feat(project)!: support nixos-rebuild and hydra

14 files changed, 194 insertions, 33 deletions

diff --git a/default.nix b/default.nix
index 63f1796..f620865 100644
--- a/default.nix
+++ b/default.nix
@@ -1,8 +1,10 @@
-{ inputs, lib, ... }:
-with lib;
-with lib.my;
-{
-  imports = mapModulesRec' (toString ./modules) import;
-
-  networking.useDHCP = mkDefault false;
-}
+(import
+  (
+    let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
+    fetchTarball {
+      url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+      sha256 = lock.nodes.flake-compat.locked.narHash;
+    }
+  )
+  { src = ./.; }
+).defaultNix
diff --git a/flake.lock b/flake.lock
index ea89f0d..56f7328 100644
--- a/flake.lock
+++ b/flake.lock
@@ -60,6 +60,29 @@
         "type": "gitlab"
       }
     },
+    "colmena": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": [
+          "unstable"
+        ],
+        "stable": "stable"
+      },
+      "locked": {
+        "lastModified": 1706509311,
+        "narHash": "sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP+JTnOctDALErOw=",
+        "owner": "zhaofengli",
+        "repo": "colmena",
+        "rev": "c84ccd0a7a712475e861c2b111574472b1a8d0cd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "colmena",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -79,6 +102,22 @@
     "flake-compat_2": {
       "flake": false,
       "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_3": {
+      "flake": false,
+      "locked": {
         "lastModified": 1668681692,
         "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
         "owner": "edolstra",
@@ -130,6 +169,21 @@
     },
     "flake-utils_2": {
       "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
+      "locked": {
         "lastModified": 1667395993,
         "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
         "owner": "numtide",
@@ -208,7 +262,7 @@
     "nixos-mailserver": {
       "inputs": {
         "blobs": "blobs",
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat_3",
         "nixpkgs": [
           "unstable"
         ],
@@ -373,6 +427,7 @@
     "root": {
       "inputs": {
         "authentik-nix": "authentik-nix",
+        "colmena": "colmena",
         "impermanence": "impermanence",
         "nixos-mailserver": "nixos-mailserver",
         "nixpkgs-2111": "nixpkgs-2111",
@@ -384,7 +439,7 @@
     },
     "sefidel-web": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_3",
         "nixpkgs": "nixpkgs"
       },
       "locked": {
@@ -422,6 +477,22 @@
         "type": "github"
       }
     },
+    "stable": {
+      "locked": {
+        "lastModified": 1696039360,
+        "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
diff --git a/flake.nix b/flake.nix
index c0da437..3ef69b4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,6 +6,12 @@
     unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
     nixpkgs-2111.url = "github:nixos/nixpkgs/nixos-21.11";
 
+    colmena.url = "github:zhaofengli/colmena";
+    colmena.inputs.nixpkgs.follows = "unstable";
+
+    flake-compat.url = "github:edolstra/flake-compat";
+    flake-compat.flake = false;
+
     impermanence.url = "github:nix-community/impermanence";
 
     authentik-nix.url = "github:nix-community/authentik-nix";
@@ -36,12 +42,10 @@
 
       nixosModules = mapModulesRec ./modules import;
 
-      colmena = {
-        meta = {
-          nixpkgs = import unstable { inherit system; overlays = [ (import ./overlays) ]; };
-          specialArgs = { inherit lib inputs system; };
-        };
-      }
-      // mapSystems ./systems { };
-    };
+      nixosConfigurations = mapSystems ./systems { };
+
+      colmena = self.lib.mkColmenaFromNixOSConfigurations self.nixosConfigurations;
+
+      hydraJobs = self.lib.mkHydraFromNixOSConfigurations self.nixosConfigurations;
+   };
 }
diff --git a/hydra/default.nix b/hydra/default.nix
new file mode 100644
index 0000000..85a57e2
--- /dev/null
+++ b/hydra/default.nix
@@ -0,0 +1 @@
+{ infra }: (import infra).hydraJobs
diff --git a/hydra/jobsets.nix b/hydra/jobsets.nix
new file mode 100644
index 0000000..daf1a5a
--- /dev/null
+++ b/hydra/jobsets.nix
@@ -0,0 +1,34 @@
+{ nixpkgs, ... }:
+
+let
+  pkgs = import nixpkgs {};
+
+  jobsets = {
+    main = {
+      enabled = 1;
+      hidden = false;
+      description = "main branch";
+      nixexprinput = "infra";
+      nixexprpath = "hydra/default.nix";
+      checkinterval = 300;
+      schedulingshares = 100;
+      enableemail = false;
+      emailoverride = "";
+      keepnr = 1;
+      inputs = {
+        infra = {
+          type = "git";
+          value = "https://git.exotic.sh/infra main";
+          emailresponsible = false;
+        };
+        nixpkgs = {
+          type = "git";
+          value = "https://github.com/NixOS/nixpkgs.git nixos-unstable";
+          emailresponsible = false;
+        };
+      };
+    };
+  };
+in {
+  jobsets = pkgs.writeText "jobsets.json" (builtins.toJSON jobsets);
+}
diff --git a/hydra/spec.json b/hydra/spec.json
new file mode 100644
index 0000000..73aed01
--- /dev/null
+++ b/hydra/spec.json
@@ -0,0 +1,24 @@
+{
+    "enabled": 1,
+    "hidden": false,
+    "description": "Jobsets",
+    "nixexprinput": "infra",
+    "nixexprpath": "hydra/jobsets.nix",
+    "checkinterval": 300,
+    "schedulingshares": 100,
+    "enableemail": false,
+    "emailoverride": "",
+    "keepnr": 1,
+    "inputs": {
+        "infra": {
+            "type": "git",
+            "value": "https://git.exotic.sh/infra main",
+            "emailresponsible": false
+        },
+        "nixpkgs": {
+            "type": "git",
+            "value": "https://github.com/NixOS/nixpkgs.git nixos-unstable",
+            "emailresponsible": false
+        }
+    }
+}
diff --git a/lib/system.nix b/lib/system.nix
index 8fc4dce..e1709e3 100644
--- a/lib/system.nix
+++ b/lib/system.nix
@@ -1,22 +1,47 @@
-{ self, inputs, lib, pkgs, ... }:
+{ self, inputs, lib, pkgs, ... } @ args:
 
