From f4ebf55a1531a07585e7bcd910d4a4b6989e05ae Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Thu, 1 May 2025 11:45:29 +0200 Subject: [PATCH] unify versioning (minus around nixops, for now) --- .envrc | 4 +- .forgejo/workflows/ci.yaml | 4 +- default.nix | 57 ++++++++++ flake.lock | 163 +++-------------------------- flake.nix | 18 ++-- infra/common/resource.nix | 9 +- infra/flake-part.nix | 14 +-- infra/proxmox-provision.sh | 2 +- npins/sources.json | 67 +++++++++++- services/default.nix | 13 +++ services/flake-part.nix | 15 --- services/tests/mastodon.nix | 6 +- services/tests/peertube.nix | 6 +- services/tests/pixelfed-garage.nix | 6 +- shell.nix | 1 + 15 files changed, 184 insertions(+), 201 deletions(-) create mode 100644 default.nix create mode 100644 services/default.nix delete mode 100644 services/flake-part.nix create mode 100644 shell.nix diff --git a/.envrc b/.envrc index 26ef376b..c6aca5a1 100644 --- a/.envrc +++ b/.envrc @@ -3,8 +3,8 @@ # shellcheck shell=bash if type -P lorri &>/dev/null; then - eval "$(lorri direnv --flake .)" + eval "$(lorri direnv)" else echo 'while direnv evaluated .envrc, could not find the command "lorri" [https://github.com/nix-community/lorri]' - use flake + use_nix fi diff --git a/.forgejo/workflows/ci.yaml b/.forgejo/workflows/ci.yaml index 751a1127..98b83852 100644 --- a/.forgejo/workflows/ci.yaml +++ b/.forgejo/workflows/ci.yaml @@ -13,13 +13,13 @@ jobs: runs-on: native steps: - uses: actions/checkout@v4 - - run: nix build .#checks.x86_64-linux.pre-commit -L + - run: nix-build -A tests check-peertube: runs-on: native steps: - uses: actions/checkout@v4 - - run: nix build .#checks.x86_64-linux.peertube -L + - run: cd services && nix-build -A tests.peertube check-panel: runs-on: native diff --git a/default.nix b/default.nix new file mode 100644 index 00000000..4c71ec49 --- /dev/null +++ b/default.nix @@ -0,0 +1,57 @@ +{ + system ? builtins.currentSystem, + sources ? import ./npins, + pkgs ? import sources.nixpkgs { inherit system; }, +}: +let + inherit (sources) + nixpkgs + git-hooks + gitignore + ; + inherit (pkgs) lib; + pre-commit-check = + (import "${git-hooks}/nix" { + inherit nixpkgs system; + gitignore-nix-src = { + lib = import gitignore { inherit lib; }; + }; + }).run + { + src = ./.; + hooks = + let + ## Add a directory here if pre-commit hooks shouldn't apply to it. + optout = [ + "npins" + ]; + excludes = map (dir: "^${dir}/") optout; + addExcludes = lib.mapAttrs (_: c: c // { inherit excludes; }); + in + addExcludes { + nixfmt-rfc-style.enable = true; + deadnix.enable = true; + trim-trailing-whitespace.enable = true; + shellcheck.enable = true; + }; + }; +in +{ + # shell for testing TF directly + shell = pkgs.mkShellNoCC { + inherit (pre-commit-check) shellHook; + buildInputs = pre-commit-check.enabledPackages; + }; + + tests = { + inherit pre-commit-check; + }; + + # re-export inputs so they can be overridden granularly + # (they can't be accessed from the outside any other way) + inherit + sources + system + pkgs + ; +} diff --git a/flake.lock b/flake.lock index 8ecb7bd0..4eff9508 100644 --- a/flake.lock +++ b/flake.lock @@ -1,26 +1,5 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", - "systems": "systems" - }, - "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", - "owner": "ryantm", - "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "crane": { "flake": false, "locked": { @@ -38,46 +17,6 @@ "type": "github" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1740485968, - "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", - "owner": "nix-community", - "repo": "disko", - "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, "dream2nix": { "inputs": { "nixpkgs": [ @@ -246,7 +185,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1710146030, @@ -266,14 +205,14 @@ "inputs": { "flake-compat": "flake-compat", "gitignore": "gitignore", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1737465171, - "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { @@ -286,7 +225,7 @@ "inputs": { "flake-compat": "flake-compat_2", "gitignore": "gitignore_2", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1737465171, @@ -384,27 +323,6 @@ "type": "github" } }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "mk-naked-shell": { "flake": false, "locked": { @@ -501,7 +419,7 @@ "flake-parts": "flake-parts_3", "nix": "nix", "nix-cargo-integration": "nix-cargo-integration", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_3", "nixpkgs-old": "nixpkgs-old" }, "locked": { @@ -548,16 +466,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1730768919, + "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -648,11 +566,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1738136902, - "narHash": "sha256-pUvLijVGARw4u793APze3j6mU1Zwdtz7hGkGGkD87qw=", + "lastModified": 1730768919, + "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9a5db3142ce450045840cc8d832b13b8a2018e0c", + "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", "type": "github" }, "original": { @@ -663,38 +581,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1730768919, - "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1730768919, - "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1738410390, "narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", @@ -710,7 +596,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_4": { "locked": { "lastModified": 1740463929, "narHash": "sha256-4Xhu/3aUdCKeLfdteEHMegx5ooKQvwPHNkOgNCXQrvc=", @@ -794,8 +680,6 @@ }, "root": { "inputs": { - "agenix": "agenix", - "disko": "disko", "flake-parts": "flake-parts", "git-hooks": "git-hooks", "nixops4": [ @@ -803,7 +687,7 @@ "nixops4" ], "nixops4-nixos": "nixops4-nixos", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_4" } }, "rust-overlay": { @@ -869,21 +753,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 217b6108..6dd3d3df 100644 --- a/flake.nix +++ b/flake.nix @@ -1,18 +1,18 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; # consumed by flake-parts flake-parts.url = "github:hercules-ci/flake-parts"; git-hooks.url = "github:cachix/git-hooks.nix"; - agenix.url = "github:ryantm/agenix"; - - disko.url = "github:nix-community/disko"; - nixops4.follows = "nixops4-nixos/nixops4"; nixops4-nixos.url = "github:nixops4/nixops4-nixos"; }; outputs = inputs@{ flake-parts, ... }: + let + sources = import ./npins; + inherit (sources) git-hooks agenix; + in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" @@ -22,17 +22,15 @@ ]; imports = [ - inputs.git-hooks.flakeModule + (import "${git-hooks}/flake-module.nix") inputs.nixops4.modules.flake.default ./deployment/flake-part.nix ./infra/flake-part.nix - ./services/flake-part.nix ]; perSystem = { - config, pkgs, lib, inputs', @@ -57,8 +55,9 @@ devShells.default = pkgs.mkShell { packages = [ + pkgs.npins pkgs.nil - inputs'.agenix.packages.default + (pkgs.callPackage "${agenix}/pkgs/agenix.nix" { }) pkgs.openssh pkgs.httpie pkgs.jq @@ -67,7 +66,6 @@ impureEnvVars = [ "DEPLOYMENT" ]; }) ]; - shellHook = config.pre-commit.installationScript; }; }; }; diff --git a/infra/common/resource.nix b/infra/common/resource.nix index 4606ddf4..7e86467c 100644 --- a/infra/common/resource.nix +++ b/infra/common/resource.nix @@ -1,5 +1,4 @@ { - inputs, lib, config, ... @@ -9,6 +8,8 @@ let inherit (lib) attrValues elem mkDefault; inherit (lib.attrsets) concatMapAttrs optionalAttrs; inherit (lib.strings) removeSuffix; + sources = import ../../npins; + inherit (sources) nixpkgs agenix disko; secretsPrefix = ../../secrets; secrets = import (secretsPrefix + "/secrets.nix"); @@ -25,15 +26,15 @@ in hostPublicKey = config.fediversityVm.hostPublicKey; }; - nixpkgs = inputs.nixpkgs; + inherit nixpkgs; ## The configuration of the machine. We strive to keep in this file only the ## options that really need to be injected from the resource. Everything else ## should go into the `./nixos` subdirectory. nixos.module = { imports = [ - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.default + (import "${agenix}/modules/age.nix") + (import "${disko}/module.nix") ./options.nix ./nixos ]; diff --git a/infra/flake-part.nix b/infra/flake-part.nix index 71c68728..09f9718e 100644 --- a/infra/flake-part.nix +++ b/infra/flake-part.nix @@ -1,5 +1,4 @@ { - self, inputs, lib, ... @@ -14,6 +13,7 @@ let filterAttrs ; inherit (lib.attrsets) genAttrs; + sources = import ../../npins; ## Given a machine's name and whether it is a test VM, make a resource module, ## except for its missing provider. (Depending on the use of that resource, we @@ -21,7 +21,6 @@ let makeResourceModule = { vmName, isTestVm }: { - _module.args = { inherit inputs; }; imports = [ ./common/resource.nix @@ -73,7 +72,7 @@ let { inherit lib; inherit (inputs) nixops4 nixops4-nixos; - inherit (self.nixosModules) fediversity; + fediversity = import ../services/fediversity; } { garageConfigurationResource = makeResourceModule { @@ -96,7 +95,7 @@ let nixops4ResourceNixosMockOptions = { ## NOTE: We allow the use of a few options from - ## `inputs.nixops4-nixos.modules.nixops4Resource.nixos` such that we can + ## `nixops4-nixos.modules.nixops4Resource.nixos` such that we can ## reuse modules that make use of them. ## ## REVIEW: We can probably do much better and cleaner. On the other hand, @@ -121,7 +120,10 @@ let ## Given a VM name, make a NixOS configuration for this machine. makeConfiguration = isTestVm: vmName: - inputs.nixpkgs.lib.nixosSystem { + let + inherit (sources) nixpkgs; + in + import "${nixpkgs}/nixos" { modules = [ (makeResourceConfig { inherit vmName isTestVm; }).nixos.module ]; @@ -150,8 +152,6 @@ let in { - flake.lib.makeInstallerIso = import ./makeInstallerIso.nix; - ## - Each normal or test machine gets a NixOS configuration. ## - Each normal or test machine gets a VM options entry. ## - Each normal machine gets a deployment. diff --git a/infra/proxmox-provision.sh b/infra/proxmox-provision.sh index 8b4d4b55..42aec63b 100755 --- a/infra/proxmox-provision.sh +++ b/infra/proxmox-provision.sh @@ -229,7 +229,7 @@ build_iso () { nix build \ --impure --expr " let flake = builtins.getFlake (builtins.toString ./.); in - flake.lib.makeInstallerIso { + import ./makeInstallerIso.nix { nixosConfiguration = flake.nixosConfigurations.$vm_name; nixpkgs = flake.inputs.nixpkgs; $nix_host_keys diff --git a/npins/sources.json b/npins/sources.json index 1c8bf296..4971590b 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -1,5 +1,18 @@ { "pins": { + "agenix": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "ryantm", + "repo": "agenix" + }, + "branch": "main", + "submodules": false, + "revision": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "url": "https://github.com/ryantm/agenix/archive/e600439ec4c273cf11e06fe4d9d906fb98fa097c.tar.gz", + "hash": "006ngydiykjgqs85cl19h9klq8kaqm5zs0ng51dnwy7nzgqxzsdr" + }, "clan-core": { "type": "Git", "repository": { @@ -12,6 +25,45 @@ "url": null, "hash": "1w2gsy6qwxa5abkv8clb435237iifndcxq0s79wihqw11a5yb938" }, + "flake-parts": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "hercules-ci", + "repo": "flake-parts" + }, + "branch": "main", + "submodules": false, + "revision": "c621e8422220273271f52058f618c94e405bb0f5", + "url": "https://github.com/hercules-ci/flake-parts/archive/c621e8422220273271f52058f618c94e405bb0f5.tar.gz", + "hash": "09j2dafd75ydlcw8v48vcpfm2mw0j6cs8286x2hha2lr08d232w4" + }, + "git-hooks": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "cachix", + "repo": "git-hooks.nix" + }, + "branch": "master", + "submodules": false, + "revision": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "url": "https://github.com/cachix/git-hooks.nix/archive/dcf5072734cb576d2b0c59b2ac44f5050b5eac82.tar.gz", + "hash": "1jmdxmx29xghjiaks6f5amnxld8w3kmxb2zv8lk2yzpgp6kr60qg" + }, + "gitignore": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "hercules-ci", + "repo": "gitignore.nix" + }, + "branch": "master", + "submodules": false, + "revision": "637db329424fd7e46cf4185293b9cc8c88c95394", + "url": "https://github.com/hercules-ci/gitignore.nix/archive/637db329424fd7e46cf4185293b9cc8c88c95394.tar.gz", + "hash": "02wxkdpbhlm3yk5mhkhsp3kwakc16xpmsf2baw57nz1dg459qv8w" + }, "htmx": { "type": "GitRelease", "repository": { @@ -42,10 +94,17 @@ "hash": "1wms0wxwvxac1r1daihj5wsx1nghfk5hwdvy5cpgq481bp9x4cjn" }, "nixpkgs": { - "type": "Channel", - "name": "nixpkgs-unstable", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre782598.18dd725c2960/nixexprs.tar.xz", - "hash": "1p7kgyph7xkj57p19nbxpycmbchc6d9gwdznsmxhymrzyzi3if21" + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "nixos", + "repo": "nixpkgs" + }, + "branch": "nixpkgs-unstable", + "submodules": false, + "revision": "f33a4d26226c05d501b9d4d3e5e60a3a59991921", + "url": "https://github.com/nixos/nixpkgs/archive/f33a4d26226c05d501b9d4d3e5e60a3a59991921.tar.gz", + "hash": "1b6dm1sn0bdpcsmxna0zzspjaixa2dald08005fry5jrbjvwafdj" } }, "version": 5 diff --git a/services/default.nix b/services/default.nix new file mode 100644 index 00000000..a1c868ad --- /dev/null +++ b/services/default.nix @@ -0,0 +1,13 @@ +{ + system ? builtins.currentSystem, + sources ? import ../npins, + pkgs ? import sources.nixpkgs { inherit system; }, + ... +}: +{ + tests = { + mastodon = import ./tests/mastodon.nix { inherit pkgs; }; + pixelfed-garage = import ./tests/pixelfed-garage.nix { inherit pkgs; }; + peertube = import ./tests/peertube.nix { inherit pkgs; }; + }; +} diff --git a/services/flake-part.nix b/services/flake-part.nix deleted file mode 100644 index 485e2618..00000000 --- a/services/flake-part.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ self, ... }: - -{ - flake.nixosModules.fediversity = import ./fediversity; - - perSystem = - { pkgs, ... }: - { - checks = { - mastodon = import ./tests/mastodon.nix { inherit self pkgs; }; - pixelfed-garage = import ./tests/pixelfed-garage.nix { inherit self pkgs; }; - peertube = import ./tests/peertube.nix { inherit self pkgs; }; - }; - }; -} diff --git a/services/tests/mastodon.nix b/services/tests/mastodon.nix index 61629aa7..244f0304 100644 --- a/services/tests/mastodon.nix +++ b/services/tests/mastodon.nix @@ -3,7 +3,7 @@ ## NOTE: This test will fail for Mastodon < 4.3 because of ## https://github.com/mastodon/mastodon/issues/31145 -{ pkgs, self }: +{ pkgs, ... }: let lib = pkgs.lib; @@ -50,8 +50,8 @@ pkgs.nixosTest { { config, ... }: { virtualisation.memorySize = lib.mkVMOverride 4096; - imports = with self.nixosModules; [ - fediversity + imports = [ + ../fediversity ../vm/garage-vm.nix ../vm/mastodon-vm.nix ../vm/interactive-vm.nix diff --git a/services/tests/peertube.nix b/services/tests/peertube.nix index 26711384..27d79589 100644 --- a/services/tests/peertube.nix +++ b/services/tests/peertube.nix @@ -1,6 +1,6 @@ ## This file is a basic test of Peertube functionalities. -{ pkgs, self }: +{ pkgs, ... }: let lib = pkgs.lib; @@ -168,8 +168,8 @@ pkgs.nixosTest { server = { config, ... }: { - imports = with self.nixosModules; [ - fediversity + imports = [ + ../fediversity ../vm/garage-vm.nix ../vm/peertube-vm.nix ../vm/interactive-vm.nix diff --git a/services/tests/pixelfed-garage.nix b/services/tests/pixelfed-garage.nix index fb658a3c..13ad1ef7 100644 --- a/services/tests/pixelfed-garage.nix +++ b/services/tests/pixelfed-garage.nix @@ -1,4 +1,4 @@ -{ pkgs, self }: +{ pkgs, ... }: let lib = pkgs.lib; @@ -143,8 +143,8 @@ pkgs.nixosTest { memorySize = lib.mkVMOverride 8192; cores = 8; }; - imports = with self.nixosModules; [ - fediversity + imports = [ + ../fediversity ../vm/garage-vm.nix ../vm/pixelfed-vm.nix ]; diff --git a/shell.nix b/shell.nix new file mode 100644 index 00000000..a6bdf202 --- /dev/null +++ b/shell.nix @@ -0,0 +1 @@ +(import ./. { }).shell