msyds/sydnix
1
0
Fork 0
Code Issues 6 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Compare commits

base: msyds:0cb3d69fd4997e9be85617634f1fcfa5ed87d5c9
Branches Tags
msyds:main msyds:fix-zotero msyds:attic
..
compare: msyds:attic
Branches Tags
msyds:main msyds:fix-zotero msyds:attic

1 Commits
0cb3d69fd4 ... attic

Author SHA1 Message Date
Madeleine Sydney Ślaga
4c1ccd22ff wip: attic
All checks were successful
build / build-sydpc (push) Successful in 33s
Details
build / build-fruitbook (push) Successful in 30s
Details
build / build-deertopia (push) Successful in 40s
Details
2026-03-05 11:29:12 -07:00
9 changed files with 151 additions and 157 deletions
Expand all files Collapse all files

144
flake.lock generated
View File

@@ -21,28 +21,28 @@
"base16-fish": { "base16-fish": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1765809053, "lastModified": 1754405784,
"narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=",
"owner": "tomyun", "owner": "tomyun",
"repo": "base16-fish", "repo": "base16-fish",
"rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tomyun", "owner": "tomyun",
"repo": "base16-fish", "repo": "base16-fish",
"rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github" "type": "github"
} }
}, },
"base16-helix": { "base16-helix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1760703920, "lastModified": 1752979451,
"narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-helix", "repo": "base16-helix",
"rev": "d646af9b7d14bff08824538164af99d0c521b185", "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -129,11 +129,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1764873433, "lastModified": 1758112371,
"narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -149,7 +149,7 @@
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69, "revCount": 69,
"type": "tarball", "type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz?rev=ff81ac966bb2cae68946d5ed5fc4994f96d0ffec&revCount=69"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -161,11 +161,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1772408722, "lastModified": 1754091436,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -203,11 +203,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767609335, "lastModified": 1756770412,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca", "rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -287,11 +287,11 @@
"flake": false, "flake": false,
"locked": { "locked": {
"host": "gitlab.gnome.org", "host": "gitlab.gnome.org",
"lastModified": 1767737596, "lastModified": 1762869044,
"narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", "narHash": "sha256-nwm/GJ2Syigf7VccLAZ66mFC8mZJFqpJmIxSGKl7+Ds=",
"owner": "GNOME", "owner": "GNOME",
"repo": "gnome-shell", "repo": "gnome-shell",
"rev": "ef02db02bf0ff342734d525b5767814770d85b49", "rev": "680e3d195a92203f28d4bf8c6e8bb537cc3ed4ad",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -307,11 +307,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1772807318, "lastModified": 1768325819,
"narHash": "sha256-Qjw6ILt8cb2HQQpCmWNLMZZ63wEo1KjTQt+1BcQBr7k=", "narHash": "sha256-mBKqOJkxCRwEhIXfq93WTcDXsBlJ/f1Dfv9thJxrDPs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "daa2c221320809f5514edde74d0ad0193ad54ed8", "rev": "b1fa714d6cd656e3105d1965637be6ab7541d7d7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -345,11 +345,11 @@
"xwayland-satellite-unstable": "xwayland-satellite-unstable" "xwayland-satellite-unstable": "xwayland-satellite-unstable"
}, },
"locked": { "locked": {
"lastModified": 1772698812, "lastModified": 1768306584,
"narHash": "sha256-7+K/VaZ7TXUeUGSYshg8wC3UsRZHB+M4x6r38Q1B79c=", "narHash": "sha256-GWLONqOKcsWKFYqoEIFbIv6Ti/xoSvsYC9LzZzB1oj4=",
"owner": "sodiboo", "owner": "sodiboo",
"repo": "niri-flake", "repo": "niri-flake",
"rev": "5641625ef950f024e3e0e3f38bb91f876290c0be", "rev": "1b8c8ba473cf336d74ffb05ee453c8fe6a05bbbc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -378,11 +378,11 @@
"niri-unstable": { "niri-unstable": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1772207631, "lastModified": 1768196703,
"narHash": "sha256-Jkkg+KqshFO3CbTszVVpkKN2AOObYz+wMsM3ONo1z5g=", "narHash": "sha256-mttBQdVnVFO3mn+M+oqCsZZOtS2HvXYy+VaHxb8YuMw=",
"owner": "YaLTeR", "owner": "YaLTeR",
"repo": "niri", "repo": "niri",
"rev": "e708f546153f74acf33eb183b3b2992587a701e5", "rev": "3672e79369d72297abda8878245ea4ec327062c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -423,11 +423,11 @@
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1772813986, "lastModified": 1764576281,
"narHash": "sha256-x0fD+LL+O99p36c2UnjnHvVq4/7TvGH/8G5lTNIJBCo=", "narHash": "sha256-f6vfwmIb9C3brI4/KJ9MFUDWt6FsKQ0dbMO6AuFc7E0=",
"owner": "KaylorBen", "owner": "KaylorBen",
"repo": "nixcord", "repo": "nixcord",
"rev": "e433a2919eb9b3a8c85ab3017c08685816e63a66", "rev": "c8f47894134a4984acd319e66c4384eb1ff886e2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -454,11 +454,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1772328832, "lastModified": 1753579242,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -485,11 +485,11 @@
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1772598333, "lastModified": 1768242861,
"narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=", "narHash": "sha256-F4IIxa5xDHjtrmMcayM8lHctUq1oGltfBQu2+oqDWP4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239", "rev": "1327e798cb055f96f92685df444e9a2c326ab5ed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -549,11 +549,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1772542754, "lastModified": 1767892417,
"narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=", "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4", "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -565,11 +565,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1772624091, "lastModified": 1768127708,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -581,27 +581,27 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1772465433, "lastModified": 1754028485,
"narHash": "sha256-ywy9troNEfpgh0Ee+zaV1UTgU8kYBVKtvPSxh6clYGU=", "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c581273b8d5bdf1c6ce7e0a54da9841e6a763913", "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.11", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1772736753, "lastModified": 1768178648,
"narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", "narHash": "sha256-kz/F6mhESPvU1diB7tOM3nLcBfQe7GU7GQCymRlTi/s=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "917fec990948658ef1ccd07cef2a1ef060786846", "rev": "3fbab70c6e69c87ea2b6e48aa6629da2aa6a23b0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -629,11 +629,11 @@
}, },
"nixpkgs_8": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1767767207, "lastModified": 1762977756,
"narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5912c1772a44e31bf1c63c0390b90501e5026886", "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -693,11 +693,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767810917, "lastModified": 1758998580,
"narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -763,11 +763,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1772296853, "lastModified": 1764550443,
"narHash": "sha256-pAtzPsgHRKw/2Kv8HgAjSJg450FDldHPWsP3AKG/Xj0=", "narHash": "sha256-ArO2V1YEHmEILilTj4KPtqF4gqc1q2HBrrrmygQ/UyU=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "c4b8e80a1020e09a1f081ad0f98ce804a6e85acf", "rev": "794b6e1fa75177ebfeb32967f135858a1ab1ba15",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -913,11 +913,11 @@
"tinted-schemes": { "tinted-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1767710407, "lastModified": 1757716333,
"narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "schemes", "repo": "schemes",
"rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -929,11 +929,11 @@
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1767489635, "lastModified": 1757811970,
"narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -945,11 +945,11 @@
"tinted-zed": { "tinted-zed": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1767488740, "lastModified": 1757811247,
"narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-zed", "repo": "base16-zed",
"rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1035,11 +1035,11 @@
"xwayland-satellite-unstable": { "xwayland-satellite-unstable": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1772429643, "lastModified": 1768106915,
"narHash": "sha256-M+bAeCCcjBnVk6w/4dIVvXvpJwOKnXjwi/lDbaN6Yws=", "narHash": "sha256-HlLo9zH4ULRXlmlIK948cHmdVhxyHgTHxGaoCRlW4k8=",
"owner": "Supreeeme", "owner": "Supreeeme",
"repo": "xwayland-satellite", "repo": "xwayland-satellite",
"rev": "10f985b84cdbcc3bbf35b3e7e43d1b2a84fa9ce2", "rev": "72245e108f3b03c3c4474d2de9de2d1830849603",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
hosts/deertopia/configuration.nix
View File

@@ -49,6 +49,7 @@
deertopia = { deertopia = {
authelia.enable = true; authelia.enable = true;
atticd.enable = true;
gitea.enable = true; gitea.enable = true;
quiver.enable = true; quiver.enable = true;
www.enable = true; www.enable = true;

6
modules/home/users/msyds/discord.nix → modules/home/users/crumb/discord.nix
View File

@@ -1,15 +1,15 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let cfg = config.sydnix.users.msyds.discord; let cfg = config.sydnix.users.crumb.discord;
in { in {
options.sydnix.users.msyds.discord = { options.sydnix.users.crumb.discord = {
enable = lib.mkEnableOption "Discord"; enable = lib.mkEnableOption "Discord";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sydnix.discord.enable = true; sydnix.discord.enable = true;
stylix.targets.nixcord.enable = false; stylix.targets.nixcord.enable = true;
programs.nixcord = { programs.nixcord = {
quickCss = '' quickCss = ''

40
modules/nixos/deertopia/atticd.nix Normal file
View File

@@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.atticd;
in {
options.sydnix.deertopia.atticd = {
enable = lib.mkEnableOption "Atticd";
port = lib.mkOption {
default = 8012;
type = lib.types.port;
};
};
# sudo atticd-atticadm make-token --sub msyds --validity '1 year' --pull 'msyds-*' --push 'msyds-*' --create-cache 'msyds-*' --configure-cache 'msyds-*'
config = lib.mkIf cfg.enable {
sydnix.sops.secrets.atticd-environment-file = {
# owner = config.services.atticd.user;
# group = config.services.atticd.group;
};
services.atticd = {
enable = true;
environmentFile =
config.sops.secrets.atticd-environment-file.path;
settings = {
api-endpoint = "https://attic.deertopia.net/";
listen = "[::]:${toString cfg.port}";
garbage-collection = {
default-retention-period = "3 months";
};
};
};
sydnix.deertopia.nginx.vhosts."attic".vhost = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
"http://127.0.0.1:${toString cfg.port}";
};
};
}

88
modules/nixos/gitea-actions-runner.nix
View File

@@ -3,51 +3,13 @@
let let
cfg = config.sydnix.gitea-actions-runner; cfg = config.sydnix.gitea-actions-runner;
container-name = "gitea-actions-runner";
gitea-actions-runner-uid = 991;
gitea-actions-runner-gid = 989;
token-file = config.sops.secrets.gitea-actions-runner-token.path; token-file = config.sops.secrets.gitea-actions-runner-token.path;
in { in {
options.sydnix.gitea-actions-runner = { options.sydnix.gitea-actions-runner = {
enable = lib.mkEnableOption "Gitea actions runner"; enable = lib.mkEnableOption "Gitea actions runner";
instance-name = lib.mkOption {
type = lib.types.str;
default = config.networking.hostName;
description = ''
The name of the runner instance name.
'';
};
user.name = lib.mkOption {
type = lib.types.str;
default = "gitea-actions-runner";
description = ''
The name of the user gitea-actions-runner should run under.
'';
};
user.uid = lib.mkOption {
type = lib.types.int;
default = 991;
description = ''
The UID of the user gitea-actions-runner should run under.
This must be known at evaluation time so that the same UID can
be used both on the host and in the container, allowing the
container to access the host's nix-daemon.
'';
};
group.name = lib.mkOption {
type = lib.types.str;
default = "gitea-actions-runner";
description = ''
The name of the group gitea-actions-runner should run under.
'';
};
group.gid = lib.mkOption {
type = lib.types.int;
default = 989;
description = ''
The GID of the group gitea-actions-runner should run under.
This must be known at evaluation time so that the same GID can
be used both on the host and in the container, allowing the
container to access the host's nix-daemon.
'';
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@@ -55,7 +17,7 @@ in {
sydnix.impermanence.directories = [ "/var/lib/gitea-actions-runner" ]; sydnix.impermanence.directories = [ "/var/lib/gitea-actions-runner" ];
containers."gitea-actions-runner" = { containers.${container-name} = {
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
@@ -73,9 +35,9 @@ in {
config = { config, lib, pkgs, ... }: { config = { config, lib, pkgs, ... }: {
system.stateVersion = "25.11"; system.stateVersion = "25.11";
services.gitea-actions-runner.instances.${cfg.instance-name} = { services.gitea-actions-runner.instances.sydpc = {
enable = true; enable = true;
name = cfg.instance-name; name = "sydpc";
url = "https://git.deertopia.net/"; url = "https://git.deertopia.net/";
tokenFile = token-file; tokenFile = token-file;
labels = [ "nixos:host" ]; labels = [ "nixos:host" ];
@@ -94,27 +56,23 @@ in {
# Disable dynamic user so runner state persists via bind mount # Disable dynamic user so runner state persists via bind mount
assertions = [{ assertions = [{
assertion = assertion = config.systemd.services.gitea-actions-runner-sydpc.enable;
config.systemd.services.gitea-actions-runner-sydpc.enable;
message = '' message = ''
Expected systemd service 'gitea-actions-runner-sydpc' is Expected systemd service 'gitea-actions-runner-sydpc' is not
not enabled the gitea-actions-runner NixOS module may enabled the gitea-actions-runner module may have changed
have changed its naming scheme. its naming scheme.
''; '';
}]; }];
systemd.services.gitea-actions-runner-sydpc.serviceConfig.DynamicUser systemd.services.gitea-actions-runner-sydpc.serviceConfig.DynamicUser
= lib.mkForce false; = lib.mkForce false;
users.users.gitea-actions-runner = {
users.users.${cfg.user.name} = { uid = gitea-actions-runner-uid;
uid = cfg.user.uid;
home = "/var/lib/gitea-actions-runner"; home = "/var/lib/gitea-actions-runner";
group = cfg.group.name; group = "gitea-actions-runner";
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
}; };
users.groups.gitea-actions-runner.gid = gitea-actions-runner-gid;
users.groups.gitea-actions-runner.gid = cfg.group.gid;
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
@@ -123,27 +81,23 @@ in {
nodejs nodejs
jq jq
attic-client attic-client
omnix
]; ];
}; };
}; };
# Needs to be outside of the container because container uses's # Needs to be outside of the container because container uses's
# the host's nix-daemon # the host's nix-daemon
nix.settings.trusted-users = [ nix.settings.trusted-users = [ "gitea-actions-runner" ];
cfg.user.name
];
# Matching user on host — the container's gitea-actions-runner UID # Matching user on host — the container's gitea-actions-runner UID must be
# must be recognized by the host's nix-daemon as trusted (shared # recognized by the host's nix-daemon as trusted (shared UID namespace)
# UID namespace) users.users.gitea-actions-runner = {
users.users.${cfg.user.name} = { uid = gitea-actions-runner-uid;
uid = cfg.user.uid;
home = "/var/lib/gitea-actions-runner"; home = "/var/lib/gitea-actions-runner";
group = cfg.group.name; group = "gitea-actions-runner";
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
}; };
users.groups.${cfg.group.name}.gid = cfg.group.gid; users.groups.gitea-actions-runner.gid = gitea-actions-runner-gid;
}; };
} }

12
modules/nixos/gitea-actions-runner/ubuntu.nix
View File

@@ -1,12 +0,0 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.gitea-actions-runner.ubuntu;
in {
options.sydnix.gitea-actions-runner.ubuntu = {
enable = lib.mkEnableOption "Gitea actions runner (Ubuntu; Docker)";
};
config = lib.mkIf cfg.enable {
};
}

11
modules/nixos/impermanence.nix
View File

@@ -70,6 +70,10 @@ in {
}; };
# O_O what the fuck did i write this for.... CONCERNING. # O_O what the fuck did i write this for.... CONCERNING.
#
# oh because of these types of errors:
# Directory "/var/lib/private" already exists, but has mode 0755
# that is too permissive (0700 was requested), refusing.
systemd.tmpfiles.settings."10-varlibprivate" = { systemd.tmpfiles.settings."10-varlibprivate" = {
"/var/lib/private" = { "/var/lib/private" = {
z.group = "root"; z.group = "root";
@@ -78,6 +82,13 @@ in {
}; };
}; };
# Workaround for https://github.com/nix-community/impermanence/issues/254.
systemd.services."systemd-tmpfiles-resetup" = {
serviceConfig = {
RemainAfterExit = lib.mkForce false;
};
};
# Permit members of `cfg.persistGroupName` to read, write, and execute # Permit members of `cfg.persistGroupName` to read, write, and execute
# /persist. # /persist.
systemd.tmpfiles.settings."10-persist" = { systemd.tmpfiles.settings."10-persist" = {

5
secrets.yaml
View File

File diff suppressed because one or more lines are too long

1
users/msyds/default.nix
View File

@@ -61,7 +61,6 @@
mumble.enable = true; mumble.enable = true;
}; };
users.msyds = { users.msyds = {
discord.enable = true;
hunspell.enable = true; hunspell.enable = true;
emacs.enable = true; emacs.enable = true;
impermanence.enable = true; impermanence.enable = true;