diff options
| -rw-r--r-- | .github/actions/flake-update/action.yaml | 10 | ||||
| -rw-r--r-- | .github/dependabot.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/update-inputs.yaml | 14 | ||||
| -rw-r--r-- | .github/workflows/update-nixpkgs.yaml | 16 | ||||
| -rw-r--r-- | README.md | 11 | ||||
| -rw-r--r-- | flake.lock | 68 | ||||
| -rw-r--r-- | flake.nix | 16 | ||||
| -rw-r--r-- | garnix.yaml | 6 | ||||
| -rw-r--r-- | hosts/atlas/default.nix | 9 | ||||
| -rw-r--r-- | hosts/p-body/default.nix | 9 | ||||
| -rw-r--r-- | hosts/profiles.nix | 2 | ||||
| -rw-r--r-- | modules/flake/ci.nix | 78 | ||||
| -rw-r--r-- | modules/nixos/server/default.nix | 2 |
13 files changed, 51 insertions, 192 deletions
diff --git a/.github/actions/flake-update/action.yaml b/.github/actions/flake-update/action.yaml index 62f3695..2485186 100644 --- a/.github/actions/flake-update/action.yaml +++ b/.github/actions/flake-update/action.yaml @@ -1,18 +1,18 @@ name: "update flake inputs" description: "wrapper around DeterminateSystems/update-flake-lock" inputs: - update-token: - description: "github write token for creating prs" + commit-msg: required: true github-token: - description: "github read token for avoid rate limits" + description: "github read token for increasing rate limits" required: false default: "" inputs: description: "flake inputs to update" required: false default: "" - commit-msg: + update-token: + description: "github write token for creating prs" required: true runs: using: "composite" @@ -30,7 +30,7 @@ runs: token: ${{ inputs.update-token }} - name: auto-merge pull request - run: gh pr merge --auto --squash "$PR_ID" + run: gh pr merge --auto --rebase "$PR_ID" env: GITHUB_TOKEN: ${{ inputs.update-token }} PR_ID: ${{ steps.update.outputs.pull-request-number }} diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e7bda0b..1d662ce 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,4 +5,4 @@ updates: schedule: interval: "weekly" commit-message: - prefix: "chore(actions)" + prefix: "actions" diff --git a/.github/workflows/update-inputs.yaml b/.github/workflows/update-inputs.yaml index 3103629..0ac81a5 100644 --- a/.github/workflows/update-inputs.yaml +++ b/.github/workflows/update-inputs.yaml @@ -1,23 +1,19 @@ name: update all inputs on: - # schedule: - # # run every saturday - # - cron: "0 0 * * 6" + schedule: + # run every saturday + - cron: "0 0 * * 6" workflow_dispatch: -permissions: read-all - jobs: update-lock: runs-on: ubuntu-latest steps: - - name: checkout repo - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - name: update all inputs - uses: ./.github/actions/flake-update + - uses: ./.github/actions/flake-update with: commit-msg: "flake: update all inputs" github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-nixpkgs.yaml b/.github/workflows/update-nixpkgs.yaml index 81fbe9e..8b0ac1b 100644 --- a/.github/workflows/update-nixpkgs.yaml +++ b/.github/workflows/update-nixpkgs.yaml @@ -1,25 +1,21 @@ name: update nixpkgs inputs on: - # schedule: - # # run daily at 0:00 utc - # - cron: "0 0 * * *" + schedule: + # run daily at 0:00 utc + - cron: "0 0 * * *" workflow_dispatch: -permissions: read-all - jobs: update-nixpkgs: runs-on: ubuntu-latest steps: - - name: checkout repo - uses: actions/checkout@v3 + - uses: actions/checkout@v3 - - name: update nixpkgs inputs - uses: ./.github/actions/flake-update + - uses: ./.github/actions/flake-update with: - inputs: nixpkgs nixpkgs-stable commit-msg: "flake: update nixpkgs inputs" github-token: ${{ secrets.GITHUB_TOKEN }} + inputs: nixpkgs nixpkgs-stable update-token: ${{ secrets.FLAKE_UPDATE }} @@ -2,7 +2,7 @@ [](https://neovim.io/) [](https://nixos.org/) -[](https://hercules-ci.com/github/getchoo/flake) +[](https://garnix.io) greasy taco i love @@ -11,7 +11,6 @@ greasy taco i love i like to have a few services, including: - [grafana](https://grafana.com/) -- [hercules-ci](https://hercules-ci.com) - [miniflux](https://miniflux.app/) - [prometheus](https://prometheus.io/) @@ -43,13 +42,17 @@ my netgear wac104 router, using [nix-openwrt-imagebuilder](https://github.com/as ### atlas -my ampere arm server from oracle, services my miniflux instance and a builder for hercules-ci +my ampere arm server from oracle, services my miniflux instance. ### p-body -my amd64 server from digital ocean, hosts many services i use and is also a builder for hercules-ci +my amd64 server from digital ocean, general host for services. ## fun screenshots +<details> +   + +</details> @@ -212,72 +212,6 @@ "type": "github" } }, - "haskell-flake": { - "locked": { - "lastModified": 1684780604, - "narHash": "sha256-2uMZsewmRn7rRtAnnQNw1lj0uZBMh4m6Cs/7dV5YF08=", - "owner": "srid", - "repo": "haskell-flake", - "rev": "74210fa80a49f1b6f67223debdbf1494596ff9f2", - "type": "github" - }, - "original": { - "owner": "srid", - "ref": "0.3.0", - "repo": "haskell-flake", - "type": "github" - } - }, - "hercules-ci-agent": { - "inputs": { - "flake-parts": [ - "flake-parts" - ], - "haskell-flake": "haskell-flake", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1687920713, - "narHash": "sha256-rJFC3eUWjS5VaKWETOTN+Tr8BVs1IcvYpaDeVa99P1Q=", - "owner": "hercules-ci", - "repo": "hercules-ci-agent", - "rev": "4132bda2fb896c170f08e276cff00a51ed4ba84f", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-agent", - "type": "github" - } - }, - "hercules-ci-effects": { - "inputs": { - "flake-parts": [ - "flake-parts" - ], - "hercules-ci-agent": [ - "hercules-ci-agent" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1686830987, - "narHash": "sha256-1XLTM0lFr3NV+0rd55SQW/8oQ3ACnqlYcda3FelIwHU=", - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "rev": "04e4ab63b9eed2452edee1bb698827e1cb8265c6", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -547,8 +481,6 @@ "flake-utils": "flake-utils", "getchoo": "getchoo", "guzzle_api": "guzzle_api", - "hercules-ci-agent": "hercules-ci-agent", - "hercules-ci-effects": "hercules-ci-effects", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "nixinate": "nixinate", @@ -4,11 +4,13 @@ nixConfig = { extra-substituters = [ "https://getchoo.cachix.org" # personal cache + "https://cache.garnix.io" # garnix cache "https://nix-community.cachix.org" # nix-community "https://wurzelpfropf.cachix.org" # ragenix ]; extra-trusted-public-keys = [ "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0=" ]; @@ -24,6 +26,7 @@ flake = false; }; + # ditto flake-utils.url = "github:numtide/flake-utils"; flake-parts = { @@ -43,19 +46,6 @@ inputs.pre-commit-hooks.follows = "pre-commit-hooks"; }; - hercules-ci-agent = { - url = "github:hercules-ci/hercules-ci-agent"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-parts.follows = "flake-parts"; - }; - - hercules-ci-effects = { - url = "github:hercules-ci/hercules-ci-effects"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-parts.follows = "flake-parts"; - inputs.hercules-ci-agent.follows = "hercules-ci-agent"; - }; - home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/garnix.yaml b/garnix.yaml new file mode 100644 index 0000000..b78792c --- /dev/null +++ b/garnix.yaml @@ -0,0 +1,6 @@ +builds: + exclude: [] + include: + - "checks.x86_64-linux.*" + - "checks.aarch64-linux.*" + - "devShells.x86_64-linux.default" diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix index a594e5d..ce36fcf 100644 --- a/hosts/atlas/default.nix +++ b/hosts/atlas/default.nix @@ -26,14 +26,7 @@ tmp.cleanOnBoot = true; }; - getchoo.server = { - secrets.enable = true; - - services.hercules-ci = { - enable = true; - secrets.enable = true; - }; - }; + getchoo.server.secrets.enable = true; networking = { domain = "mydadleft.me"; diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix index 4b00177..3096199 100644 --- a/hosts/p-body/default.nix +++ b/hosts/p-body/default.nix @@ -23,14 +23,7 @@ hermetic = false; }; - getchoo.server = { - secrets.enable = true; - - services.hercules-ci = { - enable = true; - secrets.enable = true; - }; - }; + getchoo.server.secrets.enable = true; networking = { domain = "mydadleft.me"; diff --git a/hosts/profiles.nix b/hosts/profiles.nix index 99b6b09..b8adc8e 100644 --- a/hosts/profiles.nix +++ b/hosts/profiles.nix @@ -41,12 +41,14 @@ in { settings = { trusted-substituters = [ "https://getchoo.cachix.org" + "https://cache.garnix.io" "https://nix-community.cachix.org" "https://wurzelpfropf.cachix.org" ]; trusted-public-keys = [ "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0=" ]; diff --git a/modules/flake/ci.nix b/modules/flake/ci.nix index a8dd0c8..c958ed3 100644 --- a/modules/flake/ci.nix +++ b/modules/flake/ci.nix @@ -1,77 +1,23 @@ { - config, inputs, myLib, self, - withSystem, ... }: let - mkUpdateEffect = herculesCI: inputs: pullRequestTitle: let - cfg = config.hercules-ci.flake-update; - in - withSystem cfg.effect.system ({hci-effects, ...}: - hci-effects.flakeUpdate { - gitRemote = herculesCI.config.repo.remoteHttpUrl; - user = "x-access-token"; - autoMergeMethod = "rebase"; - commitSummary = pullRequestTitle; - inherit pullRequestTitle inputs; - inherit (cfg) updateBranch forgeType createPullRequest pullRequestBody; - }); -in { - imports = [ - inputs.hercules-ci-effects.flakeModule + ciSystems = [ + "x86_64-linux" + "aarch64-linux" ]; - herculesCI = {lib, ...} @ herculesCI: let - inherit (lib) mkForce; - ciSystems = [ - "x86_64-linux" - "aarch64-linux" - ]; - in { - inherit ciSystems; - - onPush = { - default = { - outputs = with (myLib.ci ciSystems); - mkForce { - apps = mkCompatibleApps self.apps; - checks = mkCompatible self.checks; - devShells = mkCompatible self.devShells; - formatter = mkCompatibleFormatters self.formatter; - # disabled to save storage - #homeConfigurations = mkCompatibleHM self.homeConfigurations; - hosts = mkCompatibleCfg' self.nixosConfigurations; - }; - }; - }; - - onSchedule = let - mkUpdateEffect' = mkUpdateEffect herculesCI; - in { - nixpkgs-update = { - when = { - hour = [0]; - minute = 0; - }; - - outputs = { - effects.nixpkgs-update = mkUpdateEffect' ["nixpkgs" "nixpkgs-stable"] "flake: update nixpkgs inputs"; - }; - }; - - flake-update = mkForce { - when = { - dayOfMonth = [1 8 15 22 29]; - hour = [0]; - minute = 0; - }; + ci = sys: myLib.ci ["${sys}"]; + hm = sys: (ci sys).mkCompatibleHM self.homeConfigurations; + hosts = sys: (ci sys).mkCompatibleCfg self.nixosConfigurations; +in { + flake = { + checks = inputs.nixpkgs.lib.genAttrs ciSystems hosts; + }; - outputs = { - effects.flake-update = mkUpdateEffect' [] "flake: update all inputs"; - }; - }; - }; + perSystem = {system, ...}: { + checks = (hm system).${system}; }; } diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix index 4774c5e..feae6e0 100644 --- a/modules/nixos/server/default.nix +++ b/modules/nixos/server/default.nix @@ -34,12 +34,14 @@ in { trusted-users = ["${config.networking.hostName}"]; trusted-substituters = [ "https://getchoo.cachix.org" + "https://cache.garnix.io" "https://nix-community.cachix.org" "https://wurzelpfropf.cachix.org" ]; trusted-public-keys = [ "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0=" ]; |