| on: [ push ] | |
| jobs: | |
| nix: | |
| name: 'Nix' | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: |
| terraform { | |
| required_providers { | |
| aws = { source = "hashicorp/aws" } | |
| external = { source = "hashicorp/external" } | |
| github = { source = "nixpkgs/github" } | |
| google = { source = "nixpkgs/google" } | |
| hcloud = { source = "nixpkgs/hcloud" } | |
| linuxbox = { source = "numtide/linuxbox" } | |
| null = { source = "hashicorp/null" } | |
| random = { source = "hashicorp/random" } |
| image: nixpkgs/cachix-flakes:nixos-20.03 | |
| build: | |
| before_script: | |
| - mkdir -p /etc/nix | |
| - echo "experimental-features = nix-command flakes ca-references recursive-nix" >> /etc/nix/nix.conf | |
| - cachix use numtide | |
| - nix path-info --all > /tmp/store-path-pre-build | |
| script: | |
| - nix flake check |
| # Fetch the latest NixOS AMI from 20.03 | |
| module "nixos_image" { | |
| source = "git@github.com:tweag/terraform-nixos.git//aws_image_nixos?ref=dbba649db86d90166d7573bb60ba40ac790e17d1" | |
| release = "20.03" | |
| } | |
| # Get the NIX_PATH to avoid inheriting it from the environment. | |
| data "external" "nix_path" { | |
| program = ["${path.module}/get_nix_path.sh"] | |
| } |
| #!/usr/bin/env bash | |
| # One of the common issue in Linux, is that new path entries don't necessarily | |
| # appear after installing a new package. This is because Bash maintains an | |
| # internal cache of available binaries. On NixOS, Bash has been compiled to | |
| # remove that mechanism. | |
| # | |
| # This script combines knowledge of Nix with Bash to automate that cache | |
| # invalidation. Just source this file in your ~/.bashrc or other startup | |
| # script. |
| # Change NixOS a bit to make it more compatible with Ubuntu. | |
| # | |
| # Also run this at the first time: | |
| # * sudo mkdir /lib64 | |
| # * sudo ln -s /run/current-system/sw/lib/ld-linux-x86-64.so.2 /lib64/ | |
| { pkgs, lib, ... }: | |
| { | |
| environment.systemPackages = [ | |
| pkgs.glibc.out | |
| ]; |
| coreutils: attrs: | |
| with builtins; | |
| let | |
| # Copied from <nixpkgs/lib> | |
| isDerivation = x: isAttrs x && x ? type && x.type == "derivation"; | |
| # Return true if `nix-build` would traverse that attribute set to look for | |
| # more derivations to build. | |
| hasRecurseIntoAttrs = x: isAttrs x && (x.recurseForDerivations or false); |
This module is a bridge between bazel and terraform.
On the bazel side, define a new target using the container_push
rule. When
executed this will build and push the container image to the registry.
On the terraform side, use this module to get back content-addressed image.
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| nixpkgs=$(nix-instantiate --eval --expr '(import ./nix/sources.nix).nixpkgs' --strict --json | xargs) | |
| home_manager=$(nix-instantiate --eval --expr '(import ./nix/sources.nix).home-manager' --strict --json | xargs) | |
| export NIX_PATH=nixpkgs=$nixpkgs:home-manager=$home_manager | |
| if [[ $0 == "${BASH_SOURCE[0]}" ]]; then | |
| exec "$@" |
| /* Don't be distracted by the blue GitHub notifications */ | |
| span.js-indicator-modifier.mail-status.unread { | |
| display: none; | |
| } |