From cce0ff472cee1c6e583ff7ee9889c2b1a1af7270 Mon Sep 17 00:00:00 2001 From: codgician <15964984+codgician@users.noreply.github.com> Date: Sun, 12 Jan 2025 22:19:38 +0800 Subject: [PATCH 1/5] fix: bad age.identityPaths default value on darwin --- modules/age.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/age.nix b/modules/age.nix index e49d9d8..7fecfe1 100644 --- a/modules/age.nix +++ b/modules/age.nix @@ -228,7 +228,7 @@ in { identityPaths = mkOption { type = types.listOf types.path; default = - if (config.services.openssh.enable or false) + if ((config.services.openssh.enable or false) == true && config.services.openssh ? hostKeys) then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys) else if isDarwin then [ @@ -237,7 +237,7 @@ in { ] else []; defaultText = literalExpression '' - if (config.services.openssh.enable or false) + if ((config.services.openssh.enable or false) == true && config.services.openssh?hostKeys) then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys) else if isDarwin then [ From 302ab0c1726d87b8405cf8c2d1e9c122b8e2ace9 Mon Sep 17 00:00:00 2001 From: codgician <15964984+codgician@users.noreply.github.com> Date: Sun, 12 Jan 2025 22:25:25 +0800 Subject: [PATCH 2/5] fix: bump to macOS-15 in CI --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e48411b..aa1a111 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -17,10 +17,10 @@ jobs: - run: nix fmt . -- --check - run: nix flake check tests-darwin: - runs-on: macos-12 + runs-on: macos-15 steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v24 + - uses: cachix/install-nix-action@v30 with: extra_nix_config: | system-features = nixos-test recursive-nix benchmark big-parallel kvm @@ -36,7 +36,7 @@ jobs: sudo mv /etc/nix/nix.conf{,.bak} nix \ --extra-experimental-features 'nix-command flakes' \ - build .#checks.x86_64-darwin.integration + build .#checks.aarch64-darwin.integration ./result/activate-user sudo ./result/activate From 989ade28509c66d7abfa53613359d332ae506222 Mon Sep 17 00:00:00 2001 From: codgician <15964984+codgician@users.noreply.github.com> Date: Mon, 13 Jan 2025 11:58:57 +0800 Subject: [PATCH 3/5] feat: dynamically determine architecture in ci --- .github/workflows/ci.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index aa1a111..73707ec 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -17,7 +17,7 @@ jobs: - run: nix fmt . -- --check - run: nix flake check tests-darwin: - runs-on: macos-15 + runs-on: macos-latest steps: - uses: actions/checkout@v3 - uses: cachix/install-nix-action@v30 @@ -31,12 +31,17 @@ jobs: - run: nix flake check - name: "Install nix-darwin module" run: | + # Determine architecture of GitHub runner + ARCH=x86_64 + if [ "$(arch)" = arm64 ]; then + ARCH=aarch64 + fi # https://github.com/ryantm/agenix/pull/230#issuecomment-1867025385 sudo mv /etc/nix/nix.conf{,.bak} nix \ --extra-experimental-features 'nix-command flakes' \ - build .#checks.aarch64-darwin.integration + build .#checks."${ARCH}"-darwin.integration ./result/activate-user sudo ./result/activate From 96b7e4f9eb4db2763db2699322fa2a544184d1eb Mon Sep 17 00:00:00 2001 From: codgician <15964984+codgician@users.noreply.github.com> Date: Mon, 13 Jan 2025 11:59:48 +0800 Subject: [PATCH 4/5] contrib: improve readability of age.identityPaths default value --- modules/age.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/age.nix b/modules/age.nix index 7fecfe1..a9064e6 100644 --- a/modules/age.nix +++ b/modules/age.nix @@ -228,22 +228,22 @@ in { identityPaths = mkOption { type = types.listOf types.path; default = - if ((config.services.openssh.enable or false) == true && config.services.openssh ? hostKeys) - then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys) - else if isDarwin + if isDarwin then [ "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_rsa_key" ] + else if (config.services.openssh.enable or false) + then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys) else []; defaultText = literalExpression '' - if ((config.services.openssh.enable or false) == true && config.services.openssh?hostKeys) - then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys) - else if isDarwin + if isDarwin then [ "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_rsa_key" ] + else if (config.services.openssh.enable or false) + then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys) else []; ''; description = '' From 4d0d81e6061f1add4af464618491439f6d819118 Mon Sep 17 00:00:00 2001 From: codgician <15964984+codgician@users.noreply.github.com> Date: Mon, 13 Jan 2025 12:02:14 +0800 Subject: [PATCH 5/5] fix: bad indentation in ci --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 73707ec..ed10521 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,7 +34,7 @@ jobs: # Determine architecture of GitHub runner ARCH=x86_64 if [ "$(arch)" = arm64 ]; then - ARCH=aarch64 + ARCH=aarch64 fi # https://github.com/ryantm/agenix/pull/230#issuecomment-1867025385