forked from fediversity/fediversity
Compare commits
76 commits
4b2f168f58
...
1de353fada
| Author | SHA1 | Date | |
|---|---|---|---|
1de353fada
|
|||
|
18bcae835e
|
|||
|
9a60948765
|
|||
|
7f1dabe7cb
|
|||
|
253352616b
|
|||
|
de19210d1d
|
|||
|
a3ffd6d23b
|
|||
|
dd6e8850f3
|
|||
|
d35de0b457
|
|||
|
51b72c79c7
|
|||
|
76a07a6cf1
|
|||
|
0aeac419e4
|
|||
|
220fe52612
|
|||
|
d6731bbc7d
|
|||
|
a245f52e5b
|
|||
|
2ae4ca3f68
|
|||
|
9907404e94
|
|||
|
22accb50c0
|
|||
|
6e70640caa
|
|||
|
5ce2f2e8ed
|
|||
|
733c500cd1
|
|||
|
c818e55194
|
|||
|
f705e56707
|
|||
|
0249324d86
|
|||
|
4d348fb9cb
|
|||
|
06fc1e8666
|
|||
|
dc07eb68c3
|
|||
|
871384d51f
|
|||
|
d37a90723f
|
|||
|
ebfe19ab5c
|
|||
|
95a450023a
|
|||
|
f75fb5eec0
|
|||
|
1f35ca5fe8
|
|||
|
a76b3cc4a3
|
|||
|
871b6bd906
|
|||
|
eec987af06
|
|||
|
240d68617e
|
|||
|
c9dc6ee392
|
|||
|
98599cebf4
|
|||
|
9746ad0e92
|
|||
|
bcb0fd5318
|
|||
|
41b4fa6476
|
|||
|
13a97eadaf
|
|||
|
a0e330eb85
|
|||
|
fe4916c854
|
|||
|
1c362d83b9
|
|||
|
4c360d2cd9
|
|||
|
4db88cf8df
|
|||
|
e6c590b4d7
|
|||
|
03ea2730b0
|
|||
|
f8b508fa43
|
|||
|
2b66f15e7c
|
|||
|
cac911a16b
|
|||
|
4249a64c10
|
|||
|
c1897a3684
|
|||
|
562e511ed8
|
|||
|
c7f2e2b7aa
|
|||
|
d363957e37
|
|||
|
9e3c3b9ee0
|
|||
|
d5bd886757
|
|||
|
67484b70ee
|
|||
|
767ffd9f87
|
|||
|
80f2bbcc4d
|
|||
|
8d5c9781d5
|
|||
|
ea78e850af
|
|||
|
2a550e6963
|
|||
|
34a5a62ba3
|
|||
|
c0a5f28adf
|
|||
|
9adfb3eae9
|
|||
|
7d3afbb469
|
|||
|
ff5fd5047f
|
|||
|
d2b5d7e607
|
|||
|
382bcda9d2
|
|||
|
35e49c04f4
|
|||
|
bb79f366e9
|
|||
|
63c6221479
|
9 changed files with 147 additions and 313 deletions
|
|
@ -1,5 +1,4 @@
|
|||
on:
|
||||
workflow_dispatch: # allows manual triggering
|
||||
pull_request:
|
||||
types:
|
||||
- opened
|
||||
|
|
|
|||
|
|
@ -105,7 +105,8 @@ let
|
|||
options.enable = lib.mkEnableOption "Hello in the shell";
|
||||
};
|
||||
implementation = cfg: {
|
||||
resources = lib.optionalAttrs cfg.enable {
|
||||
input = cfg;
|
||||
output.resources = lib.optionalAttrs cfg.enable {
|
||||
hello.login-shell.packages.hello = pkgs.hello;
|
||||
};
|
||||
};
|
||||
|
|
@ -138,21 +139,17 @@ let
|
|||
implementation =
|
||||
{
|
||||
required-resources,
|
||||
deployment-name,
|
||||
...
|
||||
}:
|
||||
{
|
||||
ssh-host = {
|
||||
input = required-resources;
|
||||
output.ssh-host = {
|
||||
nixos-configuration = mkNixosConfiguration environment required-resources;
|
||||
system = targetSystem;
|
||||
ssh = {
|
||||
username = "root";
|
||||
host = nodeName;
|
||||
key-file = null;
|
||||
inherit sshOpts;
|
||||
};
|
||||
module = self;
|
||||
inherit args deployment-name;
|
||||
root-path = pathToRoot;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
@ -164,7 +161,8 @@ let
|
|||
...
|
||||
}:
|
||||
{
|
||||
nixops4 =
|
||||
input = required-resources;
|
||||
output.nixops4 =
|
||||
{ providers, ... }:
|
||||
{
|
||||
providers = {
|
||||
|
|
@ -191,7 +189,8 @@ let
|
|||
deployment-name,
|
||||
}:
|
||||
{
|
||||
tf-host = {
|
||||
input = required-resources;
|
||||
output.tf-host = {
|
||||
nixos-configuration = mkNixosConfiguration environment required-resources;
|
||||
system = targetSystem;
|
||||
ssh = {
|
||||
|
|
@ -214,7 +213,8 @@ let
|
|||
deployment-name,
|
||||
}:
|
||||
{
|
||||
tf-proxmox-host = {
|
||||
input = required-resources;
|
||||
output.tf-proxmox-host = {
|
||||
nixos-configuration = mkNixosConfiguration environment required-resources;
|
||||
system = targetSystem;
|
||||
ssh = {
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@ let
|
|||
inherit (pkgs) system;
|
||||
deployment-config = {
|
||||
inherit pathToRoot pathFromRoot;
|
||||
inherit (config) enableAcme;
|
||||
acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
|
||||
nodeName = "ssh";
|
||||
targetSystem = system;
|
||||
sshOpts = [ ];
|
||||
};
|
||||
deploy =
|
||||
(import ../common/data-model.nix {
|
||||
|
|
@ -30,10 +30,6 @@ in
|
|||
sourceFileset = lib.fileset.unions [
|
||||
../../data-model.nix
|
||||
../../function.nix
|
||||
../../nixos.nix
|
||||
../../run/ssh-single-host/run.sh
|
||||
../../../npins/default.nix
|
||||
../../../npins/sources.json
|
||||
../common/data-model.nix
|
||||
../common/data-model-options.nix
|
||||
./constants.nix
|
||||
|
|
|
|||
|
|
@ -11,7 +11,10 @@ let
|
|||
inherit pathToRoot pathFromRoot;
|
||||
nodeName = "mypve";
|
||||
targetSystem = system;
|
||||
sshOpts = [ ];
|
||||
sshOpts = [
|
||||
"ConnectTimeout=1"
|
||||
"ServerAliveInterval=1"
|
||||
];
|
||||
};
|
||||
deployment =
|
||||
(import ../common/data-model.nix {
|
||||
|
|
@ -19,6 +22,7 @@ let
|
|||
config = deployment-config;
|
||||
# opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call
|
||||
})."tf-proxmox-deployment".tf-proxmox-host;
|
||||
# deployment = setup.tf-proxmox-host;
|
||||
# tracking non-tarball downloads seems unsupported still in npins:
|
||||
# https://github.com/andir/npins/issues/163
|
||||
minimalIso = pkgs.fetchurl {
|
||||
|
|
@ -87,7 +91,6 @@ in
|
|||
(pkgs.callPackage ../../run/tf-proxmox/tf.nix { inherit sources; })
|
||||
jq
|
||||
nixos-generators
|
||||
deployment.run
|
||||
];
|
||||
|
||||
# needed only when building from deployer
|
||||
|
|
@ -99,160 +102,97 @@ in
|
|||
];
|
||||
};
|
||||
system.extraDependencies =
|
||||
# (lib.lists.map lib.traceVal)
|
||||
(
|
||||
(lib.lists.concatMap (
|
||||
pkg:
|
||||
(
|
||||
if
|
||||
pkg ? inputDerivation
|
||||
# error: output '/nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2' is not allowed to refer to the following paths:
|
