From 33d720abb66ae5e292197f3d5987bf705fc3d29d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 29 May 2025 20:43:34 +0200 Subject: [PATCH] treewide: hercules is no more --- README.md | 10 ++- effects.nix | 102 ------------------------------- modules/system/default.nix | 1 - modules/system/hercules.nix | 47 -------------- modules/system/sane-defaults.nix | 4 -- 5 files changed, 4 insertions(+), 160 deletions(-) delete mode 100644 effects.nix delete mode 100644 modules/system/hercules.nix diff --git a/README.md b/README.md index 8d5da60..4e21a30 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ 雪定(せってい) -Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, home-manager, and flake-parts modules. +Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, home-manager, and nilla modules. > [!CAUTION] > I tried to make the modules in this repository useful to others without having @@ -25,13 +25,12 @@ Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, - modules - options which in principle should be reusable by others - system - my opinionated nixos/nix-darwin modules - home - my opinionated home-manager modules - - flake - flake-parts modules + - nilla - nilla modules - services - configs for services I self-host - secrets - agenix secrets - wrappers - nix packages wrapped with my configs (see: [wrapper-manager](https://github.com/viperML/wrapper-manager)) - assets - miscellaneous values reused throughout my config -- effects.nix - hercules-ci configuration ## Code guidelines @@ -55,9 +54,8 @@ clean, maintainable, and reusable. Sorted rougly by priority +- get rid of flakes completely - bring back ci (sorta done) -- hercules-ci effects for deploying machines on update (if configuration is - valid) -- fix disko +- automatic deploys (either push or pull, to be decided) - make the configuration truly declarative (to a reasonable degree) - themeing solution diff --git a/effects.nix b/effects.nix deleted file mode 100644 index aa9906a..0000000 --- a/effects.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ - config, - lib, - withSystem, - self, - ... -}: -let - collectFlakeOutputs = - { config, pkgs }: - let - inherit (pkgs) lib; - collectDrvs = - prefix: attrs: - let - drvs = lib.pipe attrs [ - (lib.filterAttrs (_: lib.isDerivation)) - (lib.mapAttrsToList ( - name: drv: { - name = lib.concatStringsSep "." (prefix ++ [ name ]); - inherit drv; - } - )) - ]; - recursed = lib.pipe attrs [ - (lib.filterAttrs ( - _: val: (!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true) - )) - (lib.mapAttrsToList (name: collectDrvs (prefix ++ [ name ]))) - ]; - in - drvs ++ (lib.flatten recursed); - rootOutputs = builtins.removeAttrs config.onPush.default.outputs [ "effects" ]; - in - collectDrvs [ ] rootOutputs; -in -{ - defaultEffectSystem = "aarch64-linux"; - - hercules-ci = { - flake-update = { - enable = true; - when.dayOfWeek = "Mon"; - }; - }; - - herculesCI = herculesCI: { - onPush.default = { - outputs.effects = { - pin-cache = withSystem config.defaultEffectSystem ( - { pkgs, hci-effects, ... }: - let - collected = collectFlakeOutputs { - inherit (herculesCI) config; - inherit pkgs; - }; - cachixCommands = lib.concatMapStringsSep "\n" ( - { name, drv }: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}" - ) collected; - in - hci-effects.runIf (herculesCI.config.repo.branch == "main") ( - hci-effects.mkEffect { - secretsMap."cachix-token" = "cachix-token"; - inputs = [ pkgs.cachix ]; - userSetupScript = '' - cachix authtoken $(readSecretString cachix-token .token) - ''; - # Discarding the context is fine here because we don't actually want to build those derivations. - # They have already been built as part of this job, - # we only want to pin them to make sure cachix doesn't GC them. - effectScript = builtins.unsafeDiscardStringContext cachixCommands; - } - ) - ); - }; - }; - }; - - perSystem = - { pkgs, lib, ... }: - rec { - legacyPackages.outputsList = - let - config = self.herculesCI { - primaryRepo = { }; - herculesCI = { }; - }; - in - collectFlakeOutputs { inherit config pkgs; }; - - legacyPackages.github-matrix = - let - systems = lib.groupBy ({ drv, ... }: drv.system) legacyPackages.outputsList; - in - lib.concatMapStringsSep "\n" ( - { name, value }: - '' - ${name}=${builtins.toJSON (map (d: d.name) value)} - '' - ) (lib.attrsToList systems); - }; -} diff --git a/modules/system/default.nix b/modules/system/default.nix index 4b82bd1..0c450a0 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -22,7 +22,6 @@ (import ./tailscale.nix { inherit isLinux; }) (import ./containers.nix { inherit isLinux; }) ./unfree.nix - (import ./hercules.nix { inherit isLinux; }) (import ./github-runner.nix { inherit isLinux; }) (import ./incus.nix { inherit isLinux; }) (import ./monitoring.nix { inherit isLinux; }) diff --git a/modules/system/hercules.nix b/modules/system/hercules.nix deleted file mode 100644 index a5fba52..0000000 --- a/modules/system/hercules.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ isLinux }: -{ - config, - lib, - ... -}: -let - options = { - settei.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration"; - }; - - herculesUser = - if isLinux then - config.systemd.services.hercules-ci-agent.serviceConfig.User - else - config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName; -in -{ - _file = ./hercules.nix; - - inherit options; - - config = lib.mkIf config.settei.hercules.enable { - age.secrets.hercules-token = { - file = ../../../secrets/hercules-token.age; - owner = herculesUser; - }; - age.secrets.hercules-cache = { - file = ../../../secrets/hercules-cache.age; - owner = herculesUser; - }; - age.secrets.hercules-secrets = { - file = ../../../secrets/hercules-secrets.age; - owner = herculesUser; - }; - - services.hercules-ci-agent = { - enable = true; - settings = { - clusterJoinTokenPath = config.age.secrets.hercules-token.path; - concurrentTasks = lib.mkDefault 4; - binaryCachesPath = config.age.secrets.hercules-cache.path; - secretsJsonPath = config.age.secrets.hercules-secrets.path; - }; - }; - }; -} diff --git a/modules/system/sane-defaults.nix b/modules/system/sane-defaults.nix index ae4a097..20a4bab 100644 --- a/modules/system/sane-defaults.nix +++ b/modules/system/sane-defaults.nix @@ -62,15 +62,11 @@ let "https://cache.nrab.lol" "https://cache.garnix.io" "https://nix-community.cachix.org" - "https://hyprland.cachix.org" - "https://hercules-ci.cachix.org" "https://nrabulinski.cachix.org" ]; extra-trusted-public-keys = [ - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic=" "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg=" ];