From f90a88408dd3161e6f59a3e3c49a051b291391d9 Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Thu, 17 Apr 2025 20:30:55 +0200 Subject: [PATCH] WIP: unify versioning - not sure how to port nixops4 bits so wait until #309? closes #279 --- flake.nix | 41 ++++++++++++++---------------- infra/common/resource.nix | 10 +++++--- infra/flake-part.nix | 13 +++++----- npins/sources.json | 52 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 84 insertions(+), 32 deletions(-) diff --git a/flake.nix b/flake.nix index 9e0a719b..f3a27f40 100644 --- a/flake.nix +++ b/flake.nix @@ -1,19 +1,11 @@ { - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; - flake-parts.url = "github:hercules-ci/flake-parts"; - git-hooks.url = "github:cachix/git-hooks.nix"; - agenix.url = "github:ryantm/agenix"; - - disko.url = "github:nix-community/disko"; - - nixops4.url = "github:nixops4/nixops4"; - nixops4-nixos.url = "github:nixops4/nixops4-nixos"; - }; - - outputs = - inputs@{ flake-parts, ... }: - flake-parts.lib.mkFlake { inherit inputs; } { + outputs = { self, ... }: let + inherit sources = import ./npins; + inherit (sources) nixpkgs flake-parts nixops4 nixops4-nixos git-hooks; + pkgs = import nixpkgs; + inherit (pkgs) lib; + flake-parts-lib = import "${flake-parts}/lib.nix" { inherit lib; }; + in flake-parts-lib.mkFlake { inherit self; } { systems = [ "x86_64-linux" "aarch64-linux" @@ -22,8 +14,8 @@ ]; imports = [ - inputs.git-hooks.flakeModule - inputs.nixops4.modules.flake.default + (import "${git-hooks}/flake-module.nix") + (lib.importApply "${nixops4}/nix/flake-parts/flake-parts.nix" { inherit self; }) ./infra/flake-part.nix ./services/flake-part.nix @@ -34,7 +26,6 @@ config, pkgs, lib, - inputs', ... }: { @@ -57,14 +48,20 @@ devShells.default = pkgs.mkShell { packages = [ pkgs.nil - inputs'.agenix.packages.default + (pkgs.callPackage "${agenix}/pkgs/agenix.nix" {}) pkgs.openssh pkgs.httpie pkgs.jq # exposing this env var as a hack to pass info in from form - (inputs'.nixops4.packages.default.overrideAttrs { - impureEnvVars = [ "DEPLOYMENT" ]; - }) + ( + (pkgs.callPackage "${nixops4}/package.nix" { + # nixops4-cli-rust = config.packages.nixops4-release; # https://github.com/nixops4/nixops4/tree/main/rust/nixops4 + # nixops4-eval = config.packages.nixops4-eval-release; # https://github.com/nixops4/nixops4/tree/main/rust/nixops4-eval + }) + .overrideAttrs { + impureEnvVars = [ "DEPLOYMENT" ]; + } + ) ]; shellHook = config.pre-commit.installationScript; }; diff --git a/infra/common/resource.nix b/infra/common/resource.nix index 4606ddf4..a8d16a65 100644 --- a/infra/common/resource.nix +++ b/infra/common/resource.nix @@ -1,5 +1,4 @@ { - inputs, lib, config, ... @@ -9,6 +8,9 @@ let inherit (lib) attrValues elem mkDefault; inherit (lib.attrsets) concatMapAttrs optionalAttrs; inherit (lib.strings) removeSuffix; + # TODO: use thru nix path after #309 + sources = import ../../npins; + inherit (sources) nixpkgs agenix disko; secretsPrefix = ../../secrets; secrets = import (secretsPrefix + "/secrets.nix"); @@ -25,15 +27,15 @@ in hostPublicKey = config.fediversityVm.hostPublicKey; }; - nixpkgs = inputs.nixpkgs; + inherit nixpkgs; ## The configuration of the machine. We strive to keep in this file only the ## options that really need to be injected from the resource. Everything else ## should go into the `./nixos` subdirectory. nixos.module = { imports = [ - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.default + (import "${agenix}/modules/age.nix") + (import "${disko}/module.nix") ./options.nix ./nixos ]; diff --git a/infra/flake-part.nix