eval-machine-info.nix: ported to modules

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "python.formatting.provider": "black"
+}

doc/guides/deploy-without-root.rst

@@ -69,7 +69,7 @@ Edit your nixops.nix to specify the machine's
   {
     network.description = "Non-root deployment";
 
-    hermes =
+    resources.machines.hermes =
       { resources, ... }:
       {
         deployment.targetUser = "deployer";

doc/manual/nixops.rst

@@ -1067,9 +1067,9 @@ Consider the following deployment specification (``servers.nix``):
 
 ::
 
-   { nrMachines, active }:
+   { nrMachines, active, lib }:
 
-   with import <nixpkgs/lib>;
+   with lib;
 
    let
 
@@ -1080,7 +1080,7 @@ Consider the following deployment specification (``servers.nix``):
          services.httpd.adminAddr = "[email protected]";
        });
 
-   in listToAttrs (map makeMachine (range 1 nrMachines))
+   in { resources.machines = listToAttrs (map makeMachine (range 1 nrMachines)); }
 
 This specifies a network of nrMachines identical VirtualBox VMs that run
 the Apache web server if active is set. To create 10 machines without

doc/manual/overview.rst

@@ -18,7 +18,7 @@ and leave ``deployment.targetEnv`` undefined. See
 ::
 
    {
-     webserver =
+     resources.machines.webserver =
        { config, pkgs, ... }:
        { deployment.targetHost = "1.2.3.4";
        };
@@ -87,11 +87,14 @@ example:
        imports = [ ./common.nix ];
      };
 
-     machine = { ... }: {};
+     resources.machines.machine = { ... }: {};
    }
 
 Each attribute is explained below:
 
+``resources.machines.*``
+   Applies the given NixOS configuration to the corresponding node.
+
 ``defaults``
    Applies given NixOS module to all machines defined in the network.
 
@@ -118,7 +121,7 @@ Here is an example of a network with network arguments:
    { maintenance ? false
    }:
    {
-     machine =
+     resources.machines.machine =
        { config, pkgs, ... }:
        { services.httpd.enable = maintenance;
          ...
@@ -172,7 +175,7 @@ Add a key to a machine like so.
 ::
 
    {
-     machine =
+     resources.machines.machine =
        { config, pkgs, ... }:
        {
          deployment.keys.my-secret.text = "shhh this is a secret";
@@ -181,7 +184,7 @@ Add a key to a machine like so.
          deployment.keys.my-secret.permissions = "0640";
        };
    }
-       
+
 
 This will create a file ``/run/keys/my-secret`` with the specified
 contents, ownership, and permissions.
@@ -208,7 +211,7 @@ and otherwise inactive when the key is absent. See
 ::
 
    {
-     machine =
+     resources.machines.machine =
        { config, pkgs, ... }:
        {
          deployment.keys.my-secret.text = "shhh this is a secret";
@@ -223,7 +226,7 @@ and otherwise inactive when the key is absent. See
          };
        };
    }
-         
+
 
 These dependencies will ensure that the service is only started when the
 keys it requires are present. For example, after a reboot, the services
@@ -243,33 +246,34 @@ This is possible by using the extra NixOS module input ``nodes``.
 
    {
      network.description = "Gollum server and reverse proxy";
+     resources.machines = {
+
+      gollum =
+        { config, pkgs, ... }:
+        {
+          services.gollum = {
+            enable = true;
+            port = 40273;
+          };
+          networking.firewall.allowedTCPPorts = [ config.services.gollum.port ];
+        };
+
+      reverseproxy =
+        { config, pkgs, nodes, ... }:
+        let
+          gollumPort = nodes.gollum.config.services.gollum.port;
+        in
+        {
+          services.nginx = {
+            enable = true;
+            virtualHosts."wiki.example.net".locations."/" = {
+              proxyPass = "http://gollum:${toString gollumPort}";
+            };
+          };
+          networking.firewall.allowedTCPPorts = [ 80 ];
+        };};
+   };
 
-     gollum =
-       { config, pkgs, ... }:
-       {
-         services.gollum = {
-           enable = true;
-           port = 40273;
-         };
-         networking.firewall.allowedTCPPorts = [ config.services.gollum.port ];
-       };
-
-     reverseproxy =
-       { config, pkgs, nodes, ... }:
-       let
-         gollumPort = nodes.gollum.config.services.gollum.port;
-       in
-       {
-         services.nginx = {
-           enable = true;
-           virtualHosts."wiki.example.net".locations."/" = {
-             proxyPass = "http://gollum:${toString gollumPort}";
-           };
-         };
-         networking.firewall.allowedTCPPorts = [ 80 ];
-       };
-   }
-
 
 Moving the port number to a different value is now without the risk of
 an inconsistent deployment.

doc/overview.rst

@@ -21,7 +21,7 @@ machine, and leave ``deployment.targetEnv`` undefined.  See
 ::
 
    {
-      webserver =
+      resources.machines.webserver =
         { config, pkgs, ... }:
         { deployment.targetHost = "1.2.3.4";
         };
@@ -92,7 +92,7 @@ example:
       imports = [ ./common.nix ];
     };
 
-    machine = { ... }: {};
+    resources.machines.machine = { ... }: {};
     }
 
 Each attribute is explained below:
@@ -122,7 +122,7 @@ Here is an example of a network with network arguments:
     { maintenance ? false
     }:
     {
-      machine =
+      resources.machines.machine =
         { config, pkgs, ... }:
         { services.httpd.enable = maintenance;
           ...
@@ -175,7 +175,7 @@ Add a key to a machine like so.
 ::
 
     {
-      machine =
+      resources.machines.machine =
       { config, pkgs, ... }:
       {
         deployment.keys.my-secret.text = "shhh this is a secret";
@@ -216,7 +216,7 @@ and otherwise inactive when the key is absent. See
 ::
 
     {
-      machine =
+      resources.machines.machine =
         { config, pkgs, ... }:
         {
           deployment.keys.my-secret.text = "shhh this is a secret";
@@ -251,30 +251,32 @@ This is possible by using the extra NixOS module input ``nodes``.
     {
       network.description = "Gollum server and reverse proxy";
 
-      gollum =
-        { config, pkgs, ... }:
-        {
-          services.gollum = {
-            enable = true;
-            port = 40273;
+      resources.machines = {
+        gollum =
+          { config, pkgs, ... }:
+          {
+            services.gollum = {
+              enable = true;
+              port = 40273;
+            };
+            networking.firewall.allowedTCPPorts = [ config.services.gollum.port ];
           };
-          networking.firewall.allowedTCPPorts = [ config.services.gollum.port ];
-        };
 
-      reverseproxy =
-        { config, pkgs, nodes, ... }:
-        let
-          gollumPort = nodes.gollum.config.services.gollum.port;
-        in
-        {
-          services.nginx = {
-            enable = true;
-            virtualHosts."wiki.example.net".locations."/" = {
-              proxyPass = "http://gollum:${toString gollumPort}";
+        reverseproxy =
+          { config, pkgs, nodes, ... }:
+          let
+            gollumPort = nodes.gollum.config.services.gollum.port;
+          in
+          {
+            services.nginx = {
+              enable = true;
+              virtualHosts."wiki.example.net".locations."/" = {
+                proxyPass = "http://gollum:${toString gollumPort}";
+              };
             };
+            networking.firewall.allowedTCPPorts = [ 80 ];
           };
-          networking.firewall.allowedTCPPorts = [ 80 ];
-        };
+      };
     }
 
 Moving the port number to a different value is now without the risk of

doc/release-notes/index.rst

@@ -16,6 +16,10 @@ Release 2.0
 
 - Major code cleanups.
 
+- Now the network specification is using the module system from ``nixpkgs.lib``
+  - Now network specification files can import other files via ``imports``.
+  - We have a ``resources.machines.*`` option where we put every NixOS configuration for the configured nodes. We suggest to use it instead of defining nodes in the top level.
+
 - Removed NixOS Options
 
   - ``deployment.autoLuks.*`` - moved to `nixos-modules-contrib`_.

flake.nix

@@ -45,6 +45,7 @@
         git_root=$(${pkgs.git}/bin/git rev-parse --show-toplevel)
         export PYTHONPATH=$git_root:$PYTHONPATH
         export PATH=$git_root/scripts:$PATH
+        export NIX_PATH="nixpkgs=${toString nixpkgs}:$NIX_PATH"
       '';
     };
 
@@ -73,6 +74,10 @@
         overrides
       ];
 
+      postPatch = ''
+        substituteInPlace nix/eval-machine-info.nix --replace "<nixpkgs>" "${toString nixpkgs}"
+      '';
+
       # TODO: Re-add manual build
     };
 

nix/default-deployment.nix

@@ -0,0 +1,26 @@
+{ lib, ... }: let
+  inherit (lib) mkOption types;
+in {
+  options.deployment = {
+
+    name = mkOption {
+      type = types.str;
+      description = ''
+        The name of the NixOps deployment. This is set by NixOps.
+      '';
+    };
+
+    uuid = mkOption {
+      type = types.str;
+      description = ''
+        The UUID of the NixOps deployment. This is set by NixOps.
+      '';
+    };
+
+    arguments = mkOption {
+      description = ''
+        Attribute set representing the NixOps arguments. This is set by NixOps.
+      '';
+    };
+  };
+}