Infra: expose and use checks for vmOptions and nixosConfigurations (#488)

Following Fediversity/Fediversity#478 (comment), here is a PR that plugs the infra's `vmOptions` and `nixosConfigurations` outputs into flake checks, instead of calling random Nix commands from the CI. There is still a bit of magic in the CI, but that's because we don't have yet a Nix-aware CI that exposes one job per flake check. Reviewed-on: Fediversity/Fediversity#488 Reviewed-by: kiara Grouwstra <kiara@procolix.eu> Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com> Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
2025-07-31 15:41:02 +02:00 · 2025-07-31 15:41:02 +02:00 · 588bb77a94
commit 588bb77a94
parent df3a070fa4
20 changed files with 93 additions and 61 deletions
--- a/.forgejo/workflows/ci.yaml
+++ b/.forgejo/workflows/ci.yaml
@ -69,9 +69,16 @@ jobs:
      - uses: actions/checkout@v4
      - run: |
          set -euC
+          echo ==================== [ VM Options ] ====================
+          machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).vmOptions)')
+          for machine in $machines; do
+            echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
+            nix build .#checks.x86_64-linux.vmOptions-$machine
+          done
+          echo
+          echo ==================== [ NixOS Configurations ] ====================
          machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)')
          for machine in $machines; do
-            echo ==================== [ $machine ] ====================
-            nix eval .#vmOptions.$machine
-            nix build .#nixosConfigurations.$machine.config.system.build.toplevel
+            echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
+            nix build .#checks.x86_64-linux.nixosConfigurations-$machine
          done
--- a/infra/common/options.nix
+++ b/infra/common/options.nix
@ -20,16 +20,13 @@ in
      '';
    };

-    proxmox = mkOption {
-      type = types.nullOr (
-        types.enum [
-          "procolix"
-          "fediversity"
-        ]
-      );
+    isFediversityVm = mkOption {
+      type = types.bool;
      description = ''
-        The Proxmox instance. This is used for provisioning only and should be
-        set to `null` if the machine is not a VM.
+        Whether the machine is a Fediversity VM or not. This is used to
+        determine whether the machine should be provisioned via Proxmox or not.
+        Machines that are _not_ Fediversity VM could be physical machines, or
+        VMs that live outside Fediversity, eg. on Procolix's Proxmox.
      '';
    };

--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -14,6 +14,10 @@ let
    mkOption
    evalModules
    filterAttrs
+    attrsToList
+    map
+    listToAttrs
+    deepSeq
    ;
  inherit (lib.attrsets) genAttrs;

@ -134,27 +138,39 @@ let
      system = "x86_64-linux";
    };

-  makeVmOptions = isTestVm: vmName: {
-    inherit ((makeResourceConfig { inherit vmName isTestVm; }).fediversityVm)
-      proxmox
-      vmId
-      description
-
-      sockets
-      cores
-      memory
-      diskSize
-
-      hostPublicKey
-      unsafeHostPrivateKey
-      ;
-  };
+  makeVmOptions =
+    isTestVm: vmName:
+    let
+      config = (makeResourceConfig { inherit vmName isTestVm; }).fediversityVm;
+    in
+    if config.isFediversityVm then
+      {
+        inherit (config)
+          vmId
+          description
+          sockets
+          cores
+          memory
+          diskSize
+          hostPublicKey
+          unsafeHostPrivateKey
+          ;
+      }
+    else
+      null;

  listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path));

  machines = listSubdirectories ../machines/dev;
  testMachines = listSubdirectories ../machines/operator;

+  nixosConfigurations =
+    genAttrs machines (makeConfiguration false)
+    // genAttrs testMachines (makeConfiguration true);
+  vmOptions =
+    filterAttrs (_: value: value != null) # Filter out non-Fediversity VMs
+      (genAttrs machines (makeVmOptions false) // genAttrs testMachines (makeVmOptions true));
+
 in
 {
  _class = "flake";
@ -178,10 +194,33 @@ in
      )
    );
  };
-  flake.nixosConfigurations =
-    genAttrs machines (makeConfiguration false)
-    // genAttrs testMachines (makeConfiguration true);
-  flake.vmOptions =
-    genAttrs machines (makeVmOptions false)
-    // genAttrs testMachines (makeVmOptions true);
+  flake = { inherit nixosConfigurations vmOptions; };
+
+  perSystem =
+    { pkgs, ... }:
+    {
+      checks =
+        listToAttrs (
+          map (
+            { name, value }:
+            {
+              name = "nixosConfigurations-${name}";
+              value = value.config.system.build.toplevel;
+            }
+          ) (attrsToList nixosConfigurations)
+        )
+        // listToAttrs (
+          map (
+            { name, value }:
+            {
+              name = "vmOptions-${name}";
+              ## Check that VM options builds/evaluates correctly. `deepSeq e1
+              ## e2` evaluates `e1` strictly in depth before returning `e2`. We
+              ## use this trick because checks need to be derivations, which VM
+              ## options are not.
+              value = deepSeq value pkgs.hello;
+            }
+          ) (attrsToList vmOptions)
+        );
+    };
 }
--- a/infra/proxmox-provision.sh
+++ b/infra/proxmox-provision.sh
@ -179,15 +179,9 @@ grab_vm_options () {
    --log-format raw --quiet
  )

-  proxmox=$(echo "$options" | jq -r .proxmox)
  vm_id=$(echo "$options" | jq -r .vmId)
  description=$(echo "$options" | jq -r .description)

-  if [ "$proxmox" != fediversity ]; then
-    die "I do not know how to provision things that are not Fediversity VMs,
-but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name"
-  fi
-
  sockets=$(echo "$options" | jq -r .sockets)
  cores=$(echo "$options" | jq -r .cores)
  memory=$(echo "$options" | jq -r .memory)
--- a/infra/proxmox-remove.sh
+++ b/infra/proxmox-remove.sh
@ -167,16 +167,10 @@ grab_vm_options () {
      --log-format raw --quiet
    )

-    proxmox=$(echo "$options" | jq -r .proxmox)
    vm_id=$(echo "$options" | jq -r .vmId)

-    if [ "$proxmox" != fediversity ]; then
-      die "I do not know how to remove things that are not Fediversity VMs,
-  but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name"
-    fi
-
-    printf 'done grabing VM options for VM %s. Found VM %d on %s Proxmox.\n' \
-      "$vm_name" "$vm_id" "$proxmox"
+    printf 'done grabing VM options for VM %s. Got id: %d.\n' \
+      "$vm_name" "$vm_id"
  fi
 }

--- a/machines/dev/fedi200/default.nix
+++ b/machines/dev/fedi200/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "fedi200";
+    isFediversityVm = true;
    vmId = 200;
-    proxmox = "fediversity";
    description = "Testing machine for Hans";

    domain = "abundos.eu";
--- a/machines/dev/fedi201/default.nix
+++ b/machines/dev/fedi201/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "fedi201";
+    isFediversityVm = true;
    vmId = 201;
-    proxmox = "fediversity";
    description = "FediPanel";

    domain = "abundos.eu";
--- a/machines/dev/forgejo-ci/default.nix
+++ b/machines/dev/forgejo-ci/default.nix
@ -22,6 +22,7 @@ in
  fediversityVm = {
    name = "forgejo-ci";
    domain = "procolix.com";
+    isFediversityVm = false;

    ipv4 = {
      interface = "enp1s0f0";
--- a/machines/dev/vm02116/default.nix
+++ b/machines/dev/vm02116/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "vm02116";
+    isFediversityVm = false;
    vmId = 2116;
-    proxmox = "procolix";
    description = "Forgejo";

    ipv4.address = "185.206.232.34";
--- a/machines/dev/vm02187/default.nix
+++ b/machines/dev/vm02187/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "vm02187";
+    isFediversityVm = false;
    vmId = 2187;
-    proxmox = "procolix";
    description = "Wiki";

    ipv4.address = "185.206.232.187";
--- a/machines/operator/test01/default.nix
+++ b/machines/operator/test01/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "test01";
+    isFediversityVm = true;
    vmId = 7001;
-    proxmox = "fediversity";

    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test02/default.nix
+++ b/machines/operator/test02/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "test02";
+    isFediversityVm = true;
    vmId = 7002;
-    proxmox = "fediversity";

    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test03/default.nix
+++ b/machines/operator/test03/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "test03";
+    isFediversityVm = true;
    vmId = 7003;
-    proxmox = "fediversity";

    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test04/default.nix
+++ b/machines/operator/test04/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "test04";
+    isFediversityVm = true;
    vmId = 7004;
-    proxmox = "fediversity";

    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test05/default.nix
+++ b/machines/operator/test05/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "test05";
+    isFediversityVm = true;
    vmId = 7005;
-    proxmox = "fediversity";

    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test06/default.nix
+++ b/machines/operator/test06/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "test06";
+    isFediversityVm = true;
    vmId = 7006;
-    proxmox = "fediversity";

    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test11/default.nix
+++ b/machines/operator/test11/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "test11";
+    isFediversityVm = true;
    vmId = 7011;
-    proxmox = "fediversity";

    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test12/default.nix
+++ b/machines/operator/test12/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "test12";
+    isFediversityVm = true;
    vmId = 7012;
-    proxmox = "fediversity";

    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test13/default.nix
+++ b/machines/operator/test13/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "test13";
+    isFediversityVm = true;
    vmId = 7013;
-    proxmox = "fediversity";

    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test14/default.nix
+++ b/machines/operator/test14/default.nix
@ -3,8 +3,8 @@

  fediversityVm = {
    name = "test14";
+    isFediversityVm = true;
    vmId = 7014;
-    proxmox = "fediversity";

    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;