diff options
| -rw-r--r-- | .github/workflows/ci.yaml | 61 | ||||
| -rw-r--r-- | .github/workflows/deploy.yaml | 96 | ||||
| -rw-r--r-- | README.md | 10 | ||||
| -rw-r--r-- | flake.nix | 4 | ||||
| -rw-r--r-- | garnix.yaml | 10 | ||||
| -rw-r--r-- | justfile | 11 | ||||
| -rw-r--r-- | modules/shared/base/nix.nix | 6 | ||||
| -rw-r--r-- | repo/ci.nix | 49 |
8 files changed, 45 insertions, 202 deletions
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index 182abb5..0000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,61 +0,0 @@ -name: CI - -on: - pull_request: - workflow_call: - secrets: - CACHIX_AUTH_TOKEN: - description: "Auth token for cachix" - workflow_dispatch: - -env: - JUST_ARGS: --inputs-from . nixpkgs#just --command - -jobs: - build: - name: Build outputs - runs-on: ubuntu-latest - - steps: - - name: Free up space on runner - uses: jlumbroso/[email protected] - - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup Cachix - uses: cachix/cachix-action@v14 - with: - name: getchoo - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - - - name: Run build - run: | - nix shell ${{ env.JUST_ARGS }} just ci - - check: - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest, macos-latest] - - name: Check flake (${{ matrix.os }}) - runs-on: ${{ matrix.os }} - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup Cachix - uses: cachix/cachix-action@v14 - with: - name: getchoo - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - - - name: Run check - run: | - nix shell ${{ env.JUST_ARGS }} just check diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml deleted file mode 100644 index 388f3ac..0000000 --- a/.github/workflows/deploy.yaml +++ /dev/null @@ -1,96 +0,0 @@ -name: Deploy infrastructure - -on: - push: - branches: [main] - workflow_dispatch: - -jobs: - ci: - name: CI - uses: ./.github/workflows/ci.yaml - secrets: inherit - - nixos: - needs: ci - - name: Deploy NixOS systems - runs-on: ubuntu-latest - - environment: nixos - concurrency: - group: nixos - cancel-in-progress: true - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Connect to Tailscale - uses: tailscale/github-action@v2 - with: - oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }} - oauth-secret: ${{ secrets.TS_OAUTH_SECRET }} - tags: tag:gha - - - name: Copy known_hosts - run: | - set -eux - - [ ! -d ~/.ssh ] && mkdir -p ~/.ssh - cp .known_hosts ~/.ssh/known_hosts - - - name: Run deploy - run: | - args=( - --inputs-from . - nixpkgs#just - --command - just deploy-all - ) - - nix shell "${args[@]}" - - terranix: - needs: nixos - - name: Apply Terranix plan - runs-on: ubuntu-latest - - environment: terranix - concurrency: - group: terranix - cancel-in-progress: true - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Authenticate with TF Cloud - run: | - dir="$HOME/.terraform.d" - [ ! -d "$dir" ] && mkdir -p "$dir" - - cat > "$dir"/credentials.tfrc.json << EOF - { - "credentials": { - "app.terraform.io": { - "token": "${{ secrets.TF_API_TOKEN }}" - } - } - } - EOF - - - name: Apply plan - env: - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - OAUTH_CLIENT_ID: ${{ secrets.OAUTH_CLIENT_ID }} - OAUTH_CLIENT_SECRET: ${{ secrets.OAUTH_CLIENT_SECRET }} - run: | - nix develop .#terranix \ - --command bash -c \ - 'tofu init && tofu validate && tofu apply -auto-approve && just clean' @@ -2,7 +2,7 @@ [](https://neovim.io/) [](https://nixos.org/) - +[](https://garnix.io) greasy taco i love @@ -22,13 +22,9 @@ my main desktop, but the windows install :p my macbook air -### turret - -my netgear wac104 router, using [nix-openwrt-imagebuilder](https://github.com/astro/nix-openwrt-imagebuilder) to build reproducible, customized images - ### atlas -my ampere arm server from oracle, services my miniflux instance. +my ampere arm server from oracle, services my miniflux instance and some other things. ## special thanks @@ -36,7 +32,7 @@ there are some amazing tools i use to make/manage this flake that i would highly - [home-manager](https://github.com/nix-community/home-manager) - [agenix](https://github.com/ryantm/agenix) -- [cachix](https://cachix.org) +- [garnix](https://garnix.io) - [deploy-rs](https://github.com/serokell/deploy-rs) - [flake-parts](https://github.com/hercules-ci/flake-parts) - [terranix](https://github.com/terranix/terranix) @@ -2,8 +2,8 @@ description = "getchoo's flake for system configurations"; nixConfig = { - extra-substituters = ["https://getchoo.cachix.org"]; - extra-trusted-public-keys = ["getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE="]; + extra-substituters = ["https://cache.garnix.io"]; + extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; }; outputs = inputs: let diff --git a/garnix.yaml b/garnix.yaml new file mode 100644 index 0000000..bfe29de --- /dev/null +++ b/garnix.yaml @@ -0,0 +1,10 @@ +builds: + exclude: + - "*.x86_64-darwin.*" + - "*.aarch64-darwin.*" + include: + - "checks.*.*" + - "devShells.*.*" + - "nixosConfigurations.*" + - "homeConfigurations.*" + - "packages.*.*" @@ -24,17 +24,6 @@ switch: (rebuild "switch") test: (rebuild "test") -ci: - nix run \ - --inputs-from . \ - --override-input nixpkgs nixpkgs \ - github:Mic92/nix-fast-build -- \ - --no-nom \ - --skip-cached \ - --option accept-flake-config true \ - --option allow-import-from-derivation false \ - --flake '.#hydraJobs' - check: nix flake check \ --print-build-logs \ diff --git a/modules/shared/base/nix.nix b/modules/shared/base/nix.nix index 6e1bdf3..8fcfc97 100644 --- a/modules/shared/base/nix.nix +++ b/modules/shared/base/nix.nix @@ -22,10 +22,10 @@ in { settings = { auto-optimise-store = pkgs.stdenv.isLinux; - experimental-features = lib.mkDefault ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"]; + experimental-features = ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"]; - trusted-substituters = lib.mkDefault ["https://getchoo.cachix.org"]; - trusted-public-keys = lib.mkDefault ["getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE="]; + trusted-substituters = ["https://cache.garnix.io"]; + trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; nix-path = config.nix.nixPath; }; diff --git a/repo/ci.nix b/repo/ci.nix index 8538d28..05fd106 100644 --- a/repo/ci.nix +++ b/repo/ci.nix @@ -1,24 +1,29 @@ -{ - lib, - self, - ... -}: { - flake.hydraJobs = let - ciSystems = ["x86_64-linux"]; - ci = self.lib.ci ciSystems; - in - builtins.foldl' lib.recursiveUpdate {} [ - ( - lib.genAttrs - ["nixosConfigurations" "homeConfigurations"] - ( - type: ci.mapCfgsToDerivs (ci.getCompatibleCfgs self."${type}") - ) - ) - ( - lib.genAttrs - ["checks" "devShells"] - (type: ci.getOutputs self.${type}) - ) +{self, ...}: { + perSystem = { + lib, + pkgs, + system, + self', + ... + }: let + ci = self.lib.ci [system]; + + configurations = map (type: ci.mapCfgsToDerivs (ci.getCompatibleCfgs self.${type})) [ + "nixosConfigurations" + "darwinConfigurations" + "homeConfigurations" ]; + + required = lib.concatMap lib.attrValues ( + [ + self'.checks + self'.devShells + ] + ++ configurations + ); + in { + packages.ciGate = pkgs.writeText "ci-gate" ( + lib.concatMapStringsSep "\n" toString required + ); + }; } |