Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / ec13fbd7a8bfe2eff569df5ad77d007599bbffc2
commitec13fbd7a8bfe2eff569df5ad77d007599bbffc2[log] [tgz]
authorSkyler Grey <sky@a.starrysky.fyi>Sat Aug 03 08:11:04 2024 +0000
committerSkyler Grey <minion@clicks.codes>Thu Aug 08 21:25:44 2024 +0000
tree0939effdc252adb440e26e6b55b79e178ad70509
parentd8ae8d9fe17014aab45eeee7bcb17ccc8d9256c3 [diff]
feat: Make modules evauluate without dependencies

Previously, module checks would stop us from evaluating if we didn't
include all of our dependencies' modules too. This became cumbersome if
someone was importing our flake, especially since as Nix doesn't stop
duplicate dependencies from being imported twice...

...by using optionalAttrs anywhere a dependency is needed, we stop Nix
being able to check that our options are valid, working around the issue

---

It's way too easy to make a mistake here, a first version of this change
had a bug where due to something like this...

x = lib.mkIf cfg.enable {  } // { foo = lib.optionalAttrs ... }

...which evaluates as...

x = { _type = "if"; value = ...; foo = lib.optionalAttrs ...; ...; }

...we ended up dropping the impermanence options which mount our storage

It's really critical, therefore, to check that you aren't munging
attrsets into mkIf statements when you start using a mix of them

Change-Id: I7b786af965b3fd1012d956262aea72305b60db27
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/811
Reviewed-by: Skyler Grey <minion@clicks.codes>
Tested-by: Skyler Grey <minion@clicks.codes>
7 files changed
tree: 0939effdc252adb440e26e6b55b79e178ad70509
  1. .reuse/
  2. .vscode/
  3. lib/
  4. LICENSES/
  5. modules/
  6. overlays/
  7. packages/
  8. secrets/
  9. shells/
  10. systems/
  11. .editorconfig
  12. .envrc
  13. .gitignore
  14. .gitreview
  15. .gitreview.license
  16. CONTRIBUTORS.md
  17. flake.lock
  18. flake.lock.license
  19. flake.nix
  20. README.md
README.md

Clicks - Infrastructure

This repository contains system configuration for Clicks's infrastructure.

Config

Config is written using Snowfall lib. It keeps us organized and has some nice features like namespaces.

Systems

Devices are named after colors, areas are named as a letter, with the matching phonetic alphabet word. Areas are generally managed by one member of Clicks, who has full access to all of the servers in that area. If you require help for a specific area you can email admin@clicks.codes and in the subject line include the area you want help for.

SystemDescriptionAddress
tealPrimary Hostteal.alpha.clicks.domains
a1d2Build Serverd2.a1.clicks.domains

Deploying

Deploys are done with deploy-rs, you'll need to be able to ssh into a machine with its hostname (either by a nifty .ssh/config rule or tailscale).

Once you've done that, you'll be able to deploy with

$ deploy .#MACHINE_NAME

Assumed dependencies

If you're importing our modules, even if you don't enable most of them, you'll find it easiest and best to import them all. This is because the nixpkgs module system checks if all given options are defined, even if they aren't enabled in your specific configuration.

The module system doesn't do this with traditional if statements or lib.optionalAttrs, only lib.mkIf, so we've made sure to use lib.optionalAttrs for anything that depends on things not in this list:

  • all modules defined in nixpkgs
  • all modules exported from this flake, which include only modules defined here

We expect the majority of you will already have all of these imported. We use and test against stateVersion = "24.05", and while we expect these modules to generally work with earlier or later stateVersions, please be aware that this could cause unexpcted effects

We may also depend on:

  • the standard arguments provided by lib.nixosSystem (lib, pkgs, etc.) being passed into our modules
  • lib being extended such that lib.clicks is equal to the lib exported from our flake

We expect the lib extension to be a minor change, and providing standard arguments to modules to already be the case.

This means that, provided you don't enable any options, importing the Clicks modules will be safe so long as your flake fulfils all of these factors: we won't break eval and we won't change any of your settings. If you'd like to see how we test that, please check out ./modules.spec.nix

We expect no additions to this list, except a potential future change of adding auxolotl modules to this list when we consider them stable and easily-importable. Additions to this list will always be considered breaking changes.

(n.b. If you're wondering why we didn't use lib.optionalAttrs everywhere, it's because using it loses us some laziness, making it much easier to make infinite recursions. If we replaced every lib.mkIf with lib.optionalAttrs in our own config, for instance, it would no longer evaluate)