From 47f44bb427e9211d0fa769e59d271cb503875fd6 Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 28 Aug 2024 19:01:58 +0200 Subject: [PATCH 01/10] fix: manually set SSH_AUTH_SOCK --- programs/fish.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/fish.nix b/programs/fish.nix index e01b758..46cf879 100644 --- a/programs/fish.nix +++ b/programs/fish.nix @@ -11,6 +11,8 @@ enable = true; interactiveShellInit = with pkgs; '' + set -gx SSH_AUTH_SOCK /run/user/1000/ssh-agent + if test -f ~/.ssh/id_ed25519 ssh-add -l | grep -q (ssh-keygen -lf ~/.ssh/id_ed25519) || ssh-add ~/.ssh/id_ed25519 end From f5b15f3b0a229c39ebd678fd7f918f85e0a074b6 Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 28 Aug 2024 19:02:11 +0200 Subject: [PATCH 02/10] feat(desktop): switch to kde --- configs/desktop.nix | 2 +- programs/kde.nix | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 programs/kde.nix diff --git a/configs/desktop.nix b/configs/desktop.nix index 24af213..06992d6 100644 --- a/configs/desktop.nix +++ b/configs/desktop.nix @@ -13,7 +13,7 @@ ./client.nix ../programs/ghostty.nix - ../programs/gnome.nix + ../programs/kde.nix ../programs/games.nix # ../programs/vscode.nix diff --git a/programs/kde.nix b/programs/kde.nix new file mode 100644 index 0000000..cc2e7a5 --- /dev/null +++ b/programs/kde.nix @@ -0,0 +1,15 @@ +{pkgs, ...}: { + services.desktopManager.plasma6.enable = true; + + environment = { + systemPackages = with pkgs; [flameshot]; + + plasma6.excludePackages = with pkgs.kdePackages; [ + plasma-browser-integration + elisa + okular + kate + khelpcenter + ]; + }; +} From 1793b5869d36a991bd90791b8f3c0513820d40c0 Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 28 Aug 2024 19:02:22 +0200 Subject: [PATCH 03/10] feat(just): add boot recipe --- justfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/justfile b/justfile index 049f297..9dbe4a1 100644 --- a/justfile +++ b/justfile @@ -8,6 +8,10 @@ switch *args: @sudo -v sudo nixos-rebuild switch --flake . --keep-going {{args}} +boot *args: + @sudo -v + sudo nixos-rebuild boot --flake . --keep-going {{args}} + deploy system: nix run .#{{system}} From bb15cc1f6da9dbb034590ebf3ce5caea26a7a7c0 Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 28 Aug 2024 19:18:02 +0200 Subject: [PATCH 04/10] chore: fmt --- programs/fish.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fish.nix b/programs/fish.nix index 46cf879..7b95912 100644 --- a/programs/fish.nix +++ b/programs/fish.nix @@ -12,7 +12,7 @@ interactiveShellInit = with pkgs; '' set -gx SSH_AUTH_SOCK /run/user/1000/ssh-agent - + if test -f ~/.ssh/id_ed25519 ssh-add -l | grep -q (ssh-keygen -lf ~/.ssh/id_ed25519) || ssh-add ~/.ssh/id_ed25519 end From ffd73d8e6a04ceb6ea79b381355c5bd15a3bc5d8 Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 28 Aug 2024 19:37:37 +0200 Subject: [PATCH 05/10] feat(kde): add koi --- exprs/default.nix | 1 + exprs/pkgs/koi.nix | 28 ++++++++++++++++++++++++++++ programs/kde.nix | 7 +++++-- 3 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 exprs/pkgs/koi.nix diff --git a/exprs/default.nix b/exprs/default.nix index 8f01f93..ef5b3ee 100644 --- a/exprs/default.nix +++ b/exprs/default.nix @@ -8,6 +8,7 @@ reposilite = pkgs.callPackage ./reposilite/derivation.nix {}; enigma = pkgs.callPackage ./pkgs/enigma.nix {}; vineflower = pkgs.callPackage ./pkgs/vineflower.nix {}; + koi = pkgs.kdePackages.callPackage ./pkgs/koi.nix {}; wine-discord-ipc-bridge = pkgs.callPackage ./pkgs/wine-discord-ipc-bridge.nix { inherit (pkgs.pkgsCross.mingw32) stdenv; diff --git a/exprs/pkgs/koi.nix b/exprs/pkgs/koi.nix new file mode 100644 index 0000000..0a68c5a --- /dev/null +++ b/exprs/pkgs/koi.nix @@ -0,0 +1,28 @@ +{ + stdenv, + fetchFromGitHub, + cmake, + ninja, + wrapQtAppsHook, + qtbase, + qtwayland, + kcoreaddons, + kwidgetsaddons, + kconfig, +}: +stdenv.mkDerivation (finalAttrs: { + name = "koi"; + version = "0.3.1"; + + src = fetchFromGitHub { + owner = "baduhai"; + repo = "Koi"; + rev = finalAttrs.version; + hash = "sha256-dhpuKIY/Xi62hzJlnVCIOF0k6uoQ3zH129fLq/r+Kmg="; + }; + + sourceRoot = "source/src"; + + nativeBuildInputs = [cmake ninja wrapQtAppsHook]; + buildInputs = [qtbase qtwayland kcoreaddons kwidgetsaddons kconfig]; +}) diff --git a/programs/kde.nix b/programs/kde.nix index cc2e7a5..5729447 100644 --- a/programs/kde.nix +++ b/programs/kde.nix @@ -1,8 +1,11 @@ -{pkgs, ...}: { +{self, pkgs, ...}: { services.desktopManager.plasma6.enable = true; environment = { - systemPackages = with pkgs; [flameshot]; + systemPackages = with pkgs; [ + flameshot + self.packages.${pkgs.system}.koi + ]; plasma6.excludePackages = with pkgs.kdePackages; [ plasma-browser-integration From bf806a2e63e435f25dfb0f51143e421971a28877 Mon Sep 17 00:00:00 2001 From: uku Date: Thu, 29 Aug 2024 01:10:47 +0200 Subject: [PATCH 06/10] feat: switch to camasca --- configs/common.nix | 10 ++-- exprs/default.nix | 18 ------ exprs/pkgs/enigma.nix | 42 -------------- exprs/pkgs/koi.nix | 28 --------- exprs/pkgs/vineflower.nix | 31 ---------- exprs/pkgs/wine-discord-ipc-bridge.nix | 26 --------- exprs/reposilite/derivation.nix | 38 ------------- exprs/reposilite/module.nix | 79 -------------------------- flake.lock | 24 ++++++++ flake.nix | 17 +++--- programs/kde.nix | 8 ++- systems/etna/reposilite.nix | 4 +- 12 files changed, 46 insertions(+), 279 deletions(-) delete mode 100644 exprs/default.nix delete mode 100644 exprs/pkgs/enigma.nix delete mode 100644 exprs/pkgs/koi.nix delete mode 100644 exprs/pkgs/vineflower.nix delete mode 100644 exprs/pkgs/wine-discord-ipc-bridge.nix delete mode 100644 exprs/reposilite/derivation.nix delete mode 100644 exprs/reposilite/module.nix diff --git a/configs/common.nix b/configs/common.nix index 9fc037c..550ca27 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -3,7 +3,7 @@ pkgs, config, _utils, - self, + camasca, nixpkgs, agenix, home-manager, @@ -98,12 +98,10 @@ in { options = "-d"; }; - registry = let + registry = { n.flake = nixpkgs; - in { - inherit n; - nixpkgs = n; - u.flake = self; + nixpkgs.flake = nixpkgs; + u.flake = camasca; }; settings = { diff --git a/exprs/default.nix b/exprs/default.nix deleted file mode 100644 index ef5b3ee..0000000 --- a/exprs/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{self, ...}: { - flake.nixosModules = { - reposilite = import ./reposilite/module.nix self; - }; - - perSystem = {pkgs, ...