diff --git a/flake.lock b/flake.lock index 5b2e0a2..f351826 100644 --- a/flake.lock +++ b/flake.lock @@ -394,11 +394,11 @@ "umu": "umu" }, "locked": { - "lastModified": 1729301900, - "narHash": "sha256-NZ0GGy0OMCVzEsdaqLnefGtXsUnjgoCI2pleIvAUvfI=", + "lastModified": 1729388819, + "narHash": "sha256-Csa4LUgQWdUBQKj1bv8kKu3qFCOmnDWHAawWateCmls=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "5646c9455e9edf9ef59998fc79b82c5d5818ce77", + "rev": "177e270423839dedb9721b43c757a5f849b1e9f8", "type": "github" }, "original": { @@ -414,11 +414,11 @@ ] }, "locked": { - "lastModified": 1728790083, - "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=", + "lastModified": 1729394935, + "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22", + "rev": "04f8a11f247ba00263b060fbcdc95484fd046104", "type": "github" }, "original": { @@ -436,11 +436,11 @@ ] }, "locked": { - "lastModified": 1729300178, - "narHash": "sha256-mkAPu2o5u7F/glAAfBzDji726iL1u2pm2fyN1SPWRQk=", + "lastModified": 1729494942, + "narHash": "sha256-c/WV0R0WWuK2UAjTCGntaa+y1UVPsTUJZXqwwKxcmYs=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "42c23a6d5a2a1cbfd3fd137a7ff3d47c6d718033", + "rev": "f26ca94fdcfc1a3adfee70e4ed5e2d8b1bab4317", "type": "github" }, "original": { @@ -452,11 +452,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729070438, - "narHash": "sha256-KOTTUfPkugH52avUvXGxvWy8ibKKj4genodIYUED+Kc=", + "lastModified": 1729256560, + "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5785b6bb5eaae44e627d541023034e1601455827", + "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", "type": "github" }, "original": { @@ -757,11 +757,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1713958148, - "narHash": "sha256-8PDNi/dgoI2kyM7uSiU4eoLBqUKoA+3TXuz+VWmuCOc=", + "lastModified": 1729422940, + "narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=", "owner": "nix-community", "repo": "nixos-vscode-server", - "rev": "fc900c16efc6a5ed972fb6be87df018bcf3035bc", + "rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f", "type": "github" }, "original": { diff --git a/modules/home/nixos/apps/instant-messengers/default.nix b/modules/home/nixos/apps/instant-messengers/default.nix index 24af5a7..8de867f 100644 --- a/modules/home/nixos/apps/instant-messengers/default.nix +++ b/modules/home/nixos/apps/instant-messengers/default.nix @@ -11,5 +11,10 @@ let cfg = config.${namespace}.apps.instant-messengers; in { - config = lib.mkIf (cfg.enable && isLinux) { home.packages = with pkgs; [ signal-desktop ]; }; + config = lib.mkIf (cfg.enable && isLinux) { + home.packages = with pkgs; [ + signal-desktop + element-desktop + ]; + }; } diff --git a/modules/nixos/services/docker/default.nix b/modules/nixos/services/docker/default.nix index 65d1dfd..c451192 100644 --- a/modules/nixos/services/docker/default.nix +++ b/modules/nixos/services/docker/default.nix @@ -22,7 +22,7 @@ in # the program that i have to use to do any work virtualisation.docker = { enable = true; - storageDriver = "btrfs"; + storageDriver = if config.boot.isContainer then null else "btrfs"; } // cfg.extraOptions; users.users.${config.${namespace}.user.name} = { diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix new file mode 100644 index 0000000..0dd64a2 --- /dev/null +++ b/modules/nixos/services/forgejo/default.nix @@ -0,0 +1,82 @@ +{ + pkgs, + config, + lib, + namespace, + ... +}: +let + inherit (lib) mkOption types mkBefore; + + cfg = config.${namespace}.services.forgejo; +in +{ + options.