From ca77181bae988ba689b357ca464945eb4eb86beb Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Thu, 14 Aug 2025 10:44:36 +0200 Subject: [PATCH] wip: use ssh in test --- deployment/check/data-model/nixosTest.nix | 83 ++++++++++++++++++++++- deployment/nixos.nix | 14 ++++ 2 files changed, 94 insertions(+), 3 deletions(-) create mode 100644 deployment/nixos.nix diff --git a/deployment/check/data-model/nixosTest.nix b/deployment/check/data-model/nixosTest.nix index b07b376f..beaa9c20 100644 --- a/deployment/check/data-model/nixosTest.nix +++ b/deployment/check/data-model/nixosTest.nix @@ -1,8 +1,12 @@ { lib, + config, + sources, ... }: - +let + inherit (import ./constants.nix) targetMachines pathToRoot; +in { _class = "nixosTest"; @@ -19,6 +23,10 @@ { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + jq + ]; + # FIXME: sad times system.extraDependencies = with pkgs; [ jq @@ -40,8 +48,77 @@ hello.fail("hello 1>&2") cowsay.fail("cowsay 1>&2") - with subtest("Run the deployment"): - deployer.succeed("nixops4 apply check-deployment-basic --show-trace --no-interactive 1>&2") + ${lib.concatStringsSep "\n" ( + lib.lists.map (nodeName: '' + with subtest("Run the deployment for ${nodeName}"): + deployer.succeed(""" + set -euo pipefail + + # INSTANTIATE + command=( + nix-instantiate + --expr + + ' + let + system = builtins.currentSystem; + configuration = { pkgs, config, ... }: { + imports = [ + ${pathToRoot}/deployment/check/common/sharedOptions.nix + ${pathToRoot}/deployment/check/common/targetNode.nix + ]; + + _module.args = builtins.fromJSON "${ + lib.replaceStrings [ "\"" ] [ "\\\\\"" ] ( + lib.strings.toJSON { + inherit sources; + } + ) + }"; + enableAcme = ${lib.strings.toJSON config.enableAcme}; + acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null; + + # environment.systemPackages = [ pkgs.hello ]; + }; + os = import "${sources.nixpkgs}/nixos" { inherit system configuration; }; + in + # import "${pathToRoot}/deployment/nixos.nix" {} + { + substituters = builtins.concatStringsSep " " os.config.nix.settings.substituters; + trusted_public_keys = builtins.concatStringsSep " " os.config.nix.settings.trusted-public-keys; + drv_path = os.config.system.build.toplevel.drvPath; + out_path = os.config.system.build.toplevel; + } + ' + ) + # instantiate the config in /nix/store + "''${command[@]}" -A out_path + # get the other info + json="$("''${command[@]}" --eval --strict --json)" + + # DEPLOY + declare substituters trusted_public_keys drv_path + # set our variables using the json object + eval "export $(echo $json | jq -r 'to_entries | map("\(.key)=\(.value)") | @sh')" + host="root@${nodeName}" + buildArgs=( + --option extra-binary-caches https://cache.nixos.org/ + --option substituters $substituters + --option trusted-public-keys $trusted_public_keys + ) + sshOpts=( + -o BatchMode=yes + -o StrictHostKeyChecking=no + ) + # get the realized derivation to deploy + outPath=$(nix-store --realize "$drv_path" "''${buildArgs[@]}") + # deploy the config by nix-copy-closure + NIX_SSHOPTS="''${sshOpts[*]}" nix-copy-closure --to "$host" "$outPath" --gzip --use-substitutes + # switch the remote host to the config + ssh "''${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; $outPath/bin/switch-to-configuration switch" + """) + '') targetMachines + )} with subtest("Check the deployment"): hello.succeed("hello 1>&2") diff --git a/deployment/nixos.nix b/deployment/nixos.nix new file mode 100644 index 00000000..f2f0d019 --- /dev/null +++ b/deployment/nixos.nix @@ -0,0 +1,14 @@ +{ + configuration, + system ? builtins.currentSystem, +}: +let + sources = import ../npins; + os = import "${sources.nixpkgs}/nixos" { inherit system configuration; }; +in +{ + substituters = builtins.concatStringsSep " " os.config.nix.settings.substituters; + trusted_public_keys = builtins.concatStringsSep " " os.config.nix.settings.trusted-public-keys; + drv_path = os.config.system.build.toplevel.drvPath; + out_path = os.config.system.build.toplevel; +}