Merge pull request 'update' (#99) from update into main

Reviewed-on: #99
2023-09-19 12:31:25 +00:00 · 2023-09-19 12:31:25 +00:00 · 265de3b96f
commit 265de3b96f
parent 223f739ae5 2106051ae9
9 changed files with 89 additions and 248 deletions
--- a/.gitea/workflows/checks.yaml
+++ b/.gitea/workflows/checks.yaml
@ -0,0 +1,11 @@
+name: checks
+on:
+  pull_request:
+  push:
+    branches: main
+jobs:
+  test:
+    runs-on: nix
+    steps:
+      - uses: actions/checkout@v3
+      - run: nix run --refresh github:Mic92/nix-fast-build/ae50c356c2f9e790f3d9d8e00bfa9f4b54f49bdd
--- a/devShells/flake-module.nix
+++ b/devShells/flake-module.nix
@ -4,7 +4,7 @@
    , pkgs
    , ...
    }: {
-      devShells.default = pkgs.mkShell {
+      devShells.default = pkgs.mkShellNoCC {
        packages = [
          pkgs.bashInteractive
          pkgs.sops
--- a/flake.lock
+++ b/flake.lock
@ -19,11 +19,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1694874693,
-        "narHash": "sha256-xMqT5csfPAbLghUr6OXCpOTM9Fk/Azwg7xYnEYCEsaQ=",
+        "lastModified": 1695126263,
+        "narHash": "sha256-dnBg7BcynR/Wf2cEfWe9FkAcnAUFGKfYw1qpgeeSgKU=",
        "ref": "refs/heads/main",
-        "rev": "4a1dcc16395a5423023ac10d4be3640d1bb88fdc",
-        "revCount": 690,
+        "rev": "175119b72cfa37e252ea862379fe4521266277c5",
+        "revCount": 703,
        "type": "git",
        "url": "https://git.clan.lol/clan/clan-core"
      },
@ -40,11 +40,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1694511957,
-        "narHash": "sha256-teCLY68npc0nuyOHYJURLuJSOME0yotJI29WXcpF1E4=",
+        "lastModified": 1694925805,
+        "narHash": "sha256-UNMivSc89undITtNoy6o6bf3Dck4v75rzGiMEXAPEB0=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "be98cffef02e5ebf438ea80b34b86e669c48eff1",
+        "rev": "9ab96378f8cf602d5f3ce5a32f2c339509288d8e",
        "type": "github"
      },
      "original": {
@ -60,11 +60,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1694925805,
-        "narHash": "sha256-UNMivSc89undITtNoy6o6bf3Dck4v75rzGiMEXAPEB0=",
+        "lastModified": 1695039393,
+        "narHash": "sha256-HXvRPTSfQ/fCqxYGvWOc1duSBdXcQlrYvyno8YZbyHI=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "9ab96378f8cf602d5f3ce5a32f2c339509288d8e",
+        "rev": "9f29cedac79d0acf07b6341f9112f46dec3abb8f",
        "type": "github"
      },
      "original": {
@ -101,11 +101,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1691024356,
-        "narHash": "sha256-uGLyhkwew6ORO6nAz0Y7KHdiQrDJVI2n6rl4gl7mWzk=",
+        "lastModified": 1694873346,
+        "narHash": "sha256-Uvh03bg0a6ZnNWiX1Gb8g+m343wSJ/wb8ryUASt0loc=",
        "owner": "aakropotkin",
        "repo": "floco",
-        "rev": "1e84b4b16bba5746e1195fa3a4d8addaaf2d9ef4",
+        "rev": "d16bd444ab9d29a6640f52ee4e43a66528e07515",
        "type": "github"
      },
      "original": {
@ -186,11 +186,11 @@
        "nixpkgs-stable": []
      },
      "locked": {
-        "lastModified": 1694495315,
-        "narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=",
+        "lastModified": 1695101768,
+        "narHash": "sha256-1/j5/348l2+yxQUfkJCUpA6cDefS3H7V94kawk9uuRc=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415",
+        "rev": "4356a5a0c12c9dc1b6bdde0631c7600d9377ed8b",
        "type": "github"
      },
      "original": {
@ -206,11 +206,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1694782968,
-        "narHash": "sha256-/rSi0XhhiKCfdfgd1a+ba8UkJyH4j3iWrKjKI0Vz9Xc=",
+        "lastModified": 1695000198,
+        "narHash": "sha256-9YlISJiL6/51ED67+N5ZB7xDgHD+trZUBqP7XERR0y4=",
        "owner": "numtide",
        "repo": "srvos",
-        "rev": "487d72e894b990761024e349b4a71844e71c5c6a",
+        "rev": "879201cbec8ea11e6d654b7ec91f35f061d07b47",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -32,7 +32,7 @@
  };

  outputs = inputs@{ flake-parts, ... }:
-    flake-parts.lib.mkFlake { inherit inputs; } {
+    flake-parts.lib.mkFlake { inherit inputs; } ({ self, ... }: {
      systems = [
        "x86_64-linux"
        "aarch64-linux"
@ -44,7 +44,7 @@
        ./modules/flake-module.nix
        ./pkgs/flake-module.nix
      ];
-      perSystem = {
+      perSystem = ({ lib, self', system, ... }: {
        treefmt = {
          projectRootFile = ".git/config";
          programs.terraform.enable = true;
@ -56,6 +56,14 @@
            "composition.nix"
          ];
        };
-      };
-    };
+        checks =
+          let
+            nixosMachines = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
+            packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages;
+            devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
+            homeConfigurations = lib.mapAttrs' (name: config: lib.nameValuePair "home-manager-${name}" config.activation-script) (self'.legacyPackages.homeConfigurations or { });
+          in
+          nixosMachines // packages // devShells // homeConfigurations;
+      });
+    });
 }
--- a/modules/flake-module.nix
+++ b/modules/flake-module.nix
@ -6,13 +6,7 @@
      # FIXME: switch to VPN later
      { networking.firewall.allowedTCPPorts = [ 9273 ]; }

-      inputs.clan-core.nixosModules.clanCore
      ./admins.nix
-      {
-        # TODO: use buildClan
-        clanCore.clanDir = "${./..}";
-        clanCore.machineName = "web01";
-      }
    ];

    hetzner-ax102.imports = [
--- a/modules/web01/borgbackup.nix
+++ b/modules/web01/borgbackup.nix
@ -41,7 +41,9 @@
      "/var/tmp"
      "/var/log"
    ];
-    repo = "u359378@u359378.your-storagebox.de:/./borgbackup";
+    # $ ssh-keygen -y -f /run/secrets/hetzner-borgbackup-ssh > /tmp/hetzner-borgbackup-ssh.pub
+    # $ cat /tmp/hetzner-borgbackup-ssh.pub | ssh -p23 u366395@u366395.your-storagebox.de install-ssh-key
+    repo = "u366395@u366395.your-storagebox.de:/./borgbackup";

    # Disaster recovery:
    # get the backup passphrase and ssh key from the sops and store them in /tmp
--- a/targets/flake-module.nix
+++ b/targets/flake-module.nix
@ -1,24 +1,17 @@
-{ lib, self, ... }:
-let
-  entries = builtins.attrNames (builtins.readDir ./.);
-  configs = builtins.filter (dir: builtins.pathExists (./. + "/${dir}/configuration.nix")) entries;
-in
+{ self, inputs, ... }:
 {
-  flake.nixosConfigurations = lib.listToAttrs
-    (builtins.map
-      (name:
-        lib.nameValuePair
-          (builtins.replaceStrings [ "." ] [ "-" ] name)
-          (lib.nixosSystem {
-            system = "x86_64-linux";
-            # Make flake available in modules
-            specialArgs = {
-              self = {
-                inherit (self) inputs nixosModules packages;
-              };
-            };
-
-            modules = [ (./. + "/${name}/configuration.nix") ];
-          }))
-      configs);
+  flake.nixosConfigurations = inputs.clan-core.lib.buildClan {
+    directory = self;
+    # Make flake available in modules
+    specialArgs = {
+      self = {
+        inherit (self) inputs nixosModules packages;
+      };
+    };
+    machines = {
+      web01 = { modulesPath, ... }: {
+        imports = [ (./web01/configuration.nix) ];
+      };
+    };
+  };
 }
--- a/targets/web01/configuration.nix
+++ b/targets/web01/configuration.nix
@ -7,6 +7,7 @@
  networking.hostName = "web01";
  systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f9:3080:418b::1";

+  clan.networking.deploymentAddress = "clan.lol";
  clan.networking.ipv4.address = "65.21.12.51";
  clan.networking.ipv4.gateway = "65.21.12.1";
  clan.networking.ipv6.address = config.systemd.network.networks."10-uplink".networkConfig.Address;
--- a/targets/web01/terraform.tfstate
+++ b/targets/web01/terraform.tfstate