From 98c4490b4e40a33724593a9ee2299a248dea04a4 Mon Sep 17 00:00:00 2001
From: Valentin Gagarin <valentin.gagarin@tweag.io>
Date: Tue, 18 Mar 2025 09:51:27 +0100
Subject: [PATCH 01/18] update fedi201 host public key (#251)
this is a hack in order to be able to redeploy; that machine was still provisioned
manually
Reviewed-on: https://git.fediversity.eu/Fediversity/Fediversity/pulls/251
---
keys/systems/fedi201.pub | 2 +-
secrets/forgejo-database-password.age | 33 ++++++++++++-------------
secrets/forgejo-email-password.age | 33 ++++++++++++-------------
secrets/forgejo-runner-token.age | Bin 809 -> 809 bytes
secrets/panel-secret-key.age | 32 ++++++++++++------------
secrets/wiki-basicauth-htpasswd.age | 34 +++++++++++++-------------
secrets/wiki-password.age | Bin 905 -> 905 bytes
secrets/wiki-smtp-password.age | Bin 926 -> 926 bytes
8 files changed, 66 insertions(+), 68 deletions(-)
diff --git a/keys/systems/fedi201.pub b/keys/systems/fedi201.pub
index 1e769352..6eadc66f 100644
--- a/keys/systems/fedi201.pub
+++ b/keys/systems/fedi201.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhSlUo7L/TjoAILfLv/BDxlBT+rGudh9VoK50Uiu2lZ root@fedi201
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBpnV6zzgdJN5pjw2oWryneE6kZ5rQ343Ut4ed12Cm9 root@fedi201
diff --git a/secrets/forgejo-database-password.age b/secrets/forgejo-database-password.age
index b5229f4a..412a4d7d 100644
--- a/secrets/forgejo-database-password.age
+++ b/secrets/forgejo-database-password.age
@@ -1,18 +1,17 @@
age-encryption.org/v1
--> ssh-ed25519 Jpc21A aY4iHQUrjmuTgBkIwG3vg8XBK458PWXpiZ5E/m/UHnU
-VCuYTllN1tW5RzIigPiN+p/W5uI3Urh0J3IpLXDL1H4
--> ssh-ed25519 BAs8QA pP6PTq+vp+fP1oOv3ep4dWspwANxj9DSS94t0a+1Q1o
-tpqUnXqp/wmfXFMe2iXRRda+JmW5ZgypduKOS8meCJw
--> ssh-ed25519 ofQnlg om0geQk3YR3+WXsPdIC46wL02M57Qror6MD/PynrTAs
-Yj5xcXf203kW70SndVBBagh62yAn0T41lzg3ReD1kEs
--> ssh-ed25519 COspvA bvBwdWb0kO89Myw3u2heNwd/4vN1+4tiWjNyoF3t+hM
-eCX26mAJy8stuYrRijqicgODAlyKt3zjeZchCkBpfOI
--> ssh-ed25519 2XrTgw wQMvYCYmw4Iql/EmUSW5HG0fz4POn/VIZrMsL5vuUBc
-RaDLMF7OadInlWbQ70/5gpQ4tpwae8i74hu5Wftf6Yg
--> ssh-ed25519 1MUEqQ ygipOVN6+Z09bfMZFdHRT8Wx+H4Ml0YM0w0vrUANugA
-XvtQMpD+iEpEKGwPVcq9mAftfaRlOJXTXUdcqyvVn9w
--> ssh-ed25519 Fa25Dw qc7z4aL3dHjoOTdPBVm4q6V458BuTGLMekP5Hlk0bk0
-kZuabCaiH7DBhO8mDta8AXUxH65Cpm8u9P9ntw8A5pI
---- zpGb6Td6MdLKxE3mkK1a7JqBH77th6045mcdGIsNth0
-�r*"DQ��-�����`�U�����`�ҹ�u{��C�]��GZ(p
-��Uf��
\ No newline at end of file
+-> ssh-ed25519 Jpc21A JzLWMEH98I5/A8O55mKUMy5zo2kg3Qk8SfXnHvkjwT4
+8f7zDHSp3AHoAQy0dVWMa1TurCBLnsHNtbNjaD++7ow
+-> ssh-ed25519 BAs8QA eCD3saYXdv1bjAoQghmyVqHjMBu/o2lWgu7grk1vgRs
+//pOnkzqQTK3xmeCjruo46ju2X136KEt6DpsegMouFQ
+-> ssh-ed25519 ofQnlg ePjq7GmM36qaGxcJ0qnW8FdKDjwlXtFqOBK8OgWY3Co
+gVmsDP9rMcQD/B6BpNhCn+avdgjhyyohNUXlatXpXo0
+-> ssh-ed25519 COspvA lrQB/NEmMUR2RWxfRzE2iTDkjMYsrIaiKn8thxZR+RA
+MU23Z28v+cNk2VxpAYaYoFb53js2Zr9/KAM9uMe6+EA
+-> ssh-ed25519 2XrTgw z1ixx5dYCNbgw6wWV45b4wn69X/5/4MzesTomWa4WB4
+eNSlP6+nUW9rpsGyzqOEQ+7IVpGeU3UcZpyfB9XT2/4
+-> ssh-ed25519 1MUEqQ c6ps9RB6Dw9JtR0+4eB1NDx44uUes8YjLrY7RCpD0jg
+GwVRqR5t07ctbWhwH76T+SAe2Y6Vv1uY/AHkzd/gw/c
+-> ssh-ed25519 Fa25Dw jTqtV2RWsXBH4zgWAYr9tBGC/BbXKBvr3uyL8IgmI1o
+qBirnzIpi9hB61xwyS+5U6XBobAquEJrV3cleDtG8/4
+--- j/vJgDV+47UmKokdvztXntBIhCLEyUm2aYoGJ2WMKbU
+������i���Q�f��������DN��B"��vs�B6��P��Q�orF���
\ No newline at end of file
diff --git a/secrets/forgejo-email-password.age b/secrets/forgejo-email-password.age
index 4fdc373c..d1fc3a85 100644
--- a/secrets/forgejo-email-password.age
+++ b/secrets/forgejo-email-password.age
@@ -1,18 +1,17 @@
age-encryption.org/v1
--> ssh-ed25519 Jpc21A ExqTXUYWuoVsdKwuWzCD72NctIpGvAF4QknTU04he2M
-rN48eYUwPJtTc/UBpB79FayC0W2UnrKdjFTdWKShtc0
--> ssh-ed25519 BAs8QA xODgENkmP/KjT6IGiMW3cBkdrY+o5rbAGywY7Fx99EY
-DNAlVBdObTlgeVhKYtzPv46RCtn7zNm1aURWBOpBXEs
--> ssh-ed25519 ofQnlg cEM500igumTfcCWWCH55z22Pp8QqLcqmjTD5e1lp1T0
-oKBWnaFpaFiEGf51fPqObAkRfRE4gywjQrYGB9kygUs
--> ssh-ed25519 COspvA gQbazYgzv8oBeND0VtZ3P241kZM9klO2qysjkc20CFQ
-nW558CrEvtuUEpLo6EUeUTVK6EVUXbNZwP4+GLVVH3A
--> ssh-ed25519 2XrTgw QlyQRFaRkniJ4BrJEVEP5muS+POPdKSmpS5u4ORiRTc
-/UeO72Y/U9aml3S2s9wE9HUIXPoR+6GDSXF+PT141Qg
--> ssh-ed25519 1MUEqQ oMz1Cq68FuE1jm63H2Rfr/WqhkCeJ2SQrVtk88FBYGo
-ou2ZRPuGTlLxsV/DhXoRUhqaQq9Ub+1ZdOcqqazrBZM
--> ssh-ed25519 Fa25Dw USp87LMAo6HfD6gHdA+lrRlwHzKtMwXGjELImsQ7onk
-g8GvPArugT7KIdpgpfWjHFUNyXgL9rRuymQg/RIiQJw
---- 6oCFkdV4DmaxMe7lDoDSKgtCKySGqVqrbDv8aRa/h/o
-�W)E��{����b����rۛ�
-�3OVx)��Q�Ȭ6�b��O�O�ܗ��ȑ%�
\ No newline at end of file
+-> ssh-ed25519 Jpc21A l6Xwv4JBlTeRTC7RgjxY9gDrCk96atMUH/62P+u55Qs
+CrYsLZgDFAiR8up87lhGZqsbAEZtOXG+l5IzLh2uaqg
+-> ssh-ed25519 BAs8QA lgtmfoc4vKfRpI/XbIS258BMyIB4mTdquEx/Kxm5OTI
+3gQL8Rnqc7JfqsRmKYU3rD0cWMKdnIeVXbY3eFM07RU
+-> ssh-ed25519 ofQnlg 0vwuCrduMLjssA3CK3gfVPMSPYKO9cF7HH1JF/oJv18
+2KrZgQmpvw/tNDJrDArinnbEjopkkmuG8s7t6klBXcQ
+-> ssh-ed25519 COspvA NT+/h2KsiZN2XbaWAlrTlDwyAPmHWrwgr6f0uhSbEGs
+QpoAd+69VYrZwAC0LwDm1m/zfslVgzxpVFihQWDcqzE
+-> ssh-ed25519 2XrTgw QoJ/74FOqYFxHJYXJEkyzbGY0xptSjorNvnyUS1p6zk
+0sJ2F6IFuTrRvXO5ND1QL4CZ2lr1BAU3iQffC6Uc3h4
+-> ssh-ed25519 1MUEqQ xxgEUIhvWN/ZfRMGfu3fKQ+fWM5WSz8OexXPm6jaXDk
+RXe0JMZ0sYMdQvrbi+zAs9F3d98ocRFnsSGUuUWccRk
+-> ssh-ed25519 Fa25Dw tw4sqQcO86Gh0FGUD+O3bJ+8OcaN5rm8R6qocXvDbRg
+7hiWa4qznHTV45kvC7ucj7j7FbPrqYK5OcCcByrcSxg
+--- kvZDYq5n/OXu7xe2Kf5vGN0zosl9fgH4CAf3K0Tq3U4
+��D!��j]�2�݃T+�
�U����cg�oP�� �F.��_vb���d�9
\ No newline at end of file
diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age
index 9abc8a98bed421d7f2d85582ded28f18ee6523c9..e541a38e5af990d7fa1b77fc0ebcaf1f1000414c 100644
GIT binary patch
literal 809
zcmZ9{xvSfD007{nL(rTog@Qtsz{8bf`H(_d`jek5S+Xtbmerxix~#*x?{w^vp-TfH
z8A1{QAwwXULrI~O1~PUjl+K;Yo4OR**?+;uXZh~PP3)r2svu21PYWMuFlh88T$aa?
