A simple NixOS deployment tool using nixos-rebuild internally, but trying to make infrastructure deployment more convenient.
Find a file
June 4afbebcf4a
All checks were successful
/ black (push) Successful in 25s
/ ruff (push) Successful in 25s
ci: add a black job to the style.yaml workflow running black --check
2024-06-08 23:43:51 +02:00
.forgejo/workflows ci: add a black job to the style.yaml workflow running black --check 2024-06-08 23:43:51 +02:00
src/infra_rebuild update!: switch from one comma-sep. argument to variadic args. for hosts 2024-06-06 21:08:38 +02:00
tests Create a skeleton python project and modify it to fit this project 2024-06-05 15:24:47 +02:00
.gitignore build: Add Nix flake for building x86_64- and aarch64-linux Nix packages 2024-06-06 20:18:52 +02:00
CONTRIBUTING.md docs: introduce new "ci" tag for changes to the CI and its configuration 2024-06-08 23:14:54 +02:00
COPYING License this program under GPL-3.0-or-later 2024-06-04 23:25:10 +02:00
flake.lock build: Add Nix flake for building x86_64- and aarch64-linux Nix packages 2024-06-06 20:18:52 +02:00
flake.nix build: Add Nix flake for building x86_64- and aarch64-linux Nix packages 2024-06-06 20:18:52 +02:00
pyproject.toml build: set version statically in pyproject.toml 2024-06-06 20:23:48 +02:00
README.md docs: document configuration 2024-06-08 21:34:12 +02:00

infra-rebuild

infra-rebuild mirrors nixos-rebuild closely in its command-line interface, but focuses on making infrastructure deployment more convenient. It is built for infrastructure defined in a flake, where each hosts configuration is represented by a different nixosConfiguration in the flakes output.

For building the configuration of e.g. two hosts called web-01 and git one can simply run:

infra-rebuild build web-01 git

For deploying the hosts - using the switch operation - it's as simple as:

infra-rebuild switch web-01 git

Here infra-rebuild will simply run nixos-rebuild switch with the target-host option set for each host. Because infra-rebuild tries to be usable without any configuration, by default it queries the hosts FQDN from its nixosConfiguration and uses that for the target host. However to override aspects of the target host for specific or all hosts, infra-rebuild also accepts a deployment_configuration.json as configuration.

Configuration

infra-rebuild accepts optional configuration in a deployment_configuration.json.
The following keys are available to be set for configuring various aspects of deployment for specific or all hosts:

  • default.targetPort: A default port to use for connecting to all host.
  • default.targetUser: A default user to use for connecting to all host.
  • hosts.<host>.targetPort: The port to use for connecting to <host>.
  • hosts.<host>.targetUser: The user to use for connecting to <host>.
  • hosts.<host>.targetHostname: The hostname to use for connecting to <host>.

Example

An example deployment_configuration.json might look like this then:

{
  "default": {
    "targetPort": 2222,
    "targetUser": "deploy"
  },
  "hosts": {
    "web-01": {
      "targetUser": "web-deploy",
      "targetHostname": "web-01-intern.infra.example",
      "targetPort": 22
    }
  },
  "git": {
    "targetUser": "git-deploy"
  }
}

Order of Precedence

The order of precedence from least to greatest for targetPort and targetUser is the following:

  1. system default
  2. default.targetPort/User
  3. hosts.<host>.targetPort/User

The order of precedence from least to greatest for targetHostname is the following:

  1. FQDN from hosts nixosConfiguration
  2. hosts.<host>.targetHostname

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.