From 588bb77a947372a44425a788775cbf17c93aa08e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Thu, 31 Jul 2025 15:41:02 +0200 Subject: [PATCH] Infra: expose and use checks for vmOptions and nixosConfigurations (#488) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Following https://git.fediversity.eu/Fediversity/Fediversity/pulls/478#issuecomment-9163, here is a PR that plugs the infra's `vmOptions` and `nixosConfigurations` outputs into flake checks, instead of calling random Nix commands from the CI. There is still a bit of magic in the CI, but that's because we don't have yet a Nix-aware CI that exposes one job per flake check. Reviewed-on: https://git.fediversity.eu/Fediversity/Fediversity/pulls/488 Reviewed-by: kiara Grouwstra Co-authored-by: Nicolas “Niols” Jeannerod Co-committed-by: Nicolas “Niols” Jeannerod --- .forgejo/workflows/ci.yaml | 13 +++-- infra/common/options.nix | 15 +++--- infra/flake-part.nix | 81 ++++++++++++++++++++-------- infra/proxmox-provision.sh | 6 --- infra/proxmox-remove.sh | 10 +--- machines/dev/fedi200/default.nix | 2 +- machines/dev/fedi201/default.nix | 2 +- machines/dev/forgejo-ci/default.nix | 1 + machines/dev/vm02116/default.nix | 2 +- machines/dev/vm02187/default.nix | 2 +- machines/operator/test01/default.nix | 2 +- machines/operator/test02/default.nix | 2 +- machines/operator/test03/default.nix | 2 +- machines/operator/test04/default.nix | 2 +- machines/operator/test05/default.nix | 2 +- machines/operator/test06/default.nix | 2 +- machines/operator/test11/default.nix | 2 +- machines/operator/test12/default.nix | 2 +- machines/operator/test13/default.nix | 2 +- machines/operator/test14/default.nix | 2 +- 20 files changed, 93 insertions(+), 61 deletions(-) diff --git a/.forgejo/workflows/ci.yaml b/.forgejo/workflows/ci.yaml index 3f553ef1..5015d407 100644 --- a/.forgejo/workflows/ci.yaml +++ b/.forgejo/workflows/ci.yaml @@ -69,9 +69,16 @@ jobs: - uses: actions/checkout@v4 - run: | set -euC + echo ==================== [ VM Options ] ==================== + machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).vmOptions)') + for machine in $machines; do + echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~ + nix build .#checks.x86_64-linux.vmOptions-$machine + done + echo + echo ==================== [ NixOS Configurations ] ==================== machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)') for machine in $machines; do - echo ==================== [ $machine ] ==================== - nix eval .#vmOptions.$machine - nix build .#nixosConfigurations.$machine.config.system.build.toplevel + echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~ + nix build .#checks.x86_64-linux.nixosConfigurations-$machine done diff --git a/infra/common/options.nix b/infra/common/options.nix index 413f9fb9..0bf629b5 100644 --- a/infra/common/options.nix +++ b/infra/common/options.nix @@ -20,16 +20,13 @@ in ''; }; - proxmox = mkOption { - type = types.nullOr ( - types.enum [ - "procolix" - "fediversity" - ] - ); + isFediversityVm = mkOption { + type = types.bool; description = '' - The Proxmox instance. This is used for provisioning only and should be - set to `null` if the machine is not a VM. + Whether the machine is a Fediversity VM or not. This is used to + determine whether the machine should be provisioned via Proxmox or not. + Machines that are _not_ Fediversity VM could be physical machines, or + VMs that live outside Fediversity, eg. on Procolix's Proxmox. ''; }; diff --git a/infra/flake-part.nix b/infra/flake-part.nix index 4b341ded..9bfd2269 100644 --- a/infra/flake-part.nix +++ b/infra/flake-part.nix @@ -14,6 +14,10 @@ let mkOption evalModules filterAttrs + attrsToList + map + listToAttrs + deepSeq ; inherit (lib.attrsets) genAttrs; @@ -134,27 +138,39 @@ let system = "x86_64-linux"; }; - makeVmOptions = isTestVm: vmName: { - inherit ((makeResourceConfig { inherit vmName isTestVm; }).fediversityVm) - proxmox - vmId - description - - sockets - cores - memory - diskSize - - hostPublicKey - unsafeHostPrivateKey - ; - }; + makeVmOptions = + isTestVm: vmName: + let + config = (makeResourceConfig { inherit vmName isTestVm; }).fediversityVm; + in + if config.isFediversityVm then + { + inherit (config) + vmId + description + sockets + cores + memory + diskSize + hostPublicKey + unsafeHostPrivateKey + ; + } + else + null; listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path)); machines = listSubdirectories ../machines/dev; testMachines = listSubdirectories ../machines/operator; + nixosConfigurations = + genAttrs machines (makeConfiguration false) + // genAttrs testMachines (makeConfiguration true); + vmOptions = + filterAttrs (_: value: value != null) # Filter out non-Fediversity VMs + (genAttrs machines (makeVmOptions false) // genAttrs testMachines (makeVmOptions true)); + in { _class = "flake"; @@ -178,10 +194,33 @@ in ) ); }; - flake.nixosConfigurations = - genAttrs machines (makeConfiguration false) - // genAttrs testMachines (makeConfiguration true); - flake.vmOptions = - genAttrs machines (makeVmOptions false) - // genAttrs testMachines (makeVmOptions true); + flake = { inherit nixosConfigurations vmOptions; }; + + perSystem = + { pkgs, ... }: + { + checks = + listToAttrs ( + map ( + { name, value }: + { + name = "nixosConfigurations-${name}"; + value = value.config.system.build.toplevel; + } + ) (attrsToList nixosConfigurations) + ) + // listToAttrs ( + map ( + { name, value }: + { + name = "vmOptions-${name}"; + ## Check that VM options builds/evaluates correctly. `deepSeq e1 + ## e2` evaluates `e1` strictly in depth before returning `e2`. We + ## use this trick because checks need to be derivations, which VM + ## options are not. + value = deepSeq value pkgs.hello; + } + ) (attrsToList vmOptions) + ); + }; } diff --git a/infra/proxmox-provision.sh b/infra/proxmox-provision.sh index 42aec63b..35ceb863 100755 --- a/infra/proxmox-provision.sh +++ b/infra/proxmox-provision.sh @@ -179,15 +179,9 @@ grab_vm_options () { --log-format raw --quiet ) - proxmox=$(echo "$options" | jq -r .proxmox) vm_id=$(echo "$options" | jq -r .vmId) description=$(echo "$options" | jq -r .description) - if [ "$proxmox" != fediversity ]; then - die "I do not know how to provision things that are not Fediversity VMs, -but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name" - fi - sockets=$(echo "$options" | jq -r .sockets) cores=$(echo "$options" | jq -r .cores) memory=$(echo "$options" | jq -r .memory) diff --git a/infra/proxmox-remove.sh b/infra/proxmox-remove.sh index a8ee2de9..e2795a01 100755 --- a/infra/proxmox-remove.sh +++ b/infra/proxmox-remove.sh @@ -167,16 +167,10 @@ grab_vm_options () { --log-format raw --quiet ) - proxmox=$(echo "$options" | jq -r .proxmox) vm_id=$(echo "$options" | jq -r .vmId) - if [ "$proxmox" != fediversity ]; then - die "I do not know how to remove things that are not Fediversity VMs, - but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name" - fi - - printf 'done grabing VM options for VM %s. Found VM %d on %s Proxmox.\n' \ - "$vm_name" "$vm_id" "$proxmox" + printf 'done grabing VM options for VM %s. Got id: %d.\n' \ + "$vm_name" "$vm_id" fi } diff --git a/machines/dev/fedi200/default.nix b/machines/dev/fedi200/default.nix index 6014da4f..36383199 100644 --- a/machines/dev/fedi200/default.nix +++ b/machines/dev/fedi200/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "fedi200"; + isFediversityVm = true; vmId = 200; - proxmox = "fediversity"; description = "Testing machine for Hans"; domain = "abundos.eu"; diff --git a/machines/dev/fedi201/default.nix b/machines/dev/fedi201/default.nix index 3197b157..f9b5123d 100644 --- a/machines/dev/fedi201/default.nix +++ b/machines/dev/fedi201/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "fedi201"; + isFediversityVm = true; vmId = 201; - proxmox = "fediversity"; description = "FediPanel"; domain = "abundos.eu"; diff --git a/machines/dev/forgejo-ci/default.nix b/machines/dev/forgejo-ci/default.nix index ee212b17..fc520136 100644 --- a/machines/dev/forgejo-ci/default.nix +++ b/machines/dev/forgejo-ci/default.nix @@ -22,6 +22,7 @@ in fediversityVm = { name = "forgejo-ci"; domain = "procolix.com"; + isFediversityVm = false; ipv4 = { interface = "enp1s0f0"; diff --git a/machines/dev/vm02116/default.nix b/machines/dev/vm02116/default.nix index 0ffd24ab..169b2149 100644 --- a/machines/dev/vm02116/default.nix +++ b/machines/dev/vm02116/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "vm02116"; + isFediversityVm = false; vmId = 2116; - proxmox = "procolix"; description = "Forgejo"; ipv4.address = "185.206.232.34"; diff --git a/machines/dev/vm02187/default.nix b/machines/dev/vm02187/default.nix index bc4e63f3..c085cab3 100644 --- a/machines/dev/vm02187/default.nix +++ b/machines/dev/vm02187/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "vm02187"; + isFediversityVm = false; vmId = 2187; - proxmox = "procolix"; description = "Wiki"; ipv4.address = "185.206.232.187"; diff --git a/machines/operator/test01/default.nix b/machines/operator/test01/default.nix index d644b6fe..d4c7e235 100644 --- a/machines/operator/test01/default.nix +++ b/machines/operator/test01/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "test01"; + isFediversityVm = true; vmId = 7001; - proxmox = "fediversity"; hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub; unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key; diff --git a/machines/operator/test02/default.nix b/machines/operator/test02/default.nix index 53385da7..28bed0a1 100644 --- a/machines/operator/test02/default.nix +++ b/machines/operator/test02/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "test02"; + isFediversityVm = true; vmId = 7002; - proxmox = "fediversity"; hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub; unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key; diff --git a/machines/operator/test03/default.nix b/machines/operator/test03/default.nix index ebfa3efb..4dd77d91 100644 --- a/machines/operator/test03/default.nix +++ b/machines/operator/test03/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "test03"; + isFediversityVm = true; vmId = 7003; - proxmox = "fediversity"; hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub; unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key; diff --git a/machines/operator/test04/default.nix b/machines/operator/test04/default.nix index f234393f..87bb0778 100644 --- a/machines/operator/test04/default.nix +++ b/machines/operator/test04/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "test04"; + isFediversityVm = true; vmId = 7004; - proxmox = "fediversity"; hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub; unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key; diff --git a/machines/operator/test05/default.nix b/machines/operator/test05/default.nix index de461d57..44043af9 100644 --- a/machines/operator/test05/default.nix +++ b/machines/operator/test05/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "test05"; + isFediversityVm = true; vmId = 7005; - proxmox = "fediversity"; hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub; unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key; diff --git a/machines/operator/test06/default.nix b/machines/operator/test06/default.nix index a43090de..83f9f996 100644 --- a/machines/operator/test06/default.nix +++ b/machines/operator/test06/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "test06"; + isFediversityVm = true; vmId = 7006; - proxmox = "fediversity"; hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub; unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key; diff --git a/machines/operator/test11/default.nix b/machines/operator/test11/default.nix index 848192d2..1015ac76 100644 --- a/machines/operator/test11/default.nix +++ b/machines/operator/test11/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "test11"; + isFediversityVm = true; vmId = 7011; - proxmox = "fediversity"; hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub; unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key; diff --git a/machines/operator/test12/default.nix b/machines/operator/test12/default.nix index a33b24c3..8f2d345f 100644 --- a/machines/operator/test12/default.nix +++ b/machines/operator/test12/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "test12"; + isFediversityVm = true; vmId = 7012; - proxmox = "fediversity"; hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub; unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key; diff --git a/machines/operator/test13/default.nix b/machines/operator/test13/default.nix index 97cdfb6b..dd7abef1 100644 --- a/machines/operator/test13/default.nix +++ b/machines/operator/test13/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "test13"; + isFediversityVm = true; vmId = 7013; - proxmox = "fediversity"; hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub; unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key; diff --git a/machines/operator/test14/default.nix b/machines/operator/test14/default.nix index 34b4c3c6..5a3b96e8 100644 --- a/machines/operator/test14/default.nix +++ b/machines/operator/test14/default.nix @@ -3,8 +3,8 @@ fediversityVm = { name = "test14"; + isFediversityVm = true; vmId = 7014; - proxmox = "fediversity"; hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub; unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;