fricklerhandwerk/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

update deployment

Browse source
This commit is contained in:
Kiara Grouwstra 2025-08-25 19:42:38 +02:00
parent ab2a31263d
commit 53ffe295f0
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
2 changed files with 135 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

153
deployment/check/data-model/deployment.nix
View file

@ -8,6 +8,8 @@
let let
inherit (sources) nixpkgs; inherit (sources) nixpkgs;
lib = import "${nixpkgs}/lib"; lib = import "${nixpkgs}/lib";
deployment-config = config;
inherit (lib) mkOption types;
eval = eval =
module: module:
(lib.evalModules { (lib.evalModules {
@ -20,47 +22,132 @@ let
]; ];
}).config; }).config;
fediversity = eval ( fediversity = eval (
{ ... }: { config, ... }:
{ {
config = { config = {
environments.single-nixos-vm = resources.login-shell = {
{ ... }: description = "The operator needs to be able to log into the shell";
{ request =
implementation = requests: { { ... }:
input = requests; {
output.ssh-host = { _class = "fediversity-resource-request";
ssh = { options = {
host = "localhost"; wheel = mkOption {
username = "root"; description = "Whether the login user needs root permissions";
key-file = null; type = types.bool;
default = false;
}; };
nixos-configuration = packages = mkOption {
{ pkgs, ... }: description = "Packages that need to be available in the user environment";
{ type = with types; attrsOf package;
imports = [ };
../common/sharedOptions.nix };
../common/targetNode.nix };
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" policy =
]; { config, ... }:
{
inherit (config) enableAcme; _class = "fediversity-resource-policy";
acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null; options = {
username = mkOption {
environment.systemPackages = with pkgs; [ description = "Username for the operator";
hello type = types.str; # TODO: use the proper constraints from NixOS
]; };
wheel = mkOption {
users.users = config.resources.shell.login-shell.apply ( description = "Whether to allow login with root permissions";
lib.filterAttrs (_name: value: value ? login-shell) requests type = types.bool;
); default = false;
};
};
config = {
resource-type = types.raw; # TODO: splice out the user type from NixOS
apply =
requests:
let
# Filter out requests that need wheel if policy doesn't allow it
validRequests = lib.filterAttrs (
_name: req: !req.login-shell.wheel || config.wheel
) requests.resources;
in
lib.optionalAttrs (validRequests != { }) {
${config.username} = {
isNormalUser = true;
packages =
with lib;
attrValues (concatMapAttrs (_name: request: request.login-shell.packages) validRequests);
extraGroups = lib.optional config.wheel "wheel";
};
}; };
}; };
}; };
};
applications.hello =
{ pkgs, ... }:
{
description = ''Command-line tool that will print "Hello, world!" on the terminal'';
module =
{ ... }:
{
options.enable = lib.mkEnableOption "Hello in the shell";
};
implementation = cfg: {
input = cfg;
output = lib.optionalAttrs cfg.enable {
resources.hello.login-shell.packages.hello = pkgs.hello;
};
};
}; };
environments.single-nixos-vm = environment: {
resources."operator-environment".login-shell.username = "operator";
implementation = requests: {
input = requests;
output.ssh-host = {
ssh = {
username = "root";
inherit (deployment-config) host;
key-file = null;
};
nixos-configuration =
{ pkgs, ... }:
{
imports = [
./options.nix
../common/sharedOptions.nix
../common/targetNode.nix
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
];
inherit (deployment-config) enableAcme;
acmeNodeIP =
if deployment-config.enableAcme then
deployment-config.nodes.acme.networking.primaryIPAddress
else
null;
environment.systemPackages = with pkgs; [
hello
];
users.users = environment.config.resources."operator-environment".login-shell.apply {
resources = lib.filterAttrs (_name: value: value ? login-shell) requests;
};
};
};
};
};
};
options = {
"example-configuration" = mkOption {
type = config.configuration;
default = {
enable = true;
applications.hello.enable = true;
};
};
"example-deployment" = mkOption {
default = config.environments.single-nixos-vm.deployment config."example-configuration";
};
}; };
} }
); );
in in
fediversity.environments.single-nixos-vm.deployment { fediversity."example-deployment"
enable = true;
}

15
deployment/check/data-model/options.nix Normal file
View file

@ -0,0 +1,15 @@
{
lib,
...
}:
let
inherit (lib) types;
in
{
options = {
host = lib.mkOption {
type = types.str;
description = "name of the host to deploy to";
};
};
}