From 363a40a8142a24ddf6413b3394de7bdae2bebcd1 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 20 May 2024 14:24:35 -0400 Subject: [PATCH 1/6] feat(keywind): dark mode --- pkgs/keywind/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/keywind/default.nix b/pkgs/keywind/default.nix index c805b28..3c702e4 100644 --- a/pkgs/keywind/default.nix +++ b/pkgs/keywind/default.nix @@ -7,10 +7,10 @@ stdenv.mkDerivation { version = "0.0.1-dev"; src = fetchFromGitHub { - owner = "lukin"; + owner = "michaelhthomas"; repo = "keywind"; - rev = "bdf966fdae0071ccd46dab4efdc38458a643b409"; - hash = "sha256-8N+OQ6Yg9RKxqGd8kgsbvrYuVgol49bo/iJeIJXr3Sg="; + rev = "f3f016ab34ac9731ef8dadd6e79406a3c2433a34"; + hash = "sha256-wronX44qyUIuoTSdKj01UlLrwH9U5qNkUuSouV+xSUU="; }; installPhase = '' From 42fe45ad989710add3d6f3f10a78237f19863595 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 20 May 2024 14:24:45 -0400 Subject: [PATCH 2/6] feat(keycloak): use unstable package --- machines/thinkcentre/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/thinkcentre/configuration.nix b/machines/thinkcentre/configuration.nix index ff59423..78ad4be 100644 --- a/machines/thinkcentre/configuration.nix +++ b/machines/thinkcentre/configuration.nix @@ -77,6 +77,7 @@ age.secrets.keycloakDb.file = ../../secrets/keycloak-db.age; services.keycloak = { enable = true; + package = pkgs.unstable.keycloak; settings = { hostname-url = "https://auth.s.michaelt.xyz"; hostname-admin-url = "https://auth.s.michaelt.xyz"; From ac6c8ef84d2f7897d7c85b038f03c37d224d5b26 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 20 May 2024 14:25:08 -0400 Subject: [PATCH 3/6] fix(nixos): use correct path to zellij module --- user/environments/nixos/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/user/environments/nixos/home.nix b/user/environments/nixos/home.nix index f31706a..49c5c92 100644 --- a/user/environments/nixos/home.nix +++ b/user/environments/nixos/home.nix @@ -9,6 +9,7 @@ ../../modules/hyprland.nix ../../modules/nvim.nix ../../modules/vscode.nix + ../../modules/zellij ../../modules/zsh.nix ]; From 28cc9c48b2a2d064f83d97db84bce9f358d872d2 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 20 May 2024 19:32:35 -0400 Subject: [PATCH 4/6] feat(forgejo): add actions runner --- machines/thinkcentre/configuration.nix | 1 + modules/services/forgejo/default.nix | 34 ++++++++++++++++++++++++++ secrets/forgejo-actions.age | 5 ++++ secrets/secrets.nix | 1 + 4 files changed, 41 insertions(+) create mode 100644 secrets/forgejo-actions.age diff --git a/machines/thinkcentre/configuration.nix b/machines/thinkcentre/configuration.nix index 78ad4be..9e4602e 100644 --- a/machines/thinkcentre/configuration.nix +++ b/machines/thinkcentre/configuration.nix @@ -117,6 +117,7 @@ my.services.forgejo = { enable = true; port = 3000; + actions.enable = true; }; swapDevices = [ diff --git a/modules/services/forgejo/default.nix b/modules/services/forgejo/default.nix index 70483be..910f34c 100644 --- a/modules/services/forgejo/default.nix +++ b/modules/services/forgejo/default.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: with lib; let @@ -12,6 +13,11 @@ in { options.my.services.forgejo = { enable = mkEnableOption "Forgejo"; proxy = mkEnableOption "Forgejo reverse proxy entry"; + actions = mkOption { + type = types.submodule (_: { + options.enable = mkEnableOption "Forgejo Actions"; + }); + }; subdomain = mkOption { type = types.str; default = "git"; @@ -30,6 +36,7 @@ in { (mkIf cfg.enable { services.forgejo = { enable = true; + package = pkgs.unstable.forgejo; settings.server = { DOMAIN = forgejoDomain; ROOT_URL = forgejoUrl; @@ -52,6 +59,33 @@ in { }; networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port]; + + age.secrets.forgejoActions.file = ../../../secrets/forgejo-actions.age; + services.gitea-actions-runner = mkIf cfg.actions.enable { + package = pkgs.unstable.forgejo-runner; + instances.venus = { + enable = true; + name = "venus"; + url = forgejoUrl; + settings = { + # log = { + # level = "debug"; + # }; + options = "-v /var/run/podman/podman.sock:/var/run/podman/podman.sock"; + runner = { + capacity = 5; + timeout = "45m"; + }; + container = { + privileged = true; + valid_volumes = ["*"]; + force_pull = false; + }; + }; + labels = []; + tokenFile = config.age.secrets.forgejoActions.path; + }; + }; }) (mkIf cfg.proxy { services.caddy.virtualHosts."${forgejoDomain}".extraConfig = '' diff --git a/secrets/forgejo-actions.age b/secrets/forgejo-actions.age new file mode 100644 index 0000000..40723ec --- /dev/null +++ b/secrets/forgejo-actions.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 jBnYqQ THVbnor+AP7CyleSBNaSbxQEkmHlrQ2u+auPOgFXexM +ntnmIaGTpQEFo438GAU/UJZ7217I27TkkbLaqYq+uKM +--- uYDKB1BuWSUCUsdNm4xA2ugOLq27Vz811FbjlK+qYes +d Mh*$jj*j>ݛ!>v@hj7q>+yC 5W1ND^и \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 90b4180..2f1fe02 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -6,6 +6,7 @@ in { # Venus "wireguard-thinkcentre.age".publicKeys = [venus]; "keycloak-db.age".publicKeys = [venus]; + "forgejo-actions.age".publicKeys = [venus]; # Oracle "wireguard-oracle.age".publicKeys = [oracle]; From f5ca1dd665d6eb4f57189abe2f1bfb45a0916b99 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 27 May 2024 13:35:36 -0400 Subject: [PATCH 5/6] fix(forgejo): redirect to Keycloak login page automatically --- modules/services/forgejo/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/services/forgejo/default.nix b/modules/services/forgejo/default.nix index 910f34c..aa785b6 100644 --- a/modules/services/forgejo/default.nix +++ b/modules/services/forgejo/default.nix @@ -89,6 +89,8 @@ in { }) (mkIf cfg.proxy { services.caddy.virtualHosts."${forgejoDomain}".extraConfig = '' + redir /user/login /user/oauth2/Keycloak?{query} + reverse_proxy http://${proxyIP}:${toString cfg.port} ''; From f09894d0dc4f71838d12845031f5e4eeadbb7568 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Thu, 30 May 2024 08:21:16 -0400 Subject: [PATCH 6/6] fix(forgejo): add caddy error message --- modules/services/forgejo/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/services/forgejo/default.nix b/modules/services/forgejo/default.nix index aa785b6..67241b0 100644 --- a/modules/services/forgejo/default.nix +++ b/modules/services/forgejo/default.nix @@ -89,6 +89,11 @@ in { }) (mkIf cfg.proxy { services.caddy.virtualHosts."${forgejoDomain}".extraConfig = '' + handle_errors { + status 502 + respond "This server is currently unavailable." + } + redir /user/login /user/oauth2/Keycloak?{query} reverse_proxy http://${proxyIP}:${toString cfg.port}