ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:feature/ftb-app
Branches Tags
ahuston-0:main ahuston-0:feature/home-config ahuston-0:feature/add-parthenon ahuston-0:ahuston-0-patch-2 ahuston-0:feature/add-pc ahuston-0:feature/add-jessica ahuston-0:feature/gitea-minio ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:feature/setting-up-greylog
Branches Tags
ahuston-0:feature/home-config ahuston-0:main ahuston-0:feature/add-parthenon ahuston-0:ahuston-0-patch-2 ahuston-0:feature/add-pc ahuston-0:feature/add-jessica ahuston-0:feature/gitea-minio ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes

1 Commits
feature/ft ... feature/se

Author SHA1 Message Date
ahuston-0
930fea9ed9 added word to cspell
All checks were successful
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 1m54s
Details
Check Nix formatting / Perform Nix format checks (pull_request) Successful in 10m27s
Details
Check Nix flake / Perform Nix flake checks (ubuntu-latest) (pull_request) Successful in 16m58s
Details
Check Nix flake / Build nix outputs (ubuntu-latest) (pull_request) Successful in 22m52s
Details 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-03-20 11:51:48 -04:00
38 changed files with 292 additions and 651 deletions
Expand all files Collapse all files

44
.github/workflows/flake-health-checks.yml vendored
View File

@ -8,7 +8,10 @@ on:
jobs:
health-check:
name: "Perform Nix flake checks"
runs-on: ubuntu-latest
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
steps:
- uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
@ -21,21 +24,24 @@ jobs:
- uses: actions/checkout@v4
- run: nix flake check --accept-flake-config
- run: nix ./utils/attic-push.bash
# build-checks:
# name: "Build nix outputs"
# runs-on: ubuntu-latest
# steps:
# - uses: DeterminateSystems/nix-installer-action@main
# - name: Setup Attic cache
# uses: ryanccn/attic-action@v0
# with:
# endpoint: ${{ secrets.ATTIC_ENDPOINT }}
# cache: ${{ secrets.ATTIC_CACHE }}
# token: ${{ secrets.ATTIC_TOKEN }}
# skip-push: "true"
# - uses: actions/checkout@v4
# - name: Build all outputs
# run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
# - name: Push to Attic
# run: nix ./utils/attic-push.bash
# continue-on-error: true
build-checks:
name: "Build nix outputs"
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
steps:
- uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4
- name: Build all outputs
run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true

5
.vscode/settings.json vendored
View File

@ -41,6 +41,7 @@
"codezombiech",
"compactmode",
"Compat",
"concat",
"concatLists",
"contentblocking",
"cookiebanners",
@ -153,6 +154,7 @@
"networkd",
"networkmanager",
"newtabpage",
"nixfmt",
"nixos",
"nixpkgs",
"nmap",
@ -214,6 +216,8 @@
"rofi",
"rpool",
"rspace",
"rsyslog",
"rsyslogd",
"rtkit",
"safebrowsing",
"Sandro",
@ -255,6 +259,7 @@
"topstories",
"Toqozz",
"torrenting",
"treefmt",
"twimg",
"uaccess",
"ublock",

4
README.md
View File

@ -14,7 +14,9 @@ to onboard a new user or system.
Although we are not actively looking for new members to join in on this repo,
we are not strictly opposed. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) for further information.
[@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill)
for further information.
## Repo Structure

3
docs/CONTRIBUTING.md
View File

@ -107,7 +107,8 @@ rules.
We allow secrets to be embedded in the repository using `sops-nix`. As part of
the process everything is encrypted, however adding a new user is a change
that every existing SOPS user needs to participate in. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested
[@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill) if you are interested
in using secrets on your machines.
## CI/CD

183
flake.lock generated
View File

@ -78,11 +78,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1743483509,
"narHash": "sha256-aHnOrBV4UpVQuv9RHmYaRb0jZRBpmeDWsZWBRoSCc5w=",
"lastModified": 1742449434,
"narHash": "sha256-UVz7NhPzbEWey6mMJU3Jwjqfbp0xH0iKZDuoRjhZEN0=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "692aba39210127804151c9436e4b87fe1d0e0f2b",
"rev": "1b0b14b56353040142e0ef5b0ab37743bbbf4ab4",
"type": "gitlab"
},
"original": {
@ -312,11 +312,11 @@
]
},
"locked": {
"lastModified": 1743482579,
"narHash": "sha256-u81nqA4UuRatKDkzUuIfVYdLMw8birEy+99oXpdyXhY=",
"lastModified": 1742447757,
"narHash": "sha256-Q0KXcHQmum8L6IzGhhkVhjFMKY6BvYa/rhmLP26Ws8o=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c21383b556609ce1ad901aa08b4c6fbd9e0c7af0",
"rev": "94605dcadefeaff6b35c8931c9f38e4f4dc7ad0a",
"type": "github"
},
"original": {
@ -325,27 +325,6 @@
"type": "github"
}
},
"hydra": {
"inputs": {
"nix": "nix",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1743447171,
"narHash": "sha256-5+lbBGlOmVa+dNY8L4ElDCkB7+VedZpPTcBOFIF+0TM=",
"ref": "add-gitea-pulls",
"rev": "a20f37b97fa43eea1570bf125ee95f19ba7e2674",
"revCount": 4327,
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
},
"original": {
"ref": "add-gitea-pulls",
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
}
},
"hyprland-contrib": {
"inputs": {
"nixpkgs": [
@ -353,11 +332,11 @@
]
},
"locked": {
"lastModified": 1743417258,
"narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=",
"lastModified": 1742213523,
"narHash": "sha256-I8JVdQRu8eWvY5W8XWYZkdd5pojDHkxeqQV7mMIsbhs=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10",
"rev": "bd81329944be53b0ffb99e05864804b95f1d7c65",
"type": "github"
},
"original": {
@ -366,59 +345,6 @@
"type": "github"
}
},
"nix": {
"inputs": {
"flake-compat": [
"hydra"
],
"flake-parts": [
"hydra"
],
"git-hooks-nix": [
"hydra"
],
"nixpkgs": [
"hydra",
"nixpkgs"
],
"nixpkgs-23-11": [
"hydra"
],
"nixpkgs-regression": [
"hydra"
]
},
"locked": {
"lastModified": 1739899400,
"narHash": "sha256-q/RgA4bB7zWai4oPySq9mch7qH14IEeom2P64SXdqHs=",
"owner": "NixOS",
"repo": "nix",
"rev": "e310c19a1aeb1ce1ed4d41d5ab2d02db596e0918",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.26-maintenance",
"repo": "nix",
"type": "github"
}
},
"nix-eval-jobs": {
"flake": false,
"locked": {
"lastModified": 1739500569,
"narHash": "sha256-3wIReAqdTALv39gkWXLMZQvHyBOc3yPkWT2ZsItxedY=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "4b392b284877d203ae262e16af269f702df036bc",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-eval-jobs",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
@ -426,11 +352,11 @@
]
},
"locked": {
"lastModified": 1743306489,
"narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
"lastModified": 1742174123,
"narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
"rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c",
"type": "github"
},
"original": {
@ -462,11 +388,11 @@
]
},
"locked": {
"lastModified": 1742568034,
"narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"lastModified": 1742217219,
"narHash": "sha256-pLRjj0jTL1TloB0ptEwVF51IJJX8a17dSxg+gqiWb30=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"rev": "83900d5154d840dfae1e0367c5290f59b9dccf03",
"type": "github"
},
"original": {
@ -477,11 +403,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1743420942,
"narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",
"lastModified": 1742376361,
"narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",
"rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9",
"type": "github"
},
"original": {
@ -500,11 +426,11 @@
]
},
"locked": {
"lastModified": 1743178092,
"narHash": "sha256-fOMsQpcdIbj+wOexiCSEW2J4Erqd0LRV25aYiOx4QRw=",
"lastModified": 1742419596,
"narHash": "sha256-+Bw1HR4oX6vUbCMhwWbW+Nr20F+UesNdUd7b17s3ESE=",
"owner": "SuperSandro2000",
"repo": "nixos-modules",
"rev": "77ff511df92a9d4a828bdf032b8f48e7c3d99b50",
"rev": "82491ff311152b87fe7cfbdaf545f727e0750aa9",
"type": "github"
},
"original": {
@ -515,16 +441,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1739461644,
"narHash": "sha256-1o1qR0KYozYGRrnqytSpAhVBYLNBHX+Lv6I39zGRzKM=",
"owner": "NixOS",
"lastModified": 1742450798,
"narHash": "sha256-lfOAAaX68Ed7R6Iy2nbFAkGj6B8kHBp3nqZhgZjxR5c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "97a719c9f0a07923c957cf51b20b329f9fb9d43f",
"rev": "b64ec1944ea40d9f3920f938e17ed39a9978c6c7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11-small",
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
@ -546,11 +472,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1743367904,
"narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=",
"lastModified": 1742268799,
"narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c",
"rev": "da044451c6a70518db5b730fe277b70f494188f1",
"type": "github"
},
"original": {
@ -560,22 +486,6 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743472173,
"narHash": "sha256-xwNv3FYTC5pl4QVZ79gUxqCEvqKzcKdXycpH5UbYscw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88e992074d86ad50249de12b7fb8dbaadf8dc0c5",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_2",
@ -610,11 +520,11 @@
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"lastModified": 1742300892,
"narHash": "sha256-QmF0proyjXI9YyZO9GZmc7/uEu5KVwCtcdLsKSoxPAI=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"rev": "ea26a82dda75bee6783baca6894040c8e6599728",
"type": "github"
},
"original": {
@ -630,13 +540,12 @@
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"hydra": "hydra",
"hyprland-contrib": "hyprland-contrib",
"nix-index-database": "nix-index-database",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"pre-commit-hooks": "pre-commit-hooks",
"rust-overlay": "rust-overlay",
@ -653,11 +562,11 @@
]
},
"locked": {
"lastModified": 1743475035,
"narHash": "sha256-uLjVsb4Rxnp1zmFdPCDmdODd4RY6ETOeRj0IkC0ij/4=",
"lastModified": 1742437918,
"narHash": "sha256-Vflb6KJVDikFcM9E231mRN88uk4+jo7BWtaaQMifthI=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "bee11c51c2cda3ac57c9e0149d94b86cc1b00d13",
"rev": "f03085549609e49c7bcbbee86a1949057d087199",
"type": "github"
},
"original": {
@ -673,11 +582,11 @@
]
},
"locked": {
"lastModified": 1743502316,
"narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=",
"lastModified": 1742406979,
"narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8",
"rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609",
"type": "github"
},
"original": {
@ -714,11 +623,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1743496321,
"narHash": "sha256-xhHg8ixBhZngvGOMb2SJuJEHhHA10n8pA02fEKuKzek=",
"lastModified": 1742422444,
"narHash": "sha256-Djg5uMhIDPdFOZ7kTrqNlHaAqcx/4rp7BofZLsUHkLY=",
"owner": "danth",
"repo": "stylix",
"rev": "54721996d6590267d095f63297d9051e9342a33d",
"rev": "f122d70925ca44e5ee4216661769437ab36a6a3f",
"type": "github"
},
"original": {
@ -874,11 +783,11 @@
]
},
"locked": {
"lastModified": 1743305055,
"narHash": "sha256-NIsi8Dno9YsOLUUTrLU4p+hxYeJr3Vkg1gIpQKVTaDs=",
"lastModified": 1730615238,
"narHash": "sha256-u/ZGtyEUvAkFOBgLo2YldOx0GKjE3/esWpWruRD376E=",
"owner": "Toqozz",
"repo": "wired-notify",
"rev": "75d43f54a02b15f2a15f5c1a0e1c7d15100067a6",
"rev": "1632418aa15889343028261663e81d8b5595860e",
"type": "github"
},
"original": {

21
flake.nix
View File

@ -18,7 +18,6 @@
"nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs="
];
trusted-users = [ "root" ];
allow-import-from-derivation = true;
};
inputs = {
@ -59,13 +58,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
hydra = {
url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# };
};
hyprland-contrib = {
url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs";
@ -136,7 +128,7 @@
systems = [
"x86_64-linux"
# disable arm for now as hydra isn't set up for it
# "aarch64-linuxa
# "aarch64-linux"
];
forEachSystem = lib.genAttrs systems;
@ -152,13 +144,13 @@
lib = self;
}
);
inherit (lib.adev.systems) genSystems getImages;
inherit (self) outputs; # for hydra and packages
inherit (lib.rad-dev.systems) genSystems getImages;
inherit (self) outputs; # for hydra
in
rec {
inherit lib; # for allowing use of custom functions in nix repl
hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
#hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
nixosConfigurations = genSystems inputs outputs src (src + "/systems");
@ -168,7 +160,10 @@
qcow = getImages nixosConfigurations "qcow";
};
packages = import ./pkgs { pkgs = nixpkgs.legacyPackages.x86_64-linux; };
packages.x86_64-linux.lego-latest =
nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/lego-latest/default.nix
{ };
checks = import ./checks.nix { inherit inputs forEachSystem formatter; };
devShells = import ./shell.nix { inherit inputs forEachSystem checks; };

13
hydra/jobsets.nix
View File

@ -19,6 +19,7 @@ let
prs = readJSONFile pulls;
refs = readJSONFile branches;
repo = "RAD-Development/nix-dotfiles";
# template for creating a job
makeJob =
@ -27,7 +28,6 @@ let
keepnr ? 3,
description,
flake,
enabled ? 1,
}:
{
inherit
@ -35,8 +35,8 @@ let
flake
schedulingshares
keepnr
enabled
;
enabled = 1;
type = 1;
hidden = false;
checkinterval = 300; # every 5 minutes
@ -44,9 +44,7 @@ let
emailoverride = "";
};
giteaHost = "ssh://gitea@nayeonie.com:2222";
repo = "ahuston-0/nix-dotfiles";
# # Create a hydra job for a branch
# Create a hydra job for a branch
jobOfRef =
name:
{ ref, ... }:
@ -57,7 +55,7 @@ let
name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}";
value = makeJob {
description = "Branch ${name}";
flake = "git+${giteaHost}/${repo}?ref=${ref}";
flake = "git+ssh://git@github.com/${repo}?ref=${ref}";
};
};
@ -66,8 +64,7 @@ let
name = if info.draft then "draft-${id}" else "pr-${id}";
value = makeJob {
description = "PR ${id}: ${info.title}";
flake = "git+${giteaHost}/${repo}?ref=${info.head.ref}";
enabled = info.state == "open";
flake = "git+ssh://git@github.com/${info.head.repo.full_name}?ref=${info.head.ref}";
};
};

12
hydra/spec.json
View File

@ -1,7 +1,7 @@
{
"enabled": 1,
"hidden": false,
"description": "ahuston-0's personal server infra",
"description": "RAD Development infrastructure",
"nixexprinput": "nixexpr",
"nixexprpath": "hydra/jobsets.nix",
"checkinterval": 60,
@ -12,7 +12,7 @@
"type": 0,
"inputs": {
"nixexpr": {
"value": "ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git main",
"value": "https://github.com/RAD-Development/nix-dotfiles main",
"type": "git",
"emailresponsible": false
},
@ -22,13 +22,13 @@
"emailresponsible": false
},
"pulls": {
"type": "giteapulls",
"value": "nayeonie.com ahuston-0 nix-dotfiles https",
"type": "githubpulls",
"value": "RAD-Development nix-dotfiles",
"emailresponsible": false
},
"branches": {
"type": "gitea_refs",
"value": "nayeonie.com ahuston-0 nix-dotfiles heads https -",
"type": "github_refs",
"value": "RAD-Development nix-dotfiles heads -",
"emailresponsible": false
}
}

4
lib/default.nix
View File

@ -1,7 +1,7 @@
{ lib, ... }:
{
# create adev namespace for lib
adev = rec {
# create rad-dev namespace for lib
rad-dev = rec {
systems = import ./systems.nix { inherit lib; };
container-utils = import ./container-utils.nix { inherit lib; };

10
lib/systems.nix
View File

@ -128,7 +128,6 @@ rec {
# configPath: path to the folder containing hardware.nix & configuration.nix
# hostname: hostname of the server
# inputs: flake inputs to be used
# outputs: flake outputs to be used, primarily for accessing custom packages
# src: base path of the repo
# users: list of users to be added
# home: enables home-manager on this machine (requires all users to have home-manager)
@ -150,7 +149,7 @@ rec {
configPath,
hostname,
inputs,
outputs ? { },
outputs,
src,
users,
home ? true,
@ -177,7 +176,7 @@ rec {
(configPath + "/configuration.nix")
]
++ modules
++ (lib.adev.fileList (src + "/modules"))
++ (lib.rad-dev.fileList (src + "/modules"))
++ genWrapper sops genSops args
++ genWrapper home genHome args
++ genWrapper true genUsers args
@ -192,7 +191,6 @@ rec {
#
# args:
# inputs: flake-inputs to be distributed to each system config
# outputs: flake-outputs to be distributed to each system config
# src: the base path to the repo
# path: the path to read the systems from, should be a directory containing one directory per machine, each having at least the following
# - default.nix (with the extra params for constructSystem in it, see systems/palatine-hill/default.nix for an example)
@ -221,10 +219,10 @@ rec {
;
hostname = name;
}
// import configPath { inherit inputs outputs; }
// import configPath { inherit inputs; }
);
}
) (lib.adev.lsdir path)
) (lib.rad-dev.lsdir path)
);
# gets all the images of a specified format

2
modules/autopull.nix
View File

@ -61,7 +61,7 @@ in
lib.mkIf cfg.enable {
environment.systemPackages =
[ pkgs.git ]
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
pkgs.openssh
];

4
modules/kub_net.nix
View File

@ -1,10 +1,10 @@
{ lib, config, ... }:
let
cfg = config.services.adev.k3s-net;
cfg = config.services.rad-dev.k3s-net;
in
{
options = {
services.adev.k3s-net = {
services.rad-dev.k3s-net = {
enable = lib.mkOption {
default = false;
example = true;

14
modules/nix.nix
View File

@ -1,9 +1,4 @@
{
lib,
pkgs,
outputs,
...
}:
{ lib, pkgs, ... }:
{
nix = {
package = pkgs.nixVersions.latest;
@ -51,11 +46,4 @@
dates = [ "01:00" ];
};
};
nixpkgs.overlays = [
(_: _: {
# bring all packages into a namespace called rad-pkgs
rad-pkgs = lib.genAttrs (lib.attrNames outputs.packages) (pkg: outputs.packages.${pkg});
})
];
}

4
modules/yubikey.nix
View File

@ -5,11 +5,11 @@
...
}:
let
cfg = config.services.adev.yubikey;
cfg = config.services.rad-dev.yubikey;
in
{
options = {
services.adev.yubikey = {
services.rad-dev.yubikey = {
enable = lib.mkEnableOption "enable yubikey defaults";
enable-desktop-app = lib.mkEnableOption "installs desktop application";
};

9
pkgs/default.nix
View File

@ -1,9 +0,0 @@
{ pkgs, ... }:
let
rad-maintainers = import ./maintainers.nix;
in
{
ftb-app = pkgs.callPackage ./ftb-app { inherit rad-maintainers; };
lego-latest = pkgs.callPackage ./lego-latest { inherit rad-maintainers; };
}

112
pkgs/ftb-app/default.nix
View File

@ -1,112 +0,0 @@
{
alsa-lib,
at-spi2-atk,
cairo,
cups,
dbus,
dpkg,
expat,
fetchurl,
gtk3,
gdk-pixbuf,
jre,
lib,
libdrm,
libgbm,
libxkbcommon,
makeWrapper,
mesa,
nspr,
nss,
pango,
rad-maintainers,
stdenv,
xorg,
...
}:
# source_aarch64=("https://piston.feed-the-beast.com/app/ftb-app-${pkgver}-arm64.deb")
# sha256sums_aarch64=(ad1197556a187693cbc488142562a0c17144e33056f1c914950c2f1496a4c532)
stdenv.mkDerivation rec {
pname = "ftb-app";
version = "1.27.3";
src = fetchurl {
url = "https://piston.feed-the-beast.com/app/ftb-app-linux-${version}-amd64.deb";
sha256 = "031a73g58vj35h33pmp3swjrjlg09ismdx46810sp7ihrpvs0ad6";
};
nativeBuildInputs = [
dpkg
makeWrapper
];
unpackPhase = ''
runHook preUnpack
dpkg -x $src ./ftb-app
runHook postUnpack
'';
installPhase = ''
runHook preInstall
mkdir -p "$out"
cp -r ftb-app/* "$out"
# Flatten /usr and manually merge lib/ and usr/lib/, since mv refuses to.
mv "$out"'/opt/FTB Electron App' "$out/bin"
mv "$out/usr/"* "$out/"
rmdir "$out/usr"
rmdir "$out/opt"
for f in "$out/share/applications/"*.desktop; do
substituteInPlace "$f" \
--replace-fail '/opt/FTB Electron App/ftb-app' "$out/bin/ftb-app"
done
# prevent self-upgrade with dpkg
rm "$out/bin/resources/package-type"
chmod +x "$out/bin/ftb-app"
libs="${nss}/lib/libnss3.so ${nss}/lib/libnssutil3.so ${nss}/lib/libsmime3.so "
libs+="${nspr}/lib/libnspr4.so ${dbus.lib}/lib/libdbus-1.so.3 "
libs+="${at-spi2-atk}/lib/libatk-1.0.so.0 ${cups.lib}/lib/libcups.so.2 "
libs+="${at-spi2-atk}/lib/libatk-bridge-2.0.so.0 "
libs+="${libdrm}/lib/libdrm.so.2 ${gtk3}/lib/libgtk-3.so.0 "
libs+="${pango.out}/lib/libpango-1.0.so.0 ${cairo}/lib/libcairo.so.2 "
libs+="${xorg.libX11}/lib/libX11.so.6 ${xorg.libXext}/lib/libXext.so.6 "
libs+="${xorg.libXcomposite}/lib/libXcomposite.so.1 "
libs+="${xorg.libXdamage}/lib/libXdamage.so.1 "
libs+="${xorg.libXfixes}/lib/libXfixes.so.3 ${expat}/lib/libexpat.so.1 "
libs+="${xorg.libXrandr}/lib/libXrandr.so.2 "
libs+="${xorg.libxcb}/lib/libxcb.so.1 ${alsa-lib}/lib/libasound.so.2 "
libs+="${libxkbcommon}/lib/libxkbcommon.so.0 "
libs+="${at-spi2-atk}/lib/libatspi.so.0 ${xorg.libXtst}/lib/libXtst.so.6 "
libs+="${gdk-pixbuf}/lib/libgdk_pixbuf-2.0.so.0 ${libgbm}/lib/libgbm.so.1"
echo "$libs"
for p in "$out/bin/ftb-app"; do
wrapProgram "$p" \
--set LD_PRELOAD "$libs" \
--set NIX_REDIRECTS "/usr/share=$out/share:"'/opt/FTB Electron Application'"=$out/bin" \
--set JAVA_HOME "${jre.home}"
# --prefix PATH : "{lib.makeBinPath [ gzip gnutar ]}"
done
runHook postInstall
'';
meta = with lib; {
description = "A new Modpack launcher for FTB and Curse modpacks.";
homepage = "https://feed-the-beast.com/app";
license = with licenses; [ lgpl21Only ];
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
maintainers = with rad-maintainers; [ ahuston-0 ];
platforms = [ "x86_64-linux" ];
mainProgram = "ftb-app";
};
}

3
pkgs/lego-latest/default.nix
View File

@ -2,7 +2,6 @@
lib,
fetchFromGitHub,
buildGoModule,
rad-maintainers,
}:
buildGoModule rec {
@ -32,7 +31,7 @@ buildGoModule rec {
description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit;
homepage = "https://go-acme.github.io/lego/";
maintainers = teams.acme.members ++ [ rad-maintainers.ahuston-0 ];
maintainers = teams.acme.members;
mainProgram = "lego";
};

77
pkgs/maintainers.nix
View File

@ -1,77 +0,0 @@
/*
Borrowed this from nixpkgs :)
List of NixOS maintainers.
```nix
handle = {
# Required
name = "Your name";
# Optional, but at least one of email, matrix or githubId must be given
email = "address@example.org";
matrix = "@user:example.org";
github = "GithubUsername";
githubId = your-github-id;
keys = [{
fingerprint = "AAAA BBBB CCCC DDDD EEEE FFFF 0000 1111 2222 3333";
}];
};
```
where
- `handle` is the handle you are going to use in nixpkgs expressions,
- `name` is a name that people would know and recognize you by,
- `email` is your maintainer email address,
- `matrix` is your Matrix user ID,
- `github` is your GitHub handle (as it appears in the URL of your profile page, `https://github.com/<userhandle>`),
- `githubId` is your GitHub user ID, which can be found at `https://api.github.com/users/<userhandle>`,
- `keys` is a list of your PGP/GPG key fingerprints.
Specifying a GitHub account ensures that you automatically:
- get invited to the @NixOS/nixpkgs-maintainers team ;
- once you are part of the @NixOS org, OfBorg will request you review
pull requests that modify a package for which you are a maintainer.
`handle == github` is strongly preferred whenever `github` is an acceptable attribute name and is short and convenient.
If `github` begins with a numeral, `handle` should be prefixed with an underscore.
```nix
_1example = {
github = "1example";
};
```
Add PGP/GPG keys only if you actually use them to sign commits and/or mail.
To get the required PGP/GPG values for a key run
```shell
gpg --fingerprint <email> | head -n 2
```
!!! Note that PGP/GPG values stored here are for informational purposes only, don't use this file as a source of truth.
More fields may be added in the future, however, in order to comply with GDPR this file should stay as minimal as possible.
When editing this file:
* keep the list alphabetically sorted, check with:
nix-instantiate --eval maintainers/scripts/check-maintainers-sorted.nix
* test the validity of the format with:
nix-build lib/tests/maintainers.nix
See `./scripts/check-maintainer-github-handles.sh` for an example on how to work with this data.
When adding a new maintainer, be aware of the current commit conventions
documented at [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#commit-conventions)
file located in the root of the Nixpkgs repo.
*/
{
ahuston-0 = {
name = "ahuston-0";
email = "aliceghuston@gmail.com";
github = "ahuston-0";
githubId = 43225907;
keys = [ { fingerprint = "F638 32C3 080D 6E1A C77E ECF8 0B42 45FF E305 BC82"; } ];
};
}

4
shell.nix
View File

@ -38,7 +38,7 @@ forEachSystem (
};
# constructs a custom shell with commonly used utilities
adev = pkgs.mkShell {
rad-dev = pkgs.mkShell {
packages = with pkgs; [
deadnix
pre-commit
@ -56,7 +56,7 @@ forEachSystem (
default = pkgs.mkShell {
inputsFrom = [
pre-commit
adev
rad-dev
sops
];
};

2
systems/artemision/configuration.nix
View File

@ -75,7 +75,7 @@
fprintd.enable = lib.mkForce false;
openssh.enable = lib.mkForce false;
adev.yubikey = {
rad-dev.yubikey = {
enable = true;
enable-desktop-app = true;
};

4
systems/artemision/desktop.nix
View File

@ -30,10 +30,6 @@
};
# Optional, hint electron apps to use wayland:
environment.sessionVariables.NIXOS_OZONE_WL = "1";
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
services = {
xserver = {

1
systems/artemision/programs.nix
View File

@ -72,7 +72,6 @@
protontricks
proxychains
qrencode
rad-pkgs.ftb-app
redshift
restic
ripgrep

2
systems/palatine-hill/acme.nix
View File

@ -31,7 +31,7 @@
openssl
]
++ [
outputs.packages.lego-latest
outputs.packages.x86_64-linux.lego-latest
]
);

102
systems/palatine-hill/attic/default.nix
View File

@ -62,58 +62,58 @@
# borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
# configured default webstore for this on root user separately
systemd = {
services = {
attic-watch-store = {
wantedBy = [ "multi-user.target" ];
after = [
"network-online.target"
"docker.service"
"atticd.service"
];
requires = [
"network-online.target"
"docker.service"
"atticd.service"
];
description = "Upload all store content to binary cache";
serviceConfig = {
User = "root";
Restart = "always";
ExecStart = "${pkgs.attic-client}/bin/attic watch-store nix-cache";
};
};
attic-sync-hydra = {
after = [
"network-online.target"
"docker.service"
"atticd.service"
];
requires = [
"network-online.target"
"docker.service"
"atticd.service"
];
description = "Force resync of hydra derivations with attic";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}";
};
};
};
# systemd = {
# services = {
# attic-watch-store = {
# wantedBy = [ "multi-user.target" ];
# after = [
# "network-online.target"
# "docker.service"
# "atticd.service"
# ];
# requires = [
# "network-online.target"
# "docker.service"
# "atticd.service"
# ];
# description = "Upload all store content to binary cache";
# serviceConfig = {
# User = "root";
# Restart = "always";
# ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot";
# };
# };
# attic-sync-hydra = {
# after = [
# "network-online.target"
# "docker.service"
# "atticd.service"
# ];
# requires = [
# "network-online.target"
# "docker.service"
# "atticd.service"
# ];
# description = "Force resync of hydra derivations with attic";
# serviceConfig = {
# Type = "oneshot";
# User = "root";
# ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}";
# };
# };
# };
timers = {
attic-sync-hydra = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = 600;
OnUnitActiveSec = 86400;
Unit = "attic-sync-hydra.service";
};
};
};
};
# timers = {
# attic-sync-hydra = {
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnBootSec = 600;
# OnUnitActiveSec = 86400;
# Unit = "attic-sync-hydra.service";
# };
# };
# };
# };
sops = {
secrets = {

2
systems/palatine-hill/attic/sync-attic.bash
View File

@ -6,5 +6,5 @@ sync_directories=(
)
for dir in "${sync_directories[@]}"; do
find "$dir" -regex ".*\.drv$" -exec attic push nix-cache '{}' \;
find "$dir" -regex ".*\.drv$" -exec attic push cache-nix-dot '{}' \;
done

2
systems/palatine-hill/configuration.nix
View File

@ -17,8 +17,8 @@
./minio.nix
./networking.nix
./nextcloud.nix
./postgresql.nix
./samba.nix
./postgresql.nix
./zfs.nix
];

81
systems/palatine-hill/docker/act-runner.nix
View File

@ -6,7 +6,6 @@
let
vars = import ../vars.nix;
act_path = vars.primary_act;
act_config_path = ./act_config.yaml;
in
{
virtualisation.oci-containers.containers = {
@ -21,9 +20,10 @@ in
};
ports = [ "8088:8088" ];
volumes = [
"${act_config_path}:/config.yaml"
"${act_path}/stable-latest-main/config.yaml:/config.yaml"
"${act_path}/stable-latest-main/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
];
environment = {
CONFIG_FILE = "/config.yaml";
@ -43,9 +43,10 @@ in
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${./act_config.yaml}:/config.yaml"
"${act_path}/stable-latest-1/config.yaml:/config.yaml"
"${act_path}/stable-latest-1/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
];
environment = {
CONFIG_FILE = "/config.yaml";
@ -65,9 +66,10 @@ in
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_config_path}:/config.yaml"
"${act_path}/stable-latest-2/config.yaml:/config.yaml"
"${act_path}/stable-latest-2/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
];
environment = {
CONFIG_FILE = "/config.yaml";
@ -76,6 +78,75 @@ in
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-3 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_path}/stable-latest-3/config.yaml:/config.yaml"
"${act_path}/stable-latest-3/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-3";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-4 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_path}/stable-latest-4/config.yaml:/config.yaml"
"${act_path}/stable-latest-4/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-4";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-5 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_path}/stable-latest-5/config.yaml:/config.yaml"
"${act_path}/stable-latest-5/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-5";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
};
systemd = {
@ -103,9 +174,7 @@ in
"docker/act-runner" = {
owner = "root";
restartUnits = [
"docker-act-stable-latest-main.service"
"docker-act-stable-latest-1.service"
"docker-act-stable-latest-2.service"
];
};
};

95
systems/palatine-hill/docker/act_config.yaml
View File

@ -1,95 +0,0 @@
# Example configuration file, it's safe to copy this as the default config file without any modification.
# You don't have to copy this file to your instance,
# just run `./act_runner generate-config > config.yaml` to generate a config file.
log:
# The level of logging, can be trace, debug, info, warn, error, fatal
level: debug
runner:
# Where to store the registration result.
file: .runner
# Execute how many tasks concurrently at the same time.
capacity: 1
# Extra environment variables to run jobs.
envs:
A_TEST_ENV_NAME_1: a_test_env_value_1
A_TEST_ENV_NAME_2: a_test_env_value_2
# Extra environment variables to run jobs from a file.
# It will be ignored if it's empty or the file doesn't exist.
env_file: .env
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
timeout: 3h
# The timeout for the runner to wait for running jobs to finish when shutting down.
# Any running jobs that haven't finished after this timeout will be cancelled.
shutdown_timeout: 30m
# Whether skip verifying the TLS certificate of the Gitea instance.
insecure: false
# The timeout for fetching the job from the Gitea instance.
fetch_timeout: 5s
# The interval for fetching the job from the Gitea instance.
fetch_interval: 2s
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `daemon`, will use labels in `.runner` file.
labels:
- "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
- "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
- "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
#cache:
# Enable cache server to use actions/cache.
#enabled: true
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
#dir: ""
# The host of the cache server.
# It's not for the address to listen, but the address to connect from job containers.
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
#host: ""
# The port of the cache server.
# 0 means to use a random available port.
#port: 0
# The external cache server URL. Valid only when enable is true.
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# The URL should generally end with "/".
#external_server: ""
container:
# Specifies the network to which the container will connect.
# Could be host, bridge or the name of a custom network.
# If it's empty, act_runner will create a network automatically.
network: ""
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
options:
# The parent directory of a job's working directory.
# NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically.
# If the path starts with '/', the '/' will be trimmed.
# For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
# If it's empty, /workspace will be used.
workdir_parent:
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
# valid_volumes:
# - data
# - /src/*.json
# If you want to allow any volume, please use the following configuration:
# valid_volumes:
# - '**'
valid_volumes: []
# overrides the docker client host with the specified one.
# If it's empty, act_runner will find an available docker host automatically.
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
docker_host: ""
# Pull docker image(s) even if already present
force_pull: true
# Rebuild docker image(s) even if already present
force_rebuild: false
host:
# The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used.
workdir_parent:

2
systems/palatine-hill/docker/archiveteam.nix
View File

@ -122,7 +122,7 @@ let
cmd = lib.splitString " " "--concurrent 6 AmAnd0";
};
inherit (lib.adev.container-utils) createTemplatedContainers;
inherit (lib.rad-dev.container-utils) createTemplatedContainers;
vars = import ../vars.nix;
at_path = vars.primary_archiveteam;

76
systems/palatine-hill/docker/minecraft.nix
View File

@ -9,31 +9,31 @@ let
divinejourney = "dj.alicehuston.xyz";
rlcraft = "rlcraft.alicehuston.xyz";
arcanum-institute = "arcanum.alicehuston.xyz";
# bcg-plus = "bcg.alicehuston.xyz";
bcg-plus = "bcg.alicehuston.xyz";
};
defaultServer = "rlcraft";
# defaultEnv = {
# EULA = "true";
# TYPE = "AUTO_CURSEFORGE";
# STOP_SERVER_ANNOUNCE_DELAY = "120";
# STOP_DURATION = "600";
# SYNC_CHUNK_WRITES = "false";
# USE_AIKAR_FLAGS = "true";
# MEMORY = "8GB";
# ALLOW_FLIGHT = "true";
# MAX_TICK_TIME = "-1";
# };
defaultEnv = {
EULA = "true";
TYPE = "AUTO_CURSEFORGE";
STOP_SERVER_ANNOUNCE_DELAY = "120";
STOP_DURATION = "600";
SYNC_CHUNK_WRITES = "false";
USE_AIKAR_FLAGS = "true";
MEMORY = "8GB";
ALLOW_FLIGHT = "true";
MAX_TICK_TIME = "-1";
};
# defaultOptions = [
# "--stop-signal=SIGTERM"
# "--stop-timeout=1800"
# "--network=minecraft-net"
# ];
defaultOptions = [
"--stop-signal=SIGTERM"
"--stop-timeout=1800"
"--network=minecraft-net"
];
# vars = import ../vars.nix;
# minecraft_path = "${vars.primary_games}/minecraft";
vars = import ../vars.nix;
minecraft_path = "${vars.primary_games}/minecraft";
in
{
virtualisation.oci-containers.containers = {
@ -46,7 +46,7 @@ in
cmd = [
(
"--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
+ (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
+ (lib.rad-dev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
)
];
};
@ -67,24 +67,24 @@ in
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
# bcg-plus = {
# image = "itzg/minecraft-server:java17";
# volumes = [
# "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
# "${minecraft_path}/bcg-plus/data:/data"
# ];
# hostname = "bcg-plus";
# environment = defaultEnv // {
# VERSION = "1.17";
# CF_SLUG = "bcg";
# DIFFICULTY = "normal";
# DEBUG = "true";
# # ENABLE_COMMAND_BLOCK = "true";
# };
# extraOptions = defaultOptions;
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
bcg-plus = {
image = "itzg/minecraft-server:java17";
volumes = [
"${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
"${minecraft_path}/bcg-plus/data:/data"
];
hostname = "bcg-plus";
environment = defaultEnv // {
VERSION = "1.17";
CF_SLUG = "bcg";
DIFFICULTY = "normal";
DEBUG = "true";
# ENABLE_COMMAND_BLOCK = "true";
};
extraOptions = defaultOptions;
log-driver = "local";
environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
};
};
sops = {

4
systems/palatine-hill/hydra.nix
View File

@ -1,6 +1,7 @@
{
config,
inputs,
lib,
pkgs,
...
}:
let
@ -42,7 +43,6 @@ in
services = {
hydra = {
enable = true;
package = inputs.hydra.packages.x86_64-linux.hydra;
hydraURL = "https://hydra.alicehuston.xyz";
smtpHost = "alicehuston.xyz";
notificationSender = "hydra@alicehuston.xyz";

6
systems/palatine-hill/secrets.yaml
View File

@ -27,8 +27,6 @@ acme:
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
server-validation:
webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str]
typhon:
hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -44,8 +42,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T05:47:58Z"
mac: ENC[AES256_GCM,data:ZP9HglMmn9FDv6/vtQAxz/qP76QniPqM6bzMQVvVU/OhDmjuneGKZY7d1Es7LC9o5qmJ+T3Dh3/bkmuRdgdnd2TO6iuvM++DEPxwnoHis+0lbMxv5a6ibzvoXXm2CrL4HPETqLKbLahGJRmDNgnkCEWxAs16zrqe5kgDpD53R5c=,iv:DcCXNGyb41ToV9uSnrnrl0dWiw2pvykM8z86Yk814P4=,tag:T9PFl48qABwBSy7vIhSmLA==,type:str]
lastmodified: "2025-03-04T04:53:14Z"
mac: ENC[AES256_GCM,data:MCucwVPGRMA/hGYS7mwSppkZAQ3wjHJnyeSvSI8YOOD0Xq7mvkMSvKctFHl6h4Cx3ubRvVHf5j35/NQxb+/VhhCPAHWDbqq9O2N0aWhAeybCu0IjruKrJhs76KsXJnNZ9REQQnS1/TNquuvj9FCoqDnrQcFs7M0KJ5m3eUU2h2k=,iv:ZJGJ8CTA8K5FnoKtbogleksB8wDcZtknO07M07Dmpsc=,tag:GMUXJD4U8KQgy9rvzEAMuw==,type:str]
pgp:
- created_at: "2024-11-28T18:56:39Z"
enc: |-

17
systems/palatine-hill/typhon.nix
View File

@ -1,17 +0,0 @@
{ config, ... }:
let
vars = import ./vars.nix;
typhon_path = vars.primary_typhon;
in
{
services.typhon = {
enable = true;
hashedPasswordFile = config.sops.secrets."typhon/hashedPassword".path;
home = typhon_path;
};
sops.secrets = {
"typhon/hashedPassword".owner = "root";
};
}

2
users/alice/home.nix
View File

@ -76,7 +76,6 @@
nix-prefetch
nix-tree
nh
nix-prefetch-scripts
# doom emacs dependencies
fd
@ -91,7 +90,6 @@
nodejs_20
nodePackages.prettier
treefmt
];
};

3
users/alice/home/doom/custom.el
View File

@ -22,6 +22,3 @@
(setq! lsp-nix-nil-max-mem 20000)
(setq! lsp-nix-nil-formatter ["nixfmt"])
(add-hook 'python-mode-hook (lambda ()
(require 'sphinx-doc)
(sphinx-doc-mode t)))

7
users/alice/home/doom/packages.el
View File

@ -80,10 +80,3 @@
(package! pacdiff.el
:recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE")))
(package! python-docstring-mode
:recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py")))
(package! sphinx-doc)
;; https://github.com/glyph/python-docstring-mode.git

1
users/alice/home/zsh.nix
View File

@ -4,6 +4,7 @@
programs.zsh = {
enable = true;
# autosuggestion.enable = true;
oh-my-zsh = {
enable = true;
plugins = [

6
users/alice/secrets.yaml
View File

@ -2,7 +2,7 @@ alice:
user-password: ENC[AES256_GCM,data:+cM85X1vapqfQdJ+Dv6YvT5qHlvsmaXPRbvKRHtCkPT3wdw4f7tLHLFmvWnak7CRezI00PxVEtCZL5mqLyN2HaU4OqIk/9fgqczIzemwBlMGJt+ndwG4oqBqE0ymtzmy8MA59wonRqoxzYKQfAGQsprdCIovrg==,iv:BtSDBgvQeZdTY1KUClnt9V8qHcS/gouaaQw342tk4Sg=,tag:T7tzyKuCo83s78ca7f4KDQ==,type:str]
#ENC[AES256_GCM,data:6+dLs8opC27IrHJCPfL2c7KiLbaQTqI6oRKpIZLR4+P9gTupziAhCm/G7RY01gVPSgxdBpJ6L4xVbcMEg9hDKBMI4naF9arNrFsV6WXNc+LA5BYyT9L9G1nDea8fPFYDSF2537eLgLqWNE1WSsUOrz/WOxbE6g==,iv:AxsdKmGz6qEYlWY08q/2hqsm0EXaqodwD/7OJg4FAIY=,tag:EgfL3I1VBXtFgIdTOW5eBA==,type:comment]
#ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment]
gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str]
gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str]
wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str]
attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str]
attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str]
@ -42,8 +42,8 @@ sops:
ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T15:28:13Z"
mac: ENC[AES256_GCM,data:BfEahKHAcnLc/PSagENBIVwxufJrjpMSC6U4hkkxNwcEJYDNAlrF0w00aiexLeX+UfVGIw19+SrNL5zuecEf+GaYzYNy9RE3c66KUM2B/cpuBuzkiwLaBCTfcWr7k8dW11BGFCmugRSG4w6wXKG5B/LyEKB6Vcvp0JRbCYSqZSY=,iv:97UzvdvQCtTLaLDrg6VEwiofHtSPGtaxuPLHfTAyIFA=,tag:r4r45OaV9ZRDzd56RGLFZw==,type:str]
lastmodified: "2025-03-18T22:08:52Z"
mac: ENC[AES256_GCM,data:3Hr8FyzfZvvtyusqdDOjggDGFlBwyOq2VND+/jtNbY5i5JPK+qTkamn98IKkcHSPooaIVzEAek91fZDo90mYRhCzEwfbLATmFXPHsZHUg+5nD8VzcNUWQDb2/ey4RPhzTMtXfY9v9wdIcTdBKYKSZ61puptSX8nJ2S74ag6B5AY=,iv:J+VxUvwWE496DqTsVXdlpxgkf8zGT9uDvt6RLrmc0n0=,tag:X2Qg3DDzOTBDqo+6eQPHvw==,type:str]
pgp:
- created_at: "2024-09-05T06:10:22Z"
enc: |-