forked from fediversity/fediversity
Compare commits
8 commits
9cc56b94bd
...
98d2a72314
| Author | SHA1 | Date | |
|---|---|---|---|
| 98d2a72314 | |||
| 11d3af1748 | |||
| 1808a09d21 | |||
3f1c8a9bb7
|
|||
| 737aecaba6 | |||
| d7dbdd923c | |||
| 1c44004cfe | |||
| ae444d5352 |
10 changed files with 82 additions and 52 deletions
|
|
@ -25,13 +25,13 @@ jobs:
|
||||||
runs-on: native
|
runs-on: native
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- run: cd services && nix-build -A tests.peertube
|
- run: nix-build services -A tests.peertube
|
||||||
|
|
||||||
check-panel:
|
check-panel:
|
||||||
runs-on: native
|
runs-on: native
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- run: cd panel && nix-build -A tests
|
- run: nix-build panel -A tests
|
||||||
|
|
||||||
check-deployment-basic:
|
check-deployment-basic:
|
||||||
runs-on: native
|
runs-on: native
|
||||||
|
|
|
||||||
|
|
@ -155,7 +155,6 @@ in
|
||||||
SECRET_KEY = dummyFile;
|
SECRET_KEY = dummyFile;
|
||||||
};
|
};
|
||||||
port = panelPort;
|
port = panelPort;
|
||||||
nixops4Package = inputs.nixops4.packages.${pkgs.system}.default;
|
|
||||||
|
|
||||||
deployment = {
|
deployment = {
|
||||||
flake = "/run/fedipanel/flake";
|
flake = "/run/fedipanel/flake";
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
(import "${git-hooks}/flake-module.nix")
|
"${git-hooks}/flake-module.nix"
|
||||||
inputs.nixops4.modules.flake.default
|
inputs.nixops4.modules.flake.default
|
||||||
|
|
||||||
./deployment/flake-part.nix
|
./deployment/flake-part.nix
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib) mkDefault;
|
inherit (lib) mkDefault mkIf mkMerge;
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
@ -13,53 +13,49 @@ in
|
||||||
settings.PasswordAuthentication = false;
|
settings.PasswordAuthentication = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = mkMerge [
|
||||||
hostName = config.fediversityVm.name;
|
{
|
||||||
domain = config.fediversityVm.domain;
|
hostName = config.fediversityVm.name;
|
||||||
|
domain = config.fediversityVm.domain;
|
||||||
|
|
||||||
## REVIEW: Do we actually need that, considering that we have static IPs?
|
## REVIEW: Do we actually need that, considering that we have static IPs?
|
||||||
useDHCP = mkDefault true;
|
useDHCP = mkDefault true;
|
||||||
|
|
||||||
interfaces = {
|
nameservers = [
|
||||||
eth0 = {
|
"95.215.185.6"
|
||||||
ipv4 = {
|
"95.215.185.7"
|
||||||
addresses = [
|
"2a00:51c0::5fd7:b906"
|
||||||
{
|
"2a00:51c0::5fd7:b907"
|
||||||
inherit (config.fediversityVm.ipv4) address prefixLength;
|
];
|
||||||
}
|
|
||||||
];
|
firewall.enable = false;
|
||||||
};
|
nftables = {
|
||||||
ipv6 = {
|
enable = true;
|
||||||
addresses = [
|
rulesetFile = ./nftables-ruleset.nft;
|
||||||
{
|
|
||||||
inherit (config.fediversityVm.ipv6) address prefixLength;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
|
|
||||||
defaultGateway = {
|
## IPv4
|
||||||
address = config.fediversityVm.ipv4.gateway;
|
(mkIf config.fediversityVm.ipv4.enable {
|
||||||
interface = "eth0";
|
interfaces.${config.fediversityVm.ipv4.interface}.ipv4.addresses = [
|
||||||
};
|
{ inherit (config.fediversityVm.ipv4) address prefixLength; }
|
||||||
defaultGateway6 = {
|
];
|
||||||
address = config.fediversityVm.ipv6.gateway;
|
defaultGateway = {
|
||||||
interface = "eth0";
|
address = config.fediversityVm.ipv4.gateway;
|
||||||
};
|
interface = config.fediversityVm.ipv4.interface;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
nameservers = [
|
## IPv6
|
||||||
"95.215.185.6"
|
(mkIf config.fediversityVm.ipv6.enable {
|
||||||
"95.215.185.7"
|
interfaces.${config.fediversityVm.ipv6.interface}.ipv6.addresses = [
|
||||||
"2a00:51c0::5fd7:b906"
|
{ inherit (config.fediversityVm.ipv6) address prefixLength; }
|
||||||
"2a00:51c0::5fd7:b907"
|
];
|
||||||
];
|
defaultGateway6 = {
|
||||||
|
address = config.fediversityVm.ipv6.gateway;
|
||||||
firewall.enable = false;
|
interface = config.fediversityVm.ipv6.interface;
|
||||||
nftables = {
|
};
|
||||||
enable = true;
|
})
|
||||||
rulesetFile = ./nftables-ruleset.nft;
|
];
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -91,6 +91,17 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
ipv4 = {
|
ipv4 = {
|
||||||
|
enable = mkOption {
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
interface = mkOption {
|
||||||
|
description = ''
|
||||||
|
The interface that carries the machine's IPv4 network.
|
||||||
|
'';
|
||||||
|
default = "eth0";
|
||||||
|
};
|
||||||
|
|
||||||
address = mkOption {
|
address = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The IP address of the machine, version 4. It will be injected as a
|
The IP address of the machine, version 4. It will be injected as a
|
||||||
|
|
@ -116,6 +127,17 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
ipv6 = {
|
ipv6 = {
|
||||||
|
enable = mkOption {
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
interface = mkOption {
|
||||||
|
description = ''
|
||||||
|
The interface that carries the machine's IPv6 network.
|
||||||
|
'';
|
||||||
|
default = "eth0";
|
||||||
|
};
|
||||||
|
|
||||||
address = mkOption {
|
address = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The IP address of the machine, version 6. It will be injected as a
|
The IP address of the machine, version 6. It will be injected as a
|
||||||
|
|
|
||||||
|
|
@ -36,8 +36,8 @@ in
|
||||||
## should go into the `./nixos` subdirectory.
|
## should go into the `./nixos` subdirectory.
|
||||||
nixos.module = {
|
nixos.module = {
|
||||||
imports = [
|
imports = [
|
||||||
(import "${agenix}/modules/age.nix")
|
"${agenix}/modules/age.nix"
|
||||||
(import "${disko}/module.nix")
|
"${disko}/module.nix"
|
||||||
./options.nix
|
./options.nix
|
||||||
./nixos
|
./nixos
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ in
|
||||||
manage
|
manage
|
||||||
|
|
||||||
# NixOps4 and its dependencies
|
# NixOps4 and its dependencies
|
||||||
# FIXME: grab NixOps4 and add it here
|
pkgs.nixops4
|
||||||
pkgs.nix
|
pkgs.nix
|
||||||
pkgs.openssh
|
pkgs.openssh
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -147,6 +147,7 @@ in
|
||||||
NixOps4 from the package's npins-based code, we will have to do with
|
NixOps4 from the package's npins-based code, we will have to do with
|
||||||
this workaround.
|
this workaround.
|
||||||
'';
|
'';
|
||||||
|
default = pkgs.nixops4;
|
||||||
};
|
};
|
||||||
|
|
||||||
deployment = {
|
deployment = {
|
||||||
|
|
|
||||||
|
|
@ -8,4 +8,17 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
python3 = prev.lib.attrsets.recursiveUpdate prev.python3 { pkgs = extraPython3Packages; };
|
python3 = prev.lib.attrsets.recursiveUpdate prev.python3 { pkgs = extraPython3Packages; };
|
||||||
|
nixops4 =
|
||||||
|
let
|
||||||
|
sources = import ../../npins;
|
||||||
|
inherit (import sources.flake-inputs) import-flake;
|
||||||
|
inherit
|
||||||
|
(import-flake {
|
||||||
|
src = ../../.;
|
||||||
|
})
|
||||||
|
inputs
|
||||||
|
;
|
||||||
|
inherit (inputs) nixops4;
|
||||||
|
in
|
||||||
|
nixops4.packages.${prev.system}.default;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,6 @@ let
|
||||||
secrets = {
|
secrets = {
|
||||||
SECRET_KEY = pkgs.writeText "SECRET_KEY" "secret";
|
SECRET_KEY = pkgs.writeText "SECRET_KEY" "secret";
|
||||||
};
|
};
|
||||||
nixops4Package = pkgs.hello; # FIXME: actually pass NixOps4
|
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue