SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-23 20:08:28 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:185fd5a53bd6def7f7e1e5258b458a3bc6daa48a
Branches Tags
SebastianStork:main
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:testing-srv-core
..
compare: SebastianStork:5378787ac00953392bcf7c8dfa6b6c090296bb5b
Branches Tags
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:main
SebastianStork:testing-srv-core

No commits in common. "185fd5a53bd6def7f7e1e5258b458a3bc6daa48a" and "5378787ac00953392bcf7c8dfa6b6c090296bb5b" have entirely different histories.
185fd5a53b ... 5378787ac0

11 changed files with 83 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

30
.github/workflows/build-host.yml vendored Normal file
View file

@ -0,0 +1,30 @@
name: Build host
on:
workflow_call:
inputs:
hosts:
required: true
type: string
secrets:
CACHIX_AUTH_TOKEN:
required: true
jobs:
build-host:
name: ${{ matrix.host }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
host: ${{ fromJson(inputs.hosts) }}
steps:
- uses: actions/checkout@v5
- uses: cachix/install-nix-action@v31
with:
extra_nix_config: experimental-features = nix-command flakes pipe-operators
- uses: cachix/cachix-action@v15
with:
name: sebastian-stork
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
useDaemon: false
- name: Build host
run: nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --print-build-logs

66
.github/workflows/ci.yml vendored
View file

@ -16,6 +16,11 @@ jobs:
- uses: cachix/install-nix-action@v31
with:
extra_nix_config: experimental-features = nix-command flakes pipe-operators
- name: Get packages
id: packages
run: |
packages=$(nix flake show --json | jq -c '.packages."x86_64-linux" | keys')
printf "packages=%s" "$packages" >> "$GITHUB_OUTPUT"
- name: Get checks
id: checks
run: |
@ -27,11 +32,38 @@ jobs:
servers=$(nix eval .#nixosConfigurations --apply 'configs:
configs
|> builtins.attrNames
|> builtins.filter (hostName: configs.${hostName}.config.custom.services.comin.enable)
|> builtins.filter (name: configs.${name}.config.custom.services.comin.enable)
' --json)
printf "servers=%s" "$servers" >> "$GITHUB_OUTPUT"
- name: Get workstations
id: workstations
run: |
workstations=$(nix eval .#nixosConfigurations --apply 'configs:
configs
|> builtins.attrNames
|> builtins.filter (name: !configs.${name}.config.custom.services.comin.enable)
' --json)
printf "workstations=%s" "$workstations" >> "$GITHUB_OUTPUT"
build-package:
needs: parse-flake
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
package: ${{ fromJson(needs.parse-flake.outputs.packages) }}
steps:
- uses: actions/checkout@v5
- uses: cachix/install-nix-action@v31
with:
extra_nix_config: experimental-features = nix-command flakes pipe-operators
- uses: cachix/cachix-action@v15
with:
name: sebastian-stork
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
useDaemon: false
- name: Build package
run: nix build .#packages.x86_64-linux.${{ matrix.package }} --print-build-logs
build-check:
name: ${{ matrix.check }}
needs: parse-flake
runs-on: ubuntu-latest
strategy:
@ -51,25 +83,19 @@ jobs:
- name: Build check
run: nix build .#checks.x86_64-linux.${{ matrix.check }} --print-build-logs
build-server:
name: ${{ matrix.server }}
needs: parse-flake
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
server: ${{ fromJson(needs.parse-flake.outputs.servers) }}
steps:
- uses: actions/checkout@v5
- uses: cachix/install-nix-action@v31
with:
extra_nix_config: experimental-features = nix-command flakes pipe-operators
- uses: cachix/cachix-action@v15
with:
name: sebastian-stork
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
useDaemon: false
- name: Build server
run: nix build .#nixosConfigurations.${{ matrix.server }}.config.system.build.toplevel --print-build-logs
uses: ./.github/workflows/build-host.yml
with:
hosts: ${{ needs.parse-flake.outputs.servers }}
secrets:
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
build-workstation:
needs: parse-flake
uses: ./.github/workflows/build-host.yml
with:
hosts: ${{ needs.parse-flake.outputs.workstations }}
secrets:
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
deploy:
needs: [build-check, build-server]
runs-on: ubuntu-latest

0
hosts/srv-core/default.nix → hosts/homeserver/default.nix
View file

0
hosts/srv-core/disko.nix → hosts/homeserver/disko.nix
View file

0
hosts/srv-core/hardware.nix → hosts/homeserver/hardware.nix
View file

0
hosts/srv-core/keys/age.pub → hosts/homeserver/keys/age.pub
View file

7
hosts/homeserver/keys/nebula.crt Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIG+oFiACmhvbWVzZXJ2ZXKhBwQFCv76BhijEwwGc2VydmVyDAlzeW5jdGhpbmeF
BGmiGqqGBGsoffSHIBVD/hlbqt7XLMVqDE4DhIQzJRBaXtQIwm5gRTI7c0VogiAZ
e96epRDtw/rMTdFK2zGNir1IwMaj+yBQZk7+5zkMdYNAgVBstID36JKriSzF5nlz
oonUUfccrIASiwr3HqRgeWA2SnvS9r8qf2s+PfTkX2a+jymnHOlzB0GSeWx7JeZo
AQ==
-----END NEBULA CERTIFICATE V2-----

0
hosts/srv-core/keys/nebula.pub → hosts/homeserver/keys/nebula.pub
View file

0
hosts/srv-core/keys/syncthing.id → hosts/homeserver/keys/syncthing.id
View file

0
hosts/srv-core/secrets.json → hosts/homeserver/secrets.json
View file

6
hosts/srv-core/keys/nebula.crt
View file

@ -1,6 +0,0 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIG8oFaACHNydi1jb3JloQcEBQr++gYYoxMMBnNlcnZlcgwJc3luY3RoaW5nhQRp
pz3vhgRrKH30hyAVQ/4ZW6re1yzFagxOA4SEMyUQWl7UCMJuYEUyO3NFaIIgGXve
nqUQ7cP6zE3RStsxjYq9SMDGo/sgUGZO/uc5DHWDQMuJeHoWRFXit1LEzlKFWrXR
/I4ZGhqCsE9r/bNYw5uYzVcVGb1DNIWu7KJJ/TPB2syGBYzYOWy8yJOa0rmU3wI=
-----END NEBULA CERTIFICATE V2-----