forked from fediversity/fediversity
Compare commits
7 commits
2ed4c63979
...
be83e34f9b
| Author | SHA1 | Date | |
|---|---|---|---|
be83e34f9b
|
|||
| d5218ca66c | |||
| 78f1ba3c91 | |||
| 719efd50ca | |||
| e92e927f07 | |||
| 7646147f9e | |||
| fdac470f96 |
9 changed files with 153 additions and 88 deletions
|
|
@ -12,7 +12,7 @@ on:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
_checks:
|
_checks:
|
||||||
needs: ["deployment-basic","deployment-cli","deployment-model-nixops4","deployment-model-ssh","deployment-model-tf","deployment-model-tf-proxmox","deployment-panel","nixops-deployment-providers-default","nixops-deployment-providers-fedi200","nixops-deployment-providers-fedi201","nixops-deployment-providers-forgejo-ci","nixops-deployment-providers-test","nixops-deployment-providers-vm02116","nixops-deployment-providers-vm02187","nixosConfigurations-fedi200","nixosConfigurations-fedi201","nixosConfigurations-forgejo-ci","nixosConfigurations-test01","nixosConfigurations-test02","nixosConfigurations-test03","nixosConfigurations-test04","nixosConfigurations-test05","nixosConfigurations-test06","nixosConfigurations-test11","nixosConfigurations-test12","nixosConfigurations-test13","nixosConfigurations-test14","nixosConfigurations-vm02116","nixosConfigurations-vm02187","panel","pre-commit","proxmox-basic","test-mastodon-service","test-peertube-service","vmOptions-fedi200","vmOptions-fedi201","vmOptions-test01","vmOptions-test02","vmOptions-test03","vmOptions-test04","vmOptions-test05","vmOptions-test06","vmOptions-test11","vmOptions-test12","vmOptions-test13","vmOptions-test14"]
|
needs: ["deployment-basic","deployment-cli","deployment-model-nixops4","deployment-model-ssh","deployment-model-tf","deployment-model-tf-proxmox","deployment-panel","nixops-deployment-providers-default","nixops-deployment-providers-fedi201","nixops-deployment-providers-forgejo-ci","nixops-deployment-providers-test","nixops-deployment-providers-vm02116","nixops-deployment-providers-vm02187","nixosConfigurations-fedi201","nixosConfigurations-forgejo-ci","nixosConfigurations-test01","nixosConfigurations-test02","nixosConfigurations-test03","nixosConfigurations-test04","nixosConfigurations-test05","nixosConfigurations-test06","nixosConfigurations-test11","nixosConfigurations-test12","nixosConfigurations-test13","nixosConfigurations-test14","nixosConfigurations-vm02116","nixosConfigurations-vm02187","panel","pre-commit","proxmox-basic","test-mastodon-service","test-peertube-service","vmOptions-fedi201","vmOptions-test01","vmOptions-test02","vmOptions-test03","vmOptions-test04","vmOptions-test05","vmOptions-test06","vmOptions-test11","vmOptions-test12","vmOptions-test13","vmOptions-test14"]
|
||||||
runs-on: native
|
runs-on: native
|
||||||
steps:
|
steps:
|
||||||
- run: true
|
- run: true
|
||||||
|
|
@ -71,12 +71,6 @@ jobs:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- run: nix build .#checks.x86_64-linux.nixops-deployment-providers-default -vL
|
- run: nix build .#checks.x86_64-linux.nixops-deployment-providers-default -vL
|
||||||
|
|
||||||
nixops-deployment-providers-fedi200:
|
|
||||||
runs-on: native
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- run: nix build .#checks.x86_64-linux.nixops-deployment-providers-fedi200 -vL
|
|
||||||
|
|
||||||
nixops-deployment-providers-fedi201:
|
nixops-deployment-providers-fedi201:
|
||||||
runs-on: native
|
runs-on: native
|
||||||
steps:
|
steps:
|
||||||
|
|
@ -107,12 +101,6 @@ jobs:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- run: nix build .#checks.x86_64-linux.nixops-deployment-providers-vm02187 -vL
|
- run: nix build .#checks.x86_64-linux.nixops-deployment-providers-vm02187 -vL
|
||||||
|
|
||||||
nixosConfigurations-fedi200:
|
|
||||||
runs-on: native
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- run: nix build .#checks.x86_64-linux.nixosConfigurations-fedi200 -vL
|
|
||||||
|
|
||||||
nixosConfigurations-fedi201:
|
nixosConfigurations-fedi201:
|
||||||
runs-on: native
|
runs-on: native
|
||||||
steps:
|
steps:
|
||||||
|
|
@ -227,12 +215,6 @@ jobs:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- run: nix build .#checks.x86_64-linux.test-peertube-service -vL
|
- run: nix build .#checks.x86_64-linux.test-peertube-service -vL
|
||||||
|
|
||||||
vmOptions-fedi200:
|
|
||||||
runs-on: native
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- run: nix build .#checks.x86_64-linux.vmOptions-fedi200 -vL
|
|
||||||
|
|
||||||
vmOptions-fedi201:
|
vmOptions-fedi201:
|
||||||
runs-on: native
|
runs-on: native
|
||||||
steps:
|
steps:
|
||||||
|
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
||||||
name: update-dependencies
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch: # allows manual triggering
|
|
||||||
# FIXME: re-enable when manual run works
|
|
||||||
# schedule:
|
|
||||||
# - cron: '0 0 1 * *' # monthly
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
lockfile:
|
|
||||||
runs-on: native
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
- name: Update pins
|
|
||||||
run: nix-shell --run "npins --verbose update"
|
|
||||||
- name: Create PR
|
|
||||||
uses: https://github.com/KiaraGrouwstra/gitea-create-pull-request@f9f80aa5134bc5c03c38f5aaa95053492885b397
|
|
||||||
with:
|
|
||||||
remote-instance-api-version: v1
|
|
||||||
token: "${{ secrets.DEPLOY_KEY }}"
|
|
||||||
branch: npins-update
|
|
||||||
commit-message: "npins: update sources"
|
|
||||||
title: "npins: update sources"
|
|
||||||
|
|
@ -59,6 +59,7 @@ in
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
[
|
[
|
||||||
|
pkgs.which
|
||||||
pkgs.npins
|
pkgs.npins
|
||||||
pkgs.nil
|
pkgs.nil
|
||||||
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
||||||
|
|
|
||||||
|
|
@ -17,13 +17,7 @@ let
|
||||||
inherit nodeName pathToRoot;
|
inherit nodeName pathToRoot;
|
||||||
targetSystem = system;
|
targetSystem = system;
|
||||||
sshOpts = [ ];
|
sshOpts = [ ];
|
||||||
httpBackend = rec {
|
httpBackend.address = "http://localhost:${backendPort}/state/project1/example";
|
||||||
TF_HTTP_USERNAME = "basic";
|
|
||||||
TF_HTTP_PASSWORD = "fake-secret";
|
|
||||||
TF_HTTP_ADDRESS = "http://localhost:${backendPort}/state/project1/example";
|
|
||||||
TF_HTTP_LOCK_ADDRESS = TF_HTTP_ADDRESS;
|
|
||||||
TF_HTTP_UNLOCK_ADDRESS = TF_HTTP_ADDRESS;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}).default.tf-host.run;
|
}).default.tf-host.run;
|
||||||
in
|
in
|
||||||
|
|
|
||||||
|
|
@ -74,6 +74,91 @@ let
|
||||||
description = "A NixOS configuration.";
|
description = "A NixOS configuration.";
|
||||||
type = raw;
|
type = raw;
|
||||||
};
|
};
|
||||||
|
httpBackend = mkOption {
|
||||||
|
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
||||||
|
type = types.submodule (http-backend: {
|
||||||
|
options = {
|
||||||
|
value = mkOption {
|
||||||
|
readOnly = true;
|
||||||
|
default = lib.mapAttrs' (k: v: lib.nameValuePair "TF_HTTP_${lib.toUpper k}" (builtins.toString v)) {
|
||||||
|
inherit (http-backend.config)
|
||||||
|
address
|
||||||
|
update_method
|
||||||
|
lock_address
|
||||||
|
lock_method
|
||||||
|
unlock_address
|
||||||
|
unlock_method
|
||||||
|
username
|
||||||
|
password
|
||||||
|
skip_cert_verification
|
||||||
|
retry_max
|
||||||
|
retry_wait_min
|
||||||
|
retry_wait_max
|
||||||
|
;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
address = mkOption {
|
||||||
|
description = "The address of the REST endpoint";
|
||||||
|
type = str;
|
||||||
|
};
|
||||||
|
update_method = mkOption {
|
||||||
|
description = "HTTP method to use when updating state.";
|
||||||
|
type = str;
|
||||||
|
default = "POST";
|
||||||
|
};
|
||||||
|
lock_address = mkOption {
|
||||||
|
description = "The address of the lock REST endpoint.";
|
||||||
|
type = str;
|
||||||
|
default = http-backend.config.address;
|
||||||
|
};
|
||||||
|
lock_method = mkOption {
|
||||||
|
description = "The HTTP method to use when locking.";
|
||||||
|
type = str;
|
||||||
|
default = "LOCK";
|
||||||
|
};
|
||||||
|
unlock_address = mkOption {
|
||||||
|
description = "The address of the unlock REST endpoint.";
|
||||||
|
type = str;
|
||||||
|
default = http-backend.config.address;
|
||||||
|
};
|
||||||
|
unlock_method = mkOption {
|
||||||
|
description = "The HTTP method to use when unlocking.";
|
||||||
|
type = str;
|
||||||
|
default = "UNLOCK";
|
||||||
|
};
|
||||||
|
username = mkOption {
|
||||||
|
description = "The username for HTTP basic authentication.";
|
||||||
|
type = str;
|
||||||
|
default = "basic";
|
||||||
|
};
|
||||||
|
password = mkOption {
|
||||||
|
description = "The password for HTTP basic authentication.";
|
||||||
|
type = str;
|
||||||
|
default = "fake-secret";
|
||||||
|
};
|
||||||
|
skip_cert_verification = mkOption {
|
||||||
|
description = "Whether to skip TLS verification.";
|
||||||
|
type = str;
|
||||||
|
default = "false";
|
||||||
|
};
|
||||||
|
retry_max = mkOption {
|
||||||
|
description = "The number of HTTP request retries.";
|
||||||
|
type = types.int;
|
||||||
|
default = 2;
|
||||||
|
};
|
||||||
|
retry_wait_min = mkOption {
|
||||||
|
description = "The minimum time in seconds to wait between HTTP request attempts.";
|
||||||
|
type = types.int;
|
||||||
|
default = 1;
|
||||||
|
};
|
||||||
|
retry_wait_max = mkOption {
|
||||||
|
description = "The maximum time in seconds to wait between HTTP request attempts.";
|
||||||
|
type = types.int;
|
||||||
|
default = 30;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
host-ssh = mkOption {
|
host-ssh = mkOption {
|
||||||
description = "SSH connection info to connect to a single host.";
|
description = "SSH connection info to connect to a single host.";
|
||||||
type = submodule {
|
type = submodule {
|
||||||
|
|
@ -195,7 +280,7 @@ let
|
||||||
description = "The architecture of the system to deploy to.";
|
description = "The architecture of the system to deploy to.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
inherit nixos-configuration;
|
inherit httpBackend nixos-configuration;
|
||||||
ssh = host-ssh;
|
ssh = host-ssh;
|
||||||
caller = mkOption {
|
caller = mkOption {
|
||||||
description = "The calling module to obtain the NixOS configuration from.";
|
description = "The calling module to obtain the NixOS configuration from.";
|
||||||
|
|
@ -213,10 +298,6 @@ let
|
||||||
description = "The path to the root of the repository.";
|
description = "The path to the root of the repository.";
|
||||||
type = types.path;
|
type = types.path;
|
||||||
};
|
};
|
||||||
httpBackend = mkOption {
|
|
||||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
|
||||||
type = types.attrsOf (types.either types.str types.int);
|
|
||||||
};
|
|
||||||
run = mkOption {
|
run = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
# error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times.
|
# error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times.
|
||||||
|
|
@ -278,16 +359,12 @@ let
|
||||||
description = "The architecture of the system to deploy to.";
|
description = "The architecture of the system to deploy to.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
inherit nixos-configuration;
|
inherit httpBackend nixos-configuration;
|
||||||
ssh = host-ssh;
|
ssh = host-ssh;
|
||||||
node-name = mkOption {
|
node-name = mkOption {
|
||||||
description = "the name of the ProxmoX node to use.";
|
description = "the name of the ProxmoX node to use.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
httpBackend = mkOption {
|
|
||||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
|
||||||
type = types.attrsOf (types.either types.str types.int);
|
|
||||||
};
|
|
||||||
imageDatastoreId = mkOption {
|
imageDatastoreId = mkOption {
|
||||||
description = "ID of the datastore of the image.";
|
description = "ID of the datastore of the image.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
|
@ -366,7 +443,7 @@ let
|
||||||
description = "The architecture of the system to deploy to.";
|
description = "The architecture of the system to deploy to.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
inherit nixos-configuration;
|
inherit httpBackend nixos-configuration;
|
||||||
ssh = host-ssh;
|
ssh = host-ssh;
|
||||||
caller = mkOption {
|
caller = mkOption {
|
||||||
description = "The calling module to obtain the NixOS configuration from.";
|
description = "The calling module to obtain the NixOS configuration from.";
|
||||||
|
|
@ -388,10 +465,6 @@ let
|
||||||
description = "the name of the ProxmoX node to use.";
|
description = "the name of the ProxmoX node to use.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
httpBackend = mkOption {
|
|
||||||
description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
|
|
||||||
type = types.attrsOf (types.either types.str types.int);
|
|
||||||
};
|
|
||||||
bridge = mkOption {
|
bridge = mkOption {
|
||||||
description = "The name of the network bridge (defaults to vmbr0).";
|
description = "The name of the network bridge (defaults to vmbr0).";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
|
@ -515,6 +588,66 @@ let
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
tf-netbox-store-ips = mkOption {
|
||||||
|
description = "Store a range of IPs in a Netbox instance.";
|
||||||
|
type = submodule (tf-netbox-store-ips: {
|
||||||
|
options = {
|
||||||
|
inherit httpBackend;
|
||||||
|
startAddress = mkOption {
|
||||||
|
description = "Start of the IP range.";
|
||||||
|
type = types.str;
|
||||||
|
example = "10.0.0.1/24";
|
||||||
|
};
|
||||||
|
endAddress = mkOption {
|
||||||
|
description = "End of the IP range.";
|
||||||
|
type = types.str;
|
||||||
|
example = "10.0.0.50/24";
|
||||||
|
};
|
||||||
|
run = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default =
|
||||||
|
let
|
||||||
|
inherit (tf-netbox-store-ips.config)
|
||||||
|
httpBackend
|
||||||
|
startAddress
|
||||||
|
endAddress
|
||||||
|
;
|
||||||
|
in
|
||||||
|
tfApply {
|
||||||
|
inherit httpBackend;
|
||||||
|
directory = "tf-netbox-store-ips";
|
||||||
|
environment = {
|
||||||
|
start_address = startAddress;
|
||||||
|
end_address = endAddress;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
tf-netbox-get-ip = mkOption {
|
||||||
|
description = "Get an available IP from a Netbox instance.";
|
||||||
|
type = submodule (tf-netbox-get-ip: {
|
||||||
|
options = {
|
||||||
|
inherit httpBackend;
|
||||||
|
run = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default =
|
||||||
|
let
|
||||||
|
inherit (tf-netbox-get-ip.config)
|
||||||
|
httpBackend
|
||||||
|
;
|
||||||
|
in
|
||||||
|
tfApply {
|
||||||
|
inherit httpBackend;
|
||||||
|
directory = "tf-netbox-get-ip";
|
||||||
|
environment = {
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,6 @@ pkgs.writeScriptBin "setup" ''
|
||||||
# suppress warning on architecture-specific generated lock file:
|
# suppress warning on architecture-specific generated lock file:
|
||||||
# `Warning: Incomplete lock file information for providers`.
|
# `Warning: Incomplete lock file information for providers`.
|
||||||
env TF_HTTP_RETRY_MAX=1 TF_HTTP_RETRY_WAIT_MIN=0 \
|
env TF_HTTP_RETRY_MAX=1 TF_HTTP_RETRY_WAIT_MIN=0 \
|
||||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend.value)} \
|
||||||
tofu init -input=false 1>/dev/null
|
tofu init -input=false 1>/dev/null
|
||||||
''
|
''
|
||||||
|
|
|
||||||
|
|
@ -56,7 +56,7 @@ rec {
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
} \
|
} \
|
||||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend.value)} \
|
||||||
'';
|
'';
|
||||||
tfPackage = pkgs.callPackage ./run/${directory}/tf.nix { };
|
tfPackage = pkgs.callPackage ./run/${directory}/tf.nix { };
|
||||||
tf-env = pkgs.callPackage ./run/tf-env.nix {
|
tf-env = pkgs.callPackage ./run/tf-env.nix {
|
||||||
|
|
|
||||||
|
|
@ -1,20 +0,0 @@
|
||||||
{
|
|
||||||
_class = "nixops4Resource";
|
|
||||||
|
|
||||||
fediversityVm = {
|
|
||||||
name = "fedi200";
|
|
||||||
isFediversityVm = true;
|
|
||||||
vmId = 200;
|
|
||||||
description = "Testing machine for Hans";
|
|
||||||
|
|
||||||
domain = "abundos.eu";
|
|
||||||
ipv4 = {
|
|
||||||
address = "95.215.187.200";
|
|
||||||
gateway = "95.215.187.1";
|
|
||||||
};
|
|
||||||
ipv6 = {
|
|
||||||
address = "2a00:51c0:13:1305::200";
|
|
||||||
gateway = "2a00:51c0:13:1305::1";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
@ -7,7 +7,6 @@ Currently, this repository keeps track of the following VMs:
|
||||||
|
|
||||||
Machine | Proxmox | Description
|
Machine | Proxmox | Description
|
||||||
--------|---------|-------------
|
--------|---------|-------------
|
||||||
[`fedi200`](./dev/fedi200) | fediversity | Testing machine for Hans
|
|
||||||
[`fedi201`](./dev/fedi201) | fediversity | FediPanel
|
[`fedi201`](./dev/fedi201) | fediversity | FediPanel
|
||||||
[`vm02116`](./dev/vm02116) | procolix | Forgejo
|
[`vm02116`](./dev/vm02116) | procolix | Forgejo
|
||||||
[`vm02187`](./dev/vm02187) | procolix | Wiki
|
[`vm02187`](./dev/vm02187) | procolix | Wiki
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue