fix: resolve conflicts and set version for CI workflow, add close_surface keybind to ghostty

.forgejo/workflows/nix-build.yaml

@@ -1,41 +0,0 @@
-on: [push]
-jobs:
-  check:
-    runs-on: nixos-host
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v3
-        
-    # cache not needed since we now run on the host directly
-    # - name: Load cached nix store
-    #   id: cache-nix-store
-    #   uses: actions/cache/restore@v4
-    #   with:
-    #     path: /nix/store
-    #     key: ${{ runner.os }}-nix-store
-
-    - name: Build server
-      run: |
-        nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#beefcake --accept-flake-config
-
-    - name: Build router
-      run: |
-        nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#router --accept-flake-config
-
-    - name: Build desktop
-      run: |
-        nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#dragon --accept-flake-config
-
-    - name: Build laptop
-      run: |
-        nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#foxtrot --accept-flake-config
-
-    - name: Build default devShell
-      run: |
-        nix develop . --build 
-
-    # - name: Save nix store
-    #   uses: actions/cache/save@v4
-    #   with:
-    #     path: /nix/store
-    #     key: ${{ steps.cache-nix-store.outputs.cache-primary-key }}

.forgejo/workflows/nix-flake-check.yaml

@@ -1,25 +0,0 @@
-on: [push]
-jobs:
-  check:
-    runs-on: nixos-host
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v3
-        
-    # cache not needed since we now run on the host directly
-    # - name: Load cached nix store
-    #   id: cache-nix-store
-    #   uses: actions/cache/restore@v4
-    #   with:
-    #     path: /nix/store
-    #     key: ${{ runner.os }}-nix-store
-
-    - name: Check nix flake
-      run: |
-        nix flake check
-
-    # - name: Save nix store
-    #   uses: actions/cache/save@v4
-    #   with:
-    #     path: /nix/store
-    #     key: ${{ steps.cache-nix-store.outputs.cache-primary-key }}

.forgejo/workflows/pre-merge.yaml

@@ -0,0 +1,33 @@
+on: [push]
+jobs:
+  build-host:
+    runs-on: nixos-host
+    strategy:
+      matrix:
+        info:
+          - host: beefcake
+          - host: router
+          - host: dragon
+          - host: foxtrot
+          - host: flipflop
+    steps:
+    - uses: actions/checkout@v4
+    - name: Build host
+      run: |
+        nix shell nixpkgs#nixos-rebuild -c nixos-rebuild build --flake .#${{ matrix.info.host }} --accept-flake-config
+
+  build-devshell:
+    runs-on: nixos-host
+    steps:
+    - uses: actions/checkout@v4
+    - name: Build default devShell
+      run: |
+        nix develop . --build --accept-flake-config
+
+  flake-check:
+    runs-on: nixos-host
+    steps:
+    - uses: actions/checkout@v4
+    - name: Check nix flake
+      run: |
+        nix flake check --accept-flake-config

lib/modules/home/ghostty/config

@@ -995,6 +995,7 @@ keybind = ctrl+shift+minus=decrease_font_size:0.5
 keybind = ctrl+shift+plus=increase_font_size:0.5
 keybind = ctrl+shift+zero=reset_font_size
 keybind = alt+enter=toggle_fullscreen
+keybind = ctrl+shift+w=close_surface
 keybind = ctrl+shift+z=toggle_split_zoom
 keybind = performable:ctrl+shift+o=write_screen_file:paste
 keybind = performable:ctrl+alt+shift+o=write_screen_file:open

lib/modules/nixos/podman.nix

@@ -5,7 +5,11 @@
   ...
 }:
 {
-  config = lib.mkIf config.virtualisation.podman.enable {
+  options = {
+    podman.enable = lib.mkEnableOption "Enable podman and associated general NixOS defaults";
+  };
+
+  config = lib.mkIf config.podman.enable {
     environment = {
       systemPackages = with pkgs; [
         podman-tui
@@ -15,7 +19,7 @@
 
     virtualisation = {
       podman = {
-        # enable = true;
+        enable = true;
         dockerCompat = true;
         dockerSocket.enable = true;
         defaultNetwork.settings.dns_enabled = true;

packages/forgejo-actions-container.nix

@@ -1,23 +1,40 @@
 {
+  git,
+  findutils,
+  coreutils,
   nodejs_23,
   nix,
+  gnugrep,
+  gawk,
+  bash,
+  jq,
   dockerTools,
+  cacert,
 }:
 let
   pname = "forgejo-actions-container";
+  version = "3";
 in
 # bootstrap this into the forgejo server with
 # $ podman login ${FORGEJO_ENDPOINT:-git.lyte.dev}
 # $ podman image load -i (nix build .#forgejo-actions-container --print-out-paths)
-# $ podman image push git.lyte.dev/lytedev/nix:forgejo-actions-container-$NIX_VERSION
+# $ podman push git.lyte.dev/lytedev/nix:forgejo-actions-container-v$IMAGE_VERSION-nix-v$NIX_VERSION
 dockerTools.buildLayeredImage {
   name = "git.lyte.dev/lytedev/nix";
-  tag = "${pname}-${nix.version}";
+  tag = "${pname}-v${version}-nix-v${nix.version}";
   config = {
     Cmd = [ "/bin/nix" ];
   };
   contents = [
     nix
+    gnugrep
+    gawk
+    bash
+    jq
+    findutils
     nodejs_23
+    coreutils
+    cacert
+    git
   ];
 }

packages/hosts/beefcake.nix

@@ -108,7 +108,7 @@
     };
   };
 
-  virtualisation.podman.enable = true;
+  podman.enable = true;
 
   services.deno-netlify-ddns-client = {
     enable = true;
@@ -132,6 +132,51 @@
     lyte.shell.enable = true;
   };
 
+  /*
+    TODO: non-root processes and services that access secrets need to be part of
+    the 'keys' group
+
+    systemd.services.some-service = {
+      serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
+    };
+    or
+    users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
+
+    TODO: declarative directory quotas? for storage/$USER and /home/$USER
+  */
+
+  /*
+    # https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
+    services.lidarr = {
+      enable = true;
+      dataDir = "/storage/lidarr";
+    };
+
+    services.radarr = {
+      enable = true;
+      dataDir = "/storage/radarr";
+    };
+
+    services.sonarr = {
+      enable = true;
+      dataDir = "/storage/sonarr";
+    };
+
+    services.bazarr = {
+      enable = true;
+      listenPort = 6767;
+    };
+
+    networking.firewall.allowedTCPPorts = [9876 9877];
+    networking.firewall.allowedUDPPorts = [9876 9877];
+    networking.firewall.allowedUDPPortRanges = [
+      {
+        from = 27000;
+        to = 27100;
+      }
+    ];
+  */
+
   imports = [
     hardware.common-cpu-intel
     {
@@ -842,8 +887,9 @@
       ];
     }
     (
-      { ... }:
+      { lib, ... }:
       let
+        runnerCount = 16;
         theme = pkgs.fetchzip {
           url = "https://github.com/catppuccin/gitea/releases/download/v1.0.1/catppuccin-gitea.tar.gz";
           sha256 = "sha256-et5luA3SI7iOcEIQ3CVIu0+eiLs8C/8mOitYlWQa/uI=";
@@ -1027,64 +1073,77 @@
             mode = "0400";
           };
         };
-        systemd.services.gitea-runner-beefcake.after = [ "sops-nix.service" ];
 
-        systemd.services.forgejo = {
+        systemd.services =
-          preStart = lib.mkAfter ''
+          lib.genAttrs (builtins.genList (n: "gitea-runner-beefcake${builtins.toString n}") runnerCount)
-            rm -rf ${config.services.forgejo.stateDir}/custom/public
+            (name: {
-            mkdir -p ${config.services.forgejo.stateDir}/custom/public/
+              after = [ "sops-nix.service" ];
-            mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/
+            })
-            mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/img/
+          // {
-            mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/css/
+            forgejo = {
-            mkdir -p ${config.services.forgejo.stateDir}/custom/templates/custom/
+              preStart = lib.mkAfter ''
-            ln -sf ${logos.png} ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.png
+                rm -rf ${config.services.forgejo.stateDir}/custom/public
-            ln -sf ${logos.svg} ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.svg
+                mkdir -p ${config.services.forgejo.stateDir}/custom/public/
-            ln -sf ${logos.png} ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.png
+                mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/
-            ln -sf ${logos.svg-with-background} ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.svg
+                mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/img/
-            ln -sf ${theme}/theme-catppuccin-mocha-sapphire.css ${config.services.forgejo.stateDir}/custom/public/assets/css/
+                mkdir -p ${config.services.forgejo.stateDir}/custom/public/assets/css/
-            ln -sf ${forgejoCustomCss} ${config.services.forgejo.stateDir}/custom/public/assets/css/iosevkalyte.css
+                mkdir -p ${config.services.forgejo.stateDir}/custom/templates/custom/
-            ln -sf ${forgejoCustomHeaderTmpl} ${config.services.forgejo.stateDir}/custom/templates/custom/header.tmpl
+                ln -sf ${logos.png} ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.png
-            ln -sf ${forgejoCustomHomeTmpl} ${config.services.forgejo.stateDir}/custom/templates/home.tmpl
+                ln -sf ${logos.svg} ${config.services.forgejo.stateDir}/custom/public/assets/img/logo.svg
-          '';
+                ln -sf ${logos.png} ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.png
-        };
+                ln -sf ${logos.svg-with-background} ${config.services.forgejo.stateDir}/custom/public/assets/img/favicon.svg
+                ln -sf ${theme}/theme-catppuccin-mocha-sapphire.css ${config.services.forgejo.stateDir}/custom/public/assets/css/
+                ln -sf ${forgejoCustomCss} ${config.services.forgejo.stateDir}/custom/public/assets/css/iosevkalyte.css
+                ln -sf ${forgejoCustomHeaderTmpl} ${config.services.forgejo.stateDir}/custom/templates/custom/header.tmpl
+                ln -sf ${forgejoCustomHomeTmpl} ${config.services.forgejo.stateDir}/custom/templates/home.tmpl
+              '';
+            };
+          };
+
+        # gitea-runner-beefcake.after = [ "sops-nix.service" ];
 
         services.gitea-actions-runner = {
           # TODO: simple git-based automation would be dope? maybe especially for
           # mirroring to github super easy?
           package = pkgs.forgejo-runner;
-          instances."beefcake" = {
+
-            enable = true;
+          instances =
-            name = "beefcake";
+            lib.genAttrs (builtins.genList (n: "beefcake${builtins.toString n}") runnerCount)
-            url = "https://git.lyte.dev";
+              (name: {
-            settings = {
+                enable = true;
-              container = {
+                name = "beefcake";
-                # use the shared network which is bridged by default
+                url = "https://git.lyte.dev"; # TODO: get from nix config?
-                # this lets us hit git.lyte.dev just fine
+                settings = {
-                network = "podman";
+                  container = {
-              };
+                    # use the shared network which is bridged by default
-            };
+                    # this lets us hit git.lyte.dev just fine
-            labels = [
+                    # network = "podman";
-              # type ":host" does not depend on docker/podman/lxc
+                    network = "host";
-              "podman"
+                  };
-              "nix-2.24.12:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-2.24.12"
+                };
-              "nix-latest:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-latest"
+                labels = [
-              # "beefcake:host"
+                  # type ":host" does not depend on docker/podman/lxc
-              # "nixos-host:host"
+                  # "beefcake:host"
-            ];
+                  "beefcake:host"
-            tokenFile = config.sops.secrets."forgejo-runner.env".path;
+                  "nixos-host:host"
-            hostPackages = with pkgs; [
+                  # "podman"
-              nix
+                  # "nix-2.24.12:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-v3-nix-v2.24.12"
-              bash
+                  # "nix-latest:docker://git.lyte.dev/lytedev/nix:forgejo-actions-container-latest"
-              coreutils
+                ];
-              curl
+                tokenFile = config.sops.secrets."forgejo-runner.env".path;
-              gawk
+                hostPackages = with pkgs; [
-              gitMinimal
+                  nix
-              gnused
+                  bash
-              nodejs
+                  coreutils
-              gnutar # needed for cache action
+                  curl
-              wget
+                  gawk
-            ];
+                  gitMinimal
-          };
+                  gnused
+                  nodejs
+                  gnutar # needed for cache action
+                  wget
+                ];
+              });
         };
         # environment.systemPackages = with pkgs; [nodejs];
         services.caddy.virtualHosts."git.lyte.dev" = {
@@ -2164,49 +2223,4 @@
       }
     )
   ];
-
-  /*
-    TODO: non-root processes and services that access secrets need to be part of
-    the 'keys' group
-
-    systemd.services.some-service = {
-      serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
-    };
-    or
-    users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
-
-    TODO: declarative directory quotas? for storage/$USER and /home/$USER
-  */
-
-  /*
-    # https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
-    services.lidarr = {
-      enable = true;
-      dataDir = "/storage/lidarr";
-    };
-
-    services.radarr = {
-      enable = true;
-      dataDir = "/storage/radarr";
-    };
-
-    services.sonarr = {
-      enable = true;
-      dataDir = "/storage/sonarr";
-    };
-
-    services.bazarr = {
-      enable = true;
-      listenPort = 6767;
-    };
-
-    networking.firewall.allowedTCPPorts = [9876 9877];
-    networking.firewall.allowedUDPPorts = [9876 9877];
-    networking.firewall.allowedUDPPortRanges = [
-      {
-        from = 27000;
-        to = 27100;
-      }
-    ];
-  */
 }

packages/hosts/dragon.nix

@@ -50,7 +50,7 @@
   services.postgresql.enable = true;
   programs.steam.enable = true;
   lyte.desktop.enable = true;
-  virtualisation.podman.enable = true;
+  podman.enable = true;
 
   home-manager.users.daniel = {
     lyte = {

readme.md

@@ -5,8 +5,7 @@
 Nix for <code>lytedev</code>
 </h1>
 
-[![flake check status](https://git.lyte.dev/lytedev/nix/badges/workflows/nix-flake-check.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-flake-check.yaml)
+[![pre-merge status](https://git.lyte.dev/lytedev/nix/badges/workflows/pre-merge.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=pre-merge.yaml)
-[![build status](https://git.lyte.dev/lytedev/nix/badges/workflows/nix-build.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=nix-build.yaml)
 
 </div>