kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: add github actions, fix configs? remove chen

Browse source
This commit is contained in:
Kat Inskip 2024-07-13 11:58:06 -07:00
parent 038372e847
commit eac0887f73
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
5 changed files with 448 additions and 151 deletions
Download patch file Download diff file Expand all files Collapse all files

107
.github/workflows/flake-update.yml vendored Normal file
View file

@ -0,0 +1,107 @@
env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
CI_ALLOW_ROOT: '1'
CI_CONFIG: ./ci/flake-cron.nix
CI_PLATFORM: gh-actions
jobs:
ci-check:
name: flake-update check
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@v0.7
- id: ci-action-build
name: nix build ci.gh-actions.configFile
uses: arcnmx/ci/actions/nix/build@v0.7
with:
attrs: ci.gh-actions.configFile
out-link: .ci/workflow.yml
- id: ci-action-compare
name: gh-actions compare
uses: arcnmx/ci/actions/nix/run@v0.7
with:
args: -u .github/workflows/flake-update.yml .ci/workflow.yml
attrs: nixpkgs.diffutils
command: diff
flake-update:
name: flake-update
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@v0.7
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
NF_CONFIG_ROOT: ${{ github.workspace }}
NF_UPDATE_CACHIX_PUSH: '1'
NF_UPDATE_GIT_COMMIT: '1'
id: flake-update
name: flake update build
run: nix run .#nf-update
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.flake-update.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.flake-update.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.flake-update.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.flake-update.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
name: flake-update
'on':
pull_request:
paths:
- default.nix
- ci/flake-cron.nix
- .github/workflows/flake-update.yml
push:
paths:
- default.nix
- ci/flake-cron.nix
- .github/workflows/flake-update.yml
schedule:
- cron: 0 0 * * *
workflow_dispatch: {}

340
.github/workflows/nodes.yml vendored Normal file
View file

@ -0,0 +1,340 @@
env:
CI_ALLOW_ROOT: '1'
CI_CONFIG: ./ci/nodes.nix
CI_PLATFORM: gh-actions
jobs:
ci-check:
name: nodes check
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v4
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@v0.7
- id: ci-action-build
name: nix build ci.gh-actions.configFile
uses: arcnmx/ci/actions/nix/build@v0.7
with:
attrs: ci.gh-actions.configFile
out-link: .ci/workflow.yml
- id: ci-action-compare
name: gh-actions compare
uses: arcnmx/ci/actions/nix/run@v0.7
with:
args: -u .github/workflows/nodes.yml .ci/workflow.yml
attrs: nixpkgs.diffutils
command: diff
goliath:
name: nodes-goliath
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v4
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@v0.7
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.goliath.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.goliath.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.goliath.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.goliath.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
koishi:
name: nodes-koishi
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v4
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@v0.7
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.koishi.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.koishi.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.koishi.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.koishi.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
mai:
name: nodes-mai
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v4
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@v0.7
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.mai.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.mai.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.mai.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.mai.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
mei:
name: nodes-mei
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v4
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@v0.7
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.mei.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.mei.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.mei.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.mei.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
packages:
name: nodes-packages
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v4
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@v0.7
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.packages.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.packages.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.packages.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.packages.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
yukari:
name: nodes-yukari
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v4
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@v0.7
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.yukari.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.yukari.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.yukari.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.yukari.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
name: nodes
'on':
- push
- pull_request

2
ci/nodes.nix
View file

@ -11,7 +11,7 @@ with lib; {
name = "nodes"; name = "nodes";
jobs = let jobs = let
enabledSystems = filterAttrs (_: system: system.config.ci.enable) channels.nixfiles.lib.systems; enabledSystems = filterAttrs (_: system: system.config.nixpkgs.system == "x86_64-linux") channels.nixfiles.nixosConfigurations;
mkSystemJob = name: system: nameValuePair "${name}" { mkSystemJob = name: system: nameValuePair "${name}" {
tasks.system = { tasks.system = {
inputs = channels.nixfiles.nixosConfigurations.${name}.config.system.build.toplevel; inputs = channels.nixfiles.nixosConfigurations.${name}.config.system.build.toplevel;

147
systems/chen.nix
View file

@ -1,147 +0,0 @@
_: let
hostConfig = {
lib,
tree,
inputs,
...
}: let
inherit (lib.modules) mkForce;
in {
imports = with tree; [
inputs.wsl.nixosModules.wsl
kat.gui
nixos.gui.fonts
nixos.gui.gpg
];
programs.dconf.enable = true;
networking.firewall.enable = mkForce false;
boot.kernel.sysctl = mkForce {};
systemd.services = {
systemd-sysctl.enable = false;
};
fileSystems = {
"/" = {
device = "/dev/sdc";
fsType = "ext4";
};
"/usr/lib/wsl/drivers" = {
device = "drivers";
fsType = "9p";
};
"/usr/lib/wsl/lib" = {
device = "none";
fsType = "overlay";
};
"/mnt/wsl" = {
device = "none";
fsType = "tmpfs";
};
"/mnt/wslg" = {
device = "none";
fsType = "tmpfs";
};
"/mnt/wslg/doc" = {
device = "none";
fsType = "overlay";
};
"/mnt/c" = {
device = "drvfs";
fsType = "9p";
};
};
swapDevices = [
{device = "/dev/sdb";}
];
wsl = {
enable = true;
defaultUser = "kat";
startMenuLaunchers = true;
nativeSystemd = true;
wslConf.automount.root = "/mnt";
};
boot.isContainer = true;
services.openssh.enable = true;
home-manager.users.kat = {
services.gpg-agent.enable = false;
programs.git.signing.gpgPath = "/mnt/c/Program Files (x86)/GnuPG/bin/gpg.exe";
programs.zsh.profileExtra = ''
if [[ -n "$XDG_SESSION_ID" && "$TERM" == "dumb" &&
"$(ps -p $PPID -o comm=)" == "login" ]]; then
# Running in the background login process. Do nothing.
return
fi
gpg-connect-agent killagent /bye &> /dev/null
WIN_USER="kat"
SSH_DIR="''${HOME}/.ssh" #
mkdir -p "''${SSH_DIR}"
wsl2_ssh_pageant_bin="''${SSH_DIR}/wsl2-ssh-pageant.exe"
ln -sf "/mnt/c/Users/''${WIN_USER}/.ssh/wsl2-ssh-pageant.exe" "''${wsl2_ssh_pageant_bin}"
listen_socket() {
sock_path="$1" && shift
fork_args="''${sock_path},fork"
exec_args="''${wsl2_ssh_pageant_bin} $@"
if ! ps x | grep -v grep | grep -q "''${fork_args}"; then
rm -f "''${sock_path}"
(setsid nohup socat "UNIX-LISTEN:''${fork_args}" "EXEC:''${exec_args}" &>/dev/null &)
fi
}
# SSH
export SSH_AUTH_SOCK="''${SSH_DIR}/agent.sock"
listen_socket "''${SSH_AUTH_SOCK}"
# GPG
export GPG_AGENT_SOCK="''$(gpgconf --list-dirs socketdir)/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
echo "1"
rm -rf "$GPG_AGENT_SOCK"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
fi
export GPG_AGENT_SOCK="/home/kat/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
echo "1"
rm -rf "$GPG_AGENT_SOCK"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
fi
unset wsl2_ssh_pageant_bin
'';
};
programs.gnupg.agent.pinentryFlavor = mkForce "curses";
networking = {
hostId = "dddbb888";
useDHCP = false;
};
system.stateVersion = "22.05";
};
in {
arch = "x86_64";
type = "NixOS";
modules = [
hostConfig
];
}

3
systems/goliath.nix
View file

@ -34,10 +34,7 @@ _: let
in { in {
imports = imports =
(with tree.nixos.hardware; [ (with tree.nixos.hardware; [
amd_cpu
amd_gpu
b550m-itx-ac b550m-itx-ac
uefi
]) ])
++ (with tree.nixos.profiles; [ ++ (with tree.nixos.profiles; [
graphical graphical