Infra: expose and use checks for vmOptions and nixosConfigurations (#488)

Following Fediversity/Fediversity#478 (comment), here is a PR that plugs the infra's `vmOptions` and `nixosConfigurations` outputs into flake checks, instead of calling random Nix commands from the CI. There is still a bit of magic in the CI, but that's because we don't have yet a Nix-aware CI that exposes one job per flake check. Reviewed-on: Fediversity/Fediversity#488 Reviewed-by: kiara Grouwstra <kiara@procolix.eu> Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com> Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
2025-07-31 15:41:02 +02:00 · 2025-07-31 15:41:02 +02:00 · 588bb77a94
commit 588bb77a94
parent df3a070fa4
20 changed files with 93 additions and 61 deletions
--- a/.forgejo/workflows/ci.yaml
+++ b/.forgejo/workflows/ci.yaml
@ -69,9 +69,16 @@ jobs:
      - uses: actions/checkout@v4
      - run: |
          set -euC
          echo ==================== [ VM Options ] ====================
          machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).vmOptions)')
          for machine in $machines; do
            echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
            nix build .#checks.x86_64-linux.vmOptions-$machine
          done
          echo
          echo ==================== [ NixOS Configurations ] ====================
          machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)')
          for machine in $machines; do
-            echo ==================== [ $machine ] ====================
+            echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
-            nix eval .#vmOptions.$machine
+            nix build .#checks.x86_64-linux.nixosConfigurations-$machine
            nix build .#nixosConfigurations.$machine.config.system.build.toplevel
          done
--- a/infra/common/options.nix
+++ b/infra/common/options.nix
@ -20,16 +20,13 @@ in
      '';
    };
-    proxmox = mkOption {
+    isFediversityVm = mkOption {
-      type = types.nullOr (
+      type = types.bool;
        types.enum [
          "procolix"
          "fediversity"
        ]
      );
      description = ''
-        The Proxmox instance. This is used for provisioning only and should be
+        Whether the machine is a Fediversity VM or not. This is used to
-        set to `null` if the machine is not a VM.
+        determine whether the machine should be provisioned via Proxmox or not.
        Machines that are _not_ Fediversity VM could be physical machines, or
        VMs that live outside Fediversity, eg. on Procolix's Proxmox.
      '';
    };
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -14,6 +14,10 @@ let
    mkOption
    evalModules
    filterAttrs
    attrsToList
    map
    listToAttrs
    deepSeq
    ;
  inherit (lib.attrsets) genAttrs;
@ -134,27 +138,39 @@ let
      system = "x86_64-linux";
    };
-  makeVmOptions = isTestVm: vmName: {
+  makeVmOptions =
-    inherit ((makeResourceConfig { inherit vmName isTestVm; }).fediversityVm)
+    isTestVm: vmName:
-      proxmox
+    let
-      vmId
+      config = (makeResourceConfig { inherit vmName isTestVm; }).fediversityVm;
-      description
+    in
-
+    if config.isFediversityVm then
-      sockets
+      {
-      cores
+        inherit (config)
-      memory
+          vmId
-      diskSize
+          description
-
+          sockets
-      hostPublicKey
+          cores
-      unsafeHostPrivateKey
+          memory
-      ;
+          diskSize
-  };
+          hostPublicKey
          unsafeHostPrivateKey
          ;
      }
    else
      null;
  listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path));
  machines = listSubdirectories ../machines/dev;
  testMachines = listSubdirectories ../machines/operator;
  nixosConfigurations =
    genAttrs machines (makeConfiguration false)
    // genAttrs testMachines (makeConfiguration true);
  vmOptions =
    filterAttrs (_: value: value != null) # Filter out non-Fediversity VMs
      (genAttrs machines (makeVmOptions false) // genAttrs testMachines (makeVmOptions true));
 in
 {
  _class = "flake";
@ -178,10 +194,33 @@ in
      )
    );
  };
-  flake.nixosConfigurations =
+  flake = { inherit nixosConfigurations vmOptions; };
-    genAttrs machines (makeConfiguration false)
+
-    // genAttrs testMachines (makeConfiguration true);
+  perSystem =
-  flake.vmOptions =
+    { pkgs, ... }:
-    genAttrs machines (makeVmOptions false)
+    {
-    // genAttrs testMachines (makeVmOptions true);
+      checks =
        listToAttrs (
          map (
            { name, value }:
            {
              name = "nixosConfigurations-${name}";
              value = value.config.system.build.toplevel;
            }
          ) (attrsToList nixosConfigurations)
        )
        // listToAttrs (
          map (
            { name, value }:
            {
              name = "vmOptions-${name}";
