mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git
synced 2024-11-22 19:41:30 +00:00
readme: how to update inputs of this flake
This commit is contained in:
parent
1a677f273b
commit
6b66513870
125
README.md
125
README.md
|
@ -1,67 +1,70 @@
|
||||||
# SelfPrivacy NixOS configuration
|
# SelfPrivacy NixOS configuration
|
||||||
|
|
||||||
This is a NixOS config which builds a SelfPrivacy server distribution
|
This configuration is not self-contained, as it needs to be plugged as an input of a top-level NixOS configuration flake (i.e. https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-template/). This flake outputs the following function:
|
||||||
based on data provided in `userdata/userdata.json`.
|
```nix
|
||||||
|
nixosConfigurations-fun =
|
||||||
|
{ hardware-configuration # hardware-configuration.nix file
|
||||||
|
, deployment # deployment.nix file
|
||||||
|
, userdata # nix attrset, obtained by fromJSON from userdata.json
|
||||||
|
, top-level-flake # `self`-reference of the top-level flake
|
||||||
|
, sp-modules # flake inputs of sp-modules flake
|
||||||
|
}:
|
||||||
|
```
|
||||||
|
which returns one or more attributes, containing NixOS configurations (created with `nixpkgs.lib.nixosSystem`). (As of 2024-01-10 there is only a single configuration named `default`.)
|
||||||
|
|
||||||
JSON schema is provided in `userdata/schema.json` for reference.
|
## updating flake inputs
|
||||||
|
|
||||||
**hardware-configuration.nix is not included.**
|
We have 2 flake inputs:
|
||||||
|
- nixpkgs
|
||||||
|
- selfprivacy-api
|
||||||
|
|
||||||
Example JSON config:
|
Both get updated the same ways.
|
||||||
|
|
||||||
```json
|
There are 2 methods:
|
||||||
{
|
1. specify input name only in a command, relying on URL inside `flake.nix`
|
||||||
"backblaze": {
|
2. specify input name and URL in a command, **overriding** whatever URL is inside `flake.nix` for the input to update (override)
|
||||||
"accountId": "BACKBLAZE_KEY_ID",
|
|
||||||
"accountKey": "BACKBLAZE_ACCOUNT_KEY",
|
In any case a Nix flake input is specified using some special _references_ syntax, including URLs, revisions, etc, described in manual: https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#examples. Such reference can be used inside `flake.nix` or as an argument to `nix flake` commands. When a new reference is encountered Nix downloads and extracts it to /nix/store.
|
||||||
"bucket": "BACKBLAZE_BUCKET_NAME"
|
|
||||||
},
|
Before and after running `nix flake lock` (or `nix flake update`) commands you would most likely want to list current inputs using `nix flake metadata`, which are read from `flake.lock` file. Although, Nix should also print a diff between changed referrences once changed.
|
||||||
"api": {
|
|
||||||
"token": "API_TOKEN",
|
`--commit-lock-file` option tells Nix commands to do `git commit flake.lock` automatically, creating a new commit for you.
|
||||||
"enableSwagger": false
|
|
||||||
},
|
### method 1: update specific input
|
||||||
"bitwarden": {
|
|
||||||
"enable": true
|
Example:
|
||||||
},
|
```console
|
||||||
"cloudflare": {
|
$ nix flake lock --update-input nixpkgs
|
||||||
"apiKey": "CF_TOKEN"
|
$ nix flake lock --update-input selfprivacy-api
|
||||||
},
|
```
|
||||||
"databasePassword": "DB_PASSWORD",
|
|
||||||
"domain": "DOMAIN",
|
Depending on how "precise" the URL was speficied in `flake.nix`, with _unmodified_ `flake.nix` the result might be:
|
||||||
"hashedMasterPassword": "HASHED_PASSWORD",
|
* URL with `rev` (sha1) parameter => nothing will update (as we're already at exact commit)
|
||||||
"hostname": "DOMAIN",
|
* URL with `ref` (branch) parameter => input will update to the latest commit of the specified branch
|
||||||
"nextcloud": {
|
* URL without `rev` nor `ref` => input will update to the latest commit of a default branch!
|
||||||
"enable": true,
|
|
||||||
"adminPassword": "PASSWORD",
|
---
|
||||||
"databasePassword": "PASSWORD"
|
|
||||||
},
|
Once Nix 2.19 stabilizes, a different command _must_ be used for updating a single input, like this:
|
||||||
"gitea": {
|
```console
|
||||||
"enable": true
|
$ nix flake update nixpkgs
|
||||||
},
|
```
|
||||||
"jitsi": {
|
|
||||||
"enable": true
|
|
||||||
},
|
### method 2: override specific input
|
||||||
"ocserv": {
|
|
||||||
"enable": true
|
Overriding is more powerful as it allows to change flake input reference to anything just in one command (not only update in the bounds of a branch or a repository).
|
||||||
},
|
|
||||||
"pleroma": {
|
Example:
|
||||||
"enable": true
|
```console
|
||||||
},
|
$ nix flake lock --override-input nixpkgs github:nixos/nixpkgs?ref=nixos-23.11
|
||||||
"timezone": "Europe/Moscow",
|
$ nix flake lock --override-input selfprivacy-api git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=flakes
|
||||||
"resticPassword": "PASSWORD",
|
```
|
||||||
"ssh": {
|
|
||||||
"enable": true,
|
Similarly to update mechanism (described above), depending on the "precision" of an URL, its update scope varies.
|
||||||
"rootSshKeys": [
|
|
||||||
"ssh-ed25519 KEY user@host"
|
Note, that subsequent calls of `nix flake lock --update-input <INPUT>` or `nix flake update` (or `nix flake update INPUT` by Nix 2.19+) will update the input regardless of the prior override. The information about override is stored only in `flake.lock` (`flake.nix` is not altered by Nix).
|
||||||
],
|
|
||||||
"passwordAuthentication": true
|
---
|
||||||
},
|
|
||||||
"username": "LUSER",
|
Note, that override does not update flake inputs recursively (say, you have a flake inside your flake input). For recursive updates only `nix flake lock --update-input` and `nix flake update` mechanisms are suitable. However, as of 2024-01-10 none of the current inputs contain other flakes, hence override mechanism is fine.
|
||||||
"users": [
|
|
||||||
{
|
|
||||||
"hashedPassword": "OTHER_USER_HASHED_PASSWORD",
|
|
||||||
"username": "OTHER_USER"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
Loading…
Reference in a new issue