Merge
This commit is contained in:
commit
b041702dde
15 changed files with 135 additions and 59 deletions
18
.forgejo/workflows/nix.yml
Normal file
18
.forgejo/workflows/nix.yml
Normal file
|
@ -0,0 +1,18 @@
|
|||
name: Nix
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
runs-on: docker
|
||||
env:
|
||||
container:
|
||||
image: ghcr.io/catthehacker/ubuntu:js-20.04
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: https://github.com/cachix/install-nix-action@v20
|
||||
env:
|
||||
with:
|
||||
nix_path: nixpkgs=channel:nixos-unstable
|
||||
- name: Run `nix flake check`
|
||||
run: |
|
||||
sed -i '/^access-tokens/ d' /etc/nix/nix.conf
|
||||
nix run '.#' -- -V
|
72
flake.lock
72
flake.lock
|
@ -131,11 +131,11 @@
|
|||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1680733215,
|
||||
"narHash": "sha256-5HNH/Lqj8OU/piH3tvPRkINXHHkt6bRp0QYYR4xOybE=",
|
||||
"lastModified": 1686077956,
|
||||
"narHash": "sha256-zkkjqU5NZipqakDfPSve85ljyZJ8aQtfk9mPkJ+w3IE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "comma",
|
||||
"rev": "ef97634016d17cc8cdea396ebcc002320494391a",
|
||||
"rev": "59a88b9b86bc35ee6c5ec02fab6819ad68bdaa3f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -536,11 +536,11 @@
|
|||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||
"lastModified": 1685518550,
|
||||
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -695,11 +695,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685573051,
|
||||
"narHash": "sha256-zrpbdQVJFpNVFK3SlA6mE0le8qnKjUjcuY4OzL+wSHw=",
|
||||
"lastModified": 1686168915,
|
||||
"narHash": "sha256-zV5lh3PGKcI8W7+5bXSRsCetfsi6x10Xvojpk5HAQHU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "3876cc613ac3983078964ffb5a0c01d00028139e",
|
||||
"rev": "cc6745b35fefe48624ebf573382e1e0e4a6fe85e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -721,11 +721,11 @@
|
|||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685709197,
|
||||
"narHash": "sha256-ASoXZVoXj6L9PzNDfuDrAxrqaDuH7e1qTzdzkOODu4M=",
|
||||
"lastModified": 1685953862,
|
||||
"narHash": "sha256-aROVoLllFZde9EWr3EP97fXIlOghgrdmO6TeYkZRs5g=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lanzaboote",
|
||||
"rev": "e422970c1bc3351bb7a20cf6e30e78d975280ed3",
|
||||
"rev": "45d04a45d3dfcdee5246f7c0dfed056313de2a61",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -869,11 +869,11 @@
|
|||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1681001314,
|
||||
"narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=",
|
||||
"lastModified": 1685840432,
|
||||
"narHash": "sha256-VJIbiKsY7Xy4E4WcgwUt/UiwYDmN5BAk8tngAjcWsqY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "367c0e1086a4eb4502b24d872cea2c7acdd557f4",
|
||||
"rev": "961e99baaaa57f5f7042fe7ce089a88786c839f4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -890,11 +890,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685446848,
|
||||
"narHash": "sha256-vEU1jynjDXwOJESHeJyABqbY/Y+DoihZq9iDVtYgrMg=",
|
||||
"lastModified": 1685943944,
|
||||
"narHash": "sha256-GpaQwOkvwkmSWxvWaZqbMKyyOSaBAwgdEcHCqLW/240=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "b6114e214e5b546c4cceccd33ee6b72294a76b60",
|
||||
"rev": "122dcc32cadf14c5015aa021fae8882c5058263a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1066,11 +1066,11 @@
|
|||
},
|
||||
"nixpkgs_22-11": {
|
||||
"locked": {
|
||||
"lastModified": 1685650716,
|
||||
"narHash": "sha256-sDd7QIcMbIb37nuqMrJElvuyE5eVgWuKGtIPP8IWwCc=",
|
||||
"lastModified": 1686035213,
|
||||
"narHash": "sha256-hRcXUoVWWuLqFzQ1QVQx4ewvbnst1NkCxoZhmpzrilA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "f7c1500e2eefa58f3c80dd046cba256e10440201",
|
||||
"rev": "d83945caa7624015f11b152bf5c6c4363ffe9f7c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1098,11 +1098,11 @@
|
|||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1685693126,
|
||||
"narHash": "sha256-Q+fZjmYsFYOjOB8RFRkOqQj09tJa4pVh8qaZCYmsw1o=",
|
||||
"lastModified": 1686131476,
|
||||
"narHash": "sha256-d/VZjsgW7dBwqN77EcQ4HqQifpATkT5WnCvYbovIhf0=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b49720ccd2ca03ef35e213ebd43bd57c7eb83fa7",
|
||||
"rev": "32d8e07a8ea673bc9b8c0f8106fb0b776c6ea6a8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1114,11 +1114,11 @@
|
|||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1685168767,
|
||||
"narHash": "sha256-wQgnxz0PdqbyKKpsWl/RU8T8QhJQcHfeC6lh1xRUTfk=",
|
||||
"lastModified": 1685655444,
|
||||
"narHash": "sha256-6EujQNAeaUkWvpEZZcVF8qSfQrNVWFNNGbUJxv/A5a8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e10802309bf9ae351eb27002c85cfdeb1be3b262",
|
||||
"rev": "e635192892f5abbc2289eaac3a73cdb249abaefd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1198,11 +1198,11 @@
|
|||
"pre-commit-hooks": "pre-commit-hooks"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685708456,
|
||||
"narHash": "sha256-3zKQMUJhAK19NIzWyLBn3ggEsMtgamVd7l0+PWtFYEM=",
|
||||
"lastModified": 1686210684,
|
||||
"narHash": "sha256-dlQDXx0P/MmiBOhJ733AyD0+ym7U7Pe080gIBSgFK0E=",
|
||||
"owner": "pta2002",
|
||||
"repo": "nixvim",
|
||||
"rev": "1f285df66498952c9b1315fdc591c0c3e1d3b5f1",
|
||||
"rev": "ab8377f319a2d84026244bf81b3b3f8e49c2a518",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1213,11 +1213,11 @@
|
|||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1685699083,
|
||||
"narHash": "sha256-EqgVvQLjMuXMU0yiSRoCZZnnU8ATWdd8vWzWOBAeT4M=",
|
||||
"lastModified": 1686210105,
|
||||
"narHash": "sha256-hA1NWUCfZHmZcUaLP7R8rDHp4ssZI1CbreGMol5vKqM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "7dbd5a6621059db78edd523eb1da98252d96b23d",
|
||||
"rev": "dd2b073a0d02c76e1b22d6f017675522464642fb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1282,11 +1282,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684842236,
|
||||
"narHash": "sha256-rYWsIXHvNhVQ15RQlBUv67W3YnM+Pd+DuXGMvCBq2IE=",
|
||||
"lastModified": 1685361114,
|
||||
"narHash": "sha256-4RjrlSb+OO+e1nzTExKW58o3WRwVGpXwj97iCta8aj4=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "61e567d6497bc9556f391faebe5e410e6623217f",
|
||||
"rev": "ca2fdbf3edda2a38140184da6381d49f8206eaf4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -47,7 +47,7 @@
|
|||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs_22-11, vault-secrets, colmena
|
||||
, nixos-generators, nur, ... }@inputs:
|
||||
, nixos-generators, nur, attic, ... }@inputs:
|
||||
let
|
||||
inherit (nixpkgs) lib;
|
||||
|
||||
|
@ -125,6 +125,7 @@
|
|||
devShells.${system}.default = pkgs.mkShell {
|
||||
VAULT_ADDR = "http://vault.olympus:8200/";
|
||||
buildInputs = with pkgs; [
|
||||
attic.packages.${pkgs.system}.attic
|
||||
apply-local
|
||||
colmena.packages.${system}.colmena
|
||||
cachix
|
||||
|
|
|
@ -19,7 +19,7 @@ spec:
|
|||
emptyDir: {}
|
||||
containers:
|
||||
- name: renovate
|
||||
image: renovate/renovate:35.105.5
|
||||
image: renovate/renovate:35.114.2
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /opt/renovate/
|
||||
|
|
|
@ -77,7 +77,7 @@
|
|||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
nixpkgs.config.permittedInsecurePackages =
|
||||
[ "nodejs-14.21.3" "openssl-1.1.1t" "nodejs-16.20.0" ];
|
||||
[ "nodejs-14.21.3" "openssl-1.1.1t" "nodejs-16.20.0" "openssl-1.1.1u" ];
|
||||
|
||||
# Limit the systemd journal to 100 MB of disk or the
|
||||
# last 7 days of logs, whichever happens first.
|
||||
|
|
|
@ -15,6 +15,7 @@ in {
|
|||
fusee-launcher
|
||||
gcc
|
||||
gimp
|
||||
inputs.attic.packages.${pkgs.system}.attic
|
||||
inputs.comma.packages.${pkgs.system}.default
|
||||
inputs.webcord.packages.${pkgs.system}.default
|
||||
kdenlive
|
||||
|
|
|
@ -70,6 +70,7 @@ in {
|
|||
servers.pyright.enable = true;
|
||||
servers.elixirls.enable = true;
|
||||
servers.clangd.enable = true;
|
||||
servers.yamlls.enable = true;
|
||||
};
|
||||
trouble.enable = true;
|
||||
lspkind.enable = true;
|
||||
|
|
|
@ -18,10 +18,21 @@ in {
|
|||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
vault-secrets.secrets.attic = {
|
||||
services = [ "atticd" ];
|
||||
};
|
||||
vault-secrets.secrets.attic = { services = [ "atticd" ]; };
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_15;
|
||||
ensureDatabases = [ "atticd" ];
|
||||
ensureUsers = [{
|
||||
name = "atticd";
|
||||
ensurePermissions = {
|
||||
"DATABASE atticd" = "ALL PRIVILEGES";
|
||||
"schema public" = "ALL";
|
||||
};
|
||||
}];
|
||||
|
||||
};
|
||||
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
|
@ -44,6 +55,8 @@ in {
|
|||
level = 8;
|
||||
};
|
||||
|
||||
database.url = "postgresql://atticd?host=/run/postgresql";
|
||||
|
||||
storage = {
|
||||
type = "s3";
|
||||
region = "hades";
|
||||
|
|
|
@ -21,7 +21,10 @@
|
|||
services.unbound.settings.server = {
|
||||
local-zone = [
|
||||
"xirion.net typetransparent"
|
||||
"attic.xirion.net typetransparent"
|
||||
"o.xirion.net typetransparent"
|
||||
"attic.xirion.net typetransparent"
|
||||
"g.xirion.net typetransparent"
|
||||
"fedi-media.xirion.net typetransparent"
|
||||
"hades.xirion.net typetransparent"
|
||||
"requests.xirion.net typetransparent"
|
||||
|
@ -31,8 +34,11 @@
|
|||
|
||||
local-data = [
|
||||
''"xirion.net A 192.168.0.122"''
|
||||
''"attic.xirion.net A 192.168.0.122"''
|
||||
''"hades.xirion.net A 192.168.0.122"''
|
||||
''"o.xirion.net A 192.168.0.122"''
|
||||
''"attic.xirion.net A 192.168.0.122"''
|
||||
''"g.xirion.net A 192.168.0.122"''
|
||||
''"fedi-media.xirion.net A 192.168.0.122"''
|
||||
''"requests.xirion.net A 192.168.0.122"''
|
||||
''"ha.xirion.net A 192.168.0.122"''
|
||||
|
|
|
@ -36,7 +36,7 @@ in {
|
|||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedBrotliSettings = true;
|
||||
clientMaxBodySize = "500m";
|
||||
clientMaxBodySize = "1024m";
|
||||
|
||||
package = pkgs.nginxMainline;
|
||||
|
||||
|
@ -59,6 +59,7 @@ in {
|
|||
virtualHosts."git.xirion.net" = proxy "http://10.10.10.12";
|
||||
virtualHosts."mail.xirion.net" = proxy "http://192.168.0.118";
|
||||
virtualHosts."o.xirion.net" = proxy "http://192.168.0.112:9000";
|
||||
virtualHosts."g.xirion.net" = proxy "http://garage.hades:3900";
|
||||
virtualHosts."requests.xirion.net" = proxy "http://overseerr.hades:5055";
|
||||
virtualHosts."pass.xirion.net" = proxy "http://bitwarden_rs";
|
||||
virtualHosts."repo.xirion.net" = proxy "http://archlinux";
|
||||
|
|
|
@ -34,12 +34,20 @@ in {
|
|||
privateKeyFile = "${vs.rtorrent}/wireguardKey";
|
||||
postUp = "${postUpScript}/bin/post_up || true";
|
||||
|
||||
peers = [{
|
||||
publicKey = "DVui+5aifNFRIVDjH3v2y+dQ+uwI+HFZOd21ajbEpBo=";
|
||||
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||
endpoint = "185.65.134.82:51820";
|
||||
persistentKeepalive = 25;
|
||||
}];
|
||||
peers = [
|
||||
{
|
||||
publicKey = "33BoONMGCm2vknq2eq72eozRsHmHQY6ZHEEZ4851TkY=";
|
||||
allowedIPs = [ "0.0.0.0/0" "::/0"];
|
||||
endpoint = "193.32.249.70:51820";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
# {
|
||||
# publicKey = "DVui+5aifNFRIVDjH3v2y+dQ+uwI+HFZOd21ajbEpBo=";
|
||||
# allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||
# endpoint = "185.65.134.82:51820";
|
||||
# persistentKeepalive = 25;
|
||||
# }
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -40,6 +40,15 @@ in {
|
|||
};
|
||||
|
||||
services.gitea-actions-runner.instances = {
|
||||
runner_1 = {
|
||||
name = "runner_1";
|
||||
enable = true;
|
||||
labels = [
|
||||
"docker:docker://node:16-bullseye"
|
||||
];
|
||||
url = "https://git.0x76.dev";
|
||||
tokenFile = "${vs.gitea_runner}/token_runner_1";
|
||||
};
|
||||
nix-native = {
|
||||
enable = true;
|
||||
name = "nix-native";
|
||||
|
|
|
@ -27,20 +27,37 @@ in {
|
|||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "mail.0x76.dev";
|
||||
domains = [ "0x76.dev" "meowy.tech" ];
|
||||
domains = [ "0x76.dev" "meowy.tech" "xirion.net" ];
|
||||
certificateScheme = "acme-nginx";
|
||||
enableManageSieve = true;
|
||||
|
||||
monitoring = {
|
||||
alertAddress = "v@0x76.dev";
|
||||
enable = true;
|
||||
};
|
||||
|
||||
loginAccounts = {
|
||||
# People
|
||||
"v@0x76.dev" = {
|
||||
hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
|
||||
aliases =
|
||||
[ "v@meowy.tech" "postmaster@0x76.dev" "postmaster@meowy.tech" ];
|
||||
catchAll = [ "xirion.net" "0x76.dev" ];
|
||||
aliases = [
|
||||
"postmaster@0x76.dev"
|
||||
"abuse@0x76.dev"
|
||||
|
||||
"v@meowy.tech"
|
||||
"abuse@meowy.tech"
|
||||
"postmaster@meowy.tech"
|
||||
|
||||
"@xirion.net"
|
||||
"@0x76.dev"
|
||||
];
|
||||
};
|
||||
"laura@meowy.tech" = {
|
||||
hashedPasswordFile = "${vs.mailserver}/laura@meowy.tech";
|
||||
aliases = [ "lau@meowy.tech" ];
|
||||
};
|
||||
|
||||
# Services
|
||||
"gitea@0x76.dev" = {
|
||||
hashedPasswordFile = "${vs.mailserver}/gitea@0x76.dev";
|
||||
|
@ -82,6 +99,7 @@ in {
|
|||
pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
|
||||
plugins = [
|
||||
"archive"
|
||||
"managesieve"
|
||||
# "enigma"
|
||||
# "markasjunk"
|
||||
"persistent_login"
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
[
|
||||
{
|
||||
"version": "1.32.3.7089",
|
||||
"version": "1.32.4.7164",
|
||||
"platform": "aarch64-linux",
|
||||
"url": "https://downloads.plex.tv/plex-media-server-new/1.32.3.7089-b0a36929b/debian/plexmediaserver_1.32.3.7089-b0a36929b_arm64.deb",
|
||||
"hash": "1sc6h04l0lxw3jzz01gn7i6wikqqds7nqh35rqvwhffjgdvmcjhq"
|
||||
"url": "https://downloads.plex.tv/plex-media-server-new/1.32.4.7164-1dc22f47b/debian/plexmediaserver_1.32.4.7164-1dc22f47b_arm64.deb",
|
||||
"hash": "1k61rrdjlwhf14q8qdj976a53wf9f9ask0fwynldyqbvjfjgy0ws"
|
||||
},
|
||||
{
|
||||
"version": "1.32.3.7089",
|
||||
"version": "1.32.4.7164",
|
||||
"platform": "x86_64-linux",
|
||||
"url": "https://downloads.plex.tv/plex-media-server-new/1.32.3.7089-b0a36929b/debian/plexmediaserver_1.32.3.7089-b0a36929b_amd64.deb",
|
||||
"hash": "074qvjl49rfn6s3naa5s71i5kd0an64laijz13cpsh55yy6zwgb3"
|
||||
"url": "https://downloads.plex.tv/plex-media-server-new/1.32.4.7164-1dc22f47b/debian/plexmediaserver_1.32.4.7164-1dc22f47b_amd64.deb",
|
||||
"hash": "0sa537yx7gjbabmisb26yrrlg7ql124qhwlc20r5m1hbq8i1i23w"
|
||||
}
|
||||
]
|
||||
|
|
|
@ -5,7 +5,7 @@ in buildVscodeMarketplaceExtension {
|
|||
name = "platformio-ide";
|
||||
publisher = "platformio";
|
||||
version = "3.1.1";
|
||||
sha256 = "sha256-fwEct7Tj8bfTOLRozSZJGWoLzWRSvYz/KxcnfpO8Usg=";
|
||||
sha256 = "sha256-g9yTG3DjVUS2w9eHGAai5LoIfEGus+FPhqDnCi4e90Q=";
|
||||
# sha256 = lib.fakeSha256;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue