nix-darwin: init and add constructive-criticism

nix/pkgs/heptapod-runner/default.nix

@@ -4,16 +4,16 @@
 
 { pkgs, depot, ... }:
 let
-  version = "hpd-0.6.3";
+  version = "heptapod-0.7.0";
   newSrc = pkgs.fetchFromGitLab {
     domain = "foss.heptapod.net";
     owner = "heptapod";
     repo = "heptapod-runner";
-    rev = "15f2668f0c05cd56e0eae34f7b198a9553b7f697";
+    rev = version;
-    hash = "sha256-u9I7Ni4ZFI4gCROm/d41Okiu2FdiFj94KNLxHZSn7AM=";
+    hash = "sha256-2lKBu8dEC8BAS760MEY7JtyUsRjajHfnldEObe2Yc94=";
   };
 in
-{
+rec {
   heptapod-runner = pkgs.buildGoModule rec {
     pname = "heptapod-runner";
     inherit version;
@@ -32,12 +32,15 @@ in
 
     doCheck = false;
   };
+  heptapod-runner-hgrc = pkgs.runCommand "heptapod-runner-mercurial-hgrc" {} ''
+    cp ${newSrc}/dockerfiles/runner-helper/runner.hgrc $out
+  '';
   heptapod-runner-mercurial = pkgs.symlinkJoin {
     name = pkgs.mercurial.name;
     paths = [ pkgs.mercurial ];
     postBuild = ''
       mkdir -p "$out/etc/mercurial"
-      cp "${newSrc}/dockerfiles/runner-helper/runner.hgrc" "$out/etc/mercurial/hgrc"
+      cp "${heptapod-runner-hgrc}" "$out/etc/mercurial/hgrc"
     '';
   };
 }

ops/default.nix

@@ -4,6 +4,7 @@
 
 args: {
   nixos = import ./nixos args;
+  nix-darwin = import ./nix-darwin args;
   maint = import ./maint args;
   secrets = import ./secrets args;
   raritan = import ./raritan args;

ops/nix-darwin/constructive-criticism/default.nix

@@ -0,0 +1,43 @@
+# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ depot, pkgs, ... }:
+
+{
+  my.hostname = "constructive-criticism";
+
+  services.gitlab-runner = {
+    enable = true;
+    package = depot.nix.pkgs.heptapod-runner;
+    extraPackages = [
+      pkgs.git
+      depot.nix.pkgs.heptapod-runner-mercurial
+    ];
+    services.constructive-criticism = {
+      registrationConfigFile = "/var/lib/gitlab-runner/registration";
+      executor = "shell";
+      tagList = [ "macos" ];
+    };
+  };
+  launchd.daemons.gitlab-runner = {
+    serviceConfig = {
+      StandardOutPath = "/var/lib/gitlab-runner/out.log";
+      StandardErrorPath = "/var/lib/gitlab-runner/err.log";
+      KeepAlive.NetworkState = true;
+    };
+  };
+  environment.systemPackages = with pkgs; [
+    git
+    depot.nix.pkgs.mercurial
+  ];
+  users.knownUsers = [ "gitlab-runner" ];
+  users.knownGroups = [ "gitlab-runner" ];
+  system.activationScripts.postActivation.text = ''
+    ln -s -f "${depot.nix.pkgs.heptapod-runner-hgrc}" "/var/lib/gitlab-runner/.hgrc"
+
+    pmset -a sleep 0 womp 1 autorestart 1
+  '';
+
+  system.stateVersion = 5;
+}

ops/nix-darwin/default.nix

@@ -0,0 +1,31 @@
+# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ depot, lib, pkgs, system, ... }@args: let
+  inherit (builtins) foldl' mapAttrs;
+  inherit (lib) filterAttrs;
+  baseModule = name: { ... }: {
+    _module.args = args // {
+      pkgs = lib.mkForce pkgs;
+    };
+  };
+  systemFor = systemName: config:
+    (depot.third_party.nixDarwinEval {
+      inherit lib;
+      modules = [
+        (baseModule systemName)
+        lib/common.nix
+        config
+      ];
+    });
+  systems = [
+    "constructive-criticism"
+  ];
+  systemCfgs = lib.genAttrs systems
+    (name: import (./. + "/${name}"));
+  allEvaledSystems = mapAttrs systemFor systemCfgs;
+  evaledSystems = lib.filterAttrs (n: v: v.config.my.systemType == system) allEvaledSystems;
+  systemDrvs = mapAttrs (_: sys: sys.config.system.build.toplevel) evaledSystems;
+in
+  systemDrvs

ops/nix-darwin/lib/common.nix

@@ -0,0 +1,38 @@
+{ config, pkgs, lib, ... }:
+
+{
+  options = {
+    my.systemType = lib.mkOption {
+      type = lib.types.str;
+      default = "aarch64-darwin";
+    };
+    my.hostname = lib.mkOption {
+      type = lib.types.str;
+    };
+  };
+
+  config = {
+    services.nix-daemon.enable = true;
+    nix = {
+      package = pkgs.lix;
+      settings = {
+        trusted-users = [ "root" "@wheel" ];
+        substituters = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ];
+        trusted-substituters = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ];
+        experimental-features = [ "nix-command" "flakes" ];
+        builders-use-substitutes = "true";
+      };
+    };
+    system.checks.verifyNixPath = false;
+
+    services.tailscale.enable = lib.mkDefault true;
+
+    system.darwinLabel = "${config.my.hostname}-${config.system.nixpkgsVersion}+${config.system.darwinVersion}";
+
+    networking = {
+      computerName = config.my.hostname;
+      hostName = config.my.hostname;
+      localHostName = config.my.hostname;
+    };
+  };
+}

third_party/default.nix

@@ -147,4 +147,12 @@ rec {
     hash = "sha256-lVEs5kZFJfHvyQfW8aKvHQrDPQkfoR0TsVdLb4CK4iU=";
   };
   hackyplayer = import hackyplayerSrc { pkgs = nixpkgs; };
+
+  nixDarwinSrc = nixpkgs.fetchFromGitHub {
+    owner = "LnL7";
+    repo = "nix-darwin";
+    rev = "fd0e3ed30b75ddf7f3d94829d80a078b413b6244";
+    hash = "sha256-KtE4F2wTzIpE6fI9diD5dDkUgGAt7IG80TnFqkCD8Ws=";
+  };
+  nixDarwinEval = import (nixDarwinSrc + /eval-config.nix);
 }