WIP: overlay proxmox to use regular nixpkgs version

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>
factor out TF run.sh (#552 )
2025-10-26 23:19:13 +01:00 · 2025-10-26 20:46:45 +01:00
13 changed files with 130 additions and 164 deletions
--- a/deployment/check/data-model-tf-proxmox/default.nix
+++ b/deployment/check/data-model-tf-proxmox/default.nix
@ -1,34 +1,8 @@
 {
  pkgs,
  inputs,
  sources,
  system,
 }:
 let
  pkgs = import sources.nixpkgs-stable {
    inherit system;
    overlays = [ overlay ];
  };
  overlay = _: prev: {
    terraform-backend =
      prev.callPackage "${sources.nixpkgs-unstable}/pkgs/by-name/te/terraform-backend/package.nix"
        { };
    inherit
      (import "${sources.proxmox-nixos}/pkgs" {
        craneLib = pkgs.callPackage "${sources.crane}/lib" { };
        # breaks from https://github.com/NixOS/nixpkgs/commit/06b354eb2dc535c57e9b4caaa16d79168f117a26,
        # which updates libvncserver to 0.9.15, which was not yet patched at https://git.proxmox.com/?p=vncterm.git.
        inherit pkgs;
        # not so picky about version for our purposes
        pkgs-unstable = pkgs;
      })
      proxmox-ve
      pve-manager
      pve-ha-manager
      pve-qemu
      ;
  };
 in
 pkgs.testers.runNixOSTest {
  node.specialArgs = {
    inherit
--- a/deployment/check/data-model-tf-proxmox/nixosTest.nix
+++ b/deployment/check/data-model-tf-proxmox/nixosTest.nix
@ -59,8 +59,6 @@ in
  _class = "nixosTest";
  name = "deployment-model";
  sourceFileset = lib.fileset.unions [
    ../../run/tf-proxmox-template/run.sh
    ../../run/tf-proxmox-vm/run.sh
    ../../run/tf-proxmox-vm/await-ssh.sh
  ];
--- a/deployment/check/data-model-tf/data-model.nix
+++ b/deployment/check/data-model-tf/data-model.nix
@ -42,7 +42,7 @@ in
              ssh = {
                username = "root";
                host = nodeName;
-                key-file = null;
+                key-file = "";
                inherit sshOpts;
              };
              caller = "deployment/check/data-model-tf/data-model.nix";
--- a/deployment/check/data-model-tf/nixosTest.nix
+++ b/deployment/check/data-model-tf/nixosTest.nix
@ -30,9 +30,6 @@ in
 {
  _class = "nixosTest";
  name = "deployment-model";
  sourceFileset = lib.fileset.unions [
    ../../run/tf-single-host/run.sh
  ];
  nodes.deployer =
    { ... }:
@ -71,7 +68,7 @@ in
      deployer.wait_for_unit("multi-user.target")
      deployer.succeed("curl -u basic:fake-secret -X GET http://localhost:8080/state/project1/example")
      output = deployer.fail("""
-        ${lib.getExe deploy}
+        ${lib.getExe deploy} 2>&1
      """)
      assert "Timeout, server ${nodeName} not responding" in output
      target.wait_for_unit("multi-user.target")
--- a/deployment/check/proxmox/default.nix
+++ b/deployment/check/proxmox/default.nix
@ -1,30 +1,8 @@
 {
-  runNixOSTest,
+  pkgs,
  sources,
  system,
 }:
-
+pkgs.testers.runNixOSTest {
 let
  pkgs = import sources.nixpkgs-stable {
    inherit system;
    overlays = [ overlay ];
  };
  overlay = _: _: {
    inherit
      (import "${sources.proxmox-nixos}/pkgs" {
        craneLib = pkgs.callPackage "${sources.crane}/lib" { };
        # breaks from https://github.com/NixOS/nixpkgs/commit/06b354eb2dc535c57e9b4caaa16d79168f117a26,
        # which updates libvncserver to 0.9.15, which was not yet patched at https://git.proxmox.com/?p=vncterm.git.
        inherit pkgs;
        # not so picky about version for our purposes
        pkgs-unstable = pkgs;
      })
      proxmox-ve
      pve-ha-manager
      ;
  };
 in
 runNixOSTest {
  node.specialArgs = {
    inherit
      sources
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@ -19,15 +19,7 @@ let
    str
    submodule
    ;
-  inherit (pkgs.callPackage ./utils.nix { }) toBash;
+  inherit (pkgs.callPackage ./utils.nix { }) toBash withPackages tfApply;
  withPackages = packages: {
    makeWrapperArgs = [
      "--prefix"
      "PATH"
      ":"
      "${lib.makeBinPath packages}"
    ];
  };
  writeConfig =
    {
      system,
@ -246,6 +238,10 @@ let
                  key-file
                  sshOpts
                  ;
              in
              tfApply {
                inherit httpBackend;
                directory = "tf-single-host";
                environment = {
                  key_file = key-file;
                  ssh_opts = sshOpts;
@ -264,22 +260,7 @@ let
                    deployment-type = "tf-host";
                  };
                };
                tf-env = pkgs.callPackage ./run/tf-env.nix {
                  inherit httpBackend;
                  tfPackage = pkgs.callPackage ./run/tf-single-host/tf.nix { };
                  tfDirs = [ "deployment/run/tf-single-host" ];
              };
              in
              pkgs.writers.writeBashBin "deploy-tf.sh"
                (withPackages [
                  pkgs.jq
                  (pkgs.callPackage ./run/tf-single-host/tf.nix { })
                ])
                ''
                  env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
                  ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
                  tf_env=${tf-env} bash ./deployment/run/tf-single-host/run.sh
                '';
          };
        };
      });
@ -344,19 +325,10 @@ let
                  node_name = node-name;
                  image_datastore_id = imageDatastoreId;
                };
                tf-env = pkgs.callPackage ./run/tf-env.nix {
                  inherit httpBackend;
                  tfPackage = pkgs.callPackage ./run/tf-proxmox-template/tf.nix { };
                  tfDirs = [
                    "deployment/run/tf-proxmox-template"
                  ];
                };
              in
              lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox-template.sh"
                (withPackages [
                  pkgs.jq
                  pkgs.qemu
                  (pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { })
                ])
                ''
                  set -e
@ -369,11 +341,13 @@ let
                  ls -l /tmp/${name}.qcow2 >&2
                  checksum="$(sha256sum /tmp/${name}.qcow2 | cut -d " " -f1)"
-                  env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
+                  env \
                  ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
                  TF_VAR_image=/tmp/${name}.qcow2 \
                  TF_VAR_checksum="$checksum" \
-                  tf_env=${tf-env} bash ./deployment/run/tf-proxmox-template/run.sh
+                  ${lib.getExe (tfApply {
                    inherit httpBackend environment;
                    directory = "tf-proxmox-template";
                  })}
                '';
          };
        };
@ -531,33 +505,12 @@ let
                  ipv6_gateway = ipv6Gateway;
                  ipv6_address = ipv6Address;
                };
                tf-env = pkgs.callPackage ./run/tf-env.nix {
                  inherit httpBackend;
                  tfPackage = pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { };
                  tfDirs = [
                    "deployment/run/tf-single-host"
                    "deployment/run/tf-proxmox-vm"
                  ];
                };
              in
-              lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox-vm.sh"
+              lib.trace (lib.strings.toJSON environment) (tfApply {
-                (withPackages [
+                inherit httpBackend environment;
-                  pkgs.jq
+                directory = "tf-proxmox-vm";
-                  pkgs.qemu
+                dependentDirs = [ "tf-single-host" ];
-                  (pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { })
+              });
                ])
                ''
                  set -e
                  env ${
                    toString (
                      lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") (
                        lib.filterAttrs (_: v: v != null) environment
                      )
                    )
                  } \
                  ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
                  tf_env=${tf-env} bash ./deployment/run/tf-proxmox-vm/run.sh
                '';
          };
        };
      });
--- a/deployment/flake-part.nix
+++ b/deployment/flake-part.nix
@ -8,8 +8,7 @@
    {
      checks = {
        proxmox-basic = import ./check/proxmox {
-          inherit (pkgs.testers) runNixOSTest;
+          inherit pkgs sources;
          inherit sources system;
        };
        deployment-basic = import ./check/basic {
@ -42,7 +41,7 @@
        };
        deployment-model-tf-proxmox = import ./check/data-model-tf-proxmox {
-          inherit inputs sources system;
+          inherit pkgs inputs sources;
        };
      };
    };
--- a/deployment/run/tf-proxmox-template/run.sh
+++ b/deployment/run/tf-proxmox-template/run.sh
@ -1,7 +0,0 @@
 #! /usr/bin/env bash
 set -euo pipefail
 declare tf_env
 cd "${tf_env}/deployment/run/tf-proxmox-template"
 tofu apply --auto-approve -input=false -parallelism=1 >&2
 tofu output -json
--- a/deployment/run/tf-proxmox-vm/run.sh
+++ b/deployment/run/tf-proxmox-vm/run.sh
@ -1,8 +0,0 @@
 #! /usr/bin/env bash
 set -euo pipefail
 declare tf_env
 cd "${tf_env}/deployment/run/tf-proxmox-vm"
 # parallelism=1: limit OOM risk
 tofu apply --auto-approve -input=false -parallelism=1 >&2
 tofu output -json
--- a/deployment/run/tf-single-host/run.sh
+++ b/deployment/run/tf-single-host/run.sh
@ -1,7 +0,0 @@
 #! /usr/bin/env bash
 set -euo pipefail
 declare tf_env
 cd "${tf_env}/deployment/run/tf-single-host"
 # parallelism=1: limit OOM risk
 tofu apply --auto-approve -parallelism=1
--- a/deployment/utils.nix
+++ b/deployment/utils.nix
@ -4,7 +4,7 @@
  inputs ? null,
  ...
 }:
-{
+rec {
  evalModel =
    module:
    (lib.evalModules {
@ -17,6 +17,7 @@
        module
      ];
    }).config;
  toBash =
    v:
    lib.replaceStrings [ "\"" ] [ "\\\"" ] (
@ -27,4 +28,51 @@
      else
        lib.strings.toJSON v
    );
  withPackages = packages: {
    makeWrapperArgs = [
      "--prefix"
      "PATH"
      ":"
      "${lib.makeBinPath packages}"
    ];
  };
  tfApply =
    {
      directory,
      httpBackend,
      dependentDirs ? [ ],
      environment ? { },
      # limit OOM risk
      parallelism ? 1,
    }:
    let
      env-vars = ''
        ${
          toString (
            lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") (
              lib.filterAttrs (_: v: v != null) environment
            )
          )
        } \
        ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
      '';
      tfPackage = pkgs.callPackage ./run/${directory}/tf.nix { };
      tf-env = pkgs.callPackage ./run/tf-env.nix {
        inherit httpBackend tfPackage;
        tfDirs = lib.lists.map (dir: "deployment/run/${dir}") ([ directory ] ++ dependentDirs);
      };
    in
    pkgs.writers.writeBashBin "tf-apply.sh"
      (withPackages [
        tfPackage
        pkgs.jq
      ])
      ''
        set -e
        dir="${tf-env}/deployment/run/${directory}"
        env ${env-vars} tofu -chdir="$dir" apply --auto-approve -parallelism=${builtins.toString parallelism} >&2
        env ${env-vars} tofu -chdir="$dir" output -json
      '';
 }
--- a/mkFlake.nix
+++ b/mkFlake.nix
@ -8,7 +8,7 @@
 ## contained two distinct helpers for migrating away from flakes)? cf
 ## https://git.fediversity.eu/Fediversity/Fediversity/pulls/447#issuecomment-8671
-inputs@{ self, ... }:
+inputs@{ self, system, ... }:
 let
  sources = import ./npins;
@ -17,16 +17,54 @@ let
  # XXX(@fricklerhandwerk): this atrocity is required to splice in a foreign Nixpkgs via flake-parts
  # XXX - this is just importing a flake
  nixpkgs = import-flake { src = sources.nixpkgs; };
  overlays = [
    # https://github.com/SaumonNet/proxmox-nixos/issues/188
    (
      _: prev:
      let
        # override nixpkgs versions in proxmox-nixos
        pm = import "${sources.proxmox-nixos}/pkgs" {
          craneLib = prev.callPackage "${sources.crane}/lib" { };
          pkgs = prev;
          pkgs-unstable = prev;
        };
        vncterm = pm.vncterm.override {
          libvncserver = prev.libvncserver.overrideAttrs (_: {
            version = "0.9.14";
            src = sources.libvncserver;
          });
        };
        pve-qemu-server = pm.pve-qemu-server.override { inherit vncterm; };
        pve-ha-manager = pm.pve-ha-manager.override { inherit pve-qemu-server; };
        pve-manager = pm.pve-manager.override { inherit pve-ha-manager; };
        proxmox-ve = pm.proxmox-ve.override {
          inherit
            pve-ha-manager
            pve-manager
            pve-qemu-server
            vncterm
            ;
        };
      in
      {
        inherit
          proxmox-ve
          pve-ha-manager
          ;
      }
    )
  ];
  pkgs = import nixpkgs { inherit system overlays; };
  # XXX - this overrides the inputs attached to `self`
  inputs' = self.inputs // {
-    nixpkgs = nixpkgs;
+    nixpkgs = pkgs;
  };
  self' = self // {
    inputs = inputs';
  };
-  inherit (nixpkgs) lib outPath;
+  inherit (pkgs) lib outPath;
  flake-parts-lib = import "${sources.flake-parts}/lib.nix" { inherit lib; };
 in
@ -37,7 +75,7 @@ flake-parts-lib.mkFlake
    # XXX - finally we override the overall set of `inputs` -- we need both:
    #       `flake-parts obtains `nixpkgs` from `self.inputs` and not from `inputs`.
    inputs = inputs // {
-      inherit nixpkgs;
+      nixpkgs = pkgs;
    };
    self = self';
    specialArgs = {
--- a/npins/sources.json
+++ b/npins/sources.json
@ -141,6 +141,22 @@
      "url": "https://api.github.com/repos/bigskysoftware/htmx/tarball/v2.0.4",
      "hash": "1c4zm3b7ym01ijydiss4amd14mv5fbgp1n71vqjk4alc35jlnqy2"
    },
    "libvncserver": {
      "type": "GitRelease",
      "repository": {
        "type": "GitHub",
        "owner": "LibVNC",
        "repo": "libvncserver"
      },
      "pre_releases": false,
      "version_upper_bound": null,
      "release_prefix": null,
      "submodules": false,
      "version": "LibVNCServer-0.9.14",
      "revision": "10e9eb75f73e973725dc75c373de5d89807af028",
      "url": "https://api.github.com/repos/LibVNC/libvncserver/tarball/LibVNCServer-0.9.14",
      "hash": "1x2nki6hyrafhc0j95d3v717hhmn4r6cx9qynj0rxyg94iw5k9cj"
    },
    "nix-unit": {
      "type": "Git",
      "repository": {
@ -167,19 +183,6 @@
      "url": "https://github.com/nixos/nixpkgs/archive/f33a4d26226c05d501b9d4d3e5e60a3a59991921.tar.gz",
      "hash": "1b6dm1sn0bdpcsmxna0zzspjaixa2dald08005fry5jrbjvwafdj"
    },
    "nixpkgs-stable": {
      "type": "Git",
      "repository": {
        "type": "GitHub",
        "owner": "nixos",
        "repo": "nixpkgs"
      },
      "branch": "nixos-25.05",
      "submodules": false,
      "revision": "a1ae8ef72f64a845ecce5c6dcf65d546bf7deeb4",
      "url": "https://github.com/nixos/nixpkgs/archive/a1ae8ef72f64a845ecce5c6dcf65d546bf7deeb4.tar.gz",
      "hash": "0d7lp30wyy5647gpm8rnihvdcpmgmfr9c5yg4fhl31lsg8mlbg16"
    },
    "nixpkgs-unstable": {
      "type": "Git",
      "repository": {
Author	SHA1	Message	Date
Kiara Grouwstra	cecdf38ad5	WIP: overlay proxmox to use regular nixpkgs version Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>	2025-10-26 23:19:13 +01:00
Kiara Grouwstra	d1611a0946	factor out TF `run.sh` (#552 ) Reviewed-on: fediversity/fediversity#552	2025-10-26 20:46:45 +01:00