NotAShelf/circus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
circus/nix/demo-vm.nix
NotAShelf 0d7d090950
 nix/demo-vm: remove useless MOTD 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ib80e6f2a568d7bfe7d7e7efc92f56f966a6a6964
2026-02-16 23:42:43 +03:00

139 lines
4.2 KiB
Nix
Raw Blame History

{
self,
pkgs,
lib,
}: let
inherit (lib.modules) mkForce;
fc-packages = self.packages.${pkgs.stdenv.hostPlatform.system};
# Demo password file to demonstrate passwordFile option
# Password must be at least 12 characters with at least one uppercase letter
demoPasswordFile = pkgs.writeText "demo-password" "DemoPassword123!";
nixos = pkgs.nixos ({
modulesPath,
pkgs,
...
}: {
imports = [
self.nixosModules.fc-ci
(modulesPath + "/virtualisation/qemu-vm.nix")
./vm-common.nix
{config._module.args = {inherit self;};}
];
services.fc-ci = {
enable = true;
package = fc-packages.fc-server;
evaluatorPackage = fc-packages.fc-evaluator;
queueRunnerPackage = fc-packages.fc-queue-runner;
migratePackage = fc-packages.fc-migrate-cli;
server.enable = true;
evaluator.enable = true;
queueRunner.enable = true;
settings = {
database.url = "postgresql:///fc?host=/run/postgresql";
gc.enabled = false;
logs.log_dir = "/var/lib/fc/logs";
cache.enabled = true;
signing.enabled = false;
server = {
# Bind to all interfaces so port forwarding works
host = mkForce "0.0.0.0";
port = 3000;
cors_permissive = mkForce true;
};
};
declarative.users = {
admin = {
email = "admin@localhost";
password = "AdminPassword123!";
role = "admin";
};
demo = {
email = "demo@localhost";
role = "read-only";
passwordFile = toString demoPasswordFile;
};
};
};
## Seed an admin API key on first boot
# Token: fc_demo_admin_key, SHA-256 hash inserted into api_keys
# A read-only key is also seeded for testing RBAC.
systemd.services.fc-seed-keys = {
description = "Seed demo API keys";
after = ["fc-server.service"];
requires = ["fc-server.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "fc";
Group = "fc";
};
path = [pkgs.postgresql pkgs.curl];
script = ''
# Wait for server to be ready
for i in $(seq 1 30); do
if curl -sf http://127.0.0.1:3000/health >/dev/null 2>&1; then
break
fi
sleep 1
done
# Admin key: fc_demo_admin_key
ADMIN_HASH="$(echo -n 'fc_demo_admin_key' | sha256sum | cut -d' ' -f1)"
psql -U fc -d fc -c "INSERT INTO api_keys (name, key_hash, role) VALUES ('demo-admin', '$ADMIN_HASH', 'admin') ON CONFLICT DO NOTHING" 2>/dev/null || true
# Read-only key: fc_demo_readonly_key
RO_HASH="$(echo -n 'fc_demo_readonly_key' | sha256sum | cut -d' ' -f1)"
psql -U fc -d fc -c "INSERT INTO api_keys (name, key_hash, role) VALUES ('demo-readonly', '$RO_HASH', 'read-only') ON CONFLICT DO NOTHING" 2>/dev/null || true
echo ""
echo "====================================================="
echo ""
echo " Dashboard: http://localhost:3000"
echo " Health: http://localhost:3000/health"
echo " API base: http://localhost:3000/api/v1"
echo ""
echo " Web login: admin / AdminPassword123! (admin)"
echo " demo / DemoPassword123! (read-only)"
echo ""
echo " Admin API key: fc_demo_admin_key"
echo " Read-only key: fc_demo_readonly_key"
echo ""
echo " Login at http://localhost:3000/login using"
echo " the credentials or the API key provided above."
echo ""
echo "====================================================="
'';
};
# Useful tools inside the VM
environment.systemPackages = with pkgs; [
curl
jq
htop
nix
nix-eval-jobs
git
zstd
];
# Misc VM settings
networking.hostName = "fc-demo";
networking.firewall.allowedTCPPorts = [3000];
services.getty.autologinUser = "root";
system.stateVersion = "26.11";
});
in
pkgs.writeShellApplication {
name = "run-fc-demo-vm";
text = "exec ${nixos.config.system.build.vm}/bin/run-fc-demo-vm";
}
Reference in a new issue View git blame Copy permalink