diff options
-rw-r--r-- | posts/git-to-deploy.njk | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/posts/git-to-deploy.njk b/posts/git-to-deploy.njk new file mode 100644 index 0000000..244e987 --- /dev/null +++ b/posts/git-to-deploy.njk @@ -0,0 +1,63 @@ +--- +layout: post.njk +title: Using Git to Deploy Nix Configurations +tags: post +date: 2024-01-20 +--- + +<p>Lately I have been learning Nix, which is configured using a +declarative programming language. What is nice about that is that allows +us to reproduce a system very easily. However, I googled around and +tried to figure out how to easily deploy my config from a local machine +to a Nix machine. I started off SSHing into the machine and making edits +using nano in the config, but it’s tedious and I’d rather use my local +machine to change the configurations. There is also little advantage to +having a declarative config if I can’t reuse it elsewhere.</p> +<p>There are tools out there like <a +href="https://github.com/serokell/deploy-rs/tree/master">deploy-rs</a> +and <a href="https://github.com/NixOS/nixops">Nixops</a>. I found them a +bit overkill for my need, which was just to make changes to a personal +development machine, so I came up with a script to make the setup easy. +It makes use of git, and levarages hooks to validate and apply changes with a simple push. In the end, it creates a workflow similar to Heroku. Here is what the script looks like, which you can run +on a new machine with a fresh Nix installation:</p> +<div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="co"># Start of by adding git to our configuration.nix, we will levarage this to</span></span> +<span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a><span class="co"># be able to easily make changes to our machine without SSH.</span></span> +<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a><span class="fu">sed</span> <span class="at">-i</span> <span class="st">'s/}/ programs.git.enable = true;\n}/g'</span> /etc/nixos/configuration.nix</span> +<span id="cb1-4"><a href="#cb1-4" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-5"><a href="#cb1-5" aria-hidden="true" tabindex="-1"></a><span class="co"># Rebuild nix so we have git available</span></span> +<span id="cb1-6"><a href="#cb1-6" aria-hidden="true" tabindex="-1"></a><span class="ex">nixos-rebuild</span> switch</span> +<span id="cb1-7"><a href="#cb1-7" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-8"><a href="#cb1-8" aria-hidden="true" tabindex="-1"></a><span class="co"># Set up a git repository where our nixos configuration lives</span></span> +<span id="cb1-9"><a href="#cb1-9" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> /etc/nixos</span> +<span id="cb1-10"><a href="#cb1-10" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> init</span> +<span id="cb1-11"><a href="#cb1-11" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-12"><a href="#cb1-12" aria-hidden="true" tabindex="-1"></a><span class="co"># Change branch name to main instead of master</span></span> +<span id="cb1-13"><a href="#cb1-13" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> branch <span class="at">-m</span> main</span> +<span id="cb1-14"><a href="#cb1-14" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-15"><a href="#cb1-15" aria-hidden="true" tabindex="-1"></a><span class="co"># Add existing config and commit</span></span> +<span id="cb1-16"><a href="#cb1-16" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> add .</span> +<span id="cb1-17"><a href="#cb1-17" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> commit <span class="at">-m</span> <span class="st">"Initial commit"</span></span> +<span id="cb1-18"><a href="#cb1-18" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-19"><a href="#cb1-19" aria-hidden="true" tabindex="-1"></a><span class="co"># Allow us to push changes to our machine and have those changes immediately reflected in the files</span></span> +<span id="cb1-20"><a href="#cb1-20" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> config receive.denyCurrentBranch updateInstead</span> +<span id="cb1-21"><a href="#cb1-21" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-22"><a href="#cb1-22" aria-hidden="true" tabindex="-1"></a><span class="co"># Add a git hook to validate incoming changes</span></span> +<span id="cb1-23"><a href="#cb1-23" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="at">-e</span> <span class="st">'#!/bin/sh \nnixos-rebuild dry-run'</span> <span class="op">></span> /etc/nixos/.git/hooks/pre-receive</span> +<span id="cb1-24"><a href="#cb1-24" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-25"><a href="#cb1-25" aria-hidden="true" tabindex="-1"></a><span class="co"># Make the hook executable</span></span> +<span id="cb1-26"><a href="#cb1-26" aria-hidden="true" tabindex="-1"></a><span class="fu">chmod</span> +x /etc/nixos/.git/hooks/pre-receive</span> +<span id="cb1-27"><a href="#cb1-27" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-28"><a href="#cb1-28" aria-hidden="true" tabindex="-1"></a><span class="co"># Add a git hook to apply the changes afterward</span></span> +<span id="cb1-29"><a href="#cb1-29" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="at">-e</span> <span class="st">'#!/bin/sh \nnixos-rebuild switch'</span> <span class="op">></span> /etc/nixos/.git/hooks/post-receive</span> +<span id="cb1-30"><a href="#cb1-30" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-31"><a href="#cb1-31" aria-hidden="true" tabindex="-1"></a><span class="co"># Make the hook executable</span></span> +<span id="cb1-32"><a href="#cb1-32" aria-hidden="true" tabindex="-1"></a><span class="fu">chmod</span> +x /etc/nixos/.git/hooks/post-receive</span></code></pre></div> +<p>Once set up, you can clone the repo on your local computer:</p> +<div class="sourceCode" id="cb2"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> clone root@your-machine:/etc/nixos</span></code></pre></div> +<p>And if you’d like to set up a backup on <a +href="https://sourcehut.org/">Sourcehut</a>, you can do so easily:</p> +<div class="sourceCode" id="cb3"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> remote add backup git@git.sr.ht:~username/reponame</span> +<span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> push backup main</span></code></pre></div> +<p>This script can be ran on a new machine. I used <a +href="https://github.com/elitak/nixos-infect/tree/master">Nixos-infect</a> +to setup NixOS on a VPC that I rent on Hetzner cloud.</p> |