erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Compare commits

base: erwin:1a37a82af9d576b1e1e91583e616a3639b575497
Branches Tags
erwin:main
...
compare: erwin:071736afcf74333fe1a670d8b28e2b6c7ece89b5
Branches Tags
erwin:main

10 commits
1a37a82af9 ... 071736afcf

Author SHA1 Message Date
Erwin Boskma
071736afcf
woodpecker: Use "podman" network
Some checks failed
/ check (push) Failing after 2m39s
Details
2024-01-29 10:29:42 +01:00
Erwin Boskma
395c4f63b7
Add openfga to overlay 2024-01-29 10:29:30 +01:00
Erwin Boskma
dc3a9097f5
nix: Add attic binary cache 2024-01-29 10:29:09 +01:00
Erwin Boskma
f96b9959b5
base: Update probe-rs udev rules hash 2024-01-29 10:28:48 +01:00
Erwin Boskma
6a5938be3f
forgejo: Explicitly enable cron, set actions runner log level 2024-01-29 10:28:13 +01:00
Erwin Boskma
24c40e685e
Delete obsolete machine config 2024-01-29 10:27:59 +01:00
Erwin Boskma
70421d5ecb
Tell systemd to accept any connected interface as online 2024-01-29 10:27:21 +01:00
Erwin Boskma
33c4fb6314
flake: On second thought, disable statix alltogether 
It's not providing enough value for the annoyances it causes. Like not accepting
multiple filenames.
 2024-01-29 10:25:12 +01:00
Erwin Boskma
cc7230d92f
flake: Run statix hook only on staged files 2024-01-29 10:19:05 +01:00
Erwin Boskma
29e3f7d597
emacs: Add hare-mode 2024-01-29 10:18:41 +01:00
18 changed files with 49 additions and 108 deletions
Show stats Expand all files Collapse all files

1
flake.nix
View file

@ -209,7 +209,6 @@
hooks = { hooks = {
nixpkgs-fmt.enable = true; nixpkgs-fmt.enable = true;
deadnix.enable = true; deadnix.enable = true;
statix.enable = true;
black.enable = true; black.enable = true;
shellcheck = { shellcheck = {
enable = true; enable = true;

10
home-manager/modules/emacs/config.org
View file

@ -1700,6 +1700,16 @@ Register =nushell= LSP with eglot
'(nushell-ts-mode . ("nu" "--lsp")))) '(nushell-ts-mode . ("nu" "--lsp"))))
#+end_src #+end_src
*** hare
[[https://git.sr.ht/~bbuccianti/hare-mode][hare-mode]] for [[https://harelang.org][hare]] support.
#+begin_src emacs-lisp
(use-package hare-mode
:ensure nil ;; It's installed outside emacs
)
#+end_src
* Org * Org
** Main org setup ** Main org setup

12
home-manager/modules/emacs/default.nix
View file

@ -23,6 +23,17 @@ with lib; let
}; };
}; };
hare-mode = pkgs.emacsPackages.trivialBuild {
pname = "hare-mode";
version = "unstable-2022-04-27";
src = pkgs.fetchFromSourcehut {
owner = "~bbuccianti";
repo = "hare-mode";
rev = "bb7b2faccb5939b0c8d4ffa6a6e28a0d2bc93dd6";
sha256 = "SOnsNDWKL077AgTdpd9zZPhiyv8d/snllzTy53qlco8=";
};
};
emacsWithPackages = pkgs.emacsWithPackagesFromUsePackage { emacsWithPackages = pkgs.emacsWithPackagesFromUsePackage {
config = config =
let let
@ -35,6 +46,7 @@ with lib; let
alwaysEnsure = true; alwaysEnsure = true;
alwaysTangle = true; alwaysTangle = true;
extraEmacsPackages = epkgs: with epkgs; [ extraEmacsPackages = epkgs: with epkgs; [
hare-mode
vterm vterm
(treesit-grammars.with-grammars (p: with p; [ (treesit-grammars.with-grammars (p: with p; [
tree-sitter-bash tree-sitter-bash

2
machines/ci/configuration.nix
View file

@ -55,6 +55,8 @@
systemd.network = { systemd.network = {
enable = true; enable = true;
wait-online.anyInterface = true;
networks = { networks = {
"40-eth0" = { "40-eth0" = {
matchConfig = { matchConfig = {

63
machines/drone/configuration.nix
View file

@ -1,63 +0,0 @@
{ self, ... }:
{ modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
podman.enable = true;
# drone.enable = true;
nix-common = {
enable = true;
remote-builders = true;
};
woodpecker.enable = true;
};
boot.isContainer = true;
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
# networking = {
# hostName = "drone";
# useDHCP = false;
# interfaces = {
# eth0 = {
# ipv4.addresses = [
# {
# address = "10.0.0.202";
# prefixLength = 24;
# }
# ];
# };
# };
# defaultGateway = "10.0.0.1";
# nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = {
privileged = true;
};
security.sudo.execWheelOnly = true;
services.tailscale.enable = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
woodpecker-server = { };
woodpecker-agent = { };
};
system.stateVersion = "23.11";
}

42
machines/drone/secrets.yaml
View file

@ -1,42 +0,0 @@
drone: ENC[AES256_GCM,data:PZPChq/iQDw7gOfdmSOB4ZvtWgnT55lMc1/kSKVoh5kTkIX+FdNE7uJlhKJQHryYWdrbyoRu09RhhPLr27oWeiCvN4Z0QmM9ofrM4CfuUPotp3niZIjfXrLIiX2s1JlxT2eElEwkX2h1UCIC+tNqFCL+ThLkP4iMmeXRXwFBIOahYscskwbmutbyraj/yQq3KcwUyFLd618pDT+0VWiBETQudauWdmJXFDW/rKW7STTVhe/7ixCIw3O5BYThOin9YhZSZxje225+bBB8vPM6NfdvNCHEtzAwxTjtm3n0beqsAAxd6hzQXk3L7a2X6Y+mmK1XMjmLhsGgI5B6Zssmv3/3oTSczn+YdtfT9bz0KxaZtJdQrYEfVowKEQMTcWO5H55F5Mv+qShweIAcWqKInFb6+EDjyPzABlN/S9/XJakQsPxcCwBKKusYr3P3IFjNnzdZD18ayhc6frs4TJmSGcQIkW/cCWNjwpct/yVbkIrIXZEWb7DoZ0M=,iv:F++KLxnqAtBhcSdj5rZhGpVvCKfI8y5HhvlejCfwi/k=,tag:YdiiZUN7wGn9yA1evMu5jg==,type:str]
drone-runner: ENC[AES256_GCM,data:Uh7OQSDtV0M5j00oHHm4uz4zwi+1W1k2qd5uXoROj5tcgNs76YBcfkU7d+1qXj/Hma7++HOcga0LvF1+Dl/GJQyj47kVFi/+h6I9yiuoO5sW3nxh5pW5W1Ws1qchKqVhoyZLf0K4AnYE2puleKcYXfogJ1hjnB3vn5F/eOKA/QB+7KfaVPRUGZsUYQw3rHLdTbTFHXPv//z8xxYqY5JcG+vvWsHXiI/sKSTZBWoPJEZnKK2mo8+dbZn3nSj29luG,iv:40JTvOJ7isGcHGg9KI5ED8Ju5knmIWP1m/i/dwlpG/M=,tag:GHbkLIeuiGVlNsR2EW/PGw==,type:str]
woodpecker-server: ENC[AES256_GCM,data:cW108wxYT2b65pCRcwZBoRi6eQsB4NrcUNLirfQkkqPPOymT4QFyE5Zmx6K1P33dUSAj5nA0Eh0HOsS8RhFQIOPZA9za4Ffs51Ex0HkQozduqusDGaENWR+zBOTgRhgIrwQlDSHh8UgLTzOgN8hpEqR8fFVsiWCcCAuOFjDNyczywtbbu2jNHzG6FMz2fdXy7p1dRmyTq1sFjoMEkJM5Ix8oRB8zWV+O3l6XE7Uw1vD3QbOsJiqcbWFoNw==,iv:VIlHVVvuBSZiO/tMgd/4HpT2uecn1WqJE60SkHaX+80=,tag:+xfTfq2FgSrPUVXeH4tJkQ==,type:str]
woodpecker-agent: ENC[AES256_GCM,data:YO9MCMIPVOEU+6euiCHuAN+tFFs8JkRRmb9+AIhMEuQE2ObajfJZ3NN5LsccIT9z1axA/gfjLrxM,iv:UDimHs2cKyCvy0XGdDzgX2ry114qz3V1KaXlXL3yYgI=,tag:OGITUerrT0nWU85fxcpEig==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNmcxQ1Y5RG9MVHEzdnNr
RmlJQ1hPdnNCY3lYUWVvTkZhZXo0RVhoN0hnCjJGTkFFdVc5Wk5NYU91dy9BQUp4
MFVQa0tTZU1RVGw3MW1VSXVQbmlxbjgKLS0tIFRneitlYVk1MFk2MzVIM3F5VmND
L1RyYWdDY2luRXFURXk0VFFJd2lLaXMKy5wkq+jCbIHbmRz5634R0NNHKe+UoI7C
DWtdxyloAP/yjxAviEOYPiU3uFU1HOois1fTs4do6aH+KjpSBTzKtA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZG5ScG1pRG9wNXU0UkNE
UE1weWgrYUdML1FZaWFTV0FYeGY5R1h5UWhNCnRJRzdFZzlLV0J3L0ZUdnZIQTZl
RENaNTFIK2lzOGxyaUo5SmlDZXRFMXcKLS0tIDEzdVlYenpielVSeDBzbXVVTzVI
VC9JN21xdGtNT3Z5aXMzYkxNUUVHelUKvkXny/4jgq8WUAHyIJC7yiiAXWiJtO/H
N/460b+VNHCu72soV/eeGSeuZ0Nlm3s/x+/gqagO5SRVy5I1oeFIgQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1q0dfxz58vt4zxwx2etqy8xycf4l0p5nujpznh53kd0fwwc28ms7q6qrhct
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEU29ITG81c3dWQzA2SUVh
OHV2RlpkZ2gvVnVXQ3MwY0NIZFdLL1BtVFhZCkN3TXJQelE4VlRuK0V3SWxFR1Rs
VWJLN2ZZMHFucVlxY0REZG5PVmpHVVUKLS0tIEpvc0VOQ0FHVnJDQ1Z1anZybTNV
UHFBcS9PbGRkNzk1R1ppYUIwOGFhaTgKNOmhKLNm3HZ1xU/xY3ImDqiLDSqZvw/V
w5IaQNmgUt/TDBCxkLcnyynHkmgwMUZjRihIukC7yvxncHc2hQrrDA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-12T09:28:02Z"
mac: ENC[AES256_GCM,data:mE0O44Sa+RMqRoCqXftn3GuPFLHiyGn3tVlYgBGc973nP7mz5ZwClNgja1gk+MNolnztsrwgso5ZiNpriyI7pGKd/dG6DJQrGixqhRvgyNyIESGEuN9n6bfhYNNSzV1yRb9V6Z7iELkut03gvVU9by0MosJ7SJPMyDyZZ4tMFeA=,iv:rzrvGwJQAdbMcHQ7U/JFB08V7o2keLI1kUrUs9RaClA=,tag:UpE7ZeG7S32CNKsgT+rMMQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

2
machines/gitea-runner/configuration.nix
View file

@ -44,6 +44,8 @@
systemd.network = { systemd.network = {
enable = true; enable = true;
wait-online.anyInterface = true;
networks = { networks = {
"40-eth0" = { "40-eth0" = {
matchConfig = { matchConfig = {

3
machines/gitea-runner/gitea-runner/default.nix
View file

@ -12,6 +12,9 @@
"nix:docker://ghcr.io/eboskma/forgejo-nix-runner:latest" "nix:docker://ghcr.io/eboskma/forgejo-nix-runner:latest"
]; ];
settings = { settings = {
log = {
level = "info";
};
runner = { runner = {
capacity = 1; capacity = 1;
}; };

2
machines/gitea/configuration.nix
View file

@ -48,6 +48,8 @@
systemd.network = { systemd.network = {
enable = true; enable = true;
wait-online.anyInterface = true;
networks = { networks = {
"40-eth0" = { "40-eth0" = {
matchConfig = { matchConfig = {

6
machines/gitea/forgejo/default.nix
View file

@ -74,7 +74,11 @@ in
ALLOWED_HOST_LIST = "external,10.0.0.202/32,ci.datarift.nl,10.0.0.210/32"; ALLOWED_HOST_LIST = "external,10.0.0.202/32,ci.datarift.nl,10.0.0.210/32";
}; };
# Experimental Actions cron = {
ENABLED = true;
RUN_AT_START = true;
};
actions = { actions = {
ENABLED = true; ENABLED = true;
}; };

2
machines/k3s-test/configuration.nix
View file

@ -45,6 +45,8 @@
network = { network = {
enable = true; enable = true;
wait-online.anyInterface = true;
networks = { networks = {
"40-eth0" = { "40-eth0" = {
matchConfig = { matchConfig = {

2
machines/minio/configuration.nix
View file

@ -41,6 +41,8 @@
systemd.network = { systemd.network = {
enable = true; enable = true;
wait-online.anyInterface = true;
networks = { networks = {
"40-eth0" = { "40-eth0" = {
matchConfig = { matchConfig = {

2
machines/nix-cache/configuration.nix
View file

@ -41,6 +41,8 @@
network = { network = {
enable = true; enable = true;
wait-online.anyInterface = true;
networks = { networks = {
"40-eth0" = { "40-eth0" = {
matchConfig = { matchConfig = {

2
machines/proxy/configuration.nix
View file

@ -53,6 +53,8 @@
systemd.network = { systemd.network = {
enable = true; enable = true;
wait-online.anyInterface = true;
networks = { networks = {
"40-eth0" = { "40-eth0" = {
matchConfig = { matchConfig = {

2
modules/base/probe-rs/default.nix
View file

@ -8,7 +8,7 @@ mkDerivation {
src = builtins.fetchurl { src = builtins.fetchurl {
url = "https://probe.rs/files/69-probe-rs.rules"; url = "https://probe.rs/files/69-probe-rs.rules";
sha256 = "LkWFZVCL8h5MAd5T89CApjsjuKS2aw8OZFWFx+OrGkk="; sha256 = "1dLTJ0S5Fxs0y3yme7blGqUG8RwQj/BkZV8PIrmX5gI=";
}; };
dontUnpack = true; dontUnpack = true;

2
modules/nix-common/default.nix
View file

@ -50,6 +50,7 @@ in
"https://marcus7070.cachix.org" "https://marcus7070.cachix.org"
"https://devenv.cachix.org" "https://devenv.cachix.org"
"https://elixir-tools.cachix.org" "https://elixir-tools.cachix.org"
"https://staging.attic.rs/attic-ci"
]; ];
trusted-public-keys = [ trusted-public-keys = [
@ -57,6 +58,7 @@ in
"marcus7070.cachix.org-1:JawxHSgnYsgNYJmNqZwvLjI4NcOwrcEZDToWlT3WwXw=" "marcus7070.cachix.org-1:JawxHSgnYsgNYJmNqZwvLjI4NcOwrcEZDToWlT3WwXw="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"elixir-tools.cachix.org-1:GfK9E139Ysi+YWeS1oNN9OaTfQjqpLwlBaz+/73tBjU=" "elixir-tools.cachix.org-1:GfK9E139Ysi+YWeS1oNN9OaTfQjqpLwlBaz+/73tBjU="
"attic-ci:U5Sey4mUxwBXM3iFapmP0/ogODXywKLRNgRPQpEXxbo="
]; ];
experimental-features = [ experimental-features = [
"nix-command" "nix-command"

1
modules/woodpecker/default.nix
View file

@ -25,6 +25,7 @@ in
WOODPECKER_SERVER = "localhost:9000"; WOODPECKER_SERVER = "localhost:9000";
WOODPECKER_MAX_PROCS = "2"; WOODPECKER_MAX_PROCS = "2";
WOODPECKER_BACKEND = "docker"; WOODPECKER_BACKEND = "docker";
WOODPECKER_BACKEND_DOCKER_NETWORK = "podman";
DOCKER_HOST = "unix:///run/podman/podman.sock"; DOCKER_HOST = "unix:///run/podman/podman.sock";
}; };
environmentFile = [ config.sops.secrets.woodpecker-agent.path ]; environmentFile = [ config.sops.secrets.woodpecker-agent.path ];

1
overlays/default.nix
View file

@ -23,4 +23,5 @@ _final: prev: {
}); });
incus-ui = prev.pkgs.callPackage ../pkgs/incus-ui { }; incus-ui = prev.pkgs.callPackage ../pkgs/incus-ui { };
openfga = prev.pkgs.callPackage ../pkgs/openfga { };
} }