pasteable command for trying without rebuilding vm

add keys
wip: use ssh in test
2025-08-19 12:00:35 +02:00 · 2025-08-18 12:47:05 +02:00 · 2025-08-14 10:44:36 +02:00 · 2025-08-11 12:08:57 +02:00 · 2025-08-10 13:27:54 +02:00 · 2025-08-10 13:27:54 +02:00
29 changed files with 270 additions and 309 deletions
--- a/.forgejo/workflows/ci.yaml
+++ b/.forgejo/workflows/ci.yaml
@ -62,29 +62,3 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - run: nix build .#checks.x86_64-linux.deployment-model -L
  ## NOTE: NixOps4 does not provide a good “dry run” mode, so we instead check
  ## proxies for resources, namely whether their `.#vmOptions.<machine>` and
  ## `.#nixosConfigurations.<machine>` outputs evaluate and build correctly, and
  ## whether we can dry run `infra/proxmox-*.sh` on them. This will not catch
  ## everything, and in particular not issues in how NixOps4 wires up the
  ## resources, but that is still something.
  check-resources:
    runs-on: native
    steps:
      - uses: actions/checkout@v4
      - run: |
          set -euC
          echo ==================== [ VM Options ] ====================
          machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).vmOptions)')
          for machine in $machines; do
            echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
            nix build .#checks.x86_64-linux.vmOptions-$machine
          done
          echo
          echo ==================== [ NixOS Configurations ] ====================
          machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)')
          for machine in $machines; do
            echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
            nix build .#checks.x86_64-linux.nixosConfigurations-$machine
          done
--- a/deployment/check/common/deployerNode.nix
+++ b/deployment/check/common/deployerNode.nix
@ -49,7 +49,6 @@ in
      substituters = mkForce [ ];
      hashed-mirrors = null;
      connect-timeout = 1;
      download-attempts = 1;
      extra-experimental-features = "flakes";
    };
@ -62,10 +61,6 @@ in
        pkgs.stdenv
        pkgs.stdenvNoCC
        pkgs.automake
        pkgs.autoconf
        pkgs.binutils
        pkgs.bison
      ]
      ++ (
        let
@ -97,35 +92,7 @@ in
          machine.system.build.vm.inputDerivation
          machine.system.build.bootStage1.inputDerivation
          machine.system.build.bootStage2.inputDerivation
          pkgs.automake.inputDerivation
          pkgs.autoconf.inputDerivation
          pkgs.bash.inputDerivation
          pkgs.binutils.inputDerivation
          pkgs.bison.inputDerivation
        ]
        ++ concatLists (
          lib.lists.map (
            pkg:
            if
              pkg ? inputDerivation
              # error: output '/nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2' is not allowed to refer to the following paths:
              #          /nix/store/2xdmps65ryklmbf025bm4pxv16gb8ajv-sudo-1.9.16p2.tar.gz
              #          /nix/store/58br4vk3q5akf4g8lx0pqzfhn47k3j8d-bash-5.2p37
              #          /nix/store/8v6k283dpbc0qkdq81nb6mrxrgcb10i1-gcc-wrapper-14-20241116
              #          /nix/store/9r1nl9ksiyszy4qzzg6y2gcdkca0xmhy-stdenv-linux
              #          /nix/store/a4rmp6in7igbl1wbz9pli5nq0wiclq0y-groff-1.23.0
              #          /nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2
              #          /nix/store/f5y58qz2fzpzgkhp0nizixi10x04ppyy-linux-pam-1.6.1
              #          /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
              #          /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh
              #          /nix/store/yh6qg1nsi5h2xblcr67030pz58fsaxx3-coreutils-9.6
              && !(lib.strings.hasInfix "sudo" (builtins.toString pkg))
            then
              [ pkg.inputDerivation ]
            else
              [ ]
          ) machine.environment.systemPackages
        )
        ++ concatLists (
          lib.mapAttrsToList (
            _k: v: if v ? source.inputDerivation then [ v.source.inputDerivation ] else [ ]
--- a/deployment/check/common/nixosTest.nix
+++ b/deployment/check/common/nixosTest.nix
@ -48,8 +48,7 @@ in
    extraTestScript = mkOption { };
    sourceFileset = mkOption {
-      ## FIXME: grab `lib.types.fileset` from NixOS, once upstreaming PR
+      ## REVIEW: Upstream to nixpkgs?
      ## https://github.com/NixOS/nixpkgs/pull/428293 lands.
      type = types.mkOptionType {
        name = "fileset";
        description = "fileset";
--- a/deployment/check/common/targetNode.nix
+++ b/deployment/check/common/targetNode.nix
@ -18,7 +18,6 @@ in
    (modulesPath + "/profiles/qemu-guest.nix")
    (modulesPath + "/../lib/testing/nixos-test-base.nix")
    ./sharedOptions.nix
    ../../../infra/common/nixos/users.nix
  ];
  config = mkMerge [
@ -32,9 +31,6 @@ in
        ## Not used; save a large copy operation
        channel.enable = false;
        registry = lib.mkForce { };
        settings = {
          download-attempts = 1;
        };
      };
      services.openssh = {
@ -42,46 +38,22 @@ in
        settings.PermitRootLogin = "yes";
      };
-      networking = {
+      networking.firewall.allowedTCPPorts = [ 22 ];
        firewall.enable = false;
        enableIPv6 = false;
      };
      services.getty.autologinUser = lib.mkForce "root";
      ## Test VMs don't have a bootloader by default.
-      # boot.loader = {
+      boot.loader.grub.enable = false;
      #   # GRUB enabled: installation of GRUB on /dev/disk/by-id/virtio-root failed: No such file or directory
      #   grub.enable = false;
      #   # systemd boot enabled: '/boot' is not a mounted partition. Is the path configured correctly?
      #   systemd-boot.enable = true;
      #   efi.canTouchEfiVariables = true;
      # };
      # # same issue as no bootloader
      # boot.loader.generic-extlinux-compatible.enable = false;
      # builds but won't boot back up
      boot.loader.grub.forceInstall = true;
      # # builds but won't boot back up
      # # to be used with --no-bootloader, which i could only find for flakes
      # boot.loader.grub.enable = false;
-      users.mutableUsers = false;
+      users.users.root.openssh.authorizedKeys.keys =
-      users.users.root = {
+        let
-        password = "password";
+          keys = import ../../../keys;
-        hashedPassword = null;
+        in
-        hashedPasswordFile = null;
+        lib.attrValues keys.contributors
-        openssh.authorizedKeys.keys =
+        ++ [
-          let
+          # allow our panel vm access to the test machines
-            keys = import ../../../keys;
+          keys.panel
-          in
+          # allow continuous deployment access
-          lib.attrValues keys.contributors
+          keys.cd
-          ++ [
+        ];
            # allow our panel vm access to the test machines
            keys.panel
            # allow continuous deployment access
            keys.cd
          ];
      };
    }
    (mkIf config.enableAcme {
--- a/deployment/check/data-model/constants.nix
+++ b/deployment/check/data-model/constants.nix
@ -1,6 +1,7 @@
 {
  targetMachines = [
    "hello"
    "cowsay"
  ];
  pathToRoot = ../../..;
  pathFromRoot = ./.;
--- a/deployment/check/data-model/nixosTest.nix
+++ b/deployment/check/data-model/nixosTest.nix
@ -25,16 +25,12 @@ in
      environment.systemPackages = with pkgs; [
        jq
        automake
        autoconf
      ];
      # FIXME: sad times
      system.extraDependencies = with pkgs; [
        jq
        jq.inputDerivation
        automake
        autoconf
      ];
      system.extraDependenciesFromModule =
@ -43,8 +39,6 @@ in
          environment.systemPackages = with pkgs; [
            hello
            cowsay
            automake
            autoconf
          ];
        };
    };
@ -52,6 +46,7 @@ in
  extraTestScript = ''
    with subtest("Check the status before deployment"):
      hello.fail("hello 1>&2")
      cowsay.fail("cowsay 1>&2")
    ${lib.concatStringsSep "\n" (
      lib.lists.map (nodeName: ''
@ -66,45 +61,31 @@ in
              '
              let
-                args = builtins.fromJSON "${
+                system = builtins.currentSystem;
                  lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (
                    lib.strings.toJSON {
                      inherit sources;
                    }
                  )
                }";
                inherit (args) sources;
                configuration = { pkgs, config, ... }: {
                  imports = [
                    ${pathToRoot}/deployment/check/common/sharedOptions.nix
                    ${pathToRoot}/deployment/check/common/targetNode.nix
                    ${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix
                  ];
                  _module.args = builtins.fromJSON "${
                    lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (
                      lib.strings.toJSON {
                        inherit sources;
                      }
                    )
                  }";
                  enableAcme = ${lib.strings.toJSON config.enableAcme};
                  acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
-                  environment.systemPackages = with pkgs; [
+                  # environment.systemPackages = [ pkgs.hello ];
                    hello
                    automake
                    autoconf
                  ];
                };
                eval = import "${sources.nixpkgs}/nixos/lib/eval-config.nix" {
                  system = builtins.currentSystem;
                  specialArgs = {
                    inherit sources;
                  };
                  modules = [ configuration ];
                };
                os = {
                  inherit (eval) pkgs config options;
                  system = eval.config.system.build.toplevel;
                  inherit (eval.config.system.build) vm vmWithBootLoader;
                };
                os = import "${sources.nixpkgs}/nixos" { inherit system configuration; };
              in
              # import "${pathToRoot}/deployment/nixos.nix" {}
              {
                substituters = builtins.concatStringsSep " " os.config.nix.settings.substituters;
                trusted_public_keys = builtins.concatStringsSep " " os.config.nix.settings.trusted-public-keys;
                drv_path = os.config.system.build.toplevel.drvPath;
                out_path = os.config.system.build.toplevel;
              }
@ -116,36 +97,31 @@ in
            json="$("''${command[@]}" --eval --strict --json)"
            # DEPLOY
-            declare drv_path
+            declare substituters trusted_public_keys drv_path
            # set our variables using the json object
            eval "export $(echo $json | jq -r 'to_entries | map("\(.key)=\(.value)") | @sh')"
            host="root@${nodeName}"
            buildArgs=(
              --option extra-binary-caches https://cache.nixos.org/
              --option substituters $substituters
              --option trusted-public-keys $trusted_public_keys
            )
            sshOpts=(
              -o BatchMode=yes
              -o StrictHostKeyChecking=no
              -o "ConnectionAttempts=1"
              -o "ConnectTimeout=1"
              -o "ServerAliveCountMax=1"
              -o "ServerAliveInterval=1"
            )
            # get the realized derivation to deploy
-            outPath=$(nix-store --realize "$drv_path")
+            outPath=$(nix-store --realize "$drv_path" "''${buildArgs[@]}")
            # deploy the config by nix-copy-closure
            NIX_SSHOPTS="''${sshOpts[*]}" nix-copy-closure --to "$host" "$outPath" --gzip --use-substitutes
            # switch the remote host to the config
-            output=$(ssh "''${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
+            ssh "''${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; $outPath/bin/switch-to-configuration switch"
            echo "output: $output"
            if [[ $output != *"Timeout, server ${nodeName} not responding"* ]]; then
              echo "non-timeout error: $output"
              exit 1
            else
              exit 0
            fi
          """)
          ${nodeName}.wait_for_unit("multi-user.target")
          ${nodeName}.succeed("systemctl is-active sshd")
          ${nodeName}.succeed("${nodeName} 1>&2")
      '') targetMachines
    )}
    with subtest("Check the deployment"):
      hello.succeed("hello 1>&2")
      cowsay.succeed("cowsay hi 1>&2")
  '';
 }
--- a/infra/common/options.nix
+++ b/infra/common/options.nix
@ -20,13 +20,16 @@ in
      '';
    };
-    isFediversityVm = mkOption {
+    proxmox = mkOption {
-      type = types.bool;
+      type = types.nullOr (
        types.enum [
          "procolix"
          "fediversity"
        ]
      );
      description = ''
-        Whether the machine is a Fediversity VM or not. This is used to
+        The Proxmox instance. This is used for provisioning only and should be
-        determine whether the machine should be provisioned via Proxmox or not.
+        set to `null` if the machine is not a VM.
        Machines that are _not_ Fediversity VM could be physical machines, or
        VMs that live outside Fediversity, eg. on Procolix's Proxmox.
      '';
    };
--- a/infra/common/proxmox-qemu-vm.nix
+++ b/infra/common/proxmox-qemu-vm.nix
@ -1,14 +1,10 @@
-{ ... }:
+{ sources, ... }:
 {
  _class = "nixos";
-  ## FIXME: It would be nice, but the following leads to infinite recursion
+  imports = [
-  ## in the way we currently plug `sources` in.
+    "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
-  ##
+  ];
  # imports = [
  #   "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
  # ];
  boot = {
    initrd = {
--- a/infra/common/resource.nix
+++ b/infra/common/resource.nix
@ -2,6 +2,7 @@
  inputs,
  lib,
  config,
  sources,
  keys,
  secrets,
  ...
@ -32,9 +33,10 @@ in
  ## should go into the `./nixos` subdirectory.
  nixos.module = {
    imports = [
      "${sources.agenix}/modules/age.nix"
      "${sources.disko}/module.nix"
      ./options.nix
      ./nixos
      ./proxmox-qemu-vm.nix
    ];
    ## Inject the shared options from the resource's `config` into the NixOS
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -14,55 +14,90 @@ let
    mkOption
    evalModules
    filterAttrs
    mapAttrs'
    deepSeq
    ;
  inherit (lib.attrsets) genAttrs;
-  commonResourceModule = {
+  ## Given a machine's name and whether it is a test VM, make a resource module,
-    # TODO(@fricklerhandwerk): this is terrible but IMO we should just ditch
+  ## except for its missing provider. (Depending on the use of that resource, we
-    # flake-parts and have our own data model for how the project is organised
+  ## will provide a different one.)
-    # internally
+  makeResourceModule =
-    _module.args = {
+    { vmName, isTestVm }:
-      inherit
+    {
-        inputs
+      nixos.module.imports = [
-        keys
+        ./common/proxmox-qemu-vm.nix
-        secrets
+      ];
-        sources
+
-        ;
+      nixos.specialArgs = {
        inherit
          sources
          inputs
          keys
          secrets
          ;
      };
      imports =
        [
          ./common/resource.nix
        ]
        ++ (
          if isTestVm then
            [
              ../machines/operator/${vmName}
              {
                nixos.module.users.users.root.openssh.authorizedKeys.keys = [
                  # allow our panel vm access to the test machines
                  keys.panel
                ];
              }
            ]
          else
            [
              ../machines/dev/${vmName}
            ]
        );
      fediversityVm.name = vmName;
    };
    ## FIXME: It would be preferrable to have those `sources`-related imports in
    ## the modules that use them. However, doing so triggers infinite recursions
    ## because of the way we propagate `sources`. `sources` must be propagated by
    ## means of `specialArgs`, but this requires a bigger change.
    nixos.module.imports = [
      "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
      "${sources.agenix}/modules/age.nix"
      "${sources.disko}/module.nix"
      "${sources.home-manager}/nixos"
    ];
    imports = [
      ./common/resource.nix
    ];
  };
