ci.nix

{
  inputs,
  system,
  name,
}: let
  inherit (inputs) nixpkgs;
  pkgs = nixpkgs.legacyPackages.${system};
  ensureFiles = paths:
    pkgs.runCommand "directory" {} ''
      set -efu
      mkdir $out
      cd $out
      ${
        nixpkgs.lib.concatMapStringsSep "\n" (path: ''
          mkdir -p "$(dirname ${nixpkgs.lib.escapeShellArg path})"
          echo foo > ${nixpkgs.lib.escapeShellArg path}
        '')
        paths
      }
    '';
  nixPath = nixpkgs.lib.concatStringsSep ":" ([
      "niveum=${toString ./.}"
      "nixos-config=${toString ./.}/systems/${name}/configuration.nix"
      "system-secrets=${systemSecrets}"
      "secrets=${sharedSecrets}"
    ]
    ++ nixpkgs.lib.mapAttrsToList (name: value: "${name}=${value}") inputs);
  # cd ~/.password-store/shared && find * -type f | sed 's/.gpg$//'
  sharedSecrets = ensureFiles [
    "di.fm/key"
    "eduroam/identity"
    "eduroam/password"
    "hass/token"
    "mail/cock"
    "mail/fastmail"
    "mail/gmail/amroplay"
    "mail/gmail/kieran.meinhardt"
    "mail/meinhaki"
    "mail/posteo"
    "nextcloud-fysi/password"
    "nextcloud/password"
    "openweathermap.key"
    "restic/password"
    "traadfri.key"
    "wifi/Aether.psk"
    "spotify/username"
    "spotify/password"
  ];
  systemSecrets = let
    basic = ["retiolum.ed25519" "retiolum.key" "syncthing/cert.pem" "syncthing/key.pem"];
  in
    {
      zaatar = ensureFiles (["moodle.token" "telegram/moodle-dl.token" "mpd-web.key"] ++ basic);
      kabsa = ensureFiles basic;
      manakish = ensureFiles basic;
      tahina = ensureFiles basic;
      makanek = ensureFiles ([
          "irc/retiolum"
          "irc/hackint"
          "irc/libera"
          "irc/oftc"
          "matrix/nibbana"
          "maxmind/license.key"
          "moodle-dl/faye.token"
          "nextcloud/admin"
          "nextcloud/database"
          "telegram/nachtischsatan.token"
          "telegram/reverse.token"
          "telegram/odyssey.token"
          "telegram/betacode.token"
          "telegram/moodle-dl.token"
          "telegram/proverb.token"
          "telegram/menstruation.token"
          "telegram/cool_village.token"
          "telegram/kmein.token"
          "telegram/prometheus.token"
          "weechat/relay"
        ]
        ++ basic);
    }
    .${name};
in
  toString (pkgs.writers.writeDash "build" "NIX_PATH=${nixPath} nix-build '<nixpkgs/nixos>' -A system --dry-run")
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`{`
			`inputs,`
			`system,`
			`name,`
			`}: let`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`inherit (inputs) nixpkgs;`
			`pkgs = nixpkgs.legacyPackages.${system};`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`ensureFiles = paths:`
			`pkgs.runCommand "directory" {} ''`
			`set -efu`
			`mkdir $out`
			`cd $out`
			`${`
			`nixpkgs.lib.concatMapStringsSep "\n" (path: ''`
			`mkdir -p "$(dirname ${nixpkgs.lib.escapeShellArg path})"`
			`echo foo > ${nixpkgs.lib.escapeShellArg path}`
			`'')`
			`paths`
			`}`
			`'';`
feat(ci): streamline definition 2021-12-31 16:42:22 +01:00			`nixPath = nixpkgs.lib.concatStringsSep ":" ([`
chore: format 2022-03-13 10:31:19 +01:00			`"niveum=${toString ./.}"`
			`"nixos-config=${toString ./.}/systems/${name}/configuration.nix"`
			`"system-secrets=${systemSecrets}"`
			`"secrets=${sharedSecrets}"`
			`]`
			`++ nixpkgs.lib.mapAttrsToList (name: value: "${name}=${value}") inputs);`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`# cd ~/.password-store/shared && find * -type f \| sed 's/.gpg$//'`
			`sharedSecrets = ensureFiles [`
			`"di.fm/key"`
			`"eduroam/identity"`
			`"eduroam/password"`
feat(home-assistant): install cli 2022-03-12 12:43:35 +01:00			`"hass/token"`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`"mail/cock"`
			`"mail/fastmail"`
			`"mail/gmail/amroplay"`
			`"mail/gmail/kieran.meinhardt"`
			`"mail/meinhaki"`
			`"mail/posteo"`
			`"nextcloud-fysi/password"`
			`"nextcloud/password"`
			`"openweathermap.key"`
fix(ci): add restic password 2022-01-19 13:37:01 +01:00			`"restic/password"`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`"traadfri.key"`
			`"wifi/Aether.psk"`
feat(zaatar): enable spotifyd 2022-01-17 18:53:26 +01:00			`"spotify/username"`
			`"spotify/password"`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`];`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`systemSecrets = let`
			`basic = ["retiolum.ed25519" "retiolum.key" "syncthing/cert.pem" "syncthing/key.pem"];`
			`in`
			`{`
			`zaatar = ensureFiles (["moodle.token" "telegram/moodle-dl.token" "mpd-web.key"] ++ basic);`
			`kabsa = ensureFiles basic;`
			`manakish = ensureFiles basic;`
feat(tahina): init 2022-03-16 16:04:22 +01:00			`tahina = ensureFiles basic;`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`makanek = ensureFiles ([`
chore: format 2022-03-13 10:31:19 +01:00			`"irc/retiolum"`
			`"irc/hackint"`
			`"irc/libera"`
			`"irc/oftc"`
			`"matrix/nibbana"`
			`"maxmind/license.key"`
			`"moodle-dl/faye.token"`
			`"nextcloud/admin"`
			`"nextcloud/database"`
			`"telegram/nachtischsatan.token"`
			`"telegram/reverse.token"`
			`"telegram/odyssey.token"`
			`"telegram/betacode.token"`
			`"telegram/moodle-dl.token"`
			`"telegram/proverb.token"`
			`"telegram/menstruation.token"`
			`"telegram/cool_village.token"`
			`"telegram/kmein.token"`
			`"telegram/prometheus.token"`
			`"weechat/relay"`
			`]`
			`++ basic);`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`}`
			`.${name};`
			`in`
			`toString (pkgs.writers.writeDash "build" "NIX_PATH=${nixPath} nix-build '<nixpkgs/nixos>' -A system --dry-run")`