diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml new file mode 100644 index 0000000..5f88345 --- /dev/null +++ b/.github/workflows/nix.yml @@ -0,0 +1,15 @@ +name: "Nix" +on: + push: +jobs: + tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v8 + - uses: cachix/cachix-action@v5 + with: + name: nix-community + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + # Only needed for private caches + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..e45e82f --- /dev/null +++ b/default.nix @@ -0,0 +1,14 @@ +# Add derivations to be built from the cache to this file +{ system ? builtins.currentSystem }: +let + pkgs = import ./nix { inherit system; }; + + importNixOS = configuration: system: + (import "${toString pkgs.path}/nixos") { + inherit configuration system; + }; +in + pkgs.nix-community-infra // rec { + build01 = importNixOS ./build01/configuration.nix "x86_64-linux"; + build01-system = build01.system; + } diff --git a/deploy b/deploy index 166c41a..1dc047a 100755 --- a/deploy +++ b/deploy @@ -2,10 +2,17 @@ #! nix-shell ./shell.nix -i bash set -euo pipefail +options=( + --option extra-substituters "https://nix-community.cachix.org" + --option binary-cache-public-keys "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" +) + mkdir -p state if [ $(nixops list --state "$NIXOPS_STATE" | grep -c "$NIXOPS_DEPLOYMENT") -eq 0 ]; then - nixops create ./deployment.nix --deployment "$NIXOPS_DEPLOYMENT" --state "$NIXOPS_STATE" + nixops create ./deployment.nix \ + "${options[@]}" \ + --deployment "$NIXOPS_DEPLOYMENT" --state "$NIXOPS_STATE" fi -nixops deploy "$@" +nixops deploy "${options[@]}" "$@" diff --git a/nix/default.nix b/nix/default.nix new file mode 100644 index 0000000..27f9eeb --- /dev/null +++ b/nix/default.nix @@ -0,0 +1,11 @@ +{ system ? builtins.currentSystem }: +let + sources = import ./sources.nix; + + pkgs = import sources.nixpkgs { + inherit system; + config = {}; + overlays = [ (import ./overlay.nix) ]; + }; +in + pkgs diff --git a/nix/overlay.nix b/nix/overlay.nix new file mode 100644 index 0000000..3502192 --- /dev/null +++ b/nix/overlay.nix @@ -0,0 +1,21 @@ +let + nix-community-infra = pkgs: { + inherit (pkgs) + git-crypt + niv + nixops + ; + + terraform = pkgs.terraform.withPlugins ( + p: [ + p.cloudflare + ] + ); + }; + + overlay = self: super: { + sources = import ./sources.nix; + nix-community-infra = nix-community-infra super; + }; +in + overlay diff --git a/profiles/common.nix b/profiles/common.nix index e34990c..81c2480 100644 --- a/profiles/common.nix +++ b/profiles/common.nix @@ -19,10 +19,16 @@ # Entropy gathering daemon services.haveged.enable = true; - nix = let - asGB = size: toString (size * 1024 * 1024); - in + nix = + let asGB = size: toString (size * 1024 * 1024); in { + binaryCachePublicKeys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + binaryCaches = [ + "https://nix-community.cachix.org" + ]; + extraOptions = '' # auto-free the /nix/store min-free = ${asGB 10} diff --git a/shell.nix b/shell.nix index 5caa1f2..e13b453 100644 --- a/shell.nix +++ b/shell.nix @@ -1,11 +1,6 @@ +{ system ? builtins.currentSystem }: let - sources = import ./nix/sources.nix; - - pkgs = import sources.nixpkgs { - config = {}; - overlays = []; - }; - + pkgs = import ./nix { inherit system; }; in pkgs.mkShell { @@ -14,17 +9,11 @@ pkgs.mkShell { NIXOPS_DEPLOYMENT = "nix-community-infra"; NIXOPS_STATE = toString ./state/deployment-state.nixops; - buildInputs = [ - pkgs.git-crypt - pkgs.niv - pkgs.nixops - ( - pkgs.terraform.withPlugins ( - p: [ - p.cloudflare - ] - ) - ) + buildInputs = with pkgs.nix-community-infra; [ + git-crypt + niv + nixops + terraform ]; # terraform cloud without the remote execution part