feat(ci): First attempt at building and pushing to cachix via CI

mrjones2014 · Jan 7, 2025 · 45d24fe · 45d24fe
1 parent fb967fe
commit 45d24fe
Show file tree

Hide file tree

Showing 3 changed files with 183 additions and 104 deletions.
diff --git a/.github/workflows/nix-build-and-cache.yml b/.github/workflows/nix-build-and-cache.yml
@@ -0,0 +1,43 @@
+name: "Build and Cache"
+on:
+  pull_request:
+  push:
+    branches-ignore:
+      # ignore automated update branches, rely on pull_request hook
+      - 'automation/**'
+      - 'dependabot/**'
+jobs:
+  tests-pass:
+    name: all systems go
+    runs-on: ubuntu-latest
+    if: ${{ always() && contains(needs.*.result, 'failure') }}
+    steps:
+      - run: exit 1
+    needs:
+      - tests
+
+  tests:
+    strategy:
+      # Allow other jobs to finish building and cache properly before bailing
+      fail-fast: false
+      matrix:
+        include:
+          - os: macos-12 # for macOS home-manager
+          - os: ubuntu-latest
+            system: "x86_64-linux"
+
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v4
+    - uses: cachix/install-nix-action@v30
+      with:
+        extra_nix_config: |
+          extra-platforms = ${{ matrix.extraPlatforms }}
+
+    - uses: cachix/cachix-action@v15
+      with:
+        name: mrjones2014-dotfiles
+        signingKey: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+
+    - name: build all definitions
+      run: nix run github:Mic92/nix-fast-build -L -- --skip-cached --no-download --no-nom --eval-workers 1 --eval-max-memory-size 2048 --flake .#checks.${{ matrix.system }}
diff --git a/flake.nix b/flake.nix
@@ -5,6 +5,7 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     catppuccin.url = "github:catppuccin/nix";
     tokyonight.url = "github:mrjones2014/tokyonight.nix";
+    flake-utils.url = "github:numtide/flake-utils";
     wezterm-nightly = {
       url = "github:wez/wezterm?dir=nix";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -31,113 +32,148 @@
     };
   };
 
-  outputs = inputs@{ self, nixpkgs, home-manager, agenix, ... }: {
-    nixosConfigurations = {
-      server = nixpkgs.lib.nixosSystem {
-        specialArgs = {
-          inherit inputs;
-          isServer = true;
-          isLinux = true;
-          isThinkpad = false;
-          isDarwin = false;
-        };
-        system = "x86_64-linux";
-        modules = [
-          home-manager.nixosModules.home-manager
-          agenix.nixosModules.default
-          {
-            environment.systemPackages =
-              [ agenix.packages.x86_64-linux.default ];
-          }
-          ./nixos-modules/common.nix
-          ./hosts/server
-          {
-            home-manager = {
-              backupFileExtension = "backup";
-              useUserPackages = true;
-              users.mat = import ./home-manager/server.nix;
-              extraSpecialArgs = {
-                inherit inputs;
-                isServer = true;
-                isLinux = true;
-                isThinkpad = false;
-                isDarwin = false;
+  nixConfig = {
+    extra-substituters = [
+      "https://nix-community.cachix.org"
+      "https://mrjones2014-dotfiles.cachix.org"
+    ];
+    extra-trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "mrjones2014-dotfiles.cachix.org-1:c66wfzthG6KZEWnltlzW/EjhlH9FwUVi5jM4rVD1Rw4="
+    ];
+  };
+  outputs = inputs@{ self, nixpkgs, home-manager, agenix, flake-utils, ... }:
+    {
+      nixosConfigurations = {
+        server = nixpkgs.lib.nixosSystem {
+          specialArgs = {
+            inherit inputs;
+            isServer = true;
+            isLinux = true;
+            isThinkpad = false;
+            isDarwin = false;
+          };
+          system = "x86_64-linux";
+          modules = [
+            home-manager.nixosModules.home-manager
+            agenix.nixosModules.default
+            {
+              environment.systemPackages =
+                [ agenix.packages.x86_64-linux.default ];
+            }
+            ./nixos-modules/common.nix
+            ./hosts/server
+            {
+              home-manager = {
+                backupFileExtension = "backup";
+                useUserPackages = true;
+                users.mat = import ./home-manager/server.nix;
+                extraSpecialArgs = {
+                  inherit inputs;
+                  isServer = true;
+                  isLinux = true;
+                  isThinkpad = false;
+                  isDarwin = false;
+                };
               };
-            };
-          }
-        ];
-      };
-      pc = nixpkgs.lib.nixosSystem {
-        specialArgs = {
-          inherit inputs;
-          isServer = false;
-          isDarwin = false;
-          isLinux = true;
-          isThinkpad = false;
+            }
+          ];
         };
-        system = "x86_64-linux";
-        modules = [
-          ./nixos-modules/common.nix
-          ./hosts/pc
-          home-manager.nixosModules.home-manager
-          {
-            home-manager = {
-              backupFileExtension = "backup";
-              useUserPackages = true;
-              users.mat = import ./home-manager/home.nix;
-              extraSpecialArgs = {
-                inherit inputs;
-                isServer = false;
-                isDarwin = false;
-                isLinux = true;
-                isThinkpad = false;
+        pc = nixpkgs.lib.nixosSystem {
+          specialArgs = {
+            inherit inputs;
+            isServer = false;
+            isDarwin = false;
+            isLinux = true;
+            isThinkpad = false;
+          };
+          system = "x86_64-linux";
+          modules = [
+            ./nixos-modules/common.nix
+            ./hosts/pc
+            home-manager.nixosModules.home-manager
+            {
+              home-manager = {
+                backupFileExtension = "backup";
+                useUserPackages = true;
+                users.mat = import ./home-manager/home.nix;
+                extraSpecialArgs = {
+                  inherit inputs;
+                  isServer = false;
+                  isDarwin = false;
+                  isLinux = true;
+                  isThinkpad = false;
+                };
               };
-            };
-          }
-        ];
-      };
-      laptop = nixpkgs.lib.nixosSystem {
-        specialArgs = {
-          inherit inputs;
-          isServer = false;
-          isDarwin = false;
-          isLinux = true;
-          isThinkpad = true;
+            }
+          ];
         };
-        system = "x86_64-linux";
-        modules = [
-          ./nixos-modules/common.nix
-          ./hosts/laptop
-          home-manager.nixosModules.home-manager
-          {
-            home-manager = {
-              backupFileExtension = "backup";
-              useUserPackages = true;
-              users.mat = import ./home-manager/home.nix;
-              extraSpecialArgs = {
-                inherit inputs;
-                isServer = false;
-                isDarwin = false;
-                isLinux = true;
-                isThinkpad = true;
+        laptop = nixpkgs.lib.nixosSystem {
+          specialArgs = {
+            inherit inputs;
+            isServer = false;
+            isDarwin = false;
+            isLinux = true;
+            isThinkpad = true;
+          };
+          system = "x86_64-linux";
+          modules = [
+            ./nixos-modules/common.nix
+            ./hosts/laptop
+            home-manager.nixosModules.home-manager
+            {
+              home-manager = {
+                backupFileExtension = "backup";
+                useUserPackages = true;
+                users.mat = import ./home-manager/home.nix;
+                extraSpecialArgs = {
+                  inherit inputs;
+                  isServer = false;
+                  isDarwin = false;
+                  isLinux = true;
+                  isThinkpad = true;
+                };
               };
-            };
-          }
-        ];
+            }
+          ];
+        };
       };
-    };
-    homeConfigurations = {
-      "mac" = home-manager.lib.homeManagerConfiguration {
-        extraSpecialArgs = {
-          inherit inputs;
-          isServer = false;
-          isDarwin = true;
-          isLinux = false;
-          isThinkpad = false;
+      homeConfigurations = {
+        "mac" = home-manager.lib.homeManagerConfiguration {
+          extraSpecialArgs = {
+            inherit inputs;
+            isServer = false;
+            isDarwin = true;
+            isLinux = false;
+            isThinkpad = false;
+          };
+          pkgs = nixpkgs.legacyPackages.aarch64-darwin;
+          modules = [ ./home-manager/home.nix ];
         };
-        pkgs = nixpkgs.legacyPackages.aarch64-darwin;
-        modules = [ ./home-manager/home.nix ];
       };
-    };
-  };
+    } // inputs.flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+
+        packages = nixpkgs.lib.filterAttrs
+          (_: pkg: builtins.any (x: x == system) pkg.meta.platforms)
+          (import ./packages {
+            inherit pkgs;
+            inherit inputs;
+          });
+
+        checksForConfigs = configs: extract:
+          nixpkgs.lib.attrsets.filterAttrs (_: p: p.system == system)
+          (nixpkgs.lib.attrsets.mapAttrs (_: extract) configs);
+      in {
+        inherit packages;
+
+        checks = nixpkgs.lib.lists.foldl nixpkgs.lib.attrsets.unionOfDisjoint
+          packages [
+            (checksForConfigs self.homeConfigurations
+              (hm: hm.activationPackage))
+            (checksForConfigs self.nixosConfigurations
+              (c: c.config.system.build.toplevel))
+          ];
+      });
 }
diff --git a/home-manager/modules/fish.nix b/home-manager/modules/fish.nix
@@ -92,11 +92,11 @@
             ${if isDarwin then
               "home-manager switch --flake ~/git/dotfiles/.#mac"
             else if isServer then
-              "sudo nixos-rebuild switch --flake ~/git/dotfiles/.#server"
+              "sudo nixos-rebuild switch --flake ~/git/dotfiles/.#server --accept-nix-config"
             else if isThinkpad then
-              "sudo nixos-rebuild switch --flake ~/git/dotfiles/.#laptop"
+              "sudo nixos-rebuild switch --flake ~/git/dotfiles/.#laptop --accept-nix-config"
             else
-              "sudo nixos-rebuild switch --flake ~/git/dotfiles/.#pc"}
+              "sudo nixos-rebuild switch --flake ~/git/dotfiles/.#pc --accept-nix-config"}
           '';
         };
         nix-clean = {