Fix CI

458d86cc · Matthias Adamczyk · 82786ffb · 458d86cc · 458d86cc · 458d86cc
Verified Commit 458d86cc authored Sep 26, 2021 by Matthias Adamczyk
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,7 +7,7 @@ stages:
 generate-nixos-pipeline:
  stage: setup
  tags:
-  - operations-nix
+  - nix
  script:
  - nix-build .nixos-gitlab-ci.yml.nix
  - cp result .nixos-gitlab-ci.yml
@@ -29,7 +29,7 @@ editorconfig:
  stage: triggers
  needs: []
  tags:
-  - operations-nix
+  - nix
  script:
  - nix-shell -p editorconfig-checker --run editorconfig-checker -I nixpkgs=channel:nixos-unstable
@@ -37,9 +37,9 @@ iso_image:
  stage: triggers
  needs: []
  tags:
-  - operations-nix
+  - nix
  script:
-  - nix-build -A isoImage
+  - nix-shell -p git --run 'nix-build -A isoImage'
  artifacts:
    paths:
    - result/*
@@ -48,9 +48,9 @@ kexec_tarball:
  stage: triggers
  needs: []
  tags:
-  - operations-nix
+  - nix
  script:
-  - nix-build -A kexec_tarball
+  - nix-shell -p git --run 'nix-build -A kexec_tarball'
  artifacts:
    paths:
    - result/*
--- a/.nixos-gitlab-ci.yml.nix
+++ b/.nixos-gitlab-ci.yml.nix
@@ -4,15 +4,15 @@ let
  jobs = lib.mapAttrs (
    name: host: {
      stage = "build";
-      tags = [ "operations-nix" ];
+      tags = [ "nix" ];
      variables.GIT_DEPTH = 0;
      script = [
-        "nix-build --show-trace --pure-eval --option allow-import-from-derivation false --expr \"( (import (fetchGit { url = ./.; rev = \\\"$(git describe --always --abbrev=0)\\\"; })).deploy.${name} )\""
+        "nix-build --show-trace -A deploy.${name}"
      ];
    }
  ) (
    lib.filterAttrs (
-      name: host: !host.config.skipCI
+      name: host: !host.config.finf.skipCI
    ) hosts
  );

--- a/lib/hosts.nix
+++ b/lib/hosts.nix
@@ -63,7 +63,7 @@ rec {
  groupNames = unique (
    concatLists (
      mapAttrsToList (
-        name: host: host.config.deploy.groups
+        name: host: host.config.finf.deploy.groups
      ) hosts
    )
  );
@@ -72,7 +72,7 @@ rec {
    map (
      groupName: nameValuePair groupName (
        filter (
-          host: elem groupName host.config.deploy.groups
+          host: elem groupName host.config.finf.deploy.groups
        ) (
          attrValues hosts
        )

--- a/lib/iso-image.nix
+++ b/lib/iso-image.nix
-{ nixpkgs, home-manager, ... }:
+{ pkgs, ... }:
 let
-  nixos = import (nixpkgs + "/nixos") {
+  nixos = import (pkgs.path + "/nixos") {
-    configuration = { lib, pkgs, ... }: {
+    configuration = { lib, modulesPath, ... }: {
      imports = [
-        (nixpkgs + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
+        (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
-        (nixpkgs + "/nixos/modules/installer/cd-dvd/channel.nix")
+        (modulesPath + "/installer/cd-dvd/channel.nix")
-        (home-manager + "/nixos")
+        ../common
-        ../configuration/common
      ];
      boot.loader.grub.enable = false;
      boot.kernelParams = [

--- a/lib/kexec-host.nix
+++ b/lib/kexec-host.nix
@@ -2,7 +2,7 @@
 {
  imports = [
-    (modulesPath + "/installer/netboot/netboot-minimal.nix")
+    (modulesPath + "/installer/netboot/netboot.nix")
    ../common
  ];

--- a/modules/default.nix
+++ b/modules/default.nix
@@ -2,8 +2,9 @@
 {
  imports = [
+    ./deploy
+    ./misc
    ./secrets
    ./vnstat
-    ./deploy
  ];
 }
--- a/modules/deploy/default.nix
+++ b/modules/deploy/default.nix
@@ -3,11 +3,11 @@
 with lib;
 let
-  cfg = config.deploy;
+  cfg = config.finf.deploy;
 in {
  options = {
-    deploy = {
+    finf.deploy = {
      enable = mkOption {
        type = types.bool;
        default = true;
@@ -31,7 +31,7 @@ in {
  };
  config = mkIf cfg.enable {
-    deploy.groups = [ "all" config.nixpkgs.system ];
+    finf.deploy.groups = [ "all" config.nixpkgs.system ];
    system.build.deployScript = pkgs.writeScript "deploy-${config.networking.hostName}" ''
      #!${pkgs.runtimeShell}

--- a/modules/misc/default.nix
+++ b/modules/misc/default.nix
@@ -4,9 +4,11 @@ with lib;
 {
  options = {
-    skipCI = mkOption {
+    finf = {
-      type = types.bool;
+      skipCI = mkOption {
-      default = false;
+        type = types.bool;
+        default = false;
+      };
    };
  };
 }
--- a/modules/secrets/default.nix
+++ b/modules/secrets/default.nix
@@ -9,38 +9,31 @@ let
        type = types.str;
        default = moduleAttrs.config._module.args.name;
      };
      path = mkOption {
        type = types.str;
        readOnly = true;
        default = "/run/secrets/${removeSuffix ".gpg" (baseNameOf moduleAttrs.config.source-path)}";
      };
      mode = mkOption {
        type = types.str;
        default = "0400";
      };
      owner = mkOption {
        type = types.str;
        default = "root";
      };
      group-name = mkOption {
        type = types.str;
        default = "root";
      };
      source-path = mkOption {
        type = types.str;
        default = pkgs.copyPathToStore "${toString ../../secrets}/${config.networking.hostName}/${moduleAttrs.config.name}.gpg";
      };
      encrypted = mkOption {
        type = types.bool;
        default = true;
      };
      enable = mkOption {
        type = types.bool;
        default = true;
@@ -62,7 +55,6 @@ let
      ''}
    fi
  '';
  mkSetupSecret = file: pkgs.writeScript "setup-secret-${removeSuffix ".gpg" (baseNameOf file.source-path)}.sh" ''
    #!${pkgs.runtimeShell}
    set -eu pipefail
@@ -75,7 +67,6 @@ in {
    type = with types; attrsOf secret-file;
    default = {};
  };
  config = mkIf (enabledFiles != {}) {
    system.activationScripts = let
      files = unique (map (flip removeAttrs ["_module"]) (attrValues enabledFiles));

--- a/modules/vnstat/default.nix
+++ b/modules/vnstat/default.nix
 { config, lib, pkgs, ... }:
 let
-  cfg = config.vnstat;
+  cfg = config.finf.vnstat;
 in {
  imports = [
    ./nginx.nix
  ];
-  options.vnstat = with lib; {
+  options.finf.vnstat = with lib; {
    enable = mkEnableOption "just some fancy traffic pics";
    generateImages = mkOption {

--- a/modules/vnstat/nginx.nix
+++ b/modules/vnstat/nginx.nix
 { config, lib, pkgs, ... }:
 let
-  cfg = config.vnstat.nginx;
+  cfg = config.finf.vnstat.nginx;
 in {
-  options.vnstat.nginx = with lib; {
+  options.finf.vnstat.nginx = with lib; {
    enable = mkEnableOption "nginx virtual host for traffic pics";
    domain = mkOption {
@@ -21,7 +21,7 @@ in {
  config = lib.mkIf cfg.enable {
    assertions = [
      ({
-        assertion = config.vnstat.generateImages;
+        assertion = config.finf.vnstat.generateImages;
        message = "nginx requires vnstat.generateImages == true";
      })
    ];