forked from fediversity/fediversity
		
	update deployment
This commit is contained in:
		
							parent
							
								
									db827dcfab
								
							
						
					
					
						commit
						2759757cc4
					
				
					 2 changed files with 135 additions and 33 deletions
				
			
		|  | @ -8,6 +8,8 @@ | |||
| let | ||||
|   inherit (sources) nixpkgs; | ||||
|   lib = import "${nixpkgs}/lib"; | ||||
|   deployment-config = config; | ||||
|   inherit (lib) mkOption types; | ||||
|   eval = | ||||
|     module: | ||||
|     (lib.evalModules { | ||||
|  | @ -20,47 +22,132 @@ let | |||
|       ]; | ||||
|     }).config; | ||||
|   fediversity = eval ( | ||||
|     { ... }: | ||||
|     { config, ... }: | ||||
|     { | ||||
|       config = { | ||||
|         environments.single-nixos-vm = | ||||
|           { ... }: | ||||
|           { | ||||
|             implementation = requests: { | ||||
|               input = requests; | ||||
|               output.ssh-host = { | ||||
|                 ssh = { | ||||
|                   host = "localhost"; | ||||
|                   username = "root"; | ||||
|                   key-file = null; | ||||
|         resources.login-shell = { | ||||
|           description = "The operator needs to be able to log into the shell"; | ||||
|           request = | ||||
|             { ... }: | ||||
|             { | ||||
|               _class = "fediversity-resource-request"; | ||||
|               options = { | ||||
|                 wheel = mkOption { | ||||
|                   description = "Whether the login user needs root permissions"; | ||||
|                   type = types.bool; | ||||
|                   default = false; | ||||
|                 }; | ||||
|                 nixos-configuration = | ||||
|                   { pkgs, ... }: | ||||
|                   { | ||||
|                     imports = [ | ||||
|                       ../common/sharedOptions.nix | ||||
|                       ../common/targetNode.nix | ||||
|                       "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" | ||||
|                     ]; | ||||
| 
 | ||||
|                     inherit (config) enableAcme; | ||||
|                     acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null; | ||||
| 
 | ||||
|                     environment.systemPackages = with pkgs; [ | ||||
|                       hello | ||||
|                     ]; | ||||
| 
 | ||||
|                     users.users = config.resources.shell.login-shell.apply ( | ||||
|                       lib.filterAttrs (_name: value: value ? login-shell) requests | ||||
|                     ); | ||||
|                 packages = mkOption { | ||||
|                   description = "Packages that need to be available in the user environment"; | ||||
|                   type = with types; attrsOf package; | ||||
|                 }; | ||||
|               }; | ||||
|             }; | ||||
|           policy = | ||||
|             { config, ... }: | ||||
|             { | ||||
|               _class = "fediversity-resource-policy"; | ||||
|               options = { | ||||
|                 username = mkOption { | ||||
|                   description = "Username for the operator"; | ||||
|                   type = types.str; # TODO: use the proper constraints from NixOS | ||||
|                 }; | ||||
|                 wheel = mkOption { | ||||
|                   description = "Whether to allow login with root permissions"; | ||||
|                   type = types.bool; | ||||
|                   default = false; | ||||
|                 }; | ||||
|               }; | ||||
|               config = { | ||||
|                 resource-type = types.raw; # TODO: splice out the user type from NixOS | ||||
|                 apply = | ||||
|                   requests: | ||||
|                   let | ||||
|                     # Filter out requests that need wheel if policy doesn't allow it | ||||
|                     validRequests = lib.filterAttrs ( | ||||
|                       _name: req: !req.login-shell.wheel || config.wheel | ||||
|                     ) requests.resources; | ||||
|                   in | ||||
|                   lib.optionalAttrs (validRequests != { }) { | ||||
|                     ${config.username} = { | ||||
|                       isNormalUser = true; | ||||
|                       packages = | ||||
|                         with lib; | ||||
|                         attrValues (concatMapAttrs (_name: request: request.login-shell.packages) validRequests); | ||||
|                       extraGroups = lib.optional config.wheel "wheel"; | ||||
|                     }; | ||||
|                   }; | ||||
|               }; | ||||
|             }; | ||||
|         }; | ||||
|         applications.hello = | ||||
|           { pkgs, ... }: | ||||
|           { | ||||
|             description = ''Command-line tool that will print "Hello, world!" on the terminal''; | ||||
|             module = | ||||
|               { ... }: | ||||
|               { | ||||
|                 options.enable = lib.mkEnableOption "Hello in the shell"; | ||||
|               }; | ||||
|             implementation = cfg: { | ||||
|               input = cfg; | ||||
|               output = lib.optionalAttrs cfg.enable { | ||||
|                 resources.hello.login-shell.packages.hello = pkgs.hello; | ||||
|               }; | ||||
|             }; | ||||
|           }; | ||||
|         environments.single-nixos-vm = environment: { | ||||
|           resources."operator-environment".login-shell.username = "operator"; | ||||
|           implementation = requests: { | ||||
|             input = requests; | ||||
|             output.ssh-host = { | ||||
|               ssh = { | ||||
|                 username = "root"; | ||||
|                 inherit (deployment-config) host; | ||||
|                 key-file = null; | ||||
|               }; | ||||
|               nixos-configuration = | ||||
|                 { pkgs, ... }: | ||||
|                 { | ||||
|                   imports = [ | ||||
|                     ./options.nix | ||||
|                     ../common/sharedOptions.nix | ||||
|                     ../common/targetNode.nix | ||||
|                     "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" | ||||
|                   ]; | ||||
| 
 | ||||
|                   inherit (deployment-config) enableAcme; | ||||
|                   acmeNodeIP = | ||||
|                     if deployment-config.enableAcme then | ||||
|                       deployment-config.nodes.acme.networking.primaryIPAddress | ||||
|                     else | ||||
|                       null; | ||||
| 
 | ||||
|                   environment.systemPackages = with pkgs; [ | ||||
|                     hello | ||||
|                   ]; | ||||
| 
 | ||||
|                   users.users = environment.config.resources."operator-environment".login-shell.apply { | ||||
|                     resources = lib.filterAttrs (_name: value: value ? login-shell) requests; | ||||
|                   }; | ||||
|                 }; | ||||
|             }; | ||||
|           }; | ||||
|         }; | ||||
|       }; | ||||
|       options = { | ||||
|         "example-configuration" = mkOption { | ||||
|           type = config.configuration; | ||||
|           default = { | ||||
|             enable = true; | ||||
|             applications.hello.enable = true; | ||||
|           }; | ||||
|         }; | ||||
|         "example-deployment" = mkOption { | ||||
|           default = config.environments.single-nixos-vm.deployment config."example-configuration"; | ||||
|         }; | ||||
|       }; | ||||
|     } | ||||
|   ); | ||||
| in | ||||
| fediversity.environments.single-nixos-vm.deployment { | ||||
|   enable = true; | ||||
| } | ||||
| fediversity."example-deployment" | ||||
|  |  | |||
							
								
								
									
										15
									
								
								deployment/check/data-model/options.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								deployment/check/data-model/options.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,15 @@ | |||
| { | ||||
|   lib, | ||||
|   ... | ||||
| }: | ||||
| let | ||||
|   inherit (lib) types; | ||||
| in | ||||
| { | ||||
|   options = { | ||||
|     host = lib.mkOption { | ||||
|       type = types.str; | ||||
|       description = "name of the host to deploy to"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
		Loading…
	
	Add table
		
		Reference in a new issue