kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Generalise test deployment; get config from JSON

Browse source
This commit is contained in:
Nicolas Jeannerod 2025-02-25 18:16:35 +01:00
parent dfe1af608b
commit e27cc6e96a
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
4 changed files with 194 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

155
deployment/default.nix Normal file
View file

@ -0,0 +1,155 @@
## `makeMakeDeployment` -- Function to help hosting providers make a
## `makeDeployment` function.
##
## https://factoryfactoryfactory.net/
## Generic utilities used in this function, eg. nixpkgs, NixOps4 providers, etc.
## REVIEW: We should maybe be more specific than just `inputs`.
{
lib,
nixops4,
nixops4-nixos,
fediversity,
}:
## Information on the hosting provider's infrastructure. This is where we inform
## this function of where it can find eg. Proxmox.
{
## Four NixOS configuration resource modules for four services. Those are VMs
## that are already deployed and on which we will push our configurations.
##
## - Ultimately, we just want a pool of VMs, or even just a Proxmox.
## - Each machine is flagged for a certain use case until we control DNS.
garageResourceModule,
mastodonResourceModule,
peertubeResourceModule,
pixelfedResourceModule,
}:
## From the hosting provider's perspective, the function is meant to be
## partially applied only until here.
## Information on the specific deployment that we request. This is the
## information that will come from the FediPanel.
{
domain,
enableMastodon,
enablePeertube,
enablePixelfed,
}:
let
inherit (lib) mkMerge mkIf;
in
## Regular arguments of a NixOps4 deployment module.
{ providers, ... }:
{
providers = { inherit (nixops4.modules.nixops4Provider) local; };
resources =
let
## NOTE: All of these secrets are publicly available in this source file
## and will end up in the Nix store. We don't care as they are only ever
## used for testing anyway.
##
## FIXME: Generate and store in NixOps4's state.
mastodonS3KeyConfig =
{ pkgs, ... }:
{
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK3515373e4c851ebaad366558";
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
};
peertubeS3KeyConfig =
{ pkgs, ... }:
{
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK1f9feea9960f6f95ff404c9b";
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395";
};
pixelfedS3KeyConfig =
{ pkgs, ... }:
{
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GKb5615457d44214411e673b7b";
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
};
makeConfigurationResource = resourceModule: config: {
type = providers.local.exec;
imports = [
nixops4-nixos.modules.nixops4Resource.nixos
resourceModule
{ nixos.module = config; }
{ nixos.module = fediversity; }
];
};
in
mkMerge [
(mkIf (enableMastodon || enablePeertube || enablePixelfed) {
garage-config = makeConfigurationResource garageResourceModule (
{ pkgs, ... }:
{
fediversity = {
inherit domain;
garage.enable = true;
pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
mastodon = mastodonS3KeyConfig { inherit pkgs; };
peertube = peertubeS3KeyConfig { inherit pkgs; };
};
}
);
})
(mkIf enableMastodon {
mastodon-config = makeConfigurationResource mastodonResourceModule (
{ pkgs, ... }:
{
fediversity = {
inherit domain;
mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
enable = true;
};
temp.cores = 1; # FIXME: should come from NixOps4 eventually
};
}
);
})
(mkIf enablePeertube {
peertube-config = makeConfigurationResource peertubeResourceModule (
{ pkgs, ... }:
{
fediversity = {
inherit domain;
peertube = peertubeS3KeyConfig { inherit pkgs; } // {
enable = true;
## NOTE: Only ever used for testing anyway.
##
## FIXME: Generate and store in NixOps4's state.
secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
};
};
}
);
})
(mkIf enablePixelfed {
pixelfed-config = makeConfigurationResource pixelfedResourceModule (
{ pkgs, ... }:
{
fediversity = {
inherit domain;
pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
enable = true;
};
};
}
);
})
];
}

57
infra/flake-part.nix
View file

@ -6,12 +6,12 @@
}: }:
let let
inherit (builtins) readDir; inherit (builtins) readDir readFile fromJSON;
inherit (lib) inherit (lib)
attrNames attrNames
mkOption mkOption
evalModules evalModules
mapAttrs filterAttrs
; ;
inherit (lib.attrsets) genAttrs; inherit (lib.attrsets) genAttrs;
@ -53,23 +53,30 @@ let
## NixOS configuration module), make a deployment with those machines' ## NixOS configuration module), make a deployment with those machines'
## configurations as resources. ## configurations as resources.
makeTestDeployment = makeTestDeployment =
vmConfigs: (import ../deployment)
{ providers, ... }: {
{ inherit lib;
providers.local = inputs.nixops4.modules.nixops4Provider.local; inherit (inputs) nixops4 nixops4-nixos;
resources = mapAttrs (vmName: vmConfig: { inherit (self.nixosModules) fediversity;
type = providers.local.exec; }
imports = [ {
inputs.nixops4-nixos.modules.nixops4Resource.nixos garageResourceModule = makeResourceModule {
(makeResourceModule { vmName = "test01";
inherit vmName; isTestVm = true;
isTestVm = false; };
}) mastodonResourceModule = makeResourceModule {
{ nixos.module = vmConfig; } vmName = "test02";
{ nixos.module = self.nixosModules.fediversity; } isTestVm = true;
]; };
}) vmConfigs; peertubeResourceModule = makeResourceModule {
}; vmName = "test03";
isTestVm = true;
};
pixelfedResourceModule = makeResourceModule {
vmName = "test04";
isTestVm = true;
};
};
nixops4ResourceNixosMockOptions = { nixops4ResourceNixosMockOptions = {
## NOTE: We allow the use of a few options from ## NOTE: We allow the use of a few options from
@ -116,8 +123,10 @@ let
; ;
}; };
machines = attrNames (readDir ./machines); listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path));
testMachineConfigurations = import ./test-machines/configuration.nix;
machines = listSubdirectories ./machines;
testMachines = listSubdirectories ./test-machines;
in in
{ {
@ -130,12 +139,12 @@ in
## - We add a “test” deployment with all test machines. ## - We add a “test” deployment with all test machines.
nixops4Deployments = genAttrs machines makeDeployment' // { nixops4Deployments = genAttrs machines makeDeployment' // {
default = makeDeployment machines; default = makeDeployment machines;
test = makeTestDeployment testMachineConfigurations; test = makeTestDeployment (fromJSON (readFile ./test-machines/configuration.json));
}; };
flake.nixosConfigurations = flake.nixosConfigurations =
genAttrs machines (makeConfiguration false) genAttrs machines (makeConfiguration false)
// genAttrs (attrNames testMachineConfigurations) (makeConfiguration true); // genAttrs testMachines (makeConfiguration true);
flake.vmOptions = flake.vmOptions =
genAttrs machines (makeVmOptions false) genAttrs machines (makeVmOptions false)
// genAttrs (attrNames testMachineConfigurations) (makeVmOptions true); // genAttrs testMachines (makeVmOptions true);
} }

6
infra/test-machines/configuration.json Normal file
View file

@ -0,0 +1,6 @@
{
"domain": "abundos.eu",
"enableMastodon": false,
"enablePeertube": false,
"enablePixelfed": false
}

74
infra/test-machines/configuration.nix
View file

@ -1,74 +0,0 @@
let
## NOTE: All of these secrets are publicly available in this source file
## and will end up in the Nix store. We don't care as they are only ever
## used for testing anyway.
mastodonS3KeyConfig =
{ pkgs, ... }:
{
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK3515373e4c851ebaad366558";
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
};
peertubeS3KeyConfig =
{ pkgs, ... }:
{
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK1f9feea9960f6f95ff404c9b";
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395";
};
pixelfedS3KeyConfig =
{ pkgs, ... }:
{
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GKb5615457d44214411e673b7b";
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
};
in
{
test01 =
{ pkgs, ... }:
{
fediversity = {
domain = "abundos.eu";
garage.enable = true;
pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
mastodon = mastodonS3KeyConfig { inherit pkgs; };
peertube = peertubeS3KeyConfig { inherit pkgs; };
};
};
test02 =
{ pkgs, ... }:
{
fediversity = {
domain = "abundos.eu";
mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
enable = true;
};
temp.cores = 1; # FIXME: should come from NixOps4 eventually
};
};
test03 =
{ pkgs, ... }:
{
fediversity = {
domain = "abundos.eu";
peertube = peertubeS3KeyConfig { inherit pkgs; } // {
enable = true;
## NOTE: Only ever used for testing anyway.
secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
};
};
};
test04 =
{ pkgs, ... }:
{
fediversity = {
domain = "abundos.eu";
pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
enable = true;
};
};
};
}