fix(ci): submodules and it works!

.github/workflows/niveum.yml

@@ -9,11 +9,29 @@ jobs:
       matrix:
         system: [makanek,manakish,kabsa,zaatar,ful]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
-    - uses: cachix/install-nix-action@v16
+    - name: Install QEMU (ARM)
-    - name: Install nixos-rebuild
+      run: sudo apt-get install -y qemu-user-static
-      run: GC_DONT_GC=1 nix-env -i nixos-rebuild -f '<nixpkgs>'
+      if: ${{ matrix.system == 'ful' }}
-    - run: |
+    - name: Install Nix (ARM)
-        rm -rf secrets
+      uses: cachix/install-nix-action@v16
+      if: ${{ matrix.system == 'ful' }}
+      with:
+        extra_nix_config: |
+          system = aarch64-linux
+    - name: Install Nix (x86_64)
+      uses: cachix/install-nix-action@v16
+      if: ${{ matrix.system != 'ful' }}
+    - name: nixos-rebuild dry-build
+      run: |
+        # remove secrets: ref https://stackoverflow.com/questions/1260748/how-do-i-remove-a-submodule/36593218
+        git submodule deinit -f secrets
+        rm -rf .git/modules/secrets
+        git rm -f secrets
+
+        # recreate secrets
         mkdir secrets
-    - run: GC_DONT_GC=1 nixos-rebuild dry-build --flake .#{{matrix.system}}
+        cat secrets.txt | while read -r path; do touch $path; done
+        git add secrets
+
+        nix run nixpkgs#nixos-rebuild -- dry-build  --flake $GITHUB_WORKSPACE#${{matrix.system}}

flake.nix

@@ -62,7 +62,7 @@
       apps =
         nixinate.nixinate.x86_64-linux self
         // {
-          x86_64-linux.deploy = let
+          x86_64-linux = let
             pkgs = nixpkgs.legacyPackages.x86_64-linux;
           in {
             mock-secrets = {

secrets.txt

@@ -0,0 +1,62 @@
+secrets/di-fm-key.age
+secrets/email-password-meinhark.age
+secrets/kabsa-retiolum-privateKey-ed25519.age
+secrets/makanek-specus-privateKey.age
+secrets/manakish-retiolum-privateKey-rsa.age
+secrets/kfm-password.age
+secrets/email-password-fysi.age
+secrets/github-token-i3status-rust.age
+secrets/nextcloud-password-admin.age
+secrets/zaatar-retiolum-privateKey-ed25519.age
+secrets/manakish-syncthing-cert.age
+secrets/telegram-token-betacode.age
+secrets/tabula-retiolum-privateKey-rsa.age
+secrets/zaatar-ympd-basicAuth.age
+secrets/zaatar-moodle-dl-basicAuth.age
+secrets/mega-password.age
+secrets/telegram-token-reverse.age
+secrets/email-password-meinhaki.age
+secrets/spotify-password.age
+secrets/telegram-token-kmein.age
+secrets/maxmind-license-key.age
+secrets/makanek-retiolum-privateKey-rsa.age
+secrets/spotify-username.age
+secrets/onlyoffice-jwt-key.age
+secrets/miniflux-credentials.age
+secrets/email-password-fsklassp.age
+secrets/kabsa-retiolum-privateKey-rsa.age
+secrets/traadfri-key.age
+secrets/tahina-retiolum-privateKey-rsa.age
+secrets/makanek-retiolum-privateKey-ed25519.age
+secrets/zaatar-retiolum-privateKey-rsa.age
+secrets/kabsa-specus-privateKey.age
+secrets/nextcloud-password-kieran.age
+secrets/ful-root.age
+secrets/manakish-syncthing-key.age
+secrets/email-password-dslalewa.age
+secrets/zaatar-moodle-dl-tokens.json.age
+secrets/tabula-retiolum-privateKey-ed25519.age
+secrets/tahina-retiolum-privateKey-ed25519.age
+secrets/cifs-credentials-hu-berlin.age
+secrets/kabsa-syncthing-key.age
+secrets/ful-retiolum-privateKey-rsa.age
+secrets/ful-retiolum-privateKey-ed25519.age
+secrets/zaatar-syncthing-key.age
+secrets/openweathermap-api-key.age
+secrets/secrets.nix
+secrets/email-password-cock.age
+secrets/telegram-token-nachtischsatan.age
+secrets/kabsa-syncthing-cert.age
+secrets/grafana-password-admin.age
+secrets/email-password-posteo.age
+secrets/manakish-retiolum-privateKey-ed25519.age
+secrets/restic.age
+secrets/home-assistant-token.age
+secrets/zaatar-syncthing-cert.age
+secrets/nextcloud-password-database.age
+secrets/telegram-token-menstruation.age
+secrets/alertmanager-token-reporters.age
+secrets/ful-specus-privateKey.age
+secrets/nextcloud-password-fysi.age
+secrets/weechat-sec.conf.age
+secrets/telegram-token-proverb.age