Merge pull request 'update' (#99) from update into main

Reviewed-on: #99

.gitea/workflows/checks.yaml

@@ -0,0 +1,11 @@
+name: checks
+on:
+  pull_request:
+  push:
+    branches: main
+jobs:
+  test:
+    runs-on: nix
+    steps:
+      - uses: actions/checkout@v3
+      - run: nix run --refresh github:Mic92/nix-fast-build/ae50c356c2f9e790f3d9d8e00bfa9f4b54f49bdd

devShells/flake-module.nix

@@ -4,7 +4,7 @@
     , pkgs
     , ...
     }: {
-      devShells.default = pkgs.mkShell {
+      devShells.default = pkgs.mkShellNoCC {
         packages = [
           pkgs.bashInteractive
           pkgs.sops

flake.lock

@@ -19,11 +19,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694874693,
+        "lastModified": 1695126263,
-        "narHash": "sha256-xMqT5csfPAbLghUr6OXCpOTM9Fk/Azwg7xYnEYCEsaQ=",
+        "narHash": "sha256-dnBg7BcynR/Wf2cEfWe9FkAcnAUFGKfYw1qpgeeSgKU=",
         "ref": "refs/heads/main",
-        "rev": "4a1dcc16395a5423023ac10d4be3640d1bb88fdc",
+        "rev": "175119b72cfa37e252ea862379fe4521266277c5",
-        "revCount": 690,
+        "revCount": 703,
         "type": "git",
         "url": "https://git.clan.lol/clan/clan-core"
       },
@@ -40,11 +40,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694511957,
+        "lastModified": 1694925805,
-        "narHash": "sha256-teCLY68npc0nuyOHYJURLuJSOME0yotJI29WXcpF1E4=",
+        "narHash": "sha256-UNMivSc89undITtNoy6o6bf3Dck4v75rzGiMEXAPEB0=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "be98cffef02e5ebf438ea80b34b86e669c48eff1",
+        "rev": "9ab96378f8cf602d5f3ce5a32f2c339509288d8e",
         "type": "github"
       },
       "original": {
@@ -60,11 +60,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694925805,
+        "lastModified": 1695039393,
-        "narHash": "sha256-UNMivSc89undITtNoy6o6bf3Dck4v75rzGiMEXAPEB0=",
+        "narHash": "sha256-HXvRPTSfQ/fCqxYGvWOc1duSBdXcQlrYvyno8YZbyHI=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "9ab96378f8cf602d5f3ce5a32f2c339509288d8e",
+        "rev": "9f29cedac79d0acf07b6341f9112f46dec3abb8f",
         "type": "github"
       },
       "original": {
@@ -101,11 +101,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1691024356,
+        "lastModified": 1694873346,
-        "narHash": "sha256-uGLyhkwew6ORO6nAz0Y7KHdiQrDJVI2n6rl4gl7mWzk=",
+        "narHash": "sha256-Uvh03bg0a6ZnNWiX1Gb8g+m343wSJ/wb8ryUASt0loc=",
         "owner": "aakropotkin",
         "repo": "floco",
-        "rev": "1e84b4b16bba5746e1195fa3a4d8addaaf2d9ef4",
+        "rev": "d16bd444ab9d29a6640f52ee4e43a66528e07515",
         "type": "github"
       },
       "original": {
@@ -186,11 +186,11 @@
         "nixpkgs-stable": []
       },
       "locked": {
-        "lastModified": 1694495315,
+        "lastModified": 1695101768,
-        "narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=",
+        "narHash": "sha256-1/j5/348l2+yxQUfkJCUpA6cDefS3H7V94kawk9uuRc=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415",
+        "rev": "4356a5a0c12c9dc1b6bdde0631c7600d9377ed8b",
         "type": "github"
       },
       "original": {
@@ -206,11 +206,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694782968,
+        "lastModified": 1695000198,
-        "narHash": "sha256-/rSi0XhhiKCfdfgd1a+ba8UkJyH4j3iWrKjKI0Vz9Xc=",
+        "narHash": "sha256-9YlISJiL6/51ED67+N5ZB7xDgHD+trZUBqP7XERR0y4=",
         "owner": "numtide",
         "repo": "srvos",
-        "rev": "487d72e894b990761024e349b4a71844e71c5c6a",
+        "rev": "879201cbec8ea11e6d654b7ec91f35f061d07b47",
         "type": "github"
       },
       "original": {

flake.nix

@@ -32,7 +32,7 @@
   };
 
   outputs = inputs@{ flake-parts, ... }:
-    flake-parts.lib.mkFlake { inherit inputs; } {
+    flake-parts.lib.mkFlake { inherit inputs; } ({ self, ... }: {
       systems = [
         "x86_64-linux"
         "aarch64-linux"
@@ -44,7 +44,7 @@
         ./modules/flake-module.nix
         ./pkgs/flake-module.nix
       ];
-      perSystem = {
+      perSystem = ({ lib, self', system, ... }: {
         treefmt = {
           projectRootFile = ".git/config";
           programs.terraform.enable = true;
@@ -56,6 +56,14 @@
             "composition.nix"
           ];
         };
-      };
+        checks =
-    };
+          let
+            nixosMachines = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
+            packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages;
+            devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
+            homeConfigurations = lib.mapAttrs' (name: config: lib.nameValuePair "home-manager-${name}" config.activation-script) (self'.legacyPackages.homeConfigurations or { });
+          in
+          nixosMachines // packages // devShells // homeConfigurations;
+      });
+    });
 }

modules/flake-module.nix

@@ -6,13 +6,7 @@
       # FIXME: switch to VPN later
       { networking.firewall.allowedTCPPorts = [ 9273 ]; }
 
-      inputs.clan-core.nixosModules.clanCore
       ./admins.nix
-      {
-        # TODO: use buildClan
-        clanCore.clanDir = "${./..}";
-        clanCore.machineName = "web01";
-      }
     ];
 
     hetzner-ax102.imports = [

modules/web01/borgbackup.nix

@@ -41,7 +41,9 @@
       "/var/tmp"
       "/var/log"
     ];
-    repo = "u359378@u359378.your-storagebox.de:/./borgbackup";
+    # $ ssh-keygen -y -f /run/secrets/hetzner-borgbackup-ssh > /tmp/hetzner-borgbackup-ssh.pub
+    # $ cat /tmp/hetzner-borgbackup-ssh.pub | ssh -p23 u366395@u366395.your-storagebox.de install-ssh-key
+    repo = "u366395@u366395.your-storagebox.de:/./borgbackup";
 
     # Disaster recovery:
     # get the backup passphrase and ssh key from the sops and store them in /tmp

targets/flake-module.nix

@@ -1,24 +1,17 @@
-{ lib, self, ... }:
+{ self, inputs, ... }:
-let
-  entries = builtins.attrNames (builtins.readDir ./.);
-  configs = builtins.filter (dir: builtins.pathExists (./. + "/${dir}/configuration.nix")) entries;
-in
 {
-  flake.nixosConfigurations = lib.listToAttrs
+  flake.nixosConfigurations = inputs.clan-core.lib.buildClan {
-    (builtins.map
+    directory = self;
-      (name:
-        lib.nameValuePair
-          (builtins.replaceStrings [ "." ] [ "-" ] name)
-          (lib.nixosSystem {
-            system = "x86_64-linux";
     # Make flake available in modules
     specialArgs = {
       self = {
         inherit (self) inputs nixosModules packages;
       };
     };
-
+    machines = {
-            modules = [ (./. + "/${name}/configuration.nix") ];
+      web01 = { modulesPath, ... }: {
-          }))
+        imports = [ (./web01/configuration.nix) ];
-      configs);
+      };
+    };
+  };
 }

targets/web01/configuration.nix

@@ -7,6 +7,7 @@
   networking.hostName = "web01";
   systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f9:3080:418b::1";
 
+  clan.networking.deploymentAddress = "clan.lol";
   clan.networking.ipv4.address = "65.21.12.51";
   clan.networking.ipv4.gateway = "65.21.12.1";
   clan.networking.ipv6.address = config.systemd.network.networks."10-uplink".networkConfig.Address;