Compare commits

..

5 commits

Author SHA1 Message Date
b9f631fc3b pass sources via specialArgs
this gets rid of ugly in-place imports and upward paths
2025-07-16 10:23:34 +02:00
159e4107b8 fix Pixelfed test eval failure (#458)
Reviewed-on: Fediversity/Fediversity#458
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
2025-07-15 10:38:10 +02:00
86305a6a2e fix link; readability 2025-07-15 09:04:56 +02:00
e62f14d9be expose panel tests in flake 2025-07-15 08:54:48 +02:00
82f83eea0d fix mastodon test (#457)
closes #34.

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Reviewed-on: Fediversity/Fediversity#457
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
2025-07-15 08:54:20 +02:00
13 changed files with 98 additions and 58 deletions

View file

@ -21,17 +21,29 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix-shell --run 'nix-unit ./deployment/data-model-test.nix' - run: nix-shell --run 'nix-unit ./deployment/data-model-test.nix'
check-mastodon:
runs-on: native
steps:
- uses: actions/checkout@v4
- run: nix build .#checks.x86_64-linux.test-mastodon-service -L
check-pixelfed:
runs-on: native
steps:
- uses: actions/checkout@v4
- run: nix build .#checks.x86_64-linux.test-pixelfed-garage-service -L
check-peertube: check-peertube:
runs-on: native runs-on: native
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix-build services -A tests.peertube - run: nix build .#checks.x86_64-linux.test-peertube-service -L
check-panel: check-panel:
runs-on: native runs-on: native
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix-build panel -A tests - run: nix-build -A tests.panel
check-deployment-basic: check-deployment-basic:
runs-on: native runs-on: native

View file

@ -12,6 +12,7 @@ let
inherit (pkgs) lib; inherit (pkgs) lib;
inherit (import sources.flake-inputs) import-flake; inherit (import sources.flake-inputs) import-flake;
inherit ((import-flake { src = ./.; }).inputs) nixops4; inherit ((import-flake { src = ./.; }).inputs) nixops4;
panel = import ./panel { inherit sources system; };
pre-commit-check = pre-commit-check =
(import "${git-hooks}/nix" { (import "${git-hooks}/nix" {
inherit nixpkgs system; inherit nixpkgs system;
@ -71,6 +72,7 @@ in
tests = { tests = {
inherit pre-commit-check; inherit pre-commit-check;
panel = panel.tests;
}; };
# re-export inputs so they can be overridden granularly # re-export inputs so they can be overridden granularly

View file

@ -17,15 +17,20 @@
./infra/flake-part.nix ./infra/flake-part.nix
./keys/flake-part.nix ./keys/flake-part.nix
./secrets/flake-part.nix ./secrets/flake-part.nix
./services/tests/flake-part.nix
]; ];
perSystem = perSystem =
{ {
pkgs, pkgs,
lib, lib,
system,
... ...
}: }:
{ {
checks = {
panel = (import ./. { inherit sources system; }).tests.panel.basic;
};
formatter = pkgs.nixfmt-rfc-style; formatter = pkgs.nixfmt-rfc-style;
pre-commit.settings.hooks = pre-commit.settings.hooks =

View file

@ -1,14 +1,13 @@
# Infra # Infra
This directory contains the definition of [the VMs](machines.md) that host our This directory contains the definition of [the VMs](../machines/machines.md) that host our
infrastructure. infrastructure.
## Provisioning VMs with an initial configuration ## Provisioning VMs with an initial configuration
NOTE[Niols]: This is very manual and clunky. Two things will happen. In the near > NOTE[Niols]: This is still very manual and clunky. Two things will happen:
future, I will improve the provisioning script to make this a bit less clunky. > 1. In the near future, I will improve the provisioning script to make this a bit less clunky.
In the far future, NixOps4 will be able to communicate with Proxmox directly and > 2. In the far future, NixOps4 will be able to communicate with Proxmox directly and everything will become much cleaner.
everything will become much cleaner.
1. Choose names for your VMs. It is recommended to choose `fediXXX`, with `XXX` 1. Choose names for your VMs. It is recommended to choose `fediXXX`, with `XXX`
above 100. For instance, `fedi117`. above 100. For instance, `fedi117`.
@ -25,8 +24,7 @@ everything will become much cleaner.
Those files need to exist during provisioning, but their content matters only Those files need to exist during provisioning, but their content matters only
when updating the machines' configuration. when updating the machines' configuration.
FIXME: Remove this step by making the provisioning script not fail with the > FIXME: Remove this step by making the provisioning script not fail with the public key does not exist yet.
public key does not exist yet.
3. Run the provisioning script: 3. Run the provisioning script:
``` ```
@ -44,7 +42,7 @@ everything will become much cleaner.
ssh fedi117.abundos.eu 'sudo cat /etc/ssh/ssh_host_ed25519_key.pub' > keys/systems/fedi117.pub ssh fedi117.abundos.eu 'sudo cat /etc/ssh/ssh_host_ed25519_key.pub' > keys/systems/fedi117.pub
``` ```
FIXME: Make the provisioning script do that for us. > FIXME: Make the provisioning script do that for us.
7. Regenerate the list of machines: 7. Regenerate the list of machines:
``` ```
@ -56,7 +54,7 @@ everything will become much cleaner.
just enough for it to boot and be reachable. Go on to the next section to just enough for it to boot and be reachable. Go on to the next section to
update the machine and put an actual configuration. update the machine and put an actual configuration.
FIXME: Figure out why the full configuration isn't on the machine at this > FIXME: Figure out why the full configuration isn't on the machine at this
point and fix it. point and fix it.
## Updating existing VM configurations ## Updating existing VM configurations

View file

@ -1,15 +1,4 @@
let { sources, ... }:
# pulling this in manually over from module args resolves an infinite recursion.
# FIXME: instead untangle `//infra/flake-part.nix` and make it stop passing wild functions.
# move moving towards a portable-services-like pattern where some things are submodules.
# Right now those wild functions are for parameterising a bunch of things,
# and the modular way to do that would be options --
# obviously you can't use those for `imports`,
# so one way to decouple fixpoints is to isolate them into submodules.
# Therefore one approach would be to try to go down the call graph,
# and see where what's currently a function could be a `submodule` field of something else.
sources = import ../../npins;
in
{ {
_class = "nixos"; _class = "nixos";

View file

@ -27,7 +27,6 @@ let
_module.args = { _module.args = {
inherit inherit
inputs inputs
sources
keys keys
secrets secrets
; ;
@ -37,6 +36,10 @@ let
./common/proxmox-qemu-vm.nix ./common/proxmox-qemu-vm.nix
]; ];
nixos.specialArgs = {
inherit sources;
};
imports = imports =
[ [
./common/resource.nix ./common/resource.nix
@ -66,17 +69,32 @@ let
vmNames: vmNames:
{ providers, ... }: { providers, ... }:
{ {
providers.local = inputs.nixops4.modules.nixops4Provider.local; # XXX: this type merge is for adding `specialArgs` to resource modules
resources = genAttrs vmNames (vmName: { options.resources = mkOption {
type = providers.local.exec; type =
imports = [ with lib.types;
inputs.nixops4-nixos.modules.nixops4Resource.nixos lazyAttrsOf (submoduleWith {
(makeResourceModule { class = "nixops4Resource";
inherit vmName; modules = [ ];
isTestVm = false; # TODO(@fricklerhandwerk): we may want to pass through all of `specialArgs` once we're sure it's sane
}) specialArgs = {
]; inherit sources;
}); };
});
};
config = {
providers.local = inputs.nixops4.modules.nixops4Provider.local;
resources = genAttrs vmNames (vmName: {
type = providers.local.exec;
imports = [
inputs.nixops4-nixos.modules.nixops4Resource.nixos
(makeResourceModule {
inherit vmName;
isTestVm = false;
})
];
});
};
}; };
makeDeployment' = vmName: makeDeployment [ vmName ]; makeDeployment' = vmName: makeDeployment [ vmName ];

View file

@ -1,17 +1,17 @@
{ {
config, config,
sources,
... ...
}: }:
let let
name = "panel"; name = "panel";
sources = import ../../../npins;
in in
{ {
_class = "nixos"; _class = "nixos";
imports = [ imports = [
(import ../../../panel { }).module (../../../panel { }).module
(import "${sources.home-manager}/nixos") ("${sources.home-manager}/nixos")
]; ];
security.acme = { security.acme = {

View file

@ -45,7 +45,7 @@ in
''; '';
}; };
module = import ./nix/configuration.nix; module = ./nix/configuration.nix;
tests = pkgs.callPackage ./nix/tests.nix { }; tests = pkgs.callPackage ./nix/tests.nix { };
# re-export inputs so they can be overridden granularly # re-export inputs so they can be overridden granularly

View file

@ -1,13 +0,0 @@
{
system ? builtins.currentSystem,
sources ? import ../npins,
pkgs ? import sources.nixpkgs { inherit system; },
...
}:
{
tests = {
mastodon = pkgs.nixosTest ./tests/mastodon.nix;
pixelfed-garage = pkgs.nixosTest ./tests/pixelfed-garage.nix;
peertube = pkgs.nixosTest ./tests/peertube.nix;
};
}

View file

@ -49,7 +49,7 @@ in
displayName = mkOption { displayName = mkOption {
type = types.str; type = types.str;
description = "Name of the initial user, for humans"; description = "Name of the initial user, for humans";
default = config.fediversity.temp.initialUser.name; default = config.fediversity.temp.initialUser.username;
}; };
email = mkOption { email = mkOption {
type = types.str; type = types.str;

View file

@ -0,0 +1,14 @@
{ ... }:
{
_class = "flake";
perSystem =
{ pkgs, ... }:
{
checks = {
test-mastodon-service = pkgs.testers.runNixOSTest ./mastodon.nix;
test-pixelfed-garage-service = pkgs.testers.runNixOSTest ./pixelfed-garage.nix;
test-peertube-service = pkgs.testers.runNixOSTest ./peertube.nix;
};
};
}

View file

@ -6,7 +6,7 @@
{ pkgs, ... }: { pkgs, ... }:
let let
lib = pkgs.lib; inherit (pkgs) lib writeText;
## FIXME: this binding was not used, but maybe we want a side-effect or something? ## FIXME: this binding was not used, but maybe we want a side-effect or something?
# rebuildableTest = import ./rebuildableTest.nix pkgs; # rebuildableTest = import ./rebuildableTest.nix pkgs;
@ -69,9 +69,17 @@ in
expect expect
]; ];
environment.variables = { environment.variables = {
AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.mastodon.id; AWS_ACCESS_KEY_ID = "$(cat ${config.fediversity.mastodon.s3AccessKeyFile})";
AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.mastodon.secret; AWS_SECRET_ACCESS_KEY = "$(cat ${config.fediversity.mastodon.s3SecretKeyFile})";
}; };
services.mastodon.extraEnvFiles = [
# generate as: cd ${pkgs.mastodon}; IGNORE_ALREADY_SET_SECRETS=true RAILS_ENV=development ${pkgs.mastodon}/bin/rails db:encryption:init
(writeText "rest" ''
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=naGoEzeyjUmwIlmgZZmGQDWJrlWud5eX
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=A0tE1VJ7S3cjaOQ58mNkhrVFY7o5NKDB
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=tGHhd5Os7hLxa8QTzWwjyVLrvsj5VsCw
'')
];
}; };
}; };

View file

@ -113,6 +113,7 @@ let
${seleniumQuit}''; ${seleniumQuit}'';
dummyFile = pkgs.writeText "dummy" "dummy";
in in
{ {
name = "test-pixelfed-garage"; name = "test-pixelfed-garage";
@ -161,8 +162,8 @@ in
]; ];
environment.variables = { environment.variables = {
POST_MEDIA = ./fediversity.png; POST_MEDIA = ./fediversity.png;
AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.pixelfed.id; AWS_ACCESS_KEY_ID = "$(cat ${config.fediversity.pixelfed.s3AccessKeyFile})";
AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.pixelfed.secret; AWS_SECRET_ACCESS_KEY = "$(cat ${config.fediversity.pixelfed.s3SecretKeyFile})";
## without this we get frivolous errors in the logs ## without this we get frivolous errors in the logs
MC_REGION = "garage"; MC_REGION = "garage";
}; };
@ -170,6 +171,12 @@ in
users.users.selenium = { users.users.selenium = {
isNormalUser = true; isNormalUser = true;
}; };
fediversity.temp.initialUser = {
username = "dummy";
displayName = "dummy";
email = "dummy";
passwordFile = dummyFile;
};
}; };
}; };