Skip to content

refactor(immich): replace docker with nixos module #338

refactor(immich): replace docker with nixos module

refactor(immich): replace docker with nixos module #338

Workflow file for this run

# Adapted from:
# https://lgug2z.com/articles/building-and-privately-caching-x86-and-aarch64-nixos-systems-on-github-actions/
name: "build"
on:
- push
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
# Here we specify the matrix of our hosts and their target platform architectures
matrix:
machine:
- host: apollo
platform: x86-64-linux
- host: athena
platform: x86-64-linux
- host: bacchus
platform: x86-64-linux
- host: bro
platform: x86-64-linux
- host: feb
platform: x86-64-linux
- host: hera
platform: x86-64-linux
- host: phobos
platform: x86-64-linux
needs: ["build-packages"]
steps:
# Inspired by https://github.com/workflow/dotfiles/blob/c5ff98fc2ef05cefdca3b663d46dc517696e418e/.github/workflows/nixos.yml
- name: "Create Directory for Nix Store"
run: |
sudo mkdir /nix
- name: "Maximize Disk Space"
run: |
sudo rm -rf $AGENT_TOOLSDIRECTORY
sudo rm -rf /usr/local/.ghcup
sudo rm -rf /usr/local/share/powershell
sudo rm -rf /usr/local/share/chromium
sudo rm -rf /usr/local/lib/node_modules
sudo rm -rf /usr/local/lib/heroku
sudo rm -rf /var/lib/docker/overlay2
sudo rm -rf /home/linuxbrew
sudo rm -rf /home/runner/.rustup
- name: "Maximize Disk Space 2"
uses: easimon/maximize-build-space@fc881a613ad2a34aca9c9624518214ebc21dfc0c # v10
with:
# Save some space on root for /tmp (where packages are built)
root-reserve-mb: 16384 # 16 GiB
swap-size-mb: 1024
build-mount-path: /nix
remove-dotnet: "true"
remove-android: "true"
remove-haskell: "true"
remove-codeql: "true"
remove-docker-images: "true"
- name: Assert Correct Ownership on /nix
run: |
sudo chown root:root /nix
- uses: actions/checkout@v4
# We only run this if we are building an aarch64-linux system
- if: matrix.machine.platform == 'aarch64-linux'
uses: docker/setup-qemu-action@v3
# We make our netrc file that is used to make authorized requests to Attic
- run: |
sudo mkdir -p /etc/nix
echo "machine nix-cache.diogotc.com password ${{ secrets.ATTIC_TOKEN }}" | sudo tee /etc/nix/netrc > /dev/null
- uses: DeterminateSystems/nix-installer-action@main
with:
# We add all the config for extra platforms, other binary caches and to raise the number of connections that can be made
extra-conf: |
fallback = true
http-connections = 128
max-substitution-jobs = 128
extra-platforms = i686-linux aarch64-linux
substituters = https://nix-cache.diogotc.com/dtc?priority=43 https://cache.nixos.org/
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= dtc:HU5hQrzlNDSFAcA/kvzKx+IhyDYLvR+xUS/1drh3o2U=
always-allow-substitutes = true
- uses: DeterminateSystems/magic-nix-cache-action@main
# We check if this system actually has anything to be built or if we're just going
# to be fetching from cache
- name: Check if build needed
id: build-needed
run: |
nix build .#nixosConfigurations.${{ matrix.machine.host }}.config.system.build.toplevel --dry-run 2> dry-run-output
echo "needs-build=$(cat dry-run-output | grep 'will be built' &> /dev/null && echo 1 || echo 0)" >> $GITHUB_OUTPUT
shell: bash
# We build each system in a separate job, targeting the configuration using matrix.machine.host
- name: Build system
if: steps.build-needed.outputs.needs-build == '1'
run: |
nix build .#nixosConfigurations.${{ matrix.machine.host }}.config.system.build.toplevel
# Once built, we login to Attic and push the built system to our cache!
- name: Push system
if: steps.build-needed.outputs.needs-build == '1'
run: |
nix run .#attic login phobos https://nix-cache.diogotc.com ${{ secrets.ATTIC_TOKEN }}
nix run .#attic push dtc result -j 2
build-packages:
runs-on: ubuntu-latest
strategy:
fail-fast: false
# Here we specify the packages to build
matrix:
package:
- alt-urls-discord-bot
- attic
- cybersec.flask-unsign
- cybersec.pycdc
steps:
- uses: actions/checkout@v4
# We make our netrc file that is used to make authorized requests to Attic
- run: |
sudo mkdir -p /etc/nix
echo "machine nix-cache.diogotc.com password ${{ secrets.ATTIC_TOKEN }}" | sudo tee /etc/nix/netrc > /dev/null
- uses: DeterminateSystems/nix-installer-action@main
with:
# We add all the config for extra platforms, other binary caches and to raise the number of connections that can be made
extra-conf: |
fallback = true
http-connections = 128
max-substitution-jobs = 128
extra-platforms = i686-linux aarch64-linux
substituters = https://nix-cache.diogotc.com/dtc?priority=43 https://cache.nixos.org/
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= dtc:HU5hQrzlNDSFAcA/kvzKx+IhyDYLvR+xUS/1drh3o2U=
always-allow-substitutes = true
- uses: DeterminateSystems/magic-nix-cache-action@main
# We check if this package actually has anything to be built or if we're just going
# to be fetching from cache
- name: Check if build needed
id: build-needed
run: |
nix build .#${{ matrix.package }} --dry-run 2> dry-run-output
echo "needs-build=$(cat dry-run-output | grep 'will be built' &> /dev/null && echo 1 || echo 0)" >> $GITHUB_OUTPUT
shell: bash
# We build each package in a separate job, targeting the configuration using matrix.package
- name: Build package
if: steps.build-needed.outputs.needs-build == '1'
run: |
nix build .#${{ matrix.package }}
# Once built, we login to Attic and push the built package to our cache!
- name: Push package
if: steps.build-needed.outputs.needs-build == '1'
run: |
nix run .#attic login phobos https://nix-cache.diogotc.com ${{ secrets.ATTIC_TOKEN }}
nix run .#attic push dtc result -j 2