From 462a0b85931a0dd94305d18e8c70022619bbf089 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Mon, 22 Jul 2024 17:10:40 -0500 Subject: [PATCH 01/20] Update slippi, add emacs, update router config to route a.lyte.dev --- flake.lock | 6 +++--- flake.nix | 1 + modules/home-manager/default.nix | 17 +++++++++++++++++ modules/nixos/default.nix | 13 +++++++++++++ nixos/router.nix | 1 + 5 files changed, 35 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 78dcacc..bd9348d 100644 --- a/flake.lock +++ b/flake.lock @@ -477,11 +477,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1720625270, - "narHash": "sha256-7JGUXmp6LxPkinxy9kEnrdbZQPF8QGZwvRxWU/ZwJKY=", + "lastModified": 1721686199, + "narHash": "sha256-4rMu207y5HCLkRDbZXdFhFqAfDKxwCJ1r9UOsXmef4Q=", "owner": "lytedev", "repo": "slippi-nix", - "rev": "e86b5e46d53a929303b9ad6539cb6e64e7a8c5b4", + "rev": "2b9673de8ec491be1c3ad8d23461b1fe5f2736b0", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3293983..beb7f90 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,7 @@ hardware.url = "github:nixos/nixos-hardware"; hyprland.url = "github:hyprwm/Hyprland"; slippi.url = "github:lytedev/slippi-nix"; + # slippi.url = "git+file:///home/daniel/code/open-source/slippi-nix"; # nnf.url = "github:thelegy/nixos-nftables-firewall?rev=71fc2b79358d0dbacde83c806a0f008ece567b7b"; }; diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 30ee7a1..36a7af9 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -34,6 +34,23 @@ broot = {}; + emacs = {pkgs, ...}: { + programs.emacs = { + enable = true; + # extraConfig = '' + # ''; + extraPackages = epkgs: (with epkgs; [ + magit + ]); + }; + + programs.fish = { + shellAliases = { + e = "emacs"; + }; + }; + }; + cargo = {config, ...}: { home.file."${config.home.homeDirectory}/.cargo/config.toml" = { enable = true; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index d856ce4..7282955 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -243,11 +243,24 @@ ''; }; + emacs = {pkgs, ...}: { + environment.systemPackages = with pkgs; [ + emacs + ]; + + home-manager.users.daniel = { + imports = with homeManagerModules; [ + emacs + ]; + }; + }; + development-tools = {pkgs, ...}: { imports = with nixosModules; [ postgres podman troubleshooting-tools + emacs ]; environment.sessionVariables.NIXOS_OZONE_WL = "1"; diff --git a/nixos/router.nix b/nixos/router.nix index c98400c..7ff6c7e 100644 --- a/nixos/router.nix +++ b/nixos/router.nix @@ -42,6 +42,7 @@ "nix.h.lyte.dev" "git.lyte.dev" "video.lyte.dev" + "a.lyte.dev" "bw.lyte.dev" "files.lyte.dev" "vpn.h.lyte.dev" From 94966a089eecb7129ab7b5744ce7e88cab954f65 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 10:13:15 -0500 Subject: [PATCH 02/20] gitea->forgejo --- nixos/beefcake.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 2f76345..267f159 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -609,7 +609,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 paths = [ "/storage/files.lyte.dev" "/storage/daniel" - "/storage/gitea" # TODO: should maybe use configuration.nix's services.gitea.dump ? + "/storage/forgejo" # TODO: should maybe use configuration.nix's services.forgejo.dump ? "/storage/postgres-backups" # https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault @@ -696,11 +696,13 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 ]; } { - services.gitea = { + services.forgejo = { enable = true; - appName = "git.lyte.dev"; - stateDir = "/storage/gitea"; + stateDir = "/storage/forgejo"; settings = { + DEFAULT = { + APP_NAME = "git.lyte.dev"; + }; server = { ROOT_URL = "https://git.lyte.dev"; HTTP_ADDR = "127.0.0.1"; @@ -721,7 +723,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 LEVEL = "Debug"; }; ui = { - THEMES = "catppuccin-mocha-sapphire,gitea,arc-green,auto,pitchblack"; + THEMES = "catppuccin-mocha-sapphire,forgejo,arc-green,auto,pitchblack"; DEFAULT_THEME = "catppuccin-mocha-sapphire"; }; indexer = { @@ -743,19 +745,19 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 type = "sqlite3"; }; }; - # services.gitea-actions-runner.instances.main = { + # services.forgejo-actions-runner.instances.main = { # # TODO: simple git-based automation would be dope? maybe especially for # # mirroring to github super easy? # enable = false; # }; services.caddy.virtualHosts."git.lyte.dev" = { extraConfig = '' - reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT} + reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT} ''; }; services.caddy.virtualHosts."http://git.beefcake.lan" = { extraConfig = '' - reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT} + reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT} ''; }; } From f655e43ec728b764b0222ec84a2b615454d24d78 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 11:21:31 -0500 Subject: [PATCH 03/20] Runner --- nixos/beefcake.nix | 31 ++++++++++++++++++++----------- secrets/beefcake/secrets.yml | 6 ++++-- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 267f159..5d8cd0f 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -111,14 +111,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 owner = config.systemd.services.plausible.serviceConfig.User; group = config.systemd.services.plausible.serviceConfig.Group; }; - nextcloud-admin-password = { - path = "/var/lib/nextcloud/admin-password"; - mode = "0440"; - # owner = config.services.nextcloud.serviceConfig.User; - # group = config.services.nextcloud.serviceConfig.Group; - }; + nextcloud-admin-password.path = "/var/lib/nextcloud/admin-password"; + "forgejo-runner.env" = {mode = "0400";}; }; }; + systemd.services.gitea-runner-beefcake.serviceConfig.after = ["sops-nix.service"]; } { # nix binary cache @@ -745,11 +742,23 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 type = "sqlite3"; }; }; - # services.forgejo-actions-runner.instances.main = { - # # TODO: simple git-based automation would be dope? maybe especially for - # # mirroring to github super easy? - # enable = false; - # }; + services.gitea-actions-runner = { + # TODO: simple git-based automation would be dope? maybe especially for + # mirroring to github super easy? + # enable = true; + package = pkgs.forgejo-runner; + instances."beefcake" = { + enable = true; + name = "beefcake"; + url = "https://git.lyte.dev"; + labels = [ + # type ":host" does not depend on docker/podman/lxc + "native:host" + "podman" + ]; + tokenFile = config.sops.secrets."forgejo-runner.env".path; + }; + }; services.caddy.virtualHosts."git.lyte.dev" = { extraConfig = '' reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT} diff --git a/secrets/beefcake/secrets.yml b/secrets/beefcake/secrets.yml index 74273da..c65946a 100644 --- a/secrets/beefcake/secrets.yml +++ b/secrets/beefcake/secrets.yml @@ -12,6 +12,8 @@ plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str] plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str] nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str] +#ENC[AES256_GCM,data:f5xW/hXVcnVP10SOoNMu1Hi7JNbssHnd/79EoMZmt0IrFK+F3ajO+LBqApEJD+L+kQBZmGn3zuo=,iv:1ISDxi5wlfYvd6J3o6LRlCl9w/uwyU40Ge2Uj/qDHcQ=,tag:jK4aEIGzLZ4d9JdFmiUd1w==,type:comment] +forgejo-runner.env: ENC[AES256_GCM,data:yYLdrYJaDR4FMODLaWnzptaDCV5Nbu1PdcxVl302WbF5/9Ly5sEytTY+g5VcwH8=,iv:Lz9LiF3/fcNYNLhvczFufRnHMPQ9A2ycZRQs//ZB34Q=,tag:w48rGAtYsbZv0qy1S//GIA==,type:str] jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str] dawncraft.env: ENC[AES256_GCM,data:8n1ymQZpMeVwTyoHhccV+W5diMLcsZw5zZQy4Z4eaMcLFk8ey3SeXkCf9+GnqpIU5xIZfCP1ZqeSxR03kJx3TPbQeBLZeN/QAYBxHOg/tjXIE6jdIGv0INkVLkExKPlvGN8F+ijwYkwgfqlhKPBf+Q==,iv:EMGlqUxcfvxqn1G1NohrAtJP/fLdolP++zcvaxIvVR4=,tag:1+ueIDCJTxmM586Z7i0aUA==,type:str] api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str] @@ -39,8 +41,8 @@ sops: b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-07T04:00:34Z" - mac: ENC[AES256_GCM,data:e7v7J2QM6p4ljrdEX6uM7PHWb0/DKt1aWIro+YkQct1ym772WKtWFzzm+mV2wqBLLXCAKy7MJ7Y89iTysFO3pdGX1zdw3wMbNfmTCCXCKAUcIih4O0hLHqrfwcoVOuQ0SALESshDmUew/Gqu6NSrL6Wo+jNo7LEAHZ7kFtkP8rQ=,iv:0fmHOKlBzIhKQ4G6DDwlIW2WpLjIS/OAWLexND+/HAQ=,tag:FSqO8/14JwhobpIKaHk77w==,type:str] + lastmodified: "2024-07-24T16:17:32Z" + mac: ENC[AES256_GCM,data:eYtkbwkzLvQ5OYNBEIgWYCjK1CbVd6khyS1MZ9NzY7XAVHEvxqpPI5HPAWMJfk07FuY70X6DV0TNvQEkR7fB4tmawu+Hn3Rc6C/HILSm+zvjWW1t3smIOzvU8l1lPN/Jl/kQZVg1NdVGExCtRf9BuOkaACPPbDCM8uExXsCwstA=,iv:8TnpUBX3HWOzZogpdvsZ2m4b04HJt2nzd0VLrZw9K2w=,tag:pQUBD26+++W25z5pDVkrxw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 From bea284a645342142a52d86b22e0cefbfb37c292d Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 11:23:27 -0500 Subject: [PATCH 04/20] Run flake check in actions --- .forgejo/workflows/nix.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .forgejo/workflows/nix.yaml diff --git a/.forgejo/workflows/nix.yaml b/.forgejo/workflows/nix.yaml new file mode 100644 index 0000000..a8b3069 --- /dev/null +++ b/.forgejo/workflows/nix.yaml @@ -0,0 +1,7 @@ +on: [push] +jobs: + test: + runs-on: podman + steps: + - run: nix flake check + From b34ec46b56db5dc605af0e516861b1eaea6932d6 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 11:25:15 -0500 Subject: [PATCH 05/20] Add nix label --- nixos/beefcake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 5d8cd0f..3d93cad 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -754,6 +754,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 labels = [ # type ":host" does not depend on docker/podman/lxc "native:host" + "native:nix" "podman" ]; tokenFile = config.sops.secrets."forgejo-runner.env".path; From 53ae7cd68d27571cd21287e20eb5757a83a7a95e Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 11:31:05 -0500 Subject: [PATCH 06/20] No native label for now? Would want some kind of authz I think --- nixos/beefcake.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 3d93cad..b204c93 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -753,8 +753,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 url = "https://git.lyte.dev"; labels = [ # type ":host" does not depend on docker/podman/lxc - "native:host" - "native:nix" "podman" ]; tokenFile = config.sops.secrets."forgejo-runner.env".path; From c1c0a2cf26fbb885f674858b94927ba2eb35cdfd Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 11:35:18 -0500 Subject: [PATCH 07/20] Scope runner to just my forgejo user --- secrets/beefcake/secrets.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/secrets/beefcake/secrets.yml b/secrets/beefcake/secrets.yml index c65946a..411e745 100644 --- a/secrets/beefcake/secrets.yml +++ b/secrets/beefcake/secrets.yml @@ -12,8 +12,8 @@ plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str] plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str] nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str] -#ENC[AES256_GCM,data:f5xW/hXVcnVP10SOoNMu1Hi7JNbssHnd/79EoMZmt0IrFK+F3ajO+LBqApEJD+L+kQBZmGn3zuo=,iv:1ISDxi5wlfYvd6J3o6LRlCl9w/uwyU40Ge2Uj/qDHcQ=,tag:jK4aEIGzLZ4d9JdFmiUd1w==,type:comment] -forgejo-runner.env: ENC[AES256_GCM,data:yYLdrYJaDR4FMODLaWnzptaDCV5Nbu1PdcxVl302WbF5/9Ly5sEytTY+g5VcwH8=,iv:Lz9LiF3/fcNYNLhvczFufRnHMPQ9A2ycZRQs//ZB34Q=,tag:w48rGAtYsbZv0qy1S//GIA==,type:str] +#ENC[AES256_GCM,data:IDauOj95sPt6LQkNWOaAV3AR7XPHJljX7Gef/IgtzC227ln7aKpVLCbhxD6pNTwd9/KhIXJp3vagCjfgkO/utA==,iv:Pn5jIPsFMBA2xnp3SUBgBug1NN8d3h3zy1pGVzO2hO0=,tag:NzhLA7nqE7SRRMV+rKgCjQ==,type:comment] +forgejo-runner.env: ENC[AES256_GCM,data:10wKRImXKS7ezcWnkwz7ak194snQ4wG8GBePeHXN1I23JfOvuD00427fOJ4jbCY=,iv:8jrmcXa2yqFTSf4fFnZXCuyGft90RzUO3S4rZGXaTDI=,tag:EGDqTK8GKBGfogkqkCODxg==,type:str] jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str] dawncraft.env: ENC[AES256_GCM,data:8n1ymQZpMeVwTyoHhccV+W5diMLcsZw5zZQy4Z4eaMcLFk8ey3SeXkCf9+GnqpIU5xIZfCP1ZqeSxR03kJx3TPbQeBLZeN/QAYBxHOg/tjXIE6jdIGv0INkVLkExKPlvGN8F+ijwYkwgfqlhKPBf+Q==,iv:EMGlqUxcfvxqn1G1NohrAtJP/fLdolP++zcvaxIvVR4=,tag:1+ueIDCJTxmM586Z7i0aUA==,type:str] api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str] @@ -41,8 +41,8 @@ sops: b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-24T16:17:32Z" - mac: ENC[AES256_GCM,data:eYtkbwkzLvQ5OYNBEIgWYCjK1CbVd6khyS1MZ9NzY7XAVHEvxqpPI5HPAWMJfk07FuY70X6DV0TNvQEkR7fB4tmawu+Hn3Rc6C/HILSm+zvjWW1t3smIOzvU8l1lPN/Jl/kQZVg1NdVGExCtRf9BuOkaACPPbDCM8uExXsCwstA=,iv:8TnpUBX3HWOzZogpdvsZ2m4b04HJt2nzd0VLrZw9K2w=,tag:pQUBD26+++W25z5pDVkrxw==,type:str] + lastmodified: "2024-07-24T16:34:28Z" + mac: ENC[AES256_GCM,data:/zOixu65MHMRj5hermm6mmkpS5q97yEwALP+LwC6j9NIXxL2nIFB+jqQtiyMwlErB1Vf5cZvH3PA1sOqHnPOsv5p58S5Ww7eIHb4ElPXufGLqhA6sTiz1RrlWwUqtDtR42V3kql6Hro57PXV+NZ6NEnvzHKct9S30OCOWWtGwTs=,iv:JTF5u4rva9PgLAG2ysTz+pA4wTRq5WJR7xJZNGbciUA=,tag:0X0NlvxBoaELANxp/vwnnw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 From 5273a5e9ff2f9bca4c9893f3042343cbc7f130e7 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 11:45:07 -0500 Subject: [PATCH 08/20] Maybe --- .forgejo/workflows/nix.yaml | 2 +- nixos/beefcake.nix | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/nix.yaml b/.forgejo/workflows/nix.yaml index a8b3069..baf96cd 100644 --- a/.forgejo/workflows/nix.yaml +++ b/.forgejo/workflows/nix.yaml @@ -1,7 +1,7 @@ on: [push] jobs: test: - runs-on: podman + runs-on: nix steps: - run: nix flake check diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index b204c93..b8011b4 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -754,8 +754,19 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 labels = [ # type ":host" does not depend on docker/podman/lxc "podman" + "nix:docker://nixos/nix:2.23.3" ]; tokenFile = config.sops.secrets."forgejo-runner.env".path; + hostPackages = with pkgs; [ + sh + bash + coreutils + curl + gawk + gitMinimal + gnused + wget + ]; }; }; services.caddy.virtualHosts."git.lyte.dev" = { From c56659cc5664c179e756df51196d8472f564becb Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 12:14:01 -0500 Subject: [PATCH 09/20] Use homemade nix image --- .forgejo/workflows/nix.yaml | 1 - flake.nix | 55 ++++++++++++++++++++++++++++++++++++- nixos/beefcake.nix | 6 ++-- 3 files changed, 57 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/nix.yaml b/.forgejo/workflows/nix.yaml index baf96cd..aa41e6f 100644 --- a/.forgejo/workflows/nix.yaml +++ b/.forgejo/workflows/nix.yaml @@ -4,4 +4,3 @@ jobs: runs-on: nix steps: - run: nix flake check - diff --git a/flake.nix b/flake.nix index 7e664b6..6d794a0 100644 --- a/flake.nix +++ b/flake.nix @@ -88,7 +88,7 @@ # kind of a quirk, but package definitions are actually in the "additions" # overlay I did this to work around some recursion problems # TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880 - packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset;}); + packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;}); diskoConfigurations = import ./disko; templates = import ./templates; formatter = genPkgs (p: p.alejandra); @@ -134,6 +134,59 @@ iosevkaLyteTermSubset = prev.callPackage ./packages/iosevkaLyteTermSubset.nix { inherit iosevkaLyteTerm; }; + nix-base-container-image = final.dockerTools.buildImageWithNixDb { + name = "git.lyte.dev/lytedev/nix"; + tag = "latest"; + + copyToRoot = with final; [ + bash + coreutils + curl + gawk + gitFull + git-lfs + gnused + nodejs + wget + sudo + nixFlakes + cacert + gnutar + gzip + openssh + xz + (pkgs.writeTextFile { + name = "nix.conf"; + destination = "/etc/nix/nix.conf"; + text = '' + accept-flake-config = true + experimental-features = nix-command flakes + ''; + }) + ]; + + extraCommands = '' + # enable /usr/bin/env for scripts + # mkdir -p usr + # ln -s ../bin usr/bin + + # create HOME + # mkdir -vp root + ''; + config = { + Cmd = ["/bin/bash"]; + Env = [ + "LANG=en_GB.UTF-8" + "ENV=/etc/profile.d/nix.sh" + "BASH_ENV=/etc/profile.d/nix.sh" + "NIX_BUILD_SHELL=/bin/bash" + "PAGER=cat" + "PATH=/usr/bin:/bin" + "SSL_CERT_FILE=${final.cacert}/etc/ssl/certs/ca-bundle.crt" + "USER=root" + ]; + }; + }; }; modifications = final: prev: { diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index b8011b4..1f45169 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -720,8 +720,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 LEVEL = "Debug"; }; ui = { - THEMES = "catppuccin-mocha-sapphire,forgejo,arc-green,auto,pitchblack"; - DEFAULT_THEME = "catppuccin-mocha-sapphire"; + THEMES = "forgejo-auto,forgejo-light,forgejo-dark,catppuccin-mocha-sapphire"; + DEFAULT_THEME = "forgejo-auto"; }; indexer = { REPO_INDEXER_ENABLED = "true"; @@ -754,7 +754,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 labels = [ # type ":host" does not depend on docker/podman/lxc "podman" - "nix:docker://nixos/nix:2.23.3" + "nix:docker://git.lyte.dev/lytedev/nix:latest" ]; tokenFile = config.sops.secrets."forgejo-runner.env".path; hostPackages = with pkgs; [ From 1bbed3bfd68e01a25500ed3cfefefcc64ff2912b Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 12:15:00 -0500 Subject: [PATCH 10/20] Script --- .forgejo/workflows/nix.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/nix.yaml b/.forgejo/workflows/nix.yaml index aa41e6f..d255ff6 100644 --- a/.forgejo/workflows/nix.yaml +++ b/.forgejo/workflows/nix.yaml @@ -3,4 +3,7 @@ jobs: test: runs-on: nix steps: - - run: nix flake check + - run: | + pwd + ls -la . + nix flake check From 93e4d760ff65a264d92a8ab0703c81017ef24c60 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 12:34:31 -0500 Subject: [PATCH 11/20] Tweaking action runner nix base image --- flake.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 6d794a0..916d1b5 100644 --- a/flake.nix +++ b/flake.nix @@ -161,17 +161,23 @@ text = '' accept-flake-config = true experimental-features = nix-command flakes + substituters = https://nix.h.lyte.dev https://cache.nixos.org/ + trusted-substituters = https://nix.h.lyte.dev https://cache.nixos.org/ + trusted-public-keys = h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ''; }) ]; extraCommands = '' # enable /usr/bin/env for scripts - # mkdir -p usr - # ln -s ../bin usr/bin + mkdir -p usr + ln -s ../bin usr/bin + + # create /tmp + mkdir -p tmp # create HOME - # mkdir -vp root + mkdir -vp root ''; config = { Cmd = ["/bin/bash"]; From d87fe696e37d5d082a5cb7550524bd4ea87bdecf Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 12:35:59 -0500 Subject: [PATCH 12/20] Checkout --- .forgejo/workflows/nix.