From 5d6c301a3925cc33ac11298ef7ea18c4bc548faa Mon Sep 17 00:00:00 2001 From: arcnmx Date: Fri, 10 Mar 2023 11:07:01 -0800 Subject: [PATCH] tewi deployment --- .envrc | 1 + .github/workflows/nodes.yml | 372 -------------------- .gitmodules | 8 +- ci/flake-cron.nix | 6 +- ci/nodes.nix | 5 +- devShell.nix | 29 +- flake.lock | 1 - flake.nix | 5 +- inputs.nix | 7 +- nixos/deploy.sh | 52 +++ tf | 1 - tree.nix | 13 +- trusted/flake.lock | 659 +----------------------------------- trusted/flake.nix | 8 +- trusted/trusted | 1 + 15 files changed, 84 insertions(+), 1084 deletions(-) create mode 100755 nixos/deploy.sh delete mode 160000 tf create mode 160000 trusted/trusted diff --git a/.envrc b/.envrc index 7570e240..221c1b07 100644 --- a/.envrc +++ b/.envrc @@ -1,5 +1,6 @@ if [[ $(id -un) = kat ]]; then export TRUSTED=1 + git pull fi export HOME_HOSTNAME=$(hostname -s) diff --git a/.github/workflows/nodes.yml b/.github/workflows/nodes.yml index 0d63f2fb..6a257483 100644 --- a/.github/workflows/nodes.yml +++ b/.github/workflows/nodes.yml @@ -28,316 +28,6 @@ jobs: args: -u .github/workflows/nodes.yml .ci/workflow.yml attrs: nixpkgs.diffutils command: diff - daiyousei: - name: nodes-daiyousei - runs-on: ubuntu-latest - steps: - - id: checkout - name: git clone - uses: actions/checkout@v1 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 - - id: ci-setup - name: nix setup - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.daiyousei.run.bootstrap - quiet: false - - id: architectures - name: prepare for emulated builds - run: 'sudo $(which archbinfmt) - - ' - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.daiyousei.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.daiyousei.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.daiyousei.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - - env: - CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.daiyousei.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache - koishi: - name: nodes-koishi - runs-on: ubuntu-latest - steps: - - id: checkout - name: git clone - uses: actions/checkout@v1 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 - - id: ci-setup - name: nix setup - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.koishi.run.bootstrap - quiet: false - - id: architectures - name: prepare for emulated builds - run: 'sudo $(which archbinfmt) - - ' - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.koishi.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.koishi.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.koishi.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - - env: - CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.koishi.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache - marisa: - name: nodes-marisa - runs-on: ubuntu-latest - steps: - - id: checkout - name: git clone - uses: actions/checkout@v1 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 - - id: ci-setup - name: nix setup - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.marisa.run.bootstrap - quiet: false - - id: architectures - name: prepare for emulated builds - run: 'sudo $(which archbinfmt) - - ' - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.marisa.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.marisa.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.marisa.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - - env: - CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.marisa.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache - renko: - name: nodes-renko - runs-on: ubuntu-latest - steps: - - id: checkout - name: git clone - uses: actions/checkout@v1 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 - - id: ci-setup - name: nix setup - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.renko.run.bootstrap - quiet: false - - id: architectures - name: prepare for emulated builds - run: 'sudo $(which archbinfmt) - - ' - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.renko.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.renko.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.renko.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - - env: - CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.renko.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache - rinnosuke: - name: nodes-rinnosuke - runs-on: ubuntu-latest - steps: - - id: checkout - name: git clone - uses: actions/checkout@v1 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 - - id: ci-setup - name: nix setup - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.rinnosuke.run.bootstrap - quiet: false - - id: architectures - name: prepare for emulated builds - run: 'sudo $(which archbinfmt) - - ' - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.rinnosuke.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.rinnosuke.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.rinnosuke.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - - env: - CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.rinnosuke.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache tewi: name: nodes-tewi runs-on: ubuntu-latest @@ -400,68 +90,6 @@ jobs: command: ci-build-cache quiet: false stdin: ${{ runner.temp }}/ci.build.cache - yukari: - name: nodes-yukari - runs-on: ubuntu-latest - steps: - - id: checkout - name: git clone - uses: actions/checkout@v1 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 - - id: ci-setup - name: nix setup - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.yukari.run.bootstrap - quiet: false - - id: architectures - name: prepare for emulated builds - run: 'sudo $(which archbinfmt) - - ' - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.yukari.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.yukari.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.yukari.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - - env: - CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@nix2.4 - with: - attrs: ci.job.yukari.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache name: nodes 'on': - push diff --git a/.gitmodules b/.gitmodules index 0ab56003..263318f3 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +1,4 @@ -[submodule "tf"] - path = tf - branch = main - url = "gcrypt::ssh://git@github.com:kittywitch/nixfiles-tf.git#main" +[submodule "trusted/trusted"] + path = trusted/trusted + branch = shim + url = gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git diff --git a/ci/flake-cron.nix b/ci/flake-cron.nix index 255f61a7..bc0b53f4 100644 --- a/ci/flake-cron.nix +++ b/ci/flake-cron.nix @@ -93,11 +93,7 @@ with lib; { command = let main = (import ../.); - nodes = main.network.nodes.nixos; - targets = main.deploy.targets; - enabledTargets = filterAttrs (_: v: v.enable) main.deploy.targets; - enabledHosts = concatLists (mapAttrsToList (targetName: target: target.nodeNames) enabledTargets); - filteredHosts = subtractLists [ "daiyousei" "shinmyoumaru" "medicine" ] enabledHosts; + filteredHosts = [ "tewi" ]; nodeBuildString = concatMapStringsSep " && " (node: "nix build -Lf . network.nodes.nixos.${node}.deploy.system -o result-${node} && nix-collect-garbage -d") filteredHosts; in '' diff --git a/ci/nodes.nix b/ci/nodes.nix index 0a0ab5bf..df59ce59 100644 --- a/ci/nodes.nix +++ b/ci/nodes.nix @@ -54,10 +54,7 @@ jobs = let main = (import ../.); - hosts = main.network.nodes.nixos; - targets = main.deploy.targets; - enabledTargets = filterAttrs (k: v: v.enable && k != "medicine") main.deploy.targets; - enabledHosts = concatLists (mapAttrsToList (targetName: target: target.nodeNames) enabledTargets); + enabledHosts = [ "tewi" ]; in mapAttrs' (k: nameValuePair "${k}") (genAttrs enabledHosts (host: { tasks.${host}.inputs = channels.nixfiles.network.nodes.nixos.${host}.deploy.system; diff --git a/devShell.nix b/devShell.nix index d6991b2e..9f3ec567 100644 --- a/devShell.nix +++ b/devShell.nix @@ -21,12 +21,7 @@ let export START_DIR="$PWD" cd "${toString ./.}" export NF_CONFIG_ROOT=${toString ./.}/ci - NF_CONFIG_FILES=($NF_CONFIG_ROOT/{nodes,flake-cron}.nix) - for f in "''${NF_CONFIG_FILES[@]}"; do - echo $f - nix run --argstr config "$f" -f '${inputs.ci}' test - done - cd $START_DIR + nix run --argstr config "$NF_CONFIG_ROOT/nodes.nix" -f '${inputs.ci}' job.tewi.test ''; nf-update = pkgs.writeShellScriptBin "nf-update" '' nix flake update @@ -34,36 +29,26 @@ let nix flake lock ./trusted --update-input trusted fi ''; - sumireko-apply = pkgs.writeShellScriptBin "sumireko-apply" '' - darwin-rebuild switch --flake ${toString ./.}#sumireko + nf-deploy = pkgs.writeShellScriptBin "nf-deploy" '' + export NF_CONFIG_ROOT=${toString ./.} + exec /usr/bin/env bash ${./nixos/deploy.sh} "$@" ''; in pkgs.mkShell { nativeBuildInputs = with pkgs; [ inetutils + sops nf-actions nf-actions-test nf-update - sumireko-apply - ] ++ config.runners.lazy.nativeBuildInputs - ++ lib.optional (builtins.getEnv "TRUSTED" != "") (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.secrets.repo.bitw.source} "$@"'') - ++ (map - (node: writeShellScriptBin "${node.networking.hostName}-sd-img" '' - nix build -f . network.nodes.${node.networking.hostName}.system.build.sdImage --show-trace - '') - (builtins.filter (node: node.system.build ? sdImage) (attrValues meta.network.nodes.nixos))) - ++ (map - (node: writeShellScriptBin "${node.networking.hostName}-iso-img" '' - nix build -f . network.nodes.${node.networking.hostName}.system.build.isoImage --show-trace - '') - (builtins.filter (node: node.system.build ? isoImage) (attrValues meta.network.nodes.nixos))); + nf-deploy + ]; shellHook = '' export NIX_BIN_DIR=${pkgs.nix}/bin export HOME_UID=$(id -u) export HOME_USER=$(id -un) export CI_PLATFORM="impure" export NIX_PATH="$NIX_PATH:home=${toString ./.}" - git pull ''; } diff --git a/flake.lock b/flake.lock index 8d1eb713..f67e9218 100644 --- a/flake.lock +++ b/flake.lock @@ -620,7 +620,6 @@ } }, "trusted": { - "flake": false, "locked": { "lastModified": 1630400035, "narHash": "sha256-MWaVOCzuFwp09wZIW9iHq5wWen5C69I940N1swZLEQ0=", diff --git a/flake.nix b/flake.nix index 138a492a..3cd84d1b 100644 --- a/flake.nix +++ b/flake.nix @@ -29,7 +29,6 @@ }; trusted = { url = "github:input-output-hk/empty-flake"; - flake = false; }; flake-compat = { url = "github:edolstra/flake-compat"; @@ -58,7 +57,9 @@ legacyPackages = import ./meta.nix { inherit system inputs; }; }); in providedSystems // { - nixosConfigurations = self.legacyPackages.x86_64-linux.network.nodes.nixos; + nixosConfigurations = builtins.mapAttrs (_: config: config // { + inherit config; + }) self.legacyPackages.x86_64-linux.network.nodes.nixos; darwinConfigurations = builtins.mapAttrs (_: config: { inherit (config.deploy) pkgs; inherit config; diff --git a/inputs.nix b/inputs.nix index 23e9065b..d5fec697 100644 --- a/inputs.nix +++ b/inputs.nix @@ -1,6 +1,5 @@ let lock = builtins.fromJSON (builtins.readFile ./flake.lock); - lockTrusted = builtins.fromJSON (builtins.readFile ./trusted/flake.lock); flakeCompat = fetchTarball { url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; sha256 = lock.nodes.flake-compat.locked.narHash; @@ -9,8 +8,10 @@ let src = ./.; }; trusted = import flakeCompat { - src = ./trusted; + src = if builtins.pathExists ./trusted/trusted/flake.nix + then ./trusted/trusted + else ./trusted; }; in nixfiles.defaultNix.inputs // (if builtins.getEnv "TRUSTED" != "" then { - inherit (trusted.defaultNix.inputs) trusted; + trusted = trusted.defaultNix; } else {}) diff --git a/nixos/deploy.sh b/nixos/deploy.sh new file mode 100755 index 00000000..09f90256 --- /dev/null +++ b/nixos/deploy.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash +set -eu + +NF_CONFIG_ROOT=${NF_CONFIG_ROOT-.} + +TRUSTED_ARGS=( + --override-input trusted $NF_CONFIG_ROOT/trusted + --no-update-lock-file + --no-write-lock-file + --quiet +) +if [[ -e trusted/trusted/flake.nix ]]; then + TRUSTED_ARGS+=( + --override-input trusted/trusted $NF_CONFIG_ROOT/trusted/trusted + ) +fi + +NIXOS_HOST=tewi +NIXOS_TOPLEVEL=network.nodes.nixos.$NIXOS_HOST.system.build.toplevel + +if [[ $1 = build ]]; then + exec nix build --no-link --print-out-paths $NF_CONFIG_ROOT#$NIXOS_TOPLEVEL "${TRUSTED_ARGS[@]}" +elif [[ $1 = switch ]] || [[ $1 = test ]] || [[ $1 = dry-* ]]; then + METHOD=$1 + shift + exec nixos-rebuild $METHOD \ + --flake $NF_CONFIG_ROOT#$NIXOS_HOST "${TRUSTED_ARGS[@]}" \ + --no-build-nix \ + --target-host $NIXOS_HOST --use-remote-sudo \ + "$@" +elif [[ $1 = check ]]; then + DEFAULT=$(nix eval --raw -f $NF_CONFIG_ROOT $NIXOS_TOPLEVEL) + FLAKE=$(nix eval --raw $NF_CONFIG_ROOT#$NIXOS_TOPLEVEL) + if [[ $DEFAULT != $FLAKE ]]; then + echo default.nix: $DEFAULT + echo flake.nix: $FLAKE + exit 1 + fi + echo untrusted ok: $FLAKE + + TRUSTED=$(TRUSTED=1 nix eval --raw -f $NF_CONFIG_ROOT $NIXOS_TOPLEVEL) + TRUSTED_FLAKE=$(nix eval --raw $NF_CONFIG_ROOT#$NIXOS_TOPLEVEL "${TRUSTED_ARGS[@]}") + if [[ $TRUSTED != $TRUSTED_FLAKE ]]; then + echo TRUSTED=1 default.nix: $TRUSTED + echo trusted/flake.nix: $TRUSTED_FLAKE + exit 1 + fi + echo trusted ok: $TRUSTED_FLAKE +else + echo unknown cmd $1 >&2 + exit 1 +fi diff --git a/tf b/tf deleted file mode 160000 index b3346400..00000000 --- a/tf +++ /dev/null @@ -1 +0,0 @@ -Subproject commit b3346400d4e945c4cc9b0e8d149abb37b7f15af5 diff --git a/tree.nix b/tree.nix index 2dd5f43b..caa96c32 100644 --- a/tree.nix +++ b/tree.nix @@ -81,19 +81,16 @@ "home/*".functor.enable = true; }; }; - trustedTree = mkTree { + trustedTree = lib.optionalAttrs (inputs.trusted ? lib.treeSetup) (mkTree { inherit inputs; - folder = inputs.trusted; - config = { - "secrets".evaluateDefault = true; - }; - }; + inherit (inputs.trusted.lib.treeSetup) folder config; + }); tree = localTree // { pure = localTree.pure // { - trusted = trustedTree.pure; + trusted = trustedTree.pure or { }; }; impure = localTree.impure // { - trusted = trustedTree.impure; + trusted = trustedTree.impure or { }; }; }; in tree diff --git a/trusted/flake.lock b/trusted/flake.lock index 878753b0..c4942eec 100644 --- a/trusted/flake.lock +++ b/trusted/flake.lock @@ -1,621 +1,17 @@ { "nodes": { - "arcexprs": { - "flake": false, - "locked": { - "lastModified": 1667597026, - "narHash": "sha256-XHtUQKU+w+m2/DPVlB8fmUKtSIarv/n0wOGwho/ZuCo=", - "owner": "arcnmx", - "repo": "nixexprs", - "rev": "a00aaa69de023da7f1429a2bd3081b1f5400118b", - "type": "github" - }, - "original": { - "owner": "arcnmx", - "ref": "master", - "repo": "nixexprs", - "type": "github" - } - }, - "ci": { - "flake": false, - "locked": { - "lastModified": 1667599669, - "narHash": "sha256-0/PsJ5UoJ4Xa74vu25xoUO07JxHfK6pLhnjEglsWvFA=", - "owner": "arcnmx", - "repo": "ci", - "rev": "bfb73a0a2f7daeca40f8ee73506b1c5b5b5d53dc", - "type": "github" - }, - "original": { - "owner": "arcnmx", - "ref": "nix2.4", - "repo": "ci", - "type": "github" - } - }, - "darwin": { - "inputs": { - "nixpkgs": [ - "nixfiles", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1667419884, - "narHash": "sha256-oLNw87ZI5NxTMlNQBv1wG2N27CUzo9admaFlnmavpiY=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "cfc0125eafadc9569d3d6a16ee928375b77e3100", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, - "doom-emacs": { - "flake": false, - "locked": { - "lastModified": 1662497747, - "narHash": "sha256-4n7E1fqda7cn5/F2jTkOnKw1juG6XMS/FI9gqODL3aU=", - "owner": "doomemacs", - "repo": "doomemacs", - "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", - "type": "github" - }, - "original": { - "owner": "doomemacs", - "repo": "doomemacs", - "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", - "type": "github" - } - }, - "doom-snippets": { - "flake": false, - "locked": { - "lastModified": 1662645711, - "narHash": "sha256-XKpPCtECGZQ5bFPPDUX3oAltXOJNwAI/OktxiLnADRE=", - "owner": "doomemacs", - "repo": "snippets", - "rev": "03a62fe7edf7e87fdbd925713fbd3bf292d14b00", - "type": "github" - }, - "original": { - "owner": "doomemacs", - "repo": "snippets", - "type": "github" - } - }, - "emacs-overlay": { - "flake": false, - "locked": { - "lastModified": 1667507825, - "narHash": "sha256-Tss8NXLO5HIqcY+v+lMy/tcdBKNwKxW5Lb4PkuS5rmY=", - "owner": "nix-community", - "repo": "emacs-overlay", - "rev": "ccefa5f7ddbb036656d8617ed2862fe057d60fb4", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "emacs-overlay", - "type": "github" - } - }, - "emacs-so-long": { - "flake": false, - "locked": { - "lastModified": 1575031854, - "narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=", - "owner": "hlissner", - "repo": "emacs-so-long", - "rev": "ed666b0716f60e8988c455804de24b55919e71ca", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "emacs-so-long", - "type": "github" - } - }, - "evil-escape": { - "flake": false, - "locked": { - "lastModified": 1588439096, - "narHash": "sha256-aB2Ge5o/93B18tPf4fN1c+O46CNh/nOqwLJbox4c8Gw=", - "owner": "hlissner", - "repo": "evil-escape", - "rev": "819f1ee1cf3f69a1ae920e6004f2c0baeebbe077", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "evil-escape", - "type": "github" - } - }, - "evil-markdown": { - "flake": false, - "locked": { - "lastModified": 1626852210, - "narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=", - "owner": "Somelauw", - "repo": "evil-markdown", - "rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477", - "type": "github" - }, - "original": { - "owner": "Somelauw", - "repo": "evil-markdown", - "type": "github" - } - }, - "evil-org-mode": { - "flake": false, - "locked": { - "lastModified": 1607203864, - "narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=", - "owner": "hlissner", - "repo": "evil-org-mode", - "rev": "a9706da260c45b98601bcd72b1d2c0a24a017700", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "evil-org-mode", - "type": "github" - } - }, - "evil-quick-diff": { - "flake": false, - "locked": { - "lastModified": 1575189609, - "narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=", - "owner": "rgrinberg", - "repo": "evil-quick-diff", - "rev": "69c883720b30a892c63bc89f49d4f0e8b8028908", - "type": "github" - }, - "original": { - "owner": "rgrinberg", - "repo": "evil-quick-diff", - "type": "github" - } - }, - "explain-pause-mode": { - "flake": false, - "locked": { - "lastModified": 1595842060, - "narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=", - "owner": "lastquestion", - "repo": "explain-pause-mode", - "rev": "2356c8c3639cbeeb9751744dbe737267849b4b51", - "type": "github" - }, - "original": { - "owner": "lastquestion", - "repo": "explain-pause-mode", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "format-all": { - "flake": false, - "locked": { - "lastModified": 1581716637, - "narHash": "sha256-ul7LCe60W8TIvUmUtZtZRo8489TK9iTPDsLHmzxY57M=", - "owner": "lassik", - "repo": "emacs-format-all-the-code", - "rev": "47d862d40a088ca089c92cd393c6dca4628f87d3", - "type": "github" - }, - "original": { - "owner": "lassik", - "repo": "emacs-format-all-the-code", - "rev": "47d862d40a088ca089c92cd393c6dca4628f87d3", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixfiles", - "nixpkgs" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1671209729, - "narHash": "sha256-zxn1eA/rMi2DOx43V7q87bGaDzvL7CMVY/Ti7lJ92DQ=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "7d55a72d4c1df694e87a41a7e6c9a7b6e9a40ca3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "home-manager", - "type": "github" - } - }, - "nix-dns": { - "inputs": { - "flake-utils": [ - "nixfiles", - "flake-utils" - ], - "nixpkgs": [ - "nixfiles", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1635273082, - "narHash": "sha256-EHiDP2jEa7Ai5ZwIf5uld9RVFcV77+2SUxjQXwJsJa0=", - "owner": "kirelagin", - "repo": "nix-dns", - "rev": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", - "type": "github" - }, - "original": { - "owner": "kirelagin", - "ref": "master", - "repo": "nix-dns", - "type": "github" - } - }, - "nix-doom-emacs": { - "inputs": { - "doom-emacs": "doom-emacs", - "doom-snippets": "doom-snippets", - "emacs-overlay": "emacs-overlay", - "emacs-so-long": "emacs-so-long", - "evil-escape": "evil-escape", - "evil-markdown": "evil-markdown", - "evil-org-mode": "evil-org-mode", - "evil-quick-diff": "evil-quick-diff", - "explain-pause-mode": "explain-pause-mode", - "flake-compat": "flake-compat_2", - "flake-utils": [ - "nixfiles", - "flake-utils" - ], - "format-all": "format-all", - "nix-straight": "nix-straight", - "nixpkgs": [ - "nixfiles", - "nixpkgs" - ], - "nose": "nose", - "ob-racket": "ob-racket", - "org": "org", - "org-contrib": "org-contrib", - "org-yt": "org-yt", - "php-extras": "php-extras", - "revealjs": "revealjs", - "rotate-text": "rotate-text", - "sln-mode": "sln-mode", - "ts-fold": "ts-fold", - "ws-butler": "ws-butler" - }, - "locked": { - "lastModified": 1667731647, - "narHash": "sha256-E/Y5yxX8u0RlLt07PJoQ+QAYMbbL19WayLU/SJDtnMw=", - "owner": "nix-community", - "repo": "nix-doom-emacs", - "rev": "c38ccd08345f58001cac2c2578e71d3f29b59bc0", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-doom-emacs", - "type": "github" - } - }, - "nix-straight": { - "flake": false, - "locked": { - "lastModified": 1666982610, - "narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=", - "owner": "nix-community", - "repo": "nix-straight.el", - "rev": "ad10364d64f472c904115fd38d194efe1c3f1226", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-straight.el", - "type": "github" - } - }, - "nixfiles": { - "inputs": { - "arcexprs": "arcexprs", - "ci": "ci", - "darwin": "darwin", - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "home-manager": "home-manager", - "nix-dns": "nix-dns", - "nix-doom-emacs": "nix-doom-emacs", - "nixpkgs": "nixpkgs", - "nur": "nur", - "tf-nix": "tf-nix", - "trusted": [ - "trusted" - ] - }, - "locked": { - "lastModified": 1671305287, - "narHash": "sha256-yqI3cPWZcAFcgyzjm3VR04msHfXHOPNO8DKqo3ydLK8=", - "owner": "kittywitch", - "repo": "nixfiles", - "rev": "e4bd7ee5e6643b898af632f6ae36065bd8c100bf", - "type": "github" - }, - "original": { - "owner": "kittywitch", - "repo": "nixfiles", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1667629849, - "narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "3bacde6273b09a21a8ccfba15586fb165078fb62", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nose": { - "flake": false, - "locked": { - "lastModified": 1400604510, - "narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=", - "owner": "emacsattic", - "repo": "nose", - "rev": "f8528297519eba911696c4e68fa88892de9a7b72", - "type": "github" - }, - "original": { - "owner": "emacsattic", - "repo": "nose", - "type": "github" - } - }, - "nur": { - "locked": { - "lastModified": 1667742561, - "narHash": "sha256-lhNo7sk3eqq9SOABZYBECXlP552B1wgsLEGSQkWMM1M=", - "owner": "nix-community", - "repo": "nur", - "rev": "8aab177dc76d9b2cffe23720567ad81aaae13052", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "nur", - "type": "github" - } - }, - "ob-racket": { - "flake": false, - "locked": { - "lastModified": 1584656173, - "narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=", - "owner": "xchrishawk", - "repo": "ob-racket", - "rev": "83457ec9e1e96a29fd2086ed19432b9d75787673", - "type": "github" - }, - "original": { - "owner": "xchrishawk", - "repo": "ob-racket", - "type": "github" - } - }, - "org": { - "flake": false, - "locked": { - "lastModified": 1666586252, - "narHash": "sha256-cwYEMnsv8kreTPKslM2yz59I4zm331w4WU4OHGzcslc=", - "owner": "emacs-straight", - "repo": "org-mode", - "rev": "48b237d9e21a4edf528d4bd1ed99d1f3757e4931", - "type": "github" - }, - "original": { - "owner": "emacs-straight", - "repo": "org-mode", - "type": "github" - } - }, - "org-contrib": { - "flake": false, - "locked": { - "lastModified": 1664301003, - "narHash": "sha256-8CAq/EB52RMQHNLZM0uc/1N5gKTfxGhf7WFt9sMKoD8=", - "owner": "emacsmirror", - "repo": "org-contrib", - "rev": "aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f", - "type": "github" - }, - "original": { - "owner": "emacsmirror", - "repo": "org-contrib", - "type": "github" - } - }, - "org-yt": { - "flake": false, - "locked": { - "lastModified": 1527381913, - "narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=", - "owner": "TobiasZawada", - "repo": "org-yt", - "rev": "40cc1ac76d741055cbefa13860d9f070a7ade001", - "type": "github" - }, - "original": { - "owner": "TobiasZawada", - "repo": "org-yt", - "type": "github" - } - }, - "php-extras": { - "flake": false, - "locked": { - "lastModified": 1573312690, - "narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=", - "owner": "arnested", - "repo": "php-extras", - "rev": "d410c5af663c30c01d461ac476d1cbfbacb49367", - "type": "github" - }, - "original": { - "owner": "arnested", - "repo": "php-extras", - "type": "github" - } - }, - "revealjs": { - "flake": false, - "locked": { - "lastModified": 1665992801, - "narHash": "sha256-bqNgaBT6WPfumhdG1VPZ6ngn0QA9RDuVtVJtVwxbOd4=", - "owner": "hakimel", - "repo": "reveal.js", - "rev": "f6f657b627f9703e32414d8d3f16fb49d41031cb", - "type": "github" - }, - "original": { - "owner": "hakimel", - "repo": "reveal.js", - "type": "github" - } - }, "root": { "inputs": { - "nixfiles": "nixfiles", "trusted": "trusted" } }, - "rotate-text": { - "flake": false, - "locked": { - "lastModified": 1322962747, - "narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=", - "owner": "debug-ito", - "repo": "rotate-text.el", - "rev": "48f193697db996855aee1ad2bc99b38c6646fe76", - "type": "github" - }, - "original": { - "owner": "debug-ito", - "repo": "rotate-text.el", - "type": "github" - } - }, - "sln-mode": { - "flake": false, - "locked": { - "lastModified": 1423727528, - "narHash": "sha256-XqkqPyEJuTtFslOz1fpTf/Klbd/zA7IGpzpmum/MGao=", - "owner": "sensorflo", - "repo": "sln-mode", - "rev": "0f91d1b957c7d2a7bab9278ec57b54d57f1dbd9c", - "type": "github" - }, - "original": { - "owner": "sensorflo", - "repo": "sln-mode", - "type": "github" - } - }, - "tf-nix": { - "flake": false, - "locked": { - "lastModified": 1670125422, - "narHash": "sha256-7QuCX4vGl58k3jzGkeHEI4aeSbcOKueb4U5RyZHulM8=", - "owner": "arcnmx", - "repo": "tf-nix", - "rev": "210f7e9c46bf8fa8f0b621f6e24adaea5a55e827", - "type": "github" - }, - "original": { - "owner": "arcnmx", - "ref": "master", - "repo": "tf-nix", - "type": "github" - } - }, "trusted": { - "flake": false, "locked": { - "lastModified": 1671330960, - "narHash": "sha256-r8yqTEoOhZmTNlpThApRrZOAwc7+xrBBIXEk6nyx1pc=", + "lastModified": 1678478350, + "narHash": "sha256-OxAth0uppnijCgsgq0B3VgYwFfZ7RrrDsRmulQhvPsM=", "ref": "shim", - "rev": "7848692e19091222d1fcafa51ffd48ceeb037ab6", - "revCount": 1, + "rev": "d53a6c00dd57535dd9824493cbc6a64bc9902768", + "revCount": 2, "type": "git", "url": "gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git" }, @@ -624,53 +20,6 @@ "type": "git", "url": "gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git" } - }, - "ts-fold": { - "flake": false, - "locked": { - "lastModified": 1663136308, - "narHash": "sha256-FI25RLoHqhcjA2qel75LVmQH4rTkKiAUR2w9QODT1XM=", - "owner": "jcs-elpa", - "repo": "ts-fold", - "rev": "c3da5520b988720f7f6e9e5e11b60746598112e0", - "type": "github" - }, - "original": { - "owner": "jcs-elpa", - "repo": "ts-fold", - "type": "github" - } - }, - "utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "ws-butler": { - "flake": false, - "locked": { - "lastModified": 1634511126, - "narHash": "sha256-c0y0ZPtxxICPk+eaNbbQf6t+FRCliNY54CCz9QHQ8ZI=", - "owner": "hlissner", - "repo": "ws-butler", - "rev": "572a10c11b6cb88293de48acbb59a059d36f9ba5", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "ws-butler", - "type": "github" - } } }, "root": "root", diff --git a/trusted/flake.nix b/trusted/flake.nix index ae525e0b..61d86a0b 100644 --- a/trusted/flake.nix +++ b/trusted/flake.nix @@ -4,13 +4,7 @@ type = "git"; url = "gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git"; ref = "shim"; - flake = false; - }; - nixfiles = { - url = "github:kittywitch/nixfiles"; - inputs.trusted.follows = "trusted"; }; }; - outputs = { self, trusted, nixfiles, ... }: let - in nixfiles; + outputs = { self, trusted, ... }: trusted; } diff --git a/trusted/trusted b/trusted/trusted new file mode 160000 index 00000000..d53a6c00 --- /dev/null +++ b/trusted/trusted @@ -0,0 +1 @@ +Subproject commit d53a6c00dd57535dd9824493cbc6a64bc9902768