diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 413b892..429a454 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,17 @@ on: workflow_dispatch: push: pull_request: +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true + TERM: ansi + jobs: build-machines: strategy: @@ -26,21 +37,15 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - install_url: https://releases.nixos.org/nix/nix-2.25.4/install - extra_nix_config: 'accept-flake-config = true' + uses: nixbuild/nix-quick-install-action@master + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -58,7 +63,30 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + + - name: build and cache + run: | + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix build -L "$package" + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.machine }}-${{ matrix.os }} + path: result.tar + if-no-files-found: error + build-homes: strategy: matrix: @@ -81,17 +109,14 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - uses: nixbuild/nix-quick-install-action@master + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -109,4 +134,26 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage + + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + + - name: build and cache + run: | + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix build -L "$package" + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.home }}-${{ matrix.os }} + path: result.tar + if-no-files-found: error diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 72fc72c..5bb8b29 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,6 +6,17 @@ on: description: "package to build" required: false type: string +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true + TERM: ansi + jobs: build-packages: strategy: @@ -18,6 +29,7 @@ jobs: - ubuntu-24.04-arm - macos-latest - macos-13 + runs-on: ${{ matrix.os }} steps: - name: Install Nix @@ -27,12 +39,26 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} + + - name: cache result + run: | + derivation="$(nix path-info --derivation "${{ matrix.package }}")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.os }} + path: result.tar + if-no-files-found: error diff --git a/flake.lock b/flake.lock index e40aeed..bd1a4e5 100644 --- a/flake.lock +++ b/flake.lock @@ -342,6 +342,38 @@ "type": "github" } }, + "garage": { + "inputs": { + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1741360584, + "narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", + "owner": "deuxfleurs-org", + "repo": "garage", + "rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", + "type": "github" + }, + "original": { + "owner": "deuxfleurs-org", + "repo": "garage", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -1002,6 +1034,7 @@ "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", + "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix": "lix", diff --git a/flake.nix b/flake.nix index a07ce00..494ce4f 100644 --- a/flake.nix +++ b/flake.nix @@ -88,6 +88,16 @@ crane.follows = "crane"; }; }; + garage = { + url = "github:deuxfleurs-org/garage"; + inputs = { + nixpkgs.follows = "nixpkgs"; + rust-overlay.follows = "rust-overlay"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + }; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -105,11 +115,13 @@ "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" + "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; builders-use-substitutes = true; }; diff --git a/overlay/default.nix b/overlay/default.nix index b3cdb56..1df98bd 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -19,7 +19,10 @@ in pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; + garage = ((pkgFrom inputs.garage "default").overrideAttrs { + meta.mainProgram = "garage"; + }); } ) ] -++ importedOverlays \ No newline at end of file +++ importedOverlays