upgrade memory to resolve oom

[wip] handling env file (still fails)
use templating fork
2025-07-01 17:57:00 +02:00 · 2025-07-01 17:57:00 +02:00 · 2025-07-01 17:57:00 +02:00 · 2025-07-01 17:57:00 +02:00 · 2025-07-01 17:57:00 +02:00 · 2025-07-01 17:57:00 +02:00
70 changed files with 227 additions and 81 deletions
--- a/.forgejo/workflows/update.yaml
+++ b/.forgejo/workflows/update.yaml
@ -2,20 +2,22 @@ name: update-dependencies

 on:
  workflow_dispatch: # allows manual triggering
-  schedule:
-    - cron: '0 0 1 * *' # monthly
+  # FIXME: re-enable when manual run works
+  # schedule:
+  #   - cron: '0 0 1 * *' # monthly

 jobs:
  lockfile:
-    runs-on: ubuntu-latest
+    runs-on: native
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
-      - name: Install npins
-        run: nix profile install 'nixpkgs#npins'
-      - name: Update npins sources
-        uses: getchoo/update-npins@v0
+      - name: Update pins
+        run: nix-shell --run "npins update"
+      - name: Create PR
+        uses: peter-evans/create-pull-request@v7
        with:
          token: "${{ secrets.DEPLOY_KEY }}"
+          branch: npins-update
+          commit-message: "npins: update sources"
+          title: "npins: update sources"
--- a/default.nix
+++ b/default.nix
@ -10,6 +10,8 @@ let
    gitignore
    ;
  inherit (pkgs) lib;
+  inherit (import sources.flake-inputs) import-flake;
+  inherit ((import-flake { src = ./.; }).inputs) nixops4;
  pre-commit-check =
    (import "${git-hooks}/nix" {
      inherit nixpkgs system;
@ -55,8 +57,15 @@ in
        };
      in
      [
+        pkgs.npins
+        pkgs.nil
+        (pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
+        pkgs.openssh
+        pkgs.httpie
+        pkgs.jq
        pkgs.nix-unit
        test-loop
+        nixops4.packages.${system}.default
      ];
  };

--- a/deployment/check/basic/flake-part.nix
+++ b/deployment/check/basic/flake-part.nix
@ -17,6 +17,8 @@ let

 in
 {
+  _class = "flake";
+
  perSystem =
    { pkgs, ... }:
    {
--- a/deployment/check/basic/nixosTest.nix
+++ b/deployment/check/basic/nixosTest.nix
@ -1,6 +1,8 @@
 { inputs, ... }:

 {
+  _class = "nixosTest";
+
  name = "deployment-basic";

  nodes.deployer =
--- a/deployment/check/cli/flake-part.nix
+++ b/deployment/check/cli/flake-part.nix
@ -21,6 +21,8 @@ let

 in
 {
+  _class = "flake";
+
  perSystem =
    { pkgs, ... }:
    {
--- a/deployment/check/cli/nixosTest.nix
+++ b/deployment/check/cli/nixosTest.nix
@ -7,6 +7,8 @@ let
 in

 {
+  _class = "nixosTest";
+
  name = "deployment-cli";

  nodes.deployer =
--- a/deployment/check/common/deployerNode.nix
+++ b/deployment/check/common/deployerNode.nix
@ -18,6 +18,8 @@ let

 in
 {
+  _class = "nixos";
+
  imports = [ ./sharedOptions.nix ];

  options.system.extraDependenciesFromModule = mkOption {
--- a/deployment/check/common/nixosTest.nix
+++ b/deployment/check/common/nixosTest.nix
@ -42,6 +42,8 @@ let

 in
 {
+  _class = "nixosTest";
+
  imports = [
    ./sharedOptions.nix
  ];
--- a/deployment/check/common/sharedOptions.nix
+++ b/deployment/check/common/sharedOptions.nix
@ -11,6 +11,7 @@ let
  inherit (lib) mkOption types;

 in
+# `config` not set and imported from multiple places: no fixed module class
 {
  options = {
    targetMachines = mkOption {
--- a/deployment/check/common/targetNode.nix
+++ b/deployment/check/common/targetNode.nix
@ -12,6 +12,8 @@ let

 in
 {
+  _class = "nixos";
+
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
    (modulesPath + "/../lib/testing/nixos-test-base.nix")
--- a/deployment/check/common/targetResource.nix
+++ b/deployment/check/common/targetResource.nix
@ -12,6 +12,8 @@ let
 in

 {
+  _class = "nixops4Resource";
+
  imports = [ ./sharedOptions.nix ];

  options = {
--- a/deployment/check/panel/flake-part.nix
+++ b/deployment/check/panel/flake-part.nix
@ -24,6 +24,8 @@ let

 in
 {
+  _class = "flake";
+
  perSystem =
    { pkgs, ... }:
    {
--- a/deployment/check/panel/nixosTest.nix
+++ b/deployment/check/panel/nixosTest.nix
@ -123,6 +123,8 @@ let
 in

 {
+  _class = "nixosTest";
+
  name = "deployment-panel";

  ## The panel's module sets `nixpkgs.overlays` which clashes with
@ -155,7 +157,6 @@ in
          SECRET_KEY = dummyFile;
        };
        port = panelPort;
-        nixops4Package = inputs.nixops4.packages.${pkgs.system}.default;

        deployment = {
          flake = "/run/fedipanel/flake";
--- a/deployment/data-model-test.nix
+++ b/deployment/data-model-test.nix
@ -11,6 +11,8 @@ let
    }).config;
 in
 {
+  _class = "nix-unit";
+
  test-eval = {
    expr =
      let
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@ -7,6 +7,8 @@ let
 in
 with types;
 {
+  _class = "nixops4Deployment";
+
  options = {
    runtime-environments = mkOption {
      description = "Collection of runtime environments into which applications can be deployed";
--- a/deployment/default.nix
+++ b/deployment/default.nix
@ -67,6 +67,8 @@ let
  cfg = config.deployment;
 in
 {
+  _class = "nixops4Deployment";
+
  options = {
    deployment = lib.mkOption {
      description = ''
--- a/deployment/flake-part.nix
+++ b/deployment/flake-part.nix
@ -1,4 +1,6 @@
 {
+  _class = "flake";
+
  imports = [
    ./check/basic/flake-part.nix
    ./check/cli/flake-part.nix
--- a/deployment/options.nix
+++ b/deployment/options.nix
@ -17,6 +17,8 @@ let
  inherit (lib) types mkOption;
 in
 {
+  _class = "nixops4Deployment";
+
  options = {
    enable = lib.mkEnableOption "Fediversity configuration";
    domain = mkOption {
--- a/flake.nix
+++ b/flake.nix
@ -11,7 +11,7 @@
    let
      sources = import ./npins;
      inherit (import sources.flake-inputs) import-flake;
-      inherit (sources) git-hooks agenix;
+      inherit (sources) git-hooks;
      # XXX(@fricklerhandwerk): this atrocity is required to splice in a foreign Nixpkgs via flake-parts
      # XXX - this is just importing a flake
      nixpkgs = import-flake { src = sources.nixpkgs; };
@ -43,7 +43,7 @@
          ];

          imports = [
-            (import "${git-hooks}/flake-module.nix")
+            "${git-hooks}/flake-module.nix"
            inputs.nixops4.modules.flake.default

            ./deployment/flake-part.nix
@ -54,7 +54,6 @@
            {
              pkgs,
              lib,
-              inputs',
              ...
            }:
            {
@ -73,21 +72,6 @@
                  trim-trailing-whitespace.enable = true;
                  shellcheck.enable = true;
                };
-
-              devShells.default = pkgs.mkShell {
-                packages = [
-                  pkgs.npins
-                  pkgs.nil
-                  (pkgs.callPackage "${agenix}/pkgs/agenix.nix" { })
-                  pkgs.openssh
-                  pkgs.httpie
-                  pkgs.jq
-                  # exposing this env var as a hack to pass info in from form
-                  (inputs'.nixops4.packages.default.overrideAttrs {
-                    impureEnvVars = [ "DEPLOYMENT" ];
-                  })
-                ];
-              };
            };
        }
      );
--- a/infra/common/nixos/default.nix
+++ b/infra/common/nixos/default.nix
@ -5,6 +5,8 @@ let

 in
 {
+  _class = "nixos";
+
  imports = [
    ./hardware.nix
    ./networking.nix
--- a/infra/common/nixos/hardware.nix
+++ b/infra/common/nixos/hardware.nix
@ -1,6 +1,8 @@
 { modulesPath, ... }:

 {
+  _class = "nixos";
+
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];

  boot = {
--- a/infra/common/nixos/networking.nix
+++ b/infra/common/nixos/networking.nix
@ -1,63 +1,64 @@
 { config, lib, ... }:

 let
-  inherit (lib) mkDefault;
+  inherit (lib) mkDefault mkIf mkMerge;

 in
 {
+  _class = "nixos";
+
  config = {
    services.openssh = {
      enable = true;
      settings.PasswordAuthentication = false;
    };

-    networking = {
+    networking = mkMerge [
+      {
        hostName = config.fediversityVm.name;
        domain = config.fediversityVm.domain;

        ## REVIEW: Do we actually need that, considering that we have static IPs?
        useDHCP = mkDefault true;

-      interfaces = {
-        eth0 = {
-          ipv4 = {
-            addresses = [
-              {
-                inherit (config.fediversityVm.ipv4) address prefixLength;
-              }
-            ];
-          };
-          ipv6 = {
-            addresses = [
-              {
-                inherit (config.fediversityVm.ipv6) address prefixLength;
-              }
-            ];
-          };
-        };
-      };
-
-      defaultGateway = {
-        address = config.fediversityVm.ipv4.gateway;
-        interface = "eth0";
-      };
-      defaultGateway6 = {
-        address = config.fediversityVm.ipv6.gateway;
-        interface = "eth0";
-      };
-
-      nameservers = [
-        "95.215.185.6"
-        "95.215.185.7"
-        "2a00:51c0::5fd7:b906"
-        "2a00:51c0::5fd7:b907"
-      ];
-
+        ## Disable the default firewall and use nftables instead, with a custom
+        ## Procolix-made ruleset.
        firewall.enable = false;
        nftables = {
          enable = true;
          rulesetFile = ./nftables-ruleset.nft;
        };
+      }
+
+      ## IPv4
+      (mkIf config.fediversityVm.ipv4.enable {
+        interfaces.${config.fediversityVm.ipv4.interface}.ipv4.addresses = [
+          { inherit (config.fediversityVm.ipv4) address prefixLength; }
+        ];
+        defaultGateway = {
+          address = config.fediversityVm.ipv4.gateway;
+          interface = config.fediversityVm.ipv4.interface;
        };
+        nameservers = [
+          "95.215.185.6"
+          "95.215.185.7"
+        ];
+      })
+
+      ## IPv6
+      (mkIf config.fediversityVm.ipv6.enable {
+        interfaces.${config.fediversityVm.ipv6.interface}.ipv6.addresses = [
+          { inherit (config.fediversityVm.ipv6) address prefixLength; }
+        ];
+        defaultGateway6 = {
+          address = config.fediversityVm.ipv6.gateway;
+          interface = config.fediversityVm.ipv6.interface;
+        };
+        nameservers = [
+          "2a00:51c0::5fd7:b906"
+          "2a00:51c0::5fd7:b907"
+        ];
+      })
+    ];
  };
 }
--- a/infra/common/nixos/users.nix
+++ b/infra/common/nixos/users.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixos";
+
  users.users = {
    procolix = {
      isNormalUser = true;
--- a/infra/common/options.nix
+++ b/infra/common/options.nix
@ -6,6 +6,8 @@ let

 in
 {
+  # `config` not set and imported from multiple places: no fixed module class
+
  options.fediversityVm = {

    ##########################################################################
@ -89,6 +91,17 @@ in
    };

    ipv4 = {
+      enable = mkOption {
+        default = true;
+      };
+
+      interface = mkOption {
+        description = ''
+          The interface that carries the machine's IPv4 network.
+        '';
+        default = "eth0";
+      };
+
      address = mkOption {
        description = ''
          The IP address of the machine, version 4. It will be injected as a
@ -114,6 +127,17 @@ in
    };

    ipv6 = {
+      enable = mkOption {
+        default = true;
+      };
+
+      interface = mkOption {
+        description = ''
+          The interface that carries the machine's IPv6 network.
+        '';
+        default = "eth0";
+      };
+
      address = mkOption {
        description = ''
          The IP address of the machine, version 6. It will be injected as a
--- a/infra/common/resource.nix
+++ b/infra/common/resource.nix
@ -18,6 +18,8 @@ let

 in
 {
+  _class = "nixops4Resource";
+
  imports = [ ./options.nix ];

  fediversityVm.hostPublicKey = mkDefault keys.systems.${config.fediversityVm.name};
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -159,6 +159,8 @@ let

 in
 {
+  _class = "flake";
+
  ## - Each normal or test machine gets a NixOS configuration.
  ## - Each normal or test machine gets a VM options entry.
  ## - Each normal machine gets a deployment.
--- a/machines/dev/fedi200/default.nix
+++ b/machines/dev/fedi200/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 200;
    proxmox = "fediversity";
--- a/machines/dev/fedi201/default.nix
+++ b/machines/dev/fedi201/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 201;
    proxmox = "fediversity";
--- a/machines/dev/fedi201/fedipanel.nix
+++ b/machines/dev/fedi201/fedipanel.nix
@ -6,6 +6,8 @@ let
  name = "panel";
 in
 {
+  _class = "nixos";
+
  imports = [
    (import ../../../panel { }).module
  ];
--- a/machines/dev/vm02116/default.nix
+++ b/machines/dev/vm02116/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 2116;
    proxmox = "procolix";
--- a/machines/dev/vm02116/forgejo.nix
+++ b/machines/dev/vm02116/forgejo.nix
@ -5,6 +5,8 @@ let

 in
 {
+  _class = "nixos";
+
  services.forgejo = {
    enable = true;

--- a/machines/dev/vm02187/default.nix
+++ b/machines/dev/vm02187/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 2187;
    proxmox = "procolix";
--- a/machines/dev/vm02187/wiki.nix
+++ b/machines/dev/vm02187/wiki.nix
@ -1,6 +1,8 @@
 { config, ... }:

 {
+  _class = "nixos";
+
  services.phpfpm.pools.mediawiki.phpOptions = ''
    upload_max_filesize = 1024M;
    post_max_size = 1024M;
--- a/machines/operator/test01/default.nix
+++ b/machines/operator/test01/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 7001;
    proxmox = "fediversity";
--- a/machines/operator/test02/default.nix
+++ b/machines/operator/test02/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 7002;
    proxmox = "fediversity";
--- a/machines/operator/test03/default.nix
+++ b/machines/operator/test03/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 7003;
    proxmox = "fediversity";
--- a/machines/operator/test04/default.nix
+++ b/machines/operator/test04/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 7004;
    proxmox = "fediversity";
--- a/machines/operator/test05/default.nix
+++ b/machines/operator/test05/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 7005;
    proxmox = "fediversity";
--- a/machines/operator/test06/default.nix
+++ b/machines/operator/test06/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 7006;
    proxmox = "fediversity";
--- a/machines/operator/test11/default.nix
+++ b/machines/operator/test11/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 7011;
    proxmox = "fediversity";
--- a/machines/operator/test12/default.nix
+++ b/machines/operator/test12/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 7012;
    proxmox = "fediversity";
--- a/machines/operator/test13/default.nix
+++ b/machines/operator/test13/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 7013;
    proxmox = "fediversity";
--- a/machines/operator/test14/default.nix
+++ b/machines/operator/test14/default.nix
@ -1,4 +1,6 @@
 {
+  _class = "nixops4Resource";
+
  fediversityVm = {
    vmId = 7014;
    proxmox = "fediversity";
--- a/panel/default.nix
+++ b/panel/default.nix
@ -22,12 +22,12 @@ in
      manage

      # NixOps4 and its dependencies
-      # FIXME: grab NixOps4 and add it here
+      pkgs.nixops4
      pkgs.nix
      pkgs.openssh
    ];
    env = {
-      DEPLOYMENT_FLAKE = ../.;
+      DEPLOYMENT_FLAKE = toString ../.;
      DEPLOYMENT_NAME = "test";
      NPINS_DIRECTORY = toString ../npins;
      CREDENTIALS_DIRECTORY = toString ./.credentials;
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@ -76,6 +76,8 @@ in
 #       https://git.dgnum.eu/mdebray/djangonix/
 #       unlicensed at the time of writing, but surely worth taking some inspiration from...
 {
+  _class = "nixos";
+
  options.services.${name} = {
    enable = mkEnableOption "Service configuration for `${name}`";
    production = mkOption {
@ -145,6 +147,7 @@ in
        NixOps4 from the package's npins-based code, we will have to do with
        this workaround.
      '';
+      default = pkgs.nixops4;
    };

    deployment = {
--- a/panel/nix/overlay.nix
+++ b/panel/nix/overlay.nix
@ -8,4 +8,17 @@ let
 in
 {
  python3 = prev.lib.attrsets.recursiveUpdate prev.python3 { pkgs = extraPython3Packages; };
+  nixops4 =
+    let
+      sources = import ../../npins;
+      inherit (import sources.flake-inputs) import-flake;
+      inherit
+        (import-flake {
+          src = ../../.;
+        })
+        inputs
+        ;
+      inherit (inputs) nixops4;
+    in
+    nixops4.packages.${prev.system}.default;
 }
--- a/panel/nix/package.nix
+++ b/panel/nix/package.nix
@ -60,6 +60,8 @@ let
    ];
 in
 python3.pkgs.buildPythonPackage {
+  _class = "package";
+
  pname = name;
  inherit (pyproject.project) version;
  pyproject = true;
--- a/panel/nix/python-packages/django-pydantic-field/default.nix
+++ b/panel/nix/python-packages/django-pydantic-field/default.nix
@ -8,6 +8,8 @@
 }:

 buildPythonPackage rec {
+  _class = "package";
+
  pname = "django-pydantic-field";
  version = "v0.3.12";
  pyproject = true;
--- a/panel/nix/python-packages/drf-pydantic/default.nix
+++ b/panel/nix/python-packages/drf-pydantic/default.nix
@ -10,6 +10,8 @@
 }:

 buildPythonPackage rec {
+  _class = "package";
+
  pname = "drf-pydantic";
  version = "v2.7.1";
  pyproject = true;
--- a/panel/nix/tests.nix
+++ b/panel/nix/tests.nix
@ -13,7 +13,6 @@ let
      secrets = {
        SECRET_KEY = pkgs.writeText "SECRET_KEY" "secret";
      };
-      nixops4Package = pkgs.hello; # FIXME: actually pass NixOps4
    };

    virtualisation = {
--- a/services/default.nix
+++ b/services/default.nix
@ -6,8 +6,8 @@
 }:
 {
  tests = {
-    mastodon = import ./tests/mastodon.nix { inherit pkgs; };
-    pixelfed-garage = import ./tests/pixelfed-garage.nix { inherit pkgs; };
-    peertube = import ./tests/peertube.nix { inherit pkgs; };
+    mastodon = pkgs.nixosTest ./tests/mastodon.nix;
+    pixelfed-garage = pkgs.nixosTest ./tests/pixelfed-garage.nix;
+    peertube = pkgs.nixosTest ./tests/peertube.nix;
  };
 }
--- a/services/fediversity/default.nix
+++ b/services/fediversity/default.nix
@ -6,6 +6,8 @@ let

 in
 {
+  _class = "nixos";
+
  imports = [
    ./garage
    ./mastodon
--- a/services/fediversity/garage/default.nix
+++ b/services/fediversity/garage/default.nix
@ -97,6 +97,8 @@ let

 in
 {
+  _class = "nixos";
+
  imports = [ ./options.nix ];

  config = mkIf config.fediversity.garage.enable {
--- a/services/fediversity/garage/options.nix
+++ b/services/fediversity/garage/options.nix
@ -5,6 +5,8 @@ let
 in

 {
+  _class = "nixos";
+
  options.fediversity.garage = {
    enable = mkEnableOption "Enable a Garage server on the machine";

--- a/services/fediversity/mastodon/default.nix
+++ b/services/fediversity/mastodon/default.nix
@ -11,6 +11,8 @@ let

 in
 {
+  _class = "nixos";
+
  imports = [ ./options.nix ];

  config = mkMerge [
--- a/services/fediversity/mastodon/options.nix
+++ b/services/fediversity/mastodon/options.nix
@ -1,6 +1,8 @@
 { config, lib, ... }:

 {
+  _class = "nixos";
+
  options.fediversity.mastodon =
    (import ../sharedOptions.nix {
      inherit config lib;
--- a/services/fediversity/peertube/default.nix
+++ b/services/fediversity/peertube/default.nix
@ -5,6 +5,8 @@ let

 in
 {
+  _class = "nixos";
+
  imports = [ ./options.nix ];

  config = mkMerge [
--- a/services/fediversity/peertube/options.nix
+++ b/services/fediversity/peertube/options.nix
@ -6,6 +6,8 @@ let

 in
 {
+  _class = "nixos";
+
  options.fediversity.peertube =
    (import ../sharedOptions.nix {
      inherit config lib;
--- a/services/fediversity/pixelfed/default.nix
+++ b/services/fediversity/pixelfed/default.nix
@ -15,6 +15,8 @@ let

 in
 {
+  _class = "nixos";
+
  imports = [ ./options.nix ];

  config = mkMerge [
--- a/services/fediversity/pixelfed/options.nix
+++ b/services/fediversity/pixelfed/options.nix
@ -1,6 +1,8 @@
 { config, lib, ... }:

 {
+  _class = "nixos";
+
  options.fediversity.pixelfed =
    (import ../sharedOptions.nix {
      inherit config lib;
--- a/services/fediversity/sharedOptions.nix
+++ b/services/fediversity/sharedOptions.nix
@ -14,6 +14,8 @@ let

 in
 {
+  _class = "nixos";
+
  enable = mkEnableOption "Enable a ${serviceDocName} server on the machine";

  s3AccessKeyFile = mkOption {
--- a/services/tests/mastodon.nix
+++ b/services/tests/mastodon.nix
@ -42,7 +42,7 @@ let
      '';
 in

-pkgs.nixosTest {
+{
  name = "mastodon";

  nodes = {
--- a/services/tests/peertube.nix
+++ b/services/tests/peertube.nix
@ -161,7 +161,7 @@ let
  '';
 in

-pkgs.nixosTest {
+{
  name = "peertube";

  nodes = {
--- a/services/tests/pixelfed-garage.nix
+++ b/services/tests/pixelfed-garage.nix
@ -114,7 +114,7 @@ let
        ${seleniumQuit}'';

 in
-pkgs.nixosTest {
+{
  name = "test-pixelfed-garage";

  nodes = {
--- a/services/tests/rebuildableTest.nix
+++ b/services/tests/rebuildableTest.nix
@ -127,6 +127,8 @@ let
      preOverride = pkgs.nixosTest (
        test
        // {
+          _class = "nixosTest";
+
          interactive = (test.interactive or { }) // {
            # no need to // with test.interactive.nodes here, since we are iterating
            # over all of them, and adding back in the config via `imports`
--- a/services/vm/garage-vm.nix
+++ b/services/vm/garage-vm.nix
@ -10,6 +10,8 @@ let

 in
 {
+  _class = "nixos";
+
  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];

  fediversity.garage.enable = true;
--- a/services/vm/interactive-vm.nix
+++ b/services/vm/interactive-vm.nix
@ -1,6 +1,8 @@
 # customize nixos-rebuild build-vm to be a bit more convenient
 { pkgs, ... }:
 {
+  _class = "nixos";
+
  # let us log in
  users.mutableUsers = false;
  users.users.root.hashedPassword = "";
--- a/services/vm/mastodon-vm.nix
+++ b/services/vm/mastodon-vm.nix
@ -6,6 +6,7 @@
  ...
 }:
 {
+  _class = "nixos";

  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];

--- a/services/vm/peertube-vm.nix
+++ b/services/vm/peertube-vm.nix
@ -5,6 +5,8 @@
 }:

 {
+  _class = "nixos";
+
  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];

  fediversity = {
--- a/services/vm/pixelfed-vm.nix
+++ b/services/vm/pixelfed-vm.nix
@ -11,6 +11,8 @@ let
 in

 {
+  _class = "nixos";
+
  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];

  fediversity = {
Author	SHA1	Message	Date
Kiara Grouwstra	d53dff003e	upgrade memory to resolve oom	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	604803aea3	[wip] handling env file (still fails)	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	5d0ecc08c1	use templating fork	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	c1141534a9	add tests, fix some things	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	441097a49b	unrelated improvements	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	86bed1ced1	move from dev to operator	2025-07-01 17:57:00 +02:00
Kiara Grouwstra	721e0ae961	WIP: add attic cache, see #92 flesh out attic TODO keys nginx-port testing fix key fix key	2025-07-01 17:57:00 +02:00
Nicolas “Niols” Jeannerod	c1dc0fef01	Split nameservers between IPv4 and IPv6 (#420 ) Reviewed-on: Fediversity/Fediversity#420 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com> Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>	2025-07-01 13:09:06 +02:00
Kiara Grouwstra	5a3cbe4d83	fix agenix package in shell (#422 ) as per Fediversity/Fediversity#419 (comment) Reviewed-on: Fediversity/Fediversity#422 Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-07-01 11:29:38 +02:00
Kiara Grouwstra	fd1d55df5f	move shell from flake	2025-07-01 10:22:58 +02:00
Kiara Grouwstra	0c23115cff	allow configuring network interface (#413 ) Reviewed-on: Fediversity/Fediversity#413 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-30 19:23:51 +02:00
Nicolas “Niols” Jeannerod	3f1c8a9bb7	Document why Nix and OpenSSH lost in #412. Alternatively, we could have a comment on both lines saying eg. “for NixOps4”	2025-06-30 14:30:29 +02:00
Kiara Grouwstra	737aecaba6	set default value for nixops4Package (#412 ) Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Reviewed-on: Fediversity/Fediversity#412 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-30 12:44:53 +02:00
Kiara Grouwstra	d7dbdd923c	make CI test invocations idempotent to better facilitate manual use (#416 ) Reviewed-on: Fediversity/Fediversity#416 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-30 12:42:19 +02:00
Kiara Grouwstra	1c44004cfe	update documentation for #375 (#406 ) Reviewed-on: Fediversity/Fediversity#406 Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-27 14:40:40 +02:00
Kiara Grouwstra	ae444d5352	simplify imports (#415 ) Reviewed-on: Fediversity/Fediversity#415 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-27 14:01:41 +02:00
Valentin Gagarin	e77fdd9eec	expose nixops4 in `nix-shell` (#411 ) Instead of Fediversity/Fediversity#406 Eventually we should merge `//panel/default.nix` with `//default.nix` of course. Co-authored-by: Nicolas Jeannerod <nicolas.jeannerod@moduscreate.com> Reviewed-on: Fediversity/Fediversity#411 Reviewed-by: Nicolas Jeannerod <nicolas.jeannerod@moduscreate.com> Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-committed-by: Valentin Gagarin <valentin.gagarin@tweag.io>	2025-06-27 12:00:47 +02:00
Kiara Grouwstra	1f1cf0d516	unset class, fixing #408 (#410 ) Reviewed-on: Fediversity/Fediversity#410 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-27 11:53:17 +02:00
Kiara Grouwstra	f94eac698a	disable updater schedule while it hangs	2025-06-26 17:01:40 +02:00
Kiara Grouwstra	46182e7512	fix workflow step title (#404 ) split off from #399 Reviewed-on: Fediversity/Fediversity#404 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-24 08:58:01 +02:00
Kiara Grouwstra	9a25a04bfa	specify `_class` module attributes to explicitly declare module types (#398 ) closes #93. note that this includes classes: - `nixos` - `nixosTest` - `nixops4Resource` - `nixops4Deployment` .. and my (made-up, as per the [docs](https://ryantm.github.io/nixpkgs/module-system/module-system/#module-system-lib-evalModules-param-class)): - `nix-unit` - `package` .. while i did not manage to cover: - service tests, given `pkgs.nixosTest` seemed to not actually like `_class = "nixosTest"` (?!) ... nor #93's mentioned destructured arguments for that matter, as per Fediversity/Fediversity#93 (comment) - let me know if that is still desired as well. Reviewed-on: Fediversity/Fediversity#398 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-23 17:24:54 +02:00
Valentin Gagarin	c1b33121b6	expose npins in shell for CI (#403 ) Should fix Fediversity/Fediversity#65 (comment) Reviewed-on: Fediversity/Fediversity#403 Reviewed-by: kiara Grouwstra <kiara@procolix.eu> Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-committed-by: Valentin Gagarin <valentin.gagarin@tweag.io>	2025-06-23 17:21:32 +02:00
Kiara Grouwstra	d073bd706d	cast `DEPLOYMENT_FLAKE` to string	2025-06-22 14:42:14 +02:00
Kiara Grouwstra	486b316885	run updater natively (#394 ) see Fediversity/Fediversity#65 (comment). closes #65. Reviewed-on: Fediversity/Fediversity#394 Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-20 09:41:38 +02:00
Kiara Grouwstra	611c961dcf	separate test declarations from invocations (#396 ) see Fediversity/Fediversity#395 (comment) Reviewed-on: Fediversity/Fediversity#396 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-19 18:11:08 +02:00