actually pass a priority level fitting my description

use defaultOverridePriority over mkDefault to fix acme error without cashing with settings from tests
use mkDefault to prevent acme clash in tests
2025-07-05 22:14:02 +02:00 · 2025-07-05 21:29:12 +02:00 · 2025-07-04 19:30:18 +02:00 · 2025-07-04 15:45:17 +02:00
6 changed files with 60 additions and 162 deletions
--- a/.forgejo/workflows/update.yaml
+++ b/.forgejo/workflows/update.yaml
@ -15,9 +15,8 @@ jobs:
      - name: Update pins
        run: nix-shell --run "npins update"
      - name: Create PR
-        uses: https://github.com/KiaraGrouwstra/gitea-create-pull-request@f9f80aa5134bc5c03c38f5aaa95053492885b397
+        uses: peter-evans/create-pull-request@v7
        with:
          remote-instance-api-version: v1
          token: "${{ secrets.DEPLOY_KEY }}"
          branch: npins-update
          commit-message: "npins: update sources"
--- a/deployment/data-model-test.nix
+++ b/deployment/data-model-test.nix
@ -1,13 +1,9 @@
 let
-  inherit (import ../default.nix { }) pkgs inputs;
+  inherit (import ../default.nix { }) pkgs;
  inherit (pkgs) lib;
  inherit (lib) mkOption;
  eval =
    module:
    (lib.evalModules {
      specialArgs = {
        inherit inputs;
      };
      modules = [
        module
        ./data-model.nix
@ -20,51 +16,32 @@ in
  test-eval = {
    expr =
      let
-        fediversity = eval (
+        example = eval {
-          { config, ... }:
+          runtime-environments.bar.nixos = {
          {
            config = {
              applications.hello =
                { ... }:
                {
                  description = ''Command-line tool that will print "Hello, world!" on the terminal'';
            module =
              { ... }:
              {
-                      options = {
+                system.stateVersion = "25.05";
                        enable = lib.mkEnableOption "Hello in the shell";
              };
          };
-                  implementation =
+          applications.foo = {
-                    cfg:
+            module =
-                    lib.optionalAttrs cfg.enable {
+              { pkgs, ... }:
-                      dummy.login-shell.packages.hello = pkgs.hello;
+              {
                environment.systemPackages = [
                  pkgs.hello
                ];
              };
          };
        };
            options = {
              example-configuration = mkOption {
                type = config.configuration;
                readOnly = true;
                default = {
                  enable = true;
                  applications.hello.enable = true;
                };
              };
            };
          }
        );
      in
      {
-        inherit (fediversity)
+        has-runtime = lib.isAttrs example.runtime-environments.bar.nixos.module;
-          example-configuration
+        has-application = lib.isAttrs example.applications.foo.module;
          ;
      };
    expected = {
-      example-configuration = {
+      has-runtime = true;
-        enable = true;
+      has-application = true;
        applications.hello.enable = true;
      };
    };
  };
 }
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@ -1,89 +1,45 @@
 {
  lib,
  config,
  ...
 }:
 let
-  inherit (lib) mkOption types;
+  inherit (lib) types mkOption;
  inherit (lib.types)
    attrsOf
    attrTag
    deferredModuleWith
    submodule
    optionType
    functionTo
    ;
  functionType = import ./function.nix;
  application-resources = {
    options.resources = mkOption {
      # TODO: maybe transpose, and group the resources by type instead
      type = attrsOf (
        attrTag (lib.mapAttrs (_name: resource: mkOption { type = resource.request; }) config.resources)
      );
    };
  };
 in
 with types;
 {
  _class = "nixops4Deployment";
  options = {
    runtime-environments = mkOption {
      description = "Collection of runtime environments into which applications can be deployed";
      type = attrsOf (attrTag {
        nixos = mkOption {
          description = "A single NixOS machine";
          type = submodule {
            options = {
              module = mkOption {
                description = "The NixOS module describing the base configuration for that machine";
                type = deferredModule;
              };
            };
          };
        };
      });
    };
    applications = mkOption {
      description = "Collection of Fediversity applications";
-      type = attrsOf (
+      type = attrsOf (submoduleWith {
-        submodule (application: {
+        modules = [
-          _class = "fediversity-application";
+          {
            options = {
            description = mkOption {
              description = "Description to be shown in the application overview";
              type = types.str;
            };
              module = mkOption {
-              description = "Operator-facing configuration options for the application";
+                description = "The NixOS module for that application, for configuring that application";
-              type = deferredModuleWith { staticModules = [ { _class = "fediversity-application-config"; } ]; };
+                type = deferredModule;
            };
            implementation = mkOption {
              description = "Mapping of application configuration to deployment resources, a description of what an application needs to run";
              type = application.config.config-mapping.function-type;
            };
            resources = mkOption {
              description = "Compute resources required by an application";
              type = functionTo application.config.config-mapping.output-type;
              readOnly = true;
              default = input: (application.config.implementation input).output;
            };
            config-mapping = mkOption {
              description = "Function type for the mapping from application configuration to required resources";
              type = submodule functionType;
              readOnly = true;
              default = {
                input-type = application.config.module;
                output-type = application-resources;
              };
            };
          };
        })
      );
    };
    configuration = mkOption {
      description = "Configuration type declaring options to be set by operators";
      type = optionType;
      readOnly = true;
      default = submodule {
        options = {
          enable = lib.mkEnableOption {
            description = "your Fediversity configuration";
          };
          applications = lib.mapAttrs (
            _name: application:
            mkOption {
              description = application.description;
              type = submodule application.module;
              default = { };
          }
-          ) config.applications;
+        ];
-        };
+      });
      };
    };
  };
 }
--- a/deployment/function.nix
+++ b/deployment/function.nix
@ -1,37 +0,0 @@
 /**
  Modular function type
 */
 { config, lib, ... }:
 let
  inherit (lib) mkOption types;
  inherit (types)
    deferredModule
    submodule
    functionTo
    optionType
    ;
 in
 {
  options = {
    input-type = mkOption {
      type = deferredModule;
    };
    output-type = mkOption {
      type = deferredModule;
    };
    function-type = mkOption {
      type = optionType;
      readOnly = true;
      default = functionTo (submodule {
        options = {
          input = mkOption {
            type = submodule config.input-type;
          };
          output = mkOption {
            type = submodule config.output-type;
          };
        };
      });
    };
  };
 }
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@ -202,8 +202,11 @@ in
      };
    };
-    # needed to place a config file with home-manager
+    users.users.${name} = {
-    users.users.${name}.isNormalUser = true;
+      # TODO[Niols]: change to system user or document why we specifically
      # need a normal user.
      isNormalUser = true;
    };
    users.groups.${name} = { };
    systemd.services.${name} = {
--- a/services/fediversity/default.nix
+++ b/services/fediversity/default.nix
@ -69,11 +69,11 @@ in
  config = {
    ## FIXME: This should clearly go somewhere else; and we should have a
    ## `staging` vs. `production` setting somewhere.
-    security.acme = {
+    # use a priority higher than mkDefault for panel deployment to work,
    # yet lower than default so this will not clash with the setting in tests.
    security.acme = lib.modules.mkOverride 900 {
      acceptTerms = true;
-      # use a priority more urgent than mkDefault for panel deployment to work,
+      defaults.email = "something@fediversity.net";
      # yet looser than default so this will not clash with the setting in tests.
      defaults.email = lib.modules.mkOverride 200 "something@fediversity.net";
      # defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
    };
  };
Author	SHA1	Message	Date
Kiara Grouwstra	cc85ec2fc5	actually pass a priority level fitting my description	2025-07-05 22:14:02 +02:00
Kiara Grouwstra	baaa990513	use defaultOverridePriority over mkDefault to fix acme error without cashing with settings from tests	2025-07-05 21:29:12 +02:00
Kiara Grouwstra	433d0dc278	use mkDefault to prevent acme clash in tests	2025-07-04 19:30:18 +02:00
Kiara Grouwstra	fb376b4684	reinstate acme settings needed by applications	2025-07-04 15:45:17 +02:00