From 3f81a20e8797454565d3950b96f632b85d8b618d Mon Sep 17 00:00:00 2001 From: iofq Date: Sat, 27 Sep 2025 15:36:14 -0500 Subject: [PATCH 1/2] move runner to node --- nixos/consensus/configuration.nix | 1 + .../{oracle => consensus}/forgejo-runner.nix | 6 +-- nixos/default.nix | 1 - nixos/oracle/forgejo.nix | 24 ++++++++++ secrets/restic.yaml | 46 ++++++++++++++----- 5 files changed, 62 insertions(+), 16 deletions(-) rename nixos/{oracle => consensus}/forgejo-runner.nix (80%) diff --git a/nixos/consensus/configuration.nix b/nixos/consensus/configuration.nix index 31748c5..57dbdae 100644 --- a/nixos/consensus/configuration.nix +++ b/nixos/consensus/configuration.nix @@ -8,6 +8,7 @@ imports = [ ./hardware-configuration.nix ./backups.nix + ./forgejo-runner.nix ]; sops = { secrets = { diff --git a/nixos/oracle/forgejo-runner.nix b/nixos/consensus/forgejo-runner.nix similarity index 80% rename from nixos/oracle/forgejo-runner.nix rename to nixos/consensus/forgejo-runner.nix index f7ec768..3fcf5a2 100644 --- a/nixos/oracle/forgejo-runner.nix +++ b/nixos/consensus/forgejo-runner.nix @@ -7,17 +7,17 @@ }; }; }; - virtualisation.docker.enable = true; services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; instances.default = { enable = true; - name = "oracle-runner1"; + name = "runner-1"; url = "https://git.10110110.xyz"; tokenFile = config.sops.secrets."forgejo-runner".path; labels = [ "ubuntu-latest:docker://node:20-bullseye" - "nix-latest:docker://nixos/nix:latest" + "nix-upstream-latest:docker://nixos/nix:latest" + "native:host" ]; }; }; diff --git a/nixos/default.nix b/nixos/default.nix index 2e8068d..f77cf2a 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -66,7 +66,6 @@ in }; modules = defaultModules ++ [ ./oracle/configuration.nix - ./oracle/forgejo-runner.nix ]; }; } diff --git a/nixos/oracle/forgejo.nix b/nixos/oracle/forgejo.nix index becf866..3a950ff 100644 --- a/nixos/oracle/forgejo.nix +++ b/nixos/oracle/forgejo.nix @@ -5,10 +5,14 @@ let in { sops = { + defaultSopsFile = ../../secrets/restic.yaml; secrets = { "env" = { sopsFile = ../../secrets/cf-acme.yaml; }; + "b2-forgejo/env" = { }; + "b2-forgejo/repo" = { }; + "b2-forgejo/password" = { }; }; }; security.acme = { @@ -61,4 +65,24 @@ in }; }; }; + services.restic.backups = { + b2-forgejo = { + initialize = true; + environmentFile = config.sops.secrets."b2-forgejo/env".path; + repositoryFile = config.sops.secrets."b2-forgejo/repo".path; + passwordFile = config.sops.secrets."b2-forgejo/password".path; + + paths = [ + "/var/lib/forgejo" + ]; + timerConfig = { + OnCalendar = "*-*-* */6:00:00"; + }; + pruneOpts = [ + "--keep-daily 31" + "--keep-monthly 6" + "--keep-yearly 2" + ]; + }; + }; } diff --git a/secrets/restic.yaml b/secrets/restic.yaml index 33ed95b..95cdd96 100644 --- a/secrets/restic.yaml +++ b/secrets/restic.yaml @@ -13,27 +13,49 @@ b2-immich: password: ENC[AES256_GCM,data:c4mi0hfLnI+QMQibW0feTBo7vK7HgYGWExPWtxFN0uf0TeiN9A+u31yRpCzF0cdiQw==,iv:IbtWLSEZMgaRAMA/nHhFBzfJho8E/kk+EaMtWZHuvuM=,tag:vFdedNL14B3Wl8yFHZ9fZQ==,type:str] repo: ENC[AES256_GCM,data:fgB/jLZpn8mUotSEhE0=,iv:rcGy9xV9OgQn6Q0zB5UkB49EffY+OL9GtlCvxSgIg8o=,tag:5BSUtw44Z1xZipXCraELBQ==,type:str] env: ENC[AES256_GCM,data:lwnoWd5pEmhcQcMExDWZ2BCRHEuYBEB9/F5vG9dNUQ9vqNLYDsehk4bwn+gaxQjwnxxucA4I4S+24qjWZaEoGyrf/dkxKVsP17TkjQ5BjQFAWOLn1npvcL3s,iv:ojsCnAMOSDT9Ua+H5O48k9G39BjHC8AFGuQFYCQBPG8=,tag:ojgrh847HLTUOjDoV61wlg==,type:str] +b2-forgejo: + password: ENC[AES256_GCM,data:ErT8GttMASlLhn+abQX56KVaotLbRTKiCVqr6I/OoaWpD+aUrnOCxBlfH/8u32720Q==,iv:mbjIzbwc/VF6gdy7y1UJWZ4ihW1IhDN+Po8/Gje2iyg=,tag:t3vsl8R22CVIE1bafCfTLA==,type:str] + repo: ENC[AES256_GCM,data:sEiuSPIYh/AJDhgqUKgz,iv:D13S3asCjjVZKEeIZqSRYoIMs+QS5vOXjnm2F5rUU/c=,tag:7WgPBEW1nYQkvWOt5XQq+g==,type:str] + env: ENC[AES256_GCM,data:MF4s4cgLgY0Ym/5RJK6B1icrAFewj4fAntvY+juxRGu3H2WzGi+EKYqIOsYcCe/86bs8kMDddR/NX9UyDP5TIkjkdp75A4Fgq7yPiNHmOPBDa0j0sR3OD+zB,iv:FP8sHqHG7lu2Rt/KbwRl2EusEVgWwQPJqq3CPt1UHLw=,tag:OZaQT+qOLlJjxQYs6bsUeA==,type:str] sops: age: - recipient: age14e2d2y8e2avzfrsyxg9dudxd36svm24t7skw6e969n0c42znlp3shffdtg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVncwYmRudlFYWmhad1Ar - Mm5NWVNmTUszQ2lnMER1aCtvK1pjeHdJT0ZvCm5kYU5PbWQ0cXdId3J6aElHNFcx - Q3JSWXQxQmErMGJUZmdNRktuQm1iQ28KLS0tIGlCZzVydHR0eXY5ZXZLRUxkODBR - ZnU3ZFl1NkZqREJpcnlNMEdwVVljclkKSEmp9QkoMufA4DACbuilm6tZutpTN+ZN - ZHa9B8TDtuSZcAieMOoGxQoC4An96qIemwsMlecqGFWjJqN7wEapDQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcC90dkcvbnJoQzFDWTcr + SXFTdnRTOGhxZ3RNMHVpZFFLWHdIWUxMYzNZCjRlRTdYaS9YMjdFdzIzeHVLR3hs + QzNPM2k2UVV3bWI5WjVDT2pDaVZPaFEKLS0tIFFtdDI2Zmxnbk4xV2NGb2NDWUF6 + VmROS3plOURRTzYzaEo2S1RraFRKeW8Kg3jYWWQuEX1Y6SfkT6lRdX6tmgkFiIW7 + JX9D10jqN4DbDOYKu+MRvdz9/cagIyodg1/5LIPGBNGOKpNLiEH7AQ== -----END AGE ENCRYPTED FILE----- - recipient: age16pdhm238k63uye3rf4cwwe7ddyzds6xj9jv4wpsfggkghyarjqtsjzkxna enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwU1JwYnVwVFVQSTlqVmZ2 - djEyL3BjYkNMNldSZGUrdnBITENQMVZVNm1VCjlYd3NoY3NWVVA1UVlyMTIvekVl - MHhVeGpuV2N3azZGMmJqRERJQjZGVGsKLS0tIFgvOHAxWW5XUVdyRGZGR3I5V3lr - MXhYMkl5TTZVcDlNWUs4M3ZieDVRa1kKN3mh6jxui1a8i0VJJQmrAjhAhQkP4VcP - IpiYzY9IwIZu6VlC7qEuh3eeVq+v3SYcTmCh6/gwpmeDAjnL6hD5sA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqd3RQQUtmVXgvb1JLMnZt + Y0dITDF6anBKcWxoOWZuQStSTk1zWkdwdEN3CmFaVWphcVpjTUhNcUdjVGpnV0hq + Z25hVmNDQUQ1YnJSd3puS214TzlkbkUKLS0tIGVXRG9mczBKcHFzb0FwYU5FZkpY + ZVhQWDZwR2xFU0xTVGVLZ3NFanY1emcKu09zXLUscPvcVQSgiN4H4dWpjMyb3t7e + aa54tbZ6o1+6lLg1DniL9lBxit6R+qk3SjMuU1MQJvD7ah39RSuyng== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-03T03:18:04Z" - mac: ENC[AES256_GCM,data:zJSCaqp1m0u3fYUsLRz+asYeCqqZ4os0UdElBYrootGMmFjQ9j+X+As4np6CP44o4sWmcyePc+SKzW316wsFQObnvP+eIc+SFNjvGbw4oZPlRdSr9otbVOhPeEaWWCoONQgZ0FAbhbcsF2V3qvjmfrekd8yu3bcaH6LNZA2gT9A=,iv:Rq733/8bE7iS42C4tecN3JjyIHSY8lbCeuRKQY6TKb8=,tag:lcrVpglZyChUQRJ3jtwwpw==,type:str] + - recipient: age12tz2r7clep9e450qhr5a6ctnx29ywmu0llq8uk9kcwhpp82zsa0sk9la9h + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYdUpxSWtHbmxzdlRYZHFT + NUY5RDhXUGN5YmlPS0UyTWcrUDlUZ3Rjbnp3CnlkQUgyNVBVclh0KzNCZkVYZURx + RXFkR2JFckVPbkg5Umo3VEF1cFFOZFkKLS0tIEM2OE1hZVpUd0EzeEFrVGc4Zmww + UzZZcFB4UngvTHF2YWtsSWQ1dGJaKzQK+cuuvX8un2bID+fLG5SFzQhfJ6QX5/pG + sVSUc+VG+04aak70p8AgOO7zN75rzSf5R83mmpEwB9a+rfDrKvbjiQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yar6nyfr5xzy79t54yrcf4sn3qc0689wgtsjv0npzh0nls5cjslsp0qruc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdUU2NDRKV0w1Wkp0cDh6 + NkV5bGRXOXpId1N4R09HdGhaK1lyM05WMkNRCnZSa0ovK01JaUZ3cG1qMkFzbW5z + WHc2NDYvNFN0SnBnSVlId0pjM2xBZnMKLS0tIHRoVkQ3NzBab1BzUVltWEVWeVZi + MmJRaXZheS9JamgybTc2THc1OVQ5N3MKr73ke9RIRsZvvVGl4nyxbbe/8f5KQ6Av + Uac6joEg0R6DbcQ9xRkbHyFySnLTHsF5HfVnUj2gPbdA1YsO0w2nlg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-09-27T20:37:26Z" + mac: ENC[AES256_GCM,data:30D/RyuIjhaJkRa4kBb3JK3FOGbbGL0aKAOlPgyNhpPyp7OWY1eYo2uoQSVa6lnjRgCV+YbmquXF6iNzUgWbzUWs6UuOfN+hIb/PKydBgITgVLp1bOfUQs8l2X2feYJ/QatBwr6VMgbBdrshppctSdypc9cTNv5r6sod0QwfpHA=,iv:uhwGM/bru/Z3UqnmOUHImhQkNm97zad+aH+VNXKy9m0=,tag:Zpdgcp2lPBNP4FjlTeXtKw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From 77164adab65a9b0f07808e88a5eaa71def60ee25 Mon Sep 17 00:00:00 2001 From: iofq Date: Sun, 28 Sep 2025 14:49:19 -0500 Subject: [PATCH 2/2] dec --- flake.lock | 562 ++++++------------ flake.nix | 10 +- home-manager/shared/programs/dev.nix | 20 +- home-manager/shared/programs/shell/git.nix | 27 +- nixos/configuration.nix | 22 +- nixos/consensus/configuration.nix | 85 +-- nixos/consensus/forgejo-runner.nix | 24 - nixos/consensus/hypervisor/configuration.nix | 43 ++ nixos/consensus/hypervisor/default.nix | 37 ++ nixos/consensus/hypervisor/forgejo-runner.nix | 35 ++ nixos/default.nix | 3 +- nixos/t14/configuration.nix | 29 +- 12 files changed, 412 insertions(+), 485 deletions(-) delete mode 100644 nixos/consensus/forgejo-runner.nix create mode 100644 nixos/consensus/hypervisor/configuration.nix create mode 100644 nixos/consensus/hypervisor/default.nix create mode 100644 nixos/consensus/hypervisor/forgejo-runner.nix diff --git a/flake.lock b/flake.lock index 2d63083..d028d0f 100755 --- a/flake.lock +++ b/flake.lock @@ -3,17 +3,20 @@ "dart": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1758080529, - "narHash": "sha256-Sup4+HacL6Xe6mTk23N6sD4uXoU9dcoqRgc9Mu0oQ5E=", - "path": "/home/e/dev/dart.nvim", - "type": "path" + "lastModified": 1761202123, + "narHash": "sha256-ULrZW4b8SKRvPpJPt8/jkqqc/blQiIWUriNWVXA33so=", + "owner": "iofq", + "repo": "dart.nvim", + "rev": "71421e7ef5aee8267e24dc562fdd07a83bda192e", + "type": "github" }, "original": { - "path": "/home/e/dev/dart.nvim", - "type": "path" + "owner": "iofq", + "repo": "dart.nvim", + "type": "github" } }, "deploy-rs": { @@ -26,6 +29,7 @@ }, "locked": { "lastModified": 1756719547, + "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", "owner": "serokell", "repo": "deploy-rs", "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", @@ -50,12 +54,12 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1757699119, - "narHash": "sha256-iOOoVdrkcyk95Xg68TuPeAwpz+v80mgZCqil0jpPZuY=", - "rev": "1e16c8f8a44573bb0648c76b6c98352436f5171e", - "revCount": 304, + "lastModified": 1761251546, + "narHash": "sha256-I/TDYHCKui0K62f2cEk2UJf6N9rO/hdsa65kpEJMhSo=", + "rev": "70beec406153496943274f59cb2ded76be49fcd7", + "revCount": 306, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.11.2/01993f0b-1215-7072-ac1a-f2b27b566115/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.12.0/019a12c8-c95c-7c68-8da4-d8cc92608fbf/source.tar.gz" }, "original": { "type": "tarball", @@ -65,37 +69,37 @@ "determinate-nixd-aarch64-darwin": { "flake": false, "locked": { - "narHash": "sha256-q1tqDvmfjDgLk/wbYf4pRhyHDS94iY85Q79FPBtcv7g=", + "narHash": "sha256-TORlljq+wwn8XWLoN0giLY15pNiIAXuU0igpIXjLhMY=", "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/macOS" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.12.0/macOS" }, "original": { "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/macOS" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.12.0/macOS" } }, "determinate-nixd-aarch64-linux": { "flake": false, "locked": { - "narHash": "sha256-E1vGfcQ5dqtRG9EDP6eOQWCnCIRB2XFkFBp2C4FgQ8c=", + "narHash": "sha256-1HEvUQcG0mVdEQrEqcLEdB9nHpMNbb39bdNxdvyizqk=", "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/aarch64-linux" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.12.0/aarch64-linux" }, "original": { "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/aarch64-linux" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.12.0/aarch64-linux" } }, "determinate-nixd-x86_64-linux": { "flake": false, "locked": { - "narHash": "sha256-GtxtkI0cOC2A30Xw6gCDTN7JxN1zJGh7/eIXr6AlTSA=", + "narHash": "sha256-WrXQbrXVisAdZl/hh49PsErSPHwzks1Vw+O3jarVjDo=", "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/x86_64-linux" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.12.0/x86_64-linux" }, "original": { "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/x86_64-linux" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.12.0/x86_64-linux" } }, "flake-compat": { @@ -133,11 +137,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -165,11 +169,11 @@ "flake-compat_5": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -194,38 +198,6 @@ "type": "github" } }, - "flake-compat_7": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_8": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -248,27 +220,6 @@ } }, "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "neovim-nightly-overlay", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -286,7 +237,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nvim", @@ -295,11 +246,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -308,28 +259,6 @@ "type": "github" } }, - "flake-parts_5": { - "inputs": { - "nixpkgs-lib": [ - "nvim", - "neovim-nightly-overlay", - "hercules-ci-effects", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -385,8 +314,8 @@ }, "gen-luarc": { "inputs": { - "flake-parts": "flake-parts_3", - "git-hooks": "git-hooks_2", + "flake-parts": "flake-parts_2", + "git-hooks": "git-hooks", "luvit-meta": "luvit-meta", "nixpkgs": [ "nvim", @@ -409,19 +338,21 @@ }, "git-hooks": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "gitignore": "gitignore", "nixpkgs": [ - "neovim-nightly-overlay", + "nvim", + "gen-luarc", "nixpkgs" - ] + ], + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1758108966, - "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", + "lastModified": 1723803910, + "narHash": "sha256-yezvUuFiEnCFbGuwj/bQcqg7RykIEqudOy/RBrId0pc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "rev": "bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba", "type": "github" }, "original": { @@ -460,31 +391,6 @@ "inputs": { "flake-compat": "flake-compat_5", "gitignore": "gitignore_2", - "nixpkgs": [ - "nvim", - "gen-luarc", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1723803910, - "narHash": "sha256-yezvUuFiEnCFbGuwj/bQcqg7RykIEqudOy/RBrId0pc=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "git-hooks_3": { - "inputs": { - "flake-compat": "flake-compat_7", - "gitignore": "gitignore_3", "nixpkgs": [ "nvim", "neovim-nightly-overlay", @@ -492,11 +398,11 @@ ] }, "locked": { - "lastModified": 1755960406, - "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", "type": "github" }, "original": { @@ -508,7 +414,8 @@ "gitignore": { "inputs": { "nixpkgs": [ - "neovim-nightly-overlay", + "nvim", + "gen-luarc", "git-hooks", "nixpkgs" ] @@ -528,29 +435,6 @@ } }, "gitignore_2": { - "inputs": { - "nixpkgs": [ - "nvim", - "gen-luarc", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_3": { "inputs": { "nixpkgs": [ "nvim", @@ -573,7 +457,7 @@ "type": "github" } }, - "gitignore_4": { + "gitignore_3": { "inputs": { "nixpkgs": [ "pre-commit-hooks", @@ -597,31 +481,10 @@ "hercules-ci-effects": { "inputs": { "flake-parts": [ + "nvim", "neovim-nightly-overlay", "flake-parts" ], - "nixpkgs": [ - "neovim-nightly-overlay", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1758022363, - "narHash": "sha256-ENUhCRWgSX4ni751HieNuQoq06dJvApV/Nm89kh+/A0=", - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "rev": "1a3667d33e247ad35ca250698d63f49a5453d824", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "type": "github" - } - }, - "hercules-ci-effects_2": { - "inputs": { - "flake-parts": "flake-parts_5", "nixpkgs": [ "nvim", "neovim-nightly-overlay", @@ -629,11 +492,11 @@ ] }, "locked": { - "lastModified": 1755233722, - "narHash": "sha256-AavrbMltJKcC2Fx0lfJoZfmy7g87ebXU0ddVenhajLA=", + "lastModified": 1761230615, + "narHash": "sha256-pLE7U5gOtlA/2wbKCsVRYf5DqMQ5TWBCrCfZGytDDeo=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "99e03e72e3f7e13506f80ef9ebaedccb929d84d0", + "rev": "7db2b867219a26781437d840ce457b75b7645154", "type": "github" }, "original": { @@ -649,10 +512,11 @@ ] }, "locked": { - "lastModified": 1758593331, + "lastModified": 1762146130, + "narHash": "sha256-/XOEA0a61fZ45i/BpaSsyLNNbw/yKwjMbkB/IWSGLzU=", "owner": "nix-community", "repo": "home-manager", - "rev": "9a2dc0efbc569ce9352a6ffb8e8ec8dbc098e142", + "rev": "b5ed4afc2277339bdf0e9edf59befff7350cf075", "type": "github" }, "original": { @@ -662,27 +526,6 @@ "type": "github" } }, - "jj": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1758574386, - "owner": "jj-vcs", - "repo": "jj", - "rev": "86bbe5a3cb5ea3bf79c97f907dc476c79fdc4aa3", - "type": "github" - }, - "original": { - "owner": "jj-vcs", - "repo": "jj", - "type": "github" - } - }, "luvit-meta": { "flake": false, "locked": { @@ -699,45 +542,47 @@ "type": "github" } }, - "neovim-nightly-overlay": { + "microvm": { "inputs": { - "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts_2", - "git-hooks": "git-hooks", - "hercules-ci-effects": "hercules-ci-effects", - "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_3", - "treefmt-nix": "treefmt-nix" + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "spectrum": "spectrum" }, "locked": { - "lastModified": 1758585901, - "owner": "nix-community", - "repo": "neovim-nightly-overlay", - "rev": "095a690e04f89107ba15c3b7ebd1954e0802adfe", + "lastModified": 1762030278, + "narHash": "sha256-7p3blvxYNqOHQqpW4+MzcwxLh0ur0QtNXzNuquDyDxQ=", + "owner": "microvm-nix", + "repo": "microvm.nix", + "rev": "062a1d49f12d194855dbb87285a323f58ddfa725", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "neovim-nightly-overlay", + "owner": "microvm-nix", + "repo": "microvm.nix", "type": "github" } }, - "neovim-nightly-overlay_2": { + "neovim-nightly-overlay": { "inputs": { - "flake-compat": "flake-compat_6", - "flake-parts": "flake-parts_4", - "git-hooks": "git-hooks_3", - "hercules-ci-effects": "hercules-ci-effects_2", - "neovim-src": "neovim-src_2", - "nixpkgs": "nixpkgs_6", - "treefmt-nix": "treefmt-nix_2" + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_3", + "git-hooks": "git-hooks_2", + "hercules-ci-effects": "hercules-ci-effects", + "neovim-src": "neovim-src", + "nixpkgs": [ + "nvim", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1756771594, - "narHash": "sha256-Ln3i7qWzBThCgsetcPgotG1TK7TCZPzPudwKzGKtmPc=", + "lastModified": 1761437965, + "narHash": "sha256-X4SNeOXdFkE7Gt+waO5ck3TqfqWskqJHxt1WIu3nnUQ=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "68c0096bd5d0ff8b9c436cf5338f1fb24957d980", + "rev": "21595d9f79b5da0eef177dcfdd84ca981ac253a9", "type": "github" }, "original": { @@ -749,27 +594,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1758583287, - "narHash": "sha256-Sg1Ge7rBC3jL9kg/xlkdr9rbvJILIUu6jkMnV28zMEE=", + "lastModified": 1761434579, + "narHash": "sha256-S+YmbP/bPETjKk6B/tlh+jwIH7K7iPoXyHLLwTqVOhk=", "owner": "neovim", "repo": "neovim", - "rev": "78371610769f980cd0a629853628de5fe9127cee", - "type": "github" - }, - "original": { - "owner": "neovim", - "repo": "neovim", - "type": "github" - } - }, - "neovim-src_2": { - "flake": false, - "locked": { - "lastModified": 1756770793, - "narHash": "sha256-qlgoWy70c9Qcr/jpru16XwSQlkq0tFbFOZcyfmQRPu4=", - "owner": "neovim", - "repo": "neovim", - "rev": "4f374bf938283b2d8c842bddb4583337aba0555d", + "rev": "a121ede1bfee2704c26159124f8f61f96c6aa136", "type": "github" }, "original": { @@ -787,12 +616,12 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1757694985, - "narHash": "sha256-3Ia+y7Hbwnzcuf1hyuVnFtbnSR6ErQeFjemHdVxjCNE=", - "rev": "766f43aa6acb1b3578db488c19fbbedf04ed9f24", - "revCount": 22340, + "lastModified": 1761238235, + "narHash": "sha256-BvEZ31+FQKJz2XH8PTXpJqGZ1eT9bhMQ2wBj2ehBYvM=", + "rev": "9512828397f684d0f732ea76b7631f69a0db34f7", + "revCount": 23138, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.11.2/01993ee9-f8e7-7b80-80df-ec0a20a32514/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.12.0/019a1277-d4c6-7dca-9d55-ee5165fd0bf6/source.tar.gz" }, "original": { "type": "tarball", @@ -806,10 +635,11 @@ ] }, "locked": { - "lastModified": 1758427679, + "lastModified": 1762055842, + "narHash": "sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "fd2569ca2ef7d69f244cd9ffcb66a0540772ff85", + "rev": "359ff6333a7b0b60819d4c20ed05a3a1f726771f", "type": "github" }, "original": { @@ -820,10 +650,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757943327, + "lastModified": 1761933221, + "narHash": "sha256-rNHeoG3ZrA94jczyLSjxCtu67YYPYIlXXr0uhG3wNxM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", + "rev": "7467f155fcba189eb088a7601f44fbef7688669b", "type": "github" }, "original": { @@ -908,12 +739,12 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757034884, - "narHash": "sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao=", - "rev": "ca77296380960cd497a765102eeb1356eb80fed0", - "revCount": 856744, + "lastModified": 1760965567, + "narHash": "sha256-0JDOal5P7xzzAibvD0yTE3ptyvoVOAL0rcELmDdtSKg=", + "rev": "cb82756ecc37fa623f8cf3e88854f9bf7f64af93", + "revCount": 880602, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.856744%2Brev-ca77296380960cd497a765102eeb1356eb80fed0/01992cf9-9347-761a-8963-9cbe43abe2fa/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.880602%2Brev-cb82756ecc37fa623f8cf3e88854f9bf7f64af93/019a0545-358b-78f4-97fe-88a7820eac2f/source.tar.gz" }, "original": { "type": "tarball", @@ -922,26 +753,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1758446476, - "narHash": "sha256-5rdAi7CTvM/kSs6fHe1bREIva5W3TbImsto+dxG4mBo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a1f79a1770d05af18111fbbe2a3ab2c42c0f6cd0", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1758277210, + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -951,7 +767,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1755660401, "owner": "NixOS", @@ -966,34 +782,18 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { - "lastModified": 1756696532, - "narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=", - "owner": "NixOS", + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1756785263, - "narHash": "sha256-EPOPPfDnxKZna6Qt1Pl2OsECN8SMLVw7QKeRntWJUa4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "10bee29e15dab2dd3f406aebbdf79ea4af52ceeb", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "master", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -1003,14 +803,15 @@ "dart": "dart", "flake-utils": "flake-utils_3", "gen-luarc": "gen-luarc", - "neovim-nightly-overlay": "neovim-nightly-overlay_2", - "nixpkgs": "nixpkgs_7", - "nvim-treesitter": "nvim-treesitter", - "nvim-treesitter-textobjects": "nvim-treesitter-textobjects" + "neovim-nightly-overlay": "neovim-nightly-overlay", + "nixpkgs": [ + "nixpkgs" + ], + "nvim-treesitter-main": "nvim-treesitter-main" }, "locked": { - "lastModified": 1758080920, - "narHash": "sha256-0songGRyfBLDBIHqQKMi0JL9I1fjCT8c3wYEnxDvr3o=", + "lastModified": 1762153921, + "narHash": "sha256-jLhCBoZ1sQEajCTK79BFb2n9CUgPk9u98EQOV4XFZhM=", "path": "/home/e/dev/nvim.nix", "type": "path" }, @@ -1022,11 +823,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1756620408, - "narHash": "sha256-UR9cj1pYXSZ5gYvY1tj+/8ZLsK2uzY2owxCOeqb08f4=", + "lastModified": 1761385693, + "narHash": "sha256-/SGikTPEMxI7rcfGvuJlNZs73/wZiQx14QX9xlfsTv0=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "802195d8f1980db25a7a39a55f9a25df21756c73", + "rev": "98fe644cb3b5ba390d1bc3f89299f93c70020803", "type": "github" }, "original": { @@ -1036,6 +837,26 @@ "type": "github" } }, + "nvim-treesitter-main": { + "inputs": { + "nixpkgs": "nixpkgs_5", + "nvim-treesitter": "nvim-treesitter", + "nvim-treesitter-textobjects": "nvim-treesitter-textobjects" + }, + "locked": { + "lastModified": 1761496664, + "narHash": "sha256-xTQUiJu0jJNSEHEv4La1HbaFokup0eWr67Kqf/wDENA=", + "owner": "iofq", + "repo": "nvim-treesitter-main", + "rev": "834d66648bb7a96a2ad11d53a33f2d9b13766447", + "type": "github" + }, + "original": { + "owner": "iofq", + "repo": "nvim-treesitter-main", + "type": "github" + } + }, "nvim-treesitter-textobjects": { "flake": false, "locked": { @@ -1055,17 +876,18 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_8", - "gitignore": "gitignore_4", + "flake-compat": "flake-compat_6", + "gitignore": "gitignore_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1758108966, + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", "type": "github" }, "original": { @@ -1079,37 +901,15 @@ "deploy-rs": "deploy-rs", "determinate": "determinate", "home-manager": "home-manager", - "jj": "jj", - "neovim-nightly-overlay": "neovim-nightly-overlay", + "microvm": "microvm", "nix-index-database": "nix-index-database", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "nvim": "nvim", "pre-commit-hooks": "pre-commit-hooks", "sops-nix": "sops-nix", "systems": "systems_5", - "treefmt-nix": "treefmt-nix_3" - } - }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "jj", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1755139244, - "narHash": "sha256-SN1BFA00m+siVAQiGLtTwjv9LV9TH5n8tQcSziV6Nv4=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "aeae248beb2a419e39d483dd9b7fec924aba8d4d", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" + "treefmt-nix": "treefmt-nix_2" } }, "sops-nix": { @@ -1119,10 +919,11 @@ ] }, "locked": { - "lastModified": 1758425756, + "lastModified": 1760998189, + "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", + "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", "type": "github" }, "original": { @@ -1131,6 +932,22 @@ "type": "github" } }, + "spectrum": { + "flake": false, + "locked": { + "lastModified": 1759482047, + "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=", + "ref": "refs/heads/main", + "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9", + "revCount": 996, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -1194,6 +1011,7 @@ "systems_5": { "locked": { "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", "repo": "default", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", @@ -1208,16 +1026,17 @@ "treefmt-nix": { "inputs": { "nixpkgs": [ + "nvim", "neovim-nightly-overlay", "nixpkgs" ] }, "locked": { - "lastModified": 1758206697, - "narHash": "sha256-/DbPkh6PZOgfueCbs3uzlk4ASU2nPPsiVWhpMCNkAd0=", + "lastModified": 1761311587, + "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "128222dc911b8e2e18939537bed1762b7f3a04aa", + "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc", "type": "github" }, "original": { @@ -1229,36 +1048,15 @@ "treefmt-nix_2": { "inputs": { "nixpkgs": [ - "nvim", - "neovim-nightly-overlay", "nixpkgs" ] }, "locked": { - "lastModified": 1756662192, - "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", + "lastModified": 1761311587, + "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_3": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1758206697, - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "128222dc911b8e2e18939537bed1762b7f3a04aa", + "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 10b3019..f7fe022 100755 --- a/flake.nix +++ b/flake.nix @@ -28,16 +28,16 @@ # }; nvim = { url = "path:/home/e/dev/nvim.nix"; + inputs.nixpkgs.follows = "nixpkgs"; }; deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; }; - jj = { - url = "github:jj-vcs/jj"; + microvm = { + url = "github:microvm-nix/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; systems.url = "github:nix-systems/default"; }; @@ -57,11 +57,7 @@ inherit system; config.allowUnfree = true; overlays = [ - inputs.neovim-nightly-overlay.overlays.default inputs.nvim.overlays.default - (old: new: { - jujutsu = inputs.jj.packages.${system}.jujutsu; - }) (import ./pkgs/overlay.nix) ]; }; diff --git a/home-manager/shared/programs/dev.nix b/home-manager/shared/programs/dev.nix index 60c4170..019f57e 100644 --- a/home-manager/shared/programs/dev.nix +++ b/home-manager/shared/programs/dev.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ home.packages = with pkgs; [ #sys p7zip @@ -6,12 +7,12 @@ jq tree jjui - emacs-nox #devops k9s kubectl nerdctl + gh #golang go @@ -22,7 +23,18 @@ #c gcc - #llm - aider-chat + # linters + yamllint + jq + hadolint + nixfmt + shellcheck + golangci-lint + + # LSPs + gopls + lua-language-server + nixd + basedpyright ]; } diff --git a/home-manager/shared/programs/shell/git.nix b/home-manager/shared/programs/shell/git.nix index 29c65be..fb1aea6 100755 --- a/home-manager/shared/programs/shell/git.nix +++ b/home-manager/shared/programs/shell/git.nix @@ -2,26 +2,28 @@ { programs.git = { enable = true; - userEmail = "cjriddz@protonmail.com"; - userName = "iofq"; - delta = { - enable = true; - options = { - side-by-side = true; - line-numbers = true; + settings = { + user = { + email = "cjriddz@protonmail.com"; + name = "iofq"; }; - }; - extraConfig = { core.editor = "nvim"; + pull.rebase = true; }; signing = { key = "cjriddz@protonmail.com"; signByDefault = false; }; - extraConfig.pull.rebase = true; + }; + programs.delta = { + enable = true; + options = { + side-by-side = true; + line-numbers = true; + }; }; - home.packages = [ pkgs.watchman ]; + # home.packages = [ pkgs.watchman ]; programs.jujutsu = { enable = true; settings = { @@ -49,7 +51,6 @@ merge-editor = "vimdiff"; diff-editor = "diffview"; diff-formatter = ":git"; - paginate = "never"; movement = { edit = true; }; @@ -69,7 +70,7 @@ git -C "$left" commit -q -m baseline --allow-empty mv "$left/.git" "$right" git -C "$right" add --intent-to-add -A - (cd "$right"; nvim -c "lua vim.g.snacks_indent=false" -c "lua require('lazy').load({plugins = {'diffview.nvim'}})" -c DiffviewOpen) + (cd "$right"; nix run /home/e/dev/nvim.nix/ -- -c "lua require('difftool').open('$left', '$right', {ignore = { '.git', '.jj' }})") git -C "$right" diff-index --quiet --cached HEAD && { echo "No changes done, aborting split."; exit 1; } git -C "$right" commit -q -m split git -C "$right" restore . # undo changes in modified files diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 4aed054..dc9a35d 100755 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -1,14 +1,16 @@ { inputs, + pkgs, host, ... -}: { +}: +{ # Create plugdev group networking.hostName = host.hostName; time.timeZone = "America/Chicago"; users = { - groups.plugdev = {}; - groups.${host.username} = {}; + groups.plugdev = { }; + groups.${host.username} = { }; users.${host.username} = { isNormalUser = true; group = "${host.username}"; @@ -31,23 +33,29 @@ # Enable flakes and unfree packages nix = { + package = pkgs.nixVersions.nix_2_31; # https://github.com/serokell/deploy-rs/issues/340 registry.nixpkgs.flake = inputs.nixpkgs; settings = { auto-optimise-store = true; substituters = [ "https://nix-community.cachix.org" "https://install.determinate.systems" + "https://nvim-treesitter-main.cachix.org" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=" + "nvim-treesitter-main.cachix.org-1:cbwE6blfW5+BkXXyeAXoVSu1gliqPLHo2m98E4hWfZQ=" ]; - trusted-users = [host.username]; - experimental-features = ["nix-command" "flakes"]; - lazy-trees = true; + trusted-users = [ host.username ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + # lazy-trees = true; # https://github.com/serokell/deploy-rs/issues/340 }; channel.enable = false; - nixPath = ["nixpkgs=flake:nixpkgs"]; + nixPath = [ "nixpkgs=flake:nixpkgs" ]; gc = { automatic = true; dates = "00:00"; diff --git a/nixos/consensus/configuration.nix b/nixos/consensus/configuration.nix index 57dbdae..01ce5f7 100644 --- a/nixos/consensus/configuration.nix +++ b/nixos/consensus/configuration.nix @@ -8,7 +8,6 @@ imports = [ ./hardware-configuration.nix ./backups.nix - ./forgejo-runner.nix ]; sops = { secrets = { @@ -95,49 +94,55 @@ mediaLocation = "/srv/immich"; }; nginx = { - enable = false; - virtualHosts."img.10110110.xyz" = { + enable = true; + # virtualHosts."img.10110110.xyz" = { + # forceSSL = true; + # useACMEHost = "10110110.xyz"; + # locations."/" = { + # proxyPass = "http://localhost:${toString config.services.immich.port}"; + # proxyWebsockets = true; + # recommendedProxySettings = true; + # extraConfig = '' + # client_max_body_size 50000M; + # proxy_read_timeout 600s; + # proxy_send_timeout 600s; + # send_timeout 600s; + # ''; + # }; + # }; + virtualHosts."fs.10110110.xyz" = { forceSSL = true; useACMEHost = "10110110.xyz"; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.immich.port}"; - proxyWebsockets = true; - recommendedProxySettings = true; - extraConfig = '' - client_max_body_size 50000M; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - }; + root = "/var/www/nginx"; + extraConfig = "autoindex on;"; }; }; }; boot = { + kernel.sysctl = { + "vm.swappiness" = 6; + }; tmp.cleanOnBoot = true; # supportedFilesystems = ["zfs"]; # zfs.forceImportRoot = false; # zfs.extraPools = ["rice"]; }; - networking.hostId = "91238132"; - zramSwap.enable = false; - swapDevices = [ - { - device = "/swapfile"; - size = 16 * 1024; - } - ]; - virtualisation.docker.enable = true; networking = { + hostId = "91238132"; hostName = "consensus"; firewall = { enable = true; allowedTCPPorts = [ 22 + 80 443 2022 + 8080 + 8443 + 10001 6443 25565 + 25566 9001 30303 ]; @@ -147,7 +152,17 @@ ]; logRefusedConnections = true; }; + }; + zramSwap.enable = false; + swapDevices = [ + { + device = "/swapfile"; + size = 16 * 1024; + } + ]; + virtualisation.docker.enable = true; + users.users = { root = { openssh.authorizedKeys.keys = [ @@ -165,18 +180,18 @@ }; }; security.sudo-rs.wheelNeedsPassword = false; - # security.acme = { - # acceptTerms = true; - # defaults.email = "acme@10110110.xyz"; - # certs = { - # "10110110.xyz" = { - # domain = "*.10110110.xyz"; - # group = config.services.nginx.group; - # dnsProvider = "cloudflare"; - # environmentFile = config.sops.secrets."env".path; - # }; - # }; - # }; + security.acme = { + acceptTerms = true; + defaults.email = "acme@10110110.xyz"; + certs = { + "10110110.xyz" = { + domain = "*.10110110.xyz"; + group = config.services.nginx.group; + dnsProvider = "cloudflare"; + environmentFile = config.sops.secrets."env".path; + }; + }; + }; nix.settings.trusted-users = [ "e" ]; system.stateVersion = "23.11"; } diff --git a/nixos/consensus/forgejo-runner.nix b/nixos/consensus/forgejo-runner.nix deleted file mode 100644 index 3fcf5a2..0000000 --- a/nixos/consensus/forgejo-runner.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, config, ... }: -{ - sops = { - secrets = { - "forgejo-runner" = { - sopsFile = ../../secrets/forgejo-runner.yaml; - }; - }; - }; - services.gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; - instances.default = { - enable = true; - name = "runner-1"; - url = "https://git.10110110.xyz"; - tokenFile = config.sops.secrets."forgejo-runner".path; - labels = [ - "ubuntu-latest:docker://node:20-bullseye" - "nix-upstream-latest:docker://nixos/nix:latest" - "native:host" - ]; - }; - }; -} diff --git a/nixos/consensus/hypervisor/configuration.nix b/nixos/consensus/hypervisor/configuration.nix new file mode 100644 index 0000000..8fbe7f9 --- /dev/null +++ b/nixos/consensus/hypervisor/configuration.nix @@ -0,0 +1,43 @@ +{ name, attrs, ... }: +{ + systemd.network = { + enable = true; + networks."20-lan" = { + matchConfig.Type = "ether"; + networkConfig = { + Address = [ (attrs.${name}.ipv4 + attrs.${name}.subnet) ]; + Gateway = "10.0.0.1"; + DNS = [ "1.1.1.1" ]; + IPv6AcceptRA = true; + DHCP = "no"; + }; + }; + }; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + }; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 ]; + allowedUDPPorts = [ ]; + logRefusedConnections = true; + }; + users.users = { + root = { + openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItTJm2iu/5xacOoh4/JAvMtHE62duDlVVXpvVP+uQMR root@htz'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14'' + ]; + }; + e = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItTJm2iu/5xacOoh4/JAvMtHE62duDlVVXpvVP+uQMR root@htz'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14'' + ]; + }; + }; +} diff --git a/nixos/consensus/hypervisor/default.nix b/nixos/consensus/hypervisor/default.nix new file mode 100644 index 0000000..ac11d80 --- /dev/null +++ b/nixos/consensus/hypervisor/default.nix @@ -0,0 +1,37 @@ +{ lib, pkgs, ... }: +let + attrs = { + forgejo-runner = { + ipv4 = "10.0.0.2"; + subnet = "/24"; + mac = "02:00:00:00:00:01"; + }; + }; + genVMConfig = name: addr: { + restartIfChanged = true; + pkgs = pkgs; + config = { + microvm = { + shares = lib.mkIf (addr.ro-store == true) [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + ]; + interfaces = [ + { + type = "tap"; + id = name; + mac = attrs.${name}.mac; + } + ]; + }; + } + // import ./configuration.nix { inherit name attrs; }; + }; +in +{ + microvm.vms = lib.mapAttrs genVMConfig attrs; +} diff --git a/nixos/consensus/hypervisor/forgejo-runner.nix b/nixos/consensus/hypervisor/forgejo-runner.nix new file mode 100644 index 0000000..771a2c5 --- /dev/null +++ b/nixos/consensus/hypervisor/forgejo-runner.nix @@ -0,0 +1,35 @@ +{ + inputs, + pkgs, + ... +}: +{ + pkgs = pkgs; + config = + { config, ... }: + { + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + sops = { + secrets = { + forgejo-runner = { + sopsFile = ../../secrets/forgejo-runner.yaml; + }; + }; + }; + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = "runner-1"; + url = "https://git.10110110.xyz"; + tokenFile = config.sops.secrets.forgejo-runner.path; + labels = [ + "ubuntu-latest:docker://node:20-bullseye" + "nix-upstream-latest:docker://nixos/nix:latest" + ]; + }; + }; + }; +} diff --git a/nixos/default.nix b/nixos/default.nix index f77cf2a..503838f 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -10,7 +10,7 @@ let ./configuration.nix inputs.sops-nix.nixosModules.sops inputs.nix-index-database.nixosModules.nix-index - inputs.determinate.nixosModules.default + # inputs.determinate.nixosModules.default # https://github.com/serokell/deploy-rs/issues/340 ]; in { @@ -38,6 +38,7 @@ in }; }; modules = defaultModules ++ [ + inputs.microvm.nixosModules.host ./consensus/configuration.nix ]; }; diff --git a/nixos/t14/configuration.nix b/nixos/t14/configuration.nix index bb0201e..09f8f46 100755 --- a/nixos/t14/configuration.nix +++ b/nixos/t14/configuration.nix @@ -2,10 +2,12 @@ pkgs, attrs, ... -}: let +}: +let # Horrid workaround for https://github.com/nix-community/home-manager/issues/1011 homeManagerSessionVars = "/etc/profiles/per-user/${attrs.username}/etc/profile.d/hm-session-vars.sh"; -in { +in +{ imports = [ ./hardware-configuration.nix ./backups.nix @@ -24,14 +26,18 @@ in { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; kernelPackages = pkgs.linuxPackages_latest; - blacklistedKernelModules = ["bluetooth"]; + blacklistedKernelModules = [ "bluetooth" ]; + kernel.sysctl = { + "net.core.rmem_max" = 4194304; + "net.core.wmem_max" = 4194304; + }; }; # Networking networking = { hostId = "1185c58e"; nameservers = [ - "9.9.9.9" "1.1.1.1" + "9.9.9.9" ]; networkmanager = { enable = true; @@ -39,9 +45,9 @@ in { }; firewall = { enable = true; - allowedTCPPorts = [11111]; - allowedUDPPorts = []; - trustedInterfaces = ["tailscale0"]; + allowedTCPPorts = [ 11111 ]; + allowedUDPPorts = [ ]; + trustedInterfaces = [ "tailscale0" ]; logRefusedConnections = true; }; }; @@ -53,11 +59,11 @@ in { }; }; - security.pam.services.swaylock = {}; + security.pam.services.swaylock = { }; xdg.portal = { enable = true; xdgOpenUsePortal = false; - extraPortals = [pkgs.xdg-desktop-portal-gtk]; + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; }; programs = { light.enable = true; @@ -87,7 +93,6 @@ in { enable32Bit = true; extraPackages = [ pkgs.mesa - pkgs.amdvlk pkgs.libGL ]; }; @@ -135,7 +140,7 @@ in { enable = true; keyboards = { default = { - ids = ["*"]; + ids = [ "*" ]; settings = { main = { pause = "timeout(esc, 150, space)"; @@ -160,7 +165,7 @@ in { nerd-fonts.ubuntu-mono spleen ]; - fontconfig.defaultFonts.monospace = ["UbuntuMono"]; + fontconfig.defaultFonts.monospace = [ "UbuntuMono" ]; }; system.stateVersion = "22.11"; }