pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

Merge branch 'main' into feature/mailman
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details

Browse source
This commit is contained in:
teutat3s 2023-02-01 10:10:28 +01:00
parent a8279af631 a18a883500
commit 2a756869e3
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
6 changed files with 124 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.drone.yml
View file

@ -11,7 +11,7 @@ steps:
event: event:
- pull_request - pull_request
environment: environment:
NIX_FLAGS: "--print-build-logs --verbose" NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
commands: commands:
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
- nix $$NIX_FLAGS develop --command nix flake show - nix $$NIX_FLAGS develop --command nix flake show
@ -27,7 +27,7 @@ node:
steps: steps:
- name: "Tests" - name: "Tests"
environment: environment:
NIX_FLAGS: "--print-build-logs --verbose" NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
commands: commands:
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
- nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest" - nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
@ -93,7 +93,7 @@ steps:
- name: "Build ISO" - name: "Build ISO"
image: docker.nix-community.org/nixpkgs/nix-flakes:latest image: docker.nix-community.org/nixpkgs/nix-flakes:latest
environment: environment:
NIX_FLAGS: "--print-build-logs --verbose" NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
volumes: volumes:
- name: file-exchange - name: file-exchange
path: /var/nix/iso-cache path: /var/nix/iso-cache

72
flake.lock
View file

@ -386,41 +386,6 @@
"type": "github" "type": "github"
} }
}, },
"naersk": {
"inputs": {
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1671096816,
"narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=",
"owner": "nmattia",
"repo": "naersk",
"rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114",
"type": "github"
},
"original": {
"owner": "nmattia",
"repo": "naersk",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1636849918,
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos": { "nixos": {
"locked": { "locked": {
"lastModified": 1674781052, "lastModified": 1674781052,
@ -437,25 +402,6 @@
"type": "github" "type": "github"
} }
}, },
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1674666581,
"narHash": "sha256-KNI2s/xrL7WOYaPJAWKBtb7cCH3335rLfsL+B+ssuGY=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "6a5dc1d3d557ea7b5c19b15ff91955124d0400fa",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1674550793, "lastModified": 1674550793,
@ -471,22 +417,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs": {
"locked": {
"lastModified": 1637186689,
"narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1657292830, "lastModified": 1657292830,
@ -525,9 +455,7 @@
"home": "home", "home": "home",
"keycloak-theme-pub-solar": "keycloak-theme-pub-solar", "keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
"latest": "latest_2", "latest": "latest_2",
"naersk": "naersk",
"nixos": "nixos", "nixos": "nixos",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nur": "nur", "nur": "nur",
"triton-vmtools": "triton-vmtools" "triton-vmtools": "triton-vmtools"

17
flake.nix
View file

@ -31,13 +31,8 @@
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixos"; agenix.inputs.nixpkgs.follows = "nixos";
naersk.url = "github:nmattia/naersk";
naersk.inputs.nixpkgs.follows = "nixos";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-generators.url = "github:nix-community/nixos-generators";
triton-vmtools.url = "git+https://git.b12f.io/pub-solar/infra?ref=main&dir=vmtools"; triton-vmtools.url = "git+https://git.b12f.io/pub-solar/infra?ref=main&dir=vmtools";
triton-vmtools.inputs.nixpkgs.follows = "nixos"; triton-vmtools.inputs.nixpkgs.follows = "nixos";
@ -152,8 +147,16 @@
}; };
}; };
users = { users = {
pub-solar = {suites, ...}: {imports = suites.base;}; pub-solar = {suites, ...}: {
barkeeper = {suites, ...}: {imports = suites.base;}; imports = suites.base;
home.stateVersion = "21.03";
};
barkeeper = {suites, ...}: {
imports = suites.base;
home.stateVersion = "21.03";
};
}; # digga.lib.importers.rakeLeaves ./users/hm; }; # digga.lib.importers.rakeLeaves ./users/hm;
}; };

109
modules/docker-ci-runner/default.nix Normal file
View file

@ -0,0 +1,109 @@
{
lib,
config,
pkgs,
self,
...
}:
with lib; let
bootstrap = pkgs.writeScript "bootstrap.sh" ''
#!/usr/bin/env bash
set -e
apt update
apt install --yes curl git sudo xz-utils
adduser --system --uid 999 build
chown build /nix
sudo -u build curl -L https://nixos.org/nix/install > install
sudo -u build sh install
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
mkdir /etc/nix
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
mkdir -p $(dirname \\$nix_user_config_file)
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
chown -R build /home/build/
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
sudo install -t /usr/local/bin drone-runner-exec
if [ ! -f /run/vars ]; then
exit 1
fi
cp -a /run/vars /run/runtime-vars
env | grep "DRONE" >> /run/runtime-vars
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
'';
psCfg = config.pub-solar;
cfg = config.pub-solar.docker-ci-runner;
in {
options.pub-solar.docker-ci-runner = {
enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
enableKvm = lib.mkOption {
description = ''
Enable kvm support.
'';
default = true;
type = types.bool;
};
nixCacheLocation = lib.mkOption {
description = ''
Location of nix cache that is shared between builds
'';
default = "/var/lib/docker-ci-runner";
type = types.path;
};
runnerEnvironment = lib.mkOption {
description = ''
Additional environment vars added to the vars file on container runtime
'';
default = {};
};
runnerVarsFile = lib.mkOption {
description = ''
Location of vars file passed to drone runner
'';
type = types.path;
};
};
config = lib.mkIf cfg.enable {
virtualisation = {
docker = {
enable = true; # sadly podman is not supported rightnow
};
oci-containers = {
backend = "docker";
containers."drone-exec-runner" = {
image = "debian";
autoStart = true;
entrypoint = "bash";
cmd = ["/bootstrap.sh"];
volumes = [
"${cfg.runnerVarsFile}:/run/vars"
"${cfg.nixCacheLocation}:/nix"
"${bootstrap}:/bootstrap.sh"
];
environment = cfg.runnerEnvironment;
extraOptions = lib.mkIf cfg.enableKvm ["--device=/dev/kvm"];
};
};
};
};
}

10
profiles/base-user/home.nix
View file

@ -88,15 +88,5 @@ in {
# Allow unfree packages only on a user basis, not on a system-wide basis # Allow unfree packages only on a user basis, not on a system-wide basis
xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } "; xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } ";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "21.03";
}; };
} }

3
shell/devos.nix
View file

@ -17,6 +17,7 @@
shellcheck shellcheck
shfmt shfmt
treefmt treefmt
nixos-generators
; ;
inherit inherit
@ -62,7 +63,7 @@ in {
(devos cachix) (devos cachix)
] ]
++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [ ++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [
(devos inputs.nixos-generators.defaultPackage.${pkgs.system}) (devos nixos-generators)
(devos deploy-rs) (devos deploy-rs)
]; ];
} }