Verified Commit 458d86cc authored by Matthias Adamczyk's avatar Matthias Adamczyk
Browse files

Fix CI

parent 82786ffb
Pipeline #302 passed with stages
in 2 minutes and 32 seconds
...@@ -7,7 +7,7 @@ stages: ...@@ -7,7 +7,7 @@ stages:
generate-nixos-pipeline: generate-nixos-pipeline:
stage: setup stage: setup
tags: tags:
- operations-nix - nix
script: script:
- nix-build .nixos-gitlab-ci.yml.nix - nix-build .nixos-gitlab-ci.yml.nix
- cp result .nixos-gitlab-ci.yml - cp result .nixos-gitlab-ci.yml
...@@ -29,7 +29,7 @@ editorconfig: ...@@ -29,7 +29,7 @@ editorconfig:
stage: triggers stage: triggers
needs: [] needs: []
tags: tags:
- operations-nix - nix
script: script:
- nix-shell -p editorconfig-checker --run editorconfig-checker -I nixpkgs=channel:nixos-unstable - nix-shell -p editorconfig-checker --run editorconfig-checker -I nixpkgs=channel:nixos-unstable
...@@ -37,9 +37,9 @@ iso_image: ...@@ -37,9 +37,9 @@ iso_image:
stage: triggers stage: triggers
needs: [] needs: []
tags: tags:
- operations-nix - nix
script: script:
- nix-build -A isoImage - nix-shell -p git --run 'nix-build -A isoImage'
artifacts: artifacts:
paths: paths:
- result/* - result/*
...@@ -48,9 +48,9 @@ kexec_tarball: ...@@ -48,9 +48,9 @@ kexec_tarball:
stage: triggers stage: triggers
needs: [] needs: []
tags: tags:
- operations-nix - nix
script: script:
- nix-build -A kexec_tarball - nix-shell -p git --run 'nix-build -A kexec_tarball'
artifacts: artifacts:
paths: paths:
- result/* - result/*
...@@ -4,15 +4,15 @@ let ...@@ -4,15 +4,15 @@ let
jobs = lib.mapAttrs ( jobs = lib.mapAttrs (
name: host: { name: host: {
stage = "build"; stage = "build";
tags = [ "operations-nix" ]; tags = [ "nix" ];
variables.GIT_DEPTH = 0; variables.GIT_DEPTH = 0;
script = [ script = [
"nix-build --show-trace --pure-eval --option allow-import-from-derivation false --expr \"( (import (fetchGit { url = ./.; rev = \\\"$(git describe --always --abbrev=0)\\\"; })).deploy.${name} )\"" "nix-build --show-trace -A deploy.${name}"
]; ];
} }
) ( ) (
lib.filterAttrs ( lib.filterAttrs (
name: host: !host.config.skipCI name: host: !host.config.finf.skipCI
) hosts ) hosts
); );
......
...@@ -63,7 +63,7 @@ rec { ...@@ -63,7 +63,7 @@ rec {
groupNames = unique ( groupNames = unique (
concatLists ( concatLists (
mapAttrsToList ( mapAttrsToList (
name: host: host.config.deploy.groups name: host: host.config.finf.deploy.groups
) hosts ) hosts
) )
); );
...@@ -72,7 +72,7 @@ rec { ...@@ -72,7 +72,7 @@ rec {
map ( map (
groupName: nameValuePair groupName ( groupName: nameValuePair groupName (
filter ( filter (
host: elem groupName host.config.deploy.groups host: elem groupName host.config.finf.deploy.groups
) ( ) (
attrValues hosts attrValues hosts
) )
......
{ nixpkgs, home-manager, ... }: { pkgs, ... }:
let let
nixos = import (nixpkgs + "/nixos") { nixos = import (pkgs.path + "/nixos") {
configuration = { lib, pkgs, ... }: { configuration = { lib, modulesPath, ... }: {
imports = [ imports = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix") (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
(nixpkgs + "/nixos/modules/installer/cd-dvd/channel.nix") (modulesPath + "/installer/cd-dvd/channel.nix")
(home-manager + "/nixos") ../common
../configuration/common
]; ];
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
boot.kernelParams = [ boot.kernelParams = [
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
{ {
imports = [ imports = [
(modulesPath + "/installer/netboot/netboot-minimal.nix") (modulesPath + "/installer/netboot/netboot.nix")
../common ../common
]; ];
......
