forked from fediversity/fediversity
Compare commits
77 commits
data-model
...
data-model
| Author | SHA1 | Date | |
|---|---|---|---|
3473eb73d2
|
|||
|
a8d8da4e0d
|
|||
|
8113ec70ce
|
|||
|
1addef3fc5
|
|||
|
1786ed6034
|
|||
|
8c66d90ba8
|
|||
|
506cf8f790
|
|||
|
17a14f965b
|
|||
|
e12f0c9ead
|
|||
|
d4945f1055
|
|||
|
2457fc44a2
|
|||
|
9c1aa3940b
|
|||
|
2ca18eabe8
|
|||
|
b134464c6e
|
|||
|
245a7d63d1
|
|||
|
ca51b2377a
|
|||
|
cce6dc9a75
|
|||
|
3c341af08b
|
|||
|
08e3bc9a4d
|
|||
|
0c66996b29
|
|||
|
c60d12e3e8
|
|||
|
b6e6f993ec
|
|||
|
5ffd7f3940
|
|||
|
11ce773862
|
|||
|
aeb7a4ea2a
|
|||
|
525b04b893
|
|||
|
68a6fc885a
|
|||
|
440b631648
|
|||
|
2744cfc392
|
|||
|
0555f9b327
|
|||
|
d5b904f141
|
|||
|
6a239c70c2
|
|||
|
c76e909ced
|
|||
|
55c65ee281
|
|||
|
bfe0f422c7
|
|||
|
9a2927e96b
|
|||
|
2d0bf2d701
|
|||
|
a99bbca69b
|
|||
|
88ad3980c6
|
|||
|
b16e569787
|
|||
|
8566220451
|
|||
|
108637e295
|
|||
|
c53b1341b8
|
|||
|
adb8b46ff9
|
|||
|
a4e891c3c4
|
|||
|
55d6760da8
|
|||
|
e3c767cb91
|
|||
|
f751f4c181
|
|||
|
7cd25eae94
|
|||
|
acc8432b7c
|
|||
|
e9526fc038
|
|||
|
e685f7058f
|
|||
|
1403677aa5
|
|||
|
605d350d94
|
|||
|
43183d70c2
|
|||
|
d800e93503
|
|||
|
aae0ab290a
|
|||
|
0c94733949
|
|||
|
0cee229611
|
|||
|
30515d445d
|
|||
|
05da7e2d93
|
|||
|
ade292ec57
|
|||
|
13139a4b4b
|
|||
|
4d85dd96f2
|
|||
|
7a7343f0ea
|
|||
|
7c9451989a
|
|||
|
410f90a1d4
|
|||
|
32e04beb06
|
|||
|
27c59e1af8
|
|||
|
252b7cde11
|
|||
| ccbf82d546 | |||
| 27f96b2504 | |||
| 09db4d6217 | |||
| c3027eb7d1 | |||
| 4049ca8156 | |||
| 40e8a0a3c5 | |||
| f954ed5389 |
14 changed files with 383 additions and 122 deletions
|
|
@ -1,4 +1,5 @@
|
|||
on:
|
||||
workflow_dispatch: # allows manual triggering
|
||||
pull_request:
|
||||
types:
|
||||
- opened
|
||||
|
|
@ -39,6 +40,12 @@ jobs:
|
|||
- uses: actions/checkout@v4
|
||||
- run: nix-build -A tests.panel
|
||||
|
||||
check-proxmox-basic:
|
||||
runs-on: native
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: nix build .#checks.x86_64-linux.proxmox-basic -L
|
||||
|
||||
check-deployment-basic:
|
||||
runs-on: native
|
||||
steps:
|
||||
|
|
@ -57,6 +64,12 @@ jobs:
|
|||
- uses: actions/checkout@v4
|
||||
- run: nix build .#checks.x86_64-linux.deployment-panel -L
|
||||
|
||||
check-deployment-model:
|
||||
runs-on: native
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: nix build .#checks.x86_64-linux.deployment-model-ssh -L
|
||||
|
||||
check-deployment-model-ssh:
|
||||
runs-on: native
|
||||
steps:
|
||||
|
|
|
|||
|
|
@ -105,8 +105,7 @@ let
|
|||
options.enable = lib.mkEnableOption "Hello in the shell";
|
||||
};
|
||||
implementation = cfg: {
|
||||
input = cfg;
|
||||
output.resources = lib.optionalAttrs cfg.enable {
|
||||
resources = lib.optionalAttrs cfg.enable {
|
||||
hello.login-shell.packages.hello = pkgs.hello;
|
||||
};
|
||||
};
|
||||
|
|
@ -139,42 +138,50 @@ let
|
|||
implementation =
|
||||
{
|
||||
required-resources,
|
||||
...
