From 98136e802bc6aa72de13ecb53159815a985c2c5b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 6 Aug 2024 15:41:59 +0100 Subject: [PATCH 1/4] fix: git is important enough that it should have its own folder --- applications/{ => git}/gitlab.nix | 12 ++++++------ applications/{ => git}/gitlab_runner.nix | 4 ++-- machines/glados.nix | 2 +- machines/wheatly.nix | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) rename applications/{ => git}/gitlab.nix (95%) rename applications/{ => git}/gitlab_runner.nix (96%) diff --git a/applications/gitlab.nix b/applications/git/gitlab.nix similarity index 95% rename from applications/gitlab.nix rename to applications/git/gitlab.nix index a65c43e..0d90b7b 100644 --- a/applications/gitlab.nix +++ b/applications/git/gitlab.nix @@ -56,32 +56,32 @@ in { # grep -r --exclude-dir={docker,containers,log,sys,nix,proc} gitlab / age.secrets.gitlab_pw = { - file = ../secrets/gitlab/pw.age; + file = ../../secrets/gitlab/pw.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_db = { - file = ../secrets/gitlab/secrets_db.age; + file = ../../secrets/gitlab/secrets_db.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_secret = { - file = ../secrets/gitlab/secrets_secret.age; + file = ../../secrets/gitlab/secrets_secret.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_otp = { - file = ../secrets/gitlab/secrets_otp.age; + file = ../../secrets/gitlab/secrets_otp.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_jws = { - file = ../secrets/gitlab/secrets_jws.age; + file = ../../secrets/gitlab/secrets_jws.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_db_pw = { - file = ../secrets/gitlab/db_pw.age; + file = ../../secrets/gitlab/db_pw.age; owner = cfg.user; group = cfg.user; }; diff --git a/applications/gitlab_runner.nix b/applications/git/gitlab_runner.nix similarity index 96% rename from applications/gitlab_runner.nix rename to applications/git/gitlab_runner.nix index 13d296a..f5041bf 100644 --- a/applications/gitlab_runner.nix +++ b/applications/git/gitlab_runner.nix @@ -51,8 +51,8 @@ in { pkgs.gitlab-runner ]; - age.secrets.runner_01_nix.file = ../secrets/gitlab/runners/runner01.age; - age.secrets.runner_02_general.file = ../secrets/gitlab/runners/runner02.age; + age.secrets.runner_01_nix.file = ../../secrets/gitlab/runners/runner01.age; + age.secrets.runner_02_general.file = ../../secrets/gitlab/runners/runner02.age; boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1 virtualisation.docker.enable = true; diff --git a/machines/glados.nix b/machines/glados.nix index a745ee6..4a76b21 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -26,7 +26,7 @@ Notes: Each user has roughly 20gb os storage }; in { imports = [ - ../applications/gitlab.nix + ../applications/git/gitlab.nix ]; deployment = { diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 308bef9..35f1f0f 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -25,7 +25,7 @@ Notes: }; in { imports = [ - ../applications/gitlab_runner.nix + ../applications/git/gitlab_runner.nix ]; deployment = { From 97d1783561ee9cf4fd5203e9f08be32084f00caa Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 6 Aug 2024 20:52:19 +0100 Subject: [PATCH 2/4] feat: basic config for ForgeJo --- applications/git/forgejo.nix | 116 +++++++++++++++++++++++++++++++++++ flake.lock | 6 +- machines/glados.nix | 2 + 3 files changed, 121 insertions(+), 3 deletions(-) create mode 100644 applications/git/forgejo.nix diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix new file mode 100644 index 0000000..fc6e19a --- /dev/null +++ b/applications/git/forgejo.nix @@ -0,0 +1,116 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; let + name = "forgejo"; + cfg = config.services.skynet."${name}"; + + domain_base = "${cfg.domain.base}.${cfg.domain.tld}"; + domain_full = "${cfg.domain.sub}.${domain_base}"; +in { + imports = [ + ]; + + options.services.skynet."${name}" = { + enable = mkEnableOption "Skynet Forgejo"; + + domain = { + tld = mkOption { + type = types.str; + default = "ie"; + }; + + base = mkOption { + type = types.str; + default = "skynet"; + }; + + sub = mkOption { + type = types.str; + default = name; + }; + }; + + forgejo = { + port = mkOption { + type = types.port; + default = 3000; + }; + + + }; + }; + + config = mkIf cfg.enable { + +# age.secrets.forgejo-mailer-password = { +# file = ../../secrets/forgejo/mailer-password.age; +# mode = "400"; +# owner = "forgejo"; +# }; + + services.skynet.acme.domains = [ + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + ]; + + # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide + services.skynet.dns.records = [ + { + record = cfg.domain.sub; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + ]; + + services.nginx.virtualHosts = { + # main site + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "http://localhost:${toString cfg.forgejo.port}"; + extraConfig = '' + client_max_body_size 1000M; + ''; + }; + }; + }; + + + services.forgejo = { + enable = true; + database.type = "sqlite3"; + # Enable support for Git Large File Storage + lfs.enable = true; + settings = { + server = { + DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; + # You need to specify this to remove the port from URLs in the web UI. + ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/"; + HTTP_PORT = cfg.forgejo.port; + }; + + # You can temporarily allow registration to create an admin user. + service.DISABLE_REGISTRATION = true; + # Add support for actions, based on act: https://github.com/nektos/act +# actions = { +# ENABLED = true; +# DEFAULT_ACTIONS_URL = "github"; +# }; + # Sending emails is completely optional + # You can send a test email from the web UI at: + # Profile Picture > Site Administration > Configuration > Mailer Configuration +# mailer = { +# ENABLED = true; +# SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}"; +# FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; +# USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; +# }; + }; +# mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; + }; + }; +} diff --git a/flake.lock b/flake.lock index b2efc10..a5bfaad 100644 --- a/flake.lock +++ b/flake.lock @@ -779,11 +779,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1721379653, - "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { diff --git a/machines/glados.nix b/machines/glados.nix index 4a76b21..cb2040e 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -27,6 +27,7 @@ Notes: Each user has roughly 20gb os storage in { imports = [ ../applications/git/gitlab.nix + ../applications/git/forgejo.nix ]; deployment = { @@ -41,5 +42,6 @@ in { host = host; backup.enable = true; gitlab.enable = true; + forgejo.enable = true; }; } From f00ae5bd2dcaf650daeb9180a471abd06b442fd1 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 7 Aug 2024 21:52:50 +0100 Subject: [PATCH 3/4] feat: basic forgejo setup --- applications/git/forgejo.nix | 81 ++++++++-------- applications/git/forgejo_runner.nix | 145 ++++++++++++++++++++++++++++ applications/git/ssh_config | 5 + machines/wheatly.nix | 3 + secrets/forgejo/runners/ssh.age | Bin 0 -> 1271 bytes secrets/forgejo/runners/token.age | 17 ++++ secrets/secrets.nix | 3 + 7 files changed, 212 insertions(+), 42 deletions(-) create mode 100644 applications/git/forgejo_runner.nix create mode 100644 applications/git/ssh_config create mode 100644 secrets/forgejo/runners/ssh.age create mode 100644 secrets/forgejo/runners/token.age diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix index fc6e19a..fdf7b97 100644 --- a/applications/git/forgejo.nix +++ b/applications/git/forgejo.nix @@ -35,22 +35,19 @@ in { }; forgejo = { - port = mkOption { - type = types.port; - default = 3000; - }; - - + port = mkOption { + type = types.port; + default = 3000; + }; }; }; config = mkIf cfg.enable { - -# age.secrets.forgejo-mailer-password = { -# file = ../../secrets/forgejo/mailer-password.age; -# mode = "400"; -# owner = "forgejo"; -# }; + # age.secrets.forgejo-mailer-password = { + # file = ../../secrets/forgejo/mailer-password.age; + # mode = "400"; + # owner = "forgejo"; + # }; services.skynet.acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" @@ -79,38 +76,38 @@ in { }; }; - services.forgejo = { - enable = true; - database.type = "sqlite3"; - # Enable support for Git Large File Storage - lfs.enable = true; - settings = { - server = { - DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; - # You need to specify this to remove the port from URLs in the web UI. - ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/"; - HTTP_PORT = cfg.forgejo.port; - }; - - # You can temporarily allow registration to create an admin user. - service.DISABLE_REGISTRATION = true; - # Add support for actions, based on act: https://github.com/nektos/act -# actions = { -# ENABLED = true; -# DEFAULT_ACTIONS_URL = "github"; -# }; - # Sending emails is completely optional - # You can send a test email from the web UI at: - # Profile Picture > Site Administration > Configuration > Mailer Configuration -# mailer = { -# ENABLED = true; -# SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}"; -# FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; -# USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; -# }; + enable = true; + package = pkgs.forgejo; + database.type = "sqlite3"; + # Enable support for Git Large File Storage + lfs.enable = true; + settings = { + server = { + DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; + # You need to specify this to remove the port from URLs in the web UI. + ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/"; + HTTP_PORT = cfg.forgejo.port; }; -# mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; + + # You can temporarily allow registration to create an admin user. + service.DISABLE_REGISTRATION = true; + # Add support for actions, based on act: https://github.com/nektos/act + # actions = { + # ENABLED = true; + # DEFAULT_ACTIONS_URL = "github"; + # }; + # Sending emails is completely optional + # You can send a test email from the web UI at: + # Profile Picture > Site Administration > Configuration > Mailer Configuration + # mailer = { + # ENABLED = true; + # SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}"; + # FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; + # USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; + # }; }; + # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; + }; }; } diff --git a/applications/git/forgejo_runner.nix b/applications/git/forgejo_runner.nix new file mode 100644 index 0000000..cb99dae --- /dev/null +++ b/applications/git/forgejo_runner.nix @@ -0,0 +1,145 @@ +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; let + name = "forgejo_runner"; + cfg = config.services.skynet."${name}"; +in { + imports = [ + ]; + + options.services.skynet."${name}" = { + enable = mkEnableOption "Skynet ForgeJo Runner"; + + runner = { + name = mkOption { + type = types.str; + default = config.networking.hostName; + }; + + website = mkOption { + default = "https://forgejo.skynet.ie"; + type = types.str; + }; + + user = mkOption { + default = "gitea-runner"; + type = types.str; + }; + }; + }; + + config = mkIf cfg.enable { + # https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner. + environment.systemPackages = with pkgs; [ + forgejo-actions-runner + ]; + + age.secrets.forgejo_runner_token = { + file = ../../secrets/forgejo/runners/token.age; + owner = cfg.runner.user; + group = cfg.runner.user; + }; + + # make sure the ssh config stuff is in teh right palce + systemd.tmpfiles.rules = [ + #"d /home/${cfg.runner.user} 0755 ${cfg.runner.user} ${cfg.runner.user}" + "L+ /home/${cfg.runner.user}/.ssh/config 0755 ${cfg.runner.user} ${cfg.runner.user} - ${./ssh_config}" + ]; + age.secrets.forgejo_runner_ssh = { + file = ../../secrets/forgejo/runners/ssh.age; + mode = "600"; + owner = "${cfg.runner.user}"; + group = "${cfg.runner.user}"; + symlink = false; + path = "/home/${cfg.runner.user}/.ssh/skynet/root"; + }; + + nix = { + settings = { + trusted-users = [ + # allow the runner to build nix stuff and to use the cache + "gitea-runner" + ]; + trusted-public-keys = [ + "skynet-cache:zMFLzcRZPhUpjXUy8SF8Cf7KGAZwo98SKrzeXvdWABo=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; + substituters = [ + "https://nix-cache.skynet.ie/skynet-cache/" + "https://cache.nixos.org/" + ]; + trusted-substituters = [ + "https://nix-cache.skynet.ie/skynet-cache/" + "https://cache.nixos.org/" + ]; + }; + }; + + # very basic setup to always be watching for changes in teh cache + systemd.services.attic-uploader = { + enable = true; + serviceConfig = { + ExecStart = "${pkgs.attic-client}/bin/attic watch-store skynet-cache"; + User = "root"; + Restart = "always"; + RestartSec = 1; + }; + }; + + # give teh runner user a home to store teh ssh config stuff + systemd.services.gitea-runner-default.serviceConfig = { + DynamicUser = lib.mkForce false; + User = lib.mkForce cfg.runner.user; + }; + users = { + groups."${cfg.runner.user}" = {}; + users."${cfg.runner.user}" = { + #isSystemUser = true; + isNormalUser = true; + group = cfg.runner.user; + createHome = true; + shell = pkgs.bash; + }; + }; + + # the actual runner + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = cfg.runner.name; + url = cfg.runner.website; + tokenFile = config.age.secrets.forgejo_runner_token.path; + labels = [ + ## optionally provide native execution on the host: + "nix:host" + "docker:docker://node:16-bullseye" + "ubuntu-latest:docker://node:16-bullseye" + ]; + + hostPackages = with pkgs; [ + # default ones + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + + # used in deployments + inputs.colmena.defaultPackage."x86_64-linux" + attic-client + nix + openssh + ]; + }; + }; + }; +} diff --git a/applications/git/ssh_config b/applications/git/ssh_config new file mode 100644 index 0000000..70bbef0 --- /dev/null +++ b/applications/git/ssh_config @@ -0,0 +1,5 @@ +Host *.skynet.ie 193.1.99.* 193.1.96.165 + User root + IdentityFile ~/.ssh/skynet/root + IdentitiesOnly yes + diff --git a/machines/wheatly.nix b/machines/wheatly.nix index 35f1f0f..6d78395 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -26,6 +26,7 @@ Notes: in { imports = [ ../applications/git/gitlab_runner.nix + ../applications/git/forgejo_runner.nix ]; deployment = { @@ -44,5 +45,7 @@ in { enable = true; runner.name = "runner01"; }; + + forgejo_runner.enable = true; }; } diff --git a/secrets/forgejo/runners/ssh.age b/secrets/forgejo/runners/ssh.age new file mode 100644 index 0000000000000000000000000000000000000000..c30e3ba05a09a4c50671f911f4803f427ee79e67 GIT binary patch literal 1271 zcmZY5dyLZr0LO7p50G(44CpD3I1(Z;W7l@;x{e@m?bf^Qy>;u>VK}?4+q!n$);-$J z3lb9)= zGcR+BUaAU3xud9LfjVR`uQpaHIWwQO*ldu)NJAwx;QW6uR1C8$speB!I*7)wT4#_G zG1SE|NTuPhyZmHGh^2|VYRD%M(c=w!1+{{aIf4TSEFq$(=94{+0u4YStKv>3>2ayd zbPWzQlEthM1_2W!T1qunM5Js~fDD(pE_+l%H8#{`lX6$H&c34$o+^JY2Tn*031wD*+!hRY- ztcU=_Nmf>Em`V40lVVhJ;CZ(p#3ZRmD1fk?B~Y=WUWuozD#mam8a27uaII8@Obo_Z zvb=k`Rz`VGHfwBD%V@yiOH@PAYM`ov`BI^fq{}9_p$asOXqu8q!n!LA=12pL%3#e` z_K1Sw4n*@LSyVzAs)&Lm0+Ja6z)u^_!CchX$4hOBV%K1ScI$+QQ7JN8aU{- zGI^n^ie~~eTF29D0(Y_qpt=dz0Mp)}#<74dzy%5~rS*i*n@hz=LGp1vC?Cw?tf$kf zb9Eh_-j)$qhz}cs0YcBm^q2~&WvP?!$0;U?CBQ^1sjzOrD_hfEt&CVQWn487*@)gi zh^(7U!;m$f)@VKl)>FZ7mGb2gg^sA11W{~6dG8Z#dYy8lRAZN0K!Q-EL1w5F5m4le zJK<7rq?U5p2~Z}w$Xq;?)*=)G#S99dN0A&NrhGX^00YE89XAy-Ns9(WQxKl(ti$$T zFb?=7Q`lfOn~fwVaM@gmkZTfF;b2olrlS^JLUW!hYxQFy4ybY|MwJ>)(Qxedcejm9 zW?w`%b+ogCTfS)BwzXy9*+-|Rq)pngq0Ef!plxLS_^y?v^&{GijS;(<9DdEB?|eHy zqUrm=HS36;B_93PlPPLst->3t^MeB&zkjPw>ma^-n#6M6ScmMi|=%wSy<@b z5}va7oA;ad1}D!f`g8ue6CcmH@dhMo?!>7#qTUB062+JRL+G?-lnmQhQ9xhH3Rb9LYN*BjVZ|33csVjne-7d~jc zxxsTfxM1;{9{**_(05~Zd}pb_;!8g@%iY62?m0ia;`s2Q!nTvWQ_&Bf8EI?bPmMji bI=B7OK{~j&#~R$b=Q@0M>BH?8+6VswffMYF literal 0 HcmV?d00001 diff --git a/secrets/forgejo/runners/token.age b/secrets/forgejo/runners/token.age new file mode 100644 index 0000000..03ac739 --- /dev/null +++ b/secrets/forgejo/runners/token.