diff --git a/.github/workflows/niv-update.yml b/.github/workflows/niv-update.yml index 74f08621..dc1c22e6 100644 --- a/.github/workflows/niv-update.yml +++ b/.github/workflows/niv-update.yml @@ -5,15 +5,6 @@ env: CI_PLATFORM: gh-actions OPENSSH_PRIVATE_KEY: ${{ secrets.OPENSSH_PRIVATE_KEY }} jobs: - ci: - name: ci - runs-on: ubuntu-latest - steps: - - id: aarch64 - name: prepare for aarch64 builds - run: 'sudo aarch64binfmt - - ' ci-check: name: niv-update check runs-on: ubuntu-latest @@ -57,6 +48,11 @@ jobs: with: attrs: ci.job.niv-update.run.bootstrap quiet: false + - id: aarch64 + name: prepare for aarch64 builds + run: 'sudo $(which aarch64binfmt) + + ' - id: ci-dirty name: nix test dirty uses: arcnmx/ci/actions/nix/run@master diff --git a/.github/workflows/nodes.yml b/.github/workflows/nodes.yml index 01d59bff..5e7f5d6b 100644 --- a/.github/workflows/nodes.yml +++ b/.github/workflows/nodes.yml @@ -21,6 +21,11 @@ jobs: with: attrs: ci.job.athame.run.bootstrap quiet: false + - id: aarch64 + name: prepare for aarch64 builds + run: 'sudo $(which aarch64binfmt) + + ' - id: ci-dirty name: nix test dirty uses: arcnmx/ci/actions/nix/run@master @@ -78,6 +83,11 @@ jobs: with: attrs: ci.job.beltane.run.bootstrap quiet: false + - id: aarch64 + name: prepare for aarch64 builds + run: 'sudo $(which aarch64binfmt) + + ' - id: ci-dirty name: nix test dirty uses: arcnmx/ci/actions/nix/run@master @@ -117,15 +127,6 @@ jobs: command: ci-build-cache quiet: false stdin: ${{ runner.temp }}/ci.build.cache - ci: - name: ci - runs-on: ubuntu-latest - steps: - - id: aarch64 - name: prepare for aarch64 builds - run: 'sudo aarch64binfmt - - ' ci-check: name: nodes check runs-on: ubuntu-latest @@ -169,6 +170,11 @@ jobs: with: attrs: ci.job.daiyousei.run.bootstrap quiet: false + - id: aarch64 + name: prepare for aarch64 builds + run: 'sudo $(which aarch64binfmt) + + ' - id: ci-dirty name: nix test dirty uses: arcnmx/ci/actions/nix/run@master @@ -226,6 +232,11 @@ jobs: with: attrs: ci.job.ostara.run.bootstrap quiet: false + - id: aarch64 + name: prepare for aarch64 builds + run: 'sudo $(which aarch64binfmt) + + ' - id: ci-dirty name: nix test dirty uses: arcnmx/ci/actions/nix/run@master @@ -283,6 +294,11 @@ jobs: with: attrs: ci.job.rinnosuke.run.bootstrap quiet: false + - id: aarch64 + name: prepare for aarch64 builds + run: 'sudo $(which aarch64binfmt) + + ' - id: ci-dirty name: nix test dirty uses: arcnmx/ci/actions/nix/run@master @@ -340,6 +356,11 @@ jobs: with: attrs: ci.job.samhain.run.bootstrap quiet: false + - id: aarch64 + name: prepare for aarch64 builds + run: 'sudo $(which aarch64binfmt) + + ' - id: ci-dirty name: nix test dirty uses: arcnmx/ci/actions/nix/run@master @@ -397,6 +418,11 @@ jobs: with: attrs: ci.job.yule.run.bootstrap quiet: false + - id: aarch64 + name: prepare for aarch64 builds + run: 'sudo $(which aarch64binfmt) + + ' - id: ci-dirty name: nix test dirty uses: arcnmx/ci/actions/nix/run@master diff --git a/ci/niv-cron.nix b/ci/niv-cron.nix index 8f8a4bb4..ccabc5d7 100644 --- a/ci/niv-cron.nix +++ b/ci/niv-cron.nix @@ -4,7 +4,11 @@ with lib; { ci.gh-actions.enable = true; ci.gh-actions.export = true; - nix.config.extraPlatforms = "aarch64-linux"; + + nix.config = { + extra-platforms = "aarch64-linux"; + #extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext package) [bash qemu "/run/binfmt"]; + }; gh-actions.env.OPENSSH_PRIVATE_KEY = "\${{ secrets.OPENSSH_PRIVATE_KEY }}"; gh-actions.env.CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; @@ -24,7 +28,7 @@ with lib; { ''; in channels.cipkgs.writeShellScriptBin "aarch64binfmt" '' ${makeQemuWrapper "aarch64"} - mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc + echo 'extra-sandbox-paths = ${channels.cipkgs.bash} ${channels.cipkgs.qemu} /run/binfmt' >> /etc/nix/nix.conf echo ':aarch64-linux:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/run/binfmt/aarch64:' > /proc/sys/fs/binfmt_misc/register ''; }; @@ -49,12 +53,14 @@ with lib; { cron = "0 0 * * *"; }]; }; - jobs.ci.step.aarch64 = { - order = 201; - name = "prepare for aarch64 builds"; - run = '' - sudo aarch64binfmt - ''; + jobs = mkIf (config.id != "ci") { + ${config.id}.step.aarch64 = { + order = 201; + name = "prepare for aarch64 builds"; + run = '' + sudo $(which aarch64binfmt) + ''; + }; }; }; diff --git a/ci/nodes.nix b/ci/nodes.nix index d2e49ed7..79b335c4 100644 --- a/ci/nodes.nix +++ b/ci/nodes.nix @@ -4,15 +4,20 @@ ci.gh-actions.export = true; channels.nixfiles.path = ../.; - nix.config.extraPlatforms = "aarch64-linux"; + nix.config = { + extra-platforms = "aarch64-linux"; + #extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext package) [bash qemu "/run/binfmt"]; + }; gh-actions = { - jobs.ci.step.aarch64 = { - order = 201; - name = "prepare for aarch64 builds"; - run = '' - sudo aarch64binfmt - ''; + jobs = mkIf (config.id != "ci") { + ${config.id}.step.aarch64 = { + order = 201; + name = "prepare for aarch64 builds"; + run = '' + sudo $(which aarch64binfmt) + ''; + }; }; }; @@ -21,7 +26,7 @@ aarch64binfmt = let makeQemuWrapper = name: '' - mkdir -f /run/binfmt + mkdir -p /run/binfmt rm -f /run/binfmt/${name} cat > /run/binfmt/${name} << 'EOF' #!${channels.cipkgs.bash}/bin/sh @@ -31,7 +36,7 @@ ''; in channels.cipkgs.writeShellScriptBin "aarch64binfmt" '' ${makeQemuWrapper "aarch64"} - mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc + echo 'extra-sandbox-paths = ${channels.cipkgs.bash} ${channels.cipkgs.qemu} /run/binfmt' >> /etc/nix/nix.conf echo ':aarch64-linux:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/run/binfmt/aarch64:' > /proc/sys/fs/binfmt_misc/register ''; sourceCache = channels.cipkgs.runCommand "sources" diff --git a/config/hosts/daiyousei/nixos.nix b/config/hosts/daiyousei/nixos.nix index f41b7b0e..6b3704bd 100644 --- a/config/hosts/daiyousei/nixos.nix +++ b/config/hosts/daiyousei/nixos.nix @@ -48,7 +48,7 @@ in interfaces.enp0s3 = { useDHCP = true; ipv6 = { - addresses = [{ + addresses = mkIf (tf.state.resources ? ${tf.resources.${config.networking.hostName}.out.reference}) [{ address = addr_ipv6_nix; prefixLength = 64; }]; diff --git a/nix/sources.json b/nix/sources.json index e7f5a526..7d5b1e49 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -89,10 +89,10 @@ "homepage": null, "owner": "kittywitch", "repo": "nixexprs", - "rev": "68a371ce344cd66e646d58dd3658fc7c0615f768", - "sha256": "12afawrnfkj8i33h3rvqfx3mla8sjvmjmk9f786xi60ckbnqi089", + "rev": "a78026175487423769ac2667e618a896af63c5b0", + "sha256": "1bvmi4fybq98avshyircxcmshxnwwwlhm1b6brb3ygpffxhxbihy", "type": "tarball", - "url": "https://github.com/kittywitch/nixexprs/archive/68a371ce344cd66e646d58dd3658fc7c0615f768.tar.gz", + "url": "https://github.com/kittywitch/nixexprs/archive/a78026175487423769ac2667e618a896af63c5b0.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "niv": {