upgrade memory to resolve oom

[wip] handling env file (still fails)
use templating fork
2025-07-01 17:57:00 +02:00 · 2025-07-01 17:57:00 +02:00 · 2025-07-01 17:57:00 +02:00 · 2025-07-01 17:57:00 +02:00 · 2025-07-01 17:57:00 +02:00 · 2025-07-01 17:57:00 +02:00
70 changed files with 227 additions and 81 deletions
--- a/.forgejo/workflows/update.yaml
+++ b/.forgejo/workflows/update.yaml
@ -2,20 +2,22 @@ name: update-dependencies
 on:
  workflow_dispatch: # allows manual triggering
-  schedule:
+  # FIXME: re-enable when manual run works
-    - cron: '0 0 1 * *' # monthly
+  # schedule:
  #   - cron: '0 0 1 * *' # monthly
 jobs:
  lockfile:
-    runs-on: ubuntu-latest
+    runs-on: native
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Nix
+      - name: Update pins
-        uses: cachix/install-nix-action@v31
+        run: nix-shell --run "npins update"
-      - name: Install npins
+      - name: Create PR
-        run: nix profile install 'nixpkgs#npins'
+        uses: peter-evans/create-pull-request@v7
      - name: Update npins sources
        uses: getchoo/update-npins@v0
        with:
          token: "${{ secrets.DEPLOY_KEY }}"
          branch: npins-update
          commit-message: "npins: update sources"
          title: "npins: update sources"
--- a/default.nix
+++ b/default.nix
@ -10,6 +10,8 @@ let
    gitignore
    ;
  inherit (pkgs) lib;
  inherit (import sources.flake-inputs) import-flake;
  inherit ((import-flake { src = ./.; }).inputs) nixops4;
  pre-commit-check =
    (import "${git-hooks}/nix" {
      inherit nixpkgs system;
@ -55,8 +57,15 @@ in
        };
      in
      [
        pkgs.npins
        pkgs.nil
        (pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
        pkgs.openssh
        pkgs.httpie
        pkgs.jq
        pkgs.nix-unit
        test-loop
        nixops4.packages.${system}.default
      ];
  };
--- a/deployment/check/basic/flake-part.nix
+++ b/deployment/check/basic/flake-part.nix
@ -17,6 +17,8 @@ let
 in
 {
  _class = "flake";
  perSystem =
    { pkgs, ... }:
    {
--- a/deployment/check/basic/nixosTest.nix
+++ b/deployment/check/basic/nixosTest.nix
@ -1,6 +1,8 @@
 { inputs, ... }:
 {
  _class = "nixosTest";
  name = "deployment-basic";
  nodes.deployer =
--- a/deployment/check/cli/flake-part.nix
+++ b/deployment/check/cli/flake-part.nix
@ -21,6 +21,8 @@ let
 in
 {
  _class = "flake";
  perSystem =
    { pkgs, ... }:
    {
--- a/deployment/check/cli/nixosTest.nix
+++ b/deployment/check/cli/nixosTest.nix
@ -7,6 +7,8 @@ let
 in
 {
  _class = "nixosTest";
  name = "deployment-cli";
  nodes.deployer =
--- a/deployment/check/common/deployerNode.nix
+++ b/deployment/check/common/deployerNode.nix
@ -18,6 +18,8 @@ let
 in
 {
  _class = "nixos";
  imports = [ ./sharedOptions.nix ];
  options.system.extraDependenciesFromModule = mkOption {
--- a/deployment/check/common/nixosTest.nix
+++ b/deployment/check/common/nixosTest.nix
@ -42,6 +42,8 @@ let
 in
 {
  _class = "nixosTest";
  imports = [
    ./sharedOptions.nix
  ];
--- a/deployment/check/common/sharedOptions.nix
+++ b/deployment/check/common/sharedOptions.nix
@ -11,6 +11,7 @@ let
  inherit (lib) mkOption types;
 in
 # `config` not set and imported from multiple places: no fixed module class
 {
  options = {
    targetMachines = mkOption {
--- a/deployment/check/common/targetNode.nix
+++ b/deployment/check/common/targetNode.nix
@ -12,6 +12,8 @@ let
 in
 {
  _class = "nixos";
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
    (modulesPath + "/../lib/testing/nixos-test-base.nix")
--- a/deployment/check/common/targetResource.nix
+++ b/deployment/check/common/targetResource.nix
@ -12,6 +12,8 @@ let
 in
 {
  _class = "nixops4Resource";
  imports = [ ./sharedOptions.nix ];
  options = {
--- a/deployment/check/panel/flake-part.nix
+++ b/deployment/check/panel/flake-part.nix
@ -24,6 +24,8 @@ let
 in
 {
  _class = "flake";
  perSystem =
    { pkgs, ... }:
    {
--- a/deployment/check/panel/nixosTest.nix
+++ b/deployment/check/panel/nixosTest.nix
@ -123,6 +123,8 @@ let
 in
 {
  _class = "nixosTest";
  name = "deployment-panel";
  ## The panel's module sets `nixpkgs.overlays` which clashes with
@ -155,7 +157,6 @@ in
          SECRET_KEY = dummyFile;
        };
        port = panelPort;
        nixops4Package = inputs.nixops4.packages.${pkgs.system}.default;
        deployment = {
          flake = "/run/fedipanel/flake";
--- a/deployment/data-model-test.nix
+++ b/deployment/data-model-test.nix
@ -11,6 +11,8 @@ let
    }).config;
 in
 {
  _class = "nix-unit";
  test-eval = {
    expr =
      let
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@ -7,6 +7,8 @@ let
 in
 with types;
 {
  _class = "nixops4Deployment";
  options = {
    runtime-environments = mkOption {
      description = "Collection of runtime environments into which applications can be deployed";
--- a/deployment/default.nix
+++ b/deployment/default.nix
@ -67,6 +67,8 @@ let
  cfg = config.deployment;
 in
 {
  _class = "nixops4Deployment";
  options = {
    deployment = lib.mkOption {
      description = ''
--- a/deployment/flake-part.nix
+++ b/deployment/flake-part.nix
@ -1,4 +1,6 @@
 {
  _class = "flake";
  imports = [
    ./check/basic/flake-part.nix
    ./check/cli/flake-part.nix
--- a/deployment/options.nix
+++ b/deployment/options.nix
@ -17,6 +17,8 @@ let
  inherit (lib) types mkOption;
 in
 {
  _class = "nixops4Deployment";
  options = {
    enable = lib.mkEnableOption "Fediversity configuration";
    domain = mkOption {
--- a/flake.nix
+++ b/flake.nix
@ -11,7 +11,7 @@
    let
      sources = import ./npins;
      inherit (import sources.flake-inputs) import-flake;
-      inherit (sources) git-hooks agenix;
+      inherit (sources) git-hooks;
      # XXX(@fricklerhandwerk): this atrocity is required to splice in a foreign Nixpkgs via flake-parts
      # XXX - this is just importing a flake
      nixpkgs = import-flake { src = sources.nixpkgs; };
@ -43,7 +43,7 @@
          ];
          imports = [
-            (import "${git-hooks}/flake-module.nix")
+            "${git-hooks}/flake-module.nix"
            inputs.nixops4.modules.flake.default
            ./deployment/flake-part.nix
@ -54,7 +54,6 @@
            {
              pkgs,
              lib,
              inputs',
              ...
            }:
            {
@ -73,21 +72,6 @@
                  trim-trailing-whitespace.enable = true;
                  shellcheck.enable = true;
                };
              devShells.default = pkgs.mkShell {
                packages = [
                  pkgs.npins
                  pkgs.nil
                  (pkgs.callPackage "${agenix}/pkgs/agenix.nix" { })
                  pkgs.openssh
                  pkgs.httpie
                  pkgs.jq
                  # exposing this env var as a hack to pass info in from form
                  (inputs'.nixops4.packages.default.overrideAttrs {
                    impureEnvVars = [ "DEPLOYMENT" ];
                  })
                ];
              };
            };
        }
      );
--- a/infra/common/nixos/default.nix
+++ b/infra/common/nixos/default.nix
@ -5,6 +5,8 @@ let
 in
 {
  _class = "nixos";
  imports = [
    ./hardware.nix
    ./networking.nix
--- a/infra/common/nixos/hardware.nix
+++ b/infra/common/nixos/hardware.nix
@ -1,6 +1,8 @@
 { modulesPath, ... }:
 {
  _class = "nixos";
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
  boot = {
--- a/infra/common/nixos/networking.nix
+++ b/infra/common/nixos/networking.nix
@ -1,63 +1,64 @@
 { config, lib, ... }:
 let
-  inherit (lib) mkDefault;
+  inherit (lib) mkDefault mkIf mkMerge;
 in
 {
  _class = "nixos";
  config = {
    services.openssh = {
      enable = true;
      settings.PasswordAuthentication = false;
    };
-    networking = {
+    networking = mkMerge [
-      hostName = config.fediversityVm.name;
+      {
-      domain = config.fediversityVm.domain;
+        hostName = config.fediversityVm.name;
        domain = config.fediversityVm.domain;
-      ## REVIEW: Do we actually need that, considering that we have static IPs?
