From 9de9cdeab379c7aee3ec9dcc5755abb246bb6fdc Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 25 Jan 2025 22:31:01 -0500 Subject: [PATCH 01/22] add attic action, attic token script Signed-off-by: ahuston-0 --- .github/workflows/flake-health-checks.yml | 7 ++++- .github/workflows/flake-update.yml | 7 ++++- .github/workflows/nix-fmt.yml | 7 ++++- utils/attic-token.bash | 31 +++++++++++++++++++++++ 4 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 utils/attic-token.bash diff --git a/.github/workflows/flake-health-checks.yml b/.github/workflows/flake-health-checks.yml index 6fd56c1..d7445a7 100644 --- a/.github/workflows/flake-health-checks.yml +++ b/.github/workflows/flake-health-checks.yml @@ -15,6 +15,11 @@ jobs: os: [ubuntu-latest] steps: - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ secrets.ATTIC_ENDPOINT }} + cache: ${{ secrets.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} - uses: actions/checkout@v4 - run: nix flake check --accept-flake-config diff --git a/.github/workflows/flake-update.yml b/.github/workflows/flake-update.yml index cdc8180..394ce9d 100644 --- a/.github/workflows/flake-update.yml +++ b/.github/workflows/flake-update.yml @@ -21,7 +21,12 @@ jobs: extra_nix_config: | experimental-features = nix-command flakes install_url: https://releases.nixos.org/nix/nix-2.19.0/install - - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ secrets.ATTIC_ENDPOINT }} + cache: ${{ secrets.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} - name: Calculate pre-drv run: nix ./utils/eval-to-drv.sh pre # - name: Pull latest docker images diff --git a/.github/workflows/nix-fmt.yml b/.github/workflows/nix-fmt.yml index 374ea92..e2c2e3e 100644 --- a/.github/workflows/nix-fmt.yml +++ b/.github/workflows/nix-fmt.yml @@ -12,6 +12,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ secrets.ATTIC_ENDPOINT }} + cache: ${{ secrets.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} - uses: actions/checkout@v4 - run: nix fmt -- --check . diff --git a/utils/attic-token.bash b/utils/attic-token.bash new file mode 100644 index 0000000..ff7f8fd --- /dev/null +++ b/utils/attic-token.bash @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +cache="" +cache_pattern="" +token_type="" + +case $token_type in + "cache-creator") + atticd-atticadm make-token --sub "$cache-cache-creator" --validity "1y" \ + --pull "$cache_pattern" --push "$cache_pattern" --delete "$cache_pattern" \ + --create-cache "$cache_pattern" --configure-cache "$cache_pattern" \ + --configure-cache-retention "$cache_pattern" --destroy-cache "$cache_pattern" + ;; + "admin") + atticd-atticadm make-token --sub "$cache-admin" --validity "1y" --pull "$cache_pattern" \ + --push "$cache_pattern" --configure-cache "$cache_pattern" \ + --configure-cache-pattern "$cache_pattern" + ;; + "writer") + atticd-atticadm make-token --sub "$cache-writer" --validity "1y" --pull "$cache_pattern" \ + --push "$cache_pattern" + ;; + "reader") + atticd-atticadm make-token --sub "$cache-reader" --validity "1y" --pull "$cache_pattern" + ;; + *) + echo "invalid token type: $token_type" + echo "available options: cache-creator, admin, writer, reader" + exit 1 + ;; +esac -- 2.48.1 From ac7806abe647001f178fe2cebc1344aa052211e9 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 25 Jan 2025 22:32:19 -0500 Subject: [PATCH 02/22] fix mode on attic token Signed-off-by: ahuston-0 --- utils/attic-token.bash | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 utils/attic-token.bash diff --git a/utils/attic-token.bash b/utils/attic-token.bash old mode 100644 new mode 100755 -- 2.48.1 From 330abb3b7e70446c9dde9f6cb62c2c53b5e3af08 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 25 Jan 2025 22:37:10 -0500 Subject: [PATCH 03/22] accept cli args for attic token Signed-off-by: ahuston-0 --- utils/attic-token.bash | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/utils/attic-token.bash b/utils/attic-token.bash index ff7f8fd..4b2febf 100755 --- a/utils/attic-token.bash +++ b/utils/attic-token.bash @@ -1,8 +1,13 @@ #!/usr/bin/env bash -cache="" -cache_pattern="" -token_type="" +if (( $# != 3 )); then + echo "usage: $0 " + exit 1 +fi + +cache="$1" +cache_pattern="$2" +token_type="$3" case $token_type in "cache-creator") -- 2.48.1 From f91129a8482b0854662442f4969ff137de78f971 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 25 Jan 2025 23:06:20 -0500 Subject: [PATCH 04/22] attic firewall Signed-off-by: ahuston-0 --- systems/palatine-hill/firewall.nix | 3 +++ users/alice/secrets.yaml | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/systems/palatine-hill/firewall.nix b/systems/palatine-hill/firewall.nix index d6033a1..c772c7f 100644 --- a/systems/palatine-hill/firewall.nix +++ b/systems/palatine-hill/firewall.nix @@ -18,6 +18,9 @@ 2222 2223 8088 + + # attic + 8183 ]; } diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index ad47251..0acff66 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -4,6 +4,7 @@ alice: #ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment] gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str] wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str] + attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str] sops: kms: [] gcp_kms: [] @@ -37,8 +38,8 @@ sops: ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6 7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-20T23:15:03Z" - mac: ENC[AES256_GCM,data:VnLd4N2l7JTKA7f4eh9EKilW2f8mmEmLc06WbHASOn6N+MIGPHwyLjLbPVECuXiVl95cs0+uWsFOPEbLiS6XTB/gZE1OZMYqk0x7FVkQNxMdWwcVAQnncC6i/cdBTAx+GW1iF6Cf2eLY1wNNiASk/Bz8u3r4UJ4QFXuMovPsfxw=,iv:Cr1bAYrwlK+ClRFDsiUdEIqXDU7onubthDEQDlTM3S4=,tag:EyfcNB0xKrFRjbp517akpg==,type:str] + lastmodified: "2025-01-26T03:38:29Z" + mac: ENC[AES256_GCM,data:7opEqsDGhbm0qcvtjiRLHCoGgJ5WciP1Tke95mGG5fKFerFy1yu2DGPpwb73kwOBKTNWO+CEQsn6NV42b0st4GQ9iaQ5IV5B/bkXFJXLj6NXIxoUpixGuyhrNt3V5ihlQhZFCWCeTBL/jc1iKk1+UWpksqNpzXpQhXaUpDFPuF8=,iv:8VXadmafRYu+qC3/4L7r8DSe0K0oZYltwdixnPpnPhE=,tag:AH8SGCBZI+eoFp007RcSrg==,type:str] pgp: - created_at: "2024-09-05T06:10:22Z" enc: |- @@ -53,4 +54,4 @@ sops: -----END PGP MESSAGE----- fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.9.3 -- 2.48.1 From 9f4cca6f07322cb220e8cfb3f2e4ae347c69dc1a Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 25 Jan 2025 23:17:18 -0500 Subject: [PATCH 05/22] add attic back in Signed-off-by: ahuston-0 --- flake.lock | 74 +++++++++++++++++++++++++++++++ flake.nix | 22 ++++----- systems/palatine-hill/default.nix | 2 +- utils/attic-token.bash | 2 +- 4 files changed, 88 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 06c990a..5228a3e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,57 @@ { "nodes": { + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1731270564, + "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "47752427561f1c34debb16728a210d378f0ece36", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "owner": "ipetkov", + "repo": "crane", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "firefox-addons": { "inputs": { "flake-utils": [ @@ -138,6 +190,27 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -302,6 +375,7 @@ }, "root": { "inputs": { + "attic": "attic", "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "flake-parts": "flake-parts", diff --git a/flake.nix b/flake.nix index 0b33a2f..864b6f8 100644 --- a/flake.nix +++ b/flake.nix @@ -5,15 +5,17 @@ substituters = [ "https://cache.nixos.org/?priority=1&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true" + "https://attic.alicehuston.xyz/nix-cache" ]; trusted-substituters = [ "https://cache.nixos.org" - "https://attic.alicehuston.xyz/cache-nix-dot" "https://nix-community.cachix.org" + "https://attic.alicehuston.xyz/nix-cache" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs=" ]; trusted-users = [ "root" ]; }; @@ -27,15 +29,15 @@ nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; systems.url = "github:nix-systems/default"; - # attic = { - # url = "github:zhaofengli/attic"; - # inputs = { - # nixpkgs.follows = "nixpkgs"; - # nixpkgs-stable.follows = "nixpkgs-stable"; - # flake-compat.follows = "flake-compat"; - # flake-parts.follows = "flake-parts"; - # }; - # }; + attic = { + url = "github:zhaofengli/attic"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; + flake-compat.follows = "flake-compat"; + flake-parts.follows = "flake-parts"; + }; + }; firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; diff --git a/systems/palatine-hill/default.nix b/systems/palatine-hill/default.nix index d469ee0..fe22604 100644 --- a/systems/palatine-hill/default.nix +++ b/systems/palatine-hill/default.nix @@ -2,6 +2,6 @@ { users = [ "alice" ]; modules = [ - # inputs.attic.nixosModules.atticd + inputs.attic.nixosModules.atticd ]; } diff --git a/utils/attic-token.bash b/utils/attic-token.bash index 4b2febf..650ca5b 100755 --- a/utils/attic-token.bash +++ b/utils/attic-token.bash @@ -19,7 +19,7 @@ case $token_type in "admin") atticd-atticadm make-token --sub "$cache-admin" --validity "1y" --pull "$cache_pattern" \ --push "$cache_pattern" --configure-cache "$cache_pattern" \ - --configure-cache-pattern "$cache_pattern" + --configure-cache-retention "$cache_pattern" ;; "writer") atticd-atticadm make-token --sub "$cache-writer" --validity "1y" --pull "$cache_pattern" \ -- 2.48.1 From eaf77103f2d610fc0beed08816ae7d814ca73e58 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 25 Jan 2025 23:17:41 -0500 Subject: [PATCH 06/22] add attic tokens Signed-off-by: ahuston-0 --- users/alice/secrets.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index 0acff66..1103242 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -5,6 +5,9 @@ alice: gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str] wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str] attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str] + attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str] + attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str] + attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str] sops: kms: [] gcp_kms: [] @@ -38,8 +41,8 @@ sops: ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6 7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-26T03:38:29Z" - mac: ENC[AES256_GCM,data:7opEqsDGhbm0qcvtjiRLHCoGgJ5WciP1Tke95mGG5fKFerFy1yu2DGPpwb73kwOBKTNWO+CEQsn6NV42b0st4GQ9iaQ5IV5B/bkXFJXLj6NXIxoUpixGuyhrNt3V5ihlQhZFCWCeTBL/jc1iKk1+UWpksqNpzXpQhXaUpDFPuF8=,iv:8VXadmafRYu+qC3/4L7r8DSe0K0oZYltwdixnPpnPhE=,tag:AH8SGCBZI+eoFp007RcSrg==,type:str] + lastmodified: "2025-01-26T04:17:36Z" + mac: ENC[AES256_GCM,data:BJ5d3iqdIBwqtnYOYfmsFqnJDXz67uzJ4UKWrjVUEgr4Nc95tE8mEyV40poZk/wAJGJMSDdRhsPmZI4H1xztkjkTsUCUJ2rR+SZ6gP1VhSEXu7bSvv63+bnajZQi9kZrfN0EZN8TLzzVHVvSVHcNEfbq9STWkZq6zCk9E2cUfhk=,iv:MQ/lQkNi/S3bfz1PegcVfwy06RsxdQwZIU6sdOjkhgU=,tag:l5tK1SUwjTolliPkbfNDHg==,type:str] pgp: - created_at: "2024-09-05T06:10:22Z" enc: |- -- 2.48.1 From 18e7779880d06a201868e7a265eab469f8a937f6 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 25 Jan 2025 23:34:56 -0500 Subject: [PATCH 07/22] remove attic import Signed-off-by: ahuston-0 --- flake.nix | 18 +++++++++--------- systems/artemision/programs.nix | 1 + systems/palatine-hill/default.nix | 2 +- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 864b6f8..bec683c 100644 --- a/flake.nix +++ b/flake.nix @@ -29,15 +29,15 @@ nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; systems.url = "github:nix-systems/default"; - attic = { - url = "github:zhaofengli/attic"; - inputs = { - nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs-stable"; - flake-compat.follows = "flake-compat"; - flake-parts.follows = "flake-parts"; - }; - }; + # attic = { + # url = "github:zhaofengli/attic"; + # inputs = { + # nixpkgs.follows = "nixpkgs"; + # nixpkgs-stable.follows = "nixpkgs-stable"; + # flake-compat.follows = "flake-compat"; + # flake-parts.follows = "flake-parts"; + # }; + # }; firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; diff --git a/systems/artemision/programs.nix b/systems/artemision/programs.nix index 982ed58..6695404 100644 --- a/systems/artemision/programs.nix +++ b/systems/artemision/programs.nix @@ -3,6 +3,7 @@ environment.systemPackages = with pkgs; [ act alacritty + attic-client amdgpu_top bat bitwarden-cli diff --git a/systems/palatine-hill/default.nix b/systems/palatine-hill/default.nix index fe22604..d469ee0 100644 --- a/systems/palatine-hill/default.nix +++ b/systems/palatine-hill/default.nix @@ -2,6 +2,6 @@ { users = [ "alice" ]; modules = [ - inputs.attic.nixosModules.atticd + # inputs.attic.nixosModules.atticd ]; } -- 2.48.1 From 8d3ff73fdc0808b512c39c3b439435c1e5e6263f Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 00:27:09 -0500 Subject: [PATCH 08/22] fix api endpoint Signed-off-by: ahuston-0 --- systems/palatine-hill/attic/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/palatine-hill/attic/default.nix b/systems/palatine-hill/attic/default.nix index e061931..35c3aa5 100644 --- a/systems/palatine-hill/attic/default.nix +++ b/systems/palatine-hill/attic/default.nix @@ -19,7 +19,7 @@ settings = { listen = "[::]:8183"; allowed-hosts = [ "attic.alicehuston.xyz" ]; - api-endpoint = "https://attic.alicehuston.xyz"; + api-endpoint = "https://attic.alicehuston.xyz/"; compression.type = "none"; # let ZFS do the compressing database = { url = "postgres://atticd?host=/run/postgresql"; -- 2.48.1 From 5d8604262430809b27a8d131ca40e6b0cee0a152 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 00:39:51 -0500 Subject: [PATCH 09/22] add minecraft Signed-off-by: ahuston-0 --- systems/palatine-hill/docker/default.nix | 2 +- systems/palatine-hill/docker/minecraft.nix | 20 ++++++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/systems/palatine-hill/docker/default.nix b/systems/palatine-hill/docker/default.nix index cfa3eb7..40ca5ce 100644 --- a/systems/palatine-hill/docker/default.nix +++ b/systems/palatine-hill/docker/default.nix @@ -15,7 +15,7 @@ #./foundry.nix ./glances.nix # ./haproxy.nix - # ./minecraft.nix + ./minecraft.nix ./nextcloud.nix # ./postgres.nix # ./restic.nix diff --git a/systems/palatine-hill/docker/minecraft.nix b/systems/palatine-hill/docker/minecraft.nix index 6a6f120..4f702f3 100644 --- a/systems/palatine-hill/docker/minecraft.nix +++ b/systems/palatine-hill/docker/minecraft.nix @@ -9,6 +9,7 @@ let divinejourney = "dj.alicehuston.xyz"; rlcraft = "rlcraft.alicehuston.xyz"; arcanum-institute = "arcanum.alicehuston.xyz"; + bcg-plus = "bcg.alicehuston.xyz"; }; defaultServer = "rlcraft"; @@ -28,7 +29,6 @@ let defaultOptions = [ "--stop-signal=SIGTERM" "--stop-timeout=30m" - "--restart=unless-stopped" "--network=minecraft-net" ]; @@ -40,7 +40,6 @@ in mc-router = { image = "itzg/mc-router:latest"; extraOptions = [ - "--restart=always" "--network=haproxy-net" "--network=minecraft-net" ]; @@ -68,6 +67,23 @@ in log-driver = "local"; environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; }; + bcg-plus = { + image = "itzg/minecraft-server:java17"; + volumes = [ + "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro" + "${minecraft_path}/bcg-plus/data:/data" + ]; + hostname = "bcg-plus"; + environment = defaultEnv // { + VERSION = "1.17"; + CF_SLUG = "bcg"; + DIFFICULTY = "normal"; + # ENABLE_COMMAND_BLOCK = "true"; + }; + extraOptions = defaultOptions; + log-driver = "local"; + environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; + }; }; sops = { -- 2.48.1 From 26d006991ff3b5e5859b420791031718cb8b0a24 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 00:44:43 -0500 Subject: [PATCH 10/22] add minecraft secrets Signed-off-by: ahuston-0 --- systems/palatine-hill/secrets.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index bdfae2d..6ada028 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -16,6 +16,7 @@ minio: credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str] loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str] docker: + minecraft: ENC[AES256_GCM,data:nmgGj3qIvv+CzeVBN9Hnp5kX6pf2d2UnPJ2QLBmWInUVvV2IISsDnruG0qpdRRIRWhfDWwKbzBZ1g7LyY4iWsCpmyW0epIdQ0dFe7/I=,iv:TwSHn5gkPZGwKNBkWUq1uIGywFaIfDqmN0XvsXEop6M=,tag:MyJ4kCWjESo2j3Rc9z+QNw==,type:str] foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str] nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] @@ -39,8 +40,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-30T05:36:05Z" - mac: ENC[AES256_GCM,data:WkcqAulJAH4tUkjz5pao90rsy48cO12ipb9I/BS8/t9PR6/TIvfBORQ7JBA0/R5djfsYl1WqWTPMzBCYzLz5Os2CmJzGyd7oB70BJE9FG9xysb10I63KDRRWcRaq8KZN/0gdSZi3J1kJAKFp/3j1O68UPn8wacwRL1Sl2Za0ZVk=,iv:Kce1zXjr9LFfiffzPAKu4NzCEv4gBgXr2J/6ZNlu4Wc=,tag:p9UItj4J7bRG6Zs0iiOLug==,type:str] + lastmodified: "2025-01-26T05:44:31Z" + mac: ENC[AES256_GCM,data:EnYSbhVqz2do6j7LCChDmQav4htW6YOarFKzIYS8O3evyz0WszA9nuLBs9c2QDpYDm7lM9N2ueca5yTANlWYOMrY5jHNhpA7MiHDv4yIBflIANo4JsdV1zvATU3BCyR/sNUpONgP2lbxXTvSPnR9E1XKaoUDqjvdwiXl9/xQzb4=,iv:YCBFyTaEbP4wOY0e3j4wIwI7Iz74o8hMQbrTD3geTDA=,tag:cHBi1eFeD+ySodQ+8Piz9w==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |- @@ -55,4 +56,4 @@ sops: -----END PGP MESSAGE----- fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.3 -- 2.48.1 From de9ca058b66333666098ff5f3496506c9066a615 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 00:46:53 -0500 Subject: [PATCH 11/22] oops disable rlcraft Signed-off-by: ahuston-0 --- systems/palatine-hill/docker/minecraft.nix | 34 +++++++++++----------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/systems/palatine-hill/docker/minecraft.nix b/systems/palatine-hill/docker/minecraft.nix index 4f702f3..bd8a015 100644 --- a/systems/palatine-hill/docker/minecraft.nix +++ b/systems/palatine-hill/docker/minecraft.nix @@ -50,23 +50,23 @@ in ) ]; }; - rlcraft = { - image = "itzg/minecraft-server:java8"; - volumes = [ - "${minecraft_path}/rlcraft/modpacks:/modpacks:ro" - "${minecraft_path}/rlcraft/data:/data" - ]; - hostname = "rlcraft"; - environment = defaultEnv // { - VERSION = "1.12.2"; - CF_SLUG = "rlcraft"; - DIFFICULTY = "hard"; - ENABLE_COMMAND_BLOCK = "true"; - }; - extraOptions = defaultOptions; - log-driver = "local"; - environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; - }; + # rlcraft = { + # image = "itzg/minecraft-server:java8"; + # volumes = [ + # "${minecraft_path}/rlcraft/modpacks:/modpacks:ro" + # "${minecraft_path}/rlcraft/data:/data" + # ]; + # hostname = "rlcraft"; + # environment = defaultEnv // { + # VERSION = "1.12.2"; + # CF_SLUG = "rlcraft"; + # DIFFICULTY = "hard"; + # ENABLE_COMMAND_BLOCK = "true"; + # }; + # extraOptions = defaultOptions; + # log-driver = "local"; + # environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; + # }; bcg-plus = { image = "itzg/minecraft-server:java17"; volumes = [ -- 2.48.1 From 2daa9fbc44045d8fb180d19955343332624ffc58 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 00:53:58 -0500 Subject: [PATCH 12/22] fix timeout Signed-off-by: ahuston-0 --- systems/palatine-hill/docker/minecraft.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/palatine-hill/docker/minecraft.nix b/systems/palatine-hill/docker/minecraft.nix index bd8a015..401d241 100644 --- a/systems/palatine-hill/docker/minecraft.nix +++ b/systems/palatine-hill/docker/minecraft.nix @@ -28,7 +28,7 @@ let defaultOptions = [ "--stop-signal=SIGTERM" - "--stop-timeout=30m" + "--stop-timeout=1800" "--network=minecraft-net" ]; -- 2.48.1 From edc355bde329607af4dc61c088dceb731589e454 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 01:00:20 -0500 Subject: [PATCH 13/22] rotate Signed-off-by: ahuston-0 --- systems/palatine-hill/secrets.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 6ada028..20bf0aa 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -16,7 +16,7 @@ minio: credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str] loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str] docker: - minecraft: ENC[AES256_GCM,data:nmgGj3qIvv+CzeVBN9Hnp5kX6pf2d2UnPJ2QLBmWInUVvV2IISsDnruG0qpdRRIRWhfDWwKbzBZ1g7LyY4iWsCpmyW0epIdQ0dFe7/I=,iv:TwSHn5gkPZGwKNBkWUq1uIGywFaIfDqmN0XvsXEop6M=,tag:MyJ4kCWjESo2j3Rc9z+QNw==,type:str] + minecraft: ENC[AES256_GCM,data:GPzXof4qCcBvGsCkTj3HqevfiWtsV7cQf3j4txLMdRcP7Yf8DPnI7F0OoXfTCxS6ztRdiOTFqLOm3X11t7XrrgXUiGKCVU15Grs=,iv:slp2fWa1+6HL98/mgLGu0eiXhOGkL/zWdh7hv7Gbqtk=,tag:0FWYbAd5004oUZnhkOTnTQ==,type:str] foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str] nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] @@ -40,8 +40,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-26T05:44:31Z" - mac: ENC[AES256_GCM,data:EnYSbhVqz2do6j7LCChDmQav4htW6YOarFKzIYS8O3evyz0WszA9nuLBs9c2QDpYDm7lM9N2ueca5yTANlWYOMrY5jHNhpA7MiHDv4yIBflIANo4JsdV1zvATU3BCyR/sNUpONgP2lbxXTvSPnR9E1XKaoUDqjvdwiXl9/xQzb4=,iv:YCBFyTaEbP4wOY0e3j4wIwI7Iz74o8hMQbrTD3geTDA=,tag:cHBi1eFeD+ySodQ+8Piz9w==,type:str] + lastmodified: "2025-01-26T05:58:13Z" + mac: ENC[AES256_GCM,data:MMX+3Wj2iT3NfD9Fc9Tzn1AVYjGcMkqmM32Oq/Qe3z/qRaKWytN5oqDgoQua30hQrmooVAQwuLUlo8oeoliFg0Vy+brV62drjro02gwfjCuF+fvZQ5L7FyB4zd7jIoCKjVuyo018pBl5gVytS0NUESS/Awo1UC+Rj4GVFDXnjHA=,iv:tXzGb6mbUxklPfZrV3F5Z8n2k3TC8gYdp8gGlbFZKSM=,tag:JqR64UEhIOp+Ha6qrcN7nA==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |- -- 2.48.1 From 9e86dd50782e8bdd48c5033ca22f8cfa57dfa672 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 01:01:08 -0500 Subject: [PATCH 14/22] remove attic input Signed-off-by: ahuston-0 --- flake.lock | 74 ------------------------------------------------------ 1 file changed, 74 deletions(-) diff --git a/flake.lock b/flake.lock index 5228a3e..06c990a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,57 +1,5 @@ { "nodes": { - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": [ - "flake-compat" - ], - "flake-parts": [ - "flake-parts" - ], - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1731270564, - "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "47752427561f1c34debb16728a210d378f0ece36", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "repo": "attic", - "type": "github" - } - }, - "crane": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", - "owner": "ipetkov", - "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "firefox-addons": { "inputs": { "flake-utils": [ @@ -190,27 +138,6 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -375,7 +302,6 @@ }, "root": { "inputs": { - "attic": "attic", "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "flake-parts": "flake-parts", -- 2.48.1 From aea6a9ed51ff3daa30c3415cc95d0912ee17a32f Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 01:05:55 -0500 Subject: [PATCH 15/22] idk Signed-off-by: ahuston-0 --- systems/palatine-hill/secrets.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 20bf0aa..3f52b65 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -16,7 +16,7 @@ minio: credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str] loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str] docker: - minecraft: ENC[AES256_GCM,data:GPzXof4qCcBvGsCkTj3HqevfiWtsV7cQf3j4txLMdRcP7Yf8DPnI7F0OoXfTCxS6ztRdiOTFqLOm3X11t7XrrgXUiGKCVU15Grs=,iv:slp2fWa1+6HL98/mgLGu0eiXhOGkL/zWdh7hv7Gbqtk=,tag:0FWYbAd5004oUZnhkOTnTQ==,type:str] + minecraft: ENC[AES256_GCM,data:zugJ8dYUHEC/7MEAzyO9BOXWzvtCYoy1waf43zyROi4frOMdtPx1Yt9Zl9eJgbDDMe3epej0mmi7BfjTQDfYUlXv8uNLoD6xRIw3DaI=,iv:L2Asz8nodSwLyJV5xUQKcYcxcRwgy/73hCIrM5SzTwI=,tag:81aWs2rpWnm9/0i2hhK+Yg==,type:str] foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str] nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] @@ -40,8 +40,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-26T05:58:13Z" - mac: ENC[AES256_GCM,data:MMX+3Wj2iT3NfD9Fc9Tzn1AVYjGcMkqmM32Oq/Qe3z/qRaKWytN5oqDgoQua30hQrmooVAQwuLUlo8oeoliFg0Vy+brV62drjro02gwfjCuF+fvZQ5L7FyB4zd7jIoCKjVuyo018pBl5gVytS0NUESS/Awo1UC+Rj4GVFDXnjHA=,iv:tXzGb6mbUxklPfZrV3F5Z8n2k3TC8gYdp8gGlbFZKSM=,tag:JqR64UEhIOp+Ha6qrcN7nA==,type:str] + lastmodified: "2025-01-26T06:05:49Z" + mac: ENC[AES256_GCM,data:0xqdvQ9b99kEl00T6AJz+pBDmtfdrz/62TJr33KS1h2rmOHwBLeuwSCpkmi3Cx+0YhcbJyTlecj1TfpRlbBX2L8v/OhBXkuYa2gUsFerjk4Q93u/RdRqyzv94yLbUHtgmMoxZW90M+Vj3P+lC9/OINFIEEMLFCPYi5cV7x/o9Tc=,iv:KNAoCacDfz54cyb+MgJ9IbZa2wXFHBayCk/LF2wuNts=,tag:sVAXggj6b5PHxY3jK3ZVQw==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |- -- 2.48.1 From bdc8c56d60b123282755bcc8b9c7e7ca100f7a7d Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 01:09:04 -0500 Subject: [PATCH 16/22] ugh Signed-off-by: ahuston-0 --- systems/palatine-hill/docker/minecraft.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/palatine-hill/docker/minecraft.nix b/systems/palatine-hill/docker/minecraft.nix index 401d241..141fbe0 100644 --- a/systems/palatine-hill/docker/minecraft.nix +++ b/systems/palatine-hill/docker/minecraft.nix @@ -78,6 +78,7 @@ in VERSION = "1.17"; CF_SLUG = "bcg"; DIFFICULTY = "normal"; + DEBUG = "true"; # ENABLE_COMMAND_BLOCK = "true"; }; extraOptions = defaultOptions; -- 2.48.1 From 400986b2e3f89daadbea55c9e4eb34a2e99f128e Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 11:14:41 -0500 Subject: [PATCH 17/22] more cf --- systems/palatine-hill/secrets.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 3f52b65..90cd8f0 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -16,7 +16,7 @@ minio: credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str] loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str] docker: - minecraft: ENC[AES256_GCM,data:zugJ8dYUHEC/7MEAzyO9BOXWzvtCYoy1waf43zyROi4frOMdtPx1Yt9Zl9eJgbDDMe3epej0mmi7BfjTQDfYUlXv8uNLoD6xRIw3DaI=,iv:L2Asz8nodSwLyJV5xUQKcYcxcRwgy/73hCIrM5SzTwI=,tag:81aWs2rpWnm9/0i2hhK+Yg==,type:str] + minecraft: ENC[AES256_GCM,data:2k/m0ksnE92fACxQuBlOO72b19T7Nbnr58ezRddmKUVvePEgrdSnIsR3sh7PnmzwmG/ez0WTD+NKbtkQmRMDQ25vruA8gCf8Ig==,iv:X2SUidKTNAPZfbyiXFKprUbAhBxJcbF5bz+YTy4nuEA=,tag:AAvLXO888r9XvtnNfQgCpA==,type:str] foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str] nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] @@ -40,8 +40,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-26T06:05:49Z" - mac: ENC[AES256_GCM,data:0xqdvQ9b99kEl00T6AJz+pBDmtfdrz/62TJr33KS1h2rmOHwBLeuwSCpkmi3Cx+0YhcbJyTlecj1TfpRlbBX2L8v/OhBXkuYa2gUsFerjk4Q93u/RdRqyzv94yLbUHtgmMoxZW90M+Vj3P+lC9/OINFIEEMLFCPYi5cV7x/o9Tc=,iv:KNAoCacDfz54cyb+MgJ9IbZa2wXFHBayCk/LF2wuNts=,tag:sVAXggj6b5PHxY3jK3ZVQw==,type:str] + lastmodified: "2025-01-26T16:14:28Z" + mac: ENC[AES256_GCM,data:U8jDmNzZBnTqS+Ru5vf0KdQPYtSsyUuLq3ugLI4z1d8BrDvEWCLHCjLkr7QoTnrd3qlcCfSBQKb3934C/vAMo/4vaJ7lsoCj4F0d/YCakW22FEhV8Jn3snZYrDpLk0mu9vIZ7U6M1Au7s+jYhYz/X5kORUs+YlYNuqAnt46B4vE=,iv:OFucEOgsoYPGOe1+hzWYI+wpu65BHCW2atcfufl9mNs=,tag:VumO9W8r/Mvv2+X00bqIWQ==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |- -- 2.48.1 From c7411635f741ce0c07bef90815c8cea92ab963e1 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 12:00:51 -0500 Subject: [PATCH 18/22] add optional attic push Signed-off-by: ahuston-0 --- .github/workflows/flake-health-checks.yml | 2 ++ utils/attic-push.bash | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100755 utils/attic-push.bash diff --git a/.github/workflows/flake-health-checks.yml b/.github/workflows/flake-health-checks.yml index d7445a7..dcd7145 100644 --- a/.github/workflows/flake-health-checks.yml +++ b/.github/workflows/flake-health-checks.yml @@ -21,5 +21,7 @@ jobs: endpoint: ${{ secrets.ATTIC_ENDPOINT }} cache: ${{ secrets.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} + skip-push: "true" - uses: actions/checkout@v4 - run: nix flake check --accept-flake-config + - run: nix ./utils/attic-push.bash diff --git a/utils/attic-push.bash b/utils/attic-push.bash new file mode 100755 index 0000000..a98efb5 --- /dev/null +++ b/utils/attic-push.bash @@ -0,0 +1,22 @@ +#!/usr/bin/env nix +#! nix shell nixpkgs#bash nixpkgs#jq nixpkgs#gnused nixpkgs#nixVersions.latest nixpkgs#attic-client --command bash + +set -x +set -v +set -e + +# retrieve all paths under 100M +nix_paths=$(nix path-info --json --all --closure-size \ + | jq 'map_values(.closureSize | select(. < 1e8)) | to_entries | sort_by(.value)' \ + | jq 'map(.key) | join("\n")' | sed 's/\\n/\n/g') + +readarray -t nix_path_array < <(echo "$nix_paths") + +batchsize=10 + +for((i=0; i < ${#nix_path_array[@]}; i+=batchsize)) +do + part=( "${nix_path_array[@]:i:batchsize}" ) + + attic push "${part[@]}" +done -- 2.48.1 From 9263ddff59a35830f21ec1b0fbc33b273345f079 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 12:19:08 -0500 Subject: [PATCH 19/22] fix attic array Signed-off-by: ahuston-0 --- utils/attic-push.bash | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/attic-push.bash b/utils/attic-push.bash index a98efb5..fc452fc 100755 --- a/utils/attic-push.bash +++ b/utils/attic-push.bash @@ -8,7 +8,7 @@ set -e # retrieve all paths under 100M nix_paths=$(nix path-info --json --all --closure-size \ | jq 'map_values(.closureSize | select(. < 1e8)) | to_entries | sort_by(.value)' \ - | jq 'map(.key) | join("\n")' | sed 's/\\n/\n/g') + | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g') readarray -t nix_path_array < <(echo "$nix_paths") @@ -18,5 +18,5 @@ for((i=0; i < ${#nix_path_array[@]}; i+=batchsize)) do part=( "${nix_path_array[@]:i:batchsize}" ) - attic push "${part[@]}" + attic push nix-cache "${part[@]}" done -- 2.48.1 From b794dbda7bb80049b372a90f045b0f548ce5329e Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 12:27:30 -0500 Subject: [PATCH 20/22] increase batch size Signed-off-by: ahuston-0 --- utils/attic-push.bash | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/attic-push.bash b/utils/attic-push.bash index fc452fc..1855eb2 100755 --- a/utils/attic-push.bash +++ b/utils/attic-push.bash @@ -1,8 +1,8 @@ #!/usr/bin/env nix #! nix shell nixpkgs#bash nixpkgs#jq nixpkgs#gnused nixpkgs#nixVersions.latest nixpkgs#attic-client --command bash -set -x -set -v +#set -x +#set -v set -e # retrieve all paths under 100M @@ -12,7 +12,7 @@ nix_paths=$(nix path-info --json --all --closure-size \ readarray -t nix_path_array < <(echo "$nix_paths") -batchsize=10 +batchsize=1000 for((i=0; i < ${#nix_path_array[@]}; i+=batchsize)) do -- 2.48.1 From 70cbb2fdeeb0e0ce0a0eb703101c425472165368 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 12:43:05 -0500 Subject: [PATCH 21/22] add more action runners Signed-off-by: ahuston-0 --- systems/palatine-hill/docker/act-runner.nix | 86 ++++++++++++++++----- 1 file changed, 67 insertions(+), 19 deletions(-) diff --git a/systems/palatine-hill/docker/act-runner.nix b/systems/palatine-hill/docker/act-runner.nix index be6476a..dbecaf1 100644 --- a/systems/palatine-hill/docker/act-runner.nix +++ b/systems/palatine-hill/docker/act-runner.nix @@ -8,27 +8,75 @@ let act_path = vars.primary_act; in { - virtualisation.oci-containers.containers.act-stable-latest-1 = { - image = "gitea/act_runner:latest"; - extraOptions = [ - "--stop-signal=SIGINT" - ]; - labels = { - "com.centurylinklabs.watchtower.enable" = "true"; - "com.centurylinklabs.watchtower.scope" = "act-runner"; + virtualisation.oci-containers.containers = { + act-stable-latest-1 = { + image = "gitea/act_runner:latest"; + extraOptions = [ + "--stop-signal=SIGINT" + ]; + labels = { + "com.centurylinklabs.watchtower.enable" = "true"; + "com.centurylinklabs.watchtower.scope" = "act-runner"; + }; + ports = [ "8088:8088" ]; + volumes = [ + "${act_path}/stable-latest-1/config.yaml:/config.yaml" + "${act_path}/stable-latest-1/data:/data" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + CONFIG_FILE = "/config.yaml"; + GITEA_RUNNER_NAME = "stable-latest-1"; + }; + environmentFiles = [ config.sops.secrets."docker/act-runner".path ]; + log-driver = "local"; }; - ports = [ "8088:8088" ]; - volumes = [ - "${act_path}/stable-latest-1/config.yaml:/config.yaml" - "${act_path}/stable-latest-1/data:/data" - "/var/run/docker.sock:/var/run/docker.sock" - ]; - environment = { - CONFIG_FILE = "/config.yaml"; - GITEA_RUNNER_NAME = "stable-latest-1"; + + act-stable-latest-2 = { + image = "gitea/act_runner:latest"; + extraOptions = [ + "--stop-signal=SIGINT" + ]; + labels = { + "com.centurylinklabs.watchtower.enable" = "true"; + "com.centurylinklabs.watchtower.scope" = "act-runner"; + }; + ports = [ "8088:8088" ]; + volumes = [ + "${act_path}/stable-latest-2/config.yaml:/config.yaml" + "${act_path}/stable-latest-2/data:/data" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + CONFIG_FILE = "/config.yaml"; + GITEA_RUNNER_NAME = "stable-latest-2"; + }; + environmentFiles = [ config.sops.secrets."docker/act-runner".path ]; + log-driver = "local"; + }; + + act-stable-latest-3 = { + image = "gitea/act_runner:latest"; + extraOptions = [ + "--stop-signal=SIGINT" + ]; + labels = { + "com.centurylinklabs.watchtower.enable" = "true"; + "com.centurylinklabs.watchtower.scope" = "act-runner"; + }; + ports = [ "8088:8088" ]; + volumes = [ + "${act_path}/stable-latest-3/config.yaml:/config.yaml" + "${act_path}/stable-latest-3/data:/data" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + CONFIG_FILE = "/config.yaml"; + GITEA_RUNNER_NAME = "stable-latest-3"; + }; + environmentFiles = [ config.sops.secrets."docker/act-runner".path ]; + log-driver = "local"; }; - environmentFiles = [ config.sops.secrets."docker/act-runner".path ]; - log-driver = "local"; }; systemd = { -- 2.48.1 From 1a0e9ed16be96525789f5dcb9915863216139522 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 26 Jan 2025 13:11:17 -0500 Subject: [PATCH 22/22] comment out ports Signed-off-by: ahuston-0 --- systems/palatine-hill/docker/act-runner.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/palatine-hill/docker/act-runner.nix b/systems/palatine-hill/docker/act-runner.nix index dbecaf1..f0cfa57 100644 --- a/systems/palatine-hill/docker/act-runner.nix +++ b/systems/palatine-hill/docker/act-runner.nix @@ -41,7 +41,7 @@ in "com.centurylinklabs.watchtower.enable" = "true"; "com.centurylinklabs.watchtower.scope" = "act-runner"; }; - ports = [ "8088:8088" ]; + # ports = [ "8088:8088" ]; volumes = [ "${act_path}/stable-latest-2/config.yaml:/config.yaml" "${act_path}/stable-latest-2/data:/data" @@ -64,7 +64,7 @@ in "com.centurylinklabs.watchtower.enable" = "true"; "com.centurylinklabs.watchtower.scope" = "act-runner"; }; - ports = [ "8088:8088" ]; + # ports = [ "8088:8088" ]; volumes = [ "${act_path}/stable-latest-3/config.yaml:/config.yaml" "${act_path}/stable-latest-3/data:/data" -- 2.48.1