diff --git a/configs/all-configurations.nix b/configs/all-configurations.nix index bd2f936c1..40d47fccb 100644 --- a/configs/all-configurations.nix +++ b/configs/all-configurations.nix @@ -9,12 +9,14 @@ imports = [ ./pretalx/pretalx.nix ./pretalx/postgresql.nix + ./dummy.nix ]; }; pretalx-mysql = { imports = [ ./pretalx/pretalx.nix ./pretalx/mysql.nix + ./dummy.nix ]; }; } diff --git a/configs/dummy.nix b/configs/dummy.nix new file mode 100644 index 000000000..a959e7c67 --- /dev/null +++ b/configs/dummy.nix @@ -0,0 +1,18 @@ +# This dummy configuration contains: +# 1. Options that probably anyone will copying from other files in +# `/configs/**/*.nix` will have defined anyways. +# The reason here is just to get rid of warnings and remove noise +# from the other configs +# 2. Use the unbootable module so that we can evaluate the toplevel +# without caring about boot. This will usually be overriden with +# `pkgs.lib.mkForce` whenver we want to boot the system. +# The fact that we use this module is also hidden here, not to +# confuse anyone just wanting to copy paste from other files in +# `/configs/**/*.nix`. +{...}: { + nixpkgs.hostPlatform = "x86_64-linux"; + system.stateVersion = "23.05"; + + # See the module in `/modules/unbootable.nix`. + unbootable = true; +} diff --git a/configs/pretalx/pretalx.nix b/configs/pretalx/pretalx.nix index 7d6d22ad7..0fb2dcce3 100644 --- a/configs/pretalx/pretalx.nix +++ b/configs/pretalx/pretalx.nix @@ -3,10 +3,6 @@ pkgs, ... }: { - imports = [./vm.nix]; - - nixpkgs.hostPlatform = "x86_64-linux"; - networking = { firewall.allowedTCPPorts = [config.services.nginx.defaultHTTPListenPort]; hostName = "server"; @@ -14,10 +10,14 @@ }; sops = { + # See . + + age.keyFile = "/dev/null"; # For a production configuration, set this option. + defaultSopsFile = "/dev/null"; # For a production configuration, set this option. + validateSopsFiles = false; # For a production configuration, remove this line. + secrets = let pretalxSecret = { - # For a production configuration also `sopsFile` is required. - # See . owner = config.services.pretalx.user; group = config.services.pretalx.group; }; @@ -50,7 +50,6 @@ backendFile = config.sops.secrets."pretalx/celery/backend".path; brokerFile = config.sops.secrets."pretalx/celery/broker".path; }; - init = { admin = { email = "pretalx@localhost"; @@ -77,6 +76,4 @@ recommendedProxySettings = true; }; }; - - system.stateVersion = "22.11"; } diff --git a/configs/pretalx/vm.nix b/configs/pretalx/vm.nix deleted file mode 100644 index dbbfc7d88..000000000 --- a/configs/pretalx/vm.nix +++ /dev/null @@ -1,10 +0,0 @@ -{modulesPath, ...}: { - imports = [ - "${modulesPath}/virtualisation/qemu-vm.nix" - ]; - - sops = { - age.keyFile = ./postgresql.nix; - defaultSopsFile = ./postgresql.nix; - }; -} diff --git a/flake.nix b/flake.nix index b1ae7b87a..8af19a866 100644 --- a/flake.nix +++ b/flake.nix @@ -24,6 +24,12 @@ ... }: with builtins; let + inherit + (nixpkgs.lib) + concatMapAttrs + nixosSystem + ; + importPackages = pkgs: import ./all-packages.nix { inherit (pkgs) newScope lib; @@ -45,14 +51,19 @@ sops-nix = sops-nix.nixosModules.default; }; + nixosSystemWithModules = config: nixosSystem {modules = [config] ++ attrValues extendedModules;}; + # Compute outputs that are invariant in the system architecture. allSystemsOutputs = system: let pkgs = importNixpkgs system [ nix-php-composer-builder.overlays.default ]; treefmtEval = loadTreefmt pkgs; + toplevel = name: config: { + "${name}-toplevel" = (nixosSystemWithModules config).config.system.build.toplevel; + }; in { - packages = importPackages pkgs; + packages = (importPackages pkgs) // (concatMapAttrs toplevel importNixosConfigurations); formatter = treefmtEval.config.build.wrapper; }; in @@ -99,12 +110,7 @@ # 3. // { nixosConfigurations = - mapAttrs ( - _: config: - nixpkgs.lib.nixosSystem { - modules = [config] ++ nixpkgs.lib.attrValues extendedModules; - } - ) + mapAttrs (_: config: nixosSystemWithModules config) importNixosConfigurations; nixosModules = diff --git a/modules/all-modules.nix b/modules/all-modules.nix index 3bc110e0f..c97954e9e 100644 --- a/modules/all-modules.nix +++ b/modules/all-modules.nix @@ -5,4 +5,5 @@ flarum = import ./flarum.nix; pretalx = import ./pretalx.nix; rosenpass = import ./rosenpass.nix; + unbootable = import ./unbootable.nix; } diff --git a/modules/unbootable.nix b/modules/unbootable.nix new file mode 100644 index 000000000..3b940ac4b --- /dev/null +++ b/modules/unbootable.nix @@ -0,0 +1,41 @@ +# This module is used with configuraion examples, to obtain +# +# config.system.build.toplevel +# +# without configuring any specific boot, i.e. no contaner (`boot.isContainer`) +# or virtualisation ("${modulesPath}/virtualisation/qemu-vm.nix"). +# Of course, the resulting system is (by default) unbootable, +# which might appear useless. +# However, evaluation of the toplevel is slightly faster, and boot can +# be restored by +# +# unbootable = pkgs.lib.mkForce false; +# +# or simply setting +# +# boot.initrd.enable +# boot.kernel.enable +# boot.loader.grub.enable +# +# accordingly. +{ + lib, + config, + ... +}: +with lib; { + options = { + unbootable = mkOption { + type = types.bool; + default = false; + description = "Prevent the system from booting."; + }; + }; + config = mkIf config.unbootable { + boot = { + initrd.enable = mkDefault false; + kernel.enable = mkDefault false; + loader.grub.enable = mkDefault false; + }; + }; +} diff --git a/tests/all-tests.nix b/tests/all-tests.nix index c4ec759a3..cfb84cf94 100644 --- a/tests/all-tests.nix +++ b/tests/all-tests.nix @@ -8,6 +8,7 @@ imports = [ modules.pretalx modules.sops-nix + modules.unbootable configurations.pretalx-postgresql ]; }; diff --git a/tests/pretalx/default.nix b/tests/pretalx/default.nix index a37a59df9..23d6c56a8 100644 --- a/tests/pretalx/default.nix +++ b/tests/pretalx/default.nix @@ -11,6 +11,8 @@ configurations.server ]; + unbootable = pkgs.lib.mkForce false; + sops = pkgs.lib.mkForce { age.keyFile = ./sops/keys.txt; defaultSopsFile = ./sops/pretalx.yaml;