Format everything, RFC-style
This commit is contained in:
		
							parent
							
								
									49473c43c8
								
							
						
					
					
						commit
						7007da1775
					
				
					 16 changed files with 684 additions and 535 deletions
				
			
		|  | @ -5,7 +5,8 @@ let | ||||||
|   inherit (lib) mkOption mkEnableOption mkForce; |   inherit (lib) mkOption mkEnableOption mkForce; | ||||||
|   inherit (lib.types) types; |   inherit (lib.types) types; | ||||||
| 
 | 
 | ||||||
| in { | in | ||||||
|  | { | ||||||
|   imports = [ |   imports = [ | ||||||
|     ./garage.nix |     ./garage.nix | ||||||
|     ./mastodon.nix |     ./mastodon.nix | ||||||
|  |  | ||||||
|  | @ -8,27 +8,49 @@ let | ||||||
| in | in | ||||||
| 
 | 
 | ||||||
| # TODO: expand to a multi-machine setup | # TODO: expand to a multi-machine setup | ||||||
| { config, lib, pkgs, ... }: | { | ||||||
|  |   config, | ||||||
|  |   lib, | ||||||
|  |   pkgs, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
| 
 | 
 | ||||||
| let | let | ||||||
|   inherit (builtins) toString; |   inherit (builtins) toString; | ||||||
|   inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep; |   inherit (lib) | ||||||
|  |     types | ||||||
|  |     mkOption | ||||||
|  |     mkEnableOption | ||||||
|  |     optionalString | ||||||
|  |     concatStringsSep | ||||||
|  |     ; | ||||||
|   inherit (lib.strings) escapeShellArg; |   inherit (lib.strings) escapeShellArg; | ||||||
|   inherit (lib.attrsets) filterAttrs mapAttrs'; |   inherit (lib.attrsets) filterAttrs mapAttrs'; | ||||||
|   cfg = config.services.garage; |   cfg = config.services.garage; | ||||||
|   fedicfg = config.fediversity.internal.garage; |   fedicfg = config.fediversity.internal.garage; | ||||||
|   concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset); |   concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset); | ||||||
|   ensureBucketScriptFn = bucket: { website, aliases, corsRules }: |   ensureBucketScriptFn = | ||||||
|  |     bucket: | ||||||
|  |     { | ||||||
|  |       website, | ||||||
|  |       aliases, | ||||||
|  |       corsRules, | ||||||
|  |     }: | ||||||
|     let |     let | ||||||
|       bucketArg = escapeShellArg bucket; |       bucketArg = escapeShellArg bucket; | ||||||
|       corsRulesJSON = escapeShellArg (builtins.toJSON { |       corsRulesJSON = escapeShellArg ( | ||||||
|         CORSRules = [{ |         builtins.toJSON { | ||||||
|  |           CORSRules = [ | ||||||
|  |             { | ||||||
|               AllowedHeaders = corsRules.allowedHeaders; |               AllowedHeaders = corsRules.allowedHeaders; | ||||||
|               AllowedMethods = corsRules.allowedMethods; |               AllowedMethods = corsRules.allowedMethods; | ||||||
|               AllowedOrigins = corsRules.allowedOrigins; |               AllowedOrigins = corsRules.allowedOrigins; | ||||||
|         }]; |             } | ||||||
|       }); |           ]; | ||||||
|     in '' |         } | ||||||
|  |       ); | ||||||
|  |     in | ||||||
|  |     '' | ||||||
|       # garage bucket info tells us if the bucket already exists |       # garage bucket info tells us if the bucket already exists | ||||||
|       garage bucket info ${bucketArg} || garage bucket create ${bucketArg} |       garage bucket info ${bucketArg} || garage bucket create ${bucketArg} | ||||||
| 
 | 
 | ||||||
|  | @ -37,9 +59,11 @@ let | ||||||
|         garage bucket website --allow ${bucketArg} |         garage bucket website --allow ${bucketArg} | ||||||
|       ''} |       ''} | ||||||
| 
 | 
 | ||||||
|       ${concatStringsSep "\n" (map (alias: '' |       ${concatStringsSep "\n" ( | ||||||
|  |         map (alias: '' | ||||||
|           garage bucket alias ${bucketArg} ${escapeShellArg alias} |           garage bucket alias ${bucketArg} ${escapeShellArg alias} | ||||||
|       '') aliases)} |         '') aliases | ||||||
|  |       )} | ||||||
| 
 | 
 | ||||||
|       ${optionalString corsRules.enable '' |       ${optionalString corsRules.enable '' | ||||||
|         garage bucket allow --read --write --owner ${bucketArg} --key tmp |         garage bucket allow --read --write --owner ${bucketArg} --key tmp | ||||||
|  | @ -49,11 +73,25 @@ let | ||||||
|       ''} |       ''} | ||||||
|     ''; |     ''; | ||||||
|   ensureBucketsScript = concatMapAttrs ensureBucketScriptFn cfg.ensureBuckets; |   ensureBucketsScript = concatMapAttrs ensureBucketScriptFn cfg.ensureBuckets; | ||||||
|   ensureAccessScriptFn = key: bucket: { read, write, owner }: '' |   ensureAccessScriptFn = | ||||||
|  |     key: bucket: | ||||||
|  |     { | ||||||
|  |       read, | ||||||
|  |       write, | ||||||
|  |       owner, | ||||||
|  |     }: | ||||||
|  |     '' | ||||||
|       garage bucket allow ${optionalString read "--read"} ${optionalString write "--write"} ${optionalString owner "--owner"} \ |       garage bucket allow ${optionalString read "--read"} ${optionalString write "--write"} ${optionalString owner "--owner"} \ | ||||||
|         ${escapeShellArg bucket} --key ${escapeShellArg key} |         ${escapeShellArg bucket} --key ${escapeShellArg key} | ||||||
|     ''; |     ''; | ||||||
|   ensureKeyScriptFn = key: {id, secret, ensureAccess}: '' |   ensureKeyScriptFn = | ||||||
|  |     key: | ||||||
|  |     { | ||||||
|  |       id, | ||||||
|  |       secret, | ||||||
|  |       ensureAccess, | ||||||
|  |     }: | ||||||
|  |     '' | ||||||
|       ## FIXME: Check whether the key exist and skip this step if that is the case. Get rid of this `|| :` |       ## FIXME: Check whether the key exist and skip this step if that is the case. Get rid of this `|| :` | ||||||
|       garage key import --yes -n ${escapeShellArg key} ${escapeShellArg id} ${escapeShellArg secret} || : |       garage key import --yes -n ${escapeShellArg key} ${escapeShellArg id} ${escapeShellArg secret} || : | ||||||
|       ${concatMapAttrs (ensureAccessScriptFn key) ensureAccess} |       ${concatMapAttrs (ensureAccessScriptFn key) ensureAccess} | ||||||
|  | @ -66,7 +104,8 @@ in | ||||||
|   options = { |   options = { | ||||||
|     services.garage = { |     services.garage = { | ||||||
|       ensureBuckets = mkOption { |       ensureBuckets = mkOption { | ||||||
|         type = types.attrsOf (types.submodule { |         type = types.attrsOf ( | ||||||
|  |           types.submodule { | ||||||
|             options = { |             options = { | ||||||
|               website = mkOption { |               website = mkOption { | ||||||
|                 type = types.bool; |                 type = types.bool; | ||||||
|  | @ -93,11 +132,13 @@ in | ||||||
|                 default = [ ]; |                 default = [ ]; | ||||||
|               }; |               }; | ||||||
|             }; |             }; | ||||||
|         }); |           } | ||||||
|  |         ); | ||||||
|         default = { }; |         default = { }; | ||||||
|       }; |       }; | ||||||
|       ensureKeys = mkOption { |       ensureKeys = mkOption { | ||||||
|         type = types.attrsOf (types.submodule { |         type = types.attrsOf ( | ||||||
|  |           types.submodule { | ||||||
|             # TODO: these should be managed as secrets, not in the nix store |             # TODO: these should be managed as secrets, not in the nix store | ||||||
|             options = { |             options = { | ||||||
|               id = mkOption { |               id = mkOption { | ||||||
|  | @ -109,7 +150,8 @@ in | ||||||
|               # TODO: assert at least one of these is true |               # TODO: assert at least one of these is true | ||||||
|               # NOTE: this currently needs to be done at the top level module |               # NOTE: this currently needs to be done at the top level module | ||||||
|               ensureAccess = mkOption { |               ensureAccess = mkOption { | ||||||
|               type = types.attrsOf (types.submodule { |                 type = types.attrsOf ( | ||||||
|  |                   types.submodule { | ||||||
|                     options = { |                     options = { | ||||||
|                       read = mkOption { |                       read = mkOption { | ||||||
|                         type = types.bool; |                         type = types.bool; | ||||||
|  | @ -124,18 +166,23 @@ in | ||||||
|                         default = false; |                         default = false; | ||||||
|                       }; |                       }; | ||||||
|                     }; |                     }; | ||||||
|               }); |                   } | ||||||
|  |                 ); | ||||||
|                 default = [ ]; |                 default = [ ]; | ||||||
|               }; |               }; | ||||||
|             }; |             }; | ||||||
|         }); |           } | ||||||
|  |         ); | ||||||
|         default = { }; |         default = { }; | ||||||
|       }; |       }; | ||||||
|     }; |     }; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   config = lib.mkIf config.fediversity.enable { |   config = lib.mkIf config.fediversity.enable { | ||||||
|     environment.systemPackages = [ pkgs.minio-client pkgs.awscli ]; |     environment.systemPackages = [ | ||||||
|  |       pkgs.minio-client | ||||||
|  |       pkgs.awscli | ||||||
|  |     ]; | ||||||
| 
 | 
 | ||||||
|     networking.firewall.allowedTCPPorts = [ |     networking.firewall.allowedTCPPorts = [ | ||||||
|       fedicfg.rpc.port |       fedicfg.rpc.port | ||||||
|  | @ -178,9 +225,11 @@ in | ||||||
|             ''; |             ''; | ||||||
|           }; |           }; | ||||||
|         }; |         }; | ||||||
|       in mapAttrs' |       in | ||||||
|         (bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;}) |       mapAttrs' (bucket: _: { | ||||||
|         (filterAttrs (_: {website, ...}: website) cfg.ensureBuckets); |         name = fedicfg.web.domainForBucket bucket; | ||||||
|  |         inherit value; | ||||||
|  |       }) (filterAttrs (_: { website, ... }: website) cfg.ensureBuckets); | ||||||
| 
 | 
 | ||||||
|     systemd.services.ensure-garage = { |     systemd.services.ensure-garage = { | ||||||
|       after = [ "garage.service" ]; |       after = [ "garage.service" ]; | ||||||
|  | @ -188,7 +237,11 @@ in | ||||||
|       serviceConfig = { |       serviceConfig = { | ||||||
|         Type = "oneshot"; |         Type = "oneshot"; | ||||||
|       }; |       }; | ||||||
|       path = [ cfg.package pkgs.perl pkgs.awscli ]; |       path = [ | ||||||
|  |         cfg.package | ||||||
|  |         pkgs.perl | ||||||
|  |         pkgs.awscli | ||||||
|  |       ]; | ||||||
|       script = '' |       script = '' | ||||||
|         set -xeuo pipefail |         set -xeuo pipefail | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -5,7 +5,12 @@ let | ||||||
|   }; |   }; | ||||||
| in | in | ||||||
| 
 | 
 | ||||||
| { config, lib, pkgs, ... }: | { | ||||||
|  |   config, | ||||||
|  |   lib, | ||||||
|  |   pkgs, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
| 
 | 
 | ||||||
| lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) { | lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) { | ||||||
|   #### garage setup |   #### garage setup | ||||||
|  | @ -58,7 +63,10 @@ lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) { | ||||||
|   #### mastodon setup |   #### mastodon setup | ||||||
| 
 | 
 | ||||||
|   # open up access to the mastodon web interface. 80 is necessary if only for ACME |   # open up access to the mastodon web interface. 80 is necessary if only for ACME | ||||||
|   networking.firewall.allowedTCPPorts = [ 80 443 ]; |   networking.firewall.allowedTCPPorts = [ | ||||||
|  |     80 | ||||||
|  |     443 | ||||||
|  |   ]; | ||||||
| 
 | 
 | ||||||
|   services.mastodon = { |   services.mastodon = { | ||||||
|     enable = true; |     enable = true; | ||||||
|  |  | ||||||
|  | @ -5,10 +5,18 @@ let | ||||||
|   }; |   }; | ||||||
| in | in | ||||||
| 
 | 
 | ||||||
| { config, lib, pkgs, ... }: | { | ||||||
|  |   config, | ||||||
|  |   lib, | ||||||
|  |   pkgs, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
| 
 | 
 | ||||||
| lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) { | lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) { | ||||||
|   networking.firewall.allowedTCPPorts = [ 80 443 ]; |   networking.firewall.allowedTCPPorts = [ | ||||||
|  |     80 | ||||||
|  |     443 | ||||||
|  |   ]; | ||||||
| 
 | 
 | ||||||
|   services.garage = { |   services.garage = { | ||||||
|     ensureBuckets = { |     ensureBuckets = { | ||||||
|  |  | ||||||
|  | @ -5,7 +5,12 @@ let | ||||||
|   }; |   }; | ||||||
| in | in | ||||||
| 
 | 
 | ||||||
| { config, lib, pkgs, ... }: | { | ||||||
|  |   config, | ||||||
|  |   lib, | ||||||
|  |   pkgs, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
| 
 | 
 | ||||||
| lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) { | lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) { | ||||||
|   services.garage = { |   services.garage = { | ||||||
|  | @ -80,5 +85,8 @@ lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) { | ||||||
|     after = [ "ensure-garage.service" ]; |     after = [ "ensure-garage.service" ]; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   networking.firewall.allowedTCPPorts = [ 80 443 ]; |   networking.firewall.allowedTCPPorts = [ | ||||||
|  |     80 | ||||||
|  |     443 | ||||||
|  |   ]; | ||||||
| } | } | ||||||
|  |  | ||||||
							
								
								
									
										18
									
								
								flake.nix
									
										
									
									
									
								
							
							
						
						
									
										18
									
								
								flake.nix
									
										
									
									
									
								
							|  | @ -9,20 +9,30 @@ | ||||||
|     disko.url = "github:nix-community/disko"; |     disko.url = "github:nix-community/disko"; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   outputs = { self, nixpkgs, nixpkgs-latest, pixelfed, disko }: |   outputs = | ||||||
|  |     { | ||||||
|  |       self, | ||||||
|  |       nixpkgs, | ||||||
|  |       nixpkgs-latest, | ||||||
|  |       pixelfed, | ||||||
|  |       disko, | ||||||
|  |     }: | ||||||
|     let |     let | ||||||
|       system = "x86_64-linux"; |       system = "x86_64-linux"; | ||||||
|       lib = nixpkgs.lib; |       lib = nixpkgs.lib; | ||||||
|       pkgs = nixpkgs.legacyPackages.${system}; |       pkgs = nixpkgs.legacyPackages.${system}; | ||||||
|       pkgsLatest = nixpkgs-latest.legacyPackages.${system}; |       pkgsLatest = nixpkgs-latest.legacyPackages.${system}; | ||||||
|     bleedingFediverseOverlay = (self: super: { |       bleedingFediverseOverlay = ( | ||||||
|  |         self: super: { | ||||||
|           pixelfed = pkgsLatest.pixelfed.overrideAttrs (old: { |           pixelfed = pkgsLatest.pixelfed.overrideAttrs (old: { | ||||||
|             src = pixelfed; |             src = pixelfed; | ||||||
|             patches = (old.patches or [ ]) ++ [ ./fediversity/pixelfed-group-permissions.patch ]; |             patches = (old.patches or [ ]) ++ [ ./fediversity/pixelfed-group-permissions.patch ]; | ||||||
|           }); |           }); | ||||||
|           ## TODO: give mastodon, peertube the same treatment |           ## TODO: give mastodon, peertube the same treatment | ||||||
|     }); |         } | ||||||
|   in { |       ); | ||||||
|  |     in | ||||||
|  |     { | ||||||
|       nixosModules = { |       nixosModules = { | ||||||
|         ## Bleeding-edge fediverse packages |         ## Bleeding-edge fediverse packages | ||||||
|         bleedingFediverse = { |         bleedingFediverse = { | ||||||
|  |  | ||||||
|  | @ -4,15 +4,22 @@ | ||||||
|   WARNING: Running this installer will format the target disk! |   WARNING: Running this installer will format the target disk! | ||||||
| */ | */ | ||||||
| 
 | 
 | ||||||
| { nixpkgs, | { | ||||||
|   hostKeys ? {} |   nixpkgs, | ||||||
|  |   hostKeys ? { }, | ||||||
| }: | }: | ||||||
| machine: | machine: | ||||||
| 
 | 
 | ||||||
| let | let | ||||||
|   inherit (builtins) concatStringsSep attrValues mapAttrs; |   inherit (builtins) concatStringsSep attrValues mapAttrs; | ||||||
| 
 | 
 | ||||||
|   installer = { config, pkgs, lib, ... }: |   installer = | ||||||
|  |     { | ||||||
|  |       config, | ||||||
|  |       pkgs, | ||||||
|  |       lib, | ||||||
|  |       ... | ||||||
|  |     }: | ||||||
|     let |     let | ||||||
|       bootstrap = pkgs.writeShellApplication { |       bootstrap = pkgs.writeShellApplication { | ||||||
|         name = "bootstrap"; |         name = "bootstrap"; | ||||||
|  | @ -20,20 +27,16 @@ let | ||||||
|         text = '' |         text = '' | ||||||
|           ${machine.config.system.build.diskoScript} |           ${machine.config.system.build.diskoScript} | ||||||
|           nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel} |           nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel} | ||||||
|           ${ |           ${concatStringsSep "\n" ( | ||||||
|             concatStringsSep "\n" ( |  | ||||||
|             attrValues ( |             attrValues ( | ||||||
|               mapAttrs |               mapAttrs (kind: keys: '' | ||||||
|                 (kind: keys: '' |  | ||||||
|                 cp ${keys.private} /mnt/etc/ssh/ssh_host_${kind}_key |                 cp ${keys.private} /mnt/etc/ssh/ssh_host_${kind}_key | ||||||
|                 chmod 600 /mnt/etc/ssh/ssh_host_${kind}_key |                 chmod 600 /mnt/etc/ssh/ssh_host_${kind}_key | ||||||
|                 cp ${keys.public} /mnt/etc/ssh/ssh_host_${kind}_key.pub |                 cp ${keys.public} /mnt/etc/ssh/ssh_host_${kind}_key.pub | ||||||
|                 chmod 644 /mnt/etc/ssh/ssh_host_${kind}_key.pub |                 chmod 644 /mnt/etc/ssh/ssh_host_${kind}_key.pub | ||||||
|                  '') |               '') hostKeys | ||||||
|                 hostKeys |  | ||||||
|             ) |             ) | ||||||
|             ) |           )} | ||||||
|           } |  | ||||||
|           poweroff |           poweroff | ||||||
|         ''; |         ''; | ||||||
|       }; |       }; | ||||||
|  |  | ||||||
|  | @ -2,10 +2,12 @@ | ||||||
| let | let | ||||||
|   lib = pkgs.lib; |   lib = pkgs.lib; | ||||||
|   rebuildableTest = import ./rebuildableTest.nix pkgs; |   rebuildableTest = import ./rebuildableTest.nix pkgs; | ||||||
|   seleniumScript = pkgs.writers.writePython3Bin "selenium-script" |   seleniumScript = | ||||||
|  |     pkgs.writers.writePython3Bin "selenium-script" | ||||||
|       { |       { | ||||||
|         libraries = with pkgs.python3Packages; [ selenium ]; |         libraries = with pkgs.python3Packages; [ selenium ]; | ||||||
|     } '' |       } | ||||||
|  |       '' | ||||||
|         from selenium import webdriver |         from selenium import webdriver | ||||||
|         from selenium.webdriver.common.by import By |         from selenium.webdriver.common.by import By | ||||||
|         from selenium.webdriver.firefox.options import Options |         from selenium.webdriver.firefox.options import Options | ||||||
|  | @ -35,7 +37,9 @@ pkgs.nixosTest { | ||||||
|   name = "test-mastodon-garage"; |   name = "test-mastodon-garage"; | ||||||
| 
 | 
 | ||||||
|   nodes = { |   nodes = { | ||||||
|     server = { config, ... }: { |     server = | ||||||
|  |       { config, ... }: | ||||||
|  |       { | ||||||
|         virtualisation.memorySize = lib.mkVMOverride 4096; |         virtualisation.memorySize = lib.mkVMOverride 4096; | ||||||
|         imports = with self.nixosModules; [ |         imports = with self.nixosModules; [ | ||||||
|           bleedingFediverse |           bleedingFediverse | ||||||
|  | @ -62,7 +66,9 @@ pkgs.nixosTest { | ||||||
|       }; |       }; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   testScript = { nodes, ... }: '' |   testScript = | ||||||
|  |     { nodes, ... }: | ||||||
|  |     '' | ||||||
|       import re |       import re | ||||||
|       import time |       import time | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -50,10 +50,12 @@ let | ||||||
|     driver.quit() |     driver.quit() | ||||||
|   ''; |   ''; | ||||||
| 
 | 
 | ||||||
|   seleniumScriptPostPicture = pkgs.writers.writePython3Bin "selenium-script-post-picture" |   seleniumScriptPostPicture = | ||||||
|  |     pkgs.writers.writePython3Bin "selenium-script-post-picture" | ||||||
|       { |       { | ||||||
|         libraries = with pkgs.python3Packages; [ selenium ]; |         libraries = with pkgs.python3Packages; [ selenium ]; | ||||||
|     } '' |       } | ||||||
|  |       '' | ||||||
|         import os |         import os | ||||||
|         import time |         import time | ||||||
|         ${seleniumImports} |         ${seleniumImports} | ||||||
|  | @ -93,10 +95,12 @@ let | ||||||
|         ${seleniumTakeScreenshot "\"/home/selenium/screenshot.png\""} |         ${seleniumTakeScreenshot "\"/home/selenium/screenshot.png\""} | ||||||
|         ${seleniumQuit}''; |         ${seleniumQuit}''; | ||||||
| 
 | 
 | ||||||
|   seleniumScriptGetSrc = pkgs.writers.writePython3Bin "selenium-script-get-src" |   seleniumScriptGetSrc = | ||||||
|  |     pkgs.writers.writePython3Bin "selenium-script-get-src" | ||||||
|       { |       { | ||||||
|         libraries = with pkgs.python3Packages; [ selenium ]; |         libraries = with pkgs.python3Packages; [ selenium ]; | ||||||
|     } '' |       } | ||||||
|  |       '' | ||||||
|         ${seleniumImports} |         ${seleniumImports} | ||||||
|         ${seleniumSetup} |         ${seleniumSetup} | ||||||
|         ${seleniumPixelfedLogin} |         ${seleniumPixelfedLogin} | ||||||
|  | @ -115,7 +119,9 @@ pkgs.nixosTest { | ||||||
|   name = "test-pixelfed-garage"; |   name = "test-pixelfed-garage"; | ||||||
| 
 | 
 | ||||||
|   nodes = { |   nodes = { | ||||||
|     server = { config, ... }: { |     server = | ||||||
|  |       { config, ... }: | ||||||
|  |       { | ||||||
| 
 | 
 | ||||||
|         services = { |         services = { | ||||||
|           xserver = { |           xserver = { | ||||||
|  | @ -129,8 +135,10 @@ pkgs.nixosTest { | ||||||
|             user = "selenium"; |             user = "selenium"; | ||||||
|           }; |           }; | ||||||
|         }; |         }; | ||||||
|       virtualisation.resolution = { x = 1680; y = 1050; }; |         virtualisation.resolution = { | ||||||
| 
 |           x = 1680; | ||||||
|  |           y = 1050; | ||||||
|  |         }; | ||||||
| 
 | 
 | ||||||
|         virtualisation = { |         virtualisation = { | ||||||
|           memorySize = lib.mkVMOverride 8192; |           memorySize = lib.mkVMOverride 8192; | ||||||
|  | @ -167,7 +175,9 @@ pkgs.nixosTest { | ||||||
|       }; |       }; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   testScript = { nodes, ... }: '' |   testScript = | ||||||
|  |     { nodes, ... }: | ||||||
|  |     '' | ||||||
|       import re |       import re | ||||||
| 
 | 
 | ||||||
|       server.start() |       server.start() | ||||||
|  |  | ||||||
|  | @ -1,9 +1,16 @@ | ||||||
| pkgs: test: | pkgs: test: | ||||||
| let | let | ||||||
|   inherit (pkgs.lib) mapAttrsToList concatStringsSep genAttrs mkIf; |   inherit (pkgs.lib) | ||||||
|  |     mapAttrsToList | ||||||
|  |     concatStringsSep | ||||||
|  |     genAttrs | ||||||
|  |     mkIf | ||||||
|  |     ; | ||||||
|   inherit (builtins) attrNames; |   inherit (builtins) attrNames; | ||||||
| 
 | 
 | ||||||
|   interactiveConfig = ({ config, ... }: { |   interactiveConfig = ( | ||||||
|  |     { config, ... }: | ||||||
|  |     { | ||||||
|       # so we can run `nix shell nixpkgs#foo` on the machines |       # so we can run `nix shell nixpkgs#foo` on the machines | ||||||
|       nix.extraOptions = '' |       nix.extraOptions = '' | ||||||
|         extra-experimental-features = nix-command flakes |         extra-experimental-features = nix-command flakes | ||||||
|  | @ -20,13 +27,16 @@ let | ||||||
|       }; |       }; | ||||||
| 
 | 
 | ||||||
|       virtualisation = mkIf (config.networking.hostName == "jumphost") { |       virtualisation = mkIf (config.networking.hostName == "jumphost") { | ||||||
|       forwardPorts = [{ |         forwardPorts = [ | ||||||
|  |           { | ||||||
|             from = "host"; |             from = "host"; | ||||||
|             host.port = 2222; |             host.port = 2222; | ||||||
|             guest.port = 22; |             guest.port = 22; | ||||||
|       }]; |           } | ||||||
|  |         ]; | ||||||
|       }; |       }; | ||||||
|   }); |     } | ||||||
|  |   ); | ||||||
| 
 | 
 | ||||||
|   sshConfig = pkgs.writeText "ssh-config" '' |   sshConfig = pkgs.writeText "ssh-config" '' | ||||||
|     Host * |     Host * | ||||||
|  | @ -50,10 +60,11 @@ let | ||||||
|     # create an association array from machine names to the path to their |     # create an association array from machine names to the path to their | ||||||
|     # configuration in the nix store |     # configuration in the nix store | ||||||
|     declare -A configPaths=(${ |     declare -A configPaths=(${ | ||||||
|       concatStringsSep " " |       concatStringsSep " " ( | ||||||
|         (mapAttrsToList |         mapAttrsToList ( | ||||||
|           (n: v: ''["${n}"]="${v.system.build.toplevel}"'') |           n: v: ''["${n}"]="${v.system.build.toplevel}"'' | ||||||
|           rebuildableTest.driverInteractive.nodes) |         ) rebuildableTest.driverInteractive.nodes | ||||||
|  |       ) | ||||||
|     }) |     }) | ||||||
| 
 | 
 | ||||||
|     rebuild_one() { |     rebuild_one() { | ||||||
|  | @ -113,16 +124,14 @@ let | ||||||
|   # we're at it) |   # we're at it) | ||||||
|   rebuildableTest = |   rebuildableTest = | ||||||
|     let |     let | ||||||
|       preOverride = pkgs.nixosTest (test // { |       preOverride = pkgs.nixosTest ( | ||||||
|  |         test | ||||||
|  |         // { | ||||||
|           interactive = (test.interactive or { }) // { |           interactive = (test.interactive or { }) // { | ||||||
|             # no need to // with test.interactive.nodes here, since we are iterating |             # no need to // with test.interactive.nodes here, since we are iterating | ||||||
|             # over all of them, and adding back in the config via `imports` |             # over all of them, and adding back in the config via `imports` | ||||||
|           nodes = genAttrs |             nodes = | ||||||
|             ( |               genAttrs (attrNames test.nodes or { } ++ attrNames test.interactive.nodes or { } ++ [ "jumphost" ]) | ||||||
|               attrNames test.nodes or { } ++ |  | ||||||
|                 attrNames test.interactive.nodes or { } ++ |  | ||||||
|                 [ "jumphost" ] |  | ||||||
|             ) |  | ||||||
|                 (n: { |                 (n: { | ||||||
|                   imports = [ |                   imports = [ | ||||||
|                     (test.interactive.${n} or { }) |                     (test.interactive.${n} or { }) | ||||||
|  | @ -131,14 +140,20 @@ let | ||||||
|                 }); |                 }); | ||||||
|           }; |           }; | ||||||
|           # override with test.passthru in case someone wants to overwrite us. |           # override with test.passthru in case someone wants to overwrite us. | ||||||
|         passthru = { inherit rebuildScript sshConfig; } // (test.passthru or { }); |           passthru = { | ||||||
|       }); |             inherit rebuildScript sshConfig; | ||||||
|  |           } // (test.passthru or { }); | ||||||
|  |         } | ||||||
|  |       ); | ||||||
|     in |     in | ||||||
|     preOverride // { |     preOverride | ||||||
|  |     // { | ||||||
|       driverInteractive = preOverride.driverInteractive.overrideAttrs (old: { |       driverInteractive = preOverride.driverInteractive.overrideAttrs (old: { | ||||||
|         # this comes from runCommand, not mkDerivation, so this is the only |         # this comes from runCommand, not mkDerivation, so this is the only | ||||||
|         # hook we have to override |         # hook we have to override | ||||||
|         buildCommand = old.buildCommand + '' |         buildCommand = | ||||||
|  |           old.buildCommand | ||||||
|  |           + '' | ||||||
|             ln -s ${sshConfig} $out/ssh-config |             ln -s ${sshConfig} $out/ssh-config | ||||||
|             ln -s ${rebuildScript}/bin/rebuild $out/bin/rebuild |             ln -s ${rebuildScript}/bin/rebuild $out/bin/rebuild | ||||||
|           ''; |           ''; | ||||||
|  | @ -146,4 +161,3 @@ let | ||||||
|     }; |     }; | ||||||
| in | in | ||||||
| rebuildableTest | rebuildableTest | ||||||
| 
 |  | ||||||
|  |  | ||||||
|  | @ -1,4 +1,9 @@ | ||||||
| { lib, config, modulesPath, ... }: | { | ||||||
|  |   lib, | ||||||
|  |   config, | ||||||
|  |   modulesPath, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
| 
 | 
 | ||||||
| let | let | ||||||
|   inherit (lib) mkVMOverride mapAttrs' filterAttrs; |   inherit (lib) mkVMOverride mapAttrs' filterAttrs; | ||||||
|  | @ -7,7 +12,8 @@ let | ||||||
| 
 | 
 | ||||||
|   fedicfg = config.fediversity.internal.garage; |   fedicfg = config.fediversity.internal.garage; | ||||||
| 
 | 
 | ||||||
| in { | in | ||||||
|  | { | ||||||
|   imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; |   imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; | ||||||
| 
 | 
 | ||||||
|   services.nginx.virtualHosts = |   services.nginx.virtualHosts = | ||||||
|  | @ -16,9 +22,11 @@ in { | ||||||
|         forceSSL = mkVMOverride false; |         forceSSL = mkVMOverride false; | ||||||
|         enableACME = mkVMOverride false; |         enableACME = mkVMOverride false; | ||||||
|       }; |       }; | ||||||
|     in mapAttrs' |     in | ||||||
|       (bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;}) |     mapAttrs' (bucket: _: { | ||||||
|       (filterAttrs (_: {website, ...}: website) cfg.ensureBuckets); |       name = fedicfg.web.domainForBucket bucket; | ||||||
|  |       inherit value; | ||||||
|  |     }) (filterAttrs (_: { website, ... }: website) cfg.ensureBuckets); | ||||||
| 
 | 
 | ||||||
|   virtualisation.diskSize = 2048; |   virtualisation.diskSize = 2048; | ||||||
|   virtualisation.forwardPorts = [ |   virtualisation.forwardPorts = [ | ||||||
|  |  | ||||||
|  | @ -1,5 +1,6 @@ | ||||||
| # customize nixos-rebuild build-vm to be a bit more convenient | # customize nixos-rebuild build-vm to be a bit more convenient | ||||||
| { pkgs, ... }: { | { pkgs, ... }: | ||||||
|  | { | ||||||
|   # let us log in |   # let us log in | ||||||
|   users.mutableUsers = false; |   users.mutableUsers = false; | ||||||
|   users.users.root.hashedPassword = ""; |   users.users.root.hashedPassword = ""; | ||||||
|  | @ -34,7 +35,10 @@ | ||||||
|   # no graphics. see nixos-shell |   # no graphics. see nixos-shell | ||||||
|   virtualisation = { |   virtualisation = { | ||||||
|     graphics = false; |     graphics = false; | ||||||
|     qemu.consoles = [ "tty0" "hvc0" ]; |     qemu.consoles = [ | ||||||
|  |       "tty0" | ||||||
|  |       "hvc0" | ||||||
|  |     ]; | ||||||
|     qemu.options = [ |     qemu.options = [ | ||||||
|       "-serial null" |       "-serial null" | ||||||
|       "-device virtio-serial" |       "-device virtio-serial" | ||||||
|  | @ -45,7 +49,10 @@ | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   # we can't forward port 80 or 443, so let's run nginx on a different port |   # we can't forward port 80 or 443, so let's run nginx on a different port | ||||||
|   networking.firewall.allowedTCPPorts = [ 8443 8080 ]; |   networking.firewall.allowedTCPPorts = [ | ||||||
|  |     8443 | ||||||
|  |     8080 | ||||||
|  |   ]; | ||||||
|   services.nginx.defaultSSLListenPort = 8443; |   services.nginx.defaultSSLListenPort = 8443; | ||||||
|   services.nginx.defaultHTTPListenPort = 8080; |   services.nginx.defaultHTTPListenPort = 8080; | ||||||
|   virtualisation.forwardPorts = [ |   virtualisation.forwardPorts = [ | ||||||
|  |  | ||||||
|  | @ -1,4 +1,10 @@ | ||||||
| { modulesPath, lib, config, ... }: { | { | ||||||
|  |   modulesPath, | ||||||
|  |   lib, | ||||||
|  |   config, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
|  | { | ||||||
| 
 | 
 | ||||||
|   imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; |   imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -1,4 +1,5 @@ | ||||||
| { pkgs, modulesPath, ... }: { | { pkgs, modulesPath, ... }: | ||||||
|  | { | ||||||
| 
 | 
 | ||||||
|   imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; |   imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -1,9 +1,15 @@ | ||||||
| { pkgs, lib, modulesPath, ... }: | { | ||||||
|  |   pkgs, | ||||||
|  |   lib, | ||||||
|  |   modulesPath, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
| 
 | 
 | ||||||
| let | let | ||||||
|   inherit (lib) mkVMOverride; |   inherit (lib) mkVMOverride; | ||||||
| 
 | 
 | ||||||
| in { | in | ||||||
|  | { | ||||||
|   imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; |   imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; | ||||||
| 
 | 
 | ||||||
|   fediversity = { |   fediversity = { | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue