diff --git a/configs/common.nix b/configs/common.nix index 9fc037c..550ca27 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -3,7 +3,7 @@ pkgs, config, _utils, - self, + camasca, nixpkgs, agenix, home-manager, @@ -98,12 +98,10 @@ in { options = "-d"; }; - registry = let + registry = { n.flake = nixpkgs; - in { - inherit n; - nixpkgs = n; - u.flake = self; + nixpkgs.flake = nixpkgs; + u.flake = camasca; }; settings = { diff --git a/configs/desktop.nix b/configs/desktop.nix index 24af213..06992d6 100644 --- a/configs/desktop.nix +++ b/configs/desktop.nix @@ -13,7 +13,7 @@ ./client.nix ../programs/ghostty.nix - ../programs/gnome.nix + ../programs/kde.nix ../programs/games.nix # ../programs/vscode.nix diff --git a/exprs/default.nix b/exprs/default.nix deleted file mode 100644 index 8f01f93..0000000 --- a/exprs/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{self, ...}: { - flake.nixosModules = { - reposilite = import ./reposilite/module.nix self; - }; - - perSystem = {pkgs, ...}: { - packages = { - reposilite = pkgs.callPackage ./reposilite/derivation.nix {}; - enigma = pkgs.callPackage ./pkgs/enigma.nix {}; - vineflower = pkgs.callPackage ./pkgs/vineflower.nix {}; - - wine-discord-ipc-bridge = pkgs.callPackage ./pkgs/wine-discord-ipc-bridge.nix { - inherit (pkgs.pkgsCross.mingw32) stdenv; - }; - }; - }; -} diff --git a/exprs/pkgs/enigma.nix b/exprs/pkgs/enigma.nix deleted file mode 100644 index ae6d9c3..0000000 --- a/exprs/pkgs/enigma.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - stdenv, - fetchurl, - temurin-bin, - makeWrapper, - makeDesktopItem, - copyDesktopItems, -}: -stdenv.mkDerivation (finalAttrs: { - name = "enigma"; - version = "2.5.0"; - - src = fetchurl { - url = with finalAttrs; "https://maven.fabricmc.net/cuchaz/enigma-swing/${version}/enigma-swing-${version}-all.jar"; - hash = "sha256-yOPPTKt96aRSbziYDBLBKqfLS2R9GeXgz5m2t1fgFHo="; - }; - - dontUnpack = true; - - nativeBuildInputs = [makeWrapper copyDesktopItems]; - - installPhase = with finalAttrs; '' - runHook preInstall - - mkdir -p $out/bin $out/share/${name} - cp ${src} $out/share/${name}/${name}.jar - makeWrapper ${temurin-bin}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar" - - runHook postInstall - ''; - - desktopItems = [ - (makeDesktopItem { - name = "enigma"; - desktopName = "Enigma"; - exec = "enigma"; - terminal = false; - }) - ]; - - meta.mainProgram = "enigma"; -}) diff --git a/exprs/pkgs/vineflower.nix b/exprs/pkgs/vineflower.nix deleted file mode 100644 index a376c57..0000000 --- a/exprs/pkgs/vineflower.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - stdenv, - fetchurl, - makeWrapper, - jre_headless, -}: -stdenv.mkDerivation (finalAttrs: { - name = "vineflower"; - version = "1.10.1"; - - src = fetchurl { - url = with finalAttrs; "https://github.com/Vineflower/vineflower/releases/download/${version}/vineflower-${version}.jar"; - hash = "sha256-ubII5QeTtkZXprYpIGdSZhP1Sd50BfkkNiSwL0J25Ak="; - }; - - nativeBuildInputs = [makeWrapper]; - - dontUnpack = true; - - installPhase = with finalAttrs; '' - runHook preInstall - - mkdir -p $out/bin $out/share/${name} - cp ${src} $out/share/${name}/${name}.jar - makeWrapper ${jre_headless}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar" - - runHook postInstall - ''; - - meta.mainProgram = "vineflower"; -}) diff --git a/exprs/pkgs/wine-discord-ipc-bridge.nix b/exprs/pkgs/wine-discord-ipc-bridge.nix deleted file mode 100644 index bd7b7ae..0000000 --- a/exprs/pkgs/wine-discord-ipc-bridge.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - stdenv, - fetchFromGitHub, -}: -stdenv.mkDerivation { - name = "wine-discord-ipc-bridge"; - - src = fetchFromGitHub { - owner = "0e4ef622"; - repo = "wine-discord-ipc-bridge"; - rev = "f8198c9d52e708143301017a296f7557c4387127"; - hash = "sha256-tAknITFlG63+gI5cN9SfUIUZkbIq/MgOPoGIcvoNo4Q="; - }; - - postPatch = '' - patchShebangs winediscordipcbridge-steam.sh - ''; - - installPhase = '' - mkdir -p $out/bin - cp winediscordipcbridge.exe $out/bin - cp winediscordipcbridge-steam.sh $out/bin - ''; - - meta.platforms = ["i686-windows" "x86_64-linux"]; -} diff --git a/exprs/reposilite/derivation.nix b/exprs/reposilite/derivation.nix deleted file mode 100644 index 93778b8..0000000 --- a/exprs/reposilite/derivation.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - lib, - stdenv, - fetchurl, - makeWrapper, - jre_headless, -}: -stdenv.mkDerivation (finalAttrs: { - name = "reposilite"; - version = "3.5.14"; - - src = fetchurl { - url = with finalAttrs; "https://maven.reposilite.com/releases/com/reposilite/reposilite/${version}/reposilite-${version}-all.jar"; - hash = "sha256-qZXYpz6SBXDBj8c0IZkfVgxEFe/+DxMpdhLJsjks8cM="; - }; - - nativeBuildInputs = [makeWrapper]; - - dontUnpack = true; - - installPhase = with finalAttrs; '' - runHook preInstall - - mkdir -p $out/bin $out/share/${name} - cp ${src} $out/share/${name}/${name}.jar - makeWrapper ${jre_headless}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar" - - runHook postInstall - ''; - - meta = with lib; { - description = "Lightweight and easy-to-use repository management software dedicated for the Maven based artifacts in the JVM ecosystem"; - homepage = "https://reposilite.com/"; - license = licenses.asl20; - platforms = platforms.unix; - mainProgram = "reposilite"; - }; -}) diff --git a/exprs/reposilite/module.nix b/exprs/reposilite/module.nix deleted file mode 100644 index 7dab9ea..0000000 --- a/exprs/reposilite/module.nix +++ /dev/null @@ -1,79 +0,0 @@ -self: { - lib, - config, - pkgs, - ... -}: let - cfg = config.services.reposilite; - - inherit (pkgs.stdenv.hostPlatform) system; - - inherit - (lib) - getExe - literalExpression - mdDoc - mkDefault - mkEnableOption - mkIf - mkOption - mkPackageOption - types - ; -in { - options.services.reposilite = { - enable = mkEnableOption "reposilite"; - package = mkPackageOption self.packages.${system} "reposilite" {}; - environmentFile = mkOption { - description = mdDoc '' - Environment file as defined in {manpage}`systemd.exec(5)` - ''; - type = types.nullOr types.path; - default = null; - example = literalExpression '' - "/run/agenix.d/1/reposilite" - ''; - }; - }; - - config = mkIf cfg.enable { - users = { - users.reposilite = { - isSystemUser = true; - group = "reposilite"; - }; - - groups.reposilite = {}; - }; - - systemd.services."reposilite" = { - enable = true; - wantedBy = mkDefault ["multi-user.target"]; - after = mkDefault ["network.target"]; - script = '' - ${getExe cfg.package} - ''; - - serviceConfig = { - Type = "simple"; - Restart = "always"; - - EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile; - - StateDirectory = "reposilite"; - StateDirectoryMode = "0700"; - WorkingDirectory = "/var/lib/reposilite"; - - User = "reposilite"; - Group = "reposilite"; - - LimitNOFILE = "1048576"; - PrivateTmp = true; - PrivateDevices = true; - ProtectHome = true; - ProtectSystem = "strict"; - AmbientCapabilities = "CAP_NET_BIND_SERVICE"; - }; - }; - }; -} diff --git a/flake.lock b/flake.lock index 63d32f4..7bc9ef4 100644 --- a/flake.lock +++ b/flake.lock @@ -50,6 +50,29 @@ "type": "github" } }, + "camasca": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724885464, + "narHash": "sha256-PQp5tDi+vRp5CEoUTI5NPbdhlDlp109KLDgpwsGH4J8=", + "owner": "uku3lig", + "repo": "camasca", + "rev": "f9ab5b1b70eeb6f5bc0e47375ef11b8f3eb81d25", + "type": "github" + }, + "original": { + "owner": "uku3lig", + "repo": "camasca", + "type": "github" + } + }, "catppuccin": { "locked": { "lastModified": 1724469296, @@ -207,11 +230,11 @@ "zls": "zls" }, "locked": { - "lastModified": 1724730981, - "narHash": "sha256-zDUQEJfcKKup13qgVo200kbU/M/ejjLKQF9AkrFI7mY=", + "lastModified": 1724906556, + "narHash": "sha256-nOU3KyEmLpdIuh1HXLDqKJCYRqtXlelL55doP2rYm24=", "ref": "refs/heads/main", - "rev": "23c924140a2a5054239cd9e4ce773cb5dc613cff", - "revCount": 7080, + "rev": "fcb8b04049ba9a4d12d16a18bcc6be4311c9e76e", + "revCount": 7101, "type": "git", "url": "ssh://git@github.com/ghostty-org/ghostty" }, @@ -312,11 +335,11 @@ ] }, "locked": { - "lastModified": 1724400737, - "narHash": "sha256-XDYQF8N7mbQowiqXvPXxK4iQbv0wzakeuKv/m/qbHL0=", + "lastModified": 1724832687, + "narHash": "sha256-NqhyGfmRbL65TUSItGo5SxNlrMNIqk82RxNU8pbjOwo=", "owner": "soopyc", "repo": "mystia", - "rev": "affe0b9db4cf176f319fe7f827f99300cede02f3", + "rev": "82be480f3319695151e21ccf4f0a0a648cae4f38", "type": "github" }, "original": { @@ -371,11 +394,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724479785, - "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", + "lastModified": 1724819573, + "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", + "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "type": "github" }, "original": { @@ -388,6 +411,7 @@ "inputs": { "agenix": "agenix", "api-rs": "api-rs", + "camasca": "camasca", "catppuccin": "catppuccin", "crane": "crane", "flake-parts": "flake-parts", @@ -519,11 +543,11 @@ ] }, "locked": { - "lastModified": 1724722238, - "narHash": "sha256-DLtiPBpKBIL4+lxu7H8e6gPZvZ3Rb7D8mMh8OieBURM=", + "lastModified": 1724895129, + "narHash": "sha256-dPFrppp6f2SbgLo2T8+95acFicBhiSLTF/C3iuUrrcw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ad07ef4512e976b9537d05b7d2e4a5d7a2965ff7", + "rev": "7d36ec13978b27d91958a39579a52d28ef015897", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 01ef327..ab793fc 100644 --- a/flake.nix +++ b/flake.nix @@ -12,7 +12,6 @@ imports = [ ./systems - ./exprs ]; perSystem = { @@ -22,12 +21,10 @@ }: { apps = (nixinate.nixinate.${system} self).nixinate; - devShells.default = pkgs.mkShellNoCC { - packages = with pkgs; [ - just - statix - ]; - }; + devShells.default = with pkgs; + mkShellNoCC { + packages = [just statix]; + }; formatter = pkgs.alejandra; }; @@ -36,6 +33,12 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; + camasca = { + url = "github:uku3lig/camasca"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; + agenix = { url = "github:uku3lig/agenix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/justfile b/justfile index 049f297..9dbe4a1 100644 --- a/justfile +++ b/justfile @@ -8,6 +8,10 @@ switch *args: @sudo -v sudo nixos-rebuild switch --flake . --keep-going {{args}} +boot *args: + @sudo -v + sudo nixos-rebuild boot --flake . --keep-going {{args}} + deploy system: nix run .#{{system}} diff --git a/programs/fish.nix b/programs/fish.nix index e01b758..7b95912 100644 --- a/programs/fish.nix +++ b/programs/fish.nix @@ -11,6 +11,8 @@ enable = true; interactiveShellInit = with pkgs; '' + set -gx SSH_AUTH_SOCK /run/user/1000/ssh-agent + if test -f ~/.ssh/id_ed25519 ssh-add -l | grep -q (ssh-keygen -lf ~/.ssh/id_ed25519) || ssh-add ~/.ssh/id_ed25519 end diff --git a/programs/kde.nix b/programs/kde.nix new file mode 100644 index 0000000..fa41575 --- /dev/null +++ b/programs/kde.nix @@ -0,0 +1,22 @@ +{ + camasca, + pkgs, + ... +}: { + services.desktopManager.plasma6.enable = true; + + environment = { + systemPackages = with pkgs; [ + flameshot + camasca.packages.${pkgs.system}.koi + ]; + + plasma6.excludePackages = with pkgs.kdePackages; [ + plasma-browser-integration + elisa + okular + kate + khelpcenter + ]; + }; +} diff --git a/secrets/etna/forgejoRunnerSecret.age b/secrets/etna/forgejoRunnerSecret.age new file mode 100644 index 0000000..e592412 --- /dev/null +++ b/secrets/etna/forgejoRunnerSecret.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WnZ4dWtjU2JBQ3JDRktR +K2RDMktEcDdyOGIyOVZ0VGppVm9iRW5kaGlzCno3eXFlc2U2Z3J4TzNIblFiMGlR +N1FCQnRTcDkxdzhGZkg0WFdqQ2ZpUmMKLT4gWDI1NTE5IC9WbG5iYjdiUFMwNnJK +QnMwUVordXNGRmlsWXRUNEk4Y1ZSVEV1VzNuVzQKUVZZdStyRGhIdE5oUk5sMTVO +blVuV2MrejBNNmVhSzdqRmlJYmVlNTlEZwotPiBYMjU1MTkgVTAxKzhxU1JNSWRn +KzVocEY2ODV2YmxMVk5TRGZyanJjZUFiNjFVMDUyRQpMY0JUU29CeWN1OUM5T2tS +MVlJYm9MQ3ZvT2VyQXRJanRpMVFWTlJNVENBCi0tLSAyTVplNGFzMm93b1pFVTEr +MlhKelpvT3dQTWxNNXpqNTdIdHBCbEUrRTZBChSSgqcbi9is6ISM4n0UeA/tsXgM +6mFlP8XO7o3FWHMvv84gK2861kG8hlITXjAFdsSIkUoA31O45hlr9b6+A/b8M7lu +PZYdP9leVeh/Dxk= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ee07cd5..dc42b80 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -26,4 +26,5 @@ in { "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna]; "etna/turnstileSecret.age".publicKeys = main ++ [etna]; "etna/navidromeEnv.age".publicKeys = main ++ [etna]; + "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna]; } diff --git a/systems/etna/default.nix b/systems/etna/default.nix index 830582a..b31d207 100644 --- a/systems/etna/default.nix +++ b/systems/etna/default.nix @@ -76,4 +76,9 @@ in { "cloudflared-tunnel-${tunnelId}".serviceConfig.RestartSec = "10s"; frp.serviceConfig.EnvironmentFile = secrets.get "frpToken"; }; + + virtualisation = { + docker.enable = true; + oci-containers.backend = "docker"; + }; } diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix index 170fb8e..43bae3a 100644 --- a/systems/etna/forgejo.nix +++ b/systems/etna/forgejo.nix @@ -1,20 +1,25 @@ { + pkgs, config, _utils, ... }: let - turnstileSecret = _utils.setupSingleSecret config "turnstileSecret" { - owner = "forgejo"; - group = "forgejo"; + secrets = _utils.setupSecrets config { + secrets = ["turnstileSecret" "forgejoRunnerSecret"]; + extra = { + owner = "forgejo"; + group = "forgejo"; + }; }; in { - imports = [turnstileSecret.generate]; + imports = [secrets.generate]; cfTunnels."git.uku3lig.net" = "http://localhost:3000"; services = { forgejo = { enable = true; + package = pkgs.forgejo; # forgejo-lts by default database = { type = "postgres"; @@ -22,7 +27,7 @@ in { }; secrets = { - service.CF_TURNSTILE_SECRET = turnstileSecret.path; + service.CF_TURNSTILE_SECRET = secrets.get "turnstileSecret"; }; settings = { @@ -48,7 +53,10 @@ in { ENABLED = true; }; - actions.ENABLED = false; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "https://github.com"; + }; "ui.meta" = { AUTHOR = "uku's forge"; @@ -61,6 +69,29 @@ in { }; }; + gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.etna = { + enable = true; + name = "etna"; + url = "https://git.uku3lig.net"; + tokenFile = secrets.get "forgejoRunnerSecret"; + labels = [ + "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" + ]; + + settings = { + log.level = "info"; + container.network = "host"; + runner = { + capacity = 4; + timeout = "2h"; + insecure = false; + }; + }; + }; + }; + frp.settings.proxies = [ { name = "forgejo-ssh"; diff --git a/systems/etna/minecraft.nix b/systems/etna/minecraft.nix index ffc16e2..9c7ec0f 100644 --- a/systems/etna/minecraft.nix +++ b/systems/etna/minecraft.nix @@ -44,8 +44,6 @@ in { lynn ]; - virtualisation.oci-containers.backend = "docker"; - systemd.services.restart-minecraft-servers = { wantedBy = ["multi-user.target"]; script = '' diff --git a/systems/etna/reposilite.nix b/systems/etna/reposilite.nix index 5968458..0275786 100644 --- a/systems/etna/reposilite.nix +++ b/systems/etna/reposilite.nix @@ -1,5 +1,5 @@ -{self, ...}: { - imports = [self.nixosModules.reposilite]; +{camasca, ...}: { + imports = [camasca.nixosModules.reposilite]; cfTunnels."maven.uku3lig.net" = "http://localhost:8080";