Torjus Håkestad
83de9a3ffb
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
Implement dual improvements to enable efficient testing of pipeline changes without polluting master branch: 1. Add --force flag to create-host script - Skip hostname/IP uniqueness validation - Overwrite existing host configurations - Update entries in flake.nix and terraform/vms.tf (no duplicates) - Useful for iterating on configurations during testing 2. Add branch support to bootstrap mechanism - Bootstrap service reads NIXOS_FLAKE_BRANCH environment variable - Defaults to master if not set - Uses branch in git URL via ?ref= parameter - Service loads environment from /etc/environment 3. Add cloud-init disk support for branch configuration - VMs can specify flake_branch field in terraform/vms.tf - Automatically generates cloud-init snippet setting NIXOS_FLAKE_BRANCH - Uploads snippet to Proxmox via SSH - Production VMs omit flake_branch and use master 4. Update documentation - Document --force flag usage in create-host README - Add branch testing examples in terraform README - Update TODO.md with testing workflow - Add .generated/ to gitignore Testing workflow: Create feature branch, set flake_branch in VM definition, deploy with terraform, iterate with --force flag, clean up before merging. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
74 lines
2.5 KiB
Nix
74 lines
2.5 KiB
Nix
{ pkgs, config, lib, ... }:
|
|
let
|
|
bootstrap-script = pkgs.writeShellApplication {
|
|
name = "nixos-bootstrap";
|
|
runtimeInputs = with pkgs; [ systemd curl nixos-rebuild jq git ];
|
|
text = ''
|
|
set -euo pipefail
|
|
|
|
# Read hostname set by cloud-init (from Terraform VM name via user-data)
|
|
# Cloud-init sets the system hostname from user-data.txt, so we read it from hostnamectl
|
|
HOSTNAME=$(hostnamectl hostname)
|
|
echo "DEBUG: Hostname from hostnamectl: '$HOSTNAME'"
|
|
|
|
echo "Starting NixOS bootstrap for host: $HOSTNAME"
|
|
echo "Waiting for network connectivity..."
|
|
|
|
# Verify we can reach the git server via HTTPS (doesn't respond to ping)
|
|
if ! curl -s --connect-timeout 5 --max-time 10 https://git.t-juice.club >/dev/null 2>&1; then
|
|
echo "ERROR: Cannot reach git.t-juice.club via HTTPS"
|
|
echo "Check network configuration and DNS settings"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Network connectivity confirmed"
|
|
echo "Fetching and building NixOS configuration from flake..."
|
|
|
|
# Read git branch from environment, default to master
|
|
BRANCH="''${NIXOS_FLAKE_BRANCH:-master}"
|
|
echo "Using git branch: $BRANCH"
|
|
|
|
# Build and activate the host-specific configuration
|
|
FLAKE_URL="git+https://git.t-juice.club/torjus/nixos-servers.git?ref=$BRANCH#''${HOSTNAME}"
|
|
|
|
if nixos-rebuild boot --flake "$FLAKE_URL"; then
|
|
echo "Successfully built configuration for $HOSTNAME"
|
|
echo "Rebooting into new configuration..."
|
|
sleep 2
|
|
systemctl reboot
|
|
else
|
|
echo "ERROR: nixos-rebuild failed for $HOSTNAME"
|
|
echo "Check that flake has configuration for this hostname"
|
|
echo "Manual intervention required - system will not reboot"
|
|
exit 1
|
|
fi
|
|
'';
|
|
};
|
|
in
|
|
{
|
|
systemd.services."nixos-bootstrap" = {
|
|
description = "Bootstrap NixOS configuration from flake on first boot";
|
|
|
|
# Wait for cloud-init to finish setting hostname and network to be online
|
|
after = [ "cloud-config.service" "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
requires = [ "cloud-config.service" ];
|
|
|
|
# Run on boot
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
ExecStart = "${bootstrap-script}/bin/nixos-bootstrap";
|
|
|
|
# Read environment variables from /etc/environment (set by cloud-init)
|
|
EnvironmentFile = "-/etc/environment";
|
|
|
|
# Logging to journald
|
|
StandardOutput = "journal+console";
|
|
StandardError = "journal+console";
|
|
};
|
|
};
|
|
}
|