feat(nix): Use passthru for shells and return to importing the scripts
All checks were successful
Check workflows / check_workflows (push) Successful in 23s
Build all the nodes / bridge01 (push) Successful in 1m7s
Build all the nodes / geo02 (push) Successful in 1m6s
Build all the nodes / geo01 (push) Successful in 1m8s
Build all the nodes / rescue01 (push) Successful in 1m13s
Build all the nodes / compute01 (push) Successful in 1m29s
Build all the nodes / storage01 (push) Successful in 1m9s
Run pre-commit on all files / check (push) Successful in 24s
Build all the nodes / vault01 (push) Successful in 1m13s
Build all the nodes / web02 (push) Successful in 1m12s
Build all the nodes / web03 (push) Successful in 1m17s
Build all the nodes / web01 (push) Successful in 1m49s
All checks were successful
Check workflows / check_workflows (push) Successful in 23s
Build all the nodes / bridge01 (push) Successful in 1m7s
Build all the nodes / geo02 (push) Successful in 1m6s
Build all the nodes / geo01 (push) Successful in 1m8s
Build all the nodes / rescue01 (push) Successful in 1m13s
Build all the nodes / compute01 (push) Successful in 1m29s
Build all the nodes / storage01 (push) Successful in 1m9s
Run pre-commit on all files / check (push) Successful in 24s
Build all the nodes / vault01 (push) Successful in 1m13s
Build all the nodes / web02 (push) Successful in 1m12s
Build all the nodes / web03 (push) Successful in 1m17s
Build all the nodes / web01 (push) Successful in 1m49s
This commit is contained in:
parent
6fbda40e5e
commit
bf06d2573b
11 changed files with 56 additions and 56 deletions
|
@ -4,7 +4,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Check the validity of the DNS configuration
|
- name: Check the validity of the DNS configuration
|
||||||
run: nix-build meta/verify.nix -A dns --no-out-link
|
run: nix-build meta/verify.nix -A dns
|
||||||
check_meta:
|
check_meta:
|
||||||
runs-on: nix
|
runs-on: nix
|
||||||
steps:
|
steps:
|
||||||
|
|
|
@ -4,7 +4,8 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Check that the workflows are up to date
|
- name: Check that the workflows are up to date
|
||||||
run: nix-shell --run '[ $(git status --porcelain | wc -l) -eq 0 ]'
|
run: nix-shell -A check-workflows --run '[ $(git status --porcelain | wc -l)
|
||||||
|
-eq 0 ]'
|
||||||
name: Check workflows
|
name: Check workflows
|
||||||
'on':
|
'on':
|
||||||
pull_request:
|
pull_request:
|
||||||
|
|
|
@ -9,7 +9,7 @@ jobs:
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
||||||
STORE_USER: admin
|
STORE_USER: admin
|
||||||
name: Build and cache bridge01
|
name: Build and cache bridge01
|
||||||
run: nix-shell --run cache-node
|
run: nix-shell -A eval-nodes --run cache-node
|
||||||
compute01:
|
compute01:
|
||||||
runs-on: nix
|
runs-on: nix
|
||||||
steps:
|
steps:
|
||||||
|
@ -20,7 +20,7 @@ jobs:
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
||||||
STORE_USER: admin
|
STORE_USER: admin
|
||||||
name: Build and cache compute01
|
name: Build and cache compute01
|
||||||
run: nix-shell --run cache-node
|
run: nix-shell -A eval-nodes --run cache-node
|
||||||
geo01:
|
geo01:
|
||||||
runs-on: nix
|
runs-on: nix
|
||||||
steps:
|
steps:
|
||||||
|
@ -31,7 +31,7 @@ jobs:
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
||||||
STORE_USER: admin
|
STORE_USER: admin
|
||||||
name: Build and cache geo01
|
name: Build and cache geo01
|
||||||
run: nix-shell --run cache-node
|
run: nix-shell -A eval-nodes --run cache-node
|
||||||
geo02:
|
geo02:
|
||||||
runs-on: nix
|
runs-on: nix
|
||||||
steps:
|
steps:
|
||||||
|
@ -42,7 +42,7 @@ jobs:
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
||||||
STORE_USER: admin
|
STORE_USER: admin
|
||||||
name: Build and cache geo02
|
name: Build and cache geo02
|
||||||
run: nix-shell --run cache-node
|
run: nix-shell -A eval-nodes --run cache-node
|
||||||
rescue01:
|
rescue01:
|
||||||
runs-on: nix
|
runs-on: nix
|
||||||
steps:
|
steps:
|
||||||
|
@ -53,7 +53,7 @@ jobs:
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
||||||
STORE_USER: admin
|
STORE_USER: admin
|
||||||
name: Build and cache rescue01
|
name: Build and cache rescue01
|
||||||
run: nix-shell --run cache-node
|
run: nix-shell -A eval-nodes --run cache-node
|
||||||
storage01:
|
storage01:
|
||||||
runs-on: nix
|
runs-on: nix
|
||||||
steps:
|
steps:
|
||||||
|
@ -64,7 +64,7 @@ jobs:
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
||||||
STORE_USER: admin
|
STORE_USER: admin
|
||||||
name: Build and cache storage01
|
name: Build and cache storage01
|
||||||
run: nix-shell --run cache-node
|
run: nix-shell -A eval-nodes --run cache-node
|
||||||
vault01:
|
vault01:
|
||||||
runs-on: nix
|
runs-on: nix
|
||||||
steps:
|
steps:
|
||||||
|
@ -75,7 +75,7 @@ jobs:
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
||||||
STORE_USER: admin
|
STORE_USER: admin
|
||||||
name: Build and cache vault01
|
name: Build and cache vault01
|
||||||
run: nix-shell --run cache-node
|
run: nix-shell -A eval-nodes --run cache-node
|
||||||
web01:
|
web01:
|
||||||
runs-on: nix
|
runs-on: nix
|
||||||
steps:
|
steps:
|
||||||
|
@ -86,7 +86,7 @@ jobs:
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
||||||
STORE_USER: admin
|
STORE_USER: admin
|
||||||
name: Build and cache web01
|
name: Build and cache web01
|
||||||
run: nix-shell --run cache-node
|
run: nix-shell -A eval-nodes --run cache-node
|
||||||
web02:
|
web02:
|
||||||
runs-on: nix
|
runs-on: nix
|
||||||
steps:
|
steps:
|
||||||
|
@ -97,7 +97,7 @@ jobs:
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
||||||
STORE_USER: admin
|
STORE_USER: admin
|
||||||
name: Build and cache web02
|
name: Build and cache web02
|
||||||
run: nix-shell --run cache-node
|
run: nix-shell -A eval-nodes --run cache-node
|
||||||
web03:
|
web03:
|
||||||
runs-on: nix
|
runs-on: nix
|
||||||
steps:
|
steps:
|
||||||
|
@ -108,7 +108,7 @@ jobs:
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
||||||
STORE_USER: admin
|
STORE_USER: admin
|
||||||
name: Build and cache web03
|
name: Build and cache web03
|
||||||
run: nix-shell --run cache-node
|
run: nix-shell -A eval-nodes --run cache-node
|
||||||
name: Build all the nodes
|
name: Build all the nodes
|
||||||
'on':
|
'on':
|
||||||
pull_request:
|
pull_request:
|
||||||
|
|
|
@ -4,8 +4,8 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Run pre-commit on all files
|
- name: Run pre-commit on all files
|
||||||
run: nix-shell --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure'
|
run: nix-shell -A pre-commit --run 'pre-commit run --all-files --hook-stage
|
||||||
-A shells.pre-commit ./.
|
pre-push --show-diff-on-failure'
|
||||||
name: Run pre-commit on all files
|
name: Run pre-commit on all files
|
||||||
'on':
|
'on':
|
||||||
- push
|
- push
|
||||||
|
|
51
default.nix
51
default.nix
|
@ -43,6 +43,7 @@
|
||||||
let
|
let
|
||||||
inherit (pkgs.lib)
|
inherit (pkgs.lib)
|
||||||
isFunction
|
isFunction
|
||||||
|
mapAttrs
|
||||||
mapAttrs'
|
mapAttrs'
|
||||||
nameValuePair
|
nameValuePair
|
||||||
removeSuffix
|
removeSuffix
|
||||||
|
@ -88,6 +89,8 @@ let
|
||||||
)
|
)
|
||||||
) (builtins.readDir ./workflows);
|
) (builtins.readDir ./workflows);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
scripts = import ./scripts { inherit pkgs; };
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -99,37 +102,35 @@ in
|
||||||
|
|
||||||
mkCacheSettings = import ./machines/storage01/tvix-cache/cache-settings.nix;
|
mkCacheSettings = import ./machines/storage01/tvix-cache/cache-settings.nix;
|
||||||
|
|
||||||
shells = {
|
devShell = pkgs.mkShell {
|
||||||
default = pkgs.mkShell {
|
name = "dgnum-infra";
|
||||||
name = "dgnum-infra";
|
|
||||||
|
|
||||||
packages = [
|
packages = [
|
||||||
(pkgs.nixos-generators.overrideAttrs (_: {
|
(pkgs.nixos-generators.overrideAttrs (_: {
|
||||||
version = "1.8.0-unstable";
|
version = "1.8.0-unstable";
|
||||||
src = builtins.storePath sources.nixos-generators;
|
src = sources.nixos-generators;
|
||||||
}))
|
}))
|
||||||
pkgs.npins
|
pkgs.npins
|
||||||
|
|
||||||
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })
|
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })
|
||||||
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
||||||
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
|
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
|
||||||
|
] ++ (builtins.attrValues scripts);
|
||||||
|
|
||||||
] ++ (pkgs.callPackage ./scripts { });
|
shellHook = ''
|
||||||
|
${git-checks.shellHook}
|
||||||
|
${workflows.shellHook}
|
||||||
|
'';
|
||||||
|
|
||||||
shellHook = ''
|
preferLocalBuild = true;
|
||||||
${git-checks.shellHook}
|
|
||||||
${workflows.shellHook}
|
|
||||||
'';
|
|
||||||
|
|
||||||
preferLocalBuild = true;
|
###
|
||||||
};
|
# Alternative shells
|
||||||
|
|
||||||
pre-commit = pkgs.mkShell {
|
passthru = mapAttrs (name: value: pkgs.mkShell (value // { inherit name; })) {
|
||||||
name = "pre-commit-shell";
|
pre-commit.shellHook = git-checks.shellHook;
|
||||||
|
check-workflows.shellHook = workflows.shellHook;
|
||||||
shellHook = ''
|
eval-nodes.packages = [ scripts.cache-node ];
|
||||||
${git-checks.shellHook}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,16 +1,14 @@
|
||||||
{
|
{ pkgs }:
|
||||||
lib,
|
|
||||||
writeShellApplication,
|
|
||||||
|
|
||||||
# Dependencies
|
|
||||||
colmena,
|
|
||||||
jq,
|
|
||||||
nvd,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib) mapAttrsToList;
|
inherit (pkgs.lib) mapAttrs;
|
||||||
|
|
||||||
|
inherit (pkgs)
|
||||||
|
writeShellApplication
|
||||||
|
colmena
|
||||||
|
jq
|
||||||
|
nvd
|
||||||
|
;
|
||||||
|
|
||||||
scripts = {
|
scripts = {
|
||||||
cache-node = [ colmena ];
|
cache-node = [ colmena ];
|
||||||
|
@ -24,7 +22,7 @@ let
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
|
|
||||||
mapAttrsToList (
|
mapAttrs (
|
||||||
name: runtimeInputs:
|
name: runtimeInputs:
|
||||||
writeShellApplication {
|
writeShellApplication {
|
||||||
inherit name runtimeInputs;
|
inherit name runtimeInputs;
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
(import ./. { }).shells.default
|
(import ./. { }).devShell
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
{ uses = "actions/checkout@v3"; }
|
{ uses = "actions/checkout@v3"; }
|
||||||
{
|
{
|
||||||
name = "Check the validity of the DNS configuration";
|
name = "Check the validity of the DNS configuration";
|
||||||
run = "nix-build meta/verify.nix -A dns --no-out-link";
|
run = "nix-build meta/verify.nix -A dns";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
{ uses = "actions/checkout@v3"; }
|
{ uses = "actions/checkout@v3"; }
|
||||||
{
|
{
|
||||||
name = "Check that the workflows are up to date";
|
name = "Check that the workflows are up to date";
|
||||||
run = "nix-shell --run '[ $(git status --porcelain | wc -l) -eq 0 ]'";
|
run = "nix-shell -A check-workflows --run '[ $(git status --porcelain | wc -l) -eq 0 ]'";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -19,7 +19,7 @@ in
|
||||||
{ uses = "actions/checkout@v3"; }
|
{ uses = "actions/checkout@v3"; }
|
||||||
{
|
{
|
||||||
name = "Build and cache ${node}";
|
name = "Build and cache ${node}";
|
||||||
run = "nix-shell --run cache-node";
|
run = "nix-shell -A eval-nodes --run cache-node";
|
||||||
env = {
|
env = {
|
||||||
STORE_ENDPOINT = "https://tvix-store.dgnum.eu/infra-signing/";
|
STORE_ENDPOINT = "https://tvix-store.dgnum.eu/infra-signing/";
|
||||||
STORE_USER = "admin";
|
STORE_USER = "admin";
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
{ uses = "actions/checkout@v3"; }
|
{ uses = "actions/checkout@v3"; }
|
||||||
{
|
{
|
||||||
name = "Run pre-commit on all files";
|
name = "Run pre-commit on all files";
|
||||||
run = "nix-shell --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure' -A shells.pre-commit ./.";
|
run = "nix-shell -A pre-commit --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure'";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue