mirror of
https://github.com/khuedoan/homelab.git
synced 2024-12-22 15:34:33 +07:00
build!: switch to Nix flake
This commit is contained in:
parent
da9afc6de0
commit
60fd8b9e9a
@ -1,5 +1,5 @@
|
||||
FROM nixos/nix
|
||||
|
||||
COPY shell.nix shell.nix
|
||||
COPY flake.nix flake.nix
|
||||
|
||||
RUN nix-shell --command exit
|
||||
RUN nix --experimental-features 'nix-command flakes' develop --command true
|
||||
|
2
Makefile
2
Makefile
@ -40,7 +40,7 @@ tools:
|
||||
--volume homelab-tools-cache:/root/.cache \
|
||||
--volume homelab-tools-nix:/nix \
|
||||
--workdir $(shell pwd) \
|
||||
nixos/nix nix-shell
|
||||
nixos/nix nix --experimental-features 'nix-command flakes' develop
|
||||
|
||||
test:
|
||||
make -C test
|
||||
|
@ -15,7 +15,7 @@ You can use the default Docker wrapper, or use Nix if you have Nix installed:
|
||||
=== "Nix"
|
||||
|
||||
```sh
|
||||
nix-shell
|
||||
nix develop
|
||||
```
|
||||
|
||||
!!! tip
|
||||
@ -25,15 +25,15 @@ You can use the default Docker wrapper, or use Nix if you have Nix installed:
|
||||
It will open a shell like this:
|
||||
|
||||
```
|
||||
[nix-shell:/home/khuedoan/Documents/homelab]# echo hello
|
||||
[khuedoan@ryzentower:~/Documents/homelab]$ echo hello
|
||||
hello
|
||||
```
|
||||
|
||||
## How it works
|
||||
|
||||
- All dependencies are defined in `./shell.nix`
|
||||
- All dependencies are defined in `./flake.nix`
|
||||
- When you run `make tools`, it will run a thin Docker wrapper with the `nixos/nix` image (because not everyone has Nix installed) and mount some required volumes
|
||||
- `nix-shell` will start an interactive shell based on the Nix expression in `./shell.nix` and install everything from there
|
||||
- `nix develop` will start an interactive shell based on the Nix expression in `./flake.nix` and install everything from there
|
||||
|
||||
## Known issues
|
||||
|
||||
|
@ -11,7 +11,7 @@ Open the [tools container](../../concepts/tools-container.md), which includes al
|
||||
=== "Nix"
|
||||
|
||||
```sh
|
||||
nix-shell
|
||||
nix develop
|
||||
```
|
||||
|
||||
!!! note
|
||||
|
@ -11,7 +11,7 @@ Open the tools container if you haven't already:
|
||||
=== "Nix"
|
||||
|
||||
```sh
|
||||
nix-shell
|
||||
nix develop
|
||||
```
|
||||
|
||||
Build the lab:
|
||||
|
@ -37,7 +37,7 @@ Open the tools container, which includes all the tools needed:
|
||||
=== "Nix"
|
||||
|
||||
```sh
|
||||
nix-shell
|
||||
nix develop
|
||||
```
|
||||
|
||||
Build a development cluster and bootstrap it:
|
||||
|
@ -24,7 +24,7 @@ They are not permanent, we can change them in the future if better alternatives
|
||||
**Context**
|
||||
|
||||
While Nix is reproducible, we need a way to control the versions of the tools and keep them up-to-date.
|
||||
For example, if we update the nixpkgs hash (in `shell.nix`) from `abcd1234` to `defa5678`:
|
||||
For example, if we update the nixpkgs hash (in `flake.nix`) from `abcd1234` to `defa5678`:
|
||||
|
||||
- `ansible`: 2.12.1 -> 2.12.6
|
||||
- `terraform`: 1.2.0 -> 1.2.2
|
||||
@ -38,7 +38,7 @@ That looks good. But when we update it from `defa5678` to `cdef9012`:
|
||||
|
||||
This time it breaks `foobar` because the new major version contains a breaking change.
|
||||
|
||||
We can pin the specific version of each dependency in `shell.nix`,
|
||||
We can pin the specific version of each dependency in `flake.nix`,
|
||||
however, the maintenance burden is too high (even with Renovate) because we need to update the version of each package regularly rather than just the nixpkgs hash.
|
||||
Instead, we can just bump the nixpkgs hash and run some tests to ensure there is no breaking change.
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
terraform {
|
||||
required_version = "~> 1.3.0"
|
||||
required_version = "~> 1.5.0"
|
||||
|
||||
backend "remote" {
|
||||
hostname = "app.terraform.io"
|
||||
|
61
flake.lock
Normal file
61
flake.lock
Normal file
@ -0,0 +1,61 @@
|
||||
{
|
||||
"nodes": {
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1698288402,
|
||||
"narHash": "sha256-jIIjApPdm+4yt8PglX8pUOexAdEiAax/DXW3S/Mb21E=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "60b9db998f71ea49e1a9c41824d09aa274be1344",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
54
flake.nix
Normal file
54
flake.nix
Normal file
@ -0,0 +1,54 @@
|
||||
{
|
||||
description = "Homelab";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, flake-utils }:
|
||||
flake-utils.lib.eachDefaultSystem (system:
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
in
|
||||
with pkgs;
|
||||
{
|
||||
devShells.default = mkShell {
|
||||
packages = [
|
||||
ansible
|
||||
ansible-lint
|
||||
bmake
|
||||
diffutils
|
||||
docker
|
||||
docker-compose_1 # TODO upgrade to version 2
|
||||
git
|
||||
go
|
||||
gotestsum
|
||||
iproute2
|
||||
jq
|
||||
k9s
|
||||
kube3d
|
||||
kubectl
|
||||
kubernetes-helm
|
||||
kustomize
|
||||
libisoburn
|
||||
neovim
|
||||
openssh
|
||||
p7zip
|
||||
pre-commit
|
||||
shellcheck
|
||||
terraform # TODO replace with OpenTofu, Terraform is no longer FOSS
|
||||
yamllint
|
||||
|
||||
(python3.withPackages (p: with p; [
|
||||
jinja2
|
||||
kubernetes
|
||||
mkdocs-material
|
||||
netaddr
|
||||
rich
|
||||
]))
|
||||
];
|
||||
};
|
||||
}
|
||||
);
|
||||
}
|
@ -1,4 +1,3 @@
|
||||
// TODO switch to YAML https://github.com/renovatebot/renovate/issues/7031
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
|
42
shell.nix
42
shell.nix
@ -1,42 +0,0 @@
|
||||
# https://status.nixos.org (nixos-22.11)
|
||||
{ pkgs ? import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/6c591e7adc51.tar.gz") {} }:
|
||||
|
||||
let
|
||||
python-packages = pkgs.python3.withPackages (p: with p; [
|
||||
jinja2
|
||||
kubernetes
|
||||
mkdocs-material
|
||||
netaddr
|
||||
rich
|
||||
]);
|
||||
in
|
||||
pkgs.mkShell {
|
||||
buildInputs = with pkgs; [
|
||||
ansible
|
||||
ansible-lint
|
||||
bmake
|
||||
diffutils
|
||||
docker
|
||||
docker-compose_1 # TODO upgrade to version 2
|
||||
git
|
||||
go
|
||||
gotestsum
|
||||
iproute2
|
||||
jq
|
||||
k9s
|
||||
kube3d
|
||||
kubectl
|
||||
kubernetes-helm
|
||||
kustomize
|
||||
libisoburn
|
||||
neovim
|
||||
openssh
|
||||
p7zip
|
||||
pre-commit
|
||||
shellcheck
|
||||
terraform
|
||||
yamllint
|
||||
|
||||
python-packages
|
||||
];
|
||||
}
|
@ -1,11 +1,9 @@
|
||||
package test
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"github.com/gruntwork-io/terratest/modules/docker"
|
||||
"github.com/gruntwork-io/terratest/modules/shell"
|
||||
"github.com/gruntwork-io/terratest/modules/version-checker"
|
||||
)
|
||||
@ -21,12 +19,12 @@ func TestToolsVersions(t *testing.T) {
|
||||
{"ansible", "--version", ">= 2.12.6, < 3.0.0"},
|
||||
{"docker", "--version", ">= 20.10.17, < 21.0.0"},
|
||||
{"git", "--version", ">= 2.37.1, < 3.0.0"},
|
||||
{"go", "version", ">= 1.19.0, < 1.20.0"},
|
||||
{"go", "version", ">= 1.20.0, < 1.21.0"},
|
||||
{"helm", "version", ">= 3.9.4, < 4.0.0"},
|
||||
{"kubectl", "version", ">= 1.25.0, < 1.27.0"}, // https://kubernetes.io/releases/version-skew-policy/#kubectl
|
||||
{"kustomize", "version", ">= 4.5.4, < 5.0.0"},
|
||||
{"pre-commit", "--version", ">= 2.20.0, < 3.0.0"},
|
||||
{"terraform", "--version", ">= 1.3.1, < 1.4.0"},
|
||||
{"kubectl", "version", ">= 1.27.0, < 1.29.0"}, // https://kubernetes.io/releases/version-skew-policy/#kubectl
|
||||
{"kustomize", "version", ">= 5.0.3, < 6.0.0"},
|
||||
{"pre-commit", "--version", ">= 3.3.2, < 4.0.0"},
|
||||
{"terraform", "--version", ">= 1.5.0, < 1.6.0"},
|
||||
}
|
||||
|
||||
for _, tool := range tools {
|
||||
@ -45,35 +43,6 @@ func TestToolsVersions(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestToolsContainer(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
image := "nixos/nix"
|
||||
projectRoot, err := filepath.Abs("../")
|
||||
if err != nil {
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
options := &docker.RunOptions{
|
||||
Remove: true,
|
||||
Volumes: []string{
|
||||
fmt.Sprintf("%s:%s", projectRoot, projectRoot),
|
||||
"homelab-tools-cache:/root/.cache",
|
||||
"homelab-tools-nix:/nix",
|
||||
},
|
||||
OtherOptions: []string{
|
||||
"--workdir", projectRoot,
|
||||
},
|
||||
Command: []string{
|
||||
"nix-shell",
|
||||
"--pure",
|
||||
"--command", "exit",
|
||||
},
|
||||
}
|
||||
|
||||
docker.Run(t, image, options)
|
||||
}
|
||||
|
||||
func TestToolsNixShell(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
@ -83,10 +52,11 @@ func TestToolsNixShell(t *testing.T) {
|
||||
}
|
||||
|
||||
command := shell.Command{
|
||||
Command: "nix-shell",
|
||||
Command: "nix",
|
||||
Args: []string{
|
||||
"--pure",
|
||||
"--command", "exit",
|
||||
"develop",
|
||||
"--experimental-features", "nix-command flakes",
|
||||
"--command", "true",
|
||||
},
|
||||
WorkingDir: projectRoot,
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user