Configurable nix options and substitute-on-destination

README.md

@@ -151,6 +151,38 @@ Health checks will be repeated until success, and the interval can be configured
 
 It is currently possible to have expressions like `"test \"$(systemctl list-units --failed --no-legend --no-pager |wc -l)\" -eq 0"` (count number of failed systemd units, fail if non-zero) as the first argument in a cmd-healthcheck. This works, but is discouraged, and might break at any time.
 
+### Advanced configuration
+
+**nix.conf-options:** The "network"-attrset supports a sub-attrset named "nixConfig". Options configured here will pass `--option <name> <value>` to all nix commands.
+Note: these options apply to an entire deployment and are *not* configurable on per-host basis.
+The default is an empty set, meaning that the nix configuration is inherited from the build environment. See `man nix.conf`.
+
+**special deployment options:**
+
+(per-host granularity)
+
+`buildOnly` makes morph skip the "push" and "switch" steps for the given host, even if "morph deploy" or "morph push" is executed. (default: false)
+
+`substituteOnDestination` Sets the `--substitute-on-destination` flag on nix copy, allowing for the deployment target to use substitutes. See `nix copy --help`. (default: false)
+
+
+Example usage of `nixConfig` and deployment module options:
+```
+network = {
+    nixConfig = {
+        "extra-sandbox-paths" = "/foo/bar";
+    };
+};
+
+machine1 = { ... }: {
+    deployment.buildOnly = true;
+};
+
+machine2 = { ... }: {
+    deployment.substituteOnDestination = true;
+};
+```
+
 
 ## Hacking morph
 

data/eval-machines.nix

@@ -72,9 +72,12 @@ rec {
 
     machines =
       flip mapAttrs nodes (n: v': let v = scrubOptionValue v'; in
-        { inherit (v.config.deployment) targetHost secrets healthChecks buildOnly;
+        { inherit (v.config.deployment) targetHost secrets healthChecks buildOnly substituteOnDestination;
           name = n;
           nixosRelease = v.config.system.nixos.release or (removeSuffix v.config.system.nixos.version.suffix v.config.system.nixos.version);
+          nixConfig = mapAttrs
+            (n: v: if builtins.isString v then v else throw "nix option '${n}' must have a string typed value")
+            (network'.network.nixConfig or {});
         }
       );
 

data/options.nix

@@ -172,6 +172,16 @@ in
       '';
     };
 
+    substituteOnDestination = mkOption {
+      type = bool;
+      default = false;
+      description = ''
+        Sets the `--substitute-on-destination` flag on nix copy,
+        allowing for the deployment target to use substitutes.
+        See `nix copy --help`.
+      '';
+    };
+
     secrets = mkOption {
       default = {};
       example = {

nix/nix.go

@@ -11,19 +11,21 @@ import (
 	"io/ioutil"
 	"os"
 	"os/exec"
+	"path"
 	"path/filepath"
 	"syscall"
 	"time"
-	"path"
 )
 
 type Host struct {
-	HealthChecks healthchecks.HealthChecks
-	Name         string
-	NixosRelease string
-	TargetHost   string
-	Secrets      map[string]secrets.Secret
-	BuildOnly    bool
+	HealthChecks            healthchecks.HealthChecks
+	Name                    string
+	NixosRelease            string
+	TargetHost              string
+	Secrets                 map[string]secrets.Secret
+	BuildOnly               bool
+	SubstituteOnDestination bool
+	NixConfig               map[string]string
 }
 
 type NixContext struct {
@@ -142,26 +144,28 @@ func (ctx *NixContext) BuildMachines(deploymentPath string, hosts []Host, nixArg
 
 	resultLinkPath := filepath.Join(path.Dir(deploymentPath), ".gcroots", path.Base(deploymentPath))
 	if ctx.KeepGCRoot {
-	  if err = os.MkdirAll(path.Dir(resultLinkPath), 0755) ; err != nil {
-		  ctx.KeepGCRoot = false;
-		  fmt.Fprintf(os.Stderr, "Unable to create GC root, skipping: %s", err)
-	  }
+		if err = os.MkdirAll(path.Dir(resultLinkPath), 0755); err != nil {
+			ctx.KeepGCRoot = false
+			fmt.Fprintf(os.Stderr, "Unable to create GC root, skipping: %s", err)
+		}
 	}
-	if ! ctx.KeepGCRoot {
-	  // create tmp dir for result link
-	  tmpdir, err := ioutil.TempDir("", "morph-")
-	  if err != nil {
-		  return "", err
-	  }
-	  defer os.Remove(tmpdir)
-	  resultLinkPath = filepath.Join(tmpdir, "result")
+	if !ctx.KeepGCRoot {
+		// create tmp dir for result link
+		tmpdir, err := ioutil.TempDir("", "morph-")
+		if err != nil {
+			return "", err
+		}
+		defer os.Remove(tmpdir)
+		resultLinkPath = filepath.Join(tmpdir, "result")
 	}
 	args := []string{ctx.EvalMachines,
 		"-A", "machines",
 		"--arg", "networkExpr", deploymentPath,
 		"--arg", "names", hostsArg,
 		"--out-link", resultLinkPath}
 
+	args = append(args, mkOptions(hosts[0])...)
+
 	if len(nixArgs) > 0 {
 		args = append(args, nixArgs...)
 	}
@@ -176,8 +180,8 @@ func (ctx *NixContext) BuildMachines(deploymentPath string, hosts []Host, nixArg
 	}
 
 	cmd := exec.Command("nix-build", args...)
-	if ! ctx.KeepGCRoot {
-	  defer os.Remove(resultLinkPath)
+	if !ctx.KeepGCRoot {
+		defer os.Remove(resultLinkPath)
 	}
 
 	// show process output on attached stdout/stderr
@@ -200,6 +204,16 @@ func (ctx *NixContext) BuildMachines(deploymentPath string, hosts []Host, nixArg
 	return
 }
 
+func mkOptions(host Host) []string {
+	var options = make([]string, 0)
+	for k, v := range host.NixConfig {
+		options = append(options, "--option")
+		options = append(options, k)
+		options = append(options, v)
+	}
+	return options
+}
+
 func GetNixSystemPath(host Host, resultPath string) (string, error) {
 	return os.Readlink(filepath.Join(resultPath, host.Name))
 }
@@ -235,14 +249,23 @@ func Push(ctx *ssh.SSHContext, host Host, paths ...string) (err error) {
 		keyArg = "?ssh-key=" + ctx.IdentityFile
 	}
 	if ctx.SkipHostKeyCheck {
-		env = append(env, fmt.Sprintf("NIX_SSHOPTS=%s","-o StrictHostkeyChecking=No -o UserKnownHostsFile=/dev/null"))
+		env = append(env, fmt.Sprintf("NIX_SSHOPTS=%s", "-o StrictHostkeyChecking=No -o UserKnownHostsFile=/dev/null"))
 	}
 
+	options := mkOptions(host)
 	for _, path := range paths {
-		cmd := exec.Command(
-			"nix", "copy",
+		args := []string{
+			"copy",
 			path,
-			"--to", "ssh://"+userArg+host.TargetHost+keyArg,
+			"--to", "ssh://" + userArg + host.TargetHost + keyArg,
+		}
+		args = append(args, options...)
+		if host.SubstituteOnDestination {
+			args = append(args, "--substitute-on-destination")
+		}
+
+		cmd := exec.Command(
+			"nix", args...,
 		)
 		cmd.Env = env