fix: resolve conflicts and set version for CI workflow

2025-03-19 16:02:01 -05:00 · 2025-03-19 16:02:01 -05:00 · 9c4d4b98be
commit 9c4d4b98be
parent 4f96a415f0 a508cc301b
7 changed files with 90 additions and 120 deletions
--- a/.forgejo/workflows/nix-build.yaml
+++ b/.forgejo/workflows/nix-build.yaml
@ -1,41 +0,0 @@
-on: [push]
-jobs:
-  check:
-    runs-on: nixos-host
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v3
-        
-    # cache not needed since we now run on the host directly
-    # - name: Load cached nix store
-    #   id: cache-nix-store
-    #   uses: actions/cache/restore@v4
-    #   with:
-    #     path: /nix/store
-    #     key: ${{ runner.os }}-nix-store
-
-    - name: Build server
-      run: |
-        nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#beefcake --accept-flake-config
-
-    - name: Build router
-      run: |
-        nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#router --accept-flake-config
-
-    - name: Build desktop
-      run: |
-        nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#dragon --accept-flake-config
-
-    - name: Build laptop
-      run: |
-        nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#foxtrot --accept-flake-config
-
-    - name: Build default devShell
-      run: |
-        nix develop . --build 
-
-    # - name: Save nix store
-    #   uses: actions/cache/save@v4
-    #   with:
-    #     path: /nix/store
-    #     key: ${{ steps.cache-nix-store.outputs.cache-primary-key }}
--- a/.forgejo/workflows/nix-flake-check.yaml
+++ b/.forgejo/workflows/nix-flake-check.yaml
@ -1,25 +0,0 @@
-on: [push]
-jobs:
-  check:
-    runs-on: nixos-host
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v3
-        
-    # cache not needed since we now run on the host directly
-    # - name: Load cached nix store
-    #   id: cache-nix-store
-    #   uses: actions/cache/restore@v4
-    #   with:
-    #     path: /nix/store
-    #     key: ${{ runner.os }}-nix-store
-
-    - name: Check nix flake
-      run: |
-        nix flake check
-
-    # - name: Save nix store
-    #   uses: actions/cache/save@v4
-    #   with:
-    #     path: /nix/store
-    #     key: ${{ steps.cache-nix-store.outputs.cache-primary-key }}
--- a/.forgejo/workflows/pre-merge.yaml
+++ b/.forgejo/workflows/pre-merge.yaml
@ -0,0 +1,33 @@
+on: [push]
+jobs:
+  build-host:
+    runs-on: nix-2.24.12
+    strategy:
+      matrix:
+        info:
+          - host: beefcake
+          - host: router
+          - host: dragon
+          - host: foxtrot
+          - host: flipflop
+    steps:
+    - uses: actions/checkout@v4
+    - name: Build host
+      run: |
+        nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#${{ matrix.info.host }} --accept-flake-config
+
+  build-devshell:
+    runs-on: nix-2.24.12
+    steps:
+    - uses: actions/checkout@v4
+    - name: Build default devShell
+      run: |
+        nix develop . --build --accept-flake-config
+
+  flake-check:
+    runs-on: nix-2.24.12
+    steps:
+    - uses: actions/checkout@v4
+    - name: Check nix flake
+      run: |
+        nix flake check --accept-flake-config
--- a/lib/modules/nixos/podman.nix
+++ b/lib/modules/nixos/podman.nix
@ -5,7 +5,11 @@
  ...
 }:
 {
-  config = lib.mkIf config.virtualisation.podman.enable {
+  options = {
+    podman.enable = lib.mkEnableOption "Enable podman and associated general NixOS defaults";
+  };
+
+  config = lib.mkIf config.podman.enable {
    environment = {
      systemPackages = with pkgs; [
        podman-tui
@ -15,7 +19,7 @@

    virtualisation = {
      podman = {
-        # enable = true;
+        enable = true;
        dockerCompat = true;
        dockerSocket.enable = true;
        defaultNetwork.settings.dns_enabled = true;
--- a/packages/hosts/beefcake.nix
+++ b/packages/hosts/beefcake.nix
@ -108,7 +108,7 @@
    };
  };

-  virtualisation.podman.enable = true;
+  podman.enable = true;

  services.deno-netlify-ddns-client = {
    enable = true;
@ -132,6 +132,51 @@
    lyte.shell.enable = true;
  };

+  /*
+    TODO: non-root processes and services that access secrets need to be part of
+    the 'keys' group
+
+    systemd.services.some-service = {
+      serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
+    };
+    or
+    users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
+
+    TODO: declarative directory quotas? for storage/$USER and /home/$USER
+  */
+
+  /*
+    # https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
+    services.lidarr = {
+      enable = true;
+      dataDir = "/storage/lidarr";
+    };
+
+    services.radarr = {
+      enable = true;
+      dataDir = "/storage/radarr";
+    };
+
+    services.sonarr = {
+      enable = true;
+      dataDir = "/storage/sonarr";
+    };
+
+    services.bazarr = {
+      enable = true;
+      listenPort = 6767;
+    };
+
+    networking.firewall.allowedTCPPorts = [9876 9877];
+    networking.firewall.allowedUDPPorts = [9876 9877];
+    networking.firewall.allowedUDPPortRanges = [
+      {
+        from = 27000;
+        to = 27100;
+      }
+    ];
+  */
+
  imports = [
    hardware.common-cpu-intel
    {
@ -1065,11 +1110,11 @@
            };
            labels = [
              # type ":host" does not depend on docker/podman/lxc
-              "podman"
-              "nix-2.24.12:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-2.24.12"
-              "nix-latest:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-latest"
              # "beefcake:host"
              # "nixos-host:host"
+              # "podman"
+              "nix-2.24.12:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-2.24.12"
+              "nix-latest:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-latest"
            ];
            tokenFile = config.sops.secrets."forgejo-runner.env".path;
            hostPackages = with pkgs; [
@ -2164,49 +2209,4 @@
      }
    )
  ];
-
-  /*
-    TODO: non-root processes and services that access secrets need to be part of
-    the 'keys' group
-
-    systemd.services.some-service = {
-      serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
-    };
-    or
-    users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
-
-    TODO: declarative directory quotas? for storage/$USER and /home/$USER
-  */
-
-  /*
-    # https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
-    services.lidarr = {
-      enable = true;
-      dataDir = "/storage/lidarr";
-    };
-
-    services.radarr = {
-      enable = true;
-      dataDir = "/storage/radarr";
-    };
-
-    services.sonarr = {
-      enable = true;
-      dataDir = "/storage/sonarr";
-    };
-
-    services.bazarr = {
-      enable = true;
-      listenPort = 6767;
-    };
-
-    networking.firewall.allowedTCPPorts = [9876 9877];
-    networking.firewall.allowedUDPPorts = [9876 9877];
-    networking.firewall.allowedUDPPortRanges = [
-      {
-        from = 27000;
-        to = 27100;
-      }
-    ];
-  */
 }
--- a/packages/hosts/dragon.nix
+++ b/packages/hosts/dragon.nix
@ -50,7 +50,7 @@
  services.postgresql.enable = true;
  programs.steam.enable = true;
  lyte.desktop.enable = true;
-  virtualisation.podman.enable = true;
+  podman.enable = true;

  home-manager.users.daniel = {
    lyte = {
--- a/readme.md
+++ b/readme.md
@ -5,8 +5,7 @@
 Nix for <code>lytedev</code>
 </h1>

-[![flake check status](https://git.lyte.dev/lytedev/nix/badges/workflows/nix-flake-check.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-flake-check.yaml)
-[![build status](https://git.lyte.dev/lytedev/nix/badges/workflows/nix-build.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-build.yaml)
+[![pre-merge status](https://git.lyte.dev/lytedev/nix/badges/workflows/pre-merge.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=pre-merge.yaml)

 </div>