Fixing broken CI
This commit is contained in:
@@ -5,25 +5,13 @@
|
|||||||
perSystem = { pkgs, lib, self', ... }: {
|
perSystem = { pkgs, lib, self', ... }: {
|
||||||
checks =
|
checks =
|
||||||
let
|
let
|
||||||
nixosTestArgs = {
|
|
||||||
# reference to nixpkgs for the current system
|
|
||||||
inherit pkgs;
|
|
||||||
# this gives us a reference to our flake but also all flake inputs
|
|
||||||
inherit self;
|
|
||||||
};
|
|
||||||
nixosTests = lib.optionalAttrs (pkgs.stdenv.isLinux) {
|
|
||||||
# import our test
|
|
||||||
secrets = import ./secrets nixosTestArgs;
|
|
||||||
};
|
|
||||||
schemaTests = pkgs.callPackages ./schemas.nix {
|
|
||||||
inherit self;
|
|
||||||
};
|
|
||||||
|
|
||||||
flakeOutputs = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.nixosConfigurations
|
flakeOutputs = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.nixosConfigurations
|
||||||
// lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages
|
// lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages
|
||||||
// lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells
|
// lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells
|
||||||
// lib.mapAttrs' (name: config: lib.nameValuePair "home-manager-${name}" config.activation-script) (self'.legacyPackages.homeConfigurations or { });
|
// lib.mapAttrs' (name: config: lib.nameValuePair "home-manager-${name}" config.activation-script) (self'.legacyPackages.homeConfigurations or { });
|
||||||
in
|
in
|
||||||
nixosTests // schemaTests // flakeOutputs;
|
flakeOutputs;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,54 +0,0 @@
|
|||||||
{ self, lib, inputs, ... }:
|
|
||||||
let
|
|
||||||
inherit (builtins)
|
|
||||||
mapAttrs
|
|
||||||
toJSON
|
|
||||||
toFile
|
|
||||||
;
|
|
||||||
inherit (lib)
|
|
||||||
mapAttrs'
|
|
||||||
;
|
|
||||||
clanLib = self.lib;
|
|
||||||
clanModules = self.clanModules;
|
|
||||||
|
|
||||||
|
|
||||||
in
|
|
||||||
{
|
|
||||||
perSystem = { pkgs, ... }:
|
|
||||||
let
|
|
||||||
baseModule = {
|
|
||||||
imports =
|
|
||||||
(import (inputs.nixpkgs + "/nixos/modules/module-list.nix"))
|
|
||||||
++ [{
|
|
||||||
nixpkgs.hostPlatform = pkgs.system;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
|
|
||||||
optionsFromModule = module:
|
|
||||||
let
|
|
||||||
evaled = lib.evalModules {
|
|
||||||
modules = [ module baseModule ];
|
|
||||||
};
|
|
||||||
in
|
|
||||||
evaled.options.clan.networking;
|
|
||||||
|
|
||||||
clanModuleSchemas =
|
|
||||||
mapAttrs
|
|
||||||
(_: module: clanLib.jsonschema.parseOptions (optionsFromModule module))
|
|
||||||
clanModules;
|
|
||||||
|
|
||||||
mkTest = name: schema: pkgs.runCommand "schema-${name}" { } ''
|
|
||||||
${pkgs.check-jsonschema}/bin/check-jsonschema \
|
|
||||||
--check-metaschema ${toFile "schema-${name}" (toJSON schema)}
|
|
||||||
touch $out
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
{
|
|
||||||
checks = mapAttrs'
|
|
||||||
(name: schema: {
|
|
||||||
name = "schema-${name}";
|
|
||||||
value = mkTest name schema;
|
|
||||||
})
|
|
||||||
clanModuleSchemas;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
@@ -1,34 +0,0 @@
|
|||||||
{ self, runCommand, check-jsonschema, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
clanModules.clanCore = self.nixosModules.clanCore;
|
|
||||||
|
|
||||||
baseModule = {
|
|
||||||
imports =
|
|
||||||
(import (pkgs.path + "/nixos/modules/module-list.nix"))
|
|
||||||
++ [{
|
|
||||||
nixpkgs.hostPlatform = "x86_64-linux";
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
|
|
||||||
optionsFromModule = module:
|
|
||||||
let
|
|
||||||
evaled = lib.evalModules {
|
|
||||||
modules = [ module baseModule ];
|
|
||||||
};
|
|
||||||
in
|
|
||||||
evaled.options.clan;
|
|
||||||
|
|
||||||
clanModuleSchemas = lib.mapAttrs (_: module: self.lib.jsonschema.parseOptions (optionsFromModule module)) clanModules;
|
|
||||||
|
|
||||||
mkTest = name: schema: runCommand "schema-${name}" { } ''
|
|
||||||
${check-jsonschema}/bin/check-jsonschema \
|
|
||||||
--check-metaschema ${builtins.toFile "schema-${name}" (builtins.toJSON schema)}
|
|
||||||
touch $out
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
lib.mapAttrs'
|
|
||||||
(name: schema: {
|
|
||||||
name = "schema-${name}";
|
|
||||||
value = mkTest name schema;
|
|
||||||
})
|
|
||||||
clanModuleSchemas
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
set -eux -o pipefail
|
|
||||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
|
||||||
export SOPS_AGE_KEY_FILE="${SCRIPT_DIR}/key.age"
|
|
||||||
nix run .# -- secrets "$@"
|
|
||||||
@@ -1,21 +0,0 @@
|
|||||||
(import ../lib/test-base.nix) {
|
|
||||||
name = "secrets";
|
|
||||||
|
|
||||||
nodes.machine = { self, config, ... }: {
|
|
||||||
imports = [
|
|
||||||
(self.nixosModules.clanCore)
|
|
||||||
];
|
|
||||||
environment.etc."secret".source = config.sops.secrets.secret.path;
|
|
||||||
environment.etc."group-secret".source = config.sops.secrets.group-secret.path;
|
|
||||||
sops.age.keyFile = ./key.age;
|
|
||||||
|
|
||||||
clanCore.clanDir = "${./.}";
|
|
||||||
clanCore.machineName = "machine";
|
|
||||||
|
|
||||||
networking.hostName = "machine";
|
|
||||||
};
|
|
||||||
testScript = ''
|
|
||||||
machine.succeed("cat /etc/secret >&2")
|
|
||||||
machine.succeed("cat /etc/group-secret >&2")
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
AGE-SECRET-KEY-1UCXEUJH6JXF8LFKWFHDM4N9AQE2CCGQZGXLUNV4TKR5KY0KC8FDQ2TY4NX
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
../../../machines/machine
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
{
|
|
||||||
"publickey": "age15x8u838dwqflr3t6csf4tlghxm4tx77y379ncqxav7y2n8qp7yzqgrwt00",
|
|
||||||
"type": "age"
|
|
||||||
}
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
../../../groups/group
|
|
||||||
@@ -1,20 +0,0 @@
|
|||||||
{
|
|
||||||
"data": "ENC[AES256_GCM,data:FgF3,iv:QBbnqZ6405qmwGKhbolPr9iobngXt8rtfUwCBOnmwRA=,tag:7gqI1zLVnTkZ0xrNn/LEkA==,type:str]",
|
|
||||||
"sops": {
|
|
||||||
"kms": null,
|
|
||||||
"gcp_kms": null,
|
|
||||||
"azure_kv": null,
|
|
||||||
"hc_vault": null,
|
|
||||||
"age": [
|
|
||||||
{
|
|
||||||
"recipient": "age15x8u838dwqflr3t6csf4tlghxm4tx77y379ncqxav7y2n8qp7yzqgrwt00",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArMHcxKzhUZzNHQmQrb28x\nRC9UMlZMeDN3S1l1eHdUWmV4VUVReHhhQ0RnCjAyUXVlY1FmclVmL2lEdFZuTmll\nVENpa3AwbjlDck5zdGdHUTRnNEdEOUkKLS0tIER3ZlNMSVFnRElkRDcxajZnVmFl\nZThyYzcvYUUvaWJYUmlwQ3dsSDdjSjgK+tj34yBzrsIjm6V+T9wTgz5FdNGOR7I/\nVB4fh8meW0vi/PCK/rajC8NbqmK8qq/lwsF/JwfZKDSdG0FOJUB1AA==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"lastmodified": "2023-09-03T12:44:56Z",
|
|
||||||
"mac": "ENC[AES256_GCM,data:d5a0WfE5ZRLKF1NZkBfOl+cVI8ZZHd2rC+qX/giALjyrzk09rLxBeY4lO827GFfMmVy/oC7ceH9pjv2O7ibUiQtcbGIQVBg/WP+dVn8fRMWtF0jpv9BhYTutkVk3kiddqPGhp3mpwvls2ot5jtCRczTPk3JSxN3B1JSJCmj9GfQ=,iv:YmlkTYFNUaFRWozO8+OpEVKaSQmh+N9zpatwUNMPNyw=,tag:mEGQ4tdo82qlhKWalQuufg==,type:str]",
|
|
||||||
"pgp": null,
|
|
||||||
"unencrypted_suffix": "_unencrypted",
|
|
||||||
"version": "3.7.3"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
../../../machines/machine
|
|
||||||
@@ -1,20 +0,0 @@
|
|||||||
{
|
|
||||||
"data": "ENC[AES256_GCM,data:bhxF,iv:iNs+IfSU/7EwssZ0GVTF2raxJkVlddfQEPGIBeUYAy8=,tag:JMOKTMW3/ic3UTj9eT9YFQ==,type:str]",
|
|
||||||
"sops": {
|
|
||||||
"kms": null,
|
|
||||||
"gcp_kms": null,
|
|
||||||
"azure_kv": null,
|
|
||||||
"hc_vault": null,
|
|
||||||
"age": [
|
|
||||||
{
|
|
||||||
"recipient": "age15x8u838dwqflr3t6csf4tlghxm4tx77y379ncqxav7y2n8qp7yzqgrwt00",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxS0g4TEt4S09LQnFKdCtk\nZTlUQWhNUHZmcmZqdGtuZkhhTkMzZDVaWWdNCi9vNnZQeklNaFBBU2x0ditlUDR0\nNGJlRmFFb09WSUFGdEh5TGViTWtacFEKLS0tIE1OMWdQMHhGeFBwSlVEamtHUkcy\ndzI1VHRkZ1o4SStpekVNZmpQSnRkeUkKYmPS9sR6U0NHxd55DjRk29LNFINysOl6\nEM2MTrntLxOHFWZ1QgNx34l4rYIIXx97ONvR0SRpxN0ECL9VonQeZg==\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"lastmodified": "2023-08-23T09:11:08Z",
|
|
||||||
"mac": "ENC[AES256_GCM,data:8z819mP4FJXE/ExWM1+/dhaXIXzCglhBuZwE6ikl/jNLUAnv3jYL9c9vPrPFl2by3wXSNzqB4AOiTKDQoxDx2SBQKxeWaUnOajD6hbzskoLqCCBfVx7qOHrk/BULcBvMSxBca4RnzXXoMFTwKs2A1fXqAPvSQd1X4gX6Xm9VXWM=,iv:3YxZX+gaEcRKDN0Kuf9y1oWL+sT/J5B/5CtCf4iur9Y=,tag:0dwyjpvjCqbm9vIrz6WSWQ==,type:str]",
|
|
||||||
"pgp": null,
|
|
||||||
"unencrypted_suffix": "_unencrypted",
|
|
||||||
"version": "3.7.3"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
../../../users/admin
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
{
|
|
||||||
"publickey": "age15x8u838dwqflr3t6csf4tlghxm4tx77y379ncqxav7y2n8qp7yzqgrwt00",
|
|
||||||
"type": "age"
|
|
||||||
}
|
|
||||||
@@ -10,6 +10,8 @@
|
|||||||
packages = {
|
packages = {
|
||||||
tea-create-pr = pkgs.callPackage ./tea-create-pr { };
|
tea-create-pr = pkgs.callPackage ./tea-create-pr { };
|
||||||
|
|
||||||
|
#theme = pkgs.callPackage ./theme { inherit (self.inputs) floco; clanPkgs = self'.packages; };
|
||||||
|
|
||||||
merge-after-ci = pkgs.callPackage ./merge-after-ci {
|
merge-after-ci = pkgs.callPackage ./merge-after-ci {
|
||||||
inherit (config.packages) tea-create-pr;
|
inherit (config.packages) tea-create-pr;
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -8,7 +8,7 @@
|
|||||||
{
|
{
|
||||||
packages = {
|
packages = {
|
||||||
ui = base.pkg.global;
|
ui = base.pkg.global;
|
||||||
theme = base.pkg.theme;
|
|
||||||
ui-assets = pkgs.callPackage ./nix/ui-assets.nix { };
|
ui-assets = pkgs.callPackage ./nix/ui-assets.nix { };
|
||||||
# EXAMPLE: GITEA_TOKEN=$(rbw get -f GITEA_TOKEN git.clan.lol) nix run .#update-ui-assets
|
# EXAMPLE: GITEA_TOKEN=$(rbw get -f GITEA_TOKEN git.clan.lol) nix run .#update-ui-assets
|
||||||
update-ui-assets = pkgs.callPackage ./nix/update-ui-assets.nix { };
|
update-ui-assets = pkgs.callPackage ./nix/update-ui-assets.nix { };
|
||||||
|
|||||||
Reference in New Issue
Block a user