add home-manager and sops-nix to ci

2024-12-14 11:57:52 +00:00 · 2024-11-17 13:51:11 +01:00 · 2024-11-17 13:51:11 +01:00 · fe6a1bb922
commit fe6a1bb922
parent dfcebb55c8
6 changed files with 114 additions and 4 deletions
--- a/checks/darwin.nix
+++ b/checks/darwin.nix
@ -0,0 +1,11 @@
+
+{
+  imports = [
+    ../modules/nix-darwin/default.nix
+  ];
+  documentation.enable = false;
+  sops.secrets.test_key = { };
+  sops.defaultSopsFile = ../pkgs/sops-install-secrets/test-assets/secrets.yaml;
+  sops.age.generateKey = true;
+  system.stateVersion = 5;
+}
--- a/checks/home-manager.nix
+++ b/checks/home-manager.nix
@ -0,0 +1,15 @@
+
+{ config, ... }: {
+  imports = [
+    ../modules/home-manager/sops.nix
+  ];
+  home.stateVersion = "25.05";
+  home.username = "sops-user";
+  home.homeDirectory = "/home/sops-user";
+  home.enableNixpkgsReleaseCheck = false;
+
+  sops.age.generateKey = true;
+  sops.age.keyFile = "${config.home.homeDirectory}/.age-key.txt";
+  sops.secrets.test_key = { };
+  sops.defaultSopsFile = ../pkgs/sops-install-secrets/test-assets/secrets.yaml;
+}
--- a/dev/private.narHash
+++ b/dev/private.narHash
@ -1 +1 @@
-sha256-qF9EiqHqJARLtA+ZABXa2mstgbza762DwoGEIGkyqVY=
+sha256-rXlTQPa9c8Ou52KO5S36sOyKUzurr5fuZcXnHr7g6YY=
--- a/dev/private/flake.lock
+++ b/dev/private/flake.lock
@ -1,5 +1,45 @@
 {
  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1731832479,
+        "narHash": "sha256-icDDuYwJ0avTMZTxe1qyU/Baht5JOqw4pb5mWpR+hT0=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "5056a1cf0ce7c2a08ab50713b6c4af77975f6111",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nix-darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1731809072,
+        "narHash": "sha256-pOsDJQR0imnFLfpvTmRpHcP0tflyxtP/QIzokrKSP8U=",
+        "owner": "LnL7",
+        "repo": "nix-darwin",
+        "rev": "34588d57cfc41c6953c54c93b6b685cab3b548ee",
+        "type": "github"
+      },
+      "original": {
+        "owner": "LnL7",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1731842749,
@ -18,6 +58,8 @@
    },
    "root": {
      "inputs": {
+        "home-manager": "home-manager",
+        "nix-darwin": "nix-darwin",
        "nixpkgs-stable": "nixpkgs-stable",
        "treefmt-nix": "treefmt-nix"
      }
--- a/dev/private/flake.nix
+++ b/dev/private/flake.nix
@ -5,5 +5,11 @@
  inputs.treefmt-nix.url = "github:numtide/treefmt-nix";
  inputs.treefmt-nix.inputs.nixpkgs.follows = "nixpkgs-stable";

+  inputs.nix-darwin.url = "github:LnL7/nix-darwin";
+  inputs.nix-darwin.inputs.nixpkgs.follows = "nixpkgs-stable";
+
+  inputs.home-manager.url = "github:nix-community/home-manager";
+  inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs-stable";
+
  outputs = _: { };
 }
--- a/flake.nix
+++ b/flake.nix
@ -78,7 +78,7 @@
      # dev outputs
      {
        checks = eachSystem (
-          { system, ... }:
+          { pkgs, system, ... }:
          let
            tests = self.packages.${system}.sops-install-secrets.tests;
            packages-stable = import ./default.nix {
@ -90,7 +90,43 @@
              nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs;
            suffix-stable = suffix-version "-24_05";
          in
-          tests // (suffix-stable tests-stable) // (suffix-stable packages-stable)
+          tests
+          // (suffix-stable tests-stable)
+          // (suffix-stable packages-stable)
+          // {
+            home-manager = self.legacyPackages.${system}.homeConfigurations.sops.activation-script;
+          }
+          // nixpkgs.lib.optionalAttrs pkgs.stdenv.isDarwin {
+            darwin-sops =
+              self.darwinConfigurations."sops-${pkgs.hostPlatform.darwinArch}".config.system.build.toplevel;
+          }
+        );
+
+        darwinConfigurations.sops-arm64 = privateInputs.nix-darwin.lib.darwinSystem {
+          modules = [
+            ./checks/darwin.nix
+            #{ nixpkgs.pkgs = nixpkgs.legacyPackages.aarch64-darwin; }
+            { nixpkgs.hostPlatform = "aarch64-darwin"; }
+          ];
+        };
+
+        darwinConfigurations.sops-x86_64 = privateInputs.nix-darwin.lib.darwinSystem {
+          modules = [
+            ./checks/darwin.nix
+            { nixpkgs.hostPlatform = "x86_64-darwin"; }
+          ];
+        };
+
+        legacyPackages = eachSystem (
+          { pkgs, ... }:
+          {
+            homeConfigurations.sops = privateInputs.home-manager.lib.homeManagerConfiguration {
+              modules = [
+                ./checks/home-manager.nix
+              ];
+              inherit pkgs;
+            };
+          }
        );

        apps = eachSystem (
@ -110,7 +146,7 @@
          { pkgs, ... }:
          {
            unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { };
-            default = pkgs.callPackage ./shell.nix {};
+            default = pkgs.callPackage ./shell.nix { };
          }
        );
      };