+        ## REVIEW: Do we actually need that, considering that we have static IPs?
-      useDHCP = mkDefault true;
+        useDHCP = mkDefault true;
-      interfaces = {
+        ## Disable the default firewall and use nftables instead, with a custom
-        eth0 = {
+        ## Procolix-made ruleset.
-          ipv4 = {
+        firewall.enable = false;
-            addresses = [
+        nftables = {
-              {
+          enable = true;
-                inherit (config.fediversityVm.ipv4) address prefixLength;
+          rulesetFile = ./nftables-ruleset.nft;
              }
            ];
          };
          ipv6 = {
            addresses = [
              {
                inherit (config.fediversityVm.ipv6) address prefixLength;
              }
            ];
          };
        };
-      };
+      }
-      defaultGateway = {
+      ## IPv4
-        address = config.fediversityVm.ipv4.gateway;
+      (mkIf config.fediversityVm.ipv4.enable {
-        interface = "eth0";
+        interfaces.${config.fediversityVm.ipv4.interface}.ipv4.addresses = [
-      };
+          { inherit (config.fediversityVm.ipv4) address prefixLength; }
-      defaultGateway6 = {
+        ];
-        address = config.fediversityVm.ipv6.gateway;
+        defaultGateway = {
-        interface = "eth0";
+          address = config.fediversityVm.ipv4.gateway;
-      };
+          interface = config.fediversityVm.ipv4.interface;
        };
        nameservers = [
          "95.215.185.6"
          "95.215.185.7"
        ];
      })
-      nameservers = [
+      ## IPv6
-        "95.215.185.6"
+      (mkIf config.fediversityVm.ipv6.enable {
-        "95.215.185.7"
+        interfaces.${config.fediversityVm.ipv6.interface}.ipv6.addresses = [
-        "2a00:51c0::5fd7:b906"
+          { inherit (config.fediversityVm.ipv6) address prefixLength; }
-        "2a00:51c0::5fd7:b907"
+        ];
-      ];
+        defaultGateway6 = {
-
+          address = config.fediversityVm.ipv6.gateway;
-      firewall.enable = false;
+          interface = config.fediversityVm.ipv6.interface;
-      nftables = {
+        };
-        enable = true;
+        nameservers = [
-        rulesetFile = ./nftables-ruleset.nft;
+          "2a00:51c0::5fd7:b906"
-      };
+          "2a00:51c0::5fd7:b907"
-    };
+        ];
      })
    ];
  };
 }
--- a/infra/common/nixos/users.nix
+++ b/infra/common/nixos/users.nix
@ -1,4 +1,6 @@
 {
  _class = "nixos";
  users.users = {
    procolix = {
      isNormalUser = true;
--- a/infra/common/options.nix
+++ b/infra/common/options.nix
@ -6,6 +6,8 @@ let
 in
 {
  # `config` not set and imported from multiple places: no fixed module class
  options.fediversityVm = {
    ##########################################################################
@ -89,6 +91,17 @@ in
    };
    ipv4 = {
      enable = mkOption {
        default = true;
      };
      interface = mkOption {
        description = ''
          The interface that carries the machine's IPv4 network.
        '';
        default = "eth0";
      };
      address = mkOption {
        description = ''
          The IP address of the machine, version 4. It will be injected as a
@ -114,6 +127,17 @@ in
    };
    ipv6 = {
      enable = mkOption {
        default = true;
      };
      interface = mkOption {
        description = ''
          The interface that carries the machine's IPv6 network.
        '';
        default = "eth0";
      };
      address = mkOption {
        description = ''
          The IP address of the machine, version 6. It will be injected as a
--- a/infra/common/resource.nix
+++ b/infra/common/resource.nix
@ -18,6 +18,8 @@ let
 in
 {
  _class = "nixops4Resource";
  imports = [ ./options.nix ];
  fediversityVm.hostPublicKey = mkDefault keys.systems.${config.fediversityVm.name};
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -159,6 +159,8 @@ let
 in
 {
  _class = "flake";
  ## - Each normal or test machine gets a NixOS configuration.
  ## - Each normal or test machine gets a VM options entry.
  ## - Each normal machine gets a deployment.
--- a/machines/dev/fedi200/default.nix
+++ b/machines/dev/fedi200/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 200;
    proxmox = "fediversity";
--- a/machines/dev/fedi201/default.nix
+++ b/machines/dev/fedi201/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 201;
    proxmox = "fediversity";
--- a/machines/dev/fedi201/fedipanel.nix
+++ b/machines/dev/fedi201/fedipanel.nix
@ -6,6 +6,8 @@ let
  name = "panel";
 in
 {
  _class = "nixos";
  imports = [
    (import ../../../panel { }).module
  ];
--- a/machines/dev/vm02116/default.nix
+++ b/machines/dev/vm02116/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 2116;
    proxmox = "procolix";
--- a/machines/dev/vm02116/forgejo.nix
+++ b/machines/dev/vm02116/forgejo.nix
@ -5,6 +5,8 @@ let
 in
 {
  _class = "nixos";
  services.forgejo = {
    enable = true;
--- a/machines/dev/vm02187/default.nix
+++ b/machines/dev/vm02187/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 2187;
    proxmox = "procolix";
--- a/machines/dev/vm02187/wiki.nix
+++ b/machines/dev/vm02187/wiki.nix
@ -1,6 +1,8 @@
 { config, ... }:
 {
  _class = "nixos";
  services.phpfpm.pools.mediawiki.phpOptions = ''
    upload_max_filesize = 1024M;
    post_max_size = 1024M;
--- a/machines/operator/test01/default.nix
+++ b/machines/operator/test01/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 7001;
    proxmox = "fediversity";
--- a/machines/operator/test02/default.nix
+++ b/machines/operator/test02/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 7002;
    proxmox = "fediversity";
--- a/machines/operator/test03/default.nix
+++ b/machines/operator/test03/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 7003;
    proxmox = "fediversity";
--- a/machines/operator/test04/default.nix
+++ b/machines/operator/test04/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 7004;
    proxmox = "fediversity";
--- a/machines/operator/test05/default.nix
+++ b/machines/operator/test05/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 7005;
    proxmox = "fediversity";
--- a/machines/operator/test06/default.nix
+++ b/machines/operator/test06/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 7006;
    proxmox = "fediversity";
--- a/machines/operator/test11/default.nix
+++ b/machines/operator/test11/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 7011;
    proxmox = "fediversity";
--- a/machines/operator/test12/default.nix
+++ b/machines/operator/test12/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 7012;
    proxmox = "fediversity";
--- a/machines/operator/test13/default.nix
+++ b/machines/operator/test13/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 7013;
    proxmox = "fediversity";
--- a/machines/operator/test14/default.nix
+++ b/machines/operator/test14/default.nix
@ -1,4 +1,6 @@
 {
  _class = "nixops4Resource";
  fediversityVm = {
    vmId = 7014;
    proxmox = "fediversity";
--- a/panel/default.nix
+++ b/panel/default.nix
@ -22,12 +22,12 @@ in
      manage
      # NixOps4 and its dependencies
-      # FIXME: grab NixOps4 and add it here
+      pkgs.nixops4
      pkgs.nix
      pkgs.openssh
    ];
    env = {
-      DEPLOYMENT_FLAKE = ../.;
+      DEPLOYMENT_FLAKE = toString ../.;
      DEPLOYMENT_NAME = "test";
      NPINS_DIRECTORY = toString ../npins;
      CREDENTIALS_DIRECTORY = toString ./.credentials;
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@ -76,6 +76,8 @@ in
 #       https://git.dgnum.eu/mdebray/djangonix/
 #       unlicensed at the time of writing, but surely worth taking some inspiration from...
 {
  _class = "nixos";
  options.services.${name} = {
    enable = mkEnableOption "Service configuration for `${name}`";
    production = mkOption {
@ -145,6 +147,7 @@ in
        NixOps4 from the package's npins-based code, we will have to do with
        this workaround.
