Feat: add probot settings ci & doc comments (#28)
* fix: move to json5 * feat: probot repo settings sync --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
This commit is contained in:
parent
75daf6aa89
commit
ba5bdd01fb
8 changed files with 101 additions and 4 deletions
4
.github/renovate.json5
vendored
4
.github/renovate.json5
vendored
|
@ -4,10 +4,8 @@
|
||||||
"github>truxnell/renovate-config",
|
"github>truxnell/renovate-config",
|
||||||
"github>truxnell/renovate-config:automerge-github-actions",
|
"github>truxnell/renovate-config:automerge-github-actions",
|
||||||
],
|
],
|
||||||
"platform": "github",
|
|
||||||
"username": "trux-bot[bot]",
|
|
||||||
"gitAuthor": "Trux-Bot <19149206+trux-bot[bot]@users.noreply.github.com>",
|
"gitAuthor": "Trux-Bot <19149206+trux-bot[bot]@users.noreply.github.com>",
|
||||||
"repositories": ["truxnell/nix-config"],
|
|
||||||
"ignoreTests": "false",
|
"ignoreTests": "false",
|
||||||
|
|
||||||
// TODO remove once out of beta?
|
// TODO remove once out of beta?
|
||||||
|
|
75
.github/settings.yaml
vendored
Normal file
75
.github/settings.yaml
vendored
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
# These settings are synced to GitHub by https://probot.github.io/apps/settings/
|
||||||
|
|
||||||
|
repository:
|
||||||
|
# See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings.
|
||||||
|
|
||||||
|
# The name of the repository. Changing this will rename the repository
|
||||||
|
name: nix-config
|
||||||
|
|
||||||
|
# A short description of the repository that will show up on GitHub
|
||||||
|
description: My nix & nixos home setup
|
||||||
|
|
||||||
|
# A URL with more information about the repository
|
||||||
|
# homepage: https://example.github.io/
|
||||||
|
|
||||||
|
# A comma-separated list of topics to set on the repository
|
||||||
|
topics: nix, nixos
|
||||||
|
|
||||||
|
# Either `true` to make the repository private, or `false` to make it public.
|
||||||
|
private: false
|
||||||
|
|
||||||
|
# Either `true` to enable issues for this repository, `false` to disable them.
|
||||||
|
has_issues: true
|
||||||
|
|
||||||
|
# Either `true` to enable projects for this repository, or `false` to disable them.
|
||||||
|
# If projects are disabled for the organization, passing `true` will cause an API error.
|
||||||
|
has_projects: false
|
||||||
|
|
||||||
|
# Either `true` to enable the wiki for this repository, `false` to disable it.
|
||||||
|
has_wiki: false
|
||||||
|
|
||||||
|
# Either `true` to enable downloads for this repository, `false` to disable them.
|
||||||
|
has_downloads: false
|
||||||
|
|
||||||
|
# Updates the default branch for this repository.
|
||||||
|
default_branch: main
|
||||||
|
|
||||||
|
# Either `true` to allow squash-merging pull requests, or `false` to prevent
|
||||||
|
# squash-merging.
|
||||||
|
allow_squash_merge: true
|
||||||
|
|
||||||
|
# Either `true` to allow merging pull requests with a merge commit, or `false`
|
||||||
|
# to prevent merging pull requests with merge commits.
|
||||||
|
allow_merge_commit: false
|
||||||
|
|
||||||
|
# Either `true` to allow rebase-merging pull requests, or `false` to prevent
|
||||||
|
# rebase-merging.
|
||||||
|
allow_rebase_merge: true
|
||||||
|
|
||||||
|
# Either `true` to enable automatic deletion of branches on merge, or `false` to disable
|
||||||
|
delete_branch_on_merge: true
|
||||||
|
|
||||||
|
# Either `true` to enable automated security fixes, or `false` to disable
|
||||||
|
# automated security fixes.
|
||||||
|
enable_automated_security_fixes: false
|
||||||
|
|
||||||
|
# Either `true` to enable vulnerability alerts, or `false` to disable
|
||||||
|
# vulnerability alerts.
|
||||||
|
enable_vulnerability_alerts: true
|
||||||
|
|
||||||
|
# Labels: define labels for Issues and Pull Requests
|
||||||
|
# labels:
|
||||||
|
# - name: bug
|
||||||
|
# color: CC0000
|
||||||
|
# description: An issue with the system 🐛.
|
||||||
|
|
||||||
|
# - name: feature
|
||||||
|
# # If including a `#`, make sure to wrap it with quotes!
|
||||||
|
# color: '#336699'
|
||||||
|
# description: New functionality.
|
||||||
|
|
||||||
|
# - name: Help Wanted
|
||||||
|
# # Provide a new name to rename an existing label
|
||||||
|
# new_name: first-timers-only
|
||||||
|
|
||||||
|
# TODO branch protection once nailed down.
|
2
.github/workflows/nix-lint.yaml
vendored
2
.github/workflows/nix-lint.yaml
vendored
|
@ -1,4 +1,4 @@
|
||||||
name: Nix Flake Check
|
name: Nix Lint
|
||||||
|
|
||||||
on: [pull_request]
|
on: [pull_request]
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,13 @@
|
||||||
---
|
---
|
||||||
|
# config files for sops & used for encrypting keys that sops-nix decrypts.
|
||||||
|
# each machine key is derieved from its generated `ssh_hosts_ed` file
|
||||||
|
# via ssh-to-age
|
||||||
|
# sops encrypts the secrets ready to decrypt with the private key of any of the below machines
|
||||||
|
# OR my 'main' key thats kept outside this repo securely.
|
||||||
|
|
||||||
|
# key-per-machine is a little more secure and a little more work than
|
||||||
|
# copying one key to each machine
|
||||||
|
|
||||||
keys:
|
keys:
|
||||||
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
||||||
- &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
- &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
||||||
|
|
|
@ -53,6 +53,15 @@ TBC
|
||||||
|
|
||||||
TBC
|
TBC
|
||||||
|
|
||||||
|
## Checklist
|
||||||
|
|
||||||
|
### Adding new node
|
||||||
|
|
||||||
|
- Add to #top in flake
|
||||||
|
- Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
|
||||||
|
- Add to relevant github action workflows
|
||||||
|
- Add to settings.yaml for PR checks
|
||||||
|
|
||||||
## Applying configuration changes on a local machine can be done as follows:
|
## Applying configuration changes on a local machine can be done as follows:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# go-task runner file - rest of config in .taskfiles/**.*.yaml
|
||||||
version: "3"
|
version: "3"
|
||||||
|
|
||||||
includes:
|
includes:
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
---
|
||||||
|
# Config for garnix.io builds & caching
|
||||||
builds:
|
builds:
|
||||||
include:
|
include:
|
||||||
- homeConfigurations.*
|
- homeConfigurations.*
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
## STILL WIP
|
||||||
|
## Wanted to avoid bringing in complexity of disko
|
||||||
|
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
|
|
Reference in a new issue