Compare commits
10 commits
3fbe04ae69
...
5733425f79
Author | SHA1 | Date | |
---|---|---|---|
5733425f79 | |||
292fb2a02e | |||
b05e570f3b | |||
9ab95ffdf6 | |||
bf806a2e63 | |||
ffd73d8e6a | |||
bb15cc1f6d | |||
1793b5869d | |||
f5b15f3b0a | |||
47f44bb427 |
19 changed files with 137 additions and 270 deletions
|
@ -3,7 +3,7 @@
|
|||
pkgs,
|
||||
config,
|
||||
_utils,
|
||||
self,
|
||||
camasca,
|
||||
nixpkgs,
|
||||
agenix,
|
||||
home-manager,
|
||||
|
@ -98,12 +98,10 @@ in {
|
|||
options = "-d";
|
||||
};
|
||||
|
||||
registry = let
|
||||
registry = {
|
||||
n.flake = nixpkgs;
|
||||
in {
|
||||
inherit n;
|
||||
nixpkgs = n;
|
||||
u.flake = self;
|
||||
nixpkgs.flake = nixpkgs;
|
||||
u.flake = camasca;
|
||||
};
|
||||
|
||||
settings = {
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
./client.nix
|
||||
|
||||
../programs/ghostty.nix
|
||||
../programs/gnome.nix
|
||||
../programs/kde.nix
|
||||
../programs/games.nix
|
||||
# ../programs/vscode.nix
|
||||
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
{self, ...}: {
|
||||
flake.nixosModules = {
|
||||
reposilite = import ./reposilite/module.nix self;
|
||||
};
|
||||
|
||||
perSystem = {pkgs, ...}: {
|
||||
packages = {
|
||||
reposilite = pkgs.callPackage ./reposilite/derivation.nix {};
|
||||
enigma = pkgs.callPackage ./pkgs/enigma.nix {};
|
||||
vineflower = pkgs.callPackage ./pkgs/vineflower.nix {};
|
||||
|
||||
wine-discord-ipc-bridge = pkgs.callPackage ./pkgs/wine-discord-ipc-bridge.nix {
|
||||
inherit (pkgs.pkgsCross.mingw32) stdenv;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,42 +0,0 @@
|
|||
{
|
||||
stdenv,
|
||||
fetchurl,
|
||||
temurin-bin,
|
||||
makeWrapper,
|
||||
makeDesktopItem,
|
||||
copyDesktopItems,
|
||||
}:
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
name = "enigma";
|
||||
version = "2.5.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = with finalAttrs; "https://maven.fabricmc.net/cuchaz/enigma-swing/${version}/enigma-swing-${version}-all.jar";
|
||||
hash = "sha256-yOPPTKt96aRSbziYDBLBKqfLS2R9GeXgz5m2t1fgFHo=";
|
||||
};
|
||||
|
||||
dontUnpack = true;
|
||||
|
||||
nativeBuildInputs = [makeWrapper copyDesktopItems];
|
||||
|
||||
installPhase = with finalAttrs; ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/bin $out/share/${name}
|
||||
cp ${src} $out/share/${name}/${name}.jar
|
||||
makeWrapper ${temurin-bin}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar"
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
desktopItems = [
|
||||
(makeDesktopItem {
|
||||
name = "enigma";
|
||||
desktopName = "Enigma";
|
||||
exec = "enigma";
|
||||
terminal = false;
|
||||
})
|
||||
];
|
||||
|
||||
meta.mainProgram = "enigma";
|
||||
})
|
|
@ -1,31 +0,0 @@
|
|||
{
|
||||
stdenv,
|
||||
fetchurl,
|
||||
makeWrapper,
|
||||
jre_headless,
|
||||
}:
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
name = "vineflower";
|
||||
version = "1.10.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = with finalAttrs; "https://github.com/Vineflower/vineflower/releases/download/${version}/vineflower-${version}.jar";
|
||||
hash = "sha256-ubII5QeTtkZXprYpIGdSZhP1Sd50BfkkNiSwL0J25Ak=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [makeWrapper];
|
||||
|
||||
dontUnpack = true;
|
||||
|
||||
installPhase = with finalAttrs; ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/bin $out/share/${name}
|
||||
cp ${src} $out/share/${name}/${name}.jar
|
||||
makeWrapper ${jre_headless}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar"
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta.mainProgram = "vineflower";
|
||||
})
|
|
@ -1,26 +0,0 @@
|
|||
{
|
||||
stdenv,
|
||||
fetchFromGitHub,
|
||||
}:
|
||||
stdenv.mkDerivation {
|
||||
name = "wine-discord-ipc-bridge";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "0e4ef622";
|
||||
repo = "wine-discord-ipc-bridge";
|
||||
rev = "f8198c9d52e708143301017a296f7557c4387127";
|
||||
hash = "sha256-tAknITFlG63+gI5cN9SfUIUZkbIq/MgOPoGIcvoNo4Q=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
patchShebangs winediscordipcbridge-steam.sh
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp winediscordipcbridge.exe $out/bin
|
||||
cp winediscordipcbridge-steam.sh $out/bin
|
||||
'';
|
||||
|
||||
meta.platforms = ["i686-windows" "x86_64-linux"];
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
stdenv,
|
||||
fetchurl,
|
||||
makeWrapper,
|
||||
jre_headless,
|
||||
}:
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
name = "reposilite";
|
||||
version = "3.5.14";
|
||||
|
||||
src = fetchurl {
|
||||
url = with finalAttrs; "https://maven.reposilite.com/releases/com/reposilite/reposilite/${version}/reposilite-${version}-all.jar";
|
||||
hash = "sha256-qZXYpz6SBXDBj8c0IZkfVgxEFe/+DxMpdhLJsjks8cM=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [makeWrapper];
|
||||
|
||||
dontUnpack = true;
|
||||
|
||||
installPhase = with finalAttrs; ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/bin $out/share/${name}
|
||||
cp ${src} $out/share/${name}/${name}.jar
|
||||
makeWrapper ${jre_headless}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar"
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Lightweight and easy-to-use repository management software dedicated for the Maven based artifacts in the JVM ecosystem";
|
||||
homepage = "https://reposilite.com/";
|
||||
license = licenses.asl20;
|
||||
platforms = platforms.unix;
|
||||
mainProgram = "reposilite";
|
||||
};
|
||||
})
|
|
@ -1,79 +0,0 @@
|
|||
self: {
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
cfg = config.services.reposilite;
|
||||
|
||||
inherit (pkgs.stdenv.hostPlatform) system;
|
||||
|
||||
inherit
|
||||
(lib)
|
||||
getExe
|
||||
literalExpression
|
||||
mdDoc
|
||||
mkDefault
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
mkPackageOption
|
||||
types
|
||||
;
|
||||
in {
|
||||
options.services.reposilite = {
|
||||
enable = mkEnableOption "reposilite";
|
||||
package = mkPackageOption self.packages.${system} "reposilite" {};
|
||||
environmentFile = mkOption {
|
||||
description = mdDoc ''
|
||||
Environment file as defined in {manpage}`systemd.exec(5)`
|
||||
'';
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
"/run/agenix.d/1/reposilite"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users = {
|
||||
users.reposilite = {
|
||||
isSystemUser = true;
|
||||
group = "reposilite";
|
||||
};
|
||||
|
||||
groups.reposilite = {};
|
||||
};
|
||||
|
||||
systemd.services."reposilite" = {
|
||||
enable = true;
|
||||
wantedBy = mkDefault ["multi-user.target"];
|
||||
after = mkDefault ["network.target"];
|
||||
script = ''
|
||||
${getExe cfg.package}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
|
||||
EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile;
|
||||
|
||||
StateDirectory = "reposilite";
|
||||
StateDirectoryMode = "0700";
|
||||
WorkingDirectory = "/var/lib/reposilite";
|
||||
|
||||
User = "reposilite";
|
||||
Group = "reposilite";
|
||||
|
||||
LimitNOFILE = "1048576";
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectHome = true;
|
||||
ProtectSystem = "strict";
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
50
flake.lock
50
flake.lock
|
@ -50,6 +50,29 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"camasca": {
|
||||
"inputs": {
|
||||
"flake-parts": [
|
||||
"flake-parts"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724885464,
|
||||
"narHash": "sha256-PQp5tDi+vRp5CEoUTI5NPbdhlDlp109KLDgpwsGH4J8=",
|
||||
"owner": "uku3lig",
|
||||
"repo": "camasca",
|
||||
"rev": "f9ab5b1b70eeb6f5bc0e47375ef11b8f3eb81d25",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "uku3lig",
|
||||
"repo": "camasca",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"catppuccin": {
|
||||
"locked": {
|
||||
"lastModified": 1724469296,
|
||||
|
@ -207,11 +230,11 @@
|
|||
"zls": "zls"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724730981,
|
||||
"narHash": "sha256-zDUQEJfcKKup13qgVo200kbU/M/ejjLKQF9AkrFI7mY=",
|
||||
"lastModified": 1724906556,
|
||||
"narHash": "sha256-nOU3KyEmLpdIuh1HXLDqKJCYRqtXlelL55doP2rYm24=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "23c924140a2a5054239cd9e4ce773cb5dc613cff",
|
||||
"revCount": 7080,
|
||||
"rev": "fcb8b04049ba9a4d12d16a18bcc6be4311c9e76e",
|
||||
"revCount": 7101,
|
||||
"type": "git",
|
||||
"url": "ssh://git@github.com/ghostty-org/ghostty"
|
||||
},
|
||||
|
@ -312,11 +335,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724400737,
|
||||
"narHash": "sha256-XDYQF8N7mbQowiqXvPXxK4iQbv0wzakeuKv/m/qbHL0=",
|
||||
"lastModified": 1724832687,
|
||||
"narHash": "sha256-NqhyGfmRbL65TUSItGo5SxNlrMNIqk82RxNU8pbjOwo=",
|
||||
"owner": "soopyc",
|
||||
"repo": "mystia",
|
||||
"rev": "affe0b9db4cf176f319fe7f827f99300cede02f3",
|
||||
"rev": "82be480f3319695151e21ccf4f0a0a648cae4f38",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -371,11 +394,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1724479785,
|
||||
"narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=",
|
||||
"lastModified": 1724819573,
|
||||
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be",
|
||||
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -388,6 +411,7 @@
|
|||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"api-rs": "api-rs",
|
||||
"camasca": "camasca",
|
||||
"catppuccin": "catppuccin",
|
||||
"crane": "crane",
|
||||
"flake-parts": "flake-parts",
|
||||
|
@ -519,11 +543,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724722238,
|
||||
"narHash": "sha256-DLtiPBpKBIL4+lxu7H8e6gPZvZ3Rb7D8mMh8OieBURM=",
|
||||
"lastModified": 1724895129,
|
||||
"narHash": "sha256-dPFrppp6f2SbgLo2T8+95acFicBhiSLTF/C3iuUrrcw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-vscode-extensions",
|
||||
"rev": "ad07ef4512e976b9537d05b7d2e4a5d7a2965ff7",
|
||||
"rev": "7d36ec13978b27d91958a39579a52d28ef015897",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
17
flake.nix
17
flake.nix
|
@ -12,7 +12,6 @@
|
|||
|
||||
imports = [
|
||||
./systems
|
||||
./exprs
|
||||
];
|
||||
|
||||
perSystem = {
|
||||
|
@ -22,12 +21,10 @@
|
|||
}: {
|
||||
apps = (nixinate.nixinate.${system} self).nixinate;
|
||||
|
||||
devShells.default = pkgs.mkShellNoCC {
|
||||
packages = with pkgs; [
|
||||
just
|
||||
statix
|
||||
];
|
||||
};
|
||||
devShells.default = with pkgs;
|
||||
mkShellNoCC {
|
||||
packages = [just statix];
|
||||
};
|
||||
|
||||
formatter = pkgs.alejandra;
|
||||
};
|
||||
|
@ -36,6 +33,12 @@
|
|||
inputs = {
|
||||
nixpkgs.url = "nixpkgs/nixos-unstable";
|
||||
|
||||
camasca = {
|
||||
url = "github:uku3lig/camasca";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-parts.follows = "flake-parts";
|
||||
};
|
||||
|
||||
agenix = {
|
||||
url = "github:uku3lig/agenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
4
justfile
4
justfile
|
@ -8,6 +8,10 @@ switch *args:
|
|||
@sudo -v
|
||||
sudo nixos-rebuild switch --flake . --keep-going {{args}}
|
||||
|
||||
boot *args:
|
||||
@sudo -v
|
||||
sudo nixos-rebuild boot --flake . --keep-going {{args}}
|
||||
|
||||
deploy system:
|
||||
nix run .#{{system}}
|
||||
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
enable = true;
|
||||
|
||||
interactiveShellInit = with pkgs; ''
|
||||
set -gx SSH_AUTH_SOCK /run/user/1000/ssh-agent
|
||||
|
||||
if test -f ~/.ssh/id_ed25519
|
||||
ssh-add -l | grep -q (ssh-keygen -lf ~/.ssh/id_ed25519) || ssh-add ~/.ssh/id_ed25519
|
||||
end
|
||||
|
|
22
programs/kde.nix
Normal file
22
programs/kde.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{
|
||||
camasca,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
flameshot
|
||||
camasca.packages.${pkgs.system}.koi
|
||||
];
|
||||
|
||||
plasma6.excludePackages = with pkgs.kdePackages; [
|
||||
plasma-browser-integration
|
||||
elisa
|
||||
okular
|
||||
kate
|
||||
khelpcenter
|
||||
];
|
||||
};
|
||||
}
|
12
secrets/etna/forgejoRunnerSecret.age
Normal file
12
secrets/etna/forgejoRunnerSecret.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WnZ4dWtjU2JBQ3JDRktR
|
||||
K2RDMktEcDdyOGIyOVZ0VGppVm9iRW5kaGlzCno3eXFlc2U2Z3J4TzNIblFiMGlR
|
||||
N1FCQnRTcDkxdzhGZkg0WFdqQ2ZpUmMKLT4gWDI1NTE5IC9WbG5iYjdiUFMwNnJK
|
||||
QnMwUVordXNGRmlsWXRUNEk4Y1ZSVEV1VzNuVzQKUVZZdStyRGhIdE5oUk5sMTVO
|
||||
blVuV2MrejBNNmVhSzdqRmlJYmVlNTlEZwotPiBYMjU1MTkgVTAxKzhxU1JNSWRn
|
||||
KzVocEY2ODV2YmxMVk5TRGZyanJjZUFiNjFVMDUyRQpMY0JUU29CeWN1OUM5T2tS
|
||||
MVlJYm9MQ3ZvT2VyQXRJanRpMVFWTlJNVENBCi0tLSAyTVplNGFzMm93b1pFVTEr
|
||||
MlhKelpvT3dQTWxNNXpqNTdIdHBCbEUrRTZBChSSgqcbi9is6ISM4n0UeA/tsXgM
|
||||
6mFlP8XO7o3FWHMvv84gK2861kG8hlITXjAFdsSIkUoA31O45hlr9b6+A/b8M7lu
|
||||
PZYdP9leVeh/Dxk=
|
||||
-----END AGE ENCRYPTED FILE-----
|
|
@ -26,4 +26,5 @@ in {
|
|||
"etna/nextcloudAdminPass.age".publicKeys = main ++ [etna];
|
||||
"etna/turnstileSecret.age".publicKeys = main ++ [etna];
|
||||
"etna/navidromeEnv.age".publicKeys = main ++ [etna];
|
||||
"etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna];
|
||||
}
|
||||
|
|
|
@ -76,4 +76,9 @@ in {
|
|||
"cloudflared-tunnel-${tunnelId}".serviceConfig.RestartSec = "10s";
|
||||
frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
docker.enable = true;
|
||||
oci-containers.backend = "docker";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,20 +1,25 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
_utils,
|
||||
...
|
||||
}: let
|
||||
turnstileSecret = _utils.setupSingleSecret config "turnstileSecret" {
|
||||
owner = "forgejo";
|
||||
group = "forgejo";
|
||||
secrets = _utils.setupSecrets config {
|
||||
secrets = ["turnstileSecret" "forgejoRunnerSecret"];
|
||||
extra = {
|
||||
owner = "forgejo";
|
||||
group = "forgejo";
|
||||
};
|
||||
};
|
||||
in {
|
||||
imports = [turnstileSecret.generate];
|
||||
imports = [secrets.generate];
|
||||
|
||||
cfTunnels."git.uku3lig.net" = "http://localhost:3000";
|
||||
|
||||
services = {
|
||||
forgejo = {
|
||||
enable = true;
|
||||
package = pkgs.forgejo; # forgejo-lts by default
|
||||
|
||||
database = {
|
||||
type = "postgres";
|
||||
|
@ -22,7 +27,7 @@ in {
|
|||
};
|
||||
|
||||
secrets = {
|
||||
service.CF_TURNSTILE_SECRET = turnstileSecret.path;
|
||||
service.CF_TURNSTILE_SECRET = secrets.get "turnstileSecret";
|
||||
};
|
||||
|
||||
settings = {
|
||||
|
@ -48,7 +53,10 @@ in {
|
|||
ENABLED = true;
|
||||
};
|
||||
|
||||
actions.ENABLED = false;
|
||||
actions = {
|
||||
ENABLED = true;
|
||||
DEFAULT_ACTIONS_URL = "https://github.com";
|
||||
};
|
||||
|
||||
"ui.meta" = {
|
||||
AUTHOR = "uku's forge";
|
||||
|
@ -61,6 +69,29 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
gitea-actions-runner = {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances.etna = {
|
||||
enable = true;
|
||||
name = "etna";
|
||||
url = "https://git.uku3lig.net";
|
||||
tokenFile = secrets.get "forgejoRunnerSecret";
|
||||
labels = [
|
||||
"ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
||||
];
|
||||
|
||||
settings = {
|
||||
log.level = "info";
|
||||
container.network = "host";
|
||||
runner = {
|
||||
capacity = 4;
|
||||
timeout = "2h";
|
||||
insecure = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
frp.settings.proxies = [
|
||||
{
|
||||
name = "forgejo-ssh";
|
||||
|
|
|
@ -44,8 +44,6 @@ in {
|
|||
lynn
|
||||
];
|
||||
|
||||
virtualisation.oci-containers.backend = "docker";
|
||||
|
||||
systemd.services.restart-minecraft-servers = {
|
||||
wantedBy = ["multi-user.target"];
|
||||
script = ''
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{self, ...}: {
|
||||
imports = [self.nixosModules.reposilite];
|
||||
{camasca, ...}: {
|
||||
imports = [camasca.nixosModules.reposilite];
|
||||
|
||||
cfTunnels."maven.uku3lig.net" = "http://localhost:8080";
|
||||
|
||||
|
|
Loading…
Reference in a new issue