Daholli/nixos-config
1
0
Fork 0
Code Issues 3 Pull requests 1 Releases Packages Activity Actions

Compare commits

base: Daholli:d78279735a4d811e73e94bb33f5b8ad1567fda00
Branches Tags
Daholli:main
Daholli:main-merge
Daholli:rewrite
..
compare: Daholli:cb0067b4773fcf1f87e140893da0b2f757ca4c76
Branches Tags
Daholli:main-merge
Daholli:rewrite
Daholli:main

No commits in common. "d78279735a4d811e73e94bb33f5b8ad1567fda00" and "cb0067b4773fcf1f87e140893da0b2f757ca4c76" have entirely different histories.
d78279735a ... cb0067b477

7 changed files with 106 additions and 285 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.forgejo/workflows/nightly-update.yaml
View file

@ -1,6 +1,6 @@
on: on:
schedule: schedule:
- cron: 0 */6 * * * - cron: 0 */4 * * *
jobs: jobs:
UpdateFlake: UpdateFlake:

6
.gitattributes vendored
View file

@ -1,4 +1,4 @@
# *.png filter=lfs diff=lfs merge=lfs -text *.png filter=lfs diff=lfs merge=lfs -text
# *.webp filter=lfs diff=lfs merge=lfs -text *.webp filter=lfs diff=lfs merge=lfs -text
# *.jpg filter=lfs diff=lfs merge=lfs -text *.jpg filter=lfs diff=lfs merge=lfs -text
* !text !filter !merge !diff * !text !filter !merge !diff

95
flake.lock generated
View file

@ -141,11 +141,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1746427067, "lastModified": 1746340661,
"narHash": "sha256-MlBKT0A2nK8LHDkeg3jrG2wo80C1bSGyT2tmKrc6pM0=", "narHash": "sha256-LTej+ruSIo15rWRXvenQ4pCeBlzXz43Ski0oJz3L0WU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "9e7d648c1f8fdf7beb9b0b1abb3a41d0d8b5fb05", "rev": "e9ff07bb2ae690feef5bd961258b7f70d5f0d549",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -515,11 +515,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1746454113, "lastModified": 1746366748,
"narHash": "sha256-pa0UR+N4UxRL5NFBc2AVOb+pVNtN+UVEsN8NnQ2UITQ=", "narHash": "sha256-B5ZgBuSwKJjCAzjQdyf5ZlKgS/BCEAsDwM4hOpkCTOs=",
"owner": "helix-editor", "owner": "helix-editor",
"repo": "helix", "repo": "helix",
"rev": "cbac4273836f5837cec641ab21f365c79b102a4b", "rev": "72932a391b342d101951cf3f3280498413221c80",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -535,11 +535,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1746413188, "lastModified": 1746369725,
"narHash": "sha256-i6BoiQP0PasExESQHszC0reQHfO6D4aI2GzOwZMOI20=", "narHash": "sha256-m3ai7LLFYsymMK0uVywCceWfUhP0k3CALyFOfcJACqE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8a318641ac13d3bc0a53651feaee9560f9b2d89a", "rev": "1a1793f6d940d22c6e49753548c5b6cb7dc5545d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -577,17 +577,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1746462926, "lastModified": 1745993315,
"narHash": "sha256-qecgKwowsbJuV1H5gzSShuymf9nteuk+As6/mMxA4mk=", "narHash": "sha256-VfpLQYa5QBMJoAg4BwIt5QHSRy3KdUc+uIxRy5oMn6I=",
"owner": "Daholli", "owner": "outfoxxed",
"repo": "hy3", "repo": "hy3",
"rev": "fb2832c2d376332e612cd36a3273e793ecd6b62e", "rev": "74a17a83c97cf332501c7f2be64381ddb9a1c679",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Daholli", "owner": "outfoxxed",
"repo": "hy3", "repo": "hy3",
"rev": "fb2832c2d376332e612cd36a3273e793ecd6b62e",
"type": "github" "type": "github"
} }
}, },
@ -694,11 +693,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1746496467, "lastModified": 1746394740,
"narHash": "sha256-PFmX5SvVN54LdFEBzMBIx4JEKOGP5d6nR/PcYHQhMlw=", "narHash": "sha256-UGCTMIAqzUegGeSZTl5ToDNJ1B3ZanoCfc2fk0Fo5bQ=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "1ce614dfc0eb8b323e603b76975842c1f2e6a553", "rev": "9cd5b257459a6b4c5d5d4d1026df85f0ecbe5a93",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -724,11 +723,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1746496640, "lastModified": 1746293931,
"narHash": "sha256-/QJ3WBWGj14Ll7d2C6pvabVZwznDk7E5XgVY1bI3VeY=", "narHash": "sha256-sy/iPiYNC5HT25S6BxR8CPXcu2g4j5T+5qSHkvMtDq4=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-plugins", "repo": "hyprland-plugins",
"rev": "eab6921631b4943e78859714964d2b9bf81724eb", "rev": "fcf1c2ae6f082b90152bede1ec0d0d52d9de2cbf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -898,11 +897,11 @@
"systems": "systems_3" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1746481532, "lastModified": 1746281087,
"narHash": "sha256-45Tsu6N3STdGnOicgm5ZBfnTHH8WlsUSseKPn3VXMCs=", "narHash": "sha256-9amK5DEpueAD+aobmBmjbV+C16RO7lcDOdf5ucJtNvM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlock", "repo": "hyprlock",
"rev": "fae1c4f6fe38f04ad1f3965713b9cafb139464da", "rev": "6c64630df81b52208b210f02476f55e4db56e6cf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1070,11 +1069,11 @@
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1746410227, "lastModified": 1746381970,
"narHash": "sha256-F2gKEIBfqfeQUcvMg0YD3xRnJIPyEgINR+ouTedoAtg=", "narHash": "sha256-jfXpTC+2sPVetdx0srQf1ggY9+GgE6n1PP8M0z+cOo0=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "3b68db5adeda4b4ac018aea0acf8ebb4941c4b15", "rev": "46c04615dadf01102eacc975ecdaecdab5b46fe1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1090,11 +1089,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1746437902, "lastModified": 1745836145,
"narHash": "sha256-cAYSTvh+nKl/DQDS0+MlepFRQxsAGt7bRSwvoRyNJuw=", "narHash": "sha256-CQ18gPSd8nHMrK2K7hqsmLedQFfefUBgIq8AHHXsPRU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-ld", "repo": "nix-ld",
"rev": "3262ac5b572f0f45a97212afda927208f3a463f1", "rev": "3a4fcea3d9a3c1366a745d23808114a67bf98c68",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1105,11 +1104,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1746468201, "lastModified": 1746341346,
"narHash": "sha256-hSOSlrvMJwGr8hX/gc0mnhUf5UIClMDUAadfXlSXzfc=", "narHash": "sha256-WjupK5Xpc+viJlJWiyPHp/dF4aJItp1BPuFsEdv2/fI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "6aabf68429c0a414221d1790945babfb6a0bd068", "rev": "0833dc8bbc4ffa9cf9b0cbfccf1c5ec8632fc66e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1126,11 +1125,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1746453552, "lastModified": 1746286866,
"narHash": "sha256-r66UGha+7KVHkI7ksrcMjnw/mm9Sg4l5bQlylxHwdGU=", "narHash": "sha256-oSFEsgSEcLX7kYQXH5q/xyncD3qmrGgXv22pGDPPfBY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "be618645aa0adf461f778500172b6896d5ab2d01", "rev": "0f4ffe22d9736192f560cb851d64106fe65b6adc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1203,11 +1202,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1746511170, "lastModified": 1746402610,
"narHash": "sha256-/LHyhxNwop/1lyg9kclGHBpyBadLFZda4z0QOzERUKY=", "narHash": "sha256-2e4+sE8D87m7h1nYCIkxNfOQXl2qjClVOTWfX4jsOMw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5a837cb8662b841d5e3f491791aa1c389f68b25e", "rev": "61f968627eaba23f587fb9166df3fe5d50f4132c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1624,11 +1623,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1746332785, "lastModified": 1746218904,
"narHash": "sha256-d4/WBcspAR38AMsZysrQsenF1NmZ0/9GhjD4hxvPygo=", "narHash": "sha256-GQJFWnUbBqqcittTOrS131+OkeNki2dJTGJTdXM6bhk=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "3b57c001518aeb42511e177221f98ecf42104016", "rev": "6f9c62dfec1570e13ab625be0441510ed299843a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1754,11 +1753,11 @@
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1746485181, "lastModified": 1745310711,
"narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "e93ee1d900ad264d65e9701a5c6f895683433386", "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2001,11 +2000,11 @@
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1746500889, "lastModified": 1746383085,
"narHash": "sha256-5EvTcdflXr8B/xq8zGZCeZtYqO6IAC+wwgjjmO2uRlw=", "narHash": "sha256-nM5FN+zFPsBq6hOu2cdx4dV33JWNPTca7OIXdWJV9V4=",
"owner": "0xc000022070", "owner": "0xc000022070",
"repo": "zen-browser-flake", "repo": "zen-browser-flake",
"rev": "ec65696d0b30e22c24e848a8cc6afb1a43cb1353", "rev": "b60de43b72d74928c7c7f7f278398932d2fed077",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View file

@ -38,9 +38,7 @@
}; };
hy3 = { hy3 = {
# url = "github:outfoxxed/hy3"; url = "github:outfoxxed/hy3";
url = "github:Daholli/hy3/fb2832c2d376332e612cd36a3273e793ecd6b62e";
inputs.hyprland.follows = "hyprland"; inputs.hyprland.follows = "hyprland";
}; };

182
modules/nixos/services/gitea-runner/default.nix
View file

@ -1,182 +0,0 @@
{
lib,
config,
namespace,
pkgs,
...
}:
with lib.${namespace};
let
cfg = config.${namespace}.services.gitea-runner;
inherit (lib) mkIf mkOption mkEnableOption;
inherit (lib.types)
attrsOf
package
path
submodule
str
;
in
{
options.${namespace}.services.gitea-runner = {
enable = mkEnableOption "Enable gitea/forgejo runner";
git-url = mkOption {
type = str;
default = "https://git.christophhollizeck.dev";
};
sopsFile = mkOption {
type = path;
default = lib.snowfall.fs.get-file "secrets/secrets.yaml";
description = "SecretFile";
};
runner-package = mkOption {
type = package;
default = pkgs.forgejo-actions-runner;
description = "Which runner to use Gitea/Forgjo";
};
## taken from nixos/modules/services/continuous-integration/gitea-actions-runner.nix
runner-instances = mkOption {
default = { };
description = ''
Gitea Actions Runner instances.
'';
type = attrsOf (submodule {
options = {
enable = mkEnableOption "Gitea Actions Runner instance";
name = mkOption {
type = str;
example = literalExpression "config.networking.hostName";
description = ''
The name identifying the runner instance towards the Gitea/Forgejo instance.
'';
};
url = mkOption {
type = str;
example = "https://forge.example.com";
description = ''
Base URL of your Gitea/Forgejo instance.
'';
};
tokenFile = mkOption {
type = nullOr (either str path);
default = null;
description = ''
Path to an environment file, containing the `TOKEN` environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
'';
};
labels = mkOption {
type = listOf str;
example = literalExpression ''
[
# provide a debian base with nodejs for actions
"debian-latest:docker://node:18-bullseye"
# fake the ubuntu name, because node provides no ubuntu builds
"ubuntu-latest:docker://node:18-bullseye"
# provide native execution on the host
#"native:host"
]
'';
description = ''
Labels used to map jobs to their runtime environment. Changing these
labels currently requires a new registration token.
Many common actions require bash, git and nodejs, as well as a filesystem
that follows the filesystem hierarchy standard.
'';
};
settings = mkOption {
description = ''
Configuration for `act_runner daemon`.
See https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml for an example configuration
'';
type = types.submodule {
freeformType = settingsFormat.type;
};
default = { };
};
hostPackages = mkOption {
type = listOf package;
default = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
defaultText = literalExpression ''
with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
]
'';
description = ''
List of packages, that are available to actions, when the runner is configured
with a host execution label.
'';
};
};
});
};
};
config = mkIf cfg.enable {
sops = {
secrets = {
"forgejo/runner/token" = {
inherit (cfg) sopsFile;
};
};
};
services.gitea-actions-runner = {
package = cfg.runner-package;
instances = {
native = {
enable = true;
name = "monolith";
url = cfg.git-url;
tokenFile = config.sops.secrets."forgejo/runner/token".path;
labels = [
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
lix
];
settings = {
log.level = "info";
runner = {
capacity = 1;
timeout = "3h";
shutdown_timeout = "5s";
fetch_timeout = "10s";
fetch_inteval = "5s";
};
};
};
} // cfg.runner-instances;
};
};
}

37
modules/nixos/services/hydra/default.nix
View file

@ -1,37 +0,0 @@
{
lib,
config,
namespace,
...
}:
let
cfg = config.${namespace}.services.hydra;
inherit (lib) mkIf mkOption mkEnableOption;
in
{
options.${namespace}.services.hydra = {
enable = mkEnableOption "Enable Hydra CI";
httpPort = mkOption {
type = lib.types.int;
default = 2000;
description = "The path to host the http server on, relevant for nginx forwarding";
};
enableCache = mkEnableOption "Enable cache using nix-server";
};
config = mkIf cfg.enable {
services.nix-serve = mkIf cfg.enableCache {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
services.hydra = {
enable = true;
hydraURL = "http://localhost:${toString cfg.httpPort}";
port = cfg.httpPort;
notificationSender = "hydra@localhost";
useSubstitutes = true;
};
};
}

65
systems/x86_64-linux/loptland/default.nix
View file

@ -35,6 +35,9 @@ in
"forgejo/mail/passwordHash" = { "forgejo/mail/passwordHash" = {
inherit sopsFile; inherit sopsFile;
}; };
"forgejo/runner/token" = {
inherit sopsFile;
};
}; };
}; };
@ -52,7 +55,7 @@ in
}; };
}; };
"hydra.${domainName}" = mkIf config.${namespace}.services.hydra.enable { "hydra.${domainName}" = {
forceSSL = cfg.enableAcme; forceSSL = cfg.enableAcme;
useACMEHost = mkIf cfg.enableAcme domainName; useACMEHost = mkIf cfg.enableAcme domainName;
@ -75,7 +78,7 @@ in
}; };
}; };
"nixcache.${domainName}" = mkIf config.${namespace}.services.hydra.enableCache { "nixcache.${domainName}" = {
forceSSL = cfg.enableAcme; forceSSL = cfg.enableAcme;
useACMEHost = mkIf cfg.enableAcme domainName; useACMEHost = mkIf cfg.enableAcme domainName;
@ -177,11 +180,60 @@ in
]; ];
}; };
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
services.hydra = {
enable = true;
hydraURL = "http://localhost:${toString hydraPort}";
port = hydraPort;
notificationSender = "hydra@localhost";
useSubstitutes = true;
};
services.tailscale = { services.tailscale = {
enable = true; enable = true;
useRoutingFeatures = "client"; useRoutingFeatures = "client";
}; };
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances = {
native = {
enable = true;
name = "monolith";
url = "https://git.${domainName}";
tokenFile = config.sops.secrets."forgejo/runner/token".path;
labels = [
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
lix
];
settings = {
log.level = "info";
runner = {
capacity = 1;
timeout = "3h";
shutdown_timeout = "5s";
fetch_timeout = "10s";
fetch_inteval = "5s";
};
};
};
};
};
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
forgejoPort forgejoPort
80 80
@ -199,15 +251,6 @@ in
inherit sopsFile; inherit sopsFile;
}; };
openssh = enabled; openssh = enabled;
hydra = {
enable = true;
httpPort = hydraPort;
enableCache = true;
};
gitea-runner = {
enable = true;
inherit sopsFile;
};
}; };
security = { security = {