diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
new file mode 100644
index 0000000..5f88345
--- /dev/null
+++ b/.github/workflows/nix.yml
@@ -0,0 +1,15 @@
+name: "Nix"
+on:
+ push:
+jobs:
+ tests:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - uses: cachix/install-nix-action@v8
+ - uses: cachix/cachix-action@v5
+ with:
+ name: nix-community
+ signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+ # Only needed for private caches
+ authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..e45e82f
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,14 @@
+# Add derivations to be built from the cache to this file
+{ system ? builtins.currentSystem }:
+let
+ pkgs = import ./nix { inherit system; };
+
+ importNixOS = configuration: system:
+ (import "${toString pkgs.path}/nixos") {
+ inherit configuration system;
+ };
+in
+ pkgs.nix-community-infra // rec {
+ build01 = importNixOS ./build01/configuration.nix "x86_64-linux";
+ build01-system = build01.system;
+ }
diff --git a/deploy b/deploy
index 166c41a..1dc047a 100755
--- a/deploy
+++ b/deploy
@@ -2,10 +2,17 @@
#! nix-shell ./shell.nix -i bash
set -euo pipefail
+options=(
+ --option extra-substituters "https://nix-community.cachix.org"
+ --option binary-cache-public-keys "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+)
+
mkdir -p state
if [ $(nixops list --state "$NIXOPS_STATE" | grep -c "$NIXOPS_DEPLOYMENT") -eq 0 ]; then
- nixops create ./deployment.nix --deployment "$NIXOPS_DEPLOYMENT" --state "$NIXOPS_STATE"
+ nixops create ./deployment.nix \
+ "${options[@]}" \
+ --deployment "$NIXOPS_DEPLOYMENT" --state "$NIXOPS_STATE"
fi
-nixops deploy "$@"
+nixops deploy "${options[@]}" "$@"
diff --git a/nix/default.nix b/nix/default.nix
new file mode 100644
index 0000000..27f9eeb
--- /dev/null
+++ b/nix/default.nix
@@ -0,0 +1,11 @@
+{ system ? builtins.currentSystem }:
+let
+ sources = import ./sources.nix;
+
+ pkgs = import sources.nixpkgs {
+ inherit system;
+ config = {};
+ overlays = [ (import ./overlay.nix) ];
+ };
+in
+ pkgs
diff --git a/nix/overlay.nix b/nix/overlay.nix
new file mode 100644
index 0000000..3502192
--- /dev/null
+++ b/nix/overlay.nix
@@ -0,0 +1,21 @@
+let
+ nix-community-infra = pkgs: {
+ inherit (pkgs)
+ git-crypt
+ niv
+ nixops
+ ;
+
+ terraform = pkgs.terraform.withPlugins (
+ p: [
+ p.cloudflare
+ ]
+ );
+ };
+
+ overlay = self: super: {
+ sources = import ./sources.nix;
+ nix-community-infra = nix-community-infra super;
+ };
+in
+ overlay
diff --git a/profiles/common.nix b/profiles/common.nix
index e34990c..81c2480 100644
--- a/profiles/common.nix
+++ b/profiles/common.nix
@@ -19,10 +19,16 @@
# Entropy gathering daemon
services.haveged.enable = true;
- nix = let
- asGB = size: toString (size * 1024 * 1024);
- in
+ nix =
+ let asGB = size: toString (size * 1024 * 1024); in
{
+ binaryCachePublicKeys = [
+ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+ ];
+ binaryCaches = [
+ "https://nix-community.cachix.org"
+ ];
+
extraOptions = ''
# auto-free the /nix/store
min-free = ${asGB 10}
diff --git a/shell.nix b/shell.nix
index 5caa1f2..e13b453 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,11 +1,6 @@
+{ system ? builtins.currentSystem }:
let
- sources = import ./nix/sources.nix;
-
- pkgs = import sources.nixpkgs {
- config = {};
- overlays = [];
- };
-
+ pkgs = import ./nix { inherit system; };
in
pkgs.mkShell {
@@ -14,17 +9,11 @@ pkgs.mkShell {
NIXOPS_DEPLOYMENT = "nix-community-infra";
NIXOPS_STATE = toString ./state/deployment-state.nixops;
- buildInputs = [
- pkgs.git-crypt
- pkgs.niv
- pkgs.nixops
- (
- pkgs.terraform.withPlugins (
- p: [
- p.cloudflare
- ]
- )
- )
+ buildInputs = with pkgs.nix-community-infra; [
+ git-crypt
+ niv
+ nixops
+ terraform
];
# terraform cloud without the remote execution part