diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 395b9c04..36eed90b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,7 +12,7 @@ env: REGISTRY_IMAGE: "ghcr.io/cottand/selfhosted" jobs: - generate-ci: + build-images: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -23,13 +23,11 @@ jobs: - uses: DeterminateSystems/magic-nix-cache-action@main - - name: codegen CI + - name: Build images run: | - nix build .#gh-ci -L - - cp result .github/workflows/gh-ci-generated.yml + nix build -L .#scripts.allImages - run-generated: - needs: [ generate-ci ] - uses: ./.github/workflows/gh-ci-generated.yml + - name: Push images + run: | + nix run .#scripts.allImages | while read -r line; do echo "$line"; done diff --git a/flake.nix b/flake.nix index 174e68d5..b1fa0b4b 100644 --- a/flake.nix +++ b/flake.nix @@ -28,7 +28,10 @@ newVault = final: prev: { vault-bin = (import nixpkgs-master { system = prev.system; config.allowUnfree = true; }).vault-bin; }; - overlays = [ (import ./overlay.nix) newVault attic.overlays.default ]; + withScripts = final: prev: { + scripts = self.legacyPackages.${prev.system}.scripts; + }; + overlays = [ (import ./overlay.nix) withScripts newVault attic.overlays.default ]; in { colmena = (import ./hive.nix) (inputs // { inherit overlays; }); @@ -39,33 +42,12 @@ config.allowUnfree = true; }; in - { - # templates a nomad nix file into JSON and calls nomad run on it - # usage: nixmad path/to/job.nix - packages.nixmad = pkgs.writeShellScriptBin "nixmad" '' - set -e - ${pkgs.nix}/bin/nix eval -f $1 --json --show-trace | ${pkgs.nomad}/bin/nomad run -json - - ''; + rec { - # fetches a secret from bitwarden-secret by ID - # usage: bws-get - packages.bws-get = pkgs.writeShellScriptBin "bws-get" '' - set -e - ${pkgs.bws}/bin/bws secret get $1 | ${pkgs.jq}/bin/jq -r '.value' - ''; - - # returns a secret from the MacOS keychain fromatted as JSON for use in TF - # usage: keychain-get - # returns {"value": ""} - packages.keychain-get = pkgs.writeShellScriptBin "keychain-get" '' - set -e - SECRET=$(/usr/bin/security find-generic-password -gw -l "$1") - ${pkgs.jq}/bin/jq -n --arg value "$SECRET" '{ "value": $value }' - ''; + legacyPackages.services = (import ./services) pkgs; + legacyPackages.scripts = (import ./scripts) (pkgs // {inherit self; }); -# legacyPackages.images = (import ./images { inherit pkgs; }); - legacyPackages.services = pkgs.callPackage (import ./services) {}; - legacyPackages.gh-ci = pkgs.callPackage (import ./gh-ci.nix) { inherit self; }; + packages = legacyPackages.scripts; devShells.default = pkgs.mkShell { name = "selfhosted-dev"; diff --git a/gh-ci.nix b/gh-ci.nix deleted file mode 100644 index e050dabf..00000000 --- a/gh-ci.nix +++ /dev/null @@ -1,21 +0,0 @@ -# codegenerates CI, using this repo's flake structure to know what to codegen -{self, writeText, ...}: - let - in - writeText "gh-ci.json" (builtins.toJSON { - name = "gh-ci-generated"; - on.push.branches = "master"; - env = { - REGISTRY = "ghcr.io"; - }; - jobs = { - hello-world = { - runs-on = "ubuntu-latest"; - steps = [ - { - run = '' echo "Hello CI world!" ''; - } - ]; - }; - }; - }) \ No newline at end of file diff --git a/scripts/allImages/default.nix b/scripts/allImages/default.nix new file mode 100644 index 00000000..8e1f0ff8 --- /dev/null +++ b/scripts/allImages/default.nix @@ -0,0 +1,9 @@ +{ self, writeShellScriptBin, writeText, lib, ... }: +let + services = self.legacyPackages.aarch64-darwin.services; + images = with builtins; lib.strings.concatMapStrings (svc: "${svc.image.out}\n") (attrValues services); +in +writeShellScriptBin "printAllImages" '' + set -e + cat ${writeText "images" images} +'' diff --git a/scripts/buildAllImages/default.nix b/scripts/buildAllImages/default.nix new file mode 100644 index 00000000..97310e4b --- /dev/null +++ b/scripts/buildAllImages/default.nix @@ -0,0 +1 @@ +{ self, scripts, writeShellScriptBin, ...}let in: (scripts.buildYaegiScript "buildAllImages" ./script.go) \ No newline at end of file diff --git a/scripts/buildAllImages/script.go b/scripts/buildAllImages/script.go new file mode 100644 index 00000000..8fe5956d --- /dev/null +++ b/scripts/buildAllImages/script.go @@ -0,0 +1,5 @@ +package main + +func main() { + print("hello world from yaegi!") +} diff --git a/scripts/cleanup_dead_services.sh b/scripts/cleanup_dead_services.sh deleted file mode 100755 index 5732e3d3..00000000 --- a/scripts/cleanup_dead_services.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -# see https://github.com/hashicorp/nomad/issues/16762 - -set -e - -services=$(nomad service list -t '{{ range (index . 0).Services }}{{printf "%s\n" .ServiceName }}{{ end }}') - -for svc in $services; do - echo "checking $svc:" - data=$(nomad service info -t '{{ range . }}{{ printf "%s" .AllocID }}%{{ printf "%s\n" .ID }}{{ end }}' "$svc" | uniq) - - for d in $data; do - alloc=$(echo "$d" | cut -d'%' -f1) - svc_id=$(echo "$d" | cut -d'%' -f2) - echo " checking $alloc ($svc_id)" - if ! nomad alloc status "$alloc" > /dev/null 2>&1; then - echo " !! removing $svc_id" - nomad service delete "$svc" "$svc_id" > /dev/null 2>&1 - fi - done - echo -done diff --git a/scripts/default.nix b/scripts/default.nix new file mode 100644 index 00000000..1d0b3f03 --- /dev/null +++ b/scripts/default.nix @@ -0,0 +1,36 @@ +{ self, callPackage, nomad, jq, nix, bws, writeShellScriptBin, writeScriptBin, yaegi, ...}: rec { + +# buildAllImages = callPackage (import ./buildAllImages) {}; + + buildYaegiScript = name: filePath: writeScriptBin name '' + #! ${yaegi}/bin/yaegi + ${builtins.readFile filePath} + ''; + + buildAllImages = callPackage (import ./buildAllImages) {}; + + # templates a nomad nix file into JSON and calls nomad run on it + # usage: nixmad path/to/job.nix + nixmad = writeShellScriptBin "nixmad" '' + set -e + ${nix}/bin/nix eval -f $1 --json --show-trace | ${nomad}/bin/nomad run -json - + ''; + + # fetches a secret from bitwarden-secret by ID + # usage: bws-get + bws-get = writeShellScriptBin "bws-get" '' + set -e + ${bws}/bin/bws secret get $1 | ${jq}/bin/jq -r '.value' + ''; + + # returns a secret from the MacOS keychain fromatted as JSON for use in TF + # usage: keychain-get + # returns {"value": ""} + keychain-get = writeShellScriptBin "keychain-get" '' + set -e + SECRET=$(/usr/bin/security find-generic-password -gw -l "$1") + ${jq}/bin/jq -n --arg value "$SECRET" '{ "value": $value }' + ''; + + allImages = callPackage (import ./allImages) { inherit self; }; +} \ No newline at end of file diff --git a/scripts/generate_wgmesh.sh b/scripts/generate_wgmesh.sh deleted file mode 100755 index eb03e6df..00000000 --- a/scripts/generate_wgmesh.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env bash - -set -e - -# see https://github.com/k4yt3x/wg-meshconf for installation - -DNS="--dns 10.8.0.1" -PORT="--listenport 55820" - -wg-meshconf addpeer cosmo --address 10.10.0.1/24 --endpoint cosmo.vps.dcotta.eu $DNS $PORT -wg-meshconf addpeer elvis --address 10.10.1.1/24 --endpoint elvis.vps6.dcotta.eu $DNS $PORT -wg-meshconf addpeer maco --address 10.10.2.1/24 --endpoint maco.vps6.dcotta.eu $DNS $PORT -wg-meshconf addpeer ari --address 10.10.3.1/24 --endpoint ari.vps6.dcotta.eu $DNS $PORT -# wg-meshconf addpeer bianco --address 10.10.4.1/24 --endpoint bianco.vps.dcotta.eu - - -wg-meshconf genconfig -o secret/wg-mesh \ No newline at end of file diff --git a/services/default.nix b/services/default.nix index 952676ee..024e5826 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,5 +1,3 @@ -{ callPackage, ... }: { - name = "services"; - +{ callPackage, writeText, ... }: { portfolioStats = callPackage (import ./portfolioStats) { }; }