1 Commits

Author SHA1 Message Date
930fea9ed9 added word to cspell
All checks were successful
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 1m54s
Check Nix formatting / Perform Nix format checks (pull_request) Successful in 10m27s
Check Nix flake / Perform Nix flake checks (ubuntu-latest) (pull_request) Successful in 16m58s
Check Nix flake / Build nix outputs (ubuntu-latest) (pull_request) Successful in 22m52s
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2025-03-20 11:51:48 -04:00
48 changed files with 436 additions and 850 deletions

View File

@ -8,17 +8,12 @@ on:
jobs: jobs:
health-check: health-check:
name: "Perform Nix flake checks" name: "Perform Nix flake checks"
runs-on: ubuntu-latest runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
steps: steps:
- name: Get Latest Determinate Nix Installer binary - uses: DeterminateSystems/nix-installer-action@main
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- name: Setup Attic cache - name: Setup Attic cache
uses: ryanccn/attic-action@v0 uses: ryanccn/attic-action@v0
with: with:
@ -28,3 +23,25 @@ jobs:
skip-push: "true" skip-push: "true"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix flake check --accept-flake-config - run: nix flake check --accept-flake-config
- run: nix ./utils/attic-push.bash
build-checks:
name: "Build nix outputs"
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
steps:
- uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4
- name: Build all outputs
run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true

View File

@ -11,15 +11,8 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Get Latest Determinate Nix Installer binary
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix - name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- name: Setup Attic cache - name: Setup Attic cache
uses: ryanccn/attic-action@v0 uses: ryanccn/attic-action@v0
with: with:
@ -47,15 +40,11 @@ jobs:
run: nix ./utils/eval-to-drv.sh post run: nix ./utils/eval-to-drv.sh post
- name: Calculate diff - name: Calculate diff
run: nix ./utils/diff-evals.sh run: nix ./utils/diff-evals.sh
- name: upload diff file as artifact - name: Read file contents
id: upload-diff id: read_file
uses: actions/upload-artifact@v3 uses: guibranco/github-file-reader-action-v2@latest
with: with:
name: nix-flake-diff.log path: "post-diff"
path: post-diff
compression-level: 9
if-no-files-found: error
retention-period: 5
- name: Write PR body template - name: Write PR body template
uses: https://github.com/DamianReeves/write-file-action@v1.3 uses: https://github.com/DamianReeves/write-file-action@v1.3
with: with:
@ -63,16 +52,12 @@ jobs:
contents: | contents: |
- The following Nix Flake inputs were updated: - The following Nix Flake inputs were updated:
Flake input changes: ```
```shell
${{ env.UPDATE_LOG }} ${{ env.UPDATE_LOG }}
``` ```
Flake evaluation diff: ```
${{ steps.read_file.outputs.contents }}
```shell
nix-diff-placeholder
``` ```
Auto-generated by [update.yml][1] with the help of Auto-generated by [update.yml][1] with the help of
@ -85,9 +70,6 @@ jobs:
with: with:
files: "pr_body.template" files: "pr_body.template"
output-filename: "pr_body.md" output-filename: "pr_body.md"
- name: template diff into PR body
run: |
nix utils/inject-diff.py
- name: Save PR body - name: Save PR body
id: pr_body id: pr_body
uses: juliangruber/read-file-action@v1 uses: juliangruber/read-file-action@v1
@ -96,6 +78,7 @@ jobs:
- name: Remove temporary files - name: Remove temporary files
run: | run: |
rm pr_body.template rm pr_body.template
rm pr_body.md
rm pre.json rm pre.json
rm post.json rm post.json
rm post-diff rm post-diff
@ -105,8 +88,7 @@ jobs:
uses: https://nayeonie.com/ahuston-0/create-pull-request@main uses: https://nayeonie.com/ahuston-0/create-pull-request@main
with: with:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
add-paths: flake.lock body: ${{ steps.pr_body.outputs.content }}
body-path: pr_body.md
author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>' author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>'
title: 'automated: Update `flake.lock`' title: 'automated: Update `flake.lock`'
commit-message: | commit-message: |
@ -118,6 +100,9 @@ jobs:
pr-labels: | # Labels to be set on the PR pr-labels: | # Labels to be set on the PR
dependencies dependencies
automated automated
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true
- name: Print PR number - name: Print PR number
run: | run: |
echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}." echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."

View File

@ -10,15 +10,7 @@ jobs:
name: "Perform Nix format checks" name: "Perform Nix format checks"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Get Latest Determinate Nix Installer binary - uses: DeterminateSystems/nix-installer-action@main
id: latest-installer
uses: sigyl-actions/gitea-action-get-latest-release@main
with:
repository: ahuston-0/determinate-nix-mirror
- name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main
with:
source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux
- name: Setup Attic cache - name: Setup Attic cache
uses: ryanccn/attic-action@v0 uses: ryanccn/attic-action@v0
with: with:
@ -28,3 +20,6 @@ jobs:
skip-push: "true" skip-push: "true"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix fmt -- --check . - run: nix fmt -- --check .
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true

View File

@ -41,6 +41,7 @@
"codezombiech", "codezombiech",
"compactmode", "compactmode",
"Compat", "Compat",
"concat",
"concatLists", "concatLists",
"contentblocking", "contentblocking",
"cookiebanners", "cookiebanners",
@ -153,6 +154,7 @@
"networkd", "networkd",
"networkmanager", "networkmanager",
"newtabpage", "newtabpage",
"nixfmt",
"nixos", "nixos",
"nixpkgs", "nixpkgs",
"nmap", "nmap",
@ -214,6 +216,8 @@
"rofi", "rofi",
"rpool", "rpool",
"rspace", "rspace",
"rsyslog",
"rsyslogd",
"rtkit", "rtkit",
"safebrowsing", "safebrowsing",
"Sandro", "Sandro",
@ -255,6 +259,7 @@
"topstories", "topstories",
"Toqozz", "Toqozz",
"torrenting", "torrenting",
"treefmt",
"twimg", "twimg",
"uaccess", "uaccess",
"ublock", "ublock",

View File

@ -14,7 +14,9 @@ to onboard a new user or system.
Although we are not actively looking for new members to join in on this repo, Although we are not actively looking for new members to join in on this repo,
we are not strictly opposed. Please reach out to we are not strictly opposed. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) for further information. [@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill)
for further information.
## Repo Structure ## Repo Structure

View File

@ -107,7 +107,8 @@ rules.
We allow secrets to be embedded in the repository using `sops-nix`. As part of We allow secrets to be embedded in the repository using `sops-nix`. As part of
the process everything is encrypted, however adding a new user is a change the process everything is encrypted, however adding a new user is a change
that every existing SOPS user needs to participate in. Please reach out to that every existing SOPS user needs to participate in. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested [@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill) if you are interested
in using secrets on your machines. in using secrets on your machines.
## CI/CD ## CI/CD

View File

@ -121,7 +121,7 @@ fi
DOTS="/mnt/root/dotfiles" DOTS="/mnt/root/dotfiles"
GC="git -C $DOTS" GC="git -C $DOTS"
sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists" sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
sudo $GC clone https://nayeonie.com/ahuston-0/nix-dotfiles.git . sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
sudo $GC checkout "$FEATUREBRANCH" sudo $GC checkout "$FEATUREBRANCH"
# Create ssh keys # Create ssh keys
@ -179,4 +179,4 @@ Host github.com
IdentityFile /root/.ssh/id_ed25519_ghdeploy IdentityFile /root/.ssh/id_ed25519_ghdeploy
EOF EOF
printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
sudo "$GC" remote set-url origin 'ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git' sudo "$GC" remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'

