fricklerhandwerk/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Compare commits

base: fricklerhandwerk:50e1a768e7c156c5d8c477a8b7cec43e090813a6
Branches Tags
fricklerhandwerk:main
fricklerhandwerk:data-model-as-diagram
fricklerhandwerk:fix-tests
fricklerhandwerk:peertube-test-refactor
fricklerhandwerk:simplify-binpath
fricklerhandwerk:check-deployment-panel-patch
fricklerhandwerk:flake-inputs
fricklerhandwerk:versioned-forms
fricklerhandwerk:enable-config
fricklerhandwerk:fix
fricklerhandwerk:django
fricklerhandwerk:refactor-index
fricklerhandwerk:fix-email
fricklerhandwerk:fix-menu-toggle-darkmode
Fediversity:main
Fediversity:ci/pixelfed
Fediversity:pixelfed-ci
..
compare: fricklerhandwerk:ef252640456651deb04adb215e5f5df17b691786
Branches Tags
fricklerhandwerk:data-model-as-diagram
fricklerhandwerk:fix-tests
fricklerhandwerk:peertube-test-refactor
fricklerhandwerk:simplify-binpath
fricklerhandwerk:check-deployment-panel-patch
fricklerhandwerk:main
fricklerhandwerk:flake-inputs
fricklerhandwerk:versioned-forms
fricklerhandwerk:enable-config
fricklerhandwerk:fix
fricklerhandwerk:django
fricklerhandwerk:refactor-index
fricklerhandwerk:fix-email
fricklerhandwerk:fix-menu-toggle-darkmode
Fediversity:main
Fediversity:ci/pixelfed
Fediversity:pixelfed-ci

14 commits
50e1a768e7 ... ef25264045

Author SHA1 Message Date
Kiara Grouwstra
ef25264045
pasteable command for trying without rebuilding vm 2025-08-19 12:00:35 +02:00
Kiara Grouwstra
e7f8f12d20
add keys 2025-08-18 12:47:05 +02:00
Kiara Grouwstra
d1c11ca9cf
wip: use ssh in test 2025-08-14 10:44:36 +02:00
Kiara Grouwstra
ba3d3adf73
add deployment method: ssh 2025-08-11 12:08:57 +02:00
Kiara Grouwstra
a75442c940
un-nixops 2025-08-10 13:27:54 +02:00
Kiara Grouwstra
69dad083b9
scaffold deployment/check/data-model from ./basic 
modelify
 2025-08-10 13:27:54 +02:00
Kiara Grouwstra
478c07df31
allow different deployment types 2025-08-09 12:50:22 +02:00
kiara Grouwstra
9c219341b1 Merge pull request 'move nixops4Deployment class' (#6) from kiara/Fediversity:data-model-fix-root-class into deployment-data-model-with-tests 
Reviewed-on: #6
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
 2025-07-31 18:17:56 +02:00
Kiara Grouwstra
8e8787d662
move nixops4Deployment class 2025-07-31 17:13:24 +02:00
Kiara Grouwstra
7ce3902851
put config stuff in an attrset 2025-07-31 17:08:40 +02:00
Kiara Grouwstra
68b834b6d7
fix linter gripes 2025-07-31 17:03:43 +02:00
Valentin Gagarin
1063be8c16 add explanatory comment 2025-07-29 17:20:46 +02:00
Valentin Gagarin
35521fb40e implement and test data model for runtime environments 2025-07-29 17:07:33 +02:00
Valentin Gagarin
16d3c512e0 generalize function type 2025-07-29 17:06:32 +02:00
29 changed files with 270 additions and 309 deletions
Show stats Expand all files Collapse all files

26
.forgejo/workflows/ci.yaml
View file

@ -62,29 +62,3 @@ jobs:
steps:
- uses: actions/checkout@v4
- run: nix build .#checks.x86_64-linux.deployment-model -L
## NOTE: NixOps4 does not provide a good “dry run” mode, so we instead check
## proxies for resources, namely whether their `.#vmOptions.<machine>` and
## `.#nixosConfigurations.<machine>` outputs evaluate and build correctly, and
## whether we can dry run `infra/proxmox-*.sh` on them. This will not catch
## everything, and in particular not issues in how NixOps4 wires up the
## resources, but that is still something.
check-resources:
runs-on: native
steps:
- uses: actions/checkout@v4
- run: |
set -euC
echo ==================== [ VM Options ] ====================
machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).vmOptions)')
for machine in $machines; do
echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
nix build .#checks.x86_64-linux.vmOptions-$machine
done
echo
echo ==================== [ NixOS Configurations ] ====================
machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)')
for machine in $machines; do
echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
nix build .#checks.x86_64-linux.nixosConfigurations-$machine
done

33
deployment/check/common/deployerNode.nix
View file

@ -49,7 +49,6 @@ in
substituters = mkForce [ ];
hashed-mirrors = null;
connect-timeout = 1;
download-attempts = 1;
extra-experimental-features = "flakes";
};
@ -62,10 +61,6 @@ in
pkgs.stdenv
pkgs.stdenvNoCC
pkgs.automake
pkgs.autoconf
pkgs.binutils
pkgs.bison
]
++ (
let
@ -97,35 +92,7 @@ in
machine.system.build.vm.inputDerivation
machine.system.build.bootStage1.inputDerivation
machine.system.build.bootStage2.inputDerivation
pkgs.automake.inputDerivation
pkgs.autoconf.inputDerivation
pkgs.bash.inputDerivation
pkgs.binutils.inputDerivation
pkgs.bison.inputDerivation
]
++ concatLists (
lib.lists.map (
pkg:
if
pkg ? inputDerivation
# error: output '/nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2' is not allowed to refer to the following paths:
# /nix/store/2xdmps65ryklmbf025bm4pxv16gb8ajv-sudo-1.9.16p2.tar.gz
# /nix/store/58br4vk3q5akf4g8lx0pqzfhn47k3j8d-bash-5.2p37
# /nix/store/8v6k283dpbc0qkdq81nb6mrxrgcb10i1-gcc-wrapper-14-20241116
# /nix/store/9r1nl9ksiyszy4qzzg6y2gcdkca0xmhy-stdenv-linux
# /nix/store/a4rmp6in7igbl1wbz9pli5nq0wiclq0y-groff-1.23.0
# /nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2
# /nix/store/f5y58qz2fzpzgkhp0nizixi10x04ppyy-linux-pam-1.6.1
# /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
# /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh
# /nix/store/yh6qg1nsi5h2xblcr67030pz58fsaxx3-coreutils-9.6
&& !(lib.strings.hasInfix "sudo" (builtins.toString pkg))
then
[ pkg.inputDerivation ]
else
[ ]
) machine.environment.systemPackages
)
++ concatLists (
lib.mapAttrsToList (
_k: v: if v ? source.inputDerivation then [ v.source.inputDerivation ] else [ ]

3
deployment/check/common/nixosTest.nix
View file

@ -48,8 +48,7 @@ in
extraTestScript = mkOption { };
sourceFileset = mkOption {
## FIXME: grab `lib.types.fileset` from NixOS, once upstreaming PR
## https://github.com/NixOS/nixpkgs/pull/428293 lands.
## REVIEW: Upstream to nixpkgs?
type = types.mkOptionType {
name = "fileset";
description = "fileset";

34
deployment/check/common/targetNode.nix
View file

@ -18,7 +18,6 @@ in
(modulesPath + "/profiles/qemu-guest.nix")
(modulesPath + "/../lib/testing/nixos-test-base.nix")
./sharedOptions.nix
../../../infra/common/nixos/users.nix
];
config = mkMerge [
@ -32,9 +31,6 @@ in
## Not used; save a large copy operation
channel.enable = false;
registry = lib.mkForce { };
settings = {
download-attempts = 1;
};
};
services.openssh = {
@ -42,35 +38,12 @@ in
settings.PermitRootLogin = "yes";
};
networking = {
firewall.enable = false;
enableIPv6 = false;
};
services.getty.autologinUser = lib.mkForce "root";
networking.firewall.allowedTCPPorts = [ 22 ];
## Test VMs don't have a bootloader by default.
# boot.loader = {
# # GRUB enabled: installation of GRUB on /dev/disk/by-id/virtio-root failed: No such file or directory
# grub.enable = false;
# # systemd boot enabled: '/boot' is not a mounted partition. Is the path configured correctly?
# systemd-boot.enable = true;
# efi.canTouchEfiVariables = true;
# };
# # same issue as no bootloader
# boot.loader.generic-extlinux-compatible.enable = false;
# builds but won't boot back up
boot.loader.grub.forceInstall = true;
# # builds but won't boot back up
# # to be used with --no-bootloader, which i could only find for flakes
# boot.loader.grub.enable = false;
boot.loader.grub.enable = false;
users.mutableUsers = false;
users.users.root = {
password = "password";
hashedPassword = null;
hashedPasswordFile = null;
openssh.authorizedKeys.keys =
users.users.root.openssh.authorizedKeys.keys =
let
keys = import ../../../keys;
in
@ -81,7 +54,6 @@ in
# allow continuous deployment access
keys.cd
];
};
}
(mkIf config.enableAcme {

1
deployment/check/data-model/constants.nix
View file

@ -1,6 +1,7 @@
{
targetMachines = [
"hello"
"cowsay"
];
pathToRoot = ../../..;
pathFromRoot = ./.;

74
deployment/check/data-model/nixosTest.nix
View file

@ -25,16 +25,12 @@ in
environment.systemPackages = with pkgs; [
jq
automake
autoconf
];
# FIXME: sad times
system.extraDependencies = with pkgs; [
jq
jq.inputDerivation
automake
autoconf
];
system.extraDependenciesFromModule =
@ -43,8 +39,6 @@ in
environment.systemPackages = with pkgs; [
hello
cowsay
automake
autoconf
];
};
};
@ -52,6 +46,7 @@ in
extraTestScript = ''
with subtest("Check the status before deployment"):
hello.fail("hello 1>&2")
cowsay.fail("cowsay 1>&2")
${lib.concatStringsSep "\n" (
lib.lists.map (nodeName: ''
@ -66,45 +61,31 @@ in
'
let
args = builtins.fromJSON "${
system = builtins.currentSystem;
configuration = { pkgs, config, ... }: {
imports = [
${pathToRoot}/deployment/check/common/sharedOptions.nix
${pathToRoot}/deployment/check/common/targetNode.nix
];
_module.args = builtins.fromJSON "${
lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (
lib.strings.toJSON {
inherit sources;
}
)
}";
inherit (args) sources;
configuration = { pkgs, config, ... }: {
imports = [
${pathToRoot}/deployment/check/common/sharedOptions.nix
${pathToRoot}/deployment/check/common/targetNode.nix
${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix
];
enableAcme = ${lib.strings.toJSON config.enableAcme};
acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
environment.systemPackages = with pkgs; [
hello
automake
autoconf
];
};
eval = import "${sources.nixpkgs}/nixos/lib/eval-config.nix" {
system = builtins.currentSystem;
specialArgs = {
inherit sources;
};
modules = [ configuration ];
};
os = {
inherit (eval) pkgs config options;
system = eval.config.system.build.toplevel;
inherit (eval.config.system.build) vm vmWithBootLoader;
# environment.systemPackages = [ pkgs.hello ];
};
os = import "${sources.nixpkgs}/nixos" { inherit system configuration; };
in
# import "${pathToRoot}/deployment/nixos.nix" {}
{
substituters = builtins.concatStringsSep " " os.config.nix.settings.substituters;
trusted_public_keys = builtins.concatStringsSep " " os.config.nix.settings.trusted-public-keys;
drv_path = os.config.system.build.toplevel.drvPath;
out_path = os.config.system.build.toplevel;
}
@ -116,36 +97,31 @@ in
json="$("''${command[@]}" --eval --strict --json)"
# DEPLOY
declare drv_path
declare substituters trusted_public_keys drv_path
# set our variables using the json object
eval "export $(echo $json | jq -r 'to_entries | map("\(.key)=\(.value)") | @sh')"
host="root@${nodeName}"
buildArgs=(
--option extra-binary-caches https://cache.nixos.org/
--option substituters $substituters
--option trusted-public-keys $trusted_public_keys
)
sshOpts=(
-o BatchMode=yes
-o StrictHostKeyChecking=no
-o "ConnectionAttempts=1"
-o "ConnectTimeout=1"
-o "ServerAliveCountMax=1"
-o "ServerAliveInterval=1"
)
# get the realized derivation to deploy
outPath=$(nix-store --realize "$drv_path")
outPath=$(nix-store --realize "$drv_path" "''${buildArgs[@]}")
# deploy the config by nix-copy-closure
NIX_SSHOPTS="''${sshOpts[*]}" nix-copy-closure --to "$host" "$outPath" --gzip --use-substitutes
# switch the remote host to the config
output=$(ssh "''${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
echo "output: $output"
if [[ $output != *"Timeout, server ${nodeName} not responding"* ]]; then
echo "non-timeout error: $output"
exit 1
else
exit 0
fi
ssh "''${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; $outPath/bin/switch-to-configuration switch"
""")
${nodeName}.wait_for_unit("multi-user.target")
${nodeName}.succeed("systemctl is-active sshd")
${nodeName}.succeed("${nodeName} 1>&2")
'') targetMachines
)}
with subtest("Check the deployment"):
hello.succeed("hello 1>&2")
cowsay.succeed("cowsay hi 1>&2")
'';
}

15
infra/common/options.nix
View file

@ -20,13 +20,16 @@ in
'';
};
isFediversityVm = mkOption {
type = types.bool;
proxmox = mkOption {
type = types.nullOr (
types.enum [
"procolix"
"fediversity"
]
);
description = ''
Whether the machine is a Fediversity VM or not. This is used to
determine whether the machine should be provisioned via Proxmox or not.
Machines that are _not_ Fediversity VM could be physical machines, or
VMs that live outside Fediversity, eg. on Procolix's Proxmox.
The Proxmox instance. This is used for provisioning only and should be
set to `null` if the machine is not a VM.
'';
};

12
infra/common/proxmox-qemu-vm.nix
View file

@ -1,14 +1,10 @@
{ ... }:
{ sources, ... }:
{
_class = "nixos";
## FIXME: It would be nice, but the following leads to infinite recursion
## in the way we currently plug `sources` in.
##
# imports = [
# "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
# ];
imports = [
"${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
];
boot = {
initrd = {

4
infra/common/resource.nix
View file

@ -2,6 +2,7 @@
inputs,
lib,
config,
sources,
keys,
secrets,
...
@ -32,9 +33,10 @@ in
## should go into the `./nixos` subdirectory.
nixos.module = {
imports = [
"${sources.agenix}/modules/age.nix"
"${sources.disko}/module.nix"
./options.nix
./nixos
./proxmox-qemu-vm.nix
];
## Inject the shared options from the resource's `config` into the NixOS

