FediPanel: do not call nix develop (#375)

Yet another piece of #361.

Reviewed-on: Fediversity/Fediversity#375
Reviewed-by: kiara Grouwstra <kiara@procolix.eu>
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>

panel/default.nix

@@ -20,8 +20,13 @@ in
     packages = [
       pkgs.npins
       manage
+
+      # NixOps4 and its dependencies
+      # FIXME: grab NixOps4 and add it here
+      pkgs.nix
+      pkgs.openssh
     ];
-    env = import ./env.nix { inherit lib pkgs; } // {
+    env = import ./env.nix { } // {
       NPINS_DIRECTORY = toString ../npins;
       CREDENTIALS_DIRECTORY = toString ./.credentials;
       DATABASE_URL = "sqlite:///${toString ./src}/db.sqlite3";

panel/env.nix

@@ -6,5 +6,4 @@ let
 in
 {
   REPO_DIR = toString ../.;
-  # explicitly use nix, as e.g. lix does not have configurable-impure-env
 }

panel/nix/configuration.nix

@@ -23,7 +23,7 @@ let
   cfg = config.services.${name};
   package = pkgs.callPackage ./package.nix { };
 
-  environment = import ../env.nix { inherit lib pkgs; } // {
+  environment = import ../env.nix { } // {
     DATABASE_URL = "sqlite:////var/lib/${name}/db.sqlite3";
     USER_SETTINGS_FILE = pkgs.concatText "configuration.py" [
       ((pkgs.formats.pythonVars { }).generate "settings.py" cfg.settings)
@@ -133,6 +133,17 @@ in
       type = types.attrsOf types.path;
       default = { };
     };
+    nixops4Package = mkOption {
+      type = types.package;
+      description = ''
+        A package providing NixOps4.
+
+        REVIEW: This should not be at the level of the NixOS module, but instead
+        at the level of the panel's package. Until one finds a way to grab
+        NixOps4 from the package's npins-based code, we will have to do with
+        this workaround.
+      '';
+    };
   };
 
   config = mkIf cfg.enable {
@@ -170,6 +181,8 @@ in
     };
 
     users.users.${name} = {
+      # REVIEW[Niols]: change to system user or document why we specifically
+      # need a normal user.
       isNormalUser = true;
     };
 
@@ -181,10 +194,11 @@ in
       path = [
         python-environment
         manage-service
-        # XXX(@fricklerhandwerk): NixOps4 needs a Nix available.
+
+        ## NixOps4 and its dependencies
+        cfg.nixops4Package
         pkgs.nix
-        # TODO(@fricklerhandwerk): Only needed because we invoke NixOps4 via `nix develop`, remove once that's gone.
+        pkgs.openssh
-        pkgs.git
       ];
       preStart = ''
         # Auto-migrate on first run or if the package has changed

panel/nix/tests.nix

@@ -13,6 +13,7 @@ let
       secrets = {
         SECRET_KEY = pkgs.writeText "SECRET_KEY" "secret";
       };
+      nixops4Package = pkgs.hello; # FIXME: actually pass NixOps4
     };
 
     virtualisation = {

panel/src/panel/views.py

@@ -94,11 +94,6 @@ class DeploymentStatus(ConfigurationForm):
             "DEPLOYMENT": config.json()
         }
         cmd = [
-            "nix",
-            "develop",
-            "--extra-experimental-features",
-            "configurable-impure-env",
-            "--command",
             "nixops4",
             "apply",
             "test",