add generator dependency

moar extraDependencies
[wip] handling env file (still fails)
2025-07-04 13:23:02 +02:00 · 2025-07-03 17:35:39 +02:00 · 2025-07-03 17:35:39 +02:00 · 2025-07-03 17:35:39 +02:00 · 2025-07-03 17:35:39 +02:00 · 2025-07-03 17:35:39 +02:00
8 changed files with 5 additions and 74 deletions
--- a/.forgejo/workflows/ci.yaml
+++ b/.forgejo/workflows/ci.yaml
@ -25,9 +25,7 @@ jobs:
    runs-on: native
    steps:
      - uses: actions/checkout@v4
-      - run: build_path=$(nix-build services -A tests.peertube)
+      - run: nix-build services -A tests.peertube
      - run: echo $build_path
      - run: attic push demo $build_path
  check-panel:
    runs-on: native
--- a/default.nix
+++ b/default.nix
@ -64,7 +64,6 @@ in
        pkgs.httpie
        pkgs.jq
        pkgs.nix-unit
        pkgs.attic-client
        test-loop
        nixops4.packages.${system}.default
      ];
--- a/infra/common/nixos/default.nix
+++ b/infra/common/nixos/default.nix
@ -24,14 +24,6 @@ in
    experimental-features = nix-command flakes
  '';
  nix.settings = {
    substituters = [
      "https://attic.fediversity.net/demo"
    ];
    trusted-public-keys = [
      "demo:N3CAZ049SeBVqBM+OnhLMrxWJ9altbD/aoJtHrY19KM="
    ];
  };
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
--- a/machines/dev/forgejo-ci/forgejo-actions-runner.nix
+++ b/machines/dev/forgejo-ci/forgejo-actions-runner.nix
@ -1,20 +1,8 @@
-{
+{ pkgs, config, ... }:
  lib,
  pkgs,
  config,
  sources,
  ...
 }:
 {
  _class = "nixos";
  imports = with sources; [
    (import "${home-manager}/nixos")
    "${vars}/options.nix"
    "${vars}/backends/on-machine.nix"
  ];
  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
@ -56,39 +44,4 @@
  ## For the Docker mode of the runner.
  virtualisation.docker.enable = true;
  vars.settings.on-machine.enable = true;
  vars.generators."templates" = rec {
    dependencies = [ "attic" ];
    runtimeInputs = [
      pkgs.coreutils
      pkgs.gnused
    ];
    script = lib.concatStringsSep "\n" (
      lib.mapAttrsToList (template: _: ''
        cp "$templates/${template}" "$out/${template}"
        echo "filling placeholders in template ${template}..."
        sed -i "s/${placeholder}/$(cat "${config.age.secrets.wiki-password.path}")/g" "$out/${template}"
      '') files
    );
    files."attic.toml" = {
      secret = true;
      template = pkgs.writeText "attic.toml" ''
        default-server = "fediversity"
        [servers.fediversity]
        endpoint = "http://localhost:8080"
        token = "${config.vars.generators.attic.files.token.placeholder}"
      '';
    };
  };
  home-manager = {
    users.gitea-runner.home = {
      stateVersion = "25.05";
      file.".config/attic/config.toml".source =
        config.vars.generators."templates".files."attic.toml".path;
    };
  };
 }
--- a/secrets/attic-ci-token.age
+++ b/secrets/attic-ci-token.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -24,7 +24,6 @@ concatMapAttrs
    ## are able to decrypt them.
    {
      attic-ci-token = [ forgejo-ci ];
      forgejo-database-password = [ vm02116 ];
      forgejo-email-password = [ vm02116 ];
      forgejo-runner-token = [ forgejo-ci ];
--- a/services/fediversity/attic/default.nix
+++ b/services/fediversity/attic/default.nix
@ -103,9 +103,9 @@ in
        files."attic.env" = {
          secret = true;
          template = pkgs.writeText "attic.env" ''
-            ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64="${config.vars.generators.attic.files.token.placeholder}"
+            ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${config.vars.generators.attic.files.token.placeholder}
-            AWS_ACCESS_KEY_ID="$(cat ${config.fediversity.attic.s3AccessKeyFile})"
+            AWS_ACCESS_KEY_ID=$(cat ${config.fediversity.attic.s3AccessKeyFile})
-            AWS_SECRET_ACCESS_KEY="$(cat ${config.fediversity.attic.s3SecretKeyFile})"
+            AWS_SECRET_ACCESS_KEY=$(cat ${config.fediversity.attic.s3SecretKeyFile})
          '';
        };
      };
--- a/services/fediversity/default.nix
+++ b/services/fediversity/default.nix
@ -66,14 +66,4 @@ in
      };
    };
  };
  config = {
    ## FIXME: This should clearly go somewhere else; and we should have a
    ## `staging` vs. `production` setting somewhere.
    security.acme = {
      acceptTerms = true;
      defaults.email = "something@fediversity.net";
      # defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
    };
  };
 }
Author	SHA1	Message	Date
Kiara Grouwstra	0da4c76336	add generator dependency	2025-07-04 13:23:02 +02:00
Nicolas “Niols” Jeannerod	653d8b7cf8	moar extraDependencies	2025-07-03 17:35:39 +02:00
Kiara Grouwstra	f3d3c95540	[wip] handling env file (still fails) rm unused dep nix-templating fix imports	2025-07-03 17:35:39 +02:00
Kiara Grouwstra	375180748d	use templating fork	2025-07-03 17:35:39 +02:00
Kiara Grouwstra	f1dbec8e60	add tests, fix some things upgrade memory to resolve oom	2025-07-03 17:35:39 +02:00
Kiara Grouwstra	c4a8e70253	move from dev to operator revert add qemu import	2025-07-03 17:35:39 +02:00
Kiara Grouwstra	221c61955f	WIP: add attic cache, see #92 flesh out attic TODO keys nginx-port testing fix key fix key	2025-07-03 17:35:39 +02:00