diff --git a/.forgejo/workflows/nix-build.yaml b/.forgejo/workflows/nix-build.yaml deleted file mode 100644 index 7925a20..0000000 --- a/.forgejo/workflows/nix-build.yaml +++ /dev/null @@ -1,41 +0,0 @@ -on: [push] -jobs: - check: - runs-on: nixos-host - steps: - - name: Checkout - uses: actions/checkout@v3 - - # cache not needed since we now run on the host directly - # - name: Load cached nix store - # id: cache-nix-store - # uses: actions/cache/restore@v4 - # with: - # path: /nix/store - # key: ${{ runner.os }}-nix-store - - - name: Build server - run: | - nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#beefcake --accept-flake-config - - - name: Build router - run: | - nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#router --accept-flake-config - - - name: Build desktop - run: | - nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#dragon --accept-flake-config - - - name: Build laptop - run: | - nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#foxtrot --accept-flake-config - - - name: Build default devShell - run: | - nix develop . --build - - # - name: Save nix store - # uses: actions/cache/save@v4 - # with: - # path: /nix/store - # key: ${{ steps.cache-nix-store.outputs.cache-primary-key }} diff --git a/.forgejo/workflows/nix-flake-check.yaml b/.forgejo/workflows/nix-flake-check.yaml deleted file mode 100644 index 021d09d..0000000 --- a/.forgejo/workflows/nix-flake-check.yaml +++ /dev/null @@ -1,25 +0,0 @@ -on: [push] -jobs: - check: - runs-on: nixos-host - steps: - - name: Checkout - uses: actions/checkout@v3 - - # cache not needed since we now run on the host directly - # - name: Load cached nix store - # id: cache-nix-store - # uses: actions/cache/restore@v4 - # with: - # path: /nix/store - # key: ${{ runner.os }}-nix-store - - - name: Check nix flake - run: | - nix flake check - - # - name: Save nix store - # uses: actions/cache/save@v4 - # with: - # path: /nix/store - # key: ${{ steps.cache-nix-store.outputs.cache-primary-key }} diff --git a/.forgejo/workflows/pre-merge.yaml b/.forgejo/workflows/pre-merge.yaml new file mode 100644 index 0000000..754df61 --- /dev/null +++ b/.forgejo/workflows/pre-merge.yaml @@ -0,0 +1,33 @@ +on: [push] +jobs: + build-host: + runs-on: nixos-host + strategy: + matrix: + info: + - host: beefcake + - host: router + - host: dragon + - host: foxtrot + - host: flipflop + steps: + - uses: actions/checkout@v4 + - name: Build host + run: | + nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#${{ matrix.info.host }} --accept-flake-config + + build-devshell: + runs-on: nixos-host + steps: + - uses: actions/checkout@v4 + - name: Build default devShell + run: | + nix develop . --build --accept-flake-config + + flake-check: + runs-on: nixos-host + steps: + - uses: actions/checkout@v4 + - name: Check nix flake + run: | + nix flake check --accept-flake-config diff --git a/lib/modules/home/ghostty/config b/lib/modules/home/ghostty/config index a43c13c..afe1926 100644 --- a/lib/modules/home/ghostty/config +++ b/lib/modules/home/ghostty/config @@ -995,6 +995,7 @@ keybind = ctrl+shift+minus=decrease_font_size:0.5 keybind = ctrl+shift+plus=increase_font_size:0.5 keybind = ctrl+shift+zero=reset_font_size keybind = alt+enter=toggle_fullscreen +keybind = ctrl+shift+w=close_surface keybind = ctrl+shift+z=toggle_split_zoom keybind = performable:ctrl+shift+o=write_screen_file:paste keybind = performable:ctrl+alt+shift+o=write_screen_file:open diff --git a/lib/modules/nixos/podman.nix b/lib/modules/nixos/podman.nix index 3780867..92105b9 100644 --- a/lib/modules/nixos/podman.nix +++ b/lib/modules/nixos/podman.nix @@ -5,7 +5,11 @@ ... }: { - config = lib.mkIf config.virtualisation.podman.enable { + options = { + podman.enable = lib.mkEnableOption "Enable podman and associated general NixOS defaults"; + }; + + config = lib.mkIf config.podman.enable { environment = { systemPackages = with pkgs; [ podman-tui @@ -15,7 +19,7 @@ virtualisation = { podman = { - # enable = true; + enable = true; dockerCompat = true; dockerSocket.enable = true; defaultNetwork.settings.dns_enabled = true; diff --git a/packages/forgejo-actions-container.nix b/packages/forgejo-actions-container.nix index d23254b..849edb8 100644 --- a/packages/forgejo-actions-container.nix +++ b/packages/forgejo-actions-container.nix @@ -1,23 +1,40 @@ { + git, + findutils, + coreutils, nodejs_23, nix, + gnugrep, + gawk, + bash, + jq, dockerTools, + cacert, }: let pname = "forgejo-actions-container"; + version = "3"; in # bootstrap this into the forgejo server with # $ podman login ${FORGEJO_ENDPOINT:-git.lyte.dev} # $ podman image load -i (nix build .#forgejo-actions-container --print-out-paths) -# $ podman image push git.lyte.dev/lytedev/nix:forgejo-actions-container-$NIX_VERSION +# $ podman push git.lyte.dev/lytedev/nix:forgejo-actions-container-v$IMAGE_VERSION-nix-v$NIX_VERSION dockerTools.buildLayeredImage { name = "git.lyte.dev/lytedev/nix"; - tag = "${pname}-${nix.version}"; + tag = "${pname}-v${version}-nix-v${nix.version}"; config = { Cmd = [ "/bin/nix" ]; }; contents = [ nix + gnugrep + gawk + bash + jq + findutils nodejs_23 + coreutils + cacert + git ]; } diff --git a/packages/hosts/beefcake.nix b/packages/hosts/beefcake.nix index 8a0a5c1..c6a215f 100644 --- a/packages/hosts/beefcake.nix +++ b/packages/hosts/beefcake.nix @@ -108,7 +108,7 @@ }; }; - virtualisation.podman.enable = true; + podman.enable = true; services.deno-netlify-ddns-client = { enable = true; @@ -132,6 +132,51 @@ lyte.shell.enable = true; }; + /* + TODO: non-root processes and services that access secrets need to be part of + the 'keys' group + + systemd.services.some-service = { + serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ]; + }; + or + users.users.example-user.extraGroups = [ config.users.groups.keys.name ]; + + TODO: declarative directory quotas? for storage/$USER and /home/$USER + */ + + /* + # https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72 + services.lidarr = { + enable = true; + dataDir = "/storage/lidarr"; + }; + + services.radarr = { + enable = true; + dataDir = "/storage/radarr"; + }; + + services.sonarr = { + enable = true; + dataDir = "/storage/sonarr"; + }; + + services.bazarr = { + enable = true; + listenPort = 6767; + }; + + networking.firewall.allowedTCPPorts = [9876 9877]; + networking.firewall.allowedUDPPorts = [9876 9877]; + networking.firewall.allowedUDPPortRanges = [ + { + from = 27000; + to = 27100; + } + ]; + */ + imports = [ hardware.common-cpu-intel { @@ -842,8 +887,9 @@ ]; } ( - { ... }: + { lib, ... }: let + runnerCount = 16; theme = pkgs.fetchzip { url = "https://github.com/catppuccin/gitea/releases/download/v1.0.1/catppuccin-gitea.tar.gz"; sha256 = "sha256-et5luA3SI7iOcEIQ3CVIu0+eiLs8C/8mOitYlWQa/uI="; @@ -1027,64 +1073,77 @@ mode = "0400"; }; }; - systemd.services.gitea-runner-beefcake.after = [ "sops-nix.service" ]; - systemd.services.forgejo = { - preStart = lib.mkAfter '' - rm -rf ${config.services.forgejo.stateDir}/custom/public - mkdir -p ${config.services.forgejo.stateDir}/custom/public/ - mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/ - mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/img/ - mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/css/ - mkdir -p ${config.services.forgejo.stateDir}/custom/templates/custom/ - ln -sf ${logos.png} ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.png - ln -sf ${logos.svg} ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.svg - ln -sf ${logos.png} ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.png - ln -sf ${logos.svg-with-background} ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.svg - ln -sf ${theme}/theme-catppuccin-mocha-sapphire.css ${config.services.forgejo.stateDir}/custom/public/assets/css/ - ln -sf ${forgejoCustomCss} ${config.services.forgejo.stateDir}/custom/public/assets/css/iosevkalyte.css - ln -sf ${forgejoCustomHeaderTmpl} ${config.services.forgejo.stateDir}/custom/templates/custom/header.tmpl - ln -sf ${forgejoCustomHomeTmpl} ${config.services.forgejo.stateDir}/custom/templates/home.tmpl - ''; - }; + systemd.services = + lib.genAttrs (builtins.genList (n: "gitea-runner-beefcake${builtins.toString n}") runnerCount) + (name: { + after = [ "sops-nix.service" ]; + }) + // { + forgejo = { + preStart = lib.mkAfter '' + rm -rf ${config.services.forgejo.stateDir}/custom/public + mkdir -p ${config.services.forgejo.stateDir}/custom/public/ + mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/ + mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/img/ + mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/css/ + mkdir -p ${config.services.forgejo.stateDir}/custom/templates/custom/ + ln -sf ${logos.png} ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.png + ln -sf ${logos.svg} ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.svg + ln -sf ${logos.png} ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.png + ln -sf ${logos.svg-with-background} ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.svg + ln -sf ${theme}/theme-catppuccin-mocha-sapphire.css ${config.services.forgejo.stateDir}/custom/public/assets/css/ + ln -sf ${forgejoCustomCss} ${config.services.forgejo.stateDir}/custom/public/assets/css/iosevkalyte.css + ln -sf ${forgejoCustomHeaderTmpl} ${config.services.forgejo.stateDir}/custom/templates/custom/header.tmpl + ln -sf ${forgejoCustomHomeTmpl} ${config.services.forgejo.stateDir}/custom/templates/home.tmpl + ''; + }; + }; + + # gitea-runner-beefcake.after = [ "sops-nix.service" ]; services.gitea-actions-runner = { # TODO: simple git-based automation would be dope? maybe especially for # mirroring to github super easy? package = pkgs.forgejo-runner; - instances."beefcake" = { - enable = true; - name = "beefcake"; - url = "https://git.lyte.dev"; - settings = { - container = { - # use the shared network which is bridged by default - # this lets us hit git.lyte.dev just fine - network = "podman"; - }; - }; - labels = [ - # type ":host" does not depend on docker/podman/lxc - "podman" - "nix-2.24.12:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-2.24.12" - "nix-latest:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-latest" - # "beefcake:host" - # "nixos-host:host" - ]; - tokenFile = config.sops.secrets."forgejo-runner.env".path; - hostPackages = with pkgs; [ - nix - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - gnutar # needed for cache action - wget - ]; - }; + + instances = + lib.genAttrs (builtins.genList (n: "beefcake${builtins.toString n}") runnerCount) + (name: { + enable = true; + name = "beefcake"; + url = "https://git.lyte.dev"; # TODO: get from nix config? + settings = { + container = { + # use the shared network which is bridged by default + # this lets us hit git.lyte.dev just fine + # network = "podman"; + network = "host"; + }; + }; + labels = [ + # type ":host" does not depend on docker/podman/lxc + # "beefcake:host" + "beefcake:host" + "nixos-host:host" + # "podman" + # "nix-2.24.12:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-v3-nix-v2.24.12" + # "nix-latest:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-latest" + ]; + tokenFile = config.sops.secrets."forgejo-runner.env".path; + hostPackages = with pkgs; [ + nix + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + gnutar # needed for cache action + wget + ]; + }); }; # environment.systemPackages = with pkgs; [nodejs]; services.caddy.virtualHosts."git.lyte.dev" = { @@ -2164,49 +2223,4 @@ } ) ]; - - /* - TODO: non-root processes and services that access secrets need to be part of - the 'keys' group - - systemd.services.some-service = { - serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ]; - }; - or - users.users.example-user.extraGroups = [ config.users.groups.keys.name ]; - - TODO: declarative directory quotas? for storage/$USER and /home/$USER - */ - - /* - # https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72 - services.lidarr = { - enable = true; - dataDir = "/storage/lidarr"; - }; - - services.radarr = { - enable = true; - dataDir = "/storage/radarr"; - }; - - services.sonarr = { - enable = true; - dataDir = "/storage/sonarr"; - }; - - services.bazarr = { - enable = true; - listenPort = 6767; - }; - - networking.firewall.allowedTCPPorts = [9876 9877]; - networking.firewall.allowedUDPPorts = [9876 9877]; - networking.firewall.allowedUDPPortRanges = [ - { - from = 27000; - to = 27100; - } - ]; - */ } diff --git a/packages/hosts/dragon.nix b/packages/hosts/dragon.nix index a1f66a6..f2067ae 100644 --- a/packages/hosts/dragon.nix +++ b/packages/hosts/dragon.nix @@ -50,7 +50,7 @@ services.postgresql.enable = true; programs.steam.enable = true; lyte.desktop.enable = true; - virtualisation.podman.enable = true; + podman.enable = true; home-manager.users.daniel = { lyte = { diff --git a/readme.md b/readme.md index f841335..1a741fa 100644 --- a/readme.md +++ b/readme.md @@ -5,8 +5,7 @@ Nix for lytedev -[![flake check status](https://git.lyte.dev/lytedev/nix/badges/workflows/nix-flake-check.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-flake-check.yaml) -[![build status](https://git.lyte.dev/lytedev/nix/badges/workflows/nix-build.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-build.yaml) +[![pre-merge status](https://git.lyte.dev/lytedev/nix/badges/workflows/pre-merge.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=pre-merge.yaml)