              ## Check that VM options builds/evaluates correctly. `deepSeq e1
              ## e2` evaluates `e1` strictly in depth before returning `e2`. We
              ## use this trick because checks need to be derivations, which VM
              ## options are not.
              value = deepSeq value pkgs.hello;
            }
          ) (attrsToList vmOptions)
        );
    };
 }
--- a/infra/proxmox-provision.sh
+++ b/infra/proxmox-provision.sh
@ -179,15 +179,9 @@ grab_vm_options () {
    --log-format raw --quiet
  )
  proxmox=$(echo "$options" | jq -r .proxmox)
  vm_id=$(echo "$options" | jq -r .vmId)
  description=$(echo "$options" | jq -r .description)
  if [ "$proxmox" != fediversity ]; then
    die "I do not know how to provision things that are not Fediversity VMs,
 but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name"
  fi
  sockets=$(echo "$options" | jq -r .sockets)
  cores=$(echo "$options" | jq -r .cores)
  memory=$(echo "$options" | jq -r .memory)
--- a/infra/proxmox-remove.sh
+++ b/infra/proxmox-remove.sh
@ -167,16 +167,10 @@ grab_vm_options () {
      --log-format raw --quiet
    )
    proxmox=$(echo "$options" | jq -r .proxmox)
    vm_id=$(echo "$options" | jq -r .vmId)
-    if [ "$proxmox" != fediversity ]; then
+    printf 'done grabing VM options for VM %s. Got id: %d.\n' \
-      die "I do not know how to remove things that are not Fediversity VMs,
+      "$vm_name" "$vm_id"
  but I got proxmox = '%s' for VM %s." "$proxmox" "$vm_name"
    fi
    printf 'done grabing VM options for VM %s. Found VM %d on %s Proxmox.\n' \
      "$vm_name" "$vm_id" "$proxmox"
  fi
 }
--- a/machines/dev/fedi200/default.nix
+++ b/machines/dev/fedi200/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "fedi200";
    isFediversityVm = true;
    vmId = 200;
    proxmox = "fediversity";
    description = "Testing machine for Hans";
    domain = "abundos.eu";
--- a/machines/dev/fedi201/default.nix
+++ b/machines/dev/fedi201/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "fedi201";
    isFediversityVm = true;
    vmId = 201;
    proxmox = "fediversity";
    description = "FediPanel";
    domain = "abundos.eu";
--- a/machines/dev/forgejo-ci/default.nix
+++ b/machines/dev/forgejo-ci/default.nix
@ -22,6 +22,7 @@ in
  fediversityVm = {
    name = "forgejo-ci";
    domain = "procolix.com";
    isFediversityVm = false;
    ipv4 = {
      interface = "enp1s0f0";
--- a/machines/dev/vm02116/default.nix
+++ b/machines/dev/vm02116/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "vm02116";
    isFediversityVm = false;
    vmId = 2116;
    proxmox = "procolix";
    description = "Forgejo";
    ipv4.address = "185.206.232.34";
--- a/machines/dev/vm02187/default.nix
+++ b/machines/dev/vm02187/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "vm02187";
    isFediversityVm = false;
    vmId = 2187;
    proxmox = "procolix";
    description = "Wiki";
    ipv4.address = "185.206.232.187";
--- a/machines/operator/test01/default.nix
+++ b/machines/operator/test01/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "test01";
    isFediversityVm = true;
    vmId = 7001;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test02/default.nix
+++ b/machines/operator/test02/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "test02";
    isFediversityVm = true;
    vmId = 7002;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test03/default.nix
+++ b/machines/operator/test03/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "test03";
    isFediversityVm = true;
    vmId = 7003;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test04/default.nix
+++ b/machines/operator/test04/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "test04";
    isFediversityVm = true;
    vmId = 7004;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test05/default.nix
+++ b/machines/operator/test05/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "test05";
    isFediversityVm = true;
    vmId = 7005;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test06/default.nix
+++ b/machines/operator/test06/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "test06";
    isFediversityVm = true;
    vmId = 7006;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test11/default.nix
+++ b/machines/operator/test11/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "test11";
    isFediversityVm = true;
    vmId = 7011;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test12/default.nix
+++ b/machines/operator/test12/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "test12";
    isFediversityVm = true;
    vmId = 7012;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test13/default.nix
+++ b/machines/operator/test13/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "test13";
    isFediversityVm = true;
    vmId = 7013;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
--- a/machines/operator/test14/default.nix
+++ b/machines/operator/test14/default.nix
@ -3,8 +3,8 @@
  fediversityVm = {
    name = "test14";
    isFediversityVm = true;
    vmId = 7014;
    proxmox = "fediversity";
    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;