diff --git a/flake.lock b/flake.lock index 6aa6b61..8225915 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ ] }, "locked": { - "lastModified": 1721755137, - "narHash": "sha256-DcJkFNaHGRMIkexx/ol2oNiUFT/zqnZH6dwODdHubIU=", + "lastModified": 1722100913, + "narHash": "sha256-75Hcx5Zu0f+BeCkZxN1frkYacjbkwgCq+z3doVgr4Hw=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "4c72cd4d0b0368ce78bf94ea7f23d47670f0d429", + "rev": "4918e57979bbdbd05aabb20f63e1cb5dc289bcbd", "type": "github" }, "original": { @@ -208,18 +208,22 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], "nixpkgs": [ "nixvim", "nixpkgs" ] }, "locked": { - "lastModified": 1717408969, - "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", + "lastModified": 1721902368, + "narHash": "sha256-noQ5SghRPe0jzQEbFQb3fYbV6LZEzr7lIRQoxlU7fyI=", "owner": "numtide", "repo": "devshell", - "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", + "rev": "cf8c7405479cfde7ea4dc815e195391d2328df10", "type": "github" }, "original": { @@ -235,11 +239,11 @@ ] }, "locked": { - "lastModified": 1721612107, - "narHash": "sha256-1F2N90WqHV14oIn5RpDfzINj4zMi5gBQOt1BAc34gGM=", + "lastModified": 1722028105, + "narHash": "sha256-0ButnGQ1bCMIDblzC6NBSL71Wi6JmHGweI3scoV8CgM=", "owner": "nix-community", "repo": "disko", - "rev": "2f5df5dcceb8473dd5715c4ae92f9b0d5f87fff9", + "rev": "5b01cea8b5753de9c2febd27203c530be14745ff", "type": "github" }, "original": { @@ -372,11 +376,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -418,11 +422,11 @@ ] }, "locked": { - "lastModified": 1720524665, - "narHash": "sha256-ni/87oHPZm6Gv0ECYxr1f6uxB0UKBWJ6HvS7lwLU6oY=", + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "8d6a17d0cdf411c55f12602624df6368ad86fac1", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", "type": "github" }, "original": { @@ -498,11 +502,11 @@ ] }, "locked": { - "lastModified": 1721534365, - "narHash": "sha256-XpZOkaSJKdOsz1wU6JfO59Rx2fqtcarQ0y6ndIOKNpI=", + "lastModified": 1722119539, + "narHash": "sha256-2kU90liMle0vKR8exJx1XM4hZh9CdNgZGHCTbeA9yzY=", "owner": "nix-community", "repo": "home-manager", - "rev": "635563f245309ef5320f80c7ebcb89b2398d2949", + "rev": "d0240a064db3987eb4d5204cf2400bc4452d9922", "type": "github" }, "original": { @@ -541,11 +545,11 @@ ] }, "locked": { - "lastModified": 1720734513, - "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=", + "lastModified": 1721852138, + "narHash": "sha256-JH8N5uoqoVA6erV4O40VtKKHsnfmhvMGbxMNDLtim5o=", "owner": "nix-community", "repo": "home-manager", - "rev": "90ae324e2c56af10f20549ab72014804a3064c7f", + "rev": "304a011325b7ac7b8c9950333cd215a7aa146b0e", "type": "github" }, "original": { @@ -616,11 +620,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1721831547, - "narHash": "sha256-ueSN0oXsQ9aqA8CGBaJULXxYWap8Zchdp8wzgWTzQe4=", + "lastModified": 1722181325, + "narHash": "sha256-tBpry8IeRnwj8ThDsj4tzPo6WrOnERJe7HANCwN/rZY=", "ref": "refs/heads/main", - "rev": "8d3920c882f0587c5b3224135f668dce8bb0b04f", - "revCount": 4973, + "rev": "fcff2dcac24ca497a39c1cb271d449ade037b7ad", + "revCount": 5005, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -645,11 +649,11 @@ ] }, "locked": { - "lastModified": 1718746314, - "narHash": "sha256-HUklK5u86w2Yh9dOkk4FdsL8eehcOZ95jPhLixGDRQY=", + "lastModified": 1721326555, + "narHash": "sha256-zCu4R0CSHEactW9JqYki26gy8h9f6rHmSwj4XJmlHgg=", "owner": "hyprwm", "repo": "hyprland-protocols", - "rev": "1b61f0093afff20ab44d88ad707aed8bf2215290", + "rev": "5a11232266bf1a1f5952d5b179c3f4b2facaaa84", "type": "github" }, "original": { @@ -699,11 +703,11 @@ ] }, "locked": { - "lastModified": 1721324102, - "narHash": "sha256-WAZ0X6yJW1hFG6otkHBfyJDKRpNP5stsRqdEuHrFRpk=", + "lastModified": 1722098849, + "narHash": "sha256-D3wIZlBNh7LuZ0NaoCpY/Pvu+xHxIVtSN+KkWZYvvVs=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "962582a090bc233c4de9d9897f46794280288989", + "rev": "5dcbbc1e3de40b2cecfd2007434d86e924468f1f", "type": "github" }, "original": { @@ -764,11 +768,11 @@ ] }, "locked": { - "lastModified": 1720845312, - "narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=", + "lastModified": 1721719500, + "narHash": "sha256-nnkqjv4Y37Hydjh6HE9wW4kSkV5Q7q4iIXlL5lwUFOw=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc", + "rev": "884f3fe6d9bf056ba0017c132c39c1f0d07d4fec", "type": "github" }, "original": { @@ -801,11 +805,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1721413321, - "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=", + "lastModified": 1722114937, + "narHash": "sha256-MOZ9woPwdpFJcHx3wic2Mlw9aztdKjMnFT3FaeLzJkM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f", + "rev": "e67b60fb1b2c3aad2202d95b91d4c218cf2a4fdd", "type": "github" }, "original": { @@ -824,11 +828,11 @@ ] }, "locked": { - "lastModified": 1721650907, - "narHash": "sha256-2VX/zPeLhGTsHpToFH1gfI+oGNS6m7ZUWWaqwmw3HVY=", + "lastModified": 1722012218, + "narHash": "sha256-Rnjo49C5/slnmcQW9c57IdiHJZ3YEFmUn3as/NIPD4E=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "6686cbe947cb8b135e229ad2a3447b88d1cf6da9", + "rev": "ac026940beb42f74c5666f6ed3989aca41eddeea", "type": "github" }, "original": { @@ -886,11 +890,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1721379653, - "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=", + "lastModified": 1722062969, + "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374", + "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", "type": "github" }, "original": { @@ -901,11 +905,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1721379653, - "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=", + "lastModified": 1721924956, + "narHash": "sha256-Sb1jlyRO+N8jBXEX9Pg9Z1Qb8Bw9QyOgLDNMEpmjZ2M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374", + "rev": "5ad6a14c6bf098e98800b091668718c336effc95", "type": "github" }, "original": { @@ -917,11 +921,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1721548954, - "narHash": "sha256-7cCC8+Tdq1+3OPyc3+gVo9dzUNkNIQfwSDJ2HSi2u3o=", + "lastModified": 1722087241, + "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "63d37ccd2d178d54e7fb691d7ec76000740ea24a", + "rev": "8c50662509100d53229d4be607f1a3a31157fa12", "type": "github" }, "original": { @@ -958,14 +962,15 @@ "nixpkgs": [ "nixpkgs-unstable" ], + "nuschtosSearch": "nuschtosSearch", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1721651056, - "narHash": "sha256-GOm1qWrT0MurD/84RzWj/E6GPmzPT5nH/hrSYohtlxs=", + "lastModified": 1722111246, + "narHash": "sha256-5ikGEPb8oqup5tTWpvmC8V/ts9ss0VXsPNtlbz7IAYU=", "owner": "nix-community", "repo": "nixvim", - "rev": "6dc0bda459bcfb2a38cf7b6ed1d6a5d6a8105f00", + "rev": "59941a5300b1b13d6aac0a5115c8fc5b955b5405", "type": "github" }, "original": { @@ -976,11 +981,11 @@ }, "nur": { "locked": { - "lastModified": 1721659002, - "narHash": "sha256-xTW+3zEOLtfBblZPSXsSSfMLnk6DgPjVCO+ZEGkGn84=", + "lastModified": 1722192323, + "narHash": "sha256-sbfkDGDcDXr9YdkV/LZmnjOGbggKYxQEw3eLNXo1Wr8=", "owner": "nix-community", "repo": "NUR", - "rev": "1cbdff10e618eaa7c0f9cfbde10adc648d45d536", + "rev": "f74526a42c8a2ec2ed5b546c3504cbc105f39999", "type": "github" }, "original": { @@ -989,6 +994,28 @@ "type": "github" } }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721548975, + "narHash": "sha256-agCbztdk1f7nCUz03R6xdbivuBRuqubP2RHW+MNuRTg=", + "owner": "NuschtOS", + "repo": "search", + "rev": "551b031e2bc0bcc9584347a8da6312e57169661d", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -1023,11 +1050,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1721573849, - "narHash": "sha256-pHfzFzjADtCqMswGwrfC5klBWJZ6h94bxVrVObJLrEM=", + "lastModified": 1721989207, + "narHash": "sha256-APKQeMMdh1O1W3OnxEvNfHNBiE4eRvEN6rosFr2dLHE=", "owner": "danth", "repo": "stylix", - "rev": "0ef70039a6435446472182c8f8106947abfc523d", + "rev": "b9de20c76e8d5c13cf2304d23cf589803c311670", "type": "github" }, "original": { @@ -1119,11 +1146,11 @@ ] }, "locked": { - "lastModified": 1720818892, - "narHash": "sha256-f52x9srIcqQm1Df3T+xYR5P6VfdnDFa2vkkcLhlTp6U=", + "lastModified": 1721769617, + "narHash": "sha256-6Pqa0bi5nV74IZcENKYRToRNM5obo1EQ+3ihtunJ014=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5b002f8a53ed04c1a4177e7b00809d57bd2c696f", + "rev": "8db8970be1fb8be9c845af7ebec53b699fe7e009", "type": "github" }, "original": { @@ -1149,11 +1176,11 @@ ] }, "locked": { - "lastModified": 1721648131, - "narHash": "sha256-cyyxu/oj4QEFp3CVx2WeXa9T4OAUyynuBJHGkBZSxJI=", + "lastModified": 1722181019, + "narHash": "sha256-Lj/g1UzrsTZUixtveQix6eB3pon2j23qv5/5pzTx0LQ=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "663be9cad424b170b28b9fa8a61042d721007f3b", + "rev": "0e2f3b9c85f7bab3983098a01366876d34daf383", "type": "github" }, "original": { diff --git a/modules/services/default.nix b/modules/services/default.nix index bcaff1e..852eb3f 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -4,6 +4,7 @@ ./acme.nix ./caldav.nix ./opensnitch.nix + ./github-runner.nix ./adguard.nix ./dnsmasq.nix ./games diff --git a/modules/services/github-runner.nix b/modules/services/github-runner.nix index 1ddc2ab..4903dec 100644 --- a/modules/services/github-runner.nix +++ b/modules/services/github-runner.nix @@ -1,42 +1,46 @@ { config, pkgs, lib, inputs, ... }: -{ - nixpkgs.config.permittedInsecurePackages = [ - "nodejs-16.20.2" - ]; - - users.groups.github-actions-runner = {}; +let cfg = config.custom.services.github-runner; +in { + options.custom.services.github-runner = { + enable = lib.mkEnableOption "Enables github-runner service."; + }; + config = lib.mkIf cfg.enable { + nixpkgs.config.permittedInsecurePackages = [ "nodejs-16.20.2" ]; + + users.groups.github-actions-runner = { }; users.users.github-actions-runner = { - isSystemUser = true; - hashedPasswordFile = config.age.secrets.github-runner-pw.path; - group = "github-actions-runner"; - extraGroups = [ "docker" ]; + isSystemUser = true; + hashedPasswordFile = config.age.secrets.github-runner-pw.path; + group = "github-actions-runner"; + extraGroups = [ "docker" ]; }; age.secrets.github-runner-token = { - file = ../../secrets/github-runner-token.age; - owner = "github-actions-runner"; - group = "github-actions-runner"; + file = ../../secrets/github-runner-token.age; + owner = "github-actions-runner"; + group = "github-actions-runner"; }; age.secrets.github-runner-pw = { - file = ../../secrets/github-runner-pw.age; - owner = "github-actions-runner"; - group = "github-actions-runner"; + file = ../../secrets/github-runner-pw.age; + owner = "github-actions-runner"; + group = "github-actions-runner"; }; systemd.tmpfiles.rules = [ - "d /github-actions-runner 0770 github-actions-runner github-actions-runner -" - "d /data 0770 github-actions-runner nginx -" - "d /data/website 0770 github-actions-runner nginx -" + "d /github-actions-runner 0770 github-actions-runner github-actions-runner -" ]; services.github-runners.oberprofis = { - enable = true; - name = "nixos-server"; - tokenFile = config.age.secrets.github-runner-token.path; - url = "https://github.com/oberprofis"; - user = "github-actions-runner"; - workDir = "/github-actions-runner"; - extraPackages = with pkgs; [ rsync nodePackages.pnpm nodejs_18 ]; - serviceOverrides = { - BindPaths= [ "/github-actions-runner" "/data/website" ] ++ lib.optional config.services.kavita.enable "/mnt/1tbssd/kavita"; - UMask = "022"; - }; + enable = true; + name = "nixos-server"; + tokenFile = config.age.secrets.github-runner-token.path; + url = "https://github.com/oberprofis"; + user = "github-actions-runner"; + workDir = "/github-actions-runner"; + extraPackages = with pkgs; [ rsync nodePackages.pnpm nodejs_18 ]; + serviceOverrides = { + BindPaths = [ "/github-actions-runner" ] + ++ lib.optional config.custom.services.kavita.enable + config.custom.services.kavita.dir; + UMask = "022"; + }; }; + }; } diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index b64b9a6..bf258bd 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -19,11 +19,6 @@ in { owner = "nginx"; }; - systemd.tmpfiles.rules = [ - "d /data 0770 github-actions-runner nginx -" - "d /data/website 0770 github-actions-runner nginx -" - ]; - services.nginx = { enable = true; package = pkgs.nginxQuic; diff --git a/systems/mini-pc-proxmox/configuration.nix b/systems/mini-pc-proxmox/configuration.nix index f617ac6..cecc4eb 100644 --- a/systems/mini-pc-proxmox/configuration.nix +++ b/systems/mini-pc-proxmox/configuration.nix @@ -68,6 +68,7 @@ services = { acme.enable = true; gitolite.enable = true; + github-runner.enable = true; caldav.enable = true; kop-monitor.enable = true; kop-fileshare = {