mirror of
https://github.com/khuedoan/homelab.git
synced 2025-01-12 15:57:05 +07:00
build!: switch to Nix flake
This commit is contained in:
parent
da9afc6de0
commit
60fd8b9e9a
.envrcDockerfile.toolsMakefile
docs
concepts
installation
reference/architecture
external
flake.lockflake.nixrenovate.json5shell.nixtest
@ -1,5 +1,5 @@
|
|||||||
FROM nixos/nix
|
FROM nixos/nix
|
||||||
|
|
||||||
COPY shell.nix shell.nix
|
COPY flake.nix flake.nix
|
||||||
|
|
||||||
RUN nix-shell --command exit
|
RUN nix --experimental-features 'nix-command flakes' develop --command true
|
||||||
|
2
Makefile
2
Makefile
@ -40,7 +40,7 @@ tools:
|
|||||||
--volume homelab-tools-cache:/root/.cache \
|
--volume homelab-tools-cache:/root/.cache \
|
||||||
--volume homelab-tools-nix:/nix \
|
--volume homelab-tools-nix:/nix \
|
||||||
--workdir $(shell pwd) \
|
--workdir $(shell pwd) \
|
||||||
nixos/nix nix-shell
|
nixos/nix nix --experimental-features 'nix-command flakes' develop
|
||||||
|
|
||||||
test:
|
test:
|
||||||
make -C test
|
make -C test
|
||||||
|
@ -15,7 +15,7 @@ You can use the default Docker wrapper, or use Nix if you have Nix installed:
|
|||||||
=== "Nix"
|
=== "Nix"
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
nix-shell
|
nix develop
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! tip
|
!!! tip
|
||||||
@ -25,15 +25,15 @@ You can use the default Docker wrapper, or use Nix if you have Nix installed:
|
|||||||
It will open a shell like this:
|
It will open a shell like this:
|
||||||
|
|
||||||
```
|
```
|
||||||
[nix-shell:/home/khuedoan/Documents/homelab]# echo hello
|
[khuedoan@ryzentower:~/Documents/homelab]$ echo hello
|
||||||
hello
|
hello
|
||||||
```
|
```
|
||||||
|
|
||||||
## How it works
|
## How it works
|
||||||
|
|
||||||
- All dependencies are defined in `./shell.nix`
|
- All dependencies are defined in `./flake.nix`
|
||||||
- When you run `make tools`, it will run a thin Docker wrapper with the `nixos/nix` image (because not everyone has Nix installed) and mount some required volumes
|
- When you run `make tools`, it will run a thin Docker wrapper with the `nixos/nix` image (because not everyone has Nix installed) and mount some required volumes
|
||||||
- `nix-shell` will start an interactive shell based on the Nix expression in `./shell.nix` and install everything from there
|
- `nix develop` will start an interactive shell based on the Nix expression in `./flake.nix` and install everything from there
|
||||||
|
|
||||||
## Known issues
|
## Known issues
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ Open the [tools container](../../concepts/tools-container.md), which includes al
|
|||||||
=== "Nix"
|
=== "Nix"
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
nix-shell
|
nix develop
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
|
@ -11,7 +11,7 @@ Open the tools container if you haven't already:
|
|||||||
=== "Nix"
|
=== "Nix"
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
nix-shell
|
nix develop
|
||||||
```
|
```
|
||||||
|
|
||||||
Build the lab:
|
Build the lab:
|
||||||
|
@ -37,7 +37,7 @@ Open the tools container, which includes all the tools needed:
|
|||||||
=== "Nix"
|
=== "Nix"
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
nix-shell
|
nix develop
|
||||||
```
|
```
|
||||||
|
|
||||||
Build a development cluster and bootstrap it:
|
Build a development cluster and bootstrap it:
|
||||||
|
@ -24,7 +24,7 @@ They are not permanent, we can change them in the future if better alternatives
|
|||||||
**Context**
|
**Context**
|
||||||
|
|
||||||
While Nix is reproducible, we need a way to control the versions of the tools and keep them up-to-date.
|
While Nix is reproducible, we need a way to control the versions of the tools and keep them up-to-date.
|
||||||
For example, if we update the nixpkgs hash (in `shell.nix`) from `abcd1234` to `defa5678`:
|
For example, if we update the nixpkgs hash (in `flake.nix`) from `abcd1234` to `defa5678`:
|
||||||
|
|
||||||
- `ansible`: 2.12.1 -> 2.12.6
|
- `ansible`: 2.12.1 -> 2.12.6
|
||||||
- `terraform`: 1.2.0 -> 1.2.2
|
- `terraform`: 1.2.0 -> 1.2.2
|
||||||
@ -38,7 +38,7 @@ That looks good. But when we update it from `defa5678` to `cdef9012`:
|
|||||||
|
|
||||||
This time it breaks `foobar` because the new major version contains a breaking change.
|
This time it breaks `foobar` because the new major version contains a breaking change.
|
||||||
|
|
||||||
We can pin the specific version of each dependency in `shell.nix`,
|
We can pin the specific version of each dependency in `flake.nix`,
|
||||||
however, the maintenance burden is too high (even with Renovate) because we need to update the version of each package regularly rather than just the nixpkgs hash.
|
however, the maintenance burden is too high (even with Renovate) because we need to update the version of each package regularly rather than just the nixpkgs hash.
|
||||||
Instead, we can just bump the nixpkgs hash and run some tests to ensure there is no breaking change.
|
Instead, we can just bump the nixpkgs hash and run some tests to ensure there is no breaking change.
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
terraform {
|
terraform {
|
||||||
required_version = "~> 1.3.0"
|
required_version = "~> 1.5.0"
|
||||||
|
|
||||||
backend "remote" {
|
backend "remote" {
|
||||||
hostname = "app.terraform.io"
|
hostname = "app.terraform.io"
|
||||||
|
61
flake.lock
Normal file
61
flake.lock
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"flake-utils": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1694529238,
|
||||||
|
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1698288402,
|
||||||
|
"narHash": "sha256-jIIjApPdm+4yt8PglX8pUOexAdEiAax/DXW3S/Mb21E=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "60b9db998f71ea49e1a9c41824d09aa274be1344",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-23.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils",
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"systems": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
54
flake.nix
Normal file
54
flake.nix
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
{
|
||||||
|
description = "Homelab";
|
||||||
|
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||||
|
flake-utils.url = "github:numtide/flake-utils";
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = { self, nixpkgs, flake-utils }:
|
||||||
|
flake-utils.lib.eachDefaultSystem (system:
|
||||||
|
let
|
||||||
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
|
in
|
||||||
|
with pkgs;
|
||||||
|
{
|
||||||
|
devShells.default = mkShell {
|
||||||
|
packages = [
|
||||||
|
ansible
|
||||||
|
ansible-lint
|
||||||
|
bmake
|
||||||
|
diffutils
|
||||||
|
docker
|
||||||
|
docker-compose_1 # TODO upgrade to version 2
|
||||||
|
git
|
||||||
|
go
|
||||||
|
gotestsum
|
||||||
|
iproute2
|
||||||
|
jq
|
||||||
|
k9s
|
||||||
|
kube3d
|
||||||
|
kubectl
|
||||||
|
kubernetes-helm
|
||||||
|
kustomize
|
||||||
|
libisoburn
|
||||||
|
neovim
|
||||||
|
openssh
|
||||||
|
p7zip
|
||||||
|
pre-commit
|
||||||
|
shellcheck
|
||||||
|
terraform # TODO replace with OpenTofu, Terraform is no longer FOSS
|
||||||
|
yamllint
|
||||||
|
|
||||||
|
(python3.withPackages (p: with p; [
|
||||||
|
jinja2
|
||||||
|
kubernetes
|
||||||
|
mkdocs-material
|
||||||
|
netaddr
|
||||||
|
rich
|
||||||
|
]))
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
@ -1,4 +1,3 @@
|
|||||||
// TODO switch to YAML https://github.com/renovatebot/renovate/issues/7031
|
|
||||||
{
|
{
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
"extends": [
|
"extends": [
|
||||||
|
42
shell.nix
42
shell.nix
@ -1,42 +0,0 @@
|
|||||||
# https://status.nixos.org (nixos-22.11)
|
|
||||||
{ pkgs ? import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/6c591e7adc51.tar.gz") {} }:
|
|
||||||
|
|
||||||
let
|
|
||||||
python-packages = pkgs.python3.withPackages (p: with p; [
|
|
||||||
jinja2
|
|
||||||
kubernetes
|
|
||||||
mkdocs-material
|
|
||||||
netaddr
|
|
||||||
rich
|
|
||||||
]);
|
|
||||||
in
|
|
||||||
pkgs.mkShell {
|
|
||||||
buildInputs = with pkgs; [
|
|
||||||
ansible
|
|
||||||
ansible-lint
|
|
||||||
bmake
|
|
||||||
diffutils
|
|
||||||
docker
|
|
||||||
docker-compose_1 # TODO upgrade to version 2
|
|
||||||
git
|
|
||||||
go
|
|
||||||
gotestsum
|
|
||||||
iproute2
|
|
||||||
jq
|
|
||||||
k9s
|
|
||||||
kube3d
|
|
||||||
kubectl
|
|
||||||
kubernetes-helm
|
|
||||||
kustomize
|
|
||||||
libisoburn
|
|
||||||
neovim
|
|
||||||
openssh
|
|
||||||
p7zip
|
|
||||||
pre-commit
|
|
||||||
shellcheck
|
|
||||||
terraform
|
|
||||||
yamllint
|
|
||||||
|
|
||||||
python-packages
|
|
||||||
];
|
|
||||||
}
|
|
@ -1,11 +1,9 @@
|
|||||||
package test
|
package test
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/gruntwork-io/terratest/modules/docker"
|
|
||||||
"github.com/gruntwork-io/terratest/modules/shell"
|
"github.com/gruntwork-io/terratest/modules/shell"
|
||||||
"github.com/gruntwork-io/terratest/modules/version-checker"
|
"github.com/gruntwork-io/terratest/modules/version-checker"
|
||||||
)
|
)
|
||||||
@ -21,12 +19,12 @@ func TestToolsVersions(t *testing.T) {
|
|||||||
{"ansible", "--version", ">= 2.12.6, < 3.0.0"},
|
{"ansible", "--version", ">= 2.12.6, < 3.0.0"},
|
||||||
{"docker", "--version", ">= 20.10.17, < 21.0.0"},
|
{"docker", "--version", ">= 20.10.17, < 21.0.0"},
|
||||||
{"git", "--version", ">= 2.37.1, < 3.0.0"},
|
{"git", "--version", ">= 2.37.1, < 3.0.0"},
|
||||||
{"go", "version", ">= 1.19.0, < 1.20.0"},
|
{"go", "version", ">= 1.20.0, < 1.21.0"},
|
||||||
{"helm", "version", ">= 3.9.4, < 4.0.0"},
|
{"helm", "version", ">= 3.9.4, < 4.0.0"},
|
||||||
{"kubectl", "version", ">= 1.25.0, < 1.27.0"}, // https://kubernetes.io/releases/version-skew-policy/#kubectl
|
{"kubectl", "version", ">= 1.27.0, < 1.29.0"}, // https://kubernetes.io/releases/version-skew-policy/#kubectl
|
||||||
{"kustomize", "version", ">= 4.5.4, < 5.0.0"},
|
{"kustomize", "version", ">= 5.0.3, < 6.0.0"},
|
||||||
{"pre-commit", "--version", ">= 2.20.0, < 3.0.0"},
|
{"pre-commit", "--version", ">= 3.3.2, < 4.0.0"},
|
||||||
{"terraform", "--version", ">= 1.3.1, < 1.4.0"},
|
{"terraform", "--version", ">= 1.5.0, < 1.6.0"},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tool := range tools {
|
for _, tool := range tools {
|
||||||
@ -45,35 +43,6 @@ func TestToolsVersions(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestToolsContainer(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
image := "nixos/nix"
|
|
||||||
projectRoot, err := filepath.Abs("../")
|
|
||||||
if err != nil {
|
|
||||||
t.FailNow()
|
|
||||||
}
|
|
||||||
|
|
||||||
options := &docker.RunOptions{
|
|
||||||
Remove: true,
|
|
||||||
Volumes: []string{
|
|
||||||
fmt.Sprintf("%s:%s", projectRoot, projectRoot),
|
|
||||||
"homelab-tools-cache:/root/.cache",
|
|
||||||
"homelab-tools-nix:/nix",
|
|
||||||
},
|
|
||||||
OtherOptions: []string{
|
|
||||||
"--workdir", projectRoot,
|
|
||||||
},
|
|
||||||
Command: []string{
|
|
||||||
"nix-shell",
|
|
||||||
"--pure",
|
|
||||||
"--command", "exit",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
docker.Run(t, image, options)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestToolsNixShell(t *testing.T) {
|
func TestToolsNixShell(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
@ -83,10 +52,11 @@ func TestToolsNixShell(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
command := shell.Command{
|
command := shell.Command{
|
||||||
Command: "nix-shell",
|
Command: "nix",
|
||||||
Args: []string{
|
Args: []string{
|
||||||
"--pure",
|
"develop",
|
||||||
"--command", "exit",
|
"--experimental-features", "nix-command flakes",
|
||||||
|
"--command", "true",
|
||||||
},
|
},
|
||||||
WorkingDir: projectRoot,
|
WorkingDir: projectRoot,
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user