diff --git a/modules/services/forgejo/default.nix b/modules/services/forgejo/default.nix index 4e57c68..6fe984c 100644 --- a/modules/services/forgejo/default.nix +++ b/modules/services/forgejo/default.nix @@ -9,6 +9,33 @@ with lib; let inherit (config.my.server) domain proxyIP firewallInterface; forgejoDomain = "git.${domain}"; forgejoUrl = "https://${forgejoDomain}"; + + # for nix actions runner + storeDeps = pkgs.runCommand "store-deps" {} '' + mkdir -p $out/bin + for dir in ${ + toString [ + pkgs.coreutils + pkgs.findutils + pkgs.gnugrep + pkgs.gawk + pkgs.git + pkgs.nix + pkgs.bash + pkgs.jq + pkgs.nodejs + pkgs.devenv + ] + }; do + for bin in "$dir"/bin/*; do + ln -s "$bin" "$out/bin/$(basename "$bin")" + done + done + + # Add SSL CA certs + mkdir -p $out/etc/ssl/certs + cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt + ''; in { options.my.services.forgejo = { enable = mkEnableOption "Forgejo"; @@ -34,6 +61,11 @@ in { config = mkMerge [ (mkIf cfg.enable { + age.secrets.forgejoSendgridKey = { + file = ../../../secrets/sendgrid-key.age; + owner = "forgejo"; + group = "forgejo"; + }; services.forgejo = { enable = true; package = pkgs.unstable.forgejo; @@ -56,36 +88,112 @@ in { settings.oauth2_client = { ENABLE_AUTO_REGISTRATION = true; }; + settings.mailer = { + ENABLED = true; + FROM = "forgejo@michaelt.xyz"; + PROTOCOL = "starttls"; + SMTP_ADDR = "smtp.sendgrid.net"; + SMTP_PORT = 587; + USER = "apikey"; + }; + mailerPasswordFile = config.age.secrets.forgejoSendgridKey.path; }; networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port]; + }) + (mkIf cfg.actions.enable { + # build image // taken from https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix + # everything here has no dependencies on the store + systemd.services.forgejo-runner-nix-image = { + wantedBy = ["multi-user.target"]; + after = ["podman.service"]; + requires = ["podman.service"]; + path = [ + config.virtualisation.podman.package + pkgs.gnutar + pkgs.shadow + pkgs.getent + ]; + # we also include etc here because the cleanup job also wants the nixuser to be present + script = '' + set -eux -o pipefail + mkdir -p etc/nix + # Create an unpriveleged user that we can use also without the run-as-user.sh script + touch etc/passwd etc/group + groupid=$(cut -d: -f3 < <(getent group nixuser)) + userid=$(cut -d: -f3 < <(getent passwd nixuser)) + groupadd --prefix $(pwd) --gid "$groupid" nixuser + emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.' + useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nixuser nixuser + + cat < etc/nix/nix.conf + accept-flake-config = true + experimental-features = nix-command flakes + NIX_CONFIG + + cat < etc/nsswitch.conf + passwd: files mymachines systemd + group: files mymachines systemd + shadow: files + + hosts: files mymachines dns myhostname + networks: files + + ethers: files + services: files + protocols: files + rpc: files + NSSWITCH + + # list the content as it will be imported into the container + tar -cv . | tar -tvf - + tar -cv . | podman import - forgejo-runner-nix + ''; + serviceConfig = { + RuntimeDirectory = "forgejo-runner-nix-image"; + WorkingDirectory = "/run/forgejo-runner-nix-image"; + Type = "oneshot"; + RemainAfterExit = true; + }; + }; + + users.users.nixuser = { + group = "nixuser"; + description = "Used for running nix ci jobs"; + home = "/var/empty"; + isSystemUser = true; + }; + users.groups.nixuser = {}; + + # configure the actions runner itself age.secrets.forgejoActions.file = ../../../secrets/forgejo-actions.age; services.gitea-actions-runner = mkIf cfg.actions.enable { package = pkgs.unstable.forgejo-runner; instances.venus = { enable = true; - name = "venus"; + name = "venus-nix-runner"; url = forgejoUrl; settings = { - # log = { - # level = "debug"; - # }; - options = "-v /var/run/podman/podman.sock:/var/run/podman/podman.sock"; + # options = "-v /var/run/podman/podman.sock:/var/run/podman/podman.sock"; runner = { - capacity = 5; + capacity = 1; timeout = "45m"; }; container = { - privileged = true; - valid_volumes = ["*"]; - force_pull = false; + options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; + # privileged = true; + valid_volumes = [ + "/nix" + "${storeDeps}/bin" + "${storeDeps}/etc/ssl" + ]; + # force_pull = false; network = "bridge"; }; }; labels = [ - "debian-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest" - "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest" + "nix:docker://forgejo-runner-nix" ]; tokenFile = config.age.secrets.forgejoActions.path; }; diff --git a/pkgs/nvim/config/filetrees/neo-tree.nix b/pkgs/nvim/config/filetrees/neo-tree.nix index c83589e..8ae67c4 100644 --- a/pkgs/nvim/config/filetrees/neo-tree.nix +++ b/pkgs/nvim/config/filetrees/neo-tree.nix @@ -1,6 +1,6 @@ { plugins.neo-tree = { - enable = false; + enable = true; enableDiagnostics = true; enableGitStatus = true; enableModifiedMarkers = true; @@ -9,9 +9,7 @@ popupBorderStyle = "rounded"; # Type: null or one of “NC”, “double”, “none”, “rounded”, “shadow”, “single”, “solid” or raw lua code buffers = { bindToCwd = false; - followCurrentFile = { - enabled = true; - }; + followCurrentFile.enabled = true; }; window = { width = 40; @@ -21,44 +19,63 @@ "" = "none"; }; }; + filesystem = { + bindToCwd = false; + followCurrentFile.enabled = true; + useLibuvFileWatcher = true; + }; + defaultComponentConfigs = { + indent = { + withExpanders = true; # if nil and file nesting is enabled, will enable expanders + expanderCollapsed = ""; + expanderExpanded = ""; + expanderHighlight = "NeoTreeExpander"; + }; + gitStatus = { + symbols = { + unstaged = "󰄱"; + staged = "󰱒"; + }; + }; + }; }; - # keymaps = [ - # { - # mode = "n"; - # key = "e"; - # action = ":Neotree toggle reveal_force_cwd"; - # options = { - # silent = true; - # desc = "Explorer NeoTree (root dir)"; - # }; - # } - # { - # mode = "n"; - # key = "E"; - # action = "Neotree toggle"; - # options = { - # silent = true; - # desc = "Explorer NeoTree (cwd)"; - # }; - # } - # { - # mode = "n"; - # key = "be"; - # action = ":Neotree buffers"; - # options = { - # silent = true; - # desc = "Buffer explorer"; - # }; - # } - # { - # mode = "n"; - # key = "ge"; - # action = ":Neotree git_status"; - # options = { - # silent = true; - # desc = "Git explorer"; - # }; - # } - # ]; + keymaps = [ + { + mode = "n"; + key = "e"; + action = ":Neotree toggle reveal_force_cwd"; + options = { + silent = true; + desc = "Explorer NeoTree (root dir)"; + }; + } + { + mode = "n"; + key = "E"; + action = "Neotree toggle"; + options = { + silent = true; + desc = "Explorer NeoTree (cwd)"; + }; + } + { + mode = "n"; + key = "be"; + action = ":Neotree buffers"; + options = { + silent = true; + desc = "Buffer explorer"; + }; + } + { + mode = "n"; + key = "ge"; + action = ":Neotree git_status"; + options = { + silent = true; + desc = "Git explorer"; + }; + } + ]; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2f1fe02..b441023 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,6 +7,7 @@ in { "wireguard-thinkcentre.age".publicKeys = [venus]; "keycloak-db.age".publicKeys = [venus]; "forgejo-actions.age".publicKeys = [venus]; + "sendgrid-key.age".publicKeys = [venus]; # Oracle "wireguard-oracle.age".publicKeys = [oracle]; diff --git a/secrets/sendgrid-key.age b/secrets/sendgrid-key.age new file mode 100644 index 0000000..a9660a1 Binary files /dev/null and b/secrets/sendgrid-key.age differ diff --git a/user/modules/nvim/lazy-lock.json b/user/modules/nvim/lazy-lock.json index 475a915..c94c8d5 100644 --- a/user/modules/nvim/lazy-lock.json +++ b/user/modules/nvim/lazy-lock.json @@ -1,43 +1,44 @@ { - "LazyVim": { "branch": "main", "commit": "a5f8af912de4b334cb900a9f383b6e317568f27f" }, - "bufferline.nvim": { "branch": "main", "commit": "99337f63f0a3c3ab9519f3d1da7618ca4f91cffe" }, - "catppuccin": { "branch": "main", "commit": "5215ea59df6d0a7e27da9a5cd1165e06d1b04cbe" }, + "LazyVim": { "branch": "main", "commit": "53f4595b4e7ee980e9446a9248862a40701959c1" }, + "bufferline.nvim": { "branch": "main", "commit": "81820cac7c85e51e4cf179f8a66d13dbf7b032d9" }, + "catppuccin": { "branch": "main", "commit": "894efb557728e532aa98b98029d16907a214ec05" }, "cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" }, "cmp-nvim-lsp": { "branch": "main", "commit": "39e2eda76828d88b773cc27a3f61d2ad782c922d" }, "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" }, - "conform.nvim": { "branch": "master", "commit": "069e971295a34a810484b7b2ef54b3c735214181" }, - "dashboard-nvim": { "branch": "master", "commit": "5346d023afc4bfc7ff63d05c70bcdb0784bb657a" }, - "dressing.nvim": { "branch": "master", "commit": "e3714c8049b2243e792492c4149e4cc395c68eb9" }, + "conform.nvim": { "branch": "master", "commit": "c26dadf8a47a547768d1048a0d698ecec33494ce" }, + "dashboard-nvim": { "branch": "master", "commit": "69a4c935cc43d3d725ed0600c6d00593bc23d132" }, "flash.nvim": { "branch": "main", "commit": "43f67935d388fbb540f8b40e8cbfd80de54f978a" }, - "friendly-snippets": { "branch": "main", "commit": "e11b09bf10706bb74e16e4c3d11b2274d62e687f" }, - "gitsigns.nvim": { "branch": "main", "commit": "4a143f13e122ab91abdc88f89eefbe70a4858a56" }, + "friendly-snippets": { "branch": "main", "commit": "682157939e57bd6a2c86277dfd4d6fbfce63dbac" }, + "gitsigns.nvim": { "branch": "main", "commit": "fa42613096ebfa5fee1ea87d70f8625ab9685d01" }, "gruvbox.nvim": { "branch": "main", "commit": "d4cde3853a172485961b515c36d51d757728d6e6" }, - "indent-blankline.nvim": { "branch": "master", "commit": "d98f537c3492e87b6dc6c2e3f66ac517528f406f" }, - "lazy.nvim": { "branch": "main", "commit": "fafe1f7c640aed75e70a10e6649612cd96f39149" }, + "indent-blankline.nvim": { "branch": "master", "commit": "4288ce8128a52650e401dda42fd7651a6038f262" }, + "kdl.vim": { "branch": "main", "commit": "b84d7d3a15d8d30da016cf9e98e2cfbe35cddee5" }, + "lazy.nvim": { "branch": "main", "commit": "20af3fcc4ef2fef0cb4021543c70410567fcf9aa" }, "lualine.nvim": { "branch": "master", "commit": "0a5a66803c7407767b799067986b4dc3036e1983" }, - "mason-lspconfig.nvim": { "branch": "main", "commit": "8db12610bcb7ce67013cfdfaba4dd47a23c6e851" }, + "mason-lspconfig.nvim": { "branch": "main", "commit": "37a336b653f8594df75c827ed589f1c91d91ff6c" }, "mason.nvim": { "branch": "main", "commit": "0950b15060067f752fde13a779a994f59516ce3d" }, - "mini.ai": { "branch": "main", "commit": "7859b6344f5cee567a94f173859d25e20ba1a77e" }, - "mini.pairs": { "branch": "main", "commit": "40261dfcec7623cd57be3c3beb50fa73f2650cdf" }, + "mini.ai": { "branch": "main", "commit": "ebf806de0292ef89b2756cfb0b55040901d1c441" }, + "mini.pairs": { "branch": "main", "commit": "18a2d9d7106d08d3560d07c03dcbf5680c8675cc" }, "neo-tree.nvim": { "branch": "v3.x", "commit": "29f7c215332ba95e470811c380ddbce2cebe2af4" }, "no-neck-pain.nvim": { "branch": "main", "commit": "741ad26c4acc45f2164a3933f7825b0e555b724d" }, - "noice.nvim": { "branch": "main", "commit": "e5cb20c6e14305d24025ecb77d7d4dd9d61f1a64" }, - "nui.nvim": { "branch": "main", "commit": "322978c734866996274467de084a95e4f9b5e0b1" }, - "nvim-cmp": { "branch": "main", "commit": "5260e5e8ecadaf13e6b82cf867a909f54e15fd07" }, - "nvim-lint": { "branch": "master", "commit": "941fa1220a61797a51f3af9ec6b7d74c8c7367ce" }, - "nvim-lspconfig": { "branch": "master", "commit": "92166b89ab4b3d60f24e58170cac53b7141fd032" }, + "noice.nvim": { "branch": "main", "commit": "cade1f972ba226e7753a7a113f3f1a942908e73c" }, + "nui.nvim": { "branch": "main", "commit": "61574ce6e60c815b0a0c4b5655b8486ba58089a1" }, + "nvim-cmp": { "branch": "main", "commit": "a110e12d0b58eefcf5b771f533fc2cf3050680ac" }, + "nvim-lint": { "branch": "master", "commit": "efc6fc83f0772283e064c53a8f9fb5645bde0bc0" }, + "nvim-lspconfig": { "branch": "master", "commit": "9c9eb07fecc578e25e28db8dc9002b43fff2ed79" }, "nvim-notify": { "branch": "master", "commit": "d333b6f167900f6d9d42a59005d82919830626bf" }, - "nvim-spectre": { "branch": "master", "commit": "4d22fe03554056de4325762add3e546c77e3a275" }, - "nvim-treesitter": { "branch": "master", "commit": "c5cbd3ec74f6f5ddbac939e6f24b99fe78262b4c" }, + "nvim-spectre": { "branch": "master", "commit": "49fae98ef2bfa8342522b337892992e3495065d5" }, + "nvim-treesitter": { "branch": "master", "commit": "53b32a6aa3e1de224e82f88cbdc08584c753adb7" }, "nvim-treesitter-textobjects": { "branch": "master", "commit": "34867c69838078df7d6919b130c0541c0b400c47" }, - "nvim-ts-autotag": { "branch": "main", "commit": "6eb4120a1aadef07ac312f1c4bc6456712220007" }, - "nvim-web-devicons": { "branch": "master", "commit": "b4b302d6ae229f67df7a87ef69fa79473fe788a9" }, - "persistence.nvim": { "branch": "main", "commit": "5fe077056c821aab41f87650bd6e1c48cd7dd047" }, + "nvim-ts-autotag": { "branch": "main", "commit": "ddfccbf0df1b9349c2b9e9b17f4afa8f9b6c1ed1" }, + "nvim-web-devicons": { "branch": "master", "commit": "c0cfc1738361b5da1cd0a962dd6f774cc444f856" }, + "persistence.nvim": { "branch": "main", "commit": "95d03ad5450389ad7dc2a0fab14ebb3d46bc2c96" }, "plenary.nvim": { "branch": "master", "commit": "a3e3bc82a3f95c5ed0d7201546d5d2c19b20d683" }, - "telescope-fzf-native.nvim": { "branch": "main", "commit": "9ef21b2e6bb6ebeaf349a0781745549bbb870d27" }, - "telescope.nvim": { "branch": "master", "commit": "3a743491e5c6be0ed0aa8c31c6905df8f66179ba" }, - "todo-comments.nvim": { "branch": "main", "commit": "70a93ce66083699571adc361166504b03cc39c2b" }, - "tokyonight.nvim": { "branch": "main", "commit": "02e9028fe3560f38363c2d38f1c87e45eb04fdb3" }, + "rustaceanvim": { "branch": "master", "commit": "d6d7620b66d74b3b16defcf85cbef7b3582795b3" }, + "todo-comments.nvim": { "branch": "main", "commit": "51e10f838e84b4756c16311d0b1ef0972c6482d2" }, + "tokyonight.nvim": { "branch": "main", "commit": "30d7be361a7fbf187a881f17e574e9213d5108ea" }, "tree-sitter-asm": { "branch": "main", "commit": "b0306e9bb2ebe01c6562f1aef265cc42ccc53070" }, - "trouble.nvim": { "branch": "main", "commit": "806c50491078b66daf13c408042f2e74da46d0ff" }, + "trouble.nvim": { "branch": "main", "commit": "88c3be40c061ce053ab326ce4fdcb973a1f785ff" }, + "vim-freemarker": { "branch": "master", "commit": "993bda23e72e4c074659970c1e777cb19d8cf93e" }, "which-key.nvim": { "branch": "main", "commit": "0099511294f16b81c696004fa6a403b0ae61f7a0" } +} \ No newline at end of file diff --git a/user/modules/nvim/lazyvim.json b/user/modules/nvim/lazyvim.json index f03853f..29eff76 100644 --- a/user/modules/nvim/lazyvim.json +++ b/user/modules/nvim/lazyvim.json @@ -1,9 +1,10 @@ { "extras": [ - + "lazyvim.plugins.extras.dap.core", + "lazyvim.plugins.extras.lang.rust" ], "news": { - "NEWS.md": "3314" + "NEWS.md": "5950" }, - "version": 3 + "version": 6 } \ No newline at end of file diff --git a/user/modules/nvim/lua/plugins/lsp.lua b/user/modules/nvim/lua/plugins/lsp.lua index ea923ed..0099ed4 100644 --- a/user/modules/nvim/lua/plugins/lsp.lua +++ b/user/modules/nvim/lua/plugins/lsp.lua @@ -73,6 +73,7 @@ return { json = { { "prettierd", "prettier" } }, yaml = { { "prettierd", "prettier" } }, css = { { "prettierd", "prettier" } }, + markdown = { { "prettierd", "prettier" } }, }, }, }, @@ -85,4 +86,12 @@ return { { "andreshazard/vim-freemarker", }, + { + "mrcjkb/rustaceanvim", + opts = { + server = { + load_vscode_settings = true, + }, + }, + }, }