diff --git a/deployment/default.nix b/deployment/default.nix
new file mode 100644
index 00000000..c98d5675
--- /dev/null
+++ b/deployment/default.nix
@@ -0,0 +1,155 @@
+## `makeMakeDeployment` -- Function to help hosting providers make a
+## `makeDeployment` function.
+##
+## https://factoryfactoryfactory.net/
+
+## Generic utilities used in this function, eg. nixpkgs, NixOps4 providers, etc.
+## REVIEW: We should maybe be more specific than just `inputs`.
+{
+ lib,
+ nixops4,
+ nixops4-nixos,
+ fediversity,
+}:
+
+## Information on the hosting provider's infrastructure. This is where we inform
+## this function of where it can find eg. Proxmox.
+{
+ ## Four NixOS configuration resource modules for four services. Those are VMs
+ ## that are already deployed and on which we will push our configurations.
+ ##
+ ## - Ultimately, we just want a pool of VMs, or even just a Proxmox.
+ ## - Each machine is flagged for a certain use case until we control DNS.
+ garageResourceModule,
+ mastodonResourceModule,
+ peertubeResourceModule,
+ pixelfedResourceModule,
+}:
+
+## From the hosting provider's perspective, the function is meant to be
+## partially applied only until here.
+
+## Information on the specific deployment that we request. This is the
+## information that will come from the FediPanel.
+{
+ domain,
+ enableMastodon,
+ enablePeertube,
+ enablePixelfed,
+}:
+
+let
+ inherit (lib) mkMerge mkIf;
+
+in
+
+## Regular arguments of a NixOps4 deployment module.
+{ providers, ... }:
+
+{
+ providers = { inherit (nixops4.modules.nixops4Provider) local; };
+
+ resources =
+ let
+ ## NOTE: All of these secrets are publicly available in this source file
+ ## and will end up in the Nix store. We don't care as they are only ever
+ ## used for testing anyway.
+ ##
+ ## FIXME: Generate and store in NixOps4's state.
+ mastodonS3KeyConfig =
+ { pkgs, ... }:
+ {
+ s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK3515373e4c851ebaad366558";
+ s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
+ };
+ peertubeS3KeyConfig =
+ { pkgs, ... }:
+ {
+ s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK1f9feea9960f6f95ff404c9b";
+ s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395";
+ };
+ pixelfedS3KeyConfig =
+ { pkgs, ... }:
+ {
+ s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GKb5615457d44214411e673b7b";
+ s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
+ };
+
+ makeConfigurationResource = resourceModule: config: {
+ type = providers.local.exec;
+ imports = [
+ nixops4-nixos.modules.nixops4Resource.nixos
+ resourceModule
+ { nixos.module = config; }
+ { nixos.module = fediversity; }
+ ];
+ };
+
+ in
+
+ mkMerge [
+
+ (mkIf (enableMastodon || enablePeertube || enablePixelfed) {
+ garage-config = makeConfigurationResource garageResourceModule (
+ { pkgs, ... }:
+ {
+ fediversity = {
+ inherit domain;
+ garage.enable = true;
+ pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
+ mastodon = mastodonS3KeyConfig { inherit pkgs; };
+ peertube = peertubeS3KeyConfig { inherit pkgs; };
+ };
+ }
+ );
+ })
+
+ (mkIf enableMastodon {
+ mastodon-config = makeConfigurationResource mastodonResourceModule (
+ { pkgs, ... }:
+ {
+ fediversity = {
+ inherit domain;
+ mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
+ enable = true;
+ };
+
+ temp.cores = 1; # FIXME: should come from NixOps4 eventually
+ };
+ }
+ );
+ })
+
+ (mkIf enablePeertube {
+ peertube-config = makeConfigurationResource peertubeResourceModule (
+ { pkgs, ... }:
+ {
+ fediversity = {
+ inherit domain;
+ peertube = peertubeS3KeyConfig { inherit pkgs; } // {
+ enable = true;
+ ## NOTE: Only ever used for testing anyway.
+ ##
+ ## FIXME: Generate and store in NixOps4's state.
+ secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
+ };
+ };
+ }
+ );
+ })
+
+ (mkIf enablePixelfed {
+ pixelfed-config = makeConfigurationResource pixelfedResourceModule (
+ { pkgs, ... }:
+ {
+ fediversity = {
+ inherit domain;
+ pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
+ enable = true;
+ };
+ };
+ }
+ );
+ })
+ ];
+}
diff --git a/infra/flake-part.nix b/infra/flake-part.nix
index 64c4aa32..969cb7d5 100644
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@@ -6,12 +6,12 @@
}:
let
- inherit (builtins) readDir;
+ inherit (builtins) readDir readFile fromJSON;
inherit (lib)
attrNames
mkOption
evalModules
- mapAttrs
+ filterAttrs
;
inherit (lib.attrsets) genAttrs;
@@ -53,23 +53,30 @@ let
## NixOS configuration module), make a deployment with those machines'
## configurations as resources.
makeTestDeployment =
- vmConfigs:
- { providers, ... }:
- {
- providers.local = inputs.nixops4.modules.nixops4Provider.local;
- resources = mapAttrs (vmName: vmConfig: {
- type = providers.local.exec;
- imports = [
- inputs.nixops4-nixos.modules.nixops4Resource.nixos
- (makeResourceModule {
- inherit vmName;
- isTestVm = false;
- })
- { nixos.module = vmConfig; }
- { nixos.module = self.nixosModules.fediversity; }
- ];
- }) vmConfigs;
- };
+ (import ../deployment)
+ {
+ inherit lib;
+ inherit (inputs) nixops4 nixops4-nixos;
+ inherit (self.nixosModules) fediversity;
+ }
+ {
+ garageResourceModule = makeResourceModule {
+ vmName = "test01";
+ isTestVm = true;
+ };
+ mastodonResourceModule = makeResourceModule {
+ vmName = "test02";
+ isTestVm = true;
+ };
+ peertubeResourceModule = makeResourceModule {
+ vmName = "test03";
+ isTestVm = true;
+ };
+ pixelfedResourceModule = makeResourceModule {
+ vmName = "test04";
+ isTestVm = true;
+ };
+ };
nixops4ResourceNixosMockOptions = {
## NOTE: We allow the use of a few options from
@@ -116,8 +123,10 @@ let
;
};
- machines = attrNames (readDir ./machines);
- testMachineConfigurations = import ./test-machines/configuration.nix;
+ listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path));
+
+ machines = listSubdirectories ./machines;
+ testMachines = listSubdirectories ./test-machines;
in
{
@@ -130,12 +139,12 @@ in
## - We add a “test” deployment with all test machines.
nixops4Deployments = genAttrs machines makeDeployment' // {
default = makeDeployment machines;
- test = makeTestDeployment testMachineConfigurations;
+ test = makeTestDeployment (fromJSON (readFile ./test-machines/configuration.json));
};
flake.nixosConfigurations =
genAttrs machines (makeConfiguration false)
- // genAttrs (attrNames testMachineConfigurations) (makeConfiguration true);
+ // genAttrs testMachines (makeConfiguration true);
flake.vmOptions =
genAttrs machines (makeVmOptions false)
- // genAttrs (attrNames testMachineConfigurations) (makeVmOptions true);
+ // genAttrs testMachines (makeVmOptions true);
}
diff --git a/infra/test-machines/configuration.json b/infra/test-machines/configuration.json
new file mode 100644
index 00000000..3b2cc6dd
--- /dev/null
+++ b/infra/test-machines/configuration.json
@@ -0,0 +1,6 @@
+{
+ "domain": "abundos.eu",
+ "enableMastodon": false,
+ "enablePeertube": false,
+ "enablePixelfed": false
+}
diff --git a/infra/test-machines/configuration.nix b/infra/test-machines/configuration.nix
deleted file mode 100644
index e1a52b5a..00000000
--- a/infra/test-machines/configuration.nix
+++ /dev/null
@@ -1,74 +0,0 @@
-let
- ## NOTE: All of these secrets are publicly available in this source file
- ## and will end up in the Nix store. We don't care as they are only ever
- ## used for testing anyway.
- mastodonS3KeyConfig =
- { pkgs, ... }:
- {
- s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK3515373e4c851ebaad366558";
- s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
- };
- peertubeS3KeyConfig =
- { pkgs, ... }:
- {
- s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK1f9feea9960f6f95ff404c9b";
- s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395";
- };
- pixelfedS3KeyConfig =
- { pkgs, ... }:
- {
- s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GKb5615457d44214411e673b7b";
- s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
- };
-
-in
-{
- test01 =
- { pkgs, ... }:
- {
- fediversity = {
- domain = "abundos.eu";
- garage.enable = true;
- pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
- mastodon = mastodonS3KeyConfig { inherit pkgs; };
- peertube = peertubeS3KeyConfig { inherit pkgs; };
- };
- };
-
- test02 =
- { pkgs, ... }:
- {
- fediversity = {
- domain = "abundos.eu";
- mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
- enable = true;
- };
-
- temp.cores = 1; # FIXME: should come from NixOps4 eventually
- };
- };
-
- test03 =
- { pkgs, ... }:
- {
- fediversity = {
- domain = "abundos.eu";
- peertube = peertubeS3KeyConfig { inherit pkgs; } // {
- enable = true;
- ## NOTE: Only ever used for testing anyway.
- secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
- };
- };
- };
-
- test04 =
- { pkgs, ... }:
- {
- fediversity = {
- domain = "abundos.eu";
- pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
- enable = true;
- };
- };
- };
-}