Verified Commit 458d86cc authored by Matthias Adamczyk's avatar Matthias Adamczyk
Browse files

Fix CI

parent 82786ffb
Pipeline #302 passed with stages
in 2 minutes and 32 seconds
......@@ -7,7 +7,7 @@ stages:
generate-nixos-pipeline:
stage: setup
tags:
- operations-nix
- nix
script:
- nix-build .nixos-gitlab-ci.yml.nix
- cp result .nixos-gitlab-ci.yml
......@@ -29,7 +29,7 @@ editorconfig:
stage: triggers
needs: []
tags:
- operations-nix
- nix
script:
- nix-shell -p editorconfig-checker --run editorconfig-checker -I nixpkgs=channel:nixos-unstable
......@@ -37,9 +37,9 @@ iso_image:
stage: triggers
needs: []
tags:
- operations-nix
- nix
script:
- nix-build -A isoImage
- nix-shell -p git --run 'nix-build -A isoImage'
artifacts:
paths:
- result/*
......@@ -48,9 +48,9 @@ kexec_tarball:
stage: triggers
needs: []
tags:
- operations-nix
- nix
script:
- nix-build -A kexec_tarball
- nix-shell -p git --run 'nix-build -A kexec_tarball'
artifacts:
paths:
- result/*
......@@ -4,15 +4,15 @@ let
jobs = lib.mapAttrs (
name: host: {
stage = "build";
tags = [ "operations-nix" ];
tags = [ "nix" ];
variables.GIT_DEPTH = 0;
script = [
"nix-build --show-trace --pure-eval --option allow-import-from-derivation false --expr \"( (import (fetchGit { url = ./.; rev = \\\"$(git describe --always --abbrev=0)\\\"; })).deploy.${name} )\""
"nix-build --show-trace -A deploy.${name}"
];
}
) (
lib.filterAttrs (
name: host: !host.config.skipCI
name: host: !host.config.finf.skipCI
) hosts
);
......
......@@ -63,7 +63,7 @@ rec {
groupNames = unique (
concatLists (
mapAttrsToList (
name: host: host.config.deploy.groups
name: host: host.config.finf.deploy.groups
) hosts
)
);
......@@ -72,7 +72,7 @@ rec {
map (
groupName: nameValuePair groupName (
filter (
host: elem groupName host.config.deploy.groups
host: elem groupName host.config.finf.deploy.groups
) (
attrValues hosts
)
......
{ nixpkgs, home-manager, ... }:
{ pkgs, ... }:
let
nixos = import (nixpkgs + "/nixos") {
configuration = { lib, pkgs, ... }: {
nixos = import (pkgs.path + "/nixos") {
configuration = { lib, modulesPath, ... }: {
imports = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
(nixpkgs + "/nixos/modules/installer/cd-dvd/channel.nix")
(home-manager + "/nixos")
../configuration/common
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
(modulesPath + "/installer/cd-dvd/channel.nix")
../common
];
boot.loader.grub.enable = false;
boot.kernelParams = [
......
......@@ -2,7 +2,7 @@
{
imports = [
(modulesPath + "/installer/netboot/netboot-minimal.nix")
(modulesPath + "/installer/netboot/netboot.nix")
../common
];
......
......@@ -2,8 +2,9 @@
{
imports = [
./deploy
./misc
./secrets
./vnstat
./deploy
];
}
......@@ -3,11 +3,11 @@
with lib;
let
cfg = config.deploy;
cfg = config.finf.deploy;
in {
options = {
deploy = {
finf.deploy = {
enable = mkOption {
type = types.bool;
default = true;
......@@ -31,7 +31,7 @@ in {
};
config = mkIf cfg.enable {
deploy.groups = [ "all" config.nixpkgs.system ];
finf.deploy.groups = [ "all" config.nixpkgs.system ];
system.build.deployScript = pkgs.writeScript "deploy-${config.networking.hostName}" ''
#!${pkgs.runtimeShell}
......
......@@ -4,9 +4,11 @@ with lib;
{
options = {
finf = {
skipCI = mkOption {
type = types.bool;
default = false;
};
};
};
}
......@@ -9,38 +9,31 @@ let
type = types.str;
default = moduleAttrs.config._module.args.name;
};
path = mkOption {
type = types.str;
readOnly = true;
default = "/run/secrets/${removeSuffix ".gpg" (baseNameOf moduleAttrs.config.source-path)}";
};
mode = mkOption {
type = types.str;
default = "0400";
};
owner = mkOption {
type = types.str;
default = "root";
};
group-name = mkOption {
type = types.str;
default = "root";
};
source-path = mkOption {
type = types.str;
default = pkgs.copyPathToStore "${toString ../../secrets}/${config.networking.hostName}/${moduleAttrs.config.name}.gpg";
};
encrypted = mkOption {
type = types.bool;
default = true;
};
enable = mkOption {
type = types.bool;
default = true;
......@@ -62,7 +55,6 @@ let
''}
fi
'';
mkSetupSecret = file: pkgs.writeScript "setup-secret-${removeSuffix ".gpg" (baseNameOf file.source-path)}.sh" ''
#!${pkgs.runtimeShell}
set -eu pipefail
......@@ -75,7 +67,6 @@ in {
type = with types; attrsOf secret-file;
default = {};
};
config = mkIf (enabledFiles != {}) {
system.activationScripts = let
files = unique (map (flip removeAttrs ["_module"]) (attrValues enabledFiles));
......
{ config, lib, pkgs, ... }:
let
cfg = config.vnstat;
cfg = config.finf.vnstat;
in {
imports = [
./nginx.nix
];
options.vnstat = with lib; {
options.finf.vnstat = with lib; {
enable = mkEnableOption "just some fancy traffic pics";
generateImages = mkOption {
......
{ config, lib, pkgs, ... }:
let
cfg = config.vnstat.nginx;
cfg = config.finf.vnstat.nginx;
in {
options.vnstat.nginx = with lib; {
options.finf.vnstat.nginx = with lib; {
enable = mkEnableOption "nginx virtual host for traffic pics";
domain = mkOption {
......@@ -21,7 +21,7 @@ in {
config = lib.mkIf cfg.enable {
assertions = [
({
assertion = config.vnstat.generateImages;
assertion = config.finf.vnstat.generateImages;
message = "nginx requires vnstat.generateImages == true";
})
];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment