automated deployment to proxmox (in nix run) of vm booting to login

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>
2025-09-24 14:19:48 +02:00 · 2025-09-24 14:19:48 +02:00 · bf317c600a
commit bf317c600a
parent bd631227e7
11 changed files with 237 additions and 257 deletions
--- a/deployment/check/common/data-model.nix
+++ b/deployment/check/common/data-model.nix
@ -126,6 +126,8 @@ let
                  ../common/sharedOptions.nix
                  # tests need this, however outside tests this (and esp its import nixos-test-base) must not be used
                  ../common/targetNode.nix
+                  "${nixpkgs}/nixos/modules/profiles/minimal.nix"
+                  "${nixpkgs}/nixos/modules/profiles/perlless.nix"
                  "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
                  ../../../infra/common/nixos/repart.nix
                  # disko needed in makeInstallerIso.nix
--- a/deployment/check/common/deployerNode.nix
+++ b/deployment/check/common/deployerNode.nix
@ -76,6 +76,7 @@ in
          machine =
            (pkgs.nixos [
              ./targetNode.nix
+              ../../../infra/common/nixos/repart.nix
              config.system.extraDependenciesFromModule
              {
                nixpkgs.hostPlatform = "x86_64-linux";
--- a/deployment/check/data-model-bash-proxmox/default.nix
+++ b/deployment/check/data-model-bash-proxmox/default.nix
@ -1,5 +1,4 @@
 {
-  runNixOSTest,
  inputs,
  sources,
  system,
@ -25,7 +24,7 @@ let
      ;
  };
 in
-runNixOSTest {
+pkgs.testers.runNixOSTest {
  node.specialArgs = {
    inherit
      sources
--- a/deployment/check/data-model-bash-proxmox/nixosTest.nix
+++ b/deployment/check/data-model-bash-proxmox/nixosTest.nix
@ -62,13 +62,13 @@ in
            sockets = 1;
            kvm = true;
            scsi = [ { file = "local:16"; } ];
-            cdrom = "local:iso/minimal.iso";
+            # cdrom = "local:iso/minimal.iso";
          };
        };
      };
      virtualisation = {
        additionalPaths = [ minimalIso ];
-        diskSize = 2*1024;
+        diskSize = 2 * 1024;
        memorySize = 2048;
      };
    };
--- a/deployment/check/data-model-tf-proxmox/default.nix
+++ b/deployment/check/data-model-tf-proxmox/default.nix
@ -1,5 +1,4 @@
 {
-  runNixOSTest,
  inputs,
  sources,
  system,
@ -22,10 +21,11 @@ let
      })
      proxmox-ve
      pve-ha-manager
+      pve-qemu
      ;
  };
 in
-runNixOSTest {
+pkgs.testers.runNixOSTest {
  node.specialArgs = {
    inherit
      sources
--- a/deployment/check/data-model-tf-proxmox/nixosTest.nix
+++ b/deployment/check/data-model-tf-proxmox/nixosTest.nix
@ -28,35 +28,6 @@ let
    url = "https://releases.nixos.org/nixos/24.05/nixos-24.05.7139.bcba2fbf6963/nixos-minimal-24.05.7139.bcba2fbf6963-x86_64-linux.iso";
    hash = "sha256-plre/mIHdIgU4xWU+9xErP+L4i460ZbcKq8iy2n4HT8=";
  };
-  proxmox = {
-    formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/proxmox.nix";
-    formatAttr = "VMA";
-    fileExtension = ".vma.zst";
-  };
-  format = proxmox;
-  # qcow = {
-  #   formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/qcow.nix";
-  #   formatAttr = "qcow";
-  #   fileExtension = ".qcow2";
-  # };
-  # format = qcow;
-  # qcow-efi = {
-  #   formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/qcow-efi.nix";
-  #   formatAttr = "qcow-efi";
-  #   fileExtension = ".qcow2";
-  # };
-  # format = qcow-efi;
-  inherit (format) formatConfig; # formatAttr fileExtension
-  # TODO parameterize things to let this flow into the terraform
-  # btw qcow can be made by nixos-generators (qcow, qcow-efi) or by `image.repart`
-  # wait, so i generate an image for the nixos config from the data model? how would i then propagate that to deploy?
-  gen = import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" {
-    inherit system formatConfig;
-    inherit (sources) nixpkgs;
-    # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/proxmox.nix";
-    configuration = deployment.nixos-configuration;
-  };
-  machine = gen.config;
 in
 {
  _class = "nixosTest";
@ -90,7 +61,7 @@ in
            sockets = 1;
            kvm = true;
            scsi = [ { file = "local:16"; } ];
-            cdrom = "local:iso/minimal.iso";
+            # cdrom = "local:iso/minimal.iso";
          };
        };
      };
@ -123,37 +94,37 @@ in
      system.extraDependencies =
        # (lib.lists.map lib.traceVal)
        (
-          (lib.lists.concatMap (
-            pkg:
-            (
-              if
-                pkg ? inputDerivation
-                # error: output '/nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2' is not allowed to refer to the following paths:
-                #          /nix/store/2xdmps65ryklmbf025bm4pxv16gb8ajv-sudo-1.9.16p2.tar.gz
-                #          /nix/store/58br4vk3q5akf4g8lx0pqzfhn47k3j8d-bash-5.2p37
-                #          /nix/store/8v6k283dpbc0qkdq81nb6mrxrgcb10i1-gcc-wrapper-14-20241116
-                #          /nix/store/9r1nl9ksiyszy4qzzg6y2gcdkca0xmhy-stdenv-linux
-                #          /nix/store/a4rmp6in7igbl1wbz9pli5nq0wiclq0y-groff-1.23.0
-                #          /nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2
-                #          /nix/store/f5y58qz2fzpzgkhp0nizixi10x04ppyy-linux-pam-1.6.1
-                #          /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
-                #          /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh
-                #          /nix/store/yh6qg1nsi5h2xblcr67030pz58fsaxx3-coreutils-9.6
-                && !(lib.strings.hasInfix "sudo" (lib.traceVal (builtins.toString pkg)))
-              then
-                lib.trace "yes" [
-                  # lib.traceVal pkg.inputDerivation # not of type `path in the Nix store'
-                  (
-                    (
-                      x: builtins.trace "${builtins.toString pkg}: ${builtins.toString (lib.isPath x.inputDerivation)}" x
-                    )
-                    pkg
-                  ).inputDerivation
-                ]
-              else
-                lib.trace "no" [ ]
-            )
-          ) machine.environment.systemPackages)
+          # (lib.lists.concatMap (
+          #   pkg:
+          #   (
+          #     if
+          #       pkg ? inputDerivation
+          #       # error: output '/nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2' is not allowed to refer to the following paths:
+          #       #          /nix/store/2xdmps65ryklmbf025bm4pxv16gb8ajv-sudo-1.9.16p2.tar.gz
+          #       #          /nix/store/58br4vk3q5akf4g8lx0pqzfhn47k3j8d-bash-5.2p37
+          #       #          /nix/store/8v6k283dpbc0qkdq81nb6mrxrgcb10i1-gcc-wrapper-14-20241116
+          #       #          /nix/store/9r1nl9ksiyszy4qzzg6y2gcdkca0xmhy-stdenv-linux
+          #       #          /nix/store/a4rmp6in7igbl1wbz9pli5nq0wiclq0y-groff-1.23.0
+          #       #          /nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2
+          #       #          /nix/store/f5y58qz2fzpzgkhp0nizixi10x04ppyy-linux-pam-1.6.1
+          #       #          /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
+          #       #          /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh
+          #       #          /nix/store/yh6qg1nsi5h2xblcr67030pz58fsaxx3-coreutils-9.6
+          #       && !(lib.strings.hasInfix "sudo" (lib.traceVal (builtins.toString pkg)))
+          #     then
+          #       lib.trace "yes" [
+          #         # lib.traceVal pkg.inputDerivation # not of type `path in the Nix store'
+          #         (
+          #           (
+          #             x: builtins.trace "${builtins.toString pkg}: ${builtins.toString (lib.isPath x.inputDerivation)}" x
+          #           )
+          #           pkg
+          #         ).inputDerivation
+          #       ]
+          #     else
+          #       lib.trace "no" [ ]
+          #   )
+          # ) machine.environment.systemPackages)
          # ++ (let
          #   base =
          #     (import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" {
@ -174,20 +145,27 @@ in
          #   base.system.build.bootStage1.inputDerivation
          #   base.system.build.bootStage2.inputDerivation
          # ])
-          ++ [
+          # ++
+          [
            # )
            # (
            #   (x: builtins.trace "machine.system.build.vm.inputDerivation: ${builtins.toString (lib.isPath x)}" x)
-            machine.system.build.toplevel.inputDerivation
-            machine.system.build.etc.inputDerivation
-            machine.system.build.etcBasedir.inputDerivation
-            machine.system.build.etcMetadataImage.inputDerivation
-            machine.system.build.extraUtils.inputDerivation
-            machine.system.path.inputDerivation
-            machine.system.build.setEnvironment.inputDerivation
-            machine.system.build.vm.inputDerivation
-            machine.system.build.bootStage1.inputDerivation
-            machine.system.build.bootStage2.inputDerivation
+            # machine.system.build.toplevel.inputDerivation
+            # machine.system.build.etc.inputDerivation
+            # machine.system.build.etcBasedir.inputDerivation
+            # machine.system.build.etcMetadataImage.inputDerivation
+            # machine.system.build.extraUtils.inputDerivation
+            # machine.system.path.inputDerivation
+            # machine.system.build.setEnvironment.inputDerivation
+            # machine.system.build.vm.inputDerivation
+            # machine.system.build.bootStage1.inputDerivation
+            # machine.system.build.bootStage2.inputDerivation
+            pkgs.ubootQemuX86
+            pkgs.ubootQemuX86.inputDerivation
+            pkgs.pve-qemu
+            pkgs.pve-qemu.inputDerivation
+            # (pkgs.callPackage "${sources.proxmox-nixos}/pkgs/pve-qemu" { })
+            # (pkgs.callPackage "${sources.proxmox-nixos}/pkgs/pve-qemu" { }).inputDerivation
            pkgs.gnu-config
            # pkgs.gnu-config.inputDerivation
            pkgs.byacc
@ -197,54 +175,54 @@ in
            sources.nixpkgs
            pkgs.vte

