diff --git a/.github/workflows/flake-update.yml b/.github/workflows/flake-update.yml new file mode 100644 index 00000000..fb08a2ae --- /dev/null +++ b/.github/workflows/flake-update.yml @@ -0,0 +1,107 @@ +env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + CI_ALLOW_ROOT: '1' + CI_CONFIG: ./ci/flake-cron.nix + CI_PLATFORM: gh-actions +jobs: + ci-check: + name: flake-update check + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v4 + with: + fetch-depth: 0 + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.7 + - id: ci-action-build + name: nix build ci.gh-actions.configFile + uses: arcnmx/ci/actions/nix/build@v0.7 + with: + attrs: ci.gh-actions.configFile + out-link: .ci/workflow.yml + - id: ci-action-compare + name: gh-actions compare + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + args: -u .github/workflows/flake-update.yml .ci/workflow.yml + attrs: nixpkgs.diffutils + command: diff + flake-update: + name: flake-update + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v4 + with: + fetch-depth: 0 + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.7 + - env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + NF_CONFIG_ROOT: ${{ github.workspace }} + NF_UPDATE_CACHIX_PUSH: '1' + NF_UPDATE_GIT_COMMIT: '1' + id: flake-update + name: flake update build + run: nix run .#nf-update + - id: ci-dirty + name: nix test dirty + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.flake-update.run.test + command: ci-build-dirty + quiet: false + stdout: ${{ runner.temp }}/ci.build.dirty + - id: ci-test + name: nix test build + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.flake-update.run.test + command: ci-build-realise + ignore-exit-code: true + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + - env: + CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} + id: ci-summary + name: nix test results + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.flake-update.run.test + command: ci-build-summarise + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + stdout: ${{ runner.temp }}/ci.build.cache + - env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + id: ci-cache + if: always() + name: nix test cache + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.flake-update.run.test + command: ci-build-cache + quiet: false + stdin: ${{ runner.temp }}/ci.build.cache +name: flake-update +'on': + pull_request: + paths: + - default.nix + - ci/flake-cron.nix + - .github/workflows/flake-update.yml + push: + paths: + - default.nix + - ci/flake-cron.nix + - .github/workflows/flake-update.yml + schedule: + - cron: 0 0 * * * + workflow_dispatch: {} diff --git a/.github/workflows/nodes.yml b/.github/workflows/nodes.yml new file mode 100644 index 00000000..c56a2498 --- /dev/null +++ b/.github/workflows/nodes.yml @@ -0,0 +1,340 @@ +env: + CI_ALLOW_ROOT: '1' + CI_CONFIG: ./ci/nodes.nix + CI_PLATFORM: gh-actions +jobs: + ci-check: + name: nodes check + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v4 + with: + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.7 + - id: ci-action-build + name: nix build ci.gh-actions.configFile + uses: arcnmx/ci/actions/nix/build@v0.7 + with: + attrs: ci.gh-actions.configFile + out-link: .ci/workflow.yml + - id: ci-action-compare + name: gh-actions compare + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + args: -u .github/workflows/nodes.yml .ci/workflow.yml + attrs: nixpkgs.diffutils + command: diff + goliath: + name: nodes-goliath + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v4 + with: + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.7 + - id: ci-dirty + name: nix test dirty + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.goliath.run.test + command: ci-build-dirty + quiet: false + stdout: ${{ runner.temp }}/ci.build.dirty + - id: ci-test + name: nix test build + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.goliath.run.test + command: ci-build-realise + ignore-exit-code: true + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + - env: + CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} + id: ci-summary + name: nix test results + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.goliath.run.test + command: ci-build-summarise + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + stdout: ${{ runner.temp }}/ci.build.cache + - env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + id: ci-cache + if: always() + name: nix test cache + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.goliath.run.test + command: ci-build-cache + quiet: false + stdin: ${{ runner.temp }}/ci.build.cache + koishi: + name: nodes-koishi + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v4 + with: + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.7 + - id: ci-dirty + name: nix test dirty + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.koishi.run.test + command: ci-build-dirty + quiet: false + stdout: ${{ runner.temp }}/ci.build.dirty + - id: ci-test + name: nix test build + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.koishi.run.test + command: ci-build-realise + ignore-exit-code: true + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + - env: + CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} + id: ci-summary + name: nix test results + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.koishi.run.test + command: ci-build-summarise + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + stdout: ${{ runner.temp }}/ci.build.cache + - env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + id: ci-cache + if: always() + name: nix test cache + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.koishi.run.test + command: ci-build-cache + quiet: false + stdin: ${{ runner.temp }}/ci.build.cache + mai: + name: nodes-mai + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v4 + with: + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.7 + - id: ci-dirty + name: nix test dirty + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mai.run.test + command: ci-build-dirty + quiet: false + stdout: ${{ runner.temp }}/ci.build.dirty + - id: ci-test + name: nix test build + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mai.run.test + command: ci-build-realise + ignore-exit-code: true + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + - env: + CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} + id: ci-summary + name: nix test results + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mai.run.test + command: ci-build-summarise + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + stdout: ${{ runner.temp }}/ci.build.cache + - env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + id: ci-cache + if: always() + name: nix test cache + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mai.run.test + command: ci-build-cache + quiet: false + stdin: ${{ runner.temp }}/ci.build.cache + mei: + name: nodes-mei + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v4 + with: + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.7 + - id: ci-dirty + name: nix test dirty + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mei.run.test + command: ci-build-dirty + quiet: false + stdout: ${{ runner.temp }}/ci.build.dirty + - id: ci-test + name: nix test build + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mei.run.test + command: ci-build-realise + ignore-exit-code: true + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + - env: + CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} + id: ci-summary + name: nix test results + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mei.run.test + command: ci-build-summarise + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + stdout: ${{ runner.temp }}/ci.build.cache + - env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + id: ci-cache + if: always() + name: nix test cache + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mei.run.test + command: ci-build-cache + quiet: false + stdin: ${{ runner.temp }}/ci.build.cache + packages: + name: nodes-packages + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v4 + with: + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.7 + - id: ci-dirty + name: nix test dirty + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.packages.run.test + command: ci-build-dirty + quiet: false + stdout: ${{ runner.temp }}/ci.build.dirty + - id: ci-test + name: nix test build + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.packages.run.test + command: ci-build-realise + ignore-exit-code: true + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + - env: + CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} + id: ci-summary + name: nix test results + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.packages.run.test + command: ci-build-summarise + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + stdout: ${{ runner.temp }}/ci.build.cache + - env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + id: ci-cache + if: always() + name: nix test cache + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.packages.run.test + command: ci-build-cache + quiet: false + stdin: ${{ runner.temp }}/ci.build.cache + yukari: + name: nodes-yukari + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v4 + with: + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.7 + - id: ci-dirty + name: nix test dirty + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.yukari.run.test + command: ci-build-dirty + quiet: false + stdout: ${{ runner.temp }}/ci.build.dirty + - id: ci-test + name: nix test build + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.yukari.run.test + command: ci-build-realise + ignore-exit-code: true + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + - env: + CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} + id: ci-summary + name: nix test results + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.yukari.run.test + command: ci-build-summarise + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + stdout: ${{ runner.temp }}/ci.build.cache + - env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + id: ci-cache + if: always() + name: nix test cache + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.yukari.run.test + command: ci-build-cache + quiet: false + stdin: ${{ runner.temp }}/ci.build.cache +name: nodes +'on': +- push +- pull_request diff --git a/ci/nodes.nix b/ci/nodes.nix index 97341248..7da9c128 100644 --- a/ci/nodes.nix +++ b/ci/nodes.nix @@ -11,7 +11,7 @@ with lib; { name = "nodes"; jobs = let - enabledSystems = filterAttrs (_: system: system.config.ci.enable) channels.nixfiles.lib.systems; + enabledSystems = filterAttrs (_: system: system.config.nixpkgs.system == "x86_64-linux") channels.nixfiles.nixosConfigurations; mkSystemJob = name: system: nameValuePair "${name}" { tasks.system = { inputs = channels.nixfiles.nixosConfigurations.${name}.config.system.build.toplevel; diff --git a/systems/chen.nix b/systems/chen.nix deleted file mode 100644 index 353065f5..00000000 --- a/systems/chen.nix +++ /dev/null @@ -1,147 +0,0 @@ -_: let - hostConfig = { - lib, - tree, - inputs, - ... - }: let - inherit (lib.modules) mkForce; - in { - imports = with tree; [ - inputs.wsl.nixosModules.wsl - kat.gui - nixos.gui.fonts - nixos.gui.gpg - ]; - - programs.dconf.enable = true; - - networking.firewall.enable = mkForce false; - - boot.kernel.sysctl = mkForce {}; - - systemd.services = { - systemd-sysctl.enable = false; - }; - - fileSystems = { - "/" = { - device = "/dev/sdc"; - fsType = "ext4"; - }; - "/usr/lib/wsl/drivers" = { - device = "drivers"; - fsType = "9p"; - }; - "/usr/lib/wsl/lib" = { - device = "none"; - fsType = "overlay"; - }; - "/mnt/wsl" = { - device = "none"; - fsType = "tmpfs"; - }; - "/mnt/wslg" = { - device = "none"; - fsType = "tmpfs"; - }; - "/mnt/wslg/doc" = { - device = "none"; - fsType = "overlay"; - }; - "/mnt/c" = { - device = "drvfs"; - fsType = "9p"; - }; - }; - - swapDevices = [ - {device = "/dev/sdb";} - ]; - - wsl = { - enable = true; - defaultUser = "kat"; - startMenuLaunchers = true; - nativeSystemd = true; - wslConf.automount.root = "/mnt"; - }; - - boot.isContainer = true; - - services.openssh.enable = true; - - home-manager.users.kat = { - services.gpg-agent.enable = false; - programs.git.signing.gpgPath = "/mnt/c/Program Files (x86)/GnuPG/bin/gpg.exe"; - programs.zsh.profileExtra = '' - if [[ -n "$XDG_SESSION_ID" && "$TERM" == "dumb" && - "$(ps -p $PPID -o comm=)" == "login" ]]; then - # Running in the background login process. Do nothing. - return - fi - gpg-connect-agent killagent /bye &> /dev/null - WIN_USER="kat" - SSH_DIR="''${HOME}/.ssh" # - mkdir -p "''${SSH_DIR}" - wsl2_ssh_pageant_bin="''${SSH_DIR}/wsl2-ssh-pageant.exe" - ln -sf "/mnt/c/Users/''${WIN_USER}/.ssh/wsl2-ssh-pageant.exe" "''${wsl2_ssh_pageant_bin}" - - listen_socket() { - sock_path="$1" && shift - fork_args="''${sock_path},fork" - exec_args="''${wsl2_ssh_pageant_bin} $@" - - if ! ps x | grep -v grep | grep -q "''${fork_args}"; then - rm -f "''${sock_path}" - (setsid nohup socat "UNIX-LISTEN:''${fork_args}" "EXEC:''${exec_args}" &>/dev/null &) - fi - } - - # SSH - export SSH_AUTH_SOCK="''${SSH_DIR}/agent.sock" - listen_socket "''${SSH_AUTH_SOCK}" - - # GPG - export GPG_AGENT_SOCK="''$(gpgconf --list-dirs socketdir)/S.gpg-agent" - - if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then - echo "1" - rm -rf "$GPG_AGENT_SOCK" - if test -x "$wsl2_ssh_pageant_bin"; then - (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &) - else - echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable." - fi - fi - export GPG_AGENT_SOCK="/home/kat/.gnupg/S.gpg-agent" - - if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then - echo "1" - rm -rf "$GPG_AGENT_SOCK" - if test -x "$wsl2_ssh_pageant_bin"; then - (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &) - else - echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable." - fi - fi - unset wsl2_ssh_pageant_bin - ''; - }; - - programs.gnupg.agent.pinentryFlavor = mkForce "curses"; - - networking = { - hostId = "dddbb888"; - useDHCP = false; - }; - - system.stateVersion = "22.05"; - }; -in { - arch = "x86_64"; - type = "NixOS"; - modules = [ - hostConfig - ]; -} diff --git a/systems/goliath.nix b/systems/goliath.nix index dfb9d305..632aa78b 100644 --- a/systems/goliath.nix +++ b/systems/goliath.nix @@ -34,10 +34,7 @@ _: let in { imports = (with tree.nixos.hardware; [ - amd_cpu - amd_gpu b550m-itx-ac - uefi ]) ++ (with tree.nixos.profiles; [ graphical