mirrors/khuedoan-homelab
1
0
Fork 0
mirror of https://github.com/khuedoan/homelab.git synced 2024-12-22 14:44:31 +07:00
Code Issues Packages Projects Releases Wiki Activity

build!: switch to Nix flake

Browse Source
This commit is contained in:
Khue Doan 2023-10-27 16:37:53 +07:00
parent da9afc6de0
commit 60fd8b9e9a
14 changed files with 138 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.envrc
View File

@ -1 +1 @@
use nix use flake

4
Dockerfile.tools
View File

@ -1,5 +1,5 @@
FROM nixos/nix FROM nixos/nix
COPY shell.nix shell.nix COPY flake.nix flake.nix
RUN nix-shell --command exit RUN nix --experimental-features 'nix-command flakes' develop --command true

2
Makefile
View File

@ -40,7 +40,7 @@ tools:
--volume homelab-tools-cache:/root/.cache \ --volume homelab-tools-cache:/root/.cache \
--volume homelab-tools-nix:/nix \ --volume homelab-tools-nix:/nix \
--workdir $(shell pwd) \ --workdir $(shell pwd) \
nixos/nix nix-shell nixos/nix nix --experimental-features 'nix-command flakes' develop
test: test:
make -C test make -C test

8
docs/concepts/tools-container.md
View File

@ -15,7 +15,7 @@ You can use the default Docker wrapper, or use Nix if you have Nix installed:
=== "Nix" === "Nix"
```sh ```sh
nix-shell nix develop
``` ```
!!! tip !!! tip
@ -25,15 +25,15 @@ You can use the default Docker wrapper, or use Nix if you have Nix installed:
It will open a shell like this: It will open a shell like this:
``` ```
[nix-shell:/home/khuedoan/Documents/homelab]# echo hello [khuedoan@ryzentower:~/Documents/homelab]$ echo hello
hello hello
``` ```
## How it works ## How it works
- All dependencies are defined in `./shell.nix` - All dependencies are defined in `./flake.nix`
- When you run `make tools`, it will run a thin Docker wrapper with the `nixos/nix` image (because not everyone has Nix installed) and mount some required volumes - When you run `make tools`, it will run a thin Docker wrapper with the `nixos/nix` image (because not everyone has Nix installed) and mount some required volumes
- `nix-shell` will start an interactive shell based on the Nix expression in `./shell.nix` and install everything from there - `nix develop` will start an interactive shell based on the Nix expression in `./flake.nix` and install everything from there
## Known issues ## Known issues

2
docs/installation/production/configuration.md
View File

@ -11,7 +11,7 @@ Open the [tools container](../../concepts/tools-container.md), which includes al
=== "Nix" === "Nix"
```sh ```sh
nix-shell nix develop
``` ```
!!! note !!! note

2
docs/installation/production/deployment.md
View File

@ -11,7 +11,7 @@ Open the tools container if you haven't already:
=== "Nix" === "Nix"
```sh ```sh
nix-shell nix develop
``` ```
Build the lab: Build the lab:

2
docs/installation/sandbox.md
View File

@ -37,7 +37,7 @@ Open the tools container, which includes all the tools needed:
=== "Nix" === "Nix"
```sh ```sh
nix-shell nix develop
``` ```
Build a development cluster and bootstrap it: Build a development cluster and bootstrap it:

4
docs/reference/architecture/decision-records.md
View File

@ -24,7 +24,7 @@ They are not permanent, we can change them in the future if better alternatives
**Context** **Context**
While Nix is reproducible, we need a way to control the versions of the tools and keep them up-to-date. While Nix is reproducible, we need a way to control the versions of the tools and keep them up-to-date.
For example, if we update the nixpkgs hash (in `shell.nix`) from `abcd1234` to `defa5678`: For example, if we update the nixpkgs hash (in `flake.nix`) from `abcd1234` to `defa5678`:
- `ansible`: 2.12.1 -> 2.12.6 - `ansible`: 2.12.1 -> 2.12.6
- `terraform`: 1.2.0 -> 1.2.2 - `terraform`: 1.2.0 -> 1.2.2
@ -38,7 +38,7 @@ That looks good. But when we update it from `defa5678` to `cdef9012`:
This time it breaks `foobar` because the new major version contains a breaking change. This time it breaks `foobar` because the new major version contains a breaking change.
We can pin the specific version of each dependency in `shell.nix`, We can pin the specific version of each dependency in `flake.nix`,
however, the maintenance burden is too high (even with Renovate) because we need to update the version of each package regularly rather than just the nixpkgs hash. however, the maintenance burden is too high (even with Renovate) because we need to update the version of each package regularly rather than just the nixpkgs hash.
Instead, we can just bump the nixpkgs hash and run some tests to ensure there is no breaking change. Instead, we can just bump the nixpkgs hash and run some tests to ensure there is no breaking change.

2
external/versions.tf
View File

@ -1,5 +1,5 @@
terraform { terraform {
required_version = "~> 1.3.0" required_version = "~> 1.5.0"
backend "remote" { backend "remote" {
hostname = "app.terraform.io" hostname = "app.terraform.io"

61
flake.lock Normal file
View File

@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1698288402,
"narHash": "sha256-jIIjApPdm+4yt8PglX8pUOexAdEiAax/DXW3S/Mb21E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "60b9db998f71ea49e1a9c41824d09aa274be1344",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

54
flake.nix Normal file
View File

@ -0,0 +1,54 @@
{
description = "Homelab";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, flake-utils }:
flake-utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
with pkgs;
{
devShells.default = mkShell {
packages = [
ansible
ansible-lint
bmake
diffutils
docker
docker-compose_1 # TODO upgrade to version 2
git
go
gotestsum
iproute2
jq
k9s
kube3d
kubectl
kubernetes-helm
kustomize
libisoburn
neovim
openssh
p7zip
pre-commit
shellcheck
terraform # TODO replace with OpenTofu, Terraform is no longer FOSS
yamllint
(python3.withPackages (p: with p; [
jinja2
kubernetes
mkdocs-material
netaddr
rich
]))
];
};
}
);
}

1
renovate.json5
View File

@ -1,4 +1,3 @@
// TODO switch to YAML https://github.com/renovatebot/renovate/issues/7031
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "extends": [

42
shell.nix
View File

@ -1,42 +0,0 @@
# https://status.nixos.org (nixos-22.11)
{ pkgs ? import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/6c591e7adc51.tar.gz") {} }:
let
python-packages = pkgs.python3.withPackages (p: with p; [
jinja2
kubernetes
mkdocs-material
netaddr
rich
]);
in
pkgs.mkShell {
buildInputs = with pkgs; [
ansible
ansible-lint
bmake
diffutils
docker
docker-compose_1 # TODO upgrade to version 2
git
go
gotestsum
iproute2
jq
k9s
kube3d
kubectl
kubernetes-helm
kustomize
libisoburn
neovim
openssh
p7zip
pre-commit
shellcheck
terraform
yamllint
python-packages
];
}

48
test/tools_test.go
View File

@ -1,11 +1,9 @@
package test package test
import ( import (
"fmt"
"path/filepath" "path/filepath"
"testing" "testing"
"github.com/gruntwork-io/terratest/modules/docker"
"github.com/gruntwork-io/terratest/modules/shell" "github.com/gruntwork-io/terratest/modules/shell"
"github.com/gruntwork-io/terratest/modules/version-checker" "github.com/gruntwork-io/terratest/modules/version-checker"
) )
@ -21,12 +19,12 @@ func TestToolsVersions(t *testing.T) {
{"ansible", "--version", ">= 2.12.6, < 3.0.0"}, {"ansible", "--version", ">= 2.12.6, < 3.0.0"},
{"docker", "--version", ">= 20.10.17, < 21.0.0"}, {"docker", "--version", ">= 20.10.17, < 21.0.0"},
{"git", "--version", ">= 2.37.1, < 3.0.0"}, {"git", "--version", ">= 2.37.1, < 3.0.0"},
{"go", "version", ">= 1.19.0, < 1.20.0"}, {"go", "version", ">= 1.20.0, < 1.21.0"},
{"helm", "version", ">= 3.9.4, < 4.0.0"}, {"helm", "version", ">= 3.9.4, < 4.0.0"},
{"kubectl", "version", ">= 1.25.0, < 1.27.0"}, // https://kubernetes.io/releases/version-skew-policy/#kubectl {"kubectl", "version", ">= 1.27.0, < 1.29.0"}, // https://kubernetes.io/releases/version-skew-policy/#kubectl
{"kustomize", "version", ">= 4.5.4, < 5.0.0"}, {"kustomize", "version", ">= 5.0.3, < 6.0.0"},
{"pre-commit", "--version", ">= 2.20.0, < 3.0.0"}, {"pre-commit", "--version", ">= 3.3.2, < 4.0.0"},
{"terraform", "--version", ">= 1.3.1, < 1.4.0"}, {"terraform", "--version", ">= 1.5.0, < 1.6.0"},
} }
for _, tool := range tools { for _, tool := range tools {
@ -45,35 +43,6 @@ func TestToolsVersions(t *testing.T) {
} }
} }
func TestToolsContainer(t *testing.T) {
t.Parallel()
image := "nixos/nix"
projectRoot, err := filepath.Abs("../")
if err != nil {
t.FailNow()
}
options := &docker.RunOptions{
Remove: true,
Volumes: []string{
fmt.Sprintf("%s:%s", projectRoot, projectRoot),
"homelab-tools-cache:/root/.cache",
"homelab-tools-nix:/nix",
},
OtherOptions: []string{
"--workdir", projectRoot,
},
Command: []string{
"nix-shell",
"--pure",
"--command", "exit",
},
}
docker.Run(t, image, options)
}
func TestToolsNixShell(t *testing.T) { func TestToolsNixShell(t *testing.T) {
t.Parallel() t.Parallel()
@ -83,10 +52,11 @@ func TestToolsNixShell(t *testing.T) {
} }
command := shell.Command{ command := shell.Command{
Command: "nix-shell", Command: "nix",
Args: []string{ Args: []string{
"--pure", "develop",
"--command", "exit", "--experimental-features", "nix-command flakes",
"--command", "true",
}, },
WorkingDir: projectRoot, WorkingDir: projectRoot,
} }