kiara/Fediversity
1
0
Fork 0
forked from fediversity/fediversity
Code Pull requests Activity

some cleanup

Browse source 
Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>
This commit is contained in:
Kiara Grouwstra 2025-09-24 17:00:52 +02:00
parent bf317c600a
commit 8a3cd4a903
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
8 changed files with 55 additions and 397 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
deployment/check/common/data-model.nix
View file

@ -130,46 +130,19 @@ let
"${nixpkgs}/nixos/modules/profiles/perlless.nix"
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
../../../infra/common/nixos/repart.nix
# disko needed in makeInstallerIso.nix
# "${sources.disko}/module.nix"
# ../../../infra/common/proxmox-qemu-vm.nix
];
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.efiSysMountPoint = "/boot";
# boot.loader.systemd-boot.memtest86.enable = true;
# boot.loader.systemd-boot.netbootxyz.enable = true;
# boot.loader.systemd-boot.edk2-uefi-shell.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
# boot.loader.systemd-boot.extraEntries = {
# "banana.conf" = ''
# title banana
# '';
# };
# # proxmox.qemuConf.bios == "ovmf";
# boot.growPartition = true;
# boot.kernelParams = [ "console=ttyS0" ];
# boot.loader.timeout = 1;
# # users.users.root.initialPassword = "root";
# boot.loader.grub.enable = true;
# # boot.loader.grub.device = "/dev/vda";
# # boot.loader.grub.device = "/dev/sda";
# # boot.loader.grub.device = "/dev/sda1";
# # boot.loader.grub.device = "/dev/sda2";
# # boot.loader.grub.device = "/dev/sda3";
# # boot.loader.grub.device = "/dev/disk/by-partlabel/disk-main-root";
# # boot.loader.grub.device = "/dev/disk/by-partlabel/disk-main-nixos";
# # boot.loader.grub.device = "/dev/disk/by-partlabel/disk-main-esp";
# # boot.loader.grub.device = "/dev/disk/by-partlabel/root";
# boot.loader.grub.device = "/dev/disk/by-partlabel/esp";
# # boot.loader.grub.device = "/dev/disk/by-partlabel/nixos";
# # boot.loader.grub.device = "/dev/disk/by-uuid/aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
# # boot.loader.grub.device = "/dev/disk/by-uuid/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
# boot.loader.grub.efiSupport = lib.mkDefault true;
# boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
system.stateVersion = "25.05";
services.qemuGuest.enable = true;
users.users = environment.config.resources."operator-environment".login-shell.apply {
resources = lib.filterAttrs (_name: value: value ? login-shell) (

2
deployment/check/data-model-bash-proxmox/constants.nix
View file

@ -1,6 +1,6 @@
{
targetMachines = [
"mypve"
"pve"
];
pathToRoot = builtins.path {
path = ../../..;

136
deployment/check/data-model-bash-proxmox/nixosTest.nix
View file

@ -23,12 +23,6 @@ let
config = deployment-config;
# opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call
})."bash-proxmox-deployment".bash-proxmox-host;
# tracking non-tarball downloads seems unsupported still in npins:
# https://github.com/andir/npins/issues/163
minimalIso = pkgs.fetchurl {
url = "https://releases.nixos.org/nixos/24.05/nixos-24.05.7139.bcba2fbf6963/nixos-minimal-24.05.7139.bcba2fbf6963-x86_64-linux.iso";
hash = "sha256-plre/mIHdIgU4xWU+9xErP+L4i460ZbcKq8iy2n4HT8=";
};
in
{
_class = "nixosTest";
@ -62,12 +56,10 @@ in
sockets = 1;
kvm = true;
scsi = [ { file = "local:16"; } ];
# cdrom = "local:iso/minimal.iso";
};
};
};
virtualisation = {
additionalPaths = [ minimalIso ];
diskSize = 2 * 1024;
memorySize = 2048;
};
@ -92,134 +84,14 @@ in
hello
];
};
system.extraDependencies =
# (lib.lists.map lib.traceVal)
# (
# (lib.lists.concatMap (
# pkg:
# (
# if
# pkg ? inputDerivation
# # error: output '/nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2' is not allowed to refer to the following paths:
# # /nix/store/2xdmps65ryklmbf025bm4pxv16gb8ajv-sudo-1.9.16p2.tar.gz
# # /nix/store/58br4vk3q5akf4g8lx0pqzfhn47k3j8d-bash-5.2p37
# # /nix/store/8v6k283dpbc0qkdq81nb6mrxrgcb10i1-gcc-wrapper-14-20241116
# # /nix/store/9r1nl9ksiyszy4qzzg6y2gcdkca0xmhy-stdenv-linux
# # /nix/store/a4rmp6in7igbl1wbz9pli5nq0wiclq0y-groff-1.23.0
# # /nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2
# # /nix/store/f5y58qz2fzpzgkhp0nizixi10x04ppyy-linux-pam-1.6.1
# # /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
# # /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh
# # /nix/store/yh6qg1nsi5h2xblcr67030pz58fsaxx3-coreutils-9.6
# && !(lib.strings.hasInfix "sudo" (lib.traceVal (builtins.toString pkg)))
# then
# lib.trace "yes" [
# # lib.traceVal pkg.inputDerivation # not of type `path in the Nix store'
# (
# (
# x: builtins.trace "${builtins.toString pkg}: ${builtins.toString (lib.isPath x.inputDerivation)}" x
# )
# pkg
# ).inputDerivation
# ]
# else
# lib.trace "no" [ ]
# )
# ) machine.environment.systemPackages)
# ++ (let
# base =
# (import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" {
# inherit system;
# inherit (sources) nixpkgs;
# formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/proxmox.nix";
# configuration = "${pkgs.nixos-generators}/share/nixos-generator/configuration.nix";
# }).config;
# in [
# base.system.build.toplevel.inputDerivation
# base.system.build.etc.inputDerivation
# base.system.build.etcBasedir.inputDerivation
# base.system.build.etcMetadataImage.inputDerivation
# base.system.build.extraUtils.inputDerivation
# base.system.path.inputDerivation
# base.system.build.setEnvironment.inputDerivation
# base.system.build.vm.inputDerivation
# base.system.build.bootStage1.inputDerivation
# base.system.build.bootStage2.inputDerivation
# ])
# ++
[
# )
# (
# (x: builtins.trace "machine.system.build.vm.inputDerivation: ${builtins.toString (lib.isPath x)}" x)
# machine.system.build.toplevel.inputDerivation
# machine.system.build.etc.inputDerivation
# machine.system.build.etcBasedir.inputDerivation
# machine.system.build.etcMetadataImage.inputDerivation
# machine.system.build.extraUtils.inputDerivation
# machine.system.path.inputDerivation
# machine.system.build.setEnvironment.inputDerivation
# machine.system.build.vm.inputDerivation
# machine.system.build.bootStage1.inputDerivation
# machine.system.build.bootStage2.inputDerivation
system.extraDependencies = [
pkgs.gnu-config
# pkgs.gnu-config.inputDerivation
pkgs.byacc
# pkgs.byacc.inputDerivation
pkgs.stdenv
pkgs.stdenvNoCC
sources.nixpkgs
pkgs.vte
# (
# ## We build a whole NixOS system that contains the module
# ## `system.extraDependenciesFromModule`, only to grab its
# ## configuration and the store paths needed to build it and
# ## dump them in `system.extraDependencies`.
# # see: https://git.fediversity.eu/Fediversity/Fediversity/pulls/338/files
# pkgs.closureInfo {
# rootPaths = map (drv: drv.drvPath) (
# [
# machine.system.build.toplevel.inputDerivation
# machine.system.build.etc.inputDerivation
# machine.system.build.etcBasedir.inputDerivation
# machine.system.build.etcMetadataImage.inputDerivation
# machine.system.build.extraUtils.inputDerivation
# machine.system.path.inputDerivation
# machine.system.build.setEnvironment.inputDerivation
# machine.system.build.vm.inputDerivation
# machine.system.build.bootStage1.inputDerivation
# machine.system.build.bootStage2.inputDerivation
# ]
# ++ lib.concatMap (x: if x ? source.inputDerivation then [ x.source.inputDerivation ] else [ ]) (
# lib.attrValues machine.environment.etc
# )
# ++ machine.environment.systemPackages
# );
# }
# )
]
# ++ lib.concatLists (
# lib.mapAttrsToList (
# _k: v:
# if v ? source.inputDerivation then
# [
# # v.source.inputDerivation
# (
# (
# x:
# builtins.trace "${builtins.toString (lib.attrNames v)}: ${builtins.toString (lib.isPath x.source.inputDerivation)}" x
# )
# v
# ).source.inputDerivation
# ]
# else
# [ ]
# ) machine.environment.etc
# )
# )
;
];
};
extraTestScript = ''
@ -231,15 +103,11 @@ in
# pve.succeed("pvesh set /access/password --userid root@pam --password mypwdlol --confirmation-password mytestpw 1>&2")
# pve.succeed("curl -s -i -k -d '{\"userid\":\"root@pam\",\"password\":\"mypwdhaha\",\"confirmation-password\":\"mypwdlol\"}' -X PUT https://localhost:8006/api2/json/access/password 1>&2")
# on mistake: 401 No ticket
# pve.succeed("haha")
with subtest("Run the deployment"):
# target.fail("hello 1>&2")
deployer.succeed("""
${lib.getExe deployment.run}
""")
# target.wait_for_unit("multi-user.target")
# target.succeed("su - operator -c hello 1>&2")
'';
}

2
deployment/check/data-model-tf-proxmox/constants.nix
View file

@ -1,6 +1,6 @@
{
targetMachines = [
"mypve"
"pve"
];
pathToRoot = builtins.path {
path = ../../..;

135
deployment/check/data-model-tf-proxmox/nixosTest.nix
View file

@ -24,10 +24,6 @@ let
})."tf-proxmox-deployment".tf-proxmox-host;
# tracking non-tarball downloads seems unsupported still in npins:
# https://github.com/andir/npins/issues/163
minimalIso = pkgs.fetchurl {
url = "https://releases.nixos.org/nixos/24.05/nixos-24.05.7139.bcba2fbf6963/nixos-minimal-24.05.7139.bcba2fbf6963-x86_64-linux.iso";
hash = "sha256-plre/mIHdIgU4xWU+9xErP+L4i460ZbcKq8iy2n4HT8=";
};
in
{
_class = "nixosTest";
@ -61,12 +57,10 @@ in
sockets = 1;
kvm = true;
scsi = [ { file = "local:16"; } ];
# cdrom = "local:iso/minimal.iso";
};
};
};
virtualisation = {
additionalPaths = [ minimalIso ];
diskSize = 2 * 1024;
memorySize = 2048;
};
@ -91,139 +85,18 @@ in
hello
];
};
system.extraDependencies =
# (lib.lists.map lib.traceVal)
(
# (lib.lists.concatMap (
# pkg:
# (
# if
# pkg ? inputDerivation
# # error: output '/nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2' is not allowed to refer to the following paths:
# # /nix/store/2xdmps65ryklmbf025bm4pxv16gb8ajv-sudo-1.9.16p2.tar.gz
# # /nix/store/58br4vk3q5akf4g8lx0pqzfhn47k3j8d-bash-5.2p37
# # /nix/store/8v6k283dpbc0qkdq81nb6mrxrgcb10i1-gcc-wrapper-14-20241116
# # /nix/store/9r1nl9ksiyszy4qzzg6y2gcdkca0xmhy-stdenv-linux
# # /nix/store/a4rmp6in7igbl1wbz9pli5nq0wiclq0y-groff-1.23.0
# # /nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2
# # /nix/store/f5y58qz2fzpzgkhp0nizixi10x04ppyy-linux-pam-1.6.1
# # /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
# # /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh
# # /nix/store/yh6qg1nsi5h2xblcr67030pz58fsaxx3-coreutils-9.6
# && !(lib.strings.hasInfix "sudo" (lib.traceVal (builtins.toString pkg)))
# then
# lib.trace "yes" [
# # lib.traceVal pkg.inputDerivation # not of type `path in the Nix store'
# (
# (
# x: builtins.trace "${builtins.toString pkg}: ${builtins.toString (lib.isPath x.inputDerivation)}" x
# )
# pkg
# ).inputDerivation
# ]
# else
# lib.trace "no" [ ]
# )
# ) machine.environment.systemPackages)
# ++ (let
# base =
# (import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" {
# inherit system;
# inherit (sources) nixpkgs;
# formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/proxmox.nix";
# configuration = "${pkgs.nixos-generators}/share/nixos-generator/configuration.nix";
# }).config;
# in [
# base.system.build.toplevel.inputDerivation
# base.system.build.etc.inputDerivation
# base.system.build.etcBasedir.inputDerivation
# base.system.build.etcMetadataImage.inputDerivation
# base.system.build.extraUtils.inputDerivation
# base.system.path.inputDerivation
# base.system.build.setEnvironment.inputDerivation
# base.system.build.vm.inputDerivation
# base.system.build.bootStage1.inputDerivation
# base.system.build.bootStage2.inputDerivation
# ])
# ++
[
# )
# (
# (x: builtins.trace "machine.system.build.vm.inputDerivation: ${builtins.toString (lib.isPath x)}" x)
# machine.system.build.toplevel.inputDerivation
# machine.system.build.etc.inputDerivation
# machine.system.build.etcBasedir.inputDerivation
# machine.system.build.etcMetadataImage.inputDerivation
# machine.system.build.extraUtils.inputDerivation
# machine.system.path.inputDerivation
# machine.system.build.setEnvironment.inputDerivation
# machine.system.build.vm.inputDerivation
# machine.system.build.bootStage1.inputDerivation
# machine.system.build.bootStage2.inputDerivation
system.extraDependencies = [
pkgs.ubootQemuX86
pkgs.ubootQemuX86.inputDerivation
pkgs.pve-qemu
pkgs.pve-qemu.inputDerivation
# (pkgs.callPackage "${sources.proxmox-nixos}/pkgs/pve-qemu" { })
# (pkgs.callPackage "${sources.proxmox-nixos}/pkgs/pve-qemu" { }).inputDerivation
pkgs.gnu-config
# pkgs.gnu-config.inputDerivation
pkgs.byacc
# pkgs.byacc.inputDerivation
pkgs.stdenv
pkgs.stdenvNoCC
sources.nixpkgs
pkgs.vte
# (
# ## We build a whole NixOS system that contains the module
# ## `system.extraDependenciesFromModule`, only to grab its
# ## configuration and the store paths needed to build it and
# ## dump them in `system.extraDependencies`.
# # see: https://git.fediversity.eu/Fediversity/Fediversity/pulls/338/files
# pkgs.closureInfo {
# rootPaths = map (drv: drv.drvPath) (
# [
# machine.system.build.toplevel.inputDerivation
# machine.system.build.etc.inputDerivation
# machine.system.build.etcBasedir.inputDerivation
# machine.system.build.etcMetadataImage.inputDerivation
# machine.system.build.extraUtils.inputDerivation
# machine.system.path.inputDerivation
# machine.system.build.setEnvironment.inputDerivation
# machine.system.build.vm.inputDerivation
# machine.system.build.bootStage1.inputDerivation
# machine.system.build.bootStage2.inputDerivation
# ]
# ++ lib.concatMap (x: if x ? source.inputDerivation then [ x.source.inputDerivation ] else [ ]) (
# lib.attrValues machine.environment.etc
# )
# ++ machine.environment.systemPackages
# );
# }
# )
]
# ++ lib.concatLists (
# lib.mapAttrsToList (
# _k: v:
# if v ? source.inputDerivation then
# [
# # v.source.inputDerivation
# (
# (
# x:
# builtins.trace "${builtins.toString (lib.attrNames v)}: ${builtins.toString (lib.isPath x.source.inputDerivation)}" x
# )
# v
# ).source.inputDerivation
# ]
# else
# [ ]
# ) machine.environment.etc
# )
);
];
};
extraTestScript = ''
@ -234,15 +107,11 @@ in
# pve.succeed("pvesh set /access/password --userid root@pam --password mypwdlol --confirmation-password mytestpw 1>&2")
# pve.succeed("curl -s -i -k -d '{\"userid\":\"root@pam\",\"password\":\"mypwdhaha\",\"confirmation-password\":\"mypwdlol\"}' -X PUT https://localhost:8006/api2/json/access/password 1>&2")
# on mistake: 401 No ticket
# pve.succeed("haha")
with subtest("Run the deployment"):
# target.fail("hello 1>&2")
deployer.succeed("""
${lib.getExe deployment.run}
""")
# target.wait_for_unit("multi-user.target")
# target.succeed("su - operator -c hello 1>&2")
'';
}

24
deployment/check/proxmox/proxmoxTest.nix
View file

@ -15,7 +15,7 @@ in
{
name = "proxmox-basic";
nodes.mypve =
nodes.pve =
{ sources, ... }:
{
imports = [
@ -44,41 +44,41 @@ in
};
testScript = ''
machine.start()
machine.wait_for_unit("pveproxy.service")
assert "running" in machine.succeed("pveproxy status")
pve.start()
pve.wait_for_unit("pveproxy.service")
assert "running" in pve.succeed("pveproxy status")
# Copy Iso
machine.succeed("mkdir -p /var/lib/vz/template/iso/")
machine.succeed("cp ${minimalIso} /var/lib/vz/template/iso/minimal.iso")
pve.succeed("mkdir -p /var/lib/vz/template/iso/")
pve.succeed("cp ${minimalIso} /var/lib/vz/template/iso/minimal.iso")
# Declarative VM creation
machine.wait_for_unit("multi-user.target")
machine.succeed("qm stop 100 --timeout 0")
pve.wait_for_unit("multi-user.target")
pve.succeed("qm stop 100 --timeout 0")
# Seabios VM creation
machine.succeed(
pve.succeed(
"qm create 101 --kvm 0 --bios seabios -cdrom local:iso/minimal.iso",
"qm start 101",
"qm stop 101 --timeout 0"
)
# Legacy ovmf vm creation
machine.succeed(
pve.succeed(
"qm create 102 --kvm 0 --bios ovmf -cdrom local:iso/minimal.iso",
"qm start 102",
"qm stop 102 --timeout 0"
)
# UEFI ovmf vm creation
machine.succeed(
pve.succeed(
"qm create 103 --kvm 0 --bios ovmf --efidisk0 local:4,efitype=4m -cdrom local:iso/minimal.iso",
"qm start 103",
"qm stop 103 --timeout 0"
)
# UEFI ovmf vm creation with secure boot
machine.succeed(
pve.succeed(
"qm create 104 --kvm 0 --bios ovmf --efidisk0 local:4,efitype=4m,pre-enrolled-keys=1 -cdrom local:iso/minimal.iso",
"qm start 104",
"qm stop 104 --timeout 0"

57
deployment/run/tf-proxmox/main.tf
View file

@ -8,18 +8,13 @@ terraform {
}
locals {
# dump_name = "vzdump-qemu-nixos-fediversity-${var.category}.vma.zst"
dump_name = "vzdump-qemu-nixos-fediversity-${var.category}.raw"
# dump_name = "vzdump-qemu-nixos-fediversity-${var.category}.qcow2"
dump_name = "qemu-nixos-fediversity-${var.category}.raw"
}
# https://registry.terraform.io/providers/bpg/proxmox/latest/docs
provider "proxmox" {
endpoint = "https://${var.host}:8006/"
insecure = true
# timeouts {
# create = "60m"
# }
ssh {
agent = true
@ -100,24 +95,20 @@ resource "proxmox_virtual_environment_file" "upload" {
# }
resource "proxmox_virtual_environment_vm" "nix_vm" {
# lifecycle {
# replace_triggered_by = [
# proxmox_virtual_environment_file.upload,
# ]
# }
lifecycle {
ignore_changes = ["disk.import_from"]
}
node_name = var.node_name
pool_id = var.pool_id
description = var.description
started = true
# # https://wiki.nixos.org/wiki/Virt-manager#Guest_Agent
# # services.qemuGuest.enable = true;
# # QEMU guest agent is not running
# agent {
# enabled = true
# # timeout = "15m"
# }
# https://wiki.nixos.org/wiki/Virt-manager#Guest_Agent
agent {
enabled = true
# timeout = "15m"
}
cpu {
type = "x86-64-v2-AES"
@ -142,9 +133,6 @@ resource "proxmox_virtual_environment_vm" "nix_vm" {
backup = false
cache = "none"
# BdsDxe: failed to load Boot0001 "UEFI QEMU QEMU HARDDISK " from PciRoot(0x0)/Pci(0x5,0x0)/Pci(0x1,0x0)/Scsi(0x0,0x0): Not Found
# BdsDxe: No bootable option or device was found.
# BdsDxe: Press any key to enter the Boot Manager Menu.
# import_from = "local:import/vzdump-qemu-nixos-fediversity-test.qcow2"
# import_from = "local:import/vzdump-qemu-nixos-fediversity-test.raw"
import_from = proxmox_virtual_environment_file.upload.id
@ -171,21 +159,16 @@ resource "proxmox_virtual_environment_vm" "nix_vm" {
bios = "ovmf"
}
# module "nixos-rebuild" {
# depends_on = [
# proxmox_virtual_environment_vm.nix_vm
# ]
module "nixos-rebuild" {
depends_on = [
proxmox_virtual_environment_vm.nix_vm
]
# source = "../tf-single-host"
source = "../tf-single-host"
# system = var.system
# username = var.ssh_user
# host = proxmox_virtual_environment_vm.nix_vm.ipv4_addresses[0] # needs guest agent installed
# module = var.module
# args = var.args
# key_file = var.key_file
# deployment_name = var.deployment_name
# root_path = var.root_path
# ssh_opts = var.ssh_opts
# deployment_type = var.deployment_type
# }
nixos_conf = var.nixos_conf
username = var.ssh_user
host = proxmox_virtual_environment_vm.nix_vm.ipv4_addresses[0][0]
key_file = var.key_file
ssh_opts = var.ssh_opts
}

35
infra/common/nixos/repart.nix
View file

@ -189,39 +189,4 @@
};
};
};
# disko.devices.disk.main = {
# device = "/dev/sda";
# type = "disk";
# content = {
# type = "gpt";
# partitions = {
# MBR = {
# priority = 0;
# size = "1M";
# type = "EF02";
# };
# ESP = {
# priority = 1;
# size = "500M";
# type = "EF00";
# content = {
# type = "filesystem";
# format = "vfat";
# mountpoint = "/boot";
# };
# };
# root = {
# priority = 2;
# size = "100%";
# content = {
# type = "filesystem";
# format = "ext4";
# mountpoint = "/";
# };
# };
# };
# };
# };
}