wip

.forgejo/workflows/nix_build.yaml

@@ -1,7 +1,11 @@
 name: Build all NixOS Configurations
 
 on:
-  - push
+  push:
+    branches:
+      - "**"
+  schedule:
+    - cron: "30 2 * * *" # not to frequent, GitHub only allows a few pulls per hour
 
 jobs:
   nix build:
@@ -9,33 +13,61 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-#      - name: setup ssh
-#        run: |
-#          cat <<EOF > .id_rsa
-#          ${{ secrets.SSH_KEY }}
-#          EOF
-#          chmod 600 .id_rsa
-#
-#          eval $(ssh-agent)
-#          ssh-add .id_rsa
-#
-#          nix flake archive
-#
-#          echo $SSH_AGENT_PID
-#          kill $SSH_AGENT_PID
-#
-#      - name: nix flake check
-#        run: nix flake check --verbose --log-format raw
+      - name: update nix flakes
+        if: ${{ github.event_name == 'schedule' }}
+        # we need to use our ssh key here because we need access to private flakes
+        run: |
+          cat <<EOF > .ssh_key
+          ${{ secrets.SSH_KEY }}
+          EOF
+          chmod 600 .ssh_key
 
+          eval $(ssh-agent)
+          ssh-add .ssh_key
 
-      #- name: nix build orbi
-      #  run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
+          nix flake update
 
-      #- name: nix build cream
-      #  run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
+          echo $SSH_AGENT_PID
+          kill $SSH_AGENT_PID
+          rm .ssh_key
 
-      #- name: nix build cherry
-      #  run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
+      - name: nix flake archive/check
+        # we need to use our ssh key here because we need access to private flakes
+        run: |
+          cat <<EOF > .ssh_key
+          ${{ secrets.SSH_KEY }}
+          EOF
+          chmod 600 .ssh_key
 
-      #- name: nix build chungus
-      #  run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
+          eval $(ssh-agent)
+          ssh-add .ssh_key
+
+          nix flake archive
+          nix flake check --verbose --log-format raw
+
+          echo $SSH_AGENT_PID
+          kill $SSH_AGENT_PID
+          rm .ssh_key
+
+      - name: nix build orbi
+        run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
+
+      - name: nix build cream
+        run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
+
+      - name: nix build cherry
+        run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
+
+      - name: nix build chungus
+        run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
+
+      - name: commit & push
+        if: ${{ github.event_name == 'schedule' }}
+        # only if all nix builds are fine we update our branch
+        run: |
+          git config --local user.email "action@git.ingolf-wagner.de"
+          git config --local user.name "Forgejo Action :robot:"
+
+          git diff --quiet && \
+          git diff --staged --quiet || \
+          (git commit -am ":arrow_up: nix flake update" && git push)

.forgejo/workflows/update_nix_flakes.yml

@@ -1,49 +0,0 @@
-name: Update Nix flakes and commit changes
-
-on:
-  schedule:
-    - cron: "10 11 * * *" # not to frequent, GitHub only allows a few pulls per hour
-
-jobs:
-  update-and-commit:
-    runs-on: native
-
-    steps:
-
-      - name: checkout repository
-        uses: actions/checkout@v2
-        with:
-          ref: "update"
-          depth: 0
-
-      - name: setup git
-        run: |
-          git config --local user.email "action@git.ingolf-wagner.de"
-          git config --local user.name "Forgejo Action"
-
-      # fixme: not working for some reason
-      #- name: rebase with main branch
-      #  run: |
-      #    git fetch origin main
-      #    git rebase origin/main
-
-      - name: update nix flakes
-        run: |
-          cat <<EOF > .ssh_key
-          ${{ secrets.SSH_KEY }}
-          EOF
-          chmod 600 .ssh_key
-
-          eval $(ssh-agent)
-          ssh-add .ssh_key
-
-          nix flake update
-          
-          export GIT_SSH_COMMAND="ssh -i .ssh_key -F /dev/null" 
-          
-          git diff --quiet && \
-          git diff --staged --quiet || \
-          (git commit -am "Update Nix flakes" && git push)
-          
-          echo $SSH_AGENT_PID
-          kill $SSH_AGENT_PID

components/default.nix

@@ -1,6 +1,7 @@
 { lib, ... }:
 {
   imports = [
+    ./chaospott.nix
     ./gui
     ./mainUser.nix
     ./media
@@ -8,15 +9,9 @@
     ./network
     ./nixos
     ./terminal
+    ./timezone.nix
     ./yubikey.nix
-    ./chaospott.nix
   ];
 
