Merge branch 'main' into b12f
This commit is contained in:
commit
a97bf09324
10
.drone.yml
10
.drone.yml
|
@ -11,7 +11,7 @@ steps:
|
||||||
event:
|
event:
|
||||||
- pull_request
|
- pull_request
|
||||||
environment:
|
environment:
|
||||||
NIX_FLAGS: "--print-build-logs --verbose"
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
||||||
commands:
|
commands:
|
||||||
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
||||||
- nix $$NIX_FLAGS develop --command nix flake show
|
- nix $$NIX_FLAGS develop --command nix flake show
|
||||||
|
@ -27,7 +27,7 @@ node:
|
||||||
steps:
|
steps:
|
||||||
- name: "Tests"
|
- name: "Tests"
|
||||||
environment:
|
environment:
|
||||||
NIX_FLAGS: "--print-build-logs --verbose"
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
||||||
commands:
|
commands:
|
||||||
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
||||||
- nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
|
- nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
|
||||||
|
@ -93,7 +93,7 @@ steps:
|
||||||
- name: "Build ISO"
|
- name: "Build ISO"
|
||||||
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
|
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
|
||||||
environment:
|
environment:
|
||||||
NIX_FLAGS: "--print-build-logs --verbose"
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
||||||
volumes:
|
volumes:
|
||||||
- name: file-exchange
|
- name: file-exchange
|
||||||
path: /var/nix/iso-cache
|
path: /var/nix/iso-cache
|
||||||
|
@ -126,7 +126,7 @@ steps:
|
||||||
from_secret: iso_web_ssh_port
|
from_secret: iso_web_ssh_port
|
||||||
key:
|
key:
|
||||||
from_secret: iso_web_ssh_key
|
from_secret: iso_web_ssh_key
|
||||||
target: /srv/os/download
|
target: /srv/www/os/download
|
||||||
source:
|
source:
|
||||||
- /var/nix/iso-cache/*.iso
|
- /var/nix/iso-cache/*.iso
|
||||||
- /var/nix/iso-cache/*.iso.sha256
|
- /var/nix/iso-cache/*.iso.sha256
|
||||||
|
@ -148,6 +148,6 @@ volumes:
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: signature
|
kind: signature
|
||||||
hmac: 291be33bbf2954d1f5e4bf569679e24a773e7d6f90db4765fb9dacb3686a825e
|
hmac: 0c0994f0878cdb49172772f78c9a772f5c75830b49c1c22bd15db385fe857e17
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
182
flake.lock
182
flake.lock
|
@ -2,16 +2,19 @@
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"agenix": {
|
"agenix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
|
"darwin": [
|
||||||
|
"darwin"
|
||||||
|
],
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixos"
|
"nixos"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673301561,
|
"lastModified": 1675176355,
|
||||||
"narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=",
|
"narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68",
|
"rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -20,21 +23,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"blank": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1625557891,
|
|
||||||
"narHash": "sha256-O8/MWsPBGhhyPoPLHZAuoZiiHo9q6FLlEeIDEXuj6T4=",
|
|
||||||
"owner": "divnix",
|
|
||||||
"repo": "blank",
|
|
||||||
"rev": "5a5d2684073d9f563072ed07c871d577a6c614a8",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "divnix",
|
|
||||||
"repo": "blank",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"darwin": {
|
"darwin": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -55,30 +43,11 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"darwin_2": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"digga",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1651916036,
|
|
||||||
"narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=",
|
|
||||||
"owner": "LnL7",
|
|
||||||
"repo": "nix-darwin",
|
|
||||||
"rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "LnL7",
|
|
||||||
"repo": "nix-darwin",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"deploy": {
|
"deploy": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": [
|
||||||
|
"flake-compat"
|
||||||
|
],
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixos"
|
"nixos"
|
||||||
],
|
],
|
||||||
|
@ -107,11 +76,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1655976588,
|
"lastModified": 1671489820,
|
||||||
"narHash": "sha256-VreHyH6ITkf/1EX/8h15UqhddJnUleb0HgbC3gMkAEQ=",
|
"narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "devshell",
|
"repo": "devshell",
|
||||||
"rev": "899ca4629020592a13a46783587f6e674179d1db",
|
"rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -122,18 +91,21 @@
|
||||||
},
|
},
|
||||||
"digga": {
|
"digga": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"blank": "blank",
|
"darwin": [
|
||||||
"darwin": "darwin_2",
|
"darwin"
|
||||||
|
],
|
||||||
"deploy": [
|
"deploy": [
|
||||||
"deploy"
|
"deploy"
|
||||||
],
|
],
|
||||||
"devshell": "devshell",
|
"devshell": "devshell",
|
||||||
"flake-compat": "flake-compat_2",
|
"flake-compat": [
|
||||||
|
"flake-compat"
|
||||||
|
],
|
||||||
|
"flake-utils": "flake-utils_2",
|
||||||
"flake-utils-plus": "flake-utils-plus",
|
"flake-utils-plus": "flake-utils-plus",
|
||||||
"home-manager": [
|
"home-manager": [
|
||||||
"home"
|
"home"
|
||||||
],
|
],
|
||||||
"latest": "latest",
|
|
||||||
"nixlib": [
|
"nixlib": [
|
||||||
"nixos"
|
"nixos"
|
||||||
],
|
],
|
||||||
|
@ -143,11 +115,11 @@
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable"
|
"nixpkgs-unstable": "nixpkgs-unstable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1661600857,
|
"lastModified": 1674947971,
|
||||||
"narHash": "sha256-KfQCcTtfvU0PXV4fD9XKIMcKx9lUUR0xWJoBgc12fKE=",
|
"narHash": "sha256-6gKqegJHs72jnfFP9g2sihl4fIZgtKgKuqU2rCkIdGY=",
|
||||||
"owner": "pub-solar",
|
"owner": "pub-solar",
|
||||||
"repo": "digga",
|
"repo": "digga",
|
||||||
"rev": "c902b3ef0aa45cb4f336c390f647bb182c38a221",
|
"rev": "2da608bd8afb48afef82c6b1b6d852a36094a497",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -158,38 +130,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat": {
|
"flake-compat": {
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1668681692,
|
|
||||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat_2": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1650374568,
|
|
||||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat_3": {
|
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673956053,
|
"lastModified": 1673956053,
|
||||||
|
@ -222,7 +162,10 @@
|
||||||
},
|
},
|
||||||
"flake-utils-plus": {
|
"flake-utils-plus": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_2"
|
"flake-utils": [
|
||||||
|
"digga",
|
||||||
|
"flake-utils"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1654029967,
|
"lastModified": 1654029967,
|
||||||
|
@ -241,11 +184,11 @@
|
||||||
},
|
},
|
||||||
"flake-utils_2": {
|
"flake-utils_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1644229661,
|
"lastModified": 1667395993,
|
||||||
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
|
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
|
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -278,27 +221,11 @@
|
||||||
},
|
},
|
||||||
"latest": {
|
"latest": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1657265485,
|
"lastModified": 1675115703,
|
||||||
"narHash": "sha256-PUQ9C7mfi0/BnaAUX2R/PIkoNCb/Jtx9EpnhMBNrO/o=",
|
"narHash": "sha256-4zetAPSyY0D77x+Ww9QBe8RHn1akvIvHJ/kgg8kGDbk=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b39924fc7764c08ae3b51beef9a3518c414cdb7d",
|
"rev": "2caf4ef5005ecc68141ecb4aac271079f7371c44",
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"latest_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1674641431,
|
|
||||||
"narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc",
|
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -310,11 +237,11 @@
|
||||||
},
|
},
|
||||||
"master": {
|
"master": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674941334,
|
"lastModified": 1675254005,
|
||||||
"narHash": "sha256-hLNilB0cO4KTUhqOLRfuJMakmNyitKUfj37u1DtRX6w=",
|
"narHash": "sha256-n1qq2Qcz7DvPiB6emdRk/dx4uUgaFy0ojgKg3NBIwTU=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "327dc97d8708c65bde5e41e210c335df4e18c3bb",
|
"rev": "1efc432d4f72c0e3146c1dd2e8a3ffa705be8a04",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -324,26 +251,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"naersk": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixos"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1671096816,
|
|
||||||
"narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=",
|
|
||||||
"owner": "nmattia",
|
|
||||||
"repo": "naersk",
|
|
||||||
"rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nmattia",
|
|
||||||
"repo": "naersk",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixlib": {
|
"nixlib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1636849918,
|
"lastModified": 1636849918,
|
||||||
|
@ -361,11 +268,11 @@
|
||||||
},
|
},
|
||||||
"nixos": {
|
"nixos": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674868155,
|
"lastModified": 1675154384,
|
||||||
"narHash": "sha256-eFNm2h6fNbgD7ZpO4MHikCB5pSnCJ7DTmwPisjetmwc=",
|
"narHash": "sha256-gUXzyTS3WsO3g2Rz0qOYR2a26whkyL2UfTr1oPH9mm8=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "ce20e9ebe1903ea2ba1ab006ec63093020c761cb",
|
"rev": "0218941ea68b4c625533bead7bbb94ccce52dceb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -427,16 +334,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1657292830,
|
"lastModified": 1672791794,
|
||||||
"narHash": "sha256-ldfVSTveWceDCmW6gf3B4kR6vwmz/XS80y5wsLLHFJU=",
|
"narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "334ec8b503c3981e37a04b817a70e8d026ea9e84",
|
"rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixpkgs-unstable",
|
"ref": "nixos-unstable",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -475,11 +382,10 @@
|
||||||
"darwin": "darwin",
|
"darwin": "darwin",
|
||||||
"deploy": "deploy",
|
"deploy": "deploy",
|
||||||
"digga": "digga",
|
"digga": "digga",
|
||||||
"flake-compat": "flake-compat_3",
|
"flake-compat": "flake-compat",
|
||||||
"home": "home",
|
"home": "home",
|
||||||
"latest": "latest_2",
|
"latest": "latest",
|
||||||
"master": "master",
|
"master": "master",
|
||||||
"naersk": "naersk",
|
|
||||||
"nixos": "nixos",
|
"nixos": "nixos",
|
||||||
"nixos-generators": "nixos-generators",
|
"nixos-generators": "nixos-generators",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
|
|
24
flake.nix
24
flake.nix
|
@ -18,6 +18,8 @@
|
||||||
digga.inputs.nixlib.follows = "nixos";
|
digga.inputs.nixlib.follows = "nixos";
|
||||||
digga.inputs.home-manager.follows = "home";
|
digga.inputs.home-manager.follows = "home";
|
||||||
digga.inputs.deploy.follows = "deploy";
|
digga.inputs.deploy.follows = "deploy";
|
||||||
|
digga.inputs.darwin.follows = "darwin";
|
||||||
|
digga.inputs.flake-compat.follows = "flake-compat";
|
||||||
|
|
||||||
home.url = "github:nix-community/home-manager/release-22.11";
|
home.url = "github:nix-community/home-manager/release-22.11";
|
||||||
home.inputs.nixpkgs.follows = "nixos";
|
home.inputs.nixpkgs.follows = "nixos";
|
||||||
|
@ -27,12 +29,11 @@
|
||||||
|
|
||||||
deploy.url = "github:serokell/deploy-rs";
|
deploy.url = "github:serokell/deploy-rs";
|
||||||
deploy.inputs.nixpkgs.follows = "nixos";
|
deploy.inputs.nixpkgs.follows = "nixos";
|
||||||
|
deploy.inputs.flake-compat.follows = "flake-compat";
|
||||||
|
|
||||||
agenix.url = "github:ryantm/agenix";
|
agenix.url = "github:ryantm/agenix";
|
||||||
agenix.inputs.nixpkgs.follows = "nixos";
|
agenix.inputs.nixpkgs.follows = "nixos";
|
||||||
|
agenix.inputs.darwin.follows = "darwin";
|
||||||
naersk.url = "github:nmattia/naersk";
|
|
||||||
naersk.inputs.nixpkgs.follows = "nixos";
|
|
||||||
|
|
||||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||||
|
|
||||||
|
@ -81,7 +82,7 @@
|
||||||
});
|
});
|
||||||
})
|
})
|
||||||
nur.overlay
|
nur.overlay
|
||||||
agenix.overlay
|
agenix.overlays.default
|
||||||
|
|
||||||
(import ./pkgs)
|
(import ./pkgs)
|
||||||
];
|
];
|
||||||
|
@ -154,11 +155,16 @@
|
||||||
base = [direnv git];
|
base = [direnv git];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users = {
|
users = let
|
||||||
pub-solar = {suites, ...}: {imports = suites.base;};
|
default = {suites, ...}: {
|
||||||
ben = {suites, ...}: {imports = suites.base;};
|
imports = suites.base;
|
||||||
yule = {suites, ...}: {imports = suites.base;};
|
home.stateVersion = "21.03";
|
||||||
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
};
|
||||||
|
in {
|
||||||
|
pub-solar = default;
|
||||||
|
ben = default;
|
||||||
|
yule = default;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
devshell = ./shell;
|
devshell = ./shell;
|
||||||
|
|
106
modules/docker-ci-runner/default.nix
Normal file
106
modules/docker-ci-runner/default.nix
Normal file
|
@ -0,0 +1,106 @@
|
||||||
|
{ lib, config, pkgs, self, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
bootstrap = pkgs.writeScript "bootstrap.sh" ''
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
apt update
|
||||||
|
apt install --yes curl git sudo xz-utils
|
||||||
|
|
||||||
|
adduser --system --uid 999 build
|
||||||
|
chown build /nix
|
||||||
|
|
||||||
|
sudo -u build curl -L https://nixos.org/nix/install > install
|
||||||
|
sudo -u build sh install
|
||||||
|
|
||||||
|
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
|
||||||
|
|
||||||
|
mkdir /etc/nix
|
||||||
|
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
|
||||||
|
|
||||||
|
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
|
||||||
|
mkdir -p $(dirname \\$nix_user_config_file)
|
||||||
|
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
|
||||||
|
chown -R build /home/build/
|
||||||
|
|
||||||
|
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
|
||||||
|
sudo install -t /usr/local/bin drone-runner-exec
|
||||||
|
|
||||||
|
if [ ! -f /run/vars ]; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
cp -a /run/vars /run/runtime-vars
|
||||||
|
env | grep "DRONE" >> /run/runtime-vars
|
||||||
|
|
||||||
|
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
|
||||||
|
'';
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
cfg = config.pub-solar.docker-ci-runner;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.pub-solar.docker-ci-runner = {
|
||||||
|
enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
|
||||||
|
|
||||||
|
enableKvm = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
Enable kvm support.
|
||||||
|
'';
|
||||||
|
default = true;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
nixCacheLocation = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
Location of nix cache that is shared between builds
|
||||||
|
'';
|
||||||
|
default = "/var/lib/docker-ci-runner";
|
||||||
|
type = types.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
runnerEnvironment = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
Additional environment vars added to the vars file on container runtime
|
||||||
|
'';
|
||||||
|
default = {};
|
||||||
|
};
|
||||||
|
|
||||||
|
runnerVarsFile = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
Location of vars file passed to drone runner
|
||||||
|
'';
|
||||||
|
type = types.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
virtualisation = {
|
||||||
|
docker = {
|
||||||
|
enable = true; # sadly podman is not supported rightnow
|
||||||
|
};
|
||||||
|
|
||||||
|
oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
containers."drone-exec-runner" = {
|
||||||
|
image = "debian";
|
||||||
|
autoStart = true;
|
||||||
|
entrypoint = "bash";
|
||||||
|
cmd = [ "/bootstrap.sh" ];
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${cfg.runnerVarsFile}:/run/vars"
|
||||||
|
"${cfg.nixCacheLocation}:/nix"
|
||||||
|
"${bootstrap}:/bootstrap.sh"
|
||||||
|
];
|
||||||
|
|
||||||
|
environment = cfg.runnerEnvironment;
|
||||||
|
|
||||||
|
extraOptions = lib.mkIf cfg.enableKvm [ "--device=/dev/kvm" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -16,7 +16,6 @@ channels: final: prev: {
|
||||||
signal-desktop
|
signal-desktop
|
||||||
starship
|
starship
|
||||||
deploy-rs
|
deploy-rs
|
||||||
nix
|
|
||||||
tdesktop
|
tdesktop
|
||||||
arduino
|
arduino
|
||||||
arduino-cli
|
arduino-cli
|
||||||
|
|
|
@ -88,15 +88,5 @@ in {
|
||||||
|
|
||||||
# Allow unfree packages only on a user basis, not on a system-wide basis
|
# Allow unfree packages only on a user basis, not on a system-wide basis
|
||||||
xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } ";
|
xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } ";
|
||||||
|
|
||||||
# This value determines the Home Manager release that your
|
|
||||||
# configuration is compatible with. This helps avoid breakage
|
|
||||||
# when a new Home Manager release introduces backwards
|
|
||||||
# incompatible changes.
|
|
||||||
#
|
|
||||||
# You can update Home Manager without changing this value. See
|
|
||||||
# the Home Manager release notes for a list of state version
|
|
||||||
# changes in each release.
|
|
||||||
home.stateVersion = "21.03";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
shellcheck
|
shellcheck
|
||||||
shfmt
|
shfmt
|
||||||
treefmt
|
treefmt
|
||||||
|
nixos-generators
|
||||||
;
|
;
|
||||||
|
|
||||||
inherit
|
inherit
|
||||||
|
@ -62,7 +63,7 @@ in {
|
||||||
(devos cachix)
|
(devos cachix)
|
||||||
]
|
]
|
||||||
++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [
|
++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [
|
||||||
(devos inputs.nixos-generators.defaultPackage.${pkgs.system})
|
(devos nixos-generators)
|
||||||
(devos deploy-rs)
|
(devos deploy-rs)
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue