diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 6995a7a..563a44c 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -76,11 +76,16 @@ jobs: if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - -u https://nix-community.cachix.org \ - -u https://nixcache.cy7.sh \ - $package + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done build-homes: strategy: @@ -148,8 +153,13 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - -u https://nix-community.cachix.org \ - -u https://nixcache.cy7.sh \ - $package + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index ce4afd1..fea88fc 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -64,11 +64,16 @@ jobs: # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - -u https://nix-community.cachix.org \ - -u https://nixcache.cy7.sh \ - "${{ matrix.package }}" + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "${{ matrix.package }}") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result diff --git a/flake.lock b/flake.lock index 480ec6e..df19b3b 100644 --- a/flake.lock +++ b/flake.lock @@ -273,7 +273,9 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1741352980, @@ -761,21 +763,6 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1730741070, diff --git a/flake.nix b/flake.nix index 525c090..3093168 100644 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,10 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-parts.follows = "flake-parts"; }; + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; rust-overlay = { url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; @@ -97,7 +101,6 @@ flake-utils.url = "github:numtide/flake-utils"; crane.url = "github:ipetkov/crane"; flake-compat.url = "github:edolstra/flake-compat"; - flake-parts.url = "github:hercules-ci/flake-parts"; }; nixConfig = { @@ -116,74 +119,111 @@ self, nixpkgs, home-manager, + flake-parts, ... }@inputs: - let - pkgs = import nixpkgs { - config.allowUnfree = true; - system = "x86_64-linux"; - overlays = [ - inputs.rust-overlay.overlays.default - inputs.vscode-extensions.overlays.default - ] ++ (import ./overlay { inherit inputs; }); - }; - in + flake-parts.lib.mkFlake { inherit inputs; } ( + { ... }: { - nixosConfigurations = - let - lib = nixpkgs.lib; - in + imports = [ + inputs.treefmt.flakeModule + ]; + systems = [ + "x86_64-linux" + ]; + perSystem = { - ytnix = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/ytnix - ./modules - inputs.sops-nix.nixosModules.sops - inputs.lanzaboote.nixosModules.lanzaboote - inputs.lix-module.nixosModules.default - inputs.nix-ld.nixosModules.nix-ld - ]; - }; - chunk = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/chunk - ./modules - inputs.sops-nix.nixosModules.sops - inputs.lix-module.nixosModules.default - ]; - }; - }; - homeConfigurations = - let - lib = home-manager.lib; - in + inputs', + ... + }: { - "yt@ytnix" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/ytnix.nix - inputs.nixvim.homeManagerModules.nixvim - inputs.nix-index-database.hmModules.nix-index - ]; - }; + treefmt = { + projectRootFile = "flake.nix"; + programs.nixfmt.enable = true; + programs.typos.enable = true; + programs.shellcheck.enable = true; - "yt@chunk" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/chunk.nix - inputs.nixvim.homeManagerModules.nixvim + programs.yamlfmt = { + enable = true; + settings.retain_line_breaks = true; + }; + + settings.global.excludes = [ + "secrets/*" + "**/*.png" # tries to format a png file ]; }; }; - }; + + flake = + let + pkgs = import nixpkgs { + config.allowUnfree = true; + system = "x86_64-linux"; + overlays = [ + inputs.rust-overlay.overlays.default + inputs.vscode-extensions.overlays.default + ] ++ (import ./overlay { inherit inputs; }); + }; + in + { + nixosConfigurations = + let + lib = nixpkgs.lib; + in + { + ytnix = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/ytnix + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lanzaboote.nixosModules.lanzaboote + inputs.lix-module.nixosModules.default + inputs.nix-ld.nixosModules.nix-ld + ]; + }; + chunk = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/chunk + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lix-module.nixosModules.default + ]; + }; + }; + homeConfigurations = + let + lib = home-manager.lib; + in + { + "yt@ytnix" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/ytnix.nix + inputs.nixvim.homeManagerModules.nixvim + inputs.nix-index-database.hmModules.nix-index + ]; + }; + + "yt@chunk" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/chunk.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; + }; + }; + } + ); } diff --git a/modules/caddy.nix b/modules/caddy.nix index 90ec770..3e6ca63 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -36,15 +36,6 @@ in } ''; environmentFile = config.sops.secrets."caddy/env".path; - - virtualHosts."keys.cy7.sh".extraConfig = '' - import common - respond / 200 { - body "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhUt9h5dCcrwOrZNKkStCX5OxumPzEwYXSU/0DgtWgP - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD" - } - ''; }; }; }