implement nixos deploy for all hosts

build01/configuration.nix

@@ -24,7 +24,7 @@
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;
 
-  networking.hostName = "nix-community-build01";
+  networking.hostName = "build01";
   networking.hostId = "d2905767";
 
   # Emulate armv7 until we have proper builders

build02/configuration.nix

@@ -15,7 +15,7 @@
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;
 
-  networking.hostName = "nix-community-build02";
+  networking.hostName = "build02";
   networking.hostId = "af9ccc71";
   networking.useDHCP = false;
   networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];

build03/configuration.nix

@@ -29,7 +29,7 @@
 
   networking.nix-community.ipv6.address = "2a01:4f9:3a:3b16::1";
 
-  networking.hostName = "nix-community-build03";
+  networking.hostName = "build03";
   networking.hostId = "8daf74c0";
 
   system.stateVersion = "21.05";

build04/configuration.nix

@@ -20,7 +20,7 @@
     terminal_output --append serial
   '';
 
-  networking.hostName = "nix-community-build04";
+  networking.hostName = "build04";
   networking.hostId = "8daf74c0";
 
   networking.usePredictableInterfaceNames = false;

ci.nix

@@ -11,29 +11,25 @@ let
   deployNixOS = args@{
     hostname,
     drv,
+    knownHosts,
       ...
   }: effects.mkEffect (args // {
     secretsMap.ssh = "default-ssh";
     # This style of variable passing allows overrideAttrs and modification in
     # hooks like the userSetupScript.
-    inherit hostname drv;
+    inherit hostname drv knownHosts;
     effectScript = ''
+      export PATH=$PATH:${pkgs.openssh}/bin
       writeSSHKey ssh ~/.ssh/id_ed25519
-      cat >>~/.ssh/known_hosts <<EOF
-      build01.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H
-      build02.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMm3/o1HguyRL1z/nZxLBY9j/YUNXeNuDoiBLZAyt88Z
-      build03.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiozp1A1+SUfJQPa5DZUQcVc6CZK2ZxL6FJtNdh+2TP
-      build04.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU/gbREwVuI1p3ag1iG72jxl2/92yGl38c+TPOfFMH8
-      EOF
-
-      ${pkgs.openssh}/bin/ssh -i deploy-key root@"$hostname" "\$(nix-store -r $drv)/bin/switch-to-configuration switch"
+      echo "$knownHosts" >>~/.ssh/known_hosts
+      ssh -i deploy-key root@"$hostname" "\$(nix-store -r $drv)/bin/switch-to-configuration switch"
     '';
   });
+  deployNixOS' = name: config: nixpkgs.lib.nameValuePair "deploy-${name}" (deployNixOS {
+    hostname = config.config.networking.fqdn;
+    knownHosts = config.config.environment.etc."ssh/ssh_known_hosts".text;
+    drv = builtins.unsafeDiscardStringContext config.config.system.build.toplevel.drvPath;
+  });
 in
-(nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.outputs.nixosConfigurations) // {
- build01 = deployNixOS {
-    hostname = "build01.nix-community.org";
-    # using the drv path here avoids downloading the closure on the deploying machine
-    drv = builtins.unsafeDiscardStringContext self.outputs.nixosConfigurations.nix-community-build01.config.system.build.toplevel.drvPath;
-  };
-}
+(nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.outputs.nixosConfigurations) //
+(nixpkgs.lib.mapAttrs' deployNixOS' self.outputs.nixosConfigurations)

roles/common.nix

@@ -47,4 +47,13 @@
 
   # speed-up evaluation & save disk space by disabling manpages
   documentation.enable = false;
+
+  networking.domain = "nix-community.org";
+
+  # HACK: NixOS does not let us using a hostname that has the domain part included include domain part in hostname
+  boot.kernel.sysctl."kernel.hostname" = config.networking.fqdn;
+
+  # don't override host set by sysctl
+  system.activationScripts.hostname = lib.mkForce "";
+  system.activationScripts.domain = lib.mkForce "";
 }