phase 5

2025-11-02 01:47:25 -06:00
parent 48020b6f42
commit 010df31455
45 changed files with 8045 additions and 720 deletions
--- a/nixos/dev-services.nix
+++ b/nixos/dev-services.nix
@@ -0,0 +1,99 @@
+{ pkgs, lib, ... }:
+
+{
+  # Development services configuration for Reference Board Viewer
+  # Can be used for: local dev, CI VMs, and testing
+  # Reusable via nixos-generators
+
+  # Networking
+  networking.firewall.enable = false; # Open for development
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_16;
+
+    # Listen on all interfaces (for VM access)
+    settings = {
+      listen_addresses = lib.mkForce "*";
+      port = 5432;
+    };
+
+    # Initialize database and user
+    ensureDatabases = [ "webref" ];
+    ensureUsers = [
+      {
+        name = "webref";
+        ensureDBOwnership = true;
+      }
+    ];
+
+    # Development authentication (trust for development/testing)
+    authentication = pkgs.lib.mkOverride 10 ''
+      local all all trust
+      host all all 0.0.0.0/0 trust
+      host all all ::0/0 trust
+    '';
+
+    # Enable UUID extension
+    initialScript = pkgs.writeText "init.sql" ''
+      CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+    '';
+  };
+
+  # MinIO service for object storage
+  services.minio = {
+    enable = true;
+    rootCredentialsFile = pkgs.writeText "minio-credentials" ''
+      MINIO_ROOT_USER=minioadmin
+      MINIO_ROOT_PASSWORD=minioadmin
+    '';
+
+    # Data directory
+    dataDir = [ "/var/lib/minio/data" ];
+
+    # Listen on all interfaces
+    listenAddress = ":9000";
+    consoleAddress = ":9001";
+  };
+
+  # Create webref bucket on startup
+  systemd.services.minio-init = {
+    description = "Initialize MinIO buckets";
+    after = [ "minio.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+
+    script = ''
+      # Wait for MinIO to be ready
+      until ${pkgs.curl}/bin/curl -sf http://localhost:9000/minio/health/live > /dev/null 2>&1; do
+        echo "Waiting for MinIO..."
+        sleep 1
+      done
+
+      # Configure mc alias and create bucket
+      ${pkgs.minio-client}/bin/mc alias set local http://localhost:9000 minioadmin minioadmin || true
+      ${pkgs.minio-client}/bin/mc mb local/webref || true
+      ${pkgs.minio-client}/bin/mc anonymous set public local/webref || true
+
+      echo "MinIO initialized with webref bucket"
+    '';
+  };
+
+  # Optional: Redis for caching/background tasks (Phase 2)
+  # Uncomment when needed:
+  # services.redis.servers.webref = {
+  #   enable = true;
+  #   port = 6379;
+  #   bind = "0.0.0.0";
+  # };
+
+  # Ensure services start automatically
+  systemd.targets.multi-user.wants = [
+    "postgresql.service"
+    "minio.service"
+  ];
+}
--- a/nixos/gitea-runner.nix
+++ b/nixos/gitea-runner.nix
@@ -1,114 +0,0 @@
-{ pkgs, ... }:
-
-{
-  # Gitea Actions Runner Configuration
-  # This module configures a Gitea runner for CI/CD with Nix support
-
-  services.gitea-actions-runner = {
-    package = pkgs.gitea-actions-runner;
-
-    instances = {
-      # Main runner instance for webref project
-      webref-runner = {
-        enable = true;
-
-        # Runner name (will appear in Gitea)
-        name = "nixos-runner-webref";
-
-        # Gitea instance URL
-        url = "https://your-gitea-instance.com";
-
-        # Runner token - Generate this from Gitea:
-        # Settings -> Actions -> Runners -> Create New Runner
-        # Store the token in a file and reference it here
-        tokenFile = "/var/secrets/gitea-runner-token";
-
-        # Labels define what jobs this runner can handle
-        # Format: "label:docker_image" or just "label" for host execution
-        labels = [
-          # Native execution with Nix
-          "nix:native"
-
-          # Ubuntu-like for compatibility
-          "ubuntu-latest:docker://node:20-bookworm"
-
-          # Specific for this project
-          "webref:native"
-        ];
-
-        # Host packages available to the runner
-        hostPackages = with pkgs; [
-          # Essential tools
-          bash
-          coreutils
-          curl
-          git
-          nix
-
-          # Project-specific
-          nodejs
-          python3
-          postgresql
-
-          # Binary cache
-          attic-client
-
-          # Container runtime (optional)
-          docker
-          docker-compose
-        ];
-      };
-    };
-  };
-
-  # Enable Docker for service containers (PostgreSQL, MinIO, etc.)
-  virtualisation.docker = {
-    enable = true;
-    autoPrune.enable = true;
-    autoPrune.dates = "weekly";
-  };
-
-  # Ensure the runner user has access to Docker
-  users.users.gitea-runner = {
-    isSystemUser = true;
-    group = "gitea-runner";
-    extraGroups = [ "docker" ];
-  };
-
-  users.groups.gitea-runner = { };
-
-  # Allow runner to use Nix
-  nix.settings = {
-    allowed-users = [ "gitea-runner" ];
-    trusted-users = [ "gitea-runner" ];
-
-    # Enable flakes for the runner
-    experimental-features = [
-      "nix-command"
-      "flakes"
-    ];
-
-    # Optimize for CI performance
-    max-jobs = "auto";
-    cores = 0; # Use all available cores
-  };
-
-  # Network access for downloading packages
-  networking.firewall = {
-    # If your runner needs to expose ports, configure them here
-    # allowedTCPPorts = [ ];
-  };
-
-  # Systemd service optimizations
-  systemd.services."gitea-runner-webref-runner" = {
-    serviceConfig = {
-      # Resource limits (adjust based on your hardware)
-      MemoryMax = "8G";
-      CPUQuota = "400%"; # 4 cores
-
-      # Restart policy
-      Restart = "always";
-      RestartSec = "10s";
-    };
-  };
-}
--- a/nixos/tests.nix
+++ b/nixos/tests.nix
@@ -9,33 +9,10 @@
      machine =
        { pkgs, ... }:
        {
-          # PostgreSQL service
-          services.postgresql = {
-            enable = true;
-            ensureDatabases = [ "webref" ];
-            ensureUsers = [
-              {
-                name = "webref";
-                ensureDBOwnership = true;
-              }
-            ];
-            authentication = ''
-              local all all trust
-              host all all 127.0.0.1/32 trust
-              host all all ::1/128 trust
-            '';
-          };
+          # Import shared service configuration
+          imports = [ ./dev-services.nix ];

-          # MinIO service
-          services.minio = {
-            enable = true;
-            rootCredentialsFile = pkgs.writeText "minio-credentials" ''
-              MINIO_ROOT_USER=minioadmin
-              MINIO_ROOT_PASSWORD=minioadmin
-            '';
-          };
-
-          # Install required packages
+          # Test-specific packages
          environment.systemPackages = with pkgs; [
            python3
            python3Packages.pytest
@@ -43,9 +20,6 @@
            postgresql
            curl
          ];
-
-          # Network configuration
-          networking.firewall.enable = false;
        };
    };

@@ -78,34 +52,15 @@
      machine =
        { pkgs, ... }:
        {
-          # PostgreSQL
-          services.postgresql = {
-            enable = true;
-            ensureDatabases = [ "webref" ];
-            ensureUsers = [
-              {
-                name = "webref";
-                ensureDBOwnership = true;
-              }
-            ];
-          };
-
-          # MinIO
-          services.minio = {
-            enable = true;
-            rootCredentialsFile = pkgs.writeText "minio-credentials" ''
-              MINIO_ROOT_USER=minioadmin
-              MINIO_ROOT_PASSWORD=minioadmin
-            '';
-          };
+          # Import shared service configuration
+          imports = [ ./dev-services.nix ];

+          # Test-specific packages
          environment.systemPackages = with pkgs; [
            python3
            curl
            jq
          ];
-
-          networking.firewall.enable = false;
        };
    };

@@ -136,9 +91,10 @@
      machine =
        { pkgs, ... }:
        {
-          services.postgresql.enable = true;
-          services.minio.enable = true;
+          # Import shared service configuration
+          imports = [ ./dev-services.nix ];

+          # Test-specific packages
          environment.systemPackages = with pkgs; [
            python3
          ];
@@ -161,16 +117,8 @@
      machine =
        { pkgs, ... }:
        {
-          services.postgresql = {
-            enable = true;
-            ensureDatabases = [ "webref" ];
-            ensureUsers = [
-              {
-                name = "webref";
-                ensureDBOwnership = true;
-              }
-            ];
-          };
+          # Import shared service configuration
+          imports = [ ./dev-services.nix ];

          # Create system user for testing
          users.users.webref = {
@@ -179,6 +127,7 @@
          };
          users.groups.webref = { };

+          # Test-specific packages
          environment.systemPackages = with pkgs; [
            python3
            nmap