From 949c01f0cc78ecdbedf3987768af578d294f755b Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 1 Jan 2025 16:44:48 -0600 Subject: [PATCH] moving all config to one type and updating to 24.11, lots of flake updates --- .editorconfig | 8 + README.md | 49 ++-- examples/aarch64.md | 35 +++ examples/x86_64.md | 34 +++ flake.lock | 583 +++++++++++++++------------------------ flake.nix | 152 +++------- profiles/role-lxc-vm.nix | 4 +- 7 files changed, 362 insertions(+), 503 deletions(-) create mode 100644 examples/aarch64.md create mode 100644 examples/x86_64.md diff --git a/.editorconfig b/.editorconfig index cdab41e..2459fa0 100644 --- a/.editorconfig +++ b/.editorconfig @@ -2,7 +2,15 @@ root = true [*] end_of_line = lf insert_final_newline = true +indent_style = space +indent_size = 2 +charset = utf-8 +trim_trailing_whitespace = true [*.{yaml,yml,json5}] indent_style = space indent_size = 2 + +[*.md] +indent_size = 4 +trim_trailing_whitespace = false diff --git a/README.md b/README.md index 9e83684..49ef33a 100644 --- a/README.md +++ b/README.md @@ -1,35 +1,30 @@ # Incus VM Build and Deploy -## Build +## Quick Start + +### Prerequisites: + +Add your forgejo runner token in 1Password at `op://forgejo-runner/forgejo-runner/runner_token` + +### Build, import, and deploy + ```sh -nix build .#nixosConfigurations.fj-lxc-vm-x86_64.config.system.build.qemuImage --print-out-paths -nix build .#nixosConfigurations.fj-lxc-vm-x86_64.config.system.build.metadata --print-out-paths +mise run build_import +mise run launch ``` -## Deploy +## Manually + +### Build + ```sh -incus image import --alias nixos-gen/custom/fj-lxc-vm-x86_64 ${metadatapath}/tarball/nixos-system-x86_64-linux.tar.xz ${qemuimageoutputpath}/nixos.qcow2 +qemuImageBuildPath=$(nix build .#nixosConfigurations.lxc-vm-x86_64.config.system.build.qemuImage --print-out-paths) +metadataBuildPath=$(nix build .#nixosConfigurations.lxc-vm-x86_64.config.system.build.metadata --print-out-paths) +``` + +### Deploy + +```sh +incus image import --alias nixos-gen/custom/lxc-vm-x86_64 ${metadataPath}/tarball/nixos-system-x86_64-linux.tar.xz ${qemuImageOutputPath}/nixos.qcow2 incus file push "$TOKEN_FILE" "$INCUS_INSTANCE/var/lib/forgejo/$TOKEN_FILE" --mode 400 ``` - -## Runner machine types - -Notice: The runners only run on VMs. No baremetal runners are available. - -Hetzner/x86 -Hetzner/aarch64 -lxc-vm/x86 - -## Tags used - -### Runner Tags - -| tag | description | -| --------------------------------------- | ---------------------------------------------------------- | -| docker | docker nodes | -| docker-x86_64:docker://node:20-bullseye | specifically the debian bullseye with node 20 docker image | -| x86_64 | x86 builders only | -| aarch64 | ARM builders only | -| linux | Specify if linux | -| remote | only use offsite runners | -| native-aarch64:host | run on runner host -- not docker | diff --git a/examples/aarch64.md b/examples/aarch64.md new file mode 100644 index 0000000..ebff165 --- /dev/null +++ b/examples/aarch64.md @@ -0,0 +1,35 @@ +# aarch64 example + +```nix +outputs = { ... }@inputs: +let + aarch64-linux-modules = [ + sops-nix.nixosModules.sops + srvos.nixosModules.hardware-hetzner-cloud + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + lix-module.nixosModules.default + ./profiles/role-fj-hetzner.nix + (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-hetzner-aarch64-01"; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + } + ]; +in { + nixosConfigurations = { + "fj-hetzner-aarch64" = lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = aarch64-linux-modules; + }; + }; +} +``` diff --git a/examples/x86_64.md b/examples/x86_64.md new file mode 100644 index 0000000..2b7314f --- /dev/null +++ b/examples/x86_64.md @@ -0,0 +1,34 @@ +# x86_64 example + +```nix +outputs = { ... }@inputs: +let + x86_64-linux-modules = [ + sops-nix.nixosModules.sops + ./profiles/hw-shadowfax.nix + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + lix-module.nixosModules.default + ./profiles/fj-shadowfax-x86_64.nix + (import ./disko-shadowfax.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-shadowfax-01"; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" + ]; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + } + ]; +in { + nixosConfigurations = { + "x86_64" = lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = x86_64-linux-modules; + }; + }; +} +``` diff --git a/flake.lock b/flake.lock index 6c999e7..cd44e83 100644 --- a/flake.lock +++ b/flake.lock @@ -2,33 +2,31 @@ "nodes": { "cachix": { "inputs": { - "devenv": "devenv_2", + "devenv": [ + "cachix-flake", + "devenv" + ], "flake-compat": [ "cachix-flake", - "devenv", - "flake-compat" + "devenv" ], - "nixpkgs": [ + "git-hooks": [ "cachix-flake", - "devenv", - "nixpkgs" + "devenv" ], - "pre-commit-hooks": [ - "cachix-flake", - "devenv", - "pre-commit-hooks" - ] + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1712055811, - "narHash": "sha256-7FcfMm5A/f02yyzuavJe06zLa9hcMHsagE28ADcmQvk=", + "lastModified": 1728672398, + "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=", "owner": "cachix", "repo": "cachix", - "rev": "02e38da89851ec7fec3356a5c04bc8349cae0e30", + "rev": "aac51f698309fd0f381149214b7eee213c66ef0a", "type": "github" }, "original": { "owner": "cachix", + "ref": "latest", "repo": "cachix", "type": "github" } @@ -42,11 +40,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1725305631, - "narHash": "sha256-RcpR2sN4BlNW6lEOIsa119QqgANsZM4Lrs1FnPSEHic=", + "lastModified": 1728048122, + "narHash": "sha256-2P7BjsQHpAjp+zjftGXSGwo0gepR79KJbBNRKJxsUyk=", "owner": "cachix", "repo": "cachix-deploy-flake", - "rev": "aaca8c67c1d86fc3908ff0c471991a08e829426e", + "rev": "f363e7ba6661f0e342707b98224c85599fdfb1cc", "type": "github" }, "original": { @@ -58,18 +56,18 @@ "cachix-flake": { "inputs": { "devenv": "devenv", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "git-hooks": "git-hooks", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1724232775, - "narHash": "sha256-6u2DycIEgrgNYlLxyGqdFVmBNiKIitnQKJ1pbRP5oko=", + "lastModified": 1733424942, + "narHash": "sha256-5t7Sl6EkOaoP4FvzLmH7HFDbdl9SizmLh53RjDQCbWQ=", "owner": "cachix", "repo": "cachix", - "rev": "03b6cb3f953097bff378fb8b9ea094bd091a4ec7", + "rev": "8b6b0e4694b9aa78b2ea4c93bff6e1a222dc7e4a", "type": "github" }, "original": { @@ -86,11 +84,11 @@ ] }, "locked": { - "lastModified": 1715871485, - "narHash": "sha256-ywapEXmBBI+DVRx/YYC6+6Lk+W8vhShz1uJNvqPKzng=", + "lastModified": 1727999297, + "narHash": "sha256-LTJuQPCsSItZ/8TieFeP30iY+uaLoD0mT0tAj1gLeyQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "cb02884fa1ff5a619a44ab5f1bcc4dedd2d623c2", + "rev": "8c8388ade72e58efdeae71b4cbb79e872c23a56b", "type": "github" }, "original": { @@ -106,22 +104,22 @@ "cachix-flake", "flake-compat" ], - "nix": "nix_2", + "git-hooks": [ + "cachix-flake", + "git-hooks" + ], + "nix": "nix", "nixpkgs": [ "cachix-flake", "nixpkgs" - ], - "pre-commit-hooks": [ - "cachix-flake", - "git-hooks" ] }, "locked": { - "lastModified": 1723156315, - "narHash": "sha256-0JrfahRMJ37Rf1i0iOOn+8Z4CLvbcGNwa2ChOAVrp/8=", + "lastModified": 1733323168, + "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=", "owner": "cachix", "repo": "devenv", - "rev": "ff5eb4f2accbcda963af67f1a1159e3f6c7f5f91", + "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064", "type": "github" }, "original": { @@ -130,39 +128,6 @@ "type": "github" } }, - "devenv_2": { - "inputs": { - "flake-compat": [ - "cachix-flake", - "devenv", - "cachix", - "flake-compat" - ], - "nix": "nix", - "nixpkgs": "nixpkgs_2", - "poetry2nix": "poetry2nix", - "pre-commit-hooks": [ - "cachix-flake", - "devenv", - "cachix", - "pre-commit-hooks" - ] - }, - "locked": { - "lastModified": 1708704632, - "narHash": "sha256-w+dOIW60FKMaHI1q5714CSibk99JfYxm0CzTinYWr+Q=", - "owner": "cachix", - "repo": "devenv", - "rev": "2ee4450b0f4b95a1b90f2eb5ffea98b90e48c196", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "python-rewrite", - "repo": "devenv", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -171,11 +136,11 @@ ] }, "locked": { - "lastModified": 1715822638, - "narHash": "sha256-Z4ZoyK8jYRmBZwMaEZLEmAilrfdpekwwwohliqC14/E=", + "lastModified": 1727977578, + "narHash": "sha256-DBORKcmQ7ZjA4qE1MsnF1MmZSokOGrw4W9vTCioOv2U=", "owner": "nix-community", "repo": "disko", - "rev": "476eef8d85aa09389ae7baf6e6b60357f6a01432", + "rev": "574400001b3ffe555c7a21e0ff846230759be2ed", "type": "github" }, "original": { @@ -186,14 +151,14 @@ }, "disko_2": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1725377834, - "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "lastModified": 1735468753, + "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", "owner": "nix-community", "repo": "disko", - "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", "type": "github" }, "original": { @@ -205,27 +170,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -243,11 +192,34 @@ ] }, "locked": { - "lastModified": 1701473968, - "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "cachix-flake", + "devenv", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "type": "github" }, "original": { @@ -261,29 +233,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -321,11 +275,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1723202784, - "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=", + "lastModified": 1733318908, + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "c7012d0c18567c889b948781bc74a501e92275d1", + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", "type": "github" }, "original": { @@ -364,11 +318,11 @@ ] }, "locked": { - "lastModified": 1715486357, - "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", + "lastModified": 1728041527, + "narHash": "sha256-03liqiJtk9UP7YQHW4r8MduKCK242FQzud8iWvvlK+o=", "owner": "nix-community", "repo": "home-manager", - "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", + "rev": "509dbf8d45606b618e9ec3bbe4e936b7c5bc6c1e", "type": "github" }, "original": { @@ -377,23 +331,39 @@ "type": "github" } }, + "libgit2": { + "flake": false, + "locked": { + "lastModified": 1697646580, + "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", + "owner": "libgit2", + "repo": "libgit2", + "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", + "type": "github" + }, + "original": { + "owner": "libgit2", + "repo": "libgit2", + "type": "github" + } + }, "lix": { "flake": false, "locked": { - "lastModified": 1723503926, - "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", - "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", + "lastModified": 1729298361, + "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", + "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" } }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -401,94 +371,50 @@ ] }, "locked": { - "lastModified": 1723510904, - "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", - "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", + "lastModified": 1732605668, + "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", + "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" } }, "nix": { "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ + "flake-compat": [ "cachix-flake", - "devenv", - "cachix", - "devenv", - "nixpkgs" + "devenv" ], - "nixpkgs-regression": "nixpkgs-regression" - }, - "locked": { - "lastModified": 1712911606, - "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=", - "owner": "domenkozar", - "repo": "nix", - "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12", - "type": "github" - }, - "original": { - "owner": "domenkozar", - "ref": "devenv-2.21", - "repo": "nix", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ + "flake-parts": "flake-parts_2", + "libgit2": "libgit2", + "nixpkgs": "nixpkgs_3", + "nixpkgs-23-11": [ "cachix-flake", - "devenv", - "cachix", - "devenv", - "poetry2nix", - "nixpkgs" + "devenv" + ], + "nixpkgs-regression": [ + "cachix-flake", + "devenv" + ], + "pre-commit-hooks": [ + "cachix-flake", + "devenv" ] }, "locked": { - "lastModified": 1688870561, - "narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "165b1650b753316aa7f1787f3005a8d2da0f5301", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, - "nix_2": { - "inputs": { - "flake-compat": [ - "cachix-flake", - "devenv", - "flake-compat" - ], - "nixpkgs": [ - "cachix-flake", - "devenv", - "nixpkgs" - ], - "nixpkgs-regression": "nixpkgs-regression_2" - }, - "locked": { - "lastModified": 1712911606, - "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=", + "lastModified": 1727438425, + "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=", "owner": "domenkozar", "repo": "nix", - "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12", + "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546", "type": "github" }, "original": { "owner": "domenkozar", - "ref": "devenv-2.21", + "ref": "devenv-2.24", "repo": "nix", "type": "github" } @@ -509,11 +435,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1715150548, - "narHash": "sha256-pb2xIGuzzkPOjUlZnBahpfQWVvtCSOcW8vLL7rQUiEY=", + "lastModified": 1727531568, + "narHash": "sha256-lt8fmizvl6iRDNz7/Yqor1MmU5fcUyv3oajtUsUmthA=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "242444d228636b1f0e89d3681f04a75254c29f66", + "rev": "b6168ba67a8fad0636b5111a906dfbdf3abe2dee", "type": "github" }, "original": { @@ -524,7 +450,7 @@ }, "nixos-images": { "inputs": { - "nixos-2311": [ + "nixos-stable": [ "cachix-deploy-flake", "nixos-anywhere", "nixos-stable" @@ -536,11 +462,11 @@ ] }, "locked": { - "lastModified": 1702375325, - "narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=", + "lastModified": 1727367213, + "narHash": "sha256-7O4pi8MmcJpA0nYUQkdolvKGyu6zNjf2gFYD1Q0xppc=", "owner": "nix-community", "repo": "nixos-images", - "rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339", + "rev": "3e7978bab153f39f3fc329ad346d35a8871420f7", "type": "github" }, "original": { @@ -551,72 +477,11 @@ }, "nixos-stable": { "locked": { - "lastModified": 1702233072, - "narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=", + "lastModified": 1727264057, + "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "781e2a9797ecf0f146e81425c822dca69fe4a348", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1713995372, - "narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=", - "path": "/nix/store/22chir190mpfvp59lgh39q7fp7w77br9-source", - "rev": "dd37924974b9202f8226ed5d74a252a9785aedf8", - "type": "path" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, - "nixpkgs-regression_2": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1720386169, - "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", "type": "github" }, "original": { @@ -626,13 +491,59 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs": { "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "lastModified": 1727998858, + "narHash": "sha256-IeBVJ75Bd7yWz8i3m225x5Q25O1Wk8cBWi8DI7bCgSo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "rev": "73bed75dbd3de6d4fca3f81ce25a0cc7766afff6", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1717432640, + "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", "type": "github" }, "original": { @@ -642,61 +553,45 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1692808169, - "narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9201b5ff357e781bf014d0330d18555695df7ba8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1725194671, - "narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_4": { "locked": { - "lastModified": 1725407940, - "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", - "owner": "nixos", + "lastModified": 1734435836, + "narHash": "sha256-kMBQ5PRiFLagltK0sH+08aiNt3zGERC2297iB6vrvlU=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", + "rev": "4989a246d7a390a859852baddb1013f825435cee", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-24.05", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_5": { "locked": { - "lastModified": 1725448034, - "narHash": "sha256-YWbVeDERbIHAEQCtDtUunHYUNH31ReIdJIP8juXfdpM=", + "lastModified": 1735669367, + "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1734838250, + "narHash": "sha256-Xi8ST/QiyuYXc3ujnMYOBuRUaMh6p16XWH6BKARa7xQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b40840066f93767bb528810ea7dc9caacd8997f", + "rev": "da8a31d09dd004be34b5c54eda83f9a27b357726", "type": "github" }, "original": { @@ -706,39 +601,13 @@ "type": "github" } }, - "poetry2nix": { - "inputs": { - "flake-utils": "flake-utils", - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "cachix-flake", - "devenv", - "cachix", - "devenv", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1692876271, - "narHash": "sha256-IXfZEkI0Mal5y1jr6IRWMqK8GW2/f28xJenZIPQqkY0=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "d5006be9c2c2417dafb2e2e5034d83fabd207ee3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, "root": { "inputs": { "cachix-deploy-flake": "cachix-deploy-flake", "cachix-flake": "cachix-flake", "disko": "disko_2", "lix-module": "lix-module", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "sops-nix": "sops-nix", "srvos": "srvos" } @@ -747,15 +616,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_2" + ] }, "locked": { - "lastModified": 1725540166, - "narHash": "sha256-htc9rsTMSAY5ek+DB3tpntdD/es0eam2hJgO92bWSys=", + "lastModified": 1735468296, + "narHash": "sha256-ZjUjbvS06jf4fElOF4ve8EHjbpbRVHHypStoY8HGzk8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d9d781523a1463965cd1e1333a306e70d9feff07", + "rev": "bcb8b65aa596866eb7e5c3e1a6cccbf5d1560b27", "type": "github" }, "original": { @@ -766,14 +634,14 @@ }, "srvos": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1725708209, - "narHash": "sha256-Dur8ZkiskNeQxjivdp7Jtmz9ZFTi6q0w34+P6WTRyv0=", + "lastModified": 1735379278, + "narHash": "sha256-DpihJuI9SaWOUc1lRrw+e5014Qj+WHn9Xla89jxA6jk=", "owner": "numtide", "repo": "srvos", - "rev": "c15adcd6056c0e218669e62affb3e27654d18181", + "rev": "e3b404890cfb44caec3edc8b84facb8934299428", "type": "github" }, "original": { @@ -797,21 +665,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -821,11 +674,11 @@ ] }, "locked": { - "lastModified": 1702376629, - "narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=", + "lastModified": 1727252110, + "narHash": "sha256-3O7RWiXpvqBcCl84Mvqa8dXudZ1Bol1ubNdSmQt7nF4=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6", + "rev": "1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5ea32ad..3d6de2a 100644 --- a/flake.nix +++ b/flake.nix @@ -2,13 +2,13 @@ description = "Forgejo CI Runners"; inputs = { - # NixOS nixpkgs 24.05 - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + # NixOS nixpkgs 24.11 + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; # Lix - Substitution of the Nix package manager, focused on correctness, usability, and growth – and committed to doing right by its community. # https://git.lix.systems/lix-project/lix lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -35,7 +35,18 @@ }; }; - outputs = { self, sops-nix, nixpkgs, srvos, disko, cachix-flake, cachix-deploy-flake, lix-module, ... }@inputs: + outputs = + { + self, + sops-nix, + nixpkgs, + srvos, + disko, + cachix-flake, + cachix-deploy-flake, + lix-module, + ... + }@inputs: let inherit (nixpkgs) lib; common = system: rec { @@ -50,60 +61,18 @@ cachix-deploy-lib = cachix-deploy-flake.lib pkgs; }; - aarch64-linux-modules = [ - sops-nix.nixosModules.sops - srvos.nixosModules.hardware-hetzner-cloud - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - lix-module.nixosModules.default - ./profiles/role-fj-hetzner.nix - (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-hetzner-aarch64-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - } - ]; + aarch64-linux-modules = [ ]; x86_64-linux-modules = [ - sops-nix.nixosModules.sops - ./profiles/hw-shadowfax.nix - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - lix-module.nixosModules.default - ./profiles/fj-shadowfax-x86_64.nix - (import ./disko-shadowfax.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-shadowfax-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" - ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - } - ]; - - x86_64-linux-modules-lxc-vm = [ "${inputs.nixpkgs}/nixos/modules/virtualisation/lxd-virtual-machine.nix" sops-nix.nixosModules.sops srvos.nixosModules.server lix-module.nixosModules.default ./profiles/role-lxc-vm.nix { - # networking.hostName = "fj-x86_64-vm-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" - ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" + ]; services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "without-password"; } @@ -111,26 +80,13 @@ in { # NixOS configurations for manual deployment - nixosConfigurations = - { - "fj-hetzner-aarch64" = lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = aarch64-linux-modules; - }; - - "fj-x86_64" = lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = x86_64-linux-modules; - }; - - "fj-lxc-vm-x86_64" = lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = x86_64-linux-modules-lxc-vm; - }; + nixosConfigurations = { + "x86_64" = lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = x86_64-linux-modules; }; + }; # Cachix deploy for automated deployments packages.aarch64-linux.default = @@ -138,7 +94,6 @@ inherit (common "aarch64-linux") cachix-deploy-lib; in cachix-deploy-lib.nixos { - # system = "aarch64-linux"; imports = aarch64-linux-modules; }; packages.x86_64-linux.default = @@ -152,50 +107,31 @@ # Constructs a deploy.json output that can be used to deploy the runners # https://docs.cachix.org/deploy/reference#deploy-json - deploy-json = - { - "aarch64-linux" = - let - inherit (common "aarch64-linux") cachix-deploy-lib; - in - cachix-deploy-lib.spec - { - agents = { - "fj-hetzner-aarch64-01" = - let - inherit (common "aarch64-linux") cachix-deploy-lib; - in - cachix-deploy-lib.nixos { - # system = "aarch64-linux"; - imports = aarch64-linux-modules; - }; + deploy-json = { + "x86_64" = + let + inherit (common "x86_64-linux") cachix-deploy-lib; + in + cachix-deploy-lib.spec { + agents = { + "x86_64" = + let + inherit (common "x86_64-linux") cachix-deploy-lib; + in + cachix-deploy-lib.nixos { + imports = x86_64-linux-modules; }; - }; - "x86_64-linux" = - let - inherit (common "x86_64-linux") cachix-deploy-lib; - in - cachix-deploy-lib.spec - { - agents = { - "fj-shadowfax-01" = - let - inherit (common "x86_64-linux") cachix-deploy-lib; - in - cachix-deploy-lib.nixos { - imports = x86_64-linux-modules; - }; - }; - }; - }; + }; + }; + }; # Convenience output that aggregates the outputs for home, nixos. # Also used in ci to build targets generally. top = let - nixtop = nixpkgs.lib.genAttrs - (builtins.attrNames inputs.self.nixosConfigurations) - (attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel); + nixtop = nixpkgs.lib.genAttrs (builtins.attrNames inputs.self.nixosConfigurations) ( + attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel + ); in nixtop; }; diff --git a/profiles/role-lxc-vm.nix b/profiles/role-lxc-vm.nix index 961e307..38be392 100644 --- a/profiles/role-lxc-vm.nix +++ b/profiles/role-lxc-vm.nix @@ -20,10 +20,8 @@ # `incus file push "$TOKEN_FILE" "$INCUS_INSTANCE/var/lib/forgejo/$TOKEN_FILE" --mode 400` tokenFile = "/var/lib/gitea-runner/default/tokenfile"; labels = [ - "x86_64" - "linux" - "pc" "docker-x86_64:docker://node:20-bullseye" + "ubuntu-x86_64:docker://node:20-bullseye" "native-x86_64:host" ]; };