autonomic-bot
deb4a0fbed
Host decrypts /run/secrets/test_secret via its ssh host key (age identity); off-box master recovery recipient. sops-nix pinned to a buildGoModule-era rev for nixpkgs 24.11 compat. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
37 lines
1.2 KiB
Nix
37 lines
1.2 KiB
Nix
{
|
|
description = "cc-ci — Co-op Cloud recipe CI server (NixOS)";
|
|
|
|
inputs = {
|
|
# Pinned to the exact revision cc-ci already runs, so the first rebuild from
|
|
# this repo is a true no-op-then-base (M0). Bump deliberately, not drift.
|
|
nixpkgs.url = "github:NixOS/nixpkgs/50ab793786d9de88ee30ec4e4c24fb4236fc2674";
|
|
|
|
# Pinned to a commit that still uses plain `buildGoModule` — sops-nix master moved to
|
|
# `buildGo125Module` (Go 1.25), which our pinned nixpkgs 24.11 (2025-06-30) does not have.
|
|
sops-nix.url = "github:Mic92/sops-nix/77c423a03b9b2b79709ea2cb63336312e78b72e2";
|
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
outputs = { self, nixpkgs, sops-nix }:
|
|
let
|
|
system = "x86_64-linux";
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
in
|
|
{
|
|
nixosConfigurations.cc-ci = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
modules = [
|
|
sops-nix.nixosModules.sops
|
|
./hosts/cc-ci/configuration.nix
|
|
];
|
|
};
|
|
|
|
# Devshell for working on the harness/bridge locally.
|
|
devShells.${system}.default = pkgs.mkShell {
|
|
packages = with pkgs; [ git jq curl nixpkgs-fmt ];
|
|
};
|
|
|
|
formatter.${system} = pkgs.nixpkgs-fmt;
|
|
};
|
|
}
|