gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

tewi deployment

Browse source
This commit is contained in:
arcnmx 2023-03-10 11:07:01 -08:00
parent 827d638f3a
commit 5d6c301a39
15 changed files with 84 additions and 1084 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1,5 +1,6 @@
if [[ $(id -un) = kat ]]; then if [[ $(id -un) = kat ]]; then
export TRUSTED=1 export TRUSTED=1
git pull
fi fi
export HOME_HOSTNAME=$(hostname -s) export HOME_HOSTNAME=$(hostname -s)

372
.github/workflows/nodes.yml vendored
View file

@ -28,316 +28,6 @@ jobs:
args: -u .github/workflows/nodes.yml .ci/workflow.yml args: -u .github/workflows/nodes.yml .ci/workflow.yml
attrs: nixpkgs.diffutils attrs: nixpkgs.diffutils
command: diff command: diff
daiyousei:
name: nodes-daiyousei
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v1
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@nix2.4
- id: ci-setup
name: nix setup
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.daiyousei.run.bootstrap
quiet: false
- id: architectures
name: prepare for emulated builds
run: 'sudo $(which archbinfmt)
'
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.daiyousei.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.daiyousei.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.daiyousei.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.daiyousei.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
koishi:
name: nodes-koishi
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v1
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@nix2.4
- id: ci-setup
name: nix setup
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.koishi.run.bootstrap
quiet: false
- id: architectures
name: prepare for emulated builds
run: 'sudo $(which archbinfmt)
'
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.koishi.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.koishi.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.koishi.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.koishi.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
marisa:
name: nodes-marisa
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v1
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@nix2.4
- id: ci-setup
name: nix setup
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.marisa.run.bootstrap
quiet: false
- id: architectures
name: prepare for emulated builds
run: 'sudo $(which archbinfmt)
'
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.marisa.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.marisa.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.marisa.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.marisa.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
renko:
name: nodes-renko
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v1
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@nix2.4
- id: ci-setup
name: nix setup
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.renko.run.bootstrap
quiet: false
- id: architectures
name: prepare for emulated builds
run: 'sudo $(which archbinfmt)
'
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.renko.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.renko.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.renko.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.renko.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
rinnosuke:
name: nodes-rinnosuke
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v1
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@nix2.4
- id: ci-setup
name: nix setup
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.rinnosuke.run.bootstrap
quiet: false
- id: architectures
name: prepare for emulated builds
run: 'sudo $(which archbinfmt)
'
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.rinnosuke.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.rinnosuke.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.rinnosuke.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.rinnosuke.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
tewi: tewi:
name: nodes-tewi name: nodes-tewi
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -400,68 +90,6 @@ jobs:
command: ci-build-cache command: ci-build-cache
quiet: false quiet: false
stdin: ${{ runner.temp }}/ci.build.cache stdin: ${{ runner.temp }}/ci.build.cache
yukari:
name: nodes-yukari
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v1
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@nix2.4
- id: ci-setup
name: nix setup
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.yukari.run.bootstrap
quiet: false
- id: architectures
name: prepare for emulated builds
run: 'sudo $(which archbinfmt)
'
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.yukari.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.yukari.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.yukari.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@nix2.4
with:
attrs: ci.job.yukari.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
name: nodes name: nodes
'on': 'on':
- push - push

8
.gitmodules vendored
View file

@ -1,4 +1,4 @@
[submodule "tf"] [submodule "trusted/trusted"]
path = tf path = trusted/trusted
branch = main branch = shim
url = "gcrypt::ssh://git@github.com:kittywitch/nixfiles-tf.git#main" url = gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git

6
ci/flake-cron.nix
View file

@ -93,11 +93,7 @@ with lib; {
command = command =
let let
main = (import ../.); main = (import ../.);
nodes = main.network.nodes.nixos; filteredHosts = [ "tewi" ];
targets = main.deploy.targets;
enabledTargets = filterAttrs (_: v: v.enable) main.deploy.targets;
enabledHosts = concatLists (mapAttrsToList (targetName: target: target.nodeNames) enabledTargets);
filteredHosts = subtractLists [ "daiyousei" "shinmyoumaru" "medicine" ] enabledHosts;
nodeBuildString = concatMapStringsSep " && " (node: "nix build -Lf . network.nodes.nixos.${node}.deploy.system -o result-${node} && nix-collect-garbage -d") filteredHosts; nodeBuildString = concatMapStringsSep " && " (node: "nix build -Lf . network.nodes.nixos.${node}.deploy.system -o result-${node} && nix-collect-garbage -d") filteredHosts;
in in
'' ''

5
ci/nodes.nix
View file

@ -54,10 +54,7 @@
jobs = jobs =
let let
main = (import ../.); main = (import ../.);
hosts = main.network.nodes.nixos; enabledHosts = [ "tewi" ];
targets = main.deploy.targets;
enabledTargets = filterAttrs (k: v: v.enable && k != "medicine") main.deploy.targets;
enabledHosts = concatLists (mapAttrsToList (targetName: target: target.nodeNames) enabledTargets);
in in
mapAttrs' (k: nameValuePair "${k}") (genAttrs enabledHosts (host: { mapAttrs' (k: nameValuePair "${k}") (genAttrs enabledHosts (host: {
tasks.${host}.inputs = channels.nixfiles.network.nodes.nixos.${host}.deploy.system; tasks.${host}.inputs = channels.nixfiles.network.nodes.nixos.${host}.deploy.system;

29
devShell.nix
View file

@ -21,12 +21,7 @@ let
export START_DIR="$PWD" export START_DIR="$PWD"
cd "${toString ./.}" cd "${toString ./.}"
export NF_CONFIG_ROOT=${toString ./.}/ci export NF_CONFIG_ROOT=${toString ./.}/ci
NF_CONFIG_FILES=($NF_CONFIG_ROOT/{nodes,flake-cron}.nix) nix run --argstr config "$NF_CONFIG_ROOT/nodes.nix" -f '${inputs.ci}' job.tewi.test
for f in "''${NF_CONFIG_FILES[@]}"; do
echo $f
nix run --argstr config "$f" -f '${inputs.ci}' test
done
cd $START_DIR
''; '';
nf-update = pkgs.writeShellScriptBin "nf-update" '' nf-update = pkgs.writeShellScriptBin "nf-update" ''
nix flake update nix flake update
@ -34,36 +29,26 @@ let
nix flake lock ./trusted --update-input trusted nix flake lock ./trusted --update-input trusted
fi fi
''; '';
sumireko-apply = pkgs.writeShellScriptBin "sumireko-apply" '' nf-deploy = pkgs.writeShellScriptBin "nf-deploy" ''
darwin-rebuild switch --flake ${toString ./.}#sumireko export NF_CONFIG_ROOT=${toString ./.}
exec /usr/bin/env bash ${./nixos/deploy.sh} "$@"
''; '';
in in
pkgs.mkShell { pkgs.mkShell {
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
inetutils inetutils
sops
nf-actions nf-actions
nf-actions-test nf-actions-test
nf-update nf-update
sumireko-apply nf-deploy
] ++ config.runners.lazy.nativeBuildInputs ];
++ lib.optional (builtins.getEnv "TRUSTED" != "") (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.secrets.repo.bitw.source} "$@"'')
++ (map
(node: writeShellScriptBin "${node.networking.hostName}-sd-img" ''
nix build -f . network.nodes.${node.networking.hostName}.system.build.sdImage --show-trace
'')
(builtins.filter (node: node.system.build ? sdImage) (attrValues meta.network.nodes.nixos)))
++ (map
(node: writeShellScriptBin "${node.networking.hostName}-iso-img" ''
nix build -f . network.nodes.${node.networking.hostName}.system.build.isoImage --show-trace
'')
(builtins.filter (node: node.system.build ? isoImage) (attrValues meta.network.nodes.nixos)));
shellHook = '' shellHook = ''
export NIX_BIN_DIR=${pkgs.nix}/bin export NIX_BIN_DIR=${pkgs.nix}/bin
export HOME_UID=$(id -u) export HOME_UID=$(id -u)
export HOME_USER=$(id -un) export HOME_USER=$(id -un)
export CI_PLATFORM="impure" export CI_PLATFORM="impure"
export NIX_PATH="$NIX_PATH:home=${toString ./.}" export NIX_PATH="$NIX_PATH:home=${toString ./.}"
git pull
''; '';
} }

1
flake.lock generated
View file

@ -620,7 +620,6 @@
} }
}, },
"trusted": { "trusted": {
"flake": false,
"locked": { "locked": {
"lastModified": 1630400035, "lastModified": 1630400035,
"narHash": "sha256-MWaVOCzuFwp09wZIW9iHq5wWen5C69I940N1swZLEQ0=", "narHash": "sha256-MWaVOCzuFwp09wZIW9iHq5wWen5C69I940N1swZLEQ0=",

5
flake.nix
View file

@ -29,7 +29,6 @@
}; };
trusted = { trusted = {
url = "github:input-output-hk/empty-flake"; url = "github:input-output-hk/empty-flake";
flake = false;
}; };
flake-compat = { flake-compat = {
url = "github:edolstra/flake-compat"; url = "github:edolstra/flake-compat";
@ -58,7 +57,9 @@
legacyPackages = import ./meta.nix { inherit system inputs; }; legacyPackages = import ./meta.nix { inherit system inputs; };
}); });
in providedSystems // { in providedSystems // {
nixosConfigurations = self.legacyPackages.x86_64-linux.network.nodes.nixos; nixosConfigurations = builtins.mapAttrs (_: config: config // {
inherit config;
}) self.legacyPackages.x86_64-linux.network.nodes.nixos;
darwinConfigurations = builtins.mapAttrs (_: config: { darwinConfigurations = builtins.mapAttrs (_: config: {
inherit (config.deploy) pkgs; inherit (config.deploy) pkgs;
inherit config; inherit config;

7
inputs.nix
View file

@ -1,6 +1,5 @@
let let
lock = builtins.fromJSON (builtins.readFile ./flake.lock); lock = builtins.fromJSON (builtins.readFile ./flake.lock);
lockTrusted = builtins.fromJSON (builtins.readFile ./trusted/flake.lock);
flakeCompat = fetchTarball { flakeCompat = fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash; sha256 = lock.nodes.flake-compat.locked.narHash;
@ -9,8 +8,10 @@ let
src = ./.; src = ./.;
}; };
trusted = import flakeCompat { trusted = import flakeCompat {
src = ./trusted; src = if builtins.pathExists ./trusted/trusted/flake.nix
then ./trusted/trusted
else ./trusted;
}; };
in nixfiles.defaultNix.inputs // (if builtins.getEnv "TRUSTED" != "" then { in nixfiles.defaultNix.inputs // (if builtins.getEnv "TRUSTED" != "" then {
inherit (trusted.defaultNix.inputs) trusted; trusted = trusted.defaultNix;
} else {}) } else {})

52
nixos/deploy.sh Executable file
View file

@ -0,0 +1,52 @@
#!/usr/bin/env bash
set -eu
NF_CONFIG_ROOT=${NF_CONFIG_ROOT-.}
TRUSTED_ARGS=(
--override-input trusted $NF_CONFIG_ROOT/trusted
--no-update-lock-file
--no-write-lock-file
--quiet
)
if [[ -e trusted/trusted/flake.nix ]]; then
TRUSTED_ARGS+=(
--override-input trusted/trusted $NF_CONFIG_ROOT/trusted/trusted
)
fi
NIXOS_HOST=tewi
NIXOS_TOPLEVEL=network.nodes.nixos.$NIXOS_HOST.system.build.toplevel
if [[ $1 = build ]]; then
exec nix build --no-link --print-out-paths $NF_CONFIG_ROOT#$NIXOS_TOPLEVEL "${TRUSTED_ARGS[@]}"
elif [[ $1 = switch ]] || [[ $1 = test ]] || [[ $1 = dry-* ]]; then
METHOD=$1
shift
exec nixos-rebuild $METHOD \
--flake $NF_CONFIG_ROOT#$NIXOS_HOST "${TRUSTED_ARGS[@]}" \
--no-build-nix \
--target-host $NIXOS_HOST --use-remote-sudo \
"$@"
elif [[ $1 = check ]]; then
DEFAULT=$(nix eval --raw -f $NF_CONFIG_ROOT $NIXOS_TOPLEVEL)
FLAKE=$(nix eval --raw $NF_CONFIG_ROOT#$NIXOS_TOPLEVEL)
if [[ $DEFAULT != $FLAKE ]]; then
echo default.nix: $DEFAULT
echo flake.nix: $FLAKE
exit 1
fi
echo untrusted ok: $FLAKE
TRUSTED=$(TRUSTED=1 nix eval --raw -f $NF_CONFIG_ROOT $NIXOS_TOPLEVEL)
TRUSTED_FLAKE=$(nix eval --raw $NF_CONFIG_ROOT#$NIXOS_TOPLEVEL "${TRUSTED_ARGS[@]}")
if [[ $TRUSTED != $TRUSTED_FLAKE ]]; then
echo TRUSTED=1 default.nix: $TRUSTED
echo trusted/flake.nix: $TRUSTED_FLAKE
exit 1
fi
echo trusted ok: $TRUSTED_FLAKE
else
echo unknown cmd $1 >&2
exit 1
fi

1
tf

@ -1 +0,0 @@
Subproject commit b3346400d4e945c4cc9b0e8d149abb37b7f15af5

13
tree.nix
View file

@ -81,19 +81,16 @@
"home/*".functor.enable = true; "home/*".functor.enable = true;
}; };
}; };
trustedTree = mkTree { trustedTree = lib.optionalAttrs (inputs.trusted ? lib.treeSetup) (mkTree {
inherit inputs; inherit inputs;
folder = inputs.trusted; inherit (inputs.trusted.lib.treeSetup) folder config;
config = { });
"secrets".evaluateDefault = true;
};
};
tree = localTree // { tree = localTree // {
pure = localTree.pure // { pure = localTree.pure // {
trusted = trustedTree.pure; trusted = trustedTree.pure or { };
}; };
impure = localTree.impure // { impure = localTree.impure // {
trusted = trustedTree.impure; trusted = trustedTree.impure or { };
}; };
}; };
in tree in tree

659
trusted/flake.lock generated
View file

@ -1,621 +1,17 @@
{ {
"nodes": { "nodes": {
"arcexprs": {
"flake": false,
"locked": {
"lastModified": 1667597026,
"narHash": "sha256-XHtUQKU+w+m2/DPVlB8fmUKtSIarv/n0wOGwho/ZuCo=",
"owner": "arcnmx",
"repo": "nixexprs",
"rev": "a00aaa69de023da7f1429a2bd3081b1f5400118b",
"type": "github"
},
"original": {
"owner": "arcnmx",
"ref": "master",
"repo": "nixexprs",
"type": "github"
}
},
"ci": {
"flake": false,
"locked": {
"lastModified": 1667599669,
"narHash": "sha256-0/PsJ5UoJ4Xa74vu25xoUO07JxHfK6pLhnjEglsWvFA=",
"owner": "arcnmx",
"repo": "ci",
"rev": "bfb73a0a2f7daeca40f8ee73506b1c5b5b5d53dc",
"type": "github"
},
"original": {
"owner": "arcnmx",
"ref": "nix2.4",
"repo": "ci",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"nixfiles",
"nixpkgs"
]
},
"locked": {
"lastModified": 1667419884,
"narHash": "sha256-oLNw87ZI5NxTMlNQBv1wG2N27CUzo9admaFlnmavpiY=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "cfc0125eafadc9569d3d6a16ee928375b77e3100",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"doom-emacs": {
"flake": false,
"locked": {
"lastModified": 1662497747,
"narHash": "sha256-4n7E1fqda7cn5/F2jTkOnKw1juG6XMS/FI9gqODL3aU=",
"owner": "doomemacs",
"repo": "doomemacs",
"rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac",
"type": "github"
},
"original": {
"owner": "doomemacs",
"repo": "doomemacs",
"rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac",
"type": "github"
}
},
"doom-snippets": {
"flake": false,
"locked": {
"lastModified": 1662645711,
"narHash": "sha256-XKpPCtECGZQ5bFPPDUX3oAltXOJNwAI/OktxiLnADRE=",
"owner": "doomemacs",
"repo": "snippets",
"rev": "03a62fe7edf7e87fdbd925713fbd3bf292d14b00",
"type": "github"
},
"original": {
"owner": "doomemacs",
"repo": "snippets",
"type": "github"
}
},
"emacs-overlay": {
"flake": false,
"locked": {
"lastModified": 1667507825,
"narHash": "sha256-Tss8NXLO5HIqcY+v+lMy/tcdBKNwKxW5Lb4PkuS5rmY=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "ccefa5f7ddbb036656d8617ed2862fe057d60fb4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "emacs-overlay",
"type": "github"
}
},
"emacs-so-long": {
"flake": false,
"locked": {
"lastModified": 1575031854,
"narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=",
"owner": "hlissner",
"repo": "emacs-so-long",
"rev": "ed666b0716f60e8988c455804de24b55919e71ca",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "emacs-so-long",
"type": "github"
}
},
"evil-escape": {
"flake": false,
"locked": {
"lastModified": 1588439096,
"narHash": "sha256-aB2Ge5o/93B18tPf4fN1c+O46CNh/nOqwLJbox4c8Gw=",
"owner": "hlissner",
"repo": "evil-escape",
"rev": "819f1ee1cf3f69a1ae920e6004f2c0baeebbe077",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "evil-escape",
"type": "github"
}
},
"evil-markdown": {
"flake": false,
"locked": {
"lastModified": 1626852210,
"narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=",
"owner": "Somelauw",
"repo": "evil-markdown",
"rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477",
"type": "github"
},
"original": {
"owner": "Somelauw",
"repo": "evil-markdown",
"type": "github"
}
},
"evil-org-mode": {
"flake": false,
"locked": {
"lastModified": 1607203864,
"narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=",
"owner": "hlissner",
"repo": "evil-org-mode",
"rev": "a9706da260c45b98601bcd72b1d2c0a24a017700",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "evil-org-mode",
"type": "github"
}
},
"evil-quick-diff": {
"flake": false,
"locked": {
"lastModified": 1575189609,
"narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=",
"owner": "rgrinberg",
"repo": "evil-quick-diff",
"rev": "69c883720b30a892c63bc89f49d4f0e8b8028908",
"type": "github"
},
"original": {
"owner": "rgrinberg",
"repo": "evil-quick-diff",
"type": "github"
}
},
"explain-pause-mode": {
"flake": false,
"locked": {
"lastModified": 1595842060,
"narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=",
"owner": "lastquestion",
"repo": "explain-pause-mode",
"rev": "2356c8c3639cbeeb9751744dbe737267849b4b51",
"type": "github"
},
"original": {
"owner": "lastquestion",
"repo": "explain-pause-mode",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"format-all": {
"flake": false,
"locked": {
"lastModified": 1581716637,
"narHash": "sha256-ul7LCe60W8TIvUmUtZtZRo8489TK9iTPDsLHmzxY57M=",
"owner": "lassik",
"repo": "emacs-format-all-the-code",
"rev": "47d862d40a088ca089c92cd393c6dca4628f87d3",
"type": "github"
},
"original": {
"owner": "lassik",
"repo": "emacs-format-all-the-code",
"rev": "47d862d40a088ca089c92cd393c6dca4628f87d3",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixfiles",
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1671209729,
"narHash": "sha256-zxn1eA/rMi2DOx43V7q87bGaDzvL7CMVY/Ti7lJ92DQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7d55a72d4c1df694e87a41a7e6c9a7b6e9a40ca3",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"nix-dns": {
"inputs": {
"flake-utils": [
"nixfiles",
"flake-utils"
],
"nixpkgs": [
"nixfiles",
"nixpkgs"
]
},
"locked": {
"lastModified": 1635273082,
"narHash": "sha256-EHiDP2jEa7Ai5ZwIf5uld9RVFcV77+2SUxjQXwJsJa0=",
"owner": "kirelagin",
"repo": "nix-dns",
"rev": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a",
"type": "github"
},
"original": {
"owner": "kirelagin",
"ref": "master",
"repo": "nix-dns",
"type": "github"
}
},
"nix-doom-emacs": {
"inputs": {
"doom-emacs": "doom-emacs",
"doom-snippets": "doom-snippets",
"emacs-overlay": "emacs-overlay",
"emacs-so-long": "emacs-so-long",
"evil-escape": "evil-escape",
"evil-markdown": "evil-markdown",
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-compat": "flake-compat_2",
"flake-utils": [
"nixfiles",
"flake-utils"
],
"format-all": "format-all",
"nix-straight": "nix-straight",
"nixpkgs": [
"nixfiles",
"nixpkgs"
],
"nose": "nose",
"ob-racket": "ob-racket",
"org": "org",
"org-contrib": "org-contrib",
"org-yt": "org-yt",
"php-extras": "php-extras",
"revealjs": "revealjs",
"rotate-text": "rotate-text",
"sln-mode": "sln-mode",
"ts-fold": "ts-fold",
"ws-butler": "ws-butler"
},
"locked": {
"lastModified": 1667731647,
"narHash": "sha256-E/Y5yxX8u0RlLt07PJoQ+QAYMbbL19WayLU/SJDtnMw=",
"owner": "nix-community",
"repo": "nix-doom-emacs",
"rev": "c38ccd08345f58001cac2c2578e71d3f29b59bc0",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-doom-emacs",
"type": "github"
}
},
"nix-straight": {
"flake": false,
"locked": {
"lastModified": 1666982610,
"narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=",
"owner": "nix-community",
"repo": "nix-straight.el",
"rev": "ad10364d64f472c904115fd38d194efe1c3f1226",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-straight.el",
"type": "github"
}
},
"nixfiles": {
"inputs": {
"arcexprs": "arcexprs",
"ci": "ci",
"darwin": "darwin",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"nix-dns": "nix-dns",
"nix-doom-emacs": "nix-doom-emacs",
"nixpkgs": "nixpkgs",
"nur": "nur",
"tf-nix": "tf-nix",
"trusted": [
"trusted"
]
},
"locked": {
"lastModified": 1671305287,
"narHash": "sha256-yqI3cPWZcAFcgyzjm3VR04msHfXHOPNO8DKqo3ydLK8=",
"owner": "kittywitch",
"repo": "nixfiles",
"rev": "e4bd7ee5e6643b898af632f6ae36065bd8c100bf",
"type": "github"
},
"original": {
"owner": "kittywitch",
"repo": "nixfiles",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1667629849,
"narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3bacde6273b09a21a8ccfba15586fb165078fb62",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nose": {
"flake": false,
"locked": {
"lastModified": 1400604510,
"narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=",
"owner": "emacsattic",
"repo": "nose",
"rev": "f8528297519eba911696c4e68fa88892de9a7b72",
"type": "github"
},
"original": {
"owner": "emacsattic",
"repo": "nose",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1667742561,
"narHash": "sha256-lhNo7sk3eqq9SOABZYBECXlP552B1wgsLEGSQkWMM1M=",
"owner": "nix-community",
"repo": "nur",
"rev": "8aab177dc76d9b2cffe23720567ad81aaae13052",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "nur",
"type": "github"
}
},
"ob-racket": {
"flake": false,
"locked": {
"lastModified": 1584656173,
"narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=",
"owner": "xchrishawk",
"repo": "ob-racket",
"rev": "83457ec9e1e96a29fd2086ed19432b9d75787673",
"type": "github"
},
"original": {
"owner": "xchrishawk",
"repo": "ob-racket",
"type": "github"
}
},
"org": {
"flake": false,
"locked": {
"lastModified": 1666586252,
"narHash": "sha256-cwYEMnsv8kreTPKslM2yz59I4zm331w4WU4OHGzcslc=",
"owner": "emacs-straight",
"repo": "org-mode",
"rev": "48b237d9e21a4edf528d4bd1ed99d1f3757e4931",
"type": "github"
},
"original": {
"owner": "emacs-straight",
"repo": "org-mode",
"type": "github"
}
},
"org-contrib": {
"flake": false,
"locked": {
"lastModified": 1664301003,
"narHash": "sha256-8CAq/EB52RMQHNLZM0uc/1N5gKTfxGhf7WFt9sMKoD8=",
"owner": "emacsmirror",
"repo": "org-contrib",
"rev": "aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f",
"type": "github"
},
"original": {
"owner": "emacsmirror",
"repo": "org-contrib",
"type": "github"
}
},
"org-yt": {
"flake": false,
"locked": {
"lastModified": 1527381913,
"narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=",
"owner": "TobiasZawada",
"repo": "org-yt",
"rev": "40cc1ac76d741055cbefa13860d9f070a7ade001",
"type": "github"
},
"original": {
"owner": "TobiasZawada",
"repo": "org-yt",
"type": "github"
}
},
"php-extras": {
"flake": false,
"locked": {
"lastModified": 1573312690,
"narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=",
"owner": "arnested",
"repo": "php-extras",
"rev": "d410c5af663c30c01d461ac476d1cbfbacb49367",
"type": "github"
},
"original": {
"owner": "arnested",
"repo": "php-extras",
"type": "github"
}
},
"revealjs": {
"flake": false,
"locked": {
"lastModified": 1665992801,
"narHash": "sha256-bqNgaBT6WPfumhdG1VPZ6ngn0QA9RDuVtVJtVwxbOd4=",
"owner": "hakimel",
"repo": "reveal.js",
"rev": "f6f657b627f9703e32414d8d3f16fb49d41031cb",
"type": "github"
},
"original": {
"owner": "hakimel",
"repo": "reveal.js",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"nixfiles": "nixfiles",
"trusted": "trusted" "trusted": "trusted"
} }
}, },
"rotate-text": {
"flake": false,
"locked": {
"lastModified": 1322962747,
"narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=",
"owner": "debug-ito",
"repo": "rotate-text.el",
"rev": "48f193697db996855aee1ad2bc99b38c6646fe76",
"type": "github"
},
"original": {
"owner": "debug-ito",
"repo": "rotate-text.el",
"type": "github"
}
},
"sln-mode": {
"flake": false,
"locked": {
"lastModified": 1423727528,
"narHash": "sha256-XqkqPyEJuTtFslOz1fpTf/Klbd/zA7IGpzpmum/MGao=",
"owner": "sensorflo",
"repo": "sln-mode",
"rev": "0f91d1b957c7d2a7bab9278ec57b54d57f1dbd9c",
"type": "github"
},
"original": {
"owner": "sensorflo",
"repo": "sln-mode",
"type": "github"
}
},
"tf-nix": {
"flake": false,
"locked": {
"lastModified": 1670125422,
"narHash": "sha256-7QuCX4vGl58k3jzGkeHEI4aeSbcOKueb4U5RyZHulM8=",
"owner": "arcnmx",
"repo": "tf-nix",
"rev": "210f7e9c46bf8fa8f0b621f6e24adaea5a55e827",
"type": "github"
},
"original": {
"owner": "arcnmx",
"ref": "master",
"repo": "tf-nix",
"type": "github"
}
},
"trusted": { "trusted": {
"flake": false,
"locked": { "locked": {
"lastModified": 1671330960, "lastModified": 1678478350,
"narHash": "sha256-r8yqTEoOhZmTNlpThApRrZOAwc7+xrBBIXEk6nyx1pc=", "narHash": "sha256-OxAth0uppnijCgsgq0B3VgYwFfZ7RrrDsRmulQhvPsM=",
"ref": "shim", "ref": "shim",
"rev": "7848692e19091222d1fcafa51ffd48ceeb037ab6", "rev": "d53a6c00dd57535dd9824493cbc6a64bc9902768",
"revCount": 1, "revCount": 2,
"type": "git", "type": "git",
"url": "gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git" "url": "gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git"
}, },
@ -624,53 +20,6 @@
"type": "git", "type": "git",
"url": "gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git" "url": "gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git"
} }
},
"ts-fold": {
"flake": false,
"locked": {
"lastModified": 1663136308,
"narHash": "sha256-FI25RLoHqhcjA2qel75LVmQH4rTkKiAUR2w9QODT1XM=",
"owner": "jcs-elpa",
"repo": "ts-fold",
"rev": "c3da5520b988720f7f6e9e5e11b60746598112e0",
"type": "github"
},
"original": {
"owner": "jcs-elpa",
"repo": "ts-fold",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"ws-butler": {
"flake": false,
"locked": {
"lastModified": 1634511126,
"narHash": "sha256-c0y0ZPtxxICPk+eaNbbQf6t+FRCliNY54CCz9QHQ8ZI=",
"owner": "hlissner",
"repo": "ws-butler",
"rev": "572a10c11b6cb88293de48acbb59a059d36f9ba5",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "ws-butler",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

8
trusted/flake.nix
View file

@ -4,13 +4,7 @@
type = "git"; type = "git";
url = "gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git"; url = "gcrypt::ssh://git@github.com/arcnmx/kat-nixfiles-trusted.git";
ref = "shim"; ref = "shim";
flake = false;
};
nixfiles = {
url = "github:kittywitch/nixfiles";
inputs.trusted.follows = "trusted";
}; };
}; };
outputs = { self, trusted, nixfiles, ... }: let outputs = { self, trusted, ... }: trusted;
in nixfiles;
} }

1
trusted/trusted Submodule

@ -0,0 +1 @@
Subproject commit d53a6c00dd57535dd9824493cbc6a64bc9902768