qo.is/infrastructure
3
0
Fork 0
Code Issues 11 Pull requests Projects 1 Activity Actions

Many small structural improvements (treefmt, no cyclic imports, git-pre-commit-hook, faster CI) #50

Merged
fabianhauser merged 16 commits from update-imports into main 2025-03-26 15:10:42 +01:00
Conversation 0 Commits 16 Files changed 106 +38 -3
2 changed files with 38 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 1badc42a60 - Show all commits

35
nixos-modules/git-ci-runner/default.nix
View file

@ -25,6 +25,35 @@ with lib;
default = 10; default = 10;
description = "How many nix runner instances to start"; description = "How many nix runner instances to start";
}; };
trustedSubstituters = mkOption {
type = types.listOf types.str;
default = [
# General substitutors (also elsewhere defined defaults, but without priority params)
"https://cache.nixos.org"
"https://${config.qois.nixpkgs-cache.hostname}"
"https://cache.garnix.io"
# Project builds
"https://attic.qo.is/qois-infrastructure" # https://git.qo.is/qo.is/infrastructure
"https://attic.qo.is/dotfiles" # https://git.qo.is/fabianhauser/dotfiles
];
description = "Substitutors that are trusted by the host.";
};
trustedPublicKeys = mkOption {
type = types.listOf types.str;
default = [
# General subsitutors
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
# Project builds
"qois-infrastructure:lh35ymN7Aoxm5Hz0S6JusxE+cYzMU+x9OMKjDVIpfuE=" # https://git.qo.is/qo.is/infrastructure
"dotfiles:KpLi0qe5O5rb8E8N8vntZWBDqFwG3Ksx4AFGizYCLoU=" # https://git.qo.is/fabianhauser/dotfiles
];
description = "Substitutor public keys that are trusted by the host.";
};
}; };
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
@ -34,6 +63,12 @@ with lib;
"gitea-runner-${defaultInstanceName}.service" "gitea-runner-${defaultInstanceName}.service"
] ++ (genList (n: "gitea-runner-nix${builtins.toString n}.service") cfg.nixInstances); ] ++ (genList (n: "gitea-runner-nix${builtins.toString n}.service") cfg.nixInstances);
nix.settings = {
trusted-substituters = cfg.trustedSubstituters;
trusted-public-keys = cfg.trustedPublicKeys;
};
virtualisation.podman = { virtualisation.podman = {
enable = true; enable = true;
dockerCompat = true; dockerCompat = true;

6
nixos-modules/system/default.nix
View file

@ -55,9 +55,9 @@
settings = settings =
let let
substituters = [ substituters = [
"https://${config.qois.nixpkgs-cache.hostname}?priority=39" "https://${config.qois.nixpkgs-cache.hostname}?priority=30"
"https://attic.qo.is/qois-infrastructure?priority=32"
"https://cache.nixos.org?priority=40" "https://cache.nixos.org?priority=40"
"https://attic.qo.is/qois-infrastructure"
]; ];
in in
{ {
@ -69,7 +69,7 @@
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"qois-infrastructure:lh35ymN7Aoxm5Hz0S6JusxE+cYzMU+x9OMKjDVIpfuE=" "qois-infrastructure:lh35ymN7Aoxm5Hz0S6JusxE+cYzMU+x9OMKjDVIpfuE="
]; ];
trusted-substituters = substituters; # For hosts that limit the subst list trusted-substituters = substituters;
inherit substituters; inherit substituters;
}; };
gc = { gc = {