darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

fix build for discord

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2023-01-17 11:02:41 +01:00
parent d9f1f364e7
commit 89d6c6847a
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
7 changed files with 29 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/build-one.yml vendored
View file

@ -28,10 +28,10 @@ jobs:
nix_path: nixpkgs=channel:nixos-unstable
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= cache:6tx18bfuH66LOfrn37EmN2YxwNZI3qNk3lKHoz/XlXI=
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28=
experimental-features = nix-command flakes ca-derivations
post-build-hook = ${{ github.workspace }}/scripts/post-build-hook
substituters = https://cache.chir.rs/ https://cache.nixos.org/ https://attic.chir.rs/cache
substituters = https://cache.chir.rs/ https://cache.nixos.org/ https://attic.chir.rs/chir-rs
extra-platforms = armv7l-linux aarch64-linux powerpc-linux powerpc64-linux powerpc64le-linux riscv32-linux riscv64-linux wasm32-wasi i686-linux
sandbox = false
- name: Download patched nix
@ -43,7 +43,7 @@ jobs:
echo "$NIX_CACHE_KEY" > ~/cache.key
sudo mkdir /root/.aws
echo "$AWS_CREDENTIALS" | sudo tee /root/.aws/credentials > /dev/null
nix run github:DarkKirb/nix-packages#attic-client -- login attic-server https://attic.chir.rs/ "$ATTIC_TOKEN"
nix run github:DarkKirb/nix-packages#attic-client -- login attic-server https://attic-nocdn.chir.rs/ "$ATTIC_TOKEN"
env:
NIX_CACHE_KEY: ${{secrets.NIX_CACHE_KEY}}
AWS_CREDENTIALS: ${{secrets.AWS_CREDENTIALS}}

4
.github/workflows/pr.yml vendored
View file

@ -13,10 +13,10 @@ jobs:
with:
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= cache:6tx18bfuH66LOfrn37EmN2YxwNZI3qNk3lKHoz/XlXI=
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28=
experimental-features = nix-command flakes ca-derivations
post-build-hook = ${{ github.workspace }}/scripts/post-build-hook
substituters = https://cache.chir.rs/ https://cache.nixos.org/ https://attic.chir.rs/cache
substituters = https://cache.chir.rs/ https://cache.nixos.org/ https://attic.chir.rs/chir-rs
- name: Download patched nix
run: nix build github:DarkKirb/nix-packages#nix-s3-dedup
- name: Download attic

2
config/instance-20221213-1915.nix
View file

@ -104,5 +104,5 @@
sops.age.sshKeyPaths = lib.mkForce ["/persist/ssh/ssh_host_ed25519_key"];
services.bind.forwarders = lib.mkForce [];
boot.loader.systemd-boot.configurationLimit = lib.mkForce 1;
system.allowReboot = true;
system.autoUpgrade.allowReboot = true;
}

12
config/nix.nix
View file

@ -7,10 +7,13 @@
...
}: let
post-build-hook = pkgs.writeScript "post-build-hook" ''
#!/bin/sh
#!${pkgs.bash}/bin/bash
set -euf
export IFS=' '
${attic.packages.${system}.attic-client}/bin/attic-client push cache $OUT_PATHS
until ${attic.packages.${system}.attic-client}/bin/attic-client push chir-rs $OUT_PATHS; do
sleep 5
echo "Retrying..."
done
'';
in {
imports = [
@ -30,14 +33,15 @@ in {
require-sigs = true;
builders-use-substitutes = true;
substituters = [
"https://attic.chir.rs/cache/"
"https://attic.chir.rs/chir-rs/"
];
trusted-public-keys = [
"nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
"cache:6tx18bfuH66LOfrn37EmN2YxwNZI3qNk3lKHoz/XlXI="
"chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28="
];
post-build-hook = "${post-build-hook}";
auto-optimise-store = true;
};
package = pkgs.nix;
extraOptions = ''

6
config/programs/ims.nix
View file

@ -5,13 +5,13 @@
nixpkgs,
...
}: let
firefox-wrapped = config.programs.firefox.package;
firefox = firefox-wrapped.unwrapped;
nss = pkgs.lib.lists.findFirst (x: x.pname or x.name == "nss") null firefox.buildInputs;
x86_64-linux-pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
firefox-wrapped = x86_64-linux-pkgs.firefox; #config.programs.firefox.package;
firefox = firefox-wrapped.unwrapped;
nss = pkgs.lib.lists.findFirst (x: x.pname or x.name == "nss") null firefox.buildInputs;
in {
home.packages = with pkgs; [
(x86_64-linux-pkgs.discord.override {inherit nss;})

11
scripts/post-build-hook
View file

@ -1,7 +1,14 @@
#!/bin/sh
#!/usr/bin/env bash
set -euf
export IFS=' '
export XDG_CONFIG_HOME=/home/runner/.config
/nix/var/nix/profiles/default/bin/nix store sign --key-file /home/runner/cache.key $DRV_PATH
/nix/var/nix/profiles/default/bin/nix run 'github:DarkKirb/nix-packages#nix-s3-dedup' -- copy --to 's3://cache-chir-rs?scheme=https&endpoint=s3.us-west-000.backblazeb2.com&secret-key=/home/runner/cache.key&multipart-upload=true&compression=zstd&compression-level=15' $DRV_PATH
/nix/var/nix/profiles/default/bin/nix run 'github:DarkKirb/nix-packages#attic-client' -- push cache $OUT_PATHS
max_retry=5
counter=0
while ! /nix/var/nix/profiles/default/bin/nix run 'github:DarkKirb/nix-packages#attic-client' -- push chir-rs $OUT_PATHS; do
sleep 5
[[ counter -eq $max_retry ]] && echo "Failed!" && exit 1
echo "Trying again. Try #$counter"
((counter++))
done

6
secrets/shared.yaml
View file

@ -3,7 +3,7 @@ aws:
ssh:
builder_id_ed25519: ENC[AES256_GCM,data:SjNV5HtKVjQd+cwCPGGgT9bSFKhdwJxqGclCBfWAm4UzTco/ho3TZV9OX/BxI/W0ztzSlctFUecOi98qAdtWX737dlyVmQpkGcvbDIQWt6JqpWRGsLsJ1lhlmSOIS1jkASyGksCLaSou3FZ1+dQ2+BWyh9XjWpC7nCGvEHsGOn8cCSj3tlV8cloBZKzxpwEXkEUmpZpuJb0PZp8LL0okxLF553NxClS1zty0cmucRcR71ObevwiWvJmJNI9Un1D4FhSDYFHffoOtmyHixZnNRMI8gW7Cx1suHIsslrsI4YgmD+QxJrIkx96ajkPzIBPsMu5mO+h8y2epEJpRenbTMhgdQvnspsJ1PrWOzsHWMTI9EsjmiZZEsk6lRiVgnOQwf0Bc+Sf4uro6TcbgsIWJdwOthXWi7s72JHfGHqcP03eQyA8wZf21w4oTGh4L5aDtwb29fOLdSv1xf20PP5Qiy4iUdvCV7tdsLcEA0i3aUeJCkklk9cUoWELT+Vu6CqMxnLbSeKHnP452EkK52EZnpn1MNVtFczPWW+oj,iv:7KO7yFoHCttTpw6gDcZRA43qW6F1a8xqpa5VRYUerz4=,tag:OlCbnoS0vQO1Wyn6iWlYDw==,type:str]
attic:
config.toml: ENC[AES256_GCM,data:+2P1ejL/Olwl2/DVzrBtun3s3hrAzB6ebLAP4BbcjzcVv5Bqwg08AMvLEuhpH1uOp3CyGE3vMxvJJP1d5EXkV7QaAALdi7nt2FBE0TdejnsCN//s0dctjho6O7lcHAF19ozrSzp7npK7qIJtUKAOjVgVV1t/kwyOuJzLSmgGdyeB/a3shvdk7iSWM38dHJqe5VSLuCPtFrtE5MG42Uces5IAWMhywuvftUlEDzKM9jqQWmXb+ecCSd+Q+blmrxuLCJ3XTPgeuf4nnxP2ywOwW4vb6wCzuL/w6geclNlzcrEx2EM/sO2gm4bwVORpo2FGUq+BQCfmTKUFosMC/v79zDYQ9luWMTOwf4jVa3B2RFmo5zZgsupA6/dsJA8pB3EHWRJyMFRf2ykQlUc2D8LFq4NZ2Js7WMJuL/3jgTyRD8cLQQ==,iv:b+nYPPETENOZL+IRtejTAWE9HmnM9x0+UOzWE95N6e4=,tag:zKZEbUiQO8F+7J8E8azFEg==,type:str]
config.toml: ENC[AES256_GCM,data:CudpPIXCotu4rOzHlIxPA3kq8yjT/Kng4TyjKExlmoVJ+jxI6C7vnlSJRP4aYq7DsewMspfIcbgjALe8qvIrsNDSGb+Zvb12I/pwle+7AWCoWZbhoQEFfCv6wKioGkbtzctx2seTuUISoJ2ig4llBCdqMtt/JwyiBKtjVt80j0kg6MrDpG3e5o72+7rv0jChSIwcvnfiwjTVjVl2nyycIiJGep2T2dTlsDemYLTy1D9vfhVnRbomlAk/sZHUZHefDfnSgk99/0fp+SW3BKyiIUMGRCRJKYOdU2bV3w+kYkDV6h3ZNkyiTQK+HPX1duCxdzrct2svAmVy8r4MUtxMBCds5Iuq0fwSJ02AbQBg0mybSh9wYTbneGBES2ge8WVD5ARam1hVWM1+WdG7/un7gQU6XwYRoNb6LEV2TYOlzv0xd8ovj7B5cXDFVQ==,iv:6eO7TzrYsf9aaEYIK+WRPaV/47Vuj9jdvisL9q2x0aI=,tag:WT9DFJ1DZAmfWX5XAfyfmg==,type:str]
sops:
kms: []
gcp_kms: []
@ -55,8 +55,8 @@ sops:
ZFNubXhZdG1KVDB1d0FWOVVDS1ovOHcKO5m7BFeZzt+nBfaZJoH8Pkw6aeDExQrQ
Gfp6KQ0oJOuquhZtMW0GpLuKnuQjjGEBaIbcZcR4OosKKlLYfOKabA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-17T09:22:06Z"
mac: ENC[AES256_GCM,data:ryasMId4XVt/tJHM9Owa4AVti3t87eptzjD21f0WjWVlS/Fzf/WG/9ImAx77SwI6k86L10NqpRFpGW73vIF2ar/QzJz4Nzu7bZbWsnrwJV7roxWSasX73kLJC9d5Y+71MgtJz5M81Ge0DkDmUY+UvpAt8uLztsMmR2dH52vVY9E=,iv:f36u4ZY/myhjqIS0DNIgZdLNti1RvGb4OrOOHSDJJ6Q=,tag:ef+2dkutV3wDZdj5uW3i/w==,type:str]
lastmodified: "2023-01-20T14:57:32Z"
mac: ENC[AES256_GCM,data:iNAjaOvlAIUgEy2v0HXxC1eHQIj1us7lIqqf2V+H4L8lmYotlDCPb7Si9PK9PxPjWuWKoHz/sRvXnvvTmDkGEdt7aaY1HQSqMvBn/5ovd3wHW6UNsmOxpeDgVfZ3Df8gwSY0+5AzUNPERJTsIlt1R/EUg57eFehKXVHVZ4ebs4I=,iv:c64NfOiu9eO9B3PXj+hwb6MqnbwhDqfGtIl43mv7Nuc=,tag:mRYb/4WfJHu/z5Nu8zOf6w==,type:str]
pgp:
- created_at: "2022-12-14T15:34:33Z"
enc: |