Merge branch 'main' of https://git.thomasfmly.org/michael/nix-dots

2024-06-26 18:52:29 -04:00 · 2024-06-26 18:52:29 -04:00 · caf74e5636
commit caf74e5636
parent 30fc7bf0a8 b68ab3883d
7 changed files with 221 additions and 84 deletions
--- a/modules/services/forgejo/default.nix
+++ b/modules/services/forgejo/default.nix
@ -9,6 +9,33 @@ with lib; let
  inherit (config.my.server) domain proxyIP firewallInterface;
  forgejoDomain = "git.${domain}";
  forgejoUrl = "https://${forgejoDomain}";
+
+  # for nix actions runner
+  storeDeps = pkgs.runCommand "store-deps" {} ''
+    mkdir -p $out/bin
+    for dir in ${
+      toString [
+        pkgs.coreutils
+        pkgs.findutils
+        pkgs.gnugrep
+        pkgs.gawk
+        pkgs.git
+        pkgs.nix
+        pkgs.bash
+        pkgs.jq
+        pkgs.nodejs
+        pkgs.devenv
+      ]
+    }; do
+      for bin in "$dir"/bin/*; do
+        ln -s "$bin" "$out/bin/$(basename "$bin")"
+      done
+    done
+
+    # Add SSL CA certs
+    mkdir -p $out/etc/ssl/certs
+    cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt
+  '';
 in {
  options.my.services.forgejo = {
    enable = mkEnableOption "Forgejo";
@ -34,6 +61,11 @@ in {

  config = mkMerge [
    (mkIf cfg.enable {
+      age.secrets.forgejoSendgridKey = {
+        file = ../../../secrets/sendgrid-key.age;
+        owner = "forgejo";
+        group = "forgejo";
+      };
      services.forgejo = {
        enable = true;
        package = pkgs.unstable.forgejo;
@ -56,36 +88,112 @@ in {
        settings.oauth2_client = {
          ENABLE_AUTO_REGISTRATION = true;
        };
+        settings.mailer = {
+          ENABLED = true;
+          FROM = "forgejo@michaelt.xyz";
+          PROTOCOL = "starttls";
+          SMTP_ADDR = "smtp.sendgrid.net";
+          SMTP_PORT = 587;
+          USER = "apikey";
+        };
+        mailerPasswordFile = config.age.secrets.forgejoSendgridKey.path;
      };

      networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port];
+    })
+    (mkIf cfg.actions.enable {
+      # build image // taken from https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
+      # everything here has no dependencies on the store
+      systemd.services.forgejo-runner-nix-image = {
+        wantedBy = ["multi-user.target"];
+        after = ["podman.service"];
+        requires = ["podman.service"];
+        path = [
+          config.virtualisation.podman.package
+          pkgs.gnutar
+          pkgs.shadow
+          pkgs.getent
+        ];
+        # we also include etc here because the cleanup job also wants the nixuser to be present
+        script = ''
+          set -eux -o pipefail
+          mkdir -p etc/nix

+          # Create an unpriveleged user that we can use also without the run-as-user.sh script
+          touch etc/passwd etc/group
+          groupid=$(cut -d: -f3 < <(getent group nixuser))
+          userid=$(cut -d: -f3 < <(getent passwd nixuser))
+          groupadd --prefix $(pwd) --gid "$groupid" nixuser
+          emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.'
+          useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nixuser nixuser
+
+          cat <<NIX_CONFIG > etc/nix/nix.conf
+          accept-flake-config = true
+          experimental-features = nix-command flakes
+          NIX_CONFIG
+
+          cat <<NSSWITCH > etc/nsswitch.conf
+          passwd:    files mymachines systemd
+          group:     files mymachines systemd
+          shadow:    files
+
+          hosts:     files mymachines dns myhostname
+          networks:  files
+
+          ethers:    files
+          services:  files
+          protocols: files
+          rpc:       files
+          NSSWITCH
+
+          # list the content as it will be imported into the container
+          tar -cv . | tar -tvf -
+          tar -cv . | podman import - forgejo-runner-nix
+        '';
+        serviceConfig = {
+          RuntimeDirectory = "forgejo-runner-nix-image";
+          WorkingDirectory = "/run/forgejo-runner-nix-image";
+          Type = "oneshot";
+          RemainAfterExit = true;
+        };
+      };
+
+      users.users.nixuser = {
+        group = "nixuser";
+        description = "Used for running nix ci jobs";
+        home = "/var/empty";
+        isSystemUser = true;
+      };
+      users.groups.nixuser = {};
+
+      # configure the actions runner itself
      age.secrets.forgejoActions.file = ../../../secrets/forgejo-actions.age;
      services.gitea-actions-runner = mkIf cfg.actions.enable {
        package = pkgs.unstable.forgejo-runner;
        instances.venus = {
          enable = true;
-          name = "venus";
+          name = "venus-nix-runner";
          url = forgejoUrl;
          settings = {
-            # log = {
-            #   level = "debug";
-            # };
-            options = "-v /var/run/podman/podman.sock:/var/run/podman/podman.sock";
+            # options = "-v /var/run/podman/podman.sock:/var/run/podman/podman.sock";
            runner = {
-              capacity = 5;
+              capacity = 1;
              timeout = "45m";
            };
            container = {
-              privileged = true;
-              valid_volumes = ["*"];
-              force_pull = false;
+              options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
+              # privileged = true;
+              valid_volumes = [
+                "/nix"
+                "${storeDeps}/bin"
+                "${storeDeps}/etc/ssl"
+              ];
+              # force_pull = false;
              network = "bridge";
            };
          };
          labels = [
-            "debian-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
-            "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
+            "nix:docker://forgejo-runner-nix"
          ];
          tokenFile = config.age.secrets.forgejoActions.path;
        };
--- a/pkgs/nvim/config/filetrees/neo-tree.nix
+++ b/pkgs/nvim/config/filetrees/neo-tree.nix
@ -1,6 +1,6 @@
 {
  plugins.neo-tree = {
-    enable = false;
+    enable = true;
    enableDiagnostics = true;
    enableGitStatus = true;
    enableModifiedMarkers = true;
@ -9,9 +9,7 @@
    popupBorderStyle = "rounded"; # Type: null or one of “NC”, “double”, “none”, “rounded”, “shadow”, “single”, “solid” or raw lua code
    buffers = {
      bindToCwd = false;
-      followCurrentFile = {
-        enabled = true;
-      };
+      followCurrentFile.enabled = true;
    };
    window = {
      width = 40;
@ -21,44 +19,63 @@
        "<space>" = "none";
      };
    };
+    filesystem = {
+      bindToCwd = false;
+      followCurrentFile.enabled = true;
+      useLibuvFileWatcher = true;
+    };
+    defaultComponentConfigs = {
+      indent = {
+        withExpanders = true; # if nil and file nesting is enabled, will enable expanders
+        expanderCollapsed = "";
+        expanderExpanded = "";
+        expanderHighlight = "NeoTreeExpander";
+      };
+      gitStatus = {
+        symbols = {
+          unstaged = "󰄱";
+          staged = "󰱒";
+        };
+      };
+    };
  };

-  # keymaps = [
-  #   {
-  #     mode = "n";
-  #     key = "<leader>e";
-  #     action = ":Neotree toggle reveal_force_cwd<cr>";
-  #     options = {
-  #       silent = true;
-  #       desc = "Explorer NeoTree (root dir)";
-  #     };
-  #   }
-  #   {
-  #     mode = "n";
-  #     key = "<leader>E";
-  #     action = "<cmd>Neotree toggle<CR>";
-  #     options = {
-  #       silent = true;
-  #       desc = "Explorer NeoTree (cwd)";
-  #     };
-  #   }
-  #   {
-  #     mode = "n";
-  #     key = "<leader>be";
-  #     action = ":Neotree buffers<CR>";
-  #     options = {
-  #       silent = true;
-  #       desc = "Buffer explorer";
-  #     };
-  #   }
-  #   {
-  #     mode = "n";
-  #     key = "<leader>ge";
-  #     action = ":Neotree git_status<CR>";
-  #     options = {
-  #       silent = true;
-  #       desc = "Git explorer";
-  #     };
-  #   }
-  # ];
+  keymaps = [
+    {
+      mode = "n";
+      key = "<leader>e";
+      action = ":Neotree toggle reveal_force_cwd<cr>";
+      options = {
+        silent = true;
+        desc = "Explorer NeoTree (root dir)";
+      };
+    }
+    {
+      mode = "n";
+      key = "<leader>E";
+      action = "<cmd>Neotree toggle<CR>";
+      options = {
+        silent = true;
+        desc = "Explorer NeoTree (cwd)";
+      };
+    }
+    {
+      mode = "n";
+      key = "<leader>be";
+      action = ":Neotree buffers<CR>";
+      options = {
+        silent = true;
+        desc = "Buffer explorer";
+      };
+    }
+    {
+      mode = "n";
+      key = "<leader>ge";
+      action = ":Neotree git_status<CR>";
+      options = {
+        silent = true;
+        desc = "Git explorer";
+      };
+    }
+  ];
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -7,6 +7,7 @@ in {
  "wireguard-thinkcentre.age".publicKeys = [venus];
  "keycloak-db.age".publicKeys = [venus];
  "forgejo-actions.age".publicKeys = [venus];
+  "sendgrid-key.age".publicKeys = [venus];

  # Oracle
  "wireguard-oracle.age".publicKeys = [oracle];
--- a/secrets/sendgrid-key.age
+++ b/secrets/sendgrid-key.age
--- a/user/modules/nvim/lazy-lock.json
+++ b/user/modules/nvim/lazy-lock.json
@ -1,43 +1,44 @@
 {
-  "LazyVim": { "branch": "main", "commit": "a5f8af912de4b334cb900a9f383b6e317568f27f" },
-  "bufferline.nvim": { "branch": "main", "commit": "99337f63f0a3c3ab9519f3d1da7618ca4f91cffe" },
-  "catppuccin": { "branch": "main", "commit": "5215ea59df6d0a7e27da9a5cd1165e06d1b04cbe" },
+  "LazyVim": { "branch": "main", "commit": "53f4595b4e7ee980e9446a9248862a40701959c1" },
+  "bufferline.nvim": { "branch": "main", "commit": "81820cac7c85e51e4cf179f8a66d13dbf7b032d9" },
+  "catppuccin": { "branch": "main", "commit": "894efb557728e532aa98b98029d16907a214ec05" },
  "cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" },
  "cmp-nvim-lsp": { "branch": "main", "commit": "39e2eda76828d88b773cc27a3f61d2ad782c922d" },
  "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" },
-  "conform.nvim": { "branch": "master", "commit": "069e971295a34a810484b7b2ef54b3c735214181" },
-  "dashboard-nvim": { "branch": "master", "commit": "5346d023afc4bfc7ff63d05c70bcdb0784bb657a" },
-  "dressing.nvim": { "branch": "master", "commit": "e3714c8049b2243e792492c4149e4cc395c68eb9" },
+  "conform.nvim": { "branch": "master", "commit": "c26dadf8a47a547768d1048a0d698ecec33494ce" },
+  "dashboard-nvim": { "branch": "master", "commit": "69a4c935cc43d3d725ed0600c6d00593bc23d132" },
  "flash.nvim": { "branch": "main", "commit": "43f67935d388fbb540f8b40e8cbfd80de54f978a" },
-  "friendly-snippets": { "branch": "main", "commit": "e11b09bf10706bb74e16e4c3d11b2274d62e687f" },
-  "gitsigns.nvim": { "branch": "main", "commit": "4a143f13e122ab91abdc88f89eefbe70a4858a56" },
+  "friendly-snippets": { "branch": "main", "commit": "682157939e57bd6a2c86277dfd4d6fbfce63dbac" },
+  "gitsigns.nvim": { "branch": "main", "commit": "fa42613096ebfa5fee1ea87d70f8625ab9685d01" },
  "gruvbox.nvim": { "branch": "main", "commit": "d4cde3853a172485961b515c36d51d757728d6e6" },
-  "indent-blankline.nvim": { "branch": "master", "commit": "d98f537c3492e87b6dc6c2e3f66ac517528f406f" },
-  "lazy.nvim": { "branch": "main", "commit": "fafe1f7c640aed75e70a10e6649612cd96f39149" },
+  "indent-blankline.nvim": { "branch": "master", "commit": "4288ce8128a52650e401dda42fd7651a6038f262" },
+  "kdl.vim": { "branch": "main", "commit": "b84d7d3a15d8d30da016cf9e98e2cfbe35cddee5" },
+  "lazy.nvim": { "branch": "main", "commit": "20af3fcc4ef2fef0cb4021543c70410567fcf9aa" },
  "lualine.nvim": { "branch": "master", "commit": "0a5a66803c7407767b799067986b4dc3036e1983" },
-  "mason-lspconfig.nvim": { "branch": "main", "commit": "8db12610bcb7ce67013cfdfaba4dd47a23c6e851" },
+  "mason-lspconfig.nvim": { "branch": "main", "commit": "37a336b653f8594df75c827ed589f1c91d91ff6c" },
  "mason.nvim": { "branch": "main", "commit": "0950b15060067f752fde13a779a994f59516ce3d" },
-  "mini.ai": { "branch": "main", "commit": "7859b6344f5cee567a94f173859d25e20ba1a77e" },
-  "mini.pairs": { "branch": "main", "commit": "40261dfcec7623cd57be3c3beb50fa73f2650cdf" },
+  "mini.ai": { "branch": "main", "commit": "ebf806de0292ef89b2756cfb0b55040901d1c441" },
+  "mini.pairs": { "branch": "main", "commit": "18a2d9d7106d08d3560d07c03dcbf5680c8675cc" },
  "neo-tree.nvim": { "branch": "v3.x", "commit": "29f7c215332ba95e470811c380ddbce2cebe2af4" },
  "no-neck-pain.nvim": { "branch": "main", "commit": "741ad26c4acc45f2164a3933f7825b0e555b724d" },
-  "noice.nvim": { "branch": "main", "commit": "e5cb20c6e14305d24025ecb77d7d4dd9d61f1a64" },
-  "nui.nvim": { "branch": "main", "commit": "322978c734866996274467de084a95e4f9b5e0b1" },
-  "nvim-cmp": { "branch": "main", "commit": "5260e5e8ecadaf13e6b82cf867a909f54e15fd07" },
-  "nvim-lint": { "branch": "master", "commit": "941fa1220a61797a51f3af9ec6b7d74c8c7367ce" },
-  "nvim-lspconfig": { "branch": "master", "commit": "92166b89ab4b3d60f24e58170cac53b7141fd032" },
+  "noice.nvim": { "branch": "main", "commit": "cade1f972ba226e7753a7a113f3f1a942908e73c" },
+  "nui.nvim": { "branch": "main", "commit": "61574ce6e60c815b0a0c4b5655b8486ba58089a1" },
+  "nvim-cmp": { "branch": "main", "commit": "a110e12d0b58eefcf5b771f533fc2cf3050680ac" },
+  "nvim-lint": { "branch": "master", "commit": "efc6fc83f0772283e064c53a8f9fb5645bde0bc0" },
