rm flake-parts

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>
factor out TF run.sh (#552 )
2025-10-26 22:49:33 +01:00 · 2025-10-26 20:46:45 +01:00
14 changed files with 342 additions and 462 deletions
--- a/deployment/check/data-model-tf-proxmox/nixosTest.nix
+++ b/deployment/check/data-model-tf-proxmox/nixosTest.nix
@ -59,8 +59,6 @@ in
  _class = "nixosTest";
  name = "deployment-model";
  sourceFileset = lib.fileset.unions [
    ../../run/tf-proxmox-template/run.sh
    ../../run/tf-proxmox-vm/run.sh
    ../../run/tf-proxmox-vm/await-ssh.sh
  ];
--- a/deployment/check/data-model-tf/data-model.nix
+++ b/deployment/check/data-model-tf/data-model.nix
@ -42,7 +42,7 @@ in
              ssh = {
                username = "root";
                host = nodeName;
-                key-file = null;
+                key-file = "";
                inherit sshOpts;
              };
              caller = "deployment/check/data-model-tf/data-model.nix";
--- a/deployment/check/data-model-tf/nixosTest.nix
+++ b/deployment/check/data-model-tf/nixosTest.nix
@ -30,9 +30,6 @@ in
 {
  _class = "nixosTest";
  name = "deployment-model";
  sourceFileset = lib.fileset.unions [
    ../../run/tf-single-host/run.sh
  ];
  nodes.deployer =
    { ... }:
@ -71,7 +68,7 @@ in
      deployer.wait_for_unit("multi-user.target")
      deployer.succeed("curl -u basic:fake-secret -X GET http://localhost:8080/state/project1/example")
      output = deployer.fail("""
-        ${lib.getExe deploy}
+        ${lib.getExe deploy} 2>&1
      """)
      assert "Timeout, server ${nodeName} not responding" in output
      target.wait_for_unit("multi-user.target")
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@ -19,15 +19,7 @@ let
    str
    submodule
    ;
-  inherit (pkgs.callPackage ./utils.nix { }) toBash;
+  inherit (pkgs.callPackage ./utils.nix { }) toBash withPackages tfApply;
  withPackages = packages: {
    makeWrapperArgs = [
      "--prefix"
      "PATH"
      ":"
      "${lib.makeBinPath packages}"
    ];
  };
  writeConfig =
    {
      system,
@ -246,6 +238,10 @@ let
                  key-file
                  sshOpts
                  ;
              in
              tfApply {
                inherit httpBackend;
                directory = "tf-single-host";
                environment = {
                  key_file = key-file;
                  ssh_opts = sshOpts;
@ -264,22 +260,7 @@ let
                    deployment-type = "tf-host";
                  };
                };
-                tf-env = pkgs.callPackage ./run/tf-env.nix {
+              };
                  inherit httpBackend;
                  tfPackage = pkgs.callPackage ./run/tf-single-host/tf.nix { };
                  tfDirs = [ "deployment/run/tf-single-host" ];
                };
              in
              pkgs.writers.writeBashBin "deploy-tf.sh"
                (withPackages [
                  pkgs.jq
                  (pkgs.callPackage ./run/tf-single-host/tf.nix { })
                ])
                ''
                  env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
                  ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
                  tf_env=${tf-env} bash ./deployment/run/tf-single-host/run.sh
                '';
          };
        };
      });
@ -344,19 +325,10 @@ let
                  node_name = node-name;
                  image_datastore_id = imageDatastoreId;
                };
                tf-env = pkgs.callPackage ./run/tf-env.nix {
                  inherit httpBackend;
                  tfPackage = pkgs.callPackage ./run/tf-proxmox-template/tf.nix { };
                  tfDirs = [
                    "deployment/run/tf-proxmox-template"
                  ];
                };
              in
              lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox-template.sh"
                (withPackages [
                  pkgs.jq
                  pkgs.qemu
                  (pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { })
                ])
                ''
                  set -e
@ -369,11 +341,13 @@ let
                  ls -l /tmp/${name}.qcow2 >&2
                  checksum="$(sha256sum /tmp/${name}.qcow2 | cut -d " " -f1)"
-                  env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
+                  env \
                  ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
                  TF_VAR_image=/tmp/${name}.qcow2 \
                  TF_VAR_checksum="$checksum" \
-                  tf_env=${tf-env} bash ./deployment/run/tf-proxmox-template/run.sh
+                  ${lib.getExe (tfApply {
                    inherit httpBackend environment;
                    directory = "tf-proxmox-template";
                  })}
                '';
          };
        };
@ -531,33 +505,12 @@ let
                  ipv6_gateway = ipv6Gateway;
                  ipv6_address = ipv6Address;
                };
                tf-env = pkgs.callPackage ./run/tf-env.nix {
                  inherit httpBackend;
                  tfPackage = pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { };
                  tfDirs = [
                    "deployment/run/tf-single-host"
                    "deployment/run/tf-proxmox-vm"
                  ];
                };
              in
-              lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox-vm.sh"
+              lib.trace (lib.strings.toJSON environment) (tfApply {
-                (withPackages [
+                inherit httpBackend environment;
-                  pkgs.jq
+                directory = "tf-proxmox-vm";
-                  pkgs.qemu
+                dependentDirs = [ "tf-single-host" ];
-                  (pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { })
+              });
                ])
                ''
                  set -e
                  env ${
                    toString (
                      lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") (
                        lib.filterAttrs (_: v: v != null) environment
                      )
                    )
                  } \
                  ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
                  tf_env=${tf-env} bash ./deployment/run/tf-proxmox-vm/run.sh
                '';
          };
        };
      });
--- a/deployment/flake-part.nix
+++ b/deployment/flake-part.nix
@ -1,49 +0,0 @@
 { inputs, sources, ... }:
 {
  _class = "flake";
  perSystem =
    { pkgs, system, ... }:
    {
      checks = {
        proxmox-basic = import ./check/proxmox {
          inherit (pkgs.testers) runNixOSTest;
          inherit sources system;
        };
        deployment-basic = import ./check/basic {
          inherit (pkgs.testers) runNixOSTest;
          inherit pkgs inputs sources;
        };
        deployment-cli = import ./check/cli {
          inherit (pkgs.testers) runNixOSTest;
          inherit pkgs inputs sources;
        };
        deployment-panel = import ./check/panel {
          inherit (pkgs.testers) runNixOSTest;
          inherit pkgs inputs sources;
        };
        deployment-model-ssh = import ./check/data-model-ssh {
          inherit (pkgs.testers) runNixOSTest;
          inherit pkgs inputs sources;
        };
        deployment-model-nixops4 = import ./check/data-model-nixops4 {
          inherit (pkgs.testers) runNixOSTest;
          inherit pkgs inputs sources;
        };
        deployment-model-tf = import ./check/data-model-tf {
          inherit inputs sources system;
        };
        deployment-model-tf-proxmox = import ./check/data-model-tf-proxmox {
          inherit inputs sources system;
        };
      };
    };
 }
--- a/deployment/run/tf-proxmox-template/run.sh
+++ b/deployment/run/tf-proxmox-template/run.sh
@ -1,7 +0,0 @@
 #! /usr/bin/env bash
 set -euo pipefail
 declare tf_env
 cd "${tf_env}/deployment/run/tf-proxmox-template"
 tofu apply --auto-approve -input=false -parallelism=1 >&2
 tofu output -json
--- a/deployment/run/tf-proxmox-vm/run.sh
+++ b/deployment/run/tf-proxmox-vm/run.sh
@ -1,8 +0,0 @@
 #! /usr/bin/env bash
 set -euo pipefail
 declare tf_env
 cd "${tf_env}/deployment/run/tf-proxmox-vm"
 # parallelism=1: limit OOM risk
 tofu apply --auto-approve -input=false -parallelism=1 >&2
 tofu output -json
--- a/deployment/run/tf-single-host/run.sh
+++ b/deployment/run/tf-single-host/run.sh
@ -1,7 +0,0 @@
 #! /usr/bin/env bash
 set -euo pipefail
 declare tf_env
 cd "${tf_env}/deployment/run/tf-single-host"
 # parallelism=1: limit OOM risk
 tofu apply --auto-approve -parallelism=1
--- a/deployment/utils.nix
+++ b/deployment/utils.nix
@ -4,7 +4,7 @@
  inputs ? null,
  ...
 }:
-{
+rec {
  evalModel =
    module:
    (lib.evalModules {
@ -17,6 +17,7 @@
        module
      ];
    }).config;
  toBash =
    v:
    lib.replaceStrings [ "\"" ] [ "\\\"" ] (
@ -27,4 +28,51 @@
      else
        lib.strings.toJSON v
    );
  withPackages = packages: {
    makeWrapperArgs = [
      "--prefix"
      "PATH"
      ":"
      "${lib.makeBinPath packages}"
    ];
  };
  tfApply =
    {
      directory,
      httpBackend,
      dependentDirs ? [ ],
      environment ? { },
      # limit OOM risk
      parallelism ? 1,
    }:
    let
      env-vars = ''
        ${
          toString (
            lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") (
              lib.filterAttrs (_: v: v != null) environment
            )
          )
        } \
        ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
      '';
      tfPackage = pkgs.callPackage ./run/${directory}/tf.nix { };
      tf-env = pkgs.callPackage ./run/tf-env.nix {
        inherit httpBackend tfPackage;
        tfDirs = lib.lists.map (dir: "deployment/run/${dir}") ([ directory ] ++ dependentDirs);
      };
    in
    pkgs.writers.writeBashBin "tf-apply.sh"
      (withPackages [
        tfPackage
        pkgs.jq
      ])
      ''
        set -e
        dir="${tf-env}/deployment/run/${directory}"
        env ${env-vars} tofu -chdir="$dir" apply --auto-approve -parallelism=${builtins.toString parallelism} >&2
        env ${env-vars} tofu -chdir="$dir" output -json
      '';
 }
--- a/flake.nix
+++ b/flake.nix
@ -6,53 +6,288 @@
  outputs =
    inputs:
    let
      sources = import ./npins;
      inherit (sources) nixpkgs;
      architectures = [
        "x86_64-linux"
      ];
      lib = import "${nixpkgs}/lib";
      forSystem = lib.genAttrs architectures;
      overlays = [ ];
      pkgsFor = forSystem (system: import nixpkgs { inherit system overlays; });
      forPkgs =
        f:
        forSystem (
          system:
          f {
            inherit system;
            pkgs = pkgsFor.${system};
          }
        );
      keys = import ./keys;
      secrets = import ./secrets;
      inherit (builtins) readDir readFile fromJSON;
      inherit (lib)
        attrNames
        mkOption
        evalModules
        filterAttrs
        mapAttrs'
        deepSeq
        ;
      inherit (lib.attrsets) genAttrs;
      commonResourceModule = {
        # TODO(@fricklerhandwerk): this is terrible but IMO we should just ditch
        # flake-parts and have our own data model for how the project is organised
        # internally
        _module.args = {
          inherit
            inputs
            keys
            secrets
            sources
            ;
        };
        ## FIXME: It would be preferrable to have those `sources`-related imports in
        ## the modules that use them. However, doing so triggers infinite recursions
        ## because of the way we propagate `sources`. `sources` must be propagated by
        ## means of `specialArgs`, but this requires a bigger change.
        nixos.module.imports = [
          "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
          "${sources.agenix}/modules/age.nix"
          "${sources.disko}/module.nix"
          "${sources.home-manager}/nixos"
        ];
        imports = [
          ./common/resource.nix
        ];
      };
      ## Given a list of machine names, make a deployment with those machines'
      ## configurations as resources.
      makeDeployment =
        vmNames:
        { providers, ... }:
        {
          providers.local = inputs.nixops4.modules.nixops4Provider.local;
          resources = genAttrs vmNames (vmName: {
            type = providers.local.exec;
            imports = [
              inputs.nixops4-nixos.modules.nixops4Resource.nixos
              commonResourceModule
              ../machines/dev/${vmName}
            ];
          });
        };
      makeDeployment' = vmName: makeDeployment [ vmName ];
      ## Given an attrset of test configurations (key = test machine name, value =
      ## NixOS configuration module), make a deployment with those machines'
      ## configurations as resources.
      makeTestDeployment =
        (import ../deployment)
          {
            inherit lib;
            inherit (inputs) nixops4 nixops4-nixos;
            fediversity = import ../services/fediversity;
          }
          {
            garageConfigurationResource = {
              imports = [
                commonResourceModule
                ../machines/operator/test01
              ];
            };
            mastodonConfigurationResource = {
              imports = [
                commonResourceModule
                ../machines/operator/test06 # somehow `test02` has a problem - use test06 instead
              ];
            };
            peertubeConfigurationResource = {
              imports = [
                commonResourceModule
                ../machines/operator/test05
              ];
            };
            pixelfedConfigurationResource = {
              imports = [
                commonResourceModule
                ../machines/operator/test04
              ];
            };
          };
      nixops4ResourceNixosMockOptions = {
        ## NOTE: We allow the use of a few options from
        ## `nixops4-nixos.modules.nixops4Resource.nixos` such that we can
        ## reuse modules that make use of them.
        ##
        ## REVIEW: We can probably do much better and cleaner. On the other hand,
        ## this is only needed to expose NixOS configurations for provisioning
        ## purposes, and eventually all of this should be handled by NixOps4.
        options = {
          nixos.module = mkOption { type = lib.types.deferredModule; }; # NOTE: not just `nixos` otherwise merging will go wrong
          nixpkgs = mkOption { };
          ssh = mkOption { };
        };
      };
      makeResourceConfig =
        { vmName, isTestVm }:
        (evalModules {
          modules = [
            nixops4ResourceNixosMockOptions
            commonResourceModule
            (if isTestVm then ../machines/operator/${vmName} else ../machines/dev/${vmName})
          ];
        }).config;
      ## Given a VM name, make a NixOS configuration for this machine.
      makeConfiguration =
        isTestVm: vmName:
        import "${sources.nixpkgs}/nixos" {
          configuration = (makeResourceConfig { inherit vmName isTestVm; }).nixos.module;
          system = "x86_64-linux";
        };
      makeVmOptions =
        isTestVm: vmName:
        let
          config = (makeResourceConfig { inherit vmName isTestVm; }).fediversityVm;
        in
        if config.isFediversityVm then
          {
            inherit (config)
              vmId
              description
              sockets
              cores
              memory
              diskSize
              hostPublicKey
              unsafeHostPrivateKey
              ;
          }
        else
          null;
      listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path));
      machines = listSubdirectories ../machines/dev;
      testMachines = listSubdirectories ../machines/operator;
      nixosConfigurations =
        genAttrs machines (makeConfiguration false)
        // genAttrs testMachines (makeConfiguration true);
      vmOptions =
        filterAttrs (_: value: value != null) # Filter out non-Fediversity VMs
          (genAttrs machines (makeVmOptions false) // genAttrs testMachines (makeVmOptions true));
    in
    {
      nixConfig = {
        extra-trusted-substituters = "https://cache.saumon.network/proxmox-nixos";
        extra-trusted-public-keys = "proxmox-nixos:D9RYSWpQQC/msZUWphOY2I5RLH5Dd6yQcaHIuug7dWM=";
      };
    }
    // import ./mkFlake.nix inputs (
      { inputs, sources, ... }:
      {
        imports = [
          "${sources.git-hooks}/flake-module.nix"
          inputs.nixops4.modules.flake.default
-          ./deployment/flake-part.nix
+      imports = [
-          ./infra/flake-part.nix
+        "${sources.git-hooks}/flake-module.nix"
-          ./keys/flake-part.nix
+        inputs.nixops4.modules.flake.default
-          ./secrets/flake-part.nix
+      ];
          ./services/tests/flake-part.nix
        ];
-        perSystem =
+      ## - Each normal or test machine gets a NixOS configuration.
-          {
+      ## - Each normal or test machine gets a VM options entry.
-            pkgs,
+      ## - Each normal machine gets a deployment.
-            lib,
+      ## - We add a “default” deployment with all normal machines.
-            system,
+      ## - We add a “test” deployment with all test machines.
-            ...
+      nixops4Deployments = genAttrs machines makeDeployment' // {
-          }:
+        default = makeDeployment machines;
-          {
+        test = makeTestDeployment (
-            checks = {
+          fromJSON (
-              panel = (import ./. { inherit sources system; }).tests.panel.basic;
+            let
-            };
+              env = builtins.getEnv "DEPLOYMENT";
-            formatter = pkgs.nixfmt-rfc-style;
+            in
            if env != "" then
              env
            else
              builtins.trace "env var DEPLOYMENT not set, falling back to ../deployment/configuration.sample.json!" (readFile ../deployment/configuration.sample.json)
          )
        );
      };
-            pre-commit.settings.hooks =
+      flake = { inherit nixosConfigurations vmOptions; };
-              let
+
-                ## Add a directory here if pre-commit hooks shouldn't apply to it.
+      checks = forPkgs (
-                optout = [ "npins" ];
+        { system, pkgs }:
-                excludes = map (dir: "^${dir}/") optout;
+        {
-                addExcludes = lib.mapAttrs (_: c: c // { inherit excludes; });
+          panel = (import ./. { inherit sources system; }).tests.panel.basic;
-              in
+          test-mastodon-service = pkgs.testers.runNixOSTest ./services/tests/mastodon.nix;
-              addExcludes {
+          test-peertube-service = pkgs.testers.runNixOSTest ./services/tests/peertube.nix;
-                nixfmt-rfc-style.enable = true;
+          proxmox-basic = import ./deployment/check/proxmox {
-                deadnix.enable = true;
+            inherit (pkgs.testers) runNixOSTest;
-                trim-trailing-whitespace.enable = true;
+            inherit sources system;
                shellcheck.enable = true;
              };
          };
-      }
+          deployment-basic = import ./deployment/check/basic {
-    );
+            inherit (pkgs.testers) runNixOSTest;
            inherit pkgs inputs sources;
          };
          deployment-cli = import ./deployment/check/cli {
            inherit (pkgs.testers) runNixOSTest;
            inherit pkgs inputs sources;
          };
          deployment-panel = import ./deployment/check/panel {
            inherit (pkgs.testers) runNixOSTest;
            inherit pkgs inputs sources;
          };
          deployment-model-ssh = import ./deployment/check/data-model-ssh {
            inherit (pkgs.testers) runNixOSTest;
            inherit pkgs inputs sources;
          };
          deployment-model-nixops4 = import ./deployment/check/data-model-nixops4 {
            inherit (pkgs.testers) runNixOSTest;
            inherit pkgs inputs sources;
          };
          deployment-model-tf = import ./deployment/check/data-model-tf {
            inherit inputs sources system;
          };
          deployment-model-tf-proxmox = import ./deployment/check/data-model-tf-proxmox {
            inherit inputs sources system;
          };
        }
        // mapAttrs' (name: nixosConfiguration: {
          name = "nixosConfigurations-${name}";
          value = nixosConfiguration.config.system.build.toplevel;
        }) nixosConfigurations
        // mapAttrs' (name: vmOptions: {
          name = "vmOptions-${name}";
          ## Check that VM options builds/evaluates correctly. `deepSeq e1
          ## e2` evaluates `e1` strictly in depth before returning `e2`. We
          ## use this trick because checks need to be derivations, which VM
          ## options are not.
          value = deepSeq vmOptions pkgs.hello;
        }) vmOptions
      );
      formatter = forPkgs ({ pkgs, ... }: pkgs.nixfmt-rfc-style);
      pre-commit.settings.hooks =
        let
          ## Add a directory here if pre-commit hooks shouldn't apply to it.
          optout = [ "npins" ];
          excludes = map (dir: "^${dir}/") optout;
          addExcludes = lib.mapAttrs (_: c: c // { inherit excludes; });
        in
        addExcludes {
          nixfmt-rfc-style.enable = true;
          deadnix.enable = true;
          trim-trailing-whitespace.enable = true;
          shellcheck.enable = true;
        };
    };
 }
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -1,214 +0,0 @@
 {
  inputs,
  lib,
  sources,
  keys,
  secrets,
  ...
 }:
 let
  inherit (builtins) readDir readFile fromJSON;
  inherit (lib)
    attrNames
    mkOption
    evalModules
    filterAttrs
    mapAttrs'
    deepSeq
    ;
  inherit (lib.attrsets) genAttrs;
  commonResourceModule = {
    # TODO(@fricklerhandwerk): this is terrible but IMO we should just ditch
    # flake-parts and have our own data model for how the project is organised
    # internally
    _module.args = {
      inherit
        inputs
        keys
        secrets
        sources
        ;
    };
    ## FIXME: It would be preferrable to have those `sources`-related imports in
    ## the modules that use them. However, doing so triggers infinite recursions
    ## because of the way we propagate `sources`. `sources` must be propagated by
    ## means of `specialArgs`, but this requires a bigger change.
    nixos.module.imports = [
      "${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
      "${sources.agenix}/modules/age.nix"
      "${sources.disko}/module.nix"
      "${sources.home-manager}/nixos"
    ];
    imports = [
      ./common/resource.nix
    ];
  };
  ## Given a list of machine names, make a deployment with those machines'
  ## configurations as resources.
  makeDeployment =
    vmNames:
    { providers, ... }:
    {
      providers.local = inputs.nixops4.modules.nixops4Provider.local;
      resources = genAttrs vmNames (vmName: {
        type = providers.local.exec;
        imports = [
          inputs.nixops4-nixos.modules.nixops4Resource.nixos
          commonResourceModule
          ../machines/dev/${vmName}
        ];
      });
    };
  makeDeployment' = vmName: makeDeployment [ vmName ];
  ## Given an attrset of test configurations (key = test machine name, value =
  ## NixOS configuration module), make a deployment with those machines'
  ## configurations as resources.
  makeTestDeployment =
    (import ../deployment)
      {
        inherit lib;
        inherit (inputs) nixops4 nixops4-nixos;
        fediversity = import ../services/fediversity;
      }
      {
        garageConfigurationResource = {
          imports = [
            commonResourceModule
            ../machines/operator/test01
          ];
        };
        mastodonConfigurationResource = {
          imports = [
            commonResourceModule
            ../machines/operator/test06 # somehow `test02` has a problem - use test06 instead
          ];
        };
        peertubeConfigurationResource = {
          imports = [
            commonResourceModule
            ../machines/operator/test05
          ];
        };
        pixelfedConfigurationResource = {
          imports = [
            commonResourceModule
            ../machines/operator/test04
          ];
        };
      };
  nixops4ResourceNixosMockOptions = {
    ## NOTE: We allow the use of a few options from
    ## `nixops4-nixos.modules.nixops4Resource.nixos` such that we can
    ## reuse modules that make use of them.
    ##
    ## REVIEW: We can probably do much better and cleaner. On the other hand,
    ## this is only needed to expose NixOS configurations for provisioning
    ## purposes, and eventually all of this should be handled by NixOps4.
    options = {
      nixos.module = mkOption { type = lib.types.deferredModule; }; # NOTE: not just `nixos` otherwise merging will go wrong
      nixpkgs = mkOption { };
      ssh = mkOption { };
    };
  };
  makeResourceConfig =
    { vmName, isTestVm }:
    (evalModules {
      modules = [
        nixops4ResourceNixosMockOptions
        commonResourceModule
        (if isTestVm then ../machines/operator/${vmName} else ../machines/dev/${vmName})
      ];
    }).config;
  ## Given a VM name, make a NixOS configuration for this machine.
  makeConfiguration =
    isTestVm: vmName:
    import "${sources.nixpkgs}/nixos" {
      configuration = (makeResourceConfig { inherit vmName isTestVm; }).nixos.module;
      system = "x86_64-linux";
    };
  makeVmOptions =
    isTestVm: vmName:
    let
      config = (makeResourceConfig { inherit vmName isTestVm; }).fediversityVm;
    in
    if config.isFediversityVm then
      {
        inherit (config)
          vmId
          description
          sockets
          cores
          memory
          diskSize
          hostPublicKey
          unsafeHostPrivateKey
          ;
      }
    else
      null;
  listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path));
  machines = listSubdirectories ../machines/dev;
  testMachines = listSubdirectories ../machines/operator;
  nixosConfigurations =
    genAttrs machines (makeConfiguration false)
    // genAttrs testMachines (makeConfiguration true);
  vmOptions =
    filterAttrs (_: value: value != null) # Filter out non-Fediversity VMs
      (genAttrs machines (makeVmOptions false) // genAttrs testMachines (makeVmOptions true));
 in
 {
  _class = "flake";
  ## - Each normal or test machine gets a NixOS configuration.
  ## - Each normal or test machine gets a VM options entry.
  ## - Each normal machine gets a deployment.
  ## - We add a “default” deployment with all normal machines.
  ## - We add a “test” deployment with all test machines.
  nixops4Deployments = genAttrs machines makeDeployment' // {
    default = makeDeployment machines;
    test = makeTestDeployment (
      fromJSON (
        let
          env = builtins.getEnv "DEPLOYMENT";
        in
        if env != "" then
          env
        else
          builtins.trace "env var DEPLOYMENT not set, falling back to ../deployment/configuration.sample.json!" (readFile ../deployment/configuration.sample.json)
      )
    );
  };
  flake = { inherit nixosConfigurations vmOptions; };
  perSystem =
    { pkgs, ... }:
    {
      checks =
        mapAttrs' (name: nixosConfiguration: {
          name = "nixosConfigurations-${name}";
          value = nixosConfiguration.config.system.build.toplevel;
        }) nixosConfigurations
        // mapAttrs' (name: vmOptions: {
          name = "vmOptions-${name}";
          ## Check that VM options builds/evaluates correctly. `deepSeq e1
          ## e2` evaluates `e1` strictly in depth before returning `e2`. We
          ## use this trick because checks need to be derivations, which VM
          ## options are not.
          value = deepSeq vmOptions pkgs.hello;
        }) vmOptions;
    };
 }
--- a/keys/flake-part.nix
+++ b/keys/flake-part.nix
@ -1,5 +0,0 @@
 {
  _class = "flake";
  _module.args.keys = import ./.;
 }
--- a/mkFlake.nix
+++ b/mkFlake.nix
@ -1,56 +0,0 @@
 ## This file contains a tweak of flake-parts's `mkFlake` function to splice in
 ## sources taken from npins.
 ## NOTE: Much of the logic in this file feels like it should be not super
 ## specific to fediversity. Could it make sense to extract the core of this to
 ## another place it feels closer to in spirit, such as @fricklerhandwerk's
 ## flake-inputs (which this code already depends on anyway, and which already
 ## contained two distinct helpers for migrating away from flakes)? cf
 ## https://git.fediversity.eu/Fediversity/Fediversity/pulls/447#issuecomment-8671
 inputs@{ self, ... }:
 let
  sources = import ./npins;
  inherit (import sources.flake-inputs) import-flake;
  # XXX(@fricklerhandwerk): this atrocity is required to splice in a foreign Nixpkgs via flake-parts
  # XXX - this is just importing a flake
  nixpkgs = import-flake { src = sources.nixpkgs; };
  # XXX - this overrides the inputs attached to `self`
  inputs' = self.inputs // {
    nixpkgs = nixpkgs;
  };
  self' = self // {
    inputs = inputs';
  };
  inherit (nixpkgs) lib outPath;
  flake-parts-lib = import "${sources.flake-parts}/lib.nix" { inherit lib; };
 in
 flakeModule:
 flake-parts-lib.mkFlake
  {
    # XXX - finally we override the overall set of `inputs` -- we need both:
    #       `flake-parts obtains `nixpkgs` from `self.inputs` and not from `inputs`.
    inputs = inputs // {
      inherit nixpkgs;
    };
    self = self';
    specialArgs = {
      inherit sources;
      modulesPath = "${builtins.toString outPath}/nixos/modules";
    };
  }
  {
    systems = [
      "x86_64-linux"
      "aarch64-linux"
      "x86_64-darwin"
      "aarch64-darwin"
    ];
    imports = [ flakeModule ];
  }
--- a/secrets/flake-part.nix
+++ b/secrets/flake-part.nix
@ -1,5 +0,0 @@
 {
  _class = "flake";
  _module.args.secrets = import ./.;
 }
Author	SHA1	Message	Date
Kiara Grouwstra	d572219b62	rm flake-parts Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>	2025-10-26 22:49:33 +01:00
Kiara Grouwstra	d1611a0946	factor out TF `run.sh` (#552 ) Reviewed-on: fediversity/fediversity#552	2025-10-26 20:46:45 +01:00