kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: attempt to integrate ci from Gensokyo-zone/infrastructure

Browse source
This commit is contained in:
Kat Inskip 2024-07-13 11:46:31 -07:00
parent 07ee692df8
commit 038372e847
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
13 changed files with 486 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.sops.yaml
View file

@ -27,6 +27,18 @@ creation_rules:
- *mei - *mei
- *mai - *mai
- *daiyousei - *daiyousei
- path_regex: ci/.*\.yaml
shamir_threshold: 1
key_groups:
- pgp:
- *kat
age: *age_common
- path_regex: home/[^/]+/.*\.yaml
shamir_threshold: 1
key_groups:
- pgp:
- *kat
age: *age_common
- path_regex: nixos/[^/]+/.*\.yaml - path_regex: nixos/[^/]+/.*\.yaml
shamir_threshold: 1 shamir_threshold: 1
key_groups: key_groups:

47
ci/common.nix Normal file
View file

@ -0,0 +1,47 @@
{
lib,
channels,
config,
...
}: {
nixpkgs.args = {
localSystem = "x86_64-linux";
config = {
allowUnfree = true;
};
};
ci = {
version = "v0.7";
gh-actions = {
enable = true;
};
};
/*nix.config = {
extra-platforms = ["aarch64-linux" "armv6l-linux" "armv7l-linux"];
#extra-sandbox-paths = with channels.cipkgs; map (package: builtins.unsafeDiscardStringContext "${package}?") [bash qemu "/run/binfmt"];
};*/
channels = {
nixfiles.path = ../.;
nixpkgs.path = "${channels.nixfiles.inputs.nixpkgs}";
};
ci.gh-actions.checkoutOptions = {
submodules = false;
};
cache.cachix = {
arc = {
enable = true;
publicKey = "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=";
signingKey = null;
};
kittywitch = {
enable = true;
publicKey = "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=";
signingKey = "mewp";
};
};
}

61
ci/flake-cron.nix Normal file
View file

@ -0,0 +1,61 @@
{
lib,
channels,
config,
...
}:
with lib; let
pkgs = channels.nixpkgs;
in {
imports = [ ./common.nix ];
config = {
name = "flake-update";
gh-actions = {
env.CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
on = let
paths = [
"default.nix" # sourceCache
"ci/flake-cron.nix"
config.ci.gh-actions.path
];
in {
push = {
inherit paths;
};
pull_request = {
inherit paths;
};
schedule = [
{
cron = "0 0 * * *";
}
];
workflow_dispatch = {};
};
jobs.flake-update = {
step.flake-update = {
name = "flake update build";
order = 500;
run = "nix run .#nf-update";
env = {
CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
NF_UPDATE_GIT_COMMIT = "1";
NF_UPDATE_CACHIX_PUSH = "1";
NF_CONFIG_ROOT = "\${{ github.workspace }}";
};
};
};
};
jobs = {
flake-update = { ... }: {
imports = [ ./packages.nix ];
};
};
ci.gh-actions.checkoutOptions = {
fetch-depth = 0;
};
};
}

8
ci/nix.nix Normal file
View file

@ -0,0 +1,8 @@
{
ci = {
workflowConfigs = [
"nodes.nix"
"flake-cron.nix"
];
};
}

28
ci/nodes.nix Normal file
View file

@ -0,0 +1,28 @@
{
lib,
config,
channels,
env,
...
}:
with lib; {
imports = [ ./common.nix ];
config = {
name = "nodes";
jobs = let
enabledSystems = filterAttrs (_: system: system.config.ci.enable) channels.nixfiles.lib.systems;
mkSystemJob = name: system: nameValuePair "${name}" {
tasks.system = {
inputs = channels.nixfiles.nixosConfigurations.${name}.config.system.build.toplevel;
warn = system.config.ci.allowFailure;
};
};
systemJobs = mapAttrs' mkSystemJob enabledSystems;
in {
packages = { ... }: {
imports = [ ./packages.nix ];
};
} // systemJobs;
};
}

17
ci/packages.nix Normal file
View file

@ -0,0 +1,17 @@
{
lib,
config,
channels,
...
}: let
inherit (channels.nixfiles) packages legacyPackages;
in {
tasks = {
devShell.inputs = with packages.x86_64-linux; [
deploy-rs
terraform tflint
alejandra deadnix statix
ssh-to-age
];
};
}

96
ci/secrets.yaml Normal file
View file

@ -0,0 +1,96 @@
CACHIX_AUTH_TOKEN: ENC[AES256_GCM,data:oezH26CAPPAXFvbtqlmEfa/X6XADQHCoObajgoaUKB8cdtI6mVnsZfmYNVgcyQzmyPhcKcqG7X1d0SYNuJW1dI2eByKvWSWUwY5N2f0994/Hd1NB3s7E3dq1EZtkZqDyFJMSchQT7xkJtEMqzdQnQhL3Au2zaP0+m6hhmkxqIet6H1Yu4n+hGBkunzF26l0VTPsPiek=,iv:ODlzphfJOsrPp0Vb/vABkES74a2wbesrRFQKGeCY2Qs=,tag:/wAItpFQmQ4KNT0ZNo1ehg==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmRERhQVk0RTVDdUR6bXVm
NVZjanNwV2d1bm1xbDZvMHZpNEpkRHBSL1M4ClpLdFhEM0JhNTlTMkFjd040OUZF
Vjl3aFlLMUxKeGRuZTNXYmxDRG54YUUKLS0tIFVVWGgvZGJ3d2JtQTYzcUZuRUM3
bThmek1aUG1pb3VBZXMxNXZIZEdyd1kKeOSUooXs//DJBhJlIssaozUhnPy4X8Ty
RGgvKAp7/fE0Z1WMV8h7w4vsplSr4aocU49CH/QcdAlARdqF4as9sA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdjV4VkdhdXVlUVN3MzNr
bW5Xb09vRFBtSTBWM2EvRHA0NS9kZTl4dFc4CjBCWlJ1NUp0MmQ5Z3FRWm5sanZs
UFdxSjl4ZWx3MWVZa3ZVT2ZEdC9NUkEKLS0tIEd0MUNRQStsSkVyTXBSRUt1Tms4
azBYYm5aU0hKOTEzV0FuNVF3ZHcyS3MKbHbT+cPPJ4XGWIgj/zxci9A88Ak60ja4
/2lBlLsVCUHmFEoHXueizAypcVhp+WwfbGdva3VWfCTMmYnzcdEv6A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlSTFBeUVMMVFuNURCa2tH
bUJVQ2hrSVREeUdPZ0d3NmREZXFtSmxnRnhZCnRXbCtVR3VxMXludzBWMmw1ZFBS
WW54dzNDamRkUjc0cWcyQ2RpaGNua2cKLS0tIG1VVDd1VFNLdHl4cmhiRnk0S1A1
dm5vVVBrM1NYb3cxbU9STXBBMDdDSUkKy+ZNL/eYnqtagB3oom0xEXxihYqGz2w3
RJ2dQEQSPshuyMzC6AsV8nbaQhX6aNw+cgDSqX0E9G7+mBjWFSjEgw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3STBnbDQ2K1ltVFZ4WjdG
bk1aMlY2NDFYWWZPcDgvL1VWT0YzdTc5eEdFCmxUejZkUG1BaVhHeU92cldLQVE5
UlNMb3pvdU5RY0V0KzExSDBKQVJLZkUKLS0tIDhxKzljTCsrVE9YRnNaMDF5WFBl
eGRWMnNqbFIvakhoVURYOFNrK2IrYlEKvFp1izuR11CBDTMdOKe5MMx/+hfg5zo8
bo09Ep3XzO++ZXmevtUOVKGKd+D2hstEZxi0Vfr6yp8iI8sAG/46yw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xgy03g3vjydsxcl0qpdgm8rahjcjq95ucxfwlgr22zwjx3p7jf2s9jk6u5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTk9FclJyeUxuNkJmTUFM
YVBLOEZqbXIyWXAxMk9pYnVvSXBjQTNhUGs0CmJ0NGJWenl5ZStHcXRubjdieHo0
QzhRdDZYV0xlU2N5dnpxWURNamN2aGcKLS0tIFRGc3ZJVnp3SnZtLy8ydVBQVUsy
STNxaHcyc3NINHFMR1F3OGg1a1liWW8KgVgMTA/Ut+xaLFmEP8EwSJ0oFVIEqh5n
PSD3ciDdx8t+2mzCvpTBZiH52jarZmBEhZhMYxwd301uS3uVUW5sGg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fv5dafs4n3r5n83qm2hfz7xmnflsz0xf9r3saralrptpgf8mvuxq4t8k3u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBckh5OC83b1JDY3lCVnFS
LzFRVElBTFVsWU5jMEkwbVlUTlpnaUl1L2pzCk9uNktBTEtFYUpHUCs0ODZrcGRp
WEdZenRMRFNhd256KzdINjYwZ25YaDQKLS0tIElGWkpBeXBqWXVha2NiczFzaUV4
NzJKWndUUlRTZ3NlYS9qam1xZ0xUakEKciZwpzQBxPz75xIPUIIsS4+YWXAWqIl5
MYURy5G8uMzzRlHK/CJ0OI53kjsj/MTkDy247gKX+lig7bXHnuYJ1A==
-----END AGE ENCRYPTED FILE-----
- recipient: age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoOXlDOE50bE1jRG5aZHRu
aDhoK2UxZzNobFEzN3drVmNlQmZoR0FBRlVVCmRhNStBRGkyaEkrYWJweDZBcWVL
Z2RDcjlyMk5zRTdOYi9zbjBGandCZEkKLS0tIExNcjByeXJxSkg5UGZLRWJSQ29Y
S1dxenc5M3ZhMTR3SEpqR3FxT20rdGMK4YtZe6NDBx5/LM6rbGuoXLrBEicOhDSx
azOPjHWLN+B2JdgBpemI9NDOfBWL+t/VGx00w40PUq7FsCYdoBmHtQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-13T18:21:10Z"
mac: ENC[AES256_GCM,data:6vjYEY6WsfXGHxryL3ypqlmRGbsgEse0WohV9N4Oepl+NDsmhsXraeSJsfQNwDgXHc7Hk6n7ORTeogXeVABMpeYZyOJnbzzfm5recAaXtB8Jq2yDC69KvS4Xuk9WzqmacLieeaZ5K1vET4hD0q52cBJtvRzgmJ2SAfEyXIeucO0=,iv:mzMAOI+aTzuGfQ4qyMTIv2QYYbXcaKcx9Wlfv7aY0CY=,tag:kwwdh7Ic0UtYqYJ1y6VqPw==,type:str]
pgp:
- created_at: "2024-07-13T18:20:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UARAAiGNgIcZG1LnGi0DyBiLVagxNUhpS4iatKgdHosBUUWWk
DjPnAseCrhSLMxciRjrDwnDKjFFMeIS54m1h4wsAgI8g08E0vkskcsU2PmFQ9IK4
dUBsvf/0vC4Q5cabagZb/jmtOS3RPHnXk2uNePR3p2AN38qBNhvaLVn1QS0hOQNx
OReUKvaBGmb1Yi9lafxb0k0h7FQ7s8rNatvKvrbr7aeVHBKSWRX3Rjsy0/wl5Amd
pcubaFOolp4DGPIaT7l4cRE+ZoiPJ4RGWHHHW0zt1KD6PYSorgGnz4Want/1lEJK
18L2Jw0KuLzpYl9ndSMKeYBxQM7jmMbLWE+V9zElSXAvR/q+WS5vWt2Ua8ps1MxE
4FRupXidI0/VL2F3nX4xE+LhY6RtPFAUcaFHAsUa8H7Yd/kbpflD/t14u8cMvABA
TEwLZkKP/PUtLbYkzOts4p7lFvduVKjRPc2mO1os2Mbtw8LljPgMlncoJ0zbeZ4y
eZRbXEiYjCFlXN/rYgmkVMrAK/LzgXPYPG4CD2q/IQkWMVXvWuFLNegTs/oxiJMG
kO56ewlVvcVynjBxTnPAA2fOtK65FVw6WVAWCK5NdnWzVPwohdQ8wpZbzOymSyU9
Nu3Q04gI513quQhJxbf0SbUDodes02Vmoe4eMJfs3sIZgx2UCQfRdXkcifjfgnfS
XgFLEn0LsMfsPcni5E6/3ti2jYJqnDBP4C8fh3jt/pKkEqGjPhuaAMaMfXST9idH
p05AkFfPcj5kknVIVf9/gJoSSzqfzyPKHbebq/+yHcpxn4oJlFCKpMJw39PmQLU=
=FTkp
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.9.0

114
flake.lock generated
View file

@ -3,11 +3,11 @@
"arcexprs": { "arcexprs": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1719854708, "lastModified": 1720471472,
"narHash": "sha256-EUjNXcLW6cN0UY89kkfncC/cVO0CY6qIUfKmlse/gLg=", "narHash": "sha256-2mq+DpPirJ+0M6fxQYTaXiI7Z+CdKSXjTxoy93stX1g=",
"owner": "arcnmx", "owner": "arcnmx",
"repo": "nixexprs", "repo": "nixexprs",
"rev": "5165118a5c43addcaace24579f0e62f5d1a792a7", "rev": "0067d9ff3aa5ce2f4e3c64a534494aa2700fcff1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -129,11 +129,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719845423, "lastModified": 1720845312,
"narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=", "narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "ec12b88104d6c117871fad55e931addac4626756", "rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -308,11 +308,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719992360, "lastModified": 1720734513,
"narHash": "sha256-SRq0ZRkqagqpMGVf4z9q9CIWRbPYjO7FTqSJyWh7nes=", "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "36e2f9da91ce8b63a549a47688ae60d47c50de4b", "rev": "90ae324e2c56af10f20549ab72014804a3064c7f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -338,11 +338,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718450675, "lastModified": 1720108799,
"narHash": "sha256-jpsns6buS4bK+1sF8sL8AaixAiCRjA+nldTKvcwmvUs=", "narHash": "sha256-AxRkTJlbB8r7aG6gvc7IaLhc2T9TO4/8uqanKRxukBQ=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprcursor", "repo": "hyprcursor",
"rev": "66d5b46ff94efbfa6fa3d1d1b66735f1779c34a6", "rev": "a5c0d57325c5f0814c39110a70ca19c070ae9486",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -370,11 +370,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719949580, "lastModified": 1720880492,
"narHash": "sha256-Ht6ZUjQ6HO9vllB0CxeGgLYUzZCw9Q/2Aaq21Og+3hM=", "narHash": "sha256-mzkonDtAmLxtvqd8p6ooR0NOFUcisM7l/j3uf/eZ8zU=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "8bb75a223db3ea9471d05d74fbed3328334a9f78", "rev": "45c48984236d7a682a1941b147f8ae489ac9a1e6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -417,11 +417,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717881852, "lastModified": 1720381373,
"narHash": "sha256-XeeVoKHQgfKuXoP6q90sUqKyl7EYy3ol2dVZGM+Jj94=", "narHash": "sha256-lyC/EZdHULsaAKVryK11lgHY9u6pXr7qR4irnxNWC7k=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "ec6938c66253429192274d612912649a0cfe4d28", "rev": "5df0174fd09de4ac5475233d65ffc703e89b82eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -444,11 +444,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719873906, "lastModified": 1720707332,
"narHash": "sha256-0dy2hT1Q4PaFah8QxJkOfXGLuG7Ehq5Hi5pNhOpXd/A=", "narHash": "sha256-OpUjVqJIxuouqUMmOAQI63XEOVk5EYyHwFVWdyrUdC8=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlock", "repo": "hyprlock",
"rev": "88b9ce48ed0c561c44c3a09cd6cef0e1bebaf59f", "rev": "b407128caeb551ae808cf8d0fb653a252a271709",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -493,11 +493,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719316102, "lastModified": 1720545076,
"narHash": "sha256-dmRz128j/lJmMuTYeCYPfSBRHHQO3VeH4PbmoyAhHzw=", "narHash": "sha256-Pxacc2uoxI00koXp5+CyNqHOTQlqNlK0rlRHDBHX4+g=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "1f6bbec5954f623ff8d68e567bddcce97cd2f085", "rev": "6174a2a25f4e216c0f1d0c4278adc23c476b1d09",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -568,11 +568,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719067853, "lastModified": 1720215857,
"narHash": "sha256-mAnZG/eQy72Fp1ImGtqCgUrDumnR1rMZv2E/zgP4U74=", "narHash": "sha256-JPdL+Qul+jEueAn8CARfcWP83eJgwkhMejQYfDvrgvU=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwayland-scanner", "repo": "hyprwayland-scanner",
"rev": "914f083741e694092ee60a39d31f693d0a6dc734", "rev": "d5fa094ca27e0039be5e94c0a80ae433145af8bb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -591,11 +591,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713139346, "lastModified": 1720893836,
"narHash": "sha256-GlRonqewugWqLK96LPZ0X+bdnQNuOqfVdQZiY2DQkvk=", "narHash": "sha256-rIwKRl1wmOoIyKPTAzOEvoyUm/roIo3QfJOcVg9Q8N0=",
"owner": "kittywitch", "owner": "kittywitch",
"repo": "konawall-py", "repo": "konawall-py",
"rev": "e3bf98deafef4876230253622fce04272af38d13", "rev": "936050d035788198b9c7d7e44b3acceb3d18e35a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -674,11 +674,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719969940, "lastModified": 1720834054,
"narHash": "sha256-ONh73rQPE476fUzQReW2LYBT4FTE51iIy6vUV8NEA/M=", "narHash": "sha256-gpUgy1XJGw8PZuRQlGwxoriIP+8jgUf2Ho9/g6meQHQ=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "2fbed82e0e1f8dee8fe6a34c26cdc17237e7101c", "rev": "526acd22f4ac06182ad4ec6346f5c6008590dbab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -694,11 +694,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719832725, "lastModified": 1720334033,
"narHash": "sha256-dr8DkeS74KVNTgi8BE0BiUKALb+EKlMIV86G2xPYO64=", "narHash": "sha256-X9pEvvHTVWJphhbUYqXvlLedOndNqGB7rvhSvL2CIgU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "2917972ed34ce292309b3a4976286f8b5c08db27", "rev": "685e40e1348007d2cf76747a201bab43d86b38cb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -709,11 +709,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1719895800, "lastModified": 1720737798,
"narHash": "sha256-xNbjISJTFailxass4LmdWeV4jNhAlmJPwj46a/GxE6M=", "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "6e253f12b1009053eff5344be5e835f604bb64cd", "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -724,11 +724,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1719848872, "lastModified": 1720542800,
"narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", "rev": "feb2849fdeb70028c70d73b848214b00d324a497",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -756,11 +756,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1720010855, "lastModified": 1720891420,
"narHash": "sha256-tF36DiquJP8Ow9QwphDYEjZtBfhkiZOKybUSMnM47wg=", "narHash": "sha256-NGqWtKIVF6zSDaYS6YepdLIQ4LLhBMPit5UsX7X5B5M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "642b5070e3fa9f0be118fd46c741a4313231be22", "rev": "ecde873d238284ccb47675c15436b55f6d6ec285",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -779,11 +779,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719875930, "lastModified": 1720863765,
"narHash": "sha256-jQmdWLxRP6BzOxRF8hQEhDD7UKw7UrnYbmaAPOSaXWY=", "narHash": "sha256-Q+LSZm9w1htVrRDY1d+0T8rBdifA/6JnAWuBMneGCCE=",
"owner": "pjones", "owner": "pjones",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "7e062fcd669e261fb06cf54fe0ef2e46c3db8e83", "rev": "40fa15eceeda6f3fb539367ccee462fa06a4d760",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -935,11 +935,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719873517, "lastModified": 1720479166,
"narHash": "sha256-D1dxZmXf6M2h5lNE1m6orojuUawVPjogbGRsqSBX+1g=", "narHash": "sha256-jqvhLDXzTLTHq9ZviFOpcTmXXmnbLfz7mWhgMNipMN4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "a11224af8d824935f363928074b4717ca2e280db", "rev": "67035a355b1d52d2d238501f8cc1a18706979760",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1058,11 +1058,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719220171, "lastModified": 1720787015,
"narHash": "sha256-xywM6JoGT8AwfoOFJBTv8GRlvNu8LYqqqMS/OQ6uCgE=", "narHash": "sha256-U3IqoGmIzBKEJ0ihRQ10GRRtdoDBI6Oxl6aiGbUA59A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "269411cfed6aab694e46f719277c972de96177bb", "rev": "371b5076d718f7f637d3959d0203061f06af1263",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1087,11 +1087,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719942321, "lastModified": 1720194466,
"narHash": "sha256-Mb6EdUtgujTNTY6oRLxM/ZCyWUrk+p3V6XcJZ1hSUe4=", "narHash": "sha256-Rizg9efi6ue95zOp0MeIV2ZedNo+5U9G2l6yirgBUnA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "c5b30938710d6c599f3f5cd99a3ffac35381fb0f", "rev": "b9b97e5ba23fe7bd5fa4df54696102e8aa863cf6",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
home/profiles/common/nix.nix
View file

@ -1,7 +1,8 @@
_: { _: {
# TODO: add the same treatment as the other nix gc script
nix.gc = { nix.gc = {
automatic = true; automatic = true;
frequency = "weekly"; frequency = "weekly";
persistent = true; persistent = true;
}; };
} }

96
home/profiles/graphical/secrets.yaml Normal file
View file

@ -0,0 +1,96 @@
GITHUB_ACCESS_TOKEN: ENC[AES256_GCM,data:rTepYBEOtj8lrUE4naBBGl1wHUqp/hVBVTaoBp+rhrctRZAWeXzp029pI6Knh495MWbkyr1FHNTtBEW4Id9M1Ip52R7LPxU5xRwCQPmU5zVhU65LGo3j2cv2IzJm,iv:/Y1/B458a/r3P5O8tizaoxWrUths5e8ThakJgB1SfR0=,tag:4H8wB2GbFW/7OAfXG8DHmw==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZVFONnJKcXAwWTM0V1dz
dXNHMlF2dmNQK3QzejFIWVBxTHlkTW82WW1FClh5VkhEbVRobk9Ybk1INXMvRkNN
TzdhV2M5K2l2aVlRc3pqclJZaUJVckEKLS0tIG1vVGdia2U1ZjU1UENKQ1dZVDdy
ME5NSnAzRXlzVG1hd1d6SnBWMnRVM0EKcUhYMSWzmqygU222jm+USXbguHrxZpGh
ShIV1DuP+XI4kytS8BvqIeK6ZA8UR2XNiqAjaFAMdOaH/C158VW3AQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnYVpHQmRvWHhGSzd1UnUz
S0U2aWRrWWVXKy9ITmppRkFpSXVZSzIwd3drCkw1V1NhTFkrMWlVbTdpTExnblRT
NHI1TXEvcHFNT0FkdHd2djMyRzBUR2cKLS0tIG1pOTZ6MUtSNWZxM290YTZWYVZJ
VVBNUHp0L21ISUlQT3k4NXBoNGpBVVEKKEcZpu1iIHnIMsRo7CTmxbpqVcSaRsuH
IJkcyvuds4ioBAJBZ9fD0eXjbE5OhYEjehjiEq9s2fD/9ZtTATkl4g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcmZUVTJlNlpVeGcvdThs
bkJLWGVydjZNc3FuTGZaYVdLNDRHOEVHc0ZzCnp5bytHOTdqamZpa3Z4SjFTcU5T
Z0lxdTQ3bHNSMWY3MnRyc01Dbm5NQ2sKLS0tIDgyc1gvNFFEZHBKYjhwa3YwY1Bk
SC9sVzB0cHR2cG92WTVudlQ2a2doUDAKyFGQ0ej+FRrss4vug/IqdGt34anaocjO
/ynoYURJwJMwIFo8p/ZUjNvTJBRQp1FYWqfgtb4JbhhP4GQyohox/A==
-----END AGE ENCRYPTED FILE-----
- recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2ZDB3S2hucnRMOXNZQytD
U3NYMDEvM2ZvRjZRWlZuZk5nbTFjZ0dUeFJJClRERnduN1JmdGtta0FUdSswWVFi
Skx6Mkg3TFRVcldQdFhhWUw4S210RWsKLS0tIDhlcnh3bXdFUjFHcU9RMkNhSHB3
bzltNTMzRUdrUzFDcTJGRjVOcWhrWU0KU2u9GSgWJOcHjhFfQ3akcwPPaUvp3zw1
Ar1Nd8V1QKhzV4OpaxlNsKe5LN5GREn/0VLA7Be2ZT2Llt5xQHyLNA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xgy03g3vjydsxcl0qpdgm8rahjcjq95ucxfwlgr22zwjx3p7jf2s9jk6u5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZFZGdDNseTBsR0hoRCt4
am5NNTkxRm9sMzd2OFlpYzkxNEh0NytveWhzCmI2cWdpcTZiSmg0RWFHT01aWm5L
aGtGekE2bzFqTCs3L0lsVVREV3FTNVkKLS0tIHJYT2FCejF1K0lzT1poaDdBQnM1
OGxtY0hXenhEby85eXRvUk00TnVmb28KP6wFZlj78VJIfX9VSGYKjk/K/IkOzmhd
+MIKuKGf0Wmn6likWhZod0Yid6Nq3NzRniPSdKa9rETmPi3Qn9xQ5Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fv5dafs4n3r5n83qm2hfz7xmnflsz0xf9r3saralrptpgf8mvuxq4t8k3u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTG0zTlc1YTBkaFBiSkh2
RTNiV0h6L2dmaG5oOFMxdFo5TzNqV2hlUTN3ClM5a1VFRXlSamlJNTZ2a3F5dFlE
RTJQQTUvUlRHMDU5aXhGaUxISkt3ckEKLS0tIHlIS0dXRHFEeEpNK1YzU2U2MDZ3
TGxkYXpKaVovWFZoNjRGWlRLdkp4eE0KuMSO1pukDuyokQ/5Ym3ZJ24HRb+WGEmQ
aLxB7n2Y95M+ms5WXXoL2ps5FzKixJAXBRli6/RDtn9Mh1ihT9bkzw==
-----END AGE ENCRYPTED FILE-----
- recipient: age120530yclr75k6nrzp6k5jjftj8j4q9v3533guupzk4ct86mjxszqg9e5t5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5RlFRRU1wTEUvR0JpZHZM
NU53eWtLRk9PU2dBWWpJMjBLNWpxa0hxTWxJCmJ3dlpZTW5Ickl0TGhkdWxJdkF4
VXhCZ3lseERXWmh0ODEvdGRWOXpVOE0KLS0tIDE4VjdKT2pZQTM0ZTlqZ3UzU251
bXpCZHFWMTRSUHhWMUZPczh1Rlkzd2sKuESLATRUMwgJp/XJiNLD44MoacDAjqrM
1pp9+2hsws9d3Em/gJj59Yn2GTT0gpNvKXqXeFp1vpm64oOK0GNZWQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-13T18:22:26Z"
mac: ENC[AES256_GCM,data:k9ml5lzn3OYlJVXFMtJ71dj2FaOZ27BSBPqtLr2ExUKDZUc9AkMTt1DOxQAOIpVmzJdWicVkqFTszfqi03+oPQ11/WZnNFC8FzF4v96LTQ4/OCgVm+ZQhovPV0haw3oZEYHi6tKbtM5BDW++ibjawWOyWQGKL4ZLF+MQEjB0GMU=,iv:w0U2bwC9Th6y24AQBeYx/IaJXROItBPbfPRtWrYEYr0=,tag:92QiGpY2jwszXffW4V9hBw==,type:str]
pgp:
- created_at: "2024-07-13T18:22:05Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ//Z1oKJXSEb+J4BqDvNnpb5yYkb8OU/8VXshMjqJNOcUat
FlQZGLum8PvU0tjQOBQ/wC2AALgCSyJTncmygy18oqFZJ5BEbWmoD17bLLtPd7u8
WLyAFoCaHTu5v6C3nQ7k/VZsLWokkNeekic9SR1gKErV48nU8kZMdAVxEEV2hPpL
4JvgCbtsVBLoZm6QHJEPZ4K9PnFJzFC9SRhOP9jbVdwVGAnFPhP2yuBql/kCacTa
WwtdD7RQbQoMLLF/Jz4Ca7SbZfe2CxpzTJ+/B+IKC/ta0XPH1MiBKS4adoTTDqLp
6rCobxLqvCizt53PUAwf5w4xf2OKSjZ6cj0QeVsHZanZZyI+ypnGNrqUS/07QtHU
vLX8Tskoh7LkvK9frwEngvfCI0eCe4/he+RTMVn0KxPdA9ObRvrnDdYNiasVFevI
NkR1wXe27TyVRPcY4fXNsh4GwZ+aSusPZp+jRp4WQRKfb+QQ0D5Jme/wpXccQgqc
TGmFpXtFAtz06LpJrPq2kx1/M9javPg0UDA8oyP35a+F3d9odSQsViJ95CexxqJb
zbAiPlt3GQTOwK+bjprGQPtNQ+qiwlI2fJWXFxBTTKQviQqV4ut+efwSnPAoIZqO
IKrRvLRgFMmxGJTjaApCIzNlc4OGZrWu1JQ/HWrwaCAJiwdAyjBG0V7fT+RXlM3S
XgH2qGwTGzIsT5MZDSEWHSfyiezStna+xHSwOcGpJauvgYFsKZtufxqpYnVu4+f9
Zffy5F+LpdO4qTHrZdKzPw9CxxS86t99MCFNkUIbo8u4gazqJM90LRnOok6qx1I=
=hP+o
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.9.0

10
packages/nf-update/default.nix Normal file
View file

@ -0,0 +1,10 @@
{
wrapShellScriptBin,
pkgs,
}:
wrapShellScriptBin "nf-update" ./update.sh {
depsRuntimePath = with pkgs; [
git
cachix
];
}

49
packages/nf-update/update.sh Normal file
View file

@ -0,0 +1,49 @@
#!/usr/bin/env bash
set -eu
if [[ -n ${CACHIX_SIGNING_KEY-} ]]; then
export NF_UPDATE_CACHIX_PUSH=1
fi
cd "$NF_CONFIG_ROOT"
nix flake update "$@"
if [[ -n $(git status --porcelain ./flake.lock) ]]; then
git -P diff ./flake.lock
else
echo "no source changes" >&2
exit
fi
echo "checking that nodes still build..." >&2
if [[ -n ${NF_UPDATE_CACHIX_PUSH-} ]]; then
export NF_ACTIONS_TEST_OUTLINK=${NF_ACTIONS_TEST_OUTLINK-result}
fi
nf-actions-test -L
if [[ -n ${NF_UPDATE_CACHIX_PUSH-} ]]; then
cachix push gensokyo-infrastructure "./${NF_ACTIONS_TEST_OUTLINK}"*/ &
CACHIX_PUSH=$!
fi
if [[ -z ${NF_UPDATE_GIT_COMMIT-} ]]; then
exit
fi
if [[ -n $(git diff --staged) ]]; then
echo "git working tree dirty, refusing to commit..." >&2
exit 1
fi
git add flake.lock
env \
GIT_{COMMITTER,AUTHOR}_EMAIL=github@kittywit.ch \
GIT_{COMMITTER,AUTHOR}_NAME="flake cron job" \
git commit --message="chore(ci): flake update"
if [[ ${GITHUB_REF-} = refs/heads/${NF_UPDATE_BRANCH-main} ]]; then
git push origin HEAD:${NF_UPDATE_BRANCH-main}
fi
wait ${CACHIX_PUSH-}

3
shells/repo.nix
View file

@ -2,6 +2,7 @@
pkgs, pkgs,
inputs, inputs,
std, std,
lib,
... ...
}: }:
with pkgs; let with pkgs; let
@ -10,6 +11,7 @@ with pkgs; let
repoShell = mkShell { repoShell = mkShell {
nativeBuildInputs = nativeBuildInputs =
[ [
nf-update
fd # fd, better fine! fd # fd, better fine!
ripgrep # rg, better grep! ripgrep # rg, better grep!
sops sops
@ -23,6 +25,7 @@ with pkgs; let
'')) ''))
repo.darwinConfigurations); repo.darwinConfigurations);
shellHook = '' shellHook = ''
export CI_PLATFORM="impure"
sops sops
echo -e "\e[39m\e[1m$USER@$REPO_HOSTNAME - \e[35m''$(realpath --relative-to=../ ./nixos/)\e[0m" echo -e "\e[39m\e[1m$USER@$REPO_HOSTNAME - \e[35m''$(realpath --relative-to=../ ./nixos/)\e[0m"
echo -e "\e[35mRunning alejandra\e[0m" echo -e "\e[35mRunning alejandra\e[0m"