Merge branch 'main' into b12f

This commit is contained in:
Benjamin Bädorf 2023-02-01 13:52:00 +01:00
commit a97bf09324
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
7 changed files with 172 additions and 164 deletions

View file

@ -11,7 +11,7 @@ steps:
event: event:
- pull_request - pull_request
environment: environment:
NIX_FLAGS: "--print-build-logs --verbose" NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
commands: commands:
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
- nix $$NIX_FLAGS develop --command nix flake show - nix $$NIX_FLAGS develop --command nix flake show
@ -27,7 +27,7 @@ node:
steps: steps:
- name: "Tests" - name: "Tests"
environment: environment:
NIX_FLAGS: "--print-build-logs --verbose" NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
commands: commands:
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
- nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest" - nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
@ -93,7 +93,7 @@ steps:
- name: "Build ISO" - name: "Build ISO"
image: docker.nix-community.org/nixpkgs/nix-flakes:latest image: docker.nix-community.org/nixpkgs/nix-flakes:latest
environment: environment:
NIX_FLAGS: "--print-build-logs --verbose" NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
volumes: volumes:
- name: file-exchange - name: file-exchange
path: /var/nix/iso-cache path: /var/nix/iso-cache
@ -126,7 +126,7 @@ steps:
from_secret: iso_web_ssh_port from_secret: iso_web_ssh_port
key: key:
from_secret: iso_web_ssh_key from_secret: iso_web_ssh_key
target: /srv/os/download target: /srv/www/os/download
source: source:
- /var/nix/iso-cache/*.iso - /var/nix/iso-cache/*.iso
- /var/nix/iso-cache/*.iso.sha256 - /var/nix/iso-cache/*.iso.sha256
@ -148,6 +148,6 @@ volumes:
--- ---
kind: signature kind: signature
hmac: 291be33bbf2954d1f5e4bf569679e24a773e7d6f90db4765fb9dacb3686a825e hmac: 0c0994f0878cdb49172772f78c9a772f5c75830b49c1c22bd15db385fe857e17
... ...

View file

@ -2,16 +2,19 @@
"nodes": { "nodes": {
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": [
"darwin"
],
"nixpkgs": [ "nixpkgs": [
"nixos" "nixos"
] ]
}, },
"locked": { "locked": {
"lastModified": 1673301561, "lastModified": 1675176355,
"narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=", "narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68", "rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -20,21 +23,6 @@
"type": "github" "type": "github"
} }
}, },
"blank": {
"locked": {
"lastModified": 1625557891,
"narHash": "sha256-O8/MWsPBGhhyPoPLHZAuoZiiHo9q6FLlEeIDEXuj6T4=",
"owner": "divnix",
"repo": "blank",
"rev": "5a5d2684073d9f563072ed07c871d577a6c614a8",
"type": "github"
},
"original": {
"owner": "divnix",
"repo": "blank",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -55,30 +43,11 @@
"type": "github" "type": "github"
} }
}, },
"darwin_2": {
"inputs": {
"nixpkgs": [
"digga",
"nixpkgs"
]
},
"locked": {
"lastModified": 1651916036,
"narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy": { "deploy": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": [
"flake-compat"
],
"nixpkgs": [ "nixpkgs": [
"nixos" "nixos"
], ],
@ -107,11 +76,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1655976588, "lastModified": 1671489820,
"narHash": "sha256-VreHyH6ITkf/1EX/8h15UqhddJnUleb0HgbC3gMkAEQ=", "narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "899ca4629020592a13a46783587f6e674179d1db", "rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -122,18 +91,21 @@
}, },
"digga": { "digga": {
"inputs": { "inputs": {
"blank": "blank", "darwin": [
"darwin": "darwin_2", "darwin"
],
"deploy": [ "deploy": [
"deploy" "deploy"
], ],
"devshell": "devshell", "devshell": "devshell",
"flake-compat": "flake-compat_2", "flake-compat": [
"flake-compat"
],
"flake-utils": "flake-utils_2",
"flake-utils-plus": "flake-utils-plus", "flake-utils-plus": "flake-utils-plus",
"home-manager": [ "home-manager": [
"home" "home"
], ],
"latest": "latest",
"nixlib": [ "nixlib": [
"nixos" "nixos"
], ],
@ -143,11 +115,11 @@
"nixpkgs-unstable": "nixpkgs-unstable" "nixpkgs-unstable": "nixpkgs-unstable"
}, },
"locked": { "locked": {
"lastModified": 1661600857, "lastModified": 1674947971,
"narHash": "sha256-KfQCcTtfvU0PXV4fD9XKIMcKx9lUUR0xWJoBgc12fKE=", "narHash": "sha256-6gKqegJHs72jnfFP9g2sihl4fIZgtKgKuqU2rCkIdGY=",
"owner": "pub-solar", "owner": "pub-solar",
"repo": "digga", "repo": "digga",
"rev": "c902b3ef0aa45cb4f336c390f647bb182c38a221", "rev": "2da608bd8afb48afef82c6b1b6d852a36094a497",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -158,38 +130,6 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -222,7 +162,10 @@
}, },
"flake-utils-plus": { "flake-utils-plus": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2" "flake-utils": [
"digga",
"flake-utils"
]
}, },
"locked": { "locked": {
"lastModified": 1654029967, "lastModified": 1654029967,
@ -241,11 +184,11 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"locked": { "locked": {
"lastModified": 1644229661, "lastModified": 1667395993,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -278,27 +221,11 @@
}, },
"latest": { "latest": {
"locked": { "locked": {
"lastModified": 1657265485, "lastModified": 1675115703,
"narHash": "sha256-PUQ9C7mfi0/BnaAUX2R/PIkoNCb/Jtx9EpnhMBNrO/o=", "narHash": "sha256-4zetAPSyY0D77x+Ww9QBe8RHn1akvIvHJ/kgg8kGDbk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b39924fc7764c08ae3b51beef9a3518c414cdb7d", "rev": "2caf4ef5005ecc68141ecb4aac271079f7371c44",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"latest_2": {
"locked": {
"lastModified": 1674641431,
"narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -310,11 +237,11 @@
}, },
"master": { "master": {
"locked": { "locked": {
"lastModified": 1674941334, "lastModified": 1675254005,
"narHash": "sha256-hLNilB0cO4KTUhqOLRfuJMakmNyitKUfj37u1DtRX6w=", "narHash": "sha256-n1qq2Qcz7DvPiB6emdRk/dx4uUgaFy0ojgKg3NBIwTU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "327dc97d8708c65bde5e41e210c335df4e18c3bb", "rev": "1efc432d4f72c0e3146c1dd2e8a3ffa705be8a04",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -324,26 +251,6 @@
"type": "github" "type": "github"
} }
}, },
"naersk": {
"inputs": {
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1671096816,
"narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=",
"owner": "nmattia",
"repo": "naersk",
"rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114",
"type": "github"
},
"original": {
"owner": "nmattia",
"repo": "naersk",
"type": "github"
}
},
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1636849918, "lastModified": 1636849918,
@ -361,11 +268,11 @@
}, },
"nixos": { "nixos": {
"locked": { "locked": {
"lastModified": 1674868155, "lastModified": 1675154384,
"narHash": "sha256-eFNm2h6fNbgD7ZpO4MHikCB5pSnCJ7DTmwPisjetmwc=", "narHash": "sha256-gUXzyTS3WsO3g2Rz0qOYR2a26whkyL2UfTr1oPH9mm8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ce20e9ebe1903ea2ba1ab006ec63093020c761cb", "rev": "0218941ea68b4c625533bead7bbb94ccce52dceb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -427,16 +334,16 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1657292830, "lastModified": 1672791794,
"narHash": "sha256-ldfVSTveWceDCmW6gf3B4kR6vwmz/XS80y5wsLLHFJU=", "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "334ec8b503c3981e37a04b817a70e8d026ea9e84", "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixpkgs-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -475,11 +382,10 @@
"darwin": "darwin", "darwin": "darwin",
"deploy": "deploy", "deploy": "deploy",
"digga": "digga", "digga": "digga",
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat",
"home": "home", "home": "home",
"latest": "latest_2", "latest": "latest",
"master": "master", "master": "master",
"naersk": "naersk",
"nixos": "nixos", "nixos": "nixos",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",

View file

@ -18,6 +18,8 @@
digga.inputs.nixlib.follows = "nixos"; digga.inputs.nixlib.follows = "nixos";
digga.inputs.home-manager.follows = "home"; digga.inputs.home-manager.follows = "home";
digga.inputs.deploy.follows = "deploy"; digga.inputs.deploy.follows = "deploy";
digga.inputs.darwin.follows = "darwin";
digga.inputs.flake-compat.follows = "flake-compat";
home.url = "github:nix-community/home-manager/release-22.11"; home.url = "github:nix-community/home-manager/release-22.11";
home.inputs.nixpkgs.follows = "nixos"; home.inputs.nixpkgs.follows = "nixos";
@ -27,12 +29,11 @@
deploy.url = "github:serokell/deploy-rs"; deploy.url = "github:serokell/deploy-rs";
deploy.inputs.nixpkgs.follows = "nixos"; deploy.inputs.nixpkgs.follows = "nixos";
deploy.inputs.flake-compat.follows = "flake-compat";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixos"; agenix.inputs.nixpkgs.follows = "nixos";
agenix.inputs.darwin.follows = "darwin";
naersk.url = "github:nmattia/naersk";
naersk.inputs.nixpkgs.follows = "nixos";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
@ -81,7 +82,7 @@
}); });
}) })
nur.overlay nur.overlay
agenix.overlay agenix.overlays.default
(import ./pkgs) (import ./pkgs)
]; ];
@ -154,11 +155,16 @@
base = [direnv git]; base = [direnv git];
}; };
}; };
users = { users = let
pub-solar = {suites, ...}: {imports = suites.base;}; default = {suites, ...}: {
ben = {suites, ...}: {imports = suites.base;}; imports = suites.base;
yule = {suites, ...}: {imports = suites.base;}; home.stateVersion = "21.03";
}; # digga.lib.importers.rakeLeaves ./users/hm; };
in {
pub-solar = default;
ben = default;
yule = default;
};
}; };
devshell = ./shell; devshell = ./shell;

View file

@ -0,0 +1,106 @@
{ lib, config, pkgs, self, ... }:
with lib;
let
bootstrap = pkgs.writeScript "bootstrap.sh" ''
#!/usr/bin/env bash
set -e
apt update
apt install --yes curl git sudo xz-utils
adduser --system --uid 999 build
chown build /nix
sudo -u build curl -L https://nixos.org/nix/install > install
sudo -u build sh install
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
mkdir /etc/nix
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
mkdir -p $(dirname \\$nix_user_config_file)
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
chown -R build /home/build/
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
sudo install -t /usr/local/bin drone-runner-exec
if [ ! -f /run/vars ]; then
exit 1
fi
cp -a /run/vars /run/runtime-vars
env | grep "DRONE" >> /run/runtime-vars
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
'';
psCfg = config.pub-solar;
cfg = config.pub-solar.docker-ci-runner;
in
{
options.pub-solar.docker-ci-runner = {
enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
enableKvm = lib.mkOption {
description = ''
Enable kvm support.
'';
default = true;
type = types.bool;
};
nixCacheLocation = lib.mkOption {
description = ''
Location of nix cache that is shared between builds
'';
default = "/var/lib/docker-ci-runner";
type = types.path;
};
runnerEnvironment = lib.mkOption {
description = ''
Additional environment vars added to the vars file on container runtime
'';
default = {};
};
runnerVarsFile = lib.mkOption {
description = ''
Location of vars file passed to drone runner
'';
type = types.path;
};
};
config = lib.mkIf cfg.enable {
virtualisation = {
docker = {
enable = true; # sadly podman is not supported rightnow
};
oci-containers = {
backend = "docker";
containers."drone-exec-runner" = {
image = "debian";
autoStart = true;
entrypoint = "bash";
cmd = [ "/bootstrap.sh" ];
volumes = [
"${cfg.runnerVarsFile}:/run/vars"
"${cfg.nixCacheLocation}:/nix"
"${bootstrap}:/bootstrap.sh"
];
environment = cfg.runnerEnvironment;
extraOptions = lib.mkIf cfg.enableKvm [ "--device=/dev/kvm" ];
};
};
};
};
}

View file

@ -16,7 +16,6 @@ channels: final: prev: {
signal-desktop signal-desktop
starship starship
deploy-rs deploy-rs
nix
tdesktop tdesktop
arduino arduino
arduino-cli arduino-cli

View file

@ -88,15 +88,5 @@ in {
# Allow unfree packages only on a user basis, not on a system-wide basis # Allow unfree packages only on a user basis, not on a system-wide basis
xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } "; xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } ";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "21.03";
}; };
} }

View file

@ -17,6 +17,7 @@
shellcheck shellcheck
shfmt shfmt
treefmt treefmt
nixos-generators
; ;
inherit inherit
@ -62,7 +63,7 @@ in {
(devos cachix) (devos cachix)
] ]
++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [ ++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [
(devos inputs.nixos-generators.defaultPackage.${pkgs.system}) (devos nixos-generators)
(devos deploy-rs) (devos deploy-rs)
]; ];
} }