sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: add basic nix and cachix support ()

Browse source
This commit is contained in:
zimbatm 2020-04-07 13:31:11 +00:00 committed by GitHub
parent cc67646556
commit 53e2bc01d4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 86 additions and 23 deletions

15
.github/workflows/nix.yml vendored Normal file
View file

@ -0,0 +1,15 @@
name: "Nix"
on:
push:
jobs:
tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v8
- uses: cachix/cachix-action@v5
with:
name: nix-community
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
# Only needed for private caches
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

14
default.nix Normal file
View file

@ -0,0 +1,14 @@
# Add derivations to be built from the cache to this file
{ system ? builtins.currentSystem }:
let
pkgs = import ./nix { inherit system; };
importNixOS = configuration: system:
(import "${toString pkgs.path}/nixos") {
inherit configuration system;
};
in
pkgs.nix-community-infra // rec {
build01 = importNixOS ./build01/configuration.nix "x86_64-linux";
build01-system = build01.system;
}

11
deploy
View file

@ -2,10 +2,17 @@
#! nix-shell ./shell.nix -i bash #! nix-shell ./shell.nix -i bash
set -euo pipefail set -euo pipefail
options=(
--option extra-substituters "https://nix-community.cachix.org"
--option binary-cache-public-keys "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
)
mkdir -p state mkdir -p state
if [ $(nixops list --state "$NIXOPS_STATE" | grep -c "$NIXOPS_DEPLOYMENT") -eq 0 ]; then if [ $(nixops list --state "$NIXOPS_STATE" | grep -c "$NIXOPS_DEPLOYMENT") -eq 0 ]; then
nixops create ./deployment.nix --deployment "$NIXOPS_DEPLOYMENT" --state "$NIXOPS_STATE" nixops create ./deployment.nix \
"${options[@]}" \
--deployment "$NIXOPS_DEPLOYMENT" --state "$NIXOPS_STATE"
fi fi
nixops deploy "$@" nixops deploy "${options[@]}" "$@"

11
nix/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ system ? builtins.currentSystem }:
let
sources = import ./sources.nix;
pkgs = import sources.nixpkgs {
inherit system;
config = {};
overlays = [ (import ./overlay.nix) ];
};
in
pkgs

21
nix/overlay.nix Normal file
View file

@ -0,0 +1,21 @@
let
nix-community-infra = pkgs: {
inherit (pkgs)
git-crypt
niv
nixops
;
terraform = pkgs.terraform.withPlugins (
p: [
p.cloudflare
]
);
};
overlay = self: super: {
sources = import ./sources.nix;
nix-community-infra = nix-community-infra super;
};
in
overlay

12
profiles/common.nix
View file

@ -19,10 +19,16 @@
# Entropy gathering daemon # Entropy gathering daemon
services.haveged.enable = true; services.haveged.enable = true;
nix = let nix =
asGB = size: toString (size * 1024 * 1024); let asGB = size: toString (size * 1024 * 1024); in
in
{ {
binaryCachePublicKeys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
binaryCaches = [
"https://nix-community.cachix.org"
];
extraOptions = '' extraOptions = ''
# auto-free the /nix/store # auto-free the /nix/store
min-free = ${asGB 10} min-free = ${asGB 10}

25
shell.nix
View file

@ -1,11 +1,6 @@
{ system ? builtins.currentSystem }:
let let
sources = import ./nix/sources.nix; pkgs = import ./nix { inherit system; };
pkgs = import sources.nixpkgs {
config = {};
overlays = [];
};
in in
pkgs.mkShell { pkgs.mkShell {
@ -14,17 +9,11 @@ pkgs.mkShell {
NIXOPS_DEPLOYMENT = "nix-community-infra"; NIXOPS_DEPLOYMENT = "nix-community-infra";
NIXOPS_STATE = toString ./state/deployment-state.nixops; NIXOPS_STATE = toString ./state/deployment-state.nixops;
buildInputs = [ buildInputs = with pkgs.nix-community-infra; [
pkgs.git-crypt git-crypt
pkgs.niv niv
pkgs.nixops nixops
( terraform
pkgs.terraform.withPlugins (
p: [
p.cloudflare
]
)
)
]; ];
# terraform cloud without the remote execution part # terraform cloud without the remote execution part