Enable system manager and install nginx #2010

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft

jfroche wants to merge 7 commits into test/ansible-tasks from system-manager-nginx

+333 −3

.github/actions/nix-install-ephemeral/action.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -42,9 +42,11 @@ runs: @@
             NIX_SIGN_SECRET_KEY: ${{ env.NIX_SIGN_SECRET_KEY }}
         - uses: NixOS/nix-installer-action@d6ef7ecd8f685af89869e5aca0580a33e3e3150c
           with:
-            installer-version: 2.33.1
+            installer-version: 2.32.5
             extra-conf: |
               substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com
               trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
               ${{ inputs.push-to-cache == 'true' && 'post-build-hook = /etc/nix/upload-to-cache.sh' || '' }}
+              extra-experimental-features = auto-allocate-uids cgroups
+              auto-allocate-uids = true
               max-jobs = 4

.github/workflows/ansible-test.yml

-Original file line number
+Diff line change
@@ -0,0 +1,27 @@
+    name: Ansible Test
+    on:
+      pull_request:
+      merge_group:
+      workflow_dispatch:
+    permissions:
+      id-token: write
+    jobs:
+      ansible-test:
+        runs-on: ubuntu-latest
+        steps:
+          - name: Checkout Repo
+            uses: supabase/postgres/.github/actions/shared-checkout@HEAD
+          - name: Install nix
+            uses: ./.github/actions/nix-install-ephemeral
+            with:
+              push-to-cache: 'true'
+            env:
+              DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
+              NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
+          - name: Run Ansible Test
+            run: nix run .#ansible-test

.github/workflows/check-system-manager.yml

-Original file line number
+Diff line change
@@ -0,0 +1,27 @@
+    name: Check System Manager
+    on:
+      pull_request:
+      merge_group:
+      workflow_dispatch:
+    permissions:
+      id-token: write
+    jobs:
+      check-system-manager:
+        runs-on: ubuntu-latest
+        steps:
+          - name: Checkout Repo
+            uses: supabase/postgres/.github/actions/shared-checkout@HEAD
+          - name: Install nix
+            uses: ./.github/actions/nix-install-ephemeral
+            with:
+              push-to-cache: 'true'
+            env:
+              DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
+              NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
+          - name: Run check-system-manager
+            run: nix build .#checks.x86_64-linux.check-system-manager -L

ansible/tasks/setup-nix.yml

-Original file line number
+Diff line change
@@ -0,0 +1,11 @@
+    ---
+    - name: Check if nix is installed
+      ansible.builtin.command: which nix
+      register: nix_installed
+      failed_when: nix_installed.rc != 0
+      ignore_errors: true
+    - name: Install nix
+      ansible.builtin.shell: curl --proto '=https' --tlsv1.2 -sSf -L https://artifacts.nixos.org/experimental-installer | sh -s -- install --no-confirm --extra-conf 'substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com' --extra-conf 'trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY='
+      when: nix_installed.rc != 0
+      become: true

ansible/tasks/setup-system-manager.yml

-Original file line number
+Diff line change
@@ -0,0 +1,7 @@
+    ---
+    - name: Deploy system manager
+      ansible.builtin.shell: |
+        . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
+        cd /tmp
+        nix run --accept-flake-config /flake#system-manager -- switch --flake /flake
+      become: true

ansible/tests/nix.yaml

-Original file line number
+Diff line change
@@ -0,0 +1,8 @@
+    ---
+    - name: Test nix setup and system-manager deployment
+      hosts: localhost
+      tasks:
+        - name: Setup nix
+          ansible.builtin.import_tasks: ../tasks/setup-nix.yml
+        - name: Setup system-manager
+          ansible.builtin.import_tasks: ../tasks/setup-system-manager.yml

ansible/tests/test_nix.py

-Original file line number
+Diff line change
@@ -0,0 +1,10 @@
+    import pytest
+    @pytest.fixture(scope="module", autouse=True)
+    def run_ansible(run_ansible_playbook):
+        run_ansible_playbook("nix.yaml", verbose=True)
+    def test_nix_service(host):
+        assert host.service("nix-daemon.service").is_running

flake.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

flake.nix

-Original file line number
+Diff line change
@@ Expand Up / @@ -29,6 +29,8 @@ @@
         rust-overlay.url = "github:oxalica/rust-overlay";
         treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
         treefmt-nix.url = "github:numtide/treefmt-nix";
+        system-manager.inputs.nixpkgs.follows = "nixpkgs";
+        system-manager.url = "github:numtide/system-manager/fix-shadow-perm-owner";
       };
       outputs =
@@ Expand All / @@ -50,6 +52,8 @@ @@
             nix/nixpkgs.nix
             nix/packages
             nix/overlays
+            nix/systemModules
+            nix/systemConfigs.nix
           ];
         });
     }

nix/packages/ansible-test.nix

-Original file line number
+Diff line change
@@ -1,4 +1,7 @@
-    { self, pkgs }:
+    {
+      self,
+      pkgs,
+    }:
     pkgs.writeShellApplication {
       name = "ansible-test";
       runtimeInputs = with pkgs; [
@@ Expand Down @@

nix/packages/default.nix

-Original file line number
+Diff line change
@@ Expand Up / @@ -33,9 +33,9 @@ @@
         {
           packages = (
             {
+              ansible-test = pkgs.callPackage ./ansible-test.nix { inherit self; };
               build-ami = pkgs.callPackage ./build-ami.nix { packer = self'.packages.packer; };
               build-test-ami = pkgs.callPackage ./build-test-ami.nix { packer = self'.packages.packer; };
-              ansible-test = pkgs.callPackage ./ansible-test.nix { inherit self; };
               cleanup-ami = pkgs.callPackage ./cleanup-ami.nix { };
               dbmate-tool = pkgs.callPackage ./dbmate-tool.nix { inherit (self.supabase) defaults; };
               docker-ansible-test = pkgs.callPackage ./docker-ansible-test.nix {
@@ Expand Down Expand Up / @@ -80,6 +80,7 @@ @@
                 inherit (self'.packages) overlayfs-on-package;
               };
               sync-exts-versions = pkgs.callPackage ./sync-exts-versions.nix { inherit (inputs') nix-editor; };
+              system-manager = inputs'.system-manager.packages.default;
               trigger-nix-build = pkgs.callPackage ./trigger-nix-build.nix { };
               update-readme = pkgs.callPackage ./update-readme.nix { };
               inherit (pkgs.callPackage ./wal-g.nix { }) wal-g-2;
@@ Expand Down @@

nix/systemConfigs.nix

-Original file line number
+Diff line change
@@ -0,0 +1,30 @@
+    { self, inputs, ... }:
+    let
+      mkModules = system: [
+        ({
+          services.nginx.enable = true;
+          nixpkgs.hostPlatform = system;
+        })
+      ];
+      systems = [
+        "aarch64-linux"
+        "x86_64-linux"
+      ];
+      mkSystemConfig = system: {
+        name = system;
+        value.default = inputs.system-manager.lib.makeSystemConfig {
+          modules = mkModules system;
+          extraSpecialArgs = {
+            inherit self;
+            inherit system;
+          };
+        };
+      };
+    in
+    {
+      flake = {
+        systemConfigs = builtins.listToAttrs (map mkSystemConfig systems);
+      };
+    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Enable system manager and install nginx #2010

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Enable system manager and install nginx #2010

Are you sure you want to change the base?

Enable system manager and install nginx #2010

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!

Uh oh!