kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Get rid of the deployment/ directory

Browse source
This commit is contained in:
Nicolas Jeannerod 2025-02-24 12:27:47 +01:00
parent f4153a048c
commit 3f9c174d97
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
5 changed files with 2 additions and 295 deletions

7
README.md
View file

@ -118,12 +118,9 @@ Contact the project team if you have questions or suggestions, or if you're inte
Most of the directories in this repository have their own README going into more Most of the directories in this repository have their own README going into more
details as to what they are for. As an overview: details as to what they are for. As an overview:
- [`deployment/`](./deployment) contains bits and pieces having to do with
auto-deployment of test VMs on a private Proxmox. This directory is
deprecated, the information it contains outdate. Refer to `infra/` instead.
- [`infra/`](./infra) contains the configurations for the various VMs that are - [`infra/`](./infra) contains the configurations for the various VMs that are
in production for the project, for instance the Git instances or the Wiki. in production for the project, for instance the Git instances or the Wiki, as
well as means to provision and set up new ones.
- [`keys/`](./keys) contains the public keys of the contributors to this project - [`keys/`](./keys) contains the public keys of the contributors to this project
as well as the systems that we administrate. as well as the systems that we administrate.

136
deployment/flake-part.nix
View file

@ -1,136 +0,0 @@
{ inputs, self, ... }:
let
allVmIds = builtins.genList (x: 100 + x) 156; # 100 -- 255
in
{
flake.nixosConfigurations.provisioning =
let
inherit (builtins) map listToAttrs;
makeProvisioningConfiguration =
vmid:
inputs.nixpkgs.lib.nixosSystem {
modules = [
{ procolix.vmid = vmid; }
./procolixVm.nix
inputs.disko.nixosModules.default
];
};
in
listToAttrs (
map (vmid: {
name = "fedi${toString vmid}";
value = makeProvisioningConfiguration vmid;
}) allVmIds
);
nixops4Deployments.feditest =
{ providers, ... }:
let
inherit (builtins) readFile;
makeProcolixVmResource = vmid: vmconfig: {
type = providers.local.exec;
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
ssh = {
host = "95.215.187.${toString vmid}";
hostPublicKey = readFile ./hostKeys/fedi${toString vmid}/ssh_host_ed25519_key.pub;
};
nixpkgs = inputs.nixpkgs;
nixos.module = {
imports = [
vmconfig
{ procolix.vmid = vmid; }
./procolixVm.nix
self.nixosModules.fediversity
inputs.disko.nixosModules.default
];
};
};
## NOTE: All of these secrets are publicly available in this source file
## and will end up in the Nix store. We don't care as they are only ever
## used for testing anyway.
pixelfedS3KeyConfig =
{ pkgs, ... }:
{
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GKb5615457d44214411e673b7b";
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
};
mastodonS3KeyConfig =
{ pkgs, ... }:
{
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK3515373e4c851ebaad366558";
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
};
peertubeS3KeyConfig =
{ pkgs, ... }:
{
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK1f9feea9960f6f95ff404c9b";
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395";
};
in
{
providers = { inherit (inputs.nixops4.modules.nixops4Provider) local; };
resources = {
fedi100 = makeProcolixVmResource 100 (
{ pkgs, ... }:
{
fediversity = {
domain = "abundos.eu";
garage.enable = true;
pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
mastodon = mastodonS3KeyConfig { inherit pkgs; };
peertube = peertubeS3KeyConfig { inherit pkgs; };
};
}
);
fedi101 = makeProcolixVmResource 101 (
{ pkgs, ... }:
{
fediversity = {
domain = "abundos.eu";
pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
enable = true;
};
};
}
);
fedi102 = makeProcolixVmResource 102 (
{ pkgs, ... }:
{
fediversity = {
domain = "abundos.eu";
mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
enable = true;
};
temp.cores = 1; # FIXME: should come from NixOps4 eventually
};
}
);
fedi103 = makeProcolixVmResource 103 (
{ pkgs, ... }:
{
fediversity = {
domain = "abundos.eu";
peertube = peertubeS3KeyConfig { inherit pkgs; } // {
enable = true;
## NOTE: Only ever used for testing anyway.
secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
};
};
}
);
};
};
}

153
deployment/procolixVm.nix
View file

@ -1,153 +0,0 @@
{
lib,
config,
modulesPath,
...
}:
let
inherit (lib) mkOption;
inherit (lib.types) types;
in
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
options = {
procolix = {
vmid = mkOption {
type = types.ints.between 100 255;
description = ''
Identifier of the machine. This is a number between 100 and 255.
'';
};
};
};
config = {
########################################################################
## Network
services.openssh.enable = true;
networking = {
hostName = "fedi${toString config.procolix.vmid}";
domain = "procolix.com";
interfaces = {
eth0 = {
ipv4 = {
addresses = [
{
address = "95.215.187.${toString config.procolix.vmid}";
prefixLength = 24;
}
];
};
ipv6 = {
addresses = [
{
address = "2a00:51c0:13:1305::${toString config.procolix.vmid}";
prefixLength = 64;
}
];
};
};
};
defaultGateway = {
address = "95.215.187.1";
interface = "eth0";
};
defaultGateway6 = {
address = "2a00:51c0:13:1305::1";
interface = "eth0";
};
nameservers = [
"95.215.185.6"
"95.215.185.7"
];
};
########################################################################
## Hardware
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ "dm-snapshot" ];
};
};
disko.devices.disk.main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
MBR = {
priority = 0;
size = "1M";
type = "EF02";
};
ESP = {
priority = 1;
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
priority = 2;
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
########################################################################
## Miscellaneous
services.qemuGuest.enable = true;
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY"
];
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
system.stateVersion = "24.05"; # Did you read the comment?
};
}

1
flake.nix
View file

@ -25,7 +25,6 @@
inputs.git-hooks.flakeModule inputs.git-hooks.flakeModule
inputs.nixops4.modules.flake.default inputs.nixops4.modules.flake.default
./deployment/flake-part.nix
./infra/flake-part.nix ./infra/flake-part.nix
./services/flake-part.nix ./services/flake-part.nix
]; ];

0
deployment/README.md → infra/old-deployment-readme.md
View file