switch to bash deployment

in case we want that file for something else, we can move this (and its
ignore) to something separate.

deployment/default.nix

@@ -36,7 +36,7 @@
 panelConfig:
 
 let
-  inherit (lib) mkIf;
+  inherit (lib) mkMerge mkIf;
 
 in
 
@@ -101,81 +101,90 @@ in
 
     in
 
-    {
-      garage-configuration = makeConfigurationResource garageConfigurationResource (
-        { pkgs, ... }:
-        mkIf (panelConfig.mastodon.enable || panelConfig.peertube.enable || panelConfig.pixelfed.enable) {
-          fediversity = {
-            inherit (panelConfig) domain;
-            garage.enable = true;
-            pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
-            mastodon = mastodonS3KeyConfig { inherit pkgs; };
-            peertube = peertubeS3KeyConfig { inherit pkgs; };
-          };
-        }
-      );
+    mkMerge [
 
-      mastodon-configuration = makeConfigurationResource mastodonConfigurationResource (
-        { pkgs, ... }:
-        mkIf panelConfig.mastodon.enable {
-          fediversity = {
-            inherit (panelConfig) domain;
-            temp.initialUser = {
-              inherit (panelConfig.initialUser) username email displayName;
-              # FIXME: disgusting, but nvm, this is going to be replaced by
-              # proper central authentication at some point
-              passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
+      (mkIf (panelConfig.mastodon.enable || panelConfig.peertube.enable || panelConfig.pixelfed.enable) {
+        garage-configuration = makeConfigurationResource garageConfigurationResource (
+          { pkgs, ... }:
+          {
+            fediversity = {
+              inherit (panelConfig) domain;
+              garage.enable = true;
+              pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
+              mastodon = mastodonS3KeyConfig { inherit pkgs; };
+              peertube = peertubeS3KeyConfig { inherit pkgs; };
             };
+          }
+        );
+      })
 
-            mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
-              enable = true;
+      (mkIf panelConfig.mastodon.enable {
+        mastodon-configuration = makeConfigurationResource mastodonConfigurationResource (
+          { pkgs, ... }:
+          {
+            fediversity = {
+              inherit (panelConfig) domain;
+              temp.initialUser = {
+                inherit (panelConfig.initialUser) username email displayName;
+                # FIXME: disgusting, but nvm, this is going to be replaced by
+                # proper central authentication at some point
+                passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
+              };
+
+              mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
+                enable = true;
+              };
+
+              temp.cores = 1; # FIXME: should come from NixOps4 eventually
             };
+          }
+        );
+      })
 
-            temp.cores = 1; # FIXME: should come from NixOps4 eventually
-          };
-        }
-      );
+      (mkIf panelConfig.peertube.enable {
+        peertube-configuration = makeConfigurationResource peertubeConfigurationResource (
+          { pkgs, ... }:
+          {
+            fediversity = {
+              inherit (panelConfig) domain;
+              temp.initialUser = {
+                inherit (panelConfig.initialUser) username email displayName;
+                # FIXME: disgusting, but nvm, this is going to be replaced by
+                # proper central authentication at some point
+                passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
+              };
 
-      peertube-configuration = makeConfigurationResource peertubeConfigurationResource (
-        { pkgs, ... }:
-        mkIf panelConfig.peertube.enable {
-          fediversity = {
-            inherit (panelConfig) domain;
-            temp.initialUser = {
-              inherit (panelConfig.initialUser) username email displayName;
-              # FIXME: disgusting, but nvm, this is going to be replaced by
-              # proper central authentication at some point
-              passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
+              peertube = peertubeS3KeyConfig { inherit pkgs; } // {
+                enable = true;
+                ## NOTE: Only ever used for testing anyway.
+                ##
+                ## FIXME: Generate and store in NixOps4's state.
+                secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
+              };
             };
+          }
+        );
+      })
 
-            peertube = peertubeS3KeyConfig { inherit pkgs; } // {
-              enable = true;
-              ## NOTE: Only ever used for testing anyway.
-              ##
-              ## FIXME: Generate and store in NixOps4's state.
-              secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
-            };
-          };
-        }
-      );
+      (mkIf panelConfig.pixelfed.enable {
+        pixelfed-configuration = makeConfigurationResource pixelfedConfigurationResource (
+          { pkgs, ... }:
+          {
+            fediversity = {
+              inherit (panelConfig) domain;
+              temp.initialUser = {
+                inherit (panelConfig.initialUser) username email displayName;
+                # FIXME: disgusting, but nvm, this is going to be replaced by
+                # proper central authentication at some point
+                passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
+              };
 
-      pixelfed-configuration = makeConfigurationResource pixelfedConfigurationResource (
-        { pkgs, ... }:
-        mkIf panelConfig.pixelfed.enable {
-          fediversity = {
-            inherit (panelConfig) domain;
-            temp.initialUser = {
-              inherit (panelConfig.initialUser) username email displayName;
-              # FIXME: disgusting, but nvm, this is going to be replaced by
-              # proper central authentication at some point
-              passwordFile = pkgs.writeText "password" panelConfig.initialUser.password;
+              pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
+                enable = true;
+              };
             };
-
-            pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
-              enable = true;
-            };
-          };
-        }
-      );
-    };
+          }
+        );
+      })
+    ];
 }

infra/test-machines/test11/default.nix

@@ -1,19 +0,0 @@
-{
-  fediversityVm = {
-    vmId = 7011;
-    proxmox = "fediversity";
-
-    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
-    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
-
-    domain = "abundos.eu";
-    ipv4 = {
-      address = "95.215.187.61";
-      gateway = "95.215.187.1";
-    };
-    ipv6 = {
-      address = "2a00:51c0:13:1305::61";
-      gateway = "2a00:51c0:13:1305::1";
-    };
-  };
-}

infra/test-machines/test11/ssh_host_ed25519_key

@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACCWc7GuMI3Gzkj+mSep6MVbKDccS52jVw+nBs27yFCGVgAAAIhCymnvQspp
-7wAAAAtzc2gtZWQyNTUxOQAAACCWc7GuMI3Gzkj+mSep6MVbKDccS52jVw+nBs27yFCGVg
-AAAEAvr1aiy0DIjgdLH9bBq9uD4pf8Wakgqr34oWDPB2/E75Zzsa4wjcbOSP6ZJ6noxVso
-NxxLnaNXD6cGzbvIUIZWAAAAAAECAwQF
------END OPENSSH PRIVATE KEY-----

infra/test-machines/test11/ssh_host_ed25519_key.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZzsa4wjcbOSP6ZJ6noxVsoNxxLnaNXD6cGzbvIUIZW

infra/test-machines/test12/default.nix

@@ -1,19 +0,0 @@
-{
-  fediversityVm = {
-    vmId = 7012;
-    proxmox = "fediversity";
-
-    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
-    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
-
-    domain = "abundos.eu";
-    ipv4 = {
-      address = "95.215.187.62";
-      gateway = "95.215.187.1";
-    };
-    ipv6 = {
-      address = "2a00:51c0:13:1305::62";
-      gateway = "2a00:51c0:13:1305::1";
-    };
-  };
-}

infra/test-machines/test12/ssh_host_ed25519_key

@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACBuvrzv3i07NFxONsNP7uJmefebrBhfo0pwzmC3NCAOZwAAAIiA+nIugPpy
-LgAAAAtzc2gtZWQyNTUxOQAAACBuvrzv3i07NFxONsNP7uJmefebrBhfo0pwzmC3NCAOZw
-AAAEDkpXNePQeHnf4vkDkhZI/ab9Ds2igfY0a5U1p4PrEmvm6+vO/eLTs0XE42w0/u4mZ5
-95usGF+jSnDOYLc0IA5nAAAAAAECAwQF
------END OPENSSH PRIVATE KEY-----

infra/test-machines/test12/ssh_host_ed25519_key.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6+vO/eLTs0XE42w0/u4mZ595usGF+jSnDOYLc0IA5n

infra/test-machines/test13/default.nix

@@ -1,19 +0,0 @@
-{
-  fediversityVm = {
-    vmId = 7013;
-    proxmox = "fediversity";
-
-    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
-    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
-
-    domain = "abundos.eu";
-    ipv4 = {
-      address = "95.215.187.63";
-      gateway = "95.215.187.1";
-    };
-    ipv6 = {
-      address = "2a00:51c0:13:1305::63";
-      gateway = "2a00:51c0:13:1305::1";
-    };
-  };
-}

infra/test-machines/test13/ssh_host_ed25519_key

@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACATzdyp4E+PX6lDfw2CmezguYn/lPgbpI+NUbmseEwAgwAAAIi2z3O2ts9z
-tgAAAAtzc2gtZWQyNTUxOQAAACATzdyp4E+PX6lDfw2CmezguYn/lPgbpI+NUbmseEwAgw
-AAAEDj2sn4VJhBL2a7j41mjdMWIdJ/u1betSxZ393lNd3+pBPN3KngT49fqUN/DYKZ7OC5
-if+U+Bukj41Ruax4TACDAAAAAAECAwQF
------END OPENSSH PRIVATE KEY-----

infra/test-machines/test13/ssh_host_ed25519_key.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPN3KngT49fqUN/DYKZ7OC5if+U+Bukj41Ruax4TACD

infra/test-machines/test14/default.nix

@@ -1,19 +0,0 @@
-{
-  fediversityVm = {
-    vmId = 7014;
-    proxmox = "fediversity";
-
-    hostPublicKey = builtins.readFile ./ssh_host_ed25519_key.pub;
-    unsafeHostPrivateKey = builtins.readFile ./ssh_host_ed25519_key;
-
-    domain = "abundos.eu";
-    ipv4 = {
-      address = "95.215.187.64";
-      gateway = "95.215.187.1";
-    };
-    ipv6 = {
-      address = "2a00:51c0:13:1305::64";
-      gateway = "2a00:51c0:13:1305::1";
-    };
-  };
-}

infra/test-machines/test14/ssh_host_ed25519_key

@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACB028Q86t8RXi7617OrckxNPKNwnpGGZqhXhppHB5n9tQAAAIhfhYlCX4WJ
-QgAAAAtzc2gtZWQyNTUxOQAAACB028Q86t8RXi7617OrckxNPKNwnpGGZqhXhppHB5n9tQ
-AAAEAualLRodpovSzGAhza2OVvg5Yp8xv3A7xUNNbKsMTKSHTbxDzq3xFeLvrXs6tyTE08
-o3CekYZmqFeGmkcHmf21AAAAAAECAwQF
------END OPENSSH PRIVATE KEY-----

infra/test-machines/test14/ssh_host_ed25519_key.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTbxDzq3xFeLvrXs6tyTE08o3CekYZmqFeGmkcHmf21

panel/src/panel/templates/partials/deployment_result.html

@@ -1,15 +1,13 @@
-{% if deployment_succeeded %}
-  <p>Deployment Succeeded</p>
+{% if deployment_status %}
+  <p>{{ deployment_status }}</p>
 
   <ul>
-  {% for service_name, service_meta in services.items %}
-    {% if service_meta.enable %}
+  {% for service, state in services.items %}
+    {% if state %}
     <li>
-        ✓ <a target="_blank" href={{ service_meta.url }}>{{ service_name }}</a>
+        ✓ {{ service }}
     </li>
     {% endif %}
   {% endfor %}
   </ul>
-{% else %}
-  <p>Deployment Failed</p>
 {% endif %}

panel/src/panel/views.py

@@ -105,24 +105,18 @@ class DeploymentStatus(ConfigurationForm):
         # Check for deploy button
         if "deploy" in self.request.POST.keys():
             deployment_result, deployment_params = self.deployment(obj)
-            deployment_succeeded = deployment_result == 0
+            if deployment_result == 0:
+                deployment_status = "Deployment Succeeded"
+            else:
+                deployment_status = "Deployment Failed"
 
         return render(self.request, "partials/deployment_result.html", {
-            "deployment_succeeded": deployment_succeeded,
+            "deployment_status": deployment_status,
             "services": {
-                "peertube": {
-                    "enable": deployment_params['peertube']['enable'],
-                    "url": f"https://peertube.{deployment_params['domain']}",
-                    },
-                "pixelfed":{
-                    "enable": deployment_params['pixelfed']['enable'],
-                    "url": f"https://pixelfed.{deployment_params['domain']}",
-                    },
-                "mastodon": {
-                    "enable": deployment_params['mastodon']['enable'],
-                    "url": f"https://mastodon.{deployment_params['domain']}",
-                    },
-                },
+                "peertube": deployment_params['peertube']['enable'],
+                "pixelfed": deployment_params['pixelfed']['enable'],
+                "mastodon": deployment_params['mastodon']['enable']
+                }
             })
 
     def deployment(self, obj):
@@ -172,8 +166,6 @@ class DeploymentStatus(ConfigurationForm):
                         cwd=f"{settings.repo_dir}/launch",
                         env={
                             "PATH": settings.bin_path,
-                            # warning: ignoring error initializing Lix fetcher cache: error: creating directory '/var/empty/.cache': Operation not permitted
-                            "HOME": "/tmp",
                         },
                         # pass in form info to our deployment
                         input=deployment_params,