b/infra/flake-part.nix index 71c68728..9fcab95c 100644 --- a/infra/flake-part.nix +++ b/infra/flake-part.nix @@ -1,7 +1,7 @@ { self, - inputs, lib, + withSystem, ... }: @@ -14,6 +14,8 @@ let filterAttrs ; inherit (lib.attrsets) genAttrs; + # TODO: use thru nix path after #309 + sources = import ../../npins; ## Given a machine's name and whether it is a test VM, make a resource module, ## except for its missing provider. (Depending on the use of that resource, we @@ -21,7 +23,6 @@ let makeResourceModule = { vmName, isTestVm }: { - _module.args = { inherit inputs; }; imports = [ ./common/resource.nix @@ -51,11 +52,11 @@ let vmNames: { providers, ... }: { - providers.local = inputs.nixops4.modules.nixops4Provider.local; + providers.local = lib.importApply "${nixop4s}/nix/providers/local.nix" { inherit withSystem; }; resources = genAttrs vmNames (vmName: { type = providers.local.exec; imports = [ - inputs.nixops4-nixos.modules.nixops4Resource.nixos + (lib.importApply "${nixop4s}/modules/nixops4Resource/nixos.nix" { inherit self withSystem; }) (makeResourceModule { inherit vmName; isTestVm = false; @@ -72,7 +73,7 @@ let (import ../deployment) { inherit lib; - inherit (inputs) nixops4 nixops4-nixos; + inherit (sources) nixops4 nixops4-nixos; inherit (self.nixosModules) fediversity; } { @@ -121,7 +122,7 @@ let ## Given a VM name, make a NixOS configuration for this machine. makeConfiguration = isTestVm: vmName: - inputs.nixpkgs.lib.nixosSystem { + import "${nixpkgs}/nixos" { modules = [ (makeResourceConfig { inherit vmName isTestVm; }).nixos.module ]; diff --git a/npins/sources.json b/npins/sources.json index ea7efb09..4114a23a 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -1,5 +1,31 @@ { "pins": { + "flake-parts": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "hercules-ci", + "repo": "flake-parts" + }, + "branch": "main", + "submodules": false, + "revision": "c621e8422220273271f52058f618c94e405bb0f5", + "url": "https://github.com/hercules-ci/flake-parts/archive/c621e8422220273271f52058f618c94e405bb0f5.tar.gz", + "hash": "09j2dafd75ydlcw8v48vcpfm2mw0j6cs8286x2hha2lr08d232w4" + }, + "git-hooks": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "cachix", + "repo": "git-hooks.nix" + }, + "branch": "master", + "submodules": false, + "revision": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "url": "https://github.com/cachix/git-hooks.nix/archive/dcf5072734cb576d2b0c59b2ac44f5050b5eac82.tar.gz", + "hash": "1jmdxmx29xghjiaks6f5amnxld8w3kmxb2zv8lk2yzpgp6kr60qg" + }, "htmx": { "type": "GitRelease", "repository": { @@ -29,6 +55,32 @@ "url": "https://github.com/nix-community/nix-unit/archive/e9d81f6cffe67681e7c04a967d29f18c2c540af5.tar.gz", "hash": "1wms0wxwvxac1r1daihj5wsx1nghfk5hwdvy5cpgq481bp9x4cjn" }, + "nixops4": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "nixops4", + "repo": "nixops4" + }, + "branch": "main", + "submodules": false, + "revision": "337d537e8ffd9ecfc0d9a91cf4071d2a5e9dec91", + "url": "https://github.com/nixops4/nixops4/archive/337d537e8ffd9ecfc0d9a91cf4071d2a5e9dec91.tar.gz", + "hash": "0bdbbgm1hr8wmdm35kjjiphgzkm52bpg47qq741bmcqmxz3c1cnl" + }, + "nixops4-nixos": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "nixops4", + "repo": "nixops4-nixos" + }, + "branch": "main", + "submodules": false, + "revision": "1cf497c17fac268a1a9ec31de15a18453c1aff81", + "url": "https://github.com/nixops4/nixops4-nixos/archive/1cf497c17fac268a1a9ec31de15a18453c1aff81.tar.gz", + "hash": "0n85j6c26k5mxl9ppndxd24sxmv9h7ari5ffvplsd6jsrbpkfwkj" + }, "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable",