forked from fediversity/fediversity
Compare commits
20 commits
9b5f5fedfd
...
5bac5bda1b
| Author | SHA1 | Date | |
|---|---|---|---|
5bac5bda1b
|
|||
|
5a7bfd64c6
|
|||
|
ed5ae5fef0
|
|||
|
c5ec490ee7
|
|||
|
8e8cca2f03
|
|||
|
365c38eb02
|
|||
|
1bb6a3de65
|
|||
|
340661959a
|
|||
|
a482c88519
|
|||
|
ef859900a2
|
|||
|
e2976981dd
|
|||
|
ffb8e6e70f
|
|||
|
c27d69dcf9
|
|||
|
86d2fc728a
|
|||
|
c057043020
|
|||
|
2307fbcb52
|
|||
|
cc85ec2fc5
|
|||
|
baaa990513
|
|||
|
433d0dc278
|
|||
|
fb376b4684
|
8 changed files with 61 additions and 165 deletions
|
|
@ -15,9 +15,8 @@ jobs:
|
|||
- name: Update pins
|
||||
run: nix-shell --run "npins update"
|
||||
- name: Create PR
|
||||
uses: https://github.com/KiaraGrouwstra/gitea-create-pull-request@f9f80aa5134bc5c03c38f5aaa95053492885b397
|
||||
uses: peter-evans/create-pull-request@v7
|
||||
with:
|
||||
remote-instance-api-version: v1
|
||||
token: "${{ secrets.DEPLOY_KEY }}"
|
||||
branch: npins-update
|
||||
commit-message: "npins: update sources"
|
||||
|
|
|
|||
|
|
@ -1,13 +1,9 @@
|
|||
let
|
||||
inherit (import ../default.nix { }) pkgs inputs;
|
||||
inherit (import ../default.nix { }) pkgs;
|
||||
inherit (pkgs) lib;
|
||||
inherit (lib) mkOption;
|
||||
eval =
|
||||
module:
|
||||
(lib.evalModules {
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
modules = [
|
||||
module
|
||||
./data-model.nix
|
||||
|
|
@ -20,51 +16,32 @@ in
|
|||
test-eval = {
|
||||
expr =
|
||||
let
|
||||
fediversity = eval (
|
||||
{ config, ... }:
|
||||
{
|
||||
config = {
|
||||
applications.hello =
|
||||
{ ... }:
|
||||
{
|
||||
description = ''Command-line tool that will print "Hello, world!" on the terminal'';
|
||||
module =
|
||||
{ ... }:
|
||||
{
|
||||
options = {
|
||||
enable = lib.mkEnableOption "Hello in the shell";
|
||||
};
|
||||
};
|
||||
implementation =
|
||||
cfg:
|
||||
lib.optionalAttrs cfg.enable {
|
||||
dummy.login-shell.packages.hello = pkgs.hello;
|
||||
};
|
||||
};
|
||||
};
|
||||
options = {
|
||||
example-configuration = mkOption {
|
||||
type = config.configuration;
|
||||
readOnly = true;
|
||||
default = {
|
||||
enable = true;
|
||||
applications.hello.enable = true;
|
||||
};
|
||||
example = eval {
|
||||
runtime-environments.bar.nixos = {
|
||||
module =
|
||||
{ ... }:
|
||||
{
|
||||
system.stateVersion = "25.05";
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
applications.foo = {
|
||||
module =
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [
|
||||
pkgs.hello
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
inherit (fediversity)
|
||||
example-configuration
|
||||
;
|
||||
has-runtime = lib.isAttrs example.runtime-environments.bar.nixos.module;
|
||||
has-application = lib.isAttrs example.applications.foo.module;
|
||||
};
|
||||
expected = {
|
||||
example-configuration = {
|
||||
enable = true;
|
||||
applications.hello.enable = true;
|
||||
};
|
||||
has-runtime = true;
|
||||
has-application = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,89 +1,45 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
inherit (lib.types)
|
||||
attrsOf
|
||||
attrTag
|
||||
deferredModuleWith
|
||||
submodule
|
||||
optionType
|
||||
functionTo
|
||||
;
|
||||
|
||||
functionType = import ./function.nix;
|
||||
application-resources = {
|
||||
options.resources = mkOption {
|
||||
# TODO: maybe transpose, and group the resources by type instead
|
||||
type = attrsOf (
|
||||
attrTag (lib.mapAttrs (_name: resource: mkOption { type = resource.request; }) config.resources)
|
||||
);
|
||||
};
|
||||
};
|
||||
inherit (lib) types mkOption;
|
||||
in
|
||||
with types;
|
||||
{
|
||||
_class = "nixops4Deployment";
|
||||
|
||||
options = {
|
||||
applications = mkOption {
|
||||
description = "Collection of Fediversity applications";
|
||||
type = attrsOf (
|
||||
submodule (application: {
|
||||
_class = "fediversity-application";
|
||||
options = {
|
||||
description = mkOption {
|
||||
description = "Description to be shown in the application overview";
|
||||
type = types.str;
|
||||
};
|
||||
module = mkOption {
|
||||
description = "Operator-facing configuration options for the application";
|
||||
type = deferredModuleWith { staticModules = [ { _class = "fediversity-application-config"; } ]; };
|
||||
};
|
||||
implementation = mkOption {
|
||||
description = "Mapping of application configuration to deployment resources, a description of what an application needs to run";
|
||||
type = application.config.config-mapping.function-type;
|
||||
};
|
||||
resources = mkOption {
|
||||
description = "Compute resources required by an application";
|
||||
type = functionTo application.config.config-mapping.output-type;
|
||||
readOnly = true;
|
||||
default = input: (application.config.implementation input).output;
|
||||
};
|
||||
config-mapping = mkOption {
|
||||
description = "Function type for the mapping from application configuration to required resources";
|
||||
type = submodule functionType;
|
||||
readOnly = true;
|
||||
default = {
|
||||
input-type = application.config.module;
|
||||
output-type = application-resources;
|
||||
runtime-environments = mkOption {
|
||||
description = "Collection of runtime environments into which applications can be deployed";
|
||||
type = attrsOf (attrTag {
|
||||
nixos = mkOption {
|
||||
description = "A single NixOS machine";
|
||||
type = submodule {
|
||||
options = {
|
||||
module = mkOption {
|
||||
description = "The NixOS module describing the base configuration for that machine";
|
||||
type = deferredModule;
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
);
|
||||
};
|
||||
configuration = mkOption {
|
||||
description = "Configuration type declaring options to be set by operators";
|
||||
type = optionType;
|
||||
readOnly = true;
|
||||
default = submodule {
|
||||
options = {
|
||||
enable = lib.mkEnableOption {
|
||||
description = "your Fediversity configuration";
|
||||
};
|
||||
applications = lib.mapAttrs (
|
||||
_name: application:
|
||||
mkOption {
|
||||
description = application.description;
|
||||
type = submodule application.module;
|
||||
default = { };
|
||||
}
|
||||
) config.applications;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
applications = mkOption {
|
||||
description = "Collection of Fediversity applications";
|
||||
type = attrsOf (submoduleWith {
|
||||
modules = [
|
||||
{
|
||||
options = {
|
||||
module = mkOption {
|
||||
description = "The NixOS module for that application, for configuring that application";
|
||||
type = deferredModule;
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
});
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,37 +0,0 @@
|
|||
/**
|
||||
Modular function type
|
||||
*/
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
inherit (types)
|
||||
deferredModule
|
||||
submodule
|
||||
functionTo
|
||||
optionType
|
||||
;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
input-type = mkOption {
|
||||
type = deferredModule;
|
||||
};
|
||||
output-type = mkOption {
|
||||
type = deferredModule;
|
||||
};
|
||||
function-type = mkOption {
|
||||
type = optionType;
|
||||
readOnly = true;
|
||||
default = functionTo (submodule {
|
||||
options = {
|
||||
input = mkOption {
|
||||
type = submodule config.input-type;
|
||||
};
|
||||
output = mkOption {
|
||||
type = submodule config.output-type;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -43,8 +43,7 @@ table inet filter {
|
|||
ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert, packet-too-big, parameter-problem, time-exceeded } accept
|
||||
|
||||
# open tcp ports: sshd (22)
|
||||
# 8080: used in atticd
|
||||
tcp dport {ssh,8080} accept
|
||||
tcp dport {ssh} accept
|
||||
|
||||
# open tcp ports: snmp (161)
|
||||
ip saddr $snmp_allow udp dport {snmp} accept
|
||||
|
|
|
|||
|
|
@ -202,8 +202,11 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
# needed to place a config file with home-manager
|
||||
users.users.${name}.isNormalUser = true;
|
||||
users.users.${name} = {
|
||||
# TODO[Niols]: change to system user or document why we specifically
|
||||
# need a normal user.
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.groups.${name} = { };
|
||||
systemd.services.${name} = {
|
||||
|
|
|
|||
|
|
@ -74,7 +74,6 @@ in
|
|||
80
|
||||
443
|
||||
8080
|
||||
9000
|
||||
];
|
||||
|
||||
vars.settings.on-machine.enable = true;
|
||||
|
|
|
|||
|
|
@ -70,11 +70,11 @@ in
|
|||
config = {
|
||||
## FIXME: This should clearly go somewhere else; and we should have a
|
||||
## `staging` vs. `production` setting somewhere.
|
||||
security.acme = {
|
||||
# use a priority higher than mkDefault for panel deployment to work,
|
||||
# yet lower than default so this will not clash with the setting in tests.
|
||||
security.acme = lib.modules.mkOverride 900 {
|
||||
acceptTerms = true;
|
||||
# use a priority more urgent than mkDefault for panel deployment to work,
|
||||
# yet looser than default so this will not clash with the setting in tests.
|
||||
defaults.email = lib.modules.mkOverride 200 "something@fediversity.net";
|
||||
defaults.email = "something@fediversity.net";
|
||||
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue