forked from fediversity/fediversity
		
	
		
			
				
	
	
		
			127 lines
		
	
	
	
		
			4 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			127 lines
		
	
	
	
		
			4 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| {
 | |
|   lib,
 | |
|   config,
 | |
|   sources,
 | |
|   ...
 | |
| }:
 | |
| let
 | |
|   inherit (import ./constants.nix) targetMachines pathToRoot;
 | |
| in
 | |
| {
 | |
|   _class = "nixosTest";
 | |
| 
 | |
|   name = "deployment-model";
 | |
| 
 | |
|   sourceFileset = lib.fileset.unions [
 | |
|     ../../data-model.nix
 | |
|     ../../function.nix
 | |
|     ./constants.nix
 | |
|     ./deployment.nix
 | |
|   ];
 | |
| 
 | |
|   nodes.deployer =
 | |
|     { pkgs, ... }:
 | |
|     {
 | |
| 
 | |
|       environment.systemPackages = with pkgs; [
 | |
|         jq
 | |
|       ];
 | |
| 
 | |
|       # FIXME: sad times
 | |
|       system.extraDependencies = with pkgs; [
 | |
|         jq
 | |
|         jq.inputDerivation
 | |
|       ];
 | |
| 
 | |
|       system.extraDependenciesFromModule =
 | |
|         { pkgs, ... }:
 | |
|         {
 | |
|           environment.systemPackages = with pkgs; [
 | |
|             hello
 | |
|             cowsay
 | |
|           ];
 | |
|         };
 | |
|     };
 | |
| 
 | |
|   extraTestScript = ''
 | |
|     with subtest("Check the status before deployment"):
 | |
|       hello.fail("hello 1>&2")
 | |
|       cowsay.fail("cowsay 1>&2")
 | |
| 
 | |
|     ${lib.concatStringsSep "\n" (
 | |
|       lib.lists.map (nodeName: ''
 | |
|         with subtest("Run the deployment for ${nodeName}"):
 | |
|           deployer.succeed("""
 | |
|             set -euo pipefail
 | |
| 
 | |
|             # INSTANTIATE
 | |
|             command=(
 | |
|               nix-instantiate
 | |
|               --expr
 | |
| 
 | |
|               '
 | |
|               let
 | |
|                 system = builtins.currentSystem;
 | |
|                 configuration = { pkgs, config, ... }: {
 | |
|                   imports = [
 | |
|                     ${pathToRoot}/deployment/check/common/sharedOptions.nix
 | |
|                     ${pathToRoot}/deployment/check/common/targetNode.nix
 | |
|                   ];
 | |
| 
 | |
|                   _module.args = builtins.fromJSON "${
 | |
|                     lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (
 | |
|                       lib.strings.toJSON {
 | |
|                         inherit sources;
 | |
|                       }
 | |
|                     )
 | |
|                   }";
 | |
|                   enableAcme = ${lib.strings.toJSON config.enableAcme};
 | |
|                   acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
 | |
| 
 | |
|                   # environment.systemPackages = [ pkgs.hello ];
 | |
|                 };
 | |
|                 os = import "${sources.nixpkgs}/nixos" { inherit system configuration; };
 | |
|               in
 | |
|               # import "${pathToRoot}/deployment/nixos.nix" {}
 | |
|               {
 | |
|                 substituters = builtins.concatStringsSep " " os.config.nix.settings.substituters;
 | |
|                 trusted_public_keys = builtins.concatStringsSep " " os.config.nix.settings.trusted-public-keys;
 | |
|                 drv_path = os.config.system.build.toplevel.drvPath;
 | |
|                 out_path = os.config.system.build.toplevel;
 | |
|               }
 | |
|               '
 | |
|             )
 | |
|             # instantiate the config in /nix/store
 | |
|             "''${command[@]}" -A out_path
 | |
|             # get the other info
 | |
|             json="$("''${command[@]}" --eval --strict --json)"
 | |
| 
 | |
|             # DEPLOY
 | |
|             declare substituters trusted_public_keys drv_path
 | |
|             # set our variables using the json object
 | |
|             eval "export $(echo $json | jq -r 'to_entries | map("\(.key)=\(.value)") | @sh')"
 | |
|             host="root@${nodeName}"
 | |
|             buildArgs=(
 | |
|               --option extra-binary-caches https://cache.nixos.org/
 | |
|               --option substituters $substituters
 | |
|               --option trusted-public-keys $trusted_public_keys
 | |
|             )
 | |
|             sshOpts=(
 | |
|               -o BatchMode=yes
 | |
|               -o StrictHostKeyChecking=no
 | |
|             )
 | |
|             # get the realized derivation to deploy
 | |
|             outPath=$(nix-store --realize "$drv_path" "''${buildArgs[@]}")
 | |
|             # deploy the config by nix-copy-closure
 | |
|             NIX_SSHOPTS="''${sshOpts[*]}" nix-copy-closure --to "$host" "$outPath" --gzip --use-substitutes
 | |
|             # switch the remote host to the config
 | |
|             ssh "''${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; $outPath/bin/switch-to-configuration switch"
 | |
|           """)
 | |
|       '') targetMachines
 | |
|     )}
 | |
| 
 | |
|     with subtest("Check the deployment"):
 | |
|       hello.succeed("hello 1>&2")
 | |
|       cowsay.succeed("cowsay hi 1>&2")
 | |
|   '';
 | |
| }
 |