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA bGirG6sUND19fSIwyvtjS3RDjyNUc+kXmzRoN4P1bC8 +kPJr2S9BlGWWnoggce6dx1OR0/r57AB5Rcgz+qY0qKE +-> ssh-ed25519 4PzZog iciiKCHhfK38SwvSPrdoMK7C250qTV5eBgv657iyKwU +dEiSS1FuxEpovNAl1HPZk+MRCcjLGiKgTfpi5Ssi38M +-> ssh-ed25519 5Nd93w FFgxLg0NNK6Op64FHu24sjaerv3jgDaPz6uKPi/A8AE +ZvHbJ2K3T7CUJSrrpF9fMmP6FWCQ3i6m/5Fi2UNtbew +-> ssh-ed25519 q8eJgg nVm1H/mbEsGt2O87i7VKUL5do6Rc7n5nvSilUtQ4cBU +WWtsNbIatU5ZostueLntGgKD/nxcavZPheU9afRvbH0 +-> ssh-ed25519 KVr8rw Nnroz2PgUoJsd/frf+N+b7xdJDAzj3NsmJaogsIkYGk +xX73tnCCYGBNA3BRjjPMn/IV+qwjIwEUk+IZbhCCfHY +-> ssh-ed25519 fia1eQ GLYqWGKYKwkBRwQ7SxSnErmz1MFw5gPCexfap8VM9Rk +Z+dIKhk+JH7W07diX1Abr/Deezkw8xGkzXQuYn1HfJI +-> ssh-ed25519 yvS9bw Lwo77pDciewUZemyFc1EUboIlXFCBx3CY6BGuizach4 +AkWzgV1zRJzLtfRxkfhmd80EU8fW1w+5sxMAfWgdEMI +--- ac6h3StxSHr+HFsyPIBPENQRcfKzXX8fzJlZ0MER/8c +zwyC>ָ\ku/{zծjD4{^mDs妞#kinxo \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index fa93261..b0f3be3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -134,6 +134,9 @@ in { "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners; "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners; + "forgejo/runners/token.age".publicKeys = users ++ gitlab_runners; + "forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners; + # for ldap "ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden; # for use connectring to teh ldap From 1fb4318310993ebf8dc7e7df0c28980817576799 Mon Sep 17 00:00:00 2001 From: silver Date: Wed, 7 Aug 2024 00:32:41 +0100 Subject: [PATCH 4/4] feat: got the pipelines configured now Update .mailmap See if making it .mailmap fixes it Signed-off-by: silver Add .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml Update .forgejo/workflows/testing.yaml feat: initial test of flake update Signed-off-by: silver test: seeing if I can push changes testing fix: set the url of the external plugin correctly Signed-off-by: silver fix: go back to using nix fix: update command Signed-off-by: silver Apply automatic changes revert 26c7781fad350452c70f23e0d6c004b0fe00ad14 revert Apply automatic changes test: add teh cache and colmena build Signed-off-by: silver test: see if this helps Signed-off-by: silver test: see if using another plugin will work Signed-off-by: silver test: the cache key test: more testing Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml test: s[pplit up teh build and cache propegation attic push --ignore-upstream-cache-filter mycache $(ls -d /nix/store/*/ | grep -v fake_nixpkgs) Signed-off-by: silver Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml Signed-off-by: silver Update .forgejo/workflows/update_input.yaml Signed-off-by: silver Update .forgejo/workflows/update_input.yaml Signed-off-by: silver Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml revert 35887a8fba8371f31503ede3793d6de5ca67bfe3 revert Update .forgejo/workflows/update_input.yaml Update .forgejo/workflows/update_input.yaml Signed-off-by: silver fix: no need to upload in pipeline now, Signed-off-by: silver ci: initial commit of the deploy pipeline Signed-off-by: silver Update .forgejo/workflows/deploy.yaml Signed-off-by: silver Update .forgejo/workflows/deploy.yaml Signed-off-by: silver Update .forgejo/workflows/update_input.yaml Signed-off-by: silver Updated flake for agenix test: force pipeline Signed-off-by: silver Update .forgejo/workflows/update_input.yaml ci: testing if I can get this working right Signed-off-by: silver Updated flake for arion revert b6cd168c384e7d1b0c8197414df89f672dded7e7 revert Updated flake for arion ci: more changes to see if this will help Signed-off-by: silver Updated flake for arion revert da380ed0f449bdebeb87f8b44f195ed6fa095234 revert Updated flake for arion Update .forgejo/workflows/deploy.yaml Signed-off-by: silver Updated flake for arion revert f0ee4a9e690021521ba1d83c20df39237ece7422 revert Updated flake for arion fix: reformatted flake ci: testing out deploy ci: testing out deploy, new ssh manager ci: more testing ci: see if going back to basics helps ci: test a few things ci: test a few things ci: for testing ci: more testing ci: some bastardisation for thbe ssh ci: more testing ci: check if setting root as teh user helps ci: check if setting root as teh user helps2 ci: check if setting root as teh user helps2 ci: check if setting root as teh user helps2 ci: more testing ci: more testing ci: more testing ci: more testing2 ci: more testing2 ci: more testing2 ci: more testing2 ci: more testing2 ci: more testing2 ci: clean up testing ci: final tests ci:: final, fixing ci: need logging ci: more testing ci: gahhhhhhhhhh ci: AAAAAAAAAAAAAAAAAA ci: lets go back ci: lets go backaaaaaaaa ci: lets go backaaaaaaaaqweadadsasdasdasdasd ci: lets go backaaaaaaaaqweadadsasdasdasdasd ci: add the final deploy config Add .forgejo/workflows/testing.yaml (cherry picked from commit f2cf71ef9836398fa2ad7ecc7c6c442edd6d70e5) Update .forgejo/workflows/testing.yaml (cherry picked from commit e156b61105689134d4ccf4b0df545e888977f515) Update .forgejo/workflows/testing.yaml (cherry picked from commit 80e1fcc545e1df4432c67790e66ec2a6a7f1aa37) Update .forgejo/workflows/testing.yaml (cherry picked from commit 423f2dd5b369c2ccd093b66637eb60c830357a56) Update .forgejo/workflows/testing.yaml (cherry picked from commit f446ba54433d894f82c05fae4a39350e223a6c6f) Update .forgejo/workflows/testing.yaml (cherry picked from commit 44a7186a4061aeff8182db97ae9e19e49501cea4) Update .forgejo/workflows/testing.yaml (cherry picked from commit ed0be4507a29b92ac62a255ec004c9594e4bb558) --- .forgejo/workflows/deploy.yaml | 53 ++++++++++++++++++++++++++++ .forgejo/workflows/update_input.yaml | 29 +++++++++++++++ mailmap => .mailmap | 0 3 files changed, 82 insertions(+) create mode 100644 .forgejo/workflows/deploy.yaml create mode 100644 .forgejo/workflows/update_input.yaml rename mailmap => .mailmap (100%) diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml new file mode 100644 index 0000000..2e9aa37 --- /dev/null +++ b/.forgejo/workflows/deploy.yaml @@ -0,0 +1,53 @@ +name: Build_Deploy + +on: + workflow_run: + workflows: [ "Update_Flake" ] + types: + - completed + push: + paths: + - applications/**/* + - machines/**/* + - secrets/**/* + - flake.* + - config/**/* + - .forgejo/**/* + +jobs: + linter: + runs-on: nix + steps: + - uses: actions/checkout@v4 + - run: nix fmt -- --check . + + #if: github.repository == 'Skynet/nixos' + build: + runs-on: nix + steps: + - uses: actions/checkout@v4 + - run: nix develop + - run: colmena build -v --on @active-dns + - run: colmena build -v --on @active-core + - run: colmena build -v --on @active + - run: colmena build -v --on @active-ext + - run: colmena build -v --on @active-gitlab + + deploy_dns: + runs-on: nix + needs: [ linter, build ] + steps: + - uses: actions/checkout@v4 + - run: colmena apply -v --on @active-dns --show-trace + shell: bash + + deploy_active: + strategy: + matrix: + batch: [ active-core, active, active-ext ] + runs-on: nix + needs: [ deploy_dns ] + steps: + - uses: actions/checkout@v4 + - run: colmena apply -v --on @${{ matrix.batch }} --show-trace + shell: bash \ No newline at end of file diff --git a/.forgejo/workflows/update_input.yaml b/.forgejo/workflows/update_input.yaml new file mode 100644 index 0000000..8a62c4f --- /dev/null +++ b/.forgejo/workflows/update_input.yaml @@ -0,0 +1,29 @@ +name: Update_Flake + +on: + workflow_dispatch: + inputs: + input_to_update: + description: 'Flake input to update' + required: true + type: string + +jobs: + update: + runs-on: nix + + permissions: + # Give the default GITHUB_TOKEN write permission to commit and push the + # added or changed files to the repository. + contents: write + + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + token: ${{ secrets.PIPELINE_TOKEN }} + - run: nix flake lock --update-input "${{ inputs.input_to_update }}" + shell: bash + - uses: https://github.com/stefanzweifel/git-auto-commit-action@v5 + with: + commit_message: "Updated flake for ${{ inputs.input_to_update }}" \ No newline at end of file diff --git a/mailmap b/.mailmap similarity index 100% rename from mailmap rename to .mailmap