mirror of
https://github.com/kmein/niveum
synced 2026-03-21 04:11:07 +01:00
chore(ci): move to own file
This commit is contained in:
4
ci.nix
4
ci.nix
@@ -11,7 +11,7 @@ let
|
|||||||
echo foo > ${nixpkgs.lib.escapeShellArg path}
|
echo foo > ${nixpkgs.lib.escapeShellArg path}
|
||||||
'') paths}
|
'') paths}
|
||||||
'';
|
'';
|
||||||
nixPathFor = nixpkgs.lib.concatStringsSep ":" [
|
nixPath = nixpkgs.lib.concatStringsSep ":" [
|
||||||
"nixos-config=${toString ./.}/systems/${name}/configuration.nix"
|
"nixos-config=${toString ./.}/systems/${name}/configuration.nix"
|
||||||
"niveum=${toString ./.}"
|
"niveum=${toString ./.}"
|
||||||
"nixpkgs=${inputs.nixpkgs}"
|
"nixpkgs=${inputs.nixpkgs}"
|
||||||
@@ -74,4 +74,4 @@ let
|
|||||||
"weechat/relay"
|
"weechat/relay"
|
||||||
] ++ basic);
|
] ++ basic);
|
||||||
}.${name};
|
}.${name};
|
||||||
in toString (pkgs.writers.writeDash "build" "NIX_PATH=${nixPathFor name} nix-build '<nixpkgs/nixos>' -A system --dry-run")
|
in toString (pkgs.writers.writeDash "build" "NIX_PATH=${nixPath} nix-build '<nixpkgs/nixos>' -A system --dry-run")
|
||||||
|
|||||||
80
flake.nix
80
flake.nix
@@ -53,7 +53,7 @@
|
|||||||
, nixpkgs-unstable
|
, nixpkgs-unstable
|
||||||
, retiolum
|
, retiolum
|
||||||
, stockholm
|
, stockholm
|
||||||
}:
|
}@inputs:
|
||||||
let
|
let
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
@@ -84,15 +84,6 @@
|
|||||||
source = krops.lib.evalSource [ (source name) ];
|
source = krops.lib.evalSource [ (source name) ];
|
||||||
target = "root@${host}:${toString sshPort}";
|
target = "root@${host}:${toString sshPort}";
|
||||||
});
|
});
|
||||||
ensureFiles = paths: pkgs.runCommand "directory" {} ''
|
|
||||||
set -efu
|
|
||||||
mkdir $out
|
|
||||||
cd $out
|
|
||||||
${nixpkgs.lib.concatMapStringsSep "\n" (path: ''
|
|
||||||
mkdir -p "$(dirname ${nixpkgs.lib.escapeShellArg path})"
|
|
||||||
echo foo > ${nixpkgs.lib.escapeShellArg path}
|
|
||||||
'') paths}
|
|
||||||
'';
|
|
||||||
in {
|
in {
|
||||||
apps.${system} = let
|
apps.${system} = let
|
||||||
forSystems = f: builtins.listToAttrs (map f (builtins.attrNames (builtins.readDir ./systems)));
|
forSystems = f: builtins.listToAttrs (map f (builtins.attrNames (builtins.readDir ./systems)));
|
||||||
@@ -103,74 +94,11 @@
|
|||||||
program = deployScriptFor { name = system; host = "${system}.r"; };
|
program = deployScriptFor { name = system; host = "${system}.r"; };
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
nixPathFor = system: nixpkgs.lib.concatStringsSep ":" [
|
ciScripts = forSystems (name: {
|
||||||
"nixos-config=${toString ./.}/systems/${system}/configuration.nix"
|
name = "build-${name}";
|
||||||
"niveum=${toString ./.}"
|
|
||||||
"nixpkgs=${nixpkgs}"
|
|
||||||
"nixpkgs-unstable=${nixpkgs-unstable}"
|
|
||||||
"stockholm=${stockholm}"
|
|
||||||
"home-manager=${home-manager}"
|
|
||||||
"nix-writers=${nix-writers}"
|
|
||||||
"retiolum=${retiolum}"
|
|
||||||
"system-secrets=${systemSecrets.${system}}"
|
|
||||||
"secrets=${sharedSecrets}"
|
|
||||||
"menstruation-backend=${menstruation-backend}"
|
|
||||||
"menstruation-telegram=${menstruation-telegram}"
|
|
||||||
];
|
|
||||||
# cd ~/.password-store/shared && find * -type f | sed 's/.gpg$//'
|
|
||||||
sharedSecrets = ensureFiles [
|
|
||||||
"di.fm/key"
|
|
||||||
"eduroam/identity"
|
|
||||||
"eduroam/password"
|
|
||||||
"fritznas.smb"
|
|
||||||
"mail/cock"
|
|
||||||
"mail/fastmail"
|
|
||||||
"mail/gmail/amroplay"
|
|
||||||
"mail/gmail/kieran.meinhardt"
|
|
||||||
"mail/meinhaki"
|
|
||||||
"mail/meinhaki.cert"
|
|
||||||
"mail/posteo"
|
|
||||||
"nextcloud-fysi/password"
|
|
||||||
"nextcloud/password"
|
|
||||||
"openweathermap.key"
|
|
||||||
"posteo/password"
|
|
||||||
"spotify/password"
|
|
||||||
"spotify/username"
|
|
||||||
"traadfri.key"
|
|
||||||
"wifi/Aether.psk"
|
|
||||||
];
|
|
||||||
systemSecrets = let basic = [ "retiolum.ed25519" "retiolum.key" "syncthing/cert.pem" "syncthing/key.pem"]; in {
|
|
||||||
zaatar = ensureFiles ([ "moodle.token" "telegram/moodle-dl.token" ] ++ basic);
|
|
||||||
kabsa = ensureFiles basic;
|
|
||||||
manakish = ensureFiles basic;
|
|
||||||
makanek = ensureFiles ([
|
|
||||||
"irc/retiolum"
|
|
||||||
"irc/hackint"
|
|
||||||
"irc/libera"
|
|
||||||
"irc/oftc"
|
|
||||||
"matrix/nibbana"
|
|
||||||
"maxmind/license.key"
|
|
||||||
"moodle-dl/faye.token"
|
|
||||||
"nextcloud/admin"
|
|
||||||
"nextcloud/database"
|
|
||||||
"telegram/nachtischsatan.token"
|
|
||||||
"telegram/reverse.token"
|
|
||||||
"telegram/odyssey.token"
|
|
||||||
"telegram/betacode.token"
|
|
||||||
"telegram/moodle-dl.token"
|
|
||||||
"telegram/proverb.token"
|
|
||||||
"telegram/menstruation.token"
|
|
||||||
"telegram/cool_village.token"
|
|
||||||
"telegram/kmein.token"
|
|
||||||
"telegram/prometheus.token"
|
|
||||||
"weechat/relay"
|
|
||||||
] ++ basic);
|
|
||||||
};
|
|
||||||
ciScripts = forSystems (system: {
|
|
||||||
name = "build-${system}";
|
|
||||||
value = {
|
value = {
|
||||||
type = "app";
|
type = "app";
|
||||||
program = toString (pkgs.writers.writeDash "build" "NIX_PATH=${nixPathFor system} nix-build '<nixpkgs/nixos>' -A system --dry-run");
|
program = import ./ci.nix { inherit name system inputs; };
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
in deployScripts // ciScripts // {
|
in deployScripts // ciScripts // {
|
||||||
|
|||||||
Reference in New Issue
Block a user