Configurable nix options and substitute-on-destination

README.md

@@ -151,6 +151,33 @@ Health checks will be repeated until success, and the interval can be configured
 
 It is currently possible to have expressions like `"test \"$(systemctl list-units --failed --no-legend --no-pager |wc -l)\" -eq 0"` (count number of failed systemd units, fail if non-zero) as the first argument in a cmd-healthcheck. This works, but is discouraged, and might break at any time.
 
+### Advanced configuration
+
+**nix.conf-options:** The "network"-attrset supports a sub-attrset named "nixConfig". Options configured here will pass `--option <name> <value>` to all nix commands.
+Note: these options apply to an entire deployment and are *not* configurable on per-host basis.
+The default is an empty set, meaning that the nix configuration is inherited from the build environment. See `man nix.conf`.
+
+**special deployment options:**
+
+(per-host granularity)
+
+`buildOnly` makes morph skip the "push" and "switch" steps for the given host, even if "morph deploy" or "morph push" is executed. (default: false)
+
+
+Example usage of `nixConfig` and `deployment.buildOnly`:
+```
+network = {
+    nixConfig = {
+        "extra-sandbox-paths" = "/foo/bar";
+    };
+};
+
+machine1 = { ... }: {
+    deployment.buildOnly = true;
+};
+
+```
+
 
 ## Hacking morph
 

data/eval-machines.nix

@@ -75,6 +75,9 @@ rec {
         { inherit (v.config.deployment) targetHost secrets healthChecks buildOnly;
           name = n;
           nixosRelease = v.config.system.nixos.release or (removeSuffix v.config.system.nixos.version.suffix v.config.system.nixos.version);
+          nixConfig = mapAttrs
+            (n: v: if builtins.isString v then v else throw "nix option '${n}' must have a string typed value")
+            (network'.network.nixConfig or {});
         }
       );
 

nix/nix.go

@@ -24,6 +24,7 @@ type Host struct {
 	TargetHost   string
 	Secrets      map[string]secrets.Secret
 	BuildOnly    bool
+	NixConfig    map[string]string
 }
 
 type NixContext struct {
@@ -162,6 +163,8 @@ func (ctx *NixContext) BuildMachines(deploymentPath string, hosts []Host, nixArg
 		"--arg", "names", hostsArg,
 		"--out-link", resultLinkPath}
 
+	args = append(args, mkOptions(hosts[0])...)
+
 	if len(nixArgs) > 0 {
 		args = append(args, nixArgs...)
 	}
@@ -200,6 +203,16 @@ func (ctx *NixContext) BuildMachines(deploymentPath string, hosts []Host, nixArg
 	return
 }
 
+func mkOptions(host Host) []string {
+	var options = make([]string, 0)
+	for k, v := range host.NixConfig {
+		options = append(options, "--option")
+		options = append(options, k)
+		options = append(options, v)
+	}
+	return options
+}
+
 func GetNixSystemPath(host Host, resultPath string) (string, error) {
 	return os.Readlink(filepath.Join(resultPath, host.Name))
 }
@@ -238,11 +251,17 @@ func Push(ctx *ssh.SSHContext, host Host, paths ...string) (err error) {
 		env = append(env, fmt.Sprintf("NIX_SSHOPTS=%s","-o StrictHostkeyChecking=No -o UserKnownHostsFile=/dev/null"))
 	}
 
+	options := mkOptions(host)
 	for _, path := range paths {
-		cmd := exec.Command(
-			"nix", "copy",
+		args := []string{
+			"copy",
 			path,
-			"--to", "ssh://"+userArg+host.TargetHost+keyArg,
+			"--to", "ssh://" + userArg + host.TargetHost + keyArg,
+		}
+		args = append(args, options...)
+
+		cmd := exec.Command(
+			"nix", args...,
 		)
 		cmd.Env = env