From 98d8a91a802a78d8b4b9a0b4665f11d19a2d57f2 Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Mon, 13 Oct 2025 14:16:45 +0200 Subject: [PATCH] un-generators Signed-off-by: Kiara Grouwstra --- deployment/data-model.nix | 398 ++++++++++++++++++-------------------- 1 file changed, 186 insertions(+), 212 deletions(-) diff --git a/deployment/data-model.nix b/deployment/data-model.nix index 0ddb7262..41b0a4b8 100644 --- a/deployment/data-model.nix +++ b/deployment/data-model.nix @@ -286,231 +286,205 @@ let }; tf-proxmox-host = mkOption { description = "A Terraform deployment by SSH to update a single existing NixOS host."; - # type = submodule (tf-host: { - type = submodule ( - tf-host: - let - # raw = { - # # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/raw.nix"; - # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/raw-efi.nix"; - # formatAttr = "raw"; - # fileExtension = ".img"; - # }; - # format = raw; - # qcow = { - # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/qcow.nix"; - # formatAttr = "qcow"; - # fileExtension = ".qcow2"; - # }; - # format = qcow; - # qcow-efi = { - # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/qcow-efi.nix"; - # formatAttr = "qcow-efi"; - # fileExtension = ".qcow2"; - # }; - # format = qcow-efi; - # inherit (format) formatConfig fileExtension formatAttr; - in - { - options = { - system = mkOption { - description = "The architecture of the system to deploy to."; - type = types.str; - }; - inherit nixos-configuration; - ssh = host-ssh; - # TODO: add proxmox info - module = mkOption { - description = "The module to call to obtain the NixOS configuration from."; - type = types.str; - }; - args = mkOption { - description = "The arguments with which to call the module to obtain the NixOS configuration."; - type = types.attrs; - }; - deployment-name = mkOption { - description = "The name of the deployment for which to obtain the NixOS configuration."; - type = types.str; - }; - root-path = mkOption { - description = "The path to the root of the repository."; - type = types.path; - }; - proxmox-user = mkOption { - description = "The ProxmoX user to use."; - type = types.str; - default = "root@pam"; - }; - # TODO: is sensitivity here handled properly? - proxmox-password = mkOption { - description = "The ProxmoX password to use."; - type = types.str; - }; - node-name = mkOption { - description = "the name of the ProxmoX node to use."; - type = types.str; - }; - httpBackend = mkOption { - description = "environment variables to configure the TF HTTP back-end, see "; - type = types.attrsOf (types.either types.str types.int); - }; - bridge = mkOption { - description = "The name of the network bridge (defaults to vmbr0)."; - type = types.str; - default = "vmbr0"; - }; - vlanId = mkOption { - description = "The VLAN identifier."; - type = types.int; - default = 0; - }; - imageDatastoreId = mkOption { - description = "ID of the datastore of the image."; - type = types.str; - default = "local"; - }; - vmDatastoreId = mkOption { - description = "ID of the datastore of the VM."; - type = types.str; - default = "local"; - }; - run = mkOption { - type = types.package; - # error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times. - # readOnly = true; - default = - let - inherit (tf-host.config) + type = submodule (tf-host: { + options = { + system = mkOption { + description = "The architecture of the system to deploy to."; + type = types.str; + }; + inherit nixos-configuration; + ssh = host-ssh; + # TODO: add proxmox info + module = mkOption { + description = "The module to call to obtain the NixOS configuration from."; + type = types.str; + }; + args = mkOption { + description = "The arguments with which to call the module to obtain the NixOS configuration."; + type = types.attrs; + }; + deployment-name = mkOption { + description = "The name of the deployment for which to obtain the NixOS configuration."; + type = types.str; + }; + root-path = mkOption { + description = "The path to the root of the repository."; + type = types.path; + }; + proxmox-user = mkOption { + description = "The ProxmoX user to use."; + type = types.str; + default = "root@pam"; + }; + # TODO: is sensitivity here handled properly? + proxmox-password = mkOption { + description = "The ProxmoX password to use."; + type = types.str; + }; + node-name = mkOption { + description = "the name of the ProxmoX node to use."; + type = types.str; + }; + httpBackend = mkOption { + description = "environment variables to configure the TF HTTP back-end, see "; + type = types.attrsOf (types.either types.str types.int); + }; + bridge = mkOption { + description = "The name of the network bridge (defaults to vmbr0)."; + type = types.str; + default = "vmbr0"; + }; + vlanId = mkOption { + description = "The VLAN identifier."; + type = types.int; + default = 0; + }; + imageDatastoreId = mkOption { + description = "ID of the datastore of the image."; + type = types.str; + default = "local"; + }; + vmDatastoreId = mkOption { + description = "ID of the datastore of the VM."; + type = types.str; + default = "local"; + }; + run = mkOption { + type = types.package; + # error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times. + # readOnly = true; + default = + let + inherit (tf-host.config) + system + ssh + module + args + deployment-name + httpBackend + root-path + proxmox-user + proxmox-password + node-name + bridge + vlanId + imageDatastoreId + vmDatastoreId + ; + inherit (ssh) + host + username + key-file + sshOpts + ; + deployment-type = "tf-proxmox-host"; + nixos_conf = writeConfig { + inherit system - ssh module args deployment-name - httpBackend root-path - proxmox-user - proxmox-password - node-name - bridge - vlanId - imageDatastoreId - vmDatastoreId + deployment-type ; - inherit (ssh) - host - username - key-file - sshOpts - ; - deployment-type = "tf-proxmox-host"; - nixos_conf = writeConfig { - inherit - system - module - args - deployment-name - root-path - deployment-type - ; - }; - # machine = import nixos_conf; - machine = import ./nixos.nix { - inherit sources system; - configuration = tf-host.config.nixos-configuration; - # configuration = { ... }: { - # imports = [ - # tf-host.config.nixos-configuration - # ../infra/common/nixos/repart.nix - # ]; - # }; - }; - # inherit (machine.config.boot.uki) name; - name = "monkey"; - - # # systemd-repart - # better for cross-compilation, worse for pre-/post-processing, doesn't support MBR: https://github.com/nix-community/disko/issues/550#issuecomment-2503736973 - # raw = "${machine.config.system.build.image}/${name}.raw"; - - # disko - # worse for cross-compilation, better for pre-/post-processing, needs manual `imageSize`, random failures: https://github.com/nix-community/disko/issues/550#issuecomment-2503736973 - raw = "${machine.config.system.build.diskoImages}/main.raw"; - - # # nixos-generators: note it can straight-up do qcow2 as well, if we settle for nixos-generators - # # `mount: /run/nixos-etc-metadata.J3iARWBtna: failed to setup loop device for /nix/store/14ka2bmx6lcnyr8ah2yl787sqcgxz5ni-etc-metadata.erofs.` - # # [`Error: Failed to parse os-release`](https://github.com/NixOS/nixpkgs/blob/5b1861820a3bc4ef2f60b0afcffb71ea43f5d000/pkgs/by-name/sw/switch-to-configuration-ng/src/src/main.rs#L151) - # raw = let - # # TODO parameterize things to let this flow into the terraform - # # btw qcow can be made by nixos-generators (qcow, qcow-efi) or by `image.repart` - # # wait, so i generate an image for the nixos config from the data model? how would i then propagate that to deploy? - # gen = import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" { - # inherit system formatConfig; - # inherit (sources) nixpkgs; - # configuration = tf-host.config.nixos-configuration; + }; + # machine = import nixos_conf; + machine = import ./nixos.nix { + inherit sources system; + configuration = tf-host.config.nixos-configuration; + # configuration = { ... }: { + # imports = [ + # tf-host.config.nixos-configuration + # ../infra/common/nixos/repart.nix + # ]; # }; - # in - # "${gen.config.system.build.${formatAttr}}/nixos${fileExtension}"; + }; + # inherit (machine.config.boot.uki) name; + name = "monkey"; - environment = { - key_file = key-file; - ssh_opts = sshOpts; - inherit - host - nixos_conf - bridge - ; - node_name = node-name; - proxmox_user = proxmox-user; - proxmox_password = proxmox-password; - ssh_user = username; - vlan_id = vlanId; - image_datastore_id = imageDatastoreId; - vm_datastore_id = vmDatastoreId; - }; - tf-env = pkgs.callPackage ./run/tf-env.nix { - inherit httpBackend; - tfPackage = pkgs.callPackage ./run/tf-proxmox/tf.nix { }; - tfDirs = [ - "deployment/run/tf-single-host" - "deployment/run/tf-proxmox" - ]; - }; - vm_name = "test14"; - in - lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox.sh" - (withPackages [ - pkgs.jq - pkgs.qemu - pkgs.nixos-generators - pkgs.httpie - (pkgs.callPackage ./run/tf-proxmox/tf.nix { inherit sources; }) - ]) - '' - set -e + # # systemd-repart + # better for cross-compilation, worse for pre-/post-processing, doesn't support MBR: https://github.com/nix-community/disko/issues/550#issuecomment-2503736973 + # raw = "${machine.config.system.build.image}/${name}.raw"; - # TODO after install: $nix_host_keys - # cp $tmpdir/${vm_name}_host_key /mnt/etc/ssh/ssh_host_ed25519_key - # chmod 600 /mnt/etc/ssh/ssh_host_ed25519_key - # cp $tmpdir/${vm_name}_host_key.pub /mnt/etc/ssh/ssh_host_ed25519_key.pub - # chmod 644 /mnt/etc/ssh/ssh_host_ed25519_key.pub + # disko + # worse for cross-compilation, better for pre-/post-processing, needs manual `imageSize`, random failures: https://github.com/nix-community/disko/issues/550#issuecomment-2503736973 + raw = "${machine.config.system.build.diskoImages}/main.raw"; - # nixos-generate gives the burden of building revisions, while systemd-repart handles partitioning ~~at the burden of version revisions~~ - # .qcow2 is around half the size of .raw, on top of supporting backups - be it apparently at the cost of performance - qemu-img convert -f raw -O qcow2 -C "${raw}" /tmp/${name}.qcow2 + # # nixos-generators: note it can straight-up do qcow2 as well, if we settle for nixos-generators + # # `mount: /run/nixos-etc-metadata.J3iARWBtna: failed to setup loop device for /nix/store/14ka2bmx6lcnyr8ah2yl787sqcgxz5ni-etc-metadata.erofs.` + # # [`Error: Failed to parse os-release`](https://github.com/NixOS/nixpkgs/blob/5b1861820a3bc4ef2f60b0afcffb71ea43f5d000/pkgs/by-name/sw/switch-to-configuration-ng/src/src/main.rs#L151) + # raw = let + # # TODO parameterize things to let this flow into the terraform + # # btw qcow can be made by nixos-generators (qcow, qcow-efi) or by `image.repart` + # # wait, so i generate an image for the nixos config from the data model? how would i then propagate that to deploy? + # gen = import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" { + # inherit system formatConfig; + # inherit (sources) nixpkgs; + # configuration = tf-host.config.nixos-configuration; + # }; + # in + # "${gen.config.system.build.${formatAttr}}/nixos${fileExtension}"; - ls -l ${raw} - ls -l /tmp/${name}.qcow2 + environment = { + key_file = key-file; + ssh_opts = sshOpts; + inherit + host + nixos_conf + bridge + ; + node_name = node-name; + proxmox_user = proxmox-user; + proxmox_password = proxmox-password; + ssh_user = username; + vlan_id = vlanId; + image_datastore_id = imageDatastoreId; + vm_datastore_id = vmDatastoreId; + }; + tf-env = pkgs.callPackage ./run/tf-env.nix { + inherit httpBackend; + tfPackage = pkgs.callPackage ./run/tf-proxmox/tf.nix { }; + tfDirs = [ + "deployment/run/tf-single-host" + "deployment/run/tf-proxmox" + ]; + }; + vm_name = "test14"; + in + lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox.sh" + (withPackages [ + pkgs.jq + pkgs.qemu + pkgs.nixos-generators + pkgs.httpie + (pkgs.callPackage ./run/tf-proxmox/tf.nix { inherit sources; }) + ]) + '' + set -e - env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \ - ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \ - TF_VAR_image=/tmp/${name}.qcow2 \ - tf_env=${tf-env} bash ./deployment/run/tf-proxmox/run.sh - ''; - # # don't really wanna deal with having to do versioned updates for now - # qemu-img convert -f raw -O qcow2 -C "${machine.config.system.build.image}/${name}.raw" /tmp/${name}.qcow2 - }; + # TODO after install: $nix_host_keys + # cp $tmpdir/${vm_name}_host_key /mnt/etc/ssh/ssh_host_ed25519_key + # chmod 600 /mnt/etc/ssh/ssh_host_ed25519_key + # cp $tmpdir/${vm_name}_host_key.pub /mnt/etc/ssh/ssh_host_ed25519_key.pub + # chmod 644 /mnt/etc/ssh/ssh_host_ed25519_key.pub + + # nixos-generate gives the burden of building revisions, while systemd-repart handles partitioning ~~at the burden of version revisions~~ + # .qcow2 is around half the size of .raw, on top of supporting backups - be it apparently at the cost of performance + qemu-img convert -f raw -O qcow2 -C "${raw}" /tmp/${name}.qcow2 + + ls -l ${raw} + ls -l /tmp/${name}.qcow2 + + env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \ + ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \ + TF_VAR_image=/tmp/${name}.qcow2 \ + tf_env=${tf-env} bash ./deployment/run/tf-proxmox/run.sh + ''; + # # don't really wanna deal with having to do versioned updates for now + # qemu-img convert -f raw -O qcow2 -C "${machine.config.system.build.image}/${name}.raw" /tmp/${name}.qcow2 }; - } - ); + }; + }); }; }; in