||||
# /nix/store/2xdmps65ryklmbf025bm4pxv16gb8ajv-sudo-1.9.16p2.tar.gz
|
||||
# /nix/store/58br4vk3q5akf4g8lx0pqzfhn47k3j8d-bash-5.2p37
|
||||
# /nix/store/8v6k283dpbc0qkdq81nb6mrxrgcb10i1-gcc-wrapper-14-20241116
|
||||
# /nix/store/9r1nl9ksiyszy4qzzg6y2gcdkca0xmhy-stdenv-linux
|
||||
# /nix/store/a4rmp6in7igbl1wbz9pli5nq0wiclq0y-groff-1.23.0
|
||||
# /nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2
|
||||
# /nix/store/f5y58qz2fzpzgkhp0nizixi10x04ppyy-linux-pam-1.6.1
|
||||
# /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
|
||||
# /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh
|
||||
# /nix/store/yh6qg1nsi5h2xblcr67030pz58fsaxx3-coreutils-9.6
|
||||
&& !(lib.strings.hasInfix "sudo" (lib.traceVal (builtins.toString pkg)))
|
||||
then
|
||||
lib.trace "yes" [
|
||||
# lib.traceVal pkg.inputDerivation # not of type `path in the Nix store'
|
||||
(
|
||||
(
|
||||
x: builtins.trace "${builtins.toString pkg}: ${builtins.toString (lib.isPath x.inputDerivation)}" x
|
||||
)
|
||||
pkg
|
||||
).inputDerivation
|
||||
]
|
||||
else
|
||||
lib.trace "no" [ ]
|
||||
)
|
||||
) machine.environment.systemPackages)
|
||||
++ [
|
||||
(
|
||||
(
|
||||
x:
|
||||
builtins.trace "machine.system.build.toplevel.inputDerivation: ${builtins.toString (lib.isPath x)}" x
|
||||
)
|
||||
machine.system.build.toplevel.inputDerivation
|
||||
)
|
||||
(
|
||||
(
|
||||
x: builtins.trace "machine.system.build.etc.inputDerivation: ${builtins.toString (lib.isPath x)}" x
|
||||
)
|
||||
machine.system.build.etc.inputDerivation
|
||||
)
|
||||
(
|
||||
(
|
||||
x:
|
||||
builtins.trace "machine.system.build.etcBasedir.inputDerivation: ${builtins.toString (lib.isPath x)}" x
|
||||
)
|
||||
machine.system.build.etcBasedir.inputDerivation
|
||||
)
|
||||
(
|
||||
(
|
||||
x:
|
||||
builtins.trace "machine.system.build.etcMetadataImage.inputDerivation: ${builtins.toString (lib.isPath x)}" x
|
||||
)
|
||||
machine.system.build.etcMetadataImage.inputDerivation
|
||||
)
|
||||
(
|
||||
(
|
||||
x:
|
||||
builtins.trace "machine.system.build.extraUtils.inputDerivation: ${builtins.toString (lib.isPath x)}" x
|
||||
)
|
||||
machine.system.build.extraUtils.inputDerivation
|
||||
)
|
||||
((x: builtins.trace "machine.system.path.inputDerivation: ${builtins.toString (lib.isPath x)}" x)
|
||||
machine.system.path.inputDerivation
|
||||
)
|
||||
(
|
||||
(
|
||||
x:
|
||||
builtins.trace "machine.system.build.setEnvironment.inputDerivation: ${builtins.toString (lib.isPath x)}" x
|
||||
)
|
||||
machine.system.build.setEnvironment.inputDerivation
|
||||
)
|
||||
(
|
||||
(x: builtins.trace "machine.system.build.vm.inputDerivation: ${builtins.toString (lib.isPath x)}" x)
|
||||
machine.system.build.vm.inputDerivation
|
||||
)
|
||||
(
|
||||
(
|
||||
x:
|
||||
builtins.trace "machine.system.build.bootStage1.inputDerivation: ${builtins.toString (lib.isPath x)}" x
|
||||
)
|
||||
machine.system.build.bootStage1.inputDerivation
|
||||
)
|
||||
(
|
||||
(
|
||||
x:
|
||||
builtins.trace "machine.system.build.bootStage2.inputDerivation: ${builtins.toString (lib.isPath x)}" x
|
||||
)
|
||||
machine.system.build.bootStage2.inputDerivation
|
||||
)
|
||||
pkgs.gnu-config
|
||||
# pkgs.gnu-config.inputDerivation
|
||||
pkgs.byacc
|
||||
# pkgs.byacc.inputDerivation
|
||||
pkgs.stdenv
|
||||
pkgs.stdenvNoCC
|
||||
sources.nixpkgs
|
||||
pkgs.vte
|
||||
|
||||
(
|
||||
## We build a whole NixOS system that contains the module
|
||||
## `system.extraDependenciesFromModule`, only to grab its
|
||||
## configuration and the store paths needed to build it and
|
||||
## dump them in `system.extraDependencies`.
|
||||
# see: https://git.fediversity.eu/Fediversity/Fediversity/pulls/338/files
|
||||
|
||||
pkgs.closureInfo {
|
||||
rootPaths = map (drv: drv.drvPath) (
|
||||
[
|
||||
machine.system.build.toplevel.inputDerivation
|
||||
machine.system.build.etc.inputDerivation
|
||||
machine.system.build.etcBasedir.inputDerivation
|
||||
machine.system.build.etcMetadataImage.inputDerivation
|
||||
machine.system.build.extraUtils.inputDerivation
|
||||
machine.system.path.inputDerivation
|
||||
machine.system.build.setEnvironment.inputDerivation
|
||||
machine.system.build.vm.inputDerivation
|
||||
machine.system.build.bootStage1.inputDerivation
|
||||
machine.system.build.bootStage2.inputDerivation
|
||||
]
|
||||
++ lib.concatMap (x: if x ? source.inputDerivation then [ x.source.inputDerivation ] else [ ]) (
|
||||
lib.attrValues machine.environment.etc
|
||||
)
|
||||
++ machine.environment.systemPackages
|
||||
);
|
||||
}
|
||||
)
|
||||
|
||||
]
|
||||
++ lib.concatLists (
|
||||
lib.mapAttrsToList (
|
||||
_k: v:
|
||||
if v ? source.inputDerivation then
|
||||
[
|
||||
# v.source.inputDerivation
|
||||
(
|
||||
(
|
||||
x:
|
||||
builtins.trace "${builtins.toString (lib.attrNames v)}: ${builtins.toString (lib.isPath x.source.inputDerivation)}" x
|
||||
)
|
||||
v
|
||||
).source.inputDerivation
|
||||
]
|
||||
else
|
||||
[ ]
|
||||
) machine.environment.etc
|
||||
# (lib.lists.map lib.traceVal)
|
||||
(
|
||||
(lib.lists.concatMap (
|
||||
pkg:
|
||||
(
|
||||
if
|
||||
pkg ? inputDerivation
|
||||
# error: output '/nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2' is not allowed to refer to the following paths:
|
||||
# /nix/store/2xdmps65ryklmbf025bm4pxv16gb8ajv-sudo-1.9.16p2.tar.gz
|
||||
# /nix/store/58br4vk3q5akf4g8lx0pqzfhn47k3j8d-bash-5.2p37
|
||||
# /nix/store/8v6k283dpbc0qkdq81nb6mrxrgcb10i1-gcc-wrapper-14-20241116
|
||||
# /nix/store/9r1nl9ksiyszy4qzzg6y2gcdkca0xmhy-stdenv-linux
|
||||
# /nix/store/a4rmp6in7igbl1wbz9pli5nq0wiclq0y-groff-1.23.0
|
||||
# /nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2
|
||||
# /nix/store/f5y58qz2fzpzgkhp0nizixi10x04ppyy-linux-pam-1.6.1
|
||||
# /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
|
||||
# /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh
|
||||
# /nix/store/yh6qg1nsi5h2xblcr67030pz58fsaxx3-coreutils-9.6
|
||||
&& !(lib.strings.hasInfix "sudo" (lib.traceVal (builtins.toString pkg)))
|
||||
then
|
||||
lib.trace "yes" [
|
||||
# lib.traceVal pkg.inputDerivation # not of type `path in the Nix store'
|
||||
((x: builtins.trace "${builtins.toString pkg}: ${builtins.toString (lib.isPath x.inputDerivation)}" x) pkg).inputDerivation
|
||||
]
|
||||
else
|
||||
lib.trace "no" [ ]
|
||||
)
|
||||
);
|
||||
) machine.environment.systemPackages)
|
||||
++ [
|
||||
((x: builtins.trace "machine.system.build.toplevel.inputDerivation: ${builtins.toString (lib.isPath x)}" x) machine.system.build.toplevel.inputDerivation)
|
||||
((x: builtins.trace "machine.system.build.etc.inputDerivation: ${builtins.toString (lib.isPath x)}" x) machine.system.build.etc.inputDerivation)
|
||||
((x: builtins.trace "machine.system.build.etcBasedir.inputDerivation: ${builtins.toString (lib.isPath x)}" x) machine.system.build.etcBasedir.inputDerivation)
|
||||
((x: builtins.trace "machine.system.build.etcMetadataImage.inputDerivation: ${builtins.toString (lib.isPath x)}" x) machine.system.build.etcMetadataImage.inputDerivation)
|
||||
((x: builtins.trace "machine.system.build.extraUtils.inputDerivation: ${builtins.toString (lib.isPath x)}" x) machine.system.build.extraUtils.inputDerivation)
|
||||
((x: builtins.trace "machine.system.path.inputDerivation: ${builtins.toString (lib.isPath x)}" x) machine.system.path.inputDerivation)
|
||||
((x: builtins.trace "machine.system.build.setEnvironment.inputDerivation: ${builtins.toString (lib.isPath x)}" x) machine.system.build.setEnvironment.inputDerivation)
|
||||
((x: builtins.trace "machine.system.build.vm.inputDerivation: ${builtins.toString (lib.isPath x)}" x) machine.system.build.vm.inputDerivation)
|
||||
((x: builtins.trace "machine.system.build.bootStage1.inputDerivation: ${builtins.toString (lib.isPath x)}" x) machine.system.build.bootStage1.inputDerivation)
|
||||
((x: builtins.trace "machine.system.build.bootStage2.inputDerivation: ${builtins.toString (lib.isPath x)}" x) machine.system.build.bootStage2.inputDerivation)
|
||||
pkgs.gnu-config
|
||||
# pkgs.gnu-config.inputDerivation
|
||||
pkgs.byacc
|
||||
# pkgs.byacc.inputDerivation
|
||||
pkgs.stdenv
|
||||
pkgs.stdenvNoCC
|
||||
sources.nixpkgs
|
||||
pkgs.vte
|
||||
|
||||
(
|
||||
## We build a whole NixOS system that contains the module
|
||||
## `system.extraDependenciesFromModule`, only to grab its
|
||||
## configuration and the store paths needed to build it and
|
||||
## dump them in `system.extraDependencies`.
|
||||
# see: https://git.fediversity.eu/Fediversity/Fediversity/pulls/338/files
|
||||
|
||||
pkgs.closureInfo {
|
||||
rootPaths = map (drv: drv.drvPath) (
|
||||
[
|
||||
machine.system.build.toplevel.inputDerivation
|
||||
machine.system.build.etc.inputDerivation
|
||||
machine.system.build.etcBasedir.inputDerivation
|
||||
machine.system.build.etcMetadataImage.inputDerivation
|
||||
machine.system.build.extraUtils.inputDerivation
|
||||
machine.system.path.inputDerivation
|
||||
machine.system.build.setEnvironment.inputDerivation
|
||||
machine.system.build.vm.inputDerivation
|
||||
machine.system.build.bootStage1.inputDerivation
|
||||
machine.system.build.bootStage2.inputDerivation
|
||||
]
|
||||
++ lib.concatMap (x: if x ? source.inputDerivation then [ x.source.inputDerivation ] else [ ]) (
|
||||
lib.attrValues machine.environment.etc
|
||||
)
|
||||
++ machine.environment.systemPackages
|
||||
);
|
||||
}
|
||||
)
|
||||
|
||||
]
|
||||
++ lib.concatLists (
|
||||
lib.mapAttrsToList (
|
||||
_k: v:
|
||||
if v ? source.inputDerivation then
|
||||
[
|
||||
# v.source.inputDerivation
|
||||
((x: builtins.trace "${builtins.toString (lib.attrNames v)}: ${builtins.toString (lib.isPath x.source.inputDerivation)}" x) v).source.inputDerivation
|
||||
]
|
||||
else
|
||||
[ ]
|
||||
) machine.environment.etc
|
||||
)
|
||||
);
|
||||
};
|
||||
|
||||
extraTestScript = ''
|
||||
|
|
@ -269,7 +209,7 @@ in
|
|||
with subtest("Run the deployment"):
|
||||
# target.fail("hello 1>&2")
|
||||
deployer.succeed("""
|
||||
${lib.getExe deployment.run}
|
||||
${deployment.run}
|
||||
""")
|
||||
# target.wait_for_unit("multi-user.target")
|
||||
# target.succeed("su - operator -c hello 1>&2")
|
||||
|
|
|
|||
|
|
@ -10,14 +10,17 @@ let
|
|||
inherit pathToRoot pathFromRoot;
|
||||
nodeName = "target";
|
||||
targetSystem = system;
|
||||
sshOpts = [ ];
|
||||
sshOpts = [
|
||||
"ConnectTimeout=1"
|
||||
"ServerAliveInterval=1"
|
||||
];
|
||||
};
|
||||
deploy =
|
||||
deployment =
|
||||
(import ../common/data-model.nix {
|
||||
inherit system;
|
||||
config = deployment-config;
|
||||
# opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call
|
||||
})."tf-deployment".tf-host.run;
|
||||
})."tf-deployment".tf-host;
|
||||
in
|
||||
{
|
||||
_class = "nixosTest";
|
||||
|
|
@ -36,7 +39,6 @@ in
|
|||
environment.systemPackages = with pkgs; [
|
||||
(pkgs.callPackage ../../run/tf-single-host/tf.nix { })
|
||||
jq
|
||||
deploy
|
||||
];
|
||||
|
||||
# needed only when building from deployer
|
||||
|
|
@ -55,7 +57,7 @@ in
|
|||
|
||||
with subtest("ssh: Run the deployment"):
|
||||
deployer.succeed("""
|
||||
${lib.getExe deploy}
|
||||
${deployment.run}
|
||||
""")
|
||||
target.wait_for_unit("multi-user.target")
|
||||
target.succeed("su - operator -c hello 1>&2")
|
||||
|
|
|
|||
|
|
@ -98,9 +98,9 @@ in
|
|||
{
|
||||
options.enable = lib.mkEnableOption "Hello in the shell";
|
||||
};
|
||||
implementation =
|
||||
cfg: {
|
||||
resources = lib.optionalAttrs cfg.enable {
|
||||
implementation = cfg: {
|
||||
input = cfg;
|
||||
output.resources = lib.optionalAttrs cfg.enable {
|
||||
hello.login-shell.packages.hello = pkgs.hello;
|
||||
};
|
||||
};
|
||||
|
|
@ -110,7 +110,8 @@ in
|
|||
{
|
||||
resources."operator-environment".login-shell.username = "operator";
|
||||
implementation = requests: {
|
||||
nixops4 = (
|
||||
input = requests;
|
||||
output.nixops4 =
|
||||
{ providers, ... }:
|
||||
{
|
||||
providers = {
|
||||
|
|
@ -133,8 +134,7 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ let
|
|||
lib.strings.toJSON v
|
||||
);
|
||||
|
||||
functionType = submodule ./function.nix;
|
||||
functionType = import ./function.nix;
|
||||
application-resources = submodule {
|
||||
options.resources = mkOption {
|
||||
# TODO: maybe transpose, and group the resources by type instead
|
||||
|
|
@ -87,73 +87,12 @@ let
|
|||
deployment-type = attrTag {
|
||||
ssh-host = mkOption {
|
||||
description = "A deployment by SSH to update a single existing NixOS host.";
|
||||
type = submodule (ssh-host: {
|
||||
type = submodule {
|
||||
options = {
|
||||
system = mkOption {
|
||||
description = "The architecture of the system to deploy to.";
|
||||
type = types.str;
|
||||
};
|
||||
inherit nixos-configuration;
|
||||
ssh = host-ssh;
|
||||
module = mkOption {
|
||||
description = "The module to call to obtain the NixOS configuration from.";
|
||||
type = types.str;
|
||||
};
|
||||
args = mkOption {
|
||||
description = "The arguments with which to call the module to obtain the NixOS configuration.";
|
||||
type = types.attrs;
|
||||
};
|
||||
deployment-name = mkOption {
|
||||
description = "The name of the deployment for which to obtain the NixOS configuration.";
|
||||
type = types.str;
|
||||
};
|
||||
root-path = mkOption {
|
||||
description = "The path to the root of the repository.";
|
||||
type = types.path;
|
||||
};
|
||||
run = mkOption {
|
||||
type = types.package;
