From 3f9c174d97eece4a8b41142d472decf210105bda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?=
<nicolas.jeannerod@moduscreate.com>
Date: Mon, 24 Feb 2025 12:27:47 +0100
Subject: [PATCH] Get rid of the `deployment/` directory
---
README.md | 7 +-
deployment/flake-part.nix | 136 ----------------
deployment/procolixVm.nix | 153 ------------------
flake.nix | 1 -
.../old-deployment-readme.md | 0
5 files changed, 2 insertions(+), 295 deletions(-)
delete mode 100644 deployment/flake-part.nix
delete mode 100644 deployment/procolixVm.nix
rename deployment/README.md => infra/old-deployment-readme.md (100%)
diff --git a/README.md b/README.md
index 76279538..61117f46 100644
--- a/README.md
+++ b/README.md
@@ -118,12 +118,9 @@ Contact the project team if you have questions or suggestions, or if you're inte
Most of the directories in this repository have their own README going into more
details as to what they are for. As an overview:
-- [`deployment/`](./deployment) contains bits and pieces having to do with
- auto-deployment of test VMs on a private Proxmox. This directory is
- deprecated, the information it contains outdate. Refer to `infra/` instead.
-
- [`infra/`](./infra) contains the configurations for the various VMs that are
- in production for the project, for instance the Git instances or the Wiki.
+ in production for the project, for instance the Git instances or the Wiki, as
+ well as means to provision and set up new ones.
- [`keys/`](./keys) contains the public keys of the contributors to this project
as well as the systems that we administrate.
diff --git a/deployment/flake-part.nix b/deployment/flake-part.nix
deleted file mode 100644
index 54ac5621..00000000
--- a/deployment/flake-part.nix
+++ /dev/null
@@ -1,136 +0,0 @@
-{ inputs, self, ... }:
-
-let
- allVmIds = builtins.genList (x: 100 + x) 156; # 100 -- 255
-
-in
-{
- flake.nixosConfigurations.provisioning =
- let
- inherit (builtins) map listToAttrs;
- makeProvisioningConfiguration =
- vmid:
- inputs.nixpkgs.lib.nixosSystem {
- modules = [
- { procolix.vmid = vmid; }
- ./procolixVm.nix
- inputs.disko.nixosModules.default
- ];
- };
- in
- listToAttrs (
- map (vmid: {
- name = "fedi${toString vmid}";
- value = makeProvisioningConfiguration vmid;
- }) allVmIds
- );
-
- nixops4Deployments.feditest =
- { providers, ... }:
-
- let
- inherit (builtins) readFile;
-
- makeProcolixVmResource = vmid: vmconfig: {
- type = providers.local.exec;
- imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
-
- ssh = {
- host = "95.215.187.${toString vmid}";
- hostPublicKey = readFile ./hostKeys/fedi${toString vmid}/ssh_host_ed25519_key.pub;
- };
-
- nixpkgs = inputs.nixpkgs;
- nixos.module = {
- imports = [
- vmconfig
- { procolix.vmid = vmid; }
- ./procolixVm.nix
- self.nixosModules.fediversity
- inputs.disko.nixosModules.default
- ];
- };
- };
-
- ## NOTE: All of these secrets are publicly available in this source file
- ## and will end up in the Nix store. We don't care as they are only ever
- ## used for testing anyway.
- pixelfedS3KeyConfig =
- { pkgs, ... }:
- {
- s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GKb5615457d44214411e673b7b";
- s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
- };
- mastodonS3KeyConfig =
- { pkgs, ... }:
- {
- s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK3515373e4c851ebaad366558";
- s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
- };
- peertubeS3KeyConfig =
- { pkgs, ... }:
- {
- s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK1f9feea9960f6f95ff404c9b";
- s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395";
- };
-
- in
- {
- providers = { inherit (inputs.nixops4.modules.nixops4Provider) local; };
-
- resources = {
- fedi100 = makeProcolixVmResource 100 (
- { pkgs, ... }:
- {
- fediversity = {
- domain = "abundos.eu";
- garage.enable = true;
- pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
- mastodon = mastodonS3KeyConfig { inherit pkgs; };
- peertube = peertubeS3KeyConfig { inherit pkgs; };
- };
- }
- );
-
- fedi101 = makeProcolixVmResource 101 (
- { pkgs, ... }:
- {
- fediversity = {
- domain = "abundos.eu";
- pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
- enable = true;
- };
- };
- }
- );
-
- fedi102 = makeProcolixVmResource 102 (
- { pkgs, ... }:
- {
- fediversity = {
- domain = "abundos.eu";
- mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
- enable = true;
- };
-
- temp.cores = 1; # FIXME: should come from NixOps4 eventually
- };
- }
- );
-
- fedi103 = makeProcolixVmResource 103 (
- { pkgs, ... }:
- {
- fediversity = {
- domain = "abundos.eu";
- peertube = peertubeS3KeyConfig { inherit pkgs; } // {
- enable = true;
- ## NOTE: Only ever used for testing anyway.
- secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
- };
- };
- }
- );
- };
- };
-}
diff --git a/deployment/procolixVm.nix b/deployment/procolixVm.nix
deleted file mode 100644
index 094bab37..00000000
--- a/deployment/procolixVm.nix
+++ /dev/null
@@ -1,153 +0,0 @@
-{
- lib,
- config,
- modulesPath,
- ...
-}:
-
-let
- inherit (lib) mkOption;
- inherit (lib.types) types;
-in
-
-{
- imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
- options = {
- procolix = {
- vmid = mkOption {
- type = types.ints.between 100 255;
- description = ''
- Identifier of the machine. This is a number between 100 and 255.
- '';
- };
- };
- };
-
- config = {
- ########################################################################
- ## Network
-
- services.openssh.enable = true;
-
- networking = {
- hostName = "fedi${toString config.procolix.vmid}";
- domain = "procolix.com";
-
- interfaces = {
- eth0 = {
- ipv4 = {
- addresses = [
- {
- address = "95.215.187.${toString config.procolix.vmid}";
- prefixLength = 24;
- }
- ];
- };
- ipv6 = {
- addresses = [
- {
- address = "2a00:51c0:13:1305::${toString config.procolix.vmid}";
- prefixLength = 64;
- }
- ];
- };
- };
- };
-
- defaultGateway = {
- address = "95.215.187.1";
- interface = "eth0";
- };
- defaultGateway6 = {
- address = "2a00:51c0:13:1305::1";
- interface = "eth0";
- };
-
- nameservers = [
- "95.215.185.6"
- "95.215.185.7"
- ];
- };
-
- ########################################################################
- ## Hardware
-
- boot = {
- loader = {
- systemd-boot.enable = true;
- efi.canTouchEfiVariables = true;
- };
- initrd = {
- availableKernelModules = [
- "ata_piix"
- "uhci_hcd"
- "virtio_pci"
- "virtio_scsi"
- "sd_mod"
- "sr_mod"
- ];
- kernelModules = [ "dm-snapshot" ];
- };
- };
-
- disko.devices.disk.main = {
- device = "/dev/sda";
- type = "disk";
-
- content = {
- type = "gpt";
-
- partitions = {
- MBR = {
- priority = 0;
- size = "1M";
- type = "EF02";
- };
-
- ESP = {
- priority = 1;
- size = "500M";
- type = "EF00";
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- };
- };
-
- root = {
- priority = 2;
- size = "100%";
- content = {
- type = "filesystem";
- format = "ext4";
- mountpoint = "/";
- };
- };
- };
- };
- };
-
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
- ########################################################################
- ## Miscellaneous
-
- services.qemuGuest.enable = true;
-
- time.timeZone = "Europe/Amsterdam";
-
- i18n.defaultLocale = "en_US.UTF-8";
-
- users.users.root.openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY"
- ];
-
- nix.extraOptions = ''
- experimental-features = nix-command flakes
- '';
-
- system.stateVersion = "24.05"; # Did you read the comment?
- };
-}
diff --git a/flake.nix b/flake.nix
index dfd51ba8..abbf47d0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -25,7 +25,6 @@
inputs.git-hooks.flakeModule
inputs.nixops4.modules.flake.default
- ./deployment/flake-part.nix
./infra/flake-part.nix
./services/flake-part.nix
];
diff --git a/deployment/README.md b/infra/old-deployment-readme.md
similarity index 100%
rename from deployment/README.md
rename to infra/old-deployment-readme.md