-            (
-              ## We build a whole NixOS system that contains the module
-              ## `system.extraDependenciesFromModule`, only to grab its
-              ## configuration and the store paths needed to build it and
-              ## dump them in `system.extraDependencies`.
-              # see: https://git.fediversity.eu/Fediversity/Fediversity/pulls/338/files
+            # (
+            #   ## We build a whole NixOS system that contains the module
+            #   ## `system.extraDependenciesFromModule`, only to grab its
+            #   ## configuration and the store paths needed to build it and
+            #   ## dump them in `system.extraDependencies`.
+            #   # see: https://git.fediversity.eu/Fediversity/Fediversity/pulls/338/files

-              pkgs.closureInfo {
-                rootPaths = map (drv: drv.drvPath) (
-                  [
-                    machine.system.build.toplevel.inputDerivation
-                    machine.system.build.etc.inputDerivation
-                    machine.system.build.etcBasedir.inputDerivation
-                    machine.system.build.etcMetadataImage.inputDerivation
-                    machine.system.build.extraUtils.inputDerivation
-                    machine.system.path.inputDerivation
-                    machine.system.build.setEnvironment.inputDerivation
-                    machine.system.build.vm.inputDerivation
-                    machine.system.build.bootStage1.inputDerivation
-                    machine.system.build.bootStage2.inputDerivation
-                  ]
-                  ++ lib.concatMap (x: if x ? source.inputDerivation then [ x.source.inputDerivation ] else [ ]) (
-                    lib.attrValues machine.environment.etc
-                  )
-                  ++ machine.environment.systemPackages
-                );
-              }
-            )
+            #   pkgs.closureInfo {
+            #     rootPaths = map (drv: drv.drvPath) (
+            #       [
+            #         machine.system.build.toplevel.inputDerivation
+            #         machine.system.build.etc.inputDerivation
+            #         machine.system.build.etcBasedir.inputDerivation
+            #         machine.system.build.etcMetadataImage.inputDerivation
+            #         machine.system.build.extraUtils.inputDerivation
+            #         machine.system.path.inputDerivation
+            #         machine.system.build.setEnvironment.inputDerivation
+            #         machine.system.build.vm.inputDerivation
+            #         machine.system.build.bootStage1.inputDerivation
+            #         machine.system.build.bootStage2.inputDerivation
+            #       ]
+            #       ++ lib.concatMap (x: if x ? source.inputDerivation then [ x.source.inputDerivation ] else [ ]) (
+            #         lib.attrValues machine.environment.etc
+            #       )
+            #       ++ machine.environment.systemPackages
+            #     );
+            #   }
+            # )

          ]
-          ++ lib.concatLists (
-            lib.mapAttrsToList (
-              _k: v:
-              if v ? source.inputDerivation then
-                [
-                  # v.source.inputDerivation
-                  (
-                    (
-                      x:
-                      builtins.trace "${builtins.toString (lib.attrNames v)}: ${builtins.toString (lib.isPath x.source.inputDerivation)}" x
-                    )
-                    v
-                  ).source.inputDerivation
-                ]
-              else
-                [ ]
-            ) machine.environment.etc
-          )
+          # ++ lib.concatLists (
+          #   lib.mapAttrsToList (
+          #     _k: v:
+          #     if v ? source.inputDerivation then
+          #       [
+          #         # v.source.inputDerivation
+          #         (
+          #           (
+          #             x:
+          #             builtins.trace "${builtins.toString (lib.attrNames v)}: ${builtins.toString (lib.isPath x.source.inputDerivation)}" x
+          #           )
+          #           v
+          #         ).source.inputDerivation
+          #       ]
+          #     else
+          #       [ ]
+          #   ) machine.environment.etc
+          # )
        );
    };

--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@ -485,7 +485,7 @@ let
                vm-names = [ "test14" ];
                vm_name = "test14";
              in
-              pkgs.writers.writeBashBin "deploy-tf-proxmox.sh"
+              lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox.sh"
                (withPackages [
                  pkgs.jq
                  pkgs.qemu
@ -493,8 +493,6 @@ let
                  pkgs.httpie
                  (pkgs.callPackage ./run/tf-proxmox/tf.nix { inherit sources; })
                ])
-                lib.trace
-                (lib.strings.toJSON environment)
                ''
                  set -xe

--- a/deployment/flake-part.nix
+++ b/deployment/flake-part.nix
@ -43,12 +43,10 @@
        };

        deployment-model-bash-proxmox = import ./check/data-model-bash-proxmox {
-          inherit (pkgs.testers) runNixOSTest;
          inherit inputs sources system;
        };

        deployment-model-tf-proxmox = import ./check/data-model-tf-proxmox {
-          inherit (pkgs.testers) runNixOSTest;
          inherit inputs sources system;
        };
      };
--- a/deployment/run/tf-proxmox/main.tf
+++ b/deployment/run/tf-proxmox/main.tf
@ -17,6 +17,9 @@ locals {
 provider "proxmox" {
  endpoint = "https://${var.host}:8006/"
  insecure = true
+  # timeouts {
+  #   create = "60m"
+  # }

  ssh {
    agent = true
@ -77,8 +80,8 @@ resource "proxmox_virtual_environment_file" "upload" {
  # datastore_id = "backup"
  node_name    = var.node_name
  overwrite = true
-  # timeout_upload = 3600
-  timeout_upload = 1
+  timeout_upload = 3600
+  # timeout_upload = 1

  source_file {
    # path = "/tmp/proxmox-image/${local.dump_name}"
--- a/deployment/run/tf-proxmox/run.sh
+++ b/deployment/run/tf-proxmox/run.sh
@ -3,6 +3,7 @@ set -xeuo pipefail
 declare tf_env

 export TF_LOG=info
+# # on upload explodes RAM use + logs file content, causing timeout
 # export TF_LOG=debug

 cd "${tf_env}/deployment/run/tf-proxmox"
--- a/npins/sources.json
+++ b/npins/sources.json
@ -189,9 +189,9 @@
      },
      "branch": "main",
      "submodules": false,
-      "revision": "48f39fbe2e8f90f9ac160dd4b6929f3ac06d8223",
-      "url": "https://github.com/SaumonNet/proxmox-nixos/archive/48f39fbe2e8f90f9ac160dd4b6929f3ac06d8223.tar.gz",
-      "hash": "0606qcs8x1jwckd1ivf52rqdmi3lkn66iiqh6ghd4kqx0g2bw3nv"
+      "revision": "ce8768f43b4374287cd8b88d8fa9c0061e749d9a",
+      "url": "https://github.com/SaumonNet/proxmox-nixos/archive/ce8768f43b4374287cd8b88d8fa9c0061e749d9a.tar.gz",
+      "hash": "116zplxh64wxbq81wsfkmmssjs1l228kvhxfi9d434xd54k6vr35"
    },
    "terraform-provider-proxmox": {
      "type": "Git",