diff --git a/flake.lock b/flake.lock index ad891639..e955e13c 100644 --- a/flake.lock +++ b/flake.lock @@ -571,6 +571,26 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743860185, + "narHash": "sha256-TkhfJ+vH+iGxLQL6RJLObMmldAQpysVJ+p1WnnKyIeQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "b5e29565131802cc8adee7dccede794226da8614", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "mk-naked-shell": { "flake": false, "locked": { @@ -1215,6 +1235,7 @@ "disko": "disko", "flake-parts": "flake-parts", "git-hooks": "git-hooks", + "home-manager": "home-manager_2", "nixops4": "nixops4", "nixops4-nixos": "nixops4-nixos", "nixpkgs": "nixpkgs_7" diff --git a/flake.nix b/flake.nix index dba9e55b..377448b3 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,8 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; flake-parts.url = "github:hercules-ci/flake-parts"; git-hooks.url = "github:cachix/git-hooks.nix"; + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; agenix.url = "github:ryantm/agenix"; disko.url = "github:nix-community/disko"; diff --git a/infra/common/resource.nix b/infra/common/resource.nix index 4606ddf4..bc17e743 100644 --- a/infra/common/resource.nix +++ b/infra/common/resource.nix @@ -34,6 +34,7 @@ in imports = [ inputs.agenix.nixosModules.default inputs.disko.nixosModules.default + inputs.home-manager.nixosModules.home-manager ./options.nix ./nixos ]; diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix index b49471bb..c3cc7a33 100644 --- a/infra/machines/fedi201/fedipanel.nix +++ b/infra/machines/fedi201/fedipanel.nix @@ -1,5 +1,6 @@ { config, + pkgs, ... }: let diff --git a/launch/resource.nix b/launch/resource.nix index 04811271..6b03305b 100644 --- a/launch/resource.nix +++ b/launch/resource.nix @@ -37,5 +37,8 @@ in ## FIXME: Remove direct root authentication once the NixOps4 NixOS provider ## supports users with password-less sudo. - users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors; + users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors ++ [ + # allow our panel vm access to the test machines + keys.systems.fedi201 + ]; } diff --git a/panel/nix/configuration.nix b/panel/nix/configuration.nix index 16d510fe..54653c18 100644 --- a/panel/nix/configuration.nix +++ b/panel/nix/configuration.nix @@ -186,7 +186,7 @@ in ''; serviceConfig = { Restart = "always"; - User = name; + User = "root"; WorkingDirectory = "/var/lib/${name}"; StateDirectory = name; RuntimeDirectory = name; diff --git a/panel/src/panel/views.py b/panel/src/panel/views.py index def63da9..52abcb70 100644 --- a/panel/src/panel/views.py +++ b/panel/src/panel/views.py @@ -103,7 +103,7 @@ class DeploymentStatus(ConfigurationForm): # Check for deploy button if "deploy" in self.request.POST.keys(): deployment_result, deployment_params = self.deployment(obj) - deployment_succeeded = deployment_result.returncode == 0 + deployment_succeeded = deployment_result == 0 return render(self.request, "partials/deployment_result.html", { "deployment_succeeded": deployment_succeeded, @@ -157,6 +157,6 @@ class DeploymentStatus(ConfigurationForm): "--auto-approve", "-lock=false", ] - deployment_result = subprocess.run(cmd, cwd=cwd, env=env) + deployment_result = subprocess.run(cmd, cwd=cwd, env=env, user="root") print(deployment_result) return deployment_result, deployment_params