kiara/Fediversity
1
0
Fork 0
forked from fediversity/fediversity
Code Pull requests Activity

try store mounted read-only

Browse source 
- `--store` as per
https://blog.kotatsu.dev/posts/2023-04-21-woodpecker-nix-caching/
- `--eval-store` as per
https://kevincox.ca/2022/01/02/nix-in-docker-caching/

mount store

rm kvm

bash -> sh
This commit is contained in:
Kiara Grouwstra 2025-08-04 17:49:42 +02:00
parent 9d14f2e5a9
commit 6d89c7c09c
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
11 changed files with 36 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.woodpecker/cd.yaml
View file

@ -8,12 +8,14 @@ when:
steps: steps:
- name: build - name: build
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- | - |
mkdir -p ~/.ssh mkdir -p ~/.ssh
echo "$CD_SSH_KEY" > ~/.ssh/id_ed25519 echo "$CD_SSH_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519
- nix-shell --run 'eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519 && ssh-agent -s && SHELL=$(which bash) nixops4 apply -v default' - nix-shell --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --run 'eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519 && ssh-agent -s && SHELL=$(which sh) nixops4 apply -v default'
environment: environment:
CD_SSH_KEY: CD_SSH_KEY:
from_secret: cd_ssh_key from_secret: cd_ssh_key

4
.woodpecker/check-data-model.yaml
View file

@ -9,5 +9,7 @@ when:
steps: steps:
- name: check-data-model - name: check-data-model
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- nix-shell --run 'nix-unit ./deployment/data-model-test.nix' - nix-shell --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --run 'nix-unit ./deployment/data-model-test.nix'

4
.woodpecker/check-deployment-basic.yaml
View file

@ -9,7 +9,9 @@ when:
steps: steps:
- name: check-deployment-basic - name: check-deployment-basic
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-basic -L - nix build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-basic -L
devices: devices:
- /dev/kvm:/dev/kvm - /dev/kvm:/dev/kvm

4
.woodpecker/check-deployment-cli.yaml
View file

@ -9,7 +9,9 @@ when:
steps: steps:
- name: check-deployment-cli - name: check-deployment-cli
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-cli -L - nix build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-cli -L
devices: devices:
- /dev/kvm:/dev/kvm - /dev/kvm:/dev/kvm

4
.woodpecker/check-deployment-panel.yaml
View file

@ -9,7 +9,9 @@ when:
steps: steps:
- name: check-deployment-panel - name: check-deployment-panel
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-panel -L - nix build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-panel -L
devices: devices:
- /dev/kvm:/dev/kvm - /dev/kvm:/dev/kvm

4
.woodpecker/check-mastodon.yaml
View file

@ -9,5 +9,7 @@ when:
steps: steps:
- name: check-mastodon - name: check-mastodon
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.test-mastodon-service -L - nix build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.test-mastodon-service -L

4
.woodpecker/check-panel.yaml
View file

@ -9,5 +9,7 @@ when:
steps: steps:
- name: check-panel - name: check-panel
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- nix-build -A tests.panel - nix-build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt -A tests.panel

4
.woodpecker/check-peertube.yaml
View file

@ -9,5 +9,7 @@ when:
steps: steps:
- name: check-peertube - name: check-peertube
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.test-peertube-service -L - nix build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.test-peertube-service -L

4
.woodpecker/check-pre-commit.yaml
View file

@ -9,5 +9,7 @@ when:
steps: steps:
- name: check-pre-commit - name: check-pre-commit
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- nix-build -A tests - nix-build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt -A tests

10
.woodpecker/check-resources.yaml
View file

@ -14,20 +14,22 @@ when:
steps: steps:
- name: check-resources - name: check-resources
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- echo ==================== [ VM Options ] ==================== - echo ==================== [ VM Options ] ====================
- | - |
set -euC set -euC
machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).vmOptions)') machines=$(nix eval --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).vmOptions)')
for machine in $machines; do for machine in $machines; do
echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~ echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.vmOptions-$machine nix build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.vmOptions-$machine
done done
- echo ==================== [ NixOS Configurations ] ==================== - echo ==================== [ NixOS Configurations ] ====================
- | - |
set -euC set -euC
machines=$(nix eval --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)') machines=$(nix eval --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' --impure --raw --expr 'with builtins; toString (attrNames (getFlake (toString ./.)).nixosConfigurations)')
for machine in $machines; do for machine in $machines; do
echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~ echo ~~~~~~~~~~~~~~~~~~~~~: $machine :~~~~~~~~~~~~~~~~~~~~~
nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.nixosConfigurations-$machine nix build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.nixosConfigurations-$machine
done done

4
.woodpecker/update.yaml
View file

@ -8,8 +8,10 @@ when:
steps: steps:
- name: lockfile - name: lockfile
image: nixos/nix image: nixos/nix
volumes:
- /nix:/mnt/nix:ro
commands: commands:
- nix-shell --run "npins update" - nix-shell --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --run "npins update"
# - name: Create PR # - name: Create PR
# uses: https://github.com/KiaraGrouwstra/gitea-create-pull-request@f9f80aa5134bc5c03c38f5aaa95053492885b397 # uses: https://github.com/KiaraGrouwstra/gitea-create-pull-request@f9f80aa5134bc5c03c38f5aaa95053492885b397
# with: # with: