From e9c6f0a2b6f486f3e162b7dc404c8b8bc5dea23d Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Fri, 29 Mar 2024 14:37:21 +0100 Subject: [PATCH] feat(infra): Add checks for meta --- .forgejo/workflows/check-meta.yaml | 22 ++++++++++++++++++++++ meta/verify.nix | 16 +++++++++++++++- npins/sources.json | 13 +++++++++++++ 3 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 .forgejo/workflows/check-meta.yaml diff --git a/.forgejo/workflows/check-meta.yaml b/.forgejo/workflows/check-meta.yaml new file mode 100644 index 0000000..5bc0d61 --- /dev/null +++ b/.forgejo/workflows/check-meta.yaml @@ -0,0 +1,22 @@ +name: Check meta +on: + push: + paths: + - 'meta/*' + +jobs: + check_meta: + runs-on: nix + steps: + - uses: actions/checkout@v3 + + - name: Check the validity of meta options + run: nix-build meta/verify.nix -A meta + + check_dns: + runs-on: nix + steps: + - uses: actions/checkout@v3 + + - name: Check the validity of the DNS configuration + run: nix-build meta/verify.nix -A dns --no-out-link diff --git a/meta/verify.nix b/meta/verify.nix index 09f9691..15c5084 100644 --- a/meta/verify.nix +++ b/meta/verify.nix @@ -3,6 +3,20 @@ let sources = import ../npins; pkgs = import sources.nixpkgs { }; + + dns = import sources."dns.nix"; + + lib = import sources.nix-lib { + inherit (pkgs) lib; + + keysRoot = ../keys; + }; in -builtins.deepSeq ((import ./.) pkgs.lib) { } +{ + meta = builtins.deepSeq ((import ./.) pkgs.lib) { }; + + dns = dns.util.${builtins.currentSystem}.writeZone "dgnum.eu" ( + pkgs.lib.recursiveUpdate { SOA.serial = 0; } (import ./dns.nix { inherit dns lib; }) + ); +} diff --git a/npins/sources.json b/npins/sources.json index 6045a5c..2100237 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -52,6 +52,19 @@ "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.4.1", "hash": "1hm5fxpbbmzgl3qfl6gfc7ikas4piaixnav27qi719l73fnqbr8x" }, + "dns.nix": { + "type": "GitRelease", + "repository": { + "type": "Git", + "url": "https://git.hubrecht.ovh/hubrecht/dns.nix" + }, + "pre_releases": false, + "version_upper_bound": null, + "version": "v1.2.1", + "revision": "66979725afe2164491be38ffff78460cc9b0ffd7", + "url": null, + "hash": "1bashjbh71dqs32yld7ihw2vz0vrad73pc35crf3qck8ssgpzv7d" + }, "liminix": { "type": "Git", "repository": {