allow configuring whether a node uses QEMU

lost in #412. Alternatively, we could have a comment on both lines
saying eg. “for NixOps4”

.forgejo/workflows/ci.yaml

@@ -25,13 +25,13 @@ jobs:
     runs-on: native
     steps:
       - uses: actions/checkout@v4
-      - run: cd services && nix-build -A tests.peertube
+      - run: nix-build services -A tests.peertube
 
   check-panel:
     runs-on: native
     steps:
       - uses: actions/checkout@v4
-      - run: cd panel && nix-build -A tests
+      - run: nix-build panel -A tests
 
   check-deployment-basic:
     runs-on: native

deployment/check/panel/nixosTest.nix

@@ -155,7 +155,6 @@ in
           SECRET_KEY = dummyFile;
         };
         port = panelPort;
-        nixops4Package = inputs.nixops4.packages.${pkgs.system}.default;
 
         deployment = {
           flake = "/run/fedipanel/flake";

flake.nix

@@ -43,7 +43,7 @@
           ];
 
           imports = [
-            (import "${git-hooks}/flake-module.nix")
+            "${git-hooks}/flake-module.nix"
             inputs.nixops4.modules.flake.default
 
             ./deployment/flake-part.nix

infra/common/nixos/hardware.nix

@@ -1,64 +1,86 @@
-{ modulesPath, ... }:
+{ config, lib, ... }:
 
+let
+  inherit (lib) mkIf mkMerge;
+
+in
 {
   _class = "nixos";
 
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  config = mkMerge [
+    {
+      boot.loader = {
+        systemd-boot.enable = true;
+        efi.canTouchEfiVariables = true;
+      };
+    }
 
-  boot = {
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-    };
+    (mkIf config.fediversityVm.isQemuVm {
 
-    initrd = {
-      availableKernelModules = [
-        "ata_piix"
-        "uhci_hcd"
-        "virtio_pci"
-        "virtio_scsi"
-        "sd_mod"
-        "sr_mod"
-      ];
-      kernelModules = [ "dm-snapshot" ];
-    };
-  };
+      boot.initrd = {
+        availableKernelModules = [
+          "ata_piix"
+          "uhci_hcd"
+          "sd_mod"
+          "sr_mod"
 
-  disko.devices.disk.main = {
-    device = "/dev/sda";
-    type = "disk";
+          # from `/profiles/qemu-guest.nix`
+          "virtio_net"
+          "virtio_pci"
+          "virtio_mmio"
+          "virtio_blk"
+          "virtio_scsi"
+          "9p"
+          "9pnet_virtio"
+        ];
+        kernelModules = [
+          "dm-snapshot"
 
-    content = {
-      type = "gpt";
+          # from `/profiles/qemu-guest.nix`
+          "virtio_balloon"
+          "virtio_console"
+          "virtio_rng"
+          "virtio_gpu"
+        ];
+      };
 
-      partitions = {
-        MBR = {
-          priority = 0;
-          size = "1M";
-          type = "EF02";
-        };
+      disko.devices.disk.main = {
+        device = "/dev/sda";
+        type = "disk";
 
-        ESP = {
-          priority = 1;
-          size = "500M";
-          type = "EF00";
-          content = {
-            type = "filesystem";
-            format = "vfat";
-            mountpoint = "/boot";
-          };
-        };
+        content = {
+          type = "gpt";
 
-        root = {
-          priority = 2;
-          size = "100%";
-          content = {
-            type = "filesystem";
-            format = "ext4";
-            mountpoint = "/";
+          partitions = {
+            MBR = {
+              priority = 0;
+              size = "1M";
+              type = "EF02";
+            };
+
+            ESP = {
+              priority = 1;
+              size = "500M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+
+            root = {
+              priority = 2;
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
           };
         };
       };
-    };
-  };
+    })
+  ];
 }

infra/common/options.nix

@@ -155,5 +155,13 @@ in
         this for testing machines, as it is a security hole for so many reasons.
       '';
     };
+
+    isQemuVm = mkOption {
+      description = ''
+        Whether the machine is a QEMU VM. This will import all the necessary
+        things.
+      '';
+      default = true;
+    };
   };
 }

infra/common/resource.nix

@@ -36,8 +36,8 @@ in
   ## should go into the `./nixos` subdirectory.
   nixos.module = {
     imports = [
-      (import "${agenix}/modules/age.nix")
-      (import "${disko}/module.nix")
+      "${agenix}/modules/age.nix"
+      "${disko}/module.nix"
       ./options.nix
       ./nixos
     ];

panel/default.nix

@@ -22,7 +22,7 @@ in
       manage
 
       # NixOps4 and its dependencies
-      # FIXME: grab NixOps4 and add it here
+      pkgs.nixops4
       pkgs.nix
       pkgs.openssh
     ];

panel/nix/configuration.nix

@@ -147,6 +147,7 @@ in
         NixOps4 from the package's npins-based code, we will have to do with
         this workaround.
       '';
+      default = pkgs.nixops4;
     };
 
     deployment = {

panel/nix/overlay.nix

@@ -8,4 +8,17 @@ let
 in
 {
   python3 = prev.lib.attrsets.recursiveUpdate prev.python3 { pkgs = extraPython3Packages; };
+  nixops4 =
+    let
+      sources = import ../../npins;
+      inherit (import sources.flake-inputs) import-flake;
+      inherit
+        (import-flake {
+          src = ../../.;
+        })
+        inputs
+        ;
+      inherit (inputs) nixops4;
+    in
+    nixops4.packages.${prev.system}.default;
 }

panel/nix/tests.nix

@@ -13,7 +13,6 @@ let
       secrets = {
         SECRET_KEY = pkgs.writeText "SECRET_KEY" "secret";
       };
-      nixops4Package = pkgs.hello; # FIXME: actually pass NixOps4
     };
 
     virtualisation = {