teutat3s/os
2
0
Fork 0
forked from pub-solar/os
Code Pull requests Activity

Merge branch 'main' into teutat3s-bash

Browse source
This commit is contained in:
teutat3s 2023-02-01 19:05:57 +01:00
parent 05c3ad8207 df569f3215
commit 001a1de2e8
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
6 changed files with 191 additions and 211 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.drone.yml
View file

@ -11,7 +11,7 @@ steps:
event:
- pull_request
environment:
NIX_FLAGS: "--print-build-logs --verbose"
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
commands:
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
- nix $$NIX_FLAGS develop --command nix flake show
@ -27,7 +27,7 @@ node:
steps:
- name: "Tests"
environment:
NIX_FLAGS: "--print-build-logs --verbose"
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
commands:
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
- nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
@ -93,7 +93,7 @@ steps:
- name: "Build ISO"
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
environment:
NIX_FLAGS: "--print-build-logs --verbose"
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
volumes:
- name: file-exchange
path: /var/nix/iso-cache
@ -126,7 +126,7 @@ steps:
from_secret: iso_web_ssh_port
key:
from_secret: iso_web_ssh_key
target: /srv/os/download
target: /srv/www/os/download
source:
- /var/nix/iso-cache/*.iso
- /var/nix/iso-cache/*.iso.sha256
@ -148,6 +148,6 @@ volumes:
---
kind: signature
hmac: 291be33bbf2954d1f5e4bf569679e24a773e7d6f90db4765fb9dacb3686a825e
hmac: 0c0994f0878cdb49172772f78c9a772f5c75830b49c1c22bd15db385fe857e17
...

246
flake.lock
View file

@ -2,16 +2,19 @@
"nodes": {
"agenix": {
"inputs": {
"darwin": [
"darwin"
],
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1673301561,
"narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=",
"lastModified": 1675176355,
"narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68",
"rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28",
"type": "github"
},
"original": {
@ -20,21 +23,6 @@
"type": "github"
}
},
"blank": {
"locked": {
"lastModified": 1625557891,
"narHash": "sha256-O8/MWsPBGhhyPoPLHZAuoZiiHo9q6FLlEeIDEXuj6T4=",
"owner": "divnix",
"repo": "blank",
"rev": "5a5d2684073d9f563072ed07c871d577a6c614a8",
"type": "github"
},
"original": {
"owner": "divnix",
"repo": "blank",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -55,30 +43,11 @@
"type": "github"
}
},
"darwin_2": {
"inputs": {
"nixpkgs": [
"digga",
"nixpkgs"
]
},
"locked": {
"lastModified": 1651916036,
"narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixos"
],
@ -107,11 +76,11 @@
]
},
"locked": {
"lastModified": 1655976588,
"narHash": "sha256-VreHyH6ITkf/1EX/8h15UqhddJnUleb0HgbC3gMkAEQ=",
"lastModified": 1671489820,
"narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=",
"owner": "numtide",
"repo": "devshell",
"rev": "899ca4629020592a13a46783587f6e674179d1db",
"rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634",
"type": "github"
},
"original": {
@ -123,7 +92,7 @@
"devshell_2": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1663445644,
@ -141,18 +110,21 @@
},
"digga": {
"inputs": {
"blank": "blank",
"darwin": "darwin_2",
"darwin": [
"darwin"
],
"deploy": [
"deploy"
],
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-compat": [
"flake-compat"
],
"flake-utils": "flake-utils_2",
"flake-utils-plus": "flake-utils-plus",
"home-manager": [
"home"
],
"latest": "latest",
"nixlib": [
"nixos"
],
@ -162,11 +134,11 @@
"nixpkgs-unstable": "nixpkgs-unstable"
},
"locked": {
"lastModified": 1661600857,
"narHash": "sha256-KfQCcTtfvU0PXV4fD9XKIMcKx9lUUR0xWJoBgc12fKE=",
"lastModified": 1674947971,
"narHash": "sha256-6gKqegJHs72jnfFP9g2sihl4fIZgtKgKuqU2rCkIdGY=",
"owner": "pub-solar",
"repo": "digga",
"rev": "c902b3ef0aa45cb4f336c390f647bb182c38a221",
"rev": "2da608bd8afb48afef82c6b1b6d852a36094a497",
"type": "github"
},
"original": {
@ -200,38 +172,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -264,7 +204,10 @@
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_2"
"flake-utils": [
"digga",
"flake-utils"
]
},
"locked": {
"lastModified": 1654029967,
@ -283,11 +226,11 @@
},
"flake-utils_2": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@ -381,27 +324,11 @@
},
"latest": {
"locked": {
"lastModified": 1657265485,
"narHash": "sha256-PUQ9C7mfi0/BnaAUX2R/PIkoNCb/Jtx9EpnhMBNrO/o=",
"lastModified": 1675183161,
"narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b39924fc7764c08ae3b51beef9a3518c414cdb7d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"latest_2": {
"locked": {
"lastModified": 1674641431,
"narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc",
"rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
"type": "github"
},
"original": {
@ -413,11 +340,11 @@
},
"master": {
"locked": {
"lastModified": 1674941607,
"narHash": "sha256-z44KWUWTnMD9J4MWjrMtpkKq0exnFoai+NoE2KxNf9s=",
"lastModified": 1675274166,
"narHash": "sha256-zBBURakOktVkb/xGgLujwSTo7BKSvM3r3Iah5pK6Ego=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3d32d7adcd08b8486447bdc861382cd486a57c19",
"rev": "08ee77ebcaa3c42db730baf39cdbed30a32b5266",
"type": "github"
},
"original": {
@ -430,29 +357,28 @@
"naersk": {
"inputs": {
"nixpkgs": [
"nixos"
"nix-autobahn",
"nixpkgs"
]
},
"locked": {
"lastModified": 1671096816,
"narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=",
"owner": "nmattia",
"repo": "naersk",
"rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114",
"type": "github"
"lastModified": 1655042882,
"narHash": "sha256-9BX8Fuez5YJlN7cdPO63InoyBy7dm3VlJkkmTt6fS1A=",
"ref": "master",
"rev": "cddffb5aa211f50c4b8750adbec0bbbdfb26bb9f",
"revCount": 302,
"type": "git",
"url": "https://github.com/nix-community/naersk"
},
"original": {
"owner": "nmattia",
"repo": "naersk",
"type": "github"
"type": "git",
"url": "https://github.com/nix-community/naersk"
}
},
"nix-autobahn": {
"inputs": {
"fenix": "fenix",
"naersk": [
"naersk"
],
"naersk": "naersk",
"nixpkgs": [
"latest"
],
@ -472,28 +398,13 @@
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1636849918,
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos": {
"locked": {
"lastModified": 1674868155,
"narHash": "sha256-eFNm2h6fNbgD7ZpO4MHikCB5pSnCJ7DTmwPisjetmwc=",
"lastModified": 1675237434,
"narHash": "sha256-YoFR0vyEa1HXufLNIFgOGhIFMRnY6aZ0IepZF5cYemo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ce20e9ebe1903ea2ba1ab006ec63093020c761cb",
"rev": "285b3ff0660640575186a4086e1f8dc0df2874b5",
"type": "github"
},
"original": {
@ -519,25 +430,6 @@
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1674666581,
"narHash": "sha256-KNI2s/xrL7WOYaPJAWKBtb7cCH3335rLfsL+B+ssuGY=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "6a5dc1d3d557ea7b5c19b15ff91955124d0400fa",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1674550793,
@ -555,11 +447,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1637186689,
"narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
"lastModified": 1643381941,
"narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
"rev": "5efc8ca954272c4376ac929f4c5ffefcc20551d5",
"type": "github"
},
"original": {
@ -571,32 +463,16 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1657292830,
"narHash": "sha256-ldfVSTveWceDCmW6gf3B4kR6vwmz/XS80y5wsLLHFJU=",
"lastModified": 1672791794,
"narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "334ec8b503c3981e37a04b817a70e8d026ea9e84",
"rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1643381941,
"narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5efc8ca954272c4376ac929f4c5ffefcc20551d5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -619,16 +495,14 @@
"darwin": "darwin",
"deploy": "deploy",
"digga": "digga",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat",
"fork": "fork",
"home": "home",
"latest": "latest_2",
"latest": "latest",
"master": "master",
"naersk": "naersk",
"nix-autobahn": "nix-autobahn",
"nixos": "nixos",
"nixos-22-05": "nixos-22-05",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nur": "nur",
"triton-vmtools": "triton-vmtools",

24
flake.nix
View file

@ -21,6 +21,8 @@
digga.inputs.nixlib.follows = "nixos";
digga.inputs.home-manager.follows = "home";
digga.inputs.deploy.follows = "deploy";
digga.inputs.darwin.follows = "darwin";
digga.inputs.flake-compat.follows = "flake-compat";
home.url = "github:nix-community/home-manager/release-22.11";
home.inputs.nixpkgs.follows = "nixos";
@ -30,17 +32,14 @@
deploy.url = "github:serokell/deploy-rs";
deploy.inputs.nixpkgs.follows = "nixos";
deploy.inputs.flake-compat.follows = "flake-compat";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixos";
naersk.url = "github:nmattia/naersk";
naersk.inputs.nixpkgs.follows = "nixos";
agenix.inputs.darwin.follows = "darwin";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-generators.url = "github:nix-community/nixos-generators";
# PubSolarOS additions
triton-vmtools.url = "git+https://git.b12f.io/pub-solar/infra?ref=main&dir=vmtools";
triton-vmtools.inputs.nixpkgs.follows = "latest";
@ -50,7 +49,6 @@
nix-autobahn.url = "github:wucke13/nix-autobahn";
nix-autobahn.inputs.nixpkgs.follows = "latest";
nix-autobahn.inputs.naersk.follows = "naersk";
};
outputs = {
@ -97,7 +95,7 @@
});
})
nur.overlay
agenix.overlay
agenix.overlays.default
(import ./pkgs)
];
@ -172,8 +170,16 @@
};
};
users = {
pub-solar = {suites, ...}: {imports = suites.base;};
teutat3s = {suites, ...}: {imports = suites.base;};
pub-solar = {suites, ...}: {
imports = suites.base;
home.stateVersion = "21.03";
};
teutat3s = {suites, ...}: {
imports = suites.base;
home.stateVersion = "21.03";
};
}; # digga.lib.importers.rakeLeaves ./users/hm;
};

109
modules/docker-ci-runner/default.nix Normal file
View file

@ -0,0 +1,109 @@
{
lib,
config,
pkgs,
self,
...
}:
with lib; let
bootstrap = pkgs.writeScript "bootstrap.sh" ''
#!/usr/bin/env bash
set -e
apt update
apt install --yes curl git sudo xz-utils
adduser --system --uid 999 build
chown build /nix
sudo -u build curl -L https://nixos.org/nix/install > install
sudo -u build sh install
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
mkdir /etc/nix
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
mkdir -p $(dirname \\$nix_user_config_file)
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
chown -R build /home/build/
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
sudo install -t /usr/local/bin drone-runner-exec
if [ ! -f /run/vars ]; then
exit 1
fi
cp -a /run/vars /run/runtime-vars
env | grep "DRONE" >> /run/runtime-vars
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
'';
psCfg = config.pub-solar;
cfg = config.pub-solar.docker-ci-runner;
in {
options.pub-solar.docker-ci-runner = {
enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
enableKvm = lib.mkOption {
description = ''
Enable kvm support.
'';
default = true;
type = types.bool;
};
nixCacheLocation = lib.mkOption {
description = ''
Location of nix cache that is shared between builds
'';
default = "/var/lib/docker-ci-runner";
type = types.path;
};
runnerEnvironment = lib.mkOption {
description = ''
Additional environment vars added to the vars file on container runtime
'';
default = {};
};
runnerVarsFile = lib.mkOption {
description = ''
Location of vars file passed to drone runner
'';
type = types.path;
};
};
config = lib.mkIf cfg.enable {
virtualisation = {
docker = {
enable = true; # sadly podman is not supported rightnow
};
oci-containers = {
backend = "docker";
containers."drone-exec-runner" = {
image = "debian";
autoStart = true;
entrypoint = "bash";
cmd = ["/bootstrap.sh"];
volumes = [
"${cfg.runnerVarsFile}:/run/vars"
"${cfg.nixCacheLocation}:/nix"
"${bootstrap}:/bootstrap.sh"
];
environment = cfg.runnerEnvironment;
extraOptions = lib.mkIf cfg.enableKvm ["--device=/dev/kvm"];
};
};
};
};
}

10
profiles/base-user/home.nix
View file

@ -99,15 +99,5 @@ in {
# Allow unfree packages only on a user basis, not on a system-wide basis
xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } ";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "21.03";
};
}

3
shell/devos.nix
View file

@ -17,6 +17,7 @@
shellcheck
shfmt
treefmt
nixos-generators
;
inherit
@ -63,7 +64,7 @@ in {
(devos cachix)
]
++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [
(devos inputs.nixos-generators.defaultPackage.${pkgs.system})
(devos nixos-generators)
(devos deploy-rs)
];
}