...@@ -2,8 +2,9 @@ ...@@ -2,8 +2,9 @@
{ {
imports = [ imports = [
./deploy
./misc
./secrets ./secrets
./vnstat ./vnstat
./deploy
]; ];
} }
...@@ -3,11 +3,11 @@ ...@@ -3,11 +3,11 @@
with lib; with lib;
let let
cfg = config.deploy; cfg = config.finf.deploy;
in { in {
options = { options = {
deploy = { finf.deploy = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
...@@ -31,7 +31,7 @@ in { ...@@ -31,7 +31,7 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
deploy.groups = [ "all" config.nixpkgs.system ]; finf.deploy.groups = [ "all" config.nixpkgs.system ];
system.build.deployScript = pkgs.writeScript "deploy-${config.networking.hostName}" '' system.build.deployScript = pkgs.writeScript "deploy-${config.networking.hostName}" ''
#!${pkgs.runtimeShell} #!${pkgs.runtimeShell}
......
...@@ -4,9 +4,11 @@ with lib; ...@@ -4,9 +4,11 @@ with lib;
{ {
options = { options = {
finf = {
skipCI = mkOption { skipCI = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
}; };
}; };
};
} }
...@@ -9,38 +9,31 @@ let ...@@ -9,38 +9,31 @@ let
type = types.str; type = types.str;
default = moduleAttrs.config._module.args.name; default = moduleAttrs.config._module.args.name;
}; };
path = mkOption { path = mkOption {
type = types.str; type = types.str;
readOnly = true; readOnly = true;
default = "/run/secrets/${removeSuffix ".gpg" (baseNameOf moduleAttrs.config.source-path)}"; default = "/run/secrets/${removeSuffix ".gpg" (baseNameOf moduleAttrs.config.source-path)}";
}; };
mode = mkOption { mode = mkOption {
type = types.str; type = types.str;
default = "0400"; default = "0400";
}; };
owner = mkOption { owner = mkOption {
type = types.str; type = types.str;
default = "root"; default = "root";
}; };
group-name = mkOption { group-name = mkOption {
type = types.str; type = types.str;
default = "root"; default = "root";
}; };
source-path = mkOption { source-path = mkOption {
type = types.str; type = types.str;
default = pkgs.copyPathToStore "${toString ../../secrets}/${config.networking.hostName}/${moduleAttrs.config.name}.gpg"; default = pkgs.copyPathToStore "${toString ../../secrets}/${config.networking.hostName}/${moduleAttrs.config.name}.gpg";
}; };
encrypted = mkOption { encrypted = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
}; };
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
...@@ -62,7 +55,6 @@ let ...@@ -62,7 +55,6 @@ let
''} ''}
fi fi
''; '';
mkSetupSecret = file: pkgs.writeScript "setup-secret-${removeSuffix ".gpg" (baseNameOf file.source-path)}.sh" '' mkSetupSecret = file: pkgs.writeScript "setup-secret-${removeSuffix ".gpg" (baseNameOf file.source-path)}.sh" ''
#!${pkgs.runtimeShell} #!${pkgs.runtimeShell}
set -eu pipefail set -eu pipefail
...@@ -75,7 +67,6 @@ in { ...@@ -75,7 +67,6 @@ in {
type = with types; attrsOf secret-file; type = with types; attrsOf secret-file;
default = {}; default = {};
}; };
config = mkIf (enabledFiles != {}) { config = mkIf (enabledFiles != {}) {
system.activationScripts = let system.activationScripts = let
files = unique (map (flip removeAttrs ["_module"]) (attrValues enabledFiles)); files = unique (map (flip removeAttrs ["_module"]) (attrValues enabledFiles));
......
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.vnstat; cfg = config.finf.vnstat;
in { in {
imports = [ imports = [
./nginx.nix ./nginx.nix
]; ];
options.vnstat = with lib; { options.finf.vnstat = with lib; {
enable = mkEnableOption "just some fancy traffic pics"; enable = mkEnableOption "just some fancy traffic pics";
generateImages = mkOption { generateImages = mkOption {
......
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.vnstat.nginx; cfg = config.finf.vnstat.nginx;
in { in {
options.vnstat.nginx = with lib; { options.finf.vnstat.nginx = with lib; {
enable = mkEnableOption "nginx virtual host for traffic pics"; enable = mkEnableOption "nginx virtual host for traffic pics";
domain = mkOption { domain = mkOption {
...@@ -21,7 +21,7 @@ in { ...@@ -21,7 +21,7 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
assertions = [ assertions = [
({ ({
assertion = config.vnstat.generateImages; assertion = config.finf.vnstat.generateImages;
message = "nginx requires vnstat.generateImages == true"; message = "nginx requires vnstat.generateImages == true";
}) })
]; ];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment