forked from fediversity/fediversity
Compare commits
2 commits
7a890ccd44
...
cecdf38ad5
| Author | SHA1 | Date | |
|---|---|---|---|
cecdf38ad5
|
|||
| d1611a0946 |
13 changed files with 130 additions and 164 deletions
|
|
@ -1,34 +1,8 @@
|
|||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
sources,
|
||||
system,
|
||||
}:
|
||||
|
||||
let
|
||||
pkgs = import sources.nixpkgs-stable {
|
||||
inherit system;
|
||||
overlays = [ overlay ];
|
||||
};
|
||||
overlay = _: prev: {
|
||||
terraform-backend =
|
||||
prev.callPackage "${sources.nixpkgs-unstable}/pkgs/by-name/te/terraform-backend/package.nix"
|
||||
{ };
|
||||
inherit
|
||||
(import "${sources.proxmox-nixos}/pkgs" {
|
||||
craneLib = pkgs.callPackage "${sources.crane}/lib" { };
|
||||
# breaks from https://github.com/NixOS/nixpkgs/commit/06b354eb2dc535c57e9b4caaa16d79168f117a26,
|
||||
# which updates libvncserver to 0.9.15, which was not yet patched at https://git.proxmox.com/?p=vncterm.git.
|
||||
inherit pkgs;
|
||||
# not so picky about version for our purposes
|
||||
pkgs-unstable = pkgs;
|
||||
})
|
||||
proxmox-ve
|
||||
pve-manager
|
||||
pve-ha-manager
|
||||
pve-qemu
|
||||
;
|
||||
};
|
||||
in
|
||||
pkgs.testers.runNixOSTest {
|
||||
node.specialArgs = {
|
||||
inherit
|
||||
|
|
|
|||
|
|
@ -59,8 +59,6 @@ in
|
|||
_class = "nixosTest";
|
||||
name = "deployment-model";
|
||||
sourceFileset = lib.fileset.unions [
|
||||
../../run/tf-proxmox-template/run.sh
|
||||
../../run/tf-proxmox-vm/run.sh
|
||||
../../run/tf-proxmox-vm/await-ssh.sh
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ in
|
|||
ssh = {
|
||||
username = "root";
|
||||
host = nodeName;
|
||||
key-file = null;
|
||||
key-file = "";
|
||||
inherit sshOpts;
|
||||
};
|
||||
caller = "deployment/check/data-model-tf/data-model.nix";
|
||||
|
|
|
|||
|
|
@ -30,9 +30,6 @@ in
|
|||
{
|
||||
_class = "nixosTest";
|
||||
name = "deployment-model";
|
||||
sourceFileset = lib.fileset.unions [
|
||||
../../run/tf-single-host/run.sh
|
||||
];
|
||||
|
||||
nodes.deployer =
|
||||
{ ... }:
|
||||
|
|
@ -71,7 +68,7 @@ in
|
|||
deployer.wait_for_unit("multi-user.target")
|
||||
deployer.succeed("curl -u basic:fake-secret -X GET http://localhost:8080/state/project1/example")
|
||||
output = deployer.fail("""
|
||||
${lib.getExe deploy}
|
||||
${lib.getExe deploy} 2>&1
|
||||
""")
|
||||
assert "Timeout, server ${nodeName} not responding" in output
|
||||
target.wait_for_unit("multi-user.target")
|
||||
|
|
|
|||
|
|
@ -1,30 +1,8 @@
|
|||
{
|
||||
runNixOSTest,
|
||||
pkgs,
|
||||
sources,
|
||||
system,
|
||||
}:
|
||||
|
||||
let
|
||||
pkgs = import sources.nixpkgs-stable {
|
||||
inherit system;
|
||||
overlays = [ overlay ];
|
||||
};
|
||||
overlay = _: _: {
|
||||
inherit
|
||||
(import "${sources.proxmox-nixos}/pkgs" {
|
||||
craneLib = pkgs.callPackage "${sources.crane}/lib" { };
|
||||
# breaks from https://github.com/NixOS/nixpkgs/commit/06b354eb2dc535c57e9b4caaa16d79168f117a26,
|
||||
# which updates libvncserver to 0.9.15, which was not yet patched at https://git.proxmox.com/?p=vncterm.git.
|
||||
inherit pkgs;
|
||||
# not so picky about version for our purposes
|
||||
pkgs-unstable = pkgs;
|
||||
})
|
||||
proxmox-ve
|
||||
pve-ha-manager
|
||||
;
|
||||
};
|
||||
in
|
||||
runNixOSTest {
|
||||
pkgs.testers.runNixOSTest {
|
||||
node.specialArgs = {
|
||||
inherit
|
||||
sources
|
||||
|
|
|
|||
|
|
@ -19,15 +19,7 @@ let
|
|||
str
|
||||
submodule
|
||||
;
|
||||
inherit (pkgs.callPackage ./utils.nix { }) toBash;
|
||||
withPackages = packages: {
|
||||
makeWrapperArgs = [
|
||||
"--prefix"
|
||||
"PATH"
|
||||
":"
|
||||
"${lib.makeBinPath packages}"
|
||||
];
|
||||
};
|
||||
inherit (pkgs.callPackage ./utils.nix { }) toBash withPackages tfApply;
|
||||
writeConfig =
|
||||
{
|
||||
system,
|
||||
|
|
@ -246,6 +238,10 @@ let
|
|||
key-file
|
||||
sshOpts
|
||||
;
|
||||
in
|
||||
tfApply {
|
||||
inherit httpBackend;
|
||||
directory = "tf-single-host";
|
||||
environment = {
|
||||
key_file = key-file;
|
||||
ssh_opts = sshOpts;
|
||||
|
|
@ -264,22 +260,7 @@ let
|
|||
deployment-type = "tf-host";
|
||||
};
|
||||
};
|
||||
tf-env = pkgs.callPackage ./run/tf-env.nix {
|
||||
inherit httpBackend;
|
||||
tfPackage = pkgs.callPackage ./run/tf-single-host/tf.nix { };
|
||||
tfDirs = [ "deployment/run/tf-single-host" ];
|
||||
};
|
||||
in
|
||||
pkgs.writers.writeBashBin "deploy-tf.sh"
|
||||
(withPackages [
|
||||
pkgs.jq
|
||||
(pkgs.callPackage ./run/tf-single-host/tf.nix { })
|
||||
])
|
||||
''
|
||||
env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
||||
tf_env=${tf-env} bash ./deployment/run/tf-single-host/run.sh
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
|
|
@ -344,19 +325,10 @@ let
|
|||
node_name = node-name;
|
||||
image_datastore_id = imageDatastoreId;
|
||||
};
|
||||
tf-env = pkgs.callPackage ./run/tf-env.nix {
|
||||
inherit httpBackend;
|
||||
tfPackage = pkgs.callPackage ./run/tf-proxmox-template/tf.nix { };
|
||||
tfDirs = [
|
||||
"deployment/run/tf-proxmox-template"
|
||||
];
|
||||
};
|
||||
in
|
||||
lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox-template.sh"
|
||||
(withPackages [
|
||||
pkgs.jq
|
||||
pkgs.qemu
|
||||
(pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { })
|
||||
])
|
||||
''
|
||||
set -e
|
||||
|
|
@ -369,11 +341,13 @@ let
|
|||
ls -l /tmp/${name}.qcow2 >&2
|
||||
checksum="$(sha256sum /tmp/${name}.qcow2 | cut -d " " -f1)"
|
||||
|
||||
env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
||||
env \
|
||||
TF_VAR_image=/tmp/${name}.qcow2 \
|
||||
TF_VAR_checksum="$checksum" \
|
||||
tf_env=${tf-env} bash ./deployment/run/tf-proxmox-template/run.sh
|
||||
${lib.getExe (tfApply {
|
||||
inherit httpBackend environment;
|
||||
directory = "tf-proxmox-template";
|
||||
})}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
@ -531,33 +505,12 @@ let
|
|||
ipv6_gateway = ipv6Gateway;
|
||||
ipv6_address = ipv6Address;
|
||||
};
|
||||
tf-env = pkgs.callPackage ./run/tf-env.nix {
|
||||
inherit httpBackend;
|
||||
tfPackage = pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { };
|
||||
tfDirs = [
|
||||
"deployment/run/tf-single-host"
|
||||
"deployment/run/tf-proxmox-vm"
|
||||
];
|
||||
};
|
||||
in
|
||||
lib.trace (lib.strings.toJSON environment) pkgs.writers.writeBashBin "deploy-tf-proxmox-vm.sh"
|
||||
(withPackages [
|
||||
pkgs.jq
|
||||
pkgs.qemu
|
||||
(pkgs.callPackage ./run/tf-proxmox-vm/tf.nix { })
|
||||
])
|
||||
''
|
||||
set -e
|
||||
env ${
|
||||
toString (
|
||||
lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") (
|
||||
lib.filterAttrs (_: v: v != null) environment
|
||||
)
|
||||
)
|
||||
} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
||||
tf_env=${tf-env} bash ./deployment/run/tf-proxmox-vm/run.sh
|
||||
'';
|
||||
lib.trace (lib.strings.toJSON environment) (tfApply {
|
||||
inherit httpBackend environment;
|
||||
directory = "tf-proxmox-vm";
|
||||
dependentDirs = [ "tf-single-host" ];
|
||||
});
|
||||
};
|
||||
};
|
||||
});
|
||||
|
|
|
|||
|
|
@ -8,8 +8,7 @@
|
|||
{
|
||||
checks = {
|
||||
proxmox-basic = import ./check/proxmox {
|
||||
inherit (pkgs.testers) runNixOSTest;
|
||||
inherit sources system;
|
||||
inherit pkgs sources;
|
||||
};
|
||||
|
||||
deployment-basic = import ./check/basic {
|
||||
|
|
@ -42,7 +41,7 @@
|
|||
};
|
||||
|
||||
deployment-model-tf-proxmox = import ./check/data-model-tf-proxmox {
|
||||
inherit inputs sources system;
|
||||
inherit pkgs inputs sources;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
#! /usr/bin/env bash
|
||||
set -euo pipefail
|
||||
declare tf_env
|
||||
|
||||
cd "${tf_env}/deployment/run/tf-proxmox-template"
|
||||
tofu apply --auto-approve -input=false -parallelism=1 >&2
|
||||
tofu output -json
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
#! /usr/bin/env bash
|
||||
set -euo pipefail
|
||||
declare tf_env
|
||||
|
||||
cd "${tf_env}/deployment/run/tf-proxmox-vm"
|
||||
# parallelism=1: limit OOM risk
|
||||
tofu apply --auto-approve -input=false -parallelism=1 >&2
|
||||
tofu output -json
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
#! /usr/bin/env bash
|
||||
set -euo pipefail
|
||||
declare tf_env
|
||||
|
||||
cd "${tf_env}/deployment/run/tf-single-host"
|
||||
# parallelism=1: limit OOM risk
|
||||
tofu apply --auto-approve -parallelism=1
|
||||
|
|
@ -4,7 +4,7 @@
|
|||
inputs ? null,
|
||||
...
|
||||
}:
|
||||
{
|
||||
rec {
|
||||
evalModel =
|
||||
module:
|
||||
(lib.evalModules {
|
||||
|
|
@ -17,6 +17,7 @@
|
|||
module
|
||||
];
|
||||
}).config;
|
||||
|
||||
toBash =
|
||||
v:
|
||||
lib.replaceStrings [ "\"" ] [ "\\\"" ] (
|
||||
|
|
@ -27,4 +28,51 @@
|
|||
else
|
||||
lib.strings.toJSON v
|
||||
);
|
||||
|
||||
withPackages = packages: {
|
||||
makeWrapperArgs = [
|
||||
"--prefix"
|
||||
"PATH"
|
||||
":"
|
||||
"${lib.makeBinPath packages}"
|
||||
];
|
||||
};
|
||||
|
||||
tfApply =
|
||||
{
|
||||
directory,
|
||||
httpBackend,
|
||||
dependentDirs ? [ ],
|
||||
environment ? { },
|
||||
# limit OOM risk
|
||||
parallelism ? 1,
|
||||
}:
|
||||
let
|
||||
env-vars = ''
|
||||
${
|
||||
toString (
|
||||
lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") (
|
||||
lib.filterAttrs (_: v: v != null) environment
|
||||
)
|
||||
)
|
||||
} \
|
||||
${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \
|
||||
'';
|
||||
tfPackage = pkgs.callPackage ./run/${directory}/tf.nix { };
|
||||
tf-env = pkgs.callPackage ./run/tf-env.nix {
|
||||
inherit httpBackend tfPackage;
|
||||
tfDirs = lib.lists.map (dir: "deployment/run/${dir}") ([ directory ] ++ dependentDirs);
|
||||
};
|
||||
in
|
||||
pkgs.writers.writeBashBin "tf-apply.sh"
|
||||
(withPackages [
|
||||
tfPackage
|
||||
pkgs.jq
|
||||
])
|
||||
''
|
||||
set -e
|
||||
dir="${tf-env}/deployment/run/${directory}"
|
||||
env ${env-vars} tofu -chdir="$dir" apply --auto-approve -parallelism=${builtins.toString parallelism} >&2
|
||||
env ${env-vars} tofu -chdir="$dir" output -json
|
||||
'';
|
||||
}
|
||||
|
|
|
|||
46
mkFlake.nix
46
mkFlake.nix
|
|
@ -8,7 +8,7 @@
|
|||
## contained two distinct helpers for migrating away from flakes)? cf
|
||||
## https://git.fediversity.eu/Fediversity/Fediversity/pulls/447#issuecomment-8671
|
||||
|
||||
inputs@{ self, ... }:
|
||||
inputs@{ self, system, ... }:
|
||||
|
||||
let
|
||||
sources = import ./npins;
|
||||
|
|
@ -17,16 +17,54 @@ let
|
|||
# XXX(@fricklerhandwerk): this atrocity is required to splice in a foreign Nixpkgs via flake-parts
|
||||
# XXX - this is just importing a flake
|
||||
nixpkgs = import-flake { src = sources.nixpkgs; };
|
||||
overlays = [
|
||||
# https://github.com/SaumonNet/proxmox-nixos/issues/188
|
||||
(
|
||||
_: prev:
|
||||
let
|
||||
# override nixpkgs versions in proxmox-nixos
|
||||
pm = import "${sources.proxmox-nixos}/pkgs" {
|
||||
craneLib = prev.callPackage "${sources.crane}/lib" { };
|
||||
pkgs = prev;
|
||||
pkgs-unstable = prev;
|
||||
};
|
||||
vncterm = pm.vncterm.override {
|
||||
libvncserver = prev.libvncserver.overrideAttrs (_: {
|
||||
version = "0.9.14";
|
||||
src = sources.libvncserver;
|
||||
});
|
||||
};
|
||||
pve-qemu-server = pm.pve-qemu-server.override { inherit vncterm; };
|
||||
pve-ha-manager = pm.pve-ha-manager.override { inherit pve-qemu-server; };
|
||||
pve-manager = pm.pve-manager.override { inherit pve-ha-manager; };
|
||||
proxmox-ve = pm.proxmox-ve.override {
|
||||
inherit
|
||||
pve-ha-manager
|
||||
pve-manager
|
||||
pve-qemu-server
|
||||
vncterm
|
||||
;
|
||||
};
|
||||
in
|
||||
{
|
||||
inherit
|
||||
proxmox-ve
|
||||
pve-ha-manager
|
||||
;
|
||||
}
|
||||
)
|
||||
];
|
||||
pkgs = import nixpkgs { inherit system overlays; };
|
||||
|
||||
# XXX - this overrides the inputs attached to `self`
|
||||
inputs' = self.inputs // {
|
||||
nixpkgs = nixpkgs;
|
||||
nixpkgs = pkgs;
|
||||
};
|
||||
self' = self // {
|
||||
inputs = inputs';
|
||||
};
|
||||
|
||||
inherit (nixpkgs) lib outPath;
|
||||
inherit (pkgs) lib outPath;
|
||||
flake-parts-lib = import "${sources.flake-parts}/lib.nix" { inherit lib; };
|
||||
in
|
||||
|
||||
|
|
@ -37,7 +75,7 @@ flake-parts-lib.mkFlake
|
|||
# XXX - finally we override the overall set of `inputs` -- we need both:
|
||||
# `flake-parts obtains `nixpkgs` from `self.inputs` and not from `inputs`.
|
||||
inputs = inputs // {
|
||||
inherit nixpkgs;
|
||||
nixpkgs = pkgs;
|
||||
};
|
||||
self = self';
|
||||
specialArgs = {
|
||||
|
|
|
|||
|
|
@ -141,6 +141,22 @@
|
|||
"url": "https://api.github.com/repos/bigskysoftware/htmx/tarball/v2.0.4",
|
||||
"hash": "1c4zm3b7ym01ijydiss4amd14mv5fbgp1n71vqjk4alc35jlnqy2"
|
||||
},
|
||||
"libvncserver": {
|
||||
"type": "GitRelease",
|
||||
"repository": {
|
||||
"type": "GitHub",
|
||||
"owner": "LibVNC",
|
||||
"repo": "libvncserver"
|
||||
},
|
||||
"pre_releases": false,
|
||||
"version_upper_bound": null,
|
||||
"release_prefix": null,
|
||||
"submodules": false,
|
||||
"version": "LibVNCServer-0.9.14",
|
||||
"revision": "10e9eb75f73e973725dc75c373de5d89807af028",
|
||||
"url": "https://api.github.com/repos/LibVNC/libvncserver/tarball/LibVNCServer-0.9.14",
|
||||
"hash": "1x2nki6hyrafhc0j95d3v717hhmn4r6cx9qynj0rxyg94iw5k9cj"
|
||||
},
|
||||
"nix-unit": {
|
||||
"type": "Git",
|
||||
"repository": {
|
||||
|
|
@ -167,19 +183,6 @@
|
|||
"url": "https://github.com/nixos/nixpkgs/archive/f33a4d26226c05d501b9d4d3e5e60a3a59991921.tar.gz",
|
||||
"hash": "1b6dm1sn0bdpcsmxna0zzspjaixa2dald08005fry5jrbjvwafdj"
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"type": "Git",
|
||||
"repository": {
|
||||
"type": "GitHub",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs"
|
||||
},
|
||||
"branch": "nixos-25.05",
|
||||
"submodules": false,
|
||||
"revision": "a1ae8ef72f64a845ecce5c6dcf65d546bf7deeb4",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/a1ae8ef72f64a845ecce5c6dcf65d546bf7deeb4.tar.gz",
|
||||
"hash": "0d7lp30wyy5647gpm8rnihvdcpmgmfr9c5yg4fhl31lsg8mlbg16"
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"type": "Git",
|
||||
"repository": {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue