Fix infra and add more tests (#478)

This PR contains a bunch of small fixes having to do with infra code. The goal is not to fix everything as that would require a full rewrite. Instead, we fix just what is necessary to get some testing going on. Once that is available, we will be able to work on a full refactor with more guarantees. Something of note is that most of the difficulty was to find code that would make both `nixops4 apply` _and_ `nix build .#nixosConfigurations.<machine>` happy. The takeaway is that the tests that we are adding now will not catch a whole class of tests having to do with how NixOps4 wires up the resources. Still, this is probably less significant as we are supposed to use NixOps4 every now and then. The commits should be read separately. Reviewed-on: Fediversity/Fediversity#478 Reviewed-by: kiara Grouwstra <kiara@procolix.eu> Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com> Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
2025-07-30 12:31:03 +02:00 · 2025-07-30 12:31:03 +02:00 · 1b66028f32
commit 1b66028f32
parent 4509d277d3
9 changed files with 59 additions and 65 deletions
--- a/.forgejo/workflows/ci.yaml
+++ b/.forgejo/workflows/ci.yaml
@ -56,3 +56,22 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - run: nix build .#checks.x86_64-linux.deployment-panel -L
+
+  ## NOTE: NixOps4 does not provide a good “dry run” mode, so we instead check
+  ## proxies for resources, namely whether their `.#vmOptions.<machine>` and
+  ## `.#nixosConfigurations.<machine>` outputs evaluate and build correctly, and
+  ## whether we can dry run `infra/proxmox-*.sh` on them. This will not catch
+  ## everything, and in particular not issues in how NixOps4 wires up the
+  ## resources, but that is still something.
+  check-resources:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          set -euC
+          machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)')
+          for machine in $machines; do
+            echo ==================== [ $machine ] ====================
+            nix eval .#vmOptions.$machine
+            nix build .#nixosConfigurations.$machine.config.system.build.toplevel
+          done
--- a/infra/common/proxmox-qemu-vm.nix
+++ b/infra/common/proxmox-qemu-vm.nix
@ -1,10 +1,14 @@
-{ sources, ... }:
+{ ... }:
+
 {
  _class = "nixos";

-  imports = [
-    "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
-  ];
+  ## FIXME: It would be nice, but the following leads to infinite recursion
+  ## in the way we currently plug `sources` in.
+  ##
+  # imports = [
+  #   "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
+  # ];

  boot = {
    initrd = {
--- a/infra/common/resource.nix
+++ b/infra/common/resource.nix
@ -2,7 +2,6 @@
  inputs,
  lib,
  config,
-  sources,
  keys,
  secrets,
  ...
@ -33,8 +32,6 @@ in
  ## should go into the `./nixos` subdirectory.
  nixos.module = {
    imports = [
-      "${sources.agenix}/modules/age.nix"
-      "${sources.disko}/module.nix"
      ./options.nix
      ./nixos
    ];
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -23,19 +23,30 @@ let
  makeResourceModule =
    { vmName, isTestVm }:
    {
-      nixos.module.imports = [
-        ./common/proxmox-qemu-vm.nix
-      ];
-
-      nixos.specialArgs = {
+      # TODO(@fricklerhandwerk): this is terrible but IMO we should just ditch flake-parts and have our own data model for how the project is organised internally
+      _module.args = {
        inherit
-          sources
          inputs
          keys
          secrets
+          sources
          ;
      };

+      nixos.module.imports = [
+        ## FIXME: It would be preferrable to have those `sources`-related
+        ## imports in the modules that use them. However, doing so triggers
+        ## infinite recursions because of the way we propagate `sources`.
+        ## `sources` must be propagated by means of `specialArgs`, but this
+        ## requires a bigger change.
+        "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
+        "${sources.agenix}/modules/age.nix"
+        "${sources.disko}/module.nix"
+        "${sources.home-manager}/nixos"
+
+        ./common/proxmox-qemu-vm.nix
+      ];
+
      imports =
        [
          ./common/resource.nix
@ -65,27 +76,6 @@ let
    vmNames:
    { providers, ... }:
    {
-      # XXX: this type merge is for adding `specialArgs` to resource modules
-      options.resources = mkOption {
-        type =
-          with lib.types;
-          lazyAttrsOf (submoduleWith {
-            class = "nixops4Resource";
-            modules = [ ];
-            # TODO(@fricklerhandwerk): we may want to pass through all of `specialArgs`
-            # once we're sure it's sane. leaving it here for better control during refactoring.
-            specialArgs = {
-              inherit
-                sources
-                inputs
-                keys
-                secrets
-
-                ;
-            };
-          });
-      };
-      config = {
      providers.local = inputs.nixops4.modules.nixops4Provider.local;
      resources = genAttrs vmNames (vmName: {
        type = providers.local.exec;
@ -98,7 +88,6 @@ let
        ];
      });
    };
-    };
  makeDeployment' = vmName: makeDeployment [ vmName ];

  ## Given an attrset of test configurations (key = test machine name, value =
@ -139,7 +128,7 @@ let
    ## this is only needed to expose NixOS configurations for provisioning
    ## purposes, and eventually all of this should be handled by NixOps4.
    options = {
-      nixos.module = mkOption { }; # NOTE: not just `nixos` otherwise merging will go wrong
+      nixos.module = mkOption { type = lib.types.deferredModule; }; # NOTE: not just `nixos` otherwise merging will go wrong
      nixpkgs = mkOption { };
      ssh = mkOption { };
    };
@ -157,13 +146,9 @@ let
  ## Given a VM name, make a NixOS configuration for this machine.
  makeConfiguration =
    isTestVm: vmName:
-    let
-      inherit (sources) nixpkgs;
-    in
-    import "${nixpkgs}/nixos" {
-      modules = [
-        (makeResourceConfig { inherit vmName isTestVm; }).nixos.module
-      ];
+    import "${sources.nixpkgs}/nixos" {
+      configuration = (makeResourceConfig { inherit vmName isTestVm; }).nixos.module;
+      system = "x86_64-linux";
    };

  makeVmOptions = isTestVm: vmName: {
--- a/machines/dev/fedi200/default.nix
+++ b/machines/dev/fedi200/default.nix
@ -16,10 +16,4 @@
      gateway = "2a00:51c0:13:1305::1";
    };
  };
-
-  nixos.module = {
-    imports = [
-      ../../../infra/common/proxmox-qemu-vm.nix
-    ];
-  };
 }
--- a/machines/dev/fedi201/default.nix
+++ b/machines/dev/fedi201/default.nix
@ -19,7 +19,6 @@

  nixos.module = {
    imports = [
-      ../../../infra/common/proxmox-qemu-vm.nix
      ./fedipanel.nix
    ];
  };
--- a/machines/dev/fedi201/fedipanel.nix
+++ b/machines/dev/fedi201/fedipanel.nix
@ -1,6 +1,5 @@
 {
  config,
-  sources,
  ...
 }:
 let
@ -11,7 +10,6 @@ in

  imports = [
    (import ../../../panel { }).module
-    "${sources.home-manager}/nixos"
  ];

  security.acme = {
--- a/machines/dev/vm02116/default.nix
+++ b/machines/dev/vm02116/default.nix
@ -14,7 +14,6 @@
    { lib, ... }:
    {
      imports = [
-        ../../../infra/common/proxmox-qemu-vm.nix
        ./forgejo.nix
      ];

--- a/machines/dev/vm02187/default.nix
+++ b/machines/dev/vm02187/default.nix
@ -14,7 +14,6 @@
    { lib, ... }:
    {
      imports = [
-        ../../../infra/common/proxmox-qemu-vm.nix
        ./wiki.nix
      ];