Update Nix flakes

.forgejo/workflows/nix_build.yaml

@@ -1,11 +1,7 @@
 name: Build all NixOS Configurations
 
 on:
-  push:
+  - push
-    branches:
-      - "**"
-  schedule:
-    - cron: "30 2 * * *" # not to frequent, GitHub only allows a few pulls per hour
 
 jobs:
   nix build:
@@ -13,61 +9,33 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: update nix flakes
+#      - name: setup ssh
-        if: ${{ github.event_name == 'schedule' }}
+#        run: |
-        # we need to use our ssh key here because we need access to private flakes
+#          cat <<EOF > .id_rsa
-        run: |
+#          ${{ secrets.SSH_KEY }}
-          cat <<EOF > .ssh_key
+#          EOF
-          ${{ secrets.SSH_KEY }}
+#          chmod 600 .id_rsa
-          EOF
+#
-          chmod 600 .ssh_key
+#          eval $(ssh-agent)
+#          ssh-add .id_rsa
+#
+#          nix flake archive
+#
+#          echo $SSH_AGENT_PID
+#          kill $SSH_AGENT_PID
+#
+#      - name: nix flake check
+#        run: nix flake check --verbose --log-format raw
 
-          eval $(ssh-agent)
-          ssh-add .ssh_key
 
-          nix flake update
+      #- name: nix build orbi
+      #  run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
 
-          echo $SSH_AGENT_PID
+      #- name: nix build cream
-          kill $SSH_AGENT_PID
+      #  run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
-          rm .ssh_key
 
-      - name: nix flake archive/check
+      #- name: nix build cherry
-        # we need to use our ssh key here because we need access to private flakes
+      #  run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
-        run: |
-          cat <<EOF > .ssh_key
-          ${{ secrets.SSH_KEY }}
-          EOF
-          chmod 600 .ssh_key
 
-          eval $(ssh-agent)
+      #- name: nix build chungus
-          ssh-add .ssh_key
+      #  run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
-
-          nix flake archive
-          nix flake check --verbose --log-format raw
-
-          echo $SSH_AGENT_PID
-          kill $SSH_AGENT_PID
-          rm .ssh_key
-
-      - name: nix build orbi
-        run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
-
-      - name: nix build cream
-        run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
-
-      - name: nix build cherry
-        run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
-
-      - name: nix build chungus
-        run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
-
-      - name: commit & push
-        if: ${{ github.event_name == 'schedule' }}
-        # only if all nix builds are fine we update our branch
-        run: |
-          git config --local user.email "action@git.ingolf-wagner.de"
-          git config --local user.name "Forgejo Action :robot:"
-
-          git diff --quiet && \
-          git diff --staged --quiet || \
-          (git commit -am ":arrow_up: nix flake update" && git push)

.forgejo/workflows/update_nix_flakes.yml

@@ -0,0 +1,49 @@
+name: Update Nix flakes and commit changes
+
+on:
+  schedule:
+    - cron: "10 11 * * *" # not to frequent, GitHub only allows a few pulls per hour
+
+jobs:
+  update-and-commit:
+    runs-on: native
+
+    steps:
+
+      - name: checkout repository
+        uses: actions/checkout@v2
+        with:
+          ref: "update"
+          depth: 0
+
+      - name: setup git
+        run: |
+          git config --local user.email "action@git.ingolf-wagner.de"
+          git config --local user.name "Forgejo Action"
+
+      # fixme: not working for some reason
+      #- name: rebase with main branch
+      #  run: |
+      #    git fetch origin main
+      #    git rebase origin/main
+
+      - name: update nix flakes
+        run: |
+          cat <<EOF > .ssh_key
+          ${{ secrets.SSH_KEY }}
+          EOF
+          chmod 600 .ssh_key
+
+          eval $(ssh-agent)
+          ssh-add .ssh_key
+
+          nix flake update
+          
+          export GIT_SSH_COMMAND="ssh -i .ssh_key -F /dev/null" 
+          
+          git diff --quiet && \
+          git diff --staged --quiet || \
+          (git commit -am "Update Nix flakes" && git push)
+          
+          echo $SSH_AGENT_PID
+          kill $SSH_AGENT_PID

components/default.nix

@@ -1,7 +1,6 @@
 { lib, ... }:
 {
   imports = [
-    ./chaospott.nix
     ./gui
     ./mainUser.nix
     ./media
@@ -9,9 +8,15 @@
     ./network
     ./nixos
     ./terminal
-    ./timezone.nix
     ./yubikey.nix
+    ./chaospott.nix
   ];
 
+  # some system stuff
+  # -----------------
+  time.timeZone = "Europe/Berlin";
+  #time.timeZone = lib.mkDefault "Pacific/Auckland";
+  #time.timeZone = lib.mkDefault "Asia/Singapore";
+  #time.timeZone = lib.mkDefault "Asia/Makassar";
 
 }

components/monitor/container.nix

@@ -2,10 +2,7 @@
 with lib;
 with types;
 {
-  imports = [
+  imports = [ ./default.nix ];
-    ./default.nix
-    ../timezone.nix
-  ];
 
   config = {
     components.monitor.enable = mkDefault true;

components/timezone.nix

@@ -1,8 +0,0 @@
-{
-  # some system stuff
-  # -----------------
-  time.timeZone = "Europe/Berlin";
-  #time.timeZone = lib.mkDefault "Pacific/Auckland";
-  #time.timeZone = lib.mkDefault "Asia/Singapore";
-  #time.timeZone = lib.mkDefault "Asia/Makassar";
-}

flake.lock

@@ -121,16 +121,15 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1721420442,
+        "lastModified": 1721526898,
-        "narHash": "sha256-QpO+3WsdWblHHM5UMm/zuJJ0Ur4JSfDtm+B+3VbOtlA=",
+        "narHash": "sha256-HFaqhuClCWau5sbxDlNXFtElELSqn7oEgPEt2iW4nkA=",
-        "owner": "MagicRB",
+        "owner": "nix-community",
         "repo": "buildbot-nix",
-        "rev": "c891975243d8fd82d921ebb609e13af9a65ae254",
+        "rev": "be581a532080db9f37a9ec8522eca351929fc846",
         "type": "github"
       },
       "original": {
-        "owner": "MagicRB",
+        "owner": "nix-community",
-        "ref": "pydantic-convert",
         "repo": "buildbot-nix",
         "type": "github"
       }
@@ -149,11 +148,11 @@
         "treefmt-nix": "treefmt-nix_2"
       },
       "locked": {
-        "lastModified": 1721606811,
+        "lastModified": 1721420605,
-        "narHash": "sha256-whhMy+GugmIpyxVhUGvmzrdgQYyFLZmxuI5oVILKQ9g=",
+        "narHash": "sha256-E2je0KB09PXoJE1ofL2GUYnwB+BIE7D5Y2Fy+F/2cJw=",
         "ref": "refs/heads/main",
-        "rev": "72019d6bcb2c95206a5f96147fa84606607b1791",
+        "rev": "f3c9c379e61d127b2c5a1f7a848dcdf0e7a307b3",
-        "revCount": 3524,
+        "revCount": 3512,
         "type": "git",
         "url": "https://git.clan.lol/clan/clan-core"
       },
@@ -192,11 +191,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721417620,
+        "lastModified": 1720661479,
-        "narHash": "sha256-6q9b1h8fI3hXg2DG6/vrKWCeG8c5Wj2Kvv22RCgedzg=",
+        "narHash": "sha256-nsGgA14vVn0GGiqEfomtVgviRJCuSR3UEopfP8ixW1I=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "bec6e3cde912b8acb915fecdc509eda7c973fb42",
+        "rev": "786965e1b1ed3fd2018d78399984f461e2a44689",
         "type": "github"
       },
       "original": {
@@ -550,11 +549,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721571445,
+        "lastModified": 1720659757,
-        "narHash": "sha256-2MnlPVcNJZ9Nbu90kFyo7+lng366gswErP4FExfrUbc=",
+        "narHash": "sha256-ltzUuCsEfPA9CYM9BAnwObBGqDyQIs2OLkbVMeOOk00=",
         "owner": "nix-community",
         "repo": "nixos-images",
-        "rev": "accee005735844d57b411d9969c5d0aabc6a55f6",
+        "rev": "5eddae0afbcfd4283af5d6676d08ad059ca04b70",
         "type": "github"
       },
       "original": {
@@ -606,11 +605,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1720890539,
+        "lastModified": 1721481798,
-        "narHash": "sha256-1K32XHPcQBo8XdLDQNybfLQc9I8hqSZdjA/Ur3zW/io=",
+        "narHash": "sha256-GOwbtcTDS7KnVseckF+H8OCRNrwYEqCZ34QOZ+i51e4=",
         "owner": "Nixos",
         "repo": "nixpkgs",
-        "rev": "19116ccf234e32acf133863d430506da68008550",
+        "rev": "a2aeb0fcca8ef063c03ef57fa5de49084d4e9687",
         "type": "github"
       },
       "original": {
@@ -682,11 +681,11 @@
     },
     "nixpkgs-unstable-small": {
       "locked": {
-        "lastModified": 1721571961,
+        "lastModified": 1721524691,
-        "narHash": "sha256-jfF4gpRUpTBY2OxDB0FRySsgNGOiuDckEtu7YDQom3Y=",
+        "narHash": "sha256-aE4vMfHfpX6KP9VWqVdXtoDUlvFR34wEIjqsqnKrVdY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "4cc8b29327bed3d52b40041f810f49734298af46",
+        "rev": "c9ed026def59fe978203a2b28eccdbaa7e5fadc9",
         "type": "github"
       },
       "original": {
@@ -899,11 +898,11 @@
     },
     "private_assets": {
       "locked": {
-        "lastModified": 1721858622,
+        "lastModified": 1718795974,
-        "narHash": "sha256-ocxF1NK8+K0UyuODwnedsDPyLaErEceaRZSeeejFAkQ=",
+        "narHash": "sha256-wK4G35I23mDBKmEZ07Xz0+064g/I+vuJ6hkXNguT7lA=",
         "ref": "main",
-        "rev": "a460298aa522b5839dcd661ba32fc8fcbaccd11f",
+        "rev": "77822a68120c56f6fc809a291e7d13173b8f7cea",
-        "revCount": 42,
+        "revCount": 30,
         "type": "git",
         "url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git"
       },
@@ -950,11 +949,29 @@
         "polygon-art": "polygon-art",
         "private_assets": "private_assets",
         "retiolum": "retiolum",
+        "secrets": "secrets",
         "srvos": "srvos",
         "stylix": "stylix",
         "taskshell": "taskshell"
       }
     },
+    "secrets": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1712505515,
+        "narHash": "sha256-XvuG5hC5EKAcie8dycZ7x5myPrObCkrCfUNkH/rsiTE=",
+        "ref": "main",
+        "rev": "edb5928f4d18aa58856b695139fc20a77c8763d5",
+        "revCount": 66,
+        "type": "git",
+        "url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git"
+      }
+    },
     "sops-nix": {
       "inputs": {
         "nixpkgs": [
@@ -966,11 +983,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721531171,
+        "lastModified": 1720926522,
-        "narHash": "sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU=",
+        "narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "909e8cfb60d83321d85c8d17209d733658a21c95",
+        "rev": "0703ba03fd9c1665f8ab68cc3487302475164617",
         "type": "github"
       },
       "original": {
@@ -1016,11 +1033,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721573849,
+        "lastModified": 1721478802,
-        "narHash": "sha256-pHfzFzjADtCqMswGwrfC5klBWJZ6h94bxVrVObJLrEM=",
+        "narHash": "sha256-+WMQs0fMAmpWPsKNgIFQoKLtvS4qtTj+mC++cD1May4=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "0ef70039a6435446472182c8f8106947abfc523d",
+        "rev": "6f36b27afd7b7ac8664bb62b7b27728540972c82",
         "type": "github"
       },
       "original": {
@@ -1088,11 +1105,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1720818892,
+        "lastModified": 1721458737,
-        "narHash": "sha256-f52x9srIcqQm1Df3T+xYR5P6VfdnDFa2vkkcLhlTp6U=",
+        "narHash": "sha256-wNXLQ/ATs1S4Opg1PmuNoJ+Wamqj93rgZYV3Di7kxkg=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "5b002f8a53ed04c1a4177e7b00809d57bd2c696f",
+        "rev": "888bfb10a9b091d9ed2f5f8064de8d488f7b7c97",
         "type": "github"
       },
       "original": {
@@ -1109,11 +1126,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1721458737,
+        "lastModified": 1720930114,
-        "narHash": "sha256-wNXLQ/ATs1S4Opg1PmuNoJ+Wamqj93rgZYV3Di7kxkg=",
+        "narHash": "sha256-VZK73b5hG5bSeAn97TTcnPjXUXtV7j/AtS4KN8ggCS0=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "888bfb10a9b091d9ed2f5f8064de8d488f7b7c97",
+        "rev": "b92afa1501ac73f1d745526adc4f89b527595f14",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,6 +1,11 @@
 {
   inputs = {
 
+    secrets = {
+      url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
+      flake = false;
+    };
+
     flake-parts.url = "github:hercules-ci/flake-parts";
     flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
 
@@ -76,8 +81,7 @@
       inputs.home-manager.follows = "home-manager";
     };
 
-    #buildbot-nix.url = "github:nix-community/buildbot-nix";
+    buildbot-nix.url = "github:nix-community/buildbot-nix";
-    buildbot-nix.url = "github:MagicRB/buildbot-nix?ref=pydantic-convert";
 
     # smoke test framwork to trigger tests (enable if I  want to use it for real)
     #smoke = {
@@ -117,6 +121,7 @@
     , polygon-art
     , private_assets
     , retiolum
+    , secrets
     , srvos
     , stylix
     , taskshell
@@ -175,7 +180,6 @@
           factsGenerator = clan-fact-generators.lib { inherit pkgs; };
           clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
           zerotierDeviceName = "ztbn67ogn2";
-          components = ./components;
         };
       };
 
@@ -260,21 +264,7 @@
             nix.settings.max-jobs = 1;
             # no channesl needed this way
             nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
-
-            # documentation
-            # =============
             documentation.nixos.enable = true;
-            #documentation.nixos.includeAllModules = true; # fixme : not working (see down there)
-            documentation.nixos.options.warningsAreErrors = false; # todo make this true again
-            documentation.nixos.extraModules = [
-              ./components
-              inputs.clan-core.nixosModules.clanCore
-              # inputs.stylix.nixosModules.stylix # fixme: not working
-              permown.nixosModules.permown
-              kmonad.nixosModules.default
-              home-manager.nixosModules.home-manager
-              # retiolum.nixosModules.retiolum # fixme: not working
-            ];
 
             boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
             boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;

homes/palo/i3.nix

@@ -120,9 +120,9 @@ in
     };
 
 
-    #services.copyq = {
+    services.copyq = {
-    #  enable = true;
+      enable = true;
-    #};
+    };
 
     stylix.targets.i3.enable = true;
 

homes/palo/packages/development.nix

@@ -13,8 +13,6 @@ with lib;
         jetbrains.idea-ultimate
         #vscode
 
-        zed-editor
-
         #jetbrains.mps
         jetbrains.datagrip
 
@@ -135,7 +133,7 @@ with lib;
 
         ] ++ (map pandocScript (lib.cartesianProduct {
           inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
-          outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ];
+          outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];
         }));
 
     }

machines/orbi/configuration.nix

@@ -8,16 +8,15 @@
     ../../components
     ../../modules
 
-    ./service-forgejo-runner.nix
     ./service-forgejo.nix
+    ./service-forgejo-runner.nix
     ./service-hedgedoc.nix
-    ./service-nix-cache.nix
     ./service-photoprism.nix
-    #./service-surrealdb.nix # not really needed at the moment
     ./service-taskserver.nix
     ./service-vaultwarden.nix
+    #./service-surrealdb.nix # not really needed at the moment
     ./service-vikunja.nix
-    ./service-wastebin.nix
+    ./service-nix-cache.nix
 
     ./nginx-ingolf-wagner-de.nix
     ./nginx-wkd.nix

machines/orbi/service-wastebin.nix

@@ -1,27 +0,0 @@
-{ pkgs, ... }:
-let
-  port = 9001;
-in
-{
-  services.wastebin = {
-    enable = true;
-    settings = {
-      WASTEBIN_ADDRESS_PORT = "127.0.0.1:${toString port}";
-      WASTEBIN_TITLE = "paste.ingolf-wagner.de";
-      WASTEBIN_MAX_PASTE_EXPIRATION = 60 * 60 * 24 * 30;
-    };
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts. "paste.ingolf-wagner.de" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        recommendedProxySettings = true;
-        proxyWebsockets = true;
-        proxyPass = "http://127.0.0.1:${toString port}";
-      };
-    };
-  };
-}