Revert "conditionally include nameservers"

This reverts commit 598ff04a9f.
conditionally include nameservers
2025-06-30 16:56:52 +02:00 · 2025-06-30 16:56:52 +02:00 · 2025-06-30 16:56:52 +02:00 · 2025-06-30 14:30:29 +02:00 · 2025-06-30 12:44:53 +02:00 · 2025-06-30 12:42:19 +02:00
10 changed files with 82 additions and 52 deletions
--- a/.forgejo/workflows/ci.yaml
+++ b/.forgejo/workflows/ci.yaml
@ -25,13 +25,13 @@ jobs:
    runs-on: native
    steps:
      - uses: actions/checkout@v4
-      - run: cd services && nix-build -A tests.peertube
+      - run: nix-build services -A tests.peertube
  check-panel:
    runs-on: native
    steps:
      - uses: actions/checkout@v4
-      - run: cd panel && nix-build -A tests
+      - run: nix-build panel -A tests
  check-deployment-basic:
    runs-on: native
--- a/deployment/check/panel/nixosTest.nix
+++ b/deployment/check/panel/nixosTest.nix
@ -155,7 +155,6 @@ in
          SECRET_KEY = dummyFile;
        };
        port = panelPort;
        nixops4Package = inputs.nixops4.packages.${pkgs.system}.default;
        deployment = {
          flake = "/run/fedipanel/flake";
--- a/flake.nix
+++ b/flake.nix
@ -43,7 +43,7 @@
          ];
          imports = [
-            (import "${git-hooks}/flake-module.nix")
+            "${git-hooks}/flake-module.nix"
            inputs.nixops4.modules.flake.default
            ./deployment/flake-part.nix
--- a/infra/common/nixos/networking.nix
+++ b/infra/common/nixos/networking.nix
@ -1,7 +1,7 @@
 { config, lib, ... }:
 let
-  inherit (lib) mkDefault;
+  inherit (lib) mkDefault mkIf mkMerge;
 in
 {
@ -13,41 +13,14 @@ in
      settings.PasswordAuthentication = false;
    };
-    networking = {
+    networking = mkMerge [
      {
        hostName = config.fediversityVm.name;
        domain = config.fediversityVm.domain;
        ## REVIEW: Do we actually need that, considering that we have static IPs?
        useDHCP = mkDefault true;
      interfaces = {
        eth0 = {
          ipv4 = {
            addresses = [
              {
                inherit (config.fediversityVm.ipv4) address prefixLength;
              }
            ];
          };
          ipv6 = {
            addresses = [
              {
                inherit (config.fediversityVm.ipv6) address prefixLength;
              }
            ];
          };
        };
      };
      defaultGateway = {
        address = config.fediversityVm.ipv4.gateway;
        interface = "eth0";
      };
      defaultGateway6 = {
        address = config.fediversityVm.ipv6.gateway;
        interface = "eth0";
      };
        nameservers = [
          "95.215.185.6"
          "95.215.185.7"
@ -60,6 +33,29 @@ in
          enable = true;
          rulesetFile = ./nftables-ruleset.nft;
        };
      }
      ## IPv4
      (mkIf config.fediversityVm.ipv4.enable {
        interfaces.${config.fediversityVm.ipv4.interface}.ipv4.addresses = [
          { inherit (config.fediversityVm.ipv4) address prefixLength; }
        ];
        defaultGateway = {
          address = config.fediversityVm.ipv4.gateway;
          interface = config.fediversityVm.ipv4.interface;
        };
      })
      ## IPv6
      (mkIf config.fediversityVm.ipv6.enable {
        interfaces.${config.fediversityVm.ipv6.interface}.ipv6.addresses = [
          { inherit (config.fediversityVm.ipv6) address prefixLength; }
        ];
        defaultGateway6 = {
          address = config.fediversityVm.ipv6.gateway;
          interface = config.fediversityVm.ipv6.interface;
        };
      })
    ];
  };
 }
--- a/infra/common/options.nix
+++ b/infra/common/options.nix
@ -91,6 +91,17 @@ in
    };
    ipv4 = {
      enable = mkOption {
        default = true;
      };
      interface = mkOption {
        description = ''
          The interface that carries the machine's IPv4 network.
        '';
        default = "eth0";
      };
      address = mkOption {
        description = ''
          The IP address of the machine, version 4. It will be injected as a
@ -116,6 +127,17 @@ in
    };
    ipv6 = {
      enable = mkOption {
        default = true;
      };
      interface = mkOption {
        description = ''
          The interface that carries the machine's IPv6 network.
        '';
        default = "eth0";
      };
      address = mkOption {
        description = ''
          The IP address of the machine, version 6. It will be injected as a
--- a/infra/common/resource.nix
+++ b/infra/common/resource.nix
@ -36,8 +36,8 @@ in
  ## should go into the `./nixos` subdirectory.
  nixos.module = {
    imports = [
-      (import "${agenix}/modules/age.nix")
+      "${agenix}/modules/age.nix"
-      (import "${disko}/module.nix")
+      "${disko}/module.nix"
      ./options.nix
      ./nixos
    ];
--- a/panel/default.nix
+++ b/panel/default.nix
@ -22,7 +22,7 @@ in
      manage
      # NixOps4 and its dependencies
-      # FIXME: grab NixOps4 and add it here
+      pkgs.nixops4
      pkgs.nix
      pkgs.openssh
    ];
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@ -147,6 +147,7 @@ in
        NixOps4 from the package's npins-based code, we will have to do with
        this workaround.
      '';
      default = pkgs.nixops4;
    };
    deployment = {
--- a/panel/nix/overlay.nix
+++ b/panel/nix/overlay.nix
@ -8,4 +8,17 @@ let
 in
 {
  python3 = prev.lib.attrsets.recursiveUpdate prev.python3 { pkgs = extraPython3Packages; };
  nixops4 =
    let
      sources = import ../../npins;
      inherit (import sources.flake-inputs) import-flake;
      inherit
        (import-flake {
          src = ../../.;
        })
        inputs
        ;
      inherit (inputs) nixops4;
    in
    nixops4.packages.${prev.system}.default;
 }
--- a/panel/nix/tests.nix
+++ b/panel/nix/tests.nix
@ -13,7 +13,6 @@ let
      secrets = {
        SECRET_KEY = pkgs.writeText "SECRET_KEY" "secret";
      };
      nixops4Package = pkgs.hello; # FIXME: actually pass NixOps4
    };
    virtualisation = {
Author	SHA1	Message	Date
Kiara Grouwstra	98d2a72314	Revert "conditionally include nameservers" This reverts commit `598ff04a9f`.	2025-06-30 16:56:52 +02:00
Kiara Grouwstra	11d3af1748	conditionally include nameservers	2025-06-30 16:56:52 +02:00
Kiara Grouwstra	1808a09d21	allow configuring network interface	2025-06-30 16:56:52 +02:00
Nicolas “Niols” Jeannerod	3f1c8a9bb7	Document why Nix and OpenSSH lost in #412. Alternatively, we could have a comment on both lines saying eg. “for NixOps4”	2025-06-30 14:30:29 +02:00
Kiara Grouwstra	737aecaba6	set default value for nixops4Package (#412 ) Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Reviewed-on: Fediversity/Fediversity#412 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-30 12:44:53 +02:00
Kiara Grouwstra	d7dbdd923c	make CI test invocations idempotent to better facilitate manual use (#416 ) Reviewed-on: Fediversity/Fediversity#416 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-30 12:42:19 +02:00
Kiara Grouwstra	1c44004cfe	update documentation for #375 (#406 ) Reviewed-on: Fediversity/Fediversity#406 Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-27 14:40:40 +02:00
Kiara Grouwstra	ae444d5352	simplify imports (#415 ) Reviewed-on: Fediversity/Fediversity#415 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-06-27 14:01:41 +02:00