diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ca6968a..3673d55 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ${{ matrix.system }} strategy: matrix: - system: [x86_64-linux] + system: [x86_64-linux, aarch64-darwin] steps: - uses: actions/checkout@v4 - run: om ci run --systems "${{ matrix.system }}" diff --git a/configurations/darwin/infinitude-macos/README.md b/configurations/darwin/infinitude-macos/README.md new file mode 100644 index 0000000..4128b53 --- /dev/null +++ b/configurations/darwin/infinitude-macos/README.md @@ -0,0 +1,23 @@ +## Tart VM CI + +### Creating the VM + +https://tart.run/ + +- `tart clone` the macOS VM +- `tart create` it +- `tart set` disk size and mem + ``` + tart set infinitude-macos --cpu 6 --memory 16000 --disk-size 500 + ``` +- `tart run` it + +## Deploying + +``` +just activate infinitude-macos +``` + +## GitHub Runners + +I use this VM on demand. It is off by default. When I need macOS CI, I start it with `tart run`. It seems GitHub runners get stuck across the host macOS suspend cycle; so it is better just shutdown/restart the VM. \ No newline at end of file diff --git a/configurations/darwin/macci.nix b/configurations/darwin/infinitude-macos/default.nix similarity index 65% rename from configurations/darwin/macci.nix rename to configurations/darwin/infinitude-macos/default.nix index ffa9451..682a508 100644 --- a/configurations/darwin/macci.nix +++ b/configurations/darwin/infinitude-macos/default.nix @@ -6,17 +6,19 @@ let inherit (inputs) self; in { - nixos-unified.sshTarget = "srid@macci"; + nixos-unified.sshTarget = "admin@infinitude-macos"; imports = [ - self.darwinModules.default + inputs.agenix.darwinModules.default (self + /modules/nixos/shared/github-runner.nix) ]; nixpkgs.hostPlatform = "aarch64-darwin"; - networking.hostName = "macci"; + networking.hostName = "infinitude-macos"; - # ids.gids.nixbld = 350; + ids.gids.nixbld = 350; + + services.tailscale.enable = true; # Used for backwards compatibility, please read the changelog before changing. # $ darwin-rebuild changelog diff --git a/configurations/home/srid@infinitude.nix b/configurations/home/srid@infinitude.nix index 3058eb5..17f6648 100644 --- a/configurations/home/srid@infinitude.nix +++ b/configurations/home/srid@infinitude.nix @@ -1,4 +1,4 @@ -{ flake, ... }: +{ lib, pkgs, flake, ... }: let inherit (flake) inputs; inherit (inputs) self; @@ -10,4 +10,9 @@ in ]; home.username = "srid"; + + home.packages = [ + ] ++ lib.optionals pkgs.stdenv.isDarwin [ + pkgs.tart + ]; } diff --git a/configurations/nixos/infinitude-nixos/configuration.nix b/configurations/nixos/infinitude-nixos/configuration.nix deleted file mode 100644 index 773ebbb..0000000 --- a/configurations/nixos/infinitude-nixos/configuration.nix +++ /dev/null @@ -1,49 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "infinitude-nixos"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - services.openssh.enable = true; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Select internationalisation properties. - i18n.defaultLocale = "en_CA.UTF-8"; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.srid = { - isNormalUser = true; - description = "srid"; - extraGroups = [ "networkmanager" "wheel" ]; - }; - - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "25.05"; # Did you read the comment? - -} diff --git a/configurations/nixos/infinitude-nixos/default.nix b/configurations/nixos/infinitude-nixos/default.nix deleted file mode 100644 index 0b981db..0000000 --- a/configurations/nixos/infinitude-nixos/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ flake, pkgs, lib, ... }: - -let - inherit (flake) inputs; - inherit (inputs) self; -in -{ - nixos-unified.sshTarget = "srid@infinitude-nixos"; - - imports = [ - self.nixosModules.default - ./configuration.nix - (self + /modules/nixos/shared/github-runner.nix) - ]; - - services.openssh.enable = true; - services.tailscale.enable = true; - - # Workaround the annoying `Failed to start Network Manager Wait Online` error on switch. - # https://github.com/NixOS/nixpkgs/issues/180175 - systemd.services.NetworkManager-wait-online.enable = false; -} diff --git a/configurations/nixos/infinitude-nixos/hardware-configuration.nix b/configurations/nixos/infinitude-nixos/hardware-configuration.nix deleted file mode 100644 index 0906429..0000000 --- a/configurations/nixos/infinitude-nixos/hardware-configuration.nix +++ /dev/null @@ -1,38 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "virtio_pci" "xhci_pci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/93794f73-b8ae-4b64-8031-c908ccce556d"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/B8F8-6DD4"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/00acfcf3-cdfe-4179-b178-f3bae66fb059"; }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/modules/home/darwin-only.nix b/modules/home/darwin-only.nix index 15cca7e..cfb1f20 100644 --- a/modules/home/darwin-only.nix +++ b/modules/home/darwin-only.nix @@ -5,7 +5,4 @@ ./all/nushell.nix # ./all/emacs.nix ]; - - home.packages = with pkgs; [ - ]; } diff --git a/modules/nixos/shared/github-runner.nix b/modules/nixos/shared/github-runner.nix index 1c195d0..e08608b 100644 --- a/modules/nixos/shared/github-runner.nix +++ b/modules/nixos/shared/github-runner.nix @@ -28,12 +28,11 @@ in # https://github.com/settings/personal-access-tokens/3513625 personalRunners = { "srid/nixos-config".num = 1; - "srid/emanote".num = 4; + "srid/emanote".num = 2; "srid/ema".num = 2; "srid/t".num = 1; - "srid/haskell-flake".num = 4; - "srid/nixos-unified".num = 4; - "srid/srid".num = 1; + "srid/haskell-flake".num = 2; + "srid/nixos-unified".num = 2; }; }; } diff --git a/secrets/github-nix-ci/srid.token.age b/secrets/github-nix-ci/srid.token.age index 85c2ad7..f82355c 100644 --- a/secrets/github-nix-ci/srid.token.age +++ b/secrets/github-nix-ci/srid.token.age @@ -1,16 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 96IXNQ jzWv00Tx8UCWzqAH1L4MlcayNVRFiBoehvEdhy/wEHw -c2MVuxS4xHg3fj1QFbuP+LDqBm7kzaSPXdHNeXAEz68 --> ssh-ed25519 NUm0rQ GMiN7snb4yyVKFcSX+651wtpIe4uWHjFggxZnuQEz0o -y0ribC0KMmro2SiUfkKChITc32Sn3LYOKF+Md4znAlU --> ssh-ed25519 Ysxvmg j12LtD65ro+zgEwa1Muf9iTLYrBPAjYdif60V7rHYwM -Ggnddo7N9mjeC9WysTyk485whDZGvozdFQHdfmozfIk --> ssh-ed25519 ufczoQ A2SXmjsa+vV8QVBduJTONBlL68Mr3bI3MYZ0IG2xRAI -PNTp7N/U1HHk6FBFD/NFR9ZQ4nTKP/TnmgNM1WH9SbA --> ssh-ed25519 vg6bPA NyauBhYynQqMUF7bjI2V3mIZ2SkvbNptDuUDGOogTgk -QhG93drRFENOa/ubWmM/yPzFela6dXWsEjQ129qJnqE --> ssh-ed25519 WpFZgg R0l+/nHyp14f8XoiprkJaSPf3WaCvR+NzuU/VqyoWGs -FPoI8JiEU9mv+/xUzX/AuUnlHljGKUYkrdctK3zvo24 ---- gYuoXN/DjOhLTRdjZK1mxK5mmk2bCkQFL78+2l+Pey8 - -Fj i ssh-ed25519 96IXNQ KBrrdrg2WOOIHMYRGK6UcwUrPWvaVgmUuau5qsohQD4 +4XVlhSSb431o+4FFa/eFuCMcJeveh8b+F3XqVRYacng +-> ssh-ed25519 Ysxvmg aYxitWy7xeY3su7nXo1FV3UGfIGrvruO2+VPMbzK82I +GbEFVAZXb2mdbg8GaesEeq6TJWkhi+c/cY3s3CATIyE +-> ssh-ed25519 HQ+y9w SpQmQIwViY75uPCIKK785/2QYv8piO6K8eg0548AvgM +KatJYMrtpMTqGi5gtfQtwHzISA9FlQZAjWzliXcfFIc +--- fGYDeZ9VW8Zrh9UGPnlm8Ea1SjRtRDeeJNmBxSun6A4 +O4a+B(@I|DSֿ5h'х49-V|CO*Q/Fb1aI_ݩ3kE9yUg UKEp+_)h $.au1ȍ \ No newline at end of file diff --git a/secrets/hedgedoc.env.age b/secrets/hedgedoc.env.age index 4d486fa..90af5fa 100644 Binary files a/secrets/hedgedoc.env.age and b/secrets/hedgedoc.env.age differ diff --git a/secrets/pureintent-basic-auth.age b/secrets/pureintent-basic-auth.age index 771d78f..267e243 100644 --- a/secrets/pureintent-basic-auth.age +++ b/secrets/pureintent-basic-auth.age @@ -1,15 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 96IXNQ itQhShx/o/E7ozne7cEp8vw2Buh1g2y2q035Db3La00 -ZXDKkeRSIqIMaxN/+qmFf8UXEBUIFcC+iAOI2rVSSVg --> ssh-ed25519 NUm0rQ 5CG7yFDB5UEZl4wm07ZDsQJRlzDWBLpAfsRZ39gB0xw -YGUAoVszdiUslG63DI2Vm8NfkDzRa6bTAXLelirx+lE --> ssh-ed25519 Ysxvmg S/4/wl0npyOu4i5oqyiwYrDCyZALyzbFLKYXjnoSR1Y -Cq7kC2ruGlS99TqI35vANPCM5VriQHyFNOXDIdqgq8U --> ssh-ed25519 ufczoQ 07LUiyx8VhDa6k/9NZN4zK+0YA/S+NcEfBGabLBkwgY -581All66sccmMQjvyQPHnz48pflZo/ZQe+WlsXjixk4 --> ssh-ed25519 vg6bPA 6x2XbWIIqeMdtVbJ3vfpNKjIpbfAytcjN3aydzlgY18 -LlrI/CBWeSvz0iVzAzlURSO881ebFv7V5D19hnkAItg --> ssh-ed25519 WpFZgg HCcCa6MKmpdu5iDy44usic2UBfqrdK06gjLriD20+zg -z9U+zt5E/T98ipbXtwpx532pJp/g2s5rflLgdvxRrMg ---- tPekxytCdLtMlyJNNXiSWZS67QD4ZAbnjzUaSRrHSgE - 7̰UUW84]V2FSpJݪ Z<&ퟣ$Yv#('0령ȶ |D7HެUaD7k.K*vi7  \ No newline at end of file +-> ssh-ed25519 96IXNQ P3pVYQzSm77sy04g/Y2asjjTJnraXLO9rYfWWYqRfH4 +5TpD16U53+kC41MkRnjo1o3X210fRdH2pC9qUNDZBjY +-> ssh-ed25519 Ysxvmg A9A8coA49aRDhLDu6OmqDuur2eNq/YMl5jOqX4UrXAQ +YxyXQW+VOFCTf5osrqx1iEsDIoSxXAkH4tyn9PRMnDw +-> ssh-ed25519 HQ+y9w 2eRoF4XuC227syIZ+t6+8lP77CbjHEXPt27GiZqUdRQ +9mlHSj/XKOFbnyWc5cmvTwolqXPEZXEPMmC+dTO8BRc +--- nKy6Gb7HhzVDo2BoZJhxlqMWmbnXGhGyhpf5WOlMUkw +6";,ԁbYb: +IrzHTm#6ITTKOjhj].fp"udV_:q: mzI \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a4f0aea..dfd5751 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,12 +2,9 @@ let config = import ../config.nix; users = [ config.me.sshKey ]; - appreciate = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICra+ZidiwrHGjcGnyqPvHcZDvnGivbLMayDyecPYDh0"; pureintent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkY5feaNt4elPqRQimB9h3OFxtFAzp98p1H+JezBv92 root@nixos"; - naivete = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBXQ4jgsoM0K+6oddNCerjVFDibQcv7JWwc5OsT8AkGa"; - infinitude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjxxIse4V0mC3qqhPdcVp1dp2R8fQr2AMcf/fd9vWcj"; - infinitude-nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF5YxbeuZhn20pxbmHmA8UU9sWTmvQ/lcKkfY9A+Snx"; - systems = [ appreciate pureintent naivete infinitude infinitude-nixos ]; + infinitude-macos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjg6aknmaXdQ/arHcTD+USFwCTsUGyJv9R1dXnejdby"; + systems = [ pureintent infinitude-macos ]; in { "hedgedoc.env.age".publicKeys = users ++ systems;