Compare commits
11 Commits
feature/he
...
e0a6001fca
| Author | SHA1 | Date | |
|---|---|---|---|
| e0a6001fca | |||
| a659e705cc | |||
| 97902cf783 | |||
| 215ad66a21 | |||
| cb57885e8f | |||
| e70b7c0e92 | |||
| cb9f93f611 | |||
| 51ddf3dc92 | |||
| 909af41db0 | |||
| 2331cb36ce | |||
| 8b0b25207e |
13
.github/workflows/cleanup-pr-action.yml
vendored
Normal file
13
.github/workflows/cleanup-pr-action.yml
vendored
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
name: delete branch on close pr
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
types: [closed]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
delete-branch:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: delete branch
|
||||||
|
uses: SvanBoxel/delete-merged-branch@main
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_FOR_PRS }}
|
||||||
@ -14,9 +14,7 @@ to onboard a new user or system.
|
|||||||
|
|
||||||
Although we are not actively looking for new members to join in on this repo,
|
Although we are not actively looking for new members to join in on this repo,
|
||||||
we are not strictly opposed. Please reach out to
|
we are not strictly opposed. Please reach out to
|
||||||
[@ahuston-0](https://github.com/ahuston-0) or
|
[@ahuston-0](https://nayeonie.com/ahuston-0) for further information.
|
||||||
[@RichieCahill](https://github.com/RichieCahill)
|
|
||||||
for further information.
|
|
||||||
|
|
||||||
## Repo Structure
|
## Repo Structure
|
||||||
|
|
||||||
|
|||||||
@ -107,8 +107,7 @@ rules.
|
|||||||
We allow secrets to be embedded in the repository using `sops-nix`. As part of
|
We allow secrets to be embedded in the repository using `sops-nix`. As part of
|
||||||
the process everything is encrypted, however adding a new user is a change
|
the process everything is encrypted, however adding a new user is a change
|
||||||
that every existing SOPS user needs to participate in. Please reach out to
|
that every existing SOPS user needs to participate in. Please reach out to
|
||||||
[@ahuston-0](https://github.com/ahuston-0) or
|
[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested
|
||||||
[@RichieCahill](https://github.com/RichieCahill) if you are interested
|
|
||||||
in using secrets on your machines.
|
in using secrets on your machines.
|
||||||
|
|
||||||
## CI/CD
|
## CI/CD
|
||||||
|
|||||||
@ -121,7 +121,7 @@ fi
|
|||||||
DOTS="/mnt/root/dotfiles"
|
DOTS="/mnt/root/dotfiles"
|
||||||
GC="git -C $DOTS"
|
GC="git -C $DOTS"
|
||||||
sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
|
sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
|
||||||
sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
|
sudo $GC clone https://nayeonie.com/ahuston-0/nix-dotfiles.git .
|
||||||
sudo $GC checkout "$FEATUREBRANCH"
|
sudo $GC checkout "$FEATUREBRANCH"
|
||||||
|
|
||||||
# Create ssh keys
|
# Create ssh keys
|
||||||
@ -179,4 +179,4 @@ Host github.com
|
|||||||
IdentityFile /root/.ssh/id_ed25519_ghdeploy
|
IdentityFile /root/.ssh/id_ed25519_ghdeploy
|
||||||
EOF
|
EOF
|
||||||
printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
|
printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
|
||||||
sudo "$GC" remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'
|
sudo "$GC" remote set-url origin 'ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git'
|
||||||
|
|||||||
@ -19,6 +19,7 @@
|
|||||||
];
|
];
|
||||||
trusted-users = [ "root" ];
|
trusted-users = [ "root" ];
|
||||||
allow-import-from-derivation = true;
|
allow-import-from-derivation = true;
|
||||||
|
fallback = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
@ -136,7 +137,7 @@
|
|||||||
systems = [
|
systems = [
|
||||||
"x86_64-linux"
|
"x86_64-linux"
|
||||||
# disable arm for now as hydra isn't set up for it
|
# disable arm for now as hydra isn't set up for it
|
||||||
# "aarch64-linux"
|
# "aarch64-linuxa
|
||||||
];
|
];
|
||||||
|
|
||||||
forEachSystem = lib.genAttrs systems;
|
forEachSystem = lib.genAttrs systems;
|
||||||
@ -152,7 +153,7 @@
|
|||||||
lib = self;
|
lib = self;
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
inherit (lib.rad-dev.systems) genSystems getImages;
|
inherit (lib.adev.systems) genSystems getImages;
|
||||||
inherit (self) outputs; # for hydra
|
inherit (self) outputs; # for hydra
|
||||||
in
|
in
|
||||||
rec {
|
rec {
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
{ lib, ... }:
|
{ lib, ... }:
|
||||||
{
|
{
|
||||||
# create rad-dev namespace for lib
|
# create adev namespace for lib
|
||||||
rad-dev = rec {
|
adev = rec {
|
||||||
systems = import ./systems.nix { inherit lib; };
|
systems = import ./systems.nix { inherit lib; };
|
||||||
container-utils = import ./container-utils.nix { inherit lib; };
|
container-utils = import ./container-utils.nix { inherit lib; };
|
||||||
|
|
||||||
|
|||||||
@ -176,7 +176,7 @@ rec {
|
|||||||
(configPath + "/configuration.nix")
|
(configPath + "/configuration.nix")
|
||||||
]
|
]
|
||||||
++ modules
|
++ modules
|
||||||
++ (lib.rad-dev.fileList (src + "/modules"))
|
++ (lib.adev.fileList (src + "/modules"))
|
||||||
++ genWrapper sops genSops args
|
++ genWrapper sops genSops args
|
||||||
++ genWrapper home genHome args
|
++ genWrapper home genHome args
|
||||||
++ genWrapper true genUsers args
|
++ genWrapper true genUsers args
|
||||||
@ -222,7 +222,7 @@ rec {
|
|||||||
// import configPath { inherit inputs; }
|
// import configPath { inherit inputs; }
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
) (lib.rad-dev.lsdir path)
|
) (lib.adev.lsdir path)
|
||||||
);
|
);
|
||||||
|
|
||||||
# gets all the images of a specified format
|
# gets all the images of a specified format
|
||||||
|
|||||||
@ -61,7 +61,7 @@ in
|
|||||||
lib.mkIf cfg.enable {
|
lib.mkIf cfg.enable {
|
||||||
environment.systemPackages =
|
environment.systemPackages =
|
||||||
[ pkgs.git ]
|
[ pkgs.git ]
|
||||||
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
|
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [
|
||||||
pkgs.openssh
|
pkgs.openssh
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|||||||
@ -1,10 +1,10 @@
|
|||||||
{ lib, config, ... }:
|
{ lib, config, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.rad-dev.k3s-net;
|
cfg = config.services.adev.k3s-net;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
services.rad-dev.k3s-net = {
|
services.adev.k3s-net = {
|
||||||
enable = lib.mkOption {
|
enable = lib.mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
example = true;
|
example = true;
|
||||||
|
|||||||
@ -5,11 +5,11 @@
|
|||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
cfg = config.services.rad-dev.yubikey;
|
cfg = config.services.adev.yubikey;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
services.rad-dev.yubikey = {
|
services.adev.yubikey = {
|
||||||
enable = lib.mkEnableOption "enable yubikey defaults";
|
enable = lib.mkEnableOption "enable yubikey defaults";
|
||||||
enable-desktop-app = lib.mkEnableOption "installs desktop application";
|
enable-desktop-app = lib.mkEnableOption "installs desktop application";
|
||||||
};
|
};
|
||||||
|
|||||||
@ -38,7 +38,7 @@ forEachSystem (
|
|||||||
};
|
};
|
||||||
|
|
||||||
# constructs a custom shell with commonly used utilities
|
# constructs a custom shell with commonly used utilities
|
||||||
rad-dev = pkgs.mkShell {
|
adev = pkgs.mkShell {
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
deadnix
|
deadnix
|
||||||
pre-commit
|
pre-commit
|
||||||
@ -56,7 +56,7 @@ forEachSystem (
|
|||||||
default = pkgs.mkShell {
|
default = pkgs.mkShell {
|
||||||
inputsFrom = [
|
inputsFrom = [
|
||||||
pre-commit
|
pre-commit
|
||||||
rad-dev
|
adev
|
||||||
sops
|
sops
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|||||||
@ -75,7 +75,7 @@
|
|||||||
fprintd.enable = lib.mkForce false;
|
fprintd.enable = lib.mkForce false;
|
||||||
openssh.enable = lib.mkForce false;
|
openssh.enable = lib.mkForce false;
|
||||||
|
|
||||||
rad-dev.yubikey = {
|
adev.yubikey = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enable-desktop-app = true;
|
enable-desktop-app = true;
|
||||||
};
|
};
|
||||||
|
|||||||
@ -122,7 +122,7 @@ let
|
|||||||
cmd = lib.splitString " " "--concurrent 6 AmAnd0";
|
cmd = lib.splitString " " "--concurrent 6 AmAnd0";
|
||||||
|
|
||||||
};
|
};
|
||||||
inherit (lib.rad-dev.container-utils) createTemplatedContainers;
|
inherit (lib.adev.container-utils) createTemplatedContainers;
|
||||||
|
|
||||||
vars = import ../vars.nix;
|
vars = import ../vars.nix;
|
||||||
at_path = vars.primary_archiveteam;
|
at_path = vars.primary_archiveteam;
|
||||||
|
|||||||
@ -46,7 +46,7 @@ in
|
|||||||
cmd = [
|
cmd = [
|
||||||
(
|
(
|
||||||
"--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
|
"--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
|
||||||
+ (lib.rad-dev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
|
+ (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
|
||||||
)
|
)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|||||||
@ -90,6 +90,8 @@
|
|||||||
nodejs_20
|
nodejs_20
|
||||||
nodePackages.prettier
|
nodePackages.prettier
|
||||||
treefmt
|
treefmt
|
||||||
|
|
||||||
|
gocryptfs
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -9,11 +9,8 @@ alice:
|
|||||||
attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str]
|
attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str]
|
||||||
attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str]
|
attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str]
|
||||||
gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
|
gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
|
||||||
|
gitea-pr-token: ENC[AES256_GCM,data:ybTya4X2wd65pNFSGbQkg73lu66GNtSba4yf8J6tT8XkuOtfvtBS4g==,iv:39mJiAlw4kud4l06jOpxOCRumChE/5q8IBNsPHG1rMc=,tag:MEvHD2b9E3fVHLlz7haNyw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
age:
|
||||||
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
|
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
|
||||||
enc: |
|
enc: |
|
||||||
@ -42,8 +39,8 @@ sops:
|
|||||||
ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
|
ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
|
||||||
7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
|
7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-03-26T15:28:13Z"
|
lastmodified: "2025-04-02T04:59:28Z"
|
||||||
mac: ENC[AES256_GCM,data:BfEahKHAcnLc/PSagENBIVwxufJrjpMSC6U4hkkxNwcEJYDNAlrF0w00aiexLeX+UfVGIw19+SrNL5zuecEf+GaYzYNy9RE3c66KUM2B/cpuBuzkiwLaBCTfcWr7k8dW11BGFCmugRSG4w6wXKG5B/LyEKB6Vcvp0JRbCYSqZSY=,iv:97UzvdvQCtTLaLDrg6VEwiofHtSPGtaxuPLHfTAyIFA=,tag:r4r45OaV9ZRDzd56RGLFZw==,type:str]
|
mac: ENC[AES256_GCM,data:lzOiHCCAm9rlzD04UbrPi6UZ3TM12jffqHKVaI0jdAEsRgFSdtz9AE4HiDS7FHv8daKVgBMgPgmQiRvEXvnouFjgKBYvoMRSav+Zogo1lR3KEnkPsOg+BRz07GsU4wQDyU4Df7cCCVLeLxUBT/AX7no8u4TOOwKjsyYmJbbJjd0=,iv:8mJ43fMFHltVQ4fQe2lQRK9eSb2/7TzUBaIr1tKOjYM=,tag:hGBkAvZ+Glg8PkNqzB+KCw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-09-05T06:10:22Z"
|
- created_at: "2024-09-05T06:10:22Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
@ -58,4 +55,4 @@ sops:
|
|||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
|
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.4
|
version: 3.10.0
|
||||||
|
|||||||
Reference in New Issue
Block a user