summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorseth <[email protected]>2023-12-16 12:12:20 -0500
committerseth <[email protected]>2023-12-16 13:09:49 -0500
commit0ed2febd06cbf1d4e0af957e2981296ea1b373ab (patch)
treec8a39869da8aad241c10571793eb33f516672319
parentc648beab27adbbf2bfd8bafad56ae54bb3e1b195 (diff)
ci: back to garnix once again
i kinda miss hci but im done switching until i get infra for it
Diffstat
-rw-r--r--.github/workflows/ci.yaml123
-rw-r--r--.github/workflows/deploy.yaml25
-rw-r--r--README.md4
-rw-r--r--ci.nix35
-rw-r--r--dev.nix5
-rw-r--r--flake.lock57
-rw-r--r--flake.nix23
-rw-r--r--garnix.yaml10
-rw-r--r--modules/shared/nix.nix4
-rw-r--r--secrets/atlas/atticCreds.age10
-rw-r--r--secrets/secrets.nix1
-rw-r--r--systems/atlas/attic.nix33
-rw-r--r--systems/atlas/default.nix1
-rw-r--r--systems/atlas/nginx.nix6
-rw-r--r--systems/default.nix1
-rw-r--r--tf/cloudflare/dns.nix5
-rw-r--r--tf/cloudflare/ruleset.nix17
-rw-r--r--users/seth/programs/default.nix40
-rw-r--r--workflow.nix16
19 files changed, 82 insertions, 334 deletions
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
deleted file mode 100644
index 60e2dec..0000000
--- a/.github/workflows/ci.yaml
+++ /dev/null
@@ -1,123 +0,0 @@
-name: CI
-
-on:
- pull_request:
- workflow_call:
- secrets:
- ATTIC_TOKEN:
- required: true
- workflow_dispatch:
-
-jobs:
- eval:
- name: Evaluate flake
- runs-on: ubuntu-latest
-
- outputs:
- matrix: ${{ steps.evaluate.outputs.matrix }}
-
- steps:
- - uses: actions/checkout@v4
-
- - name: Install Nix
- uses: DeterminateSystems/nix-installer-action@v9
-
- - name: Evaluate matrix
- id: evaluate
- run: |
- set -eu
- echo "matrix=$(nix eval --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT"
-
- build:
- needs: eval
-
- strategy:
- fail-fast: false
- matrix: ${{ fromJSON(needs.eval.outputs.matrix) }}
-
- name: Build (${{ matrix.attr }})
- runs-on: ${{ matrix.os }}
-
- steps:
- - uses: actions/checkout@v4
-
- - name: Setup QEMU
- if: matrix.arch == 'aarch64'
- uses: docker/setup-qemu-action@v3
- with:
- platforms: "arm64"
-
- - name: Install Nix
- if: matrix.arch != 'aarch64'
- uses: DeterminateSystems/nix-installer-action@v9
-
- - name: Install Nix (with aarch64)
- if: matrix.arch == 'aarch64'
- uses: DeterminateSystems/nix-installer-action@v9
- with:
- extra-conf: "extra-platforms = aarch64-linux arm-linux"
-
- - name: Setup local Nix cache
- uses: DeterminateSystems/magic-nix-cache-action@v2
-
- - name: Setup Attic cache
- if: github.event_name != 'pull_request'
- uses: ryanccn/attic-action@v0
- with:
- endpoint: https://cache.mydadleft.me
- cache: flake
- token: ${{ secrets.ATTIC_TOKEN }}
-
- - name: Run build
- run: |
- nix build -L --accept-flake-config .#${{ matrix.attr }}
-
- check:
- strategy:
- fail-fast: false
- matrix:
- os: [ubuntu-latest, macos-latest]
-
- name: Check flake (${{ matrix.os }})
- runs-on: ${{ matrix.os }}
-
- steps:
- - uses: actions/checkout@v4
-
- - name: Install Nix
- uses: DeterminateSystems/nix-installer-action@v9
-
- - name: Setup local Nix cache
- uses: DeterminateSystems/magic-nix-cache-action@v2
-
- - name: Setup Attic cache
- if: github.event_name != 'pull_request'
- uses: ryanccn/attic-action@v0
- with:
- endpoint: https://cache.mydadleft.me
- cache: flake
- token: ${{ secrets.ATTIC_TOKEN }}
-
- - name: Run check
- run: nix flake check --show-trace --accept-flake-config
-
- # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794
- gate:
- needs: [build, check]
-
- name: CI Gate
- runs-on: ubuntu-latest
-
- if: always()
-
- steps:
- - name: Exit with result
- run: |
- build_result="${{ needs.build.result }}"
- check_result="${{ needs.check.result }}"
-
- results=("$build_result" "$check_result")
-
- for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done
-
- exit 0
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 0311f3f..be6f850 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -1,22 +1,21 @@
name: Deploy infrastructure
on:
- push:
- branches: [main]
+ check_suite:
+ types: [completed]
workflow_dispatch:
jobs:
- ci:
- name: CI
- uses: ./.github/workflows/ci.yaml
- secrets: inherit
-
nixos:
- needs: ci
-
name: Deploy NixOS systems
runs-on: ubuntu-latest
+ # https://github.com/sellout/bash-strict-mode/commit/9bf1d65c2f786a9887facfcb81e06d8b8b5f4667
+ if: github.event.check_suite.app.name == 'Garnix CI'
+ && github.event.check_suite.conclusion == 'success'
+ && github.event.check_suite.latest_check_runs_count >= 12
+ && github.event.check_suite.head_branch == 'main'
+
concurrency:
group: deploy
cancel-in-progress: true
@@ -27,12 +26,8 @@ jobs:
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v9
- - name: Setup Attic cache
- uses: ryanccn/attic-action@v0
- with:
- endpoint: https://cache.mydadleft.me
- cache: flake
- token: ${{ secrets.ATTIC_TOKEN }}
+ - name: Setup local Nix cache
+ uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Connect to Tailscale
uses: tailscale/github-action@v2
diff --git a/README.md b/README.md
index 641c89d..720d277 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
[![made with neovim](https://img.shields.io/static/v1?label=made%20with&message=neovim&color=00b952&style=flat-square&logo=neovim)](https://neovim.io/)
[![nixos unstable](https://img.shields.io/static/v1?label=NixOS&message=unstable&color=5277c3&style=flat-square&logo=nixos)](https://nixos.org/)
-![build status](https://img.shields.io/github/actions/workflow/status/getchoo/flake/deploy.yaml?style=flat-square&logo=github&logoColor=238F97CB&label=CI&color=8f97cb)
+[![built with garnix](https://img.shields.io/endpoint?url=https%3A%2F%2Fgarnix.io%2Fapi%2Fbadges%2Fgetchoo%2Fflake%3Fbranch%3Dmain)](https://garnix.io)
greasy taco i love
@@ -34,7 +34,7 @@ my ampere arm server from oracle, services my miniflux instance.
there are some amazing tools i use to make/manage this flake that i would highly recommend checking out:
-- [attic](https://github.com/zhaofengli/attic)
+- [garnix](https://garnix.io)
- [home-manager](https://github.com/nix-community/home-manager)
- [agenix](https://github.com/ryantm/agenix)
- [deploy-rs](https://github.com/serokell/deploy-rs)
diff --git a/ci.nix b/ci.nix
new file mode 100644
index 0000000..c2d3ae6
--- /dev/null
+++ b/ci.nix
@@ -0,0 +1,35 @@
+{self, ...}: {
+ perSystem = {
+ lib,
+ pkgs,
+ system,
+ config,
+ ...
+ }: {
+ packages = let
+ allConfigurations = [
+ "nixosConfigurations"
+ "darwinConfigurations"
+ "homeConfigurations"
+ ];
+
+ configurations = lib.pipe allConfigurations [
+ (configs: lib.getAttrs configs self)
+ builtins.attrValues
+ (lib.concatMap builtins.attrValues)
+ (lib.filter (deriv: deriv.pkgs.system == system))
+ (map (deriv: deriv.config.system.build.toplevel or deriv.activationPackage))
+ ];
+
+ required = [
+ configurations
+ (builtins.attrValues config.checks)
+ (builtins.attrValues config.devShells)
+ ];
+ in {
+ ciGate = pkgs.writeText "ci-gate" ''
+ ${lib.concatMapStringsSep "\n" toString required}
+ '';
+ };
+ };
+}
diff --git a/dev.nix b/dev.nix
index 7ff2996..49b6215 100644
--- a/dev.nix
+++ b/dev.nix
@@ -36,10 +36,7 @@
jq
opentofu
]
- ++ lib.optionals stdenv.isLinux (with inputs'; [
- agenix.packages.agenix
- attic.packages.default
- ]);
+ ++ lib.optional stdenv.isLinux inputs'.agenix.packages.agenix;
};
};
diff --git a/flake.lock b/flake.lock
index 8f13b9b..4368850 100644
--- a/flake.lock
+++ b/flake.lock
@@ -57,41 +57,6 @@
"type": "github"
}
},
- "attic": {
- "inputs": {
- "crane": [
- "lanzaboote",
- "crane"
- ],
- "flake-compat": [
- "pre-commit",
- "flake-compat"
- ],
- "flake-utils": [
- "pre-commit",
- "flake-utils"
- ],
- "nixpkgs": [
- "nixpkgs"
- ],
- "nixpkgs-stable": [
- "nixpkgs-stable"
- ]
- },
- "locked": {
- "lastModified": 1698258239,
- "narHash": "sha256-qnhoYYIJ0L/P7H/f56lQUEvpzNlXh4sxuHpRERV+B44=",
- "owner": "zhaofengli",
- "repo": "attic",
- "rev": "e9918bc6be268da6fa97af6ced15193d8a0421c0",
- "type": "github"
- },
- "original": {
- "owner": "zhaofengli",
- "repo": "attic",
- "type": "github"
- }
- },
"catppuccin": {
"inputs": {
"home-manager": [
@@ -425,26 +390,6 @@
"type": "github"
}
},
- "nix2workflow": {
- "inputs": {
- "nixpkgs-lib": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1699416125,
- "narHash": "sha256-IQHjxELWK6DBWbqYwggO4Q9gJbOm0XS3aCgMRzQWwZU=",
- "owner": "getchoo",
- "repo": "nix2workflow",
- "rev": "f1de38cfea711e9a788794b5a658298b4062defb",
- "type": "github"
- },
- "original": {
- "owner": "getchoo",
- "repo": "nix2workflow",
- "type": "github"
- }
- },
"nixos-hardware": {
"locked": {
"lastModified": 1702453208,
@@ -603,7 +548,6 @@
"inputs": {
"agenix": "agenix",
"arkenfox": "arkenfox",
- "attic": "attic",
"catppuccin": "catppuccin",
"darwin": "darwin",
"deploy": "deploy",
@@ -612,7 +556,6 @@
"hm": "hm",
"lanzaboote": "lanzaboote",
"nix-index-database": "nix-index-database",
- "nix2workflow": "nix2workflow",
"nixos-hardware": "nixos-hardware",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs",
diff --git a/flake.nix b/flake.nix
index 1be8bbf..ac378c3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,8 +2,8 @@
description = "getchoo's flake for system configurations";
nixConfig = {
- extra-substituters = ["https://cache.mydadleft.me/flake"];
- extra-trusted-public-keys = ["flake:qQ6D8Mem+0lqpvzgCwKiUkwjoB7iRhVJwVh71+iwk9U="];
+ extra-substituters = ["https://cache.garnix.io"];
+ extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
};
inputs = {
@@ -38,17 +38,6 @@
};
};
- attic = {
- url = "github:zhaofengli/attic";
- inputs = {
- nixpkgs.follows = "nixpkgs";
- nixpkgs-stable.follows = "nixpkgs-stable";
- crane.follows = "lanzaboote/crane";
- flake-compat.follows = "pre-commit/flake-compat";
- flake-utils.follows = "pre-commit/flake-utils";
- };
- };
-
catppuccin = {
url = "github:Stonks3141/ctp-nix";
inputs = {
@@ -99,11 +88,6 @@
};
};
- nix2workflow = {
- url = "github:getchoo/nix2workflow";
- inputs.nixpkgs-lib.follows = "nixpkgs";
- };
-
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
@@ -158,15 +142,14 @@
parts.lib.mkFlake {inherit inputs;} {
imports = [
inputs.pre-commit.flakeModule
- inputs.nix2workflow.flakeModule
./modules
./overlay
./systems
./tf
./users
+ ./ci.nix
./dev.nix
- ./workflow.nix
];
systems = [
diff --git a/garnix.yaml b/garnix.yaml
new file mode 100644
index 0000000..9a8d227
--- /dev/null
+++ b/garnix.yaml
@@ -0,0 +1,10 @@
+builds:
+ exclude:
+ - "*.x86_64-darwin.*"
+ - "*.aarch64-darwin.*"
+ include:
+ - "checks.*.*"
+ - "devShells.x86_64-linux.default"
+ - "nixosConfigurations.*"
+ - "homeConfigurations.seth"
+ - "packages.*.*"
diff --git a/modules/shared/nix.nix b/modules/shared/nix.nix
index 603a485..d88285d 100644
--- a/modules/shared/nix.nix
+++ b/modules/shared/nix.nix
@@ -20,8 +20,8 @@
auto-optimise-store = pkgs.stdenv.isLinux;
experimental-features = lib.mkDefault ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"];
- trusted-substituters = lib.mkDefault ["https://cache.mydadleft.me/flake"];
- trusted-public-keys = lib.mkDefault ["flake:qQ6D8Mem+0lqpvzgCwKiUkwjoB7iRhVJwVh71+iwk9U="];
+ trusted-substituters = lib.mkDefault ["https://cache.garnix.io"];
+ trusted-public-keys = lib.mkDefault ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
nix-path = config.nix.nixPath;
};
diff --git a/secrets/atlas/atticCreds.age b/secrets/atlas/atticCreds.age
deleted file mode 100644
index 66f67de..0000000
--- a/secrets/atlas/atticCreds.age
+++ /dev/null
@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> X25519 Z+DMuj5SNF0RLnMM/BduObtsCoSP3towH0Y84dZdb2c
-aZvItxg0B//pl6nxrFKDrz3jOiqWmfo4IILx3my9ZAU
--> X25519 twK0Y9wvS9oqG08KxkVi4ukc+MmVrV6KLsTgt3LhvVk
-Rsk9a3Zn/OjiRJKBdHYGozJP8D/G2cayJq1BMJ4fegI
--> ^_ibAP-(-grease {wh# G
-x9Q8AQm5K/Juzfe185fe1Rq2dyclD+62p8onj/KFR7ZUvd8uL4sMwg
---- bSh0kIICHCV1vFS0p7d1MqX3YVf52NPFuipjGjBDzf8
-@BCޛ�NJ�e�a����,�@�� ��J�Qj�Q�{�q��D���闼-qN(�)3:�� �""��5`��}���� ��Bmi�WK�?4
-6�\�8�^������C�j�??�k���4s�Ѻ ,,���-6Lɪ���R�>̗���� ��Vq�O8�� \ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index afb5fcb..958eda3 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -27,7 +27,6 @@ let
files = [
"rootPassword.age"
"userPassword.age"
- "atticCreds.age"
"miniflux.age"
"tailscaleAuthKey.age"
"cloudflaredCreds.age"
diff --git a/systems/atlas/attic.nix b/systems/atlas/attic.nix
deleted file mode 100644
index a810eb5..0000000
--- a/systems/atlas/attic.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{
- config,
- inputs',
- secretsDir,
- ...
-}: {
- age.secrets.atticCreds.file = secretsDir + "/atticCreds.age";
-
- environment.systemPackages = [inputs'.attic.packages.default];
-
- services.atticd = {
- enable = true;
-
- credentialsFile = config.age.secrets.atticCreds.path;
-
- settings = {
- listen = "[::]:5000";
-
- api-endpoint = "https://cache.${config.networking.domain}/";
-
- chunking = let
- kb = 1024;
- in {
- nar-size-threshold = 64 * kb;
- min-size = 16 * kb;
- avg-size = 64 * kb;
- max-size = 256 * kb;
- };
-
- compression.type = "zstd";
- };
- };
-}
diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix
index e527af9..2a8346f 100644
--- a/systems/atlas/default.nix
+++ b/systems/atlas/default.nix
@@ -6,7 +6,6 @@
}: {
imports = [
./hardware-configuration.nix
- ./attic.nix
./miniflux.nix
./nginx.nix
];
diff --git a/systems/atlas/nginx.nix b/systems/atlas/nginx.nix
index fbf081a..03a6fc1 100644
--- a/systems/atlas/nginx.nix
+++ b/systems/atlas/nginx.nix
@@ -19,18 +19,12 @@ in {
services.nginx = {
enable = true;
- clientMaxBodySize = "1250m";
-
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = toVHosts {
- cache = {
- locations = mkProxy "/" "5000";
- };
-
miniflux = {
locations = mkProxy "/" "7000";
};
diff --git a/systems/default.nix b/systems/default.nix
index 2c7eec4..6ee78ad 100644
--- a/systems/default.nix
+++ b/systems/default.nix
@@ -68,7 +68,6 @@ in {
modules = with inputs;
[
teawiebot.nixosModules.default
- attic.nixosModules.atticd
]
++ server;
};
diff --git a/tf/cloudflare/dns.nix b/tf/cloudflare/dns.nix
index 9598b71..9618019 100644
--- a/tf/cloudflare/dns.nix
+++ b/tf/cloudflare/dns.nix
@@ -31,11 +31,6 @@ in {
type = "CNAME";
};
- cache = {
- value = atlas_tunnel;
- type = "CNAME";
- };
-
miniflux = {
value = atlas_tunnel;
type = "CNAME";
diff --git a/tf/cloudflare/ruleset.nix b/tf/cloudflare/ruleset.nix
index 7da114d..1be98aa 100644
--- a/tf/cloudflare/ruleset.nix
+++ b/tf/cloudflare/ruleset.nix
@@ -60,22 +60,5 @@
}
];
};
-
- binary-cache = {
- kind = "zone";
- name = "default";
- phase = "http_request_cache_settings";
- zone_id = lib.tfRef "var.zone_id";
-
- rules = {
- action = "set_cache_settings";
- action_parameters = {
- cache = true;
- };
- description = "nix cache";
- enabled = true;
- expression = "(ssl and http.host eq \"cache.mydadleft.me\" and http.request.uri.query eq \"\" and ends_with(http.request.uri.path, \"nar\"))";
- };
- };
};
}
diff --git a/users/seth/programs/default.nix b/users/seth/programs/default.nix
index 0de43c0..18886cd 100644
--- a/users/seth/programs/default.nix
+++ b/users/seth/programs/default.nix
@@ -13,27 +13,25 @@
./vim.nix
];
- home.packages = with pkgs;
- [
- fd
- nix-output-monitor
- nurl
- rclone
- restic
-
- (let
- getchvim = inputs'.getchvim.packages.default;
- in
- # remove desktop file
- symlinkJoin {
- name = builtins.replaceStrings ["neovim"] ["neovim-nodesktop"] getchvim.name;
- paths = [getchvim];
- postBuild = ''
- rm -rf $out/share/{applications,icons}
- '';
- })
- ]
- ++ lib.optional stdenv.isLinux inputs'.attic.packages.default;
+ home.packages = with pkgs; [
+ fd
+ nix-output-monitor
+ nurl
+ rclone
+ restic
+
+ (let
+ getchvim = inputs'.getchvim.packages.default;
+ in
+ # remove desktop file
+ symlinkJoin {
+ name = builtins.replaceStrings ["neovim"] ["neovim-nodesktop"] getchvim.name;
+ paths = [getchvim];
+ postBuild = ''
+ rm -rf $out/share/{applications,icons}
+ '';
+ })
+ ];
catppuccin.flavour = "mocha";
diff --git a/workflow.nix b/workflow.nix
deleted file mode 100644
index ad34794..0000000
--- a/workflow.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{
- githubWorkflowGenerator = {
- outputs = [
- "checks"
- "devShells"
- "nixosConfigurations"
- "darwinConfigurations"
- ];
-
- overrides = {
- app.systems = ["x86_64-linux"];
- checks.systems = ["x86_64-linux"];
- devShells.systems = ["x86_64-linux"];
- };
- };
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 10:02:31 +0000