infrastructure/default.nix
sinavir 172d2920bf
All checks were successful
Check meta / check_meta (pull_request) Successful in 19s
Check meta / check_dns (pull_request) Successful in 19s
Check workflows / check_workflows (pull_request) Successful in 23s
Build all the nodes / ap01 (pull_request) Successful in 56s
Build all the nodes / bridge01 (pull_request) Successful in 1m39s
Build all the nodes / geo01 (pull_request) Successful in 1m29s
Build all the nodes / compute01 (pull_request) Successful in 2m16s
Build all the nodes / geo02 (pull_request) Successful in 1m34s
Build all the nodes / hypervisor01 (pull_request) Successful in 1m30s
Build all the nodes / hypervisor02 (pull_request) Successful in 1m35s
Build all the nodes / netcore02 (pull_request) Successful in 29s
Build all the nodes / hypervisor03 (pull_request) Successful in 1m33s
Build all the nodes / rescue01 (pull_request) Successful in 1m54s
Build all the nodes / storage01 (pull_request) Successful in 2m5s
Build all the nodes / vault01 (pull_request) Successful in 1m52s
Build all the nodes / web02 (pull_request) Successful in 1m46s
Build all the nodes / web01 (pull_request) Successful in 2m12s
Build all the nodes / web03 (pull_request) Successful in 1m43s
Build the shell / build-shell (pull_request) Successful in 30s
Run pre-commit on all files / pre-commit (pull_request) Successful in 39s
Check workflows / check_workflows (push) Successful in 29s
Build all the nodes / ap01 (push) Successful in 1m12s
Build all the nodes / bridge01 (push) Successful in 1m57s
Build all the nodes / geo01 (push) Successful in 1m40s
Build all the nodes / compute01 (push) Successful in 2m40s
Build all the nodes / geo02 (push) Successful in 1m42s
Build all the nodes / netcore02 (push) Successful in 35s
Build all the nodes / hypervisor01 (push) Successful in 1m31s
Build all the nodes / hypervisor02 (push) Successful in 1m40s
Build all the nodes / hypervisor03 (push) Successful in 1m41s
Build all the nodes / rescue01 (push) Successful in 1m44s
Build all the nodes / storage01 (push) Successful in 1m54s
Build all the nodes / vault01 (push) Successful in 1m46s
Build all the nodes / web01 (push) Successful in 2m8s
Build all the nodes / web02 (push) Successful in 1m46s
Build all the nodes / web03 (push) Successful in 1m38s
Build the shell / build-shell (push) Successful in 29s
Run pre-commit on all files / pre-commit (push) Successful in 34s
fix(scripts): Refactor cache uploading
2024-12-23 14:02:22 +01:00

186 lines
4.6 KiB
Nix

# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
sources ? import ./npins,
pkgs ? import sources.nixpkgs { },
}:
let
inherit (pkgs.lib)
isFunction
mapAttrs
mapAttrs'
nameValuePair
removeSuffix
;
nix-reuse = import sources.nix-reuse { inherit pkgs; };
git-checks = (import sources.git-hooks).run {
src = ./.;
hooks = {
statix = {
enable = true;
stages = [ "pre-push" ];
settings.ignore = [
"**/lon.nix"
"**/npins"
];
};
deadnix = {
enable = true;
stages = [ "pre-push" ];
};
nixfmt-rfc-style = {
enable = true;
stages = [ "pre-push" ];
package = pkgs.nixfmt-rfc-style;
};
reuse = nix-reuse.hook {
enable = true;
stages = [ "pre-push" ];
};
commitizen.enable = true;
};
};
reuse = nix-reuse.install {
defaultLicense = "EUPL-1.2";
defaultCopyright = "La Délégation Générale Numérique <contact@dgnum.eu>";
downloadLicenses = true;
generatedPaths = [
"**/.envrc"
"**/Cargo.lock"
"**/_hardware-configuration.nix"
".gitignore"
"REUSE.toml"
"shell.nix"
];
annotations = [
# Auto-generated workflow files using nix-actions
{ path = [ ".forgejo/workflows/*" ]; }
# Secrets
{
path = [
"machines/**/secrets/*"
"modules/nixos/dgn-backups/keys/*"
"modules/nixos/dgn-netbox-agent/secrets/netbox-agent"
"modules/nixos/dgn-notify/mail"
"modules/nixos/dgn-records/__arkheon-token_file"
];
license = "CC-BY-NC-ND-4.0";
}
# Patches
{
path = [
"machines/nixos/compute01/ds-fr/01-smtp-tls.patch"
"machines/nixos/compute01/librenms/kanidm.patch"
"machines/nixos/compute01/stirling-pdf/*.patch"
"machines/nixos/vault01/k-radius/packages/01-python_path.patch"
"machines/nixos/web01/crabfit/*.patch"
"machines/nixos/web02/cas-eleves/01-pytest-cas.patch"
"patches/lix/01-disable-installChecks.patch"
"patches/nixpkgs/03-crabfit-karla.patch"
"patches/nixpkgs/05-netbird-relay.patch"
];
copyright = "2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>";
}
{
path = [ "patches/nixpkgs/06-netbox-qrcode.patch" ];
copyright = "2024 Maurice Debray <maurice.debray@dgnum.eu>";
}
# colmena wrapper
{
path = "lib/colmena/*";
license = "MIT";
}
# npins generated files
{
path = "**/npins/*";
license = "EUPL-1.2";
copyright = "The [npins](https://github.com/andir/npins) contributors";
}
];
};
workflows = (import sources.nix-actions { inherit pkgs; }).install {
src = ./.;
workflows = mapAttrs' (
name: _:
nameValuePair (removeSuffix ".nix" name) (
let
w = import ./workflows/${name};
in
if isFunction w then w { inherit (pkgs) lib; } else w
)
) (builtins.readDir ./workflows);
};
scripts = import ./scripts { inherit pkgs sources; };
in
{
nodes = builtins.mapAttrs (
host: { site, ... }: "${host}.${site}.infra.dgnum.eu"
) (import ./meta/nodes.nix);
dns = import ./meta/dns.nix;
mkCacheSettings = import ./machines/nixos/storage01/tvix-cache/cache-settings.nix;
devShell = pkgs.mkShell {
name = "dgnum-infra";
packages = [
(pkgs.nixos-generators.overrideAttrs (_: {
version = "1.8.0-unstable";
src = sources.nixos-generators;
}))
pkgs.npins
# SSO testing
pkgs.kanidm
pkgs.freeradius
pkgs.picocom # for serial access
(pkgs.callPackage ./lib/colmena {
colmena = pkgs.callPackage "${sources.colmena}/package.nix" { };
})
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
] ++ git-checks.enabledPackages ++ (builtins.attrValues scripts);
shellHook = ''
${git-checks.shellHook}
${workflows.shellHook}
${reuse.shellHook}
'';
preferLocalBuild = true;
###
# Alternative shells
passthru = mapAttrs (name: value: pkgs.mkShell (value // { inherit name; })) {
pre-commit.shellHook = git-checks.shellHook;
check-workflows.shellHook = workflows.shellHook;
eval-nodes.packages = [ scripts.cache-node ];
eval-shell.packages = [ scripts.nix-build-and-cache ];
};
};
}