Merge branch 'main' of https://git.thomasfmly.org/michael/nix-dots
This commit is contained in:
commit
caf74e5636
@ -9,6 +9,33 @@ with lib; let
|
||||
inherit (config.my.server) domain proxyIP firewallInterface;
|
||||
forgejoDomain = "git.${domain}";
|
||||
forgejoUrl = "https://${forgejoDomain}";
|
||||
|
||||
# for nix actions runner
|
||||
storeDeps = pkgs.runCommand "store-deps" {} ''
|
||||
mkdir -p $out/bin
|
||||
for dir in ${
|
||||
toString [
|
||||
pkgs.coreutils
|
||||
pkgs.findutils
|
||||
pkgs.gnugrep
|
||||
pkgs.gawk
|
||||
pkgs.git
|
||||
pkgs.nix
|
||||
pkgs.bash
|
||||
pkgs.jq
|
||||
pkgs.nodejs
|
||||
pkgs.devenv
|
||||
]
|
||||
}; do
|
||||
for bin in "$dir"/bin/*; do
|
||||
ln -s "$bin" "$out/bin/$(basename "$bin")"
|
||||
done
|
||||
done
|
||||
|
||||
# Add SSL CA certs
|
||||
mkdir -p $out/etc/ssl/certs
|
||||
cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt
|
||||
'';
|
||||
in {
|
||||
options.my.services.forgejo = {
|
||||
enable = mkEnableOption "Forgejo";
|
||||
@ -34,6 +61,11 @@ in {
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf cfg.enable {
|
||||
age.secrets.forgejoSendgridKey = {
|
||||
file = ../../../secrets/sendgrid-key.age;
|
||||
owner = "forgejo";
|
||||
group = "forgejo";
|
||||
};
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.forgejo;
|
||||
@ -56,36 +88,112 @@ in {
|
||||
settings.oauth2_client = {
|
||||
ENABLE_AUTO_REGISTRATION = true;
|
||||
};
|
||||
settings.mailer = {
|
||||
ENABLED = true;
|
||||
FROM = "forgejo@michaelt.xyz";
|
||||
PROTOCOL = "starttls";
|
||||
SMTP_ADDR = "smtp.sendgrid.net";
|
||||
SMTP_PORT = 587;
|
||||
USER = "apikey";
|
||||
};
|
||||
mailerPasswordFile = config.age.secrets.forgejoSendgridKey.path;
|
||||
};
|
||||
|
||||
networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port];
|
||||
})
|
||||
(mkIf cfg.actions.enable {
|
||||
# build image // taken from https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
|
||||
# everything here has no dependencies on the store
|
||||
systemd.services.forgejo-runner-nix-image = {
|
||||
wantedBy = ["multi-user.target"];
|
||||
after = ["podman.service"];
|
||||
requires = ["podman.service"];
|
||||
path = [
|
||||
config.virtualisation.podman.package
|
||||
pkgs.gnutar
|
||||
pkgs.shadow
|
||||
pkgs.getent
|
||||
];
|
||||
# we also include etc here because the cleanup job also wants the nixuser to be present
|
||||
script = ''
|
||||
set -eux -o pipefail
|
||||
mkdir -p etc/nix
|
||||
|
||||
# Create an unpriveleged user that we can use also without the run-as-user.sh script
|
||||
touch etc/passwd etc/group
|
||||
groupid=$(cut -d: -f3 < <(getent group nixuser))
|
||||
userid=$(cut -d: -f3 < <(getent passwd nixuser))
|
||||
groupadd --prefix $(pwd) --gid "$groupid" nixuser
|
||||
emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.'
|
||||
useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nixuser nixuser
|
||||
|
||||
cat <<NIX_CONFIG > etc/nix/nix.conf
|
||||
accept-flake-config = true
|
||||
experimental-features = nix-command flakes
|
||||
NIX_CONFIG
|
||||
|
||||
cat <<NSSWITCH > etc/nsswitch.conf
|
||||
passwd: files mymachines systemd
|
||||
group: files mymachines systemd
|
||||
shadow: files
|
||||
|
||||
hosts: files mymachines dns myhostname
|
||||
networks: files
|
||||
|
||||
ethers: files
|
||||
services: files
|
||||
protocols: files
|
||||
rpc: files
|
||||
NSSWITCH
|
||||
|
||||
# list the content as it will be imported into the container
|
||||
tar -cv . | tar -tvf -
|
||||
tar -cv . | podman import - forgejo-runner-nix
|
||||
'';
|
||||
serviceConfig = {
|
||||
RuntimeDirectory = "forgejo-runner-nix-image";
|
||||
WorkingDirectory = "/run/forgejo-runner-nix-image";
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
};
|
||||
|
||||
users.users.nixuser = {
|
||||
group = "nixuser";
|
||||
description = "Used for running nix ci jobs";
|
||||
home = "/var/empty";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.nixuser = {};
|
||||
|
||||
# configure the actions runner itself
|
||||
age.secrets.forgejoActions.file = ../../../secrets/forgejo-actions.age;
|
||||
services.gitea-actions-runner = mkIf cfg.actions.enable {
|
||||
package = pkgs.unstable.forgejo-runner;
|
||||
instances.venus = {
|
||||
enable = true;
|
||||
name = "venus";
|
||||
name = "venus-nix-runner";
|
||||
url = forgejoUrl;
|
||||
settings = {
|
||||
# log = {
|
||||
# level = "debug";
|
||||
# };
|
||||
options = "-v /var/run/podman/podman.sock:/var/run/podman/podman.sock";
|
||||
# options = "-v /var/run/podman/podman.sock:/var/run/podman/podman.sock";
|
||||
runner = {
|
||||
capacity = 5;
|
||||
capacity = 1;
|
||||
timeout = "45m";
|
||||
};
|
||||
container = {
|
||||
privileged = true;
|
||||
valid_volumes = ["*"];
|
||||
force_pull = false;
|
||||
options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
|
||||
# privileged = true;
|
||||
valid_volumes = [
|
||||
"/nix"
|
||||
"${storeDeps}/bin"
|
||||
"${storeDeps}/etc/ssl"
|
||||
];
|
||||
# force_pull = false;
|
||||
network = "bridge";
|
||||
};
|
||||
};
|
||||
labels = [
|
||||
"debian-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
|
||||
"ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
|
||||
"nix:docker://forgejo-runner-nix"
|
||||
];
|
||||
tokenFile = config.age.secrets.forgejoActions.path;
|
||||
};
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
plugins.neo-tree = {
|
||||
enable = false;
|
||||
enable = true;
|
||||
enableDiagnostics = true;
|
||||
enableGitStatus = true;
|
||||
enableModifiedMarkers = true;
|
||||
@ -9,9 +9,7 @@
|
||||
popupBorderStyle = "rounded"; # Type: null or one of “NC”, “double”, “none”, “rounded”, “shadow”, “single”, “solid” or raw lua code
|
||||
buffers = {
|
||||
bindToCwd = false;
|
||||
followCurrentFile = {
|
||||
enabled = true;
|
||||
};
|
||||
followCurrentFile.enabled = true;
|
||||
};
|
||||
window = {
|
||||
width = 40;
|
||||
@ -21,44 +19,63 @@
|
||||
"<space>" = "none";
|
||||
};
|
||||
};
|
||||
filesystem = {
|
||||
bindToCwd = false;
|
||||
followCurrentFile.enabled = true;
|
||||
useLibuvFileWatcher = true;
|
||||
};
|
||||
defaultComponentConfigs = {
|
||||
indent = {
|
||||
withExpanders = true; # if nil and file nesting is enabled, will enable expanders
|
||||
expanderCollapsed = "";
|
||||
expanderExpanded = "";
|
||||
expanderHighlight = "NeoTreeExpander";
|
||||
};
|
||||
gitStatus = {
|
||||
symbols = {
|
||||
unstaged = "";
|
||||
staged = "";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# keymaps = [
|
||||
# {
|
||||
# mode = "n";
|
||||
# key = "<leader>e";
|
||||
# action = ":Neotree toggle reveal_force_cwd<cr>";
|
||||
# options = {
|
||||
# silent = true;
|
||||
# desc = "Explorer NeoTree (root dir)";
|
||||
# };
|
||||
# }
|
||||
# {
|
||||
# mode = "n";
|
||||
# key = "<leader>E";
|
||||
# action = "<cmd>Neotree toggle<CR>";
|
||||
# options = {
|
||||
# silent = true;
|
||||
# desc = "Explorer NeoTree (cwd)";
|
||||
# };
|
||||
# }
|
||||
# {
|
||||
# mode = "n";
|
||||
# key = "<leader>be";
|
||||
# action = ":Neotree buffers<CR>";
|
||||
# options = {
|
||||
# silent = true;
|
||||
# desc = "Buffer explorer";
|
||||
# };
|
||||
# }
|
||||
# {
|
||||
# mode = "n";
|
||||
# key = "<leader>ge";
|
||||
# action = ":Neotree git_status<CR>";
|
||||
# options = {
|
||||
# silent = true;
|
||||
# desc = "Git explorer";
|
||||
# };
|
||||
# }
|
||||
# ];
|
||||
keymaps = [
|
||||
{
|
||||
mode = "n";
|
||||
key = "<leader>e";
|
||||
action = ":Neotree toggle reveal_force_cwd<cr>";
|
||||
options = {
|
||||
silent = true;
|
||||
desc = "Explorer NeoTree (root dir)";
|
||||
};
|
||||
}
|
||||
{
|
||||
mode = "n";
|
||||
key = "<leader>E";
|
||||
action = "<cmd>Neotree toggle<CR>";
|
||||
options = {
|
||||
silent = true;
|
||||
desc = "Explorer NeoTree (cwd)";
|
||||
};
|
||||
}
|
||||
{
|
||||
mode = "n";
|
||||
key = "<leader>be";
|
||||
action = ":Neotree buffers<CR>";
|
||||
options = {
|
||||
silent = true;
|
||||
desc = "Buffer explorer";
|
||||
};
|
||||
}
|
||||
{
|
||||
mode = "n";
|
||||
key = "<leader>ge";
|
||||
action = ":Neotree git_status<CR>";
|
||||
options = {
|
||||
silent = true;
|
||||
desc = "Git explorer";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
|
@ -7,6 +7,7 @@ in {
|
||||
"wireguard-thinkcentre.age".publicKeys = [venus];
|
||||
"keycloak-db.age".publicKeys = [venus];
|
||||
"forgejo-actions.age".publicKeys = [venus];
|
||||
"sendgrid-key.age".publicKeys = [venus];
|
||||
|
||||
# Oracle
|
||||
"wireguard-oracle.age".publicKeys = [oracle];
|
||||
|
BIN
secrets/sendgrid-key.age
Normal file
BIN
secrets/sendgrid-key.age
Normal file
Binary file not shown.
@ -1,43 +1,44 @@
|
||||
{
|
||||
"LazyVim": { "branch": "main", "commit": "a5f8af912de4b334cb900a9f383b6e317568f27f" },
|
||||
"bufferline.nvim": { "branch": "main", "commit": "99337f63f0a3c3ab9519f3d1da7618ca4f91cffe" },
|
||||
"catppuccin": { "branch": "main", "commit": "5215ea59df6d0a7e27da9a5cd1165e06d1b04cbe" },
|
||||
"LazyVim": { "branch": "main", "commit": "53f4595b4e7ee980e9446a9248862a40701959c1" },
|
||||
"bufferline.nvim": { "branch": "main", "commit": "81820cac7c85e51e4cf179f8a66d13dbf7b032d9" },
|
||||
"catppuccin": { "branch": "main", "commit": "894efb557728e532aa98b98029d16907a214ec05" },
|
||||
"cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" },
|
||||
"cmp-nvim-lsp": { "branch": "main", "commit": "39e2eda76828d88b773cc27a3f61d2ad782c922d" },
|
||||
"cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" },
|
||||
"conform.nvim": { "branch": "master", "commit": "069e971295a34a810484b7b2ef54b3c735214181" },
|
||||
"dashboard-nvim": { "branch": "master", "commit": "5346d023afc4bfc7ff63d05c70bcdb0784bb657a" },
|
||||
"dressing.nvim": { "branch": "master", "commit": "e3714c8049b2243e792492c4149e4cc395c68eb9" },
|
||||
"conform.nvim": { "branch": "master", "commit": "c26dadf8a47a547768d1048a0d698ecec33494ce" },
|
||||
"dashboard-nvim": { "branch": "master", "commit": "69a4c935cc43d3d725ed0600c6d00593bc23d132" },
|
||||
"flash.nvim": { "branch": "main", "commit": "43f67935d388fbb540f8b40e8cbfd80de54f978a" },
|
||||
"friendly-snippets": { "branch": "main", "commit": "e11b09bf10706bb74e16e4c3d11b2274d62e687f" },
|
||||
"gitsigns.nvim": { "branch": "main", "commit": "4a143f13e122ab91abdc88f89eefbe70a4858a56" },
|
||||
"friendly-snippets": { "branch": "main", "commit": "682157939e57bd6a2c86277dfd4d6fbfce63dbac" },
|
||||
"gitsigns.nvim": { "branch": "main", "commit": "fa42613096ebfa5fee1ea87d70f8625ab9685d01" },
|
||||
"gruvbox.nvim": { "branch": "main", "commit": "d4cde3853a172485961b515c36d51d757728d6e6" },
|
||||
"indent-blankline.nvim": { "branch": "master", "commit": "d98f537c3492e87b6dc6c2e3f66ac517528f406f" },
|
||||
"lazy.nvim": { "branch": "main", "commit": "fafe1f7c640aed75e70a10e6649612cd96f39149" },
|
||||
"indent-blankline.nvim": { "branch": "master", "commit": "4288ce8128a52650e401dda42fd7651a6038f262" },
|
||||
"kdl.vim": { "branch": "main", "commit": "b84d7d3a15d8d30da016cf9e98e2cfbe35cddee5" },
|
||||
"lazy.nvim": { "branch": "main", "commit": "20af3fcc4ef2fef0cb4021543c70410567fcf9aa" },
|
||||
"lualine.nvim": { "branch": "master", "commit": "0a5a66803c7407767b799067986b4dc3036e1983" },
|
||||
"mason-lspconfig.nvim": { "branch": "main", "commit": "8db12610bcb7ce67013cfdfaba4dd47a23c6e851" },
|
||||
"mason-lspconfig.nvim": { "branch": "main", "commit": "37a336b653f8594df75c827ed589f1c91d91ff6c" },
|
||||
"mason.nvim": { "branch": "main", "commit": "0950b15060067f752fde13a779a994f59516ce3d" },
|
||||
"mini.ai": { "branch": "main", "commit": "7859b6344f5cee567a94f173859d25e20ba1a77e" },
|
||||
"mini.pairs": { "branch": "main", "commit": "40261dfcec7623cd57be3c3beb50fa73f2650cdf" },
|
||||
"mini.ai": { "branch": "main", "commit": "ebf806de0292ef89b2756cfb0b55040901d1c441" },
|
||||
"mini.pairs": { "branch": "main", "commit": "18a2d9d7106d08d3560d07c03dcbf5680c8675cc" },
|
||||
"neo-tree.nvim": { "branch": "v3.x", "commit": "29f7c215332ba95e470811c380ddbce2cebe2af4" },
|
||||
"no-neck-pain.nvim": { "branch": "main", "commit": "741ad26c4acc45f2164a3933f7825b0e555b724d" },
|
||||
"noice.nvim": { "branch": "main", "commit": "e5cb20c6e14305d24025ecb77d7d4dd9d61f1a64" },
|
||||
"nui.nvim": { "branch": "main", "commit": "322978c734866996274467de084a95e4f9b5e0b1" },
|
||||
"nvim-cmp": { "branch": "main", "commit": "5260e5e8ecadaf13e6b82cf867a909f54e15fd07" },
|
||||
"nvim-lint": { "branch": "master", "commit": "941fa1220a61797a51f3af9ec6b7d74c8c7367ce" },
|
||||
"nvim-lspconfig": { "branch": "master", "commit": "92166b89ab4b3d60f24e58170cac53b7141fd032" },
|
||||
"noice.nvim": { "branch": "main", "commit": "cade1f972ba226e7753a7a113f3f1a942908e73c" },
|
||||
"nui.nvim": { "branch": "main", "commit": "61574ce6e60c815b0a0c4b5655b8486ba58089a1" },
|
||||
"nvim-cmp": { "branch": "main", "commit": "a110e12d0b58eefcf5b771f533fc2cf3050680ac" },
|
||||
"nvim-lint": { "branch": "master", "commit": "efc6fc83f0772283e064c53a8f9fb5645bde0bc0" },
|
||||
"nvim-lspconfig": { "branch": "master", "commit": "9c9eb07fecc578e25e28db8dc9002b43fff2ed79" },
|
||||
"nvim-notify": { "branch": "master", "commit": "d333b6f167900f6d9d42a59005d82919830626bf" },
|
||||
"nvim-spectre": { "branch": "master", "commit": "4d22fe03554056de4325762add3e546c77e3a275" },
|
||||
"nvim-treesitter": { "branch": "master", "commit": "c5cbd3ec74f6f5ddbac939e6f24b99fe78262b4c" },
|
||||
"nvim-spectre": { "branch": "master", "commit": "49fae98ef2bfa8342522b337892992e3495065d5" },
|
||||
"nvim-treesitter": { "branch": "master", "commit": "53b32a6aa3e1de224e82f88cbdc08584c753adb7" },
|
||||
"nvim-treesitter-textobjects": { "branch": "master", "commit": "34867c69838078df7d6919b130c0541c0b400c47" },
|
||||
"nvim-ts-autotag": { "branch": "main", "commit": "6eb4120a1aadef07ac312f1c4bc6456712220007" },
|
||||
"nvim-web-devicons": { "branch": "master", "commit": "b4b302d6ae229f67df7a87ef69fa79473fe788a9" },
|
||||
"persistence.nvim": { "branch": "main", "commit": "5fe077056c821aab41f87650bd6e1c48cd7dd047" },
|
||||
"nvim-ts-autotag": { "branch": "main", "commit": "ddfccbf0df1b9349c2b9e9b17f4afa8f9b6c1ed1" },
|
||||
"nvim-web-devicons": { "branch": "master", "commit": "c0cfc1738361b5da1cd0a962dd6f774cc444f856" },
|
||||
"persistence.nvim": { "branch": "main", "commit": "95d03ad5450389ad7dc2a0fab14ebb3d46bc2c96" },
|
||||
"plenary.nvim": { "branch": "master", "commit": "a3e3bc82a3f95c5ed0d7201546d5d2c19b20d683" },
|
||||
"telescope-fzf-native.nvim": { "branch": "main", "commit": "9ef21b2e6bb6ebeaf349a0781745549bbb870d27" },
|
||||
"telescope.nvim": { "branch": "master", "commit": "3a743491e5c6be0ed0aa8c31c6905df8f66179ba" },
|
||||
"todo-comments.nvim": { "branch": "main", "commit": "70a93ce66083699571adc361166504b03cc39c2b" },
|
||||
"tokyonight.nvim": { "branch": "main", "commit": "02e9028fe3560f38363c2d38f1c87e45eb04fdb3" },
|
||||
"rustaceanvim": { "branch": "master", "commit": "d6d7620b66d74b3b16defcf85cbef7b3582795b3" },
|
||||
"todo-comments.nvim": { "branch": "main", "commit": "51e10f838e84b4756c16311d0b1ef0972c6482d2" },
|
||||
"tokyonight.nvim": { "branch": "main", "commit": "30d7be361a7fbf187a881f17e574e9213d5108ea" },
|
||||
"tree-sitter-asm": { "branch": "main", "commit": "b0306e9bb2ebe01c6562f1aef265cc42ccc53070" },
|
||||
"trouble.nvim": { "branch": "main", "commit": "806c50491078b66daf13c408042f2e74da46d0ff" },
|
||||
"trouble.nvim": { "branch": "main", "commit": "88c3be40c061ce053ab326ce4fdcb973a1f785ff" },
|
||||
"vim-freemarker": { "branch": "master", "commit": "993bda23e72e4c074659970c1e777cb19d8cf93e" },
|
||||
"which-key.nvim": { "branch": "main", "commit": "0099511294f16b81c696004fa6a403b0ae61f7a0" }
|
||||
}
|
@ -1,9 +1,10 @@
|
||||
{
|
||||
"extras": [
|
||||
|
||||
"lazyvim.plugins.extras.dap.core",
|
||||
"lazyvim.plugins.extras.lang.rust"
|
||||
],
|
||||
"news": {
|
||||
"NEWS.md": "3314"
|
||||
"NEWS.md": "5950"
|
||||
},
|
||||
"version": 3
|
||||
"version": 6
|
||||
}
|
@ -73,6 +73,7 @@ return {
|
||||
json = { { "prettierd", "prettier" } },
|
||||
yaml = { { "prettierd", "prettier" } },
|
||||
css = { { "prettierd", "prettier" } },
|
||||
markdown = { { "prettierd", "prettier" } },
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -85,4 +86,12 @@ return {
|
||||
{
|
||||
"andreshazard/vim-freemarker",
|
||||
},
|
||||
{
|
||||
"mrcjkb/rustaceanvim",
|
||||
opts = {
|
||||
server = {
|
||||
load_vscode_settings = true,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user