diff --git a/flake.lock b/flake.lock index 528716f0..131b24a9 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -24,6 +24,52 @@ "type": "github" } }, + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1748532342, + "narHash": "sha256-CvaKOUq8G10sghKpZhEB2UYjJoWhEkrDFggDgi7piUI=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "ce9373715fe3fac7a174a65a7e6d6baeba8cb4f9", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "owner": "ipetkov", + "repo": "crane", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -53,11 +99,11 @@ ] }, "locked": { - "lastModified": 1746254942, - "narHash": "sha256-Y062AuRx6l+TJNX8wxZcT59SSLsqD9EedAY0mqgTtQE=", + "lastModified": 1750618568, + "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "760a11c87009155afa0140d55c40e7c336d62d7a", + "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", "type": "github" }, "original": { @@ -67,7 +113,44 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -89,24 +172,6 @@ "inputs": { "systems": "systems_2" }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_3" - }, "locked": { "lastModified": 1726560853, "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", @@ -138,16 +203,15 @@ }, "helix": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": "nixpkgs", "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1746085551, - "narHash": "sha256-WSIUg4DFP8wCDYvefjTzbEKQY1qFtk7DS3p9dJBi8ZU=", + "lastModified": 1750572170, + "narHash": "sha256-8sM1/Nn3IGkPGC+1lu903az6JezwJebLbIzSsqyyJHE=", "owner": "SofusA", "repo": "helix-pull-diagnostics", - "rev": "c156c945f6a43489168880a18b6cf3057f35cae9", + "rev": "50982f9f3a9c5ae3fabc65e358272276a4e10f3d", "type": "github" }, "original": { @@ -185,11 +249,11 @@ ] }, "locked": { - "lastModified": 1746171682, - "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "lastModified": 1747688870, + "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=", "owner": "nix-community", "repo": "home-manager", - "rev": "50eee705bbdbac942074a8c120e8194185633675", + "rev": "d5f1f641b289553927b3801580598d200a501863", "type": "github" }, "original": { @@ -274,7 +338,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -309,13 +373,34 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1745955289, - "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=", + "lastModified": 1750837715, + "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b", + "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", "type": "github" }, "original": { @@ -371,11 +456,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1746285430, - "narHash": "sha256-2Kxw5SNKpU8X7doQaMYVhBtqmq9oZI1ki9kcY7R+meo=", + "lastModified": 1750919644, + "narHash": "sha256-hg9VD07cm6h3O/0XzsUFE7kxQ/AwQg2RfeXVL0R5FyQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cba47ec8b1b7c7c9b907741d0d4584a3b54a032e", + "rev": "140884500627ccdb4a9a700e9d6bc11ce3f6016b", "type": "github" }, "original": { @@ -385,13 +470,29 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs-stable": { "locked": { - "lastModified": 1746183838, - "narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bf3287dac860542719fe7554e21e686108716879", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1750646418, + "narHash": "sha256-4UAN+W0Lp4xnUiHYXUXAPX18t+bn6c4Btry2RqM9JHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1f426f65ac4e6bf808923eb6f8b8c2bfba3d18c5", "type": "github" }, "original": { @@ -436,11 +537,11 @@ "pandoc-latex-template": { "flake": false, "locked": { - "lastModified": 1745688227, - "narHash": "sha256-N1F9l8eAdtB1RoPFIrQRkwUvzxgWHwfVnOEP2QMLQTQ=", + "lastModified": 1750533038, + "narHash": "sha256-EBfgEPUmV0yoKZrnbYWi9BvBGxeYxs3KKVDJD63iQgQ=", "owner": "Wandmalfarbe", "repo": "pandoc-latex-template", - "rev": "62377f36a0ce5b48281e5ee51cb4eef364162037", + "rev": "41daecb19b5e7cf2af13174857d3ec8bc4e6586b", "type": "github" }, "original": { @@ -450,17 +551,12 @@ } }, "quadlet-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, "locked": { - "lastModified": 1743361017, - "narHash": "sha256-RELV9YxfhwjuN4edtVmpupVvHUiWu/KuF4mqzU+neYE=", + "lastModified": 1749099346, + "narHash": "sha256-5gi/YaLVsFztGvVH45eB6jsBmZf+HnvDeSA9RXUqbcY=", "owner": "SEIAROTg", "repo": "quadlet-nix", - "rev": "971479231c7dd2433954dd26c240e1bdc5bd9849", + "rev": "d4119a3423f938427252ba8bbdbe8ce040751864", "type": "github" }, "original": { @@ -472,6 +568,7 @@ "root": { "inputs": { "agenix": "agenix", + "attic": "attic", "darwin": "darwin_2", "helix": "helix", "home-manager": "home-manager_2", @@ -535,11 +632,11 @@ "spoons": { "flake": false, "locked": { - "lastModified": 1740689981, - "narHash": "sha256-NCKuBg7opn8BeP1FTpG0cchYdjlea6sbAaVpX6OApxg=", + "lastModified": 1747090751, + "narHash": "sha256-ZRSRb2QW8hrTkdCg5xezF09DntPocE842rc4ZKt7aHY=", "owner": "Hammerspoon", "repo": "Spoons", - "rev": "95958fc6091491e8269ec2dfc6b97d4a91af9205", + "rev": "e5b871250346c3fe93bac0d431fc75f6f0e2f92a", "type": "github" }, "original": { @@ -593,24 +690,9 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { "inputs": { - "systems": "systems_4" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -628,7 +710,7 @@ }, "wired": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ], @@ -694,11 +776,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1746285501, - "narHash": "sha256-fcluUtvf3OPS3qi0TzC2HH+KXTHvjpRTR9sgx29RDRg=", + "lastModified": 1750907909, + "narHash": "sha256-2WzRZLFUlu13iRGsP+tsaJhCOUESmL8gKtT7zY14TzE=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "de1d2504a615e890a4e9bd3ce35f6293185ba2d9", + "rev": "ac0fcd7e963dce814b69cbedc4d510a95094cc15", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e4b3fc97..ed91eef1 100644 --- a/flake.nix +++ b/flake.nix @@ -33,6 +33,8 @@ wired.inputs.nixpkgs.follows = "nixpkgs"; wired.url = "github:Toqozz/wired-notify"; zen-browser.url = "github:0xc000022070/zen-browser-flake"; + attic.url = "github:zhaofengli/attic"; + attic.inputs.nixpkgs.follows = "nixpkgs"; kmonad = { diff --git a/hosts/ds9/attic.nix b/hosts/ds9/attic.nix new file mode 100644 index 00000000..ba0e3e6d --- /dev/null +++ b/hosts/ds9/attic.nix @@ -0,0 +1,50 @@ +{ + config, + pkgs, + lib, + inputs, + ... +}: +{ + # imports = [ inputs.attic.nixosModules.atticd ]; + ragon.agenix.secrets.ds9AtticEnv = { }; + ragon.persist.extraDirectories = [ + "/var/lib/atticd" + ]; + + services.atticd = { + enable = true; + + # Replace with absolute path to your environment file + environmentFile = config.age.secrets.ds9AtticEnv.path; + + settings = { + listen = "[::]:8089"; + + jwt = { }; + + # Data chunking + # + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + }; + }; +} diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix index 86a53c9e..c35000fc 100644 --- a/hosts/ds9/default.nix +++ b/hosts/ds9/default.nix @@ -19,6 +19,8 @@ in ./samba.nix ./paperless.nix ./maubot.nix + ./woodpecker.nix + ./attic.nix ../../nixos-modules/networking/tailscale.nix ../../nixos-modules/services/docker.nix @@ -236,6 +238,14 @@ in handle @mautrix-signal { import podmanRedir http://mautrix-signal:29328 } + @woodpecker host woodpecker.hailsatan.eu + handle @woodpecker { + import podmanRedir http://woodpecker-server:8000 + } + @attic host attic.hailsatan.eu + handle @attic { + reverse_proxy http://[::1]:8089 + } @auth host auth.hailsatan.eu handle @auth { import podmanRedir http://authentik-server:9000 diff --git a/hosts/ds9/woodpecker.nix b/hosts/ds9/woodpecker.nix new file mode 100644 index 00000000..19c653b7 --- /dev/null +++ b/hosts/ds9/woodpecker.nix @@ -0,0 +1,56 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + virtualisation.podman.dockerSocket.enable = true; + ragon.agenix.secrets.ds9WoodpeckerEnv = { }; + ragon.agenix.secrets.ds9WoodpeckerAgentSecretEnv = { }; + virtualisation.quadlet = { + containers = { + woodpecker-server = { + containerConfig.image = "woodpeckerci/woodpecker-server:v3"; + containerConfig.volumes = [ + "woodpecker-server-data:/var/lib/woodpecker" + ]; + containerConfig.networks = [ + "woodpecker-net" + "podman" + ]; + containerConfig.environments = { + WOODPECKER_HOST = "https://woodpecker.hailsatan.eu"; + WOODPECKER_OPEN = "false"; + }; + containerConfig.environmentFiles = [ + config.age.secrets.ds9WoodpeckerEnv.path + config.age.secrets.ds9WoodpeckerAgentSecretEnv.path + ]; + }; + woodpecker-agent = { + containerConfig.environmentFiles = [ + config.age.secrets.ds9WoodpeckerAgentSecretEnv.path + ]; + containerConfig.image = "woodpeckerci/woodpecker-agent:v3"; + containerConfig.volumes = [ + "woodpecker-agent-config:/etc/woodpecker" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + containerConfig.environments = { + WOODPECKER_SERVER = "woodpecker-server:9000"; + }; + containerConfig.networks = [ + "woodpecker-net" + ]; + }; + }; + networks = { + woodpecker.networkConfig = { + ipv6 = true; + name = "woodpecker-net"; + internal = false; + }; + }; + }; +} diff --git a/hosts/picard/xynospace-matrix.nix b/hosts/picard/xynospace-matrix.nix index 97c94245..c30e08fc 100644 --- a/hosts/picard/xynospace-matrix.nix +++ b/hosts/picard/xynospace-matrix.nix @@ -79,6 +79,7 @@ in settings.database.args.password = "synapse"; settings.app_service_config_files = [ "/var/lib/signalbot.yaml" + "/var/lib/doublepuppet.yaml" ]; settings.listeners = [ { diff --git a/secrets/ds9AtticEnv.age b/secrets/ds9AtticEnv.age new file mode 100644 index 00000000..904351db Binary files /dev/null and b/secrets/ds9AtticEnv.age differ diff --git a/secrets/ds9WoodpeckerAgentSecretEnv.age b/secrets/ds9WoodpeckerAgentSecretEnv.age new file mode 100644 index 00000000..d141eeb7 --- /dev/null +++ b/secrets/ds9WoodpeckerAgentSecretEnv.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 IbXxfw SjzxHVWvKSnbW83QZzp5i2il5n0LLvPDTyJD2SVIU2c +j6sZUs1Eo1sjhUT4ZHmSIeL8QdOK8opjDoiewnZmdyI +-> ssh-ed25519 ugHWWw akRT2dK4KjtgzvG/xLYXVC5U8YWDgYEQuwLYncTKk2s +DGVW7rQgD722uAiryOA+kpTsOVRgdrjXmAoBJuWBGVQ +-> ssh-ed25519 UU9RSA JmAk3ffD6a8zDRmp/FtPVmpHutsQvdL8iVIzK5HdUEY +BWD5ca7hRpkprARNoGrTpWkM1eRiCPBCNabS4gdqhU4 +-> ssh-ed25519 RJI3BA qa4O8TgwhLJdLe5Igf87xmpeO6Rq2Gxd140nkfZCZnQ +FszThW4+tCudV7PV7wONjmrNgWWvdDn5KJ7HXPBDR88 +-> ssh-ed25519 XnvJKw /LX96f7WoqTMsIHKRLBLA5s5+Y8Dko3wtU0n1OAFO0U +e9Y46hS+988H+CHrKlbU6nqsCxz10zJVGtK1qVtKbxY +-> ssh-ed25519 7NL5Ng 43FauFz7tPtAcCdAZHFVEPvhi0UDnwUk2w1QVp147CE +37m19iWIYG7d/ETzWM57I8vDsXLMuuDvDnKhF0WnNH0 +-> ssh-ed25519 5Sll2Q tuTKruUoFDBX2AEyDzQw16c/73GIUC7PttpfyZiEzQ8 +a+TfCkc0/khVSB94xKch38NYMV+JHLlweKxkcP49s14 +--- A4gf6A8kypnziBO/rVhywNnJQO8jdhD8WxVDfn42Wlk +'AF'_.(˰ri㘗B̑޲eъb]6RF"[ﯝT"2`2m9mh5/=iC1(881-pr♡eg$& \ No newline at end of file diff --git a/secrets/ds9WoodpeckerEnv.age b/secrets/ds9WoodpeckerEnv.age new file mode 100644 index 00000000..198ccee4 --- /dev/null +++ b/secrets/ds9WoodpeckerEnv.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 IbXxfw bst8nu5qPfJsRonQbkfvLT6CXfTxTidFzdDOeHTSTEc +y5lD9I45fTwlrm8aKOX0Vxu8cdrQpXH7SF3jw6MRblQ +-> ssh-ed25519 ugHWWw m4B+pX2D7/BxwRg2AHVQW8m7MQa7COhHoD7SHvV8PgA +CtLxr9HLw28EhqT6F8h9TMGGH7pTTY4ZBj1MS2b4EUg +-> ssh-ed25519 UU9RSA 1J8vGSpd5ohxjdLEXMQAC242lKs/tv2h06ma8Y4rJ14 +Sj43KHSI/ZLJuSPx2jMr2hTIMt9WhngH8sxZW3JwYas +-> ssh-ed25519 RJI3BA 3+M0ALiSX9Oyr8FmhisxabGagnjq+11J4mjABgRxljg +J9ElH2kMobFXT71Z5IAAZWvxxzgeex20k4UJMirUp4M +-> ssh-ed25519 XnvJKw PnzDy4O22UR76vjvAEY2edJ/8PPgiMq8YOX4eJH91DU +3EUYb22GYa4+srs2xsoiNum2Q6UBilVJCiIOXbfK3MY +-> ssh-ed25519 7NL5Ng W/khHlFSgF6Gej/JwoeWXfz/3RcVu8ZD6R3Z/W7Y9xc +7vfzgvHq3UcpBjbcJ8MrMgYulsXvnN4M6cesQydrw0A +-> ssh-ed25519 5Sll2Q 8ggz1M9F0+wtPG7tLKXmVWSM86Sd7JbKBS+77eicY0M +SYEfYMxCVOaqOczKxSRWZqufqOoG7WERSRF3M5/pVzA +--- AtKAPGRKe7K9srcRpuG86C55PDQhQhKZJcTnEo9J/og +q36ҍrmyea\ǶE%~X2&u (ki!KYv&]]B?7b=B0Rh~{T/Bsx'ZEws [#/-%&,IkG4紜zಓ dr+2EǷZif\]7_zQ#8Hb/ʰ"̀ ^!J? \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2fa5ed5a..d2c45738 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,6 +21,9 @@ in "ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9AuthentikEnv.age".publicKeys = pubkeys.ragon.host "ds9"; + "ds9WoodpeckerEnv.age".publicKeys = pubkeys.ragon.host "ds9"; + "ds9AtticEnv.age".publicKeys = pubkeys.ragon.host "ds9"; + "ds9WoodpeckerAgentSecretEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9PartDbEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9AuthentikLdapEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "gatebridgeHostKeys.age".publicKeys = pubkeys.ragon.server;