kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Fix infra and add more tests (#478)

Browse source 
This PR contains a bunch of small fixes having to do with infra code. The goal is not to fix everything as that would require a full rewrite. Instead, we fix just what is necessary to get some testing going on. Once that is available, we will be able to work on a full refactor with more guarantees. Something of note is that most of the difficulty was to find code that would make both `nixops4 apply` _and_ `nix build .#nixosConfigurations.<machine>` happy. The takeaway is that the tests that we are adding now will not catch a whole class of tests having to do with how NixOps4 wires up the resources. Still, this is probably less significant as we are supposed to use NixOps4 every now and then.

The commits should be read separately.

Reviewed-on: Fediversity/Fediversity#478
Reviewed-by: kiara Grouwstra <kiara@procolix.eu>
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
This commit is contained in:
Nicolas Jeannerod 2025-07-30 12:31:03 +02:00 committed by Nicolas Jeannerod
parent 4509d277d3
commit 1b66028f32
9 changed files with 59 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
.forgejo/workflows/ci.yaml
View file

@ -56,3 +56,22 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix build .#checks.x86_64-linux.deployment-panel -L - run: nix build .#checks.x86_64-linux.deployment-panel -L
## NOTE: NixOps4 does not provide a good “dry run” mode, so we instead check
## proxies for resources, namely whether their `.#vmOptions.<machine>` and
## `.#nixosConfigurations.<machine>` outputs evaluate and build correctly, and
## whether we can dry run `infra/proxmox-*.sh` on them. This will not catch
## everything, and in particular not issues in how NixOps4 wires up the
## resources, but that is still something.
check-resources:
runs-on: native
steps:
- uses: actions/checkout@v4
- run: |
set -euC
machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)')
for machine in $machines; do
echo ==================== [ $machine ] ====================
nix eval .#vmOptions.$machine
nix build .#nixosConfigurations.$machine.config.system.build.toplevel
done

12
infra/common/proxmox-qemu-vm.nix
View file

@ -1,10 +1,14 @@
{ sources, ... }: { ... }:
{ {
_class = "nixos"; _class = "nixos";
imports = [ ## FIXME: It would be nice, but the following leads to infinite recursion
"${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix" ## in the way we currently plug `sources` in.
]; ##
# imports = [
# "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
# ];
boot = { boot = {
initrd = { initrd = {

3
infra/common/resource.nix
View file

@ -2,7 +2,6 @@
inputs, inputs,
lib, lib,
config, config,
sources,
keys, keys,
secrets, secrets,
... ...
@ -33,8 +32,6 @@ in
## should go into the `./nixos` subdirectory. ## should go into the `./nixos` subdirectory.
nixos.module = { nixos.module = {
imports = [ imports = [
"${sources.agenix}/modules/age.nix"
"${sources.disko}/module.nix"
./options.nix ./options.nix
./nixos ./nixos
]; ];

57
infra/flake-part.nix
View file

@ -23,19 +23,30 @@ let
makeResourceModule = makeResourceModule =
{ vmName, isTestVm }: { vmName, isTestVm }:
{ {
nixos.module.imports = [ # TODO(@fricklerhandwerk): this is terrible but IMO we should just ditch flake-parts and have our own data model for how the project is organised internally
./common/proxmox-qemu-vm.nix _module.args = {
];
nixos.specialArgs = {
inherit inherit
sources
inputs inputs
keys keys
secrets secrets
sources
; ;
}; };
nixos.module.imports = [
## FIXME: It would be preferrable to have those `sources`-related
## imports in the modules that use them. However, doing so triggers
## infinite recursions because of the way we propagate `sources`.
## `sources` must be propagated by means of `specialArgs`, but this
## requires a bigger change.
"${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
"${sources.agenix}/modules/age.nix"
"${sources.disko}/module.nix"
"${sources.home-manager}/nixos"
./common/proxmox-qemu-vm.nix
];
imports = imports =
[ [
./common/resource.nix ./common/resource.nix
@ -65,27 +76,6 @@ let
vmNames: vmNames:
{ providers, ... }: { providers, ... }:
{ {
# XXX: this type merge is for adding `specialArgs` to resource modules
options.resources = mkOption {
type =
with lib.types;
lazyAttrsOf (submoduleWith {
class = "nixops4Resource";
modules = [ ];
# TODO(@fricklerhandwerk): we may want to pass through all of `specialArgs`
# once we're sure it's sane. leaving it here for better control during refactoring.
specialArgs = {
inherit
sources
inputs
keys
secrets
;
};
});
};
config = {
providers.local = inputs.nixops4.modules.nixops4Provider.local; providers.local = inputs.nixops4.modules.nixops4Provider.local;
resources = genAttrs vmNames (vmName: { resources = genAttrs vmNames (vmName: {
type = providers.local.exec; type = providers.local.exec;
@ -98,7 +88,6 @@ let
]; ];
}); });
}; };
};
makeDeployment' = vmName: makeDeployment [ vmName ]; makeDeployment' = vmName: makeDeployment [ vmName ];
## Given an attrset of test configurations (key = test machine name, value = ## Given an attrset of test configurations (key = test machine name, value =
@ -139,7 +128,7 @@ let
## this is only needed to expose NixOS configurations for provisioning ## this is only needed to expose NixOS configurations for provisioning
## purposes, and eventually all of this should be handled by NixOps4. ## purposes, and eventually all of this should be handled by NixOps4.
options = { options = {
nixos.module = mkOption { }; # NOTE: not just `nixos` otherwise merging will go wrong nixos.module = mkOption { type = lib.types.deferredModule; }; # NOTE: not just `nixos` otherwise merging will go wrong
nixpkgs = mkOption { }; nixpkgs = mkOption { };
ssh = mkOption { }; ssh = mkOption { };
}; };
@ -157,13 +146,9 @@ let
## Given a VM name, make a NixOS configuration for this machine. ## Given a VM name, make a NixOS configuration for this machine.
makeConfiguration = makeConfiguration =
isTestVm: vmName: isTestVm: vmName:
let import "${sources.nixpkgs}/nixos" {
inherit (sources) nixpkgs; configuration = (makeResourceConfig { inherit vmName isTestVm; }).nixos.module;
in system = "x86_64-linux";
import "${nixpkgs}/nixos" {
modules = [
(makeResourceConfig { inherit vmName isTestVm; }).nixos.module
];
}; };
makeVmOptions = isTestVm: vmName: { makeVmOptions = isTestVm: vmName: {

6
machines/dev/fedi200/default.nix
View file

@ -16,10 +16,4 @@
gateway = "2a00:51c0:13:1305::1"; gateway = "2a00:51c0:13:1305::1";
}; };
}; };
nixos.module = {
imports = [
../../../infra/common/proxmox-qemu-vm.nix
];
};
} }

1
machines/dev/fedi201/default.nix
View file

@ -19,7 +19,6 @@
nixos.module = { nixos.module = {
imports = [ imports = [
../../../infra/common/proxmox-qemu-vm.nix
./fedipanel.nix ./fedipanel.nix
]; ];
}; };

2
machines/dev/fedi201/fedipanel.nix
View file

@ -1,6 +1,5 @@
{ {
config, config,
sources,
... ...
}: }:
let let
@ -11,7 +10,6 @@ in
imports = [ imports = [
(import ../../../panel { }).module (import ../../../panel { }).module
"${sources.home-manager}/nixos"
]; ];
security.acme = { security.acme = {

1
machines/dev/vm02116/default.nix
View file

@ -14,7 +14,6 @@
{ lib, ... }: { lib, ... }:
{ {
imports = [ imports = [
../../../infra/common/proxmox-qemu-vm.nix
./forgejo.nix ./forgejo.nix
]; ];

1
machines/dev/vm02187/default.nix
View file

@ -14,7 +14,6 @@
{ lib, ... }: { lib, ... }:
{ {
imports = [ imports = [
../../../infra/common/proxmox-qemu-vm.nix
./wiki.nix ./wiki.nix
]; ];