diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 290761f..ba6ec24 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -8,6 +8,8 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + AWS_ENDPOINT_URL: https://s3.cy7.sh jobs: build-machines: @@ -35,7 +37,7 @@ jobs: build-mount-path: /nix - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 @@ -46,16 +48,9 @@ jobs: experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix - nix --version + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Sync repository uses: actions/checkout@v4 @@ -73,10 +68,11 @@ jobs: if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + nix run github:cything/nixcp/2025-04-12 -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ $package build-homes: @@ -105,7 +101,7 @@ jobs: build-mount-path: /nix - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 @@ -116,16 +112,9 @@ jobs: experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix - nix --version + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Sync repository uses: actions/checkout@v4 @@ -142,8 +131,9 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + nix run github:cything/nixcp/2025-04-12 -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ $package diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 4f76a1d..2688fb3 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -11,6 +11,8 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + AWS_ENDPOINT_URL: https://s3.cy7.sh jobs: build-packages: @@ -22,13 +24,13 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - # - macos-latest - # - macos-13 + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} steps: - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 @@ -39,21 +41,9 @@ jobs: experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix - nix --version - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - run: nix build -L ${{ matrix.package }} @@ -61,10 +51,11 @@ jobs: # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + nix run github:cything/nixcp/2025-04-12 -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ "${{ matrix.package }}" - name: prepare tarball to upload diff --git a/flake.lock b/flake.lock index 435ec8d..9feaf1e 100644 --- a/flake.lock +++ b/flake.lock @@ -136,39 +136,6 @@ "type": "github" } }, - "flake-utils_4": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "garage": { "inputs": { "crane": "crane", @@ -261,45 +228,9 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1742943028, - "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", - "ref": "release-2.92", - "rev": "3fae818597ca2f1474de62022f850c23be50528d", - "revCount": 134, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - }, - "original": { - "ref": "release-2.92", - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - } - }, "nil": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], @@ -361,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "type": "github" }, "original": { @@ -375,38 +306,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1743813633, - "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1743862455, - "narHash": "sha256-I/QXtrqznq1321mYR9TyMPX/zCWb9iAH64hO+pEBY00=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "06f3516b0397bd241bde2daefc8538fc886c5467", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -438,12 +337,10 @@ "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", - "lix-module": "lix-module", "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_2", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs": "nixpkgs", "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", "vscode-extensions": "vscode-extensions" @@ -598,24 +495,10 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", + "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 92d6363..0aea8eb 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,7 @@ description = "cy's flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; home-manager.url = "github:nix-community/home-manager"; @@ -12,7 +11,6 @@ lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; - lix-module.url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; nix-ld.url = "github:nix-community/nix-ld"; nix-ld.inputs.nixpkgs.follows = "nixpkgs"; nil.url = "github:oxalica/nil"; @@ -69,7 +67,6 @@ ./modules inputs.sops-nix.nixosModules.sops inputs.lanzaboote.nixosModules.lanzaboote - inputs.lix-module.nixosModules.default inputs.nix-ld.nixosModules.nix-ld ]; }; @@ -82,7 +79,6 @@ ./hosts/chunk ./modules inputs.sops-nix.nixosModules.sops - inputs.lix-module.nixosModules.default ]; }; }; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 686a8a3..3ed40e6 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -103,6 +103,7 @@ gopls rust-analyzer minio-client + nil ]; home.sessionVariables = { diff --git a/hosts/common.nix b/hosts/common.nix index 77e0edb..b5a71a0 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,4 +1,4 @@ -{ inputs, config, ... }: +{ inputs, config, pkgs, ... }: { nix = { settings = { diff --git a/overlay/default.nix b/overlay/default.nix index 3599338..67d855e 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -12,6 +12,7 @@ meta.mainProgram = "garage"; } ); + nil = pkgFrom inputs.nil "default"; } ) ]