imp: pass {abort,warn}OnMissingIpModule to perNode nixosModule opts

Author: johnalotoski

flake/hydraJobs.nix

@@ -3,20 +3,14 @@
   lib,
   withSystem,
   ...
-} @ parts: {
+}: {
   flake.hydraJobs = lib.genAttrs config.systems (lib.flip withSystem (
     {
       config,
       pkgs,
       ...
     }: let
-      jobs = {
-        nixosConfigurations =
-          lib.mapAttrs
-          (_: {config, ...}: config.system.build.toplevel)
-          parts.config.flake.nixosConfigurations;
-        inherit (config) packages checks devShells;
-      };
+      jobs = {inherit (config) packages checks devShells;};
     in
       jobs
       // {

flake/nixosModules/profile-cardano-parts.nix

@@ -4,6 +4,8 @@
 #
 # Attributes available on nixos module import:
 #   config.cardano-parts.cluster.group.<...>                             # Inherited from flakeModule cluster.group assignment
+#   config.cardano-parts.perNode.generic.abortOnMissingIpModule
+#   config.cardano-parts.perNode.generic.warnOnMissingIpModule
 #   config.cardano-parts.perNode.lib.cardanoLib
 #   config.cardano-parts.perNode.lib.opsLib
 #   config.cardano-parts.perNode.lib.topologyLib
@@ -109,6 +111,12 @@ flake @ {moduleWithSystem, ...}: {
 
     perNodeSubmodule = submodule {
       options = {
+        generic = mkOption {
+          type = genericSubmodule;
+          description = mdDoc "Cardano-parts nixos perNode generic submodule";
+          default = {};
+        };
+
         lib = mkOption {
           type = libSubmodule;
           description = mdDoc "Cardano-parts nixos perNode lib submodule";
@@ -135,6 +143,26 @@ flake @ {moduleWithSystem, ...}: {
       };
     };
 
+    genericSubmodule = submodule {
+      options = {
+        abortOnMissingIpModule = mkOption {
+          type = bool;
+          description = mdDoc ''
+            The option to abort on missing downstream provided "ip-module" nixosModule.
+          '';
+          default = cfg.group.generic.abortOnMissingIpModule;
+        };
+
+        warnOnMissingIpModule = mkOption {
+          type = bool;
+          description = mdDoc ''
+            The option to warn on missing downstream provided "ip-module" nixosModule.
+          '';
+          default = cfg.group.generic.warnOnMissingIpModule;
+        };
+      };
+    };
+
     libSubmodule = submodule {
       options = foldl' recursiveUpdate {} [
         (mkSpecialOpt "cardanoLib" (attrsOf anything) (cfg.group.lib.cardanoLib system))

flakeModules/cluster.nix

@@ -18,6 +18,8 @@
 #   flake.cardano-parts.cluster.infra.generic.warnOnMissingIpModule
 #   flake.cardano-parts.cluster.infra.grafana.stackName
 #   flake.cardano-parts.cluster.groups.<default|name>.bookRelayMultivalueDns
+#   flake.cardano-parts.cluster.groups.<default|name>.generic.abortOnMissingIpModule
+#   flake.cardano-parts.cluster.groups.<default|name>.generic.warnOnMissingIpModule
 #   flake.cardano-parts.cluster.groups.<default|name>.groupBlockProducerSubstring
 #   flake.cardano-parts.cluster.groups.<default|name>.groupFlake
 #   flake.cardano-parts.cluster.groups.<default|name>.groupName
@@ -270,12 +272,31 @@ flake @ {
 
   groupSubmodule = submodule ({name, ...}: {
     options = {
-      meta = mkOption {
-        type = metaSubmodule;
-        description = mdDoc "Cardano-parts cluster group meta submodule.";
+      bookRelayMultivalueDns = mkOption {
+        type = nullOr str;
+        description = mdDoc ''
+          Cardano-parts cluster group(s) multivalue DNS.
+          Machines belonging to this group and in the relay role have their IP A address added to this multivalue DNS record.
+          This is intended to aggregate all group relays for a given environment to a single DNS for use as an upstream publicRoots.
+        '';
+        default = null;
+      };
+
+      generic = mkOption {
+        type = groupGenericSubmodule;
+        description = mdDoc "Cardano-parts cluster group generic submodule.";
         default = {};
       };
 
+      groupBlockProducerSubstring = mkOption {
+        type = str;
+        description = mdDoc ''
+          Cardano-parts cluster group block producer substring.
+          Machines belonging to this group and in the block producer role will have Colmena names containing this substring.
+        '';
+        default = "bp-";
+      };
+
       groupFlake = mkOption {
         type = attrsOf raw;
         description = mdDoc ''
@@ -314,16 +335,6 @@ flake @ {
         default = "";
       };
 
-      bookRelayMultivalueDns = mkOption {
-        type = nullOr str;
-        description = mdDoc ''
-          Cardano-parts cluster group(s) multivalue DNS.
-          Machines belonging to this group and in the relay role have their IP A address added to this multivalue DNS record.
-          This is intended to aggregate all group relays for a given environment to a single DNS for use as an upstream publicRoots.
-        '';
-        default = null;
-      };
-
       groupRelayMultivalueDns = mkOption {
         type = nullOr str;
         description = mdDoc ''
@@ -345,30 +356,47 @@ flake @ {
         default = "rel-";
       };
 
-      groupBlockProducerSubstring = mkOption {
-        type = str;
-        description = mdDoc ''
-          Cardano-parts cluster group block producer substring.
-          Machines belonging to this group and in the block producer role will have Colmena names containing this substring.
-        '';
-        default = "bp-";
+      meta = mkOption {
+        type = groupMetaSubmodule;
+        description = mdDoc "Cardano-parts cluster group meta submodule.";
+        default = {};
       };
 
       pkgs = mkOption {
-        type = pkgsSubmodule;
+        type = groupPkgsSubmodule;
         description = mdDoc "Cardano-parts cluster group pkgs submodule.";
         default = {};
       };
 
       lib = mkOption {
-        type = libSubmodule;
+        type = groupLibSubmodule;
         description = mdDoc "Cardano-parts cluster group lib submodule.";
         default = {};
       };
     };
   });
 
-  libSubmodule = submodule {
+  groupGenericSubmodule = submodule {
+    options = {
+      abortOnMissingIpModule = mkOption {
+        type = bool;
+        description = mdDoc ''
+          Cardano-parts cluster group option to abort on missing downstream provided "ip-module" nixosModule.
+        '';
+        default = cfg.cluster.infra.generic.abortOnMissingIpModule;
+      };
+
+      warnOnMissingIpModule = mkOption {
+        type = bool;
+        description = mdDoc ''
+          Cardano-parts cluster group option to warn on missing downstream provided "ip-module" nixosModule.
+        '';
+        default = cfg.cluster.infra.generic.warnOnMissingIpModule;
+      };
+    };
+  };
+
+  groupLibSubmodule = submodule {
     options = {
       cardanoLib = mkOption {
         type = functionTo (attrsOf anything);
@@ -394,7 +422,7 @@ flake @ {
     };
   };
 
-  metaSubmodule = submodule {
+  groupMetaSubmodule = submodule {
     options = {
       addressType = mkOption {
         type = enum ["fqdn" "namePrivateIpv4" "namePublicIpv4" "namePublicIpv6" "privateIpv4" "publicIpv4" "publicIpv6"];
@@ -519,7 +547,7 @@ flake @ {
     };
   };
 
-  pkgsSubmodule = submodule {
+  groupPkgsSubmodule = submodule {
     options = {
       blockfrost-platform = mkOption {
         type = functionTo package;

flakeModules/pkgs.nix

@@ -443,8 +443,6 @@ in
             (mkPkg "cardano-address" caPkgs."\"cardano-addresses:exe:cardano-address\"-IntersectMBO-cardano-addresses-4-0-0-3749045")
             (mkPkg "cardano-cli" (caPkgs.cardano-cli-input-output-hk-cardano-node-10-4-1-420c94f // {version = "10.8.0.0";}))
             (mkPkg "cardano-cli-ng" (caPkgs.cardano-cli-input-output-hk-cardano-node-10-4-1-420c94f // {version = "10.8.0.0";}))
-            # (mkPkg "cardano-db-sync" (recursiveUpdate caPkgs."\"cardano-db-sync:exe:cardano-db-sync\"-input-output-hk-cardano-db-sync-13-6-0-5-cb61094" {meta.mainProgram = "cardano-db-sync";}))
-            # (mkPkg "cardano-db-sync-ng" (recursiveUpdate caPkgs."\"cardano-db-sync:exe:cardano-db-sync\"-input-output-hk-cardano-db-sync-13-6-0-5-cb61094" {meta.mainProgram = "cardano-db-sync";}))
             (mkPkg "cardano-db-sync" caPkgs."\"cardano-db-sync:exe:cardano-db-sync\"-input-output-hk-cardano-db-sync-13-6-0-5-cb61094")
             (mkPkg "cardano-db-sync-ng" caPkgs."\"cardano-db-sync:exe:cardano-db-sync\"-input-output-hk-cardano-db-sync-13-6-0-5-cb61094")
             (mkPkg "cardano-db-tool" caPkgs."\"cardano-db-tool:exe:cardano-db-tool\"-input-output-hk-cardano-db-sync-13-6-0-5-cb61094")

templates/cardano-parts-project/flake/colmena.nix

@@ -84,8 +84,8 @@ in
 
       # Mithril signing config
       # mithrilRelay = {imports = [inputs.cardano-parts.nixosModules.profile-mithril-relay];};
-      # declMRel = node: {services.mithril-signer.relayEndpoint = nixosConfigurations.${node}.config.ips.privateIpv4;};
-      # declMSigner = node: {services.mithril-relay.signerIp = nixosConfigurations.${node}.config.ips.privateIpv4;};
+      # declMRel = node: {services.mithril-signer.relayEndpoint = nixosConfigurations.${node}.config.ips.privateIpv4 or "ip-module not available";};
+      # declMSigner = node: {services.mithril-relay.signerIp = nixosConfigurations.${node}.config.ips.privateIpv4 or "ip-module not available;};
 
       # Optimize tcp sysctl and route params for long distance transmission.
       # Apply to one relay per pool group.

templates/cardano-parts-project/flake/hydraJobs.nix

@@ -3,26 +3,50 @@
   lib,
   withSystem,
   ...
-} @ parts: {
-  flake.hydraJobs = lib.genAttrs config.systems (lib.flip withSystem (
+} @ parts:
+with builtins;
+with lib; {
+  flake.hydraJobs = genAttrs config.systems (flip withSystem (
     {
       config,
       pkgs,
       ...
     }: let
+      nixosCfgsNoIpModule =
+        mapAttrs
+        (name: cfg:
+          if cfg.config.cardano-parts.perNode.generic.abortOnMissingIpModule
+          then
+            # Hydra will not have access to "ip-module" IPV4/IPV6 secrets
+            # which are ordinarily only accessible from a deployer machine and
+            # are not committed. In this case, hydra can still complete a
+            # generic build without "ip-module" to check for other breakage.
+            cfg.extendModules {
+              modules = [
+                (_: {
+                  cardano-parts.perNode.generic = warn "Building machine ${name} without secret \"ip-module\" inclusion for hydraJobs CI" {
+                    abortOnMissingIpModule = false;
+                    warnOnMissingIpModule = false;
+                  };
+                })
+              ];
+            }
+          else cfg)
+        parts.config.flake.nixosConfigurations;
+
       jobs = {
         nixosConfigurations =
-          lib.mapAttrs
+          mapAttrs
           (_: {config, ...}: config.system.build.toplevel)
-          parts.config.flake.nixosConfigurations;
+          nixosCfgsNoIpModule;
         inherit (config) packages checks devShells;
       };
     in
       jobs
       // {
         required = pkgs.releaseTools.aggregate {
           name = "required";
-          constituents = lib.collect lib.isDerivation jobs;
+          constituents = collect isDerivation jobs;
         };
       }
   ));

templates/cardano-parts-project/flake/nixosModules/ip-module-check.nix

@@ -7,7 +7,7 @@ flake: {
     inherit (lib) optional;
     inherit (flake.config.flake) nixosModules;
 
-    cfgGeneric = flake.config.flake.cardano-parts.cluster.infra.generic;
+    cfgGeneric = config.cardano-parts.perNode.generic;
 
     msg = ''