diff --git a/launch/README.md b/launch/README.md index 8bed71b8..237b293a 100644 --- a/launch/README.md +++ b/launch/README.md @@ -5,9 +5,9 @@ ### updating TF modules ```sh -$ npins update nixos-anywhere +$ npins update terraform-nixos $ cd launch/ -$ echo "{\"nixos-anywhere\": $(nix-instantiate --eval --json -E '(import ../npins).nixos-anywhere.outPath')}" > .auto.tfvars.json +$ echo "{\"terraform-nixos\": $(nix-instantiate --eval --json -E '(import ../npins).terraform-nixos.outPath')}" > .auto.tfvars.json ``` ### local development diff --git a/launch/default.nix b/launch/default.nix index 8518f575..5194d628 100644 --- a/launch/default.nix +++ b/launch/default.nix @@ -16,7 +16,7 @@ in shell = pkgs.mkShellNoCC { packages = [ pkgs.npins - pkgs.jq # implicit dep of nixos-anywhere TF: https://github.com/nix-community/nixos-anywhere/issues/416 + pkgs.gnugrep # used in terraform-nixos (import ./tf.nix { inherit lib pkgs; }) ]; }; diff --git a/launch/main.tf b/launch/main.tf index 3e8a3355..e705d8e7 100644 --- a/launch/main.tf +++ b/launch/main.tf @@ -1,4 +1,4 @@ -variable "nixos-anywhere" { +variable "terraform-nixos" { type = string } @@ -58,7 +58,7 @@ variable "initialUser" { # hostname = "test01" # config = "garage" # initialUser = var.initialUser -# nixos-anywhere = var.nixos-anywhere +# terraform-nixos = var.terraform-nixos # } module "mastodon" { @@ -68,7 +68,7 @@ module "mastodon" { hostname = "test06" config = "mastodon" initialUser = var.initialUser - nixos-anywhere = var.nixos-anywhere + terraform-nixos = var.terraform-nixos } module "pixelfed" { @@ -78,7 +78,7 @@ module "pixelfed" { hostname = "test04" config = "pixelfed" initialUser = var.initialUser - nixos-anywhere = var.nixos-anywhere + terraform-nixos = var.terraform-nixos } module "peertube" { @@ -88,5 +88,5 @@ module "peertube" { hostname = "test03" config = "peertube" initialUser = var.initialUser - nixos-anywhere = var.nixos-anywhere + terraform-nixos = var.terraform-nixos } diff --git a/launch/mastodon.nix b/launch/mastodon.nix index def88630..43abbf40 100644 --- a/launch/mastodon.nix +++ b/launch/mastodon.nix @@ -1,3 +1,4 @@ +{ pkgs, ... }: let mastodonS3KeyConfig = { pkgs, ... }: @@ -6,15 +7,14 @@ let s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34"; }; in -import ./shared.nix { - module = - { pkgs, ... }: - { - fediversity = { - mastodon = mastodonS3KeyConfig { inherit pkgs; } // { - enable = true; - }; - temp.cores = 1; # FIXME: should come from NixOps4 eventually - }; +{ + imports = [ + ./shared.nix + ]; + fediversity = { + mastodon = mastodonS3KeyConfig { inherit pkgs; } // { + enable = true; }; + temp.cores = 1; # FIXME: should come from NixOps4 eventually + }; } diff --git a/launch/peertube.nix b/launch/peertube.nix index df58c0a7..4a650650 100644 --- a/launch/peertube.nix +++ b/launch/peertube.nix @@ -1,3 +1,4 @@ +{ pkgs, ... }: let peertubeS3KeyConfig = { pkgs, ... }: @@ -6,18 +7,17 @@ let s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395"; }; in -import ./shared.nix { - module = - { pkgs, ... }: - { - fediversity = { - peertube = peertubeS3KeyConfig { inherit pkgs; } // { - enable = true; - ## NOTE: Only ever used for testing anyway. - ## - ## FIXME: Generate and store in NixOps4's state. - secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24"; - }; - }; +{ + imports = [ + ./shared.nix + ]; + fediversity = { + peertube = peertubeS3KeyConfig { inherit pkgs; } // { + enable = true; + ## NOTE: Only ever used for testing anyway. + ## + ## FIXME: Generate and store in NixOps4's state. + secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24"; }; + }; } diff --git a/launch/pixelfed.nix b/launch/pixelfed.nix index 6fdaf65a..28679801 100644 --- a/launch/pixelfed.nix +++ b/launch/pixelfed.nix @@ -1,3 +1,4 @@ +{ pkgs, ... }: let pixelfedS3KeyConfig = { pkgs, ... }: @@ -6,14 +7,13 @@ let s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987"; }; in -import ./shared.nix { - module = - { pkgs, ... }: - { - fediversity = { - pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // { - enable = true; - }; - }; +{ + imports = [ + ./shared.nix + ]; + fediversity = { + pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // { + enable = true; }; + }; } diff --git a/launch/shared.nix b/launch/shared.nix index f3d18344..2fe1f6a0 100644 --- a/launch/shared.nix +++ b/launch/shared.nix @@ -1,45 +1,29 @@ { - system ? "x86_64-linux", - sources ? import ../npins, - pkgs ? import sources.nixpkgs { - inherit system; - config = { }; - overlays = [ (import ../panel/nix/overlay.nix) ]; - }, - module, + pkgs, + terraform, + sources, ... }: -import "${sources.nixpkgs}/nixos/lib/eval-config.nix" { - modules = [ +let + inherit (terraform) hostname; +in +{ + imports = [ "${sources.disko}/module.nix" "${sources.agenix}/modules/age.nix" ../services/fediversity ./resource.nix # FIXME: get VM details from TF - module - ( - { - terraform, - ... - }: - let - inherit (terraform) hostname; - in - { - imports = [ - ../infra/test-machines/${hostname} - ]; - fediversityVm.name = hostname; - fediversity = { - inherit (terraform) domain; - temp.initialUser = { - inherit (terraform.initialUser) username email displayName; - # FIXME: disgusting, but nvm, this is going to be replaced by - # proper central authentication at some point - passwordFile = pkgs.writeText "password" terraform.initialUser.password; - }; - }; - } - ) + ../infra/test-machines/${hostname} ]; + fediversityVm.name = hostname; + fediversity = { + inherit (terraform) domain; + temp.initialUser = { + inherit (terraform.initialUser) username email displayName; + # FIXME: disgusting, but nvm, this is going to be replaced by + # proper central authentication at some point + passwordFile = pkgs.writeText "password" terraform.initialUser.password; + }; + }; } diff --git a/launch/tf-env.nix b/launch/tf-env.nix index 817c6e23..3f68f3c6 100644 --- a/launch/tf-env.nix +++ b/launch/tf-env.nix @@ -14,10 +14,10 @@ pkgs.stdenv.mkDerivation { runHook preBuild pushd launch/ - # pass nixos-anywhere path to TF through variable + # pass terraform-nixos path to TF through variable # when switching TF to nix take this directly from `inputs` # https://codeberg.org/kiara/e2ed-hetzner/commit/84b2a349d3e48ea2a17340bceff762d834fd4046 - echo "{\"nixos-anywhere\": \"${sources.nixos-anywhere}\"}" > .auto.tfvars.json + echo "{\"terraform-nixos\": \"${sources.terraform-nixos}\"}" > .auto.tfvars.json # point to the relevant providers tofu init -input=false diff --git a/launch/vm/main.tf b/launch/vm/main.tf index e4eb9b88..c49a91bf 100644 --- a/launch/vm/main.tf +++ b/launch/vm/main.tf @@ -1,4 +1,8 @@ -variable "nixos-anywhere" { +variable "terraform-nixos" { + type = string +} + +variable "config" { type = string } @@ -10,10 +14,6 @@ variable "hostname" { type = string } -variable "config" { - type = string -} - variable "initialUser" { type = object({ displayName = string @@ -24,28 +24,32 @@ variable "initialUser" { } module "deploy" { - # source = "github.com/nix-community/nixos-anywhere//terraform/all-in-one" - source = "${var.nixos-anywhere}//terraform/all-in-one" - file = "${path.module}/../${var.config}.nix" - nixos_system_attr = "config.system.build.toplevel" - nixos_partitioner_attr = "config.system.build.diskoScript" - # when instance id changes, it will trigger a reinstall - instance_id = var.hostname - target_user = "root" + source = "${var.terraform-nixos}//deploy_nixos" target_host = "${var.hostname}.abundos.eu" - extra_files_script = "${path.module}/../pass-ssh-key.sh" - extra_environment = { - host = var.hostname - } - special_args = { - terraform = { - domain = var.domain - hostname = var.hostname - initialUser = var.initialUser - } - } - nix_options = { - show-trace = true - } - # build_on_remote = true + target_user= "root" # FIXME: #24 + target_system = "x86_64-linux" + NIX_PATH = "nixpkgs=${data.external.pins.result["nixpkgs"]}:sources=${path.root}/../npins" + nixos_config = "${path.root}/${var.config}.nix" + extra_eval_args = [ + "--arg", + "specialArgs", + <<-EOT + { + sources = import ; + terraform = builtins.fromJSON ''${jsonencode({ + domain = var.domain + hostname = var.hostname + initialUser = var.initialUser + })}''; + } + EOT + ] + # build_on_target = false + # triggers = { + # # pins = data.external.pins.result + # } +} + +data "external" "pins" { + program = ["nix", "eval", "--json", "-f", "${path.root}/../npins/default.nix"] } diff --git a/npins/sources.json b/npins/sources.json index 7e1df4f9..21b4dcf0 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -66,23 +66,23 @@ "url": "https://github.com/nix-community/nix-unit/archive/2071bbb765681ac3d8194ec560c8b27ff2a3b541.tar.gz", "hash": "0blz1kcmn9vnr9q3iqp2mv13hv3pdccljmmc54f8j7ybf5v0wgmp" }, - "nixos-anywhere": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "KiaraGrouwstra", - "repo": "nixos-anywhere" - }, - "branch": "special-args-nested-flake-fixed", - "revision": "5aa35145f045eb23fa8773821d5626bcf54dbe0e", - "url": "https://github.com/KiaraGrouwstra/nixos-anywhere/archive/5aa35145f045eb23fa8773821d5626bcf54dbe0e.tar.gz", - "hash": "0m67iyd04wl183il1cfi623xpxcvbbpc5x1gh74478qc3fgr0g54" - }, "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre777917.b7ba7f9f45c5/nixexprs.tar.xz", "hash": "0jb6b7sv66bn06pchj2l88z0i5dlz0c2vb3z6pjjlq2p8q11zigg" + }, + "terraform-nixos": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "KiaraGrouwstra", + "repo": "terraform-nixos" + }, + "branch": "special-args", + "revision": "e3e120e80dbbb53b4bfda4380d02e74eef4b5ffd", + "url": "https://github.com/KiaraGrouwstra/terraform-nixos/archive/e3e120e80dbbb53b4bfda4380d02e74eef4b5ffd.tar.gz", + "hash": "03z8xxsbkv2mwfkd8w6dj3jlckrsgbi5wpp680dlyrzlw78zvf8b" } }, "version": 3 diff --git a/panel/env.nix b/panel/env.nix index 99a286d8..9482b2a0 100644 --- a/panel/env.nix +++ b/panel/env.nix @@ -10,7 +10,7 @@ pkgs.coreutils pkgs.openssh pkgs.git - pkgs.jq # implicit dep of nixos-anywhere TF: https://github.com/nix-community/nixos-anywhere/issues/416 + pkgs.gnugrep # used in terraform-nixos (import ../launch/tf.nix { inherit lib pkgs; }) ]; } diff --git a/panel/src/panel/views.py b/panel/src/panel/views.py index 55effa77..bab35088 100644 --- a/panel/src/panel/views.py +++ b/panel/src/panel/views.py @@ -138,7 +138,7 @@ class DeploymentStatus(ConfigurationForm): deployment_params = dummy_user | json.loads(submission) env = { "PATH": settings.bin_path, - # used in nixos-anywhere for ssh-copy-id to make `.ssh` in for ssh-copy-id. + # used in terraform for ssh-copy-id to make `.ssh` in for ssh-copy-id. # run thru subprocess, HOME points to the read-only `/var/empty`. # in local dev, it will just reject the `/tmp` and make it in HOME after all. "HOME": "/tmp",