Commit graph

62 commits

Author SHA1 Message Date
5e887094c3 normalise, remove unrelated 2025-06-11 18:28:41 +02:00
0930a8b75b
restore path for place that needed path over string 2025-06-07 17:06:30 +02:00
196d4e1540
name paths for purity, preventing double-hash store paths
https://github.com/NixOS/nix/issues/10627
2025-05-30 16:58:41 +02:00
ee5c2b90b7 Introduce test for deploying all services with nixops4 apply (#329)
Closes Fediversity/Fediversity#276

This PR adds a CLI deployment test. It builds on top of Fediversity/Fediversity#323. This test features a deployer node and four target nodes. The deployer node runs `nixops4 apply` on a deployment built with our actual code in `deployment/default.nix`, which pushes onto the four target machines combinations of Garage/Mastodon/Peertube/Pixelfed depending on a JSON payload. We check that the expected services are indeed deployed on the machines. Getting there involved reworking the existing basic test to extract common patterns, and adding support for ACME certificates negotiation inside the NixOS test.

What works:
- deployer successfully runs `nixops4 apply` with various payloads
- target machines indeed get the right services pushed onto them and removed
- services on target machines successfully negotiate ACME certificates

What does not work: the services themselves depend a lot on DNS and that is not taken care of at all, so they are probably very broken. Still, this is a good milestone.

Test it yourself by running `nix build .#checks.x86_64-linux.deployment-basic -vL` and `nix build .#checks.x86_64-linux.deployment-cli -vL`. On the very beefy machine that I am using, the basic test runs in ~4 minutes and the CLI test in ~17 minutes. We know from Fediversity/Fediversity#323 that the basic test runs in ~12 minutes on the CI runner, so maybe about an hour for the CLI test?

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Reviewed-on: Fediversity/Fediversity#329
Reviewed-by: kiara Grouwstra <kiara@procolix.eu>
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
2025-05-19 02:18:54 +02:00
5f66a034f3 actually use the typed configuration in deployment
that change somehow slipped through the cracks previously
2025-05-09 12:46:11 +02:00
6100b278b6 generate Python data models from module options (#285)
this shows a proof of concept for generating Django forms from NixOS modules

note that the form behavior is still rather clumsy and doesn't exactly map to the module semantics:
- since forms can only be sent wholesale, empty form fields will show up as empty strings
  and break validation without additional cleanup (not done here)
- it's not possible to faithfully translate `type = submodule { /* ... */}; default = {};`, since the default
  is translated to an empty dict `{}`. this is because the JSON schema converter does not preserve type information.
  this can be added by making it use `$defs` [1], but that would likely amount to half a rewrite
- there's a glitch in enum default values that needs to be fixed in `datamodel-code-generator` [0]

[0]: dd44480359/src/datamodel_code_generator/parser/base.py (L1015)
[1]: https://json-schema.org/understanding-json-schema/structuring#defs

a generated file will be placed into the source (by the development shell and the package respectively)
that declares Pydantic types from which to render the form. it looks something like this:

```python
from __future__ import annotations

from enum import Enum
from typing import Optional

from pydantic import BaseModel, Extra, Field
from drf_pydantic import BaseModel

class Domain(Enum):
    fediversity_net = 'fediversity.net'

# ...

class Model(BaseModel):
    class Config:
        extra = Extra.forbid

    domain: Optional[Domain] = Field(
        'fediversity.net',
        description='Apex domain under which the services will be deployed.\n',
    )

  # ...
```
2025-05-01 01:26:52 +02:00
f5db62e053 Add a basic integration test (#323)
This PR adds a basic deployment test to the repository. This test will, in a NixOS test, run a deployer VM and a target VM, and check that we manage to run `nixops4 apply` on the deployer VM to change things on the target VM. The ideas are all @roberth's and this test has been extremely heavily inspired by https://github.com/nixops4/nixops4-nixos/blob/main/test/default/nixosTest.nix.

Reviewed-on: Fediversity/Fediversity#323
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
2025-04-30 15:03:36 +02:00
b645660118 deployment module: set configuration explicitly (#315)
this change is a no-op (it merely indents the option definitions by one,
by setting `config` explicitly) and prepares an addition of option
declarations that would otherwise be lost in the huge diff.

Reviewed-on: Fediversity/Fediversity#315
Reviewed-by: kiara Grouwstra <kiara@procolix.eu>
2025-04-22 11:30:33 +02:00
af3b2a62fd
Create a configuration resource even if the service is disabled 2025-04-02 15:06:17 +02:00
4db91bd0b7
Transmit initial user from JSON to services 2025-02-28 10:57:31 +01:00
f34f2e45ab
Get panel config as a block - use eg. mastodon.enable 2025-02-27 11:43:44 +01:00
07b3cd90d7
Make clearer what nixos.module is 2025-02-27 11:39:07 +01:00
ea98ccebfc
Very vague and minimalistic description of deployment/ 2025-02-27 11:35:55 +01:00
c66889f58f
Better naming of makeMakeDeployment arguments 2025-02-27 11:35:55 +01:00
e27cc6e96a
Generalise test deployment; get config from JSON 2025-02-27 11:35:54 +01:00
3f9c174d97
Get rid of the deployment/ directory 2025-02-25 11:57:20 +01:00
fb5bed9042
Remove other host keys 2025-02-25 11:57:20 +01:00
636e4636f7
Add test machines 2025-02-25 11:57:20 +01:00
0bea2d0bb1
Mark deployment/ as deprecated 2025-02-21 20:24:41 +01:00
398dc05ad5
Rename provisioning host keys to match nixosConfiguration entries 2025-02-21 20:24:40 +01:00
57e6127a7a
Move provision.sh and remove.sh to infra/ 2025-02-21 20:24:40 +01:00
f8ec8e7d93
Decouple id and name 2025-02-21 20:24:40 +01:00
d77b04ec18
Apply makeInstallerIso to conf in provision.sh 2025-02-21 20:24:40 +01:00
bf0a35de6c
makeInstaller -> makeInstallerIso 2025-02-21 20:24:40 +01:00
9e95287715
Make API URL an argument of the provisioning script 2025-02-21 20:24:40 +01:00
cd83536e2f
Allow Garage and services to run on different machines 2025-02-21 17:52:50 +01:00
1eeaa04df6
Introduce fediversity.garage.enable 2025-02-21 17:52:50 +01:00
a5d226ed22
Get rid of fediversity.enable 2025-02-21 17:52:50 +01:00
78a85b27ff
Put the S3 secrets into files
...but not everywhere, there remains some FIXMEs where ultimately the
secrets do get into the store.
2025-02-21 17:52:50 +01:00
b547912794
Make access and secret keys parameters 2025-02-21 17:52:50 +01:00
a1cfcf1d71
Same treatment for Peertube 2025-02-21 17:52:50 +01:00
c6fb52915a
More clean up of the deployment flake
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
2025-02-21 10:01:06 +01:00
df182d5a67
Follow changes in removal script 2025-02-21 10:01:06 +01:00
9611e4ff9a
Support more configuration in the .proxmox file 2025-02-21 10:01:06 +01:00
5cc86bff94
Move makeInstaller to infra/ 2025-02-21 10:01:05 +01:00
dc3a4dc4e8
Merge machine argument into the attrset argument 2025-02-21 10:01:05 +01:00
d7bcb45789
Clean up code in deployment/ 2025-02-21 10:01:05 +01:00
1df61bbe4d remove trailing whitespace from deployment/README.md (#171)
Reviewed-on: Fediversity/Fediversity#171
Reviewed-by: Kevin Muller <kevin@procolix.com>
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
2025-02-20 15:11:33 +01:00
446e866cb2 remove the currently unused RSA keys (#165)
Reviewed-on: Fediversity/Fediversity#165
Reviewed-by: Nicolas Jeannerod <nicolas.jeannerod@moduscreate.com>
2025-02-20 12:43:48 +01:00
fb64d2b9c9
convert readmes from org to markdown 2025-02-19 20:23:48 +01:00
18a14d29ab
Fix vm_id -> vmid
It probably was changed by mistake beforehand.
2025-02-19 18:29:31 +01:00
797ce362bd
Add debug mode to provisioning script 2025-02-19 18:29:31 +01:00
5f29388776
printf + exit -> die 2025-02-19 18:29:31 +01:00
253a5ad8fa
Fix missing space, add missing quotes 2025-02-19 18:29:31 +01:00
807808ed00
bash scripts: snake-case variables, deduplicate $RANDOM, satisfy LSP
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
2025-02-19 18:29:31 +01:00
f547f451e1
Remove ISOs after provisioning 2025-01-29 15:35:49 +01:00
be1065c2d3
Fix paths to provisioning scripts 2025-01-27 15:26:38 +01:00
e45441f12a
Clean up section on Fediversity Proxmox 2025-01-27 15:26:38 +01:00
5aa6ca3ae6
Small clean up around VM ids 2025-01-27 11:57:29 +01:00
bdf43717fa update VPN docs to show WireGuard config on NixOS 2025-01-24 12:27:45 +01:00