forked from fediversity/fediversity
Compare commits
7 commits
2ed4c63979
...
be83e34f9b
| Author | SHA1 | Date | |
|---|---|---|---|
be83e34f9b
|
|||
| d5218ca66c | |||
| 78f1ba3c91 | |||
| 719efd50ca | |||
| e92e927f07 | |||
| 7646147f9e | |||
| fdac470f96 |
9 changed files with 153 additions and 88 deletions
|
|
@ -12,7 +12,7 @@ on:
|
|||
|
||||
jobs:
|
||||
_checks:
|
||||
needs: ["deployment-basic","deployment-cli","deployment-model-nixops4","deployment-model-ssh","deployment-model-tf","deployment-model-tf-proxmox","deployment-panel","nixops-deployment-providers-default","nixops-deployment-providers-fedi200","nixops-deployment-providers-fedi201","nixops-deployment-providers-forgejo-ci","nixops-deployment-providers-test","nixops-deployment-providers-vm02116","nixops-deployment-providers-vm02187","nixosConfigurations-fedi200","nixosConfigurations-fedi201","nixosConfigurations-forgejo-ci","nixosConfigurations-test01","nixosConfigurations-test02","nixosConfigurations-test03","nixosConfigurations-test04","nixosConfigurations-test05","nixosConfigurations-test06","nixosConfigurations-test11","nixosConfigurations-test12","nixosConfigurations-test13","nixosConfigurations-test14","nixosConfigurations-vm02116","nixosConfigurations-vm02187","panel","pre-commit","proxmox-basic","test-mastodon-service","test-peertube-service","vmOptions-fedi200","vmOptions-fedi201","vmOptions-test01","vmOptions-test02","vmOptions-test03","vmOptions-test04","vmOptions-test05","vmOptions-test06","vmOptions-test11","vmOptions-test12","vmOptions-test13","vmOptions-test14"]
|
||||
needs: ["deployment-basic","deployment-cli","deployment-model-nixops4","deployment-model-ssh","deployment-model-tf","deployment-model-tf-proxmox","deployment-panel","nixops-deployment-providers-default","nixops-deployment-providers-fedi201","nixops-deployment-providers-forgejo-ci","nixops-deployment-providers-test","nixops-deployment-providers-vm02116","nixops-deployment-providers-vm02187","nixosConfigurations-fedi201","nixosConfigurations-forgejo-ci","nixosConfigurations-test01","nixosConfigurations-test02","nixosConfigurations-test03","nixosConfigurations-test04","nixosConfigurations-test05","nixosConfigurations-test06","nixosConfigurations-test11","nixosConfigurations-test12","nixosConfigurations-test13","nixosConfigurations-test14","nixosConfigurations-vm02116","nixosConfigurations-vm02187","panel","pre-commit","proxmox-basic","test-mastodon-service","test-peertube-service","vmOptions-fedi201","vmOptions-test01","vmOptions-test02","vmOptions-test03","vmOptions-test04","vmOptions-test05","vmOptions-test06","vmOptions-test11","vmOptions-test12","vmOptions-test13","vmOptions-test14"]
|
||||
runs-on: native
|
||||
steps:
|
||||
- run: true
|
||||
|
|
@ -71,12 +71,6 @@ jobs:
|
|||
- uses: actions/checkout@v4
|
||||
- run: nix build .#checks.x86_64-linux.nixops-deployment-providers-default -vL
|
||||
|
||||
nixops-deployment-providers-fedi200:
|
||||
runs-on: native
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: nix build .#checks.x86_64-linux.nixops-deployment-providers-fedi200 -vL
|
||||
|
||||
nixops-deployment-providers-fedi201:
|
||||
runs-on: native
|
||||
steps:
|
||||
|
|
@ -107,12 +101,6 @@ jobs:
|
|||
- uses: actions/checkout@v4
|
||||
- run: nix build .#checks.x86_64-linux.nixops-deployment-providers-vm02187 -vL
|
||||
|
||||
nixosConfigurations-fedi200:
|
||||
runs-on: native
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: nix build .#checks.x86_64-linux.nixosConfigurations-fedi200 -vL
|
||||
|
||||
nixosConfigurations-fedi201:
|
||||
runs-on: native
|
||||
steps:
|
||||
|
|
@ -227,12 +215,6 @@ jobs:
|
|||
- uses: actions/checkout@v4
|
||||
- run: nix build .#checks.x86_64-linux.test-peertube-service -vL
|
||||
|
||||
vmOptions-fedi200:
|
||||
runs-on: native
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: nix build .#checks.x86_64-linux.vmOptions-fedi200 -vL
|
||||
|
||||
vmOptions-fedi201:
|
||||
runs-on: native
|
||||
steps:
|
||||
|
|
|
|||
|
|
@ -1,24 +0,0 @@
|
|||
name: update-dependencies
|
||||
|
||||
on:
|
||||
workflow_dispatch: # allows manual triggering
|
||||
# FIXME: re-enable when manual run works
|
||||
# schedule:
|
||||
# - cron: '0 0 1 * *' # monthly
|
||||
|
||||
jobs:
|
||||
lockfile:
|
||||
runs-on: native
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Update pins
|
||||
run: nix-shell --run "npins --verbose update"
|
||||
- name: Create PR
|
||||
uses: https://github.com/KiaraGrouwstra/gitea-create-pull-request@f9f80aa5134bc5c03c38f5aaa95053492885b397
|
||||
with:
|
||||
remote-instance-api-version: v1
|
||||
token: "${{ secrets.DEPLOY_KEY }}"
|
||||
branch: npins-update
|
||||
commit-message: "npins: update sources"
|
||||
title: "npins: update sources"
|
||||
|
|
@ -59,6 +59,7 @@ in
|
|||
};
|
||||
in
|
||||
[
|
||||
pkgs.which
|
||||
pkgs.npins
|
||||
pkgs.nil
|
||||
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
||||
|
|
|
|||
|
|
@ -17,13 +17,7 @@ let
|
|||
inherit nodeName pathToRoot;
|
||||
targetSystem = system;
|
||||
sshOpts = [ ];
|
||||
httpBackend = rec {
|
||||
TF_HTTP_USERNAME = "basic";
|
||||
TF_HTTP_PASSWORD = "fake-secret";
|
||||
TF_HTTP_ADDRESS = "http://localhost:${backendPort}/state/project1/example";
|
||||
TF_HTTP_LOCK_ADDRESS = TF_HTTP_ADDRESS;
|
||||
TF_HTTP_UNLOCK_ADDRESS = TF_HTTP_ADDRESS;
|
||||
};
|
||||
httpBackend.address = "http://localhost:${backendPort}/state/project1/example";
|
||||
};
|
||||
}).default.tf-host.run;
|
||||
in
|
||||
|
|
|
|||
|
|
@ -74,6 +74,91 @@ let
|
|||
description = "A NixOS configuration.";
|
||||
type = raw;
|
||||
};
|
||||
httpBackend = mkOption {
|
||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
||||
type = types.submodule (http-backend: {
|
||||
options = {
|
||||
value = mkOption {
|
||||
readOnly = true;
|
||||
default = lib.mapAttrs' (k: v: lib.nameValuePair "TF_HTTP_${lib.toUpper k}" (builtins.toString v)) {
|
||||
inherit (http-backend.config)
|
||||
address
|
||||
update_method
|
||||
lock_address
|
||||
lock_method
|
||||
unlock_address
|
||||
unlock_method
|
||||
username
|
||||
password
|
||||
skip_cert_verification
|
||||
retry_max
|
||||
retry_wait_min
|
||||
retry_wait_max
|
||||
;
|
||||
};
|
||||
};
|
||||
address = mkOption {
|
||||
description = "The address of the REST endpoint";
|
||||
type = str;
|
||||
};
|
||||
update_method = mkOption {
|
||||
description = "HTTP method to use when updating state.";
|
||||
type = str;
|
||||
default = "POST";
|
||||
};
|
||||
lock_address = mkOption {
|
||||
description = "The address of the lock REST endpoint.";
|
||||
type = str;
|
||||
default = http-backend.config.address;
|
||||
};
|
||||
lock_method = mkOption {
|
||||
description = "The HTTP method to use when locking.";
|
||||
type = str;
|
||||
default = "LOCK";
|
||||
};
|
||||
unlock_address = mkOption {
|
||||
description = "The address of the unlock REST endpoint.";
|
||||
type = str;
|
||||
default = http-backend.config.address;
|
||||
};
|
||||
unlock_method = mkOption {
|
||||
description = "The HTTP method to use when unlocking.";
|
||||
type = str;
|
||||
default = "UNLOCK";
|
||||
};
|
||||
username = mkOption {
|
||||
description = "The username for HTTP basic authentication.";
|
||||
type = str;
|
||||
default = "basic";
|
||||
};
|
||||
password = mkOption {
|
||||
description = "The password for HTTP basic authentication.";
|
||||
type = str;
|
||||
default = "fake-secret";
|
||||
};
|
||||
skip_cert_verification = mkOption {
|
||||
description = "Whether to skip TLS verification.";
|
||||
type = str;
|
||||
default = "false";
|
||||
};
|
||||
retry_max = mkOption {
|
||||
description = "The number of HTTP request retries.";
|
||||
type = types.int;
|
||||
default = 2;
|
||||
};
|
||||
retry_wait_min = mkOption {
|
||||
description = "The minimum time in seconds to wait between HTTP request attempts.";
|
||||
type = types.int;
|
||||
default = 1;
|
||||
};
|
||||
retry_wait_max = mkOption {
|
||||
description = "The maximum time in seconds to wait between HTTP request attempts.";
|
||||
type = types.int;
|
||||
default = 30;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
host-ssh = mkOption {
|
||||
description = "SSH connection info to connect to a single host.";
|
||||
type = submodule {
|
||||
|
|
@ -195,7 +280,7 @@ let
|
|||
description = "The architecture of the system to deploy to.";
|
||||
type = types.str;
|
||||
};
|
||||
inherit nixos-configuration;
|
||||
inherit httpBackend nixos-configuration;
|
||||
ssh = host-ssh;
|
||||
caller = mkOption {
|
||||
description = "The calling module to obtain the NixOS configuration from.";
|
||||
|
|
@ -213,10 +298,6 @@ let
|
|||
description = "The path to the root of the repository.";
|
||||
type = types.path;
|
||||
};
|
||||
httpBackend = mkOption {
|
||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
||||
type = types.attrsOf (types.either types.str types.int);
|
||||
};
|
||||
run = mkOption {
|
||||
type = types.package;
|
||||
# error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times.
|
||||
|
|
@ -278,16 +359,12 @@ let
|
|||
description = "The architecture of the system to deploy to.";
|
||||
type = types.str;
|
||||
};
|
||||
inherit nixos-configuration;
|
||||
inherit httpBackend nixos-configuration;
|
||||
ssh = host-ssh;
|
||||
node-name = mkOption {
|
||||
description = "the name of the ProxmoX node to use.";
|
||||
type = types.str;
|
||||
};
|
||||
httpBackend = mkOption {
|
||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
||||
type = types.attrsOf (types.either types.str types.int);
|
||||
};
|
||||
imageDatastoreId = mkOption {
|
||||
description = "ID of the datastore of the image.";
|
||||
type = types.str;
|
||||
|
|
@ -366,7 +443,7 @@ let
|
|||
description = "The architecture of the system to deploy to.";
|
||||
type = types.str;
|
||||
};
|
||||
inherit nixos-configuration;
|
||||
inherit httpBackend nixos-configuration;
|
||||
ssh = host-ssh;
|
||||
caller = mkOption {
|
||||
description = "The calling module to obtain the NixOS configuration from.";
|
||||
|
|
@ -388,10 +465,6 @@ let
|
|||
description = "the name of the ProxmoX node to use.";
|
||||
type = types.str;
|
||||
};
|
||||
httpBackend = mkOption {
|
||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
||||
type = types.attrsOf (types.either types.str types.int);
|
||||
};
|
||||
bridge = mkOption {
|
||||
description = "The name of the network bridge (defaults to vmbr0).";
|
||||
type = types.str;
|
||||
|
|
@ -515,6 +588,66 @@ let
|
|||
};
|
||||
});
|
||||
};
|
||||
tf-netbox-store-ips = mkOption {
|
||||
description = "Store a range of IPs in a Netbox instance.";
|
||||
type = submodule (tf-netbox-store-ips: {
|
||||
options = {
|
||||
inherit httpBackend;
|
||||
startAddress = mkOption {
|
||||
description = "Start of the IP range.";
|
||||
type = types.str;
|
||||
example = "10.0.0.1/24";
|
||||
};
|
||||
endAddress = mkOption {
|
||||
description = "End of the IP range.";
|
||||
type = types.str;
|
||||
example = "10.0.0.50/24";
|
||||
};
|
||||
run = mkOption {
|
||||
type = types.package;
|
||||
default =
|
||||
let
|
||||
inherit (tf-netbox-store-ips.config)
|
||||
httpBackend
|
||||
startAddress
|
||||
endAddress
|
||||
;
|
||||
in
|
||||
tfApply {
|
||||
inherit httpBackend;
|
||||
directory = "tf-netbox-store-ips";
|
||||
environment = {
|
||||
start_address = startAddress;
|
||||
end_address = endAddress;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
tf-netbox-get-ip = mkOption {
|
||||
description = "Get an available IP from a Netbox instance.";
|
||||
type = submodule (tf-netbox-get-ip: {
|
||||
options = {
|
||||
inherit httpBackend;
|
||||
run = mkOption {
|
||||
type = types.package;
|
||||
default =
|
||||
let
|
||||
inherit (tf-netbox-get-ip.config)
|
||||
httpBackend
|
||||
;
|
||||
in
|
||||
tfApply {
|
||||
inherit httpBackend;
|
||||
directory = "tf-netbox-get-ip";
|
||||
environment = {
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
|
|
|
|||
|
|
@ -17,6 +17,6 @@ pkgs.writeScriptBin "setup" ''
|
|||
# suppress warning on architecture-specific generated lock file:
|
||||
# `Warning: Incomplete lock file information for providers`.
|
||||
env TF_HTTP_RETRY_MAX=1 TF_HTTP_RETRY_WAIT_MIN=0 \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend.value)} \
|
||||
tofu init -input=false 1>/dev/null
|
||||
''
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ rec {
|
|||
)
|
||||
)
|
||||
} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend.value)} \
|
||||
'';
|
||||
tfPackage = pkgs.callPackage ./run/${directory}/tf.nix { };
|
||||
tf-env = pkgs.callPackage ./run/tf-env.nix {
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
{
|
||||
_class = "nixops4Resource";
|
||||
|
||||
fediversityVm = {
|
||||
name = "fedi200";
|
||||
isFediversityVm = true;
|
||||
vmId = 200;
|
||||
description = "Testing machine for Hans";
|
||||
|
||||
domain = "abundos.eu";
|
||||
ipv4 = {
|
||||
address = "95.215.187.200";
|
||||
gateway = "95.215.187.1";
|
||||
};
|
||||
ipv6 = {
|
||||
address = "2a00:51c0:13:1305::200";
|
||||
gateway = "2a00:51c0:13:1305::1";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -7,7 +7,6 @@ Currently, this repository keeps track of the following VMs:
|
|||
|
||||
Machine | Proxmox | Description
|
||||
--------|---------|-------------
|
||||
[`fedi200`](./dev/fedi200) | fediversity | Testing machine for Hans
|
||||
[`fedi201`](./dev/fedi201) | fediversity | FediPanel
|
||||
[`vm02116`](./dev/vm02116) | procolix | Forgejo
|
||||
[`vm02187`](./dev/vm02187) | procolix | Wiki
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue