darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Merge pull request 'Switch to hydra' (#1) from switch-to-gitea into main

Browse source 
Reviewed-on: #1
This commit is contained in:
Charlotte 🦝 Delenk 2023-04-09 19:12:58 +00:00
commit f43ed8fedc
Signed by: gitea-bot
GPG key ID: C9974EDF9932B558
14 changed files with 235 additions and 300 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

129
.drone.yml
View file

@ -1,129 +0,0 @@
---
kind: pipeline
type: docker
name: update-flake
steps:
- name: Update flake
image: nixos/nix
commands:
- echo "substituters = https://cache.nixos.org/ https://f000.backblazeb2.com/file/cache-chir-rs/" >> /etc/nix/nix.conf
- echo "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" >> /etc/nix/nix.conf
- echo "experimental-features = nix-command flakes ca-derivations" >> /etc/nix/nix.conf
- |
for job in nixos-8gb-fsn1-1 nutty-noon thinkrac installer nas; do
nix show-derivation -r ".#hydraJobs.$job.x86_64-linux" > ../old-$job.json
done
nix flake update
for job in nixos-8gb-fsn1-1 nutty-noon thinkrac installer nas; do
nix show-derivation -r ".#hydraJobs.$job.x86_64-linux" > ../new-$job.json
nix-shell -p python3 --run "python scripts/diff-drvs.py ../old-$job.json ../new-$job.json" > ../report-$job.txt
cat ../report-$job.txt >> ../full-report.txt
done
if [ -s ../full-report.txt ]; then
echo "Automatic flake.lock update" > ../pr-message.txt
echo "" >> ../pr-message.txt
for job in nixos-8gb-fsn1-1 nutty-noon thinkrac installer nas; do
echo "## Changes for $job:" >> ../pr-message.txt
echo '```' >> ../pr-message.txt
cat ../report-$job.txt >> ../pr-message.txt
echo '```' >> ../pr-message.txt
done
else
touch ../pr-message.txt
fi
mv ../pr-message.txt .
- name: Push git
image: alpine:latest
commands:
- apk add git openssh git-lfs
- mkdir ~/.ssh
- echo "$SSH_KEY" > ~/.ssh/id_ed25519
- chmod 600 ~/.ssh/id_ed25519
- echo "git.chir.rs ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQ77jA9S5qXDFGPLZRsC++AtxiXXeF8gVbkLlglx0GQ" > ~/.ssh/known_hosts
- echo "git.chir.rs ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDY0pZzNTAqaVqqfC31gYFixFs5KySv0UqvlDEAzEXJMB/pBWkE5GAd5Ik1NxD4QiAVWc2UARdmJEBbYf8mk5JiAv6fjsodJdJVRau4Ax7FtIfbxdFyzBgFery/KUnNIr6cmAWU2Af8JhzrnpEbhe5U3LftYnkdE1lI+iVqaQRARp0qikdzoAl3uMUhbdTxp1/6rtfN6bP2XZCsUx3t3W5ZG1QTQz8l7nrbXZX1TT3pZ2vcUANcMtOxEAwO6lbL210GX63C8XEoE7+4lLxRrSiaq3SkVlG07VspozKEtrrcsqCRNLebiaapmNWVoEq9Wd9VGAEjja5efyU6/HUlRogAOo1WP73UwoQLv5LTFH+ECoHhKS14xfPeXeVG8dbYyh5+CnmiVe43dH1qZw+ceYuYel31f47cAgScbxFvNkct0spK9m9mivnoUmYcxwTc+VbFbmnJvSuZw3a+OEYn9biitP/tTkYFiLZVdPZTxDkvd1oOyuVH9d4RMXbVgNS92/lr2iKFZkyhWMJ61hFMc2tupwmkp5Us5ce42XA0zC/aVY3vYoih/c5Ib0eZF1AEJdB6Bt5dWqITVsB3mip3Jn/mqVBIPTGXT6+FnGSEuL68Dj2yKBD7kj8YO/1SWpkVMy+bfoLXY/usgcaLCxpUu8dDrdrcKExLigCVbi3rdRmg7w==" >> ~/.ssh/known_hosts
- git remote set-url origin gitea@git.chir.rs:darkkirb/nixos-config.git
- git config --global 'user.email' 'gitea-bot@chir.rs'
- git config --global 'user.name' 'Gitea Bot'
- git add flake.lock
- git commit -m "Update flake"
- git push --force origin main:update-flake
environment:
SSH_KEY:
from_secret: SSH_KEY
- name: Create pull request
image: alpine:latest
commands:
- mv pr-message.txt ..
- apk add jq curl
- |
echo '{ "assignee": "DarkKirb", "base": "main", "head": "update-flake", "title": "Update flake" }' | jq '.body = $body' --arg body "$(cat ../pr-message.txt)" | curl -XPOST 'https://git.chir.rs/api/v1/repos/DarkKirb/nixos-config/pulls' -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer $AUTHORISATION" --data-binary @-
environment:
AUTHORISATION:
from_secret: GITEA_KEY
trigger:
event:
- cron
cron:
- updater
---
kind: pipeline
type: docker
name: hydra-deploy
steps:
- name: Wait for hydra job
image: alpine:latest
commands:
- apk add jq curl
- |
while true; do
if [[ $(curl https://git.chir.rs/api/v1/repos/darkkirb/nixos-config/commits/$DRONE_COMMIT/status | jq '[.statuses[] | select(.target_url | contains("https://hydra.chir.rs/"))] | length') != 0 ]]; then
exit 0
fi
sleep 5
done
- name: Wait for hydra jobs to finish
image: alpine:latest
commands:
- apk add jq curl
- |
while true; do
if [[ $(curl https://git.chir.rs/api/v1/repos/darkkirb/nixos-config/commits/$DRONE_COMMIT/status | jq '[.statuses[] | select(.target_url | contains("https://hydra.chir.rs/")) | select(.status == "pending") ] | length') == 0 ]]; then
exit 0
fi
sleep 5
done
- name: Deploy successful hydra jobs
image: alpine:latest
commands:
- apk add jq curl git openssh
- mkdir ~/.ssh
- echo "$SSH_KEY" > ~/.ssh/id_ed25519
- chmod 600 ~/.ssh/id_ed25519
- echo "git.chir.rs ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQ77jA9S5qXDFGPLZRsC++AtxiXXeF8gVbkLlglx0GQ" > ~/.ssh/known_hosts
- echo "git.chir.rs ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDY0pZzNTAqaVqqfC31gYFixFs5KySv0UqvlDEAzEXJMB/pBWkE5GAd5Ik1NxD4QiAVWc2UARdmJEBbYf8mk5JiAv6fjsodJdJVRau4Ax7FtIfbxdFyzBgFery/KUnNIr6cmAWU2Af8JhzrnpEbhe5U3LftYnkdE1lI+iVqaQRARp0qikdzoAl3uMUhbdTxp1/6rtfN6bP2XZCsUx3t3W5ZG1QTQz8l7nrbXZX1TT3pZ2vcUANcMtOxEAwO6lbL210GX63C8XEoE7+4lLxRrSiaq3SkVlG07VspozKEtrrcsqCRNLebiaapmNWVoEq9Wd9VGAEjja5efyU6/HUlRogAOo1WP73UwoQLv5LTFH+ECoHhKS14xfPeXeVG8dbYyh5+CnmiVe43dH1qZw+ceYuYel31f47cAgScbxFvNkct0spK9m9mivnoUmYcxwTc+VbFbmnJvSuZw3a+OEYn9biitP/tTkYFiLZVdPZTxDkvd1oOyuVH9d4RMXbVgNS92/lr2iKFZkyhWMJ61hFMc2tupwmkp5Us5ce42XA0zC/aVY3vYoih/c5Ib0eZF1AEJdB6Bt5dWqITVsB3mip3Jn/mqVBIPTGXT6+FnGSEuL68Dj2yKBD7kj8YO/1SWpkVMy+bfoLXY/usgcaLCxpUu8dDrdrcKExLigCVbi3rdRmg7w==" >> ~/.ssh/known_hosts
- git remote set-url origin gitea@git.chir.rs:darkkirb/nixos-config.git
- |
for build in $(curl https://git.chir.rs/api/v1/repos/darkkirb/nixos-config/commits/$DRONE_COMMIT/status | jq -r '.statuses[] | select(.target_url | contains("https://hydra.chir.rs/")) | select(.status == "success" ) | .target_url'); do
JOB_JSON=$(curl -H "Accept: application/json" $build)
PROJECT=$(echo "$JOB_JSON" | jq -r '.project')
JOBSET=$(echo "$JOB_JSON" | jq -r '.jobset' | sed 's/nixos-config-update/nixos-config/')
JOB=$(echo "$JOB_JSON" | jq -r '.job')
JOB_NAME="$PROJECT/$JOBSET/$JOB"
git branch $JOB_NAME || true
git checkout $JOB_NAME
git reset --hard $DRONE_COMMIT
git push --force -u origin $JOB_NAME
done
environment:
SSH_KEY:
from_secret: SSH_KEY
trigger:
event:
- push
branch:
- main

48
.github/workflows/pr.yml vendored
View file

@ -1,48 +0,0 @@
name: Pull request diff
on:
pull_request:
branches:
- main
jobs:
diff-expr:
name: Diff nix expressions
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v17
with:
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28=
experimental-features = nix-command flakes ca-derivations
post-build-hook = ${{ github.workspace }}/scripts/post-build-hook
substituters = https://cache.nixos.org/ https://attic.chir.rs/chir-rs
- name: Download attic
run: nix build github:DarkKirb/nix-packages#attic-client
- name: Set up secrets
run: nix run github:DarkKirb/nix-packages#attic-client -- login attic-server https://attic-nocdn.chir.rs/ "$ATTIC_TOKEN"
env:
ATTIC_TOKEN: ${{secrets.ATTIC_TOKEN}}
- run: |
for job in nixos-8gb-fsn1-1.x86_64-linux nutty-noon.x86_64-linux thinkrac.x86_64-linux nas.x86_64-linux instance-20221213-1915.aarch64-linux devterm.aarch64-linux; do
nix show-derivation -r "github:DarkKirb/nixos-config/main#hydraJobs.$job" > old-$job.json
done
echo "Difference between this PR and main:" > review
echo "" >> review
for job in nixos-8gb-fsn1-1.x86_64-linux nutty-noon.x86_64-linux thinkrac.x86_64-linux nas.x86_64-linux instance-20221213-1915.aarch64-linux devterm.aarch64-linux; do
nix show-derivation -r ".#hydraJobs.$job" > new-$job.json
echo "## Changes for $job:" >> review
echo '```' >> review
python scripts/diff-drvs.py old-$job.json new-$job.json >> review
echo '```' >> review
done
mv review .github/workflows
- uses: harupy/comment-on-pr@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
filename: review

34
.github/workflows/tailscale.yml vendored
View file

@ -1,34 +0,0 @@
name: Sync Tailscale ACLs
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
acls:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Deploy ACL
if: github.event_name == 'push'
id: deploy-acl
uses: tailscale/gitops-acl-action@v1
with:
api-key: ${{ secrets.TS_API_KEY }}
tailnet: ${{ secrets.TS_TAILNET }}
action: apply
policy-file: config/tailscale.hujson
- name: Test ACL
if: github.event_name == 'pull_request'
id: test-acl
uses: tailscale/gitops-acl-action@v1
with:
api-key: ${{ secrets.TS_API_KEY }}
tailnet: ${{ secrets.TS_TAILNET }}
action: test
policy-file: config/tailscale.hujson

34
.github/workflows/update.yml vendored
View file

@ -1,34 +0,0 @@
name: update
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: "49 7 * * *"
jobs:
flake-lock:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Nix
uses: cachix/install-nix-action@v18
with:
nix_path: nixpkgs=channel:nixos-unstable
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28=
experimental-features = nix-command flakes ca-derivations
post-build-hook = ${{ github.workspace }}/scripts/post-build-hook
substituters = https://cache.nixos.org/ https://attic.chir.rs/chir-rs
substituters = https://cache.nixos.org/
- name: Set up secrets
run: |
echo "$NIX_CACHE_KEY" > ~/cache.key
sudo mkdir /root/.aws
echo "$AWS_CREDENTIALS" | sudo tee /root/.aws/credentials > /dev/null
env:
NIX_CACHE_KEY: ${{secrets.NIX_CACHE_KEY}}
AWS_CREDENTIALS: ${{secrets.AWS_CREDENTIALS}}
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v14
with:
token: ${{ secrets.GH_TOKEN }}

5
.woodpecker/lint.yaml Normal file
View file

@ -0,0 +1,5 @@
pipeline:
check-format:
image: nixery.dev/shell/alejandra
commands:
- alejandra -c .

51
.woodpecker/pr.yaml Normal file
View file

@ -0,0 +1,51 @@
pipeline:
diff-pr:
image: nixos/nix
commands:
- mkdir -p /etc/nix
- |
cat > /etc/nix/nix.conf << EOF
# WARNING: this file is generated from the nix.* options in
# your NixOS configuration, typically
# /etc/nixos/configuration.nix. Do not edit it!
build-users-group = nixbld
allowed-users = *
auto-optimise-store = true
builders-use-substitutes = true
require-sigs = true
sandbox = false
substituters = https://hydra.int.chir.rs/ https://cache.nixos.org/
system-features = big-parallel benchmark ca-derivations
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28=
trusted-substituters =
trusted-users = @wheel
experimental-features = nix-command flakes ca-derivations
EOF
- nix-env -i python3
- |
for job in nixos-8gb-fsn1-1.x86_64-linux nutty-noon.x86_64-linux thinkrac.x86_64-linux nas.x86_64-linux instance-20221213-1915.aarch64-linux devterm.aarch64-linux; do
nix show-derivation -r "github:DarkKirb/nixos-config/main#hydraJobs.$job" > old-$job.json
done
echo "Difference between this PR and main:" > review
echo "" >> review
for job in nixos-8gb-fsn1-1.x86_64-linux nutty-noon.x86_64-linux thinkrac.x86_64-linux nas.x86_64-linux instance-20221213-1915.aarch64-linux devterm.aarch64-linux; do
nix show-derivation -r ".#hydraJobs.$job" > new-$job.json
echo "## Changes for $job:" >> review
echo '```' >> review
python scripts/diff-drvs.py old-$job.json new-$job.json >> review
echo '```' >> review
done
when:
- event: pull_request
post-review:
image: nixery.dev/shell/jq/curl
commands:
- |
echo '{}' | jq '.body = $body' --arg body "$(cat review)" | jq '.commit_id = $commit_id' --arg commit_id "$CI_COMMIT_SHA" | curl -XPOST "https://git.chir.rs/api/v1/repos/$CI_REPO_OWNER/$CI_REPO_NAME/pulls/$CI_COMMIT_PULL_REQUEST/reviews" -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: token $GITEA_TOKEN" --data-binary @-
secrets:
- gitea_token
when:
- event: pull_request

22
.woodpecker/tailscale.yaml Normal file
View file

@ -0,0 +1,22 @@
pipeline:
deploy-acl:
image: golang:1.18.4-alpine3.16
commands:
- go install tailscale.com/cmd/gitops-pusher@gitops-1.30.0
- /go/bin/gitops-pusher --policy-file=config/tailscale.hujson apply
when:
event: push
branch: main
secrets:
- ts_api_key
- ts_tailnet
test-acl:
image: golang:1.18.4-alpine3.16
commands:
- go install tailscale.com/cmd/gitops-pusher@gitops-1.30.0
- /go/bin/gitops-pusher --policy-file=config/tailscale.hujson test
when:
event: pull_request
secrets:
- ts_api_key
- ts_tailnet

62
.woodpecker/update.yaml Normal file
View file

@ -0,0 +1,62 @@
pipeline:
flake-update:
image: nixpkgs/nix-unstable
commands:
- mkdir -p /etc/nix
- |
cat > /etc/nix/nix.conf << EOF
# WARNING: this file is generated from the nix.* options in
# your NixOS configuration, typically
# /etc/nixos/configuration.nix. Do not edit it!
build-users-group = nixbld
allowed-users = *
auto-optimise-store = true
builders-use-substitutes = true
require-sigs = true
sandbox = false
substituters = https://hydra.int.chir.rs/ https://cache.nixos.org/
system-features = big-parallel benchmark ca-derivations
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28=
trusted-substituters =
trusted-users = @wheel
experimental-features = nix-command flakes ca-derivations
EOF
- nix flake update
when:
- event: cron
- event: manual
git-push:
image: nixery.dev/shell/openssh/gitfull/git-lfs/gnupg/shadow
commands:
- groupadd -g 0 root
- useradd -u 0 -g root -d $HOME root
- mkdir -p ~/.ssh
- echo "$SSH_KEY" > ~/.ssh/id_ed25519
- chmod 600 ~/.ssh/id_ed25519
- echo "git.chir.rs ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQ77jA9S5qXDFGPLZRsC++AtxiXXeF8gVbkLlglx0GQ" > ~/.ssh/known_hosts
- echo "git.chir.rs ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDY0pZzNTAqaVqqfC31gYFixFs5KySv0UqvlDEAzEXJMB/pBWkE5GAd5Ik1NxD4QiAVWc2UARdmJEBbYf8mk5JiAv6fjsodJdJVRau4Ax7FtIfbxdFyzBgFery/KUnNIr6cmAWU2Af8JhzrnpEbhe5U3LftYnkdE1lI+iVqaQRARp0qikdzoAl3uMUhbdTxp1/6rtfN6bP2XZCsUx3t3W5ZG1QTQz8l7nrbXZX1TT3pZ2vcUANcMtOxEAwO6lbL210GX63C8XEoE7+4lLxRrSiaq3SkVlG07VspozKEtrrcsqCRNLebiaapmNWVoEq9Wd9VGAEjja5efyU6/HUlRogAOo1WP73UwoQLv5LTFH+ECoHhKS14xfPeXeVG8dbYyh5+CnmiVe43dH1qZw+ceYuYel31f47cAgScbxFvNkct0spK9m9mivnoUmYcxwTc+VbFbmnJvSuZw3a+OEYn9biitP/tTkYFiLZVdPZTxDkvd1oOyuVH9d4RMXbVgNS92/lr2iKFZkyhWMJ61hFMc2tupwmkp5Us5ce42XA0zC/aVY3vYoih/c5Ib0eZF1AEJdB6Bt5dWqITVsB3mip3Jn/mqVBIPTGXT6+FnGSEuL68Dj2yKBD7kj8YO/1SWpkVMy+bfoLXY/usgcaLCxpUu8dDrdrcKExLigCVbi3rdRmg7w==" >> ~/.ssh/known_hosts
- git remote set-url origin gitea@git.chir.rs:darkkirb/nix-packages.git
- git config --global 'user.email' 'gitea-bot@chir.rs'
- git config --global 'user.name' 'Gitea Bot'
- echo "$GPG_KEY" | gpg --import
- git config --global "user.signingKey" "0x417A4BCCAB696E24"
- git config --global "commit.gpgSign" "true"
- git add .
- git commit -am "Update flake"
- git push --force origin main:update-flake
secrets:
- gpg_key
- ssh_key
when:
- event: cron
- event: manual
gitea-pr:
image: nixery.dev/shell/curl
commands:
- |
echo '{ "assignee": "darkkirb", "base": "main", "head": "update-flake, "title": "Update flake", "body": "" }' | curl -X POST -H "Authorization: token $GITEA_TOKEN" -H "Content-Type: application/json" --data-binary @- 'https://git.chir.rs/api/v1/repos/darkkirb/nix-packages/pulls'
secrets:
- gitea_token
when:
- event: cron
- event: manual

30
config/nas.nix
View file

@ -70,21 +70,21 @@
};
/*
swapDevices = [
{
device = "/dev/disk/by-partuuid/3b652a7e-a550-4342-a0d7-d2ae47b3e9d1";
randomEncryption = true;
}
{
device = "/dev/disk/by-partuuid/59de36d4-6613-4b50-9643-8824e9a9b1f9";
randomEncryption = true;
}
{
device = "/dev/disk/by-partuuid/f6260d75-2b96-4f55-ba0f-050c58b84b78";
randomEncryption = true;
}
];
*/
swapDevices = [
{
device = "/dev/disk/by-partuuid/3b652a7e-a550-4342-a0d7-d2ae47b3e9d1";
randomEncryption = true;
}
{
device = "/dev/disk/by-partuuid/59de36d4-6613-4b50-9643-8824e9a9b1f9";
randomEncryption = true;
}
{
device = "/dev/disk/by-partuuid/f6260d75-2b96-4f55-ba0f-050c58b84b78";
randomEncryption = true;
}
];
*/
networking.interfaces.br0 = {
ipv4 = {
addresses = [

2
config/nix.nix
View file

@ -101,7 +101,7 @@ in {
};
system.autoUpgrade = {
enable = true;
flake = "github:DarkKirb/nixos-config";
flake = "git+https://git.chir.rs/darkkirb/nixos-config?ref=main";
flags = [
"--no-write-lock-file"
"-L" # print build logs

3
config/tailscale.hujson
View file

@ -87,8 +87,7 @@
// Woodpecker agents
{
"action": "accept",
//"src": ["tag:woodpeckerRunner"], // todo: broken auth rn
"src": ["tag:nutty-noon", "tag:nas"],
"src": ["tag:woodpeckerRunner"],
"dst": ["tag:nas:9000"]
}
],

65
hydra/jobsets.nix
View file

@ -4,18 +4,18 @@
}: let
pkgs = import nixpkgs {};
prs = builtins.fromJSON (builtins.readFile prsJSON);
jobsets =
(pkgs.lib.mapAttrs' (
num: info: {
name = "pr${num}";
(builtins.listToAttrs (
map (
info: {
name = "pr${toString info.number}";
value = {
enabled = 1;
hidden = false;
description = "PR ${num}: ${info.title}";
enabled = info.state == "open";
hidden = info.state != "open";
description = "PR ${toString info.number}: ${info.title}";
nixexprinput = "nixos-config";
nixexprpath = "hydra/default.nix";
checkinterval = 300;
checkinterval = 3600;
schedulingshares = 100;
enableemail = false;
emailoverride = "";
@ -23,14 +23,35 @@
inputs = {
nixos-config = {
type = "git";
value = "https://github.com/${info.head.repo.owner.login}/${info.head.repo.name}.git ${info.head.ref}";
value = "${info.head.repo.clone_url} ${info.head.ref}";
emailresponsible = false;
};
nixpkgs = {
type = "git";
value = "https://github.com/NixOS/nixpkgs.git master";
emailresponsible = false;
};
gitea_status_repo = {
type = "string";
value = "nixos-config";
emailresponsible = false;
};
gitea_repo_owner = {
type = "string";
value = "${info.head.repo.owner.login}";
emailresponsible = false;
};
gitea_repo_name = {
type = "string";
value = "${info.head.repo.name}";
emailresponsible = false;
};
};
};
}
)
prs)
prs
))
// {
nixos-config = {
enabled = 1;
@ -38,7 +59,7 @@
description = "Current nixos config";
nixexprinput = "nixos-config";
nixexprpath = "hydra/default.nix";
checkinterval = 300;
checkinterval = 0;
schedulingshares = 100;
enableemail = false;
emailoverride = "";
@ -46,7 +67,27 @@
inputs = {
nixos-config = {
type = "git";
value = "https://github.com/DarkKirb/nixos-config.git main";
value = "https://git.chir.rs/darkkirb/nixos-config main";
emailresponsible = false;
};
nixpkgs = {
type = "git";
value = "https://github.com/NixOS/nixpkgs.git master";
emailresponsible = false;
};
gitea_status_repo = {
type = "string";
value = "nixos-config";
emailresponsible = false;
};
gitea_repo_owner = {
type = "string";
value = "darkkirb";
emailresponsible = false;
};
gitea_repo_name = {
type = "string";
value = "nix-packages";
emailresponsible = false;
};
};

8
hydra/spec.json
View file

@ -4,7 +4,7 @@
"description": "jobsets",
"nixexprinput": "nixos-config",
"nixexprpath": "hydra/jobsets.nix",
"checkinterval": 60,
"checkinterval": 3600,
"schedulingshares": 100,
"enableemail": false,
"emailoverride": "",
@ -12,7 +12,7 @@
"inputs": {
"nixos-config": {
"type": "git",
"value": "https://github.com/DarkKirb/nixos-config main",
"value": "https://git.chir.rs/darkkirb/nixos-config.git switch-to-gitea",
"emailresponsible": false
},
"nixpkgs": {
@ -21,8 +21,8 @@
"emailresponsible": false
},
"prsJSON": {
"type": "githubpulls",
"value": "DarkKirb nixos-config",
"type": "path",
"value": "https://git.chir.rs/api/v1/repos/darkkirb/nixos-config/pulls",
"emailresponsible": false
}
}

42
zones/int.chir.rs.nix
View file

@ -85,27 +85,27 @@ in {
}
];
/*
subdomains = {
_tcp.subdomains."*".TLSA = [
{
certUsage = "dane-ee";
selector = "spki";
match = "sha256";
certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
ttl = zoneTTL;
}
];
_udp.subdomains."*".TLSA = [
{
certUsage = "dane-ee";
selector = "spki";
match = "sha256";
certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
ttl = zoneTTL;
}
];
};
*/
subdomains = {
_tcp.subdomains."*".TLSA = [
{
certUsage = "dane-ee";
selector = "spki";
match = "sha256";
certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
ttl = zoneTTL;
}
];
_udp.subdomains."*".TLSA = [
{
certUsage = "dane-ee";
selector = "spki";
match = "sha256";
certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
ttl = zoneTTL;
}
];
};
*/
HTTPS = [
{
svcPriority = 1;