}: { - packages = { - reposilite = pkgs.callPackage ./reposilite/derivation.nix {}; - enigma = pkgs.callPackage ./pkgs/enigma.nix {}; - vineflower = pkgs.callPackage ./pkgs/vineflower.nix {}; - koi = pkgs.kdePackages.callPackage ./pkgs/koi.nix {}; - - wine-discord-ipc-bridge = pkgs.callPackage ./pkgs/wine-discord-ipc-bridge.nix { - inherit (pkgs.pkgsCross.mingw32) stdenv; - }; - }; - }; -} diff --git a/exprs/pkgs/enigma.nix b/exprs/pkgs/enigma.nix deleted file mode 100644 index ae6d9c3..0000000 --- a/exprs/pkgs/enigma.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - stdenv, - fetchurl, - temurin-bin, - makeWrapper, - makeDesktopItem, - copyDesktopItems, -}: -stdenv.mkDerivation (finalAttrs: { - name = "enigma"; - version = "2.5.0"; - - src = fetchurl { - url = with finalAttrs; "https://maven.fabricmc.net/cuchaz/enigma-swing/${version}/enigma-swing-${version}-all.jar"; - hash = "sha256-yOPPTKt96aRSbziYDBLBKqfLS2R9GeXgz5m2t1fgFHo="; - }; - - dontUnpack = true; - - nativeBuildInputs = [makeWrapper copyDesktopItems]; - - installPhase = with finalAttrs; '' - runHook preInstall - - mkdir -p $out/bin $out/share/${name} - cp ${src} $out/share/${name}/${name}.jar - makeWrapper ${temurin-bin}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar" - - runHook postInstall - ''; - - desktopItems = [ - (makeDesktopItem { - name = "enigma"; - desktopName = "Enigma"; - exec = "enigma"; - terminal = false; - }) - ]; - - meta.mainProgram = "enigma"; -}) diff --git a/exprs/pkgs/koi.nix b/exprs/pkgs/koi.nix deleted file mode 100644 index 0a68c5a..0000000 --- a/exprs/pkgs/koi.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - stdenv, - fetchFromGitHub, - cmake, - ninja, - wrapQtAppsHook, - qtbase, - qtwayland, - kcoreaddons, - kwidgetsaddons, - kconfig, -}: -stdenv.mkDerivation (finalAttrs: { - name = "koi"; - version = "0.3.1"; - - src = fetchFromGitHub { - owner = "baduhai"; - repo = "Koi"; - rev = finalAttrs.version; - hash = "sha256-dhpuKIY/Xi62hzJlnVCIOF0k6uoQ3zH129fLq/r+Kmg="; - }; - - sourceRoot = "source/src"; - - nativeBuildInputs = [cmake ninja wrapQtAppsHook]; - buildInputs = [qtbase qtwayland kcoreaddons kwidgetsaddons kconfig]; -}) diff --git a/exprs/pkgs/vineflower.nix b/exprs/pkgs/vineflower.nix deleted file mode 100644 index a376c57..0000000 --- a/exprs/pkgs/vineflower.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - stdenv, - fetchurl, - makeWrapper, - jre_headless, -}: -stdenv.mkDerivation (finalAttrs: { - name = "vineflower"; - version = "1.10.1"; - - src = fetchurl { - url = with finalAttrs; "https://github.com/Vineflower/vineflower/releases/download/${version}/vineflower-${version}.jar"; - hash = "sha256-ubII5QeTtkZXprYpIGdSZhP1Sd50BfkkNiSwL0J25Ak="; - }; - - nativeBuildInputs = [makeWrapper]; - - dontUnpack = true; - - installPhase = with finalAttrs; '' - runHook preInstall - - mkdir -p $out/bin $out/share/${name} - cp ${src} $out/share/${name}/${name}.jar - makeWrapper ${jre_headless}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar" - - runHook postInstall - ''; - - meta.mainProgram = "vineflower"; -}) diff --git a/exprs/pkgs/wine-discord-ipc-bridge.nix b/exprs/pkgs/wine-discord-ipc-bridge.nix deleted file mode 100644 index bd7b7ae..0000000 --- a/exprs/pkgs/wine-discord-ipc-bridge.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - stdenv, - fetchFromGitHub, -}: -stdenv.mkDerivation { - name = "wine-discord-ipc-bridge"; - - src = fetchFromGitHub { - owner = "0e4ef622"; - repo = "wine-discord-ipc-bridge"; - rev = "f8198c9d52e708143301017a296f7557c4387127"; - hash = "sha256-tAknITFlG63+gI5cN9SfUIUZkbIq/MgOPoGIcvoNo4Q="; - }; - - postPatch = '' - patchShebangs winediscordipcbridge-steam.sh - ''; - - installPhase = '' - mkdir -p $out/bin - cp winediscordipcbridge.exe $out/bin - cp winediscordipcbridge-steam.sh $out/bin - ''; - - meta.platforms = ["i686-windows" "x86_64-linux"]; -} diff --git a/exprs/reposilite/derivation.nix b/exprs/reposilite/derivation.nix deleted file mode 100644 index 93778b8..0000000 --- a/exprs/reposilite/derivation.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - lib, - stdenv, - fetchurl, - makeWrapper, - jre_headless, -}: -stdenv.mkDerivation (finalAttrs: { - name = "reposilite"; - version = "3.5.14"; - - src = fetchurl { - url = with finalAttrs; "https://maven.reposilite.com/releases/com/reposilite/reposilite/${version}/reposilite-${version}-all.jar"; - hash = "sha256-qZXYpz6SBXDBj8c0IZkfVgxEFe/+DxMpdhLJsjks8cM="; - }; - - nativeBuildInputs = [makeWrapper]; - - dontUnpack = true; - - installPhase = with finalAttrs; '' - runHook preInstall - - mkdir -p $out/bin $out/share/${name} - cp ${src} $out/share/${name}/${name}.jar - makeWrapper ${jre_headless}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar" - - runHook postInstall - ''; - - meta = with lib; { - description = "Lightweight and easy-to-use repository management software dedicated for the Maven based artifacts in the JVM ecosystem"; - homepage = "https://reposilite.com/"; - license = licenses.asl20; - platforms = platforms.unix; - mainProgram = "reposilite"; - }; -}) diff --git a/exprs/reposilite/module.nix b/exprs/reposilite/module.nix deleted file mode 100644 index 7dab9ea..0000000 --- a/exprs/reposilite/module.nix +++ /dev/null @@ -1,79 +0,0 @@ -self: { - lib, - config, - pkgs, - ... -}: let - cfg = config.services.reposilite; - - inherit (pkgs.stdenv.hostPlatform) system; - - inherit - (lib) - getExe - literalExpression - mdDoc - mkDefault - mkEnableOption - mkIf - mkOption - mkPackageOption - types - ; -in { - options.services.reposilite = { - enable = mkEnableOption "reposilite"; - package = mkPackageOption self.packages.${system} "reposilite" {}; - environmentFile = mkOption { - description = mdDoc '' - Environment file as defined in {manpage}`systemd.exec(5)` - ''; - type = types.nullOr types.path; - default = null; - example = literalExpression '' - "/run/agenix.d/1/reposilite" - ''; - }; - }; - - config = mkIf cfg.enable { - users = { - users.reposilite = { - isSystemUser = true; - group = "reposilite"; - }; - - groups.reposilite = {}; - }; - - systemd.services."reposilite" = { - enable = true; - wantedBy = mkDefault ["multi-user.target"]; - after = mkDefault ["network.target"]; - script = '' - ${getExe cfg.package} - ''; - - serviceConfig = { - Type = "simple"; - Restart = "always"; - - EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile; - - StateDirectory = "reposilite"; - StateDirectoryMode = "0700"; - WorkingDirectory = "/var/lib/reposilite"; - - User = "reposilite"; - Group = "reposilite"; - - LimitNOFILE = "1048576"; - PrivateTmp = true; - PrivateDevices = true; - ProtectHome = true; - ProtectSystem = "strict"; - AmbientCapabilities = "CAP_NET_BIND_SERVICE"; - }; - }; - }; -} diff --git a/flake.lock b/flake.lock index 63d32f4..b32b56d 100644 --- a/flake.lock +++ b/flake.lock @@ -50,6 +50,29 @@ "type": "github" } }, + "camasca": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724885464, + "narHash": "sha256-PQp5tDi+vRp5CEoUTI5NPbdhlDlp109KLDgpwsGH4J8=", + "owner": "uku3lig", + "repo": "camasca", + "rev": "f9ab5b1b70eeb6f5bc0e47375ef11b8f3eb81d25", + "type": "github" + }, + "original": { + "owner": "uku3lig", + "repo": "camasca", + "type": "github" + } + }, "catppuccin": { "locked": { "lastModified": 1724469296, @@ -388,6 +411,7 @@ "inputs": { "agenix": "agenix", "api-rs": "api-rs", + "camasca": "camasca", "catppuccin": "catppuccin", "crane": "crane", "flake-parts": "flake-parts", diff --git a/flake.nix b/flake.nix index 01ef327..ab793fc 100644 --- a/flake.nix +++ b/flake.nix @@ -12,7 +12,6 @@ imports = [ ./systems - ./exprs ]; perSystem = { @@ -22,12 +21,10 @@ }: { apps = (nixinate.nixinate.${system} self).nixinate; - devShells.default = pkgs.mkShellNoCC { - packages = with pkgs; [ - just - statix - ]; - }; + devShells.default = with pkgs; + mkShellNoCC { + packages = [just statix]; + }; formatter = pkgs.alejandra; }; @@ -36,6 +33,12 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; + camasca = { + url = "github:uku3lig/camasca"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; + agenix = { url = "github:uku3lig/agenix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/programs/kde.nix b/programs/kde.nix index 5729447..fa41575 100644 --- a/programs/kde.nix +++ b/programs/kde.nix @@ -1,10 +1,14 @@ -{self, pkgs, ...}: { +{ + camasca, + pkgs, + ... +}: { services.desktopManager.plasma6.enable = true; environment = { systemPackages = with pkgs; [ flameshot - self.packages.${pkgs.system}.koi + camasca.packages.${pkgs.system}.koi ]; plasma6.excludePackages = with pkgs.kdePackages; [ diff --git a/systems/etna/reposilite.nix b/systems/etna/reposilite.nix index 5968458..0275786 100644 --- a/systems/etna/reposilite.nix +++ b/systems/etna/reposilite.nix @@ -1,5 +1,5 @@ -{self, ...}: { - imports = [self.nixosModules.reposilite]; +{camasca, ...}: { + imports = [camasca.nixosModules.reposilite]; cfTunnels."maven.uku3lig.net" = "http://localhost:8080"; From 9ab95ffdf6cfeab279607643ee94999329da7792 Mon Sep 17 00:00:00 2001 From: uku Date: Thu, 29 Aug 2024 10:54:31 +0200 Subject: [PATCH 07/10] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'ghostty': 'git+ssh://git@github.com/ghostty-org/ghostty?ref=refs/heads/main&rev=23c924140a2a5054239cd9e4ce773cb5dc613cff' (2024-08-27) → 'git+ssh://git@github.com/ghostty-org/ghostty?ref=refs/heads/main&rev=fcb8b04049ba9a4d12d16a18bcc6be4311c9e76e' (2024-08-29) • Updated input 'mystia': 'github:soopyc/mystia/affe0b9db4cf176f319fe7f827f99300cede02f3' (2024-08-23) → 'github:soopyc/mystia/82be480f3319695151e21ccf4f0a0a648cae4f38' (2024-08-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d0e1602ddde669d5beb01aec49d71a51937ed7be' (2024-08-24) → 'github:NixOS/nixpkgs/71e91c409d1e654808b2621f28a327acfdad8dc2' (2024-08-28) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/ad07ef4512e976b9537d05b7d2e4a5d7a2965ff7' (2024-08-27) → 'github:nix-community/nix-vscode-extensions/7d36ec13978b27d91958a39579a52d28ef015897' (2024-08-29) --- flake.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index b32b56d..7bc9ef4 100644 --- a/flake.lock +++ b/flake.lock @@ -230,11 +230,11 @@ "zls": "zls" }, "locked": { - "lastModified": 1724730981, - "narHash": "sha256-zDUQEJfcKKup13qgVo200kbU/M/ejjLKQF9AkrFI7mY=", + "lastModified": 1724906556, + "narHash": "sha256-nOU3KyEmLpdIuh1HXLDqKJCYRqtXlelL55doP2rYm24=", "ref": "refs/heads/main", - "rev": "23c924140a2a5054239cd9e4ce773cb5dc613cff", - "revCount": 7080, + "rev": "fcb8b04049ba9a4d12d16a18bcc6be4311c9e76e", + "revCount": 7101, "type": "git", "url": "ssh://git@github.com/ghostty-org/ghostty" }, @@ -335,11 +335,11 @@ ] }, "locked": { - "lastModified": 1724400737, - "narHash": "sha256-XDYQF8N7mbQowiqXvPXxK4iQbv0wzakeuKv/m/qbHL0=", + "lastModified": 1724832687, + "narHash": "sha256-NqhyGfmRbL65TUSItGo5SxNlrMNIqk82RxNU8pbjOwo=", "owner": "soopyc", "repo": "mystia", - "rev": "affe0b9db4cf176f319fe7f827f99300cede02f3", + "rev": "82be480f3319695151e21ccf4f0a0a648cae4f38", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724479785, - "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", + "lastModified": 1724819573, + "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", + "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "type": "github" }, "original": { @@ -543,11 +543,11 @@ ] }, "locked": { - "lastModified": 1724722238, - "narHash": "sha256-DLtiPBpKBIL4+lxu7H8e6gPZvZ3Rb7D8mMh8OieBURM=", + "lastModified": 1724895129, + "narHash": "sha256-dPFrppp6f2SbgLo2T8+95acFicBhiSLTF/C3iuUrrcw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ad07ef4512e976b9537d05b7d2e4a5d7a2965ff7", + "rev": "7d36ec13978b27d91958a39579a52d28ef015897", "type": "github" }, "original": { From b05e570f3b4135c84de401007eb18e47d6ce65cc Mon Sep 17 00:00:00 2001 From: uku Date: Thu, 29 Aug 2024 11:46:38 +0200 Subject: [PATCH 08/10] feat(etna): add forgejo actions runner --- secrets/etna/forgejoRunnerSecret.age | 12 ++++++++ secrets/secrets.nix | 1 + systems/etna/default.nix | 5 ++++ systems/etna/forgejo.nix | 41 ++++++++++++++++++++++++---- systems/etna/minecraft.nix | 2 -- 5 files changed, 53 insertions(+), 8 deletions(-) create mode 100644 secrets/etna/forgejoRunnerSecret.age diff --git a/secrets/etna/forgejoRunnerSecret.age b/secrets/etna/forgejoRunnerSecret.age new file mode 100644 index 0000000..e592412 --- /dev/null +++ b/secrets/etna/forgejoRunnerSecret.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WnZ4dWtjU2JBQ3JDRktR +K2RDMktEcDdyOGIyOVZ0VGppVm9iRW5kaGlzCno3eXFlc2U2Z3J4TzNIblFiMGlR +N1FCQnRTcDkxdzhGZkg0WFdqQ2ZpUmMKLT4gWDI1NTE5IC9WbG5iYjdiUFMwNnJK +QnMwUVordXNGRmlsWXRUNEk4Y1ZSVEV1VzNuVzQKUVZZdStyRGhIdE5oUk5sMTVO +blVuV2MrejBNNmVhSzdqRmlJYmVlNTlEZwotPiBYMjU1MTkgVTAxKzhxU1JNSWRn +KzVocEY2ODV2YmxMVk5TRGZyanJjZUFiNjFVMDUyRQpMY0JUU29CeWN1OUM5T2tS +MVlJYm9MQ3ZvT2VyQXRJanRpMVFWTlJNVENBCi0tLSAyTVplNGFzMm93b1pFVTEr +MlhKelpvT3dQTWxNNXpqNTdIdHBCbEUrRTZBChSSgqcbi9is6ISM4n0UeA/tsXgM +6mFlP8XO7o3FWHMvv84gK2861kG8hlITXjAFdsSIkUoA31O45hlr9b6+A/b8M7lu +PZYdP9leVeh/Dxk= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ee07cd5..dc42b80 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -26,4 +26,5 @@ in { "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna]; "etna/turnstileSecret.age".publicKeys = main ++ [etna]; "etna/navidromeEnv.age".publicKeys = main ++ [etna]; + "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna]; } diff --git a/systems/etna/default.nix b/systems/etna/default.nix index 830582a..b31d207 100644 --- a/systems/etna/default.nix +++ b/systems/etna/default.nix @@ -76,4 +76,9 @@ in { "cloudflared-tunnel-${tunnelId}".serviceConfig.RestartSec = "10s"; frp.serviceConfig.EnvironmentFile = secrets.get "frpToken"; }; + + virtualisation = { + docker.enable = true; + oci-containers.backend = "docker"; + }; } diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix index 170fb8e..0efa480 100644 --- a/systems/etna/forgejo.nix +++ b/systems/etna/forgejo.nix @@ -1,14 +1,18 @@ { + pkgs, config, _utils, ... }: let - turnstileSecret = _utils.setupSingleSecret config "turnstileSecret" { - owner = "forgejo"; - group = "forgejo"; + secrets = _utils.setupSecrets config { + secrets = ["turnstileSecret" "forgejoRunnerSecret"]; + extra = { + owner = "forgejo"; + group = "forgejo"; + }; }; in { - imports = [turnstileSecret.generate]; + imports = [secrets.generate]; cfTunnels."git.uku3lig.net" = "http://localhost:3000"; @@ -22,7 +26,7 @@ in { }; secrets = { - service.CF_TURNSTILE_SECRET = turnstileSecret.path; + service.CF_TURNSTILE_SECRET = secrets.get "turnstileSecret"; }; settings = { @@ -48,7 +52,10 @@ in { ENABLED = true; }; - actions.ENABLED = false; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "https://github.com"; + }; "ui.meta" = { AUTHOR = "uku's forge"; @@ -61,6 +68,28 @@ in { }; }; + gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.etna = { + enable = true; + name = "etna"; + url = "https://git.uku3lig.net"; + tokenFile = secrets.get "forgejoRunnerSecret"; + labels = [ + "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" + ]; + + settings = { + log.level = "info"; + runner = { + capacity = 4; + timeout = "2h"; + insecure = false; + }; + }; + }; + }; + frp.settings.proxies = [ { name = "forgejo-ssh"; diff --git a/systems/etna/minecraft.nix b/systems/etna/minecraft.nix index ffc16e2..9c7ec0f 100644 --- a/systems/etna/minecraft.nix +++ b/systems/etna/minecraft.nix @@ -44,8 +44,6 @@ in { lynn ]; - virtualisation.oci-containers.backend = "docker"; - systemd.services.restart-minecraft-servers = { wantedBy = ["multi-user.target"]; script = '' From 292fb2a02e7061d9b4a9483c5d391363d41a1efc Mon Sep 17 00:00:00 2001 From: uku Date: Thu, 29 Aug 2024 18:16:38 +0200 Subject: [PATCH 09/10] fix(etna): make forgejo up to date --- systems/etna/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix index 0efa480..683a5ec 100644 --- a/systems/etna/forgejo.nix +++ b/systems/etna/forgejo.nix @@ -19,6 +19,7 @@ in { services = { forgejo = { enable = true; + package = pkgs.forgejo; # forgejo-lts by default database = { type = "postgres"; From 5733425f79baaae461cde983aacd564ca70f9104 Mon Sep 17 00:00:00 2001 From: uku Date: Thu, 29 Aug 2024 19:27:06 +0200 Subject: [PATCH 10/10] fix(etna): set network to host for forgejo runner --- systems/etna/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix index 683a5ec..43bae3a 100644 --- a/systems/etna/forgejo.nix +++ b/systems/etna/forgejo.nix @@ -82,6 +82,7 @@ in { settings = { log.level = "info"; + container.network = "host"; runner = { capacity = 4; timeout = "2h";