      '';
      default = pkgs.nixops4;
    };
    deployment = {
--- a/panel/nix/overlay.nix
+++ b/panel/nix/overlay.nix
@ -8,4 +8,17 @@ let
 in
 {
  python3 = prev.lib.attrsets.recursiveUpdate prev.python3 { pkgs = extraPython3Packages; };
  nixops4 =
    let
      sources = import ../../npins;
      inherit (import sources.flake-inputs) import-flake;
      inherit
        (import-flake {
          src = ../../.;
        })
        inputs
        ;
      inherit (inputs) nixops4;
    in
    nixops4.packages.${prev.system}.default;
 }
--- a/panel/nix/package.nix
+++ b/panel/nix/package.nix
@ -60,6 +60,8 @@ let
    ];
 in
 python3.pkgs.buildPythonPackage {
  _class = "package";
  pname = name;
  inherit (pyproject.project) version;
  pyproject = true;
--- a/panel/nix/python-packages/django-pydantic-field/default.nix
+++ b/panel/nix/python-packages/django-pydantic-field/default.nix
@ -8,6 +8,8 @@
 }:
 buildPythonPackage rec {
  _class = "package";
  pname = "django-pydantic-field";
  version = "v0.3.12";
  pyproject = true;
--- a/panel/nix/python-packages/drf-pydantic/default.nix
+++ b/panel/nix/python-packages/drf-pydantic/default.nix
@ -10,6 +10,8 @@
 }:
 buildPythonPackage rec {
  _class = "package";
  pname = "drf-pydantic";
  version = "v2.7.1";
  pyproject = true;
--- a/panel/nix/tests.nix
+++ b/panel/nix/tests.nix
@ -13,7 +13,6 @@ let
      secrets = {
        SECRET_KEY = pkgs.writeText "SECRET_KEY" "secret";
      };
      nixops4Package = pkgs.hello; # FIXME: actually pass NixOps4
    };
    virtualisation = {
--- a/services/default.nix
+++ b/services/default.nix
@ -6,8 +6,8 @@
 }:
 {
  tests = {
-    mastodon = import ./tests/mastodon.nix { inherit pkgs; };
+    mastodon = pkgs.nixosTest ./tests/mastodon.nix;
-    pixelfed-garage = import ./tests/pixelfed-garage.nix { inherit pkgs; };
+    pixelfed-garage = pkgs.nixosTest ./tests/pixelfed-garage.nix;
-    peertube = import ./tests/peertube.nix { inherit pkgs; };
+    peertube = pkgs.nixosTest ./tests/peertube.nix;
  };
 }
--- a/services/fediversity/default.nix
+++ b/services/fediversity/default.nix
@ -6,6 +6,8 @@ let
 in
 {
  _class = "nixos";
  imports = [
    ./garage
    ./mastodon
--- a/services/fediversity/garage/default.nix
+++ b/services/fediversity/garage/default.nix
@ -97,6 +97,8 @@ let
 in
 {
  _class = "nixos";
  imports = [ ./options.nix ];
  config = mkIf config.fediversity.garage.enable {
--- a/services/fediversity/garage/options.nix
+++ b/services/fediversity/garage/options.nix
@ -5,6 +5,8 @@ let
 in
 {
  _class = "nixos";
  options.fediversity.garage = {
    enable = mkEnableOption "Enable a Garage server on the machine";
--- a/services/fediversity/mastodon/default.nix
+++ b/services/fediversity/mastodon/default.nix
@ -11,6 +11,8 @@ let
 in
 {
  _class = "nixos";
  imports = [ ./options.nix ];
  config = mkMerge [
--- a/services/fediversity/mastodon/options.nix
+++ b/services/fediversity/mastodon/options.nix
@ -1,6 +1,8 @@
 { config, lib, ... }:
 {
  _class = "nixos";
  options.fediversity.mastodon =
    (import ../sharedOptions.nix {
      inherit config lib;
--- a/services/fediversity/peertube/default.nix
+++ b/services/fediversity/peertube/default.nix
@ -5,6 +5,8 @@ let
 in
 {
  _class = "nixos";
  imports = [ ./options.nix ];
  config = mkMerge [
--- a/services/fediversity/peertube/options.nix
+++ b/services/fediversity/peertube/options.nix
@ -6,6 +6,8 @@ let
 in
 {
  _class = "nixos";
  options.fediversity.peertube =
    (import ../sharedOptions.nix {
      inherit config lib;
--- a/services/fediversity/pixelfed/default.nix
+++ b/services/fediversity/pixelfed/default.nix
@ -15,6 +15,8 @@ let
 in
 {
  _class = "nixos";
  imports = [ ./options.nix ];
  config = mkMerge [
--- a/services/fediversity/pixelfed/options.nix
+++ b/services/fediversity/pixelfed/options.nix
@ -1,6 +1,8 @@
 { config, lib, ... }:
 {
  _class = "nixos";
  options.fediversity.pixelfed =
    (import ../sharedOptions.nix {
      inherit config lib;
--- a/services/fediversity/sharedOptions.nix
+++ b/services/fediversity/sharedOptions.nix
@ -14,6 +14,8 @@ let
 in
 {
  _class = "nixos";
  enable = mkEnableOption "Enable a ${serviceDocName} server on the machine";
  s3AccessKeyFile = mkOption {
--- a/services/tests/mastodon.nix
+++ b/services/tests/mastodon.nix
@ -42,7 +42,7 @@ let
      '';
 in
-pkgs.nixosTest {
+{
  name = "mastodon";
  nodes = {
--- a/services/tests/peertube.nix
+++ b/services/tests/peertube.nix
@ -161,7 +161,7 @@ let
  '';
 in
-pkgs.nixosTest {
+{
  name = "peertube";
  nodes = {
--- a/services/tests/pixelfed-garage.nix
+++ b/services/tests/pixelfed-garage.nix
@ -114,7 +114,7 @@ let
        ${seleniumQuit}'';
 in
-pkgs.nixosTest {
+{
  name = "test-pixelfed-garage";
  nodes = {
--- a/services/tests/rebuildableTest.nix
+++ b/services/tests/rebuildableTest.nix
@ -127,6 +127,8 @@ let
      preOverride = pkgs.nixosTest (
        test
        // {
          _class = "nixosTest";
          interactive = (test.interactive or { }) // {
            # no need to // with test.interactive.nodes here, since we are iterating
            # over all of them, and adding back in the config via `imports`
--- a/services/vm/garage-vm.nix
+++ b/services/vm/garage-vm.nix
@ -10,6 +10,8 @@ let
 in
 {
  _class = "nixos";
  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
  fediversity.garage.enable = true;
--- a/services/vm/interactive-vm.nix
+++ b/services/vm/interactive-vm.nix
@ -1,6 +1,8 @@
 # customize nixos-rebuild build-vm to be a bit more convenient
 { pkgs, ... }:
 {
  _class = "nixos";
  # let us log in
  users.mutableUsers = false;
  users.users.root.hashedPassword = "";
--- a/services/vm/mastodon-vm.nix
+++ b/services/vm/mastodon-vm.nix
@ -6,6 +6,7 @@
  ...
 }:
 {
  _class = "nixos";
  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
--- a/services/vm/peertube-vm.nix
+++ b/services/vm/peertube-vm.nix
@ -5,6 +5,8 @@
 }:
 {
  _class = "nixos";
  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
  fediversity = {
--- a/services/vm/pixelfed-vm.nix
+++ b/services/vm/pixelfed-vm.nix
@ -11,6 +11,8 @@ let
 in
 {
  _class = "nixos";
  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
  fediversity = {
Author	SHA1	Message	Date
Kiara Grouwstra	d53dff003e	upgrade memory to resolve oom	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	604803aea3	[wip] handling env file (still fails)	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	5d0ecc08c1	use templating fork	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	c1141534a9	add tests, fix some things	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	441097a49b	unrelated improvements	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	86bed1ced1	move from dev to operator	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	721e0ae961	WIP: add attic cache, see #92 flesh out attic TODO keys nginx-port testing fix key fix key	2025-07-01 17:57:00 +02:00
Nicolas “Niols” Jeannerod	c1dc0fef01	Split nameservers between IPv4 and IPv6 (#420 ) Reviewed-on: Fediversity/Fediversity#420 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com> Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>	2025-07-01 13:09:06 +02:00
Kiara Grouwstra	5a3cbe4d83	fix agenix package in shell (#422 ) as per Fediversity/Fediversity#419 (comment) Reviewed-on: Fediversity/Fediversity#422 Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-07-01 11:29:38 +02:00
Kiara Grouwstra	fd1d55df5f	move shell from flake	2025-07-01 10:22:58 +02:00
Kiara Grouwstra	0c23115cff	allow configuring network interface (#413 ) Reviewed-on: Fediversity/Fediversity#413 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-30 19:23:51 +02:00
Nicolas “Niols” Jeannerod	3f1c8a9bb7	Document why Nix and OpenSSH lost in #412. Alternatively, we could have a comment on both lines saying eg. “for NixOps4”	2025-06-30 14:30:29 +02:00
Kiara Grouwstra	737aecaba6	set default value for nixops4Package (#412 ) Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Reviewed-on: Fediversity/Fediversity#412 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-30 12:44:53 +02:00
Kiara Grouwstra	d7dbdd923c	make CI test invocations idempotent to better facilitate manual use (#416 ) Reviewed-on: Fediversity/Fediversity#416 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-30 12:42:19 +02:00
Kiara Grouwstra	1c44004cfe	update documentation for #375 (#406 ) Reviewed-on: Fediversity/Fediversity#406 Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-27 14:40:40 +02:00
Kiara Grouwstra	ae444d5352	simplify imports (#415 ) Reviewed-on: Fediversity/Fediversity#415 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-27 14:01:41 +02:00
Valentin Gagarin	e77fdd9eec	expose nixops4 in `nix-shell` (#411 ) Instead of Fediversity/Fediversity#406 Eventually we should merge `//panel/default.nix` with `//default.nix` of course. Co-authored-by: Nicolas Jeannerod <nicolas.jeannerod@moduscreate.com> Reviewed-on: Fediversity/Fediversity#411 Reviewed-by: Nicolas Jeannerod <nicolas.jeannerod@moduscreate.com> Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-committed-by: Valentin Gagarin <valentin.gagarin@tweag.io>	2025-06-27 12:00:47 +02:00
Kiara Grouwstra	1f1cf0d516	unset class, fixing #408 (#410 ) Reviewed-on: Fediversity/Fediversity#410 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-27 11:53:17 +02:00
Kiara Grouwstra	f94eac698a	disable updater schedule while it hangs	2025-06-26 17:01:40 +02:00
Kiara Grouwstra	46182e7512	fix workflow step title (#404 ) split off from #399 Reviewed-on: Fediversity/Fediversity#404 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-24 08:58:01 +02:00
Kiara Grouwstra	9a25a04bfa	specify `_class` module attributes to explicitly declare module types (#398 ) closes #93. note that this includes classes: - `nixos` - `nixosTest` - `nixops4Resource` - `nixops4Deployment` .. and my (made-up, as per the [docs](https://ryantm.github.io/nixpkgs/module-system/module-system/#module-system-lib-evalModules-param-class)): - `nix-unit` - `package` .. while i did not manage to cover: - service tests, given `pkgs.nixosTest` seemed to not actually like `_class = "nixosTest"` (?!) ... nor #93's mentioned destructured arguments for that matter, as per Fediversity/Fediversity#93 (comment) - let me know if that is still desired as well. Reviewed-on: Fediversity/Fediversity#398 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-23 17:24:54 +02:00
Valentin Gagarin	c1b33121b6	expose npins in shell for CI (#403 ) Should fix Fediversity/Fediversity#65 (comment) Reviewed-on: Fediversity/Fediversity#403 Reviewed-by: kiara Grouwstra <kiara@procolix.eu> Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-committed-by: Valentin Gagarin <valentin.gagarin@tweag.io>	2025-06-23 17:21:32 +02:00
Kiara Grouwstra	d073bd706d	cast `DEPLOYMENT_FLAKE` to string	2025-06-22 14:42:14 +02:00
Kiara Grouwstra	486b316885	run updater natively (#394 ) see Fediversity/Fediversity#65 (comment). closes #65. Reviewed-on: Fediversity/Fediversity#394 Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-20 09:41:38 +02:00
Kiara Grouwstra	611c961dcf	separate test declarations from invocations (#396 ) see Fediversity/Fediversity#395 (comment) Reviewed-on: Fediversity/Fediversity#396 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-19 18:11:08 +02:00