continued

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>

.forgejo/workflows/ci.yaml

@@ -10,8 +10,112 @@ on:
       - main
 
 jobs:
+  check-pre-commit:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix-build -A tests
+
   check-data-model:
     runs-on: native
     steps:
       - uses: actions/checkout@v4
       - run: nix-shell --run 'nix-unit ./deployment/data-model-test.nix'
+
+  check-mastodon:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.test-mastodon-service -L
+
+  check-peertube:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.test-peertube-service -L
+
+  check-panel:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix-build -A tests.panel
+
+  check-proxmox-basic:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.proxmox-basic -L
+
+  check-deployment-basic:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.deployment-basic -L
+
+  check-deployment-cli:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.deployment-cli -L
+
+  check-deployment-panel:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.deployment-panel -L
+
+  check-deployment-model:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.deployment-model-ssh -L
+
+  check-deployment-model-ssh:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.deployment-model-ssh -L
+
+  check-deployment-model-nixops4:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.deployment-model-nixops4 -L
+
+  check-deployment-model-tf:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.deployment-model-tf -L
+
+  check-deployment-model-tf-proxmox:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.deployment-model-tf-proxmox -L
+
+  ## NOTE: NixOps4 does not provide a good “dry run” mode, so we instead check
+  ## proxies for resources, namely whether their `.#vmOptions.<machine>` and
+  ## `.#nixosConfigurations.<machine>` outputs evaluate and build correctly, and
+  ## whether we can dry run `infra/proxmox-*.sh` on them. This will not catch
+  ## everything, and in particular not issues in how NixOps4 wires up the
+  ## resources, but that is still something.
+  check-resources:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          set -euC
+          echo ==================== [ VM Options ] ====================
+          machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).vmOptions)')
+          for machine in $machines; do
+            echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
+            nix build .#checks.x86_64-linux.vmOptions-$machine
+          done
+          echo
+          echo ==================== [ NixOS Configurations ] ====================
+          machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)')
+          for machine in $machines; do
+            echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
+            nix build .#checks.x86_64-linux.nixosConfigurations-$machine
+          done

.forgejo/workflows/nix-flake-check.sh

@@ -1,61 +0,0 @@
-#!/bin/sh
-set -euC
-
-cd "$(dirname "$0")" || exit 3
-
-nix_eval () { nix eval --impure --raw --expr "with builtins; $1"; }
-system=$(nix_eval "currentSystem")
-checks=$(nix_eval "toJSON (attrNames (getFlake (toString ../..)).checks.$system)")
-
-output=$(mktemp)
-
-{
-    cat <<EOF
-name: Nix flake checks
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-  push:
-    branches:
-      - main
-
-jobs:
-  _checks:
-    needs: $checks
-    runs-on: native
-    steps:
-      - run: true
-
-  _complete:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix-shell --run '.forgejo/workflows/nix-flake-check.sh check'
-EOF
-
-    for check in $(echo "$checks" | jq -r .[]); do
-        cat <<EOF
-
-  $check:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.$system.$check -vL
-EOF
-    done
-} >| "$output"
-
-target=$(basename "$0" .sh).yaml
-
-if [ $# -eq 1 ] && [ "$1" = "check" ]; then
-    if ! diff_output=$(diff --color=always "$target" "$output"); then
-        printf >&2 'Changes detected (\e[31m< current\e[0m | \e[32m> generated\e[0m):\n%s\n' "$diff_output"
-        exit 1
-    fi
-else
-    mv "$output" "$target"
-fi

.forgejo/workflows/nix-flake-check.yaml

@@ -1,300 +0,0 @@
-name: Nix flake checks
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-  push:
-    branches:
-      - main
-
-jobs:
-  _checks:
-    needs: ["deployment-basic","deployment-cli","deployment-model-nixops4","deployment-model-ssh","deployment-model-tf","deployment-model-tf-proxmox","deployment-panel","nixops-deployment-providers-default","nixops-deployment-providers-fedi200","nixops-deployment-providers-fedi201","nixops-deployment-providers-forgejo-ci","nixops-deployment-providers-test","nixops-deployment-providers-vm02116","nixops-deployment-providers-vm02187","nixosConfigurations-fedi200","nixosConfigurations-fedi201","nixosConfigurations-forgejo-ci","nixosConfigurations-test01","nixosConfigurations-test02","nixosConfigurations-test03","nixosConfigurations-test04","nixosConfigurations-test05","nixosConfigurations-test06","nixosConfigurations-test11","nixosConfigurations-test12","nixosConfigurations-test13","nixosConfigurations-test14","nixosConfigurations-vm02116","nixosConfigurations-vm02187","panel","pre-commit","proxmox-basic","test-mastodon-service","test-peertube-service","vmOptions-fedi200","vmOptions-fedi201","vmOptions-test01","vmOptions-test02","vmOptions-test03","vmOptions-test04","vmOptions-test05","vmOptions-test06","vmOptions-test11","vmOptions-test12","vmOptions-test13","vmOptions-test14"]
-    runs-on: native
-    steps:
-      - run: true
-
-  _complete:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix-shell --run '.forgejo/workflows/nix-flake-check.sh check'
-
-  deployment-basic:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.deployment-basic -vL
-
-  deployment-cli:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.deployment-cli -vL
-
-  deployment-model-nixops4:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.deployment-model-nixops4 -vL
-
-  deployment-model-ssh:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.deployment-model-ssh -vL
-
-  deployment-model-tf:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.deployment-model-tf -vL
-
-  deployment-model-tf-proxmox:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.deployment-model-tf-proxmox -L
-
-  deployment-panel:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.deployment-panel -vL
-
-  nixops-deployment-providers-default:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixops-deployment-providers-default -vL
-
-  nixops-deployment-providers-fedi200:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixops-deployment-providers-fedi200 -vL
-
-  nixops-deployment-providers-fedi201:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixops-deployment-providers-fedi201 -vL
-
-  nixops-deployment-providers-forgejo-ci:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixops-deployment-providers-forgejo-ci -vL
-
-  nixops-deployment-providers-test:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixops-deployment-providers-test -vL
-
-  nixops-deployment-providers-vm02116:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixops-deployment-providers-vm02116 -vL
-
-  nixops-deployment-providers-vm02187:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixops-deployment-providers-vm02187 -vL
-
-  nixosConfigurations-fedi200:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-fedi200 -vL
-
-  nixosConfigurations-fedi201:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-fedi201 -vL
-
-  nixosConfigurations-forgejo-ci:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-forgejo-ci -vL
-
-  nixosConfigurations-test01:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-test01 -vL
-
-  nixosConfigurations-test02:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-test02 -vL
-
-  nixosConfigurations-test03:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-test03 -vL
-
-  nixosConfigurations-test04:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-test04 -vL
-
-  nixosConfigurations-test05:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-test05 -vL
-
-  nixosConfigurations-test06:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-test06 -vL
-
-  nixosConfigurations-test11:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-test11 -vL
-
-  nixosConfigurations-test12:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-test12 -vL
-
-  nixosConfigurations-test13:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-test13 -vL
-
-  nixosConfigurations-test14:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-test14 -vL
-
-  nixosConfigurations-vm02116:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-vm02116 -vL
-
-  nixosConfigurations-vm02187:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.nixosConfigurations-vm02187 -vL
-
-  panel:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.panel -vL
-
-  pre-commit:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.pre-commit -vL
-
-  proxmox-basic:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.proxmox-basic -vL
-
-  test-mastodon-service:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.test-mastodon-service -vL
-
-  test-peertube-service:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.test-peertube-service -vL
-
-  vmOptions-fedi200:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-fedi200 -vL
-
-  vmOptions-fedi201:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-fedi201 -vL
-
-  vmOptions-test01:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-test01 -vL
-
-  vmOptions-test02:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-test02 -vL
-
-  vmOptions-test03:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-test03 -vL
-
-  vmOptions-test04:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-test04 -vL
-
-  vmOptions-test05:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-test05 -vL
-
-  vmOptions-test06:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-test06 -vL
-
-  vmOptions-test11:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-test11 -vL
-
-  vmOptions-test12:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-test12 -vL
-
-  vmOptions-test13:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-test13 -vL
-
-  vmOptions-test14:
-    runs-on: native
-    steps:
-      - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.vmOptions-test14 -vL

README.md

@@ -146,9 +146,8 @@ details as to what they are for. As an overview:
 - [`keys/`](./keys) contains the public keys of the contributors to this project
   as well as the systems that we administrate.
 
-- [`machines/`](./machines) contains the code of our machines for internal infra and test VMs.
+- [`matrix/`](./matrix) contains everything having to do with setting up a
-
+  fully-featured Matrix server.
-- [`panel/`](./panel) contains the code of our front-end.
 
 - [`secrets/`](./secrets) contains the secrets that need to get injected into
   machine configurations.

default.nix

@@ -65,7 +65,6 @@ in
         pkgs.openssh
         pkgs.httpie
         pkgs.jq
-        pkgs.diffutils
         pkgs.nix-unit
         test-loop
         nixops4.packages.${system}.default

deployment/data-model-test.nix

@@ -98,7 +98,8 @@ in
                     {
                       options.enable = lib.mkEnableOption "Hello in the shell";
                     };
-                  implementation = cfg: {
+                  implementation =
+                    cfg: {
                     resources = lib.optionalAttrs cfg.enable {
                       hello.login-shell.packages.hello = pkgs.hello;
                     };

deployment/function.nix

@@ -1,38 +1,5 @@
 /**
-  Modular function type.
+  Modular function type
-
-  Compared to plain nix functions, adds input type-checks
-  at the cost of longer stack traces.
-
-  Usage:
-
-  ```nix
-  { lib, ... }:
-  {
-    options = {
-      my-function = lib.mkOption {
-        description = "My type-safe function invocation.";
-        type = lib.types.submodule PATH/TO/function.nix;
-        readOnly = true;
-        default = {
-          input-type = lib.types.int;
-          output-type = lib.types.int;
-          implementation = x: x + x;
-        };
-      };
-    };
-    config = {
-      my-function.apply "1"
-    };
-  }
-  ```
-
-  A sample stack trace using this ends up like:
-
-  - `INVOKER.apply.<function body>``
-  - `function.nix`
-  - `INVOKER.wrapper.<function body>.output`
-  - `INVOKER.implementation.<function body>`
 */
 { config, lib, ... }:
 let

infra/proxmox-provision.sh

@@ -225,7 +225,7 @@ build_iso () {
       let flake = builtins.getFlake (builtins.toString ./.); in
       import ./infra/makeInstallerIso.nix {
         nixosConfiguration = flake.nixosConfigurations.$vm_name;
-        # FIXME pass nixpkgs from npins
+        # nixpkgs = flake.inputs.nixpkgs;
         $nix_host_keys
       }
     " \

panel/nix/configuration.nix

@@ -218,7 +218,6 @@ in
         cfg.nixops4Package
         pkgs.nix
         pkgs.openssh
-        pkgs.git
       ];
       preStart = ''
         # Auto-migrate on first run or if the package has changed

panel/nix/python-packages/drf-pydantic/default.nix

@@ -13,14 +13,14 @@ buildPythonPackage rec {
   _class = "package";
 
   pname = "drf-pydantic";
-  version = "v2.9.0";
+  version = "v2.7.1";
   pyproject = true;
 
   src = fetchFromGitHub {
-    owner = "KiaraGrouwstra";
+    owner = "georgebv";
     repo = pname;
-    rev = "d21c879543bd106242bd7f86e79da1f668109579";
+    rev = version;
-    hash = "sha256-pk0/6BphIiXxR3cewBJ5nKii3kj3lDHLO9U9xqXDxI8=";
+    hash = "sha256-ABtSoxj/+HHq4hj4Yb6bEiyOl00TCO/9tvBzhv6afxM=";
   };
 
   nativeBuildInputs = [

services/tests/flake-part.nix

@@ -7,6 +7,7 @@
     {
       checks = {
         test-mastodon-service = pkgs.testers.runNixOSTest ./mastodon.nix;
+        test-pixelfed-garage-service = pkgs.testers.runNixOSTest ./pixelfed-garage.nix;
         test-peertube-service = pkgs.testers.runNixOSTest ./peertube.nix;
       };
     };