258
flake.lock generated
View File

@ -5,11 +5,11 @@
"fromYaml": "fromYaml" "fromYaml": "fromYaml"
}, },
"locked": { "locked": {
"lastModified": 1746562888, "lastModified": 1732200724,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", "narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=",
"owner": "SenchoPens", "owner": "SenchoPens",
"repo": "base16.nix", "repo": "base16.nix",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", "rev": "153d52373b0fb2d343592871009a286ec8837aec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -69,17 +69,20 @@
}, },
"firefox-addons": { "firefox-addons": {
"inputs": { "inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1748664200, "lastModified": 1742449434,
"narHash": "sha256-D8sWEVVvxDBJsr8h26AGDfYjp56iKUIHCWaOKucDT2c=", "narHash": "sha256-UVz7NhPzbEWey6mMJU3Jwjqfbp0xH0iKZDuoRjhZEN0=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "b7d07ac2748936643abe8192065a2156f1a46d6e", "rev": "1b0b14b56353040142e0ef5b0ab37743bbbf4ab4",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -92,11 +95,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1744642301, "lastModified": 1741628778,
"narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=", "narHash": "sha256-RsvHGNTmO2e/eVfgYK7g+eYEdwwh7SbZa+gZkT24MEA=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "59e3de00f01e5adb851d824cf7911bd90c31083a", "rev": "5a81d390bb64afd4e81221749ec4bffcbeb5fa80",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -124,11 +127,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1743550720, "lastModified": 1741352980,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5", "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -141,6 +144,7 @@
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"stylix", "stylix",
"nur",
"nixpkgs" "nixpkgs"
] ]
}, },
@ -178,6 +182,27 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": [
"stylix",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": { "fromYaml": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -207,11 +232,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742649964, "lastModified": 1741379162,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -266,16 +291,16 @@
"gnome-shell": { "gnome-shell": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1744584021, "lastModified": 1732369855,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
"owner": "GNOME", "owner": "GNOME",
"repo": "gnome-shell", "repo": "gnome-shell",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", "rev": "dadd58f630eeea41d645ee225a63f719390829dc",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "GNOME", "owner": "GNOME",
"ref": "48.1", "ref": "47.2",
"repo": "gnome-shell", "repo": "gnome-shell",
"type": "github" "type": "github"
} }
@ -287,11 +312,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748668774, "lastModified": 1742447757,
"narHash": "sha256-fYk/vk4ClmvHIgnGv/5GNRiDLtNCwXo9aLq36L/x+P4=", "narHash": "sha256-Q0KXcHQmum8L6IzGhhkVhjFMKY6BvYa/rhmLP26Ws8o=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "60e4624302d956fe94d3f7d96a560d14d70591b9", "rev": "94605dcadefeaff6b35c8931c9f38e4f4dc7ad0a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -300,27 +325,6 @@
"type": "github" "type": "github"
} }
}, },
"hydra": {
"inputs": {
"nix": "nix",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1747268965,
"narHash": "sha256-ZDTr2SQQEaZDuNNmKDcxdGNrUP6lucyrp5dxJyqAKy8=",
"ref": "add-gitea-pulls",
"rev": "84ce142a9d49e2453ce834cf5afa059189a913c9",
"revCount": 4374,
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
},
"original": {
"ref": "add-gitea-pulls",
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
}
},
"hyprland-contrib": { "hyprland-contrib": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -328,11 +332,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747572947, "lastModified": 1742213523,
"narHash": "sha256-PMQoXbfmWPuXnF8EaWqRmvTvl7+WFUrDVgufFRPgOM4=", "narHash": "sha256-I8JVdQRu8eWvY5W8XWYZkdd5pojDHkxeqQV7mMIsbhs=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "910dad4c5755c1735d30da10c96d9086aa2a608d", "rev": "bd81329944be53b0ffb99e05864804b95f1d7c65",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -341,39 +345,6 @@
"type": "github" "type": "github"
} }
}, },
"nix": {
"flake": false,
"locked": {
"lastModified": 1745420957,
"narHash": "sha256-ZbB3IH9OlJvo14GlQZbYHzJojf/HCDT38GzYTod8DaU=",
"owner": "NixOS",
"repo": "nix",
"rev": "70921714cb3b5e6041b7413459541838651079f3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.28-maintenance",
"repo": "nix",
"type": "github"
}
},
"nix-eval-jobs": {
"flake": false,
"locked": {
"lastModified": 1744370057,
"narHash": "sha256-n220U5pjzCtTtOJtbga4Xr/PyllowKw9anSevgCqJEw=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "1260c6599d22dfd8c25fea6893c3d031996b20e1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-eval-jobs",
"type": "github"
}
},
"nix-index-database": { "nix-index-database": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -381,11 +352,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748145500, "lastModified": 1742174123,
"narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=", "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "a98adbf54d663395df0b9929f6481d4d80fc8927", "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -417,11 +388,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747663185, "lastModified": 1742217219,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", "narHash": "sha256-pLRjj0jTL1TloB0ptEwVF51IJJX8a17dSxg+gqiWb30=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", "rev": "83900d5154d840dfae1e0367c5290f59b9dccf03",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -432,11 +403,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1748634340, "lastModified": 1742376361,
"narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -455,11 +426,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748287559, "lastModified": 1742419596,
"narHash": "sha256-dvUE9HGwzEXyv6G7LuZFQCmRYFuXLJBO4+crCTxe5zs=", "narHash": "sha256-+Bw1HR4oX6vUbCMhwWbW+Nr20F+UesNdUd7b17s3ESE=",
"owner": "SuperSandro2000", "owner": "SuperSandro2000",
"repo": "nixos-modules", "repo": "nixos-modules",
"rev": "9ae063877f8c5d42c39b739ae1d00f9657ad17f4", "rev": "82491ff311152b87fe7cfbdaf545f727e0750aa9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -470,27 +441,27 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1745408698, "lastModified": 1742450798,
"narHash": "sha256-JT1wMjLIypWJA0N2V27WpUw8feDmTok4Dwkb0oYXDS4=", "narHash": "sha256-lfOAAaX68Ed7R6Iy2nbFAkGj6B8kHBp3nqZhgZjxR5c=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "eea3403f7ca9f9942098f4f2756adab4ec924b2b", "rev": "b64ec1944ea40d9f3920f938e17ed39a9978c6c7",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-24.11-small", "ref": "nixos-unstable-small",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1743296961, "lastModified": 1740877520,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -501,11 +472,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1748421225, "lastModified": 1742268799,
"narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=", "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "78add7b7abb61689e34fc23070a8f55e1d26185b", "rev": "da044451c6a70518db5b730fe277b70f494188f1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -515,28 +486,9 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1748676562,
"narHash": "sha256-7kLFXK3YSwFeSB5pQ6ltrVq/w9b1WaE4fiELAajO748=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f21e6d28b717da40718d8240bc72827bdd4af4b6",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": "flake-parts_2",
"stylix",
"flake-parts"
],
"nixpkgs": [ "nixpkgs": [
"stylix", "stylix",
"nixpkgs" "nixpkgs"
@ -544,11 +496,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1746056780, "lastModified": 1741693509,
"narHash": "sha256-/emueQGaoT4vu0QjU9LDOG5roxRSfdY0K2KkxuzazcM=", "narHash": "sha256-emkxnsZstiJWmGACimyAYqIKz2Qz5We5h1oBVDyQjLw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "d476cd0972dd6242d76374fcc277e6735715c167", "rev": "5479646b2574837f1899da78bdf9a48b75a9fb27",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -568,11 +520,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747372754, "lastModified": 1742300892,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "narHash": "sha256-QmF0proyjXI9YyZO9GZmc7/uEu5KVwCtcdLsKSoxPAI=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "rev": "ea26a82dda75bee6783baca6894040c8e6599728",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -588,13 +540,12 @@
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"hydra": "hydra",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules", "nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
@ -611,11 +562,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748658947, "lastModified": 1742437918,
"narHash": "sha256-F+nGITu6D7RswJlm8qCuU1PCuOSgDeAqaDKWW1n1jmQ=", "narHash": "sha256-Vflb6KJVDikFcM9E231mRN88uk4+jo7BWtaaQMifthI=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "fc82ce758cc5df6a6d5d24e75710321cdbdc787a", "rev": "f03085549609e49c7bcbbee86a1949057d087199",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -631,11 +582,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747603214, "lastModified": 1742406979,
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -654,7 +605,7 @@
"flake-compat": [ "flake-compat": [
"flake-compat" "flake-compat"
], ],
"flake-parts": "flake-parts_2", "flake-utils": "flake-utils_2",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": [ "home-manager": [
@ -672,11 +623,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1748621009, "lastModified": 1742422444,
"narHash": "sha256-X7SqoEEHVsR01GwL9WBs3tuSXdit7YdeBdIHrl+MlZQ=", "narHash": "sha256-Djg5uMhIDPdFOZ7kTrqNlHaAqcx/4rp7BofZLsUHkLY=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "b69e9b761ee682b722e2c9ce46637e767b50f6dc", "rev": "f122d70925ca44e5ee4216661769437ab36a6a3f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -735,27 +686,28 @@
"tinted-kitty": { "tinted-kitty": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1735730497, "lastModified": 1716423189,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", "narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-kitty", "repo": "tinted-kitty",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", "rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-kitty", "repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github" "type": "github"
} }
}, },
"tinted-schemes": { "tinted-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1744974599, "lastModified": 1741468895,
"narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=", "narHash": "sha256-YKM1RJbL68Yp2vESBqeZQBjTETXo8mCTTzLZyckCfZk=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "schemes", "repo": "schemes",
"rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd", "rev": "47c8c7726e98069cade5827e5fb2bfee02ce6991",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -767,11 +719,11 @@
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1745111349, "lastModified": 1740877430,
"narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=", "narHash": "sha256-zWcCXgdC4/owfH/eEXx26y5BLzTrefjtSLFHWVD5KxU=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "e009f18a01182b63559fb28f1c786eb027c3dee9", "rev": "d48ee86394cbe45b112ba23ab63e33656090edb4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -831,11 +783,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1743305055, "lastModified": 1730615238,
"narHash": "sha256-NIsi8Dno9YsOLUUTrLU4p+hxYeJr3Vkg1gIpQKVTaDs=", "narHash": "sha256-u/ZGtyEUvAkFOBgLo2YldOx0GKjE3/esWpWruRD376E=",
"owner": "Toqozz", "owner": "Toqozz",
"repo": "wired-notify", "repo": "wired-notify",
"rev": "75d43f54a02b15f2a15f5c1a0e1c7d15100067a6", "rev": "1632418aa15889343028261663e81d8b5595860e",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -15,11 +15,9 @@
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-cache:grGRsHhqNDhkEuTODvHJXYmoCClntC+U8XAJQzwMaZM=" "nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs="
]; ];
trusted-users = [ "root" ]; trusted-users = [ "root" ];
allow-import-from-derivation = true;
fallback = true;
}; };
inputs = { inputs = {
@ -46,6 +44,7 @@
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
}; };
}; };
@ -59,13 +58,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hydra = {
url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# };
};
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -136,7 +128,7 @@
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
# disable arm for now as hydra isn't set up for it # disable arm for now as hydra isn't set up for it
# "aarch64-linuxa # "aarch64-linux"
]; ];
forEachSystem = lib.genAttrs systems; forEachSystem = lib.genAttrs systems;
@ -152,13 +144,13 @@
lib = self; lib = self;
} }
); );
inherit (lib.adev.systems) genSystems getImages; inherit (lib.rad-dev.systems) genSystems getImages;
inherit (self) outputs; # for hydra inherit (self) outputs; # for hydra
in in
rec { rec {
inherit lib; # for allowing use of custom functions in nix repl inherit lib; # for allowing use of custom functions in nix repl
hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; #hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
nixosConfigurations = genSystems inputs outputs src (src + "/systems"); nixosConfigurations = genSystems inputs outputs src (src + "/systems");

View File

@ -19,6 +19,7 @@ let
prs = readJSONFile pulls; prs = readJSONFile pulls;
refs = readJSONFile branches; refs = readJSONFile branches;
repo = "RAD-Development/nix-dotfiles";
# template for creating a job # template for creating a job
makeJob = makeJob =
@ -27,7 +28,6 @@ let
keepnr ? 3, keepnr ? 3,
description, description,
flake, flake,
enabled ? 1,
}: }:
{ {
inherit inherit
@ -35,8 +35,8 @@ let
flake flake
schedulingshares schedulingshares
keepnr keepnr
enabled
; ;
enabled = 1;
type = 1; type = 1;
hidden = false; hidden = false;
checkinterval = 300; # every 5 minutes checkinterval = 300; # every 5 minutes
@ -44,9 +44,7 @@ let
emailoverride = ""; emailoverride = "";
}; };
giteaHost = "ssh://gitea@nayeonie.com:2222"; # Create a hydra job for a branch
repo = "ahuston-0/nix-dotfiles";
# # Create a hydra job for a branch
jobOfRef = jobOfRef =
name: name:
{ ref, ... }: { ref, ... }:
@ -57,7 +55,7 @@ let
name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}"; name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}";
value = makeJob { value = makeJob {
description = "Branch ${name}"; description = "Branch ${name}";
flake = "git+${giteaHost}/${repo}?ref=${ref}"; flake = "git+ssh://git@github.com/${repo}?ref=${ref}";
}; };
}; };
@ -66,8 +64,7 @@ let
name = if info.draft then "draft-${id}" else "pr-${id}"; name = if info.draft then "draft-${id}" else "pr-${id}";
value = makeJob { value = makeJob {
description = "PR ${id}: ${info.title}"; description = "PR ${id}: ${info.title}";
flake = "git+${giteaHost}/${repo}?ref=${info.head.ref}"; flake = "git+ssh://git@github.com/${info.head.repo.full_name}?ref=${info.head.ref}";
enabled = info.state == "open";
}; };
}; };

View File

@ -1,7 +1,7 @@
{ {
"enabled": 1, "enabled": 1,
"hidden": false, "hidden": false,
"description": "ahuston-0's personal server infra", "description": "RAD Development infrastructure",
"nixexprinput": "nixexpr", "nixexprinput": "nixexpr",
"nixexprpath": "hydra/jobsets.nix", "nixexprpath": "hydra/jobsets.nix",
"checkinterval": 60, "checkinterval": 60,
@ -12,7 +12,7 @@
"type": 0, "type": 0,
"inputs": { "inputs": {
"nixexpr": { "nixexpr": {
"value": "ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git main", "value": "https://github.com/RAD-Development/nix-dotfiles main",
"type": "git", "type": "git",
"emailresponsible": false "emailresponsible": false
}, },
@ -22,13 +22,13 @@
"emailresponsible": false "emailresponsible": false
}, },
"pulls": { "pulls": {
"type": "giteapulls", "type": "githubpulls",
"value": "nayeonie.com ahuston-0 nix-dotfiles https", "value": "RAD-Development nix-dotfiles",
"emailresponsible": false "emailresponsible": false
}, },
"branches": { "branches": {
"type": "gitea_refs", "type": "github_refs",
"value": "nayeonie.com ahuston-0 nix-dotfiles heads https -", "value": "RAD-Development nix-dotfiles heads -",
"emailresponsible": false "emailresponsible": false
} }
} }

View File

@ -1,7 +1,7 @@
{ lib, ... }: { lib, ... }:
{ {
# create adev namespace for lib # create rad-dev namespace for lib
adev = rec { rad-dev = rec {
systems = import ./systems.nix { inherit lib; }; systems = import ./systems.nix { inherit lib; };
container-utils = import ./container-utils.nix { inherit lib; }; container-utils = import ./container-utils.nix { inherit lib; };

View File

@ -176,7 +176,7 @@ rec {
(configPath + "/configuration.nix") (configPath + "/configuration.nix")
] ]
++ modules ++ modules
++ (lib.adev.fileList (src + "/modules")) ++ (lib.rad-dev.fileList (src + "/modules"))
++ genWrapper sops genSops args ++ genWrapper sops genSops args
++ genWrapper home genHome args ++ genWrapper home genHome args
++ genWrapper true genUsers args ++ genWrapper true genUsers args
@ -222,7 +222,7 @@ rec {
// import configPath { inherit inputs; } // import configPath { inherit inputs; }
); );
} }
) (lib.adev.lsdir path) ) (lib.rad-dev.lsdir path)
); );
# gets all the images of a specified format # gets all the images of a specified format

View File

@ -61,7 +61,7 @@ in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
environment.systemPackages = environment.systemPackages =
[ pkgs.git ] [ pkgs.git ]
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [ ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
pkgs.openssh pkgs.openssh
]; ];

View File

@ -1,10 +1,10 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.services.adev.k3s-net; cfg = config.services.rad-dev.k3s-net;
in in
{ {
options = { options = {
services.adev.k3s-net = { services.rad-dev.k3s-net = {
enable = lib.mkOption { enable = lib.mkOption {
default = false; default = false;
example = true; example = true;

View File

@ -5,7 +5,7 @@
i18n = { i18n = {
defaultLocale = lib.mkDefault "en_US.utf8"; defaultLocale = lib.mkDefault "en_US.utf8";
extraLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ]; supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
extraLocaleSettings = lib.mkDefault { extraLocaleSettings = lib.mkDefault {
LC_ADDRESS = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";

View File

@ -16,19 +16,4 @@
persistent = true; persistent = true;
flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git"; flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git";
}; };
services.nix-verify = {
daily = {
enable = true;
verify-contents = false;
verify-trust = false;
};
weekly = {
enable = true;
verify-contents = true;
verify-trust = false;
frequency = "1week";
randomized-delay-sec = "6hour";
};
};
} }

View File

@ -1,110 +0,0 @@
{
config,
lib,
...
}:
let
cfg = config.services.nix-verify;
verify-type =
with lib.types;
attrsOf (
submodule (
{ name, ... }:
{
options = {
enable = lib.mkEnableOption "verify status of nix store";
service-name = lib.mkOption {
type = lib.types.str;
description = "the name of the systemd service. ${name} by default";
default = name;
};
verify-contents = lib.mkEnableOption "verify contents of nix store";
verify-trust = lib.mkEnableOption "verify if each path is trusted";
signatures-needed = lib.mkOption {
type = lib.types.int;
description = "number of signatures needed when verifying trust. Not needed if verify-trust is disabled or not set.";
default = -1;
};
frequency = lib.mkOption {
type = lib.types.str;
description = "systemd-timer compatible time between pulls";
default = "1day";
};
randomized-delay-sec = lib.mkOption {
type = lib.types.str;
description = "systemd-timer compatible time randomized delay";
default = "0";
};
};
}
)
);
in
{
options = {
services.nix-verify = lib.mkOption {
type = verify-type;
default = { };
};
};
config =
let
verifiers = lib.filterAttrs (_: { enable, ... }: enable) cfg;
in
{
systemd.services = lib.mapAttrs' (
_:
{
service-name,
verify-contents,
verify-trust,
signatures-needed,
...
}:
lib.nameValuePair "nix-verifiers@${service-name}" {
requires = [ "multi-user.target" ];
after = [ "multi-user.target" ];
description =
"Verify nix store (verify-contents: ${lib.boolToString verify-contents}, verify-trust: "
+ "${lib.boolToString verify-trust}, signatures-needed: ${builtins.toString signatures-needed})";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart =
"${config.nix.package}/bin/nix store verify --all "
+ lib.optionalString (!verify-contents) "--no-contents "
+ lib.optionalString (!verify-trust) "--no-trust "
+ lib.optionalString (signatures-needed >= 0) "--sigs-needed ${signatures-needed}";
};
}
) verifiers;
systemd.timers = lib.mapAttrs' (
_:
{
service-name,
frequency,
randomized-delay-sec,
...
}:
lib.nameValuePair "nix-verifiers@${service-name}" {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = frequency;
OnUnitActiveSec = frequency;
RandomizedDelaySec = randomized-delay-sec;
Unit = "nix-verifiers@${service-name}.service";
};
}
) verifiers;
};
}

View File

@ -5,11 +5,11 @@
... ...
}: }:
let let
cfg = config.services.adev.yubikey; cfg = config.services.rad-dev.yubikey;
in in
{ {
options = { options = {
services.adev.yubikey = { services.rad-dev.yubikey = {
enable = lib.mkEnableOption "enable yubikey defaults"; enable = lib.mkEnableOption "enable yubikey defaults";
enable-desktop-app = lib.mkEnableOption "installs desktop application"; enable-desktop-app = lib.mkEnableOption "installs desktop application";
}; };

View File

@ -38,7 +38,7 @@ forEachSystem (
}; };
# constructs a custom shell with commonly used utilities # constructs a custom shell with commonly used utilities
adev = pkgs.mkShell { rad-dev = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
deadnix deadnix
pre-commit pre-commit
@ -56,7 +56,7 @@ forEachSystem (
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = [ inputsFrom = [
pre-commit pre-commit
adev rad-dev
sops sops
]; ];
}; };

View File

@ -37,6 +37,11 @@
default = true; default = true;
}; };
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = { services = {
@ -70,7 +75,7 @@
fprintd.enable = lib.mkForce false; fprintd.enable = lib.mkForce false;
openssh.enable = lib.mkForce false; openssh.enable = lib.mkForce false;
adev.yubikey = { rad-dev.yubikey = {
enable = true; enable = true;
enable-desktop-app = true; enable-desktop-app = true;
}; };

View File

@ -32,10 +32,23 @@
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
services = { services = {
xserver = {
enable = true;
displayManager.session = [
{
manage = "desktop";
name = "hyprland";
start = ''
bash ${./hypr/wrappedhl} &
waitPID=$!
'';
}
];
displayManager.gdm = { displayManager.gdm = {
enable = true; enable = true;
wayland = true; wayland = true;
}; };
};
dbus = { dbus = {
enable = true; enable = true;

View File

@ -1,19 +0,0 @@
{ ... }:
{
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
"192.168.76.1"
];
services.resolved = {
enable = true;
dnssec = "false";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
}

View File

@ -100,6 +100,7 @@
unipicker unipicker
unzip unzip
uutils-coreutils-noprefix uutils-coreutils-noprefix
ventoy
vesktop vesktop
vscode vscode
watchman watchman

View File

@ -10,9 +10,13 @@ example_booleans:
- ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool] - ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool]
apps: apps:
spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str] spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str]
wifi-env: ENC[AES256_GCM,data:2BM4wQq+RfASkg9lcH+fW7eD0VaPJMXABp3z0sYXqZbVzv9R9eAxSokxzcifT/1JK8PBwvZkWtEFrKAT3phXIZzoEySnGKGYazz8fqWWWhMJotLNNo5VkX70hLppgE9vYxf9vQSq0PLWYCN0jUO0H9mHjOT6mDzKUHegcC53jzkNY3WTfLkyzDWJVMP9IbVQ22N5QlJbzZNqrNTaOtcRm06PBz7pNuEKOy4jj5ipZOh6ceR81Xy6BXM7MzFN27lYbzfVvcDmlwqPORAmr7/00QBy2cp38rTswJEzYf1x2Q==,iv:DSTVPw9qtmo02/usZZDpHsYlX3sSW+2XrnawtBkRNmQ=,tag:3p3eW+3BEQrOmHlBNUEOaA==,type:str] wifi-env: ENC[AES256_GCM,data:G+z+fURk4rT61I5BiFzEJJt35jywPNrGpn1QGNhjvxrqPQ/Sq/hIHmQo+bqe9yJeDgMX3RY4EaiZxFTJyxPfW1czjuMSj3vbTp0WcDmGvUJ7li2pX2pzolgly4qmgoOluGBeRZWVLLOZYFB2+kLRMJNNz/bP5k2Eq6O4+l4sljPM+abn9iz9Eh46rVOVRkmDzCltJrYiuBSiSPhTDRTP2+gUbgbaUJTkVrVLUBHg3QU6az6VPN8DPZxbx4LtdaIb93pI,iv:uUfJK/iPdyLP7LqZJolTGGTxaEzlJI59bUVNcB1etkU=,tag:tvXSXSW1MIhLJceEK1afuw==,type:str]
#ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment] #ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: | enc: |
@ -23,8 +27,8 @@ sops:
d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR
D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA== D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-15T15:37:51Z" lastmodified: "2024-11-28T18:57:09Z"
mac: ENC[AES256_GCM,data:qJ8NdnzVrgQb0rGwjZFHrS+eJrUjQEk4M4uo5bnk4eY7aKaHejARcYOIhp0H/DMdlix+Dm3DAAeeRWn8AKCatXaSzYD/VHHbjfp0lKBCsC8CZFeCELQ5GGEHnVot3WGb4J+QdfupwdduExSSMd6XeZGFVbSGhLzRbiiWA+i8I3o=,iv:oxWiDCH60apKT0/fJbWp1cIZ9cvd6mJKlP3xAjMBXIo=,tag:0We6eCJnsncujCt+CwK9UQ==,type:str] mac: ENC[AES256_GCM,data:hKhAo7rDplLm19PlrKHQwxnDVXCMU/xpAxPALLDBa0M3yypy2QVD6c6Atn897tYRKf7oeLaUKqnUYdCcZ9gVgm37LS+GtRhf66zfvcKqhZF8wh3M0zTDPYpQDhex0N4BAJ/dcaYIbxqE9pEUxJOI5jip/hptaCJItTEe7oARcF4=,iv:EUayxLaOPcnWX+S9+RlHrxzJRLlSSLIwqbAq3fFI4yg=,tag:LiBsqIodTWamO+c8FqGBag==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:57:09Z" - created_at: "2024-11-28T18:57:09Z"
enc: |- enc: |-
@ -39,4 +43,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.1

View File

@ -1,13 +1,9 @@
{ config, lib, ... }: { config, ... }:
let let
always = 100; always = 100;
home = 99; home = 99;
public_wifi = false;
in in
{ {
imports = lib.optionals (!public_wifi) [
./private-wifi.nix
];
networking.wireless = { networking.wireless = {
enable = true; enable = true;
secretsFile = config.sops.secrets."wifi-env".path; secretsFile = config.sops.secrets."wifi-env".path;
@ -28,19 +24,29 @@ in
"24HuFios".pskRaw = "ext:PASS_longboat_home"; "24HuFios".pskRaw = "ext:PASS_longboat_home";
"Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie"; "Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie";
"Fios-Qn3RB".pskRaw = "ext:PASS_parkridge"; "Fios-Qn3RB".pskRaw = "ext:PASS_parkridge";
"Mojo Dojo Casa House".pskRaw = "ext:PASS_Carly"; "optimumwifi" = { };
"CableWiFi" = { };
# Public wifi connections
# set public_wifi on line 5 to true if connecting to one of these
#"optimumwifi" = { };
#"CableWiFi" = { };
#"Hilton Honors" = { };
# Work wifi
"JPMCVisitor" = { }; "JPMCVisitor" = { };
}; };
}; };
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
"192.168.76.1"
];
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
dnsovertls = "true";
};
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {

View File

@ -10,10 +10,6 @@
attic-client attic-client
]; ];
systemd.services.atticd.environment = {
RUST_LOG = "INFO";
};
services = { services = {
atticd = { atticd = {
enable = true; enable = true;
@ -38,9 +34,6 @@
bucket = "cache-nix-dot"; bucket = "cache-nix-dot";
endpoint = "https://minio.nayeonie.com"; endpoint = "https://minio.nayeonie.com";
}; };
garbage-collection = {
interval = "5 minutes";
};
# Warning: If you change any of the values here, it will be # Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs # difficult to reuse existing chunks for newly-uploaded NARs
@ -69,58 +62,58 @@
# borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
# configured default webstore for this on root user separately # configured default webstore for this on root user separately
systemd = { # systemd = {
services = { # services = {
attic-watch-store = { # attic-watch-store = {
wantedBy = [ "multi-user.target" ]; # wantedBy = [ "multi-user.target" ];
after = [ # after = [
"network-online.target" # "network-online.target"
"docker.service" # "docker.service"
"atticd.service" # "atticd.service"
]; # ];
requires = [ # requires = [
"network-online.target" # "network-online.target"
"docker.service" # "docker.service"
"atticd.service" # "atticd.service"
]; # ];
description = "Upload all store content to binary cache"; # description = "Upload all store content to binary cache";
serviceConfig = { # serviceConfig = {
User = "root"; # User = "root";
Restart = "always"; # Restart = "always";
ExecStart = "${pkgs.attic-client}/bin/attic watch-store nix-cache"; # ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot";
}; # };
}; # };
attic-sync-hydra = { # attic-sync-hydra = {
after = [ # after = [
"network-online.target" # "network-online.target"
"docker.service" # "docker.service"
"atticd.service" # "atticd.service"
]; # ];
requires = [ # requires = [
"network-online.target" # "network-online.target"
"docker.service" # "docker.service"
"atticd.service" # "atticd.service"
]; # ];
description = "Force resync of hydra derivations with attic"; # description = "Force resync of hydra derivations with attic";
serviceConfig = { # serviceConfig = {
Type = "oneshot"; # Type = "oneshot";
User = "root"; # User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}"; # ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}";
}; # };
}; # };
}; # };
timers = { # timers = {
attic-sync-hydra = { # attic-sync-hydra = {
wantedBy = [ "timers.target" ]; # wantedBy = [ "timers.target" ];
timerConfig = { # timerConfig = {
OnBootSec = 600; # OnBootSec = 600;
OnUnitActiveSec = 86400; # OnUnitActiveSec = 86400;
Unit = "attic-sync-hydra.service"; # Unit = "attic-sync-hydra.service";
}; # };
}; # };
}; # };
}; # };
sops = { sops = {
secrets = { secrets = {

View File

@ -6,5 +6,5 @@ sync_directories=(
) )
for dir in "${sync_directories[@]}"; do for dir in "${sync_directories[@]}"; do
find "$dir" -regex ".*\.drv$" -exec attic push nix-cache '{}' \; find "$dir" -regex ".*\.drv$" -exec attic push cache-nix-dot '{}' \;
done done

View File

@ -17,8 +17,8 @@
./minio.nix ./minio.nix
./networking.nix ./networking.nix
./nextcloud.nix ./nextcloud.nix
./postgresql.nix
./samba.nix ./samba.nix
./postgresql.nix
./zfs.nix ./zfs.nix
]; ];

View File

@ -6,7 +6,6 @@
let let
vars = import ../vars.nix; vars = import ../vars.nix;
act_path = vars.primary_act; act_path = vars.primary_act;
act_config_path = ./act_config.yaml;
in in
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
@ -21,9 +20,10 @@ in
}; };
ports = [ "8088:8088" ]; ports = [ "8088:8088" ];
volumes = [ volumes = [
"${act_config_path}:/config.yaml" "${act_path}/stable-latest-main/config.yaml:/config.yaml"
"${act_path}/stable-latest-main/data:/data" "${act_path}/stable-latest-main/data:/data"
"/var/run/docker.sock:/var/run/docker.sock" "/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
]; ];
environment = { environment = {
CONFIG_FILE = "/config.yaml"; CONFIG_FILE = "/config.yaml";
@ -43,9 +43,10 @@ in
"com.centurylinklabs.watchtower.scope" = "act-runner"; "com.centurylinklabs.watchtower.scope" = "act-runner";
}; };
volumes = [ volumes = [
"${./act_config.yaml}:/config.yaml" "${act_path}/stable-latest-1/config.yaml:/config.yaml"
"${act_path}/stable-latest-1/data:/data" "${act_path}/stable-latest-1/data:/data"
"/var/run/docker.sock:/var/run/docker.sock" "/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
]; ];
environment = { environment = {
CONFIG_FILE = "/config.yaml"; CONFIG_FILE = "/config.yaml";
@ -65,9 +66,10 @@ in
"com.centurylinklabs.watchtower.scope" = "act-runner"; "com.centurylinklabs.watchtower.scope" = "act-runner";
}; };
volumes = [ volumes = [
"${act_config_path}:/config.yaml" "${act_path}/stable-latest-2/config.yaml:/config.yaml"
"${act_path}/stable-latest-2/data:/data" "${act_path}/stable-latest-2/data:/data"
"/var/run/docker.sock:/var/run/docker.sock" "/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
]; ];
environment = { environment = {
CONFIG_FILE = "/config.yaml"; CONFIG_FILE = "/config.yaml";
@ -76,6 +78,75 @@ in
environmentFiles = [ config.sops.secrets."docker/act-runner".path ]; environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local"; log-driver = "local";
}; };
act-stable-latest-3 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_path}/stable-latest-3/config.yaml:/config.yaml"
"${act_path}/stable-latest-3/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-3";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-4 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_path}/stable-latest-4/config.yaml:/config.yaml"
"${act_path}/stable-latest-4/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-4";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-5 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_path}/stable-latest-5/config.yaml:/config.yaml"
"${act_path}/stable-latest-5/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
"/nix:/nix"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-5";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
}; };
systemd = { systemd = {
@ -103,9 +174,7 @@ in
"docker/act-runner" = { "docker/act-runner" = {
owner = "root"; owner = "root";
restartUnits = [ restartUnits = [
"docker-act-stable-latest-main.service"
"docker-act-stable-latest-1.service" "docker-act-stable-latest-1.service"
"docker-act-stable-latest-2.service"
]; ];
}; };
}; };

View File

@ -1,95 +0,0 @@
# Example configuration file, it's safe to copy this as the default config file without any modification.
# You don't have to copy this file to your instance,
# just run `./act_runner generate-config > config.yaml` to generate a config file.
log:
# The level of logging, can be trace, debug, info, warn, error, fatal
level: debug
runner:
# Where to store the registration result.
file: .runner
# Execute how many tasks concurrently at the same time.
capacity: 1
# Extra environment variables to run jobs.
envs:
A_TEST_ENV_NAME_1: a_test_env_value_1
A_TEST_ENV_NAME_2: a_test_env_value_2
# Extra environment variables to run jobs from a file.
# It will be ignored if it's empty or the file doesn't exist.
env_file: .env
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
timeout: 3h
# The timeout for the runner to wait for running jobs to finish when shutting down.
# Any running jobs that haven't finished after this timeout will be cancelled.
shutdown_timeout: 30m
# Whether skip verifying the TLS certificate of the Gitea instance.
insecure: false
# The timeout for fetching the job from the Gitea instance.
fetch_timeout: 5s
# The interval for fetching the job from the Gitea instance.
fetch_interval: 2s
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `daemon`, will use labels in `.runner` file.
labels:
- "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
- "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
- "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
#cache:
# Enable cache server to use actions/cache.
#enabled: true
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
#dir: ""
# The host of the cache server.
# It's not for the address to listen, but the address to connect from job containers.
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
#host: ""
# The port of the cache server.
# 0 means to use a random available port.
#port: 0
# The external cache server URL. Valid only when enable is true.
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# The URL should generally end with "/".
#external_server: ""
container:
# Specifies the network to which the container will connect.
# Could be host, bridge or the name of a custom network.
# If it's empty, act_runner will create a network automatically.
network: ""
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
options:
# The parent directory of a job's working directory.
# NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically.
# If the path starts with '/', the '/' will be trimmed.
# For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
# If it's empty, /workspace will be used.
workdir_parent:
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
# valid_volumes:
# - data
# - /src/*.json
# If you want to allow any volume, please use the following configuration:
# valid_volumes:
# - '**'
valid_volumes: []
# overrides the docker client host with the specified one.
# If it's empty, act_runner will find an available docker host automatically.
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
docker_host: ""
# Pull docker image(s) even if already present
force_pull: true
# Rebuild docker image(s) even if already present
force_rebuild: false
host:
# The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used.
workdir_parent:

View File

@ -122,7 +122,7 @@ let
cmd = lib.splitString " " "--concurrent 6 AmAnd0"; cmd = lib.splitString " " "--concurrent 6 AmAnd0";
}; };
inherit (lib.adev.container-utils) createTemplatedContainers; inherit (lib.rad-dev.container-utils) createTemplatedContainers;
vars = import ../vars.nix; vars = import ../vars.nix;
at_path = vars.primary_archiveteam; at_path = vars.primary_archiveteam;

View File

@ -9,31 +9,31 @@ let
divinejourney = "dj.alicehuston.xyz"; divinejourney = "dj.alicehuston.xyz";
rlcraft = "rlcraft.alicehuston.xyz"; rlcraft = "rlcraft.alicehuston.xyz";
arcanum-institute = "arcanum.alicehuston.xyz"; arcanum-institute = "arcanum.alicehuston.xyz";
# bcg-plus = "bcg.alicehuston.xyz"; bcg-plus = "bcg.alicehuston.xyz";
}; };
defaultServer = "rlcraft"; defaultServer = "rlcraft";
# defaultEnv = { defaultEnv = {
# EULA = "true"; EULA = "true";
# TYPE = "AUTO_CURSEFORGE"; TYPE = "AUTO_CURSEFORGE";
# STOP_SERVER_ANNOUNCE_DELAY = "120"; STOP_SERVER_ANNOUNCE_DELAY = "120";
# STOP_DURATION = "600"; STOP_DURATION = "600";
# SYNC_CHUNK_WRITES = "false"; SYNC_CHUNK_WRITES = "false";
# USE_AIKAR_FLAGS = "true"; USE_AIKAR_FLAGS = "true";
# MEMORY = "8GB"; MEMORY = "8GB";
# ALLOW_FLIGHT = "true"; ALLOW_FLIGHT = "true";
# MAX_TICK_TIME = "-1"; MAX_TICK_TIME = "-1";
# }; };
# defaultOptions = [ defaultOptions = [
# "--stop-signal=SIGTERM" "--stop-signal=SIGTERM"
# "--stop-timeout=1800" "--stop-timeout=1800"
# "--network=minecraft-net" "--network=minecraft-net"
# ]; ];
# vars = import ../vars.nix; vars = import ../vars.nix;
# minecraft_path = "${vars.primary_games}/minecraft"; minecraft_path = "${vars.primary_games}/minecraft";
in in
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
@ -46,7 +46,7 @@ in
cmd = [ cmd = [
( (
"--mapping=mc.alicehuston.xyz=${defaultServer}:25565" "--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
+ (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers) + (lib.rad-dev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
) )
]; ];
}; };
@ -67,24 +67,24 @@ in
# log-driver = "local"; # log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; # environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# }; # };
# bcg-plus = { bcg-plus = {
# image = "itzg/minecraft-server:java17"; image = "itzg/minecraft-server:java17";
# volumes = [ volumes = [
# "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro" "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
# "${minecraft_path}/bcg-plus/data:/data" "${minecraft_path}/bcg-plus/data:/data"
# ]; ];
# hostname = "bcg-plus"; hostname = "bcg-plus";
# environment = defaultEnv // { environment = defaultEnv // {
# VERSION = "1.17"; VERSION = "1.17";
# CF_SLUG = "bcg"; CF_SLUG = "bcg";
# DIFFICULTY = "normal"; DIFFICULTY = "normal";
# DEBUG = "true"; DEBUG = "true";
# # ENABLE_COMMAND_BLOCK = "true"; # ENABLE_COMMAND_BLOCK = "true";
# }; };
# extraOptions = defaultOptions; extraOptions = defaultOptions;
# log-driver = "local"; log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# }; };
}; };
sops = { sops = {

View File

@ -10,7 +10,7 @@ in
{ {
services.gitea = { services.gitea = {
enable = true; enable = true;
appName = "Nayeonie's Trove"; appName = "The Hearth";
database = { database = {
type = "postgres"; type = "postgres";
passwordFile = config.sops.secrets."gitea/dbpass".path; passwordFile = config.sops.secrets."gitea/dbpass".path;
@ -27,12 +27,6 @@ in
SSH_PORT = 2222; SSH_PORT = 2222;
SSH_LISTEN_PORT = 2223; SSH_LISTEN_PORT = 2223;
START_SSH_SERVER = true; START_SSH_SERVER = true;
PUBLIC_URL_DETECTION = "auto";
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_MERGE_STYLE = "rebase-merge";
}; };
service = { service = {
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;
@ -51,15 +45,6 @@ in
host = "192.168.76.2"; host = "192.168.76.2";
port = "8088"; port = "8088";
}; };
"storage.minio" = {
STORAGE_TYPE = "minio";
MINIO_ENDPOINT = "minio.nayeonie.com";
MINIO_BUCKET = "gitea";
MINIO_LOCATION = "us-east-1";
MINIO_USE_SSL = true;
MINIO_INSECURE_SKIP_VERIFY = false;
MINIO_BUCKET_LOOKUP_TYPE = "auto";
};
}; };
stateDir = base_path; stateDir = base_path;
lfs.enable = true; lfs.enable = true;
@ -75,6 +60,5 @@ in
sops.secrets = { sops.secrets = {
"gitea/dbpass".owner = "gitea"; "gitea/dbpass".owner = "gitea";
"gitea/minio".owner = "gitea";
}; };
} }

View File

@ -1,6 +1,7 @@
{ {
config, config,
inputs, lib,
pkgs,
... ...
}: }:
let let
@ -42,7 +43,6 @@ in
services = { services = {
hydra = { hydra = {
enable = true; enable = true;
package = inputs.hydra.packages.x86_64-linux.hydra;
hydraURL = "https://hydra.alicehuston.xyz"; hydraURL = "https://hydra.alicehuston.xyz";
smtpHost = "alicehuston.xyz"; smtpHost = "alicehuston.xyz";
notificationSender = "hydra@alicehuston.xyz"; notificationSender = "hydra@alicehuston.xyz";

View File

@ -19,9 +19,6 @@ in
enable = true; enable = true;
enableJIT = true; enableJIT = true;
package = pkgs.postgresql_16; package = pkgs.postgresql_16;
configurePgStatStatements = true;
enableAllPreloadedLibraries = true;
#preloadAllExtensions = true;
identMap = '' identMap = ''
# ArbitraryMapName systemUser DBUser # ArbitraryMapName systemUser DBUser
superuser_map root postgres superuser_map root postgres
@ -31,126 +28,13 @@ in
''; '';
# initialScript = config.sops.secrets."postgres/init".path; # initialScript = config.sops.secrets."postgres/init".path;
ensureDatabases = [ ensureDatabases = [ "atticd" ];
"atticd"
"alice"
];
ensureUsers = [ ensureUsers = [
{ {
name = "atticd"; name = "atticd";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{
name = "alice";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
]; ];
# Thank you NotAShelf
# https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
# commented out statements are likely overriden by pgtune settings
# https://pgtune.leopard.in.ua/?dbVersion=17&osType=linux&dbType=web&cpuNum=64&totalMemory=8&totalMemoryUnit=GB&connectionNum=1024&hdType=hdd
settings = {
# Connectivity;
# max_connections = 100;
superuser_reserved_connections = 3;
# Memory Settings;
#shared_buffers = "1024 MB";
#work_mem = "32 MB";
#maintenance_work_mem = "320 MB";
#huge_pages = "off";
#effective_cache_size = "2 GB";
#effective_io_concurrency = 100; # concurrent IO only really activated if OS supports posix_fadvise function;
#random_page_cost = 1.25; # speed of random disk access relative to sequential access (1.0);
# Monitoring;
#shared_preload_libraries = "pg_stat_statements,auto_explain"; # per statement resource usage stats & log explain statements for slow queries
track_io_timing = "on"; # measure exact block IO times;
track_functions = "pl"; # track execution times of pl-language procedures if any;
# Replication;
wal_level = "replica"; # consider using at least "replica";
max_wal_senders = 0;
synchronous_commit = "on";
# Checkpointing: ;
checkpoint_timeout = "15 min";
#checkpoint_completion_target = 0.9;
#max_wal_size = "1024 MB";
#min_wal_size = "512 MB";
# WAL writing;
wal_compression = "on";
wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default);
wal_writer_delay = "200ms";
wal_writer_flush_after = "1MB";
# Background writer;
bgwriter_delay = "200ms";
bgwriter_lru_maxpages = 100;
bgwriter_lru_multiplier = 2.0;
bgwriter_flush_after = 0;
# Parallel queries: ;
#max_worker_processes = 6;
#max_parallel_workers_per_gather = 3;
#max_parallel_maintenance_workers = 3;
#max_parallel_workers = 6;
parallel_leader_participation = "on";
# Advanced features ;
enable_partitionwise_join = "on";
enable_partitionwise_aggregate = "on";
jit = "on";
jit_above_cost = 100000;
jit_inline_above_cost = 150000;
jit_optimize_above_cost = 500000;
# log slow queries
log_min_duration_statement = 100;
"auto_explain.log_min_duration" = 100;
# logging configuration
log_connections = true;
log_statement = "all";
logging_collector = true;
log_disconnections = true;
# from pgtune
# DB Version: 17
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 8 GB
# CPUs num: 64
# Connections num: 1024
# Data Storage: hdd
max_connections = 1024;
shared_buffers = "2GB";
effective_cache_size = "6GB";
maintenance_work_mem = "512MB";
checkpoint_completion_target = 0.9;
#wal_buffers = "16MB"; allow auto-tuning as per above
default_statistics_target = 100;
random_page_cost = 4;
effective_io_concurrency = 2;
work_mem = "512kB";
huge_pages = "off";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 64;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 64;
max_parallel_maintenance_workers = 4;
};
refreshCollation = true; refreshCollation = true;
vacuumAnalyzeTimer.enable = true; vacuumAnalyzeTimer.enable = true;
@ -164,7 +48,6 @@ in
"hydra-send-stats" "hydra-send-stats"
"hydra-server" "hydra-server"
"atticd" "atticd"
"gitea"
]; ];
}; };
}; };

View File

@ -2,13 +2,14 @@
{ {
services.samba = { services.samba = {
enable = true; enable = true;
securityType = "user";
openFirewall = true; openFirewall = true;
settings = { settings = {
global = { global = {
security = "user";
"workgroup" = "WORKGROUP"; "workgroup" = "WORKGROUP";
"server string" = "palatine-hill"; "server string" = "palatine-hill";
"netbios name" = "palatine-hill"; "netbios name" = "palatine-hill";
"security" = "user";
#"use sendfile" = "yes"; #"use sendfile" = "yes";
#"max protocol" = "smb2"; #"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1 # note: localhost is the ipv6 localhost ::1

View File

@ -10,7 +10,6 @@ postgres:
init: ENC[AES256_GCM,data:trwA30EswHEPa6V2GuHsGgU4NK/j/UQveldwHng0Ilwyqh9aZCgF3axP48MmcciBssux8DZ4O5U=,iv:VC+tpG5yuiBE7pjZ85lYCwHG/bTePxeXQDz2zyLyLYA=,tag:5+jwWTv5T5YWwQpR58QfOA==,type:str] init: ENC[AES256_GCM,data:trwA30EswHEPa6V2GuHsGgU4NK/j/UQveldwHng0Ilwyqh9aZCgF3axP48MmcciBssux8DZ4O5U=,iv:VC+tpG5yuiBE7pjZ85lYCwHG/bTePxeXQDz2zyLyLYA=,tag:5+jwWTv5T5YWwQpR58QfOA==,type:str]
gitea: gitea:
dbpass: ENC[AES256_GCM,data:8jECcEJ8JnK7fztTckzLrQ==,iv:yQMp5VrierOKXwiop0NUA7Qbn2eH5iUCVlKppZwKLIQ=,tag:rI9WT7zLIaFxVcTu3ufW4g==,type:str] dbpass: ENC[AES256_GCM,data:8jECcEJ8JnK7fztTckzLrQ==,iv:yQMp5VrierOKXwiop0NUA7Qbn2eH5iUCVlKppZwKLIQ=,tag:rI9WT7zLIaFxVcTu3ufW4g==,type:str]
minio: ENC[AES256_GCM,data:LxY6AD+CZ9VQEl5FrG6o0XiOiizLcwiLiyH1WJD8mMCPWhDjGzt+k+YPOm1BpWzTZF8+2EoxR9oKFJu9mzTibl2Ieits0/RNwh1VdQALXw3FwfRym7CFS+Z5S8H9kGMoXWRrr+I5,iv:g/wq0r2HKfX2AwirT4hm/H1Ms/mtbf4ZuFLISikRyoI=,tag:he99s/WpKoN+lHR8r4K30w==,type:str]
upsmon: upsmon:
password: ENC[AES256_GCM,data:52Rxsh7KUq+aYjQORBC+Yq5B,iv:F05g/a5bv7DQ+eLlMqsNeRHLxzl7AyXU1zAlmFevQ6o=,tag:xkGDD3hDF+u5fUbP33OrlA==,type:str] password: ENC[AES256_GCM,data:52Rxsh7KUq+aYjQORBC+Yq5B,iv:F05g/a5bv7DQ+eLlMqsNeRHLxzl7AyXU1zAlmFevQ6o=,tag:xkGDD3hDF+u5fUbP33OrlA==,type:str]
minio: minio:
@ -28,9 +27,11 @@ acme:
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str] dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
server-validation: server-validation:
webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str] webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str]
typhon:
hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: | enc: |
@ -41,8 +42,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-30T04:36:41Z" lastmodified: "2025-03-04T04:53:14Z"
mac: ENC[AES256_GCM,data:fEsUt5g0/7j8IVgtXQ0thV93dxe6SGCglqeHdnaXFOjKcCUEFWUmi98M8X92hR9AJzscRK6wqzijd/AQBzl+GL2QtDYsn8qx9Nr0DBd6Gh1vi25eh5LtADm09COSae1THWuFLP7L1Qamyt+XzlBa7Xnrzfuzzp0s2/cZoxZiueU=,iv:VYzh833cMQwGmkB6QunRys0Eluz+0KGj8Y43B9icE9w=,tag:EWJSizBMTFZ0TZhncYe2Sw==,type:str] mac: ENC[AES256_GCM,data:MCucwVPGRMA/hGYS7mwSppkZAQ3wjHJnyeSvSI8YOOD0Xq7mvkMSvKctFHl6h4Cx3ubRvVHf5j35/NQxb+/VhhCPAHWDbqq9O2N0aWhAeybCu0IjruKrJhs76KsXJnNZ9REQQnS1/TNquuvj9FCoqDnrQcFs7M0KJ5m3eUU2h2k=,iv:ZJGJ8CTA8K5FnoKtbogleksB8wDcZtknO07M07Dmpsc=,tag:GMUXJD4U8KQgy9rvzEAMuw==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:56:39Z" - created_at: "2024-11-28T18:56:39Z"
enc: |- enc: |-
@ -57,4 +58,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.4

View File

@ -1,17 +0,0 @@
{ config, ... }:
let
vars = import ./vars.nix;
typhon_path = vars.primary_typhon;
in
{
services.typhon = {
enable = true;
hashedPasswordFile = config.sops.secrets."typhon/hashedPassword".path;
home = typhon_path;
};
sops.secrets = {
"typhon/hashedPassword".owner = "root";
};
}

View File

@ -80,6 +80,7 @@
# doom emacs dependencies # doom emacs dependencies
fd fd
ripgrep ripgrep
ruff-lsp
pyright pyright
# audit # audit
@ -89,9 +90,6 @@
nodejs_20 nodejs_20
nodePackages.prettier nodePackages.prettier
treefmt treefmt
gocryptfs
awscli2
]; ];
}; };

View File

@ -22,6 +22,3 @@
(setq! lsp-nix-nil-max-mem 20000) (setq! lsp-nix-nil-max-mem 20000)
(setq! lsp-nix-nil-formatter ["nixfmt"]) (setq! lsp-nix-nil-formatter ["nixfmt"])
;; (add-hook 'python-mode-hook (lambda ()
;; (require 'sphinx-doc)
;; (sphinx-doc-mode t)))

View File

@ -80,10 +80,3 @@
(package! pacdiff.el (package! pacdiff.el
:recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE"))) :recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE")))
;;(package! python-docstring-mode
;; :recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py")))
;;(package! sphinx-doc)
;; https://github.com/glyph/python-docstring-mode.git

View File

@ -3,7 +3,6 @@
{ {
programs.git = { programs.git = {
enable = true; enable = true;
lfs.enable = true;
signing = { signing = {
key = "5EFFB75F7C9B74EAA5C4637547940175096C1330"; key = "5EFFB75F7C9B74EAA5C4637547940175096C1330";
signByDefault = true; signByDefault = true;
@ -29,8 +28,6 @@
color.ui = true; color.ui = true;
init.defaultBranch = "main"; init.defaultBranch = "main";
format.signoff = true; format.signoff = true;
pack.windowMemory = "2g";
pack.packSizeLimit = "1g";
}; };
}; };
} }

View File

@ -1,9 +1,10 @@
{ lib, ... }: { ... }:
{ {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
# autosuggestion.enable = true;
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
plugins = [ plugins = [
@ -22,27 +23,7 @@
"z" "z"
]; ];
}; };
/* initExtra = ''
To specify the order, use lib.mkOrder.
Common order values:
500 (mkBefore): Early initialization (replaces initExtraFirst)
550: Before completion initialization (replaces initExtraBeforeCompInit)
1000 (default): General configuration (replaces initExtra)
1500 (mkAfter): Last to run configuration
To specify both content in Early initialization and General configuration, use lib.mkMerge.
e.g.
initContent = let zshConfigEarlyInit = lib.mkOrder 500 do something; zshConfig = lib.mkOrder 1000 do something; in lib.mkMerge [ zshConfigEarlyInit zshConfig ];
*/
initContent = lib.mkOrder 1000 ''
# functions # functions
function mount-data { function mount-data {
if [[ -f /home/alice/backup/.noconnection ]]; then if [[ -f /home/alice/backup/.noconnection ]]; then

View File

@ -2,15 +2,18 @@ alice:
user-password: ENC[AES256_GCM,data:+cM85X1vapqfQdJ+Dv6YvT5qHlvsmaXPRbvKRHtCkPT3wdw4f7tLHLFmvWnak7CRezI00PxVEtCZL5mqLyN2HaU4OqIk/9fgqczIzemwBlMGJt+ndwG4oqBqE0ymtzmy8MA59wonRqoxzYKQfAGQsprdCIovrg==,iv:BtSDBgvQeZdTY1KUClnt9V8qHcS/gouaaQw342tk4Sg=,tag:T7tzyKuCo83s78ca7f4KDQ==,type:str] user-password: ENC[AES256_GCM,data:+cM85X1vapqfQdJ+Dv6YvT5qHlvsmaXPRbvKRHtCkPT3wdw4f7tLHLFmvWnak7CRezI00PxVEtCZL5mqLyN2HaU4OqIk/9fgqczIzemwBlMGJt+ndwG4oqBqE0ymtzmy8MA59wonRqoxzYKQfAGQsprdCIovrg==,iv:BtSDBgvQeZdTY1KUClnt9V8qHcS/gouaaQw342tk4Sg=,tag:T7tzyKuCo83s78ca7f4KDQ==,type:str]
#ENC[AES256_GCM,data:6+dLs8opC27IrHJCPfL2c7KiLbaQTqI6oRKpIZLR4+P9gTupziAhCm/G7RY01gVPSgxdBpJ6L4xVbcMEg9hDKBMI4naF9arNrFsV6WXNc+LA5BYyT9L9G1nDea8fPFYDSF2537eLgLqWNE1WSsUOrz/WOxbE6g==,iv:AxsdKmGz6qEYlWY08q/2hqsm0EXaqodwD/7OJg4FAIY=,tag:EgfL3I1VBXtFgIdTOW5eBA==,type:comment] #ENC[AES256_GCM,data:6+dLs8opC27IrHJCPfL2c7KiLbaQTqI6oRKpIZLR4+P9gTupziAhCm/G7RY01gVPSgxdBpJ6L4xVbcMEg9hDKBMI4naF9arNrFsV6WXNc+LA5BYyT9L9G1nDea8fPFYDSF2537eLgLqWNE1WSsUOrz/WOxbE6g==,iv:AxsdKmGz6qEYlWY08q/2hqsm0EXaqodwD/7OJg4FAIY=,tag:EgfL3I1VBXtFgIdTOW5eBA==,type:comment]
#ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment] #ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment]
gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str] gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str]
wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str] wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str]
attic-nix-cache-creator: ENC[AES256_GCM,data:ygWuPJfFZQVHtJ83DfB7VB84PNF0knLkOwD4A67NMNp8pU9pA9lI56RSyKDkFd+qYRBSeEXSepbSOA+BhvQaCZiVEiao3LBlh7/6Sp5ni+Rdt3hGKcd+JRQyedEmTkg9h8NbtR6LvI90EiMhyVg6WLCzlGAtFFBcSvIqssrC/KDHCjd4uMzXeW23wUB40dU1PpwkLPtcNVvIzgxqYRsRPFOXZxGxQYGpBWtzDveqgmeLwavhU481wHfCwqpyXJZflbR+UzWdr+zbmSFdJadlLdHeooNGvRC+av0MK4YMCCgu1Em34IeawpiesFhhj/IVGa2xQWjXE0MF3SDLvlh5yMqNPodTZ7FAEZgD7rTYIbaH8JHiYbgI6v7/ANPcFqw2eKT7wVP8cTL1yPedcZcU,iv:J7JYA98NHxM0tExfUdjkir6/+tkOkPLMBNdjXBP9fbA=,tag:WaCWmrzLgr9lDUL+jxeMNA==,type:str] attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str]
attic-nix-cache-reader: ENC[AES256_GCM,data:78jJJh332XvFx29HxNW7CULMNMsQ2xMTCIIk5oX5AimBoFXXVH7z9EGFbDimwfaYlsPK6xuU+9mnCnhCjCoGFRX9GQbW+Z2D9TGMsBfe3eztbWlcJ++EkWSCbHKEIGKTF13aRGrKRIOjIy9Gl3qZt4BnZtQPFMOzQO8u80M116u3w4ttqz9rzaIrXWB6GIMI5lWF5rQe5ML1vDgvL2KNMNkPAAm5O1Fv887woVcqxbPhiNhJGXBSiPZpe3PG8wP6z0GTe/GhMTPCOlVJIdsxKnEaRaTSAtVazFos5zSMvLYYrbj6ISoS9tEQ6bFMy6xl,iv:dGDSTtsQlwElerRXpT97uapzOh766bysZTQMjUEEJnM=,tag:OQOYmQqKywdSjUUXnELdpQ==,type:str] attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str]
attic-nix-cache-writer: ENC[AES256_GCM,data:IIrGw+MtZEZqJdNGPryN5xKg7UOP+0kjzpthhyRdQz0P3yS/vThSaV+VuduQq5WgnaNjXLA6LBU+cufmVmvrkeTkZ281976sLTbYzrPCW/hCy1+w7qdv6vauaFsLqtnmWlHNwCIkXbUvQWq56WvP6m1PuYaUIFYn3SUprQ1du+X0buK1FUOhSH4HXfiqpNJOomLhok9M0Tyzn8yK5Fn1dzmJ8tsgBczzhWeZzsj4TuksFLV2r6NXzeQp2jWQkxv39Eg6Lf+0eaHxWQFR4s2uKYzwdsDOnpSmUgXFTzVB6RGAEpasKkVZ2NfG4GeUKBFPDVJoR6ilLZA=,iv:e58OGCbgLIIzKfBALtrsYmWg9Gp0nySNYsJ3X5IWp4I=,tag:bnwBipVK3BSOizg8twQ4lQ==,type:str] attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str]
attic-nix-cache-admin: ENC[AES256_GCM,data:xHJGeU4EUn1HRy2nIValiJ6iLZnYmmT6Njv/cGMh15Q0hJXKNBSsi8f0mAfLI7EX+GaC299VKh2uTlU25jptrAvogLxNJIc+LZBLsSkyGE/ojqqevHMKmZ/6eciLZRQL5ey9TM3V9HHyDOhGaFgdfawtwg/vyvbV13lZBKpqneAX9T3gPRuKRjV4/Uc/5cUckiOF8bQ50xVFN8Cql9HgGDJEGWgg4XUTPu5eYspof2EN63pYvU7wg6HD2begeLDvqc2/i2DIcsc0wqc5DgkY/dH2YtcssBtU8AR9vKpl+HmH/wvt6dfaEyZ7hF7ITGwWnOO6H2ko3SjYRfHkFK3XDmm1YRRjfkptnw==,iv:BdVgNyZ1azl5tKfH+RTeXuNV/rYY6hPvrareKlIXSeQ=,tag:/ar87eAjMod4TmQXoerNBQ==,type:str] attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str]
gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str] gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
gitea-pr-token: ENC[AES256_GCM,data:ybTya4X2wd65pNFSGbQkg73lu66GNtSba4yf8J6tT8XkuOtfvtBS4g==,iv:39mJiAlw4kud4l06jOpxOCRumChE/5q8IBNsPHG1rMc=,tag:MEvHD2b9E3fVHLlz7haNyw==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: | enc: |
@ -39,8 +42,8 @@ sops:
ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6 ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q== 7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-07T23:43:57Z" lastmodified: "2025-03-18T22:08:52Z"
mac: ENC[AES256_GCM,data:ygQzxSpGJqXwkOq7jGDeflA2FTSSxnre/PXm0LxmxzQQW5s7LeIVSI75fMqWir0WU3Pi/xroYGEWjpCG6JvxV5RiJycTONk8VE7c3jtw3AbrHSS0b1K5tJ+Sf+q3rHJFWWk/COrPk8IsRFNb+taqH4jnaH3AAVNo5u0C1CHKMes=,iv:FO2GVDXE8SjjA81/9cDwc+dX8kJ2oHt5kqkhNBuMb54=,tag:hgzRAmsh32SCvJEvKyV+vg==,type:str] mac: ENC[AES256_GCM,data:3Hr8FyzfZvvtyusqdDOjggDGFlBwyOq2VND+/jtNbY5i5JPK+qTkamn98IKkcHSPooaIVzEAek91fZDo90mYRhCzEwfbLATmFXPHsZHUg+5nD8VzcNUWQDb2/ey4RPhzTMtXfY9v9wdIcTdBKYKSZ61puptSX8nJ2S74ag6B5AY=,iv:J+VxUvwWE496DqTsVXdlpxgkf8zGT9uDvt6RLrmc0n0=,tag:X2Qg3DDzOTBDqo+6eQPHvw==,type:str]
pgp: pgp:
- created_at: "2024-09-05T06:10:22Z" - created_at: "2024-09-05T06:10:22Z"
enc: |- enc: |-
@ -55,4 +58,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.1 version: 3.9.4

View File

@ -10,4 +10,4 @@ set -e
script_path=$(dirname "$(readlink -f $0)") script_path=$(dirname "$(readlink -f $0)")
parent_path=$(dirname "$script_path") parent_path=$(dirname "$script_path")
nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --compare-drvs --allow-import-from-derivation --compare-output-to-file "$parent_path" nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --compare-drvs --compare-output-to-file "$parent_path"

View File

@ -16,4 +16,4 @@ script_path=$(dirname "$(readlink -f $0)")
parent_path=$(dirname "$script_path") parent_path=$(dirname "$script_path")
out_path="$parent_path/$1.json" out_path="$parent_path/$1.json"
nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --evaluate --allow-import-from-derivation --json "$out_path" "$parent_path" nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --evaluate --json "$out_path" "$parent_path"

View File

@ -1,33 +0,0 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#python3 --command python
import logging
def inject_diff():
source_file = 'post-diff'
target_file = 'pr_body.md'
placeholder = "nix-diff-placeholder"
logging.info(f"injecting '{source_file}' into '{target_file}' using '{placeholder}' as a placeholder")
out = []
with open(source_file,'r') as src:
src_content = src.read()
if len(src_content) > 60000:
logging.warning(f"{source_file} is longer than 60k characters, truncating")
src_content = src_content[:60000]
with open(target_file,'r') as tgt:
for line in tgt.readlines():
if placeholder in line:
out.append(line.replace(placeholder,src_content))
else:
out.append(line)
with open(target_file,'w') as tgt:
tgt.writelines(out)
if __name__ == "__main__":
logging.basicConfig( level=logging.INFO)
inject_diff()