forked from Fediversity/Fediversity
213 lines
6.1 KiB
Nix
213 lines
6.1 KiB
Nix
{
|
|
self,
|
|
inputs,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
let
|
|
inherit (lib)
|
|
attrNames
|
|
mkOption
|
|
evalModules
|
|
mapAttrs
|
|
;
|
|
inherit (lib.attrsets) genAttrs;
|
|
|
|
## Given a machine's name, make a resource module, except for its missing
|
|
## provider. (Depending on the use of that resource, we will provide a
|
|
## different one.)
|
|
makeResourceModule = vmName: {
|
|
_module.args = { inherit inputs; };
|
|
imports = [
|
|
./common/resource.nix
|
|
(./. + "/${vmName}")
|
|
];
|
|
fediversityVm.name = vmName;
|
|
};
|
|
|
|
## Given a list of machine names, make a deployment with those machines'
|
|
## configurations as resources.
|
|
makeDeployment =
|
|
vmNames:
|
|
{ providers, ... }:
|
|
{
|
|
providers.local = inputs.nixops4.modules.nixops4Provider.local;
|
|
resources = genAttrs vmNames (vmName: {
|
|
type = providers.local.exec;
|
|
imports = [
|
|
inputs.nixops4-nixos.modules.nixops4Resource.nixos
|
|
(makeResourceModule vmName)
|
|
];
|
|
});
|
|
};
|
|
makeDeployment' = vmName: makeDeployment [ vmName ];
|
|
|
|
## Given an attrset of test configurations (key = test machine name, value =
|
|
## NixOS configuration module), make a deployment with those machines'
|
|
## configurations as resources.
|
|
makeTestDeployment =
|
|
vmConfigs:
|
|
{ providers, ... }:
|
|
{
|
|
providers.local = inputs.nixops4.modules.nixops4Provider.local;
|
|
resources = mapAttrs (vmName: vmConfig: {
|
|
type = providers.local.exec;
|
|
imports = [
|
|
inputs.nixops4-nixos.modules.nixops4Resource.nixos
|
|
(makeResourceModule vmName)
|
|
{ nixos.module = vmConfig; }
|
|
{ nixos.module = self.nixosModules.fediversity; }
|
|
];
|
|
}) vmConfigs;
|
|
};
|
|
|
|
nixops4ResourceNixosMockOptions = {
|
|
## NOTE: We allow the use of a few options from
|
|
## `inputs.nixops4-nixos.modules.nixops4Resource.nixos` such that we can
|
|
## reuse modules that make use of them.
|
|
##
|
|
## REVIEW: We can probably do much better and cleaner. On the other hand,
|
|
## this is only needed to expose NixOS configurations for provisioning
|
|
## purposes, and eventually all of this should be handled by NixOps4.
|
|
options = {
|
|
nixos.module = mkOption { }; # NOTE: not just `nixos` otherwise merging will go wrong
|
|
nixpkgs = mkOption { };
|
|
ssh = mkOption { };
|
|
};
|
|
};
|
|
|
|
makeResourceConfig =
|
|
vmName:
|
|
(evalModules {
|
|
modules = [
|
|
nixops4ResourceNixosMockOptions
|
|
(makeResourceModule vmName)
|
|
];
|
|
}).config;
|
|
|
|
## Given a VM name, make a NixOS configuration for this machine.
|
|
makeConfiguration =
|
|
vmName:
|
|
inputs.nixpkgs.lib.nixosSystem {
|
|
modules = [
|
|
(makeResourceConfig vmName).nixos.module
|
|
];
|
|
};
|
|
|
|
makeVmOptions = vmName: {
|
|
inherit ((makeResourceConfig vmName).fediversityVm)
|
|
proxmox
|
|
vmId
|
|
sockets
|
|
cores
|
|
memory
|
|
hostPublicKey
|
|
unsafeHostPrivateKey
|
|
;
|
|
};
|
|
|
|
machines = [
|
|
"vm02116"
|
|
"vm02179"
|
|
"vm02186"
|
|
"vm02187"
|
|
|
|
"fedi200"
|
|
"fedi201"
|
|
];
|
|
|
|
testMachineConfigurations =
|
|
let
|
|
## NOTE: All of these secrets are publicly available in this source file
|
|
## and will end up in the Nix store. We don't care as they are only ever
|
|
## used for testing anyway.
|
|
mastodonS3KeyConfig =
|
|
{ pkgs, ... }:
|
|
{
|
|
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK3515373e4c851ebaad366558";
|
|
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
|
|
};
|
|
peertubeS3KeyConfig =
|
|
{ pkgs, ... }:
|
|
{
|
|
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK1f9feea9960f6f95ff404c9b";
|
|
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395";
|
|
};
|
|
pixelfedS3KeyConfig =
|
|
{ pkgs, ... }:
|
|
{
|
|
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GKb5615457d44214411e673b7b";
|
|
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
|
|
};
|
|
|
|
in
|
|
{
|
|
test01 =
|
|
{ pkgs, ... }:
|
|
{
|
|
fediversity = {
|
|
domain = "abundos.eu";
|
|
garage.enable = true;
|
|
pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
|
|
mastodon = mastodonS3KeyConfig { inherit pkgs; };
|
|
peertube = peertubeS3KeyConfig { inherit pkgs; };
|
|
};
|
|
};
|
|
|
|
test02 =
|
|
{ pkgs, ... }:
|
|
{
|
|
fediversity = {
|
|
domain = "abundos.eu";
|
|
mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
|
|
enable = true;
|
|
};
|
|
|
|
temp.cores = 1; # FIXME: should come from NixOps4 eventually
|
|
};
|
|
};
|
|
|
|
test03 =
|
|
{ pkgs, ... }:
|
|
{
|
|
fediversity = {
|
|
domain = "abundos.eu";
|
|
peertube = peertubeS3KeyConfig { inherit pkgs; } // {
|
|
enable = true;
|
|
## NOTE: Only ever used for testing anyway.
|
|
secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
|
|
};
|
|
};
|
|
};
|
|
|
|
test04 =
|
|
{ pkgs, ... }:
|
|
{
|
|
fediversity = {
|
|
domain = "abundos.eu";
|
|
pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
|
|
enable = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
in
|
|
{
|
|
flake.lib.makeInstallerIso = import ./makeInstallerIso.nix;
|
|
|
|
## - Each normal or test machine gets a NixOS configuration.
|
|
## - Each normal or test machine gets a VM options entry.
|
|
## - Each normal machine gets a deployment.
|
|
## - We add a “default” deployment with all normal machines.
|
|
## - We add a “test” deployment with all test machines.
|
|
nixops4Deployments = genAttrs machines makeDeployment' // {
|
|
default = makeDeployment machines;
|
|
test = makeTestDeployment testMachineConfigurations;
|
|
};
|
|
flake.nixosConfigurations = genAttrs (
|
|
machines ++ attrNames testMachineConfigurations
|
|
) makeConfiguration;
|
|
flake.vmOptions = genAttrs (machines ++ attrNames testMachineConfigurations) makeVmOptions;
|
|
}
|