z>x`#UjD)$&9%BHWi^C33F}kY7*d&uO_ngB?SIFTo3s{C0#DJTYR93Hb6&mU?JMvkD
z_F5-~=y03>rrIwBX?0Xnj^(JmM+5eNXj}ALqd-ZB0NzpFNw(3<@~6Whrx2QNg5uKX
zV|N>jOMhdcodPxi*e+AZul*{FNkuLhvEKEW81SZ<7jw?r@UqitEW_|_(|gN{=v+%Z
zF^PRx5*;$!^$C$Q*sxe1XvHECj>1W=HE;tpNS}^vR;RrMfaWGm(UaUV)v7SoHfmcY
zQhD5RuaN5HKGK@nqHI*wsH1(ZErc>_0G!2}*^cWYO+vS|TnLdAfmv+}gPH~5(&7&;
zNrskIh;j?fL1a5Y7z(l-bvV-*t&w6pK9O7%@6cYiPI2d009)$dTpJsO;<xa{*c95v
zl+;sFvzkU^X}^(X?yA{|X{U=);`5xd9!DB$L&czTtNQ<0T^G&D(U8e}J6>#SqMIm4
zV_U?^mGa=?6d|i~4cn-6F2baW;fLv3m}D}4j2oS<BBuzIlO{}4Cbu00U!7bGupv8v
zh;~8Db<^B$OiLQ?V+K#@YEFu_xdFsXDbz!wxDimJyoE-i5o{3h;M7yP?{~a3>#Q|G
z)V#w=HgY*{H6|FMX@nY9Qn(`Y=E?QHUjOuKc<;9dFK_0ft4GY87e9yM)z{zr^4%BL
zuD-wZ;i>cfcJLMA;qQL<G<o~-U#NKY$(=v$Kl|+c?^XBk#^0~My?gf`<N2TOKK}Ul
F)qhvV6!QQ8
literal 809
zcmZY6JFDAP007_)8H(v#XhJXAG6=_dS+W`k=-RR@UCDa-*wWHSvL3e1mE<E^vXnVX
z>C){&OENcw(k&%R0wIt&TWD#ZWC(?j?17NXx4+;UK0k^2Q68eU+;58fMuCz+P4@b?
zu&PS?(V7|#Ngh+mkRk;vXxt?vrU|Py#hg@*CGdRxz}iB(6`g32mXORA1J;5Yxo1OA
zE22_tRLh_z4Hv4}9yw|NnA|@n0cFtzo)F?#YnaR0sZfnf0UN2IG^q~iu$aYZQyXnt
zOM7lkl}*5TX@#rv(sxkI0Vwuh=F06Pp~H5@Lrr#T$RN){L2HwP7%V-`=w?KSbk7=H
z){5B7VS)ud6ScWqHv3J>3ndG{j#nEgKl*mM+I8l(=zNewb+KZ4fS;jJJ44b$7PkI|
z<|1^|S=k)q9Te&j?gUbava-+%?Xou3tFjibGPi?p3McU{r=fOE=EBnO7wjknt4X#`
z@q$yAlIa~gTkiSuSYWKs69D0ioyAT)o0U4-9FnzrR4LiF=J2e>Esqnz%Nn&pPSRkw
zl5dr<WALU}6}Fof0dc0BbqIGi#t{K46Pb-m)uU2mdJX~gslmG}QZ;j#194?5NgIyy
zpi=@KM(*Gg#Kh@#mHqFH)E45-#5BH~`p1?c7z-`wnY35@D$6>Vb+yq!iGZ?<Dv4=S
z5mY_=Gr|rTj@1M=v1mNlP<kv)D?4mTLxb501{S+p7tQ+fTfdKK>tWuR0lPyqVGvdm
znUbyyV%nS7yS+Tja&3}Onr_b7q$hp(?x#O~dHj8M{kw-Re|vRt=l9p*#oP05|NQq+
z_3M+b)4N~2dj0po*uMGU#=RFe@BjS8$<@EEJ$-Zg*@ySnWB1C(k5BJD{PCOr{C`f2
J=gp%Bp8%gm7Bv6>
diff --git a/secrets/panel-secret-key.age b/secrets/panel-secret-key.age
index 2b51856d..fd5e8892 100644
--- a/secrets/panel-secret-key.age
+++ b/secrets/panel-secret-key.age
@@ -1,17 +1,17 @@
age-encryption.org/v1
--> ssh-ed25519 Jpc21A jzJ5wTSLBsJ0DxelUDsT7BxM9qc73hPsCvB/1R3qGC4
-5giHjKIjnBVmn4NAtGLSIgKQGts9kOc+EPS6AKugn1s
--> ssh-ed25519 BAs8QA J/y7P+A4z1iETfzta1UBf2AnKOD5lFTuGRo7EjWF4Qw
-zUBV+byTPL2kbKS6ZCbu8mk9Lp/fq1iF2Sii0XHxB5I
--> ssh-ed25519 ofQnlg w1RFmJnfOSpKu9tiVvPy3WdLVGO1vUdPW1exb+M7xEM
-jk6/yzZMJCvzW1/5T+DKze+PxduLcWDrBGcVN6k5Vfo
--> ssh-ed25519 COspvA DEBQL0y8GQpdib3WUkj1a/FVLVF8aMAZ77MdxLqJkVE
-V96fUeVJD3v2/V1H5GLo5YIKlIU7fuyYBr7F48gzJ60
--> ssh-ed25519 2XrTgw ixdrdSfgH9Ch1Y4aflWP1QG6khhKN8mD1jFyOXhDTyA
-Kd8QfZ1IqWqiaAY4C8+J/AE6vqIRNAZtU6jbIjRYvCA
--> ssh-ed25519 1MUEqQ Mwda57DHcYYsBJr0L6q9IcO4xyr6NvfTlXyRK/sfjWk
-WX2CsIJBJL1Q9ZMsLzLS2s2L1b+7Mm0WXF+PqRVh1p4
--> ssh-ed25519 ChtTUw trZu9wftz3Hjd2xTKf8TYM9oLpNBcwQX47Pfi/cetjE
-5F1McxV1iLHyIVYdPDeR2twB5aq1fz9g/nrjAF5ys2w
---- 7p/n8TyrrtmVay+dPSX+bdlEqzFByuWk/6FyKFKh758
-I�B�U�3M:ƶ,����?�n���-{�7�h�3�#7�����'�g�~L&�)�=�b�B:9h�A�TO�S�
\ No newline at end of file
+-> ssh-ed25519 Jpc21A fBhVzGFs61K63QtA8RdOuuGfHFjMe/Dp0M6TXGLGWDU
+qppnUZ+LQCXhuMCFMYv2D2CkmEfjb7mpmJufIeVjjaM
+-> ssh-ed25519 BAs8QA PNicZCWLkbvM4ih77/F4z6FzHomL9EsJCuSCjbdRTwA
+qIpTl/v7Xl08qBB//dFeW9qQiZg10YrYLnfyQrgDRfQ
+-> ssh-ed25519 ofQnlg 9/vSN3V25ysXBOvS4UJQEzm0734zqO0gXjhgzX63tTs
+AH9Q1lWr+RgICfW3h+D2SgCTFr+azI0x3J3eFnaz/XA
+-> ssh-ed25519 COspvA IB1nWOMaVZVcvEog6UaqCak2fcKxIUN2yXvvRSTDxGw
+Ti7JuBgU6phlI+oXfDDvx42dRu95kTwesRUKu4QsXZ4
+-> ssh-ed25519 2XrTgw 7S9ZhJvUFMw9tDCc0HvkRsRqjvmn47GFGVg/jkxIy1I
+cj27gqqihSZG3Jcab9h9FyNJ1J8FjlUiyVlDot+sbWQ
+-> ssh-ed25519 1MUEqQ l9mVTLD9rZXisBEz0sU2AdFNrJQ/+zuFTiIod5R/HCI
+2q3csSEvMW5vtzqGHYTtZ1nZ0J1vT23bjhuj9HTsdWk
+-> ssh-ed25519 kXy85Q BCrDvkPZLvx2Kvgapa3BT+AmpS6Fa5kpkgBnRVso2BE
+ZBi+x/2ilJIzhzGipdZQJoGOjSqCuAttsqCDVFlYJ8Y
+--- iWtseKyfUMBkQTUl9QzwXXLQcodEJeZt1Wuj5sR18yY
+�+�2,� ���JrҨ>����z?�i������x�M0z��Ԓqҙ���^��Ⱥ��H�����I+1���
\ No newline at end of file
diff --git a/secrets/wiki-basicauth-htpasswd.age b/secrets/wiki-basicauth-htpasswd.age
index cb5e2274..cae51926 100644
--- a/secrets/wiki-basicauth-htpasswd.age
+++ b/secrets/wiki-basicauth-htpasswd.age
@@ -1,18 +1,18 @@
age-encryption.org/v1
--> ssh-ed25519 Jpc21A vsNSibhHXdlRVArHkFqPy2vapvpo+lfs6QNESfZHk0c
-ArMZEQCONAIGQwyEh/QkJ3m5Bnru2/A1fQdJNtPraII
--> ssh-ed25519 BAs8QA 7vfPIUymPXpfX7vhUyNVqBmTllXgJ99gCSHOgWH66HA
-gaueu0eHyqY+VAkNIzPb/aLQ1VG13kSpth2tJfhK7sU
--> ssh-ed25519 ofQnlg iaJY3mcaKyLjTAqNVnzyivIVRwXxxFzP0ru35s/TU3Q
-mfKliFvPT+hEOpOPtkdR/UEmEadXZGpQ8+iWg+S/Q8c
--> ssh-ed25519 COspvA +LC5rnZIS2R5DA3mIyeo2hR45mcBwNUjRS051qN+q2w
-yLYl5g8o29ApSCn+H4Df8P8y+eFv2Hbj6b/nHrzFMdA
--> ssh-ed25519 2XrTgw dG9hmRFpaCBgaoHIkWmJM1Ls/mBqnV5gueGjCTEmRE0
-YkIQDWAwpr3pjjFozGEa3+4+WqJan0KQzUeYNxRjUPc
--> ssh-ed25519 1MUEqQ 0Mtf2NGpVP3TYuFGrTPyQM+h6PjpgJNwW9amz1w7h0w
-J8RM+vl/e8JifUP3dqwH5L9AUqu24pALv6wqxaNhy3g
--> ssh-ed25519 dgBsjw 9Y1n4J8E5T022V8QCApLykKoX56Zto8eLiy5KZvPuR4
-3piVQigR7rFry43YTTHmXkBSDIAFa/ife1Vuq6/3ubk
---- 5Mr3Xe9RF1mneoWBno4SVkNqHx76EilFG0UvsHbqRQo
-��&�mu�.���N���:%����P� ��]`L<���� ����]�����e/T(s"a�ō���-��$M�A�%�L�ɜv�
-�m���@+9�����%oa/��K*��&
\ No newline at end of file
+-> ssh-ed25519 Jpc21A BfHJN3vILbsfY91kEjSQ+STrn6vQfn83Fx3cBCNshRQ
+0O8GJYfF8WFS4Xsgj5v1cly4JP1MgSN40OgRdW/i0rA
+-> ssh-ed25519 BAs8QA Ue0NLMpmZDSTGvwZ8lhzes7pcmit9F6uwzeT4XhiwC0
+jsvvuOW344i8GR4B139SX0LwTqzKQEgBvsy8oRppqBU
+-> ssh-ed25519 ofQnlg 9iSMQeTJn1OUqTF+M2sHpp69lblb8E6TVbgZs7vgD2U
+uMQI1gTTMvYW7ea9xBAln118JEeNvv3nqbq32zJoat8
+-> ssh-ed25519 COspvA YxCyfe0li23JoI2q4XFVUx4vrWApLwSnJD31PHXuPBg
+8xuT9+W2mnTag9tm6F6LXzHkIh2Nou/8lgxd64OpvWk
+-> ssh-ed25519 2XrTgw jEzw0A9Wd1b1Zoryzp/W/QZ6bd99E7sySnr/W2xcnDs
+IyMrojJ3AChS6lhj599caNM+02i16qtpc6cocln14b4
+-> ssh-ed25519 1MUEqQ haiI/5EkuTZ2YHxsqSVlqfM0VVR24DIDrMS3RmXwAhU
+qVIAvLp2qG4A3f3OKUqAKqH1eOicJz54nfblPSUKrSw
+-> ssh-ed25519 dgBsjw /vCnznu73U99onCWcM0aQlW0azscyUe4BB2kKeZvtHs
+MPnvXR/WVsl/tJ1YPoc7nk2Ls2x9bbtJdNp3CQTuuWI
+--- OzkqKlw4xu3McMk20orQN0h+VPYfUUSDC+DsgRU1tSw
+�^@�m�����`B��#{��� GU�u��|�� �� r���jb�:ԓd��]� �G�Ω���-�M������l�3m��)���@����e?���e��Z
+Y}�!f�
\ No newline at end of file
diff --git a/secrets/wiki-password.age b/secrets/wiki-password.age
index e3d26a37bead1f24dfe39c67d2b05607a07b01da..c38c1279e4bebad2c196c62e87daac17e74f7c11 100644
GIT binary patch
literal 905
zcmZ9}y9(=M007{{K{|;bh%ONoghOr9B+dULh-ofOnl!iOT13pfNs}~b?hysS)!9WC
z1qa_j&f?$$I60hM5L`szh@f+y;2S<KiI!0r+^4EdZ{@qUd$Q`$#qxcmX)ens+z<o`
zkwX=1PzuqxS?#cx*?^M~jik&FISc)m9<_QkMm+127jnn7u(GHH5TCF#vu{Y$f@sEC
zT6WhhP4+`$-uYV_X4h){L`2*BJUnVUssS2>a2pA-7pMrWr^ZyE<F#BWTG`W+5$!{r
z$WPtcuAQ_q*9$C@@)oZt30qm>6#FWvuUF*B90s+rW5PA<Va^yuW+(8d-D0iG6J#fa
zJGncsqnx`evvN3-m<v~J71STQqMKAT2^vtJB-ULFLW-eHi`yrtY&_CB6mG==H7$}^
z>IZW>+t;3_CxB1dqed%D)l<m6pn-d~dh9%;p~r~kRl1Dp9GFU>55#$w9>E=7nLasE
zi$R1CKR2i+HC62bT)2{C9UeWl$(r?<lRHskl)clG#qm+wICmo%kY>B7Nm1d?dYu-u
zF?h2BC9^N9!0qO7i1V&+qOELk7+Bb)Qt<+evR=QR?^@?I2J23>3d#xNN2o#nF#F=V
zQUv@_Lysm~YY3DjUMG}6DU(#vlg_xtgjkyVJpk*%D|~uDVW_I2s)5CxN#La4bkkE&
zQSnxlLUXA^)702;O-BnUqpnyz2d+dtYGJZ#vH_91oIa{;uqo0*&byU!%rxH2gB34$
z4o=nc=$ywE1oo9(wDbkD8HiE<ZV12ugO9?{={=t$TSLg?Y(Kg(W8J*n|8L7Baudt~
zBMMKc3tn26X)IO~+e;OH5{vdS3I@S2T|`@FCRqIJ8J~Uq{JURY{4>V?{^FOnKK$zU
z_nv<6)4v~o|N1Mhe*Vsv*e8~qym0*V&DXy919~t0v;FqRA3pl)xv_ouw`XrWL*9P+
E9~yHkH2?qr
literal 905
zcmZ9}JrAQ~003YUw?+r!b`v{SftNxdMlXC*3Z+0>poxjJe3kN5pnSXzH{9UhY;<tA
z&BU0PxN019($&R5Hyzb~aM8KH;2EAEiRMvxZl=1sROLHWlVCkDo4=2=Z90!aKv4vX
zX!RKo93tga=EoB~a^_NiRbabm4w|mrp#zpzqL~>4a1L9m<NaAeL{vssVm%45zGF#T
zOl?M!e8A>pgep0`34I~;S6yX2YCP967KgBrNv`lAcUrW+$Asbg4!@RjH@WS2e6Qbd
zce92gSMM!+w$=-pzF>QyakTViy1CQW>#Vl0izJW}rBJTXAGIVqaLJ=q#a5Xoh+Shn
zASg!Cr6ayuV`J$VV}TyJ!PYx#OGIE<z?*vMz+#qMlgoX`Vlx!5wo$1ow4$hFGgcdO
zBF9}PFPdB#A`V_3HNkA_o<qE8G`o|bpD6CY(>-b09WB!85iQi4Ptr@CQ+9r{Q)Ahh
z-Q{LUB-}7<F%mM9Qq-R2onqkbwUh`LscQTHE#i&m7>^q8nq4v=ntN=hJEYfj*P&%(
zm&ZLkU9$wh5*92<2`$Jjw_@Ve{VY|$0*WiWam=19-TQJ{@*zvfi{?~9lY~QG1=o$Q
z7%uau5yoD+S;%BrA+4<!w4)juf6t8WU59Cavg`VQw|bl>N2laDb3L}RGm1x{T`Y7y
zJ!KQkZwpBjaIaQ^-n7TjJ4gj)-@#yWi$^U?_%<65upw5|6gGEeFD4G*DL?~P$nE%U
zlUt4C7(PcD&Y_aQdFC;y%4XugayH$_D6J@P5!5HBNo4JA&nHDb-ef*^wc!7^`5cLE
zF^B+Ev))x?VRP?D$>*tpE~1MZXt5pWx)V-)9)!~D+fTm#?fKWQzk1`nCqI7r^e5);
zm(K=rdh4n2)yGtb{rk}eKfHMD8}SeR&$IFNcfY*(^IxlfKK%06FP{DW?)=qf`OD9f
F{{WW?E4lyx
diff --git a/secrets/wiki-smtp-password.age b/secrets/wiki-smtp-password.age
index 01be849eb3f310e4f616d57b9334eb84b2b80711..26145509eb09432f24b801be2929742a9893a2ce 100644
GIT binary patch
literal 926
zcmZ9~z3by-0KjoXr+|9niAzA7LN864=GWXHJW2D~<Y|+pPm^wWPntAIo3v@7!{I2x
z?YD@7aDw8bi;FsmIOyS^ql+MTe}E|B&HW2LeBtXQ(I_f|Q(w1PRX(Ur33;Kg(K~q4
zq@yULr&Ef<wK||FfcM^T^{8vSm%PiJvQ;lp!l!|*dTwcUOj#)e9dhW{3;7Jww@J>;
z!@V-iTN91}XCV{LRy?g2P9vf$?X-Hs07;p<w;B(cnF(;Gv}8hc=h0-l<Y5FIiCM^k
zBBOSfOl&%Lw6;4S!0%Cqg|QacyTd%zNqTV>$BvaO>5W@7jpvSS+K=qx#$IG)S~a&?
z6`N&|;6CD`JH+>;cDn0AwDtDcqCh#Q5>03%k$^cegQbKf-53L#GGO@*u4#8QP)CW+
z=d$M%Voji-2qL*C^q^JJBc&L(ny_r@3&2CsWsIYt##uN(KH}Pqv9oIpb}lTAM48lt
zr9*KG8I)iv!i`B5f=ZQyc(DwbKA&eUOUvZMwsU6Rx>|m6U2@Imw;Ju7?4-j9DYp#G
zq78a+DlM*@S;ncQ4(vE(>daw|Y(THh&{O-o!a!JW1${>jdU$aAXbYSPS(qA|(!L>g
z(u`SXNUyF3#sjw+Wo*Qwi68V0*A-dVWr3yhe!BKJ5OyWiPF97{l>(A?mq=P~dC|bA
zHdE$)Wo4<H48+yz3loICW4?F@+2dkzbyZ(t+iF~kw_2F+&A!9AmT=sC8PxUNas?`m
znqD0R#!0zq)bmj%EktR(M8;&AV{&>%E42p!>Z#d9k*E6F5(goA5u5Mk4utTmcFShR
z$rUyljc}G-DE`%RWMiI{7gq2EI@G5Z1r8P`Y9VmLq1p^^S}s)VmA^iyUsE2Q?*Ez_
zUq1c#uz4tFe|)RI^)~tGy>HGxK7RJRczyWoEAsp2+|$3``{mXD-uwsr{Mpwu`1jqH
gKL<F40_=w;FMapO`r^^=`w!pv=>7GdKYjA-e`&5Zn*aa+
literal 926
zcmZY4yRO@0003Y%q|g}z12S}}WTkd|i4zGS*^Xn!K8`Q3<JeM>?BCbp_;T{c*9BCy
zsw(ILJOIN%3@k_tAO<!Dn4lvPtnE-HMuY_O=@WeV{3M!2B{&WBIjhRM)hWT+*<|`Y
z0%1ChLV~7eOGK^#F=LUa*1@o0+h`Ybk>H??xNHoiDrj58(s=KCJ&2QjJP|7}Noad>
z(nhxJNQuqRQSEde)4j_)s~Um{NqFp)nn1x)rEY2*3l|29_z-t%ba8+}R<>5bTic;n
zM;KM)ZVi$PD4!RES;u^qcax}HEcI*yBbjsYdCfa~0Kz6vOy{g&F|)!gYF0O%>UQc)
zt%{BEm>?7jz$|Z4sZ>l~DR)^!Lf}aws6?&bd1S?Tf#E0sj`k!l1=Dn?{6w~>G^S*e
zbD>qlZ6B^wtxDH{Aj@+ct>IO7Q{y#Qw=BY`hGJWAi*2qNvPV^CxdsNuhYMf1SQ94(
zt=SH^rQ-6{Bo?`&tzmYnNe+ST=`O|GybOfMW_I&~>6z)0E)qQ|l$UPA;bbKpBGH#y
zs~px!x^)?h5v3ZRdyv`^DotMY<007}0Ie&Yk^g^ldb5OZ7N7%6H%pY|O@?9PI>K;`
z3JA+zw?PWTVSirSyv<ZwxH1s7(t*C)q=mj+bsfXzradS6`B~1+8@gMm79OAq=b;N8
zOhTv*(oT$|7|#`#;wnxb&$_NwfbI{6lB!y-Tkc39%wE#MgoBqIl7~$y%vUL7n#@`O
zdBl&&HeZvnXw&RoU>5vd9#;iadv{`8xS>(>PA<;cW~h$|Gb)vWHm1?>>85S+tgy_5
zPpW)AnNFvOr}%7HJ6$|#?UhpLZtXcbV0??&*>L8LEz!jkljS`}O+No_ef{jqcceRy
zzSZ8oc=G-IH*Yb&Js*B}>x0)GzTQ6i=JC7te!4rF&))dw&+89w-TwE%?_Yg<@5l1f
l=fB)OJ*~g^`=ci>VE^l1pZ)yaCts(p-05FDz5e4>??3DIIs*Uz
From 9c40fd0bfbfb1f9ddb2ea6d2032360439b72fe32 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Tue, 11 Mar 2025 13:12:09 +0100
Subject: [PATCH 02/18] WIP: trigger nixops from panel
Closes #76.
Note I had not yet manage to successfully test this.
Manually trying the parameterized NixOps4 I tried using the following
command, tho I had yet to get this to work as well:
```sh
DEPLOYMENT='{"domain": "fediversity.net", "mastodon": {"enable": false},
"pixelfed": {"enable": true}, "peertube": {"enable": false}}' nix
develop --extra-experimental-features "configurable-impure-env"
--command nixops4 apply test
```
(or rather, I used a hardcoded Nix here so as to make it not use Lix.)
So far this had failed for me with:
```
the following units failed:
acme-mastodon.web.garage.fediversity.net.service
...
nixops4 error: Failed to create resource garage-configuration
```
---
flake.nix | 4 +++-
infra/flake-part.nix | 14 ++++++++++++--
infra/machines/fedi201/fedipanel.nix | 9 +++++++++
panel/README.md | 5 +++++
panel/default.nix | 2 ++
panel/src/panel/templates/configuration_form.html | 4 ++--
panel/src/panel/views.py | 10 ++++++++++
7 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/flake.nix b/flake.nix
index 96e4f815..ca7259a5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -58,7 +58,9 @@
packages = [
pkgs.nil
inputs'.agenix.packages.default
- inputs'.nixops4.packages.default
+ (inputs'.nixops4.packages.default.overrideAttrs {
+ impureEnvVars = [ "DEPLOYMENT" ];
+ })
pkgs.httpie
pkgs.jq
];
diff --git a/infra/flake-part.nix b/infra/flake-part.nix
index 08be9cfe..a154c5bb 100644
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@@ -21,7 +21,7 @@ let
makeResourceModule =
{ vmName, isTestVm }:
{
- _module.args = { inherit inputs; };
+ _module.args = { inherit self inputs; };
imports = [
./common/resource.nix
(if isTestVm then ./test-machines + "/${vmName}" else ./machines + "/${vmName}")
@@ -143,7 +143,17 @@ in
## - We add a “test” deployment with all test machines.
nixops4Deployments = genAttrs machines makeDeployment' // {
default = makeDeployment machines;
- test = makeTestDeployment (fromJSON (readFile ./test-machines/configuration.json));
+ test = makeTestDeployment (
+ fromJSON (
+ let
+ env = builtins.getEnv "DEPLOYMENT";
+ in
+ if env != "" then
+ env
+ else
+ builtins.trace "env var DEPLOYMENT not set, falling back to ./test-machines/configuration.json!" (readFile ./test-machines/configuration.json)
+ )
+ );
};
flake.nixosConfigurations =
genAttrs machines (makeConfiguration false)
diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index 5312eafb..85696b9d 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -1,4 +1,5 @@
{
+ self,
config,
...
}:
@@ -11,7 +12,12 @@ in
../../../panel/nix/configuration.nix
];
+ nix.settings = {
+ extra-experimental-features = "configurable-impure-env";
+ };
+
environment.systemPackages = [
+ self
panel
];
@@ -36,4 +42,7 @@ in
STATIC_ROOT = "/var/lib/${name}/static";
};
};
+ systemd.services.${name}.env = {
+ REPO_DIR = builtins.trace self self;
+ };
}
diff --git a/panel/README.md b/panel/README.md
index 5dcab93c..cc01c82b 100644
--- a/panel/README.md
+++ b/panel/README.md
@@ -4,6 +4,11 @@ The Fediversity Panel is a web service for managing Fediversity deployments with
## Development
+- In your [nix.conf](https://nix.dev/manual/nix/latest/command-ref/conf-file) (Nix) / `nix.settings` (NixOS),
+to your [`experimental-features`](https://nix.dev/manual/nix/latest/command-ref/conf-file#conf-experimental-features)
+add [`configurable-impure-env`](https://nix.dev/manual/nix/latest/development/experimental-features#xp-feature-configurable-impure-env).
+Note that this features is only available in Nix, not in Lix.
+
- To obtain all tools related to this project, enter the development environment with `nix-shell`.
If you want to do that automatically on entering this directory:
diff --git a/panel/default.nix b/panel/default.nix
index b0ec435e..dc8e81ef 100644
--- a/panel/default.nix
+++ b/panel/default.nix
@@ -34,6 +34,8 @@ in
export CREDENTIALS_DIRECTORY=${builtins.toString ./.credentials}
export DATABASE_URL="sqlite:///${toString ./src}/db.sqlite3"
'';
+ # FIXME: ending a path in a non-name produces a double hash :(
+ REPO_DIR = ./..;
};
tests = pkgs'.callPackage ./nix/tests.nix { };
diff --git a/panel/src/panel/templates/configuration_form.html b/panel/src/panel/templates/configuration_form.html
index 154b5e02..474aa4f6 100644
--- a/panel/src/panel/templates/configuration_form.html
+++ b/panel/src/panel/templates/configuration_form.html
@@ -5,7 +5,7 @@
{{ form.as_p }}
- <button class="button" disabled>Deploy</button>
- <button class="button" type="submit" >Save</button>
+ <button class="button" type="submit" name="deploy">Deploy</button>
+ <button class="button" type="submit" name="save">Save</button>
</form>
{% endblock %}
diff --git a/panel/src/panel/views.py b/panel/src/panel/views.py
index 13a8f80a..7134ff06 100644
--- a/panel/src/panel/views.py
+++ b/panel/src/panel/views.py
@@ -1,6 +1,8 @@
from enum import Enum
from django.urls import reverse_lazy
+import os
+import subprocess
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.models import User
from django.views.generic import TemplateView, DetailView
@@ -41,6 +43,14 @@ class ConfigurationForm(LoginRequiredMixin, FormView):
operator=self.request.user,
)
+ button_name = self.request.POST.get('save_draft') or self.request.POST.get('publish')
+ print(f"self.request.POST: {self.request.POST}")
+ print(f"button_name: {button_name}")
+ if button_name == 'deploy':
+ print("DEPLOYING:")
+ print(os.getenv("REPO_DIR"))
+ print(obj)
+ subprocess.run(["nix", "develop", "--command", "nixops4", "apply", "test"], cwd=os.getenv("REPO_DIR"), env={"DEPLOYMENT": obj})
return obj
# TODO(@fricklerhandwerk):
From bc670296d7615d8e58834ef692445216e3d66587 Mon Sep 17 00:00:00 2001
From: lois <lois@procolix.eu>
Date: Tue, 11 Mar 2025 14:46:11 +0100
Subject: [PATCH 03/18] Convert configuration form to json WIP: Get nix in
scope
---
panel/default.nix | 1 +
panel/nix/configuration.nix | 1 +
panel/nix/package.nix | 2 ++
panel/src/panel/views.py | 13 +++++++------
4 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/panel/default.nix b/panel/default.nix
index dc8e81ef..0246337f 100644
--- a/panel/default.nix
+++ b/panel/default.nix
@@ -22,6 +22,7 @@ in
packages = [
pkgs.npins
manage
+ pkgs.nix
];
env = {
NPINS_DIRECTORY = toString ../npins;
diff --git a/panel/nix/configuration.nix b/panel/nix/configuration.nix
index d790e30c..7e6cb437 100644
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@@ -37,6 +37,7 @@ let
django-libsass
django_4
setuptools
+ pkgs.nix
]
++ cfg.package.propagatedBuildInputs
);
diff --git a/panel/nix/package.nix b/panel/nix/package.nix
index e6196686..c43d850c 100644
--- a/panel/nix/package.nix
+++ b/panel/nix/package.nix
@@ -2,6 +2,7 @@
lib,
sqlite,
python3,
+ nix,
}:
let
src =
@@ -50,6 +51,7 @@ python3.pkgs.buildPythonPackage {
in
[
sqlite
+ nix
]
++ pythonPackages;
diff --git a/panel/src/panel/views.py b/panel/src/panel/views.py
index 7134ff06..6629ade2 100644
--- a/panel/src/panel/views.py
+++ b/panel/src/panel/views.py
@@ -12,6 +12,7 @@ from panel import models
from panel.configuration import forms
+
class Index(TemplateView):
template_name = 'index.html'
@@ -43,14 +44,14 @@ class ConfigurationForm(LoginRequiredMixin, FormView):
operator=self.request.user,
)
- button_name = self.request.POST.get('save_draft') or self.request.POST.get('publish')
- print(f"self.request.POST: {self.request.POST}")
- print(f"button_name: {button_name}")
- if button_name == 'deploy':
+ # Check for deploy button
+ if "deploy" in self.request.POST.keys():
print("DEPLOYING:")
print(os.getenv("REPO_DIR"))
- print(obj)
- subprocess.run(["nix", "develop", "--command", "nixops4", "apply", "test"], cwd=os.getenv("REPO_DIR"), env={"DEPLOYMENT": obj})
+ config_dict = obj.parsed_value.model_dump_json()
+ print(f"config_dict: {config_dict}")
+ subprocess.run(["nix", "develop", "--command", "nixops4", "apply",
+ "test"], cwd=os.getenv("REPO_DIR"), env={"DEPLOYMENT": config_dict})
return obj
# TODO(@fricklerhandwerk):
From 3b6fcc28783c52c60a3404935ad640fb8c88da3b Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Tue, 11 Mar 2025 15:25:03 +0100
Subject: [PATCH 04/18] add NIX_DIR
---
infra/machines/fedi201/fedipanel.nix | 2 ++
panel/default.nix | 1 +
panel/src/panel/views.py | 16 +++++++---------
3 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index 85696b9d..99e02a0e 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -1,6 +1,7 @@
{
self,
config,
+ pkgs,
...
}:
let
@@ -44,5 +45,6 @@ in
};
systemd.services.${name}.env = {
REPO_DIR = builtins.trace self self;
+ NIX_DIR = pkgs.nix;
};
}
diff --git a/panel/default.nix b/panel/default.nix
index 0246337f..b47473bb 100644
--- a/panel/default.nix
+++ b/panel/default.nix
@@ -37,6 +37,7 @@ in
'';
# FIXME: ending a path in a non-name produces a double hash :(
REPO_DIR = ./..;
+ NIX_DIR = pkgs.nix;
};
tests = pkgs'.callPackage ./nix/tests.nix { };
diff --git a/panel/src/panel/views.py b/panel/src/panel/views.py
index 6629ade2..82c0f380 100644
--- a/panel/src/panel/views.py
+++ b/panel/src/panel/views.py
@@ -12,23 +12,18 @@ from panel import models
from panel.configuration import forms
-
class Index(TemplateView):
template_name = 'index.html'
-
class AccountDetail(LoginRequiredMixin, DetailView):
model = User
template_name = 'account_detail.html'
-
def get_object(self):
return self.request.user
-
class ServiceList(TemplateView):
template_name = 'service_list.html'
-
class ConfigurationForm(LoginRequiredMixin, FormView):
template_name = 'configuration_form.html'
success_url = reverse_lazy('configuration_form')
@@ -48,10 +43,13 @@ class ConfigurationForm(LoginRequiredMixin, FormView):
if "deploy" in self.request.POST.keys():
print("DEPLOYING:")
print(os.getenv("REPO_DIR"))
- config_dict = obj.parsed_value.model_dump_json()
- print(f"config_dict: {config_dict}")
- subprocess.run(["nix", "develop", "--command", "nixops4", "apply",
- "test"], cwd=os.getenv("REPO_DIR"), env={"DEPLOYMENT": config_dict})
+ print(os.getenv("NIX_DIR"))
+ env={
+ "DEPLOYMENT": obj.parsed_value.model_dump_json(),
+ "PATH": f"{os.getenv("NIX_DIR")}/bin/",
+ }
+ print(f"env: {env}")
+ subprocess.run(["nix", "develop", "--command", "nixops4", "--show-trace", "--verbose", "apply", "test"], cwd=os.getenv("REPO_DIR"), env=env)
return obj
# TODO(@fricklerhandwerk):
From 7b6e8fa9ba1ab6d4075de78f09856707f3467f83 Mon Sep 17 00:00:00 2001
From: lois <lois@procolix.eu>
Date: Tue, 11 Mar 2025 16:12:43 +0100
Subject: [PATCH 05/18] Pass REPO_DIR implicitly
---
panel/default.nix | 2 --
panel/src/panel/views.py | 12 ++++++++++--
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/panel/default.nix b/panel/default.nix
index b47473bb..dbc6325b 100644
--- a/panel/default.nix
+++ b/panel/default.nix
@@ -35,8 +35,6 @@ in
export CREDENTIALS_DIRECTORY=${builtins.toString ./.credentials}
export DATABASE_URL="sqlite:///${toString ./src}/db.sqlite3"
'';
- # FIXME: ending a path in a non-name produces a double hash :(
- REPO_DIR = ./..;
NIX_DIR = pkgs.nix;
};
diff --git a/panel/src/panel/views.py b/panel/src/panel/views.py
index 82c0f380..cf2e232b 100644
--- a/panel/src/panel/views.py
+++ b/panel/src/panel/views.py
@@ -1,4 +1,5 @@
from enum import Enum
+import os
from django.urls import reverse_lazy
import os
@@ -12,18 +13,23 @@ from panel import models
from panel.configuration import forms
+
class Index(TemplateView):
template_name = 'index.html'
+
class AccountDetail(LoginRequiredMixin, DetailView):
model = User
template_name = 'account_detail.html'
+
def get_object(self):
return self.request.user
+
class ServiceList(TemplateView):
template_name = 'service_list.html'
+
class ConfigurationForm(LoginRequiredMixin, FormView):
template_name = 'configuration_form.html'
success_url = reverse_lazy('configuration_form')
@@ -44,12 +50,14 @@ class ConfigurationForm(LoginRequiredMixin, FormView):
print("DEPLOYING:")
print(os.getenv("REPO_DIR"))
print(os.getenv("NIX_DIR"))
- env={
+ env = {
"DEPLOYMENT": obj.parsed_value.model_dump_json(),
"PATH": f"{os.getenv("NIX_DIR")}/bin/",
}
print(f"env: {env}")
- subprocess.run(["nix", "develop", "--command", "nixops4", "--show-trace", "--verbose", "apply", "test"], cwd=os.getenv("REPO_DIR"), env=env)
+ print(f"Path: {os.getcwd()}/..")
+ subprocess.run(["nix", "develop", "--command", "nixops4", "--show-trace",
+ "--verbose", "apply", "test"], cwd=os.getenv("REPO_DIR") or f"{os.getcwd()}/..", env=env)
return obj
# TODO(@fricklerhandwerk):
From f39f5d295aba9e4896a12c71b72f21d67d1f8549 Mon Sep 17 00:00:00 2001
From: lois <lois@procolix.eu>
Date: Tue, 11 Mar 2025 16:22:24 +0100
Subject: [PATCH 06/18] Remove addding nixpkgs (did not fix the issue)
---
panel/default.nix | 1 -
panel/nix/configuration.nix | 1 -
panel/nix/package.nix | 2 --
3 files changed, 4 deletions(-)
diff --git a/panel/default.nix b/panel/default.nix
index dbc6325b..d9c7db99 100644
--- a/panel/default.nix
+++ b/panel/default.nix
@@ -22,7 +22,6 @@ in
packages = [
pkgs.npins
manage
- pkgs.nix
];
env = {
NPINS_DIRECTORY = toString ../npins;
diff --git a/panel/nix/configuration.nix b/panel/nix/configuration.nix
index 7e6cb437..d790e30c 100644
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@@ -37,7 +37,6 @@ let
django-libsass
django_4
setuptools
- pkgs.nix
]
++ cfg.package.propagatedBuildInputs
);
diff --git a/panel/nix/package.nix b/panel/nix/package.nix
index c43d850c..e6196686 100644
--- a/panel/nix/package.nix
+++ b/panel/nix/package.nix
@@ -2,7 +2,6 @@
lib,
sqlite,
python3,
- nix,
}:
let
src =
@@ -51,7 +50,6 @@ python3.pkgs.buildPythonPackage {
in
[
sqlite
- nix
]
++ pythonPackages;
From 4987e9f530aea3c80dec044d9659aae62be23de0 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Wed, 12 Mar 2025 09:06:38 +0100
Subject: [PATCH 07/18] pass `self` thru in flake
---
flake.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/flake.nix b/flake.nix
index ca7259a5..3f2b4a37 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,8 +12,8 @@
};
outputs =
- inputs@{ flake-parts, ... }:
- flake-parts.lib.mkFlake { inherit inputs; } {
+ inputs@{ self, flake-parts, ... }:
+ flake-parts.lib.mkFlake { inherit self inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
From 7b77e2ad72f1462a26208402a6e38ff083a0625a Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Wed, 12 Mar 2025 14:22:32 +0100
Subject: [PATCH 08/18] use imputs over self
---
flake.nix | 4 ++--
infra/flake-part.nix | 2 +-
infra/machines/fedi201/default.nix | 17 ++++++++++++-----
infra/machines/fedi201/fedipanel.nix | 6 +++---
4 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/flake.nix b/flake.nix
index 3f2b4a37..ca7259a5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,8 +12,8 @@
};
outputs =
- inputs@{ self, flake-parts, ... }:
- flake-parts.lib.mkFlake { inherit self inputs; } {
+ inputs@{ flake-parts, ... }:
+ flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
diff --git a/infra/flake-part.nix b/infra/flake-part.nix
index a154c5bb..f90bd2ff 100644
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@@ -21,7 +21,7 @@ let
makeResourceModule =
{ vmName, isTestVm }:
{
- _module.args = { inherit self inputs; };
+ _module.args = { inherit inputs; };
imports = [
./common/resource.nix
(if isTestVm then ./test-machines + "/${vmName}" else ./machines + "/${vmName}")
diff --git a/infra/machines/fedi201/default.nix b/infra/machines/fedi201/default.nix
index 2f8978d7..239c85c0 100644
--- a/infra/machines/fedi201/default.nix
+++ b/infra/machines/fedi201/default.nix
@@ -1,4 +1,10 @@
{
+ inputs,
+ config,
+ pkgs,
+ ...
+}@args:
+builtins.trace args {
fediversityVm = {
vmId = 201;
proxmox = "fediversity";
@@ -15,9 +21,10 @@
};
};
- nixos.module = {
- imports = [
- ./fedipanel.nix
- ];
- };
+ # nixos.module = {
+ # imports = [
+ # ./fedipanel.nix
+ # ];
+ # };
+ nixos.module = import ./fedipanel.nix { inherit inputs config pkgs; };
}
diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index 99e02a0e..2b341148 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -1,5 +1,5 @@
{
- self,
+ inputs,
config,
pkgs,
...
@@ -18,7 +18,7 @@ in
};
environment.systemPackages = [
- self
+ inputs
panel
];
@@ -44,7 +44,7 @@ in
};
};
systemd.services.${name}.env = {
- REPO_DIR = builtins.trace self self;
+ REPO_DIR = builtins.trace inputs inputs;
NIX_DIR = pkgs.nix;
};
}
From b0a869051112c0441f01a335f3d10b485b21594a Mon Sep 17 00:00:00 2001
From: lois <lois@procolix.eu>
Date: Wed, 12 Mar 2025 16:39:30 +0100
Subject: [PATCH 09/18] WIP: change env to environment
---
infra/flake-part.nix | 30 +++++++++++++++-------------
infra/machines/fedi201/default.nix | 5 +++--
infra/machines/fedi201/fedipanel.nix | 9 +++++----
3 files changed, 24 insertions(+), 20 deletions(-)
diff --git a/infra/flake-part.nix b/infra/flake-part.nix
index f90bd2ff..0636c692 100644
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@@ -141,20 +141,22 @@ in
## - Each normal machine gets a deployment.
## - We add a “default” deployment with all normal machines.
## - We add a “test” deployment with all test machines.
- nixops4Deployments = genAttrs machines makeDeployment' // {
- default = makeDeployment machines;
- test = makeTestDeployment (
- fromJSON (
- let
- env = builtins.getEnv "DEPLOYMENT";
- in
- if env != "" then
- env
- else
- builtins.trace "env var DEPLOYMENT not set, falling back to ./test-machines/configuration.json!" (readFile ./test-machines/configuration.json)
- )
- );
- };
+ nixops4Deployments =
+ builtins.trace (builtins.attrNames inputs) genAttrs machines makeDeployment'
+ // {
+ default = makeDeployment machines;
+ test = makeTestDeployment (
+ fromJSON (
+ let
+ env = builtins.getEnv "DEPLOYMENT";
+ in
+ if env != "" then
+ env
+ else
+ builtins.trace "env var DEPLOYMENT not set, falling back to ./test-machines/configuration.json!" (readFile ./test-machines/configuration.json)
+ )
+ );
+ };
flake.nixosConfigurations =
genAttrs machines (makeConfiguration false)
// genAttrs testMachines (makeConfiguration true);
diff --git a/infra/machines/fedi201/default.nix b/infra/machines/fedi201/default.nix
index 239c85c0..28397a84 100644
--- a/infra/machines/fedi201/default.nix
+++ b/infra/machines/fedi201/default.nix
@@ -3,8 +3,9 @@
config,
pkgs,
...
-}@args:
-builtins.trace args {
+}:
+# builtins.trace args.pkgs
+{
fediversityVm = {
vmId = 201;
proxmox = "fediversity";
diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index 2b341148..154bd6ea 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -1,13 +1,14 @@
{
inputs,
config,
- pkgs,
+ # pkgs,
...
}:
let
name = "panel";
panel = (import ../../../panel/default.nix { }).package;
in
+# builtins.trace args.pkgs
{
imports = [
../../../panel/nix/configuration.nix
@@ -43,8 +44,8 @@ in
STATIC_ROOT = "/var/lib/${name}/static";
};
};
- systemd.services.${name}.env = {
- REPO_DIR = builtins.trace inputs inputs;
- NIX_DIR = pkgs.nix;
+ systemd.services.${name}.environment = {
+ REPO_DIR = inputs;
+ # NIX_DIR = pkgs.nix;
};
}
From 29f841d1db945f1ac4c65eea2e9a38f30db6e2db Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Thu, 13 Mar 2025 13:29:23 +0100
Subject: [PATCH 10/18] pass flake path as inputs.self.outPath?
---
infra/flake-part.nix | 30 +++++++++++++---------------
infra/machines/fedi201/default.nix | 1 -
infra/machines/fedi201/fedipanel.nix | 8 ++++----
3 files changed, 18 insertions(+), 21 deletions(-)
diff --git a/infra/flake-part.nix b/infra/flake-part.nix
index 0636c692..f90bd2ff 100644
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@@ -141,22 +141,20 @@ in
## - Each normal machine gets a deployment.
## - We add a “default” deployment with all normal machines.
## - We add a “test” deployment with all test machines.
- nixops4Deployments =
- builtins.trace (builtins.attrNames inputs) genAttrs machines makeDeployment'
- // {
- default = makeDeployment machines;
- test = makeTestDeployment (
- fromJSON (
- let
- env = builtins.getEnv "DEPLOYMENT";
- in
- if env != "" then
- env
- else
- builtins.trace "env var DEPLOYMENT not set, falling back to ./test-machines/configuration.json!" (readFile ./test-machines/configuration.json)
- )
- );
- };
+ nixops4Deployments = genAttrs machines makeDeployment' // {
+ default = makeDeployment machines;
+ test = makeTestDeployment (
+ fromJSON (
+ let
+ env = builtins.getEnv "DEPLOYMENT";
+ in
+ if env != "" then
+ env
+ else
+ builtins.trace "env var DEPLOYMENT not set, falling back to ./test-machines/configuration.json!" (readFile ./test-machines/configuration.json)
+ )
+ );
+ };
flake.nixosConfigurations =
genAttrs machines (makeConfiguration false)
// genAttrs testMachines (makeConfiguration true);
diff --git a/infra/machines/fedi201/default.nix b/infra/machines/fedi201/default.nix
index 28397a84..9558de9e 100644
--- a/infra/machines/fedi201/default.nix
+++ b/infra/machines/fedi201/default.nix
@@ -4,7 +4,6 @@
pkgs,
...
}:
-# builtins.trace args.pkgs
{
fediversityVm = {
vmId = 201;
diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index 154bd6ea..64e42ca0 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -1,7 +1,7 @@
{
inputs,
config,
- # pkgs,
+ pkgs,
...
}:
let
@@ -19,7 +19,7 @@ in
};
environment.systemPackages = [
- inputs
+ inputs.self.outPath
panel
];
@@ -45,7 +45,7 @@ in
};
};
systemd.services.${name}.environment = {
- REPO_DIR = inputs;
- # NIX_DIR = pkgs.nix;
+ REPO_DIR = inputs.self.outPath;
+ NIX_DIR = pkgs.nix;
};
}
From fbd1f2f57685d5edfa483ae6733025b579bca0b8 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Thu, 13 Mar 2025 13:50:49 +0100
Subject: [PATCH 11/18] move from documenting to automating
configurable-impure-env
---
panel/README.md | 5 -----
panel/src/panel/views.py | 15 +++++++++++++--
2 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/panel/README.md b/panel/README.md
index cc01c82b..5dcab93c 100644
--- a/panel/README.md
+++ b/panel/README.md
@@ -4,11 +4,6 @@ The Fediversity Panel is a web service for managing Fediversity deployments with
## Development
-- In your [nix.conf](https://nix.dev/manual/nix/latest/command-ref/conf-file) (Nix) / `nix.settings` (NixOS),
-to your [`experimental-features`](https://nix.dev/manual/nix/latest/command-ref/conf-file#conf-experimental-features)
-add [`configurable-impure-env`](https://nix.dev/manual/nix/latest/development/experimental-features#xp-feature-configurable-impure-env).
-Note that this features is only available in Nix, not in Lix.
-
- To obtain all tools related to this project, enter the development environment with `nix-shell`.
If you want to do that automatically on entering this directory:
diff --git a/panel/src/panel/views.py b/panel/src/panel/views.py
index cf2e232b..4077ebbe 100644
--- a/panel/src/panel/views.py
+++ b/panel/src/panel/views.py
@@ -56,8 +56,19 @@ class ConfigurationForm(LoginRequiredMixin, FormView):
}
print(f"env: {env}")
print(f"Path: {os.getcwd()}/..")
- subprocess.run(["nix", "develop", "--command", "nixops4", "--show-trace",
- "--verbose", "apply", "test"], cwd=os.getenv("REPO_DIR") or f"{os.getcwd()}/..", env=env)
+ cmd = [
+ "nix",
+ "develop",
+ "--extra-experimental-features",
+ "configurable-impure-env",
+ "--command",
+ "nixops4",
+ "--show-trace",
+ "--verbose",
+ "apply",
+ "test",
+ ]
+ subprocess.run(cmd, cwd=os.getenv("REPO_DIR") or f"{os.getcwd()}/..", env=env)
return obj
# TODO(@fricklerhandwerk):
From 0bd65f1ed5b7be4092a608b72d62c8efd2a051d2 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Thu, 13 Mar 2025 16:30:37 +0100
Subject: [PATCH 12/18] add openssh to devshell, as seemingly needed to trigger
nixops4 by flake in django
---
flake.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/flake.nix b/flake.nix
index ca7259a5..e633ad9a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -61,6 +61,7 @@
(inputs'.nixops4.packages.default.overrideAttrs {
impureEnvVars = [ "DEPLOYMENT" ];
})
+ pkgs.openssh
pkgs.httpie
pkgs.jq
];
From 8fbe59af55e1f19c4e1a7b2cbba58024bd2d359f Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 17 Mar 2025 13:24:22 +0100
Subject: [PATCH 13/18] default form to .net as .eu subdomains are used for
live services
---
panel/src/panel/configuration/forms.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/panel/src/panel/configuration/forms.py b/panel/src/panel/configuration/forms.py
index 73216169..13bc6974 100644
--- a/panel/src/panel/configuration/forms.py
+++ b/panel/src/panel/configuration/forms.py
@@ -43,7 +43,7 @@ class Configuration(BaseModel):
NET = "fediversity.net"
domain: Domain = Field(
- default=Domain.EU,
+ default=Domain.NET,
description="DNS domain where to expose services"
)
From 6275e8b2dc1e7dd4091e9f2d1bb58a9f2acab09d Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 17 Mar 2025 13:50:55 +0100
Subject: [PATCH 14/18] pass in dummy initialUser to trigger orchestration from
the panel
---
panel/src/panel/views.py | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/panel/src/panel/views.py b/panel/src/panel/views.py
index 4077ebbe..a43ddff2 100644
--- a/panel/src/panel/views.py
+++ b/panel/src/panel/views.py
@@ -1,5 +1,6 @@
from enum import Enum
import os
+import json
from django.urls import reverse_lazy
import os
@@ -50,8 +51,17 @@ class ConfigurationForm(LoginRequiredMixin, FormView):
print("DEPLOYING:")
print(os.getenv("REPO_DIR"))
print(os.getenv("NIX_DIR"))
+ submission = obj.parsed_value.model_dump_json()
+ deployment = json.dumps(json.loads(submission) | {
+ "initialUser": {
+ "displayName": "Testy McTestface",
+ "username": "test",
+ "password": "testtest",
+ "email": "test@test.com",
+ },
+ })
env = {
- "DEPLOYMENT": obj.parsed_value.model_dump_json(),
+ "DEPLOYMENT": deployment,
"PATH": f"{os.getenv("NIX_DIR")}/bin/",
}
print(f"env: {env}")
From e3a7cdde96aa492979866135495e1f3d55ae8f7f Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 17 Mar 2025 14:10:25 +0100
Subject: [PATCH 15/18] comment fediversity.eu option as its subdomains named
after our services are used for production instances
https://git.fediversity.eu/Fediversity/Fediversity/src/commit/08d109cc826c2979af104af0919c75143bd79616/services/fediversity/sharedOptions.nix#L44
---
panel/src/panel/configuration/forms.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/panel/src/panel/configuration/forms.py b/panel/src/panel/configuration/forms.py
index 13bc6974..c4adb73b 100644
--- a/panel/src/panel/configuration/forms.py
+++ b/panel/src/panel/configuration/forms.py
@@ -39,7 +39,7 @@ class Configuration(BaseModel):
# XXX: hard-code available apex domains for now,
# they will be prefixed by the user name
class Domain(Enum):
- EU = "fediversity.eu"
+ # EU = "fediversity.eu"
NET = "fediversity.net"
domain: Domain = Field(
From 3e2c83435d447171cefc8f1539299775ec259c3e Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 17 Mar 2025 14:23:29 +0100
Subject: [PATCH 16/18] import the regular way, fixing `error: attribute 'age'
missing`
---
infra/machines/fedi201/default.nix | 17 +++++------------
1 file changed, 5 insertions(+), 12 deletions(-)
diff --git a/infra/machines/fedi201/default.nix b/infra/machines/fedi201/default.nix
index 9558de9e..2f8978d7 100644
--- a/infra/machines/fedi201/default.nix
+++ b/infra/machines/fedi201/default.nix
@@ -1,9 +1,3 @@
-{
- inputs,
- config,
- pkgs,
- ...
-}:
{
fediversityVm = {
vmId = 201;
@@ -21,10 +15,9 @@
};
};
- # nixos.module = {
- # imports = [
- # ./fedipanel.nix
- # ];
- # };
- nixos.module = import ./fedipanel.nix { inherit inputs config pkgs; };
+ nixos.module = {
+ imports = [
+ ./fedipanel.nix
+ ];
+ };
}
From 77cbc752a878bae3ea6884d3239d915044f4fb23 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Tue, 18 Mar 2025 11:38:24 +0100
Subject: [PATCH 17/18] remove inputs parameter from fedipanel.nix
makes `nixops4 apply` go thru, tho the service still fails on `No module
named 'django_pydantic_field'`
---
infra/machines/fedi201/fedipanel.nix | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index 64e42ca0..b64e926b 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -1,5 +1,5 @@
{
- inputs,
+ # inputs,
config,
pkgs,
...
@@ -19,7 +19,8 @@ in
};
environment.systemPackages = [
- inputs.self.outPath
+ # inputs.self.outPath
+ # ../../..
panel
];
@@ -45,7 +46,8 @@ in
};
};
systemd.services.${name}.environment = {
- REPO_DIR = inputs.self.outPath;
+ # REPO_DIR = inputs.self.outPath;
+ REPO_DIR = ../../..;
NIX_DIR = pkgs.nix;
};
}
From b409fd7719be8f538e167c8a4ee5d38784a0ebcf Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Tue, 18 Mar 2025 14:46:22 +0100
Subject: [PATCH 18/18] move STATIC_ROOT, solves error `ModuleNotFoundError` on
missing `django_pydantic_field`
---
infra/machines/fedi201/fedipanel.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index b64e926b..14a74a16 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -42,10 +42,10 @@ in
settings = {
DATABASE_URL = "sqlite:///var/lib/${name}/db.sqlite3";
CREDENTIALS_DIRECTORY = "/var/lib/${name}/.credentials";
- STATIC_ROOT = "/var/lib/${name}/static";
};
};
systemd.services.${name}.environment = {
+ STATIC_ROOT = "/var/lib/${name}/static";
# REPO_DIR = inputs.self.outPath;
REPO_DIR = ../../..;
NIX_DIR = pkgs.nix;