diff --git a/.forgejo/workflows/nightly-update.yaml b/.forgejo/workflows/nightly-update.yaml index 19734f8..3e2a78c 100644 --- a/.forgejo/workflows/nightly-update.yaml +++ b/.forgejo/workflows/nightly-update.yaml @@ -1,6 +1,6 @@ on: schedule: - - cron: 0 */4 * * * + - cron: 0 */6 * * * jobs: UpdateFlake: diff --git a/.gitattributes b/.gitattributes index 33e009d..bd5527d 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,4 +1,4 @@ -*.png filter=lfs diff=lfs merge=lfs -text -*.webp filter=lfs diff=lfs merge=lfs -text -*.jpg filter=lfs diff=lfs merge=lfs -text +# *.png filter=lfs diff=lfs merge=lfs -text +# *.webp filter=lfs diff=lfs merge=lfs -text +# *.jpg filter=lfs diff=lfs merge=lfs -text * !text !filter !merge !diff diff --git a/flake.lock b/flake.lock index 0c22181..aad6c5a 100644 --- a/flake.lock +++ b/flake.lock @@ -141,11 +141,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1746340661, - "narHash": "sha256-LTej+ruSIo15rWRXvenQ4pCeBlzXz43Ski0oJz3L0WU=", + "lastModified": 1746427067, + "narHash": "sha256-MlBKT0A2nK8LHDkeg3jrG2wo80C1bSGyT2tmKrc6pM0=", "owner": "nix-community", "repo": "fenix", - "rev": "e9ff07bb2ae690feef5bd961258b7f70d5f0d549", + "rev": "9e7d648c1f8fdf7beb9b0b1abb3a41d0d8b5fb05", "type": "github" }, "original": { @@ -515,11 +515,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1746366748, - "narHash": "sha256-B5ZgBuSwKJjCAzjQdyf5ZlKgS/BCEAsDwM4hOpkCTOs=", + "lastModified": 1746454113, + "narHash": "sha256-pa0UR+N4UxRL5NFBc2AVOb+pVNtN+UVEsN8NnQ2UITQ=", "owner": "helix-editor", "repo": "helix", - "rev": "72932a391b342d101951cf3f3280498413221c80", + "rev": "cbac4273836f5837cec641ab21f365c79b102a4b", "type": "github" }, "original": { @@ -535,11 +535,11 @@ ] }, "locked": { - "lastModified": 1746369725, - "narHash": "sha256-m3ai7LLFYsymMK0uVywCceWfUhP0k3CALyFOfcJACqE=", + "lastModified": 1746413188, + "narHash": "sha256-i6BoiQP0PasExESQHszC0reQHfO6D4aI2GzOwZMOI20=", "owner": "nix-community", "repo": "home-manager", - "rev": "1a1793f6d940d22c6e49753548c5b6cb7dc5545d", + "rev": "8a318641ac13d3bc0a53651feaee9560f9b2d89a", "type": "github" }, "original": { @@ -577,16 +577,17 @@ ] }, "locked": { - "lastModified": 1745993315, - "narHash": "sha256-VfpLQYa5QBMJoAg4BwIt5QHSRy3KdUc+uIxRy5oMn6I=", - "owner": "outfoxxed", + "lastModified": 1746462926, + "narHash": "sha256-qecgKwowsbJuV1H5gzSShuymf9nteuk+As6/mMxA4mk=", + "owner": "Daholli", "repo": "hy3", - "rev": "74a17a83c97cf332501c7f2be64381ddb9a1c679", + "rev": "fb2832c2d376332e612cd36a3273e793ecd6b62e", "type": "github" }, "original": { - "owner": "outfoxxed", + "owner": "Daholli", "repo": "hy3", + "rev": "fb2832c2d376332e612cd36a3273e793ecd6b62e", "type": "github" } }, @@ -693,11 +694,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1746394740, - "narHash": "sha256-UGCTMIAqzUegGeSZTl5ToDNJ1B3ZanoCfc2fk0Fo5bQ=", + "lastModified": 1746496467, + "narHash": "sha256-PFmX5SvVN54LdFEBzMBIx4JEKOGP5d6nR/PcYHQhMlw=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "9cd5b257459a6b4c5d5d4d1026df85f0ecbe5a93", + "rev": "1ce614dfc0eb8b323e603b76975842c1f2e6a553", "type": "github" }, "original": { @@ -723,11 +724,11 @@ ] }, "locked": { - "lastModified": 1746293931, - "narHash": "sha256-sy/iPiYNC5HT25S6BxR8CPXcu2g4j5T+5qSHkvMtDq4=", + "lastModified": 1746496640, + "narHash": "sha256-/QJ3WBWGj14Ll7d2C6pvabVZwznDk7E5XgVY1bI3VeY=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "fcf1c2ae6f082b90152bede1ec0d0d52d9de2cbf", + "rev": "eab6921631b4943e78859714964d2b9bf81724eb", "type": "github" }, "original": { @@ -897,11 +898,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1746281087, - "narHash": "sha256-9amK5DEpueAD+aobmBmjbV+C16RO7lcDOdf5ucJtNvM=", + "lastModified": 1746481532, + "narHash": "sha256-45Tsu6N3STdGnOicgm5ZBfnTHH8WlsUSseKPn3VXMCs=", "owner": "hyprwm", "repo": "hyprlock", - "rev": "6c64630df81b52208b210f02476f55e4db56e6cf", + "rev": "fae1c4f6fe38f04ad1f3965713b9cafb139464da", "type": "github" }, "original": { @@ -1069,11 +1070,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1746381970, - "narHash": "sha256-jfXpTC+2sPVetdx0srQf1ggY9+GgE6n1PP8M0z+cOo0=", + "lastModified": 1746410227, + "narHash": "sha256-F2gKEIBfqfeQUcvMg0YD3xRnJIPyEgINR+ouTedoAtg=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "46c04615dadf01102eacc975ecdaecdab5b46fe1", + "rev": "3b68db5adeda4b4ac018aea0acf8ebb4941c4b15", "type": "github" }, "original": { @@ -1089,11 +1090,11 @@ ] }, "locked": { - "lastModified": 1745836145, - "narHash": "sha256-CQ18gPSd8nHMrK2K7hqsmLedQFfefUBgIq8AHHXsPRU=", + "lastModified": 1746437902, + "narHash": "sha256-cAYSTvh+nKl/DQDS0+MlepFRQxsAGt7bRSwvoRyNJuw=", "owner": "Mic92", "repo": "nix-ld", - "rev": "3a4fcea3d9a3c1366a745d23808114a67bf98c68", + "rev": "3262ac5b572f0f45a97212afda927208f3a463f1", "type": "github" }, "original": { @@ -1104,11 +1105,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1746341346, - "narHash": "sha256-WjupK5Xpc+viJlJWiyPHp/dF4aJItp1BPuFsEdv2/fI=", + "lastModified": 1746468201, + "narHash": "sha256-hSOSlrvMJwGr8hX/gc0mnhUf5UIClMDUAadfXlSXzfc=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "0833dc8bbc4ffa9cf9b0cbfccf1c5ec8632fc66e", + "rev": "6aabf68429c0a414221d1790945babfb6a0bd068", "type": "github" }, "original": { @@ -1125,11 +1126,11 @@ ] }, "locked": { - "lastModified": 1746286866, - "narHash": "sha256-oSFEsgSEcLX7kYQXH5q/xyncD3qmrGgXv22pGDPPfBY=", + "lastModified": 1746453552, + "narHash": "sha256-r66UGha+7KVHkI7ksrcMjnw/mm9Sg4l5bQlylxHwdGU=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "0f4ffe22d9736192f560cb851d64106fe65b6adc", + "rev": "be618645aa0adf461f778500172b6896d5ab2d01", "type": "github" }, "original": { @@ -1202,11 +1203,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1746402610, - "narHash": "sha256-2e4+sE8D87m7h1nYCIkxNfOQXl2qjClVOTWfX4jsOMw=", + "lastModified": 1746511170, + "narHash": "sha256-/LHyhxNwop/1lyg9kclGHBpyBadLFZda4z0QOzERUKY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "61f968627eaba23f587fb9166df3fe5d50f4132c", + "rev": "5a837cb8662b841d5e3f491791aa1c389f68b25e", "type": "github" }, "original": { @@ -1623,11 +1624,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1746218904, - "narHash": "sha256-GQJFWnUbBqqcittTOrS131+OkeNki2dJTGJTdXM6bhk=", + "lastModified": 1746332785, + "narHash": "sha256-d4/WBcspAR38AMsZysrQsenF1NmZ0/9GhjD4hxvPygo=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "6f9c62dfec1570e13ab625be0441510ed299843a", + "rev": "3b57c001518aeb42511e177221f98ecf42104016", "type": "github" }, "original": { @@ -1753,11 +1754,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1745310711, - "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", "type": "github" }, "original": { @@ -2000,11 +2001,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1746383085, - "narHash": "sha256-nM5FN+zFPsBq6hOu2cdx4dV33JWNPTca7OIXdWJV9V4=", + "lastModified": 1746500889, + "narHash": "sha256-5EvTcdflXr8B/xq8zGZCeZtYqO6IAC+wwgjjmO2uRlw=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "b60de43b72d74928c7c7f7f278398932d2fed077", + "rev": "ec65696d0b30e22c24e848a8cc6afb1a43cb1353", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 311760a..7a24ac4 100644 --- a/flake.nix +++ b/flake.nix @@ -38,7 +38,9 @@ }; hy3 = { - url = "github:outfoxxed/hy3"; + # url = "github:outfoxxed/hy3"; + + url = "github:Daholli/hy3/fb2832c2d376332e612cd36a3273e793ecd6b62e"; inputs.hyprland.follows = "hyprland"; }; diff --git a/modules/nixos/services/gitea-runner/default.nix b/modules/nixos/services/gitea-runner/default.nix new file mode 100644 index 0000000..b1491be --- /dev/null +++ b/modules/nixos/services/gitea-runner/default.nix @@ -0,0 +1,182 @@ +{ + lib, + config, + namespace, + pkgs, + ... +}: +with lib.${namespace}; +let + cfg = config.${namespace}.services.gitea-runner; + inherit (lib) mkIf mkOption mkEnableOption; + inherit (lib.types) + attrsOf + package + path + submodule + str + ; +in +{ + options.${namespace}.services.gitea-runner = { + enable = mkEnableOption "Enable gitea/forgejo runner"; + git-url = mkOption { + type = str; + default = "https://git.christophhollizeck.dev"; + }; + sopsFile = mkOption { + type = path; + default = lib.snowfall.fs.get-file "secrets/secrets.yaml"; + description = "SecretFile"; + }; + runner-package = mkOption { + type = package; + default = pkgs.forgejo-actions-runner; + description = "Which runner to use Gitea/Forgjo"; + }; + ## taken from nixos/modules/services/continuous-integration/gitea-actions-runner.nix + runner-instances = mkOption { + default = { }; + description = '' + Gitea Actions Runner instances. + ''; + type = attrsOf (submodule { + options = { + enable = mkEnableOption "Gitea Actions Runner instance"; + name = mkOption { + type = str; + example = literalExpression "config.networking.hostName"; + description = '' + The name identifying the runner instance towards the Gitea/Forgejo instance. + ''; + }; + url = mkOption { + type = str; + example = "https://forge.example.com"; + description = '' + Base URL of your Gitea/Forgejo instance. + ''; + }; + tokenFile = mkOption { + type = nullOr (either str path); + default = null; + description = '' + Path to an environment file, containing the `TOKEN` environment + variable, that holds a token to register at the configured + Gitea/Forgejo instance. + ''; + }; + labels = mkOption { + type = listOf str; + example = literalExpression '' + [ + # provide a debian base with nodejs for actions + "debian-latest:docker://node:18-bullseye" + # fake the ubuntu name, because node provides no ubuntu builds + "ubuntu-latest:docker://node:18-bullseye" + # provide native execution on the host + #"native:host" + ] + ''; + description = '' + Labels used to map jobs to their runtime environment. Changing these + labels currently requires a new registration token. + + Many common actions require bash, git and nodejs, as well as a filesystem + that follows the filesystem hierarchy standard. + ''; + }; + settings = mkOption { + description = '' + Configuration for `act_runner daemon`. + See https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml for an example configuration + ''; + + type = types.submodule { + freeformType = settingsFormat.type; + }; + + default = { }; + }; + + hostPackages = mkOption { + type = listOf package; + default = with pkgs; [ + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + ]; + defaultText = literalExpression '' + with pkgs; [ + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + ] + ''; + description = '' + List of packages, that are available to actions, when the runner is configured + with a host execution label. + ''; + }; + }; + }); + }; + }; + + config = mkIf cfg.enable { + sops = { + secrets = { + "forgejo/runner/token" = { + inherit (cfg) sopsFile; + }; + }; + }; + + services.gitea-actions-runner = { + package = cfg.runner-package; + instances = { + native = { + enable = true; + name = "monolith"; + url = cfg.git-url; + tokenFile = config.sops.secrets."forgejo/runner/token".path; + labels = [ + "native:host" + ]; + hostPackages = with pkgs; [ + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + lix + ]; + settings = { + log.level = "info"; + runner = { + capacity = 1; + timeout = "3h"; + shutdown_timeout = "5s"; + fetch_timeout = "10s"; + fetch_inteval = "5s"; + }; + }; + }; + } // cfg.runner-instances; + }; + + }; +} diff --git a/modules/nixos/services/hydra/default.nix b/modules/nixos/services/hydra/default.nix new file mode 100644 index 0000000..b72696e --- /dev/null +++ b/modules/nixos/services/hydra/default.nix @@ -0,0 +1,37 @@ +{ + lib, + config, + namespace, + ... +}: +let + cfg = config.${namespace}.services.hydra; + inherit (lib) mkIf mkOption mkEnableOption; +in +{ + options.${namespace}.services.hydra = { + enable = mkEnableOption "Enable Hydra CI"; + httpPort = mkOption { + type = lib.types.int; + default = 2000; + description = "The path to host the http server on, relevant for nginx forwarding"; + }; + + enableCache = mkEnableOption "Enable cache using nix-server"; + }; + + config = mkIf cfg.enable { + services.nix-serve = mkIf cfg.enableCache { + enable = true; + secretKeyFile = "/var/cache-priv-key.pem"; + }; + + services.hydra = { + enable = true; + hydraURL = "http://localhost:${toString cfg.httpPort}"; + port = cfg.httpPort; + notificationSender = "hydra@localhost"; + useSubstitutes = true; + }; + }; +} diff --git a/systems/x86_64-linux/loptland/default.nix b/systems/x86_64-linux/loptland/default.nix index 5698701..0434742 100644 --- a/systems/x86_64-linux/loptland/default.nix +++ b/systems/x86_64-linux/loptland/default.nix @@ -35,9 +35,6 @@ in "forgejo/mail/passwordHash" = { inherit sopsFile; }; - "forgejo/runner/token" = { - inherit sopsFile; - }; }; }; @@ -55,7 +52,7 @@ in }; }; - "hydra.${domainName}" = { + "hydra.${domainName}" = mkIf config.${namespace}.services.hydra.enable { forceSSL = cfg.enableAcme; useACMEHost = mkIf cfg.enableAcme domainName; @@ -78,7 +75,7 @@ in }; }; - "nixcache.${domainName}" = { + "nixcache.${domainName}" = mkIf config.${namespace}.services.hydra.enableCache { forceSSL = cfg.enableAcme; useACMEHost = mkIf cfg.enableAcme domainName; @@ -180,60 +177,11 @@ in ]; }; - services.nix-serve = { - enable = true; - secretKeyFile = "/var/cache-priv-key.pem"; - }; - - services.hydra = { - enable = true; - hydraURL = "http://localhost:${toString hydraPort}"; - port = hydraPort; - notificationSender = "hydra@localhost"; - useSubstitutes = true; - }; - services.tailscale = { enable = true; useRoutingFeatures = "client"; }; - services.gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; - instances = { - native = { - enable = true; - name = "monolith"; - url = "https://git.${domainName}"; - tokenFile = config.sops.secrets."forgejo/runner/token".path; - labels = [ - "native:host" - ]; - hostPackages = with pkgs; [ - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget - lix - ]; - settings = { - log.level = "info"; - runner = { - capacity = 1; - timeout = "3h"; - shutdown_timeout = "5s"; - fetch_timeout = "10s"; - fetch_inteval = "5s"; - }; - }; - }; - }; - }; - networking.firewall.allowedTCPPorts = [ forgejoPort 80 @@ -251,6 +199,15 @@ in inherit sopsFile; }; openssh = enabled; + hydra = { + enable = true; + httpPort = hydraPort; + enableCache = true; + }; + gitea-runner = { + enable = true; + inherit sopsFile; + }; }; security = {