Samsung/WSL2

.agenix.toml

@@ -1,60 +1,10 @@
+# https://github.com/cole-h/agenix-cli/blob/main/.agenix.toml.example
+# https://github.com/ryantm/agenix?tab=readme-ov-file#tutorial
 [identities]
-argon-root = "age19c2lj8tp448qz2nmj2fhjhz3ss2w0zuhpudhx8k6e4e3pjkknemqunutd3"
-argon-tobias = "age1gh8taacs5kv8qet0vyrash9xx9rcvgemwuhevg6q0eqczp73545qd3eaf3"
-bak = "age1kttfv4zpvv0cshe8q7lvakycytn34pja9pcy4ylq94kw90k3yfwsxja79j"
-gamer-tobias = "age1xmwue6azg27l7kwsjr7a84gax5ed7tzdzfw4c3vz3aejr539tpdswmlpt8"
-krypton-root = "age1vheh9hvezl0k2fe7wpfjnfp6ajcezz78jlhxj6wvzxdvkte4lfys03ktuq"
-krypton-tobias = "age1r2maar050kkskxpaestrd738dpphptp886mdt4kta2p3mup3mc9s4r4020"
-M386-tobhap = "age1lsr8ynsnxd86zhxfl624dy229gx0zlc72wmuqs8e7wlpgcwfauhsp7nu9h"
-neon-root = "age16xxy8wcp8as2uc7v04fncsa7x257luygse94khp7c5mglh4wnggs8t4sk5"
-neon-tobias = "age1m0cyz2y5vyztmx04x0xheyhhy8uwf53yem6dafmce3hsugwhfp4q0lg267"
-oneplus5-nix-on-droid = "age18wg8fscl8kvn3avr2dgpwujdsy8xksc4v58mnuwmwpjp0ddud42sjfl08q"
-xenon-root = "age1glu7paaertha2q28whxehvgn7euj52z5pka0edlrp6pnhqypvcmqm2lg64"
-xenon-tobias = "age1dxhjmnugds3263vsh02zrxagxal5x25ycs3xpueja7yfvcx8lves8p5rkv"
+bak = "age1REPLACE3"
+twopi-root = "age1REPLACE1"
+twopi-dani = "age1REPLACE2"
 
 [[paths]]
-glob = "secrets/ssh/private/*"
-identities = [
-    "bak",
-    "gamer-tobias",
-    "M386-tobhap",
-    "neon-tobias",
-    "oneplus5-nix-on-droid",
-]
-
-[[paths]]
-glob = "secrets/ssh/vcs/*"
-identities = [
-    "argon-tobias",
-    "bak",
-    "gamer-tobias",
-    "krypton-tobias",
-    "M386-tobhap",
-    "neon-tobias",
-    "oneplus5-nix-on-droid",
-    "xenon-tobias",
-]
-
-[[paths]]
-glob = "secrets/ssh/sedo/*"
-identities = [ "bak", "M386-tobhap" ]
-
-[[paths]]
-glob = "secrets/argon/*"
-identities = [ "bak", "argon-root" ]
-
-[[paths]]
-glob = "secrets/krypton/*"
-identities = [ "bak", "krypton-root" ]
-
-[[paths]]
-glob = "secrets/M386/*"
-identities = [ "bak", "M386-tobhap" ]
-
-[[paths]]
-glob = "secrets/neon/*"
-identities = [ "bak", "neon-root" ]
-
-[[paths]]
-glob = "secrets/xenon/*"
-identities = [ "bak", "xenon-root" ]
+glob = "secrets/twopi/*"
+identities = [ "bak", "twopi-root" ]

.gitattributes

@@ -1 +1,4 @@
 *.age binary diff=age
+# Convert to LF line endings on checkout.
+*.sh text eol=lf
+*.nix text eol=lf

.github/workflows/ci.yml

@@ -16,7 +16,8 @@ on:
 
 jobs:
   nix:
-    runs-on: ubuntu-latest
+    runs-on: "${{ matrix.system == 'aarch64' && 'self-hosted' || 'ubuntu-latest' }}"
+
     strategy:
       fail-fast: false
       matrix:
@@ -29,27 +30,25 @@ jobs:
           - eval .#apps.$_system.setup.program
 
         include:
-          - nix-command: develop .#jdk8 --profile profile
+          - nix-command: develop .#jdk8 --profile result
+            system: x86_64
+          - nix-command: develop .#jdk11 --profile result
             system: x86_64
-          - nix-command: develop .#jdk11 --profile profile
+          - nix-command: develop .#jdk17 --profile result
             system: x86_64
-          - nix-command: develop .#jdk17 --profile profile
+          - nix-command: develop .#php74 --profile result
             system: x86_64
-          - nix-command: develop .#php74 --profile profile
+          - nix-command: develop .#php74-composer1 --profile result
             system: x86_64
-          - nix-command: develop .#php80 --profile profile
+          - nix-command: develop .#php80 --profile result
             system: x86_64
-          - nix-command: develop .#php81 --profile profile
+          - nix-command: develop .#php81 --profile result
             system: x86_64
 
           - nix-command: build .#homeConfigurations."tobias@gamer".activationPackage
             system: x86_64
-          - nix-command: build .#homeConfigurations."tobhap@M386".activationPackage
-            system: x86_64
-            deploy-agent: M386
-            deploy-args: --async
 
-          - nix-command: build .#nixOnDroidConfigurations.oneplus5.activationPackage --impure
+          - nix-command: build .#nixOnDroidConfigurations.pixel7a.activationPackage --impure
             system: aarch64
 
           - nix-command: build .#nixosConfigurations.argon.config.system.build.toplevel
@@ -75,123 +74,47 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.branch }}
 
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        continue-on-error: true
+        if: matrix.system == 'x86_64'
+        with:
+          tool-cache: true
+
       - name: Install nix
-        uses: cachix/install-nix-action@v20
+        uses: cachix/install-nix-action@v26
+        if: matrix.system == 'x86_64'
         with:
           extra_nix_config: |
             keep-going = true
-            show-trace = true
 
-      - name: Setup cachix
-        uses: cachix/cachix-action@v12
+      - name: Setup cachix (gerschtli)
+        uses: cachix/cachix-action@v14
         with:
           name: gerschtli
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
 
-      - name: Build command (aarch64)
-        if: matrix.system == 'aarch64'
-        # FIXME: use upstream once --tty is removed
-        #uses: uraimo/run-on-arch-action@v2
-        uses: Gerschtli/run-on-arch-action@tty
+      - name: Setup cachix (nix-on-droid)
+        uses: cachix/cachix-action@v14
         with:
-          arch: aarch64
-          distro: alpine_latest
-          githubToken: ${{ github.token }}
-          dockerRunArgs: --volume /nix:/nix
-          install: |
-            apk --no-cache add curl git xz
-            adduser --disabled-password ci
-          env: |
-            _system: ${{ matrix.system }}-linux
-            CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN || 'no-value' }}
-            CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          run: |
-            set -euo pipefail
-
-            mkdir -p /home/ci/.config/nix
-
-            cat <<EOF > /home/ci/.config/nix/nix.conf
-            experimental-features = nix-command flakes
-            keep-going = true
-            show-trace = true
-            access-tokens = github.com=$GITHUB_TOKEN
-            EOF
-
-            chown --recursive ci:ci /nix /home/ci
-            chgrp --recursive ci "$(pwd)"
-            chmod -R g+w "$(pwd)"
-
-            echo "::group::Install nix"
-
-            curl \
-              --silent \
-              --show-error \
-              --output /tmp/install \
-              --retry 5 \
-              --retry-all-errors \
-              --fail \
-              --location \
-              "https://nixos.org/nix/install"
-
-            su ci -c "sh /tmp/install --no-channel-add --no-daemon"
-            rm /tmp/install
+          name: nix-on-droid
+          useDaemon: false
 
-            function run() {
-              su ci -c ". /home/ci/.nix-profile/etc/profile.d/nix.sh; $*"
-            }
-
-            # FIXME: setting build-hook is needed because default hook `nix __build-remote` is not available
-            function build_hook() {
-              local nix_path="$(run which nix)"
-              echo "${nix_path/bin\/nix/libexec/nix/build-remote}"
-            }
-            run echo "build-hook = $(build_hook)" >> /home/ci/.config/nix/nix.conf
-
-
-            echo "::group::Setup cachix"
-            run nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
-            run cachix --version
-            run cachix use gerschtli
-            run cachix use nix-on-droid
-
-
-            echo "::group::Build command"
-            run git config --global --add safe.directory "$(pwd)"
-
-            run nix ${{ matrix.nix-command }}
-
-
-            ${{ github.ref == 'refs/heads/master' && inputs.branch == '' && matrix.deploy-agent &&
-              format(
-                '
-                  echo "::group::Build spec"
-                  spec="$(run nix build --print-out-paths ".#cachix-deploy-spec-{0}")"
-
-                  echo "::group::Upload spec"
-                  run cachix push gerschtli "$spec"
-
-                  echo "::group::Activate deployment"
-                  run cachix deploy activate --agent "{0}" {1} "$spec"
-                ',
-                matrix.deploy-agent,
-                matrix.deploy-args
-              )
-              || 'echo "::group::Skip spec deploy"'
-            }}
-
-      - name: Build command (x86_64)
-        if: matrix.system == 'x86_64'
+      - name: Build command
         env:
           _system: ${{ matrix.system }}-linux
         run: nix ${{ matrix.nix-command }}
 
-      - name: Deploy cachix-agent spec (x86_64)
-        if: matrix.system == 'x86_64' && github.ref == 'refs/heads/master' && inputs.branch == '' && matrix.deploy-agent
+      - name: Remove result symlink
+        if: always()
+        run: rm result || :
+
+      - name: Deploy cachix-agent spec
+        if: github.ref == 'refs/heads/master' && inputs.branch == '' && matrix.deploy-agent
         env:
           CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
         run: |