recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
1ecae1ce27caefd880435accb88fcccbd845d4e4
cc-ci/flake.nix
autonomic-bot 433ec9de30 refactor(1b): RL5 — consolidate Nix code under nix/ (modules->nix/modules, hosts->nix/hosts) 
flake.nix/flake.lock STAY at root so the build ref #cc-ci is unchanged; only flake's internal
configuration.nix path updated. Root-relative refs inside moved modules re-based ../X -> ../../X
(secrets/bridge/dashboard); configuration.nix's ../../modules imports unchanged (both dirs under nix/).
Living docs (README, architecture/install/secrets/enroll) + .drone.yml comment updated to nix/...;
append-only history logs left as-is. DECISIONS.md records RL5 + the deferred-coordinated RL6.

Verified on cc-ci: nixos-rebuild build 'path:#cc-ci' -> toplevel 8i3jcad9 (BYTE-IDENTICAL to the
pre-move build — store derivations are content-addressed on file contents, module .nix not in the
runtime closure); scripts/lint.sh -> lint: PASS.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 21:19:09 +01:00

57 lines
2.0 KiB
Nix
Raw Blame History

{
description = "cc-ci Co-op Cloud recipe CI server (NixOS)";
inputs = {
# Pinned to the exact revision cc-ci already runs, so the first rebuild from
# this repo is a true no-op-then-base (M0). Bump deliberately, not drift.
nixpkgs.url = "github:NixOS/nixpkgs/50ab793786d9de88ee30ec4e4c24fb4236fc2674";
# Pinned to a commit that still uses plain `buildGoModule` — sops-nix master moved to
# `buildGo125Module` (Go 1.25), which our pinned nixpkgs 24.11 (2025-06-30) does not have.
sops-nix.url = "github:Mic92/sops-nix/77c423a03b9b2b79709ea2cb63336312e78b72e2";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { nixpkgs, sops-nix, ... }:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
# Lint/format toolchain (Phase 1b, RL1). Same tools the `.drone.yml` lint stage and
# `scripts/lint.sh` use, built from the pinned nixpkgs so CI and local agree byte-for-byte.
# Nix: nixpkgs-fmt (format) · statix (lints) · deadnix (dead code).
# Python: ruff (lint + format). Shell: shellcheck + shfmt. YAML: yamllint.
lintTools = with pkgs; [
nixpkgs-fmt
statix
deadnix
ruff
shellcheck
shfmt
yamllint
];
in
{
nixosConfigurations.cc-ci = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
sops-nix.nixosModules.sops
./nix/hosts/cc-ci/configuration.nix
];
};
devShells.${system} = {
# Devshell for working on the harness/bridge locally (tools + lint toolchain).
default = pkgs.mkShell {
packages = (with pkgs; [ git jq curl ]) ++ lintTools;
};
# `nix develop .#lint` — exactly the lint toolchain, nothing else. Used by
# `scripts/lint.sh` and the `.drone.yml` lint stage.
lint = pkgs.mkShell {
packages = lintTools;
};
};
formatter.${system} = pkgs.nixpkgs-fmt;
};
}
Reference in New Issue View Git Blame Copy Permalink