From b39f8608923399912a4795c9412867933f289b7b Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 13 Oct 2024 19:25:11 +0100 Subject: [PATCH] nix-darwin: init and add constructive-criticism --- nix/pkgs/heptapod-runner/default.nix | 13 +++--- ops/default.nix | 1 + .../constructive-criticism/default.nix | 43 +++++++++++++++++++ ops/nix-darwin/default.nix | 31 +++++++++++++ ops/nix-darwin/lib/common.nix | 38 ++++++++++++++++ third_party/default.nix | 8 ++++ 6 files changed, 129 insertions(+), 5 deletions(-) create mode 100644 ops/nix-darwin/constructive-criticism/default.nix create mode 100644 ops/nix-darwin/default.nix create mode 100644 ops/nix-darwin/lib/common.nix diff --git a/nix/pkgs/heptapod-runner/default.nix b/nix/pkgs/heptapod-runner/default.nix index 90a6b64bc5..659263920f 100644 --- a/nix/pkgs/heptapod-runner/default.nix +++ b/nix/pkgs/heptapod-runner/default.nix @@ -4,16 +4,16 @@ { pkgs, depot, ... }: let - version = "hpd-0.6.3"; + version = "heptapod-0.7.0"; newSrc = pkgs.fetchFromGitLab { domain = "foss.heptapod.net"; owner = "heptapod"; repo = "heptapod-runner"; - rev = "15f2668f0c05cd56e0eae34f7b198a9553b7f697"; - hash = "sha256-u9I7Ni4ZFI4gCROm/d41Okiu2FdiFj94KNLxHZSn7AM="; + rev = version; + hash = "sha256-2lKBu8dEC8BAS760MEY7JtyUsRjajHfnldEObe2Yc94="; }; in -{ +rec { heptapod-runner = pkgs.buildGoModule rec { pname = "heptapod-runner"; inherit version; @@ -32,12 +32,15 @@ in doCheck = false; }; + heptapod-runner-hgrc = pkgs.runCommand "heptapod-runner-mercurial-hgrc" {} '' + cp ${newSrc}/dockerfiles/runner-helper/runner.hgrc $out + ''; heptapod-runner-mercurial = pkgs.symlinkJoin { name = pkgs.mercurial.name; paths = [ pkgs.mercurial ]; postBuild = '' mkdir -p "$out/etc/mercurial" - cp "${newSrc}/dockerfiles/runner-helper/runner.hgrc" "$out/etc/mercurial/hgrc" + cp "${heptapod-runner-hgrc}" "$out/etc/mercurial/hgrc" ''; }; } diff --git a/ops/default.nix b/ops/default.nix index 73e664b1b2..0bff1bc004 100644 --- a/ops/default.nix +++ b/ops/default.nix @@ -4,6 +4,7 @@ args: { nixos = import ./nixos args; + nix-darwin = import ./nix-darwin args; maint = import ./maint args; secrets = import ./secrets args; raritan = import ./raritan args; diff --git a/ops/nix-darwin/constructive-criticism/default.nix b/ops/nix-darwin/constructive-criticism/default.nix new file mode 100644 index 0000000000..2872ee35f2 --- /dev/null +++ b/ops/nix-darwin/constructive-criticism/default.nix @@ -0,0 +1,43 @@ +# SPDX-FileCopyrightText: 2024 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, pkgs, ... }: + +{ + my.hostname = "constructive-criticism"; + + services.gitlab-runner = { + enable = true; + package = depot.nix.pkgs.heptapod-runner; + extraPackages = [ + pkgs.git + depot.nix.pkgs.heptapod-runner-mercurial + ]; + services.constructive-criticism = { + registrationConfigFile = "/var/lib/gitlab-runner/registration"; + executor = "shell"; + tagList = [ "macos" ]; + }; + }; + launchd.daemons.gitlab-runner = { + serviceConfig = { + StandardOutPath = "/var/lib/gitlab-runner/out.log"; + StandardErrorPath = "/var/lib/gitlab-runner/err.log"; + KeepAlive.NetworkState = true; + }; + }; + environment.systemPackages = with pkgs; [ + git + depot.nix.pkgs.mercurial + ]; + users.knownUsers = [ "gitlab-runner" ]; + users.knownGroups = [ "gitlab-runner" ]; + system.activationScripts.postActivation.text = '' + ln -s -f "${depot.nix.pkgs.heptapod-runner-hgrc}" "/var/lib/gitlab-runner/.hgrc" + + pmset -a sleep 0 womp 1 autorestart 1 + ''; + + system.stateVersion = 5; +} diff --git a/ops/nix-darwin/default.nix b/ops/nix-darwin/default.nix new file mode 100644 index 0000000000..8302c4a032 --- /dev/null +++ b/ops/nix-darwin/default.nix @@ -0,0 +1,31 @@ +# SPDX-FileCopyrightText: 2024 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, lib, pkgs, system, ... }@args: let + inherit (builtins) foldl' mapAttrs; + inherit (lib) filterAttrs; + baseModule = name: { ... }: { + _module.args = args // { + pkgs = lib.mkForce pkgs; + }; + }; + systemFor = systemName: config: + (depot.third_party.nixDarwinEval { + inherit lib; + modules = [ + (baseModule systemName) + lib/common.nix + config + ]; + }); + systems = [ + "constructive-criticism" + ]; + systemCfgs = lib.genAttrs systems + (name: import (./. + "/${name}")); + allEvaledSystems = mapAttrs systemFor systemCfgs; + evaledSystems = lib.filterAttrs (n: v: v.config.my.systemType == system) allEvaledSystems; + systemDrvs = mapAttrs (_: sys: sys.config.system.build.toplevel) evaledSystems; +in + systemDrvs diff --git a/ops/nix-darwin/lib/common.nix b/ops/nix-darwin/lib/common.nix new file mode 100644 index 0000000000..5e1d4ae111 --- /dev/null +++ b/ops/nix-darwin/lib/common.nix @@ -0,0 +1,38 @@ +{ config, pkgs, lib, ... }: + +{ + options = { + my.systemType = lib.mkOption { + type = lib.types.str; + default = "aarch64-darwin"; + }; + my.hostname = lib.mkOption { + type = lib.types.str; + }; + }; + + config = { + services.nix-daemon.enable = true; + nix = { + package = pkgs.lix; + settings = { + trusted-users = [ "root" "@wheel" ]; + substituters = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ]; + trusted-substituters = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ]; + experimental-features = [ "nix-command" "flakes" ]; + builders-use-substitutes = "true"; + }; + }; + system.checks.verifyNixPath = false; + + services.tailscale.enable = lib.mkDefault true; + + system.darwinLabel = "${config.my.hostname}-${config.system.nixpkgsVersion}+${config.system.darwinVersion}"; + + networking = { + computerName = config.my.hostname; + hostName = config.my.hostname; + localHostName = config.my.hostname; + }; + }; +} diff --git a/third_party/default.nix b/third_party/default.nix index 90de818e93..13d12c6ba2 100644 --- a/third_party/default.nix +++ b/third_party/default.nix @@ -147,4 +147,12 @@ rec { hash = "sha256-lVEs5kZFJfHvyQfW8aKvHQrDPQkfoR0TsVdLb4CK4iU="; }; hackyplayer = import hackyplayerSrc { pkgs = nixpkgs; }; + + nixDarwinSrc = nixpkgs.fetchFromGitHub { + owner = "LnL7"; + repo = "nix-darwin"; + rev = "fd0e3ed30b75ddf7f3d94829d80a078b413b6244"; + hash = "sha256-KtE4F2wTzIpE6fI9diD5dDkUgGAt7IG80TnFqkCD8Ws="; + }; + nixDarwinEval = import (nixDarwinSrc + /eval-config.nix); }