Remove CI ragenix key

nixos/estuary: Fix hairpinned NAT
Full CI
2023-11-17 20:25:58 +00:00 · 2023-11-17 20:25:43 +00:00 · 2023-11-17 20:25:33 +00:00
7 changed files with 33 additions and 15 deletions
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -6,7 +6,7 @@ on:

 jobs:
  check:
-    name: Check Nix flake
+    name: Check, build and cache Nix flake
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
@@ -27,10 +27,14 @@ jobs:
          nix run .#nixpkgs.mine.x86_64-linux.attic-client -- \
            login --set-default colony https://nix-cache.nul.ie "${{ secrets.NIX_CACHE_TOKEN }}"

-      # - name: Check flake
-      #   run: nix flake check
+      - name: Check and build flake
+        id: build
+        run: |
+          nix flake check
+
+          path=$(nix build --no-link .#ci.x86_64-linux --json | jq -r .[0].outputs.out)
+          echo "path=$path" >> "$GITHUB_OUTPUT"
      - name: Push to cache
        run: |
-          path=$(nix build --no-link .#nixosConfigurations.middleman.config.system.build.toplevel --json | jq -r .[0].outputs.out)
          nix run .#nixpkgs.mine.x86_64-linux.attic-client -- \
-            push main $path
+            push main ${{ steps.build.outputs.path }}
--- a/.keys/ci.pub
+++ b/.keys/ci.pub
@@ -1 +0,0 @@
-age1ythn9runhsvwmszqfy69zetc422hug39ta4g236tue6f5qf65y0q4qg7xx
--- a/flake.nix
+++ b/flake.nix
@@ -51,8 +51,8 @@
      ...
    }:
    let
-      inherit (builtins) mapAttrs;
-      inherit (lib) genAttrs recurseIntoAttrs evalModules;
+      inherit (builtins) mapAttrs replaceStrings;
+      inherit (lib) mapAttrs' filterAttrs nameValuePair recurseIntoAttrs evalModules;
      inherit (lib.flake) flattenTree eachDefaultSystem;
      inherit (lib.my) mkDefaultSystemsPkgs flakePackageOverlay;

@@ -164,16 +164,34 @@
      pkgs = pkgs'.mine.${system};
      lib = pkgs.lib;

+      filterSystem = filterAttrs (_: c: c.config.nixpkgs.system == system);
+      homes' =
+        mapAttrs
+          (_: h: h.activationPackage)
+          (filterSystem self.homeConfigurations);
+      systems' =
+        mapAttrs
+          (_: h: h.config.system.build.toplevel)
+          (filterSystem self.nixosConfigurations);
      shell = pkgs.devshell.mkShell ./devshell;
    in
    # Stuff for each platform
    {
      checks = flattenTree {
-        homeConfigurations = recurseIntoAttrs (mapAttrs (_: h: h.activationPackage)
-          (lib.filterAttrs (_: h: h.config.nixpkgs.system == system) self.homeConfigurations));
+        homeConfigurations = recurseIntoAttrs homes';
        deploy = recurseIntoAttrs (pkgs.deploy-rs.lib.deployChecks self.deploy);
      };

+      ci =
+      let
+        homes =
+          mapAttrs'
+            (n: v: nameValuePair ''home-${replaceStrings ["@"] ["-at-"] n}'' v)
+            homes';
+        systems = mapAttrs' (n: v: nameValuePair "system-${n}" v) systems';
+      in
+        pkgs.linkFarm "ci" (homes // systems);
+
      packages = flattenTree (import ./pkgs { inherit lib pkgs; });

      devShells.default = shell;
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@@ -448,7 +448,7 @@ in
                    chain forward {
                      iifname { wan, $ixps } oifname base jump filter-routing
                      oifname $ixps jump ixp
-                      iifname base oifname { wan, $ixps } accept
+                      iifname base oifname { base, wan, $ixps } accept
                      oifname { as211024, kelder } accept
                    }
                    chain output {
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@@ -412,7 +412,6 @@ in

      nixCacheableRegex = ''^\/(\S+\.narinfo|nar\/\S+\.nar\.\S+)$'';
      nixCacheHeaders = ''
-        proxy_hide_header "X-Amz-Request-Id";
        add_header Cache-Control $nix_cache_control;
        add_header Expires $nix_expires;
      '';
@@ -448,7 +447,6 @@ in
          };
        };
        useACMEHost = pubDomain;
-        onlySSL = false;
      };
    };

--- a/nixos/boxes/colony/vms/shill/containers/object.nix
+++ b/nixos/boxes/colony/vms/shill/containers/object.nix
@@ -162,7 +162,7 @@ in
                  type = "s3";
                  region = "eu-central-1";
                  bucket = "nix-attic";
-                  endpoint = "http://localhost:9000";
+                  endpoint = "https://s3.nul.ie";
                };
                chunking = {
                  nar-size-threshold = 65536;
--- a/secrets.nix
+++ b/secrets.nix
@@ -9,7 +9,6 @@ let

  defaultKeys = [
    (fileContents .keys/dev.pub)
-    (fileContents .keys/ci.pub)
  ];
  secretKeys =
    zipAttrsWith
Author	SHA1	Message	Date
Jack O'Sullivan	01897ef0bb	Remove CI ragenix key Some checks reported warnings CI / Check, build and cache Nix flake (push) Has been cancelled Details	2023-11-17 20:25:58 +00:00
Jack O'Sullivan	82eab34f4b	nixos/estuary: Fix hairpinned NAT	2023-11-17 20:25:43 +00:00
Jack O'Sullivan	241abd02ac	Full CI	2023-11-17 20:25:33 +00:00
				`@@ -1 +0,0 @@`
				`age1ythn9runhsvwmszqfy69zetc422hug39ta4g236tue6f5qf65y0q4qg7xx`