bash-based deployment

deduplicate flake inputs

make re-exports explicit again

Revert "deduplicate flake inputs"

This reverts commit 95769084ce.

switch launch shell to root flake's nixpkgs, see #279

use flake-sourced nixos-anywhere in tf, to reproduce modules for nix

properly pass repo dir for prod, be it with hard-coded TF init

move tf init out of python over read-only nix env

skip tf lock in views.py over read-only nix env

specify XDG_CACHE_HOME, workaround to error writing to /var/empty/.cache

update

document updating TF module

get TF in prod to the same 'installable ... does not correspond to a Nix language value' for non-flakes

seemingly gets further when a similar command is tried from terminal.
as per https://github.com/NixOS/nix/issues/8752#issuecomment-1694714693,
this may have to do with aligning the current working directory.

rm launch flake, as i seem to have reached similar progress without it

update nixos-anywhere to fix error 'installable ... does not correspond to a Nix language value'

rm comment

untrack TF generated provider/module stuff - local dev now requires following launch/README.md

for now gitignore .auto.tfvars.json used to track TF module of nixos-anywhere

in case we want that file for something else, we can move this (and its
ignore) to something separate.

use a mutable HOME in TF for nixos-anywhere to make a `.ssh` dir in - will this not backfire?

change ssh user to root

allow accessing test vms from fedi201's machine ssh key, closes #286

allow accessing test vms from fedi201's machine ssh key, closes #286

update nixpkgs to unstable - resolves manual deploy error on bootloader already on newer version

switch to bash deployment

tmp

deployment/default.nix

@@ -36,7 +36,7 @@
 panelConfig:
 
 let
-  inherit (lib) mkMerge mkIf;
+  inherit (lib) mkIf;
 
 in
 
@@ -101,90 +101,81 @@ in
 
     in
 
-    mkMerge [
+    {
+      garage-configuration = makeConfigurationResource garageConfigurationResource (
+        { pkgs, ... }:
+        mkIf (panelConfig.mastodon.enable || panelConfig.peertube.enable || panelConfig.pixelfed.enable) {
+          fediversity = {
+            inherit (panelConfig) domain;
+            garage.enable = true;
+            pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
+            mastodon = mastodonS3KeyConfig { inherit pkgs; };
+            peertube = peertubeS3KeyConfig { inherit pkgs; };
+          };
+        }
+      );
 
-      (mkIf (panelConfig.mastodon.enable || panelConfig.peertube.enable || panelConfig.pixelfed.enable) {
-        garage-configuration = makeConfigurationResource garageConfigurationResource (
-          { pkgs, ... }:
-          {
-            fediversity = {
-              inherit (panelConfig) domain;
-              garage.enable = true;
-              pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
-              mastodon = mastodonS3KeyConfig { inherit pkgs; };
-              peertube = peertubeS3KeyConfig { inherit pkgs; };
+      mastodon-configuration = makeConfigurationResource mastodonConfigurationResource (
+        { pkgs, ... }:
+        mkIf panelConfig.mastodon.enable {
+          fediversity = {
+            inherit (panelConfig) domain;
+            temp.initialUser = {
+              inherit (panelConfig.initialUser) username email displayName;
+              # FIXME: disgusting, but nvm, this is going to be replaced by
+              # proper central authentication at some point
+              passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
             };
-          }
-        );
-      })
 
-      (mkIf panelConfig.mastodon.enable {
-        mastodon-configuration = makeConfigurationResource mastodonConfigurationResource (
-          { pkgs, ... }:
-          {
-            fediversity = {
-              inherit (panelConfig) domain;
-              temp.initialUser = {
-                inherit (panelConfig.initialUser) username email displayName;
-                # FIXME: disgusting, but nvm, this is going to be replaced by
-                # proper central authentication at some point
-                passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
-              };
-
-              mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
-                enable = true;
-              };
-
-              temp.cores = 1; # FIXME: should come from NixOps4 eventually
+            mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
+              enable = true;
             };
-          }
-        );
-      })
 
-      (mkIf panelConfig.peertube.enable {
-        peertube-configuration = makeConfigurationResource peertubeConfigurationResource (
-          { pkgs, ... }:
-          {
-            fediversity = {
-              inherit (panelConfig) domain;
-              temp.initialUser = {
-                inherit (panelConfig.initialUser) username email displayName;
-                # FIXME: disgusting, but nvm, this is going to be replaced by
-                # proper central authentication at some point
-                passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
-              };
+            temp.cores = 1; # FIXME: should come from NixOps4 eventually
+          };
+        }
+      );
 
-              peertube = peertubeS3KeyConfig { inherit pkgs; } // {
-                enable = true;
-                ## NOTE: Only ever used for testing anyway.
-                ##
-                ## FIXME: Generate and store in NixOps4's state.
-                secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
-              };
+      peertube-configuration = makeConfigurationResource peertubeConfigurationResource (
+        { pkgs, ... }:
+        mkIf panelConfig.peertube.enable {
+          fediversity = {
+            inherit (panelConfig) domain;
+            temp.initialUser = {
+              inherit (panelConfig.initialUser) username email displayName;
+              # FIXME: disgusting, but nvm, this is going to be replaced by
+              # proper central authentication at some point
+              passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
             };
-          }
-        );
-      })
 
-      (mkIf panelConfig.pixelfed.enable {
-        pixelfed-configuration = makeConfigurationResource pixelfedConfigurationResource (
-          { pkgs, ... }:
-          {
-            fediversity = {
-              inherit (panelConfig) domain;
-              temp.initialUser = {
-                inherit (panelConfig.initialUser) username email displayName;
-                # FIXME: disgusting, but nvm, this is going to be replaced by
-                # proper central authentication at some point
-                passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
-              };
-
-              pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
-                enable = true;
-              };
+            peertube = peertubeS3KeyConfig { inherit pkgs; } // {
+              enable = true;
+              ## NOTE: Only ever used for testing anyway.
+              ##
+              ## FIXME: Generate and store in NixOps4's state.
+              secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
             };
-          }
-        );
-      })
-    ];
+          };
+        }
+      );
+
+      pixelfed-configuration = makeConfigurationResource pixelfedConfigurationResource (
+        { pkgs, ... }:
+        mkIf panelConfig.pixelfed.enable {
+          fediversity = {
+            inherit (panelConfig) domain;
+            temp.initialUser = {
+              inherit (panelConfig.initialUser) username email displayName;
+              # FIXME: disgusting, but nvm, this is going to be replaced by
+              # proper central authentication at some point
+              passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
+            };
+
+            pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
+              enable = true;
+            };
+          };
+        }
+      );
+    };
 }

infra/test-machines/test11/default.nix

@@ -0,0 +1,19 @@
+{
+  fediversityVm = {
+    vmId = 7011;
+    proxmox = "fediversity";
+
+    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
+    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
+
+    domain = "abundos.eu";
+    ipv4 = {
+      address = "95.215.187.61";
+      gateway = "95.215.187.1";
+    };
+    ipv6 = {
+      address = "2a00:51c0:13:1305::61";
+      gateway = "2a00:51c0:13:1305::1";
+    };
+  };
+}

infra/test-machines/test11/ssh_host_ed25519_key

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCWc7GuMI3Gzkj+mSep6MVbKDccS52jVw+nBs27yFCGVgAAAIhCymnvQspp
+7wAAAAtzc2gtZWQyNTUxOQAAACCWc7GuMI3Gzkj+mSep6MVbKDccS52jVw+nBs27yFCGVg
+AAAEAvr1aiy0DIjgdLH9bBq9uD4pf8Wakgqr34oWDPB2/E75Zzsa4wjcbOSP6ZJ6noxVso
+NxxLnaNXD6cGzbvIUIZWAAAAAAECAwQF
+-----END OPENSSH PRIVATE KEY-----

infra/test-machines/test11/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZzsa4wjcbOSP6ZJ6noxVsoNxxLnaNXD6cGzbvIUIZW

infra/test-machines/test12/default.nix

@@ -0,0 +1,19 @@
+{
+  fediversityVm = {
+    vmId = 7012;
+    proxmox = "fediversity";
+
+    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
+    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
+
+    domain = "abundos.eu";
+    ipv4 = {
+      address = "95.215.187.62";
+      gateway = "95.215.187.1";
+    };
+    ipv6 = {
+      address = "2a00:51c0:13:1305::62";
+      gateway = "2a00:51c0:13:1305::1";
+    };
+  };
+}

infra/test-machines/test12/ssh_host_ed25519_key

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBuvrzv3i07NFxONsNP7uJmefebrBhfo0pwzmC3NCAOZwAAAIiA+nIugPpy
+LgAAAAtzc2gtZWQyNTUxOQAAACBuvrzv3i07NFxONsNP7uJmefebrBhfo0pwzmC3NCAOZw
+AAAEDkpXNePQeHnf4vkDkhZI/ab9Ds2igfY0a5U1p4PrEmvm6+vO/eLTs0XE42w0/u4mZ5
+95usGF+jSnDOYLc0IA5nAAAAAAECAwQF
+-----END OPENSSH PRIVATE KEY-----

infra/test-machines/test12/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6+vO/eLTs0XE42w0/u4mZ595usGF+jSnDOYLc0IA5n

infra/test-machines/test13/default.nix

@@ -0,0 +1,19 @@
+{
+  fediversityVm = {
+    vmId = 7013;
+    proxmox = "fediversity";
+
+    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
+    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
+
+    domain = "abundos.eu";
+    ipv4 = {
+      address = "95.215.187.63";
+      gateway = "95.215.187.1";
+    };
+    ipv6 = {
+      address = "2a00:51c0:13:1305::63";
+      gateway = "2a00:51c0:13:1305::1";
+    };
+  };
+}

