forked from fediversity/fediversity
		
	update deployment
This commit is contained in:
		
							parent
							
								
									c60d12e3e8
								
							
						
					
					
						commit
						0c66996b29
					
				
					 2 changed files with 135 additions and 33 deletions
				
			
		|  | @ -8,6 +8,8 @@ | ||||||
| let | let | ||||||
|   inherit (sources) nixpkgs; |   inherit (sources) nixpkgs; | ||||||
|   lib = import "${nixpkgs}/lib"; |   lib = import "${nixpkgs}/lib"; | ||||||
|  |   deployment-config = config; | ||||||
|  |   inherit (lib) mkOption types; | ||||||
|   eval = |   eval = | ||||||
|     module: |     module: | ||||||
|     (lib.evalModules { |     (lib.evalModules { | ||||||
|  | @ -20,47 +22,132 @@ let | ||||||
|       ]; |       ]; | ||||||
|     }).config; |     }).config; | ||||||
|   fediversity = eval ( |   fediversity = eval ( | ||||||
|     { ... }: |     { config, ... }: | ||||||
|     { |     { | ||||||
|       config = { |       config = { | ||||||
|         environments.single-nixos-vm = |         resources.login-shell = { | ||||||
|           { ... }: |           description = "The operator needs to be able to log into the shell"; | ||||||
|           { |           request = | ||||||
|             implementation = requests: { |             { ... }: | ||||||
|               input = requests; |             { | ||||||
|               output.ssh-host = { |               _class = "fediversity-resource-request"; | ||||||
|                 ssh = { |               options = { | ||||||
|                   host = "localhost"; |                 wheel = mkOption { | ||||||
|                   username = "root"; |                   description = "Whether the login user needs root permissions"; | ||||||
|                   key-file = null; |                   type = types.bool; | ||||||
|  |                   default = false; | ||||||
|                 }; |                 }; | ||||||
|                 nixos-configuration = |                 packages = mkOption { | ||||||
|                   { pkgs, ... }: |                   description = "Packages that need to be available in the user environment"; | ||||||
|                   { |                   type = with types; attrsOf package; | ||||||
|                     imports = [ |                 }; | ||||||
|                       ../common/sharedOptions.nix |               }; | ||||||
|                       ../common/targetNode.nix |             }; | ||||||
|                       "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" |           policy = | ||||||
|                     ]; |             { config, ... }: | ||||||
| 
 |             { | ||||||
|                     inherit (config) enableAcme; |               _class = "fediversity-resource-policy"; | ||||||
|                     acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null; |               options = { | ||||||
| 
 |                 username = mkOption { | ||||||
|                     environment.systemPackages = with pkgs; [ |                   description = "Username for the operator"; | ||||||
|                       hello |                   type = types.str; # TODO: use the proper constraints from NixOS | ||||||
|                     ]; |                 }; | ||||||
| 
 |                 wheel = mkOption { | ||||||
|                     users.users = config.resources.shell.login-shell.apply ( |                   description = "Whether to allow login with root permissions"; | ||||||
|                       lib.filterAttrs (_name: value: value ? login-shell) requests |                   type = types.bool; | ||||||
|                     ); |                   default = false; | ||||||
|  |                 }; | ||||||
|  |               }; | ||||||
|  |               config = { | ||||||
|  |                 resource-type = types.raw; # TODO: splice out the user type from NixOS | ||||||
|  |                 apply = | ||||||
|  |                   requests: | ||||||
|  |                   let | ||||||
|  |                     # Filter out requests that need wheel if policy doesn't allow it | ||||||
|  |                     validRequests = lib.filterAttrs ( | ||||||
|  |                       _name: req: !req.login-shell.wheel || config.wheel | ||||||
|  |                     ) requests.resources; | ||||||
|  |                   in | ||||||
|  |                   lib.optionalAttrs (validRequests != { }) { | ||||||
|  |                     ${config.username} = { | ||||||
|  |                       isNormalUser = true; | ||||||
|  |                       packages = | ||||||
|  |                         with lib; | ||||||
|  |                         attrValues (concatMapAttrs (_name: request: request.login-shell.packages) validRequests); | ||||||
|  |                       extraGroups = lib.optional config.wheel "wheel"; | ||||||
|  |                     }; | ||||||
|                   }; |                   }; | ||||||
|               }; |               }; | ||||||
|             }; |             }; | ||||||
|  |         }; | ||||||
|  |         applications.hello = | ||||||
|  |           { pkgs, ... }: | ||||||
|  |           { | ||||||
|  |             description = ''Command-line tool that will print "Hello, world!" on the terminal''; | ||||||
|  |             module = | ||||||
|  |               { ... }: | ||||||
|  |               { | ||||||
|  |                 options.enable = lib.mkEnableOption "Hello in the shell"; | ||||||
|  |               }; | ||||||
|  |             implementation = cfg: { | ||||||
|  |               input = cfg; | ||||||
|  |               output = lib.optionalAttrs cfg.enable { | ||||||
|  |                 resources.hello.login-shell.packages.hello = pkgs.hello; | ||||||
|  |               }; | ||||||
|  |             }; | ||||||
|           }; |           }; | ||||||
|  |         environments.single-nixos-vm = environment: { | ||||||
|  |           resources."operator-environment".login-shell.username = "operator"; | ||||||
|  |           implementation = requests: { | ||||||
|  |             input = requests; | ||||||
|  |             output.ssh-host = { | ||||||
|  |               ssh = { | ||||||
|  |                 username = "root"; | ||||||
|  |                 inherit (deployment-config) host; | ||||||
|  |                 key-file = null; | ||||||
|  |               }; | ||||||
|  |               nixos-configuration = | ||||||
|  |                 { pkgs, ... }: | ||||||
|  |                 { | ||||||
|  |                   imports = [ | ||||||
|  |                     ./options.nix | ||||||
|  |                     ../common/sharedOptions.nix | ||||||
|  |                     ../common/targetNode.nix | ||||||
|  |                     "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" | ||||||
|  |                   ]; | ||||||
|  | 
 | ||||||
|  |                   inherit (deployment-config) enableAcme; | ||||||
|  |                   acmeNodeIP = | ||||||
|  |                     if deployment-config.enableAcme then | ||||||
|  |                       deployment-config.nodes.acme.networking.primaryIPAddress | ||||||
|  |                     else | ||||||
|  |                       null; | ||||||
|  | 
 | ||||||
|  |                   environment.systemPackages = with pkgs; [ | ||||||
|  |                     hello | ||||||
|  |                   ]; | ||||||
|  | 
 | ||||||
|  |                   users.users = environment.config.resources."operator-environment".login-shell.apply { | ||||||
|  |                     resources = lib.filterAttrs (_name: value: value ? login-shell) requests; | ||||||
|  |                   }; | ||||||
|  |                 }; | ||||||
|  |             }; | ||||||
|  |           }; | ||||||
|  |         }; | ||||||
|  |       }; | ||||||
|  |       options = { | ||||||
|  |         "example-configuration" = mkOption { | ||||||
|  |           type = config.configuration; | ||||||
|  |           default = { | ||||||
|  |             enable = true; | ||||||
|  |             applications.hello.enable = true; | ||||||
|  |           }; | ||||||
|  |         }; | ||||||
|  |         "example-deployment" = mkOption { | ||||||
|  |           default = config.environments.single-nixos-vm.deployment config."example-configuration"; | ||||||
|  |         }; | ||||||
|       }; |       }; | ||||||
|     } |     } | ||||||
|   ); |   ); | ||||||
| in | in | ||||||
| fediversity.environments.single-nixos-vm.deployment { | fediversity."example-deployment" | ||||||
|   enable = true; |  | ||||||
| } |  | ||||||
|  |  | ||||||
							
								
								
									
										15
									
								
								deployment/check/data-model/options.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								deployment/check/data-model/options.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,15 @@ | ||||||
|  | { | ||||||
|  |   lib, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
|  | let | ||||||
|  |   inherit (lib) types; | ||||||
|  | in | ||||||
|  | { | ||||||
|  |   options = { | ||||||
|  |     host = lib.mkOption { | ||||||
|  |       type = types.str; | ||||||
|  |       description = "name of the host to deploy to"; | ||||||
|  |     }; | ||||||
|  |   }; | ||||||
|  | } | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue