CI: further attempted fix

.github/workflows/niv-update.yml

@@ -5,15 +5,6 @@ env:
   CI_PLATFORM: gh-actions
   OPENSSH_PRIVATE_KEY: ${{ secrets.OPENSSH_PRIVATE_KEY }}
 jobs:
-  ci:
-    name: ci
-    runs-on: ubuntu-latest
-    steps:
-    - id: aarch64
-      name: prepare for aarch64 builds
-      run: 'sudo aarch64binfmt
-
-        '
   ci-check:
     name: niv-update check
     runs-on: ubuntu-latest
@@ -57,6 +48,11 @@ jobs:
       with:
         attrs: ci.job.niv-update.run.bootstrap
         quiet: false
+    - id: aarch64
+      name: prepare for aarch64 builds
+      run: 'sudo $(which aarch64binfmt)
+
+        '
     - id: ci-dirty
       name: nix test dirty
       uses: arcnmx/ci/actions/nix/run@master

.github/workflows/nodes.yml

@@ -21,6 +21,11 @@ jobs:
       with:
         attrs: ci.job.athame.run.bootstrap
         quiet: false
+    - id: aarch64
+      name: prepare for aarch64 builds
+      run: 'sudo $(which aarch64binfmt)
+
+        '
     - id: ci-dirty
       name: nix test dirty
       uses: arcnmx/ci/actions/nix/run@master
@@ -78,6 +83,11 @@ jobs:
       with:
         attrs: ci.job.beltane.run.bootstrap
         quiet: false
+    - id: aarch64
+      name: prepare for aarch64 builds
+      run: 'sudo $(which aarch64binfmt)
+
+        '
     - id: ci-dirty
       name: nix test dirty
       uses: arcnmx/ci/actions/nix/run@master
@@ -117,15 +127,6 @@ jobs:
         command: ci-build-cache
         quiet: false
         stdin: ${{ runner.temp }}/ci.build.cache
-  ci:
-    name: ci
-    runs-on: ubuntu-latest
-    steps:
-    - id: aarch64
-      name: prepare for aarch64 builds
-      run: 'sudo aarch64binfmt
-
-        '
   ci-check:
     name: nodes check
     runs-on: ubuntu-latest
@@ -169,6 +170,11 @@ jobs:
       with:
         attrs: ci.job.daiyousei.run.bootstrap
         quiet: false
+    - id: aarch64
+      name: prepare for aarch64 builds
+      run: 'sudo $(which aarch64binfmt)
+
+        '
     - id: ci-dirty
       name: nix test dirty
       uses: arcnmx/ci/actions/nix/run@master
@@ -226,6 +232,11 @@ jobs:
       with:
         attrs: ci.job.ostara.run.bootstrap
         quiet: false
+    - id: aarch64
+      name: prepare for aarch64 builds
+      run: 'sudo $(which aarch64binfmt)
+
+        '
     - id: ci-dirty
       name: nix test dirty
       uses: arcnmx/ci/actions/nix/run@master
@@ -283,6 +294,11 @@ jobs:
       with:
         attrs: ci.job.rinnosuke.run.bootstrap
         quiet: false
+    - id: aarch64
+      name: prepare for aarch64 builds
+      run: 'sudo $(which aarch64binfmt)
+
+        '
     - id: ci-dirty
       name: nix test dirty
       uses: arcnmx/ci/actions/nix/run@master
@@ -340,6 +356,11 @@ jobs:
       with:
         attrs: ci.job.samhain.run.bootstrap
         quiet: false
+    - id: aarch64
+      name: prepare for aarch64 builds
+      run: 'sudo $(which aarch64binfmt)
+
+        '
     - id: ci-dirty
       name: nix test dirty
       uses: arcnmx/ci/actions/nix/run@master
@@ -397,6 +418,11 @@ jobs:
       with:
         attrs: ci.job.yule.run.bootstrap
         quiet: false
+    - id: aarch64
+      name: prepare for aarch64 builds
+      run: 'sudo $(which aarch64binfmt)
+
+        '
     - id: ci-dirty
       name: nix test dirty
       uses: arcnmx/ci/actions/nix/run@master

ci/niv-cron.nix

@@ -4,7 +4,11 @@ with lib; {
   ci.gh-actions.enable = true;
   ci.gh-actions.export = true;
 
-  nix.config.extraPlatforms = "aarch64-linux";
+
+  nix.config = {
+    extra-platforms = "aarch64-linux";
+    #extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext package) [bash qemu "/run/binfmt"];
+  };
 
   gh-actions.env.OPENSSH_PRIVATE_KEY = "\${{ secrets.OPENSSH_PRIVATE_KEY }}";
   gh-actions.env.CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
@@ -24,7 +28,7 @@ with lib; {
         ''; in
       channels.cipkgs.writeShellScriptBin "aarch64binfmt" ''
         ${makeQemuWrapper "aarch64"}
-        mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc
+        echo 'extra-sandbox-paths = ${channels.cipkgs.bash} ${channels.cipkgs.qemu} /run/binfmt' >> /etc/nix/nix.conf
         echo ':aarch64-linux:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/run/binfmt/aarch64:' > /proc/sys/fs/binfmt_misc/register
       '';
   };
@@ -49,12 +53,14 @@ with lib; {
           cron = "0 0 * * *";
         }];
       };
-    jobs.ci.step.aarch64 = {
+    jobs = mkIf (config.id != "ci") {
-      order = 201;
+      ${config.id}.step.aarch64 = {
-      name = "prepare for aarch64 builds";
+        order = 201;
-      run = ''
+        name = "prepare for aarch64 builds";
-        sudo aarch64binfmt
+        run = ''
-      '';
+          sudo $(which aarch64binfmt)
+        '';
+      };
     };
   };
 

ci/nodes.nix

@@ -4,15 +4,20 @@
   ci.gh-actions.export = true;
   channels.nixfiles.path = ../.;
 
-  nix.config.extraPlatforms = "aarch64-linux";
+  nix.config = {
+    extra-platforms = "aarch64-linux";
+    #extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext package) [bash qemu "/run/binfmt"];
+  };
 
   gh-actions = {
-    jobs.ci.step.aarch64 = {
+    jobs = mkIf (config.id != "ci") {
-      order = 201;
+      ${config.id}.step.aarch64 = {
-      name = "prepare for aarch64 builds";
+        order = 201;
-      run = ''
+        name = "prepare for aarch64 builds";
-        sudo aarch64binfmt
+        run = ''
-      '';
+          sudo $(which aarch64binfmt)
+        '';
+      };
     };
   };
 
@@ -21,7 +26,7 @@
     aarch64binfmt =
       let
         makeQemuWrapper = name: ''
-          mkdir -f /run/binfmt
+          mkdir -p /run/binfmt
           rm -f /run/binfmt/${name}
           cat > /run/binfmt/${name} << 'EOF'
           #!${channels.cipkgs.bash}/bin/sh
@@ -31,7 +36,7 @@
         ''; in
       channels.cipkgs.writeShellScriptBin "aarch64binfmt" ''
         ${makeQemuWrapper "aarch64"}
-        mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc
+        echo 'extra-sandbox-paths = ${channels.cipkgs.bash} ${channels.cipkgs.qemu} /run/binfmt' >> /etc/nix/nix.conf
         echo ':aarch64-linux:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/run/binfmt/aarch64:' > /proc/sys/fs/binfmt_misc/register
       '';
     sourceCache = channels.cipkgs.runCommand "sources"

config/hosts/daiyousei/nixos.nix

@@ -48,7 +48,7 @@ in
     interfaces.enp0s3 = {
       useDHCP = true;
       ipv6 = {
-        addresses = [{
+        addresses = mkIf (tf.state.resources ? ${tf.resources.${config.networking.hostName}.out.reference}) [{
           address = addr_ipv6_nix;
           prefixLength = 64;
         }];

nix/sources.json

@@ -89,10 +89,10 @@
         "homepage": null,
         "owner": "kittywitch",
         "repo": "nixexprs",
-        "rev": "68a371ce344cd66e646d58dd3658fc7c0615f768",
+        "rev": "a78026175487423769ac2667e618a896af63c5b0",
-        "sha256": "12afawrnfkj8i33h3rvqfx3mla8sjvmjmk9f786xi60ckbnqi089",
+        "sha256": "1bvmi4fybq98avshyircxcmshxnwwwlhm1b6brb3ygpffxhxbihy",
         "type": "tarball",
-        "url": "https://github.com/kittywitch/nixexprs/archive/68a371ce344cd66e646d58dd3658fc7c0615f768.tar.gz",
+        "url": "https://github.com/kittywitch/nixexprs/archive/a78026175487423769ac2667e618a896af63c5b0.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "niv": {