|
||||
deployment-name,
|
||||
}:
|
||||
{
|
||||
input = required-resources;
|
||||
output.ssh-host = {
|
||||
ssh-host = {
|
||||
nixos-configuration = mkNixosConfiguration environment required-resources;
|
||||
system = targetSystem;
|
||||
ssh = {
|
||||
username = "root";
|
||||
host = nodeName;
|
||||
key-file = null;
|
||||
inherit sshOpts;
|
||||
};
|
||||
module = self;
|
||||
inherit args deployment-name;
|
||||
root-path = pathToRoot;
|
||||
};
|
||||
};
|
||||
};
|
||||
single-nixos-vm-nixops4 = environment: {
|
||||
resources."operator-environment".login-shell.username = "operator";
|
||||
implementation = requests: {
|
||||
input = requests;
|
||||
output.nixops4 =
|
||||
{ providers, ... }:
|
||||
{
|
||||
providers = {
|
||||
inherit (inputs.nixops4.modules.nixops4Provider) local;
|
||||
implementation =
|
||||
{
|
||||
required-resources,
|
||||
...
|
||||
}:
|
||||
{
|
||||
nixops4 =
|
||||
{ providers, ... }:
|
||||
{
|
||||
providers = {
|
||||
inherit (inputs.nixops4.modules.nixops4Provider) local;
|
||||
};
|
||||
resources.${nodeName} = {
|
||||
type = providers.local.exec;
|
||||
imports = [
|
||||
inputs.nixops4-nixos.modules.nixops4Resource.nixos
|
||||
../common/targetResource.nix
|
||||
];
|
||||
nixos.module = mkNixosConfiguration environment required-resources;
|
||||
_module.args = { inherit inputs sources; };
|
||||
inherit (deployment-config) nodeName pathToRoot pathFromRoot;
|
||||
};
|
||||
};
|
||||
resources.${nodeName} = {
|
||||
type = providers.local.exec;
|
||||
imports = [
|
||||
inputs.nixops4-nixos.modules.nixops4Resource.nixos
|
||||
../common/targetResource.nix
|
||||
];
|
||||
nixos.module = mkNixosConfiguration environment requests;
|
||||
_module.args = { inherit inputs sources; };
|
||||
inherit (deployment-config) nodeName pathToRoot pathFromRoot;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
single-nixos-vm-tf = environment: {
|
||||
resources."operator-environment".login-shell.username = "operator";
|
||||
|
|
@ -184,8 +191,7 @@ let
|
|||
deployment-name,
|
||||
}:
|
||||
{
|
||||
input = required-resources;
|
||||
output.tf-host = {
|
||||
tf-host = {
|
||||
nixos-configuration = mkNixosConfiguration environment required-resources;
|
||||
system = targetSystem;
|
||||
ssh = {
|
||||
|
|
|
|||
|
|
@ -1,30 +1,23 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (import ./constants.nix) pathToRoot pathFromRoot;
|
||||
inherit (pkgs) system;
|
||||
escapedJson = v: lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (lib.strings.toJSON v);
|
||||
deployment-config = {
|
||||
inherit pathToRoot pathFromRoot;
|
||||
inherit (config) enableAcme;
|
||||
acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
|
||||
nodeName = "ssh";
|
||||
targetSystem = system;
|
||||
sshOpts = [ ];
|
||||
};
|
||||
inherit
|
||||
((import ../common/data-model.nix {
|
||||
inherit system inputs;
|
||||
deploy =
|
||||
(import ../common/data-model.nix {
|
||||
inherit system;
|
||||
config = deployment-config;
|
||||
})."ssh-deployment".ssh-host.ssh
|
||||
)
|
||||
host
|
||||
username
|
||||
key-file
|
||||
;
|
||||
# opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call
|
||||
})."ssh-deployment".ssh-host.run;
|
||||
in
|
||||
{
|
||||
_class = "nixosTest";
|
||||
|
|
@ -36,6 +29,10 @@ in
|
|||
sourceFileset = lib.fileset.unions [
|
||||
../../data-model.nix
|
||||
../../function.nix
|
||||
../../nixos.nix
|
||||
../../run/ssh-single-host/run.sh
|
||||
../../../npins/default.nix
|
||||
../../../npins/sources.json
|
||||
../common/data-model.nix
|
||||
../common/data-model-options.nix
|
||||
./constants.nix
|
||||
|
|
@ -46,6 +43,7 @@ in
|
|||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
jq
|
||||
deploy
|
||||
];
|
||||
|
||||
system.extraDependenciesFromModule =
|
||||
|
|
@ -63,46 +61,7 @@ in
|
|||
|
||||
with subtest("Run the deployment"):
|
||||
deployer.succeed("""
|
||||
set -euo pipefail
|
||||
|
||||
# INSTANTIATE
|
||||
command=(nix-instantiate --show-trace --expr '
|
||||
let
|
||||
system = "${pkgs.system}"; # FIXME: what system are we deploying to?
|
||||
in
|
||||
import ${pathToRoot}/deployment/nixos.nix {
|
||||
inherit system;
|
||||
configuration = (
|
||||
import ${pathToRoot}/deployment/check/common/data-model.nix {
|
||||
inherit system;
|
||||
config = builtins.fromJSON "${escapedJson deployment-config}";
|
||||
}
|
||||
)."ssh-deployment".ssh-host.nixos-configuration;
|
||||
}
|
||||
')
|
||||
# DEPLOY
|
||||
host="${lib.defaultTo "root" username}@${host}"
|
||||
sshOpts=(
|
||||
${if key-file == null then "" else "-i ${key-file}"}
|
||||
-o StrictHostKeyChecking=no
|
||||
-o "ConnectTimeout=1"
|
||||
-o "ServerAliveInterval=1"
|
||||
)
|
||||
# instantiate the config in /nix/store
|
||||
"''${command[@]}" --show-trace -A out_path
|
||||
# get the realized derivation to deploy
|
||||
outPath=$(nix-store --realize "$("''${command[@]}" --show-trace --eval --strict --json | jq -r '.drv_path')")
|
||||
# deploy the config by nix-copy-closure
|
||||
NIX_SSHOPTS="''${sshOpts[*]}" nix-copy-closure --to "$host" "$outPath" --gzip --use-substitutes
|
||||
# switch the remote host to the config
|
||||
output=$(ssh "''${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
|
||||
echo "output: $output"
|
||||
if [[ $output != *"Timeout, server ssh not responding"* ]]; then
|
||||
echo "non-timeout error: $output"
|
||||
exit 1
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
${lib.getExe deploy}
|
||||
""")
|
||||
ssh.wait_for_unit("multi-user.target")
|
||||
ssh.succeed("su - operator -c hello 1>&2")
|
||||
|
|
|
|||
|
|
@ -10,17 +10,14 @@ let
|
|||
inherit pathToRoot pathFromRoot;
|
||||
nodeName = "target";
|
||||
targetSystem = system;
|
||||
sshOpts = [
|
||||
"ConnectTimeout=1"
|
||||
"ServerAliveInterval=1"
|
||||
];
|
||||
sshOpts = [ ];
|
||||
};
|
||||
deployment =
|
||||
deploy =
|
||||
(import ../common/data-model.nix {
|
||||
inherit system;
|
||||
config = deployment-config;
|
||||
# opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call
|
||||
})."tf-deployment".tf-host;
|
||||
})."tf-deployment".tf-host.run;
|
||||
in
|
||||
{
|
||||
_class = "nixosTest";
|
||||
|
|
@ -39,6 +36,7 @@ in
|
|||
environment.systemPackages = with pkgs; [
|
||||
(pkgs.callPackage ../../run/tf-single-host/tf.nix { })
|
||||
jq
|
||||
deploy
|
||||
];
|
||||
|
||||
# needed only when building from deployer
|
||||
|
|
@ -57,7 +55,7 @@ in
|
|||
|
||||
with subtest("ssh: Run the deployment"):
|
||||
deployer.succeed("""
|
||||
${deployment.run}
|
||||
${lib.getExe deploy}
|
||||
""")
|
||||
target.wait_for_unit("multi-user.target")
|
||||
target.succeed("su - operator -c hello 1>&2")
|
||||
|
|
|
|||
37
deployment/check/proxmox/default.nix
Normal file
37
deployment/check/proxmox/default.nix
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
{
|
||||
runNixOSTest,
|
||||
sources,
|
||||
system,
|
||||
}:
|
||||
|
||||
let
|
||||
pkgs = import sources.nixpkgs-stable {
|
||||
inherit system;
|
||||
overlays = [ overlay ];
|
||||
};
|
||||
overlay = _: _: {
|
||||
inherit
|
||||
(import "${sources.proxmox-nixos}/pkgs" {
|
||||
craneLib = pkgs.callPackage "${sources.crane}/lib" { };
|
||||
# breaks from https://github.com/NixOS/nixpkgs/commit/06b354eb2dc535c57e9b4caaa16d79168f117a26,
|
||||
# which updates libvncserver to 0.9.15, which was not yet patched at https://git.proxmox.com/?p=vncterm.git.
|
||||
inherit pkgs;
|
||||
# not so picky about version for our purposes
|
||||
pkgs-unstable = pkgs;
|
||||
})
|
||||
proxmox-ve
|
||||
pve-ha-manager
|
||||
;
|
||||
};
|
||||
in
|
||||
runNixOSTest {
|
||||
node.specialArgs = {
|
||||
inherit
|
||||
sources
|
||||
pkgs
|
||||
;
|
||||
};
|
||||
imports = [
|
||||
./proxmoxTest.nix
|
||||
];
|
||||
}
|
||||
87
deployment/check/proxmox/proxmoxTest.nix
Normal file
87
deployment/check/proxmox/proxmoxTest.nix
Normal file
|
|
@ -0,0 +1,87 @@
|
|||
# https://github.com/SaumonNet/proxmox-nixos/blob/main/tests/vm.nix
|
||||
{
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
# tracking non-tarball downloads seems unsupported still in npins:
|
||||
# https://github.com/andir/npins/issues/163
|
||||
minimalIso = pkgs.fetchurl {
|
||||
url = "https://releases.nixos.org/nixos/24.05/nixos-24.05.7139.bcba2fbf6963/nixos-minimal-24.05.7139.bcba2fbf6963-x86_64-linux.iso";
|
||||
hash = "sha256-plre/mIHdIgU4xWU+9xErP+L4i460ZbcKq8iy2n4HT8=";
|
||||
};
|
||||
in
|
||||
{
|
||||
name = "proxmox-basic";
|
||||
|
||||
nodes.mypve =
|
||||
{ sources, ... }:
|
||||
{
|
||||
imports = [
|
||||
"${sources.proxmox-nixos}/modules/proxmox-ve"
|
||||
];
|
||||
services.proxmox-ve = {
|
||||
enable = true;
|
||||
ipAddress = "192.168.1.1";
|
||||
vms = {
|
||||
myvm1 = {
|
||||
vmid = 100;
|
||||
memory = 1024;
|
||||
cores = 1;
|
||||
sockets = 1;
|
||||
kvm = true;
|
||||
scsi = [ { file = "local:16"; } ];
|
||||
cdrom = "local:iso/minimal.iso";
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualisation = {
|
||||
additionalPaths = [ minimalIso ];
|
||||
diskSize = 4096;
|
||||
memorySize = 2048;
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.start()
|
||||
machine.wait_for_unit("pveproxy.service")
|
||||
assert "running" in machine.succeed("pveproxy status")
|
||||
|
||||
# Copy Iso
|
||||
machine.succeed("mkdir -p /var/lib/vz/template/iso/")
|
||||
machine.succeed("cp ${minimalIso} /var/lib/vz/template/iso/minimal.iso")
|
||||
|
||||
# Declarative VM creation
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
machine.succeed("qm stop 100 --timeout 0")
|
||||
|
||||
# Seabios VM creation
|
||||
machine.succeed(
|
||||
"qm create 101 --kvm 0 --bios seabios -cdrom local:iso/minimal.iso",
|
||||
"qm start 101",
|
||||
"qm stop 101 --timeout 0"
|
||||
)
|
||||
|
||||
# Legacy ovmf vm creation
|
||||
machine.succeed(
|
||||
"qm create 102 --kvm 0 --bios ovmf -cdrom local:iso/minimal.iso",
|
||||
"qm start 102",
|
||||
"qm stop 102 --timeout 0"
|
||||
)
|
||||
|
||||
# UEFI ovmf vm creation
|
||||
machine.succeed(
|
||||
"qm create 103 --kvm 0 --bios ovmf --efidisk0 local:4,efitype=4m -cdrom local:iso/minimal.iso",
|
||||
"qm start 103",
|
||||
"qm stop 103 --timeout 0"
|
||||
)
|
||||
|
||||
# UEFI ovmf vm creation with secure boot
|
||||
machine.succeed(
|
||||
"qm create 104 --kvm 0 --bios ovmf --efidisk0 local:4,efitype=4m,pre-enrolled-keys=1 -cdrom local:iso/minimal.iso",
|
||||
"qm start 104",
|
||||
"qm stop 104 --timeout 0"
|
||||
)
|
||||
'';
|
||||
}
|
||||
|
|
@ -98,9 +98,9 @@ in
|
|||
{
|
||||
options.enable = lib.mkEnableOption "Hello in the shell";
|
||||
};
|
||||
implementation = cfg: {
|
||||
input = cfg;
|
||||
output.resources = lib.optionalAttrs cfg.enable {
|
||||
implementation =
|
||||
cfg: {
|
||||
resources = lib.optionalAttrs cfg.enable {
|
||||
hello.login-shell.packages.hello = pkgs.hello;
|
||||
};
|
||||
};
|
||||
|
|
@ -110,8 +110,7 @@ in
|
|||
{
|
||||
resources."operator-environment".login-shell.username = "operator";
|
||||
implementation = requests: {
|
||||
input = requests;
|
||||
output.nixops4 =
|
||||
nixops4 = (
|
||||
{ providers, ... }:
|
||||
{
|
||||
providers = {
|
||||
|
|
@ -134,7 +133,8 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ let
|
|||
;
|
||||
toBash =
|
||||
v:
|
||||
lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (
|
||||
lib.replaceStrings [ "\"" ] [ "\\\"" ] (
|
||||
if lib.isPath v || builtins.isNull v then
|
||||
toString v
|
||||
else if lib.isString v then
|
||||
|
|
@ -29,7 +29,7 @@ let
|
|||
lib.strings.toJSON v
|
||||
);
|
||||
|
||||
functionType = import ./function.nix;
|
||||
functionType = submodule ./function.nix;
|
||||
application-resources = submodule {
|
||||
options.resources = mkOption {
|
||||
# TODO: maybe transpose, and group the resources by type instead
|
||||
|
|
@ -87,12 +87,73 @@ let
|
|||
deployment-type = attrTag {
|
||||
ssh-host = mkOption {
|
||||
description = "A deployment by SSH to update a single existing NixOS host.";
|
||||
type = submodule {
|
||||
type = submodule (ssh-host: {
|
||||
options = {
|
||||
system = mkOption {
|
||||
description = "The architecture of the system to deploy to.";
|
||||
type = types.str;
|
||||
};
|
||||
inherit nixos-configuration;
|
||||
ssh = host-ssh;
|
||||
module = mkOption {
|
||||
description = "The module to call to obtain the NixOS configuration from.";
|
||||
type = types.str;
|
||||
};
|
||||
args = mkOption {
|
||||
description = "The arguments with which to call the module to obtain the NixOS configuration.";
|
||||
type = types.attrs;
|
||||
};
|
||||
deployment-name = mkOption {
|
||||
description = "The name of the deployment for which to obtain the NixOS configuration.";
|
||||
type = types.str;
|
||||
};
|
||||
root-path = mkOption {
|
||||
description = "The path to the root of the repository.";
|
||||
type = types.path;
|
||||
};
|
||||
run = mkOption {
|
||||
type = types.package;
|
||||
# error: The option `ssh-deployment.ssh-host.run' is read-only, but it's set multiple times.
|
||||
# readOnly = true;
|
||||
default =
|
||||
let
|
||||
inherit (ssh-host.config)
|
||||
system
|
||||
ssh
|
||||
module
|
||||
args
|
||||
deployment-name
|
||||
root-path
|
||||
;
|
||||
inherit (ssh)
|
||||
host
|
||||
username
|
||||
key-file
|
||||
sshOpts
|
||||
;
|
||||
environment = {
|
||||
key_file = key-file;
|
||||
deployment_name = deployment-name;
|
||||
root_path = root-path;
|
||||
ssh_opts = sshOpts;
|
||||
inherit
|
||||
system
|
||||
host
|
||||
username
|
||||
module
|
||||
args
|
||||
;
|
||||
deployment_type = "ssh-host";
|
||||
};
|
||||
in
|
||||
pkgs.writeShellScriptBin "deploy-ssh.sh" ''
|
||||
env ${
|
||||
toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") environment)
|
||||
} bash ./deployment/run/ssh-single-host/run.sh
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
nixops4 = mkOption {
|
||||
description = "A NixOps4 NixOS deployment. For an example, see https://github.com/nixops4/nixops4-nixos/blob/main/example/deployment.nix.";
|
||||
|
|
@ -125,7 +186,7 @@ let
|
|||
type = types.path;
|
||||
};
|
||||
run = mkOption {
|
||||
type = types.str;
|
||||
type = types.package;
|
||||
# error: The option `tf-deployment.tf-host.run' is read-only, but it's set multiple times.
|
||||
# readOnly = true;
|
||||
default =
|
||||
|
|
@ -160,7 +221,7 @@ let
|
|||
};
|
||||
tf-env = pkgs.callPackage ./run/tf-single-host/tf-env.nix { };
|
||||
in
|
||||
''
|
||||
pkgs.writeShellScriptBin "deploy-ssh.sh" ''
|
||||
env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
|
||||
tf_env=${tf-env} bash ./deployment/run/tf-single-host/run.sh
|
||||
'';
|
||||
|
|
@ -199,6 +260,7 @@ in
|
|||
type = types.optionType;
|
||||
};
|
||||
# TODO(@fricklerhandwerk): we may want to make the function type explicit here: `application-resources -> resource-type`
|
||||
# and then also rename this to be consistent with the application's resource mapping
|
||||
options.apply = mkOption {
|
||||
description = "Apply the policy to a request";
|
||||
type = functionTo policy.config.resource-type;
|
||||
|
|
@ -232,18 +294,19 @@ in
|
|||
};
|
||||
resources = mkOption {
|
||||
description = "Compute resources required by an application";
|
||||
type = functionTo application.config.config-mapping.output-type;
|
||||
type = application.config.config-mapping.function-type;
|
||||
readOnly = true;
|
||||
default = input: (application.config.implementation input).output;
|
||||
default = application.config.config-mapping.apply;
|
||||
};
|
||||
# TODO(@fricklerhandwerk): this needs a better name, it's just the type
|
||||
# TODO(@fricklerhandwerk): this needs a better name
|
||||
config-mapping = mkOption {
|
||||
description = "Function type for the mapping from application configuration to required resources";
|
||||
type = submodule functionType;
|
||||
type = functionType;
|
||||
readOnly = true;
|
||||
default = {
|
||||
input-type = submodule application.config.module;
|
||||
output-type = application-resources;
|
||||
implementation = application.config.implementation;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
@ -275,7 +338,7 @@ in
|
|||
};
|
||||
resource-mapping = mkOption {
|
||||
description = "Function type for the mapping from resources to a deployment";
|
||||
type = submodule functionType;
|
||||
type = functionType;
|
||||
readOnly = true;
|
||||
default = {
|
||||
input-type = submodule {
|
||||
|
|
@ -289,6 +352,37 @@ in
|
|||
};
|
||||
};
|
||||
output-type = deployment-type;
|
||||
implementation = environment.config.implementation;
|
||||
};
|
||||
};
|
||||
config-mapping = mkOption {
|
||||
description = "Mapping from a configuration to a deployment";
|
||||
type = functionType;
|
||||
readOnly = true;
|
||||
default = {
|
||||
input-type = submodule {
|
||||
options = {
|
||||
deployment-name = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
configuration = mkOption {
|
||||
type = config.configuration;
|
||||
};
|
||||
};
|
||||
};
|
||||
output-type = deployment-type;
|
||||
implementation =
|
||||
{
|
||||
deployment-name,
|
||||
configuration,
|
||||
}:
|
||||
# TODO: check cfg.enable.true
|
||||
let
|
||||
required-resources = lib.mapAttrs (
|
||||
name: application-settings: config.applications.${name}.resources application-settings
|
||||
) configuration.applications;
|
||||
in
|
||||
environment.config.resource-mapping.apply { inherit required-resources deployment-name; };
|
||||
};
|
||||
};
|
||||
# TODO(@fricklerhandwerk): maybe this should be a separate thing such as `fediversity-setup`,
|
||||
|
|
@ -296,21 +390,9 @@ in
|
|||
# then the deployments can simply be the result of the function application baked into this module.
|
||||
deployment = mkOption {
|
||||
description = "Generate a deployment from a configuration, by applying an environment's resource policies to the applications' resource mappings";
|
||||
type = functionTo (environment.config.resource-mapping.output-type);
|
||||
type = environment.config.config-mapping.function-type;
|
||||
readOnly = true;
|
||||
default =
|
||||
{
|
||||
deployment-name,
|
||||
configuration,
|
||||
}:
|
||||
# TODO: check cfg.enable.true
|
||||
let
|
||||
required-resources = lib.mapAttrs (
|
||||
name: application-settings: config.applications.${name}.resources application-settings
|
||||
) configuration.applications;
|
||||
in
|
||||
(environment.config.implementation { inherit required-resources deployment-name; }).output;
|
||||
|
||||
default = environment.config.config-mapping.apply;
|
||||
};
|
||||
};
|
||||
})
|
||||
|
|
|
|||
|
|
@ -4,9 +4,14 @@
|
|||
_class = "flake";
|
||||
|
||||
perSystem =
|
||||
{ pkgs, ... }:
|
||||
{ pkgs, system, ... }:
|
||||
{
|
||||
checks = {
|
||||
proxmox-basic = import ./check/proxmox {
|
||||
inherit (pkgs.testers) runNixOSTest;
|
||||
inherit sources system;
|
||||
};
|
||||
|
||||
deployment-basic = import ./check/basic {
|
||||
inherit (pkgs.testers) runNixOSTest;
|
||||
inherit inputs sources;
|
||||
|
|
@ -33,7 +38,7 @@
|
|||
};
|
||||
|
||||
deployment-model-tf = import ./check/data-model-tf {
|
||||
inherit (pkgs.testers) runNixOSTest;
|
||||
inherit (pkgs.testers) runNixOSTest;
|
||||
inherit inputs sources;
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -19,6 +19,11 @@ in
|
|||
type = optionType;
|
||||
};
|
||||
function-type = mkOption {
|
||||
type = optionType;
|
||||
readOnly = true;
|
||||
default = functionTo config.output-type;
|
||||
};
|
||||
wrapper-type = mkOption {
|
||||
type = optionType;
|
||||
readOnly = true;
|
||||
default = functionTo (submodule {
|
||||
|
|
@ -32,5 +37,22 @@ in
|
|||
};
|
||||
});
|
||||
};
|
||||
implementation = mkOption {
|
||||
type = config.function-type;
|
||||
default = _: { };
|
||||
};
|
||||
wrapper = mkOption {
|
||||
type = config.wrapper-type;
|
||||
readOnly = true;
|
||||
default = input: fn: {
|
||||
inherit input;
|
||||
output = config.implementation fn.config.input;
|
||||
};
|
||||
};
|
||||
apply = mkOption {
|
||||
type = config.function-type;
|
||||
readOnly = true;
|
||||
default = input: (config.wrapper input).output;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
2
deployment/run/ssh-single-host/run.sh
Normal file → Executable file
2
deployment/run/ssh-single-host/run.sh
Normal file → Executable file
|
|
@ -39,7 +39,7 @@ NIX_SSHOPTS="${sshOpts[*]}" nix-copy-closure --to "$destination" "$outPath" --gz
|
|||
# shellcheck disable=SC2029
|
||||
ssh "${sshOpts[@]}" "$destination" "nix-env --profile /nix/var/nix/profiles/system --set $outPath"
|
||||
# shellcheck disable=SC2029
|
||||
output=$(ssh "${sshOpts[@]}" "$destination" "nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
|
||||
output=$(ssh -o "ConnectTimeout=1" -o "ServerAliveInterval=1" "${sshOpts[@]}" "$destination" "nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
|
||||
echo "output: $output"
|
||||
if [[ $output != *"Timeout, server $host not responding"* ]]; then
|
||||
echo "non-timeout error: $output"
|
||||
|
|
|
|||
|
|
@ -6,7 +6,13 @@
|
|||
|
||||
outputs =
|
||||
inputs:
|
||||
import ./mkFlake.nix inputs (
|
||||
{
|
||||
nixConfig = {
|
||||
extra-trusted-substituters = "https://cache.saumon.network/proxmox-nixos";
|
||||
extra-trusted-public-keys = "proxmox-nixos:D9RYSWpQQC/msZUWphOY2I5RLH5Dd6yQcaHIuug7dWM=";
|
||||
};
|
||||
}
|
||||
// import ./mkFlake.nix inputs (
|
||||
{ inputs, sources, ... }:
|
||||
{
|
||||
imports = [
|
||||
|
|
|
|||
4
nixmoxer.conf
Normal file
4
nixmoxer.conf
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
host=192.168.51.81
|
||||
verify_ssl=0
|
||||
user=kiara@ProcoliX
|
||||
password=
|
||||
|
|
@ -25,6 +25,22 @@
|
|||
"url": null,
|
||||
"hash": "1w2gsy6qwxa5abkv8clb435237iifndcxq0s79wihqw11a5yb938"
|
||||
},
|
||||
"crane": {
|
||||
"type": "GitRelease",
|
||||
"repository": {
|
||||
"type": "GitHub",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane"
|
||||
},
|
||||
"pre_releases": false,
|
||||
"version_upper_bound": null,
|
||||
"release_prefix": null,
|
||||
"submodules": false,
|
||||
"version": "v0.20.3",
|
||||
"revision": "8468a0c46f81d806fd643ffe389fa80328b21cf4",
|
||||
"url": "https://api.github.com/repos/ipetkov/crane/tarball/v0.20.3",
|
||||
"hash": "0zw4275c3a6572w6vjmn850yddw6n3qagwfcq6ns247cx72fdfx0"
|
||||
},
|
||||
"disko": {
|
||||
"type": "GitRelease",
|
||||
"repository": {
|
||||
|
|
@ -150,6 +166,32 @@
|
|||
"revision": "f33a4d26226c05d501b9d4d3e5e60a3a59991921",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/f33a4d26226c05d501b9d4d3e5e60a3a59991921.tar.gz",
|
||||
"hash": "1b6dm1sn0bdpcsmxna0zzspjaixa2dald08005fry5jrbjvwafdj"
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"type": "Git",
|
||||
"repository": {
|
||||
"type": "GitHub",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs"
|
||||
},
|
||||
"branch": "nixos-25.05",
|
||||
"submodules": false,
|
||||
"revision": "a1ae8ef72f64a845ecce5c6dcf65d546bf7deeb4",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/a1ae8ef72f64a845ecce5c6dcf65d546bf7deeb4.tar.gz",
|
||||
"hash": "0d7lp30wyy5647gpm8rnihvdcpmgmfr9c5yg4fhl31lsg8mlbg16"
|
||||
},
|
||||
"proxmox-nixos": {
|
||||
"type": "Git",
|
||||
"repository": {
|
||||
"type": "GitHub",
|
||||
"owner": "SaumonNet",
|
||||
"repo": "proxmox-nixos"
|
||||
},
|
||||
"branch": "main",
|
||||
"submodules": false,
|
||||
"revision": "48f39fbe2e8f90f9ac160dd4b6929f3ac06d8223",
|
||||
"url": "https://github.com/SaumonNet/proxmox-nixos/archive/48f39fbe2e8f90f9ac160dd4b6929f3ac06d8223.tar.gz",
|
||||
"hash": "0606qcs8x1jwckd1ivf52rqdmi3lkn66iiqh6ghd4kqx0g2bw3nv"
|
||||
}
|
||||
},
|
||||
"version": 5
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue