diff --git a/.github/workflows/niveum.yml b/.github/workflows/niveum.yml index f1622b9..d935a01 100644 --- a/.github/workflows/niveum.yml +++ b/.github/workflows/niveum.yml @@ -9,11 +9,29 @@ jobs: matrix: system: [makanek,manakish,kabsa,zaatar,ful] steps: - - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v16 - - name: Install nixos-rebuild - run: GC_DONT_GC=1 nix-env -i nixos-rebuild -f '' - - run: | - rm -rf secrets + - uses: actions/checkout@v3 + - name: Install QEMU (ARM) + run: sudo apt-get install -y qemu-user-static + if: ${{ matrix.system == 'ful' }} + - name: Install Nix (ARM) + uses: cachix/install-nix-action@v16 + if: ${{ matrix.system == 'ful' }} + with: + extra_nix_config: | + system = aarch64-linux + - name: Install Nix (x86_64) + uses: cachix/install-nix-action@v16 + if: ${{ matrix.system != 'ful' }} + - name: nixos-rebuild dry-build + run: | + # remove secrets: ref https://stackoverflow.com/questions/1260748/how-do-i-remove-a-submodule/36593218 + git submodule deinit -f secrets + rm -rf .git/modules/secrets + git rm -f secrets + + # recreate secrets mkdir secrets - - run: GC_DONT_GC=1 nixos-rebuild dry-build --flake .#{{matrix.system}} + cat secrets.txt | while read -r path; do touch $path; done + git add secrets + + nix run nixpkgs#nixos-rebuild -- dry-build --flake $GITHUB_WORKSPACE#${{matrix.system}} diff --git a/flake.nix b/flake.nix index cc3ae47..8afa4ce 100644 --- a/flake.nix +++ b/flake.nix @@ -62,7 +62,7 @@ apps = nixinate.nixinate.x86_64-linux self // { - x86_64-linux.deploy = let + x86_64-linux = let pkgs = nixpkgs.legacyPackages.x86_64-linux; in { mock-secrets = { diff --git a/secrets.txt b/secrets.txt new file mode 100644 index 0000000..a414a55 --- /dev/null +++ b/secrets.txt @@ -0,0 +1,62 @@ +secrets/di-fm-key.age +secrets/email-password-meinhark.age +secrets/kabsa-retiolum-privateKey-ed25519.age +secrets/makanek-specus-privateKey.age +secrets/manakish-retiolum-privateKey-rsa.age +secrets/kfm-password.age +secrets/email-password-fysi.age +secrets/github-token-i3status-rust.age +secrets/nextcloud-password-admin.age +secrets/zaatar-retiolum-privateKey-ed25519.age +secrets/manakish-syncthing-cert.age +secrets/telegram-token-betacode.age +secrets/tabula-retiolum-privateKey-rsa.age +secrets/zaatar-ympd-basicAuth.age +secrets/zaatar-moodle-dl-basicAuth.age +secrets/mega-password.age +secrets/telegram-token-reverse.age +secrets/email-password-meinhaki.age +secrets/spotify-password.age +secrets/telegram-token-kmein.age +secrets/maxmind-license-key.age +secrets/makanek-retiolum-privateKey-rsa.age +secrets/spotify-username.age +secrets/onlyoffice-jwt-key.age +secrets/miniflux-credentials.age +secrets/email-password-fsklassp.age +secrets/kabsa-retiolum-privateKey-rsa.age +secrets/traadfri-key.age +secrets/tahina-retiolum-privateKey-rsa.age +secrets/makanek-retiolum-privateKey-ed25519.age +secrets/zaatar-retiolum-privateKey-rsa.age +secrets/kabsa-specus-privateKey.age +secrets/nextcloud-password-kieran.age +secrets/ful-root.age +secrets/manakish-syncthing-key.age +secrets/email-password-dslalewa.age +secrets/zaatar-moodle-dl-tokens.json.age +secrets/tabula-retiolum-privateKey-ed25519.age +secrets/tahina-retiolum-privateKey-ed25519.age +secrets/cifs-credentials-hu-berlin.age +secrets/kabsa-syncthing-key.age +secrets/ful-retiolum-privateKey-rsa.age +secrets/ful-retiolum-privateKey-ed25519.age +secrets/zaatar-syncthing-key.age +secrets/openweathermap-api-key.age +secrets/secrets.nix +secrets/email-password-cock.age +secrets/telegram-token-nachtischsatan.age +secrets/kabsa-syncthing-cert.age +secrets/grafana-password-admin.age +secrets/email-password-posteo.age +secrets/manakish-retiolum-privateKey-ed25519.age +secrets/restic.age +secrets/home-assistant-token.age +secrets/zaatar-syncthing-cert.age +secrets/nextcloud-password-database.age +secrets/telegram-token-menstruation.age +secrets/alertmanager-token-reporters.age +secrets/ful-specus-privateKey.age +secrets/nextcloud-password-fysi.age +secrets/weechat-sec.conf.age +secrets/telegram-token-proverb.age