test: fix headscale

.github/workflows/eval.yml

@@ -5,21 +5,21 @@ jobs:
   eval:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
-      uses: actions/checkout@main
-    - name: Install nix
-      uses: cachix/install-nix-action@master
-      with:
-        install_url: https://github.com/numtide/nix-unstable-installer/releases/latest/download/install
-        nix_path: nixpkgs=channel:nixos-unstable
-        extra_nix_config: |
-          experimental-features = nix-command flakes
-          system-features = kvm
-    - name: Setup CACHE_KEY
-      run: 'echo "$CACHE_KEY" > /tmp/CACHE_KEY'
-      env:
-        CACHE_KEY: ${{ secrets.CACHE_KEY }}
-    - name: eval
-      run: |
-        system=$(nix eval --impure --raw  --expr "builtins.currentSystem")
-        nix eval --json .#hydraJobs.all-checks.$system
+      - name: Checkout
+        uses: actions/checkout@main
+      - name: Install nix
+        uses: cachix/install-nix-action@master
+        with:
+          install_url: https://github.com/numtide/nix-unstable-installer/releases/latest/download/install
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+            system-features = kvm
+      - name: Setup CACHE_KEY
+        run: 'echo "$CACHE_KEY" > /tmp/CACHE_KEY'
+        env:
+          CACHE_KEY: ${{ secrets.CACHE_KEY }}
+      - name: eval
+        run: |
+          system=$(nix eval --impure --raw  --expr "builtins.currentSystem")
+          nix eval --json .#hydraJobs.all-checks.$system

.github/workflows/img.yml

@@ -7,24 +7,24 @@ jobs:
   img:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
-      uses: actions/checkout@main
-    - name: Install nix
-      uses: cachix/install-nix-action@master
-      with:
-        install_url: https://github.com/numtide/nix-unstable-installer/releases/latest/download/install
-        nix_path: nixpkgs=channel:nixos-unstable
-        extra_nix_config: |
-          experimental-features = nix-command flakes
-          system-features = kvm big-parallel
-    - name: Setup cachix
-      uses: cachix/cachix-action@master
-      with:
-        name: dora
-        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-    - name: Set swap space
-      uses: pierotofy/set-swap-space@master
-      with:
-        swap-size-gb: 10
-    - name: build img
-      run: cachix watch-exec dora nix build .#nixosConfigurations.ewr0.config.system.build.image
+      - name: Checkout
+        uses: actions/checkout@main
+      - name: Install nix
+        uses: cachix/install-nix-action@master
+        with:
+          install_url: https://github.com/numtide/nix-unstable-installer/releases/latest/download/install
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+            system-features = kvm big-parallel
+      - name: Setup cachix
+        uses: cachix/cachix-action@master
+        with:
+          name: dora
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+      - name: Set swap space
+        uses: pierotofy/set-swap-space@master
+        with:
+          swap-size-gb: 10
+      - name: build img
+        run: cachix watch-exec dora nix build .#nixosConfigurations.ewr0.config.system.build.image

.github/workflows/show.yml

@@ -5,19 +5,19 @@ jobs:
   show:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
-      uses: actions/checkout@main
-    - name: Install nix
-      uses: cachix/install-nix-action@master
-      with:
-        install_url: https://github.com/numtide/nix-unstable-installer/releases/latest/download/install
-        nix_path: nixpkgs=channel:nixos-unstable
-        extra_nix_config: |
-          experimental-features = nix-command flakes
-          system-features = kvm
-    - name: Setup CACHE_KEY
-      run: 'echo "$CACHE_KEY" > /tmp/CACHE_KEY'
-      env:
-        CACHE_KEY: ${{ secrets.CACHE_KEY }}
-    - name: show
-      run: nix flake show --show-trace --allow-import-from-derivation
+      - name: Checkout
+        uses: actions/checkout@main
+      - name: Install nix
+        uses: cachix/install-nix-action@master
+        with:
+          install_url: https://github.com/numtide/nix-unstable-installer/releases/latest/download/install
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+            system-features = kvm
+      - name: Setup CACHE_KEY
+        run: 'echo "$CACHE_KEY" > /tmp/CACHE_KEY'
+        env:
+          CACHE_KEY: ${{ secrets.CACHE_KEY }}
+      - name: show
+        run: nix flake show --show-trace --allow-import-from-derivation

.github/workflows/terraform.yml

@@ -2,10 +2,10 @@ name: "Terraform"
 on:
   push:
     branches:
-      - 'main'
+      - "main"
   pull_request:
     branches:
-      - 'main'
+      - "main"
   workflow_dispatch:
 
 concurrency: push-to-main
@@ -19,113 +19,113 @@ jobs:
     outputs:
       diff: ${{ steps.plan.outputs.diff }}
     steps:
-    - name: Checkout
-      uses: actions/checkout@main
-    - name: Install nix
-      uses: cachix/install-nix-action@master
-      with:
-        nix_path: nixpkgs=channel:nixos-unstable
-        extra_nix_config: |
-          experimental-features = nix-command flakes
-    - name: Setup cachix
-      uses: cachix/cachix-action@master
-      with:
-        name: dora
-        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-    - name: Cache terraform
-      uses: actions/cache@main
-      with:
-        path: terraform/.terraform/providers
-        key: ${{ runner.os }}-terraform-providers-${{ hashFiles('terraform/.terraform.lock.hcl') }}
-    - name: Terraform init
-      run: |
-        nix develop --command terraform-init
-    - name: Terraform plan
-      id: plan
-      run: |
-        set +e
-        nix develop --command terraform-wrapper plan -out="$PWD/terraform/terraform.plan" -detailed-exitcode
-        exit_code=$?
-        set -e
-        if [ "$exit_code" -eq 0 ]; then
-          # success, empty diff
-          echo "diff=false" >> $GITHUB_OUTPUT
-        elif [ "$exit_code" -eq 2 ]; then
-          # success, non-empty diff
-          echo "diff=true" >> $GITHUB_OUTPUT
-        else
-          exit "$exit_code"
-        fi
-    - name: Encrypt plan
-      if: steps.plan.outputs.diff == 'true'
-      run: |
-        nix develop --command bash -c "sops --encrypt terraform/terraform.plan > secrets/terraform.plan"
-    - name: Upload plan
-      if: steps.plan.outputs.diff == 'true'
-      uses: actions/upload-artifact@main
-      with:
-        name: plan
-        path: secrets/terraform.plan
+      - name: Checkout
+        uses: actions/checkout@main
+      - name: Install nix
+        uses: cachix/install-nix-action@master
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+      - name: Setup cachix
+        uses: cachix/cachix-action@master
+        with:
+          name: dora
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+      - name: Cache terraform
+        uses: actions/cache@main
+        with:
+          path: terraform/.terraform/providers
+          key: ${{ runner.os }}-terraform-providers-${{ hashFiles('terraform/.terraform.lock.hcl') }}
+      - name: Terraform init
+        run: |
+          nix develop --command terraform-init
+      - name: Terraform plan
+        id: plan
+        run: |
+          set +e
+          nix develop --command terraform-wrapper plan -out="$PWD/terraform/terraform.plan" -detailed-exitcode
+          exit_code=$?
+          set -e
+          if [ "$exit_code" -eq 0 ]; then
+            # success, empty diff
+            echo "diff=false" >> $GITHUB_OUTPUT
+          elif [ "$exit_code" -eq 2 ]; then
+            # success, non-empty diff
+            echo "diff=true" >> $GITHUB_OUTPUT
+          else
+            exit "$exit_code"
+          fi
+      - name: Encrypt plan
+        if: steps.plan.outputs.diff == 'true'
+        run: |
+          nix develop --command bash -c "sops --encrypt terraform/terraform.plan > secrets/terraform.plan"
+      - name: Upload plan
+        if: steps.plan.outputs.diff == 'true'
+        uses: actions/upload-artifact@main
+        with:
+          name: plan
+          path: secrets/terraform.plan
 
   apply:
     runs-on: ubuntu-latest
     environment: infrastructure
-    needs: [ plan ]
+    needs: [plan]
     if: |
       needs.plan.outputs.diff == 'true' &&
       github.ref == 'refs/heads/main'
     steps:
-    - name: Checkout
-      uses: actions/checkout@main
-    - name: Install nix
-      uses: cachix/install-nix-action@master
-      with:
-        install_url: https://github.com/numtide/nix-unstable-installer/releases/latest/download/install
-        nix_path: nixpkgs=channel:nixos-unstable
-        extra_nix_config: |
-          experimental-features = nix-command flakes
-    - name: Setup cachix
-      uses: cachix/cachix-action@master
-      with:
-        name: dora
-        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-    - name: Cache terraform
-      uses: actions/cache@main
-      with:
-        path: terraform/.terraform/providers
-        key: ${{ runner.os }}-terraform-providers-${{ hashFiles('terraform/.terraform.lock.hcl') }}
-    - name: Terraform init
-      run: |
-        nix develop --command terraform-init
-    - name: Download plan
-      uses: actions/download-artifact@main
-      with:
-        name: plan
-        path: secrets # secrets/terraform.plan
-    - name: Decrypt plan
-      run: |
-        nix develop --command sops --decrypt secrets/terraform.plan > terraform/terraform.plan
-    - name: Terraform apply
-      run: |
-        nix develop --command terraform-wrapper apply "$PWD/terraform/terraform.plan"
-    - name: Terraform update outputs
-      run: |
-        nix develop --command terraform-update-outputs
-    - name: Terraform extract secret and data
-      run: |
-        nix develop --command terraform-outputs-extract-secrets
-        nix develop --command terraform-outputs-extract-data
-    - name: Format
-      run: |
-        nix fmt
-    - name: Commit and push
-      run: |
-        if [ -z "$(git status --porcelain)" ]; then
-          echo "repository is clean, skip commit and push"
-        else
-          git config user.name 'github-actions[bot]'
-          git config user.email 'github-actions[bot]@users.noreply.github.com'
-          git add --all
-          git commit --message "Terraform apply"
-          git push
-        fi
+      - name: Checkout
+        uses: actions/checkout@main
+      - name: Install nix
+        uses: cachix/install-nix-action@master
+        with:
+          install_url: https://github.com/numtide/nix-unstable-installer/releases/latest/download/install
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+      - name: Setup cachix
+        uses: cachix/cachix-action@master
+        with:
+          name: dora
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+      - name: Cache terraform
+        uses: actions/cache@main
+        with:
+          path: terraform/.terraform/providers
+          key: ${{ runner.os }}-terraform-providers-${{ hashFiles('terraform/.terraform.lock.hcl') }}
+      - name: Terraform init
+        run: |
+          nix develop --command terraform-init
+      - name: Download plan
+        uses: actions/download-artifact@main
+        with:
+          name: plan
+          path: secrets # secrets/terraform.plan
+      - name: Decrypt plan
+        run: |
+          nix develop --command sops --decrypt secrets/terraform.plan > terraform/terraform.plan
+      - name: Terraform apply
+        run: |
+          nix develop --command terraform-wrapper apply "$PWD/terraform/terraform.plan"
+      - name: Terraform update outputs
+        run: |
+          nix develop --command terraform-update-outputs
+      - name: Terraform extract secret and data
+        run: |
+          nix develop --command terraform-outputs-extract-secrets
+          nix develop --command terraform-outputs-extract-data
+      - name: Format
+        run: |
+          nix fmt
+      - name: Commit and push
+        run: |
+          if [ -z "$(git status --porcelain)" ]; then
+            echo "repository is clean, skip commit and push"
+          else
+            git config user.name 'github-actions[bot]'
+            git config user.email 'github-actions[bot]@users.noreply.github.com'
+            git add --all
+            git commit --message "Terraform apply"
+            git push
+          fi