diff --git a/configs/common.nix b/configs/common.nix index 550ca27..9fc037c 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -3,7 +3,7 @@ pkgs, config, _utils, - camasca, + self, nixpkgs, agenix, home-manager, @@ -98,10 +98,12 @@ in { options = "-d"; }; - registry = { + registry = let n.flake = nixpkgs; - nixpkgs.flake = nixpkgs; - u.flake = camasca; + in { + inherit n; + nixpkgs = n; + u.flake = self; }; settings = { diff --git a/configs/desktop.nix b/configs/desktop.nix index 06992d6..24af213 100644 --- a/configs/desktop.nix +++ b/configs/desktop.nix @@ -13,7 +13,7 @@ ./client.nix ../programs/ghostty.nix - ../programs/kde.nix + ../programs/gnome.nix ../programs/games.nix # ../programs/vscode.nix diff --git a/exprs/default.nix b/exprs/default.nix new file mode 100644 index 0000000..8f01f93 --- /dev/null +++ b/exprs/default.nix @@ -0,0 +1,17 @@ +{self, ...}: { + flake.nixosModules = { + reposilite = import ./reposilite/module.nix self; + }; + + perSystem = {pkgs, ...}: { + packages = { + reposilite = pkgs.callPackage ./reposilite/derivation.nix {}; + enigma = pkgs.callPackage ./pkgs/enigma.nix {}; + vineflower = pkgs.callPackage ./pkgs/vineflower.nix {}; + + wine-discord-ipc-bridge = pkgs.callPackage ./pkgs/wine-discord-ipc-bridge.nix { + inherit (pkgs.pkgsCross.mingw32) stdenv; + }; + }; + }; +} diff --git a/exprs/pkgs/enigma.nix b/exprs/pkgs/enigma.nix new file mode 100644 index 0000000..ae6d9c3 --- /dev/null +++ b/exprs/pkgs/enigma.nix @@ -0,0 +1,42 @@ +{ + stdenv, + fetchurl, + temurin-bin, + makeWrapper, + makeDesktopItem, + copyDesktopItems, +}: +stdenv.mkDerivation (finalAttrs: { + name = "enigma"; + version = "2.5.0"; + + src = fetchurl { + url = with finalAttrs; "https://maven.fabricmc.net/cuchaz/enigma-swing/${version}/enigma-swing-${version}-all.jar"; + hash = "sha256-yOPPTKt96aRSbziYDBLBKqfLS2R9GeXgz5m2t1fgFHo="; + }; + + dontUnpack = true; + + nativeBuildInputs = [makeWrapper copyDesktopItems]; + + installPhase = with finalAttrs; '' + runHook preInstall + + mkdir -p $out/bin $out/share/${name} + cp ${src} $out/share/${name}/${name}.jar + makeWrapper ${temurin-bin}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar" + + runHook postInstall + ''; + + desktopItems = [ + (makeDesktopItem { + name = "enigma"; + desktopName = "Enigma"; + exec = "enigma"; + terminal = false; + }) + ]; + + meta.mainProgram = "enigma"; +}) diff --git a/exprs/pkgs/vineflower.nix b/exprs/pkgs/vineflower.nix new file mode 100644 index 0000000..a376c57 --- /dev/null +++ b/exprs/pkgs/vineflower.nix @@ -0,0 +1,31 @@ +{ + stdenv, + fetchurl, + makeWrapper, + jre_headless, +}: +stdenv.mkDerivation (finalAttrs: { + name = "vineflower"; + version = "1.10.1"; + + src = fetchurl { + url = with finalAttrs; "https://github.com/Vineflower/vineflower/releases/download/${version}/vineflower-${version}.jar"; + hash = "sha256-ubII5QeTtkZXprYpIGdSZhP1Sd50BfkkNiSwL0J25Ak="; + }; + + nativeBuildInputs = [makeWrapper]; + + dontUnpack = true; + + installPhase = with finalAttrs; '' + runHook preInstall + + mkdir -p $out/bin $out/share/${name} + cp ${src} $out/share/${name}/${name}.jar + makeWrapper ${jre_headless}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar" + + runHook postInstall + ''; + + meta.mainProgram = "vineflower"; +}) diff --git a/exprs/pkgs/wine-discord-ipc-bridge.nix b/exprs/pkgs/wine-discord-ipc-bridge.nix new file mode 100644 index 0000000..bd7b7ae --- /dev/null +++ b/exprs/pkgs/wine-discord-ipc-bridge.nix @@ -0,0 +1,26 @@ +{ + stdenv, + fetchFromGitHub, +}: +stdenv.mkDerivation { + name = "wine-discord-ipc-bridge"; + + src = fetchFromGitHub { + owner = "0e4ef622"; + repo = "wine-discord-ipc-bridge"; + rev = "f8198c9d52e708143301017a296f7557c4387127"; + hash = "sha256-tAknITFlG63+gI5cN9SfUIUZkbIq/MgOPoGIcvoNo4Q="; + }; + + postPatch = '' + patchShebangs winediscordipcbridge-steam.sh + ''; + + installPhase = '' + mkdir -p $out/bin + cp winediscordipcbridge.exe $out/bin + cp winediscordipcbridge-steam.sh $out/bin + ''; + + meta.platforms = ["i686-windows" "x86_64-linux"]; +} diff --git a/exprs/reposilite/derivation.nix b/exprs/reposilite/derivation.nix new file mode 100644 index 0000000..93778b8 --- /dev/null +++ b/exprs/reposilite/derivation.nix @@ -0,0 +1,38 @@ +{ + lib, + stdenv, + fetchurl, + makeWrapper, + jre_headless, +}: +stdenv.mkDerivation (finalAttrs: { + name = "reposilite"; + version = "3.5.14"; + + src = fetchurl { + url = with finalAttrs; "https://maven.reposilite.com/releases/com/reposilite/reposilite/${version}/reposilite-${version}-all.jar"; + hash = "sha256-qZXYpz6SBXDBj8c0IZkfVgxEFe/+DxMpdhLJsjks8cM="; + }; + + nativeBuildInputs = [makeWrapper]; + + dontUnpack = true; + + installPhase = with finalAttrs; '' + runHook preInstall + + mkdir -p $out/bin $out/share/${name} + cp ${src} $out/share/${name}/${name}.jar + makeWrapper ${jre_headless}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar" + + runHook postInstall + ''; + + meta = with lib; { + description = "Lightweight and easy-to-use repository management software dedicated for the Maven based artifacts in the JVM ecosystem"; + homepage = "https://reposilite.com/"; + license = licenses.asl20; + platforms = platforms.unix; + mainProgram = "reposilite"; + }; +}) diff --git a/exprs/reposilite/module.nix b/exprs/reposilite/module.nix new file mode 100644 index 0000000..7dab9ea --- /dev/null +++ b/exprs/reposilite/module.nix @@ -0,0 +1,79 @@ +self: { + lib, + config, + pkgs, + ... +}: let + cfg = config.services.reposilite; + + inherit (pkgs.stdenv.hostPlatform) system; + + inherit + (lib) + getExe + literalExpression + mdDoc + mkDefault + mkEnableOption + mkIf + mkOption + mkPackageOption + types + ; +in { + options.services.reposilite = { + enable = mkEnableOption "reposilite"; + package = mkPackageOption self.packages.${system} "reposilite" {}; + environmentFile = mkOption { + description = mdDoc '' + Environment file as defined in {manpage}`systemd.exec(5)` + ''; + type = types.nullOr types.path; + default = null; + example = literalExpression '' + "/run/agenix.d/1/reposilite" + ''; + }; + }; + + config = mkIf cfg.enable { + users = { + users.reposilite = { + isSystemUser = true; + group = "reposilite"; + }; + + groups.reposilite = {}; + }; + + systemd.services."reposilite" = { + enable = true; + wantedBy = mkDefault ["multi-user.target"]; + after = mkDefault ["network.target"]; + script = '' + ${getExe cfg.package} + ''; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + + EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile; + + StateDirectory = "reposilite"; + StateDirectoryMode = "0700"; + WorkingDirectory = "/var/lib/reposilite"; + + User = "reposilite"; + Group = "reposilite"; + + LimitNOFILE = "1048576"; + PrivateTmp = true; + PrivateDevices = true; + ProtectHome = true; + ProtectSystem = "strict"; + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 7bc9ef4..63d32f4 100644 --- a/flake.lock +++ b/flake.lock @@ -50,29 +50,6 @@ "type": "github" } }, - "camasca": { - "inputs": { - "flake-parts": [ - "flake-parts" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1724885464, - "narHash": "sha256-PQp5tDi+vRp5CEoUTI5NPbdhlDlp109KLDgpwsGH4J8=", - "owner": "uku3lig", - "repo": "camasca", - "rev": "f9ab5b1b70eeb6f5bc0e47375ef11b8f3eb81d25", - "type": "github" - }, - "original": { - "owner": "uku3lig", - "repo": "camasca", - "type": "github" - } - }, "catppuccin": { "locked": { "lastModified": 1724469296, @@ -230,11 +207,11 @@ "zls": "zls" }, "locked": { - "lastModified": 1724906556, - "narHash": "sha256-nOU3KyEmLpdIuh1HXLDqKJCYRqtXlelL55doP2rYm24=", + "lastModified": 1724730981, + "narHash": "sha256-zDUQEJfcKKup13qgVo200kbU/M/ejjLKQF9AkrFI7mY=", "ref": "refs/heads/main", - "rev": "fcb8b04049ba9a4d12d16a18bcc6be4311c9e76e", - "revCount": 7101, + "rev": "23c924140a2a5054239cd9e4ce773cb5dc613cff", + "revCount": 7080, "type": "git", "url": "ssh://git@github.com/ghostty-org/ghostty" }, @@ -335,11 +312,11 @@ ] }, "locked": { - "lastModified": 1724832687, - "narHash": "sha256-NqhyGfmRbL65TUSItGo5SxNlrMNIqk82RxNU8pbjOwo=", + "lastModified": 1724400737, + "narHash": "sha256-XDYQF8N7mbQowiqXvPXxK4iQbv0wzakeuKv/m/qbHL0=", "owner": "soopyc", "repo": "mystia", - "rev": "82be480f3319695151e21ccf4f0a0a648cae4f38", + "rev": "affe0b9db4cf176f319fe7f827f99300cede02f3", "type": "github" }, "original": { @@ -394,11 +371,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724819573, - "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", + "lastModified": 1724479785, + "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", + "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", "type": "github" }, "original": { @@ -411,7 +388,6 @@ "inputs": { "agenix": "agenix", "api-rs": "api-rs", - "camasca": "camasca", "catppuccin": "catppuccin", "crane": "crane", "flake-parts": "flake-parts", @@ -543,11 +519,11 @@ ] }, "locked": { - "lastModified": 1724895129, - "narHash": "sha256-dPFrppp6f2SbgLo2T8+95acFicBhiSLTF/C3iuUrrcw=", + "lastModified": 1724722238, + "narHash": "sha256-DLtiPBpKBIL4+lxu7H8e6gPZvZ3Rb7D8mMh8OieBURM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7d36ec13978b27d91958a39579a52d28ef015897", + "rev": "ad07ef4512e976b9537d05b7d2e4a5d7a2965ff7", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ab793fc..01ef327 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,7 @@ imports = [ ./systems + ./exprs ]; perSystem = { @@ -21,10 +22,12 @@ }: { apps = (nixinate.nixinate.${system} self).nixinate; - devShells.default = with pkgs; - mkShellNoCC { - packages = [just statix]; - }; + devShells.default = pkgs.mkShellNoCC { + packages = with pkgs; [ + just + statix + ]; + }; formatter = pkgs.alejandra; }; @@ -33,12 +36,6 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; - camasca = { - url = "github:uku3lig/camasca"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-parts.follows = "flake-parts"; - }; - agenix = { url = "github:uku3lig/agenix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/justfile b/justfile index 9dbe4a1..049f297 100644 --- a/justfile +++ b/justfile @@ -8,10 +8,6 @@ switch *args: @sudo -v sudo nixos-rebuild switch --flake . --keep-going {{args}} -boot *args: - @sudo -v - sudo nixos-rebuild boot --flake . --keep-going {{args}} - deploy system: nix run .#{{system}} diff --git a/programs/fish.nix b/programs/fish.nix index 7b95912..e01b758 100644 --- a/programs/fish.nix +++ b/programs/fish.nix @@ -11,8 +11,6 @@ enable = true; interactiveShellInit = with pkgs; '' - set -gx SSH_AUTH_SOCK /run/user/1000/ssh-agent - if test -f ~/.ssh/id_ed25519 ssh-add -l | grep -q (ssh-keygen -lf ~/.ssh/id_ed25519) || ssh-add ~/.ssh/id_ed25519 end diff --git a/programs/kde.nix b/programs/kde.nix deleted file mode 100644 index fa41575..0000000 --- a/programs/kde.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - camasca, - pkgs, - ... -}: { - services.desktopManager.plasma6.enable = true; - - environment = { - systemPackages = with pkgs; [ - flameshot - camasca.packages.${pkgs.system}.koi - ]; - - plasma6.excludePackages = with pkgs.kdePackages; [ - plasma-browser-integration - elisa - okular - kate - khelpcenter - ]; - }; -} diff --git a/secrets/etna/forgejoRunnerSecret.age b/secrets/etna/forgejoRunnerSecret.age deleted file mode 100644 index e592412..0000000 --- a/secrets/etna/forgejoRunnerSecret.age +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WnZ4dWtjU2JBQ3JDRktR -K2RDMktEcDdyOGIyOVZ0VGppVm9iRW5kaGlzCno3eXFlc2U2Z3J4TzNIblFiMGlR -N1FCQnRTcDkxdzhGZkg0WFdqQ2ZpUmMKLT4gWDI1NTE5IC9WbG5iYjdiUFMwNnJK -QnMwUVordXNGRmlsWXRUNEk4Y1ZSVEV1VzNuVzQKUVZZdStyRGhIdE5oUk5sMTVO -blVuV2MrejBNNmVhSzdqRmlJYmVlNTlEZwotPiBYMjU1MTkgVTAxKzhxU1JNSWRn -KzVocEY2ODV2YmxMVk5TRGZyanJjZUFiNjFVMDUyRQpMY0JUU29CeWN1OUM5T2tS -MVlJYm9MQ3ZvT2VyQXRJanRpMVFWTlJNVENBCi0tLSAyTVplNGFzMm93b1pFVTEr -MlhKelpvT3dQTWxNNXpqNTdIdHBCbEUrRTZBChSSgqcbi9is6ISM4n0UeA/tsXgM -6mFlP8XO7o3FWHMvv84gK2861kG8hlITXjAFdsSIkUoA31O45hlr9b6+A/b8M7lu -PZYdP9leVeh/Dxk= ------END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index dc42b80..ee07cd5 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -26,5 +26,4 @@ in { "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna]; "etna/turnstileSecret.age".publicKeys = main ++ [etna]; "etna/navidromeEnv.age".publicKeys = main ++ [etna]; - "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna]; } diff --git a/systems/etna/default.nix b/systems/etna/default.nix index b31d207..830582a 100644 --- a/systems/etna/default.nix +++ b/systems/etna/default.nix @@ -76,9 +76,4 @@ in { "cloudflared-tunnel-${tunnelId}".serviceConfig.RestartSec = "10s"; frp.serviceConfig.EnvironmentFile = secrets.get "frpToken"; }; - - virtualisation = { - docker.enable = true; - oci-containers.backend = "docker"; - }; } diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix index 43bae3a..170fb8e 100644 --- a/systems/etna/forgejo.nix +++ b/systems/etna/forgejo.nix @@ -1,25 +1,20 @@ { - pkgs, config, _utils, ... }: let - secrets = _utils.setupSecrets config { - secrets = ["turnstileSecret" "forgejoRunnerSecret"]; - extra = { - owner = "forgejo"; - group = "forgejo"; - }; + turnstileSecret = _utils.setupSingleSecret config "turnstileSecret" { + owner = "forgejo"; + group = "forgejo"; }; in { - imports = [secrets.generate]; + imports = [turnstileSecret.generate]; cfTunnels."git.uku3lig.net" = "http://localhost:3000"; services = { forgejo = { enable = true; - package = pkgs.forgejo; # forgejo-lts by default database = { type = "postgres"; @@ -27,7 +22,7 @@ in { }; secrets = { - service.CF_TURNSTILE_SECRET = secrets.get "turnstileSecret"; + service.CF_TURNSTILE_SECRET = turnstileSecret.path; }; settings = { @@ -53,10 +48,7 @@ in { ENABLED = true; }; - actions = { - ENABLED = true; - DEFAULT_ACTIONS_URL = "https://github.com"; - }; + actions.ENABLED = false; "ui.meta" = { AUTHOR = "uku's forge"; @@ -69,29 +61,6 @@ in { }; }; - gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; - instances.etna = { - enable = true; - name = "etna"; - url = "https://git.uku3lig.net"; - tokenFile = secrets.get "forgejoRunnerSecret"; - labels = [ - "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" - ]; - - settings = { - log.level = "info"; - container.network = "host"; - runner = { - capacity = 4; - timeout = "2h"; - insecure = false; - }; - }; - }; - }; - frp.settings.proxies = [ { name = "forgejo-ssh"; diff --git a/systems/etna/minecraft.nix b/systems/etna/minecraft.nix index 9c7ec0f..ffc16e2 100644 --- a/systems/etna/minecraft.nix +++ b/systems/etna/minecraft.nix @@ -44,6 +44,8 @@ in { lynn ]; + virtualisation.oci-containers.backend = "docker"; + systemd.services.restart-minecraft-servers = { wantedBy = ["multi-user.target"]; script = '' diff --git a/systems/etna/reposilite.nix b/systems/etna/reposilite.nix index 0275786..5968458 100644 --- a/systems/etna/reposilite.nix +++ b/systems/etna/reposilite.nix @@ -1,5 +1,5 @@ -{camasca, ...}: { - imports = [camasca.nixosModules.reposilite]; +{self, ...}: { + imports = [self.nixosModules.reposilite]; cfTunnels."maven.uku3lig.net" = "http://localhost:8080";