Merge pull request #188 from NixOS/ci

Fix updating flakes
2025-06-26 20:51:56 +02:00 · 2025-03-22 08:59:19 +01:00 · 2025-03-22 08:59:19 +01:00 · 1697516a7e
commit 1697516a7e
parent 2391458319 f752799688
10 changed files with 42 additions and 35 deletions
--- a/.envrc
+++ b/.envrc
@ -1,3 +1,5 @@
+# shellcheck shell=bash
+
 use flake

 watch_file .envrc.private
--- a/.envrc.private-template
+++ b/.envrc.private-template
@ -1,2 +1,3 @@
+# shellcheck shell=bash
 # https://console.hetzner.cloud/projects/2643361/security/tokens
 export HCLOUD_TOKEN='<your-hetzner-token>'
--- a/.github/workflows/update-extensions.yml
+++ b/.github/workflows/update-extensions.yml
@ -1,4 +1,4 @@
-name: "Update mediawiki extensions"
+name: "Update wiki"
 on:
  repository_dispatch:
  workflow_dispatch:
@ -20,8 +20,9 @@ jobs:
      - run: ./modules/nixos-wiki/update-extensions.py ./modules/nixos-wiki/extensions.json
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run: nix flake update
      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v7
        with:
-          title: Update mediawiki extensions
+          title: Update wiki extensions
          labels: merge-queue
--- a/checks/linkcheck/.envrc
+++ b/checks/linkcheck/.envrc
@ -1 +1,2 @@
+# shellcheck shell=bash
 use flake .#linkcheck
--- a/checks/linkcheck/.gitignore
+++ b/checks/linkcheck/.gitignore
@ -1,5 +0,0 @@
-temp
-.direnv
-*-report
-result*
-workdir
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1715526530,
-        "narHash": "sha256-1ot3VxxbRexDAbk70n0yLt7EEEzypAGK3ut+YV7m/Mg=",
+        "lastModified": 1741786315,
+        "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "94a818d8b914e06c04c21b5f0bafbb4b96ee8b47",
+        "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
        "type": "github"
      },
      "original": {
@ -27,11 +27,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1714641030,
-        "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
+        "lastModified": 1741352980,
+        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
+        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
        "type": "github"
      },
      "original": {
@ -42,10 +42,10 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1727506465,
-        "narHash": "sha256-3kTzEJ3X+RmNB9hamk+HnRj4MVLuZ2nzGaT1IeKuHZg=",
+        "lastModified": 1742584082,
+        "narHash": "sha256-0xccOonj868cv6EjerMZ7hZMOfCpaTb3I82ZZhZQB8w=",
        "ref": "nixos-unstable-small",
-        "rev": "0c839cfcda894af2030d5731414542a92a7af207",
+        "rev": "fbcdd2bccd1b6960b48578a608b581bff18e7646",
        "shallow": true,
        "type": "git",
        "url": "https://github.com/NixOS/nixpkgs"
@ -71,15 +71,14 @@
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
-        ],
-        "nixpkgs-stable": []
+        ]
      },
      "locked": {
-        "lastModified": 1715482972,
-        "narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
+        "lastModified": 1742595978,
+        "narHash": "sha256-05onsoMrLyXE4XleDCeLC3bXnC4nyUbKWInGwM7v6hU=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
+        "rev": "b7756921b002de60fb66782effad3ce8bdb5b25d",
        "type": "github"
      },
      "original": {
@ -95,11 +94,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1727491384,
-        "narHash": "sha256-km86bDL46XmO4gkfvCfhCXfZDZPg/O72A65fF+hUPJM=",
+        "lastModified": 1742432134,
+        "narHash": "sha256-J9BMk5uEXGZqe3ksA+TNjpuWx67r6qwa6MCS+ayDTqw=",
        "owner": "numtide",
        "repo": "srvos",
-        "rev": "e1f0d6e42d9ea0cf031fd3469f35d78c3af21b85",
+        "rev": "60a187c45762fcc5ed0f3c97e1da890d0ed3f695",
        "type": "github"
      },
      "original": {
@ -115,11 +114,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1714058656,
-        "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
+        "lastModified": 1742370146,
+        "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
+        "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -16,7 +16,6 @@

    sops-nix.url = "github:Mic92/sops-nix";
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
-    sops-nix.inputs.nixpkgs-stable.follows = "";
  };

  outputs =
--- a/formatter.nix
+++ b/formatter.nix
@ -9,14 +9,17 @@
          "*/nixos-vars.json"
          "*/secrets.yaml"
          "*.lock"
+          "*.tfstate"
          ".gitignore"
          "modules/nixos-wiki/favicon.ico"
          "modules/nixos-wiki/nixos.png"
          "modules/nixos-wiki/robots.txt"
          "oauth-permissions.png"
          "targets/nixos-wiki.nixos.org/secrets/*"
+          "targets/admins/secrets/*"
+          "checks/linkcheck/allowed.links"
        ];
-        programs.hclfmt.enable = true;
+        programs.terraform.enable = true;
        programs.nixfmt.enable = true;
        programs.nixfmt.package = pkgs.nixfmt-rfc-style;
        programs.deadnix.enable = true;
@ -38,14 +41,19 @@
              convert2Tofu =
                provider:
                provider.override (prev: {
-                  homepage = builtins.replaceStrings [ "registry.terraform.io/providers" ] [
-                    "registry.opentofu.org"
-                  ] prev.homepage;
+                  homepage =
+                    builtins.replaceStrings
+                      [ "registry.terraform.io/providers" ]
+                      [
+                        "registry.opentofu.org"
+                      ]
+                      prev.homepage;
                });
            in
            [
              pkgs.bashInteractive
              pkgs.sops
+              pkgs.nixos-rebuild-ng
              (pkgs.opentofu.withPlugins (
                p:
                builtins.map convert2Tofu [
--- a/modules/nixos-wiki/backup.nix
+++ b/modules/nixos-wiki/backup.nix
@ -98,7 +98,8 @@ in
    group = "root";
  };

-  programs.ssh.knownHosts."[u391032.your-storagebox.de]:23".publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
+  programs.ssh.knownHosts."[u391032.your-storagebox.de]:23".publicKey =
+    "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";

  systemd.services.borgbackup-job-state = {
    wants = [ "wiki-backup.service" ];
--- a/targets/nixos-wiki.nixos.org/deploy.sh
+++ b/targets/nixos-wiki.nixos.org/deploy.sh
@ -10,6 +10,6 @@ nixBuild() {
  fi
 }
 nixBuild .#checks.x86_64-linux.test .#nixosConfigurations.nixos-wiki-nixos-org.config.system.build.toplevel -L
-if ! nixos-rebuild switch --flake .#nixos-wiki-nixos-org --target-host root@wiki.nixos.org; then
-  nixos-rebuild switch --flake .#nixos-wiki-nixos-org --target-host root@wiki.nixos.org
+if ! nixos-rebuild-ng switch --flake .#nixos-wiki-nixos-org --target-host root@wiki.nixos.org; then
+  nixos-rebuild-ng switch --flake .#nixos-wiki-nixos-org --target-host root@wiki.nixos.org
 fi