infra/test-machines/test13/ssh_host_ed25519_key

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACATzdyp4E+PX6lDfw2CmezguYn/lPgbpI+NUbmseEwAgwAAAIi2z3O2ts9z
+tgAAAAtzc2gtZWQyNTUxOQAAACATzdyp4E+PX6lDfw2CmezguYn/lPgbpI+NUbmseEwAgw
+AAAEDj2sn4VJhBL2a7j41mjdMWIdJ/u1betSxZ393lNd3+pBPN3KngT49fqUN/DYKZ7OC5
+if+U+Bukj41Ruax4TACDAAAAAAECAwQF
+-----END OPENSSH PRIVATE KEY-----

infra/test-machines/test13/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPN3KngT49fqUN/DYKZ7OC5if+U+Bukj41Ruax4TACD

infra/test-machines/test14/default.nix

@@ -0,0 +1,19 @@
+{
+  fediversityVm = {
+    vmId = 7014;
+    proxmox = "fediversity";
+
+    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
+    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
+
+    domain = "abundos.eu";
+    ipv4 = {
+      address = "95.215.187.64";
+      gateway = "95.215.187.1";
+    };
+    ipv6 = {
+      address = "2a00:51c0:13:1305::64";
+      gateway = "2a00:51c0:13:1305::1";
+    };
+  };
+}

infra/test-machines/test14/ssh_host_ed25519_key

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACB028Q86t8RXi7617OrckxNPKNwnpGGZqhXhppHB5n9tQAAAIhfhYlCX4WJ
+QgAAAAtzc2gtZWQyNTUxOQAAACB028Q86t8RXi7617OrckxNPKNwnpGGZqhXhppHB5n9tQ
+AAAEAualLRodpovSzGAhza2OVvg5Yp8xv3A7xUNNbKsMTKSHTbxDzq3xFeLvrXs6tyTE08
+o3CekYZmqFeGmkcHmf21AAAAAAECAwQF
+-----END OPENSSH PRIVATE KEY-----

infra/test-machines/test14/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTbxDzq3xFeLvrXs6tyTE08o3CekYZmqFeGmkcHmf21

panel/src/panel/templates/partials/deployment_result.html

@@ -1,13 +1,15 @@
-{% if deployment_status %}
-  <p>{{ deployment_status }}</p>
+{% if deployment_succeeded %}
+  <p>Deployment Succeeded</p>
 
   <ul>
-  {% for service, state in services.items %}
-    {% if state %}
+  {% for service_name, service_meta in services.items %}
+    {% if service_meta.enable %}
     <li>
-        ✓ {{ service }}
+        ✓ <a target="_blank" href={{ service_meta.url }}>{{ service_name }}</a>
     </li>
     {% endif %}
   {% endfor %}
   </ul>
+{% else %}
+  <p>Deployment Failed</p>
 {% endif %}

panel/src/panel/views.py

@@ -105,18 +105,24 @@ class DeploymentStatus(ConfigurationForm):
         # Check for deploy button
         if "deploy" in self.request.POST.keys():
             deployment_result, deployment_params = self.deployment(obj)
-            if deployment_result == 0:
-                deployment_status = "Deployment Succeeded"
-            else:
-                deployment_status = "Deployment Failed"
+            deployment_succeeded = deployment_result == 0
 
         return render(self.request, "partials/deployment_result.html", {
-            "deployment_status": deployment_status,
+            "deployment_succeeded": deployment_succeeded,
             "services": {
-                "peertube": deployment_params['peertube']['enable'],
-                "pixelfed": deployment_params['pixelfed']['enable'],
-                "mastodon": deployment_params['mastodon']['enable']
-                }
+                "peertube": {
+                    "enable": deployment_params['peertube']['enable'],
+                    "url": f"https://peertube.{deployment_params['domain']}",
+                    },
+                "pixelfed":{
+                    "enable": deployment_params['pixelfed']['enable'],
+                    "url": f"https://pixelfed.{deployment_params['domain']}",
+                    },
+                "mastodon": {
+                    "enable": deployment_params['mastodon']['enable'],
+                    "url": f"https://mastodon.{deployment_params['domain']}",
+                    },
+                },
             })
 
     def deployment(self, obj):
@@ -166,6 +172,8 @@ class DeploymentStatus(ConfigurationForm):
                         cwd=f"{settings.repo_dir}/launch",
                         env={
                             "PATH": settings.bin_path,
+                            # warning: ignoring error initializing Lix fetcher cache: error: creating directory '/var/empty/.cache': Operation not permitted
+                            "HOME": "/tmp",
                         },
                         # pass in form info to our deployment
                         input=deployment_params,