forked from Fediversity/Fediversity
Nicolas “Niols” Jeannerod
588bb77a94
Following Fediversity/Fediversity#478 (comment), here is a PR that plugs the infra's `vmOptions` and `nixosConfigurations` outputs into flake checks, instead of calling random Nix commands from the CI. There is still a bit of magic in the CI, but that's because we don't have yet a Nix-aware CI that exposes one job per flake check. Reviewed-on: Fediversity/Fediversity#488 Reviewed-by: kiara Grouwstra <kiara@procolix.eu> Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com> Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
226 lines
6.5 KiB
Nix
226 lines
6.5 KiB
Nix
{
|
|
inputs,
|
|
lib,
|
|
sources,
|
|
keys,
|
|
secrets,
|
|
...
|
|
}:
|
|
|
|
let
|
|
inherit (builtins) readDir readFile fromJSON;
|
|
inherit (lib)
|
|
attrNames
|
|
mkOption
|
|
evalModules
|
|
filterAttrs
|
|
attrsToList
|
|
map
|
|
listToAttrs
|
|
deepSeq
|
|
;
|
|
inherit (lib.attrsets) genAttrs;
|
|
|
|
commonResourceModule = {
|
|
# TODO(@fricklerhandwerk): this is terrible but IMO we should just ditch
|
|
# flake-parts and have our own data model for how the project is organised
|
|
# internally
|
|
_module.args = {
|
|
inherit
|
|
inputs
|
|
keys
|
|
secrets
|
|
sources
|
|
;
|
|
};
|
|
|
|
## FIXME: It would be preferrable to have those `sources`-related imports in
|
|
## the modules that use them. However, doing so triggers infinite recursions
|
|
## because of the way we propagate `sources`. `sources` must be propagated by
|
|
## means of `specialArgs`, but this requires a bigger change.
|
|
nixos.module.imports = [
|
|
"${sources.nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
|
|
"${sources.agenix}/modules/age.nix"
|
|
"${sources.disko}/module.nix"
|
|
"${sources.home-manager}/nixos"
|
|
];
|
|
|
|
imports = [
|
|
./common/resource.nix
|
|
];
|
|
};
|
|
|
|
## Given a list of machine names, make a deployment with those machines'
|
|
## configurations as resources.
|
|
makeDeployment =
|
|
vmNames:
|
|
{ providers, ... }:
|
|
{
|
|
providers.local = inputs.nixops4.modules.nixops4Provider.local;
|
|
resources = genAttrs vmNames (vmName: {
|
|
type = providers.local.exec;
|
|
imports = [
|
|
inputs.nixops4-nixos.modules.nixops4Resource.nixos
|
|
commonResourceModule
|
|
../machines/dev/${vmName}
|
|
];
|
|
});
|
|
};
|
|
makeDeployment' = vmName: makeDeployment [ vmName ];
|
|
|
|
## Given an attrset of test configurations (key = test machine name, value =
|
|
## NixOS configuration module), make a deployment with those machines'
|
|
## configurations as resources.
|
|
makeTestDeployment =
|
|
(import ../deployment)
|
|
{
|
|
inherit lib;
|
|
inherit (inputs) nixops4 nixops4-nixos;
|
|
fediversity = import ../services/fediversity;
|
|
}
|
|
{
|
|
garageConfigurationResource = {
|
|
imports = [
|
|
commonResourceModule
|
|
../machines/operator/test01
|
|
];
|
|
};
|
|
mastodonConfigurationResource = {
|
|
imports = [
|
|
commonResourceModule
|
|
../machines/operator/test06 # somehow `test02` has a problem - use test06 instead
|
|
];
|
|
};
|
|
peertubeConfigurationResource = {
|
|
imports = [
|
|
commonResourceModule
|
|
../machines/operator/test05
|
|
];
|
|
};
|
|
pixelfedConfigurationResource = {
|
|
imports = [
|
|
commonResourceModule
|
|
../machines/operator/test04
|
|
];
|
|
};
|
|
};
|
|
|
|
nixops4ResourceNixosMockOptions = {
|
|
## NOTE: We allow the use of a few options from
|
|
## `nixops4-nixos.modules.nixops4Resource.nixos` such that we can
|
|
## reuse modules that make use of them.
|
|
##
|
|
## REVIEW: We can probably do much better and cleaner. On the other hand,
|
|
## this is only needed to expose NixOS configurations for provisioning
|
|
## purposes, and eventually all of this should be handled by NixOps4.
|
|
options = {
|
|
nixos.module = mkOption { type = lib.types.deferredModule; }; # NOTE: not just `nixos` otherwise merging will go wrong
|
|
nixpkgs = mkOption { };
|
|
ssh = mkOption { };
|
|
};
|
|
};
|
|
|
|
makeResourceConfig =
|
|
{ vmName, isTestVm }:
|
|
(evalModules {
|
|
modules = [
|
|
nixops4ResourceNixosMockOptions
|
|
commonResourceModule
|
|
(if isTestVm then ../machines/operator/${vmName} else ../machines/dev/${vmName})
|
|
];
|
|
}).config;
|
|
|
|
## Given a VM name, make a NixOS configuration for this machine.
|
|
makeConfiguration =
|
|
isTestVm: vmName:
|
|
import "${sources.nixpkgs}/nixos" {
|
|
configuration = (makeResourceConfig { inherit vmName isTestVm; }).nixos.module;
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
makeVmOptions =
|
|
isTestVm: vmName:
|
|
let
|
|
config = (makeResourceConfig { inherit vmName isTestVm; }).fediversityVm;
|
|
in
|
|
if config.isFediversityVm then
|
|
{
|
|
inherit (config)
|
|
vmId
|
|
description
|
|
sockets
|
|
cores
|
|
memory
|
|
diskSize
|
|
hostPublicKey
|
|
unsafeHostPrivateKey
|
|
;
|
|
}
|
|
else
|
|
null;
|
|
|
|
listSubdirectories = path: attrNames (filterAttrs (_: type: type == "directory") (readDir path));
|
|
|
|
machines = listSubdirectories ../machines/dev;
|
|
testMachines = listSubdirectories ../machines/operator;
|
|
|
|
nixosConfigurations =
|
|
genAttrs machines (makeConfiguration false)
|
|
// genAttrs testMachines (makeConfiguration true);
|
|
vmOptions =
|
|
filterAttrs (_: value: value != null) # Filter out non-Fediversity VMs
|
|
(genAttrs machines (makeVmOptions false) // genAttrs testMachines (makeVmOptions true));
|
|
|
|
in
|
|
{
|
|
_class = "flake";
|
|
|
|
## - Each normal or test machine gets a NixOS configuration.
|
|
## - Each normal or test machine gets a VM options entry.
|
|
## - Each normal machine gets a deployment.
|
|
## - We add a “default” deployment with all normal machines.
|
|
## - We add a “test” deployment with all test machines.
|
|
nixops4Deployments = genAttrs machines makeDeployment' // {
|
|
default = makeDeployment machines;
|
|
test = makeTestDeployment (
|
|
fromJSON (
|
|
let
|
|
env = builtins.getEnv "DEPLOYMENT";
|
|
in
|
|
if env != "" then
|
|
env
|
|
else
|
|
builtins.trace "env var DEPLOYMENT not set, falling back to ../deployment/configuration.sample.json!" (readFile ../deployment/configuration.sample.json)
|
|
)
|
|
);
|
|
};
|
|
flake = { inherit nixosConfigurations vmOptions; };
|
|
|
|
perSystem =
|
|
{ pkgs, ... }:
|
|
{
|
|
checks =
|
|
listToAttrs (
|
|
map (
|
|
{ name, value }:
|
|
{
|
|
name = "nixosConfigurations-${name}";
|
|
value = value.config.system.build.toplevel;
|
|
}
|
|
) (attrsToList nixosConfigurations)
|
|
)
|
|
// listToAttrs (
|
|
map (
|
|
{ name, value }:
|
|
{
|
|
name = "vmOptions-${name}";
|
|
## Check that VM options builds/evaluates correctly. `deepSeq e1
|
|
## e2` evaluates `e1` strictly in depth before returning `e2`. We
|
|
## use this trick because checks need to be derivations, which VM
|
|
## options are not.
|
|
value = deepSeq value pkgs.hello;
|
|
}
|
|
) (attrsToList vmOptions)
|
|
);
|
|
};
|
|
}
|