ci.nix

{
  inputs,
  system,
  name,
}: let
  nixpkgs = inputs.nixpkgs;
  pkgs = nixpkgs.legacyPackages.${system};
  ensureFiles = paths:
    pkgs.runCommand "directory" {} ''
      set -efu
      mkdir $out
      cd $out
      ${
        nixpkgs.lib.concatMapStringsSep "\n" (path: ''
          mkdir -p "$(dirname ${nixpkgs.lib.escapeShellArg path})"
          echo foo > ${nixpkgs.lib.escapeShellArg path}
        '')
        paths
      }
    '';
  nixPath = nixpkgs.lib.concatStringsSep ":" ([
      "niveum=${toString ./.}"
      "nixos-config=${toString ./.}/systems/${name}/configuration.nix"
      "system-secrets=${systemSecrets}"
      "secrets=${sharedSecrets}"
      "nixpkgs=${toString (inputs.nixpkgs)}"
    ]
    ++ nixpkgs.lib.mapAttrsToList (name: value: "${name}=${value}") inputs);
  # cd ~/.password-store/shared && find * -type f | sed 's/.gpg$//'
  sharedSecrets = ensureFiles [
    "di.fm/key"
    "eduroam/identity"
    "eduroam/password"
    "github/notification.token"
    "hass/token"
    "mail/cock"
    "mail/fastmail"
    "mail/gmail/amroplay"
    "mail/gmail/kieran.meinhardt"
    "mail/meinhaki"
    "mail/dslalewa"
    "mail/fsklassp"
    "mail/posteo"
    "mega/password"
    "nextcloud-fysi/password"
    "nextcloud/password"
    "openweathermap.key"
    "restic/password"
    "traadfri.key"
    "miniflux/password"
    "wifi/Aether.psk"
    "spotify/username"
    "spotify/password"
  ];
  systemSecrets = let
    basic = ["retiolum.ed25519" "retiolum.key" "syncthing/cert.pem" "syncthing/key.pem" "ssh/passphrase"];
  in
    {
      zaatar = ensureFiles (["moodle.token" "telegram/moodle-dl.token" "mpd-web.key"] ++ basic);
      kabsa = ensureFiles basic;
      manakish = ensureFiles basic;
      tahina = ensureFiles basic;
      tabula = ensureFiles basic;
      ful = ensureFiles (["root.password"] ++ basic);
      makanek = ensureFiles ([
          "grafana/admin"
          "irc/retiolum"
          "irc/hackint"
          "irc/libera"
          "irc/oftc"
          "matrix/nibbana"
          "maxmind/license.key"
          "moodle-dl/faye.token"
          "nextcloud/admin"
          "nextcloud/database"
          "telegram/nachtischsatan.token"
          "telegram/reverse.token"
          "telegram/odyssey.token"
          "telegram/betacode.token"
          "telegram/moodle-dl.token"
          "telegram/proverb.token"
          "telegram/menstruation.token"
          "telegram/cool_village.token"
          "telegram/kmein.token"
          "telegram/krebs.token"
          "telegram/prometheus.token"
          "weechat/relay"
        ]
        ++ basic);
    }
    .${name};
in
  toString (pkgs.writers.writeDash "build" "NIX_PATH=${nixPath} nix-build '<nixpkgs/nixos>' -A system --dry-run")
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`{`
			`inputs,`
			`system,`
			`name,`
			`}: let`
feat: convert to flake feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo 2023-02-22 10:02:55 +01:00			`nixpkgs = inputs.nixpkgs;`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`pkgs = nixpkgs.legacyPackages.${system};`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`ensureFiles = paths:`
			`pkgs.runCommand "directory" {} ''`
			`set -efu`
			`mkdir $out`
			`cd $out`
			`${`
			`nixpkgs.lib.concatMapStringsSep "\n" (path: ''`
			`mkdir -p "$(dirname ${nixpkgs.lib.escapeShellArg path})"`
			`echo foo > ${nixpkgs.lib.escapeShellArg path}`
			`'')`
			`paths`
			`}`
			`'';`
feat(ci): streamline definition 2021-12-31 16:42:22 +01:00			`nixPath = nixpkgs.lib.concatStringsSep ":" ([`
chore: format 2022-03-13 10:31:19 +01:00			`"niveum=${toString ./.}"`
			`"nixos-config=${toString ./.}/systems/${name}/configuration.nix"`
			`"system-secrets=${systemSecrets}"`
			`"secrets=${sharedSecrets}"`
feat: convert to flake feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo 2023-02-22 10:02:55 +01:00			`"nixpkgs=${toString (inputs.nixpkgs)}"`
chore: format 2022-03-13 10:31:19 +01:00			`]`
			`++ nixpkgs.lib.mapAttrsToList (name: value: "${name}=${value}") inputs);`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`# cd ~/.password-store/shared && find * -type f \| sed 's/.gpg$//'`
			`sharedSecrets = ensureFiles [`
			`"di.fm/key"`
			`"eduroam/identity"`
			`"eduroam/password"`
fix(ci): add shared secret 2022-08-22 10:36:32 +02:00			`"github/notification.token"`
feat(home-assistant): install cli 2022-03-12 12:43:35 +01:00			`"hass/token"`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`"mail/cock"`
			`"mail/fastmail"`
			`"mail/gmail/amroplay"`
			`"mail/gmail/kieran.meinhardt"`
			`"mail/meinhaki"`
fix(ci): add dslalewa 2022-05-02 13:54:18 +02:00			`"mail/dslalewa"`
fix(ci): add missing secret 2023-01-06 12:27:47 +01:00			`"mail/fsklassp"`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`"mail/posteo"`
fix(ci): add mega password 2022-09-27 22:28:58 +02:00			`"mega/password"`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`"nextcloud-fysi/password"`
			`"nextcloud/password"`
			`"openweathermap.key"`
fix(ci): add restic password 2022-01-19 13:37:01 +01:00			`"restic/password"`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`"traadfri.key"`
fix(ci): tt-rss -> miniflux 2023-01-31 10:24:18 +01:00			`"miniflux/password"`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`"wifi/Aether.psk"`
feat(zaatar): enable spotifyd 2022-01-17 18:53:26 +01:00			`"spotify/username"`
			`"spotify/password"`
fix(stardict): sd-classics works when we filter out georges LD 2021-12-31 16:04:48 +01:00			`];`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`systemSecrets = let`
feat: automate entering ssh passphrase 2022-09-08 08:46:53 +02:00			`basic = ["retiolum.ed25519" "retiolum.key" "syncthing/cert.pem" "syncthing/key.pem" "ssh/passphrase"];`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`in`
			`{`
			`zaatar = ensureFiles (["moodle.token" "telegram/moodle-dl.token" "mpd-web.key"] ++ basic);`
			`kabsa = ensureFiles basic;`
			`manakish = ensureFiles basic;`
feat(tahina): init 2022-03-16 16:04:22 +01:00			`tahina = ensureFiles basic;`
feat: init tabula 2022-11-25 09:16:02 +01:00			`tabula = ensureFiles basic;`
feat(ci): add ful 2022-07-09 07:13:33 +02:00			`ful = ensureFiles (["root.password"] ++ basic);`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`makanek = ensureFiles ([`
fix(ci): add grafana secret to makanek 2023-02-09 09:48:34 +01:00			`"grafana/admin"`
chore: format 2022-03-13 10:31:19 +01:00			`"irc/retiolum"`
			`"irc/hackint"`
			`"irc/libera"`
			`"irc/oftc"`
			`"matrix/nibbana"`
			`"maxmind/license.key"`
			`"moodle-dl/faye.token"`
			`"nextcloud/admin"`
			`"nextcloud/database"`
			`"telegram/nachtischsatan.token"`
			`"telegram/reverse.token"`
			`"telegram/odyssey.token"`
			`"telegram/betacode.token"`
			`"telegram/moodle-dl.token"`
			`"telegram/proverb.token"`
			`"telegram/menstruation.token"`
			`"telegram/cool_village.token"`
			`"telegram/kmein.token"`
feat(matterbridge): move to new token 2022-05-10 22:31:10 +02:00			`"telegram/krebs.token"`
chore: format 2022-03-13 10:31:19 +01:00			`"telegram/prometheus.token"`
			`"weechat/relay"`
			`]`
			`++ basic);`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`}`
			`.${name};`
			`in`
			`toString (pkgs.writers.writeDash "build" "NIX_PATH=${nixPath} nix-build '<nixpkgs/nixos>' -A system --dry-run")`