${namespace}.services.forgejo = with types; { + enable = lib.mkEnableOption "forgejo"; + dbBackend = mkOption { + type = enum [ + "sqlite" + "mysql" + "postgresql" + ]; + default = "sqlite"; + description = "To run forgejo after database service."; + }; + useWizard = lib.mkEnableOption "forgejo use host config"; + configFile = { + settingsPath = mkOption { + type = path; + default = "/etc/forgejo/conf/app.ini"; + description = '' + If useWizard is enabled, the config files + will be copied to ${config.services.forgejo.customDir}. + config manual ref: + ''; + }; + }; + settings = mkOption { + type = attrs; + default = { }; + }; + extraOptions = mkOption { + type = attrs; + default = { }; + }; + }; + + config = lib.mkIf cfg.enable { + services.forgejo = { + inherit (cfg) enable useWizard settings; + database.type = + if cfg.dbBackend == "sqlite" then + "sqlite3" + else + (if cfg.dbBackend == "postgresql" then "postgres" else cfg.dbBackend); + } // cfg.extraOptions; + + systemd.services.forgejo = lib.mkIf cfg.useWizard ( + let + configFile = "${cfg.configFile.settingsPath}"; + runConfig = "${config.services.forgejo.customDir}/conf/app.ini"; + pathConfig = "${config.services.forgejo.customDir}/conf/rootPath"; + staticRootPath = config.services.forgejo.settings.server.STATIC_ROOT_PATH; + replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret"; + in + { + preStart = mkBefore '' + function forgejo_custom_config { + if [ -s '${configFile}' ]; then + cp -f '${configFile}' '${runConfig}' + chmod u+w '${runConfig}' + echo '${staticRootPath}' > '${pathConfig}' + ${replaceSecretBin} '#staticRootPath#' '${pathConfig}' '${runConfig}' + rm -f '${pathConfig}' + chmod u-w '${runConfig}' + fi + } + (umask 027; forgejo_custom_config) + ''; + } + ); + }; +} diff --git a/modules/nixos/services/forgejo/secrets/default.nix b/modules/nixos/services/forgejo/secrets/default.nix new file mode 100644 index 0000000..55b7135 --- /dev/null +++ b/modules/nixos/services/forgejo/secrets/default.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + namespace, + host, + ... +}: +let + inherit (lib) optional; + inherit (lib.${namespace}.secrets) mkAppSecretsOption; + inherit (config.${namespace}.secrets) files; + + cfgParent = config.${namespace}.services.forgejo; + cfg = cfgParent.secrets; +in +{ + options.${namespace}.services.forgejo.secrets = mkAppSecretsOption { + enable = cfgParent.enable && config.${namespace}.secrets.enable; + appName = "forgejo"; + dirPath = "forgejo/conf"; + fixedConfig = optional cfgParent.useWizard { + name = "settingsPath"; + fileName = "app.ini"; + }; + scope = "hosts-global"; + currentInfo = { + inherit host; + user = config.${namespace}.user.name; + }; + buildTargetPath = name: files.${name}.path; + owner = "forgejo"; + # Read-only + mode = "0400"; + }; + + config = lib.mkIf cfg.enable { + # secrets + ${namespace}.secrets = cfg.secretMappingFiles; + # etc configuration default path: `/etc/forgejo/conf` + environment.etc = lib.mkIf cfg.etc.enable cfg.etc.files; + }; +} diff --git a/modules/nixos/services/gitea-actions-runner/default.nix b/modules/nixos/services/gitea-actions-runner/default.nix new file mode 100644 index 0000000..56c903a --- /dev/null +++ b/modules/nixos/services/gitea-actions-runner/default.nix @@ -0,0 +1,119 @@ +{ + pkgs, + config, + lib, + namespace, + ... +}: +let + inherit (lib) + mkOption + mkEnableOption + mkPackageOption + types + optionals + concatMapAttrs + ; + + cfgHostname = config.networking.hostName; + cfgDocker = config.${namespace}.services.docker; + + cfg = config.${namespace}.services.gitea-actions-runner; +in +{ + options.${namespace}.services.gitea-actions-runner = with types; { + enable = mkEnableOption "gitea actions runner"; + package = mkPackageOption pkgs "gitea-actions-runner" { }; + url = mkOption { + type = str; + example = "https://forge.example.com"; + description = '' + Base URL of your Gitea/Forgejo instance. + instances default url. + ''; + }; + instances = mkOption { + type = attrsOf ( + submodule ( + { name, config, ... }: + { + options = { + enable = mkEnableOption "Gitea Actions Runner instance" // { + default = true; + }; + name = mkOption { + type = str; + default = name; + }; + url = mkOption { + type = str; + default = cfg.url; + }; + tokenFile = mkOption { + type = nullOr (either str path); + default = "/etc/gitea-runner/env/${config.name}.env"; + description = '' + Path to an environment file, containing the `TOKEN` environment + variable, that holds a token to register at the configured + Gitea/Forgejo instance. + ''; + }; + labels = mkOption { + type = listOf str; + default = optionals cfgDocker.enable [ + "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" + "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04" + "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04" + ]; + description = '' + Labels used to map jobs to their runtime environment. Changing these + labels currently requires a new registration token. + + Many common actions require bash, git and nodejs, as well as a filesystem + that follows the filesystem hierarchy standard. + ''; + }; + settings = mkOption { + type = attrs; + default = { }; + description = '' + Configuration for `act_runner daemon`. + See https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml for an example configuration + ''; + }; + extraOptions = mkOption { + type = attrs; + default = { }; + }; + }; + } + ) + ); + default = { + ${cfgHostname} = { }; + }; + }; + extraOptions = mkOption { + type = attrs; + default = { }; + }; + }; + + config = lib.mkIf cfg.enable { + services.gitea-actions-runner = { + inherit (cfg) package; + instances = concatMapAttrs (name: value: { + ${name} = { + inherit (value) + enable + name + url + tokenFile + labels + settings + ; + } // value.extraOptions; + }) cfg.instances; + } // cfg.extraOptions; + }; +} diff --git a/modules/nixos/services/gitea-actions-runner/secrets/default.nix b/modules/nixos/services/gitea-actions-runner/secrets/default.nix new file mode 100644 index 0000000..780d203 --- /dev/null +++ b/modules/nixos/services/gitea-actions-runner/secrets/default.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + namespace, + host, + ... +}: +let + inherit (lib) mapAttrsToList; + inherit (lib.${namespace}.secrets) mkAppSecretsOption; + inherit (config.${namespace}.secrets) files; + + cfgParent = config.${namespace}.services.gitea-actions-runner; + cfg = cfgParent.secrets; +in +{ + options.${namespace}.services.gitea-actions-runner.secrets = mkAppSecretsOption { + enable = cfgParent.enable && config.${namespace}.secrets.enable; + appName = "gitea actions runner"; + dirPath = "gitea-runner/env"; + scope = "hosts-global"; + configNames = mapAttrsToList (_: value: "${value.name}.env") cfgParent.instances; + currentInfo = { + inherit host; + user = config.${namespace}.user.name; + }; + buildTargetPath = name: files.${name}.path; + owner = "gitea-runner"; + # Read-only + mode = "0400"; + }; + + config = lib.mkIf cfg.enable { + # secrets + ${namespace}.secrets = cfg.secretMappingFiles; + # etc configuration default path: `/etc/gitea-runner/env` + environment.etc = lib.mkIf cfg.etc.enable cfg.etc.files; + }; +} diff --git a/modules/nixos/services/gitea/secrets/default.nix b/modules/nixos/services/gitea/secrets/default.nix index a218c72..ef084eb 100644 --- a/modules/nixos/services/gitea/secrets/default.nix +++ b/modules/nixos/services/gitea/secrets/default.nix @@ -6,6 +6,7 @@ ... }: let + inherit (lib) optional; inherit (lib.${namespace}.secrets) mkAppSecretsOption; inherit (config.${namespace}.secrets) files; @@ -17,12 +18,10 @@ in enable = cfgParent.enable && config.${namespace}.secrets.enable; appName = "gitea"; dirPath = "gitea/conf"; - fixedConfig = [ - { - name = "settingsPath"; - fileName = "app.ini"; - } - ]; + fixedConfig = optional cfgParent.useWizard { + name = "settingsPath"; + fileName = "app.ini"; + }; scope = "hosts-global"; currentInfo = { inherit host; diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index 8507476..c467a79 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -1,6 +1,5 @@ { config, - pkgs, lib, namespace, ... @@ -67,7 +66,7 @@ in # postgresql services.postgresql = { enable = true; - package = pkgs.postgresql_16; + # https://www.postgresql.org/docs/current/pgupgrade.html settings = mkForce ( { hba_file = cfg.configFile.authenticationPath;