diff --git a/deployment/check/data-model/deployment.nix b/deployment/check/data-model/deployment.nix deleted file mode 100644 index 769fea74..00000000 --- a/deployment/check/data-model/deployment.nix +++ /dev/null @@ -1,192 +0,0 @@ -{ - config, - system, - inputs ? (import ../../../default.nix { }).inputs, - sources ? import ../../../npins, - ... -}: - -let - inherit (sources) nixpkgs; - pkgs = import nixpkgs { inherit system; }; - inherit (pkgs) lib; - deployment-config = config; - inherit (lib) mkOption types; - inherit (import ./constants.nix) targetMachines pathToRoot pathFromRoot; - eval = - module: - (lib.evalModules { - specialArgs = { - inherit pkgs inputs; - }; - modules = [ - module - ../../data-model.nix - ]; - }).config; - fediversity = eval ( - { config, ... }: - { - config = { - resources.login-shell = { - description = "The operator needs to be able to log into the shell"; - request = - { ... }: - { - _class = "fediversity-resource-request"; - options = { - wheel = mkOption { - description = "Whether the login user needs root permissions"; - type = types.bool; - default = false; - }; - packages = mkOption { - description = "Packages that need to be available in the user environment"; - type = with types; attrsOf package; - }; - }; - }; - policy = - { config, ... }: - { - _class = "fediversity-resource-policy"; - options = { - username = mkOption { - description = "Username for the operator"; - type = types.str; # TODO: use the proper constraints from NixOS - }; - wheel = mkOption { - description = "Whether to allow login with root permissions"; - type = types.bool; - default = false; - }; - }; - config = { - resource-type = types.raw; # TODO: splice out the user type from NixOS - apply = - requests: - let - # Filter out requests that need wheel if policy doesn't allow it - validRequests = lib.filterAttrs ( - _name: req: !req.login-shell.wheel || config.wheel - ) requests.resources; - in - lib.optionalAttrs (validRequests != { }) { - ${config.username} = { - isNormalUser = true; - packages = - with lib; - attrValues (concatMapAttrs (_name: request: request.login-shell.packages) validRequests); - extraGroups = lib.optional config.wheel "wheel"; - }; - }; - }; - }; - }; - applications.hello = - { ... }: - { - description = ''Command-line tool that will print "Hello, world!" on the terminal''; - module = - { ... }: - { - options.enable = lib.mkEnableOption "Hello in the shell"; - }; - implementation = cfg: { - input = cfg; - output.resources = lib.optionalAttrs cfg.enable { - hello.login-shell.packages.hello = pkgs.hello; - }; - }; - }; - environments = - let - mkNixosConfiguration = - environment: requests: - { ... }: - { - imports = [ - ./options.nix - ../common/sharedOptions.nix - ../common/targetNode.nix - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - ]; - - users.users = environment.config.resources."operator-environment".login-shell.apply { - resources = lib.filterAttrs (_name: value: value ? login-shell) ( - lib.concatMapAttrs ( - k': req: lib.mapAttrs' (k: lib.nameValuePair "${k'}.${k}") req.resources - ) requests - ); - }; - }; - in - { - single-nixos-vm-ssh = environment: { - resources."operator-environment".login-shell.username = "operator"; - implementation = requests: { - input = requests; - output.ssh-host = { - nixos-configuration = mkNixosConfiguration environment requests; - ssh = { - username = "root"; - inherit (deployment-config) host; - key-file = null; - }; - }; - }; - }; - single-nixos-vm-nixops4 = environment: { - resources."operator-environment".login-shell.username = "operator"; - implementation = requests: { - input = requests; - output.nixops4 = - { providers, ... }: - { - providers = { - inherit (inputs.nixops4.modules.nixops4Provider) local; - }; - resources = lib.genAttrs targetMachines (nodeName: { - type = providers.local.exec; - imports = [ - inputs.nixops4-nixos.modules.nixops4Resource.nixos - ../common/targetResource.nix - ]; - nixos.module = mkNixosConfiguration environment requests; - _module.args = { inherit inputs sources; }; - inherit nodeName pathToRoot pathFromRoot; - }); - }; - }; - }; - }; - }; - options = { - "example-configuration" = mkOption { - type = config.configuration; - default = { - enable = true; - applications.hello.enable = true; - }; - }; - "ssh-deployment" = - let - env = config.environments."single-nixos-vm-ssh"; - in - mkOption { - type = env.resource-mapping.output-type; - default = env.deployment config."example-configuration"; - }; - "nixops4-deployment" = - let - env = config.environments."single-nixos-vm-nixops4"; - in - mkOption { - type = env.resource-mapping.output-type; - default = env.deployment config."example-configuration"; - }; - }; - } - ); -in -fediversity diff --git a/deployment/check/data-model/flake-under-test.nix b/deployment/check/data-model/flake-under-test.nix index d6f4482d..60b0ee38 100644 --- a/deployment/check/data-model/flake-under-test.nix +++ b/deployment/check/data-model/flake-under-test.nix @@ -17,9 +17,12 @@ ]; nixops4Deployments.check-deployment-model = - (import ./deployment/check/data-model/deployment.nix { + (import ./deployment/check/common/data-model.nix { inherit system inputs; - config.host = "nixops4"; + config = { + inherit (import ./deployment/check/data-model/constants.nix) pathToRoot pathFromRoot; + nodeName = "nixops4"; + }; })."nixops4-deployment".nixops4; } ); diff --git a/deployment/check/data-model/nixosTest.nix b/deployment/check/data-model/nixosTest.nix index 019203c8..a10c32e6 100644 --- a/deployment/check/data-model/nixosTest.nix +++ b/deployment/check/data-model/nixosTest.nix @@ -9,12 +9,13 @@ let inherit (import ./constants.nix) pathToRoot; escapedJson = v: lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (lib.strings.toJSON v); deployment-config = { + inherit (import ./constants.nix) pathToRoot pathFromRoot; inherit (config) enableAcme; acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null; - host = "ssh"; + nodeName = "ssh"; }; inherit - ((import ./deployment.nix { + ((import ../common/data-model.nix { inherit (pkgs) system; inherit inputs; config = deployment-config; @@ -28,16 +29,16 @@ in { _class = "nixosTest"; imports = [ - ./options.nix + ../common/data-model-options.nix ]; name = "deployment-model"; sourceFileset = lib.fileset.unions [ ../../data-model.nix ../../function.nix + ../common/data-model.nix + ../common/data-model-options.nix ./constants.nix - ./deployment.nix - ./options.nix (config.pathToCwd + "/flake-under-test.nix") ]; @@ -85,7 +86,7 @@ in import ${pathToRoot}/deployment/nixos.nix { inherit system; configuration = ( - import ${pathToRoot}/deployment/check/data-model/deployment.nix { + import ${pathToRoot}/deployment/check/common/data-model.nix { inherit system; config = builtins.fromJSON "${escapedJson deployment-config}"; } diff --git a/deployment/check/data-model/options.nix b/deployment/check/data-model/options.nix deleted file mode 100644 index 8492bee3..00000000 --- a/deployment/check/data-model/options.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - lib, - ... -}: -let - inherit (lib) types; -in -{ - options = { - host = lib.mkOption { - type = types.str; - description = "name of the host to deploy to"; - }; - }; -}