merge: pull request #62 from dixslyf/update-flake-inputs-and-npins

Update flake inputs and npins

.github/actions/build/action.yaml

@@ -36,22 +36,18 @@ runs:
       uses: docker/setup-qemu-action@v3
       with:
         platforms: "arm64"
-    - uses: cachix/install-nix-action@v26
+    - uses: cachix/install-nix-action@v27
       with:
         github_access_token: ${{ inputs.github-token }}
         extra_nix_config: |
           # `i686-linux` must be present for 32-bit software
           # More context: https://github.com/NixOS/nixpkgs/issues/86506#issuecomment-623746883
           extra-platforms = i686-linux aarch64-linux
-    - uses: cachix/cachix-action@v12
+    - uses: cachix/cachix-action@v15
       with:
         name: ${{ inputs.cachix-cache-name }}
         authToken: ${{ inputs.cachix-auth-token }}
         extraPullNames: ${{ inputs.cachix-extra-pull-names }}
-        skipPush: true
-    - name: Cachix watch store
-      shell: bash
-      run: cachix watch-store ${{ inputs.cachix-cache-name }} &
     - name: Build
       shell: bash
       run: nix build --print-build-logs ${{ inputs.additional-flags }} ${{ inputs.derivation }}

.github/workflows/cachix.yaml

@@ -5,123 +5,66 @@ on:
   push:
   pull_request:
   workflow_dispatch:
-    inputs:
-      force-rebuild:
-        description: Force a rebuild by skipping the check for the deployment specification artifact.
-        type: boolean
-      deployments:
-        description: |
-          JSON array of machines to deploy to.
-          Each machine should be represented by its hostname.
-          For example, `[ "alpha", "bravo" ]`.
-        type: string
 
-run-name: ${{ inputs.deployments != '' && 'Deploy NixOS configuration' || 'Build flake outputs' }}
+run-name: "Build flake outputs"
 
-# Builds and deployments are in separate concurrency groups.
 # Builds can cancel other in-progress builds on the same ref.
-# Deployments will not cancel other in-progress deployments (but will cancel existing pending deployments),
-# no matter what ref.
 concurrency:
-  group: ${{ github.workflow }}-${{ inputs.deployments != '' && 'deploy' || 'build' }}${{ inputs.deployments != '' && '' || format('-{0}', github.ref) }}
-  cancel-in-progress: ${{ inputs.deployments == '' }}
+  group: ${{ github.workflow }}-build-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   check-flake:
     runs-on: ubuntu-22.04
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
     steps:
       - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v26
+      - uses: cachix/install-nix-action@v27
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - name: Check flake
         run: nix flake check --keep-going --impure # devenv requires impure
-  generate-deploy-spec-matrix:
+  determine-hosts:
     runs-on: ubuntu-22.04
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
     needs: [check-flake]
     outputs:
-      matrix: ${{ steps.generate.outputs.matrix }}
+      hosts: ${{ steps.generate.outputs.hosts }}
     steps:
       - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v26
+      - uses: cachix/install-nix-action@v27
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - id: generate
-        name: Generate matrix of deploy specs
-        env:
-          DEPLOYMENTS: ${{ inputs.deployments }}
+        name: Generate hosts list
         run: |
-          matrix=$(nix develop .#ci --impure --command generate-deploy-spec-matrix.sh . "$DEPLOYMENTS")
-          printf '%s' "matrix=$matrix" >> "$GITHUB_OUTPUT"
-  build-deploy-specs:
+          hosts=$(nix flake show --impure --json . | jq -c '.nixosConfigurations | keys')
+          printf '%s' "hosts=$hosts" >> "$GITHUB_OUTPUT"
+  build-hosts:
     runs-on: ubuntu-22.04
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
-    needs: [generate-deploy-spec-matrix]
+    needs: [determine-hosts]
     strategy:
       fail-fast: false
       matrix:
-        deploy-spec: ${{ fromJson(needs.generate-deploy-spec-matrix.outputs.matrix) }}
+        host: ${{ fromJson(needs.determine-hosts.outputs.hosts) }}
     steps:
-      - id: check-deploy-spec-artifact
-        if: ${{ !inputs.force-rebuild }}
-        uses: dawidd6/action-download-artifact@v2
-        with:
-          name: ${{ matrix.deploy-spec.hash-name }}
-          workflow_conclusion: ""
-          search_artifacts: true
-          if_no_artifact_found: ignore
       - uses: jlumbroso/[email protected]
         with:
           tool-cache: true
           swap-storage: false
-      - if: ${{ inputs.force-rebuild || !fromJSON(steps.check-deploy-spec-artifact.outputs.found_artifact) }}
-        uses: actions/checkout@v4
-      - name: Build deploy specification
-        if: ${{ inputs.force-rebuild || !fromJSON(steps.check-deploy-spec-artifact.outputs.found_artifact) }}
+      - uses: actions/checkout@v4
+      - name: Build ${{ matrix.host }}
         uses: ./.github/actions/build
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
-          derivation: ".#${{ matrix.deploy-spec.flake-output }}"
+          derivation: ".#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel"
           cachix-extra-pull-names: "nix-gaming, hyprland, nix-community"
-      - if: ${{ inputs.force-rebuild || !fromJSON(steps.check-deploy-spec-artifact.outputs.found_artifact) }}
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ matrix.deploy-spec.hash-name }}
-          path: ./result
   build-result: # https://github.com/orgs/community/discussions/26822#discussioncomment-5122101
     runs-on: ubuntu-22.04
-    needs: [build-deploy-specs]
-    if: ${{ always() }}
+    needs: [build-hosts]
+    if: ${{ (failure() || success()) && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) }}
     steps:
       - if: ${{ contains(needs.*.result, 'failure') }}
         run: exit 1
-  deploy:
-    runs-on: ubuntu-22.04
-    needs: [generate-deploy-spec-matrix, build-deploy-specs]
-    if: ${{ github.event_name == 'workflow_dispatch' && inputs.deployments != '' }}
-    strategy:
-      fail-fast: false
-      matrix:
-        deploy-spec: ${{ fromJson(needs.generate-deploy-spec-matrix.outputs.matrix) }}
-    steps:
-      - id: download-deploy-spec-artifact
-        uses: dawidd6/action-download-artifact@v2
-        with:
-          name: ${{ matrix.deploy-spec.hash-name }}
-          workflow_conclusion: ""
-          search_artifacts: true
-      - uses: cachix/install-nix-action@v26
-        with:
-          github_access_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: cachix/cachix-action@v12
-        with:
-          name: playernamehere-nixos
-          skipPush: true
-      - name: Deploy
-        env:
-          CACHIX_ACTIVATE_TOKEN: "${{ secrets.CACHIX_ACTIVATE_TOKEN }}"
-        run: |
-          cachix deploy activate ./result