+  "nvim-lspconfig": { "branch": "master", "commit": "9c9eb07fecc578e25e28db8dc9002b43fff2ed79" },
  "nvim-notify": { "branch": "master", "commit": "d333b6f167900f6d9d42a59005d82919830626bf" },
-  "nvim-spectre": { "branch": "master", "commit": "4d22fe03554056de4325762add3e546c77e3a275" },
-  "nvim-treesitter": { "branch": "master", "commit": "c5cbd3ec74f6f5ddbac939e6f24b99fe78262b4c" },
+  "nvim-spectre": { "branch": "master", "commit": "49fae98ef2bfa8342522b337892992e3495065d5" },
+  "nvim-treesitter": { "branch": "master", "commit": "53b32a6aa3e1de224e82f88cbdc08584c753adb7" },
  "nvim-treesitter-textobjects": { "branch": "master", "commit": "34867c69838078df7d6919b130c0541c0b400c47" },
-  "nvim-ts-autotag": { "branch": "main", "commit": "6eb4120a1aadef07ac312f1c4bc6456712220007" },
-  "nvim-web-devicons": { "branch": "master", "commit": "b4b302d6ae229f67df7a87ef69fa79473fe788a9" },
-  "persistence.nvim": { "branch": "main", "commit": "5fe077056c821aab41f87650bd6e1c48cd7dd047" },
+  "nvim-ts-autotag": { "branch": "main", "commit": "ddfccbf0df1b9349c2b9e9b17f4afa8f9b6c1ed1" },
+  "nvim-web-devicons": { "branch": "master", "commit": "c0cfc1738361b5da1cd0a962dd6f774cc444f856" },
+  "persistence.nvim": { "branch": "main", "commit": "95d03ad5450389ad7dc2a0fab14ebb3d46bc2c96" },
  "plenary.nvim": { "branch": "master", "commit": "a3e3bc82a3f95c5ed0d7201546d5d2c19b20d683" },
-  "telescope-fzf-native.nvim": { "branch": "main", "commit": "9ef21b2e6bb6ebeaf349a0781745549bbb870d27" },
-  "telescope.nvim": { "branch": "master", "commit": "3a743491e5c6be0ed0aa8c31c6905df8f66179ba" },
-  "todo-comments.nvim": { "branch": "main", "commit": "70a93ce66083699571adc361166504b03cc39c2b" },
-  "tokyonight.nvim": { "branch": "main", "commit": "02e9028fe3560f38363c2d38f1c87e45eb04fdb3" },
+  "rustaceanvim": { "branch": "master", "commit": "d6d7620b66d74b3b16defcf85cbef7b3582795b3" },
+  "todo-comments.nvim": { "branch": "main", "commit": "51e10f838e84b4756c16311d0b1ef0972c6482d2" },
+  "tokyonight.nvim": { "branch": "main", "commit": "30d7be361a7fbf187a881f17e574e9213d5108ea" },
  "tree-sitter-asm": { "branch": "main", "commit": "b0306e9bb2ebe01c6562f1aef265cc42ccc53070" },
-  "trouble.nvim": { "branch": "main", "commit": "806c50491078b66daf13c408042f2e74da46d0ff" },
+  "trouble.nvim": { "branch": "main", "commit": "88c3be40c061ce053ab326ce4fdcb973a1f785ff" },
+  "vim-freemarker": { "branch": "master", "commit": "993bda23e72e4c074659970c1e777cb19d8cf93e" },
  "which-key.nvim": { "branch": "main", "commit": "0099511294f16b81c696004fa6a403b0ae61f7a0" }
+}
--- a/user/modules/nvim/lazyvim.json
+++ b/user/modules/nvim/lazyvim.json
@ -1,9 +1,10 @@
 {
  "extras": [
-
+    "lazyvim.plugins.extras.dap.core",
+    "lazyvim.plugins.extras.lang.rust"
  ],
  "news": {
-    "NEWS.md": "3314"
+    "NEWS.md": "5950"
  },
-  "version": 3
+  "version": 6
 }
--- a/user/modules/nvim/lua/plugins/lsp.lua
+++ b/user/modules/nvim/lua/plugins/lsp.lua
@ -73,6 +73,7 @@ return {
        json = { { "prettierd", "prettier" } },
        yaml = { { "prettierd", "prettier" } },
        css = { { "prettierd", "prettier" } },
+        markdown = { { "prettierd", "prettier" } },
      },
    },
  },
@ -85,4 +86,12 @@ return {
  {
    "andreshazard/vim-freemarker",
  },
+  {
+    "mrcjkb/rustaceanvim",
+    opts = {
+      server = {
+        load_vscode_settings = true,
+      },
+    },
+  },
 }