diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7e25ec2..1272cc1 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,7 @@ on: workflow_dispatch: push: pull_request: + env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -16,6 +17,7 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + jobs: build-machines: strategy: @@ -27,6 +29,7 @@ jobs: os: - ubuntu-latest runs-on: ${{ matrix.os }} + steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -39,23 +42,41 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix build -L "$package" + - name: cache if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') + build-homes: strategy: fail-fast: false @@ -67,6 +88,7 @@ jobs: - ubuntu-latest # - macos-latest runs-on: ${{ matrix.os }} + steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -79,20 +101,37 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" + - name: cache if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 5e779ac..637afbf 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,6 +6,7 @@ on: description: "package to build" required: false type: string + env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -18,6 +19,7 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + jobs: build-packages: strategy: @@ -31,23 +33,41 @@ jobs: # - macos-latest # - macos-13 runs-on: ${{ matrix.os }} + steps: - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - run: nix build -L ${{ matrix.package }} + - name: cache result if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "${{ matrix.package }}" |sed 's/\.drv$/.drv^*/') + - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + - name: upload result uses: actions/upload-artifact@v4 with: diff --git a/flake.lock b/flake.lock index 20d9470..fb7918a 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1742266954, - "narHash": "sha256-PoVjZXR24r1WPyWWK+DZDAlVr4otn/BcxY7/jd8fehM=", + "lastModified": 1743186614, + "narHash": "sha256-uGI98B+binIclsCJd2wXb7l1k2wV7e+sNmX4R8L5RPc=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "7bf92c8a3710eeff229bd86bc81a89daa94b66d5", + "rev": "3e57b7d35d5bd6cfed5900b377f7c68970213518", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "crane": { "locked": { - "lastModified": 1742317686, - "narHash": "sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE=", + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", "owner": "ipetkov", "repo": "crane", - "rev": "66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", "type": "github" }, "original": { @@ -361,11 +361,11 @@ ] }, "locked": { - "lastModified": 1742243551, - "narHash": "sha256-hp2tKtJHW/vbiIT4hRhP8cfZEACAWZ92lCdaO9WEi2E=", + "lastModified": 1742547966, + "narHash": "sha256-AJfw+XRaRyrlpb9Wy6rVz44JePy0AXWPECXVPBnrOfI=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "6906a4ff12838da2a74bdaeb7e7cd05cd1d69699", + "rev": "14d2f2b18da015508d4a1e31b2f014da5188d516", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1742305478, - "narHash": "sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4=", + "lastModified": 1743136572, + "narHash": "sha256-uwaVrKgi6g1TUq56247j6QvvFtYHloCkjCrEpGBvV54=", "owner": "nix-community", "repo": "home-manager", - "rev": "fb74bb76d94a6c55632376c931fc108131260ee9", + "rev": "1efd2503172016a6742c87b47b43ca2c8145607d", "type": "github" }, "original": { @@ -566,11 +566,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1741888409, - "narHash": "sha256-gJ7QmlwsJ/QdwUjwTjifNo3v7OBQm2N6xa19l3mMWM4=", - "rev": "20edd45ae816c73504ddfb9c678756e003ceeafd", + "lastModified": 1742622332, + "narHash": "sha256-z652gNdFc/95Fheq4DzVObERYRo+j9RdCF6tzkR8r80=", + "rev": "6059cbb031e49e05dd5d16208e2e50d3ab2611db", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/20edd45ae816c73504ddfb9c678756e003ceeafd.tar.gz?rev=20edd45ae816c73504ddfb9c678756e003ceeafd" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/6059cbb031e49e05dd5d16208e2e50d3ab2611db.tar.gz?rev=6059cbb031e49e05dd5d16208e2e50d3ab2611db" }, "original": { "type": "tarball", @@ -589,11 +589,11 @@ ] }, "locked": { - "lastModified": 1741894565, - "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", + "lastModified": 1742945498, + "narHash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=", "ref": "refs/heads/main", - "rev": "a6da43f8193d9e329bba1795c42590c27966082e", - "revCount": 136, + "rev": "fa69ae26cc32dda178117b46487c2165c0e08316", + "revCount": 138, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -713,11 +713,11 @@ ] }, "locked": { - "lastModified": 1742174123, - "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", + "lastModified": 1742701275, + "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", + "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6", "type": "github" }, "original": { @@ -733,11 +733,11 @@ ] }, "locked": { - "lastModified": 1742204505, - "narHash": "sha256-sHBzuG9K/VrvOrcLd9GwoCLaQZDVedi/00YmFfdKq/A=", + "lastModified": 1742804816, + "narHash": "sha256-oRNAhQwybNM5IUeGLR/4APdiec3t8t3vuWALEGg0t/Q=", "owner": "nix-community", "repo": "nix-ld", - "rev": "bc1ecb8ca83507c764a3909f02f1acf53c033585", + "rev": "27a5f75260a086f391c0eca38a5e306b9823a0b4", "type": "github" }, "original": { @@ -780,11 +780,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1742268799, - "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", + "lastModified": 1742937945, + "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", "owner": "nixos", "repo": "nixpkgs", - "rev": "da044451c6a70518db5b730fe277b70f494188f1", + "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", "type": "github" }, "original": { @@ -828,11 +828,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1742276595, - "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", + "lastModified": 1743169207, + "narHash": "sha256-JVBHFruzE0/uCMbp8c6f/0mtMLO05Gs5kOo8RYsJss0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2b3795787eba0066a2bc8bba7362422e5713840f", + "rev": "360e0a6013f94d32ea86050d3646e3ccba1c2667", "type": "github" }, "original": { @@ -853,11 +853,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1742255305, - "narHash": "sha256-XxygfriVXQt+5Iqh6AOjZL5Aes5dH2xzVKpHpL8pDQg=", + "lastModified": 1743157969, + "narHash": "sha256-ldlSyVKNaXL7ys7Jr7mLhlpGDE4VPVcWmV7Odupn5TY=", "owner": "nix-community", "repo": "nixvim", - "rev": "78f6166c23f80bdfbcc8c44b20f7f4132299a33f", + "rev": "95573411bc9be155a93b0f15d2bad62c6b43b3cc", "type": "github" }, "original": { @@ -876,11 +876,11 @@ ] }, "locked": { - "lastModified": 1738508923, - "narHash": "sha256-4DaDrQDAIxlWhTjH6h/+xfG05jt3qDZrZE/7zDLQaS4=", + "lastModified": 1742659553, + "narHash": "sha256-i/JCrr/jApVorI9GkSV5to+USrRCa0rWuQDH8JSlK2A=", "owner": "NuschtOS", "repo": "search", - "rev": "86e2038290859006e05ca7201425ea5b5de4aecb", + "rev": "508752835128a3977985a4d5225ff241f7756181", "type": "github" }, "original": { @@ -997,11 +997,11 @@ ] }, "locked": { - "lastModified": 1742265167, - "narHash": "sha256-RB0UEF9IXIgwuuBFC+s9H4rDyvmMZePHlBAK4vRAwf4=", + "lastModified": 1743129211, + "narHash": "sha256-gE8t+U9miTwm2NYWS9dFY8H1/QB4ifaFDq1KdV9KEqo=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "87f0965f9f5b13fca9f38074eee8369dc767550d", + "rev": "f93da1d26ba9963f34f94a6872b67a7939699543", "type": "github" }, "original": { @@ -1017,11 +1017,11 @@ ] }, "locked": { - "lastModified": 1742239755, - "narHash": "sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ=", + "lastModified": 1742700801, + "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "787afce414bcce803b605c510b60bf43c11f4b55", + "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", "type": "github" }, "original": { @@ -1067,11 +1067,11 @@ ] }, "locked": { - "lastModified": 1742303424, - "narHash": "sha256-2R7cGdcA2npQQcIWu2cTlU63veTzwVZe78BliIuJT00=", + "lastModified": 1743081648, + "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "b3b938ab8ba2e8a0ce9ee9b30ccfa5e903ae5753", + "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", "type": "github" }, "original": { @@ -1090,11 +1090,11 @@ ] }, "locked": { - "lastModified": 1742262692, - "narHash": "sha256-kCuy1Fld1vFmor6SZ48DdtiLv9/zUhW8lCaTA+Py+es=", + "lastModified": 1743126894, + "narHash": "sha256-FUsh0AWH3ndHvZsGkAf0Ng/wn8z9JydhhkICYoU4aEk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "32de9a383db6b555ac92877dd8b5b986f4151de7", + "rev": "2473e00df450ad863f552f2cc8da78e6a942118d", "type": "github" }, "original": {