treewide: hercules is no more

README.md

@@ -3,7 +3,7 @@
   雪定<rp>(</rp><rt>せってい</rt><rp>)</rp>
 </ruby>
 </h1>
-Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, home-manager, and flake-parts modules.
+Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, home-manager, and nilla modules.
 
 > [!CAUTION]
 > I tried to make the modules in this repository useful to others without having
@@ -25,13 +25,12 @@ Collection of my personal Nix configurations and opinionated NixOS, nix-darwin,
 - modules - options which in principle should be reusable by others
   - system - my opinionated nixos/nix-darwin modules
   - home - my opinionated home-manager modules
-  - flake - flake-parts modules
+  - nilla - nilla modules
 - services - configs for services I self-host
 - secrets - agenix secrets
 - wrappers - nix packages wrapped with my configs (see:
   [wrapper-manager](https://github.com/viperML/wrapper-manager))
 - assets - miscellaneous values reused throughout my config
-- effects.nix - hercules-ci configuration
 
 ## Code guidelines
 
@@ -55,9 +54,8 @@ clean, maintainable, and reusable.
 
 Sorted rougly by priority
 
+- get rid of flakes completely
 - bring back ci (sorta done)
-- hercules-ci effects for deploying machines on update (if configuration is
-  valid)
-- fix disko
+- automatic deploys (either push or pull, to be decided)
 - make the configuration truly declarative (to a reasonable degree)
 - themeing solution

effects.nix

@@ -1,102 +0,0 @@
-{
-  config,
-  lib,
-  withSystem,
-  self,
-  ...
-}:
-let
-  collectFlakeOutputs =
-    { config, pkgs }:
-    let
-      inherit (pkgs) lib;
-      collectDrvs =
-        prefix: attrs:
-        let
-          drvs = lib.pipe attrs [
-            (lib.filterAttrs (_: lib.isDerivation))
-            (lib.mapAttrsToList (
-              name: drv: {
-                name = lib.concatStringsSep "." (prefix ++ [ name ]);
-                inherit drv;
-              }
-            ))
-          ];
-          recursed = lib.pipe attrs [
-            (lib.filterAttrs (
-              _: val: (!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true)
-            ))
-            (lib.mapAttrsToList (name: collectDrvs (prefix ++ [ name ])))
-          ];
-        in
-        drvs ++ (lib.flatten recursed);
-      rootOutputs = builtins.removeAttrs config.onPush.default.outputs [ "effects" ];
-    in
-    collectDrvs [ ] rootOutputs;
-in
-{
-  defaultEffectSystem = "aarch64-linux";
-
-  hercules-ci = {
-    flake-update = {
-      enable = true;
-      when.dayOfWeek = "Mon";
-    };
-  };
-
-  herculesCI = herculesCI: {
-    onPush.default = {
-      outputs.effects = {
-        pin-cache = withSystem config.defaultEffectSystem (
-          { pkgs, hci-effects, ... }:
-          let
-            collected = collectFlakeOutputs {
-              inherit (herculesCI) config;
-              inherit pkgs;
-            };
-            cachixCommands = lib.concatMapStringsSep "\n" (
-              { name, drv }: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}"
-            ) collected;
-          in
-          hci-effects.runIf (herculesCI.config.repo.branch == "main") (
-            hci-effects.mkEffect {
-              secretsMap."cachix-token" = "cachix-token";
-              inputs = [ pkgs.cachix ];
-              userSetupScript = ''
-                cachix authtoken $(readSecretString cachix-token .token)
-              '';
-              # Discarding the context is fine here because we don't actually want to build those derivations.
-              # They have already been built as part of this job,
-              # we only want to pin them to make sure cachix doesn't GC them.
-              effectScript = builtins.unsafeDiscardStringContext cachixCommands;
-            }
-          )
-        );
-      };
-    };
-  };
-
-  perSystem =
-    { pkgs, lib, ... }:
-    rec {
-      legacyPackages.outputsList =
-        let
-          config = self.herculesCI {
-            primaryRepo = { };
-            herculesCI = { };
-          };
-        in
-        collectFlakeOutputs { inherit config pkgs; };
-
-      legacyPackages.github-matrix =
-        let
-          systems = lib.groupBy ({ drv, ... }: drv.system) legacyPackages.outputsList;
-        in
-        lib.concatMapStringsSep "\n" (
-          { name, value }:
-          ''
-            ${name}=${builtins.toJSON (map (d: d.name) value)}
-          ''
-        ) (lib.attrsToList systems);
-    };
-}

modules/system/default.nix

@@ -22,7 +22,6 @@
     (import ./tailscale.nix { inherit isLinux; })
     (import ./containers.nix { inherit isLinux; })
     ./unfree.nix
-    (import ./hercules.nix { inherit isLinux; })
     (import ./github-runner.nix { inherit isLinux; })
     (import ./incus.nix { inherit isLinux; })
     (import ./monitoring.nix { inherit isLinux; })

modules/system/hercules.nix

@@ -1,47 +0,0 @@
-{ isLinux }:
-{
-  config,
-  lib,
-  ...
-}:
-let
-  options = {
-    settei.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration";
-  };
-
-  herculesUser =
-    if isLinux then
-      config.systemd.services.hercules-ci-agent.serviceConfig.User
-    else
-      config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName;
-in
-{
-  _file = ./hercules.nix;
-
-  inherit options;
-
-  config = lib.mkIf config.settei.hercules.enable {
-    age.secrets.hercules-token = {
-      file = ../../../secrets/hercules-token.age;
-      owner = herculesUser;
-    };
-    age.secrets.hercules-cache = {
-      file = ../../../secrets/hercules-cache.age;
-      owner = herculesUser;
-    };
-    age.secrets.hercules-secrets = {
-      file = ../../../secrets/hercules-secrets.age;
-      owner = herculesUser;
-    };
-
-    services.hercules-ci-agent = {
-      enable = true;
-      settings = {
-        clusterJoinTokenPath = config.age.secrets.hercules-token.path;
-        concurrentTasks = lib.mkDefault 4;
-        binaryCachesPath = config.age.secrets.hercules-cache.path;
-        secretsJsonPath = config.age.secrets.hercules-secrets.path;
-      };
-    };
-  };
-}

modules/system/sane-defaults.nix

@@ -62,15 +62,11 @@ let
             "https://cache.nrab.lol"
             "https://cache.garnix.io"
             "https://nix-community.cachix.org"
-            "https://hyprland.cachix.org"
-            "https://hercules-ci.cachix.org"
             "https://nrabulinski.cachix.org"
           ];
           extra-trusted-public-keys = [
-            "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
             "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
             "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-            "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
             "nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
             "cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg="
           ];