diff --git a/packages/checks/default.nix b/packages/checks/default.nix index 8d77d4f..2aef255 100644 --- a/packages/checks/default.nix +++ b/packages/checks/default.nix @@ -1,4 +1,4 @@ -{ config, lib, self, extendModules, ... }: +{ config, lib, self, ... }: let timeMachine = { @@ -50,10 +50,6 @@ in searxng = pkgs.callPackage ./searxng.nix { inherit (self'.packages) searxng; }; - - simulacrum = pkgs.callPackage ./simulacrum.nix { - inherit config extendModules; - }; }; }; } diff --git a/packages/checks/simulacrum.nix b/packages/checks/simulacrum.nix deleted file mode 100644 index 37adfaa..0000000 --- a/packages/checks/simulacrum.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ testers, config, extendModules, lib, system }: - -let - lift = config; - - snakeoil = { - ssh = { - public = lib.fileContents ./snakeoil/ssh/snakeoil-key.pub; - private = ./snakeoil/ssh/snakeoil-key; - }; - wireguard = { - public = lib.genAttrs nodes (node: lib.fileContents ./snakeoil/wireguard/public-key-${toString digits.${node}}); - private = lib.genAttrs nodes (node: ./snakeoil/wireguard/private-key-${toString digits.${node}}); - }; - }; - - nodes = lib.attrNames config.gods.fromLight; - digits = lib.attrsets.listToAttrs (lib.zipListsWith lib.nameValuePair nodes (lib.range 1 255)); - depot' = extendModules { - modules = [ - ({ config, ... }: { - gods.fromLight = lib.mapAttrs (name: cfg: { - interfaces.primary = { - link = lib.mkForce "vprimary"; - }; - ssh.id.publicKey = lib.mkForce snakeoil.ssh.public; - }) lift.gods.fromLight; - - cluster = lib.mkForce (lift.cluster.extendModules { - specialArgs.depot = config; - modules = [ - { - hostLinks = lib.genAttrs nodes (node: { - mesh.extra = lib.mkForce (lift.cluster.config.hostLinks.${node}.mesh.extra // { - pubKey = snakeoil.wireguard.public.${node}; - }); - }); - } - ]; - }); - }) - ]; - }; - specialArgs = depot'.config.lib.summon system lib.id; -in - -testers.runNixOSTest { - name = "simulacrum"; - - node = { inherit specialArgs; }; - nodes = lib.genAttrs nodes (node: let - hour = depot'.config.hours.${node}; - in { - imports = [ - specialArgs.depot.hours.${node}.nixos - ./modules/nixos/age-dummy-secrets - ./modules/nixos/external-storage.nix - ] ++ depot'.config.cluster.config.out.injectNixosConfigForServices [ "consul" "certificates" "nginx" "wireguard" "frangiclave" ] node; - - boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; - networking = { - interfaces = { - ${hour.interfaces.primary.link} = { - useDHCP = lib.mkForce false; - virtual = true; - ipv4.addresses = lib.mkForce [ - { - address = hour.interfaces.primary.addr; - prefixLength = 32; - } - ]; - }; - eth1.ipv4.routes = lib.pipe nodes [ - (lib.filter (n: n != node)) - (map (n: let - hour = depot'.config.hours.${n}; - in { - address = hour.interfaces.primary.addrPublic; - prefixLength = 32; - via = "192.168.1.${toString digits.${n}}"; - })) - ]; - }; - - firewall.extraCommands = lib.mkAfter (lib.optionalString (hour.interfaces.primary.isNat) '' - # self-nat - iptables -t nat -A PREROUTING -d ${hour.interfaces.primary.addrPublic} -j DNAT --to-destination ${hour.interfaces.primary.addr} - iptables -t nat -A POSTROUTING -s ${hour.interfaces.primary.addr} -j SNAT --to-source ${hour.interfaces.primary.addrPublic} - ''); - }; - - systemd.services = { - hyprspace.enable = false; - cachix-agent.enable = false; - }; - - environment.etc = { - "ssh/ssh_host_ed25519_key" = { - source = snakeoil.ssh.private; - mode = "0400"; - }; - "dummy-secrets/cluster-wireguard-meshPrivateKey".source = lib.mkForce snakeoil.wireguard.private.${node}; - "dummy-secrets/grafana-agent-blackbox-secret-monitoring".text = lib.mkForce '' - SECRET_MONITORING_BLACKBOX_TARGET_1_NAME=example-external-service - SECRET_MONITORING_BLACKBOX_TARGET_1_MODULE=http2xx - SECRET_MONITORING_BLACKBOX_TARGET_1_ADDRESS=http://127.0.0.1:1 - ''; - "dummy-secrets/garageRpcSecret".text = lib.mkForce "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - }; - virtualisation = { - cores = 2; - memorySize = 4096; - }; - }); - - testScript = '' - grail.succeed("false") - ''; -}