-  # some system stuff
-  # -----------------
-  time.timeZone = "Europe/Berlin";
-  #time.timeZone = lib.mkDefault "Pacific/Auckland";
-  #time.timeZone = lib.mkDefault "Asia/Singapore";
-  #time.timeZone = lib.mkDefault "Asia/Makassar";
 
 }

components/monitor/container.nix

@@ -2,7 +2,10 @@
 with lib;
 with types;
 {
-  imports = [ ./default.nix ];
+  imports = [
+    ./default.nix
+    ../timezone.nix
+  ];
 
   config = {
     components.monitor.enable = mkDefault true;

components/timezone.nix

@@ -0,0 +1,8 @@
+{
+  # some system stuff
+  # -----------------
+  time.timeZone = "Europe/Berlin";
+  #time.timeZone = lib.mkDefault "Pacific/Auckland";
+  #time.timeZone = lib.mkDefault "Asia/Singapore";
+  #time.timeZone = lib.mkDefault "Asia/Makassar";
+}

flake.lock

@@ -121,15 +121,16 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1721402843,
-        "narHash": "sha256-/DiRx6TgI/3KcrgO5SAs0FjLz68j7lqp3kf8MbfSCcw=",
-        "owner": "nix-community",
+        "lastModified": 1721420442,
+        "narHash": "sha256-QpO+3WsdWblHHM5UMm/zuJJ0Ur4JSfDtm+B+3VbOtlA=",
+        "owner": "MagicRB",
         "repo": "buildbot-nix",
-        "rev": "5bdbb7609689989a79f7d6e6e59c4b7985634230",
+        "rev": "c891975243d8fd82d921ebb609e13af9a65ae254",
         "type": "github"
       },
       "original": {
-        "owner": "nix-community",
+        "owner": "MagicRB",
+        "ref": "pydantic-convert",
         "repo": "buildbot-nix",
         "type": "github"
       }
@@ -148,11 +149,11 @@
         "treefmt-nix": "treefmt-nix_2"
       },
       "locked": {
-        "lastModified": 1721420605,
-        "narHash": "sha256-E2je0KB09PXoJE1ofL2GUYnwB+BIE7D5Y2Fy+F/2cJw=",
+        "lastModified": 1721606811,
+        "narHash": "sha256-whhMy+GugmIpyxVhUGvmzrdgQYyFLZmxuI5oVILKQ9g=",
         "ref": "refs/heads/main",
-        "rev": "f3c9c379e61d127b2c5a1f7a848dcdf0e7a307b3",
-        "revCount": 3512,
+        "rev": "72019d6bcb2c95206a5f96147fa84606607b1791",
+        "revCount": 3524,
         "type": "git",
         "url": "https://git.clan.lol/clan/clan-core"
       },
@@ -170,11 +171,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1720813949,
-        "narHash": "sha256-ZqoP7VDuliqGiBo54aYOv5VMjeX+bNaOKCXfDflj+xc=",
+        "lastModified": 1721508205,
+        "narHash": "sha256-X4xVtKAkA/gVqIaCw0L5Rk9062VqlHiH0VK5En5Oi5s=",
         "owner": "mrvandalo",
         "repo": "clan-fact-generators",
-        "rev": "aa5c71bf46b453233945380b43fac2fc3d256efb",
+        "rev": "b3fb36c18871861f510330c272b455eb718cd3e4",
         "type": "github"
       },
       "original": {
@@ -191,11 +192,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1720661479,
-        "narHash": "sha256-nsGgA14vVn0GGiqEfomtVgviRJCuSR3UEopfP8ixW1I=",
+        "lastModified": 1721417620,
+        "narHash": "sha256-6q9b1h8fI3hXg2DG6/vrKWCeG8c5Wj2Kvv22RCgedzg=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "786965e1b1ed3fd2018d78399984f461e2a44689",
+        "rev": "bec6e3cde912b8acb915fecdc509eda7c973fb42",
         "type": "github"
       },
       "original": {
@@ -426,11 +427,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1721135958,
-        "narHash": "sha256-H548rpPMsn25LDKn1PCFmPxmWlClJJGnvdzImHkqjuY=",
+        "lastModified": 1721534365,
+        "narHash": "sha256-XpZOkaSJKdOsz1wU6JfO59Rx2fqtcarQ0y6ndIOKNpI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "afd2021bedff2de92dfce0e257a3d03ae65c603d",
+        "rev": "635563f245309ef5320f80c7ebcb89b2398d2949",
         "type": "github"
       },
       "original": {
@@ -467,11 +468,11 @@
       },
       "locked": {
         "dir": "nix",
-        "lastModified": 1721284730,
-        "narHash": "sha256-eWPldqxXsqtbWrXflLEhZBjiSq0TJvIYoXQ/ExDKmls=",
+        "lastModified": 1721551388,
+        "narHash": "sha256-JR9/TqQi4a14kmH+iypGZKa7H2VZhr2jL9QgHLx3LUw=",
         "owner": "kmonad",
         "repo": "kmonad",
-        "rev": "e5e839bcbedda23df0b8a3f8659edfa2c9bef8f8",
+        "rev": "31c591b647d277fe34cb06fc70b0d053dd15f867",
         "type": "github"
       },
       "original": {
@@ -549,11 +550,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1720659757,
-        "narHash": "sha256-ltzUuCsEfPA9CYM9BAnwObBGqDyQIs2OLkbVMeOOk00=",
+        "lastModified": 1721571445,
+        "narHash": "sha256-2MnlPVcNJZ9Nbu90kFyo7+lng366gswErP4FExfrUbc=",
         "owner": "nix-community",
         "repo": "nixos-images",
-        "rev": "5eddae0afbcfd4283af5d6676d08ad059ca04b70",
+        "rev": "accee005735844d57b411d9969c5d0aabc6a55f6",
         "type": "github"
       },
       "original": {
@@ -605,11 +606,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1721215108,
-        "narHash": "sha256-aOiSBcftoGye0spDdIylZE6TVTo7C/B4atYH25tSemQ=",
+        "lastModified": 1720890539,
+        "narHash": "sha256-1K32XHPcQBo8XdLDQNybfLQc9I8hqSZdjA/Ur3zW/io=",
         "owner": "Nixos",
         "repo": "nixpkgs",
-        "rev": "7edc243443b44444eba596557de03ee52beca2eb",
+        "rev": "19116ccf234e32acf133863d430506da68008550",
         "type": "github"
       },
       "original": {
@@ -653,11 +654,11 @@
     },
     "nixpkgs-legacy_2405": {
       "locked": {
-        "lastModified": 1721226092,
-        "narHash": "sha256-UBvzVpo5sXSi2S/Av+t+Q+C2mhMIw/LBEZR+d6NMjws=",
+        "lastModified": 1721409541,
+        "narHash": "sha256-b6PLr0Ty7JPDBtJtjnYzlBf02bbH9alWMAgispMkTwk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c716603a63aca44f39bef1986c13402167450e0a",
+        "rev": "0c53b6b8c2a3e46c68e04417e247bba660689c9d",
         "type": "github"
       },
       "original": {
@@ -681,11 +682,11 @@
     },
     "nixpkgs-unstable-small": {
       "locked": {
-        "lastModified": 1721393053,
-        "narHash": "sha256-xNiw9gIxyF6xsyXCiFESPjxMjuVAfmr4sBpM9u2l5io=",
+        "lastModified": 1721571961,
+        "narHash": "sha256-jfF4gpRUpTBY2OxDB0FRySsgNGOiuDckEtu7YDQom3Y=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a0691657e9634cfc001f02995cca394025e3e940",
+        "rev": "4cc8b29327bed3d52b40041f810f49734298af46",
         "type": "github"
       },
       "original": {
@@ -713,11 +714,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1719848872,
-        "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
+        "lastModified": 1721379653,
+        "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
+        "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374",
         "type": "github"
       },
       "original": {
@@ -898,11 +899,11 @@
     },
     "private_assets": {
       "locked": {
-        "lastModified": 1718795974,
-        "narHash": "sha256-wK4G35I23mDBKmEZ07Xz0+064g/I+vuJ6hkXNguT7lA=",
+        "lastModified": 1721858622,
+        "narHash": "sha256-ocxF1NK8+K0UyuODwnedsDPyLaErEceaRZSeeejFAkQ=",
         "ref": "main",
-        "rev": "77822a68120c56f6fc809a291e7d13173b8f7cea",
-        "revCount": 30,
+        "rev": "a460298aa522b5839dcd661ba32fc8fcbaccd11f",
+        "revCount": 42,
         "type": "git",
         "url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git"
       },
@@ -949,29 +950,11 @@
         "polygon-art": "polygon-art",
         "private_assets": "private_assets",
         "retiolum": "retiolum",
-        "secrets": "secrets",
         "srvos": "srvos",
         "stylix": "stylix",
         "taskshell": "taskshell"
       }
     },
-    "secrets": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1712505515,
-        "narHash": "sha256-XvuG5hC5EKAcie8dycZ7x5myPrObCkrCfUNkH/rsiTE=",
-        "ref": "main",
-        "rev": "edb5928f4d18aa58856b695139fc20a77c8763d5",
-        "revCount": 66,
-        "type": "git",
-        "url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git"
-      },
-      "original": {
-        "ref": "main",
-        "type": "git",
-        "url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git"
-      }
-    },
     "sops-nix": {
       "inputs": {
         "nixpkgs": [
@@ -983,11 +966,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1720926522,
-        "narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=",
+        "lastModified": 1721531171,
+        "narHash": "sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "0703ba03fd9c1665f8ab68cc3487302475164617",
+        "rev": "909e8cfb60d83321d85c8d17209d733658a21c95",
         "type": "github"
       },
       "original": {
@@ -1033,11 +1016,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721429336,
-        "narHash": "sha256-DTJUvI4Xkj4KC5tdq15OEUkPpk7Ebvqcz356dIT6jtY=",
+        "lastModified": 1721573849,
+        "narHash": "sha256-pHfzFzjADtCqMswGwrfC5klBWJZ6h94bxVrVObJLrEM=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "6bbae4f85b891df2e6e48b649919420434088507",
+        "rev": "0ef70039a6435446472182c8f8106947abfc523d",
         "type": "github"
       },
       "original": {
@@ -1105,11 +1088,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721059077,
-        "narHash": "sha256-gCICMMX7VMSKKt99giDDtRLkHJ0cwSgBtDijJAqTlto=",
+        "lastModified": 1720818892,
+        "narHash": "sha256-f52x9srIcqQm1Df3T+xYR5P6VfdnDFa2vkkcLhlTp6U=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "0fb28f237f83295b4dd05e342f333b447c097398",
+        "rev": "5b002f8a53ed04c1a4177e7b00809d57bd2c696f",
         "type": "github"
       },
       "original": {
@@ -1126,11 +1109,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1720930114,
-        "narHash": "sha256-VZK73b5hG5bSeAn97TTcnPjXUXtV7j/AtS4KN8ggCS0=",
+        "lastModified": 1721458737,
+        "narHash": "sha256-wNXLQ/ATs1S4Opg1PmuNoJ+Wamqj93rgZYV3Di7kxkg=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "b92afa1501ac73f1d745526adc4f89b527595f14",
+        "rev": "888bfb10a9b091d9ed2f5f8064de8d488f7b7c97",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,11 +1,6 @@
 {
   inputs = {
 
-    secrets = {
-      url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
-      flake = false;
-    };
-
     flake-parts.url = "github:hercules-ci/flake-parts";
     flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
 
@@ -81,7 +76,8 @@
       inputs.home-manager.follows = "home-manager";
     };
 
-    buildbot-nix.url = "github:nix-community/buildbot-nix";
+    #buildbot-nix.url = "github:nix-community/buildbot-nix";
+    buildbot-nix.url = "github:MagicRB/buildbot-nix?ref=pydantic-convert";
 
     # smoke test framwork to trigger tests (enable if I  want to use it for real)
     #smoke = {
@@ -121,7 +117,6 @@
     , polygon-art
     , private_assets
     , retiolum
-    , secrets
     , srvos
     , stylix
     , taskshell
@@ -180,6 +175,7 @@
           factsGenerator = clan-fact-generators.lib { inherit pkgs; };
           clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
           zerotierDeviceName = "ztbn67ogn2";
+          components = ./components;
         };
       };
 
@@ -264,7 +260,21 @@
             nix.settings.max-jobs = 1;
             # no channesl needed this way
             nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
+
+            # documentation
+            # =============
             documentation.nixos.enable = true;
+            #documentation.nixos.includeAllModules = true; # fixme : not working (see down there)
+            documentation.nixos.options.warningsAreErrors = false; # todo make this true again
+            documentation.nixos.extraModules = [
+              ./components
+              inputs.clan-core.nixosModules.clanCore
+              # inputs.stylix.nixosModules.stylix # fixme: not working
+              permown.nixosModules.permown
+              kmonad.nixosModules.default
+              home-manager.nixosModules.home-manager
+              # retiolum.nixosModules.retiolum # fixme: not working
+            ];
 
             boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
             boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;

homes/palo/i3.nix

@@ -120,9 +120,9 @@ in
     };
 
 
-    services.copyq = {
-      enable = true;
-    };
+    #services.copyq = {
+    #  enable = true;
+    #};
 
     stylix.targets.i3.enable = true;
 

homes/palo/packages/development.nix

@@ -13,6 +13,8 @@ with lib;
         jetbrains.idea-ultimate
         #vscode
 
+        zed-editor
+
         #jetbrains.mps
         jetbrains.datagrip
 
@@ -133,7 +135,7 @@ with lib;
 
         ] ++ (map pandocScript (lib.cartesianProduct {
           inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
-          outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];
+          outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ];
         }));
 
     }

machines/orbi/configuration.nix

@@ -8,15 +8,16 @@
     ../../components
     ../../modules
 
-    ./service-forgejo.nix
     ./service-forgejo-runner.nix
+    ./service-forgejo.nix
     ./service-hedgedoc.nix
+    ./service-nix-cache.nix
     ./service-photoprism.nix
+    #./service-surrealdb.nix # not really needed at the moment
     ./service-taskserver.nix
     ./service-vaultwarden.nix
-    #./service-surrealdb.nix # not really needed at the moment
     ./service-vikunja.nix
-    ./service-nix-cache.nix
+    ./service-wastebin.nix
 
     ./nginx-ingolf-wagner-de.nix
     ./nginx-wkd.nix

machines/orbi/service-wastebin.nix

@@ -0,0 +1,27 @@
+{ pkgs, ... }:
+let
+  port = 9001;
+in
+{
+  services.wastebin = {
+    enable = true;
+    settings = {
+      WASTEBIN_ADDRESS_PORT = "127.0.0.1:${toString port}";
+      WASTEBIN_TITLE = "paste.ingolf-wagner.de";
+      WASTEBIN_MAX_PASTE_EXPIRATION = 60 * 60 * 24 * 30;
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts. "paste.ingolf-wagner.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        recommendedProxySettings = true;
+        proxyWebsockets = true;
+        proxyPass = "http://127.0.0.1:${toString port}";
+      };
+    };
+  };
+}