From 35c774b55eb90fcdea3a00eebceb1e4008a505b3 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Wed, 29 Oct 2025 20:25:43 +0100 Subject: [PATCH 01/14] waybar: add basic setup --- modules/desktop/addons/waybar.css | 39 +++++++++++++++++ modules/desktop/addons/waybar.nix | 73 +++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100644 modules/desktop/addons/waybar.css diff --git a/modules/desktop/addons/waybar.css b/modules/desktop/addons/waybar.css new file mode 100644 index 0000000..19cfd0e --- /dev/null +++ b/modules/desktop/addons/waybar.css @@ -0,0 +1,39 @@ +@define-color foreground #eeeeee; +@define-color foreground-inactive #aaaaaa; +@define-color background #000000; + +* { + font-family: JetBrainsMono Nerd Font; + font-size: 17px; + padding: 0; + margin: 0; +} + +#waybar { + color: @foreground; + background-color: @background; +} + +#workspaces button { + color: @foreground; + padding-right: .5em +} + +#workspaces button.empty { + color: @foreground-inactive; +} + +#memory, +#custom-platform-profile { + padding-left: 1em +} + +#wireplumber, +#battery, +#idle_inhibitor, +#language, +#network, +#bluetooth, +#tray { + padding-right: 1em +} \ No newline at end of file diff --git a/modules/desktop/addons/waybar.nix b/modules/desktop/addons/waybar.nix index 0db3279..632881e 100644 --- a/modules/desktop/addons/waybar.nix +++ b/modules/desktop/addons/waybar.nix @@ -1,3 +1,76 @@ { + flake.modules.homeManager.cholli = + { lib, osConfig, ... }: + { + config = lib.mkIf osConfig.programs.niri.enable { + programs.waybar = { + enable = true; + style = ./waybar.css; + settings = { + topBar = { + layer = "top"; + position = "top"; + output = "DP-1"; + height = 30; + spacing = 2; + modules-left = [ "niri/workspaces" ]; + modules-center = [ "clock" ]; + modules-right = [ + "idle_inhibitor" + "bluetooth" + "wireplumber" + "cpu" + "memory" + "tray" + ]; + "niri/workspaces" = { + "format" = "{icon}"; + "on-click" = "activate"; + "format-icons" = { + "active" = ""; + "default" = ""; + }; + "icon-size" = 10; + "sort-by-number" = true; + }; + "clock" = { + "format" = "{:%d.%m.%Y | %H:%M}"; + }; + "wireplumber" = { + "format" = " {volume}%"; + "max-volume" = 100; + "scroll-step" = 5; + }; + "cpu" = { + "format" = " {usage}%"; + }; + "memory" = { + "interval" = 30; + "format" = " {used:0.1f}G "; + }; + "bluetooth" = { + "format" = ""; + "format-disabled" = "󰂲"; + "format-connected" = "󰂱"; + "tooltip-format" = "{controller_alias}\t{controller_address}"; + "tooltip-format-connected" = "{controller_alias}\t{controller_address}\n\n{device_enumerate}"; + "tooltip-format-enumerate-connected" = "{device_alias}\t{device_address}"; + }; + "tray" = { + "icon-size" = 16; + "spacing" = 16; + }; + "idle_inhibitor" = { + "format" = "{icon}"; + "format-icons" = { + "activated" = ""; + "deactivated" = "󰒲"; + }; + }; + }; + }; + }; + }; + }; } From 594710fda5e6a456b193dcaf632c3475019ebeef Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Thu, 30 Oct 2025 16:06:56 +0100 Subject: [PATCH 02/14] niri: more themeing --- modules/base/starship.nix | 1 - modules/desktop/niri.nix | 62 ++++++++++++++++++++++++++++++++++----- 2 files changed, 54 insertions(+), 9 deletions(-) diff --git a/modules/base/starship.nix b/modules/base/starship.nix index 0a0b38e..0da7519 100644 --- a/modules/base/starship.nix +++ b/modules/base/starship.nix @@ -2,7 +2,6 @@ flake.modules.homeManager.cholli = { ... }: { - catppuccin.starship.enable = false; programs = { starship = { enable = true; diff --git a/modules/desktop/niri.nix b/modules/desktop/niri.nix index aff7673..505e118 100644 --- a/modules/desktop/niri.nix +++ b/modules/desktop/niri.nix @@ -14,14 +14,12 @@ environment.systemPackages = with pkgs; [ kitty - fuzzel inputs.niri-flake.packages.${pkgs.system}.xwayland-satellite-unstable wl-clipboard xsel - waybar libnotify ]; @@ -76,15 +74,33 @@ }: { config = lib.mkIf (osConfig.networking.hostName == "yggdrasil" && osConfig.programs.niri.enable) { + catppuccin = { + flavor = "mocha"; + accent = "lavender"; + cursors = { + enable = true; + }; + + fuzzel = { + enable = true; + }; + + mako = { + enable = true; + }; + }; + services.mako = { enable = true; settings = { border-radius = 15; - border-color = "#505050"; - background-color = "#00000070"; }; }; + programs.fuzzel = { + enable = true; + }; + programs.niri.settings = { prefer-no-csd = true; @@ -144,6 +160,11 @@ }; }; + cursor = { + hide-when-typing = true; + hide-after-inactive-ms = 10000; + }; + hotkey-overlay.skip-at-startup = true; screenshot-path = "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"; @@ -207,12 +228,25 @@ { matches = [ { - app-id = "1password"; + # This matches any subwindow of 1password e.g. the confirmation window for ssh keys + app-id = "1Password"; + title = "1Password"; is-floating = true; - is-focused = false; } ]; + # this works, the border is drawn correctly + border = { + enable = true; + width = 2; + active.color = "#3a9657"; + inactive.color = "#dbd11c"; + }; + + #this does not seem to work + open-focused = true; + open-on-output = "DP-1"; + } { matches = [ @@ -225,6 +259,18 @@ open-on-workspace = "02-steam"; open-maximized = true; } + { + matches = [ + { + app-id = "obsidian"; + } + { + app-id = "teams-for-linux"; + } + ]; + + open-on-workspace = "03-work"; + } { matches = [ { @@ -259,6 +305,7 @@ matches = [ { app-id = "1Password"; + at-startup = true; } ]; @@ -460,12 +507,11 @@ spawn-at-startup = [ { argv = [ "waybar" ]; } { argv = [ "zen-beta" ]; } - { argv = [ "steam" ]; } { argv = [ "obsidian" ]; } { argv = [ "discord" ]; } { argv = [ "1password" ]; } + { sh = "steam"; } ]; - }; }; From 45fbdb91861218f42055a5fe5128378399bc619c Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Thu, 30 Oct 2025 23:27:00 +0100 Subject: [PATCH 03/14] niri: add inputs for all machines otherwise they fail to evaluate --- modules/base/system/default.nix | 1 + modules/desktop/niri.nix | 3 --- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/base/system/default.nix b/modules/base/system/default.nix index 733c1c2..0f6c9fc 100644 --- a/modules/base/system/default.nix +++ b/modules/base/system/default.nix @@ -30,6 +30,7 @@ { imports = [ inputs.sops-nix.nixosModules.sops + inputs.niri-flake.nixosModules.niri ]; environment.systemPackages = with pkgs; [ diff --git a/modules/desktop/niri.nix b/modules/desktop/niri.nix index 505e118..1455b82 100644 --- a/modules/desktop/niri.nix +++ b/modules/desktop/niri.nix @@ -3,9 +3,6 @@ nixos.niri = { inputs, pkgs, ... }: { - imports = [ - inputs.niri-flake.nixosModules.niri - ]; programs.niri = { enable = true; From 0378235fac612b758cf1f6d7d99d5ac2e5586082 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Thu, 30 Oct 2025 23:27:30 +0100 Subject: [PATCH 04/14] bluetooth: add tui for easy interaction --- modules/systems/bluetooth.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/systems/bluetooth.nix b/modules/systems/bluetooth.nix index 917ca3a..eb78b93 100644 --- a/modules/systems/bluetooth.nix +++ b/modules/systems/bluetooth.nix @@ -1,7 +1,9 @@ { flake.modules.nixos.bluetooth = - { ... }: + { pkgs, ... }: { + environment.systemPackages = [ pkgs.bluetui ]; + hardware.bluetooth = { enable = true; powerOnBoot = true; From a3f4d4615a4097583fc2ccab70ac3744e1964cbb Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Thu, 30 Oct 2025 23:27:53 +0100 Subject: [PATCH 05/14] tools: add pyfa and pob --- modules/games/various-games.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/games/various-games.nix b/modules/games/various-games.nix index 7f542e7..ef45bca 100644 --- a/modules/games/various-games.nix +++ b/modules/games/various-games.nix @@ -5,6 +5,10 @@ environment.systemPackages = with pkgs; [ prismlauncher starsector + + # gaming tools + pyfa + path-of-building ]; }; } From 7dd9d8ad675819f791acff5b9433e44914bb9313 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Thu, 30 Oct 2025 23:32:11 +0100 Subject: [PATCH 06/14] loptland: remove dev only stuff --- modules/hosts/loptland/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/hosts/loptland/default.nix b/modules/hosts/loptland/default.nix index 48a97e8..b30edcc 100644 --- a/modules/hosts/loptland/default.nix +++ b/modules/hosts/loptland/default.nix @@ -30,7 +30,6 @@ in # System modules base server - dev # apps @@ -45,7 +44,6 @@ in # components base - dev # Activate all user based config cholli From cddca4ee54d878a8a6fe4e91945010be46f6fd01 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Thu, 30 Oct 2025 23:51:47 +0100 Subject: [PATCH 07/14] loptland: add more modules --- modules/hosts/loptland/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/hosts/loptland/default.nix b/modules/hosts/loptland/default.nix index b30edcc..e80226e 100644 --- a/modules/hosts/loptland/default.nix +++ b/modules/hosts/loptland/default.nix @@ -30,6 +30,8 @@ in # System modules base server + hydra + factorio-server # apps From 82f7af38568f9d41cd0a8aae86ac7c77b64c6701 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Thu, 30 Oct 2025 23:56:37 +0100 Subject: [PATCH 08/14] niri: disable desktop stuff for server --- modules/desktop/addons/hypridle.nix | 42 ++++---- modules/desktop/addons/hyprlock.nix | 152 ++++++++++++++------------- modules/desktop/addons/hyprpaper.nix | 33 +++--- 3 files changed, 120 insertions(+), 107 deletions(-) diff --git a/modules/desktop/addons/hypridle.nix b/modules/desktop/addons/hypridle.nix index 7d7121c..94c7ea6 100644 --- a/modules/desktop/addons/hypridle.nix +++ b/modules/desktop/addons/hypridle.nix @@ -1,27 +1,29 @@ { flake.modules.homeManager.cholli = - { ... }: + { lib, osConfig, ... }: { - services.hypridle = { - enable = true; - settings = { - general = { - after_sleep_cmd = "hyprctl dispatch dpms on"; - ignore_dbus_inhibit = false; - lock_cmd = "hyprlock-blur"; - }; + config = lib.mkIf (osConfig.networking.hostName == "yggdrasil") { + services.hypridle = { + enable = true; + settings = { + general = { + after_sleep_cmd = "hyprctl dispatch dpms on"; + ignore_dbus_inhibit = false; + lock_cmd = "hyprlock-blur"; + }; - listener = [ - { - timeout = 600; - on-timeout = "loginctl lock-session"; - } - { - timeout = 1200; - on-timeout = "hyprctl dispatch dpms off"; - on-resume = "hyprctl dispatch dpms on"; - } - ]; + listener = [ + { + timeout = 600; + on-timeout = "loginctl lock-session"; + } + { + timeout = 1200; + on-timeout = "hyprctl dispatch dpms off"; + on-resume = "hyprctl dispatch dpms on"; + } + ]; + }; }; }; }; diff --git a/modules/desktop/addons/hyprlock.nix b/modules/desktop/addons/hyprlock.nix index 3ceb547..fda7404 100644 --- a/modules/desktop/addons/hyprlock.nix +++ b/modules/desktop/addons/hyprlock.nix @@ -25,91 +25,99 @@ }; homeManager.cholli = - { inputs, pkgs, ... }: + { + inputs, + lib, + pkgs, + osConfig, + ... + }: let hyprlock-package = inputs.hyprlock.packages.${pkgs.system}.hyprlock; in { - programs.hyprlock = { - enable = true; - package = hyprlock-package; - settings = { - # inspiration from https://github.com/justinmdickey/publicdots/blob/main/.config/hypr/hyprlock.conf - background = [ - { + config = lib.mkIf (osConfig.networking.hostName == "yggdrasil") { + programs.hyprlock = { + enable = true; + package = hyprlock-package; + settings = { + # inspiration from https://github.com/justinmdickey/publicdots/blob/main/.config/hypr/hyprlock.conf + background = [ + { + monitor = "DP-1"; + path = "/tmp/screenshot1.png"; + + blur_passes = 1; # 0 disables blurring + blur_size = 7; + noise = 1.17e-2; + } + { + monitor = "HDMI-A-1"; + path = "/tmp/screenshot2.png"; + + blur_passes = 2; # 0 disables blurring + blur_size = 7; + noise = 1.17e-2; + } + ]; + + label = [ + { + monitor = "DP-1"; + text = "$TIME"; + color = "rgba(242, 243, 244, 0.75)"; + font_size = 95; + font_family = "JetBrains Mono"; + position = "0, 300"; + halign = "center"; + valign = "center"; + } + { + + monitor = "DP-1"; + text = ''cmd[update:1000] echo $(date +"%A, %B %d")''; + color = "rgba(242, 243, 244, 0.75)"; + font_size = 22; + font_family = "JetBrains Mono"; + position = "0, 200"; + halign = "center"; + valign = "center"; + + } + ]; + + image = { monitor = "DP-1"; - path = "/tmp/screenshot1.png"; + path = "/home/cholli/Pictures/profile.png"; - blur_passes = 1; # 0 disables blurring - blur_size = 7; - noise = 1.17e-2; - } - { - monitor = "HDMI-A-1"; - path = "/tmp/screenshot2.png"; - - blur_passes = 2; # 0 disables blurring - blur_size = 7; - noise = 1.17e-2; - } - ]; - - label = [ - { - monitor = "DP-1"; - text = "$TIME"; - color = "rgba(242, 243, 244, 0.75)"; - font_size = 95; - font_family = "JetBrains Mono"; - position = "0, 300"; + position = "0, 50"; halign = "center"; valign = "center"; - } - { + }; + input-field = { monitor = "DP-1"; - text = ''cmd[update:1000] echo $(date +"%A, %B %d")''; - color = "rgba(242, 243, 244, 0.75)"; - font_size = 22; - font_family = "JetBrains Mono"; - position = "0, 200"; + size = "200,50"; + outline_thickness = 2; + dots_size = 0.2; # Scale of input-field height, 0.2 - 0.8 + dots_spacing = 0.35; # Scale of dots' absolute size, 0.0 - 1.0 + dots_center = true; + outer_color = "rgba(0, 0, 0, 0)"; + inner_color = "rgba(0, 0, 0, 0.2)"; + font_color = "rgb(111, 45, 104)"; + fade_on_empty = false; + rounding = -1; + check_color = "rgb(30, 107, 204)"; + placeholder_text = ''Input Password...''; + hide_input = false; + position = "0, -100"; halign = "center"; valign = "center"; + }; - } - ]; - - image = { - monitor = "DP-1"; - path = "/home/cholli/Pictures/profile.png"; - - position = "0, 50"; - halign = "center"; - valign = "center"; - }; - - input-field = { - monitor = "DP-1"; - size = "200,50"; - outline_thickness = 2; - dots_size = 0.2; # Scale of input-field height, 0.2 - 0.8 - dots_spacing = 0.35; # Scale of dots' absolute size, 0.0 - 1.0 - dots_center = true; - outer_color = "rgba(0, 0, 0, 0)"; - inner_color = "rgba(0, 0, 0, 0.2)"; - font_color = "rgb(111, 45, 104)"; - fade_on_empty = false; - rounding = -1; - check_color = "rgb(30, 107, 204)"; - placeholder_text = ''Input Password...''; - hide_input = false; - position = "0, -100"; - halign = "center"; - valign = "center"; - }; - - general = { - auth_method = "pam"; + general = { + auth_method = "pam"; + }; }; }; }; diff --git a/modules/desktop/addons/hyprpaper.nix b/modules/desktop/addons/hyprpaper.nix index 737eef8..fde7dd6 100644 --- a/modules/desktop/addons/hyprpaper.nix +++ b/modules/desktop/addons/hyprpaper.nix @@ -1,26 +1,29 @@ { flake.modules.homeManager.cholli = - { ... }: + { lib, osConfig, ... }: let picture-path = "/home/cholli/Pictures/firewatch.jpg"; in { - home.file = { - # https://www.reddit.com/r/WidescreenWallpaper/comments/13hib3t/purple_firewatch_3840x1620/ - "Pictures/firewatch.jpg".source = ./firewatch.jpg; - }; + config = lib.mkIf (osConfig.networking.hostName == "yggdrasil") { - wayland.windowManager.hyprland.settings.exec-once = [ - ''hyprctl hyprpaper wallpaper "DP-1,${picture-path}"'' - ]; - - services.hyprpaper = { - enable = true; - settings = { - preload = [ picture-path ]; - wallpaper = "DP-1,${picture-path}"; + home.file = { + # https://www.reddit.com/r/WidescreenWallpaper/comments/13hib3t/purple_firewatch_3840x1620/ + "Pictures/firewatch.jpg".source = ./firewatch.jpg; }; - }; + wayland.windowManager.hyprland.settings.exec-once = [ + ''hyprctl hyprpaper wallpaper "DP-1,${picture-path}"'' + ]; + + services.hyprpaper = { + enable = true; + settings = { + preload = [ picture-path ]; + wallpaper = "DP-1,${picture-path}"; + }; + }; + + }; }; } From c863aa7354fb53abd316cb13ac3ae3af4f4945b8 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Fri, 31 Oct 2025 00:24:07 +0100 Subject: [PATCH 09/14] loptland: more modules --- modules/base/system/default.nix | 1 - modules/hosts/loptland/default.nix | 24 +++++----- modules/hosts/loptland/nginx.nix | 8 ++-- modules/server/forgejo.nix | 76 ++++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+), 19 deletions(-) create mode 100644 modules/server/forgejo.nix diff --git a/modules/base/system/default.nix b/modules/base/system/default.nix index 0f6c9fc..1dd8290 100644 --- a/modules/base/system/default.nix +++ b/modules/base/system/default.nix @@ -50,7 +50,6 @@ defaultSopsFile = ../../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; - # age.keyFile = "/home/cholli/.config/sops/age/keys.txt"; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; diff --git a/modules/hosts/loptland/default.nix b/modules/hosts/loptland/default.nix index e80226e..5c8f685 100644 --- a/modules/hosts/loptland/default.nix +++ b/modules/hosts/loptland/default.nix @@ -14,8 +14,8 @@ in ... }: let + domainName = "christophhollizeck.dev"; sopsFile = ../../../secrets/secrets-loptland.yaml; - in { nixpkgs.config.allowUnfree = true; @@ -31,6 +31,7 @@ in base server hydra + forgejo factorio-server # apps @@ -55,19 +56,16 @@ in ]; - sops = { - secrets = { - "forgejo/db/password" = { - inherit sopsFile; - }; - "forgejo/mail/password" = { - inherit sopsFile; - }; - "forgejo/mail/passwordHash" = { - inherit sopsFile; - }; - }; + services.tailscale = { + enable = true; + useRoutingFeatures = "client"; }; + networking.firewall.allowedTCPPorts = [ + 3000 + 80 + 443 + ]; + }; } diff --git a/modules/hosts/loptland/nginx.nix b/modules/hosts/loptland/nginx.nix index 9f374ed..99215ff 100644 --- a/modules/hosts/loptland/nginx.nix +++ b/modules/hosts/loptland/nginx.nix @@ -8,8 +8,6 @@ }: let domainName = "christophhollizeck.dev"; - forgejoPort = 3000; - hydraPort = 2000; in { services.nginx = { @@ -17,7 +15,7 @@ recommendedProxySettings = true; virtualHosts = { - "git.${domainName}" = { + "git.${domainName}" = lib.mkIf config.services.forgejo.enable { forceSSL = true; useACMEHost = domainName; @@ -25,7 +23,7 @@ extraConfig = '' client_max_body_size 200M; ''; - proxyPass = "http://localhost:${toString forgejoPort}/"; + proxyPass = "http://localhost:${toString 3000}/"; }; }; @@ -34,7 +32,7 @@ useACMEHost = domainName; locations."/" = { - proxyPass = "http://localhost:${toString hydraPort}/"; + proxyPass = "http://localhost:${toString config.services.hydra.port}/"; }; }; diff --git a/modules/server/forgejo.nix b/modules/server/forgejo.nix new file mode 100644 index 0000000..caaf9b3 --- /dev/null +++ b/modules/server/forgejo.nix @@ -0,0 +1,76 @@ +{ + flake.modules.nixos.forgejo = + { config, inputs, ... }: + let + domainName = "christophhollizeck.dev"; + forgejoPort = 3000; + sopsFile = ../../secrets/secrets-loptland.yaml; + in + { + imports = [ + inputs.simple-nixos-mailserver.nixosModules.default + ]; + + sops = { + secrets = { + "forgejo/db/password" = { + inherit sopsFile; + }; + "forgejo/mail/password" = { + inherit sopsFile; + }; + "forgejo/mail/passwordHash" = { + inherit sopsFile; + }; + }; + }; + + services.forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + database = { + passwordFile = config.sops.secrets."forgejo/db/password".path; + }; + + settings = { + server = { + DOMAIN = "git.${domainName}"; + ROOT_URL = "https://git.${domainName}"; + HTTP_PORT = forgejoPort; + }; + + mailer = { + ENABLED = true; + PROTOCOL = "smtps"; + FROM = "no-reply@${domainName}"; + SMTP_ADDR = "mail.${domainName}"; + USER = "forgejo@${domainName}"; + }; + + service.DISABLE_REGISTRATION = true; + }; + + secrets = { + mailer.PASSWD = config.sops.secrets."forgejo/mail/password".path; + }; + }; + + mailserver = { + enable = true; + fqdn = "mail.${domainName}"; + domains = [ domainName ]; + + loginAccounts = { + "forgejo@${domainName}" = { + hashedPasswordFile = config.sops.secrets."forgejo/mail/passwordHash".path; + aliases = [ "no-reply@${domainName}" ]; + }; + }; + + certificateScheme = "acme-nginx"; + stateVersion = 3; + }; + + }; +} From c77a411103880403bb9f315a020b7dd8baa9b6e4 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Fri, 31 Oct 2025 00:45:33 +0100 Subject: [PATCH 10/14] loptland: forgejo-runner --- modules/hosts/loptland/default.nix | 3 +- modules/server/forgejo-runner.nix | 52 ++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 modules/server/forgejo-runner.nix diff --git a/modules/hosts/loptland/default.nix b/modules/hosts/loptland/default.nix index 5c8f685..b35e3b4 100644 --- a/modules/hosts/loptland/default.nix +++ b/modules/hosts/loptland/default.nix @@ -31,8 +31,9 @@ in base server hydra - forgejo factorio-server + forgejo + forgejo-runner # apps diff --git a/modules/server/forgejo-runner.nix b/modules/server/forgejo-runner.nix new file mode 100644 index 0000000..5b7dd7e --- /dev/null +++ b/modules/server/forgejo-runner.nix @@ -0,0 +1,52 @@ +{ + flake.modules.nixos.forgejo-runner = + { config, pkgs, ... }: + let + sopsFile = ../../secrets/secrets-loptland.yaml; + in + { + sops = { + secrets = { + "forgejo/runner/token" = { + inherit sopsFile; + }; + }; + }; + + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances = { + native = { + enable = true; + name = "monolith"; + url = "https://git.christophhollizeck.dev"; + tokenFile = config.sops.secrets."forgejo/runner/token".path; + labels = [ + "native:host" + ]; + hostPackages = with pkgs; [ + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + lix + ]; + settings = { + log.level = "info"; + runner = { + capacity = 1; + timeout = "3h"; + shutdown_timeout = "5s"; + fetch_timeout = "10s"; + fetch_inteval = "5s"; + }; + }; + }; + }; + }; + }; +} From 81376afa2e9a1e57c3f00acb7c24ad746bd43735 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Fri, 31 Oct 2025 00:53:48 +0100 Subject: [PATCH 11/14] cholli: add authorizedKeys --- modules/users/cholli/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/users/cholli/default.nix b/modules/users/cholli/default.nix index 2299d9e..e6abbf2 100644 --- a/modules/users/cholli/default.nix +++ b/modules/users/cholli/default.nix @@ -41,6 +41,8 @@ shell = pkgs.fish; # TODO: fix this with sops initialPassword = "asdf"; + + openssh.authorizedKeys.keys = config.flake.meta.users.cholli.authorizedKeys; }; nix.settings.trusted-users = [ config.flake.meta.users.cholli.username ]; From 577eebbdf5d2d325e451fb506bde10228d8c5b80 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Fri, 31 Oct 2025 00:54:05 +0100 Subject: [PATCH 12/14] loptland: add remote runner --- modules/hosts/loptland/default.nix | 36 ++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/modules/hosts/loptland/default.nix b/modules/hosts/loptland/default.nix index b35e3b4..684e919 100644 --- a/modules/hosts/loptland/default.nix +++ b/modules/hosts/loptland/default.nix @@ -68,5 +68,41 @@ in 443 ]; + nix = { + distributedBuilds = true; + + extraOptions = '' + builders-use-substitutes = true + ''; + + buildMachines = [ + { + hostName = "localhost"; + protocol = null; + system = "x86_64-linux"; + + supportedFeatures = [ + "kvm" + "nixos-test" + "big-parallel" + "benchmark" + ]; + } + { + hostName = "100.86.23.74"; + sshUser = "remotebuild"; + sshKey = "/root/.ssh/remotebuild"; + systems = [ "aarch64-linux" ]; + protocol = "ssh"; + + supportedFeatures = [ + "nixos-test" + "big-parallel" + "kvm" + ]; + } + ]; + }; + }; } From 2ccdcd230abf6b1e1bf19743ddbce7af43585037 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Fri, 31 Oct 2025 01:02:11 +0100 Subject: [PATCH 13/14] loptland: fix dconf issue --- modules/hosts/loptland/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/hosts/loptland/default.nix b/modules/hosts/loptland/default.nix index 684e919..a56bd98 100644 --- a/modules/hosts/loptland/default.nix +++ b/modules/hosts/loptland/default.nix @@ -21,6 +21,8 @@ in nixpkgs.config.allowUnfree = true; services.qemuGuest.enable = true; + environment.systemPackages = [ pkgs.dconf ]; + imports = with config.flake.modules.nixos; [ From ec07075ddc3fc836c68441a14b253de2719dc02f Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Fri, 31 Oct 2025 01:08:41 +0100 Subject: [PATCH 14/14] chore: update flake and fix loptland --- flake.lock | 84 +++++++++++++++--------------- modules/hosts/loptland/default.nix | 1 + modules/server/forgejo-runner.nix | 2 +- 3 files changed, 44 insertions(+), 43 deletions(-) diff --git a/flake.lock b/flake.lock index 47dded3..e23b529 100644 --- a/flake.lock +++ b/flake.lock @@ -110,11 +110,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761686631, - "narHash": "sha256-OzyQkqtH4kenusXEquQvTHnAr/6lGVS2DqErIPlzCUs=", + "lastModified": 1761839147, + "narHash": "sha256-DXDb6AVCRPosOkQPyvVrHpO//VXqyzS3uLWiasTuENI=", "owner": "cachix", "repo": "devenv", - "rev": "b59500b629c08829825d4f4eca68169ea3a8821f", + "rev": "bb7849648b68035f6b910120252c22b28195cf54", "type": "github" }, "original": { @@ -131,11 +131,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1761720242, - "narHash": "sha256-Zi9nWw68oUDMVOhf/+Z97wVbNV2K7eEAGZugQKqU7xw=", + "lastModified": 1761806629, + "narHash": "sha256-3u8345VliQtbpOtCNYYpDTCsjS8A9osrpU03E8TaIBw=", "owner": "nix-community", "repo": "fenix", - "rev": "8e4d32f4cc12b3f106af6e4515b36ac046a1ec91", + "rev": "c7c690951af16e60912678fab6155fb120cc27b0", "type": "github" }, "original": { @@ -503,11 +503,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1761663476, - "narHash": "sha256-rMapt12HqMDVo91bqojbiOh+l7UuqJ738rk1iu980qs=", + "lastModified": 1761863388, + "narHash": "sha256-UwdHjEui1q4HGrkTekvIpwM/R+pD4fCh+vKlsvZSVyU=", "owner": "helix-editor", "repo": "helix", - "rev": "de0518d0e631f1984dc7229b76c2bdadf2bffe5d", + "rev": "9dcd19e664a9efe2d6960710ddba3bbd8fda12b6", "type": "github" }, "original": { @@ -523,11 +523,11 @@ ] }, "locked": { - "lastModified": 1761666354, - "narHash": "sha256-fHr+tIYBJccNF8QWqgowfRmEAtAMSt1deZIRNKL8A7c=", + "lastModified": 1761845621, + "narHash": "sha256-d+R4MHsGmdebvSMsYUFWONsZSlUbOo8Zq/wjMdMiIac=", "owner": "nix-community", "repo": "home-manager", - "rev": "ca2ab1d877a24d5a437dad62f56b8b2c02e964e9", + "rev": "97e3022a8d2c09313fa49847f6da4d76abcfc72d", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1761733109, - "narHash": "sha256-sgZlcW1W6ioNFaMz+r4O52SLNywzRJiqRwBKRenvL6c=", + "lastModified": 1761780088, + "narHash": "sha256-ylKrWQeIAGyysfHbgZpcWUs9UsbiOBIVXTPqaiV3lf0=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "9eb82774e53dc02e4fa204a911cb4256cd21f429", + "rev": "6ade4d58cab67e18aa758ef664e36421cab4d8b2", "type": "github" }, "original": { @@ -713,11 +713,11 @@ ] }, "locked": { - "lastModified": 1761653710, - "narHash": "sha256-MhHSU9m/9HSckJ61OXcom/6F92NQf3s1QfLbRUApalc=", + "lastModified": 1761824067, + "narHash": "sha256-dB27qZRH2X5h2KM99UBYmksxb2ly2EGp5eSznTzRDe0=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "e689220b1740aa99ca67fa06055792f82fa9ed85", + "rev": "7a07883c4d3e7ec6726862586483ea119e20eb0f", "type": "github" }, "original": { @@ -1024,11 +1024,11 @@ ] }, "locked": { - "lastModified": 1761728397, - "narHash": "sha256-PyRcsly7w12wg6Vjzkn5eLvRQgX+nzHU80xBVnwE7Eg=", + "lastModified": 1761733523, + "narHash": "sha256-Z0i6J9KaMZW7bBwQOj4XZ4mZFfegvaAtvnT3suUMhPc=", "owner": "nix-community", "repo": "nh", - "rev": "149022d8973798f5ebb819fb2977b0260f049816", + "rev": "78494d6b8587c8cb36e51949f1177a4ee42a41f8", "type": "github" }, "original": { @@ -1045,11 +1045,11 @@ "rust-overlay": [] }, "locked": { - "lastModified": 1761721311, - "narHash": "sha256-fXBALdA4CKAYslcuamjzQZLUTCNBIKWybj+/2rwe3Z0=", + "lastModified": 1761800210, + "narHash": "sha256-v9/VHMISSjYpj5RgaN9qqsuC4OPVklLpN1l33HBXSE4=", "owner": "YaLTeR", "repo": "niri", - "rev": "6e8fd153395036c2daa7c214695ed9baf2409a2e", + "rev": "7c0dcddee782d2ca68620ec423d08d932ef059df", "type": "github" }, "original": { @@ -1163,11 +1163,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1761669189, - "narHash": "sha256-INBZnPA9JzyDn+Fnni2250PbRzKx7Eafz0T2c7NhXiQ=", + "lastModified": 1761827175, + "narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "9c0ee5dfa186e10efe9b53505b65d22c81860fde", + "rev": "43ffe9ac82567512abb83187cb673de1091bdfa8", "type": "github" }, "original": { @@ -1278,11 +1278,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1761672384, + "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", "type": "github" }, "original": { @@ -1310,11 +1310,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1761672384, + "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", "type": "github" }, "original": { @@ -1447,11 +1447,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1761686505, - "narHash": "sha256-jX6UrGS/hABDaM4jdx3+xgH3KCHP2zKHeTa8CD5myEo=", + "lastModified": 1761739801, + "narHash": "sha256-ONUpb+l5oEIb9iOGkmUhze5YjRexZ6sc3mwQyLXlcms=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "d08d54f3c10dfa41033eb780c3bddb50e09d30fc", + "rev": "769ebafdc66559d620bdc414743f32bb28180c58", "type": "github" }, "original": { @@ -1680,11 +1680,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1761712008, - "narHash": "sha256-Nf2s59dLg6KDUV0omZqIlOGNUxw/Rl/KKXEXQGFCAlo=", + "lastModified": 1761859061, + "narHash": "sha256-5C2x+ZQQZAAy0LowYgacT1KG83nXxjcYKMzedx89Wtw=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "1383ed38745d12f3896c996848d24c451643db58", + "rev": "26142b84460636c55bd612ae67225056c7faf134", "type": "github" }, "original": { @@ -1702,11 +1702,11 @@ ] }, "locked": { - "lastModified": 1760747435, - "narHash": "sha256-wNB/W3x+or4mdNxFPNOH5/WFckNpKgFRZk7OnOsLtm0=", + "lastModified": 1761826449, + "narHash": "sha256-4cbXup+ilfZZwyPcNYhUcVsoA0qtbnAEopuPItZ2DEc=", "owner": "mitchellh", "repo": "zig-overlay", - "rev": "d0f239b887b1ac736c0f3dde91bf5bf2ecf3a420", + "rev": "ed15dd96c4dcecc69e6c13523af38504944a3794", "type": "github" }, "original": { diff --git a/modules/hosts/loptland/default.nix b/modules/hosts/loptland/default.nix index a56bd98..94a0a0a 100644 --- a/modules/hosts/loptland/default.nix +++ b/modules/hosts/loptland/default.nix @@ -21,6 +21,7 @@ in nixpkgs.config.allowUnfree = true; services.qemuGuest.enable = true; + # TODO: dunno why I need this packge environment.systemPackages = [ pkgs.dconf ]; imports = diff --git a/modules/server/forgejo-runner.nix b/modules/server/forgejo-runner.nix index 5b7dd7e..03fe7bf 100644 --- a/modules/server/forgejo-runner.nix +++ b/modules/server/forgejo-runner.nix @@ -14,7 +14,7 @@ }; services.gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; + package = pkgs.forgejo-runner; instances = { native = { enable = true;