WIP: unify versioning - not sure how to port nixops4 bits so wait until #309?

closes #279
2025-04-17 20:30:55 +02:00 · 2025-04-17 20:30:55 +02:00 · f90a88408d
commit f90a88408d
parent bdeca8d6fe
4 changed files with 84 additions and 32 deletions
--- a/flake.nix
+++ b/flake.nix
@ -1,19 +1,11 @@
 {
-  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
-    flake-parts.url = "github:hercules-ci/flake-parts";
-    git-hooks.url = "github:cachix/git-hooks.nix";
-    agenix.url = "github:ryantm/agenix";
-
-    disko.url = "github:nix-community/disko";
-
-    nixops4.url = "github:nixops4/nixops4";
-    nixops4-nixos.url = "github:nixops4/nixops4-nixos";
-  };
-
-  outputs =
-    inputs@{ flake-parts, ... }:
-    flake-parts.lib.mkFlake { inherit inputs; } {
+  outputs = { self, ... }: let
+    inherit sources = import ./npins;
+    inherit (sources) nixpkgs flake-parts nixops4 nixops4-nixos git-hooks;
+    pkgs = import nixpkgs;
+    inherit (pkgs) lib;
+    flake-parts-lib = import "${flake-parts}/lib.nix" { inherit lib; };
+  in flake-parts-lib.mkFlake { inherit self; } {
      systems = [
        "x86_64-linux"
        "aarch64-linux"
@ -22,8 +14,8 @@
      ];

      imports = [
-        inputs.git-hooks.flakeModule
-        inputs.nixops4.modules.flake.default
+        (import "${git-hooks}/flake-module.nix")
+        (lib.importApply "${nixops4}/nix/flake-parts/flake-parts.nix" { inherit self; })

        ./infra/flake-part.nix
        ./services/flake-part.nix
@ -34,7 +26,6 @@
          config,
          pkgs,
          lib,
-          inputs',
          ...
        }:
        {
@ -57,14 +48,20 @@
          devShells.default = pkgs.mkShell {
            packages = [
              pkgs.nil
-              inputs'.agenix.packages.default
+              (pkgs.callPackage "${agenix}/pkgs/agenix.nix" {})
              pkgs.openssh
              pkgs.httpie
              pkgs.jq
              # exposing this env var as a hack to pass info in from form
-              (inputs'.nixops4.packages.default.overrideAttrs {
-                impureEnvVars = [ "DEPLOYMENT" ];
-              })
+              (
+                (pkgs.callPackage "${nixops4}/package.nix" {
+                  # nixops4-cli-rust = config.packages.nixops4-release; # https://github.com/nixops4/nixops4/tree/main/rust/nixops4
+                  # nixops4-eval = config.packages.nixops4-eval-release; # https://github.com/nixops4/nixops4/tree/main/rust/nixops4-eval
+                })
+                .overrideAttrs {
+                  impureEnvVars = [ "DEPLOYMENT" ];
+                }
+              )
            ];
            shellHook = config.pre-commit.installationScript;
          };
--- a/infra/common/resource.nix
+++ b/infra/common/resource.nix
@ -1,5 +1,4 @@
 {
-  inputs,
  lib,
  config,
  ...
@ -9,6 +8,9 @@ let
  inherit (lib) attrValues elem mkDefault;
  inherit (lib.attrsets) concatMapAttrs optionalAttrs;
  inherit (lib.strings) removeSuffix;
+  # TODO: use thru nix path after #309
+  sources = import ../../npins;
+  inherit (sources) nixpkgs agenix disko;

  secretsPrefix = ../../secrets;
  secrets = import (secretsPrefix + "/secrets.nix");
@ -25,15 +27,15 @@ in
    hostPublicKey = config.fediversityVm.hostPublicKey;
  };

-  nixpkgs = inputs.nixpkgs;
+  inherit nixpkgs;

  ## The configuration of the machine. We strive to keep in this file only the
  ## options that really need to be injected from the resource. Everything else
  ## should go into the `./nixos` subdirectory.
  nixos.module = {
    imports = [
-      inputs.agenix.nixosModules.default
-      inputs.disko.nixosModules.default
+      (import "${agenix}/modules/age.nix")
+      (import "${disko}/module.nix")
      ./options.nix
      ./nixos
    ];
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -1,7 +1,7 @@
 {
  self,
-  inputs,
  lib,
+  withSystem,
  ...
 }:

@ -14,6 +14,8 @@ let
    filterAttrs
    ;
  inherit (lib.attrsets) genAttrs;
+  # TODO: use thru nix path after #309
+  sources = import ../../npins;

  ## Given a machine's name and whether it is a test VM, make a resource module,
  ## except for its missing provider. (Depending on the use of that resource, we
@ -21,7 +23,6 @@ let
  makeResourceModule =
    { vmName, isTestVm }:
    {
-      _module.args = { inherit inputs; };
      imports =
        [
          ./common/resource.nix
@ -51,11 +52,11 @@ let
    vmNames:
    { providers, ... }:
    {
-      providers.local = inputs.nixops4.modules.nixops4Provider.local;
+      providers.local = lib.importApply "${nixop4s}/nix/providers/local.nix" { inherit withSystem; };
      resources = genAttrs vmNames (vmName: {
        type = providers.local.exec;
        imports = [
-          inputs.nixops4-nixos.modules.nixops4Resource.nixos
+          (lib.importApply "${nixop4s}/modules/nixops4Resource/nixos.nix" { inherit self withSystem; })
          (makeResourceModule {
            inherit vmName;
            isTestVm = false;
@ -72,7 +73,7 @@ let
    (import ../deployment)
      {
        inherit lib;
-        inherit (inputs) nixops4 nixops4-nixos;
+        inherit (sources) nixops4 nixops4-nixos;
        inherit (self.nixosModules) fediversity;
      }
      {
@ -121,7 +122,7 @@ let
  ## Given a VM name, make a NixOS configuration for this machine.
  makeConfiguration =
    isTestVm: vmName:
-    inputs.nixpkgs.lib.nixosSystem {
+    import "${nixpkgs}/nixos" {
      modules = [
        (makeResourceConfig { inherit vmName isTestVm; }).nixos.module
      ];
--- a/npins/sources.json
+++ b/npins/sources.json
@ -1,5 +1,31 @@
 {
  "pins": {
+    "flake-parts": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "hercules-ci",
+        "repo": "flake-parts"
+      },
+      "branch": "main",
+      "submodules": false,
+      "revision": "c621e8422220273271f52058f618c94e405bb0f5",
+      "url": "https://github.com/hercules-ci/flake-parts/archive/c621e8422220273271f52058f618c94e405bb0f5.tar.gz",
+      "hash": "09j2dafd75ydlcw8v48vcpfm2mw0j6cs8286x2hha2lr08d232w4"
+    },
+    "git-hooks": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "cachix",
+        "repo": "git-hooks.nix"
+      },
+      "branch": "master",
+      "submodules": false,
+      "revision": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+      "url": "https://github.com/cachix/git-hooks.nix/archive/dcf5072734cb576d2b0c59b2ac44f5050b5eac82.tar.gz",
+      "hash": "1jmdxmx29xghjiaks6f5amnxld8w3kmxb2zv8lk2yzpgp6kr60qg"
+    },
    "htmx": {
      "type": "GitRelease",
      "repository": {
@ -29,6 +55,32 @@
      "url": "https://github.com/nix-community/nix-unit/archive/e9d81f6cffe67681e7c04a967d29f18c2c540af5.tar.gz",
      "hash": "1wms0wxwvxac1r1daihj5wsx1nghfk5hwdvy5cpgq481bp9x4cjn"
    },
+    "nixops4": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "nixops4",
+        "repo": "nixops4"
+      },
+      "branch": "main",
+      "submodules": false,
+      "revision": "337d537e8ffd9ecfc0d9a91cf4071d2a5e9dec91",
+      "url": "https://github.com/nixops4/nixops4/archive/337d537e8ffd9ecfc0d9a91cf4071d2a5e9dec91.tar.gz",
+      "hash": "0bdbbgm1hr8wmdm35kjjiphgzkm52bpg47qq741bmcqmxz3c1cnl"
+    },
+    "nixops4-nixos": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "nixops4",
+        "repo": "nixops4-nixos"
+      },
+      "branch": "main",
+      "submodules": false,
+      "revision": "1cf497c17fac268a1a9ec31de15a18453c1aff81",
+      "url": "https://github.com/nixops4/nixops4-nixos/archive/1cf497c17fac268a1a9ec31de15a18453c1aff81.tar.gz",
+      "hash": "0n85j6c26k5mxl9ppndxd24sxmv9h7ari5ffvplsd6jsrbpkfwkj"
+    },
    "nixpkgs": {
      "type": "Channel",
      "name": "nixpkgs-unstable",