture/decision-records.md +++ b/docs/reference/architecture/decision-records.md @@ -24,7 +24,7 @@ They are not permanent, we can change them in the future if better alternatives **Context** While Nix is reproducible, we need a way to control the versions of the tools and keep them up-to-date. -For example, if we update the nixpkgs hash (in `shell.nix`) from `abcd1234` to `defa5678`: +For example, if we update the nixpkgs hash (in `flake.nix`) from `abcd1234` to `defa5678`: - `ansible`: 2.12.1 -> 2.12.6 - `terraform`: 1.2.0 -> 1.2.2 @@ -38,7 +38,7 @@ That looks good. But when we update it from `defa5678` to `cdef9012`: This time it breaks `foobar` because the new major version contains a breaking change. -We can pin the specific version of each dependency in `shell.nix`, +We can pin the specific version of each dependency in `flake.nix`, however, the maintenance burden is too high (even with Renovate) because we need to update the version of each package regularly rather than just the nixpkgs hash. Instead, we can just bump the nixpkgs hash and run some tests to ensure there is no breaking change. diff --git a/external/versions.tf b/external/versions.tf index 1fa41de2..4e46789a 100644 --- a/external/versions.tf +++ b/external/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.3.0" + required_version = "~> 1.5.0" backend "remote" { hostname = "app.terraform.io" diff --git a/flake.lock b/flake.lock new file mode 100644 index 00000000..55f037c8 --- /dev/null +++ b/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1698288402, + "narHash": "sha256-jIIjApPdm+4yt8PglX8pUOexAdEiAax/DXW3S/Mb21E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "60b9db998f71ea49e1a9c41824d09aa274be1344", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 00000000..554784b7 --- /dev/null +++ b/flake.nix @@ -0,0 +1,54 @@ +{ + description = "Homelab"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = { self, nixpkgs, flake-utils }: + flake-utils.lib.eachDefaultSystem (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + with pkgs; + { + devShells.default = mkShell { + packages = [ + ansible + ansible-lint + bmake + diffutils + docker + docker-compose_1 # TODO upgrade to version 2 + git + go + gotestsum + iproute2 + jq + k9s + kube3d + kubectl + kubernetes-helm + kustomize + libisoburn + neovim + openssh + p7zip + pre-commit + shellcheck + terraform # TODO replace with OpenTofu, Terraform is no longer FOSS + yamllint + + (python3.withPackages (p: with p; [ + jinja2 + kubernetes + mkdocs-material + netaddr + rich + ])) + ]; + }; + } + ); +} diff --git a/renovate.json5 b/renovate.json5 index 845bcb14..027bdefd 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,4 +1,3 @@ -// TODO switch to YAML https://github.com/renovatebot/renovate/issues/7031 { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ diff --git a/shell.nix b/shell.nix deleted file mode 100644 index ffa2d928..00000000 --- a/shell.nix +++ /dev/null @@ -1,42 +0,0 @@ -# https://status.nixos.org (nixos-22.11) -{ pkgs ? import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/6c591e7adc51.tar.gz") {} }: - -let - python-packages = pkgs.python3.withPackages (p: with p; [ - jinja2 - kubernetes - mkdocs-material - netaddr - rich - ]); -in -pkgs.mkShell { - buildInputs = with pkgs; [ - ansible - ansible-lint - bmake - diffutils - docker - docker-compose_1 # TODO upgrade to version 2 - git - go - gotestsum - iproute2 - jq - k9s - kube3d - kubectl - kubernetes-helm - kustomize - libisoburn - neovim - openssh - p7zip - pre-commit - shellcheck - terraform - yamllint - - python-packages - ]; -} diff --git a/test/tools_test.go b/test/tools_test.go index f4f1df40..0087d878 100644 --- a/test/tools_test.go +++ b/test/tools_test.go @@ -1,11 +1,9 @@ package test import ( - "fmt" "path/filepath" "testing" - "github.com/gruntwork-io/terratest/modules/docker" "github.com/gruntwork-io/terratest/modules/shell" "github.com/gruntwork-io/terratest/modules/version-checker" ) @@ -21,12 +19,12 @@ func TestToolsVersions(t *testing.T) { {"ansible", "--version", ">= 2.12.6, < 3.0.0"}, {"docker", "--version", ">= 20.10.17, < 21.0.0"}, {"git", "--version", ">= 2.37.1, < 3.0.0"}, - {"go", "version", ">= 1.19.0, < 1.20.0"}, + {"go", "version", ">= 1.20.0, < 1.21.0"}, {"helm", "version", ">= 3.9.4, < 4.0.0"}, - {"kubectl", "version", ">= 1.25.0, < 1.27.0"}, // https://kubernetes.io/releases/version-skew-policy/#kubectl - {"kustomize", "version", ">= 4.5.4, < 5.0.0"}, - {"pre-commit", "--version", ">= 2.20.0, < 3.0.0"}, - {"terraform", "--version", ">= 1.3.1, < 1.4.0"}, + {"kubectl", "version", ">= 1.27.0, < 1.29.0"}, // https://kubernetes.io/releases/version-skew-policy/#kubectl + {"kustomize", "version", ">= 5.0.3, < 6.0.0"}, + {"pre-commit", "--version", ">= 3.3.2, < 4.0.0"}, + {"terraform", "--version", ">= 1.5.0, < 1.6.0"}, } for _, tool := range tools { @@ -45,35 +43,6 @@ func TestToolsVersions(t *testing.T) { } } -func TestToolsContainer(t *testing.T) { - t.Parallel() - - image := "nixos/nix" - projectRoot, err := filepath.Abs("../") - if err != nil { - t.FailNow() - } - - options := &docker.RunOptions{ - Remove: true, - Volumes: []string{ - fmt.Sprintf("%s:%s", projectRoot, projectRoot), - "homelab-tools-cache:/root/.cache", - "homelab-tools-nix:/nix", - }, - OtherOptions: []string{ - "--workdir", projectRoot, - }, - Command: []string{ - "nix-shell", - "--pure", - "--command", "exit", - }, - } - - docker.Run(t, image, options) -} - func TestToolsNixShell(t *testing.T) { t.Parallel() @@ -83,10 +52,11 @@ func TestToolsNixShell(t *testing.T) { } command := shell.Command{ - Command: "nix-shell", + Command: "nix", Args: []string{ - "--pure", - "--command", "exit", + "develop", + "--experimental-features", "nix-command flakes", + "--command", "true", }, WorkingDir: projectRoot, }