.github/workflows/nixpkgs-review.yaml

@@ -30,7 +30,7 @@ jobs:
           fetch-depth:
             # Infinite depth (source: https://git-scm.com/docs/shallow)
             2147483647
-      - uses: cachix/install-nix-action@v26
+      - uses: cachix/install-nix-action@v27
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - name: Configure committer identity

.github/workflows/update.yaml

@@ -25,7 +25,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
-      - uses: cachix/install-nix-action@v26
+      - uses: cachix/install-nix-action@v27
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - name: Configure git

README.md

@@ -1,24 +1,26 @@
 # <h1 align="center">`~/.` `dixslyf/dotfiles`</h1>
 
-This repository contains my system configurations written in [Nix](https://nixos.org/).
+This repository contains [Nix](https://nixos.org/) configuration and dotfiles for my systems.
 
-Here is an overview of some characteristics and tools you might see in my configurations:
-* :snowflake: [NixOS](https://nixos.org/) + [Home Manager](https://github.com/nix-community/home-manager) + [Nix flakes](https://www.tweag.io/blog/2020-05-25-flakes/) + [flake-parts](https://github.com/hercules-ci/flake-parts)
-* :floppy_disk: Opt-in persistence using [tmpfs](https://en.wikipedia.org/wiki/Tmpfs) as root + [Impermanence](https://github.com/nix-community/impermanence)
-* :minidisc: [btrfs](https://btrfs.readthedocs.io/en/latest/Introduction.html) with [zstd](https://en.wikipedia.org/wiki/Zstd) compression + full disk encryption via [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup)
-* :key: [sops](https://github.com/mozilla/sops) + [sops-nix](https://github.com/Mic92/sops-nix) for secrets provisioning
-* :cloud: Deployments with [Cachix](https://www.cachix.org/) + [GitHub Actions](https://docs.github.com/en/actions)
-* :office: [devenv](https://devenv.sh/) + [direnv](https://direnv.net/) for local shell environment
+Overview:
 
-Application software I use include:
-* **Window Manager:** [bspwm](https://github.com/baskerville/bspwm)
-* **Compositor:** [picom](https://github.com/yshui/picom)
-* **Launcher:** [Rofi](https://github.com/davatorium/rofi)
-* **Bar:** [Polybar](https://github.com/polybar/polybar)
-* **Shell:** [fish](https://github.com/fish-shell/fish-shell) :fish:
-* **Terminal:** [wezterm](https://github.com/wez/wezterm)
-* **Editor:** [Neovim](https://github.com/neovim/neovim)
-* **File Manager:** [zoxide](https://github.com/ajeetdsouza/zoxide), [fzf](https://github.com/junegunn/fzf), `ls`, `cd`, `mv`, `cp`, `rm`; sometimes [Thunar](https://gitlab.xfce.org/xfce/thunar)
-* **Web Browsers:** [Firefox](https://www.mozilla.org/en-US/firefox/browsers/), [qutebrowser](https://github.com/qutebrowser/qutebrowser)
-* **Color scheme:** [Catppuccin](https://github.com/catppuccin/catppuccin)
-* **Fonts:** [Iosevka](https://github.com/be5invis/Iosevka), [Material Design Icons](https://github.com/Templarian/MaterialDesign), [Mali](https://fonts.google.com/specimen/Mali)
+- :snowflake: [NixOS](https://nixos.org/) + [Home Manager](https://github.com/nix-community/home-manager) + [Nix flakes](https://www.tweag.io/blog/2020-05-25-flakes/) + [flake-parts](https://github.com/hercules-ci/flake-parts)
+- :floppy_disk: Opt-in persistence using [tmpfs](https://en.wikipedia.org/wiki/Tmpfs) as root + [Impermanence](https://github.com/nix-community/impermanence)
+- :minidisc: [btrfs](https://btrfs.readthedocs.io/en/latest/Introduction.html) with [zstd](https://en.wikipedia.org/wiki/Zstd) compression + full disk encryption via [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup)
+- :key: [sops](https://github.com/mozilla/sops) + [sops-nix](https://github.com/Mic92/sops-nix) for secrets provisioning
+- :hammer: [GitHub Actions](https://docs.github.com/en/actions) + [Cachix](https://www.cachix.org/) for building and caching
+- :office: [devenv](https://devenv.sh/) + [direnv](https://direnv.net/) for local shell environment
+
+Software I use includes:
+
+- **Window Manager:** [bspwm](https://github.com/baskerville/bspwm)
+- **Compositor:** [picom](https://github.com/yshui/picom)
+- **Launcher:** [Rofi](https://github.com/davatorium/rofi)
+- **Bar:** [Polybar](https://github.com/polybar/polybar)
+- **Shell:** [fish](https://github.com/fish-shell/fish-shell) :fish:
+- **Terminal:** [wezterm](https://github.com/wez/wezterm) + [Zellij](https://zellij.dev/)
+- **Editor:** [Neovim](https://github.com/neovim/neovim)
+- **File Manager:** [zoxide](https://github.com/ajeetdsouza/zoxide), [fzf](https://github.com/junegunn/fzf), `ls`, `cd`, `mv`, `cp`, `rm`; sometimes [Thunar](https://gitlab.xfce.org/xfce/thunar)
+- **Web Browsers:** [Firefox](https://www.mozilla.org/en-US/firefox/browsers/), [qutebrowser](https://github.com/qutebrowser/qutebrowser)
+- **Color scheme:** [Catppuccin](https://github.com/catppuccin/catppuccin)
+- **Fonts:** [Iosevka](https://github.com/be5invis/Iosevka), [Material Design Icons](https://github.com/Templarian/MaterialDesign), [Mali](https://fonts.google.com/specimen/Mali)

devshell/ci/scripts/default.nix

@@ -1,28 +1,6 @@
 { pkgs
 , ...
 }: {
-  generate-deploy-spec-matrix = pkgs.resholve.writeScriptBin "generate-deploy-spec-matrix.sh"
-    {
-      interpreter = "${pkgs.bash}/bin/bash";
-      inputs = with pkgs; [
-        nix
-        coreutils
-        jq
-        parallel
-      ];
-      fix = {
-        # Workaround to get `resholve` to substitute the `nix` called by `parallel`
-        "$NIX_COMMAND" = [ "${pkgs.nix}/bin/nix" ];
-      };
-      execer = [
-        "cannot:${pkgs.nix}/bin/nix"
-        # This is a lie, but `resholve` doesn't seem to be able to handle `parallel` properly.
-        # Changing `cannot` to `can` or `might` results in an error.
-        "cannot:${pkgs.parallel}/bin/parallel"
-      ];
-    }
-    (builtins.readFile ./generate-deploy-spec-matrix.sh);
-
   configure-git-user = pkgs.resholve.writeScriptBin "configure-git-user.sh"
     {
       interpreter = "${pkgs.bash}/bin/bash";