feat(devshell;shell.nix): add more common commands to devshell; let s…

…hell.nix set up pre-commit config and not the devshell anymore devshells are incompatible with shellHooks, therefore we need to provide a to set up the pre-commit hook via shell.nix. This fits its purpose of bootstrapping the environment. numtide/devshell#16
garuda-linux · Sep 9, 2023 · afeac97 · afeac97
1 parent 05d50f4
commit afeac97
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 73 deletions.
diff --git a/README.md b/README.md
@@ -7,9 +7,34 @@
 - Our current infrastructure is hosted in one of [these](https://www.hetzner.com/dedicated-rootserver/ax102).
 - The only other server not being contained in this dedicated server is our mail server.
 - Both servers are being backed up to Hetzner storage boxes via [Borg](https://www.borgbackup.org/).
-- After multiple different setups, we settled on NixOS as our main OS.
+- After multiple different setups, we settled on NixOS as our main OS as it provides reproducible and atomically updated system states
 - Most (sub)domains are protected by Cloudflare while also making use of its caching feature. Exemptions are services such as our mailserver and parts violating Cloudflares rules such as proxying Piped content.
 
+## Devshell and tooling
+
+This NixOS flake provides a [devshell](https://github.com/numtide/devshell) which contains all deployment tools as well as handy aliases for common tasks.
+The only requirement for using it is having the Nix packge manager available and having flakes enabled. It can be installed on various distributions via:
+
+```
+sh <(curl -L https://nixos.org/nix/install) --daemon
+```
+
+After that, the shell can be invoked as follows:
+
+```
+nix-shell # assuming flakes are not enabled, this bootstraps the needed files and sets up the pre-commit hook
+nix develop # the intended way to use the devshell, contains all the aliases
+```
+
+To enable flakes and the direct usage of `nix develop` follow this [wiki article](https://nixos.wiki/wiki/Flakes#Other_Distros:_Without_Home-Manager). After running nix develop, new commands are available to perform the following actions:
+
+- `apply` - applies NixOS configuration by executing `nixos-rebuild switch`, mostly used after using `deploy`
+- `buildiso` - spawns a buildiso shell on our `iso-runner` container
+- `clean` - runs the garbage collector on all servers
+- `deploy` - transfers the local configurations to the servers
+- `update` - runs a full infrastructure update including a flake.lock bump
+- `update-forum` - updates the Discourse container by running `./launcher rebuild app`
+
 ## Immortalis (Hetzner dedicated)
 
 ### General
@@ -40,11 +65,11 @@ web-front      container systemd-nspawn nixos 23.11   10.0.5.10
 
 We are seeing:
 
-- 3 Chaotic-AUR builders (`chaotic-kde`, `repo` & `temeraire`)
-- 1 ISO builder / GitHub runner (`iso-runner`)
+- 1 ISO builder (`iso-runner`)
+- 1 reverse proxy serving all the websites and services (`web-front`)
 - 2 Docker dedicated nspawn containers (`docker` & `docker-proxied)
+- 4 Chaotic-AUR builders (`chaotic-kde`, `github-runner`, `repo` & `temeraire`)
 - 5 app dedicated containers (`forum`, `lemmy`, `mastodon`, `meshcentral` & `postgres`)
-- 1 reverse proxy serving all the websites and services (`web-front`)
 
 ### Connecting to the server
 

diff --git a/devshell/flake-module.nix b/devshell/flake-module.nix
@@ -1,6 +1,9 @@
 _:
 {
-  perSystem = { devShells, pkgs, ... }:
+  perSystem = { pkgs, ... }:
+    let
+      immortalis = "116.202.208.112";
+    in
     {
       # The default development shell spawned by "nix develop"
       devshells.default = {
@@ -15,28 +18,32 @@ _:
           }
           {
             name = "deploy";
-            category = "deployment";
+            help = "Deploy the local NixOS configuration to the servers";
+            category = "infra-nix";
             command = ''
               ansible-playbook playbooks/garuda.yml
             '';
           }
           {
             name = "apply";
-            category = "deployment";
+            help = "Apply the infra-nix configuration pushed to the servers";
+            category = "infra-nix";
             command = ''
               ansible-playbook playbooks/apply.yml
             '';
           }
           {
             name = "clean";
-            category = "tools";
+            help = "Runs the garbage collection on the servers";
+            category = "infra-nix";
             command = ''
               ansible-playbook playbooks/garbage_collect.yml
             '';
           }
           {
             name = "update";
-            category = "deployment";
+            help = "Performs a full system update on the servers bumping flake lock";
+            category = "infra-nix";
             command = ''
               ansible-playbook playbooks/system_update.yml
             '';
@@ -47,15 +54,33 @@ _:
           }
           {
             package = "ansible";
-            category = "deployment";
+            category = "infra-nix";
+          }
+          {
+            name = "update-forum";
+            help = "Updates the Discourse container of our forum";
+            category = "infra-nix";
+            command = ''
+              # We are assuming the MixOS user is named the same as the one using it
+              ssh -p224 ${immortalis} "cd /var/disourse; sudo ./launcher rebuild app"
+            '';
+          }
+          {
+            name = "buildiso";
+            help = "Spawn a buildiso shell on the builder";
+            category = "infra-nix";
+            command = ''
+              # We are assuming the NixOS user is named the same as the one using it
+              ssh -p227 -t ${immortalis} "buildiso"
+            '';
           }
           {
             package = "yamlfix";
             category = "formatter";
           }
         ];
         motd = ''
-          {202}🔨 Welcome to the Garuda infra-nix shell ❄️{reset}
+          {202}🔨 Welcome to Garuda's infra-nix shell{reset} ❄️
           $(type -p menu &>/dev/null && menu)
         '';
         name = "infra-nix";
@@ -64,7 +89,6 @@ _:
       # Pre-commit linters & formatters
       pre-commit = {
         check.enable = true;
-        devShell = devShells.default;
         inherit pkgs;
         settings = {
           hooks = {

diff --git a/nixos/modules/nspawn-containers.nix b/nixos/modules/nspawn-containers.nix
@@ -134,15 +134,15 @@ in
       cfg.containers;
 
     environment.etc = lib.mapAttrs'
-      (name: value: lib.nameValuePair "systemd/nspawn/${name}.nspawn" {
+      (name: _value: lib.nameValuePair "systemd/nspawn/${name}.nspawn" {
         text = ''
           [Exec]
           SystemCallFilter=add_key keyctl bpf
         '';
       })
-      (lib.filterAttrs (name: value: value.needsDocker) cfg.containers);
+      (lib.filterAttrs (_name: value: value.needsDocker) cfg.containers);
 
-    systemd.tmpfiles.rules = lib.mapAttrsToList (name: value: "d ${cfg.dockerCache}/${name} 1555 root root") (lib.filterAttrs (name: value: value.needsDocker) cfg.containers);
+    systemd.tmpfiles.rules = lib.mapAttrsToList (name: _value: "d ${cfg.dockerCache}/${name} 1555 root root") (lib.filterAttrs (_name: value: value.needsDocker) cfg.containers);
 
     # Bridge setup
     networking = lib.mkIf (cfg.containers != { }) {

diff --git a/shell.nix b/shell.nix
@@ -8,68 +8,35 @@
     };
   in
   import nixpkgs { overlays = [ ]; }
-, system ? builtins.currentSystem
 , ...
 }:
 let
-  devshell = import src { inherit system; };
-  src = fetchTarball "https://github.com/numtide/devshell/archive/main.tar.gz";
+  nix-pre-commit-hooks = import (builtins.fetchTarball "https://github.com/cachix/pre-commit-hooks.nix/tarball/master");
+  pre-commit-checks = nix-pre-commit-hooks.run {
+    hooks = {
+      actionlint.enable = true;
+      ansible-lint.enable = true;
+      commitizen.enable = true;
+      deadnix.enable = true;
+      nil.enable = true;
+      nixpkgs-fmt.enable = true;
+      prettier.enable = true;
+      shellcheck.enable = true;
+      shfmt.enable = true;
+      statix.enable = true;
+      yamllint.enable = true;
+    };
+    settings = {
+      deadnix = {
+        edit = true;
+        hidden = true;
+        noLambdaArg = true;
+      };
+    };
+    src = ./.;
+  };
 in
-devshell.mkShell {
-  commands = [
-    {
-      package = "pre-commit";
-      category = "formatter";
-    }
-    {
-      package = "manix";
-      category = "handbook";
-    }
-    {
-      name = "deploy";
-      category = "deployment";
-      command = ''
-        ansible-playbook playbooks/garuda.yml
-      '';
-    }
-    {
-      name = "apply";
-      category = "deployment";
-      command = ''
-        ansible-playbook playbooks/apply.yml
-      '';
-    }
-    {
-      name = "clean";
-      category = "deployment";
-      command = ''
-        ansible-playbook playbooks/garbage_collect.yml
-      '';
-    }
-    {
-      name = "update";
-      category = "deployment";
-      command = ''
-        ansible-playbook playbooks/system_update.yml
-      '';
-    }
-    {
-      package = "nixpkgs-fmt";
-      category = "formatter";
-    }
-    {
-      package = "ansible";
-      category = "deployment";
-    }
-    {
-      package = "yamlfix";
-      category = "formatter";
-    }
-  ];
-  motd = ''
-    {202}🔨 Welcome to the Garuda infra-nix shell ❄️{reset}
-    $(type -p menu &>/dev/null && menu)
-  '';
+pkgs.mkShell {
   name = "infra-nix";
   packages = with pkgs; [
     ansible
@@ -83,4 +50,7 @@ devshell.mkShell {
     shfmt
     yamlfix
   ];
+  shellHook = ''
+    ${pre-commit-checks.shellHook}
+  '';
 }