DGNum/infrastructure
13
6
Fork 3
Code Issues 20 Pull requests 9 Projects 1 Releases Packages Wiki Activity Actions 1

feat(nix): Use passthru for shells and return to importing the scripts
All checks were successful
Check workflows / check_workflows (push) Successful in 23s
Details
Build all the nodes / bridge01 (push) Successful in 1m7s
Details
Build all the nodes / geo02 (push) Successful in 1m6s
Details
Build all the nodes / geo01 (push) Successful in 1m8s
Details
Build all the nodes / rescue01 (push) Successful in 1m13s
Details
Build all the nodes / compute01 (push) Successful in 1m29s
Details
Build all the nodes / storage01 (push) Successful in 1m9s
Details
Run pre-commit on all files / check (push) Successful in 24s
Details
Build all the nodes / vault01 (push) Successful in 1m13s
Details
Build all the nodes / web02 (push) Successful in 1m12s
Details
Build all the nodes / web03 (push) Successful in 1m17s
Details
Build all the nodes / web01 (push) Successful in 1m49s
Details

Browse source
This commit is contained in:
Tom Hubrecht 2024-11-14 22:18:40 +01:00
parent 6fbda40e5e
commit bf06d2573b
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
11 changed files with 56 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.forgejo/workflows/check-meta.yaml
View file

@ -4,7 +4,7 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Check the validity of the DNS configuration
run: nix-build meta/verify.nix -A dns --no-out-link
run: nix-build meta/verify.nix -A dns
check_meta:
runs-on: nix
steps:

3
.forgejo/workflows/check-workflows.yaml
View file

@ -4,7 +4,8 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Check that the workflows are up to date
run: nix-shell --run '[ $(git status --porcelain | wc -l) -eq 0 ]'
run: nix-shell -A check-workflows --run '[ $(git status --porcelain | wc -l)
-eq 0 ]'
name: Check workflows
'on':
pull_request:

20
.forgejo/workflows/eval-nodes.yaml
View file

@ -9,7 +9,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache bridge01
run: nix-shell --run cache-node
run: nix-shell -A eval-nodes --run cache-node
compute01:
runs-on: nix
steps:
@ -20,7 +20,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache compute01
run: nix-shell --run cache-node
run: nix-shell -A eval-nodes --run cache-node
geo01:
runs-on: nix
steps:
@ -31,7 +31,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache geo01
run: nix-shell --run cache-node
run: nix-shell -A eval-nodes --run cache-node
geo02:
runs-on: nix
steps:
@ -42,7 +42,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache geo02
run: nix-shell --run cache-node
run: nix-shell -A eval-nodes --run cache-node
rescue01:
runs-on: nix
steps:
@ -53,7 +53,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache rescue01
run: nix-shell --run cache-node
run: nix-shell -A eval-nodes --run cache-node
storage01:
runs-on: nix
steps:
@ -64,7 +64,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache storage01
run: nix-shell --run cache-node
run: nix-shell -A eval-nodes --run cache-node
vault01:
runs-on: nix
steps:
@ -75,7 +75,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache vault01
run: nix-shell --run cache-node
run: nix-shell -A eval-nodes --run cache-node
web01:
runs-on: nix
steps:
@ -86,7 +86,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache web01
run: nix-shell --run cache-node
run: nix-shell -A eval-nodes --run cache-node
web02:
runs-on: nix
steps:
@ -97,7 +97,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache web02
run: nix-shell --run cache-node
run: nix-shell -A eval-nodes --run cache-node
web03:
runs-on: nix
steps:
@ -108,7 +108,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache web03
run: nix-shell --run cache-node
run: nix-shell -A eval-nodes --run cache-node
name: Build all the nodes
'on':
pull_request:

4
.forgejo/workflows/pre-commit.yaml
View file

@ -4,8 +4,8 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Run pre-commit on all files
run: nix-shell --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure'
-A shells.pre-commit ./.
run: nix-shell -A pre-commit --run 'pre-commit run --all-files --hook-stage
pre-push --show-diff-on-failure'
name: Run pre-commit on all files
'on':
- push

51
default.nix
View file

@ -43,6 +43,7 @@
let
inherit (pkgs.lib)
isFunction
mapAttrs
mapAttrs'
nameValuePair
removeSuffix
@ -88,6 +89,8 @@ let
)
) (builtins.readDir ./workflows);
};
scripts = import ./scripts { inherit pkgs; };
in
{
@ -99,37 +102,35 @@ in
mkCacheSettings = import ./machines/storage01/tvix-cache/cache-settings.nix;
shells = {
default = pkgs.mkShell {
name = "dgnum-infra";
devShell = pkgs.mkShell {
name = "dgnum-infra";
packages = [
(pkgs.nixos-generators.overrideAttrs (_: {
version = "1.8.0-unstable";
src = builtins.storePath sources.nixos-generators;
}))
pkgs.npins
packages = [
(pkgs.nixos-generators.overrideAttrs (_: {
version = "1.8.0-unstable";
src = sources.nixos-generators;
}))
pkgs.npins
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
] ++ (builtins.attrValues scripts);
] ++ (pkgs.callPackage ./scripts { });
shellHook = ''
${git-checks.shellHook}
${workflows.shellHook}
'';
shellHook = ''
${git-checks.shellHook}
${workflows.shellHook}
'';
preferLocalBuild = true;
preferLocalBuild = true;
};
###
# Alternative shells
pre-commit = pkgs.mkShell {
name = "pre-commit-shell";
shellHook = ''
${git-checks.shellHook}
'';
passthru = mapAttrs (name: value: pkgs.mkShell (value // { inherit name; })) {
pre-commit.shellHook = git-checks.shellHook;
check-workflows.shellHook = workflows.shellHook;
eval-nodes.packages = [ scripts.cache-node ];
};
};
}

22
scripts/default.nix
View file

@ -1,16 +1,14 @@
{
lib,
writeShellApplication,
# Dependencies
colmena,
jq,
nvd,
...
}:
{ pkgs }:
let
inherit (lib) mapAttrsToList;
inherit (pkgs.lib) mapAttrs;
inherit (pkgs)
writeShellApplication
colmena
jq
nvd
;
scripts = {
cache-node = [ colmena ];
@ -24,7 +22,7 @@ let
};
in
mapAttrsToList (
mapAttrs (
name: runtimeInputs:
writeShellApplication {
inherit name runtimeInputs;

2
shell.nix
View file

@ -1 +1 @@
(import ./. { }).shells.default
(import ./. { }).devShell

2
workflows/check-meta.nix
View file

@ -23,7 +23,7 @@
{ uses = "actions/checkout@v3"; }
{
name = "Check the validity of the DNS configuration";
run = "nix-build meta/verify.nix -A dns --no-out-link";
run = "nix-build meta/verify.nix -A dns";
}
];
};

2
workflows/check-workflows.nix
View file

@ -12,7 +12,7 @@
{ uses = "actions/checkout@v3"; }
{
name = "Check that the workflows are up to date";
run = "nix-shell --run '[ $(git status --porcelain | wc -l) -eq 0 ]'";
run = "nix-shell -A check-workflows --run '[ $(git status --porcelain | wc -l) -eq 0 ]'";
}
];
};

2
workflows/eval-nodes.nix
View file

@ -19,7 +19,7 @@ in
{ uses = "actions/checkout@v3"; }
{
name = "Build and cache ${node}";
run = "nix-shell --run cache-node";
run = "nix-shell -A eval-nodes --run cache-node";
env = {
STORE_ENDPOINT = "https://tvix-store.dgnum.eu/infra-signing/";
STORE_USER = "admin";

2
workflows/pre-commit.nix
View file

@ -11,7 +11,7 @@
{ uses = "actions/checkout@v3"; }
{
name = "Run pre-commit on all files";
run = "nix-shell --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure' -A shells.pre-commit ./.";
run = "nix-shell -A pre-commit --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure'";
}
];
};