From fae99afaea306f46b7e3b697bfb754fef1a6df5d Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Thu, 18 Sep 2025 18:26:52 +0200 Subject: [PATCH] continued Signed-off-by: Kiara Grouwstra --- deployment/check/common/data-model.nix | 3 +- .../check/data-model-tf-proxmox/nixosTest.nix | 128 ++++++++---------- deployment/data-model.nix | 48 ++++--- deployment/run/tf-proxmox/main.tf | 94 ++++++------- deployment/run/tf-proxmox/variables.tf | 32 +---- 5 files changed, 138 insertions(+), 167 deletions(-) diff --git a/deployment/check/common/data-model.nix b/deployment/check/common/data-model.nix index 98e9511d..796b62b2 100644 --- a/deployment/check/common/data-model.nix +++ b/deployment/check/common/data-model.nix @@ -5,6 +5,7 @@ sources ? import ../../../npins, ... }@args: +# FIXME allow default values for `config` module parameters? let # having this module's location (`self`) and (serializable) `args`, we know @@ -25,8 +26,8 @@ let sshOpts proxmox-user proxmox-password - node-name ; + node-name = nodeName; inherit (lib) mkOption types; eval = module: diff --git a/deployment/check/data-model-tf-proxmox/nixosTest.nix b/deployment/check/data-model-tf-proxmox/nixosTest.nix index 3302805e..0e4a0a7d 100644 --- a/deployment/check/data-model-tf-proxmox/nixosTest.nix +++ b/deployment/check/data-model-tf-proxmox/nixosTest.nix @@ -12,14 +12,15 @@ let nodeName = "mypve"; targetSystem = system; sshOpts = [ ]; + proxmox-user = "root@pam"; + proxmox-password = "mytestpw"; + node-name = ""; }; + # FIXME generate the image `nixos-generate` was to make, but now do it for a desired `-c configuration.nix` rather than whatever generic thing now deployment = (import ../common/data-model.nix { inherit system; config = deployment-config; - proxmox-username = "root@pam"; - proxmox-password = "mytestpw"; - node-name = ""; # opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call })."tf-proxmox-deployment".tf-proxmox-host; # tracking non-tarball downloads seems unsupported still in npins: @@ -28,13 +29,27 @@ let url = "https://releases.nixos.org/nixos/24.05/nixos-24.05.7139.bcba2fbf6963/nixos-minimal-24.05.7139.bcba2fbf6963-x86_64-linux.iso"; hash = "sha256-plre/mIHdIgU4xWU+9xErP+L4i460ZbcKq8iy2n4HT8="; }; + # machine = + # (import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" { + # inherit system; + # inherit (sources) nixpkgs; + # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/proxmox.nix"; + # configuration = deployment.nixos-configuration; # /nix/store/9nl9q95lvhbr86ys0q2xakr844cg9vym-nixos-generators-1.8.0/share/nixos-generator/configuration.nix + # }).config; + # .config.system.build.toplevel.drvPath + gen = import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" { + inherit system; + inherit (sources) nixpkgs; + formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/proxmox.nix"; + configuration = deployment.nixos-configuration; + }; machine = - (import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" { - inherit system; - inherit (sources) nixpkgs; - formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/proxmox.nix"; - configuration = deployment.nixos-configuration; - }).config; + # lib.trace ".config: ${builtins.toString (lib.attrNames gen.config)}" + # lib.trace ".config.system: ${builtins.toString (lib.attrNames gen.config.system)}" + # lib.trace ".config.system.build: ${builtins.toString (lib.attrNames gen.config.system.build)}" + # lib.trace ".config.system.build.toplevel: ${builtins.toString (lib.attrNames gen.config.system.build.toplevel)}" + # lib.trace ".config.system.build.toplevel.drvPath: ${builtins.toString (lib.attrNames gen.config.system.build.toplevel.drvPath)}" + gen.config; in { _class = "nixosTest"; @@ -132,69 +147,40 @@ in lib.trace "no" [ ] ) ) machine.environment.systemPackages) + # ++ (let + # base = + # (import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" { + # inherit system; + # inherit (sources) nixpkgs; + # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/proxmox.nix"; + # configuration = "${pkgs.nixos-generators}/share/nixos-generator/configuration.nix"; + # }).config; + # in [ + # base.system.build.toplevel.inputDerivation + # base.system.build.etc.inputDerivation + # base.system.build.etcBasedir.inputDerivation + # base.system.build.etcMetadataImage.inputDerivation + # base.system.build.extraUtils.inputDerivation + # base.system.path.inputDerivation + # base.system.build.setEnvironment.inputDerivation + # base.system.build.vm.inputDerivation + # base.system.build.bootStage1.inputDerivation + # base.system.build.bootStage2.inputDerivation + # ]) ++ [ - ( - ( - x: - builtins.trace "machine.system.build.toplevel.inputDerivation: ${builtins.toString (lib.isPath x)}" x - ) - machine.system.build.toplevel.inputDerivation - ) - ( - ( - x: builtins.trace "machine.system.build.etc.inputDerivation: ${builtins.toString (lib.isPath x)}" x - ) - machine.system.build.etc.inputDerivation - ) - ( - ( - x: - builtins.trace "machine.system.build.etcBasedir.inputDerivation: ${builtins.toString (lib.isPath x)}" x - ) - machine.system.build.etcBasedir.inputDerivation - ) - ( - ( - x: - builtins.trace "machine.system.build.etcMetadataImage.inputDerivation: ${builtins.toString (lib.isPath x)}" x - ) - machine.system.build.etcMetadataImage.inputDerivation - ) - ( - ( - x: - builtins.trace "machine.system.build.extraUtils.inputDerivation: ${builtins.toString (lib.isPath x)}" x - ) - machine.system.build.extraUtils.inputDerivation - ) - ((x: builtins.trace "machine.system.path.inputDerivation: ${builtins.toString (lib.isPath x)}" x) - machine.system.path.inputDerivation - ) - ( - ( - x: - builtins.trace "machine.system.build.setEnvironment.inputDerivation: ${builtins.toString (lib.isPath x)}" x - ) - machine.system.build.setEnvironment.inputDerivation - ) - ( - (x: builtins.trace "machine.system.build.vm.inputDerivation: ${builtins.toString (lib.isPath x)}" x) - machine.system.build.vm.inputDerivation - ) - ( - ( - x: - builtins.trace "machine.system.build.bootStage1.inputDerivation: ${builtins.toString (lib.isPath x)}" x - ) - machine.system.build.bootStage1.inputDerivation - ) - ( - ( - x: - builtins.trace "machine.system.build.bootStage2.inputDerivation: ${builtins.toString (lib.isPath x)}" x - ) - machine.system.build.bootStage2.inputDerivation - ) + # ) + # ( + # (x: builtins.trace "machine.system.build.vm.inputDerivation: ${builtins.toString (lib.isPath x)}" x) + machine.system.build.toplevel.inputDerivation + machine.system.build.etc.inputDerivation + machine.system.build.etcBasedir.inputDerivation + machine.system.build.etcMetadataImage.inputDerivation + machine.system.build.extraUtils.inputDerivation + machine.system.path.inputDerivation + machine.system.build.setEnvironment.inputDerivation + machine.system.build.vm.inputDerivation + machine.system.build.bootStage1.inputDerivation + machine.system.build.bootStage2.inputDerivation pkgs.gnu-config # pkgs.gnu-config.inputDerivation pkgs.byacc diff --git a/deployment/data-model.nix b/deployment/data-model.nix index ccbb1be4..cfce54a4 100644 --- a/deployment/data-model.nix +++ b/deployment/data-model.nix @@ -317,6 +317,19 @@ let description = "the name of the ProxmoX node to use."; type = types.str; }; + # nixos-conf = mkOption { + # type = types.str; + # default = writeConfig { + # inherit (tf-host.config) + # system + # module + # args + # deployment-name + # root-path + # ; + # deployment-type = "tf-proxmox-host"; + # }; + # }; run = mkOption { type = types.package; # error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times. @@ -333,6 +346,7 @@ let proxmox-user proxmox-password node-name + # nixos-conf ; inherit (ssh) host @@ -342,36 +356,34 @@ let ; environment = { key_file = key-file; - deployment_name = deployment-name; - root_path = root-path; ssh_opts = sshOpts; inherit - system host - module - args ; proxmox_user = proxmox-user; proxmox_password = proxmox-password; - deployment_type = "tf-proxmox-host"; ssh_user = username; node_name = node-name; + # nixos_conf = nixos-conf; + nixos_conf = writeConfig { + inherit + system + module + args + deployment-name + root-path + ; + deployment-type = "tf-proxmox-host"; + }; }; tf-env = pkgs.callPackage ./run/tf-proxmox/tf-env.nix { }; in pkgs.writers.writeBashBin "deploy-tf-proxmox.sh" - { - makeWrapperArgs = [ - "--prefix" - "PATH" - ":" - "${lib.makeBinPath [ - pkgs.jq - pkgs.nixos-generators - (pkgs.callPackage ./run/tf-proxmox/tf.nix { inherit sources; }) - ]}" - ]; - } + (withPackages [ + pkgs.jq + pkgs.nixos-generators + (pkgs.callPackage ./run/tf-proxmox/tf.nix { inherit sources; }) + ]) '' env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \ tf_env=${tf-env} bash ./deployment/run/tf-proxmox/run.sh diff --git a/deployment/run/tf-proxmox/main.tf b/deployment/run/tf-proxmox/main.tf index 875d2c81..e36bb603 100644 --- a/deployment/run/tf-proxmox/main.tf +++ b/deployment/run/tf-proxmox/main.tf @@ -7,9 +7,9 @@ terraform { } } -locals { - dump_name = "vzdump-qemu-nixos-fediversity-${var.category}.vma.zst" -} +# locals { +# dump_name = "vzdump-qemu-nixos-fediversity-${var.category}.vma.zst" +# } provider "proxmox" { endpoint = "https://${var.host}:8006/" @@ -29,57 +29,57 @@ provider "proxmox" { # csrf_prevention_token = var.virtual_environment_csrf_prevention_token } -# FIXME move to host -# FIXME add proxmox -data "external" "base-hash" { - program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ${path.module}/../common/nixos/base.nix)\\\"}\""] -} +# # FIXME move to host +# # FIXME add proxmox +# data "external" "base-hash" { +# program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ${path.module}/../common/nixos/base.nix)\\\"}\""] +# } -# hash of our code directory, used to trigger re-deploy -# FIXME calculate separately to reduce false positives -data "external" "hash" { - program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ..)\\\"}\""] -} +# # hash of our code directory, used to trigger re-deploy +# # FIXME calculate separately to reduce false positives +# data "external" "hash" { +# program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ..)\\\"}\""] +# } -# FIXME move to host -resource "terraform_data" "template" { - # triggers_replace = [ - # data.external.base-hash.result, - # ] +# # FIXME move to host +# resource "terraform_data" "template" { +# # triggers_replace = [ +# # data.external.base-hash.result, +# # ] - provisioner "local-exec" { - working_dir = path.root - # FIXME configure to use actual base image - command = <<-EOF - set -xeuo pipefail +# provisioner "local-exec" { +# working_dir = path.root +# # FIXME configure to use actual base image +# command = <<-EOF +# set -xeuo pipefail - # XXX nixos-generate needs NIX_PATH to have `nixpkgs` set! - nixos-generate -f proxmox -o /tmp/nixos-image - # the above makes /tmp/nixos-image read-only, so our stable file name needs a different directory - mkdir -p /tmp/proxmox-image - ln -sf /tmp/nixos-image/vzdump-qemu-nixos-*.vma.zst /tmp/proxmox-image/${local.dump_name} - EOF - } -} +# # XXX nixos-generate needs NIX_PATH to have `nixpkgs` set! +# nixos-generate -f proxmox -o /tmp/nixos-image +# # the above makes /tmp/nixos-image read-only, so our stable file name needs a different directory +# mkdir -p /tmp/proxmox-image +# ln -sf /tmp/nixos-image/vzdump-qemu-nixos-*.vma.zst /tmp/proxmox-image/${local.dump_name} +# EOF +# } +# } -# FIXME move to host -resource "proxmox_virtual_environment_file" "upload" { - lifecycle { - replace_triggered_by = [ - terraform_data.template, - ] - } +# # FIXME move to host +# resource "proxmox_virtual_environment_file" "upload" { +# lifecycle { +# replace_triggered_by = [ +# terraform_data.template, +# ] +# } - content_type = "images" - datastore_id = "local" - node_name = var.node_name - overwrite = true +# content_type = "images" +# datastore_id = "local" +# node_name = var.node_name +# overwrite = true - source_file { - path = "/tmp/proxmox-image/${local.dump_name}" - file_name = local.dump_name - } -} +# source_file { +# path = "/tmp/proxmox-image/${local.dump_name}" +# file_name = local.dump_name +# } +# } # FIXME distinguish var.category data "proxmox_virtual_environment_vms" "nixos_base" { diff --git a/deployment/run/tf-proxmox/variables.tf b/deployment/run/tf-proxmox/variables.tf index 88506a4f..466bece2 100644 --- a/deployment/run/tf-proxmox/variables.tf +++ b/deployment/run/tf-proxmox/variables.tf @@ -1,7 +1,6 @@ -variable "system" { - description = "The architecture of the system to deploy to." +variable "nixos_conf" { + description = "The path to the NixOS configuration to deploy." type = string - default = "x86_64-linux" } variable "ssh_user" { @@ -32,44 +31,17 @@ variable "node_name" { type = string } -variable "module" { - description = "The module to call to obtain the NixOS configuration from." - type = string -} - -variable "args" { - description = "The arguments with which to call the module to obtain the NixOS configuration." - type = string - default = "{}" -} - variable "key_file" { description = "path to the user's SSH private key" type = string } -variable "deployment_name" { - description = "The name of the deployment for which to obtain the NixOS configuration." - type = string -} - -variable "root_path" { - description = "The path to the root of the repository." - type = string -} - variable "ssh_opts" { description = "Extra SSH options (`-o`) to use." type = string default = "[]" } -variable "deployment_type" { - description = "A `deployment-type` from the Fediversity data model, for grabbing the desired NixOS configuration." - type = string - default = "tf-proxmox-host" -} - ######################################### variable "category" {