177
infra/flake-part.nix
View file

@ -14,38 +14,49 @@ let
mkOption
evalModules
filterAttrs
mapAttrs'
deepSeq
;
inherit (lib.attrsets) genAttrs;
commonResourceModule = {
# TODO(@fricklerhandwerk): this is terrible but IMO we should just ditch
# flake-parts and have our own data model for how the project is organised
# internally
_module.args = {
## Given a machine's name and whether it is a test VM, make a resource module,
## except for its missing provider. (Depending on the use of that resource, we
## will provide a different one.)
makeResourceModule =
{ vmName, isTestVm }:
{
nixos.module.imports = [
./common/proxmox-qemu-vm.nix
];
nixos.specialArgs = {
inherit
sources
inputs
keys
secrets
sources
;
};
## FIXME: It would be preferrable to have those `sources`-related imports in
## the modules that use them. However, doing so triggers infinite recursions
## because of the way we propagate `sources`. `sources` must be propagated by
## means of `specialArgs`, but this requires a bigger change.
nixos.module.imports = [
"${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
"${sources.agenix}/modules/age.nix"
"${sources.disko}/module.nix"
"${sources.home-manager}/nixos"
];
imports = [
imports =
[
./common/resource.nix
]
++ (
if isTestVm then
[
../machines/operator/${vmName}
{
nixos.module.users.users.root.openssh.authorizedKeys.keys = [
# allow our panel vm access to the test machines
keys.panel
];
}
]
else
[
../machines/dev/${vmName}
]
);
fediversityVm.name = vmName;
};
## Given a list of machine names, make a deployment with those machines'
@ -54,16 +65,40 @@ let
vmNames:
{ providers, ... }:
{
# XXX: this type merge is for adding `specialArgs` to resource modules
options.resources = mkOption {
type =
with lib.types;
lazyAttrsOf (submoduleWith {
class = "nixops4Resource";
modules = [ ];
# TODO(@fricklerhandwerk): we may want to pass through all of `specialArgs`
# once we're sure it's sane. leaving it here for better control during refactoring.
specialArgs = {
inherit
sources
inputs
keys
secrets
;
};
});
};
config = {
providers.local = inputs.nixops4.modules.nixops4Provider.local;
resources = genAttrs vmNames (vmName: {
type = providers.local.exec;
imports = [
inputs.nixops4-nixos.modules.nixops4Resource.nixos
commonResourceModule
../machines/dev/${vmName}
(makeResourceModule {
inherit vmName;
isTestVm = false;
})
];
});
};
};
makeDeployment' = vmName: makeDeployment [ vmName ];
## Given an attrset of test configurations (key = test machine name, value =
@ -77,29 +112,21 @@ let
fediversity = import ../services/fediversity;
}
{
garageConfigurationResource = {
imports = [
commonResourceModule
../machines/operator/test01
];
garageConfigurationResource = makeResourceModule {
vmName = "test01";
isTestVm = true;
};
mastodonConfigurationResource = {
imports = [
commonResourceModule
../machines/operator/test06 # somehow `test02` has a problem - use test06 instead
];
mastodonConfigurationResource = makeResourceModule {
vmName = "test06"; # somehow `test02` has a problem - use test06 instead
isTestVm = true;
};
peertubeConfigurationResource = {
imports = [
commonResourceModule
../machines/operator/test05
];
peertubeConfigurationResource = makeResourceModule {
vmName = "test05";
isTestVm = true;
};
pixelfedConfigurationResource = {
imports = [
commonResourceModule
../machines/operator/test04
];
pixelfedConfigurationResource = makeResourceModule {
vmName = "test04";
isTestVm = true;
};
};
@ -112,63 +139,54 @@ let
## this is only needed to expose NixOS configurations for provisioning
## purposes, and eventually all of this should be handled by NixOps4.
options = {
nixos.module = mkOption { type = lib.types.deferredModule; }; # NOTE: not just `nixos` otherwise merging will go wrong
nixos.module = mkOption { }; # NOTE: not just `nixos` otherwise merging will go wrong
nixpkgs = mkOption { };
ssh = mkOption { };
};
};
makeResourceConfig =
{ vmName, isTestVm }:
vm:
(evalModules {
modules = [
nixops4ResourceNixosMockOptions
commonResourceModule
(if isTestVm then ../machines/operator/${vmName} else ../machines/dev/${vmName})
(makeResourceModule vm)
];
}).config;
## Given a VM name, make a NixOS configuration for this machine.
makeConfiguration =
isTestVm: vmName:
import "${sources.nixpkgs}/nixos" {
configuration = (makeResourceConfig { inherit vmName isTestVm; }).nixos.module;
system = "x86_64-linux";
let
inherit (sources) nixpkgs;
in
import "${nixpkgs}/nixos" {
modules = [
(makeResourceConfig { inherit vmName isTestVm; }).nixos.module
];
};
makeVmOptions =
isTestVm: vmName:
let
config = (makeResourceConfig { inherit vmName isTestVm; }).fediversityVm;
in
if config.isFediversityVm then
{
inherit (config)
makeVmOptions = isTestVm: vmName: {
inherit ((makeResourceConfig { inherit vmName isTestVm; }).fediversityVm)
proxmox
vmId
description
sockets
cores
memory
diskSize
hostPublicKey
unsafeHostPrivateKey
;
}
else
null;
};
listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path));
machines = listSubdirectories ../machines/dev;
testMachines = listSubdirectories ../machines/operator;
nixosConfigurations =
genAttrs machines (makeConfiguration false)
// genAttrs testMachines (makeConfiguration true);
vmOptions =
filterAttrs (_: value: value != null) # Filter out non-Fediversity VMs
(genAttrs machines (makeVmOptions false) // genAttrs testMachines (makeVmOptions true));
in
{
_class = "flake";
@ -192,23 +210,10 @@ in
)
);
};
flake = { inherit nixosConfigurations vmOptions; };
perSystem =
{ pkgs, ... }:
{
checks =
mapAttrs' (name: nixosConfiguration: {
name = "nixosConfigurations-${name}";
value = nixosConfiguration.config.system.build.toplevel;
}) nixosConfigurations
// mapAttrs' (name: vmOptions: {
name = "vmOptions-${name}";
## Check that VM options builds/evaluates correctly. `deepSeq e1
## e2` evaluates `e1` strictly in depth before returning `e2`. We
## use this trick because checks need to be derivations, which VM
## options are not.
value = deepSeq vmOptions pkgs.hello;
}) vmOptions;
};
flake.nixosConfigurations =
genAttrs machines (makeConfiguration false)
// genAttrs testMachines (makeConfiguration true);
flake.vmOptions =
genAttrs machines (makeVmOptions false)
// genAttrs testMachines (makeVmOptions true);
}

6
infra/proxmox-provision.sh
View file

@ -179,9 +179,15 @@ grab_vm_options () {
--log-format raw --quiet
)
proxmox=$(echo "$options" | jq -r .proxmox)
vm_id=$(echo "$options" | jq -r .vmId)
description=$(echo "$options" | jq -r .description)
if [ "$proxmox" != fediversity ]; then
die "I do not know how to provision things that are not Fediversity VMs,
but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name"
fi
sockets=$(echo "$options" | jq -r .sockets)
cores=$(echo "$options" | jq -r .cores)
memory=$(echo "$options" | jq -r .memory)

10
infra/proxmox-remove.sh
View file

@ -167,10 +167,16 @@ grab_vm_options () {
--log-format raw --quiet
)
proxmox=$(echo "$options" | jq -r .proxmox)
vm_id=$(echo "$options" | jq -r .vmId)
printf 'done grabing VM options for VM %s. Got id: %d.\n' \
"$vm_name" "$vm_id"
if [ "$proxmox" != fediversity ]; then
die "I do not know how to remove things that are not Fediversity VMs,
but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name"
fi
printf 'done grabing VM options for VM %s. Found VM %d on %s Proxmox.\n' \
"$vm_name" "$vm_id" "$proxmox"
fi
}

9
machines/dev/fedi200/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "fedi200";
isFediversityVm = true;
vmId = 200;
proxmox = "fediversity";
description = "Testing machine for Hans";
domain = "abundos.eu";
@ -17,4 +16,10 @@
gateway = "2a00:51c0:13:1305::1";
};
};
nixos.module = {
imports = [
../../../infra/common/proxmox-qemu-vm.nix
];
};
}

4
machines/dev/fedi201/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "fedi201";
isFediversityVm = true;
vmId = 201;
proxmox = "fediversity";
description = "FediPanel";
domain = "abundos.eu";
@ -20,6 +19,7 @@
nixos.module = {
imports = [
../../../infra/common/proxmox-qemu-vm.nix
./fedipanel.nix
];
};

2
machines/dev/fedi201/fedipanel.nix
View file

@ -1,5 +1,6 @@
{
config,
sources,
...
}:
let
@ -10,6 +11,7 @@ in
imports = [
(import ../../../panel { }).module
"${sources.home-manager}/nixos"
];
security.acme = {

2
machines/dev/forgejo-ci/default.nix
View file

@ -20,9 +20,7 @@ in
ssh.host = mkForce "forgejo-ci";
fediversityVm = {
name = "forgejo-ci";
domain = "procolix.com";
isFediversityVm = false;
ipv4 = {
interface = "enp1s0f0";

4
machines/dev/vm02116/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "vm02116";
isFediversityVm = false;
vmId = 2116;
proxmox = "procolix";
description = "Forgejo";
ipv4.address = "185.206.232.34";
@ -15,6 +14,7 @@
{ lib, ... }:
{
imports = [
../../../infra/common/proxmox-qemu-vm.nix
./forgejo.nix
];

4
machines/dev/vm02187/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "vm02187";
isFediversityVm = false;
vmId = 2187;
proxmox = "procolix";
description = "Wiki";
ipv4.address = "185.206.232.187";
@ -15,6 +14,7 @@
{ lib, ... }:
{
imports = [
../../../infra/common/proxmox-qemu-vm.nix
./wiki.nix
];

3
machines/operator/test01/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "test01";
isFediversityVm = true;
vmId = 7001;
proxmox = "fediversity";
hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;

3
machines/operator/test02/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "test02";
isFediversityVm = true;
vmId = 7002;
proxmox = "fediversity";
hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;

3
machines/operator/test03/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "test03";
isFediversityVm = true;
vmId = 7003;
proxmox = "fediversity";
hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;

3
machines/operator/test04/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "test04";
isFediversityVm = true;
vmId = 7004;
proxmox = "fediversity";
hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;

3
machines/operator/test05/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "test05";
isFediversityVm = true;
vmId = 7005;
proxmox = "fediversity";
hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;

3
machines/operator/test06/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "test06";
isFediversityVm = true;
vmId = 7006;
proxmox = "fediversity";
hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;

3
machines/operator/test11/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "test11";
isFediversityVm = true;
vmId = 7011;
proxmox = "fediversity";
hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;

3
machines/operator/test12/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "test12";
isFediversityVm = true;
vmId = 7012;
proxmox = "fediversity";
hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;

3
machines/operator/test13/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "test13";
isFediversityVm = true;
vmId = 7013;
proxmox = "fediversity";
hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;

3
machines/operator/test14/default.nix
View file

@ -2,9 +2,8 @@
_class = "nixops4Resource";
fediversityVm = {
name = "test14";
isFediversityVm = true;
vmId = 7014;
proxmox = "fediversity";
hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;

59
paste Normal file
View file

@ -0,0 +1,59 @@
declare substituters trusted_public_keys drv_path
host="root@fedi203.abundos.eu"
sshOpts=(
-o BatchMode=yes
-o StrictHostKeyChecking=no
)
command=(nix-instantiate --expr '
let
sources = import ./npins;
configuration = {
imports = [
./infra/common/proxmox-qemu-vm.nix
./infra/common/nixos/users.nix
./deployment/check/common/sharedOptions.nix
./deployment/check/common/targetNode.nix
"${sources.disko}/module.nix"
];
};
eval = import "${sources.nixpkgs}/nixos/lib/eval-config.nix" {
system = builtins.currentSystem;
specialArgs = {
inherit sources;
};
modules = [ configuration ];
};
os = {
inherit (eval) pkgs config options;
system = eval.config.system.build.toplevel;
inherit (eval.config.system.build) vm vmWithBootLoader;
};
in
{
substituters = builtins.concatStringsSep " " os.config.nix.settings.substituters;
trusted_public_keys = builtins.concatStringsSep " " os.config.nix.settings.trusted-public-keys;
drv_path = os.config.system.build.toplevel.drvPath;
out_path = os.config.system.build.toplevel;
}
')
buildArgs=(
--option extra-binary-caches https://cache.nixos.org/
--option substituters "$substituters"
--option trusted-public-keys "$trusted_public_keys"
)
"${command[@]}" -A out_path
json="$("${command[@]}" --eval --strict --json)"
eval "export $(echo $json | jq -r 'to_entries | map("\(.key)=\(.value)") | @sh')"
outPath=$(nix-store --realize "$drv_path" "${buildArgs[@]}")
NIX_SSHOPTS="${sshOpts[*]}" nix-copy-closure --to "$host" "$outPath" --gzip --use-substitutes
ssh "${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; $outPath/bin/switch-to-configuration switch"