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/nix.yaml b/.forgejo/workflows/nix.yaml index d255ff6..0a628a6 100644 --- a/.forgejo/workflows/nix.yaml +++ b/.forgejo/workflows/nix.yaml @@ -3,7 +3,10 @@ jobs: test: runs-on: nix steps: - - run: | + - name: Checkout + uses: actions/checkout@v3 + - name: Check + run: | pwd ls -la . nix flake check From 1b755432ccd4017d0fd5c33d59eadf2275705f83 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 13:05:09 -0500 Subject: [PATCH 13/20] Socks --- modules/nixos/default.nix | 2 ++ nixos/beefcake.nix | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 7282955..f3e703e 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -618,7 +618,9 @@ podman = { enable = true; dockerCompat = true; + dockerSocket.enable = true; defaultNetwork.settings.dns_enabled = true; + # networkSocket.enable = true; }; oci-containers = { diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 1f45169..a1d9cad 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -751,6 +751,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 enable = true; name = "beefcake"; url = "https://git.lyte.dev"; + settings = { + container = { + network = "podman"; + }; + }; labels = [ # type ":host" does not depend on docker/podman/lxc "podman" @@ -1007,6 +1012,14 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 # should I be using btrfs subvolumes? can I capture file ownership, perimssions, and ACLs? virtualisation.oci-containers.backend = "podman"; + virtualisation.podman = { + # autoPrune.enable = true; + defaultNetwork.settings = { + # this lets any podman container access host services + # primarily did this so runner actions running podman containers can hit git.lyte.dev + driver = "host"; + }; + }; environment.systemPackages = with pkgs; [ linuxquota htop From 58afc27d85f874e188ac347105d09eb86970e91a Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 13:10:49 -0500 Subject: [PATCH 14/20] Comment --- nixos/beefcake.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index a1d9cad..8a33be8 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -115,7 +115,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 "forgejo-runner.env" = {mode = "0400";}; }; }; - systemd.services.gitea-runner-beefcake.serviceConfig.after = ["sops-nix.service"]; + systemd.services.gitea-runner-beefcake.after = ["sops-nix.service"]; } { # nix binary cache @@ -753,6 +753,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 url = "https://git.lyte.dev"; settings = { container = { + # use the shared network which is bridged by default + # this lets us hit git.lyte.dev just fine network = "podman"; }; }; @@ -1014,11 +1016,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 virtualisation.oci-containers.backend = "podman"; virtualisation.podman = { # autoPrune.enable = true; - defaultNetwork.settings = { - # this lets any podman container access host services - # primarily did this so runner actions running podman containers can hit git.lyte.dev - driver = "host"; - }; + # defaultNetwork.settings = { + # driver = "host"; + # }; }; environment.systemPackages = with pkgs; [ linuxquota From 436135579406db690803c4ca33da634546f022af Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 13:20:06 -0500 Subject: [PATCH 15/20] Pass checks --- flake.lock | 58 +++++++++++++++++++++++++++--------------------------- flake.nix | 19 +++++++++--------- 2 files changed, 39 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index bd9348d..09ed8a1 100644 --- a/flake.lock +++ b/flake.lock @@ -76,10 +76,33 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ - "pre-commit", + "git-hooks", "nixpkgs" ] }, @@ -332,16 +355,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1718811006, - "narHash": "sha256-0Y8IrGhRmBmT7HHXlxxepg2t8j1X90++qRN3lukGaIk=", + "lastModified": 1720386169, + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "03d771e513ce90147b65fe922d87d3a0356fc125", + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -410,39 +433,16 @@ "type": "github" } }, - "pre-commit": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1719259945, - "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "disko": "disko", + "git-hooks": "git-hooks", "hardware": "hardware", "helix": "helix", "home-manager": "home-manager", "hyprland": "hyprland", "nixpkgs": "nixpkgs_3", "nixpkgs-unstable": "nixpkgs-unstable", - "pre-commit": "pre-commit", "slippi": "slippi", "sops-nix": "sops-nix" } diff --git a/flake.nix b/flake.nix index 916d1b5..820ac34 100644 --- a/flake.nix +++ b/flake.nix @@ -10,8 +10,8 @@ sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable"; sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs"; - pre-commit.url = "github:cachix/pre-commit-hooks.nix"; - pre-commit.inputs.nixpkgs.follows = "nixpkgs"; + git-hooks.url = "github:cachix/git-hooks.nix"; + git-hooks.inputs.nixpkgs.follows = "nixpkgs"; home-manager.url = "github:nix-community/home-manager/release-24.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; @@ -51,7 +51,7 @@ nixpkgs-unstable, disko, sops-nix, - pre-commit, + git-hooks, home-manager, helix, hardware, @@ -93,29 +93,30 @@ templates = import ./templates; formatter = genPkgs (p: p.alejandra); - checks = pkg ({system}: { - pre-commit-check = pre-commit.lib.${system}.run { + checks = genPkgs ({system, ...}: { + git-hooks = git-hooks.lib.${system}.run { src = ./.; hooks = { alejandra.enable = true; }; }; - }) {}; + }); - devShells = pkg ({ + devShells = genPkgs ({ system, pkgs, mkShell, + ... }: { default = mkShell { - inherit (outputs.checks.${system}.pre-commit-check) shellHook; + inherit (outputs.checks.${system}.git-hooks) shellHook; buildInputs = with pkgs; [ lua-language-server nodePackages.bash-language-server ]; }; - }) {}; + }); overlays = { # the default overlay composes all the other overlays together From fdcead0d7b6e915f3f0f9341d7b21480a85ede38 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 13:23:51 -0500 Subject: [PATCH 16/20] Try with caching? --- .forgejo/workflows/nix.yaml | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/.forgejo/workflows/nix.yaml b/.forgejo/workflows/nix.yaml index 0a628a6..39ddca3 100644 --- a/.forgejo/workflows/nix.yaml +++ b/.forgejo/workflows/nix.yaml @@ -1,12 +1,24 @@ on: [push] jobs: - test: + check: runs-on: nix steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Check - run: | - pwd - ls -la . - nix flake check + - name: Checkout + uses: actions/checkout@v3 + + - name: Restore cached nix store + id: cache-nix-store + uses: actions/cache/restore@v4 + with: + path: /nix/store + key: ${{ runner.os }}-nix-store + + - name: Check + run: | + nix flake check + + - name: Save nix store + uses: actions/cache/save@v4 + with: + path: /nix/store + key: ${{ steps.cache-nix-store.outputs.cache-primary-key }} From 14cd9f800669e1905344a67a704ecd80eceb9a8a Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 13:31:28 -0500 Subject: [PATCH 17/20] Tweaks --- .forgejo/workflows/nix.yaml | 6 +++--- flake.nix | 1 + nixos/beefcake.nix | 1 + 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/nix.yaml b/.forgejo/workflows/nix.yaml index 39ddca3..bd37ba3 100644 --- a/.forgejo/workflows/nix.yaml +++ b/.forgejo/workflows/nix.yaml @@ -1,19 +1,19 @@ on: [push] jobs: check: - runs-on: nix + runs-on: beefcake steps: - name: Checkout uses: actions/checkout@v3 - - name: Restore cached nix store + - name: Load cached nix store id: cache-nix-store uses: actions/cache/restore@v4 with: path: /nix/store key: ${{ runner.os }}-nix-store - - name: Check + - name: Check nix flake run: | nix flake check diff --git a/flake.nix b/flake.nix index 820ac34..8b02b4a 100644 --- a/flake.nix +++ b/flake.nix @@ -162,6 +162,7 @@ text = '' accept-flake-config = true experimental-features = nix-command flakes + build-users-group = substituters = https://nix.h.lyte.dev https://cache.nixos.org/ trusted-substituters = https://nix.h.lyte.dev https://cache.nixos.org/ trusted-public-keys = h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 8a33be8..33037a6 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -762,6 +762,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 # type ":host" does not depend on docker/podman/lxc "podman" "nix:docker://git.lyte.dev/lytedev/nix:latest" + "beefcake:host" ]; tokenFile = config.sops.secrets."forgejo-runner.env".path; hostPackages = with pkgs; [ From 69688a053ede2290334ddff7af1a643fde31255d Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 13:35:14 -0500 Subject: [PATCH 18/20] Add node to beefcake since it is needed to run forgejo actions on the host --- .forgejo/workflows/nix.yaml | 23 ++++++++++++----------- nixos/beefcake.nix | 2 +- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.forgejo/workflows/nix.yaml b/.forgejo/workflows/nix.yaml index bd37ba3..204f9b8 100644 --- a/.forgejo/workflows/nix.yaml +++ b/.forgejo/workflows/nix.yaml @@ -6,19 +6,20 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Load cached nix store - id: cache-nix-store - uses: actions/cache/restore@v4 - with: - path: /nix/store - key: ${{ runner.os }}-nix-store + # cache not needed since we now run on the host directly + # - name: Load cached nix store + # id: cache-nix-store + # uses: actions/cache/restore@v4 + # with: + # path: /nix/store + # key: ${{ runner.os }}-nix-store - name: Check nix flake run: | nix flake check - - name: Save nix store - uses: actions/cache/save@v4 - with: - path: /nix/store - key: ${{ steps.cache-nix-store.outputs.cache-primary-key }} + # - name: Save nix store + # uses: actions/cache/save@v4 + # with: + # path: /nix/store + # key: ${{ steps.cache-nix-store.outputs.cache-primary-key }} diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 33037a6..3a8339d 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -766,7 +766,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 ]; tokenFile = config.sops.secrets."forgejo-runner.env".path; hostPackages = with pkgs; [ - sh bash coreutils curl @@ -777,6 +776,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 ]; }; }; + environment.systemPackages = with pkgs; [nodejs]; services.caddy.virtualHosts."git.lyte.dev" = { extraConfig = '' reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT} From 11948b8e2edfd8234818bb06cb79c276da834867 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 13:36:36 -0500 Subject: [PATCH 19/20] Set in hostPackages config for action runner --- nixos/beefcake.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 3a8339d..66cecf1 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -772,11 +772,12 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 gawk gitMinimal gnused + nodejs wget ]; }; }; - environment.systemPackages = with pkgs; [nodejs]; + # environment.systemPackages = with pkgs; [nodejs]; services.caddy.virtualHosts."git.lyte.dev" = { extraConfig = '' reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT} From 53df50c8d6688da732af0f2072845f0cc86f1ee3 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 24 Jul 2024 13:37:04 -0500 Subject: [PATCH 20/20] Add nix to action runner hostpackages --- nixos/beefcake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 66cecf1..0aedb8f 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -766,6 +766,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 ]; tokenFile = config.sops.secrets."forgejo-runner.env".path; hostPackages = with pkgs; [ + nix bash coreutils curl