DGNum/infrastructure
12
6
Fork 3
Code Issues 17 Pull requests 30 Projects 1 Releases Packages Wiki Activity Actions

Compare commits

base: DGNum:main
Branches Tags
DGNum:main
DGNum:calculus01
DGNum:npins-update-fixes
DGNum:testing02
DGNum:npins-updates/cas-eleves
DGNum:refactor_cas_eleves
DGNum:npins-updates/nixos-unstable
DGNum:npins-updates/nixpkgs
DGNum:npins-updates/nixos-24.11
DGNum:npins-updates/wp4nix
DGNum:npins-updates/nixos-24.05
DGNum:npins-updates/proxmox-nixos
DGNum:npins-updates/nixos-generators
DGNum:npins-updates/nix-pkgs
DGNum:npins-updates/nix-modules
DGNum:npins-updates/nix-actions
DGNum:npins-updates/lix
DGNum:npins-updates/lix-module
DGNum:npins-updates/liminix
DGNum:npins-updates/git-hooks
DGNum:npins-updates/disko
DGNum:npins-updates/colmena
DGNum:npins-updates/cgroup-exporter
DGNum:extranix-fix
DGNum:npins-update
DGNum:tower01
DGNum:search-infra
DGNum:web02
DGNum:django-backups
DGNum:hypervisor
DGNum:pretalx
DGNum:cas-redirection
DGNum:hypervisors
DGNum:meta_rework
DGNum:sleep-uk
DGNum:reuse
DGNum:doc
DGNum:mdDoc-removal
DGNum:collabora-online
DGNum:logrotate
DGNum:cgroup-exporting
DGNum:ap01-vlan
DGNum:liminix-test
DGNum:crabfit-padding
DGNum:generalized-evaluation
DGNum:colmena-liminx-ng
DGNum:dns-lab
DGNum:nixpkgs--
DGNum:lix-patched
DGNum:web01
DGNum:declarative-buckets
DGNum:victoria-metrics
DGNum:mattermost
DGNum:init-dgnum-page
DGNum:takumi-can-do-ollama
DGNum:ds-fr
DGNum:colmena-liminix
..
compare: DGNum:search-infra
Branches Tags
DGNum:calculus01
DGNum:main
DGNum:npins-update-fixes
DGNum:testing02
DGNum:npins-updates/cas-eleves
DGNum:refactor_cas_eleves
DGNum:npins-updates/nixos-unstable
DGNum:npins-updates/nixpkgs
DGNum:npins-updates/nixos-24.11
DGNum:npins-updates/wp4nix
DGNum:npins-updates/nixos-24.05
DGNum:npins-updates/proxmox-nixos
DGNum:npins-updates/nixos-generators
DGNum:npins-updates/nix-pkgs
DGNum:npins-updates/nix-modules
DGNum:npins-updates/nix-actions
DGNum:npins-updates/lix
DGNum:npins-updates/lix-module
DGNum:npins-updates/liminix
DGNum:npins-updates/git-hooks
DGNum:npins-updates/disko
DGNum:npins-updates/colmena
DGNum:npins-updates/cgroup-exporter
DGNum:extranix-fix
DGNum:npins-update
DGNum:tower01
DGNum:search-infra
DGNum:web02
DGNum:django-backups
DGNum:hypervisor
DGNum:pretalx
DGNum:cas-redirection
DGNum:hypervisors
DGNum:meta_rework
DGNum:sleep-uk
DGNum:reuse
DGNum:doc
DGNum:mdDoc-removal
DGNum:collabora-online
DGNum:logrotate
DGNum:cgroup-exporting
DGNum:ap01-vlan
DGNum:liminix-test
DGNum:crabfit-padding
DGNum:generalized-evaluation
DGNum:colmena-liminx-ng
DGNum:dns-lab
DGNum:nixpkgs--
DGNum:lix-patched
DGNum:web01
DGNum:declarative-buckets
DGNum:victoria-metrics
DGNum:mattermost
DGNum:init-dgnum-page
DGNum:takumi-can-do-ollama
DGNum:ds-fr
DGNum:colmena-liminix

No commits in common. "main" and "search-infra" have entirely different histories.
main ... search-inf

23 changed files with 284 additions and 1459 deletions
Show stats Expand all files Collapse all files

11
.forgejo/workflows/eval-nodes.yaml
View file

@ -120,17 +120,6 @@ jobs:
STORE_USER: admin
name: Build and cache storage01
run: nix-shell -A eval-nodes --run cache-node
tower01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- env:
BUILD_NODE: tower01
STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache tower01
run: nix-shell -A eval-nodes --run cache-node
vault01:
runs-on: nix
steps:

917
.forgejo/workflows/npins-update.yaml
View file

@ -1,10 +1,5 @@
env:
GIT_AUTHOR_EMAIL: chores@mail.hubrecht.ovh
GIT_AUTHOR_NAME: HT Chores
GIT_COMMITTER_EMAIL: chores@mail.hubrecht.ovh
GIT_COMMITTER_NAME: HT Chores
jobs:
agenix:
npins_update:
runs-on: nix
steps:
- uses: actions/checkout@v3
@ -12,898 +7,22 @@ jobs:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/agenix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update agenix'
GIT_UPDATE_BRANCH: npins-updates/agenix
name: Open a PR if updates are present
run: "npins update agenix\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
arkheon:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/arkheon
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update arkheon'
GIT_UPDATE_BRANCH: npins-updates/arkheon
name: Open a PR if updates are present
run: "npins update arkheon\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
cas-eleves:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/cas-eleves
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update cas-eleves'
GIT_UPDATE_BRANCH: npins-updates/cas-eleves
name: Open a PR if updates are present
run: "npins update cas-eleves\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
cgroup-exporter:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/cgroup-exporter
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update cgroup-exporter'
GIT_UPDATE_BRANCH: npins-updates/cgroup-exporter
name: Open a PR if updates are present
run: "npins update cgroup-exporter\n\nif [ ! -z \"$(git diff --name-only)\"
]; then\n echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\
\n if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
colmena:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/colmena
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update colmena'
GIT_UPDATE_BRANCH: npins-updates/colmena
name: Open a PR if updates are present
run: "npins update colmena\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
dgsi:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/dgsi
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update dgsi'
GIT_UPDATE_BRANCH: npins-updates/dgsi
name: Open a PR if updates are present
run: "npins update dgsi\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n \
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n \
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
disko:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/disko
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update disko'
GIT_UPDATE_BRANCH: npins-updates/disko
name: Open a PR if updates are present
run: "npins update disko\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
dns_nix:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/dns.nix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update dns.nix'
GIT_UPDATE_BRANCH: npins-updates/dns.nix
name: Open a PR if updates are present
run: "npins update dns.nix\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
git-hooks:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/git-hooks
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update git-hooks'
GIT_UPDATE_BRANCH: npins-updates/git-hooks
name: Open a PR if updates are present
run: "npins update git-hooks\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
kadenios:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/kadenios
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update kadenios'
GIT_UPDATE_BRANCH: npins-updates/kadenios
name: Open a PR if updates are present
run: "npins update kadenios\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
kahulm:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/kahulm
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update kahulm'
GIT_UPDATE_BRANCH: npins-updates/kahulm
name: Open a PR if updates are present
run: "npins update kahulm\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
liminix:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/liminix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update liminix'
GIT_UPDATE_BRANCH: npins-updates/liminix
name: Open a PR if updates are present
run: "npins update liminix\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
linkal:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/linkal
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update linkal'
GIT_UPDATE_BRANCH: npins-updates/linkal
name: Open a PR if updates are present
run: "npins update linkal\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
lix:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/lix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update lix'
GIT_UPDATE_BRANCH: npins-updates/lix
name: Open a PR if updates are present
run: "npins update lix\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n echo
\"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n if [ -n
\"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n git push
--force\n else\n git commit --message \"$COMMIT_MESSAGE\"\n git push
-u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the server with the
cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
lix-module:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/lix-module
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update lix-module'
GIT_UPDATE_BRANCH: npins-updates/lix-module
name: Open a PR if updates are present
run: "npins update lix-module\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
lon:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/lon
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update lon'
GIT_UPDATE_BRANCH: npins-updates/lon
name: Open a PR if updates are present
run: "npins update lon\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n echo
\"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n if [ -n
\"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n git push
--force\n else\n git commit --message \"$COMMIT_MESSAGE\"\n git push
-u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the server with the
cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
metis:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/metis
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update metis'
GIT_UPDATE_BRANCH: npins-updates/metis
name: Open a PR if updates are present
run: "npins update metis\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
microvm_nix:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/microvm.nix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update microvm.nix'
GIT_UPDATE_BRANCH: npins-updates/microvm.nix
name: Open a PR if updates are present
run: "npins update microvm.nix\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
nix-actions:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nix-actions
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nix-actions'
GIT_UPDATE_BRANCH: npins-updates/nix-actions
name: Open a PR if updates are present
run: "npins update nix-actions\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
nix-modules:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nix-modules
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nix-modules'
GIT_UPDATE_BRANCH: npins-updates/nix-modules
name: Open a PR if updates are present
run: "npins update nix-modules\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
nix-pkgs:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nix-pkgs
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nix-pkgs'
GIT_UPDATE_BRANCH: npins-updates/nix-pkgs
name: Open a PR if updates are present
run: "npins update nix-pkgs\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
nix-reuse:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nix-reuse
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nix-reuse'
GIT_UPDATE_BRANCH: npins-updates/nix-reuse
name: Open a PR if updates are present
run: "npins update nix-reuse\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
nixos-24_05:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nixos-24.05
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nixos-24.05'
GIT_UPDATE_BRANCH: npins-updates/nixos-24.05
name: Open a PR if updates are present
run: "npins update nixos-24.05\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
nixos-24_11:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nixos-24.11
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nixos-24.11'
GIT_UPDATE_BRANCH: npins-updates/nixos-24.11
name: Open a PR if updates are present
run: "npins update nixos-24.11\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
