hydra: disable lfs until NixOs/hydra#1355 or similar is merged

.forgejo/workflows/nightly-update.yaml

@@ -1,6 +1,6 @@
 on: 
   schedule:
-    - cron: 0 */4 * * *
+    - cron: 0 */6 * * *
   
 jobs:
   UpdateFlake:

.gitattributes

@@ -1,4 +1,4 @@
-*.png filter=lfs diff=lfs merge=lfs -text
-*.webp filter=lfs diff=lfs merge=lfs -text
-*.jpg filter=lfs diff=lfs merge=lfs -text
+# *.png filter=lfs diff=lfs merge=lfs -text
+# *.webp filter=lfs diff=lfs merge=lfs -text
+# *.jpg filter=lfs diff=lfs merge=lfs -text
 * !text !filter !merge !diff

flake.lock

@@ -141,11 +141,11 @@
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1746340661,
-        "narHash": "sha256-LTej+ruSIo15rWRXvenQ4pCeBlzXz43Ski0oJz3L0WU=",
+        "lastModified": 1746427067,
+        "narHash": "sha256-MlBKT0A2nK8LHDkeg3jrG2wo80C1bSGyT2tmKrc6pM0=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "e9ff07bb2ae690feef5bd961258b7f70d5f0d549",
+        "rev": "9e7d648c1f8fdf7beb9b0b1abb3a41d0d8b5fb05",
         "type": "github"
       },
       "original": {
@@ -515,11 +515,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1746366748,
-        "narHash": "sha256-B5ZgBuSwKJjCAzjQdyf5ZlKgS/BCEAsDwM4hOpkCTOs=",
+        "lastModified": 1746454113,
+        "narHash": "sha256-pa0UR+N4UxRL5NFBc2AVOb+pVNtN+UVEsN8NnQ2UITQ=",
         "owner": "helix-editor",
         "repo": "helix",
-        "rev": "72932a391b342d101951cf3f3280498413221c80",
+        "rev": "cbac4273836f5837cec641ab21f365c79b102a4b",
         "type": "github"
       },
       "original": {
@@ -535,11 +535,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746369725,
-        "narHash": "sha256-m3ai7LLFYsymMK0uVywCceWfUhP0k3CALyFOfcJACqE=",
+        "lastModified": 1746413188,
+        "narHash": "sha256-i6BoiQP0PasExESQHszC0reQHfO6D4aI2GzOwZMOI20=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1a1793f6d940d22c6e49753548c5b6cb7dc5545d",
+        "rev": "8a318641ac13d3bc0a53651feaee9560f9b2d89a",
         "type": "github"
       },
       "original": {
@@ -577,16 +577,17 @@
         ]
       },
       "locked": {
-        "lastModified": 1745993315,
-        "narHash": "sha256-VfpLQYa5QBMJoAg4BwIt5QHSRy3KdUc+uIxRy5oMn6I=",
-        "owner": "outfoxxed",
+        "lastModified": 1746462926,
+        "narHash": "sha256-qecgKwowsbJuV1H5gzSShuymf9nteuk+As6/mMxA4mk=",
+        "owner": "Daholli",
         "repo": "hy3",
-        "rev": "74a17a83c97cf332501c7f2be64381ddb9a1c679",
+        "rev": "fb2832c2d376332e612cd36a3273e793ecd6b62e",
         "type": "github"
       },
       "original": {
-        "owner": "outfoxxed",
+        "owner": "Daholli",
         "repo": "hy3",
+        "rev": "fb2832c2d376332e612cd36a3273e793ecd6b62e",
         "type": "github"
       }
     },
@@ -693,11 +694,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1746394740,
-        "narHash": "sha256-UGCTMIAqzUegGeSZTl5ToDNJ1B3ZanoCfc2fk0Fo5bQ=",
+        "lastModified": 1746496467,
+        "narHash": "sha256-PFmX5SvVN54LdFEBzMBIx4JEKOGP5d6nR/PcYHQhMlw=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "9cd5b257459a6b4c5d5d4d1026df85f0ecbe5a93",
+        "rev": "1ce614dfc0eb8b323e603b76975842c1f2e6a553",
         "type": "github"
       },
       "original": {
@@ -723,11 +724,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746293931,
-        "narHash": "sha256-sy/iPiYNC5HT25S6BxR8CPXcu2g4j5T+5qSHkvMtDq4=",
+        "lastModified": 1746496640,
+        "narHash": "sha256-/QJ3WBWGj14Ll7d2C6pvabVZwznDk7E5XgVY1bI3VeY=",
         "owner": "hyprwm",
         "repo": "hyprland-plugins",
-        "rev": "fcf1c2ae6f082b90152bede1ec0d0d52d9de2cbf",
+        "rev": "eab6921631b4943e78859714964d2b9bf81724eb",
         "type": "github"
       },
       "original": {
@@ -897,11 +898,11 @@
         "systems": "systems_3"
       },
       "locked": {
-        "lastModified": 1746281087,
-        "narHash": "sha256-9amK5DEpueAD+aobmBmjbV+C16RO7lcDOdf5ucJtNvM=",
+        "lastModified": 1746481532,
+        "narHash": "sha256-45Tsu6N3STdGnOicgm5ZBfnTHH8WlsUSseKPn3VXMCs=",
         "owner": "hyprwm",
         "repo": "hyprlock",
-        "rev": "6c64630df81b52208b210f02476f55e4db56e6cf",
+        "rev": "fae1c4f6fe38f04ad1f3965713b9cafb139464da",
         "type": "github"
       },
       "original": {
@@ -1069,11 +1070,11 @@
         "nixpkgs": "nixpkgs_5"
       },
       "locked": {
-        "lastModified": 1746381970,
-        "narHash": "sha256-jfXpTC+2sPVetdx0srQf1ggY9+GgE6n1PP8M0z+cOo0=",
+        "lastModified": 1746410227,
+        "narHash": "sha256-F2gKEIBfqfeQUcvMg0YD3xRnJIPyEgINR+ouTedoAtg=",
         "owner": "fufexan",
         "repo": "nix-gaming",
-        "rev": "46c04615dadf01102eacc975ecdaecdab5b46fe1",
+        "rev": "3b68db5adeda4b4ac018aea0acf8ebb4941c4b15",
         "type": "github"
       },
       "original": {
@@ -1089,11 +1090,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745836145,
-        "narHash": "sha256-CQ18gPSd8nHMrK2K7hqsmLedQFfefUBgIq8AHHXsPRU=",
+        "lastModified": 1746437902,
+        "narHash": "sha256-cAYSTvh+nKl/DQDS0+MlepFRQxsAGt7bRSwvoRyNJuw=",
         "owner": "Mic92",
         "repo": "nix-ld",
-        "rev": "3a4fcea3d9a3c1366a745d23808114a67bf98c68",
+        "rev": "3262ac5b572f0f45a97212afda927208f3a463f1",
         "type": "github"
       },
       "original": {
@@ -1104,11 +1105,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1746341346,
-        "narHash": "sha256-WjupK5Xpc+viJlJWiyPHp/dF4aJItp1BPuFsEdv2/fI=",
+        "lastModified": 1746468201,
+        "narHash": "sha256-hSOSlrvMJwGr8hX/gc0mnhUf5UIClMDUAadfXlSXzfc=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "0833dc8bbc4ffa9cf9b0cbfccf1c5ec8632fc66e",
+        "rev": "6aabf68429c0a414221d1790945babfb6a0bd068",
         "type": "github"
       },
       "original": {
@@ -1125,11 +1126,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746286866,
-        "narHash": "sha256-oSFEsgSEcLX7kYQXH5q/xyncD3qmrGgXv22pGDPPfBY=",
+        "lastModified": 1746453552,
+        "narHash": "sha256-r66UGha+7KVHkI7ksrcMjnw/mm9Sg4l5bQlylxHwdGU=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "0f4ffe22d9736192f560cb851d64106fe65b6adc",
+        "rev": "be618645aa0adf461f778500172b6896d5ab2d01",
         "type": "github"
       },
       "original": {
@@ -1202,11 +1203,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1746402610,
-        "narHash": "sha256-2e4+sE8D87m7h1nYCIkxNfOQXl2qjClVOTWfX4jsOMw=",
+        "lastModified": 1746511170,
+        "narHash": "sha256-/LHyhxNwop/1lyg9kclGHBpyBadLFZda4z0QOzERUKY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "61f968627eaba23f587fb9166df3fe5d50f4132c",
+        "rev": "5a837cb8662b841d5e3f491791aa1c389f68b25e",
         "type": "github"
       },
       "original": {
@@ -1623,11 +1624,11 @@
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1746218904,
-        "narHash": "sha256-GQJFWnUbBqqcittTOrS131+OkeNki2dJTGJTdXM6bhk=",
+        "lastModified": 1746332785,
+        "narHash": "sha256-d4/WBcspAR38AMsZysrQsenF1NmZ0/9GhjD4hxvPygo=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "6f9c62dfec1570e13ab625be0441510ed299843a",
+        "rev": "3b57c001518aeb42511e177221f98ecf42104016",
         "type": "github"
       },
       "original": {
@@ -1753,11 +1754,11 @@
         "nixpkgs": "nixpkgs_8"
       },
       "locked": {
-        "lastModified": 1745310711,
-        "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
+        "lastModified": 1746485181,
+        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
+        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
         "type": "github"
       },
       "original": {
@@ -2000,11 +2001,11 @@
         "nixpkgs": "nixpkgs_9"
       },
       "locked": {
-        "lastModified": 1746383085,
-        "narHash": "sha256-nM5FN+zFPsBq6hOu2cdx4dV33JWNPTca7OIXdWJV9V4=",
+        "lastModified": 1746500889,
+        "narHash": "sha256-5EvTcdflXr8B/xq8zGZCeZtYqO6IAC+wwgjjmO2uRlw=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "b60de43b72d74928c7c7f7f278398932d2fed077",
+        "rev": "ec65696d0b30e22c24e848a8cc6afb1a43cb1353",
         "type": "github"
       },
       "original": {

flake.nix

@@ -38,7 +38,9 @@
     };
 
     hy3 = {
-      url = "github:outfoxxed/hy3";
+      # url = "github:outfoxxed/hy3";
+
+      url = "github:Daholli/hy3/fb2832c2d376332e612cd36a3273e793ecd6b62e";
       inputs.hyprland.follows = "hyprland";
     };
 

modules/nixos/services/gitea-runner/default.nix

@@ -0,0 +1,182 @@
+{
+  lib,
+  config,
+  namespace,
+  pkgs,
+  ...
+}:
+with lib.${namespace};
+let
+  cfg = config.${namespace}.services.gitea-runner;
+  inherit (lib) mkIf mkOption mkEnableOption;
+  inherit (lib.types)
+    attrsOf
+    package
+    path
+    submodule
+    str
+    ;
+in
+{
+  options.${namespace}.services.gitea-runner = {
+    enable = mkEnableOption "Enable gitea/forgejo runner";
+    git-url = mkOption {
+      type = str;
+      default = "https://git.christophhollizeck.dev";
+    };
+    sopsFile = mkOption {
+      type = path;
+      default = lib.snowfall.fs.get-file "secrets/secrets.yaml";
+      description = "SecretFile";
+    };
+    runner-package = mkOption {
+      type = package;
+      default = pkgs.forgejo-actions-runner;
+      description = "Which runner to use Gitea/Forgjo";
+    };
+    ## taken from nixos/modules/services/continuous-integration/gitea-actions-runner.nix
+    runner-instances = mkOption {
+      default = { };
+      description = ''
+        Gitea Actions Runner instances.
+      '';
+      type = attrsOf (submodule {
+        options = {
+          enable = mkEnableOption "Gitea Actions Runner instance";
+          name = mkOption {
+            type = str;
+            example = literalExpression "config.networking.hostName";
+            description = ''
+              The name identifying the runner instance towards the Gitea/Forgejo instance.
+            '';
+          };
+          url = mkOption {
+            type = str;
+            example = "https://forge.example.com";
+            description = ''
+              Base URL of your Gitea/Forgejo instance.
+            '';
+          };
+          tokenFile = mkOption {
+            type = nullOr (either str path);
+            default = null;
+            description = ''
+              Path to an environment file, containing the `TOKEN` environment
+              variable, that holds a token to register at the configured
+              Gitea/Forgejo instance.
+            '';
+          };
+          labels = mkOption {
+            type = listOf str;
+            example = literalExpression ''
+              [
+                # provide a debian base with nodejs for actions
+                "debian-latest:docker://node:18-bullseye"
+                # fake the ubuntu name, because node provides no ubuntu builds
+                "ubuntu-latest:docker://node:18-bullseye"
+                # provide native execution on the host
+                #"native:host"
+              ]
+            '';
+            description = ''
+              Labels used to map jobs to their runtime environment. Changing these
+              labels currently requires a new registration token.
+
+              Many common actions require bash, git and nodejs, as well as a filesystem
+              that follows the filesystem hierarchy standard.
+            '';
+          };
+          settings = mkOption {
+            description = ''
+              Configuration for `act_runner daemon`.
+              See https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml for an example configuration
+            '';
+
+            type = types.submodule {
+              freeformType = settingsFormat.type;
+            };
+
+            default = { };
+          };
+
+          hostPackages = mkOption {
+            type = listOf package;
+            default = with pkgs; [
+              bash
+              coreutils
+              curl
+              gawk
+              gitMinimal
+              gnused
+              nodejs
+              wget
+            ];
+            defaultText = literalExpression ''
+              with pkgs; [
+                bash
+                coreutils
+                curl
+                gawk
+                gitMinimal
+                gnused
+                nodejs
+                wget
+              ]
+            '';
+            description = ''
+              List of packages, that are available to actions, when the runner is configured
+              with a host execution label.
+            '';
+          };
+        };
+      });
+    };
+  };
+
+  config = mkIf cfg.enable {
+    sops = {
+      secrets = {
+        "forgejo/runner/token" = {
+          inherit (cfg) sopsFile;
+        };
+      };
+    };
+
+    services.gitea-actions-runner = {
+      package = cfg.runner-package;
+      instances = {
+        native = {
+          enable = true;
+          name = "monolith";
+          url = cfg.git-url;
+          tokenFile = config.sops.secrets."forgejo/runner/token".path;
+          labels = [
+            "native:host"
+          ];
+          hostPackages = with pkgs; [
+            bash
+            coreutils
+            curl
+            gawk
+            gitMinimal
+            gnused
+            nodejs
+            wget
+            lix
+          ];
+          settings = {
+            log.level = "info";
+            runner = {
+              capacity = 1;
+              timeout = "3h";
+              shutdown_timeout = "5s";
+              fetch_timeout = "10s";
+              fetch_inteval = "5s";
+            };
+          };
+        };
+      } // cfg.runner-instances;
+    };
+
+  };
+}

modules/nixos/services/hydra/default.nix

@@ -0,0 +1,37 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+let
+  cfg = config.${namespace}.services.hydra;
+  inherit (lib) mkIf mkOption mkEnableOption;
+in
+{
+  options.${namespace}.services.hydra = {
+    enable = mkEnableOption "Enable Hydra CI";
+    httpPort = mkOption {
+      type = lib.types.int;
+      default = 2000;
+      description = "The path to host the http server on, relevant for nginx forwarding";
+    };
+
+    enableCache = mkEnableOption "Enable cache using nix-server";
+  };
+
+  config = mkIf cfg.enable {
+    services.nix-serve = mkIf cfg.enableCache {
+      enable = true;
+      secretKeyFile = "/var/cache-priv-key.pem";
+    };
+
+    services.hydra = {
+      enable = true;
+      hydraURL = "http://localhost:${toString cfg.httpPort}";
+      port = cfg.httpPort;
+      notificationSender = "hydra@localhost";
+      useSubstitutes = true;
+    };
+  };
+}

systems/x86_64-linux/loptland/default.nix

@@ -35,9 +35,6 @@ in
       "forgejo/mail/passwordHash" = {
         inherit sopsFile;
       };
-      "forgejo/runner/token" = {
-        inherit sopsFile;
-      };
     };
   };
 
@@ -55,7 +52,7 @@ in
         };
       };
 
-      "hydra.${domainName}" = {
+      "hydra.${domainName}" = mkIf config.${namespace}.services.hydra.enable {
         forceSSL = cfg.enableAcme;
         useACMEHost = mkIf cfg.enableAcme domainName;
 
@@ -78,7 +75,7 @@ in
         };
       };
 
-      "nixcache.${domainName}" = {
+      "nixcache.${domainName}" = mkIf config.${namespace}.services.hydra.enableCache {
         forceSSL = cfg.enableAcme;
         useACMEHost = mkIf cfg.enableAcme domainName;
 
@@ -180,60 +177,11 @@ in
     ];
   };
 
-  services.nix-serve = {
-    enable = true;
-    secretKeyFile = "/var/cache-priv-key.pem";
-  };
-
-  services.hydra = {
-    enable = true;
-    hydraURL = "http://localhost:${toString hydraPort}";
-    port = hydraPort;
-    notificationSender = "hydra@localhost";
-    useSubstitutes = true;
-  };
-
   services.tailscale = {
     enable = true;
     useRoutingFeatures = "client";
   };
 
-  services.gitea-actions-runner = {
-    package = pkgs.forgejo-actions-runner;
-    instances = {
-      native = {
-        enable = true;
-        name = "monolith";
-        url = "https://git.${domainName}";
-        tokenFile = config.sops.secrets."forgejo/runner/token".path;
-        labels = [
-          "native:host"
-        ];
-        hostPackages = with pkgs; [
-          bash
-          coreutils
-          curl
-          gawk
-          gitMinimal
-          gnused
-          nodejs
-          wget
-          lix
-        ];
-        settings = {
-          log.level = "info";
-          runner = {
-            capacity = 1;
-            timeout = "3h";
-            shutdown_timeout = "5s";
-            fetch_timeout = "10s";
-            fetch_inteval = "5s";
-          };
-        };
-      };
-    };
-  };
-
   networking.firewall.allowedTCPPorts = [
     forgejoPort
     80
@@ -251,6 +199,15 @@ in
         inherit sopsFile;
       };
       openssh = enabled;
+      hydra = {
+        enable = true;
+        httpPort = hydraPort;
+        enableCache = true;
+      };
+      gitea-runner = {
+        enable = true;
+        inherit sopsFile;
+      };
     };
 
     security = {