|
||||
# error: The option `ssh-deployment.ssh-host.run' is read-only, but it's set multiple times.
|
||||
# readOnly = true;
|
||||
default =
|
||||
let
|
||||
inherit (ssh-host.config)
|
||||
system
|
||||
ssh
|
||||
module
|
||||
args
|
||||
deployment-name
|
||||
root-path
|
||||
;
|
||||
inherit (ssh)
|
||||
host
|
||||
username
|
||||
key-file
|
||||
sshOpts
|
||||
;
|
||||
environment = {
|
||||
key_file = key-file;
|
||||
deployment_name = deployment-name;
|
||||
root_path = root-path;
|
||||
ssh_opts = sshOpts;
|
||||
inherit
|
||||
system
|
||||
host
|
||||
username
|
||||
module
|
||||
args
|
||||
;
|
||||
deployment_type = "ssh-host";
|
||||
};
|
||||
in
|
||||
pkgs.writeShellScriptBin "deploy-ssh.sh" ''
|
||||
env ${
|
||||
toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") environment)
|
||||
} bash ./deployment/run/ssh-single-host/run.sh
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
nixops4 = mkOption {
|
||||
description = "A NixOps4 NixOS deployment. For an example, see https://github.com/nixops4/nixops4-nixos/blob/main/example/deployment.nix.";
|
||||
|
|
@ -257,7 +196,7 @@ let
|
|||
type = types.path;
|
||||
};
|
||||
run = mkOption {
|
||||
type = types.package;
|
||||
type = types.str;
|
||||
# error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times.
|
||||
# readOnly = true;
|
||||
default =
|
||||
|
|
@ -292,7 +231,7 @@ let
|
|||
};
|
||||
tf-env = pkgs.callPackage ./run/tf-proxmox/tf-env.nix { };
|
||||
in
|
||||
pkgs.writeShellScriptBin "deploy-ssh.sh" ''
|
||||
''
|
||||
env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
|
||||
tf_env=${tf-env} bash ./deployment/run/tf-proxmox/run.sh
|
||||
'';
|
||||
|
|
@ -364,19 +303,18 @@ in
|
|||
};
|
||||
resources = mkOption {
|
||||
description = "Compute resources required by an application";
|
||||
type = application.config.config-mapping.function-type;
|
||||
type = functionTo application.config.config-mapping.output-type;
|
||||
readOnly = true;
|
||||
default = application.config.config-mapping.apply;
|
||||
default = input: (application.config.implementation input).output;
|
||||
};
|
||||
# TODO(@fricklerhandwerk): this needs a better name
|
||||
# TODO(@fricklerhandwerk): this needs a better name, it's just the type
|
||||
config-mapping = mkOption {
|
||||
description = "Function type for the mapping from application configuration to required resources";
|
||||
type = functionType;
|
||||
type = submodule functionType;
|
||||
readOnly = true;
|
||||
default = {
|
||||
input-type = submodule application.config.module;
|
||||
output-type = application-resources;
|
||||
implementation = application.config.implementation;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
@ -408,7 +346,7 @@ in
|
|||
};
|
||||
resource-mapping = mkOption {
|
||||
description = "Function type for the mapping from resources to a deployment";
|
||||
type = functionType;
|
||||
type = submodule functionType;
|
||||
readOnly = true;
|
||||
default = {
|
||||
input-type = submodule {
|
||||
|
|
@ -422,37 +360,6 @@ in
|
|||
};
|
||||
};
|
||||
output-type = deployment-type;
|
||||
implementation = environment.config.implementation;
|
||||
};
|
||||
};
|
||||
config-mapping = mkOption {
|
||||
description = "Mapping from a configuration to a deployment";
|
||||
type = functionType;
|
||||
readOnly = true;
|
||||
default = {
|
||||
input-type = submodule {
|
||||
options = {
|
||||
deployment-name = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
configuration = mkOption {
|
||||
type = config.configuration;
|
||||
};
|
||||
};
|
||||
};
|
||||
output-type = deployment-type;
|
||||
implementation =
|
||||
{
|
||||
deployment-name,
|
||||
configuration,
|
||||
}:
|
||||
# TODO: check cfg.enable.true
|
||||
let
|
||||
required-resources = lib.mapAttrs (
|
||||
name: application-settings: config.applications.${name}.resources application-settings
|
||||
) configuration.applications;
|
||||
in
|
||||
environment.config.resource-mapping.apply { inherit required-resources deployment-name; };
|
||||
};
|
||||
};
|
||||
# TODO(@fricklerhandwerk): maybe this should be a separate thing such as `fediversity-setup`,
|
||||
|
|
@ -460,9 +367,21 @@ in
|
|||
# then the deployments can simply be the result of the function application baked into this module.
|
||||
deployment = mkOption {
|
||||
description = "Generate a deployment from a configuration, by applying an environment's resource policies to the applications' resource mappings";
|
||||
type = environment.config.config-mapping.function-type;
|
||||
type = functionTo (environment.config.resource-mapping.output-type);
|
||||
readOnly = true;
|
||||
default = environment.config.config-mapping.apply;
|
||||
default =
|
||||
{
|
||||
deployment-name,
|
||||
configuration,
|
||||
}:
|
||||
# TODO: check cfg.enable.true
|
||||
let
|
||||
required-resources = lib.mapAttrs (
|
||||
name: application-settings: config.applications.${name}.resources application-settings
|
||||
) configuration.applications;
|
||||
in
|
||||
(environment.config.implementation { inherit required-resources deployment-name; }).output;
|
||||
|
||||
};
|
||||
};
|
||||
})
|
||||
|
|
|
|||
|
|
@ -19,11 +19,6 @@ in
|
|||
type = optionType;
|
||||
};
|
||||
function-type = mkOption {
|
||||
type = optionType;
|
||||
readOnly = true;
|
||||
default = functionTo config.output-type;
|
||||
};
|
||||
wrapper-type = mkOption {
|
||||
type = optionType;
|
||||
readOnly = true;
|
||||
default = functionTo (submodule {
|
||||
|
|
@ -37,22 +32,5 @@ in
|
|||
};
|
||||
});
|
||||
};
|
||||
implementation = mkOption {
|
||||
type = config.function-type;
|
||||
default = _: { };
|
||||
};
|
||||
wrapper = mkOption {
|
||||
type = config.wrapper-type;
|
||||
readOnly = true;
|
||||
default = input: fn: {
|
||||
inherit input;
|
||||
output = config.implementation fn.config.input;
|
||||
};
|
||||
};
|
||||
apply = mkOption {
|
||||
type = config.function-type;
|
||||
readOnly = true;
|
||||
default = input: (config.wrapper input).output;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
2
deployment/run/ssh-single-host/run.sh
Executable file → Normal file
2
deployment/run/ssh-single-host/run.sh
Executable file → Normal file
|
|
@ -39,7 +39,7 @@ NIX_SSHOPTS="${sshOpts[*]}" nix-copy-closure --to "$destination" "$outPath" --gz
|
|||
# shellcheck disable=SC2029
|
||||
ssh "${sshOpts[@]}" "$destination" "nix-env --profile /nix/var/nix/profiles/system --set $outPath"
|
||||
# shellcheck disable=SC2029
|
||||
output=$(ssh -o "ConnectTimeout=1" -o "ServerAliveInterval=1" "${sshOpts[@]}" "$destination" "nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
|
||||
output=$(ssh "${sshOpts[@]}" "$destination" "nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
|
||||
echo "output: $output"
|
||||
if [[ $output != *"Timeout, server $host not responding"* ]]; then
|
||||
echo "non-timeout error: $output"
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue