Merge pull request 'add cleanup action' (#77) from feature/pr-cleanup into main

Reviewed-on: #77

.github/workflows/cleanup-pr-action.yml

@@ -0,0 +1,13 @@
+name: delete branch on close pr
+on: 
+  pull_request:
+    types: [closed]
+  
+jobs:
+  delete-branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: delete branch
+        uses: SvanBoxel/delete-merged-branch@main
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN_FOR_PRS  }}

README.md

@@ -14,9 +14,7 @@ to onboard a new user or system.
 
 Although we are not actively looking for new members to join in on this repo,
 we are not strictly opposed. Please reach out to
-[@ahuston-0](https://github.com/ahuston-0) or
-[@RichieCahill](https://github.com/RichieCahill)
-for further information.
+[@ahuston-0](https://nayeonie.com/ahuston-0) for further information.
 
 ## Repo Structure
 

disko/hetzner.nix

@@ -1,47 +0,0 @@
-# USAGE in your configuration.nix.
-# Update devices to match your hardware.
-# {
-#  imports = [ ./disko-config.nix ];
-#  disko.devices.disk.main.device = "/dev/sda";
-# }
-{
-  disko.devices = {
-    disk = {
-      main = {
-        type = "disk";
-        content = {
-          type = "gpt";
-          partitions = {
-            ESP = {
-              type = "EF00";
-              size = "500M";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [ "umask=0077" ];
-              };
-              priority = 1;
-            };
-            root = {
-              end = "-1G";
-              content = {
-                type = "filesystem";
-                format = "ext4";
-                mountpoint = "/";
-              };
-            };
-            encryptedSwap = {
-              size = "1G";
-              content = {
-                type = "swap";
-                randomEncryption = true;
-                priority = 100; # prefer to encrypt as long as we have space for it
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-}

docs/CONTRIBUTING.md

@@ -107,8 +107,7 @@ rules.
 We allow secrets to be embedded in the repository using `sops-nix`. As part of
 the process everything is encrypted, however adding a new user is a change
 that every existing SOPS user needs to participate in. Please reach out to
-[@ahuston-0](https://github.com/ahuston-0) or
-[@RichieCahill](https://github.com/RichieCahill) if you are interested
+[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested
 in using secrets on your machines.
 
 ## CI/CD

docs/sample-setup.sh

@@ -121,7 +121,7 @@ fi
 DOTS="/mnt/root/dotfiles"
 GC="git -C $DOTS"
 sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
-sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
+sudo $GC clone https://nayeonie.com/ahuston-0/nix-dotfiles.git .
 sudo $GC checkout "$FEATUREBRANCH"
 
 # Create ssh keys
@@ -179,4 +179,4 @@ Host github.com
         IdentityFile /root/.ssh/id_ed25519_ghdeploy
 EOF
 printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
-sudo "$GC" remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'
+sudo "$GC" remote set-url origin 'ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git'

flake.lock

@@ -67,27 +67,6 @@
         "type": "github"
       }
     },
-    "disko": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1736864502,
-        "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",
-        "owner": "nix-community",
-        "repo": "disko",
-        "rev": "0141aabed359f063de7413f80d906e1d98c0c123",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "latest",
-        "repo": "disko",
-        "type": "github"
-      }
-    },
     "firefox-addons": {
       "inputs": {
         "flake-utils": [
@@ -646,7 +625,6 @@
     },
     "root": {
       "inputs": {
-        "disko": "disko",
         "firefox-addons": "firefox-addons",
         "flake-compat": "flake-compat",
         "flake-parts": "flake-parts",

flake.nix

@@ -19,6 +19,7 @@
     ];
     trusted-users = [ "root" ];
     allow-import-from-derivation = true;
+    fallback = true;
   };
 
   inputs = {
@@ -40,12 +41,6 @@
     #     flake-parts.follows = "flake-parts";
     #   };
     # };
-    disko = {
-      url = "github:nix-community/disko/latest";
-      inputs = {
-        nixpkgs.follows = "nixpkgs";
-      };
-    };
 
     firefox-addons = {
       url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
@@ -142,7 +137,7 @@
       systems = [
         "x86_64-linux"
         # disable arm for now as hydra isn't set up for it
-        # "aarch64-linux"
+        # "aarch64-linuxa
       ];
 
       forEachSystem = lib.genAttrs systems;
@@ -158,7 +153,7 @@
           lib = self;
         }
       );
-      inherit (lib.rad-dev.systems) genSystems getImages;
+      inherit (lib.adev.systems) genSystems getImages;
       inherit (self) outputs; # for hydra
     in
     rec {

lib/default.nix

@@ -1,7 +1,7 @@
 { lib, ... }:
 {
-  # create rad-dev namespace for lib
-  rad-dev = rec {
+  # create adev namespace for lib
+  adev = rec {
     systems = import ./systems.nix { inherit lib; };
     container-utils = import ./container-utils.nix { inherit lib; };
 

lib/systems.nix

@@ -176,7 +176,7 @@ rec {
           (configPath + "/configuration.nix")
         ]
         ++ modules
-        ++ (lib.rad-dev.fileList (src + "/modules"))
+        ++ (lib.adev.fileList (src + "/modules"))
         ++ genWrapper sops genSops args
         ++ genWrapper home genHome args
         ++ genWrapper true genUsers args
@@ -222,7 +222,7 @@ rec {
             // import configPath { inherit inputs; }
           );
         }
-      ) (lib.rad-dev.lsdir path)
+      ) (lib.adev.lsdir path)
     );
 
   # gets all the images of a specified format

modules/autopull.nix

@@ -61,7 +61,7 @@ in
     lib.mkIf cfg.enable {
       environment.systemPackages =
         [ pkgs.git ]
-        ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
+        ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [
           pkgs.openssh
         ];
 

modules/kub_net.nix

@@ -1,10 +1,10 @@
 { lib, config, ... }:
 let
-  cfg = config.services.rad-dev.k3s-net;
+  cfg = config.services.adev.k3s-net;
 in
 {
   options = {
-    services.rad-dev.k3s-net = {
+    services.adev.k3s-net = {
       enable = lib.mkOption {
         default = false;
         example = true;

modules/yubikey.nix

@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.services.rad-dev.yubikey;
+  cfg = config.services.adev.yubikey;
 in
 {
   options = {
-    services.rad-dev.yubikey = {
+    services.adev.yubikey = {
       enable = lib.mkEnableOption "enable yubikey defaults";
       enable-desktop-app = lib.mkEnableOption "installs desktop application";
     };

shell.nix

@@ -38,7 +38,7 @@ forEachSystem (
     };
 
     # constructs a custom shell with commonly used utilities
-    rad-dev = pkgs.mkShell {
+    adev = pkgs.mkShell {
       packages = with pkgs; [
         deadnix
         pre-commit
@@ -56,7 +56,7 @@ forEachSystem (
     default = pkgs.mkShell {
       inputsFrom = [
         pre-commit
-        rad-dev
+        adev
         sops
       ];
     };

systems/artemision/configuration.nix

@@ -75,7 +75,7 @@
     fprintd.enable = lib.mkForce false;
     openssh.enable = lib.mkForce false;
 
-    rad-dev.yubikey = {
+    adev.yubikey = {
       enable = true;
       enable-desktop-app = true;
     };

systems/hetzner-bridge/configuration.nix

@@ -1,28 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-{
-  imports = [
-    ../../disko/hetzner.nix
-    ./networking.nix
-  ];
-  disko.devices.disk.main.device = "scsi-0QEMU_QEMU_HARDDISK_55513992";
-
-  boot = {
-    useSystemdBoot = true;
-  };
-
-  virtualisation.docker.enable = false;
-  services = {
-    locate.enable = false;
-    endlessh-go.enable = false;
-  };
-
-  #hardware.enableAllFirmware = true;
-
-  system.stateVersion = "24.05";
-}

systems/hetzner-bridge/default.nix

@@ -1,8 +0,0 @@
-{ inputs, ... }:
-{
-  users = [ "alice" ];
-  modules = [
-    # inputs.attic.nixosModules.atticd
-    inputs.disko.nixosModules.disko
-  ];
-}

systems/hetzner-bridge/hardware.nix

@@ -1,39 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot = {
-    initrd.availableKernelModules = [
-      "ahci"
-      "xhci_pci"
-      "virtio_pci"
-      "virtio_scsi"
-      "sd_mod"
-      "sr_mod"
-    ];
-    initrd.kernelModules = [ ];
-    kernelModules = [ ];
-    extraModulePackages = [ ];
-  };
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  # networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}

systems/hetzner-bridge/networking.nix

@@ -1,19 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-{
-  networking.useDHCP = false;
-
-  systemd.network = {
-    enable = true;
-    networks."10-wan" = {
-      #matchConfig.Name = "enp1s0"; # either ens3 or enp1s0 depending on system, check 'ip addr'
-      matchConfig.Name = "ether";
-      networkConfig.DHCP = "ipv4";
-    };
-  };
-}

systems/palatine-hill/docker/archiveteam.nix

@@ -122,7 +122,7 @@ let
     cmd = lib.splitString " " "--concurrent 6 AmAnd0";
 
   };
-  inherit (lib.rad-dev.container-utils) createTemplatedContainers;
+  inherit (lib.adev.container-utils) createTemplatedContainers;
 
   vars = import ../vars.nix;
   at_path = vars.primary_archiveteam;

systems/palatine-hill/docker/minecraft.nix

@@ -46,7 +46,7 @@ in
       cmd = [
         (
           "--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
-          + (lib.rad-dev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
+          + (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
         )
       ];
     };

users/alice/home.nix

@@ -90,6 +90,8 @@
       nodejs_20
       nodePackages.prettier
       treefmt
+
+      gocryptfs
     ];
   };
 

users/alice/secrets.yaml

@@ -9,11 +9,8 @@ alice:
     attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str]
     attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str]
     gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
+    gitea-pr-token: ENC[AES256_GCM,data:ybTya4X2wd65pNFSGbQkg73lu66GNtSba4yf8J6tT8XkuOtfvtBS4g==,iv:39mJiAlw4kud4l06jOpxOCRumChE/5q8IBNsPHG1rMc=,tag:MEvHD2b9E3fVHLlz7haNyw==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
           enc: |
@@ -42,8 +39,8 @@ sops:
             ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
             7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-26T15:28:13Z"
-    mac: ENC[AES256_GCM,data:BfEahKHAcnLc/PSagENBIVwxufJrjpMSC6U4hkkxNwcEJYDNAlrF0w00aiexLeX+UfVGIw19+SrNL5zuecEf+GaYzYNy9RE3c66KUM2B/cpuBuzkiwLaBCTfcWr7k8dW11BGFCmugRSG4w6wXKG5B/LyEKB6Vcvp0JRbCYSqZSY=,iv:97UzvdvQCtTLaLDrg6VEwiofHtSPGtaxuPLHfTAyIFA=,tag:r4r45OaV9ZRDzd56RGLFZw==,type:str]
+    lastmodified: "2025-04-02T04:59:28Z"
+    mac: ENC[AES256_GCM,data:lzOiHCCAm9rlzD04UbrPi6UZ3TM12jffqHKVaI0jdAEsRgFSdtz9AE4HiDS7FHv8daKVgBMgPgmQiRvEXvnouFjgKBYvoMRSav+Zogo1lR3KEnkPsOg+BRz07GsU4wQDyU4Df7cCCVLeLxUBT/AX7no8u4TOOwKjsyYmJbbJjd0=,iv:8mJ43fMFHltVQ4fQe2lQRK9eSb2/7TzUBaIr1tKOjYM=,tag:hGBkAvZ+Glg8PkNqzB+KCw==,type:str]
     pgp:
         - created_at: "2024-09-05T06:10:22Z"
           enc: |-
@@ -58,4 +55,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.0

utils/hetzner-install.sh

@@ -1,27 +0,0 @@
-#!/usr/bin/env nix
-#! nix shell nixpkgs#bash nixpkgs#git --command bash
-
-set -o errexit   # abort on nonzero exitstatus
-set -o nounset   # abort on unbound variable
-set -o pipefail  # don't hide errors within pipes
-
-MACHINENAME="hetzner-bridge"
-
-sudo mkdir /root/.ssh
-sudo chmod 700 /root/.ssh
-sudo ssh-keygen -t ed25519 -o -a 100 -f "/root/.ssh/id_ed25519_giteadeploy" -q -N "" -C "$MACHINENAME" || echo "key already exists"
-
-sudo cat /root/.ssh/id_ed25519_giteadeploy.pub
-
-sudo ssh-keygen -A
-
-nix --extra-experimental-features 'flakes nix-command' shell nixpkgs#git
-nix --extra-experimental-features 'flakes nix-command' store gc
-FLAKE="git+ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles?ref=feature/hetzner-bridge#hetzner-bridge"
-DISK_DEVICE=/dev/sda
-sudo nix \
-    --extra-experimental-features 'flakes nix-command' \
-    run github:nix-community/disko#disko-install -- \
-    --flake "$FLAKE" \
-    --write-efi-boot-entries \
-    --disk main "$DISK_DEVICE"

utils/hetzner-nixos-anywhere.sh

@@ -1,35 +0,0 @@
-#!/usr/bin/env nix
-#! nix shell nixpkgs#bash nixpkgs#mktemp nixpkgs#openssh nixpkgs#nixos-anywhere nixpkgs#sops --command bash
-
-echoerr() { printf "%s\n" "$*" >&2; }
-
-if (( $# != 1 )); then
-    echoerr "usage: $0 <hostname>"
-fi
-
-HOSTNAME=$1
-
-# Create a temporary directory
-temp=$(mktemp -d)
-
-# Function to cleanup temporary directory on exit
-cleanup() {
-  rm -rf "$temp"
-}
-trap cleanup EXIT
-
-# Create the directory where sshd expects to find the host keys
-install -d -m755 "$temp/etc/ssh"
-
-# Create host keys
-ssh-keygen -A -f "$temp/etc/ssh/"
-
-# Set the correct permissions so sshd will accept the key
-chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
-
-AGEKEY=$(ssh-to-age < "$temp/etc/ssh/ssh_host_ed25519_key.pub")
-
-echo "$AGEKEY" | tee "./$HOSTNAME.age"
-
-# Install NixOS to the host system with our secrets
-nixos-anywhere --extra-files "$temp" --flake '.#your-host' root@yourip