nixos-generators:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nixos-generators
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nixos-generators'
GIT_UPDATE_BRANCH: npins-updates/nixos-generators
name: Open a PR if updates are present
run: "npins update nixos-generators\n\nif [ ! -z \"$(git diff --name-only)\"\
\ ]; then\n echo \"[+] Changes detected, pushing updates.\"\n\n git add
npins\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
nixos-unstable:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nixos-unstable
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nixos-unstable'
GIT_UPDATE_BRANCH: npins-updates/nixos-unstable
name: Open a PR if updates are present
run: "npins update nixos-unstable\n\nif [ ! -z \"$(git diff --name-only)\" ];
then\n echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\
\n if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
nixpkgs:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nixpkgs
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nixpkgs'
GIT_UPDATE_BRANCH: npins-updates/nixpkgs
name: Open a PR if updates are present
run: "npins update nixpkgs\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
proxmox-nixos:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/proxmox-nixos
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update proxmox-nixos'
GIT_UPDATE_BRANCH: npins-updates/proxmox-nixos
name: Open a PR if updates are present
run: "npins update proxmox-nixos\n\nif [ ! -z \"$(git diff --name-only)\" ];
then\n echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\
\n if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
signal-irc-bridge:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/signal-irc-bridge
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update signal-irc-bridge'
GIT_UPDATE_BRANCH: npins-updates/signal-irc-bridge
name: Open a PR if updates are present
run: "npins update signal-irc-bridge\n\nif [ ! -z \"$(git diff --name-only)\"\
\ ]; then\n echo \"[+] Changes detected, pushing updates.\"\n\n git add
npins\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
stateless-uptime-kuma:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/stateless-uptime-kuma
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update stateless-uptime-kuma'
GIT_UPDATE_BRANCH: npins-updates/stateless-uptime-kuma
name: Open a PR if updates are present
run: "npins update stateless-uptime-kuma\n\nif [ ! -z \"$(git diff --name-only)\"\
\ ]; then\n echo \"[+] Changes detected, pushing updates.\"\n\n git add
npins\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
wp4nix:
runs-on: nix
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/wp4nix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update wp4nix'
GIT_UPDATE_BRANCH: npins-updates/wp4nix
name: Open a PR if updates are present
run: "npins update wp4nix\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n\
\ echo \"[+] Changes detected, pushing updates.\"\n\n git add npins\n\n\
\ if [ -n \"$EXISTING_BRANCH\" ]; then\n git commit --amend --no-edit\n\
\ git push --force\n else\n git commit --message \"$COMMIT_MESSAGE\"\
\n git push -u origin \"$GIT_UPDATE_BRANCH\"\n fi\n\n # Connect to the
server with the cli\n tea login add -n dgnum-chores -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" -u https://git.dgnum.eu\n\n # Create a pull request if needed\n # i.e.
no PR with the same title exists\n if [ -z $(tea pr ls -f='title,author'
-o simple | grep \"$COMMIT_MESSAGE dgnum-chores\") ]; then\n tea pr create
--description \"Automatic npins update\" --title \"$COMMIT_MESSAGE\" --head
\"$GIT_UPDATE_BRANCH\"\n fi\nfi\n"
name: Update dependencies
GIT_AUTHOR_EMAIL: tech@dgnum.eu
GIT_AUTHOR_NAME: DGNum Chores
GIT_COMMITTER_EMAIL: tech@dgnum.eu
GIT_COMMITTER_NAME: DGNum Chores
name: Update dependencies and open PR if necessary
run: "npins update\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n echo
\"[+] Changes detected, pushing updates.\"\n\n git switch -C npins-update\n\
\n git add npins\n\n git commit --message \"chore(npins): Update\"\n git
push --set-upstream origin npins-update --force\n\n # Connect to the server
with the cli\n tea login add \\\n -n dgnum-chores \\\n -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN
}}\" \\\n -u https://git.dgnum.eu\n\n # Create a pull request if needed\n\
\ # i.e. no PR with the same title exists\n if [ -z \"$(tea pr ls -f='title,author'
-o simple | grep 'chore(npins): Update dgnum-chores')\" ]; then\n tea pr
create \\\n --description \"Automatic npins update\" \\\n --title
\"chore(npins): Update\" \\\n --head npins-update\n fi\nfi\n"
name: npins update
on:
schedule:
- cron: 5 16 * * 6
- cron: 25 15 * * *

9
keys/default.nix
View file

@ -5,9 +5,7 @@
let
_sources = import ../npins;
inherit (import _sources.nixpkgs { }) lib;
meta = import ../meta lib;
meta = import ../meta (import _sources.nixpkgs { }).lib;
getAttr = flip builtins.getAttr;
@ -34,7 +32,6 @@ rec {
];
rescue01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJa02Annu8o7ggPjTH/9ttotdNGyghlWfU9E8pnuLUf" ];
storage01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0s+rPcEcfWCqZ4B2oJiWT/60awOI8ijL1rtDM2glXZ" ];
tower01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVpR+TMRLGAfhn7Q0C3tKOydYYjfoC/e1ZYbKpby01Z" ];
vault01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJA6VA7LENvTRlKdcrqt8DxDOPvX3bg3Gjy9mNkdFEW" ];
web01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR+lewuJ/zhCyizJGJOH1UaAB699ItNKEaeuoK57LY5" ];
web02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX" ];
@ -101,8 +98,4 @@ rec {
# List of 'machine' keys
machineKeys = rootKeys ++ (getKeys (builtins.attrNames meta.nodes));
nixosMachineKeys =
rootKeys
++ (getKeys (builtins.attrNames (lib.filterAttrs (_: v: v.nixpkgs.system == "nixos") meta.nodes)));
}

2
machines/nixos/compute01/extranix/default.nix
View file

@ -92,7 +92,7 @@ in
title = "DGNum module documentation";
languageCode = "en-us";
params = {
release_current_stable = "DGNum-Infrastructure";
release_current_stable = "infra-DGNum";
logo = "images/dgnum.png";
footer_credits_line = ''
Based on <a href="https://github.com/mipmip/home-manager-option-search">Home Manager Option Search</a>

4
machines/nixos/storage01/garage.nix
View file

@ -62,9 +62,7 @@ in
db_engine = "lmdb";
consistency_mode = "consistent";
replication_factor = 1;
replication_mode = "none"; # TODO: deprecated
compression_level = 7;
rpc_bind_addr = "[::]:${toString ports.rpc}";

17
machines/nixos/tower01/_configuration.nix
View file

@ -1,17 +0,0 @@
# SPDX-FileCopyrightText: 2024 Elias Coppens <elias@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ lib, ... }:
lib.extra.mkConfig {
enabledModules = [ ];
enabledServices = [ ];
extraConfig = {
services.netbird.enable = true;
};
root = ./.;
}

120
machines/nixos/tower01/_hardware-configuration.nix
View file

@ -1,120 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [
"ehci_pci"
"ahci"
"mpt3sas"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
luks.devices = {
rootfs01 = {
device = "/dev/disk/by-label/rootfs01";
keyFile = "/dev/zero";
keyFileSize = 1;
};
rootfs02 = {
device = "/dev/disk/by-label/rootfs02";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0101 = {
device = "/dev/disk/by-label/slow0101";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0102 = {
device = "/dev/disk/by-label/slow0102";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0201 = {
device = "/dev/disk/by-label/slow0201";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0202 = {
device = "/dev/disk/by-label/slow0202";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0301 = {
device = "/dev/disk/by-label/slow0301";
keyFile = "/dev/zero";
keyFileSize = 1;
};
slow0302 = {
device = "/dev/disk/by-label/slow0302";
keyFile = "/dev/zero";
keyFileSize = 1;
};
};
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "rootfs";
fsType = "zfs";
};
# boot1 = boot partition (primary)
# boot2 = boot partition (backup)
"/boot1" = {
device = "/dev/disk/by-uuid/1965-5D59";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
"/boot2" = {
device = "/dev/disk/by-uuid/19C4-49E1";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
"/nix" = {
device = "rootfs/nix";
fsType = "zfs";
};
"/var" = {
device = "rootfs/var";
fsType = "zfs";
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/7614fa12-c6a7-456e-9620-eb9c0e025140"; }
{ device = "/dev/disk/by-uuid/eb0aef44-b264-4f94-b847-3ad5dcc19ffd"; }
];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

7
machines/nixos/tower01/secrets/secrets.nix
View file

@ -1,7 +0,0 @@
# SPDX-FileCopyrightText: 2024 La Délégation Générale Numérique <context@dgnum.eu>
#
# SPDX-License-Identifer: EUPL-1.2
(import ../../../../keys).mkSecrets [ "tower01" ] [
]

11
machines/nixos/vault01/networking.nix
View file

@ -58,10 +58,7 @@ let
LinkLocalAddressing = "no";
DHCPServer = "yes";
};
linkConfig = {
Promiscuous = true;
MTUBytes = 1500;
};
linkConfig.Promiscuous = true;
addresses = [
{
Address = "${servIP}/27";
@ -137,10 +134,7 @@ let
Id = 2001;
address = [ "10.0.254.1/24" ];
extraNetwork = {
networkConfig.DHCPServer = "yes";
linkConfig.MTUBytes = 1500;
};
extraNetwork.networkConfig.DHCPServer = "yes";
};
} // builtins.listToAttrs (map mkUserVlan userVlans);
in
@ -182,7 +176,6 @@ in
IPv6AcceptRA = false;
IPv6SendRA = false;
};
linkConfig.MTUBytes = 1504;
};
"50-gretap1" = {
name = "gretap1";

14
machines/nixos/web02/cas-eleves/default.nix
View file

@ -14,9 +14,6 @@ let
inherit (lib) mapAttrsToList;
host = "cas.eleves.ens.fr";
src = sources.cas-eleves;
port = 9889;
python3 =
@ -52,7 +49,7 @@ let
staticDrv = pkgs.stdenv.mkDerivation {
name = "cas_eleves-static";
inherit src;
src = sources.cas-eleves;
nativeBuildInputs = [ pythonEnv ];
@ -88,12 +85,13 @@ in
};
StateDirectory = "django-cas-eleves";
User = "cas_server";
WorkingDirectory = src;
WorkingDirectory = sources.cas-eleves;
};
environment = {
CE_ALLOWED_HOSTS = builtins.toJSON [
host
"cas-eleves.dgnum.eu"
"cas.eleves.ens.fr"
];
CE_STATIC_ROOT = staticDrv;
};
@ -101,8 +99,8 @@ in
path = [ pythonEnv ];
script = ''
python3 manage.py migrate
python3 manage.py loaddata patterns
python3 manage.py migrate
gunicorn app.wsgi --pythonpath ${sources.cas-eleves} -b 127.0.0.1:${builtins.toString port} --workers=2 --threads=4
'';
};
@ -120,7 +118,7 @@ in
};
StateDirectory = "django-cas-eleves";
User = "cas_server";
WorkingDirectory = src;
WorkingDirectory = sources.cas-eleves;
};
path = [ pythonEnv ];

23
meta/network.nix
View file

@ -189,29 +189,6 @@
netbirdIp = "100.80.156.154";
};
tower01 = {
interfaces = {
eno2 = {
ipv4 = [
{
address = "129.199.210.119";
prefixLength = 24;
}
];
gateways = [ "129.199.210.254" ];
dns = [
"129.199.96.11"
"129.199.72.99"
];
};
};
hostId = "7874d06e";
netbirdIp = "100.80.185.124";
};
vault01 = {
interfaces = {
vlan-uplink-cri = {

15
meta/nodes/nixos.nix
View file

@ -182,21 +182,6 @@
];
};
tower01 = {
site = "oik01";
hashedPassword = "$y$j9T$axihKDa.CrYcyoamJWxBq1$bl4TfropTrwLqMy6XK0DKkWRyx9b74kyI/ukE8X5iiD";
stateVersion = "24.11";
nixpkgs = {
version = "24.11";
system = "nixos";
};
admins = [ "ecoppens" ];
};
vault01 = {
site = "hyp01";
deployment.targetHost = "vault01.hyp01.infra.dgnum.eu";

9
modules/nixos/dgn-firewall/default.nix
View file

@ -3,9 +3,9 @@
# SPDX-License-Identifier: EUPL-1.2
{
config,
lib,
pkgs,
lib,
name,
...
}:
@ -13,7 +13,6 @@ let
inherit (lib)
concatStringsSep
length
optionalAttrs
replicate
splitString
;
@ -86,9 +85,7 @@ in
stop = [ (nft "delete table inet reaction") ];
streams = {
inherit (streams') ssh;
} // (optionalAttrs config.services.nginx.enable { inherit (streams') ai-crawlers; });
streams = streams'.default // (streams'.${name} or { });
};
};
}

71
modules/nixos/dgn-firewall/streams.nix
View file

@ -23,61 +23,28 @@ let
cmd = act "delete";
};
};
in
{
ai-crawlers = {
cmd = [
"tail"
"-n0"
"-f"
"/var/log/nginx/access.log"
];
available = {
ssh = {
cmd = journalctl "sshd";
filters.bots = {
regex = builtins.map (name: ''^<ip>.*"[^"]*${name}[^"]*"$'') [
"AI2Bot"
"Amazonbot"
"Applebot"
"Applebot-Extended"
"Bytespider"
"CCBot"
"ChatGPT-User"
"ClaudeBot"
"Diffbot"
"DuckAssistBot"
"FacebookBot"
"GPTBot"
"Google-Extended"
"Kangaroo Bot"
"Meta-ExternalAgent"
"Meta-ExternalFetcher"
"OAI-SearchBot"
"PerplexityBot"
"Timpibot"
"Webzio-Extended"
"YouBot"
"omgili"
];
actions = ban "720h";
};
};
ssh = {
cmd = journalctl "sshd";
filters = {
failedlogin = {
regex = [
"authentication failure;.*rhost=<ip>"
"Connection reset by authenticating user .* <ip>"
"Connection closed by invalid user .* <ip> port .*"
"Failed password for .* from <ip>"
"Invalid user .* from <ip> port .*"
"Unable to negotiate with <ip> port .*"
];
actions = ban "48h";
filters = {
failedlogin = {
regex = [
"authentication failure;.*rhost=<ip>"
"Connection reset by authenticating user .* <ip>"
"Connection closed by invalid user .* <ip> port .*"
"Failed password for .* from <ip>"
"Invalid user .* from <ip> port .*"
"Unable to negotiate with <ip> port .*"
];
actions = ban "48h";
};
};
};
};
in
builtins.mapAttrs (_: builtins.foldl' (a: s: a // { ${s} = available.${s}; }) { }) {
default = [ "ssh" ];
}

104
modules/nixos/dgn-netbox-agent/secrets/netbox-agent
View file

@ -1,55 +1,53 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA AoV8xDKiLKK+BAtfkB+pNkHZLDIEGw7JyNTTtvayBwA
HfIw7XZFDOYSjBVtP103shjsP/1ObTxJr6Aa4CiaTLU
-> ssh-ed25519 QlRB9Q Ctz/5A3UkDcAZ4nukgqE5oiUOa7taQAE1HSanyAEJh0
coUvmMgmewvtJJJrKJhqBCHpmZiOJxYUEWjKzULO10E
-> ssh-ed25519 r+nK/Q iuEli8ApCKNau1Ugl/bpeQcW9ONQGi8NtvWWJpLHGDU
VMf6rdc0jjRY3ccMwoyf2omLklZanhbxrBeNVfN+l6o
-> ssh-ed25519 jIXfPA zyp8jIQ/BGlaOe2hCYdO2/jpiCJO/yASFn2v4yxF3XE
tnajUOFI/LeiRRK2+XEmgAhU8PfyerYDPZ3CASAx6uE
-> ssh-ed25519 QlRB9Q GTRAu+AUZ2MJs3ZaZR8GcS8U2xyGR0mx1FB78TmVhik
PmenwNgQQUd6JWgUU1zmJWF+Lek4QwCKc0MzD/iLGUE
-> ssh-ed25519 r+nK/Q 2cOo2pK5KN0keAbW62MaC0/wDysciEZPgY8+3vhx30s
ZmjX2vi9qYOVWtctWcEt95l2kBlZH1uNLFUdUxSHyus
-> ssh-rsa krWCLQ
UcotJT8W4HRBV4IQiqlgPZnZnd/htvZiZyT3XNdhs2PBHbMWdG/86EQMUg4VH9yQ
MduYfcr53BUq0usGIWaz/fKCTTTNvnbtu3FnnMpYjsraTomR4sY8JoCabl3v6jWA
UNYEcE5+5Nttx8NhYOK3AIi6xId2JUU9ju7/TnIbQzJgSNeF742EymAOKPT0+RB2
XlMKbvLqoqW50JpYu1NZMJX0ZRv7BtlwdCUzh5AMpTHT26JaWQDD4sx0OquCKfOY
d652PN1goGXTruQJE8zk8eln8575hFlze6cBSXEg7gZjDnKHIFZMZTHWss26MzHV
R8AnyF7o6IZ2SMBkk91vhg
-> ssh-ed25519 /vwQcQ iHmADnr9AGlGgDADay5pgIz/QhmWWtFKhHvP9L08ZFQ
w63c1jKC/lI90DhmXpIi3//fq9ZfVzWMqrmQXZyT48o
-> ssh-ed25519 0R97PA Gd1UrJXNWN20iosx5GVhXFaYipVHSES+dhk/M/Z9oV0
myKtTzEmBlFeiwXmhJoF0v+A/Rvx8q1AilR1Dh4w4uA
-> ssh-ed25519 JGx7Ng gHJNedmJ7UdIwhqq1tWxGa4cX0LcZ/VaenKM2J9F7lo
Oq7wjxPALgXglkCCoNO4UvR2vzJGmPHFDHeOqktVuwg
-> ssh-ed25519 bUjjig CRXtLDeT7jqwKLpaO4/63JnetInAQkaIkE6mxc5N1UI
gMYkaaGu7xpZx7KvZ6P3WMoOozF2Agmyl7B69H5nppc
-> ssh-ed25519 DqHxWQ otOMVwImeWqKrTFEdIJyPlYSopD6k6hFamQPpt2nLBE
CxNSm1/LMwP0zqg17yXVRIdiZ63pDm6qIS8wP/dKCD4
-> ssh-ed25519 tDqJRg v30xkeXkoFPYKs4Dfi37CEgyv3hv574fotA77gusoxs
eL7E6XA/MEgiYAiQPXu4oEFTNExWWwZY82neLzGw5vk
-> ssh-ed25519 9pVK7Q hXrymfnHQQixF0ov9Kt4wkeCr7aIKju3rFd7KB+zeAg
6FlfRrh/KSOpbcmNzdG7DuSX9vtZbWNMk27WJjSG23g
-> ssh-ed25519 /BRpBQ f3ydj4vyxTBOjOcOLVQvFh2l2p+Ugmj3kZMFSikbbFU
/5+bHomn/HADptsbxi4pdK+qxc3HA+2NETRKhJKYGx8
-> ssh-ed25519 t0vvHQ m8IWCX3aEQmx8YXy48zMxDyujTLtJyApVapU5I1LKi4
YFoCQX0jPMi55tsD+uNvHofawW+MXgoP1nhflZdKKIo
-> ssh-ed25519 E6cGqw 4qwrLGLPM+hDxoMPdNnp63D1ntx8zNb8/Fyo/3qyySs
k51U+tHb8KPmWMzhrZceUivFJKg3gzCAGpqCvDyc3xs
-> ssh-ed25519 EEPmeQ ccgkj2wETQMmyOVNl0elsPPN2DvIgEooDOI41rJ+/C0
mYWPULU3MyHpz6j28FbIDHhp1VeH4WRipiG/AkWp3iw
-> ssh-ed25519 +MNHsw E4HK1QIJb4e0HzJNFJoHWhIM0PAz1UMEfFGRbIbwEXU
yi3ecinlgUVuMbzFTC5u/R7NNr+knaHnw7zhXo4U9kM
-> ssh-ed25519 rHotTw hBtzSPFVlxHmakQaj/kJGGZ9vcLoM3DjwL6xj+gC+Xo
w4XbILzfS84Igno8z1EfjJRbYlQvvIpRlMVXt/+CYU4
-> ssh-ed25519 NaIdrw 3ODbuYhG3Ts572UCdq8fUSc9frKeXlINUdVhy8LFnVU
3nvYZhuRKXm5EHd1KM4uO+3irxQDLHMdN76MhPFpvR0
-> ssh-ed25519 +mFdtQ VSTpZ8+P5jbyuuOojTKzIo6YmW4adRbG0rssUEocgho
ZwnC32ywtC6c1cebe2XF9t8x9TTRtt2B4ZlqM/4gOzg
-> ssh-ed25519 0IVRbA 3rhK2KihTYJDysIANlpZLYCbRguv1QOCbKgdocPWDEk
d3pvvkhNxXcNZ1HwUiyquEspwLibyYGKCZrwz5B2T8g
-> ssh-ed25519 IY5FSQ p4+vtg7SON1fIn6fUOhnd2Rxt+9eVEqls48IIBBOqkw
EkjceamiQDQLRRuxQt3mG9WQ96F3XSAAktKg9twGwhY
-> ssh-ed25519 VQSaNw sk0bsPgWlMBXk7DI7aDBuWZ4cNsQOVnpQmBJinqXd1k
G8DAz80agW6qCDcLVewfxZTkae/JzaFDcenlFHTYjPA
-> \cr-;-grease DZ^oMD&2 GB%w]p #g_
HMU4jwh6dkuPjOepUsLjSvO9JXRa5X5TUMVOdrYcv39jNvDnx8S+BJAs6BBVhOPh
csvWfFwTPA
--- UEkzkRDhvHIrTFs2UXLTuJZY/ILa9uTI3QdkNQrKbHw
Ài´:®¢-äámlZšP 9{AÒ€ˆ‰~*…#Å:.j/¾ê“µB`KÓ5^P(u“õÒt³¶DûG_…®%¡èûG€s]ðŸÁßÞB{àws³¶V8e2<65><32>aXÓ$”ô2M
xNCMgSxO8SA2rQqU14RD2TU5PQyssMlWomoA9VjoT6FsYZleRd7nPeABYqlnzUNj
wWk3obSp3AO+NNscnmFrAijYQl0C+hBBplsgEyQ87j60s0ReAZGaURbrxRJr0dr/
2JBrPtQ7tiSQYRZG9DH6ASUYrlVCB3Vq18OOa+os8PpqyL6Q6pglx0ePY1wx9irG
6qj54LAR34C+uOi620LZuJ3YhZYIp0blmxqrXGeVTY1c7mmELKCdslFpiBvKE5jf
71Lj6ihc5Z5kJxi0vPXMXkuGXtmlIr57dre2XWhynuXq9sLj0KEE0GVQa/vMV3Hd
4/ATD4bbpkzwkfZIlL1LRQ
-> ssh-ed25519 /vwQcQ 63EfH8Eu6Rdyz01sN7yfpaQpxJ2w4VqzQRWMw3AMSAk
bj1CFYkCOcoMtuq/mC+vn9YM8aM9rLClcGo1rpytN7k
-> ssh-ed25519 0R97PA gOIroiigdZxulsng29mz0o3gLYnMb5YjmBOmTd9UvHw
mgvgYedm7U1y5BlRcvPEZhHpPEnczungDuBAEGcJwMw
-> ssh-ed25519 JGx7Ng FeQyBpbGZ2WGztFXBpJ5uYXIPIEJqnf2FedleYRQJUc
SzbinTIdwa1pvc9AZSWj2GRR86hD+SHY63QzBSv4D3I
-> ssh-ed25519 5SY7Kg BgCKJrxjRS8QNCndIfySdq2u+hv3Q7Dg/hToWOE8e3g
/rKzCb9fdZTEwTP1/QW4vn1ewQDn5TtV4Ui3MwChdB8
-> ssh-ed25519 p/Mg4Q ftfpqvy3TuWoq+Hcmt+oYiJ1GhwYvR+GDh3MzVsfv3s
I2dj0FSRGfoBqwSetdKz9NX11zUeHxIizmjctYrmjD8
-> ssh-ed25519 DqHxWQ Zs+uNTp/4plSisoBzUpnvlZXLrbYphYvaeogHCyg4As
hvXMQNPnJK7ZQrkYIyHW07rWd06QkNpiNuL3oUXxoQo
-> ssh-ed25519 tDqJRg hMw/doebsExNtZ9oC1OFrnWOsiPOKh3D76RPfw0If00
p5dxioeIt558deMFrRiTMxYocmP6p8kTk/nzSb5yuPA
-> ssh-ed25519 9pVK7Q mctwqK3IkQdbeajO9mbvejtG85rFXTmFdptrzIzP9Cc
sVG1NKMmTR0Sf60hvPJ4QRypmBT4a6yUZ+gyp/Xf+EQ
-> ssh-ed25519 /BRpBQ C6CjF9H+x1fd2s4sjHw0IzKpNvbnr3H0tnxJdwzrzlQ
gcrSM7NoHqeFdsTAWpO23cfAISile0uVEHu4fBvqwME
-> ssh-ed25519 /x+F2Q t6mrvde1VJP7ARlwQAFOQxg6Uu2+GDDzN8GG/F/C5zA
z3jOcIvHjH4TgiMHqABBU5t9bilBtv5rBKHJLMp9CaA
-> ssh-ed25519 +MNHsw 5FBjw08c8F2wqrJe8KfWdn5bjzYmXXqLpVIozq8c8WE
47oEgYMsl6/JtL1JqOOajHdB22gIdIGhhtcchUK7ZX4
-> ssh-ed25519 rHotTw 4/W5DKJCc18KOcJQ1s4DveOVEjf5oy3HeQF5AThpvFM
vG9LsTXTFk6TLHNDDS3qtirjm7iyZnhN+FM++xU0qGI
-> ssh-ed25519 +mFdtQ bh0b+b2J2dg9hpBVYM3hDUwJOO/xi+dcH41abtVjt2E
NPU1M+fXjOSROEWY73hftAniWUpr0ymbfo8mqZTPC/M
-> ssh-ed25519 0IVRbA ioMW4UYJ+kKlZBdf430FHnbqdw3BcwWSr2RmOHCv+hA
qw0VDAu93LSEZqhs9nRTCMGWsXKjxK65VfkKJbUU5fY
-> ssh-ed25519 IY5FSQ 1aD4KWKITo+88CEwuTKq1QH+Pf5qoOXlI+EY2FX9IG4
KzOGMeIxLypf7S6WeUM4Zr/S/g9HWXHBGcKkgHMLRJc
-> ssh-ed25519 VQSaNw fCt2YDODTAtamSSYH+RNIpWAQ53WPwOeR92rHa89QBE
2KAY4EgfxnNxvQGV4lgoGT+sb4nJV1eE50GHRljngEo
-> x!p-grease Qza ,IU!}' (fMHX0~ m
DGgaSNyr7o+hl8p9viIHBbTdiTdY79TgFsTdM2oBJAqT5P/LkFzg8TYNsH04eReH
dmTu9wjN2OM
--- +/E2Y1+KnzcreXm8DtJE39wR4dVL6vneloVFzK33c8Y
T|ïá+¡ÆTÔŒÄ
vΧ“8»,OÔ¸lžÇ±z)/0­<30>>hkJMèl öÝ®GØßûGÜ>lU¯1Ÿ}€Š¤£T<C2A3>ÞhèÅý,åÎ8Åç%ßÓ¤lQ‰
ëb©,@

2
modules/nixos/dgn-netbox-agent/secrets/secrets.nix
View file

@ -2,4 +2,4 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ netbox-agent.publicKeys = (import ../../../../keys).nixosMachineKeys; }
{ netbox-agent.publicKeys = (import ../../../keys).machineKeys; }

101
modules/nixos/dgn-notify/mail
View file

@ -1,55 +1,50 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA tqrbtRQ1sOAfNdcydUswVCvTPlMOyxJk7KIWuVo0zTo
8NlgzrKyFh4K5NreS0CmBNQ2ZmiLZYpD+fhbqNX/aAQ
-> ssh-ed25519 QlRB9Q 9so2ZMz5fmmbqRpwEtJ0/u7iV+MLLLkDgODMfu6rdyo
mYpFyrEI3p5uIvogAeTTgC+bHNHBx+eR6VGKMx8hIQk
-> ssh-ed25519 r+nK/Q ldIiggaMYAi9twBQpG5w6EA1stvDYgznDytN/zN0IDM
bOqzUc4m/pecyG+6jv8HilAJKJS5ywiagv1IN3DMtEM
-> ssh-ed25519 jIXfPA zVe/xwQCEtVnX8qWShePzBmhfQbENRMn8XgPzEqb1gY
CFa4qXtY8lBlSIxnWVbejVta8BFYmsCtp9TdXXexZYE
-> ssh-ed25519 QlRB9Q 3EJeDSBkwJU2LaKHygG/a0tfFRXcp8SNJBxyhIOwBDU
PI63A4YJFC1XTNPbl73SBlUMV25o0ZeojAr8tr5mtlY
-> ssh-ed25519 r+nK/Q /4HQCHPBBk7lD2mwJOMEmTeRpPGnPgTcL+htNRvkxkk
oXLQoX+AK8zn82wsnLHK4BOpK3gn5lThWiFXh8+rxUU
-> ssh-rsa krWCLQ
OypBhkIZl8NGjojPR0Lg0A3SG9BhkA9oocO1zQqGh+gJdO1X8O3m5cIdxu7Ggw8s
RE+B41TWwEfOV0KfRdOBoVxTLYg027f5/EnlU0G5igGUCDt6vDgyScLsYkdiPUYs
7otyfXpCwM5eKpHV6q1qne91BjGXOiUpIPnlaOKXFvNkvNlihz9D1uw+n9vnsKGS
fb9jYX3fACcInbdnNOKeDSUE6+e6wj/ijOwGT8pL5X4cYmGslhfqk4WLubJIUoGx
6TTD0Qh0tiaWlbHJU6jB/Iv0zQgXDBvOCasN6Nlln+PYQnQ8N0gDRkQ8Eq+eKA2d
19komclluvh6zNZQHXod/g
-> ssh-ed25519 /vwQcQ l8YLbHxqW4Ynk9ElKIws+Z/cVvdYa9E/ELOt1gIkXww
nENmHEF5A73imF1H0m+Zn7Fzf2EFTyRPX8HTkgfWvLk
-> ssh-ed25519 0R97PA FVqDeagt+Q8qXxLNaSU5AttATiVmHyQlZT2mv7ETshs
XG9/OKfvS/Q1yHHHexCeJ3/5HTu/oe8O5lIZJouANv0
-> ssh-ed25519 JGx7Ng xuF0PD3YtE8kqWBH+OnxI+Qw6AQZ9Ib53xpSm9NMrGs
wLVrBPL4KKWf5AKIN7MZfIAzOoaeqnf7XswaSt8UHKQ
-> ssh-ed25519 bUjjig 1Ekic+sPi08+xo5Lx38SsIN78ODOaJJpuMPorgelIn4
icUH+He/zxMhoDsakE8lJ1BCkeuwm3izXVnugQrxoCk
-> ssh-ed25519 DqHxWQ oQ1K9/CaOXBCqckeGC2M8rXtPiOSFFetK51+LU5NLGw
zX2MVGKe7jdoPfJhWHd3M0cJ9uczWyyUqzFOZhP8DCM
-> ssh-ed25519 tDqJRg btCKh9SJuHDiGIQu3FNf3a04p6Qm9EYoTOMaxBFFbCs
xsGNb+7jXb5MJbnNAJBZRwBvd7a0uFk8cZWWz0xPLKE
-> ssh-ed25519 9pVK7Q bjH8hNGrjV1euwfetjy+P7FmmVEqg+D2VsyIbPN6dBM
Ut+81wp4IaHYgR7mjAHiPi3uC5K5l/wLrtUEwxxhVs0
-> ssh-ed25519 /BRpBQ nYOgDzHkeh2T3vcC0c3X+/5GPmn4AOavPaLtluG9/X8
yLeebplBqT7cbo7mgZJvbqVOf1SPFFAs/P8lwVUBjnE
-> ssh-ed25519 t0vvHQ R14ScgZyALLYI9VQXC9ulRiIT6pKeNjsUETqmf39Ajk
8sATMxF2qt2ZquQkL8lUjtYYCE/c6HAV7CzVBXgAlzY
-> ssh-ed25519 E6cGqw 0kdE7TYnCGGB6laGnB67OFIdI5pKo9k/4M2hSZB8dVg
6ZbKr6REXl2e589LDQjTdXAOSxKo+Crzb/qU3UiT7Fo
-> ssh-ed25519 EEPmeQ iKAT49L0Ps0DPUc/jHZ1eYPQvkouTbEaMMT1WgGgNGU
5tO5/612OXfDVgPkC+pObQJP/EqIljq1Sb5/sEQpKOo
-> ssh-ed25519 +MNHsw +XV+vFgYZBjgS+MKcIx1YaZgV34konYI5r2okZWcpE0
xBVIa8Zep/eRgD2gjPooTS5oQuzgjRxw3cvUrVhbFLM
-> ssh-ed25519 rHotTw kpkPh9yUnPayJBCiUihPbSMIGiCMNV3Q9EX/GqrDuEY
9U+MZrgXh8wWMr+YA+OFHzVtVoiNXusQIAKHSIv5dy4
-> ssh-ed25519 NaIdrw P7GGMkwEt5ueKMBok+EpEmuomOQtWMGjqShy2zMcziY
D38Akh4B2IIhiMHm9L4BAlXkqtmRHBFNYnq7MBxuLEw
-> ssh-ed25519 +mFdtQ q0Ry7jtJzq6UfKDbzfovl5KBjdJtOKxlzMBKOBt/wl4
5LE2G25RaXJSNC88AUKZVsec9f6kRMTrRJH0f+rHjiw
-> ssh-ed25519 0IVRbA E9wi9oRwNigFI5Gx6rOzdQRmLsaG7bADK0JwevQnHHk
R3ssmspGUasfQCiak6mbelWszIEfgBhoUSwTmVAZVHo
-> ssh-ed25519 IY5FSQ XecGNqCa7W77aVxHu2PMyGP3kjJaIuMkPu/uxxmcTWM
XBswdNeVgQzf1dHC7epw/R4aR+aPM/D6Ojfemv6h3Zw
-> ssh-ed25519 VQSaNw W9s97+9Zp9HHHLujy3AfY6AmhXG06zubbKmzuHfI32E
6sBZ/SCxyOAYxusVng5xTp2FIWP46svn9jHrGdDoITY
-> QywF>>&-grease
an4MLFRuHd5YzvAuctEATrgtHX6ptlOPxRnGyFsIZEx4CVadG8bEn4+aPF64Bvxy
RXa8
--- fF16JxCEn1JKV0R0onxLmfe1SJViPsfwcW/aNzakOlI
™dØë¦\YjÐÙ\¡:ìlsZV¸¦©ë ñ‹¶÷È"鳉] …wOpì4àŒƒeÔÅ9¨Ï±üB9<42>
ox5TBB9buXII2U32S/XpQVdr3r87p9lt/7WwELq//ik7vf4B6mZPbYvIV05JZ5bO
4f5khDdw+q1bbniDCBH2aPKM0ni3wBdLkT3jwdQBL5imSQuly/cFMdvVwSTuwN9k
8smSavsUYK5q5xgE49oMYJBAhNVGFI7NKlx7/a3VaVybsLAnzp3AeWy1o5BB1fKT
7Emt88ht4lymL/gyxSMLT5Dreb5Sm+AcE+gYAK92OnX4Z1k8FqETppTKZDuoZUmv
hJPpylXw7/YJU7Q0CluwtcGWFaTuE6AT0IrlCdY3NuMGA9IfpVsZr1kocdq2qB02
90/yy51Ulwhfhiy1/3mlfw
-> ssh-ed25519 /vwQcQ SGCKP+4m5p9SiYnU3vL0QaKp/3+yztZ0snZ6os+mUAo
ZEVgV6jo7tRdM1KxQJ2UJRDEYaiQy9PYzaeSAstHYFQ
-> ssh-ed25519 0R97PA Bblz2DxUIBovbFqHhwGSRrs3Hbc1vNMtn8SK976YYAU
FtEsqOUChH+uzFuTsATraNyyJXXdkesmbe8T+LeK9nU
-> ssh-ed25519 JGx7Ng 3umTe7hK60ghA4fXbapBRjjJ9K6hXLfV5kQrBzwsmS8
oRBFSJsVStw2ul6JxdJuan18GriwYF+d8asKXnWDpZA
-> ssh-ed25519 5SY7Kg Ft714PG5dVVJWHu0aJh+wdT04vSb/vlDVsWmUhdjUXw
qY7OJduSibFheBQOrGnSFUOhou/WyyY/M5tAYGvaTJI
-> ssh-ed25519 p/Mg4Q u6ES8PpiDb1OY97sMQ/kL6sTIjBhDk1aqoIEd0I5BgA
pbX1Wk+5aTbf5rU2JM0rf4SR/fJGLKcDcqLF1yDXbiE
-> ssh-ed25519 DqHxWQ n8qHGzdwY1RfajPN+oZV0Ps44rqbW5tcUFSSPbyZmAw
EAK0hA/94/ZxBz0iNaTl2RlpswiO+2eIWugozHrZZfw
-> ssh-ed25519 tDqJRg RAEIORbyHLRNkm+mFsq07E1uzbEEIBQ3eG+kpyXLLG0
1S7gL5WgXiFZxgH6kSp1zANafDTEKsC4Wo4kT8oB7b8
-> ssh-ed25519 9pVK7Q p7tGHwbC3CWap6feMXq2twGHkyszLP0EKwhW4McAoj4
7F0zZEON8H2H+v0XRCOiYeUuhJBRUVkFoEP+Cz4vHZo
-> ssh-ed25519 /BRpBQ stXNcOvGwPBPz8TtLhQUVgpcvu4BtfUACAZtrEI0eGY
FN2yFmvc3GhMGNTUCT+XMr1qsfLvmjHIkYoi5B3MDsE
-> ssh-ed25519 /x+F2Q fmGbMAGFJbjR0zVdJqsigKQ28nbDq8Zx1FsgviLWqHc
+v09rkeHZTvFQLaXfOnFaZMBc2G2BD5dXWYg/Nlx2Og
-> ssh-ed25519 +MNHsw KqIxZ4L1aoqLevCwx6Zp0jBHfTOU7WdrE0UN56/xARE
OwQ2/WUEfl/oXxfbv5rlLu4OOdrACzPfSS6HfcLpi60
-> ssh-ed25519 rHotTw hwCwUHi/xbAQaWt26kOn3/QSP0m0ZKRdIYs55TDMLSM
DCvnBearzyPQ6ErYuawsyobpMsD9SSEhkVmFKyp5jUI
-> ssh-ed25519 +mFdtQ ZlEsxLPDfy29aIQ9eNsRkZCHSeRmX8+GsuGtikQF4ms
n1N2xQb4oRWaJgLtrXMFasc8u516e1M4Q/qLNLA0e0A
-> ssh-ed25519 0IVRbA keVcQ4Vx3Avd97N89nUklRnGMABBenHIi+aufVoTABU
yrsC1OitS6sqbUsaIaWeU8vYGOQm9afFfc6DprB8Whc
-> ssh-ed25519 IY5FSQ npdYCAEfVSpuDNMZnWS469BgvivTKHRKtEAtxmxDZl8
gOB1vpBO8ZqtLVwxCj8V/KrWgnYmZGn5QQJzMhiHH4A
-> ssh-ed25519 VQSaNw S3dSnOPVQdMcz1dJYai0DvZATuMBDsG/+a0sJBDc/iE
Q1gl1nIpDESMvTBX03i4lStAtdWqlTkVABHZ3cqocDE
-> t-grease bvZAq
NTQBWWf5UW4zsTEEt7rgmTv+B2rFIk/8WwQPrC/s59Ik
--- 46n57xU0XlDQgUM0vIYveqDifz57FrTcRwCEpoh62+4
[07Æ~Þ3dïálÃÅô!fãš4ÐHßA‡íœ÷<C593>9 ×ò@d»BÌ&½L‰{aãþm…X2ãD‰Å ´

2
modules/nixos/dgn-notify/secrets.nix
View file

@ -2,4 +2,4 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ mail.publicKeys = (import ../../../keys).nixosMachineKeys; }
{ mail.publicKeys = (import ../../../keys).machineKeys; }

101
modules/nixos/dgn-records/__arkheon-token_file
View file

@ -1,55 +1,50 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA Fg3/a46Mon39gTFeQkn0wtxbwsTzeBUNyEAaNHd27hQ
A78ImPc4lST6bAeBmWiWxoICV4JVCJVAmKuQJySerHs
-> ssh-ed25519 QlRB9Q P1C+ZzsB4oAWkwIq2zcaqoukMMo+yFwk9g6Al32fCWM
G+M9cYya5pX64/oEbvpvha2qbQg4y8frl1i18ZIG6fY
-> ssh-ed25519 r+nK/Q r4kctDRssAYznMRxHJqu7/GoBHyibP4xWdua6KYnpU0
l5KS9reXjT2P5iUCe0swZmK/m9Vg7VvtrK4L/TaEuAI
-> ssh-ed25519 jIXfPA YaucboAId6lgc1Y/jV6hLyovkJQnMBnKhJ2QWAci53U
Q8RUPu4GUC5QbzTROgL9xaG3BUWO1QU/q1p0/yimBQ0
-> ssh-ed25519 QlRB9Q y1tbd/81NoECRtKwOw41Tlls5y+WSu2jGmeOlC939VM
DT1zZgWJkkIWRWxzfu4VgiGpV8CioaDKnVemowH59N4
-> ssh-ed25519 r+nK/Q dDmGkZ3Y7xAzZGKvGIyIdhD+P0tkV6SMPx3UxphoTXo
tkanRbPfu3/cuMPoTrcWBlNcu6RmK+txif+9aIRLy+s
-> ssh-rsa krWCLQ
g+zPwOWXgd06McsOCwo2QjAQF7B7t8oCf5eA5K79Om/X63VAqakts3ilwOt9SgZk
yQYa72TP67nyljLO4tPG7u/aKIBIwitGXIIYs+ZNLq9Q0ciWvzVAhsLsfi9yE7AF
I3tnL03fES2v5sbKes/JulBQl+87065YZr67TNWRY9f7a0XQZtfewP0vOxxfJsSy
RYBpztlzAGkaWXtqk2291x7yGhKsQWXmUhxx4KqyPs+KvFm1d4GglalFjhySzCkG
Rc7Flg1ukru3Bd1/fieOWpr3DyDBQ8pZyS4gIUYLB7xcy2t1JI/U3egTQTPBCSgy
PwoWgyQ7lGLRIarTMRa1JQ
-> ssh-ed25519 /vwQcQ FOpyMB3qDu3HpjqsH2VVpInqlvJlZD35y/XNf8RkSXU
ZUxuGbwH1XtE9Da+L7SjfoYinjq0cAwsHsDaz2u5Lrg
-> ssh-ed25519 0R97PA kphmpWyiMaxGmUAH4rvFUjtf0mvseVkPPBlMqKNE3lA
F1cgXiz2UjCHU0MeS5DryvOBtxW/1DIsjw28uQ1nd3A
-> ssh-ed25519 JGx7Ng ejW0Pf2cwsitmVLY8jJUaHZ/6Qhfxa7fnYWoaWYISWk
awOvJwkkFdXuc/ikZTX6512zG91FCi+0n7KaYrULO3E
-> ssh-ed25519 bUjjig 2Gw2h1bx0TRc6CmRjY8GPgtSHRs5rl/lg394JKiWBlA
yvltWHak7XMXBmBmlelE4pF5y1saRaQJmV5IUxzaPyo
-> ssh-ed25519 DqHxWQ gh/5iRZQbmbvwWGtah4b9MK3DNe4+UNiHoXPYnw0sEQ
z/nbwMWAjsBRAzTMSS/9dPzXe1st8mQWiUlZnVmtcCw
-> ssh-ed25519 tDqJRg 0GBbdUBhJxdCICdp6WtgXW2GXfQskuxanzucrKRoBns
AW0jVC8Y8lbhycDgLzPu40kQtgb7OI7fyycLldXknwc
-> ssh-ed25519 9pVK7Q +aOx8mN/HX4F7SdNdJZjMRWiy6SIhqFkWYIo+I24cTI
IQCd6tA+bUDlnW9JsxVE02EBKj38yYDybBe24PxXr68
-> ssh-ed25519 /BRpBQ 8UN2aIKUhi3JLhnOoOs38+a9qx+UhDnV5tYlWVF8d24
FkScXVvXdhFbDGs2Ks0BYfj9nJpAUVPz6OhX7vkOTmI
-> ssh-ed25519 t0vvHQ wDCpgqimo5goEB9Gj5/QGQ98nTEkKy/qHyxPg3NA6Ss
sielO8aAj9ke+nZL+F/zyMUzUPn1LjtKrSkAoMW6YYE
-> ssh-ed25519 E6cGqw zbwhYf2zKgjdymEjG0sVuqQQ/CgCDnSlT72OrAUFSiw
B70dyGna1SRXvf5SLJCiZGeBiXwS9nf3LPTBkG/3fGs
-> ssh-ed25519 EEPmeQ 06lIugc0LbiXVFwbV/6GKbSnlac0ROIVNmgS2Q9MM2A
KTUmdmSXZT2D4oQQpO1qNsdOn5sH70ameln6i7Itb+A
-> ssh-ed25519 +MNHsw OMAS3ud2K1+JGVytqHp9P/i+r4apcb91Dyc+tTudpQ8
V6T+VPSvRZ21nVtDeRkOsuP62bECSGcIm8vO3JADxVQ
-> ssh-ed25519 rHotTw JAc7ZlrFGL+DXq07YrmqY4lS5Pib31RoRTT6o7zJH04
Y1qLn6nWk7FfkrWIiBBd7BHHp5WXHTZfq734DMUlB74
-> ssh-ed25519 NaIdrw ZWfEZfhiXxkq6P6H2kbiVZiiPxH13Cehk+2ti9fYx08
gMlI5Da2cgP7m2pZnHpwJiA7BVVtZgNyZnPkYqhBYHQ
-> ssh-ed25519 +mFdtQ GZQpMTZySkDwDvzpWou8nfvAtYco/v4xF+YU7LYjAAI
deNceVs+tUxiQy2JHcoOd/w6KLYnxuDwrIPoVWJ66Vo
-> ssh-ed25519 0IVRbA S917NcJZ75oqjwGMMwknUFcHYJ2TCkEt331mpOZ5DxI
khoDidhLjy1wIs+qGAfx/qH+t4ROB71QeiiUmnpZ1s8
-> ssh-ed25519 IY5FSQ 2HjLcN2RK/dtAeHXUTu/Du4LiBH4SxpG0d6f7QCa61Y
ql6B8ZZzEaz+Czb0TRT8pF1KD7dhEv0XE9k9IJ9AgBo
-> ssh-ed25519 VQSaNw aAcXlRKzMgw847XeDTqnh+4XvApVIE183gJ2O42eohE
wndgsI85eDc+i+CBPmo2ym5koIvTMS9mOuWdLvLM3Qs
-> lm-grease -KjCZ 46y2wU x1
1iP6
--- MthoOm+rboJhFyo+SKFlPfwT9V3VeaKl5xQ2gs0W2ns
<>ÓÖ"b/‚éðÙ*ü}ýeÁ½g}âLšq
zGŠ~Q.í_àX{½ËìA ùþó²ëöË
IZGpFoWjQuQzqkS2KbpVr+fP7NLPhyaxS4yQroVEkPEZnXx2c6eH3ul218zytZld
YRBCxiCtV6VfOB2N2QGuiK7YCGl6oUfN1DePy0jPrGKsnvWBitTuqzADiGQB7aSI
ie7GgblPpi4q3ovJPgf7Bs+Mi2dKW5hiD8Jnped7rEW7SEnESkQa3Cx22Ww/UYcW
9Uj7ZaDVVbP0ZWyc41HdoJwEnV6MYMRnXUJ/qrLMCIvRaYk8UdiCDgco+XxqAnbs
iyUqCvz8iVNsWbJxK+7jJHXp0dQJRciHzSGStIVRSGx4gvuXOGjsuBMjfwoq1XoR
5PE3BnP/atHZg3CkQcC2eA
-> ssh-ed25519 /vwQcQ WL0PdIIsSWzw+ar2QNXCp7Xs1NH9gUk2fSPskGC9o2I
+kHedFsYHgpsGfILtywJaIrTRj8HtHZvVyhtbRhKYC0
-> ssh-ed25519 0R97PA +G7wUHF6NJimsAxe6M9RVVTa3GLPoW1bhsgMsWXKNC8
i++lKoe8hFFb1rilkO9lcwBJujRqFsLGDOPvbaiz6Nw
-> ssh-ed25519 JGx7Ng o66YGXN0uMC2qZo1tVcEMOa4SwxNZaf4HvnGsgzlqjo
Tc4KMMrnJbybrNIkhEJz42PVHc3fVMFFSs96lKsEKCA
-> ssh-ed25519 5SY7Kg P8Xp9wVJDcPdj3uSiq0yLnLMDInMeFs6XX30VwlXWlg
uJfxXOZl8EX8fjRsHZ61JMKFpYksZJucZwVaRJs7qW8
-> ssh-ed25519 p/Mg4Q yUyxue7Oda0b+CjdF9VfUCliWyzXNOsVPH7OFoHzWCw
+zi+TSojvSc+VDXZG8XXSsTezxKRNC2XHc/hGGv4baM
-> ssh-ed25519 DqHxWQ 7Vnq/xidbguw/PkZPUOTHUBTe8/x4PvTjCusUe10jio
7Sl1MptpElvEA9VUj7JiVGuEWC0F3aA2rgYvfIchOB0
-> ssh-ed25519 tDqJRg udOCDV4/vszObNxcQhJ6iGiDkxgZlrBDyKt3MbibMx4
CDDd0LNCCdYvEww/h8q2z4f5QtjnL+kJsnPFtlbiD28
-> ssh-ed25519 9pVK7Q DXqkIewHGpUUDtL2ivAoFwY/HCjoQXjxoHGPGkuFfH0
JZ7xC2kdtnRNq8WADL2SNw/Ukezu1s4TuUbQnbP8L4o
-> ssh-ed25519 /BRpBQ 9j1+wzO733ej03ra8LQOkpOyvY63UCbO9sfT6bV6+zs
2F0UjpAqgCK5JS0y0kkHX30EV8JCcjhnJ1NkW06ww4w
-> ssh-ed25519 /x+F2Q wYchtMn7MCGllfiFwTrycdLEY3dl297ns26PHs7l320
feRd57Z5k6iJ71JRHud0wyYWo3O56q4rrYZt5y3aoqA
-> ssh-ed25519 +MNHsw FHfvx1FQWcsRlKrFF0SRcVZ+XG6LXBwIMcPCVeu/ZCg
w9fZGhZpEJHlf8JPcbWcNoAO9S06hi15LZxkv1dJUWk
-> ssh-ed25519 rHotTw QDcThfb0AJMQBfQDbbtqm6z7BGxC4/sBioprElUTXFA
2JOFoMLcVhMoGzZDDNOTL3PBWsqVnrFx8o/W/cWuzl0
-> ssh-ed25519 +mFdtQ tWg17VH1Q4gQj/1IK9yrxjw4kRPzsp4dDHFwDKYxvDE
9H4ohD3XN4Xtk15SsZQf5k0db+yIVcWp4EV5jKsZgHI
-> ssh-ed25519 0IVRbA rkMPsBgVEaiYtaBN5JzHNCPFYFKr/7dqoY+RX19+03o
baQK5t5sG8WabaCuMTZ2ZIfMTRH0jQU4l7JEyJ6H+LU
-> ssh-ed25519 IY5FSQ c1+2+CMJFMw/iF2XNx5ma28KhwdKKQ9dNC1nBvFz/B0
3AE1FQq+//dNIQfuW9BHcpfNbGn724Ydq7aJc95KmmY
-> ssh-ed25519 VQSaNw t9yLak0T7FO8hgGrPWFeR3Jw0D6cPxjR5LOIcMnAmgo
869SBp0nM5v/9+Xjib6rkmmelhTBfXcyuHiAXh08AWo
-> r32t]I\-grease ka<*
nkxH0w1aQ64
--- LlTR5EcQzCLJ5trkQcomW0+soQoec/IZZNW+g5dyOo0
M"ÏLm“õh]ñÖa£uq±ýÏ4ßÏ+ö“9;ФˆÇ-Z±L»¯H0o1»Eâ<>

2
modules/nixos/dgn-records/secrets.nix
View file

@ -2,4 +2,4 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ __arkheon-token_file.publicKeys = (import ../../../keys).nixosMachineKeys; }
{ __arkheon-token_file.publicKeys = (import ../../../keys).machineKeys; }

36
modules/nixos/extranix/default.nix
View file

@ -12,8 +12,6 @@ let
inherit (lib)
attrNames
concatMapStringsSep
concatStringsSep
escapeXML
filter
getExe
hasPrefix
@ -22,7 +20,6 @@ let
importJSON
mapAttrs'
mapAttrsToList
mkDefault
mkEnableOption
mkIf
mkOption
@ -103,13 +100,13 @@ let
type
readOnly
loc
description
;
descriptionHTML = pkgs.runCommand "option-${title}.html" { } ''
${getExe pkgs.pandoc} -f markdown-raw_html ${pkgs.writeText "option-${title}.md" val.description} > $out
${getExe pkgs.pandoc} -f markdown ${pkgs.writeText "option-${title}.md" val.description} > $out
'';
description = escapeXML val.description;
example = escapeXML (val.example.text or "");
default = escapeXML (val.default.text or "");
example = val.example.text or "";
default = val.default.text or "";
declarations = map path-translation val.declarations;
}) filtered-opts;
};
@ -241,14 +238,13 @@ in
};
config = mkIf cfg.enable {
services = {
extranix.settings = {
theme = "extranix-options-search";
params = {
releases = mapAttrsToList (name: _: {
extranix = {
settings = {
theme = "extranix-options-search";
params.releases = mapAttrsToList (name: _: {
inherit name;
value = sanitizeDerivationName name;
}) cfg.modules;
release_current_stable = mkDefault (head (attrNames options-files));
};
};
nginx = {
@ -256,21 +252,5 @@ in
virtualHosts.${cfg.host}.locations."/".alias = "${webroot}/";
};
};
assertions = [
{
assertion = cfg.modules != { };
message = ''
`services.extranix` can't be enabled without any modules to document.
'';
}
{
assertion = options-files ? ${cfg.settings.params.release_current_stable};
message = ''
`services.extranix.settings.params.release_current_stable` should be the
`sanitizeDerivationName` of a key of `services.extranix.modules`, here one of:
+ ${concatStringsSep "\n + " (attrNames options-files)}
'';
}
];
};
}

30
npins/sources.json
View file

@ -234,12 +234,26 @@
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.hubrecht.ovh/hubrecht/nix-modules"
"url": "https://git.hubrecht.ovh/hubrecht/nix-modules.git"
},
"branch": "dgnum",
"revision": "f3bfda88cf5ca652baa8577da491f9427d98fe5e",
"branch": "main",
"revision": "75e8d70a051dd19d126b5248b62f61d6f8ce4361",
"url": null,
"hash": "1jh8wqlz1bv3b5crfhyvqnh4gjjsyzvs3q0iys6iwq0l337ddgvx"
"hash": "0yx5by3v2cshiidyh27n75lcqy9d1kk5zz5mchmfv63s9p0cjzqn"
},
"nix-patches": {
"type": "GitRelease",
"repository": {
"type": "Git",
"url": "https://git.hubrecht.ovh/hubrecht/nix-patches"
},
"pre_releases": false,
"version_upper_bound": null,
"release_prefix": null,
"version": "v0.5.0",
"revision": "e11ba20945f4a867f09d84343c37328288f274b4",
"url": null,
"hash": "1c6cc44pwlg3ky6cnwhkml8ci77fw3sgjhwvqg0f6igxxf2fqv9v"
},
"nix-pkgs": {
"type": "Git",
@ -247,10 +261,10 @@
"type": "Git",
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
},
"branch": "dgnum",
"revision": "304abd514dfe07bce4b368b1f384bfd598d61183",
"branch": "main",
"revision": "cc01e1c2a6ecb1e38fde35ee54995a6a639fb057",
"url": null,
"hash": null
"hash": "17a9vlwrk9365ccyl7a5xspqsn9wizcpwdpvr3qdimvq4fpwhjal"
},
"nix-reuse": {
"type": "GitRelease",
@ -350,4 +364,4 @@
}
},
"version": 3
}
}

135
workflows/npins-update.nix
View file

@ -2,92 +2,63 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ lib, nix-actions, ... }:
let
inherit (nix-actions.lib) secret;
inherit (lib) genAttrs mapAttrs' nameValuePair;
dependencies = builtins.attrNames (import ../npins);
in
{ nix-actions, ... }:
{
name = "Update dependencies";
name = "npins update";
on.schedule = [
# Run every saturday
{ cron = "5 16 * * 6"; }
# Run at 15:25 everyday
{ cron = "25 15 * * *"; }
];
# Global environment, necessary for rebases and commits
env = rec {
GIT_AUTHOR_NAME = "HT Chores";
GIT_AUTHOR_EMAIL = "chores@mail.hubrecht.ovh";
GIT_COMMITTER_NAME = GIT_AUTHOR_NAME;
GIT_COMMITTER_EMAIL = GIT_AUTHOR_EMAIL;
jobs.npins_update = {
runs-on = "nix";
steps = [
(nix-actions.steps.checkout {
fetch-depth = 0;
token = nix-actions.lib.secret "TEA_DGNUM_CHORES_TOKEN";
})
{
name = "Update dependencies and open PR if necessary";
run = # bash
''
npins update
if [ ! -z "$(git diff --name-only)" ]; then
echo "[+] Changes detected, pushing updates."
git switch -C npins-update
git add npins
git commit --message "chore(npins): Update"
git push --set-upstream origin npins-update --force
# Connect to the server with the cli
tea login add \
-n dgnum-chores \
-t "${nix-actions.lib.secret "TEA_DGNUM_CHORES_TOKEN"}" \
-u https://git.dgnum.eu
# Create a pull request if needed
# i.e. no PR with the same title exists
if [ -z "$(tea pr ls -f='title,author' -o simple | grep 'chore(npins): Update dgnum-chores')" ]; then
tea pr create \
--description "Automatic npins update" \
--title "chore(npins): Update" \
--head npins-update
fi
fi
'';
env = {
GIT_AUTHOR_NAME = "DGNum Chores";
GIT_AUTHOR_EMAIL = "tech@dgnum.eu";
GIT_COMMITTER_NAME = "DGNum Chores";
GIT_COMMITTER_EMAIL = "tech@dgnum.eu";
};
}
];
};
jobs = mapAttrs' (name: nameValuePair (builtins.replaceStrings [ "." ] [ "_" ] name)) (
genAttrs dependencies (name: {
runs-on = "nix";
steps = [
(nix-actions.steps.checkout {
fetch-depth = 0;
token = secret "TEA_DGNUM_CHORES_TOKEN";
})
{
env.GIT_UPDATE_BRANCH = "npins-updates/${name}";
name = "Switch to a new branch";
run = # bash
''
if git ls-remote --exit-code --heads origin "refs/heads/$GIT_UPDATE_BRANCH"; then
git switch "$GIT_UPDATE_BRANCH"
git rebase main
echo "EXISTING_BRANCH=1" >> $GITHUB_ENV
else
git switch -C "$GIT_UPDATE_BRANCH"
fi
'';
}
{
env = {
GIT_UPDATE_BRANCH = "npins-updates/${name}";
COMMIT_MESSAGE = "chore(npins): Update ${name}";
};
name = "Open a PR if updates are present";
run = # bash
''
npins update ${name}
if [ ! -z "$(git diff --name-only)" ]; then
echo "[+] Changes detected, pushing updates."
git add npins
if [ -n "$EXISTING_BRANCH" ]; then
git commit --amend --no-edit
git push --force
else
git commit --message "$COMMIT_MESSAGE"
git push -u origin "$GIT_UPDATE_BRANCH"
fi
# Connect to the server with the cli
tea login add -n dgnum-chores -t "${secret "TEA_DGNUM_CHORES_TOKEN"}" -u https://git.dgnum.eu
# Create a pull request if needed
# i.e. no PR with the same title exists
if [ -z $(tea pr ls -f='title,author' -o simple | grep "$COMMIT_MESSAGE dgnum-chores") ]; then
tea pr create --description "Automatic npins update" --title "$COMMIT_MESSAGE" --head "$GIT_UPDATE_BRANCH"
fi
fi
'';
}
];
})
);
}