fix: resolve conflicts and set version for CI workflow
Some checks failed
/ build-host (map[host:beefcake]) (push) Failing after 49s
/ build-host (map[host:dragon]) (push) Failing after 47s
/ build-host (map[host:flipflop]) (push) Failing after 51s
/ build-host (map[host:foxtrot]) (push) Failing after 51s
/ build-host (map[host:router]) (push) Failing after 40s
/ build-devshell (push) Failing after 51s
/ flake-check (push) Failing after 42s
Some checks failed
/ build-host (map[host:beefcake]) (push) Failing after 49s
/ build-host (map[host:dragon]) (push) Failing after 47s
/ build-host (map[host:flipflop]) (push) Failing after 51s
/ build-host (map[host:foxtrot]) (push) Failing after 51s
/ build-host (map[host:router]) (push) Failing after 40s
/ build-devshell (push) Failing after 51s
/ flake-check (push) Failing after 42s
This commit is contained in:
commit
f637419595
8 changed files with 111 additions and 123 deletions
|
|
@ -1,41 +0,0 @@
|
|||
on: [push]
|
||||
jobs:
|
||||
check:
|
||||
runs-on: nixos-host
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# cache not needed since we now run on the host directly
|
||||
# - name: Load cached nix store
|
||||
# id: cache-nix-store
|
||||
# uses: actions/cache/restore@v4
|
||||
# with:
|
||||
# path: /nix/store
|
||||
# key: ${{ runner.os }}-nix-store
|
||||
|
||||
- name: Build server
|
||||
run: |
|
||||
nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#beefcake --accept-flake-config
|
||||
|
||||
- name: Build router
|
||||
run: |
|
||||
nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#router --accept-flake-config
|
||||
|
||||
- name: Build desktop
|
||||
run: |
|
||||
nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#dragon --accept-flake-config
|
||||
|
||||
- name: Build laptop
|
||||
run: |
|
||||
nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#foxtrot --accept-flake-config
|
||||
|
||||
- name: Build default devShell
|
||||
run: |
|
||||
nix develop . --build
|
||||
|
||||
# - name: Save nix store
|
||||
# uses: actions/cache/save@v4
|
||||
# with:
|
||||
# path: /nix/store
|
||||
# key: ${{ steps.cache-nix-store.outputs.cache-primary-key }}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
on: [push]
|
||||
jobs:
|
||||
check:
|
||||
runs-on: nixos-host
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# cache not needed since we now run on the host directly
|
||||
# - name: Load cached nix store
|
||||
# id: cache-nix-store
|
||||
# uses: actions/cache/restore@v4
|
||||
# with:
|
||||
# path: /nix/store
|
||||
# key: ${{ runner.os }}-nix-store
|
||||
|
||||
- name: Check nix flake
|
||||
run: |
|
||||
nix flake check
|
||||
|
||||
# - name: Save nix store
|
||||
# uses: actions/cache/save@v4
|
||||
# with:
|
||||
# path: /nix/store
|
||||
# key: ${{ steps.cache-nix-store.outputs.cache-primary-key }}
|
||||
33
.forgejo/workflows/pre-merge.yaml
Normal file
33
.forgejo/workflows/pre-merge.yaml
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
on: [push]
|
||||
jobs:
|
||||
build-host:
|
||||
runs-on: nix-2.24.12
|
||||
strategy:
|
||||
matrix:
|
||||
info:
|
||||
- host: beefcake
|
||||
- host: router
|
||||
- host: dragon
|
||||
- host: foxtrot
|
||||
- host: flipflop
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Build host
|
||||
run: |
|
||||
nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#${{ matrix.info.host }} --accept-flake-config
|
||||
|
||||
build-devshell:
|
||||
runs-on: nix-2.24.12
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Build default devShell
|
||||
run: |
|
||||
nix develop . --build --accept-flake-config
|
||||
|
||||
flake-check:
|
||||
runs-on: nix-2.24.12
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Check nix flake
|
||||
run: |
|
||||
nix flake check --accept-flake-config
|
||||
|
|
@ -5,7 +5,11 @@
|
|||
...
|
||||
}:
|
||||
{
|
||||
config = lib.mkIf config.virtualisation.podman.enable {
|
||||
options = {
|
||||
podman.enable = lib.mkEnableOption "Enable podman and associated general NixOS defaults";
|
||||
};
|
||||
|
||||
config = lib.mkIf config.podman.enable {
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
podman-tui
|
||||
|
|
@ -15,7 +19,7 @@
|
|||
|
||||
virtualisation = {
|
||||
podman = {
|
||||
# enable = true;
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
dockerSocket.enable = true;
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
|
|
|
|||
|
|
@ -1,23 +1,40 @@
|
|||
{
|
||||
git,
|
||||
findutils,
|
||||
coreutils,
|
||||
nodejs_23,
|
||||
nix,
|
||||
gnugrep,
|
||||
gawk,
|
||||
bash,
|
||||
jq,
|
||||
dockerTools,
|
||||
cacert,
|
||||
}:
|
||||
let
|
||||
pname = "forgejo-actions-container";
|
||||
version = "3";
|
||||
in
|
||||
# bootstrap this into the forgejo server with
|
||||
# $ podman login ${FORGEJO_ENDPOINT:-git.lyte.dev}
|
||||
# $ podman image load -i (nix build .#forgejo-actions-container --print-out-paths)
|
||||
# $ podman image push git.lyte.dev/lytedev/nix:forgejo-actions-container-$NIX_VERSION
|
||||
# $ podman push git.lyte.dev/lytedev/nix:forgejo-actions-container-v$IMAGE_VERSION-nix-v$NIX_VERSION
|
||||
dockerTools.buildLayeredImage {
|
||||
name = "git.lyte.dev/lytedev/nix";
|
||||
tag = "${pname}-${nix.version}";
|
||||
tag = "${pname}-v${version}-nix-v${nix.version}";
|
||||
config = {
|
||||
Cmd = [ "/bin/nix" ];
|
||||
};
|
||||
contents = [
|
||||
nix
|
||||
gnugrep
|
||||
gawk
|
||||
bash
|
||||
jq
|
||||
findutils
|
||||
nodejs_23
|
||||
coreutils
|
||||
cacert
|
||||
git
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
virtualisation.podman.enable = true;
|
||||
podman.enable = true;
|
||||
|
||||
services.deno-netlify-ddns-client = {
|
||||
enable = true;
|
||||
|
|
@ -132,6 +132,51 @@
|
|||
lyte.shell.enable = true;
|
||||
};
|
||||
|
||||
/*
|
||||
TODO: non-root processes and services that access secrets need to be part of
|
||||
the 'keys' group
|
||||
|
||||
systemd.services.some-service = {
|
||||
serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
|
||||
};
|
||||
or
|
||||
users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
|
||||
|
||||
TODO: declarative directory quotas? for storage/$USER and /home/$USER
|
||||
*/
|
||||
|
||||
/*
|
||||
# https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
|
||||
services.lidarr = {
|
||||
enable = true;
|
||||
dataDir = "/storage/lidarr";
|
||||
};
|
||||
|
||||
services.radarr = {
|
||||
enable = true;
|
||||
dataDir = "/storage/radarr";
|
||||
};
|
||||
|
||||
services.sonarr = {
|
||||
enable = true;
|
||||
dataDir = "/storage/sonarr";
|
||||
};
|
||||
|
||||
services.bazarr = {
|
||||
enable = true;
|
||||
listenPort = 6767;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [9876 9877];
|
||||
networking.firewall.allowedUDPPorts = [9876 9877];
|
||||
networking.firewall.allowedUDPPortRanges = [
|
||||
{
|
||||
from = 27000;
|
||||
to = 27100;
|
||||
}
|
||||
];
|
||||
*/
|
||||
|
||||
imports = [
|
||||
hardware.common-cpu-intel
|
||||
{
|
||||
|
|
@ -1060,16 +1105,17 @@
|
|||
container = {
|
||||
# use the shared network which is bridged by default
|
||||
# this lets us hit git.lyte.dev just fine
|
||||
network = "podman";
|
||||
# network = "podman";
|
||||
network = "host";
|
||||
};
|
||||
};
|
||||
labels = [
|
||||
# type ":host" does not depend on docker/podman/lxc
|
||||
"podman"
|
||||
"nix-2.24.12:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-2.24.12"
|
||||
"nix-latest:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-latest"
|
||||
# "beefcake:host"
|
||||
# "nixos-host:host"
|
||||
# "podman"
|
||||
"nix-2.24.12:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-v3-nix-v2.24.12"
|
||||
"nix-latest:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-latest"
|
||||
];
|
||||
tokenFile = config.sops.secrets."forgejo-runner.env".path;
|
||||
hostPackages = with pkgs; [
|
||||
|
|
@ -2164,49 +2210,4 @@
|
|||
}
|
||||
)
|
||||
];
|
||||
|
||||
/*
|
||||
TODO: non-root processes and services that access secrets need to be part of
|
||||
the 'keys' group
|
||||
|
||||
systemd.services.some-service = {
|
||||
serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
|
||||
};
|
||||
or
|
||||
users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
|
||||
|
||||
TODO: declarative directory quotas? for storage/$USER and /home/$USER
|
||||
*/
|
||||
|
||||
/*
|
||||
# https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
|
||||
services.lidarr = {
|
||||
enable = true;
|
||||
dataDir = "/storage/lidarr";
|
||||
};
|
||||
|
||||
services.radarr = {
|
||||
enable = true;
|
||||
dataDir = "/storage/radarr";
|
||||
};
|
||||
|
||||
services.sonarr = {
|
||||
enable = true;
|
||||
dataDir = "/storage/sonarr";
|
||||
};
|
||||
|
||||
services.bazarr = {
|
||||
enable = true;
|
||||
listenPort = 6767;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [9876 9877];
|
||||
networking.firewall.allowedUDPPorts = [9876 9877];
|
||||
networking.firewall.allowedUDPPortRanges = [
|
||||
{
|
||||
from = 27000;
|
||||
to = 27100;
|
||||
}
|
||||
];
|
||||
*/
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@
|
|||
services.postgresql.enable = true;
|
||||
programs.steam.enable = true;
|
||||
lyte.desktop.enable = true;
|
||||
virtualisation.podman.enable = true;
|
||||
podman.enable = true;
|
||||
|
||||
home-manager.users.daniel = {
|
||||
lyte = {
|
||||
|
|
|
|||
|
|
@ -5,8 +5,7 @@
|
|||
Nix for <code>lytedev</code>
|
||||
</h1>
|
||||
|
||||
[](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-flake-check.yaml)
|
||||
[](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-build.yaml)
|
||||
[](https://git.lyte.dev/lytedev/nix/actions?workflow=pre-merge.yaml)
|
||||
|
||||
</div>
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue