From 54df2c1238ccb8788e3f4ca27a827f0ee99bf4ed Mon Sep 17 00:00:00 2001 From: Tristan Druyen Date: Mon, 11 Dec 2023 20:37:06 +0100 Subject: [PATCH] Run nixpkgs-fmt --- examples/flake.nix | 37 +++--- flake.nix | 224 ++++++++++++++++++++------------- tests/default.nix | 7 +- tests/vmTest/common.nix | 7 +- tests/vmTest/default.nix | 86 ++++++++----- tests/vmTest/nixinateeBase.nix | 18 +-- 6 files changed, 227 insertions(+), 152 deletions(-) diff --git a/examples/flake.nix b/examples/flake.nix index 9c6a426..887b0b4 100644 --- a/examples/flake.nix +++ b/examples/flake.nix @@ -6,22 +6,27 @@ nixinate.url = "github:matthewcroughan/nixinate"; }; - outputs = { self, nixpkgs, nixinate }: { - apps = nixinate.nixinate.x86_64-linux self; - nixosConfigurations = { - myMachine = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - { - _module.args.nixinate = { - host = "itchy.scratchy.com"; - sshUser = "matthew"; - buildOn = "local"; # valid args are "local" or "remote" - }; - } - # ... other configuration ... - ]; + outputs = + { self + , nixpkgs + , nixinate + , + }: { + apps = nixinate.nixinate.x86_64-linux self; + nixosConfigurations = { + myMachine = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + { + _module.args.nixinate = { + host = "itchy.scratchy.com"; + sshUser = "matthew"; + buildOn = "local"; # valid args are "local" or "remote" + }; + } + # ... other configuration ... + ]; + }; }; }; - }; } diff --git a/flake.nix b/flake.nix index 431b98a..4d6a4e9 100644 --- a/flake.nix +++ b/flake.nix @@ -3,118 +3,162 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; }; - outputs = { self, nixpkgs, ... }@inputs: + outputs = + { self + , nixpkgs + , ... + } @ inputs: let version = builtins.substring 0 8 self.lastModifiedDate; supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; forSystems = systems: f: nixpkgs.lib.genAttrs systems - (system: f system nixpkgs.legacyPackages.${system}); + (system: f system nixpkgs.legacyPackages.${system}); forAllSystems = forSystems supportedSystems; - nixpkgsFor = forAllSystems (system: pkgs: import nixpkgs { inherit system; overlays = [ self.overlay ]; }); - in rec + nixpkgsFor = forAllSystems (system: pkgs: + import nixpkgs { + inherit system; + overlays = [ self.overlay ]; + }); + in + rec { herculesCI.ciSystems = [ "x86_64-linux" ]; overlay = final: prev: { nixinate = { - nix = prev.pkgs.writeShellScriptBin "nix" - ''${final.nixVersions.unstable}/bin/nix --experimental-features "nix-command flakes" "$@"''; + nix = + prev.pkgs.writeShellScriptBin "nix" + ''${final.nixVersions.unstable}/bin/nix --experimental-features "nix-command flakes" "$@"''; nixos-rebuild = prev.nixos-rebuild.override { inherit (final) nix; }; }; generateApps = flake: let machines = builtins.attrNames flake.nixosConfigurations; - validMachines = final.lib.remove "" (final.lib.forEach machines (x: final.lib.optionalString (flake.nixosConfigurations."${x}"._module.args ? nixinate) "${x}" )); - mkDeployScript = { machine, dryRun }: let - inherit (builtins) abort; - inherit (final.lib) getExe optionalString concatStringsSep; - nix = "${getExe final.nix}"; - nixos-rebuild = "${getExe final.nixos-rebuild}"; - openssh = "${getExe final.openssh}"; - bash = "${getExe final.bash}"; - flock = "${getExe final.flock}"; + validMachines = final.lib.remove "" (final.lib.forEach machines (x: final.lib.optionalString (flake.nixosConfigurations."${x}"._module.args ? nixinate) "${x}")); + mkDeployScript = + { machine + , dryRun + , + }: + let + inherit (builtins) abort; + inherit (final.lib) getExe optionalString concatStringsSep; + nix = "${getExe final.nix}"; + nixos-rebuild = "${getExe final.nixos-rebuild}"; + openssh = "${getExe final.openssh}"; + bash = "${getExe final.bash}"; + flock = "${getExe final.flock}"; - n = flake.nixosConfigurations.${machine}._module.args.nixinate; - hermetic = n.hermetic or true; - user = n.sshUser or "root"; - host = n.host or ""; - sshConfigHost = n.sshConfigHost or ""; - userHost = if sshConfigHost != "" then sshConfigHost else if host != "" then "${user}@${host}" else abort "_module.args.nixinate.host or _module.args.nixinate.sshConfigHost must be set"; - where = n.buildOn or "remote"; - remote = if where == "remote" then true else if where == "local" then false else abort "_module.args.nixinate.buildOn is not set to a valid value of 'local' or 'remote'"; - substituteOnTarget = n.substituteOnTarget or false; - switch = if dryRun then "dry-activate" else "switch"; - nixOptions = concatStringsSep " " (n.nixOptions or []); + n = flake.nixosConfigurations.${machine}._module.args.nixinate; + hermetic = n.hermetic or true; + user = n.sshUser or "root"; + host = n.host or ""; + sshConfigHost = n.sshConfigHost or ""; + userHost = + if sshConfigHost != "" + then sshConfigHost + else if host != "" + then "${user}@${host}" + else abort "_module.args.nixinate.host or _module.args.nixinate.sshConfigHost must be set"; + where = n.buildOn or "remote"; + remote = + if where == "remote" + then true + else if where == "local" + then false + else abort "_module.args.nixinate.buildOn is not set to a valid value of 'local' or 'remote'"; + substituteOnTarget = n.substituteOnTarget or false; + switch = + if dryRun + then "dry-activate" + else "switch"; + nixOptions = concatStringsSep " " (n.nixOptions or [ ]); - script = - '' - #!${bash} - set -e - echo "🚀 Deploying nixosConfigurations.${machine} from ${flake}" - '' + (if sshConfigHost != "" then '' - echo "🌐 SSH Config Host: ${sshConfigHost}" - '' else '' - echo "👤 SSH User: ${user}" - echo "🌐 SSH Host: ${host}" - '') + (if remote then '' - echo "🚀 Sending flake to ${machine} via nix copy:" - ( set -x; ${nix} ${nixOptions} copy ${flake} --to ssh://${userHost} ) - '' + (if hermetic then '' - echo "🤞 Activating configuration hermetically on ${machine} via ssh:" - ( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} ${flock} --to ssh://${userHost} ) - ( set -x; ${openssh} -t ${userHost} "sudo nix-store --realise ${nixos-rebuild} ${flock} && sudo ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" ) - '' else '' - echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" - ( set -x; ${openssh} -t ${userHost} "sudo flock -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" ) - '') - else '' - echo "🔨 Building system closure locally, copying it to remote store and activating it:" - ( set -x; NIX_SSHOPTS="-t" ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine} --target-host ${userHost} --use-remote-sudo ${optionalString substituteOnTarget "-s"} ) + script = + '' + #!${bash} + set -e + echo "🚀 Deploying nixosConfigurations.${machine} from ${flake}" + '' + + ( + if sshConfigHost != "" + then '' + echo "🌐 SSH Config Host: ${sshConfigHost}" + '' + else '' + echo "👤 SSH User: ${user}" + echo "🌐 SSH Host: ${host}" + '' + ) + + ( + if remote + then + '' + echo "🚀 Sending flake to ${machine} via nix copy:" + ( set -x; ${nix} ${nixOptions} copy ${flake} --to ssh://${userHost} ) + '' + + ( + if hermetic + then '' + echo "🤞 Activating configuration hermetically on ${machine} via ssh:" + ( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} ${flock} --to ssh://${userHost} ) + ( set -x; ${openssh} -t ${userHost} "sudo nix-store --realise ${nixos-rebuild} ${flock} && sudo ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" ) + '' + else '' + echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" + ( set -x; ${openssh} -t ${userHost} "sudo flock -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" ) + '' + ) + else '' + echo "🔨 Building system closure locally, copying it to remote store and activating it:" + ( set -x; NIX_SSHOPTS="-t" ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine} --target-host ${userHost} --use-remote-sudo ${optionalString substituteOnTarget "-s"} ) - ''); - in final.writeScript "deploy-${machine}.sh" script; + '' + ); + in + final.writeScript "deploy-${machine}.sh" script; in { - nixinate = - ( - nixpkgs.lib.genAttrs - validMachines - (x: - { - type = "app"; - program = toString (mkDeployScript { - machine = x; - dryRun = false; - }); - } - ) - // nixpkgs.lib.genAttrs - (map (a: a + "-dry-run") validMachines) - (x: - { - type = "app"; - program = toString (mkDeployScript { - machine = nixpkgs.lib.removeSuffix "-dry-run" x; - dryRun = true; - }); - } - ) - ); + nixinate = ( + nixpkgs.lib.genAttrs + validMachines + ( + x: { + type = "app"; + program = toString (mkDeployScript { + machine = x; + dryRun = false; + }); + } + ) + // nixpkgs.lib.genAttrs + (map (a: a + "-dry-run") validMachines) + ( + x: { + type = "app"; + program = toString (mkDeployScript { + machine = nixpkgs.lib.removeSuffix "-dry-run" x; + dryRun = true; + }); + } + ) + ); }; - }; + }; nixinate = forAllSystems (system: pkgs: nixpkgsFor.${system}.generateApps); - checks = forAllSystems (system: pkgs: - let - vmTests = import ./tests { - makeTest = (import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; }).makeTest; - inherit inputs; pkgs = nixpkgsFor.${system}; - }; - in - pkgs.lib.optionalAttrs pkgs.stdenv.isLinux vmTests # vmTests can only be ran on Linux, so append them only if on Linux. - // - { - # Other checks here... - } + checks = forAllSystems ( + system: pkgs: + let + vmTests = import ./tests { + makeTest = (import (nixpkgs + "/nixos/lib/testing-python.nix") { inherit system; }).makeTest; + inherit inputs; + pkgs = nixpkgsFor.${system}; + }; + in + pkgs.lib.optionalAttrs pkgs.stdenv.isLinux vmTests # vmTests can only be ran on Linux, so append them only if on Linux. + // { + # Other checks here... + } ); }; } diff --git a/tests/default.nix b/tests/default.nix index 871167f..497b744 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -1,5 +1,8 @@ -{ pkgs, makeTest, inputs }: -{ +{ pkgs +, makeTest +, inputs +, +}: { vmTestLocal = (import ./vmTest { inherit pkgs makeTest inputs; }).local; vmTestRemote = (import ./vmTest { inherit pkgs makeTest inputs; }).remote; vmTestLocalHermetic = (import ./vmTest { inherit pkgs makeTest inputs; }).localHermetic; diff --git a/tests/vmTest/common.nix b/tests/vmTest/common.nix index b15cc6c..e8f6aa6 100644 --- a/tests/vmTest/common.nix +++ b/tests/vmTest/common.nix @@ -1,10 +1,11 @@ # Configuration that will be added to both the nixinatee node and the nixinator # node. -{ inputs }: -{ +{ inputs }: { nix = { extraOptions = - let empty_registry = builtins.toFile "empty-flake-registry.json" ''{"flakes":[],"version":2}''; in + let + empty_registry = builtins.toFile "empty-flake-registry.json" ''{"flakes":[],"version":2}''; + in '' experimental-features = nix-command flakes flake-registry = ${empty_registry} diff --git a/tests/vmTest/default.nix b/tests/vmTest/default.nix index 1eb70b8..f93ef12 100644 --- a/tests/vmTest/default.nix +++ b/tests/vmTest/default.nix @@ -1,10 +1,15 @@ -{ pkgs, makeTest, inputs }: +{ pkgs +, makeTest +, inputs +, +}: let inherit (pkgs) lib; # Return a store path with a closure containing everything including # derivations and all build dependency outputs, all the way down. allDrvOutputs = pkg: - let name = "allDrvOutputs-${pkg.pname or pkg.name or "unknown"}"; + let + name = "allDrvOutputs-${pkg.pname or pkg.name or "unknown"}"; in pkgs.runCommand name { refs = pkgs.writeReferencesToFile pkg.drvPath; } '' touch $out @@ -18,12 +23,18 @@ let ''; # Imports a flake with inputs passed in by hand, rather than # builtins.getFlake, which cannot be used in this way. - callLocklessFlake = path: inputs: let - r = {outPath = path;} // - ((import (path + "/flake.nix")).outputs (inputs // {self = r;})); - in + callLocklessFlake = path: inputs: + let + r = + { outPath = path; } + // ((import (path + "/flake.nix")).outputs (inputs // { self = r; })); + in r; - mkNixinateTest = { buildOn, hermetic ? false, ... }: + mkNixinateTest = + { buildOn + , hermetic ? false + , ... + }: let exampleFlake = pkgs.writeTextFile { name = "nixinate-example-flake"; @@ -68,7 +79,8 @@ let ]; virtualisation = { writableStore = true; - additionalPaths = [] + additionalPaths = + [ ] ++ lib.optional (buildOn == "remote") (allDrvOutputs exampleSystem) ++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild.drvPath) ++ lib.optional (hermetic == true) (pkgs.flock.drvPath); @@ -79,38 +91,44 @@ let (import ./common.nix { inherit inputs; }) ]; virtualisation = { - additionalPaths = [ - (allDrvOutputs exampleSystem) - ] + additionalPaths = + [ + (allDrvOutputs exampleSystem) + ] ++ lib.optional (buildOn == "remote") exampleFlake ++ lib.optional (hermetic == true) pkgs.flock.drvPath; }; }; }; - testScript = - '' - start_all() - nixinatee.wait_for_unit("sshd.service") - nixinator.wait_for_unit("multi-user.target") - nixinator.succeed("mkdir ~/.ssh/") - nixinator.succeed("ssh-keyscan -H nixinatee >> ~/.ssh/known_hosts") - nixinator.succeed("exec ${deployScript.nixinate.nixinatee.program} >&2") - nixinatee.wait_for_unit("nginx.service") - nixinatee.wait_for_open_port("80") - with subtest("Check that Nginx webserver can be reached by deployer after deployment"): - assert "Welcome to nginx!" in nixinator.succeed( - "curl -sSf http:/nixinatee/ | grep title" - ) - with subtest("Check that Nginx webserver can be reached by deployee after deployment"): - assert "Welcome to nginx!" in nixinatee.succeed( - "curl -sSf http:/127.0.0.1/ | grep title" - ) - ''; + testScript = '' + start_all() + nixinatee.wait_for_unit("sshd.service") + nixinator.wait_for_unit("multi-user.target") + nixinator.succeed("mkdir ~/.ssh/") + nixinator.succeed("ssh-keyscan -H nixinatee >> ~/.ssh/known_hosts") + nixinator.succeed("exec ${deployScript.nixinate.nixinatee.program} >&2") + nixinatee.wait_for_unit("nginx.service") + nixinatee.wait_for_open_port("80") + with subtest("Check that Nginx webserver can be reached by deployer after deployment"): + assert "Welcome to nginx!" in nixinator.succeed( + "curl -sSf http:/nixinatee/ | grep title" + ) + with subtest("Check that Nginx webserver can be reached by deployee after deployment"): + assert "Welcome to nginx!" in nixinatee.succeed( + "curl -sSf http:/127.0.0.1/ | grep title" + ) + ''; }; in { - local = (mkNixinateTest { buildOn = "local"; }); - remote = (mkNixinateTest { buildOn = "remote"; }); - localHermetic = (mkNixinateTest { buildOn = "local"; hermetic = true; }); - remoteHermetic = (mkNixinateTest { buildOn = "remote"; hermetic = true; }); + local = mkNixinateTest { buildOn = "local"; }; + remote = mkNixinateTest { buildOn = "remote"; }; + localHermetic = mkNixinateTest { + buildOn = "local"; + hermetic = true; + }; + remoteHermetic = mkNixinateTest { + buildOn = "remote"; + hermetic = true; + }; } diff --git a/tests/vmTest/nixinateeBase.nix b/tests/vmTest/nixinateeBase.nix index 3601657..1bc55db 100644 --- a/tests/vmTest/nixinateeBase.nix +++ b/tests/vmTest/nixinateeBase.nix @@ -3,13 +3,17 @@ { config = { nix.trustedUsers = [ "nixinator" ]; - security.sudo.extraRules = [{ - users = [ "nixinator" ]; - commands = [{ - command = "ALL"; - options = [ "NOPASSWD" ]; - }]; - }]; + security.sudo.extraRules = [ + { + users = [ "nixinator" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; users = { mutableUsers = false; users = {