jahanson/forgejo-ci-runners
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

second stab at cachix deploy

Browse source
This commit is contained in:
Joseph Hanson 2024-06-19 00:48:47 -05:00
parent f845423a0a
commit 8afc9ec097
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
2 changed files with 380 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

314
flake.lock
View file

@ -22,6 +22,29 @@
"type": "github" "type": "github"
} }
}, },
"cachix-flake": {
"inputs": {
"devenv": "devenv",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1718730519,
"narHash": "sha256-9/Jmflf9vs97uG0UyJXBSxsZzkpH9xOdeMMwBYhfHfQ=",
"owner": "cachix",
"repo": "cachix",
"rev": "7913ce3dce4439907a259480cf03ca3c5dd75725",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "cachix",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -43,6 +66,35 @@
"type": "github" "type": "github"
} }
}, },
"devenv": {
"inputs": {
"flake-compat": [
"cachix-flake",
"flake-compat"
],
"nix": "nix",
"nixpkgs": "nixpkgs_2",
"poetry2nix": "poetry2nix",
"pre-commit-hooks": [
"cachix-flake",
"pre-commit-hooks"
]
},
"locked": {
"lastModified": 1708704632,
"narHash": "sha256-w+dOIW60FKMaHI1q5714CSibk99JfYxm0CzTinYWr+Q=",
"owner": "cachix",
"repo": "devenv",
"rev": "2ee4450b0f4b95a1b90f2eb5ffea98b90e48c196",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "python-rewrite",
"repo": "devenv",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -66,7 +118,7 @@
}, },
"disko_2": { "disko_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1718588625, "lastModified": 1718588625,
@ -82,6 +134,54 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -108,6 +208,24 @@
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@ -122,6 +240,28 @@
"type": "github" "type": "github"
} }
}, },
"gitignore": {
"inputs": {
"nixpkgs": [
"cachix-flake",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -143,6 +283,54 @@
"type": "github" "type": "github"
} }
}, },
"nix": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"cachix-flake",
"devenv",
"nixpkgs"
],
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1708577783,
"narHash": "sha256-92xq7eXlxIT5zFNccLpjiP7sdQqQI30Gyui2p/PfKZM=",
"owner": "domenkozar",
"repo": "nix",
"rev": "ecd0af0c1f56de32cbad14daa1d82a132bf298f8",
"type": "github"
},
"original": {
"owner": "domenkozar",
"ref": "devenv-2.21",
"repo": "nix",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"cachix-flake",
"devenv",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688870561,
"narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "165b1650b753316aa7f1787f3005a8d2da0f5301",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixos-anywhere": { "nixos-anywhere": {
"inputs": { "inputs": {
"disko": [ "disko": [
@ -228,7 +416,39 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1718478900, "lastModified": 1718478900,
"narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
@ -245,6 +465,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1692808169,
"narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9201b5ff357e781bf014d0330d18555695df7ba8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1718276985, "lastModified": 1718276985,
"narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=", "narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=",
@ -260,7 +496,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1718437845, "lastModified": 1718437845,
"narHash": "sha256-ZT7Oc1g4I4pHVGGjQFnewFVDRLH5cIZhEzODLz9YXeY=", "narHash": "sha256-ZT7Oc1g4I4pHVGGjQFnewFVDRLH5cIZhEzODLz9YXeY=",
@ -276,7 +512,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1718541509, "lastModified": 1718541509,
"narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=", "narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=",
@ -292,12 +528,61 @@
"type": "github" "type": "github"
} }
}, },
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"cachix-flake",
"devenv",
"nixpkgs"
]
},
"locked": {
"lastModified": 1692876271,
"narHash": "sha256-IXfZEkI0Mal5y1jr6IRWMqK8GW2/f28xJenZIPQqkY0=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "d5006be9c2c2417dafb2e2e5034d83fabd207ee3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2",
"gitignore": "gitignore",
"nixpkgs": [
"cachix-flake",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1715609711,
"narHash": "sha256-/5u29K0c+4jyQ8x7dUIEUWlz2BoTSZWUP2quPwFCE7M=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "c182c876690380f8d3b9557c4609472ebfa1b141",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"cachix-deploy-flake": "cachix-deploy-flake", "cachix-deploy-flake": "cachix-deploy-flake",
"cachix-flake": "cachix-flake",
"disko": "disko_2", "disko": "disko_2",
"flake-utils": "flake-utils", "nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_3",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"srvos": "srvos" "srvos": "srvos"
} }
@ -307,7 +592,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1718506969, "lastModified": 1718506969,
@ -325,7 +610,7 @@
}, },
"srvos": { "srvos": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1718585173, "lastModified": 1718585173,
@ -356,6 +641,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [

152
flake.nix
View file

@ -6,7 +6,10 @@
srvos.url = "github:numtide/srvos"; srvos.url = "github:numtide/srvos";
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
cachix-deploy-flake.url = "github:cachix/cachix-deploy-flake"; cachix-deploy-flake.url = "github:cachix/cachix-deploy-flake";
flake-utils.url = "github:numtide/flake-utils"; cachix-flake = {
url = "github:cachix/cachix";
inputs.nixpkgs.follows = "nixpkgs";
};
# sops-nix - secrets with mozilla sops # sops-nix - secrets with mozilla sops
# https://github.com/Mic92/sops-nix # https://github.com/Mic92/sops-nix
sops-nix = { sops-nix = {
@ -15,85 +18,76 @@
}; };
}; };
outputs = { self, sops-nix, nixpkgs, srvos, disko, cachix-deploy-flake, flake-utils, ... }@inputs: outputs = { self, sops-nix, nixpkgs, srvos, disko, cachix-flake, cachix-deploy-flake, ... }@inputs:
flake-utils.lib.eachDefaultSystem ( let
system: { lib = nixpkgs.lib;
defaultPackage = let common = system: rec {
pkgs = import nixpkgs { inherit system; }; pkgs = import nixpkgs {
cachix-deploy-lib = cachix-deploy-flake.lib pkgs; inherit system;
in overlays = [
cachix-deploy-lib.spec (final: prev: {
{ cachix = cachix-flake.packages.${system}.default;
agents = { })
"fj-hetzner-aarch64-01" = cachix-deploy-lib.nixos { ];
# system = "aarch64-linux";
imports = [
sops-nix.nixosModules.sops
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko
./agents/fj-hetzner-aarch64.nix
(import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; })
{
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-hetzner-aarch64-01";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}];
};
"fj-shadowfax-01" = cachix-deploy-lib.nixos {
# system = "x86_64-linux";
imports = [
sops-nix.nixosModules.sops
./hardware/shadowfax-kubevirt.nix
srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko
./agents/fj-shadowfax-x86_64.nix
(import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; })
{
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-shadowfax-01";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}];
};
"fj-shadowfax-02" = cachix-deploy-lib.nixos {
# system = "x86_64-linux";
imports = [
sops-nix.nixosModules.sops
./hardware/shadowfax-kubevirt.nix
srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko
./agents/fj-shadowfax-x86_64.nix
(import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; })
{
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-shadowfax-02";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}];
};
};
}; };
}); cachix-deploy-lib = cachix-deploy-flake.lib pkgs;
};
in
{
packages.aarch64-linux.default =
let
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
in
cachix-deploy-lib.nixos {
# system = "aarch64-linux";
imports = [
sops-nix.nixosModules.sops
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko
./agents/fj-hetzner-aarch64.nix
(import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; })
{
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-hetzner-aarch64-01";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}];
};
packages.x86_64-linux.default =
let
inherit (common "x86_64-linux") cachix-deploy-lib pkgs;
in
cachix-deploy-lib.nixos {
imports = [
sops-nix.nixosModules.sops
./hardware/shadowfax-kubevirt.nix
srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko
./agents/fj-shadowfax-x86_64.nix
(import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; })
{
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-shadowfax-01";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}
];
};
};
# Convenience output that aggregates the outputs for home, nixos. # Convenience output that aggregates the outputs for home, nixos.
# Also used in ci to build targets generally. # Also used in ci to build targets generally.
# top = # top =