  ## Given a list of machine names, make a deployment with those machines'
  ## configurations as resources.
  makeDeployment =
    vmNames:
    { providers, ... }:
    {
-      providers.local = inputs.nixops4.modules.nixops4Provider.local;
+      # XXX: this type merge is for adding `specialArgs` to resource modules
-      resources = genAttrs vmNames (vmName: {
+      options.resources = mkOption {
-        type = providers.local.exec;
+        type =
-        imports = [
+          with lib.types;
-          inputs.nixops4-nixos.modules.nixops4Resource.nixos
+          lazyAttrsOf (submoduleWith {
-          commonResourceModule
+            class = "nixops4Resource";
-          ../machines/dev/${vmName}
+            modules = [ ];
-        ];
+            # TODO(@fricklerhandwerk): we may want to pass through all of `specialArgs`
-      });
+            # once we're sure it's sane. leaving it here for better control during refactoring.
            specialArgs = {
              inherit
                sources
                inputs
                keys
                secrets
                ;
            };
          });
      };
      config = {
        providers.local = inputs.nixops4.modules.nixops4Provider.local;
        resources = genAttrs vmNames (vmName: {
          type = providers.local.exec;
          imports = [
            inputs.nixops4-nixos.modules.nixops4Resource.nixos
            (makeResourceModule {
              inherit vmName;
              isTestVm = false;
            })
          ];
        });
      };
    };
  makeDeployment' = vmName: makeDeployment [ vmName ];
@ -77,29 +112,21 @@ let
        fediversity = import ../services/fediversity;
      }
      {
-        garageConfigurationResource = {
+        garageConfigurationResource = makeResourceModule {
-          imports = [
+          vmName = "test01";
-            commonResourceModule
+          isTestVm = true;
            ../machines/operator/test01
          ];
        };
-        mastodonConfigurationResource = {
+        mastodonConfigurationResource = makeResourceModule {
-          imports = [
+          vmName = "test06"; # somehow `test02` has a problem - use test06 instead
-            commonResourceModule
+          isTestVm = true;
            ../machines/operator/test06 # somehow `test02` has a problem - use test06 instead
          ];
        };
-        peertubeConfigurationResource = {
+        peertubeConfigurationResource = makeResourceModule {
-          imports = [
+          vmName = "test05";
-            commonResourceModule
+          isTestVm = true;
            ../machines/operator/test05
          ];
        };
-        pixelfedConfigurationResource = {
+        pixelfedConfigurationResource = makeResourceModule {
-          imports = [
+          vmName = "test04";
-            commonResourceModule
+          isTestVm = true;
            ../machines/operator/test04
          ];
        };
      };
@ -112,63 +139,54 @@ let
    ## this is only needed to expose NixOS configurations for provisioning
    ## purposes, and eventually all of this should be handled by NixOps4.
    options = {
-      nixos.module = mkOption { type = lib.types.deferredModule; }; # NOTE: not just `nixos` otherwise merging will go wrong
+      nixos.module = mkOption { }; # NOTE: not just `nixos` otherwise merging will go wrong
      nixpkgs = mkOption { };
      ssh = mkOption { };
    };
  };
  makeResourceConfig =
-    { vmName, isTestVm }:
+    vm:
    (evalModules {
      modules = [
        nixops4ResourceNixosMockOptions
-        commonResourceModule
+        (makeResourceModule vm)
        (if isTestVm then ../machines/operator/${vmName} else ../machines/dev/${vmName})
      ];
    }).config;
  ## Given a VM name, make a NixOS configuration for this machine.
  makeConfiguration =
    isTestVm: vmName:
-    import "${sources.nixpkgs}/nixos" {
+    let
-      configuration = (makeResourceConfig { inherit vmName isTestVm; }).nixos.module;
+      inherit (sources) nixpkgs;
-      system = "x86_64-linux";
+    in
    import "${nixpkgs}/nixos" {
      modules = [
        (makeResourceConfig { inherit vmName isTestVm; }).nixos.module
      ];
    };
-  makeVmOptions =
+  makeVmOptions = isTestVm: vmName: {
-    isTestVm: vmName:
+    inherit ((makeResourceConfig { inherit vmName isTestVm; }).fediversityVm)
-    let
+      proxmox
-      config = (makeResourceConfig { inherit vmName isTestVm; }).fediversityVm;
+      vmId
-    in
+      description
-    if config.isFediversityVm then
+
-      {
+      sockets
-        inherit (config)
+      cores
-          vmId
+      memory
-          description
+      diskSize
-          sockets
+
-          cores
+      hostPublicKey
-          memory
+      unsafeHostPrivateKey
-          diskSize
+      ;
-          hostPublicKey
+  };
          unsafeHostPrivateKey
          ;
      }
    else
      null;
  listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path));
  machines = listSubdirectories ../machines/dev;
  testMachines = listSubdirectories ../machines/operator;
  nixosConfigurations =
    genAttrs machines (makeConfiguration false)
    // genAttrs testMachines (makeConfiguration true);
  vmOptions =
    filterAttrs (_: value: value != null) # Filter out non-Fediversity VMs
      (genAttrs machines (makeVmOptions false) // genAttrs testMachines (makeVmOptions true));
 in
 {
  _class = "flake";
@ -192,23 +210,10 @@ in
      )
    );
  };
-  flake = { inherit nixosConfigurations vmOptions; };
+  flake.nixosConfigurations =
-
+    genAttrs machines (makeConfiguration false)
-  perSystem =
+    // genAttrs testMachines (makeConfiguration true);
-    { pkgs, ... }:
+  flake.vmOptions =
-    {
+    genAttrs machines (makeVmOptions false)
-      checks =
+    // genAttrs testMachines (makeVmOptions true);
        mapAttrs' (name: nixosConfiguration: {
          name = "nixosConfigurations-${name}";
          value = nixosConfiguration.config.system.build.toplevel;
        }) nixosConfigurations
        // mapAttrs' (name: vmOptions: {
          name = "vmOptions-${name}";
          ## Check that VM options builds/evaluates correctly. `deepSeq e1
          ## e2` evaluates `e1` strictly in depth before returning `e2`. We
          ## use this trick because checks need to be derivations, which VM
          ## options are not.
          value = deepSeq vmOptions pkgs.hello;
        }) vmOptions;
    };
 }
--- a/infra/proxmox-provision.sh
+++ b/infra/proxmox-provision.sh
@ -179,9 +179,15 @@ grab_vm_options () {
    --log-format raw --quiet
  )
  proxmox=$(echo "$options" | jq -r .proxmox)
  vm_id=$(echo "$options" | jq -r .vmId)
  description=$(echo "$options" | jq -r .description)
  if [ "$proxmox" != fediversity ]; then
    die "I do not know how to provision things that are not Fediversity VMs,
 but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name"
  fi
  sockets=$(echo "$options" | jq -r .sockets)
  cores=$(echo "$options" | jq -r .cores)
  memory=$(echo "$options" | jq -r .memory)
--- a/infra/proxmox-remove.sh
+++ b/infra/proxmox-remove.sh
@ -167,10 +167,16 @@ grab_vm_options () {
      --log-format raw --quiet
    )
    proxmox=$(echo "$options" | jq -r .proxmox)
    vm_id=$(echo "$options" | jq -r .vmId)
-    printf 'done grabing VM options for VM %s. Got id: %d.\n' \
+    if [ "$proxmox" != fediversity ]; then
-      "$vm_name" "$vm_id"
+      die "I do not know how to remove things that are not Fediversity VMs,
  but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name"
    fi
    printf 'done grabing VM options for VM %s. Found VM %d on %s Proxmox.\n' \
      "$vm_name" "$vm_id" "$proxmox"
  fi
 }
--- a/machines/dev/fedi200/default.nix
+++ b/machines/dev/fedi200/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "fedi200";
    isFediversityVm = true;
    vmId = 200;
    proxmox = "fediversity";
    description = "Testing machine for Hans";
    domain = "abundos.eu";
@ -17,4 +16,10 @@
      gateway = "2a00:51c0:13:1305::1";
    };
  };
  nixos.module = {
    imports = [
      ../../../infra/common/proxmox-qemu-vm.nix
    ];
  };
 }
--- a/machines/dev/fedi201/default.nix
+++ b/machines/dev/fedi201/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "fedi201";
    isFediversityVm = true;
    vmId = 201;
    proxmox = "fediversity";
    description = "FediPanel";
    domain = "abundos.eu";
@ -20,6 +19,7 @@
  nixos.module = {
    imports = [
      ../../../infra/common/proxmox-qemu-vm.nix
      ./fedipanel.nix
    ];
  };
--- a/machines/dev/fedi201/fedipanel.nix
+++ b/machines/dev/fedi201/fedipanel.nix
@ -1,5 +1,6 @@
 {
  config,
  sources,
  ...
 }:
 let
@ -10,6 +11,7 @@ in
  imports = [
    (import ../../../panel { }).module
    "${sources.home-manager}/nixos"
  ];
  security.acme = {
--- a/machines/dev/forgejo-ci/default.nix
+++ b/machines/dev/forgejo-ci/default.nix
@ -20,9 +20,7 @@ in
  ssh.host = mkForce "forgejo-ci";
  fediversityVm = {
    name = "forgejo-ci";
    domain = "procolix.com";
    isFediversityVm = false;
    ipv4 = {
      interface = "enp1s0f0";
--- a/machines/dev/vm02116/default.nix
+++ b/machines/dev/vm02116/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "vm02116";
    isFediversityVm = false;
    vmId = 2116;
    proxmox = "procolix";
    description = "Forgejo";
    ipv4.address = "185.206.232.34";
@ -15,6 +14,7 @@
    { lib, ... }:
    {
      imports = [
        ../../../infra/common/proxmox-qemu-vm.nix
        ./forgejo.nix
      ];
--- a/machines/dev/vm02187/default.nix
+++ b/machines/dev/vm02187/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "vm02187";
    isFediversityVm = false;
    vmId = 2187;
    proxmox = "procolix";
    description = "Wiki";
    ipv4.address = "185.206.232.187";
@ -15,6 +14,7 @@
    { lib, ... }:
    {
      imports = [
        ../../../infra/common/proxmox-qemu-vm.nix
        ./wiki.nix
      ];
--- a/machines/operator/test01/default.nix
+++ b/machines/operator/test01/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "test01";
    isFediversityVm = true;
    vmId = 7001;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test02/default.nix
+++ b/machines/operator/test02/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "test02";
    isFediversityVm = true;
    vmId = 7002;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test03/default.nix
+++ b/machines/operator/test03/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "test03";
    isFediversityVm = true;
    vmId = 7003;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test04/default.nix
+++ b/machines/operator/test04/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "test04";
    isFediversityVm = true;
    vmId = 7004;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test05/default.nix
+++ b/machines/operator/test05/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "test05";
    isFediversityVm = true;
    vmId = 7005;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test06/default.nix
+++ b/machines/operator/test06/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "test06";
    isFediversityVm = true;
    vmId = 7006;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test11/default.nix
+++ b/machines/operator/test11/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "test11";
    isFediversityVm = true;
    vmId = 7011;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test12/default.nix
+++ b/machines/operator/test12/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "test12";
    isFediversityVm = true;
    vmId = 7012;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test13/default.nix
+++ b/machines/operator/test13/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "test13";
    isFediversityVm = true;
    vmId = 7013;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test14/default.nix
+++ b/machines/operator/test14/default.nix
@ -2,9 +2,8 @@
  _class = "nixops4Resource";
  fediversityVm = {
    name = "test14";
    isFediversityVm = true;
    vmId = 7014;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/59
+++ b/59
@ -0,0 +1,59 @@
 declare substituters trusted_public_keys drv_path
 host="root@fedi203.abundos.eu"
 sshOpts=(
  -o BatchMode=yes
  -o StrictHostKeyChecking=no
 )
 command=(nix-instantiate --expr '
  let
    sources = import ./npins;
    configuration = {
      imports = [
        ./infra/common/proxmox-qemu-vm.nix
        ./infra/common/nixos/users.nix
        ./deployment/check/common/sharedOptions.nix
        ./deployment/check/common/targetNode.nix
        "${sources.disko}/module.nix"
      ];
    };
    eval = import "${sources.nixpkgs}/nixos/lib/eval-config.nix" {
      system = builtins.currentSystem;
      specialArgs = {
        inherit sources;
      };
      modules = [ configuration ];
    };
    os = {
      inherit (eval) pkgs config options;
      system = eval.config.system.build.toplevel;
      inherit (eval.config.system.build) vm vmWithBootLoader;
    };
  in
  {
    substituters = builtins.concatStringsSep " " os.config.nix.settings.substituters;
    trusted_public_keys = builtins.concatStringsSep " " os.config.nix.settings.trusted-public-keys;
    drv_path = os.config.system.build.toplevel.drvPath;
    out_path = os.config.system.build.toplevel;
  }
 ')
 buildArgs=(
  --option extra-binary-caches https://cache.nixos.org/
  --option substituters "$substituters"
  --option trusted-public-keys "$trusted_public_keys"
 )
 "${command[@]}" -A out_path
 json="$("${command[@]}" --eval --strict --json)"
 eval "export $(echo $json | jq -r 'to_entries | map("\(.key)=\(.value)") | @sh')"
 outPath=$(nix-store --realize "$drv_path" "${buildArgs[@]}")
 NIX_SSHOPTS="${sshOpts[*]}" nix-copy-closure --to "$host" "$outPath" --gzip --use-substitutes
 ssh "${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; $outPath/bin/switch-to-configuration switch"
Author	SHA1	Message	Date
Kiara Grouwstra	ef25264045	pasteable command for trying without rebuilding vm	2025-08-19 12:00:35 +02:00
Kiara Grouwstra	e7f8f12d20	add keys	2025-08-18 12:47:05 +02:00
Kiara Grouwstra	d1c11ca9cf	wip: use ssh in test	2025-08-14 10:44:36 +02:00
Kiara Grouwstra	ba3d3adf73	add deployment method: ssh	2025-08-11 12:08:57 +02:00
Kiara Grouwstra	a75442c940	un-nixops	2025-08-10 13:27:54 +02:00
Kiara Grouwstra	69dad083b9	scaffold deployment/check/data-model from ./basic modelify	2025-08-10 13:27:54 +02:00
Kiara Grouwstra	478c07df31	allow different deployment types	2025-08-09 12:50:22 +02:00
kiara Grouwstra	9c219341b1	Merge pull request 'move nixops4Deployment class' (#6 ) from kiara/Fediversity:data-model-fix-root-class into deployment-data-model-with-tests Reviewed-on: #6 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>	2025-07-31 18:17:56 +02:00
Kiara Grouwstra	8e8787d662	move nixops4Deployment class	2025-07-31 17:13:24 +02:00
Kiara Grouwstra	7ce3902851	put `config` stuff in an attrset	2025-07-31 17:08:40 +02:00
Kiara Grouwstra	68b834b6d7	fix linter gripes	2025-07-31 17:03:43 +02:00
Valentin Gagarin	1063be8c16	add explanatory comment	2025-07-29 17:20:46 +02:00
Valentin Gagarin	35521fb40e	implement and test data model for runtime environments	2025-07-29 17:07:33 +02:00
Valentin Gagarin	16d3c512e0	generalize function type	2025-07-29 17:06:32 +02:00