 with lib;
 with lib.my;
 {
-  mkSystem = path: attrs @ { ... }: {
-    imports = [
+  mkSystem = { hostPath, nixpkgs ? inputs.unstable, system ? "x86_64-linux", overlays ? null, extraModules ? null }:
+    nixpkgs.lib.nixosSystem (
       {
-        networking.hostName = mkDefault
-          (removeSuffix ".nix" (baseNameOf path));
-        system.configurationRevision = self.rev or "dirty";
+        system = system;
+
+        specialArgs = args;
+
+        modules = [
+          {
+            networking.hostName = mkDefault (removeSuffix ".nix" (baseNameOf hostPath));
+            nix.flakes.enable = true;
+            system.configurationRevision = self.rev or "dirty";
+            documentation.man = { enable = true; generateCaches = true; };
+          }
+          (import hostPath)
+        ] ++ mapModulesRec' ../modules import
+        ++ nixpkgs.lib.optional (overlays != null) { nixpkgs.overlays = overlays; }
+        ++ nixpkgs.lib.optionals (extraModules != null) extraModules;
+
+        # let deployment options to be set without breaking eval on nixosConfigurations
+        extraModules = [ inputs.colmena.nixosModules.deploymentOptions ];
       }
-      ../. # /default.nix
-      (import path)
-    ];
-  };
+    );
 
   mapSystems = dir: attrs @ { system ? system, ... }:
     mapModules dir
-      (hostPath: mkSystem hostPath attrs);
+      (hostPath: mkSystem { inherit hostPath; });
+
+  mkColmenaFromNixOSConfigurations = conf:
+    {
+      meta = {
+        # Colmena requirement. Will be overridden in nodeNixpkgs.
+        nixpkgs = import inputs.unstable { system = "x86_64-linux"; };
+        nodeNixpkgs = builtins.mapAttrs (_: value: value.pkgs) conf;
+        nodeSpecialArgs = builtins.mapAttrs (_: value: value._module.specialArgs) conf;
+      };
+    } // builtins.mapAttrs (_: value: { imports = value._module.args.modules; }) conf;
+
+  mkHydraFromNixOSConfigurations = conf:
+    mapAttrs' (name: value: { name = "nixos-${name}"; value = value.config.system.build.toplevel; }) conf;
 }
 
diff --git a/overlays/git-daemon-module.nix b/modules/services/git-daemon/_git-daemon-module.nix
index 76b395e..76b395e 100644
--- a/overlays/git-daemon-module.nix
+++ b/modules/services/git-daemon/_git-daemon-module.nix
diff --git a/modules/services/git-daemon.nix b/modules/services/git-daemon/default.nix
index 5d027de..bc06342 100644
--- a/modules/services/git-daemon.nix
+++ b/modules/services/git-daemon/default.nix
@@ -10,7 +10,7 @@ in
   ];
 
   imports = [
-    ../../overlays/git-daemon-module.nix
+    ./_git-daemon-module.nix
   ];
 
   options.modules.services.gitDaemon = {
diff --git a/overlays/mautrix-discord-module.nix b/modules/services/matrix-bridge/_mautrix-discord-module.nix
index 36cafe6..36cafe6 100644
--- a/overlays/mautrix-discord-module.nix
+++ b/modules/services/matrix-bridge/_mautrix-discord-module.nix
diff --git a/overlays/mautrix-signal-module.nix b/modules/services/matrix-bridge/_mautrix-signal-module.nix
index 983d635..983d635 100644
--- a/overlays/mautrix-signal-module.nix
+++ b/modules/services/matrix-bridge/_mautrix-signal-module.nix
diff --git a/modules/services/matrix-bridge.nix b/modules/services/matrix-bridge/default.nix
index 3ea46d8..4d53223 100644
--- a/modules/services/matrix-bridge.nix
+++ b/modules/services/matrix-bridge/default.nix
@@ -6,8 +6,8 @@ let
 in
 {
   imports = [
-    ../../overlays/mautrix-signal-module.nix
-    ../../overlays/mautrix-discord-module.nix
+    ./_mautrix-signal-module.nix
+    ./_mautrix-discord-module.nix
   ];
 
   options.modules.services.matrix-bridge = {
diff --git a/overlays/soju-module.nix b/modules/services/soju/_soju-module.nix
index d14082c..d14082c 100644
--- a/overlays/soju-module.nix
+++ b/modules/services/soju/_soju-module.nix
diff --git a/modules/services/soju.nix b/modules/services/soju/default.nix
index b2f4faf..557222e 100644
--- a/modules/services/soju.nix
+++ b/modules/services/soju/default.nix
@@ -10,7 +10,7 @@ in
   ];
 
   imports = [
-    ../../overlays/soju-module.nix
+    ./_soju-module.nix
   ];
 
   options.modules.services.soju = {