Re-installed macOS; Re-initialize Tart VM (#94)

.github/workflows/ci.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ${{ matrix.system }}
     strategy:
       matrix:
-        system: [x86_64-linux]
+        system: [x86_64-linux, aarch64-darwin]
     steps:
       - uses: actions/checkout@v4
       - run: om ci run --systems "${{ matrix.system }}"

configurations/darwin/infinitude-macos/README.md

@@ -0,0 +1,23 @@
+## Tart VM CI
+
+### Creating the VM
+
+https://tart.run/
+
+- `tart clone` the macOS VM
+- `tart create` it 
+- `tart set` disk size and mem
+    ```
+    tart set infinitude-macos --cpu 6 --memory 16000 --disk-size 500
+    ```
+- `tart run` it
+
+## Deploying
+
+```
+just activate infinitude-macos
+```
+
+## GitHub Runners
+
+I use this VM on demand. It is off by default. When I need macOS CI, I start it with `tart run`. It seems GitHub runners get stuck across the host macOS suspend cycle; so it is better just shutdown/restart the VM.

configurations/darwin/infinitude-macos/default.nix

@@ -6,17 +6,19 @@ let
   inherit (inputs) self;
 in
 {
-  nixos-unified.sshTarget = "srid@macci";
+  nixos-unified.sshTarget = "admin@infinitude-macos";
 
   imports = [
-    self.darwinModules.default
+    inputs.agenix.darwinModules.default
     (self + /modules/nixos/shared/github-runner.nix)
   ];
 
   nixpkgs.hostPlatform = "aarch64-darwin";
-  networking.hostName = "macci";
+  networking.hostName = "infinitude-macos";
 
-  # ids.gids.nixbld = 350;
+  ids.gids.nixbld = 350;
+
+  services.tailscale.enable = true;
 
   # Used for backwards compatibility, please read the changelog before changing.
   # $ darwin-rebuild changelog

configurations/home/srid@infinitude.nix

@@ -1,4 +1,4 @@
-{ flake, ... }:
+{ lib, pkgs, flake, ... }:
 let
   inherit (flake) inputs;
   inherit (inputs) self;
@@ -10,4 +10,9 @@ in
   ];
 
   home.username = "srid";
+
+  home.packages = [
+  ] ++ lib.optionals pkgs.stdenv.isDarwin [
+    pkgs.tart
+  ];
 }

configurations/nixos/infinitude-nixos/configuration.nix

@@ -1,49 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports =
-    [
-      # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-    ];
-
-  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "infinitude-nixos"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  services.openssh.enable = true;
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_CA.UTF-8";
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.srid = {
-    isNormalUser = true;
-    description = "srid";
-    extraGroups = [ "networkmanager" "wheel" ];
-  };
-
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "25.05"; # Did you read the comment?
-
-}

configurations/nixos/infinitude-nixos/default.nix

@@ -1,22 +0,0 @@
-{ flake, pkgs, lib, ... }:
-
-let
-  inherit (flake) inputs;
-  inherit (inputs) self;
-in
-{
-  nixos-unified.sshTarget = "srid@infinitude-nixos";
-
-  imports = [
-    self.nixosModules.default
-    ./configuration.nix
-    (self + /modules/nixos/shared/github-runner.nix)
-  ];
-
-  services.openssh.enable = true;
-  services.tailscale.enable = true;
-
-  # Workaround the annoying `Failed to start Network Manager Wait Online` error on switch.
-  # https://github.com/NixOS/nixpkgs/issues/180175
-  systemd.services.NetworkManager-wait-online.enable = false;
-}

configurations/nixos/infinitude-nixos/hardware-configuration.nix

@@ -1,38 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ ];
-
-  boot.initrd.availableKernelModules = [ "virtio_pci" "xhci_pci" "usbhid" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    {
-      device = "/dev/disk/by-uuid/93794f73-b8ae-4b64-8031-c908ccce556d";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    {
-      device = "/dev/disk/by-uuid/B8F8-6DD4";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/00acfcf3-cdfe-4179-b178-f3bae66fb059"; }];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}

modules/home/darwin-only.nix

@@ -5,7 +5,4 @@
     ./all/nushell.nix
     # ./all/emacs.nix
   ];
-
-  home.packages = with pkgs; [
-  ];
 }

modules/nixos/shared/github-runner.nix

@@ -28,12 +28,11 @@ in
     # https://github.com/settings/personal-access-tokens/3513625
     personalRunners = {
       "srid/nixos-config".num = 1;
-      "srid/emanote".num = 4;
+      "srid/emanote".num = 2;
       "srid/ema".num = 2;
       "srid/t".num = 1;
-      "srid/haskell-flake".num = 4;
-      "srid/nixos-unified".num = 4;
-      "srid/srid".num = 1;
+      "srid/haskell-flake".num = 2;
+      "srid/nixos-unified".num = 2;
     };
   };
 }

secrets/github-nix-ci/srid.token.age

@@ -1,16 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ jzWv00Tx8UCWzqAH1L4MlcayNVRFiBoehvEdhy/wEHw
-c2MVuxS4xHg3fj1QFbuP+LDqBm7kzaSPXdHNeXAEz68
--> ssh-ed25519 NUm0rQ GMiN7snb4yyVKFcSX+651wtpIe4uWHjFggxZnuQEz0o
-y0ribC0KMmro2SiUfkKChITc32Sn3LYOKF+Md4znAlU
--> ssh-ed25519 Ysxvmg j12LtD65ro+zgEwa1Muf9iTLYrBPAjYdif60V7rHYwM
-Ggnddo7N9mjeC9WysTyk485whDZGvozdFQHdfmozfIk
--> ssh-ed25519 ufczoQ A2SXmjsa+vV8QVBduJTONBlL68Mr3bI3MYZ0IG2xRAI
-PNTp7N/U1HHk6FBFD/NFR9ZQ4nTKP/TnmgNM1WH9SbA
--> ssh-ed25519 vg6bPA NyauBhYynQqMUF7bjI2V3mIZ2SkvbNptDuUDGOogTgk
-QhG93drRFENOa/ubWmM/yPzFela6dXWsEjQ129qJnqE
--> ssh-ed25519 WpFZgg R0l+/nHyp14f8XoiprkJaSPf3WaCvR+NzuU/VqyoWGs
-FPoI8JiEU9mv+/xUzX/AuUnlHljGKUYkrdctK3zvo24
---- gYuoXN/DjOhLTRdjZK1mxK5mmk2bCkQFL78+2l+Pey8
-ˆ€Õ
-Fòj½iÅ<q`f:•šWâIÁñÙ)7¹ë[cÅ
š_L›Þ«×/ÿÂÜp½WÃÌ-i¦Étµ ³~~"@ Ñ–EšW<C5A1>áTýÇR17~-¹¶Ye#ŒÀëî<C3AB>¶Oe’ÚßF0Ô”"DïþÒoÜ¡)ÉRÍðEêž
+-> ssh-ed25519 96IXNQ KBrrdrg2WOOIHMYRGK6UcwUrPWvaVgmUuau5qsohQD4
+4XVlhSSb431o+4FFa/eFuCMcJeveh8b+F3XqVRYacng
+-> ssh-ed25519 Ysxvmg aYxitWy7xeY3su7nXo1FV3UGfIGrvruO2+VPMbzK82I
+GbEFVAZXb2mdbg8GaesEeq6TJWkhi+c/cY3s3CATIyE
+-> ssh-ed25519 HQ+y9w SpQmQIwViY75uPCIKK785/2QYv8piO6K8eg0548AvgM
+KatJYMrtpMTqGi5gtfQtwHzISA9FlQZAjWzliXcfFIc
+--- fGYDeZ9VW8Zrh9UGPnlm8Ea1SjRtRDeeJNmBxSun6A4
+O4²a+ÉB²(áƒ@I|êDÁÔSÖ¿5hð'Ñ…49-V|Á«COëê*Q/¯àñF<C3B1>Šb´1ÏaüI_<49>Ý©Œ…ß3k“Eƒ<45>Þ9¡yUöäÅûÐg‘UûãKç½EúpŠ+_)—³hŽ	<0B>ê$.au1ÍäëïÈ<C3AF>

secrets/pureintent-basic-auth.age

@@ -1,15 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ itQhShx/o/E7ozne7cEp8vw2Buh1g2y2q035Db3La00
-ZXDKkeRSIqIMaxN/+qmFf8UXEBUIFcC+iAOI2rVSSVg
--> ssh-ed25519 NUm0rQ 5CG7yFDB5UEZl4wm07ZDsQJRlzDWBLpAfsRZ39gB0xw
-YGUAoVszdiUslG63DI2Vm8NfkDzRa6bTAXLelirx+lE
--> ssh-ed25519 Ysxvmg S/4/wl0npyOu4i5oqyiwYrDCyZALyzbFLKYXjnoSR1Y
-Cq7kC2ruGlS99TqI35vANPCM5VriQHyFNOXDIdqgq8U
--> ssh-ed25519 ufczoQ 07LUiyx8VhDa6k/9NZN4zK+0YA/S+NcEfBGabLBkwgY
-581All66sccmMQjvyQPHnz48pflZo/ZQe+WlsXjixk4
--> ssh-ed25519 vg6bPA 6x2XbWIIqeMdtVbJ3vfpNKjIpbfAytcjN3aydzlgY18
-LlrI/CBWeSvz0iVzAzlURSO881ebFv7V5D19hnkAItg
--> ssh-ed25519 WpFZgg HCcCa6MKmpdu5iDy44usic2UBfqrdK06gjLriD20+zg
-z9U+zt5E/T98ipbXtwpx532pJp/g2s5rflLgdvxRrMg
---- tPekxytCdLtMlyJNNXiSWZS67QD4ZAbnjzUaSRrHSgE
-7ÁäÌ°éçUUW84¸]VáÎ2F‡SµpJݪÛÜ
ZÉ<&îퟣ×$YùvË#Ä(ñ'0Ãõ령ȶ	|DÕ7öHÞ¬Çâ‡UaD7k.‚…‡Kæ*ÈùÂvi‰7	
+-> ssh-ed25519 96IXNQ P3pVYQzSm77sy04g/Y2asjjTJnraXLO9rYfWWYqRfH4
+5TpD16U53+kC41MkRnjo1o3X210fRdH2pC9qUNDZBjY
+-> ssh-ed25519 Ysxvmg A9A8coA49aRDhLDu6OmqDuur2eNq/YMl5jOqX4UrXAQ
+YxyXQW+VOFCTf5osrqx1iEsDIoSxXAkH4tyn9PRMnDw
+-> ssh-ed25519 HQ+y9w 2eRoF4XuC227syIZ+t6+8lP77CbjHEXPt27GiZqUdRQ
+9mlHSj/XKOFbnyWc5cmvTwolqXPEZXEPMmC+dTO8BRc
+--- nKy6Gb7HhzVDo2BoZJhxlqMWmbnXGhGyhpf5WOlMUkw
+6"ñ¥ê£;¿…à‡,¨ŠÔâÔ<C3A2>bY·
bÏ:
+³šI‚råzHTŸ»´m#÷Î6·•…I™šƒTT‰KO”jhj÷‡].¼µÊfp"”¸ÿ”ud‰®<E280B0>VÔ_À:q:
mzIë

secrets/secrets.nix

@@ -2,12 +2,9 @@ let
   config = import ../config.nix;
   users = [ config.me.sshKey ];
 
-  appreciate = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICra+ZidiwrHGjcGnyqPvHcZDvnGivbLMayDyecPYDh0";
   pureintent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkY5feaNt4elPqRQimB9h3OFxtFAzp98p1H+JezBv92 root@nixos";
-  naivete = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBXQ4jgsoM0K+6oddNCerjVFDibQcv7JWwc5OsT8AkGa";
-  infinitude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjxxIse4V0mC3qqhPdcVp1dp2R8fQr2AMcf/fd9vWcj";
-  infinitude-nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF5YxbeuZhn20pxbmHmA8UU9sWTmvQ/lcKkfY9A+Snx";
-  systems = [ appreciate pureintent naivete infinitude infinitude-nixos ];
+  infinitude-macos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjg6aknmaXdQ/arHcTD+USFwCTsUGyJv9R1dXnejdby";
+  systems = [ pureintent infinitude-macos ];
 in
 {
   "hedgedoc.env.age".publicKeys = users ++ systems;