diff --git a/.forgejo/workflows/nightly-update.yaml b/.forgejo/workflows/nightly-update.yaml index 3e2a78c..19734f8 100644 --- a/.forgejo/workflows/nightly-update.yaml +++ b/.forgejo/workflows/nightly-update.yaml @@ -1,6 +1,6 @@ on: schedule: - - cron: 0 */6 * * * + - cron: 0 */4 * * * jobs: UpdateFlake: diff --git a/.gitattributes b/.gitattributes index bd5527d..33e009d 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,4 +1,4 @@ -# *.png filter=lfs diff=lfs merge=lfs -text -# *.webp filter=lfs diff=lfs merge=lfs -text -# *.jpg filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.webp filter=lfs diff=lfs merge=lfs -text +*.jpg filter=lfs diff=lfs merge=lfs -text * !text !filter !merge !diff diff --git a/flake.lock b/flake.lock index aad6c5a..0c22181 100644 --- a/flake.lock +++ b/flake.lock @@ -141,11 +141,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1746427067, - "narHash": "sha256-MlBKT0A2nK8LHDkeg3jrG2wo80C1bSGyT2tmKrc6pM0=", + "lastModified": 1746340661, + "narHash": "sha256-LTej+ruSIo15rWRXvenQ4pCeBlzXz43Ski0oJz3L0WU=", "owner": "nix-community", "repo": "fenix", - "rev": "9e7d648c1f8fdf7beb9b0b1abb3a41d0d8b5fb05", + "rev": "e9ff07bb2ae690feef5bd961258b7f70d5f0d549", "type": "github" }, "original": { @@ -515,11 +515,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1746454113, - "narHash": "sha256-pa0UR+N4UxRL5NFBc2AVOb+pVNtN+UVEsN8NnQ2UITQ=", + "lastModified": 1746366748, + "narHash": "sha256-B5ZgBuSwKJjCAzjQdyf5ZlKgS/BCEAsDwM4hOpkCTOs=", "owner": "helix-editor", "repo": "helix", - "rev": "cbac4273836f5837cec641ab21f365c79b102a4b", + "rev": "72932a391b342d101951cf3f3280498413221c80", "type": "github" }, "original": { @@ -535,11 +535,11 @@ ] }, "locked": { - "lastModified": 1746413188, - "narHash": "sha256-i6BoiQP0PasExESQHszC0reQHfO6D4aI2GzOwZMOI20=", + "lastModified": 1746369725, + "narHash": "sha256-m3ai7LLFYsymMK0uVywCceWfUhP0k3CALyFOfcJACqE=", "owner": "nix-community", "repo": "home-manager", - "rev": "8a318641ac13d3bc0a53651feaee9560f9b2d89a", + "rev": "1a1793f6d940d22c6e49753548c5b6cb7dc5545d", "type": "github" }, "original": { @@ -577,17 +577,16 @@ ] }, "locked": { - "lastModified": 1746462926, - "narHash": "sha256-qecgKwowsbJuV1H5gzSShuymf9nteuk+As6/mMxA4mk=", - "owner": "Daholli", + "lastModified": 1745993315, + "narHash": "sha256-VfpLQYa5QBMJoAg4BwIt5QHSRy3KdUc+uIxRy5oMn6I=", + "owner": "outfoxxed", "repo": "hy3", - "rev": "fb2832c2d376332e612cd36a3273e793ecd6b62e", + "rev": "74a17a83c97cf332501c7f2be64381ddb9a1c679", "type": "github" }, "original": { - "owner": "Daholli", + "owner": "outfoxxed", "repo": "hy3", - "rev": "fb2832c2d376332e612cd36a3273e793ecd6b62e", "type": "github" } }, @@ -694,11 +693,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1746496467, - "narHash": "sha256-PFmX5SvVN54LdFEBzMBIx4JEKOGP5d6nR/PcYHQhMlw=", + "lastModified": 1746394740, + "narHash": "sha256-UGCTMIAqzUegGeSZTl5ToDNJ1B3ZanoCfc2fk0Fo5bQ=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "1ce614dfc0eb8b323e603b76975842c1f2e6a553", + "rev": "9cd5b257459a6b4c5d5d4d1026df85f0ecbe5a93", "type": "github" }, "original": { @@ -724,11 +723,11 @@ ] }, "locked": { - "lastModified": 1746496640, - "narHash": "sha256-/QJ3WBWGj14Ll7d2C6pvabVZwznDk7E5XgVY1bI3VeY=", + "lastModified": 1746293931, + "narHash": "sha256-sy/iPiYNC5HT25S6BxR8CPXcu2g4j5T+5qSHkvMtDq4=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "eab6921631b4943e78859714964d2b9bf81724eb", + "rev": "fcf1c2ae6f082b90152bede1ec0d0d52d9de2cbf", "type": "github" }, "original": { @@ -898,11 +897,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1746481532, - "narHash": "sha256-45Tsu6N3STdGnOicgm5ZBfnTHH8WlsUSseKPn3VXMCs=", + "lastModified": 1746281087, + "narHash": "sha256-9amK5DEpueAD+aobmBmjbV+C16RO7lcDOdf5ucJtNvM=", "owner": "hyprwm", "repo": "hyprlock", - "rev": "fae1c4f6fe38f04ad1f3965713b9cafb139464da", + "rev": "6c64630df81b52208b210f02476f55e4db56e6cf", "type": "github" }, "original": { @@ -1070,11 +1069,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1746410227, - "narHash": "sha256-F2gKEIBfqfeQUcvMg0YD3xRnJIPyEgINR+ouTedoAtg=", + "lastModified": 1746381970, + "narHash": "sha256-jfXpTC+2sPVetdx0srQf1ggY9+GgE6n1PP8M0z+cOo0=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "3b68db5adeda4b4ac018aea0acf8ebb4941c4b15", + "rev": "46c04615dadf01102eacc975ecdaecdab5b46fe1", "type": "github" }, "original": { @@ -1090,11 +1089,11 @@ ] }, "locked": { - "lastModified": 1746437902, - "narHash": "sha256-cAYSTvh+nKl/DQDS0+MlepFRQxsAGt7bRSwvoRyNJuw=", + "lastModified": 1745836145, + "narHash": "sha256-CQ18gPSd8nHMrK2K7hqsmLedQFfefUBgIq8AHHXsPRU=", "owner": "Mic92", "repo": "nix-ld", - "rev": "3262ac5b572f0f45a97212afda927208f3a463f1", + "rev": "3a4fcea3d9a3c1366a745d23808114a67bf98c68", "type": "github" }, "original": { @@ -1105,11 +1104,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1746468201, - "narHash": "sha256-hSOSlrvMJwGr8hX/gc0mnhUf5UIClMDUAadfXlSXzfc=", + "lastModified": 1746341346, + "narHash": "sha256-WjupK5Xpc+viJlJWiyPHp/dF4aJItp1BPuFsEdv2/fI=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "6aabf68429c0a414221d1790945babfb6a0bd068", + "rev": "0833dc8bbc4ffa9cf9b0cbfccf1c5ec8632fc66e", "type": "github" }, "original": { @@ -1126,11 +1125,11 @@ ] }, "locked": { - "lastModified": 1746453552, - "narHash": "sha256-r66UGha+7KVHkI7ksrcMjnw/mm9Sg4l5bQlylxHwdGU=", + "lastModified": 1746286866, + "narHash": "sha256-oSFEsgSEcLX7kYQXH5q/xyncD3qmrGgXv22pGDPPfBY=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "be618645aa0adf461f778500172b6896d5ab2d01", + "rev": "0f4ffe22d9736192f560cb851d64106fe65b6adc", "type": "github" }, "original": { @@ -1203,11 +1202,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1746511170, - "narHash": "sha256-/LHyhxNwop/1lyg9kclGHBpyBadLFZda4z0QOzERUKY=", + "lastModified": 1746402610, + "narHash": "sha256-2e4+sE8D87m7h1nYCIkxNfOQXl2qjClVOTWfX4jsOMw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5a837cb8662b841d5e3f491791aa1c389f68b25e", + "rev": "61f968627eaba23f587fb9166df3fe5d50f4132c", "type": "github" }, "original": { @@ -1624,11 +1623,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1746332785, - "narHash": "sha256-d4/WBcspAR38AMsZysrQsenF1NmZ0/9GhjD4hxvPygo=", + "lastModified": 1746218904, + "narHash": "sha256-GQJFWnUbBqqcittTOrS131+OkeNki2dJTGJTdXM6bhk=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "3b57c001518aeb42511e177221f98ecf42104016", + "rev": "6f9c62dfec1570e13ab625be0441510ed299843a", "type": "github" }, "original": { @@ -1754,11 +1753,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1746485181, - "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "lastModified": 1745310711, + "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", "type": "github" }, "original": { @@ -2001,11 +2000,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1746500889, - "narHash": "sha256-5EvTcdflXr8B/xq8zGZCeZtYqO6IAC+wwgjjmO2uRlw=", + "lastModified": 1746383085, + "narHash": "sha256-nM5FN+zFPsBq6hOu2cdx4dV33JWNPTca7OIXdWJV9V4=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "ec65696d0b30e22c24e848a8cc6afb1a43cb1353", + "rev": "b60de43b72d74928c7c7f7f278398932d2fed077", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7a24ac4..311760a 100644 --- a/flake.nix +++ b/flake.nix @@ -38,9 +38,7 @@ }; hy3 = { - # url = "github:outfoxxed/hy3"; - - url = "github:Daholli/hy3/fb2832c2d376332e612cd36a3273e793ecd6b62e"; + url = "github:outfoxxed/hy3"; inputs.hyprland.follows = "hyprland"; }; diff --git a/modules/nixos/services/gitea-runner/default.nix b/modules/nixos/services/gitea-runner/default.nix deleted file mode 100644 index b1491be..0000000 --- a/modules/nixos/services/gitea-runner/default.nix +++ /dev/null @@ -1,182 +0,0 @@ -{ - lib, - config, - namespace, - pkgs, - ... -}: -with lib.${namespace}; -let - cfg = config.${namespace}.services.gitea-runner; - inherit (lib) mkIf mkOption mkEnableOption; - inherit (lib.types) - attrsOf - package - path - submodule - str - ; -in -{ - options.${namespace}.services.gitea-runner = { - enable = mkEnableOption "Enable gitea/forgejo runner"; - git-url = mkOption { - type = str; - default = "https://git.christophhollizeck.dev"; - }; - sopsFile = mkOption { - type = path; - default = lib.snowfall.fs.get-file "secrets/secrets.yaml"; - description = "SecretFile"; - }; - runner-package = mkOption { - type = package; - default = pkgs.forgejo-actions-runner; - description = "Which runner to use Gitea/Forgjo"; - }; - ## taken from nixos/modules/services/continuous-integration/gitea-actions-runner.nix - runner-instances = mkOption { - default = { }; - description = '' - Gitea Actions Runner instances. - ''; - type = attrsOf (submodule { - options = { - enable = mkEnableOption "Gitea Actions Runner instance"; - name = mkOption { - type = str; - example = literalExpression "config.networking.hostName"; - description = '' - The name identifying the runner instance towards the Gitea/Forgejo instance. - ''; - }; - url = mkOption { - type = str; - example = "https://forge.example.com"; - description = '' - Base URL of your Gitea/Forgejo instance. - ''; - }; - tokenFile = mkOption { - type = nullOr (either str path); - default = null; - description = '' - Path to an environment file, containing the `TOKEN` environment - variable, that holds a token to register at the configured - Gitea/Forgejo instance. - ''; - }; - labels = mkOption { - type = listOf str; - example = literalExpression '' - [ - # provide a debian base with nodejs for actions - "debian-latest:docker://node:18-bullseye" - # fake the ubuntu name, because node provides no ubuntu builds - "ubuntu-latest:docker://node:18-bullseye" - # provide native execution on the host - #"native:host" - ] - ''; - description = '' - Labels used to map jobs to their runtime environment. Changing these - labels currently requires a new registration token. - - Many common actions require bash, git and nodejs, as well as a filesystem - that follows the filesystem hierarchy standard. - ''; - }; - settings = mkOption { - description = '' - Configuration for `act_runner daemon`. - See https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml for an example configuration - ''; - - type = types.submodule { - freeformType = settingsFormat.type; - }; - - default = { }; - }; - - hostPackages = mkOption { - type = listOf package; - default = with pkgs; [ - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget - ]; - defaultText = literalExpression '' - with pkgs; [ - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget - ] - ''; - description = '' - List of packages, that are available to actions, when the runner is configured - with a host execution label. - ''; - }; - }; - }); - }; - }; - - config = mkIf cfg.enable { - sops = { - secrets = { - "forgejo/runner/token" = { - inherit (cfg) sopsFile; - }; - }; - }; - - services.gitea-actions-runner = { - package = cfg.runner-package; - instances = { - native = { - enable = true; - name = "monolith"; - url = cfg.git-url; - tokenFile = config.sops.secrets."forgejo/runner/token".path; - labels = [ - "native:host" - ]; - hostPackages = with pkgs; [ - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget - lix - ]; - settings = { - log.level = "info"; - runner = { - capacity = 1; - timeout = "3h"; - shutdown_timeout = "5s"; - fetch_timeout = "10s"; - fetch_inteval = "5s"; - }; - }; - }; - } // cfg.runner-instances; - }; - - }; -} diff --git a/modules/nixos/services/hydra/default.nix b/modules/nixos/services/hydra/default.nix deleted file mode 100644 index b72696e..0000000 --- a/modules/nixos/services/hydra/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - config, - namespace, - ... -}: -let - cfg = config.${namespace}.services.hydra; - inherit (lib) mkIf mkOption mkEnableOption; -in -{ - options.${namespace}.services.hydra = { - enable = mkEnableOption "Enable Hydra CI"; - httpPort = mkOption { - type = lib.types.int; - default = 2000; - description = "The path to host the http server on, relevant for nginx forwarding"; - }; - - enableCache = mkEnableOption "Enable cache using nix-server"; - }; - - config = mkIf cfg.enable { - services.nix-serve = mkIf cfg.enableCache { - enable = true; - secretKeyFile = "/var/cache-priv-key.pem"; - }; - - services.hydra = { - enable = true; - hydraURL = "http://localhost:${toString cfg.httpPort}"; - port = cfg.httpPort; - notificationSender = "hydra@localhost"; - useSubstitutes = true; - }; - }; -} diff --git a/systems/x86_64-linux/loptland/default.nix b/systems/x86_64-linux/loptland/default.nix index 0434742..5698701 100644 --- a/systems/x86_64-linux/loptland/default.nix +++ b/systems/x86_64-linux/loptland/default.nix @@ -35,6 +35,9 @@ in "forgejo/mail/passwordHash" = { inherit sopsFile; }; + "forgejo/runner/token" = { + inherit sopsFile; + }; }; }; @@ -52,7 +55,7 @@ in }; }; - "hydra.${domainName}" = mkIf config.${namespace}.services.hydra.enable { + "hydra.${domainName}" = { forceSSL = cfg.enableAcme; useACMEHost = mkIf cfg.enableAcme domainName; @@ -75,7 +78,7 @@ in }; }; - "nixcache.${domainName}" = mkIf config.${namespace}.services.hydra.enableCache { + "nixcache.${domainName}" = { forceSSL = cfg.enableAcme; useACMEHost = mkIf cfg.enableAcme domainName; @@ -177,11 +180,60 @@ in ]; }; + services.nix-serve = { + enable = true; + secretKeyFile = "/var/cache-priv-key.pem"; + }; + + services.hydra = { + enable = true; + hydraURL = "http://localhost:${toString hydraPort}"; + port = hydraPort; + notificationSender = "hydra@localhost"; + useSubstitutes = true; + }; + services.tailscale = { enable = true; useRoutingFeatures = "client"; }; + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances = { + native = { + enable = true; + name = "monolith"; + url = "https://git.${domainName}"; + tokenFile = config.sops.secrets."forgejo/runner/token".path; + labels = [ + "native:host" + ]; + hostPackages = with pkgs; [ + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + lix + ]; + settings = { + log.level = "info"; + runner = { + capacity = 1; + timeout = "3h"; + shutdown_timeout = "5s"; + fetch_timeout = "10s"; + fetch_inteval = "5s"; + }; + }; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ forgejoPort 80 @@ -199,15 +251,6 @@ in inherit sopsFile; }; openssh = enabled; - hydra = { - enable = true; - httpPort = hydraPort; - enableCache = true; - }; - gitea-runner = { - enable = true; - inherit sopsFile; - }; }; security = {