palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Projects Releases Wiki Activity

Compare commits

base: palo:d591d6ecb2bdc93e4a81b5bb6878cb6fd953b7c7
Branches Tags
palo:main
palo:update
palo:refactor/component/ssh
palo:orbi-ssh-unlock-works
..
compare: palo:85455f817b896e930a36cce0fd752c20906e3890
Branches Tags
palo:main
palo:update
palo:refactor/component/ssh
palo:orbi-ssh-unlock-works

1 commit
d591d6ecb2 ... 85455f817b

Author SHA1 Message Date
Forgejo Action 85455f817b Update Nix flakes 2024-07-21 11:30:52 +02:00
11 changed files with 152 additions and 164 deletions
Show stats Expand all files Collapse all files

84
.forgejo/workflows/nix_build.yaml
View file

@ -1,11 +1,7 @@
name: Build all NixOS Configurations
on:
push:
branches:
- "**"
schedule:
- cron: "30 2 * * *" # not to frequent, GitHub only allows a few pulls per hour
- push
jobs:
nix build:
@ -13,61 +9,33 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: update nix flakes
if: ${{ github.event_name == 'schedule' }}
# we need to use our ssh key here because we need access to private flakes
run: |
cat <<EOF > .ssh_key
${{ secrets.SSH_KEY }}
EOF
chmod 600 .ssh_key
# - name: setup ssh
# run: |
# cat <<EOF > .id_rsa
# ${{ secrets.SSH_KEY }}
# EOF
# chmod 600 .id_rsa
#
# eval $(ssh-agent)
# ssh-add .id_rsa
#
# nix flake archive
#
# echo $SSH_AGENT_PID
# kill $SSH_AGENT_PID
#
# - name: nix flake check
# run: nix flake check --verbose --log-format raw
eval $(ssh-agent)
ssh-add .ssh_key
nix flake update
#- name: nix build orbi
# run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID
rm .ssh_key
#- name: nix build cream
# run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
- name: nix flake archive/check
# we need to use our ssh key here because we need access to private flakes
run: |
cat <<EOF > .ssh_key
${{ secrets.SSH_KEY }}
EOF
chmod 600 .ssh_key
#- name: nix build cherry
# run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
eval $(ssh-agent)
ssh-add .ssh_key
nix flake archive
nix flake check --verbose --log-format raw
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID
rm .ssh_key
- name: nix build orbi
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
- name: nix build cream
run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
- name: nix build cherry
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
- name: nix build chungus
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
- name: commit & push
if: ${{ github.event_name == 'schedule' }}
# only if all nix builds are fine we update our branch
run: |
git config --local user.email "action@git.ingolf-wagner.de"
git config --local user.name "Forgejo Action :robot:"
git diff --quiet && \
git diff --staged --quiet || \
(git commit -am ":arrow_up: nix flake update" && git push)
#- name: nix build chungus
# run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel

49
.forgejo/workflows/update_nix_flakes.yml Normal file
View file

@ -0,0 +1,49 @@
name: Update Nix flakes and commit changes
on:
schedule:
- cron: "10 11 * * *" # not to frequent, GitHub only allows a few pulls per hour
jobs:
update-and-commit:
runs-on: native
steps:
- name: checkout repository
uses: actions/checkout@v2
with:
ref: "update"
depth: 0
- name: setup git
run: |
git config --local user.email "action@git.ingolf-wagner.de"
git config --local user.name "Forgejo Action"
# fixme: not working for some reason
#- name: rebase with main branch
# run: |
# git fetch origin main
# git rebase origin/main
- name: update nix flakes
run: |
cat <<EOF > .ssh_key
${{ secrets.SSH_KEY }}
EOF
chmod 600 .ssh_key
eval $(ssh-agent)
ssh-add .ssh_key
nix flake update
export GIT_SSH_COMMAND="ssh -i .ssh_key -F /dev/null"
git diff --quiet && \
git diff --staged --quiet || \
(git commit -am "Update Nix flakes" && git push)
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID

9
components/default.nix
View file

@ -1,7 +1,6 @@
{ lib, ... }:
{
imports = [
./chaospott.nix
./gui
./mainUser.nix
./media
@ -9,9 +8,15 @@
./network
./nixos
./terminal
./timezone.nix
./yubikey.nix
./chaospott.nix
];
# some system stuff
# -----------------
time.timeZone = "Europe/Berlin";
#time.timeZone = lib.mkDefault "Pacific/Auckland";
#time.timeZone = lib.mkDefault "Asia/Singapore";
#time.timeZone = lib.mkDefault "Asia/Makassar";
}

5
components/monitor/container.nix
View file

@ -2,10 +2,7 @@
with lib;
with types;
{
imports = [
./default.nix
../timezone.nix
];
imports = [ ./default.nix ];
config = {
components.monitor.enable = mkDefault true;

8
components/timezone.nix
View file

@ -1,8 +0,0 @@
{
# some system stuff
# -----------------
time.timeZone = "Europe/Berlin";
#time.timeZone = lib.mkDefault "Pacific/Auckland";
#time.timeZone = lib.mkDefault "Asia/Singapore";
#time.timeZone = lib.mkDefault "Asia/Makassar";
}

93
flake.lock
View file

@ -121,16 +121,15 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1721420442,
"narHash": "sha256-QpO+3WsdWblHHM5UMm/zuJJ0Ur4JSfDtm+B+3VbOtlA=",
"owner": "MagicRB",
"lastModified": 1721526898,
"narHash": "sha256-HFaqhuClCWau5sbxDlNXFtElELSqn7oEgPEt2iW4nkA=",
"owner": "nix-community",
"repo": "buildbot-nix",
"rev": "c891975243d8fd82d921ebb609e13af9a65ae254",
"rev": "be581a532080db9f37a9ec8522eca351929fc846",
"type": "github"
},
"original": {
"owner": "MagicRB",
"ref": "pydantic-convert",
"owner": "nix-community",
"repo": "buildbot-nix",
"type": "github"
}
@ -149,11 +148,11 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1721606811,
"narHash": "sha256-whhMy+GugmIpyxVhUGvmzrdgQYyFLZmxuI5oVILKQ9g=",
"lastModified": 1721420605,
"narHash": "sha256-E2je0KB09PXoJE1ofL2GUYnwB+BIE7D5Y2Fy+F/2cJw=",
"ref": "refs/heads/main",
"rev": "72019d6bcb2c95206a5f96147fa84606607b1791",
"revCount": 3524,
"rev": "f3c9c379e61d127b2c5a1f7a848dcdf0e7a307b3",
"revCount": 3512,
"type": "git",
"url": "https://git.clan.lol/clan/clan-core"
},
@ -192,11 +191,11 @@
]
},
"locked": {
"lastModified": 1721417620,
"narHash": "sha256-6q9b1h8fI3hXg2DG6/vrKWCeG8c5Wj2Kvv22RCgedzg=",
"lastModified": 1720661479,
"narHash": "sha256-nsGgA14vVn0GGiqEfomtVgviRJCuSR3UEopfP8ixW1I=",
"owner": "nix-community",
"repo": "disko",
"rev": "bec6e3cde912b8acb915fecdc509eda7c973fb42",
"rev": "786965e1b1ed3fd2018d78399984f461e2a44689",
"type": "github"
},
"original": {
@ -550,11 +549,11 @@
]
},
"locked": {
"lastModified": 1721571445,
"narHash": "sha256-2MnlPVcNJZ9Nbu90kFyo7+lng366gswErP4FExfrUbc=",
"lastModified": 1720659757,
"narHash": "sha256-ltzUuCsEfPA9CYM9BAnwObBGqDyQIs2OLkbVMeOOk00=",
"owner": "nix-community",
"repo": "nixos-images",
"rev": "accee005735844d57b411d9969c5d0aabc6a55f6",
"rev": "5eddae0afbcfd4283af5d6676d08ad059ca04b70",
"type": "github"
},
"original": {
@ -606,11 +605,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1720890539,
"narHash": "sha256-1K32XHPcQBo8XdLDQNybfLQc9I8hqSZdjA/Ur3zW/io=",
"lastModified": 1721481798,
"narHash": "sha256-GOwbtcTDS7KnVseckF+H8OCRNrwYEqCZ34QOZ+i51e4=",
"owner": "Nixos",
"repo": "nixpkgs",
"rev": "19116ccf234e32acf133863d430506da68008550",
"rev": "a2aeb0fcca8ef063c03ef57fa5de49084d4e9687",
"type": "github"
},
"original": {
@ -682,11 +681,11 @@
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1721571961,
"narHash": "sha256-jfF4gpRUpTBY2OxDB0FRySsgNGOiuDckEtu7YDQom3Y=",
"lastModified": 1721524691,
"narHash": "sha256-aE4vMfHfpX6KP9VWqVdXtoDUlvFR34wEIjqsqnKrVdY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4cc8b29327bed3d52b40041f810f49734298af46",
"rev": "c9ed026def59fe978203a2b28eccdbaa7e5fadc9",
"type": "github"
},
"original": {
@ -899,11 +898,11 @@
},
"private_assets": {
"locked": {
"lastModified": 1721858622,
"narHash": "sha256-ocxF1NK8+K0UyuODwnedsDPyLaErEceaRZSeeejFAkQ=",
"lastModified": 1718795974,
"narHash": "sha256-wK4G35I23mDBKmEZ07Xz0+064g/I+vuJ6hkXNguT7lA=",
"ref": "main",
"rev": "a460298aa522b5839dcd661ba32fc8fcbaccd11f",
"revCount": 42,
"rev": "77822a68120c56f6fc809a291e7d13173b8f7cea",
"revCount": 30,
"type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git"
},
@ -950,11 +949,29 @@
"polygon-art": "polygon-art",
"private_assets": "private_assets",
"retiolum": "retiolum",
"secrets": "secrets",
"srvos": "srvos",
"stylix": "stylix",
"taskshell": "taskshell"
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1712505515,
"narHash": "sha256-XvuG5hC5EKAcie8dycZ7x5myPrObCkrCfUNkH/rsiTE=",
"ref": "main",
"rev": "edb5928f4d18aa58856b695139fc20a77c8763d5",
"revCount": 66,
"type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
@ -966,11 +983,11 @@
]
},
"locked": {
"lastModified": 1721531171,
"narHash": "sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU=",
"lastModified": 1720926522,
"narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "909e8cfb60d83321d85c8d17209d733658a21c95",
"rev": "0703ba03fd9c1665f8ab68cc3487302475164617",
"type": "github"
},
"original": {
@ -1016,11 +1033,11 @@
]
},
"locked": {
"lastModified": 1721573849,
"narHash": "sha256-pHfzFzjADtCqMswGwrfC5klBWJZ6h94bxVrVObJLrEM=",
"lastModified": 1721478802,
"narHash": "sha256-+WMQs0fMAmpWPsKNgIFQoKLtvS4qtTj+mC++cD1May4=",
"owner": "danth",
"repo": "stylix",
"rev": "0ef70039a6435446472182c8f8106947abfc523d",
"rev": "6f36b27afd7b7ac8664bb62b7b27728540972c82",
"type": "github"
},
"original": {
@ -1088,11 +1105,11 @@
]
},
"locked": {
"lastModified": 1720818892,
"narHash": "sha256-f52x9srIcqQm1Df3T+xYR5P6VfdnDFa2vkkcLhlTp6U=",
"lastModified": 1721458737,
"narHash": "sha256-wNXLQ/ATs1S4Opg1PmuNoJ+Wamqj93rgZYV3Di7kxkg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "5b002f8a53ed04c1a4177e7b00809d57bd2c696f",
"rev": "888bfb10a9b091d9ed2f5f8064de8d488f7b7c97",
"type": "github"
},
"original": {
@ -1109,11 +1126,11 @@
]
},
"locked": {
"lastModified": 1721458737,
"narHash": "sha256-wNXLQ/ATs1S4Opg1PmuNoJ+Wamqj93rgZYV3Di7kxkg=",
"lastModified": 1720930114,
"narHash": "sha256-VZK73b5hG5bSeAn97TTcnPjXUXtV7j/AtS4KN8ggCS0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "888bfb10a9b091d9ed2f5f8064de8d488f7b7c97",
"rev": "b92afa1501ac73f1d745526adc4f89b527595f14",
"type": "github"
},
"original": {

24
flake.nix
View file

@ -1,6 +1,11 @@
{
inputs = {
secrets = {
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
flake = false;
};
flake-parts.url = "github:hercules-ci/flake-parts";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
@ -76,8 +81,7 @@
inputs.home-manager.follows = "home-manager";
};
#buildbot-nix.url = "github:nix-community/buildbot-nix";
buildbot-nix.url = "github:MagicRB/buildbot-nix?ref=pydantic-convert";
buildbot-nix.url = "github:nix-community/buildbot-nix";
# smoke test framwork to trigger tests (enable if I want to use it for real)
#smoke = {
@ -117,6 +121,7 @@
, polygon-art
, private_assets
, retiolum
, secrets
, srvos
, stylix
, taskshell
@ -175,7 +180,6 @@
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
zerotierDeviceName = "ztbn67ogn2";
components = ./components;
};
};
@ -260,21 +264,7 @@
nix.settings.max-jobs = 1;
# no channesl needed this way
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
# documentation
# =============
documentation.nixos.enable = true;
#documentation.nixos.includeAllModules = true; # fixme : not working (see down there)
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
documentation.nixos.extraModules = [
./components
inputs.clan-core.nixosModules.clanCore
# inputs.stylix.nixosModules.stylix # fixme: not working
permown.nixosModules.permown
kmonad.nixosModules.default
home-manager.nixosModules.home-manager
# retiolum.nixosModules.retiolum # fixme: not working
];
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;

6
homes/palo/i3.nix
View file

@ -120,9 +120,9 @@ in
};
#services.copyq = {
# enable = true;
#};
services.copyq = {
enable = true;
};
stylix.targets.i3.enable = true;

4
homes/palo/packages/development.nix
View file

@ -13,8 +13,6 @@ with lib;
jetbrains.idea-ultimate
#vscode
zed-editor
#jetbrains.mps
jetbrains.datagrip
@ -135,7 +133,7 @@ with lib;
] ++ (map pandocScript (lib.cartesianProduct {
inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ];
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];
}));
}

7
machines/orbi/configuration.nix
View file

@ -8,16 +8,15 @@
../../components
../../modules
./service-forgejo-runner.nix
./service-forgejo.nix
./service-forgejo-runner.nix
./service-hedgedoc.nix
./service-nix-cache.nix
./service-photoprism.nix
#./service-surrealdb.nix # not really needed at the moment
./service-taskserver.nix
./service-vaultwarden.nix
#./service-surrealdb.nix # not really needed at the moment
./service-vikunja.nix
./service-wastebin.nix
./service-nix-cache.nix
./nginx-ingolf-wagner-de.nix
./nginx-wkd.nix

27
machines/orbi/service-wastebin.nix
View file

@ -1,27 +0,0 @@
{ pkgs, ... }:
let
port = 9001;
in
{
services.wastebin = {
enable = true;
settings = {
WASTEBIN_ADDRESS_PORT = "127.0.0.1:${toString port}";
WASTEBIN_TITLE = "paste.ingolf-wagner.de";
WASTEBIN_MAX_PASTE_EXPIRATION = 60 * 60 * 24 * 30;
};
};
services.nginx = {
enable = true;
virtualHosts. "paste.ingolf-wagner.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:${toString port}";
};
};
};
}