282 lines
6.8 KiB
Markdown
282 lines
6.8 KiB
Markdown
# Integrating usda-dash-config with athenix
|
|
|
|
This guide shows how to properly integrate the usda-vision flake and usda-dash-config module into your athenix infrastructure.
|
|
|
|
## Architecture
|
|
|
|
```
|
|
athenix/ (main flake)
|
|
├── flake.nix
|
|
│ ├── inputs.usda-vision (flake input)
|
|
│ └── inputs.ragenix (for secrets)
|
|
└── nixos-systems/
|
|
└── inventory.nix
|
|
└── imports default.nix (accesses inputs directly)
|
|
```
|
|
|
|
## Step 1: Add required flake inputs in athenix
|
|
|
|
In your `~/athenix/flake.nix`, add usda-vision and ragenix as inputs:
|
|
|
|
```nix
|
|
{
|
|
description = "Athenix infrastructure";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
|
|
# Add usda-vision flake
|
|
usda-vision = {
|
|
url = "git+https://git.factory.uga.edu/MODEL/usda-vision.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# Ragenix for secrets management
|
|
ragenix = {
|
|
url = "github:yaxitech/ragenix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# Your other inputs...
|
|
};
|
|
|
|
outputs = { self, nixpkgs, usda-vision, ragenix, ... }@inputs: {
|
|
# Your outputs...
|
|
};
|
|
}
|
|
```
|
|
|
|
## Step 2: Pass inputs to NixOS modules
|
|
|
|
Make inputs available to all modules via specialArgs:
|
|
|
|
```nix
|
|
outputs = { self, nixpkgs, ... }@inputs: {
|
|
nixosConfigurations.proxmox-usda-dash = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
|
|
# Make inputs available to all modules
|
|
specialArgs = { inherit inputs; };
|
|
|
|
modules = [
|
|
ragenix.nixosModules.default
|
|
./nixos-systems/inventory.nix
|
|
];
|
|
};
|
|
}
|
|
```
|
|
|
|
## Step 3: Configure secrets with ragenix in athenix
|
|
|
|
Secrets are managed by ragenix in the athenix flake:
|
|
|
|
```nix
|
|
# In your athenix configuration (e.g., inventory.nix)
|
|
{
|
|
age.secrets.usda-vision-env = {
|
|
file = ./secrets/usda-vision/env.age;
|
|
mode = "0644";
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
}
|
|
```
|
|
|
|
## Step 4: Import usda-dash-config module
|
|
|
|
Simply import the default.nix - it will access inputs and age secrets automatically:
|
|
|
|
```nix
|
|
# In inventory.nix
|
|
{ config, inputs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
# Just import directly - no parameters needed!
|
|
/path/to/usda-dash-config/default.nix
|
|
];
|
|
|
|
# Configure secrets (shown above)
|
|
age.secrets.usda-vision-env = {
|
|
file = ./secrets/usda-vision/env.age;
|
|
mode = "0644";
|
|
};
|
|
|
|
# Optional: Configure hostname replacement (defaults shown)
|
|
services.usda-vision = {
|
|
hostname = "192.168.1.156"; # Default: 192.168.1.156
|
|
replaceHostnames = true; # Default: true - replaces exp-dash/localhost
|
|
};
|
|
}
|
|
```
|
|
|
|
Or using fetchGit:
|
|
|
|
```nix
|
|
{ config, inputs, ... }:
|
|
|
|
let
|
|
usda-dash-config = builtins.fetchGit {
|
|
url = "https://git.factory.uga.edu/MODEL/usda-dash-config.git";
|
|
rev = "commit-hash";
|
|
};
|
|
in
|
|
{
|
|
imports = [
|
|
"${usda-dash-config}/default.nix"
|
|
];
|
|
|
|
# Set a custom hostname for your deployment
|
|
services.usda-vision.hostname = "my-custom-host.local";
|
|
}
|
|
```
|
|
|
|
### Module Options
|
|
|
|
- `services.usda-vision.hostname` (string, default: `"192.168.1.156"`) - Hostname or IP to replace exp-dash/localhost with
|
|
- `services.usda-vision.replaceHostnames` (bool, default: `true`) - Whether to perform hostname replacement in docker-compose.yml
|
|
|
|
## Complete Example
|
|
|
|
Here's a complete example of how it all fits together:
|
|
|
|
### ~/athenix/flake.nix
|
|
|
|
```nix
|
|
{
|
|
description = "Athenix infrastructure";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
|
|
usda-vision = {
|
|
url = "path:/home/engr-ugaif/usda-dash-config/usda-vision";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
agenix.url = "github:ryantm/agenix";
|
|
};
|
|
|
|
outputs = { self, nixpkgs, usda-vision, agenix, ... }: {
|
|
nixosConfigurations = {
|
|
usda-dash = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
|
|
specialArgs = {
|
|
usda-vision-packages = usda-vision.packages.x86_64-linux;
|
|
};
|
|
|
|
modules = [
|
|
agenix.nixosModules.default
|
|
./nixos-systems/inventory.nix
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|
|
```
|
|
|
|
### ~/athenix/nixos-systems/inventory.nix
|
|
|
|
```nix
|
|
{ config, pkgs, inputs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
# Simply import - it accesses inputs.usda-vision automatically
|
|
/path/to/usda-dash-config/default.nix
|
|
];
|
|
|
|
# Configure secrets (managed by ragenix in athenix)
|
|
age.secrets.usda-vision-env = {
|
|
file = ./secrets/usda-vision/env.age;
|
|
mode = "0644";
|
|
};
|
|
|
|
age.secrets.usda-vision-azure-env = {
|
|
file = ./secrets/usda-vision/azure-env.age;
|
|
mode = "0644";
|
|
};
|
|
}
|
|
```
|
|
|
|
## Local Development vs Production
|
|
|
|
### Local Development (in usda-vision/)
|
|
|
|
```bash
|
|
cd /path/to/usda-dash-config/usda-vision
|
|
nix develop # Uses the local flake
|
|
```
|
|
|
|
### Production Build (from athenix)
|
|
|
|
```bash
|
|
cd ~/athenix
|
|
nixos-rebuild switch --flake .#usda-dash
|
|
```
|
|
|
|
The usda-vision packages are built by athenix and passed to the usda-dash-config module.
|
|
|
|
## Troubleshooting
|
|
|
|
### "usda-vision-packages is null"
|
|
|
|
The packages aren't being passed correctly. Check:
|
|
- `usda-vision` is in your athenix flake inputs
|
|
- `specialArgs` or `_module.args` includes `usda-vision-packages`
|
|
- The import in inventory.nix uses `inherit usda-vision-packages;`
|
|
|
|
### "attribute 'camera-sdk' missing"
|
|
|
|
The usda-vision flake hasn't been built. Try:
|
|
```bash
|
|
nix flake update # Update the flake lock
|
|
nix build /path/to/usda-dash-config/usda-vision#camera-sdk # Test build
|
|
```
|
|
|
|
### Fallback behavior
|
|
|
|
If `usda-vision-packages` is not provided, the module falls back to building locally with `callPackage`. This works for standalone testing but isn't recommended for production.
|
|
|
|
## Benefits of This Approach
|
|
|
|
1. ✅ **Pure builds**: No `--impure` needed
|
|
2. ✅ **Centralized secrets**: Secrets managed by ragenix in athenix, not in usda-vision flake
|
|
3. ✅ **Centralized packages**: usda-vision is built once by athenix
|
|
4. ✅ **Version control**: Lock file in athenix controls versions
|
|
5. ✅ **Clean separation**:
|
|
- usda-vision flake: package definitions only
|
|
- athenix: secrets management and deployment
|
|
- usda-dash-config: NixOS module configuration
|
|
6. ✅ **Flexible secrets**: Can easily pass different secret files per environment (dev/staging/prod)
|
|
|
|
## Managing Secrets in Athenix
|
|
|
|
To create and manage secrets in athenix:
|
|
|
|
```bash
|
|
# In athenix directory
|
|
cd ~/athenix
|
|
|
|
# Create the secrets directory
|
|
mkdir -p secrets/usda-vision
|
|
|
|
# Create/edit the main environment file secret
|
|
ragenix -e secrets/usda-vision/env.age
|
|
|
|
# Create/edit the Azure environment file secret
|
|
ragenix -e secrets/usda-vision/azure-env.age
|
|
```
|
|
|
|
The content of `env.age` should match the format of `.env.example`:
|
|
```bash
|
|
VITE_SUPABASE_URL=http://127.0.0.1:54321
|
|
VITE_SUPABASE_ANON_KEY=your-key-here
|
|
# ... etc
|
|
```
|
|
- usda-vision = flake (build system)
|
|
- usda-dash-config = module (configuration)
|
|
- athenix = orchestrator (infrastructure)
|
|
5. ✅ **Reusable**: Other athenix machines can use the same packages
|