add qemu import

fix imports
upgrade memory to resolve oom
2025-07-02 15:12:51 +02:00 · 2025-07-02 15:12:44 +02:00 · 2025-07-02 15:09:53 +02:00 · 2025-07-02 15:09:53 +02:00 · 2025-07-02 15:09:53 +02:00 · 2025-07-02 15:09:53 +02:00
20 changed files with 66 additions and 35 deletions
--- a/deployment/check/basic/flake-part.nix
+++ b/deployment/check/basic/flake-part.nix
@ -2,6 +2,7 @@
  self,
  inputs,
  lib,
+  sources,
  ...
 }:

@ -27,7 +28,7 @@ in
          ../common/nixosTest.nix
          ./nixosTest.nix
        ];
-        _module.args.inputs = inputs;
+        _module.args = { inherit inputs sources; };
        inherit targetMachines pathToRoot pathFromRoot;
      };
    };
@ -44,7 +45,7 @@ in
          inputs.nixops4-nixos.modules.nixops4Resource.nixos
          ../common/targetResource.nix
        ];
-        _module.args.inputs = inputs;
+        _module.args = { inherit inputs sources; };
        inherit nodeName pathToRoot pathFromRoot;
        nixos.module =
          { pkgs, ... }:
--- a/deployment/check/cli/flake-part.nix
+++ b/deployment/check/cli/flake-part.nix
@ -2,6 +2,7 @@
  self,
  inputs,
  lib,
+  sources,
  ...
 }:

@ -31,7 +32,7 @@ in
          ../common/nixosTest.nix
          ./nixosTest.nix
        ];
-        _module.args.inputs = inputs;
+        _module.args = { inherit inputs sources; };
        inherit
          targetMachines
          pathToRoot
@ -45,7 +46,7 @@ in
    let
      makeTargetResource = nodeName: {
        imports = [ ../common/targetResource.nix ];
-        _module.args.inputs = inputs;
+        _module.args = { inherit inputs sources; };
        inherit
          nodeName
          pathToRoot
--- a/deployment/check/common/deployerNode.nix
+++ b/deployment/check/common/deployerNode.nix
@ -3,6 +3,7 @@
  lib,
  pkgs,
  config,
+  sources,
  ...
 }:

@ -14,8 +15,6 @@ let
    types
    ;

-  sources = import ../../../npins;
-
 in
 {
  _class = "nixos";
@ -80,7 +79,7 @@ in
              config.system.extraDependenciesFromModule
              {
                nixpkgs.hostPlatform = "x86_64-linux";
-                _module.args.inputs = inputs;
+                _module.args = { inherit inputs sources; };
                enableAcme = config.enableAcme;
                acmeNodeIP = config.acmeNodeIP;
              }
--- a/deployment/check/common/nixosTest.nix
+++ b/deployment/check/common/nixosTest.nix
@ -3,6 +3,7 @@
  lib,
  config,
  hostPkgs,
+  sources,
  ...
 }:

@ -61,7 +62,7 @@ in
      {
        deployer = {
          imports = [ ./deployerNode.nix ];
-          _module.args.inputs = inputs;
+          _module.args = { inherit inputs sources; };
          enableAcme = config.enableAcme;
          acmeNodeIP = config.nodes.acme.networking.primaryIPAddress;
        };
@ -88,7 +89,7 @@ in

        genAttrs config.targetMachines (_: {
          imports = [ ./targetNode.nix ];
-          _module.args.inputs = inputs;
+          _module.args = { inherit inputs sources; };
          enableAcme = config.enableAcme;
          acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
        });
--- a/deployment/check/common/targetResource.nix
+++ b/deployment/check/common/targetResource.nix
@ -2,6 +2,7 @@
  inputs,
  lib,
  config,
+  sources,
  ...
 }:

@ -40,7 +41,7 @@ in
        (lib.modules.importJSON (config.pathToCwd + "/${config.nodeName}-network.json"))
      ];

-      _module.args.inputs = inputs;
+      _module.args = { inherit inputs sources; };
      enableAcme = config.enableAcme;
      acmeNodeIP = trim (readFile (config.pathToCwd + "/acme_server_ip"));

--- a/deployment/check/panel/flake-part.nix
+++ b/deployment/check/panel/flake-part.nix
@ -2,6 +2,7 @@
  self,
  inputs,
  lib,
+  sources,
  ...
 }:

@ -34,7 +35,7 @@ in
          ../common/nixosTest.nix
          ./nixosTest.nix
        ];
-        _module.args.inputs = inputs;
+        _module.args = { inherit inputs sources; };
        inherit
          targetMachines
          pathToRoot
@ -48,7 +49,7 @@ in
    let
      makeTargetResource = nodeName: {
        imports = [ ../common/targetResource.nix ];
-        _module.args.inputs = inputs;
+        _module.args = { inherit inputs sources; };
        inherit
          nodeName
          pathToRoot
--- a/flake.nix
+++ b/flake.nix
@ -31,6 +31,9 @@
          inherit nixpkgs;
        };
        self = self';
+        specialArgs = {
+          inherit sources;
+        };
      }
      (
        { inputs, ... }:
@ -48,6 +51,8 @@

            ./deployment/flake-part.nix
            ./infra/flake-part.nix
+            ./keys/flake-part.nix
+            ./secrets/flake-part.nix
          ];

          perSystem =
--- a/infra/common/nixos/default.nix
+++ b/infra/common/nixos/default.nix
@ -8,7 +8,6 @@ in
  _class = "nixos";

  imports = [
-    ./hardware.nix
    ./networking.nix
    ./users.nix
  ];
--- a/infra/common/proxmox-qemu-vm.nix
+++ b/infra/common/proxmox-qemu-vm.nix
@ -15,8 +15,6 @@
      availableKernelModules = [
        "ata_piix"
        "uhci_hcd"
-        "virtio_pci"
-        "virtio_scsi"
        "sd_mod"
        "sr_mod"
      ];
--- a/infra/common/resource.nix
+++ b/infra/common/resource.nix
@ -2,6 +2,9 @@
  inputs,
  lib,
  config,
+  sources,
+  keys,
+  secrets,
  ...
 }:

@ -9,12 +12,6 @@ let
  inherit (lib) attrValues elem mkDefault;
  inherit (lib.attrsets) concatMapAttrs optionalAttrs;
  inherit (lib.strings) removeSuffix;
-  sources = import ../../npins;
-  inherit (sources) agenix disko vars;
-
-  secretsPrefix = ../../secrets;
-  secrets = import (secretsPrefix + "/secrets.nix");
-  keys = import ../../keys;

 in
 {
@ -35,7 +32,7 @@ in
  ## options that really need to be injected from the resource. Everything else
  ## should go into the `./nixos` subdirectory.
  nixos.module = {
-    imports = [
+    imports = with sources; [
      "${agenix}/modules/age.nix"
      "${disko}/module.nix"
      "${vars}/options.nix"
@ -48,15 +45,15 @@ in
    ## configuration.
    fediversityVm = config.fediversityVm;

-    ## Read all the secrets, filter the ones that are supposed to be readable
-    ## with this host's public key, and add them correctly to the configuration
-    ## as `age.secrets.<name>.file`.
+    ## Read all the secrets, filter the ones that are supposed to be readable with
+    ## public key, and create a mapping from `<name>.file` to the absolute path of
+    ## the secret's file.
    age.secrets = concatMapAttrs (
      name: secret:
      optionalAttrs (elem config.fediversityVm.hostPublicKey secret.publicKeys) ({
-        ${removeSuffix ".age" name}.file = secretsPrefix + "/${name}";
+        ${removeSuffix ".age" name}.file = secrets.rootPath + "/${name}";
      })
-    ) secrets;
+    ) secrets.mapping;

    ## FIXME: Remove direct root authentication once the NixOps4 NixOS provider
    ## supports users with password-less sudo.
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -1,6 +1,9 @@
 {
  inputs,
  lib,
+  sources,
+  keys,
+  secrets,
  ...
 }:

@ -13,7 +16,6 @@ let
    filterAttrs
    ;
  inherit (lib.attrsets) genAttrs;
-  sources = import ../../npins;

  ## Given a machine's name and whether it is a test VM, make a resource module,
  ## except for its missing provider. (Depending on the use of that resource, we
@ -22,7 +24,14 @@ let
    { vmName, isTestVm }:
    {
      # TODO(@fricklerhandwerk): this is terrible but IMO we should just ditch flake-parts and have our own data model for how the project is organised internally
-      _module.args = { inherit inputs; };
+      _module.args = {
+        inherit
+          inputs
+          sources
+          keys
+          secrets
+          ;
+      };

      imports =
        [
@ -31,11 +40,12 @@ let
        ++ (
          if isTestVm then
            [
+              ./common/proxmox-qemu-vm.nix
              ../machines/operator/${vmName}
              {
                nixos.module.users.users.root.openssh.authorizedKeys.keys = [
                  # allow our panel vm access to the test machines
-                  (import ../keys).panel
+                  keys.panel
                ];
              }
            ]
--- a/keys/flake-part.nix
+++ b/keys/flake-part.nix
@ -0,0 +1,5 @@
+{
+  _class = "flake";
+
+  _module.args.keys = import ./.;
+}
--- a/machines/dev/fedi201/default.nix
+++ b/machines/dev/fedi201/default.nix
@ -19,6 +19,7 @@

  nixos.module = {
    imports = [
+      ../../../infra/common/proxmox-qemu-vm.nix
      ./fedipanel.nix
    ];
  };
--- a/machines/dev/vm02116/default.nix
+++ b/machines/dev/vm02116/default.nix
@ -14,6 +14,7 @@
    { lib, ... }:
    {
      imports = [
+        ../../../infra/common/proxmox-qemu-vm.nix
        ./forgejo.nix
      ];

--- a/machines/dev/vm02187/default.nix
+++ b/machines/dev/vm02187/default.nix
@ -14,6 +14,7 @@
    { lib, ... }:
    {
      imports = [
+        ../../../infra/common/proxmox-qemu-vm.nix
        ./wiki.nix
      ];

--- a/machines/machines.md
+++ b/machines/machines.md
@ -7,9 +7,9 @@ Currently, this repository keeps track of the following VMs:

 Machine | Proxmox | Description
 --------|---------|-------------
-[`fedi200`](./fedi200) | fediversity | Testing machine for Hans
-[`fedi201`](./fedi201) | fediversity | FediPanel
-[`vm02116`](./vm02116) | procolix | Forgejo
-[`vm02187`](./vm02187) | procolix | Wiki
+[`fedi200`](./dev/fedi200) | fediversity | Testing machine for Hans
+[`fedi201`](./dev/fedi201) | fediversity | FediPanel
+[`vm02116`](./dev/vm02116) | procolix | Forgejo
+[`vm02187`](./dev/vm02187) | procolix | Wiki

 This table excludes all machines with names starting with `test`.
--- a/machines/machines.md.sh
+++ b/machines/machines.md.sh
@ -32,7 +32,7 @@ for machine in $(echo "$vmOptions" | jq -r 'keys[]'); do
    description=$(echo "$vmOptions" | jq -r ".$machine.description" | head -n 1)

    # shellcheck disable=SC2016
-    printf '[`%s`](./%s) | %s | %s\n' "$machine" "$machine" "$proxmox" "$description"
+    printf '[`%s`](./dev/%s) | %s | %s\n' "$machine" "$machine" "$proxmox" "$description"
  fi
 done

--- a/machines/operator/test12/default.nix
+++ b/machines/operator/test12/default.nix
@ -21,6 +21,7 @@

  nixos.module = {
    imports = [
+      ../../../infra/common/proxmox-qemu-vm.nix
      ../../../services/fediversity/attic
    ];
  };
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -0,0 +1,4 @@
+{
+  mapping = import ./secrets.nix;
+  rootPath = ./.;
+}
--- a/secrets/flake-part.nix
+++ b/secrets/flake-part.nix
@ -0,0 +1,5 @@
+{
+  _class = "flake";
+
+  _module.args.secrets = import ./.;
+}
Author	SHA1	Message	Date
Kiara Grouwstra	f575e8cdea	add qemu import	2025-07-02 15:12:51 +02:00
Kiara Grouwstra	479e8c21f9	fix imports	2025-07-02 15:12:44 +02:00
Kiara Grouwstra	dfabfef0b8	upgrade memory to resolve oom	2025-07-02 15:09:53 +02:00
Kiara Grouwstra	4551c12ff2	[wip] handling env file (still fails)	2025-07-02 15:09:53 +02:00
Kiara Grouwstra	37f7d97867	use templating fork	2025-07-02 15:09:53 +02:00
Kiara Grouwstra	919e1d43de	add tests, fix some things	2025-07-02 15:09:53 +02:00
Kiara Grouwstra	d173df7831	unrelated improvements	2025-07-02 15:09:24 +02:00
Kiara Grouwstra	3b09f27c81	move from dev to operator	2025-07-02 15:09:24 +02:00
Kiara Grouwstra	57451bf094	WIP: add attic cache, see #92 flesh out attic TODO keys nginx-port testing fix key fix key	2025-07-02 15:05:20 +02:00
Kiara Grouwstra	8df70a2ff0	classify recent flake-parts files	2025-07-02 13:25:23 +02:00
Kiara Grouwstra	5a92c2c0bc	docs: fix links to machines (#426 ) Reviewed-on: Fediversity/Fediversity#426 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-07-02 13:16:38 +02:00
Nicolas “Niols” Jeannerod	1c92009879	Do not force QEMU options onto machines	2025-07-01 23:55:33 +02:00
Kiara Grouwstra	a791ad41ec	Inject sources, secrets and keys via module system - avoid `import ../` (#421 ) Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com> Reviewed-on: Fediversity/Fediversity#421 Reviewed-by: Nicolas Jeannerod <nicolas.jeannerod@moduscreate.com> Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-07-01 21:08:15 +02:00