diff options
| -rw-r--r-- | .github/workflows/ci.yaml | 124 | ||||
| -rw-r--r-- | .github/workflows/deploy.yaml | 19 | ||||
| -rw-r--r-- | .github/workflows/update-lock.yaml | 2 | ||||
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | ci.nix | 28 | ||||
| -rw-r--r-- | flake.lock | 57 | ||||
| -rw-r--r-- | flake.nix | 23 | ||||
| -rw-r--r-- | garnix.yaml | 8 | ||||
| -rw-r--r-- | modules/shared/nix.nix | 4 | ||||
| -rw-r--r-- | secrets/atlas/atticCreds.age | bin | 677 -> 0 bytes | |||
| -rw-r--r-- | secrets/secrets.nix | 1 | ||||
| -rw-r--r-- | systems/atlas/attic.nix | 35 | ||||
| -rw-r--r-- | systems/atlas/default.nix | 1 | ||||
| -rw-r--r-- | systems/atlas/nginx.nix | 5 | ||||
| -rw-r--r-- | systems/default.nix | 1 | ||||
| -rw-r--r-- | users/seth/programs/default.nix | 38 | ||||
| -rw-r--r-- | workflow.nix | 16 |
17 files changed, 71 insertions, 295 deletions
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index cf2ccbc..0000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,124 +0,0 @@ -name: CI - -on: - pull_request: - workflow_dispatch: - workflow_call: - secrets: - ATTIC_TOKEN: - required: false - -jobs: - eval: - name: Evaluate flake - - runs-on: ubuntu-latest - - outputs: - matrix: ${{ steps.generate.outputs.matrix }} - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Generate matrix - id: generate - run: | - set -Eeu - echo "matrix=$(nix eval --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT" - - build: - needs: eval - - strategy: - fail-fast: false - matrix: ${{ fromJSON(needs.eval.outputs.matrix) }} - - runs-on: ${{ matrix.os }} - - name: Build (${{matrix.attr}}) - - steps: - - uses: actions/checkout@v4 - - - name: Setup Qemu - if: matrix.arch == 'aarch64' - uses: docker/setup-qemu-action@v3 - with: - platforms: "arm64" - - - name: Install Nix - if: matrix.arch != 'aarch64' - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Install Nix (with aarch64) - if: matrix.arch == 'aarch64' - uses: DeterminateSystems/nix-installer-action@v9 - with: - extra-conf: "extra-platforms = aarch64-linux arm-linux" - - - name: Setup Attic - if: github.event_name != 'pull_request' - uses: ryanccn/attic-action@v0 - with: - endpoint: https://cache.mydadleft.me - cache: getchoo - token: ${{ secrets.ATTIC_TOKEN }} - - - name: Setup Magic Nix Cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - name: Build ${{ matrix.attr }} - run: nix build -L --accept-flake-config --fallback .#${{ matrix.attr }} - - check: - strategy: - fail-fast: false - matrix: - os: [macos-latest, ubuntu-latest] - - runs-on: ${{ matrix.os }} - - name: Check flake (${{ matrix.os }}) - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup Attic - if: github.event_name != 'pull_request' - uses: ryanccn/attic-action@v0 - with: - endpoint: https://cache.mydadleft.me - cache: getchoo - token: ${{ secrets.ATTIC_TOKEN }} - - - name: Setup Magic Nix Cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - name: Run check - run: nix flake check -L --accept-flake-config --show-trace - - # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794 - gate: - name: CI Gate - needs: [build, check] - runs-on: ubuntu-latest - - if: always() - - steps: - - name: Exit with result - run: | - buildResult="${{ needs.build.result }}" - checkResult="${{ needs.check.result }}" - - results=("$buildResult" "$checkResult") - - for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done - - exit 0 diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 113a847..9caf2df 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -1,30 +1,29 @@ name: Deploy systems on: - push: - branches: [main] + check_suite: + types: [completed] workflow_dispatch: jobs: - ci: - name: CI - uses: ./.github/workflows/ci.yaml - secrets: inherit - deploy: - name: Deploy all - needs: ci runs-on: ubuntu-latest concurrency: group: deploy cancel-in-progress: true + # https://github.com/sellout/bash-strict-mode/commit/9bf1d65c2f786a9887facfcb81e06d8b8b5f4667 + if: github.event.check_suite.app.name == 'Garnix CI' + && github.event.check_suite.conclusion == 'success' + && github.event.check_suite.latest_check_runs_count >= 12 + && github.event.check_suite.head_branch == 'main' + steps: - uses: actions/checkout@v4 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 + uses: nixbuild/nix-quick-install-action@v26 - name: Setup local Nix cache uses: DeterminateSystems/magic-nix-cache-action@v2 diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml index 1f2063c..f9cdfed 100644 --- a/.github/workflows/update-lock.yaml +++ b/.github/workflows/update-lock.yaml @@ -25,7 +25,7 @@ jobs: - uses: actions/checkout@v4 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 + uses: nixbuild/nix-quick-install-action@v26 - name: Update lockfile & make PR uses: DeterminateSystems/update-flake-lock@v20 @@ -2,7 +2,7 @@ [](https://neovim.io/) [](https://nixos.org/) - +[](https://garnix.io) greasy taco i love @@ -34,7 +34,7 @@ my ampere arm server from oracle, services my miniflux instance. there are some amazing tools i use to make/manage this flake that i would highly recommend checking out: -- [attic](https://github.com/zhaofengli/attic) +- [garnix](https://garnix.io) - [home-manager](https://github.com/nix-community/home-manager) - [agenix](https://github.com/ryantm/agenix) - [flake-parts](https://github.com/hercules-ci/flake-parts) @@ -0,0 +1,28 @@ +{self, ...}: { + perSystem = { + lib, + pkgs, + system, + config, + ... + }: let + # get applicable system configurations + configurations = lib.getAttrs ["darwinConfigurations" "homeConfigurations" "nixosConfigurations"] self; + + systems = lib.pipe (builtins.attrValues configurations) [ + (builtins.foldl' (acc: attr: acc // attr) {}) + (lib.filterAttrs (_: v: v.pkgs.system == system)) + (lib.mapAttrsToList (_: v: v.config.system.build.toplevel or v.activationPackage)) + ]; + in { + checks = { + ciGate = pkgs.runCommand "ci-gate" { + nativeBuildInputs = lib.concatLists [ + systems + # and other checks + (builtins.attrValues (builtins.removeAttrs config.checks ["ciGate"])) + ]; + } "touch $out"; + }; + }; +} @@ -57,41 +57,6 @@ "type": "github" } }, - "attic": { - "inputs": { - "crane": [ - "lanzaboote", - "crane" - ], - "flake-compat": [ - "pre-commit", - "flake-compat" - ], - "flake-utils": [ - "pre-commit", - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1698258239, - "narHash": "sha256-qnhoYYIJ0L/P7H/f56lQUEvpzNlXh4sxuHpRERV+B44=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "e9918bc6be268da6fa97af6ced15193d8a0421c0", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "repo": "attic", - "type": "github" - } - }, "catppuccin": { "inputs": { "home-manager": [ @@ -417,26 +382,6 @@ "type": "github" } }, - "nix2workflow": { - "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699416125, - "narHash": "sha256-IQHjxELWK6DBWbqYwggO4Q9gJbOm0XS3aCgMRzQWwZU=", - "owner": "getchoo", - "repo": "nix2workflow", - "rev": "f1de38cfea711e9a788794b5a658298b4062defb", - "type": "github" - }, - "original": { - "owner": "getchoo", - "repo": "nix2workflow", - "type": "github" - } - }, "nixinate": { "inputs": { "nixpkgs": [ @@ -615,7 +560,6 @@ "inputs": { "agenix": "agenix", "arkenfox": "arkenfox", - "attic": "attic", "catppuccin": "catppuccin", "darwin": "darwin", "firefox-addons": "firefox-addons", @@ -624,7 +568,6 @@ "hm": "hm", "lanzaboote": "lanzaboote", "nix-index-database": "nix-index-database", - "nix2workflow": "nix2workflow", "nixinate": "nixinate", "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", @@ -2,8 +2,8 @@ description = "getchoo's flake for system configurations"; nixConfig = { - extra-substituters = ["https://cache.mydadleft.me/getchoo"]; - extra-trusted-public-keys = ["getchoo:6DIF4zCJcRCrTpx8lrnoapenxoMmcfpU8/cdayOtxE4="]; + extra-substituters = ["https://cache.garnix.io"]; + extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; }; inputs = { @@ -38,17 +38,6 @@ }; }; - attic = { - url = "github:zhaofengli/attic"; - inputs = { - nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs-stable"; - crane.follows = "lanzaboote/crane"; - flake-utils.follows = "pre-commit/flake-utils"; - flake-compat.follows = "pre-commit/flake-compat"; - }; - }; - catppuccin = { url = "github:Stonks3141/ctp-nix"; inputs = { @@ -95,11 +84,6 @@ }; }; - nix2workflow = { - url = "github:getchoo/nix2workflow"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; - nixinate = { url = "github:MatthewCroughan/nixinate"; inputs.nixpkgs.follows = "nixpkgs"; @@ -148,14 +132,13 @@ parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.pre-commit.flakeModule - inputs.nix2workflow.flakeModule ./modules ./overlay ./systems ./users + ./ci.nix ./dev.nix - ./workflow.nix ]; systems = [ diff --git a/garnix.yaml b/garnix.yaml new file mode 100644 index 0000000..bb7a2d0 --- /dev/null +++ b/garnix.yaml @@ -0,0 +1,8 @@ +builds: + exclude: + - "*.x86_64-darwin.*" + include: + - "checks.*.*" + - "devShells.x86_64-linux.default" + - "nixosConfigurations.*" + - "homeConfigurations.seth" diff --git a/modules/shared/nix.nix b/modules/shared/nix.nix index bb9cf1c..7ca3f1d 100644 --- a/modules/shared/nix.nix +++ b/modules/shared/nix.nix @@ -20,8 +20,8 @@ auto-optimise-store = pkgs.stdenv.isLinux; experimental-features = lib.mkDefault ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"]; - trusted-substituters = lib.mkDefault ["https://cache.mydadleft.me/getchoo"]; - trusted-public-keys = lib.mkDefault ["getchoo:6DIF4zCJcRCrTpx8lrnoapenxoMmcfpU8/cdayOtxE4="]; + trusted-substituters = lib.mkDefault ["https://cache.garnix.io"]; + trusted-public-keys = lib.mkDefault ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; nix-path = config.nix.nixPath; }; diff --git a/secrets/atlas/atticCreds.age b/secrets/atlas/atticCreds.age Binary files differdeleted file mode 100644 index 5a96479..0000000 --- a/secrets/atlas/atticCreds.age +++ /dev/null diff --git a/secrets/secrets.nix b/secrets/secrets.nix index bcf93a9..31d8622 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -27,7 +27,6 @@ let files = [ "rootPassword.age" "userPassword.age" - "atticCreds.age" "miniflux.age" "tailscaleAuthKey.age" "cloudflaredCreds.age" diff --git a/systems/atlas/attic.nix b/systems/atlas/attic.nix deleted file mode 100644 index d7d65c4..0000000 --- a/systems/atlas/attic.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - secretsDir, - ... -}: { - age.secrets.atticCreds.file = secretsDir + "/atticCreds.age"; - - services.atticd = { - enable = true; - credentialsFile = config.age.secrets.atticCreds.path; - - settings = { - listen = "[::]:5000"; - api-endpoint = "https://cache.${config.networking.domain}/"; - - compression.type = "zstd"; - - chunking = let - kb = 1024; - in { - nar-size-threshold = 64 * kb; - min-size = 16 * kb; - avg-size = 64 * kb; - max-size = 256 * kb; - }; - - storage = { - type = "s3"; - region = "us-west-4"; - bucket = "getchoo-attic"; - endpoint = "https://s3.us-west-004.backblazeb2.com"; - }; - }; - }; -} diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix index 7b0955a..8cba9bd 100644 --- a/systems/atlas/default.nix +++ b/systems/atlas/default.nix @@ -6,7 +6,6 @@ }: { imports = [ ./hardware-configuration.nix - ./attic.nix ./miniflux.nix ./nginx.nix ]; diff --git a/systems/atlas/nginx.nix b/systems/atlas/nginx.nix index dc40282..866b605 100644 --- a/systems/atlas/nginx.nix +++ b/systems/atlas/nginx.nix @@ -13,17 +13,12 @@ in { services.nginx = { enable = true; - clientMaxBodySize = "2048m"; # 2GB recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { - "cache.${domain}" = { - locations = mkProxy "/" "5000"; - }; - "miniflux.${domain}" = { locations = mkProxy "/" "7000"; }; diff --git a/systems/default.nix b/systems/default.nix index 6f31339..c442d90 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -66,7 +66,6 @@ in { modules = [ inputs.teawiebot.nixosModules.default - inputs.attic.nixosModules.atticd ] ++ server; }; diff --git a/users/seth/programs/default.nix b/users/seth/programs/default.nix index ab5f3c4..c61a4d1 100644 --- a/users/seth/programs/default.nix +++ b/users/seth/programs/default.nix @@ -13,26 +13,24 @@ ./vim.nix ]; - home.packages = with pkgs; - [ - fd - nurl - rclone - restic - - (let - getchvim = inputs'.getchvim.packages.default; - in - # remove desktop file - symlinkJoin { - name = builtins.replaceStrings ["neovim"] ["neovim-nodesktop"] getchvim.name; - paths = [getchvim]; - postBuild = '' - rm -rf $out/share/{applications,icons} - ''; - }) - ] - ++ lib.optional stdenv.isLinux inputs'.attic.packages.attic; + home.packages = with pkgs; [ + fd + nurl + rclone + restic + + (let + getchvim = inputs'.getchvim.packages.default; + in + # remove desktop file + symlinkJoin { + name = builtins.replaceStrings ["neovim"] ["neovim-nodesktop"] getchvim.name; + paths = [getchvim]; + postBuild = '' + rm -rf $out/share/{applications,icons} + ''; + }) + ]; catppuccin.flavour = "mocha"; diff --git a/workflow.nix b/workflow.nix deleted file mode 100644 index e9cec5d..0000000 --- a/workflow.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - githubWorkflowGenerator = { - outputs = [ - "checks" - "devShells" - "darwinConfigurations" - "nixosConfigurations" - "homeConfigurations" - ]; - - overrides = { - checks.systems = ["x86_64-linux"]; - devShells.systems = ["x86_64-linux" "x86_64-darwin"]; - }; - }; -} |