forked from Fediversity/Fediversity
Kiara Grouwstra
6a1db9750d
deduplicate flake inputs
make re-exports explicit again
Revert "deduplicate flake inputs"
This reverts commit 95769084ce.
switch launch shell to root flake's nixpkgs, see #279
use flake-sourced nixos-anywhere in tf, to reproduce modules for nix
properly pass repo dir for prod, be it with hard-coded TF init
move tf init out of python over read-only nix env
skip tf lock in views.py over read-only nix env
specify XDG_CACHE_HOME, workaround to error writing to /var/empty/.cache
update
document updating TF module
get TF in prod to the same 'installable ... does not correspond to a Nix language value' for non-flakes
seemingly gets further when a similar command is tried from terminal.
as per https://github.com/NixOS/nix/issues/8752#issuecomment-1694714693,
this may have to do with aligning the current working directory.
rm launch flake, as i seem to have reached similar progress without it
update nixos-anywhere to fix error 'installable ... does not correspond to a Nix language value'
rm comment
untrack TF generated provider/module stuff - local dev now requires following launch/README.md
for now gitignore .auto.tfvars.json used to track TF module of nixos-anywhere
in case we want that file for something else, we can move this (and its
ignore) to something separate.
use a mutable HOME in TF for nixos-anywhere to make a `.ssh` dir in - will this not backfire?
change ssh user to root
allow accessing test vms from fedi201's machine ssh key, closes #286
allow accessing test vms from fedi201's machine ssh key, closes #286
update nixpkgs to unstable - resolves manual deploy error on bootloader already on newer version
switch to bash deployment
tmp
54 lines
1.5 KiB
Nix
54 lines
1.5 KiB
Nix
{
|
|
system ? builtins.currentSystem,
|
|
sources ? import ../npins,
|
|
pkgs ? import sources.nixpkgs {
|
|
inherit system;
|
|
config = { };
|
|
overlays = [ (import ./nix/overlay.nix) ];
|
|
},
|
|
}:
|
|
let
|
|
inherit (pkgs) lib;
|
|
manage = pkgs.writeScriptBin "manage" ''
|
|
exec ${pkgs.lib.getExe pkgs.python3} ${toString ./src/manage.py} $@
|
|
'';
|
|
in
|
|
{
|
|
shell = pkgs.mkShellNoCC {
|
|
inputsFrom = [ (pkgs.callPackage ./nix/package.nix { }) ];
|
|
packages = [
|
|
pkgs.npins
|
|
manage
|
|
];
|
|
env =
|
|
let
|
|
inherit (builtins) toString;
|
|
in
|
|
import ./env.nix { inherit lib pkgs; }
|
|
// {
|
|
NPINS_DIRECTORY = toString ../npins;
|
|
CREDENTIALS_DIRECTORY = toString ./.credentials;
|
|
DATABASE_URL = "sqlite:///${toString ./src}/db.sqlite3";
|
|
# locally: use a fixed relative reference, so we can use our newest files without copying to the store
|
|
REPO_DIR = toString ../.;
|
|
};
|
|
shellHook = ''
|
|
ln -sf ${sources.htmx}/dist/htmx.js src/panel/static/htmx.min.js
|
|
# in production, secrets are passed via CREDENTIALS_DIRECTORY by systemd.
|
|
# use this directory for testing with local secrets
|
|
mkdir -p $CREDENTIALS_DIRECTORY
|
|
echo secret > ${builtins.toString ./.credentials}/SECRET_KEY
|
|
'';
|
|
};
|
|
|
|
module = import ./nix/configuration.nix;
|
|
tests = pkgs.callPackage ./nix/tests.nix { };
|
|
|
|
# re-export inputs so they can be overridden granularly
|
|
# (they can't be accessed from the outside any other way)
|
|
inherit
|
|
sources
|
|
system
|
|
pkgs
|
|
;
|
|
}
|