aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: aciceri:964783be96bf0cdd76a4be8fe76e5743e14700e3
Branches Tags
aciceri:master
aciceri:update-flake-lock
aciceri:aaa
aciceri:wip
aciceri:test
..
compare: aciceri:6f4d3f180b19f6c85178e6ce7c3e8f529fff788c
Branches Tags
aciceri:update-flake-lock
aciceri:master
aciceri:aaa
aciceri:wip
aciceri:test

6 commits
964783be96 ... 6f4d3f180b

Author SHA1 Message Date
Seven of Nine
6f4d3f180b flake.lock: Update
Some checks failed
/ test (push) Failing after 32s
Details 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/5fd852c4155a689098095406500d0ae3d04654a8' (2024-11-14)
  → 'github:nix-community/disko/a0c384e0a3b8bcaed30a6bcf3783f8a7c8b35be4' (2024-11-20)
• Updated input 'dream2nix':
    'github:nix-community/dream2nix/44d41411686bc798876bd6d9f36a4c1143138d85' (2024-11-12)
  → 'github:nix-community/dream2nix/91bec8a0854abfa581a40b5030cfa8f98d2f8ee5' (2024-11-20)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/4639038b0f5e66e7d0f3d103b8e44ded3ab7e337' (2024-11-14)
  → 'github:nix-community/emacs-overlay/46cbce8bc96c36a83a2cae9312026b3028bdcb87' (2024-11-21)
• Updated input 'emacs-overlay/nixpkgs':
    'github:NixOS/nixpkgs/dc460ec76cbff0e66e269457d7b728432263166c' (2024-11-11)
  → 'github:NixOS/nixpkgs/23e89b7da85c3640bbc2173fe04f4bd114342367' (2024-11-19)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/689fed12a013f56d4c4d3f612489634267d86529' (2024-11-12)
  → 'github:NixOS/nixpkgs/e8c38b73aeb218e27163376a2d617e61a2ad9b59' (2024-11-16)
• Updated input 'git-hooks-nix':
    'github:cachix/git-hooks.nix/cd1af27aa85026ac759d5d3fccf650abe7e1bbf0' (2024-11-11)
  → 'github:cachix/git-hooks.nix/3308484d1a443fc5bc92012435d79e80458fe43c' (2024-11-19)
• Updated input 'homeManager':
    'github:nix-community/home-manager/35b055009afd0107b69c286fca34d2ad98940d57' (2024-11-13)
  → 'github:nix-community/home-manager/a46e702093a5c46e192243edbd977d5749e7f294' (2024-11-19)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/cef39a78679c266300874e7a7000b4da066228d4' (2024-11-04)
  → 'github:nix-community/lanzaboote/2f48272f34174fd2a5ab3df4d8a46919247be879' (2024-11-18)
• Updated input 'lix-eval-jobs':
    'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=57ddb99e781d19704f8a84036f9890e6ca554c41' (2024-11-09)
  → 'git+https://git.lix.systems/lix-project/nix-eval-jobs?ref=refs/heads/main&rev=912a9d63319e71ca131e16eea3348145a255db2e' (2024-11-18)
• Updated input 'lix-eval-jobs/flake-parts':
    'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
  → 'github:hercules-ci/flake-parts/506278e768c2a08bec68eb62932193e341f55c90' (2024-11-01)
• Updated input 'lix-eval-jobs/treefmt-nix':
    'github:numtide/treefmt-nix/aac86347fb5063960eccb19493e0cadcdb4205ca' (2024-10-22)
  → 'github:numtide/treefmt-nix/746901bb8dba96d154b66492a29f5db0693dbfcc' (2024-10-30)
• Updated input 'lix-module':
    'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=691193879d96bdfd1e6ab5ebcca2fadc7604cf34' (2024-11-09)
  → 'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=aa2846680fa9a2032939d720487942567fd9eb63' (2024-11-18)
• Updated input 'lix-module/flake-utils':
    'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17)
  → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b' (2024-11-13)
• Updated input 'mobile-nixos':
    'github:NixOS/mobile-nixos/2268e358ed407d9c0a4499ae767d105eeaeec586' (2024-11-06)
  → 'github:NixOS/mobile-nixos/b7db416f5db80a749b45083876e908cda64506ad' (2024-11-19)
• Updated input 'nixDarwin':
    'github:LnL7/nix-darwin/6c71c49e2448e51ad830ed211024e6d0edc50116' (2024-11-12)
  → 'github:LnL7/nix-darwin/61cee20168a3ebb71a9efd70a55adebaadfbe4d4' (2024-11-19)
• Updated input 'nixosHardware':
    'github:NixOS/nixos-hardware/f6581f1c3b137086e42a08a906bdada63045f991' (2024-11-12)
  → 'github:NixOS/nixos-hardware/672ac2ac86f7dff2f6f3406405bddecf960e0db6' (2024-11-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/dc460ec76cbff0e66e269457d7b728432263166c' (2024-11-11)
  → 'github:NixOS/nixpkgs/23e89b7da85c3640bbc2173fe04f4bd114342367' (2024-11-19)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/746901bb8dba96d154b66492a29f5db0693dbfcc' (2024-10-30)
  → 'github:numtide/treefmt-nix/37f8f47cb618eddee0c0dd31a582b1cd3013c7f6' (2024-11-21)
 2024-11-21 14:01:29 +00:00
Andrea Ciceri
f4364c6398
Enable webdav in LAN for Kodi on the TV
Some checks failed
/ test (push) Successful in 27s
Details
mondo
test ciao
Details
BUILD x86_64-linux.pre-commit
Details
UPLOAD x86_64-linux.pre-commit
Details
DOWNLOAD x86_64-linux.pre-commit
Details
CACHIX x86_64-linux.pre-commit
Details
ATTIC x86_64-linux.pre-commit
Details
EVAL aarch64-linux.sisko
Details
2024-11-21 10:14:58 +01:00
Andrea Ciceri
0fc04a3b18
Clean home-assistant configuration 2024-11-21 10:11:40 +01:00
Andrea Ciceri
0610fc96e9
Use nix-fast-build from flake (it supports native attic pushing) 2024-11-21 10:10:38 +01:00
Andrea Ciceri
312d1801f0
Add attic-client to the Forgejo runner 2024-11-21 10:10:06 +01:00
Andrea Ciceri
24201d0db6
Install attic on sisko 2024-11-21 10:09:26 +01:00
12 changed files with 195 additions and 61 deletions
Show stats Expand all files Collapse all files

103
flake.lock generated
View file

@ -100,11 +100,11 @@
"pyproject-nix": "pyproject-nix" "pyproject-nix": "pyproject-nix"
}, },
"locked": { "locked": {
"lastModified": 1731915700, "lastModified": 1732113111,
"narHash": "sha256-IVhIHdQaY4LU+6wOmXM6IhjKN8k0nbTacedIfxmt0RI=", "narHash": "sha256-KgGKWOEbqP15O2J6kue4JShHDk5yGG5e1GfY22bjuZU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "dream2nix", "repo": "dream2nix",
"rev": "e118d69b142dea7690555fc4502f288030c1d4ed", "rev": "91bec8a0854abfa581a40b5030cfa8f98d2f8ee5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -119,11 +119,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1732093299, "lastModified": 1732179669,
"narHash": "sha256-LFw807llsc/qIMbSBHN4C3jtOeWHLtSgo2V2yhv1nC8=", "narHash": "sha256-zpaoCm2sakoi8hsabMjTq7kYTz0SJo7PhRUGk48QjXY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "79d8dd3148860718bc78b73c7e4972f850b19541", "rev": "46cbce8bc96c36a83a2cae9312026b3028bdcb87",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -223,6 +223,27 @@
} }
}, },
"flake-parts_3": { "flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nix-fast-build",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
@ -240,7 +261,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_4": { "flake-parts_5": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixThePlanet", "nixThePlanet",
@ -398,7 +419,7 @@
}, },
"hercules-ci-effects": { "hercules-ci-effects": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_5",
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
@ -622,6 +643,28 @@
"type": "github" "type": "github"
} }
}, },
"nix-fast-build": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1730278911,
"narHash": "sha256-CrbqsC+lEA3w6gLfpqfDMDEKoEta2sl4sbQK6Z/gXak=",
"owner": "Mic92",
"repo": "nix-fast-build",
"rev": "8e7c9d76979381441facb8888f21408312cf177a",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "nix-fast-build",
"type": "github"
}
},
"nix-formatter-pack": { "nix-formatter-pack": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -712,7 +755,7 @@
}, },
"nixThePlanet": { "nixThePlanet": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_4",
"hercules-ci-effects": "hercules-ci-effects", "hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -892,11 +935,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1731676054, "lastModified": 1732014248,
"narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -953,11 +996,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1731676054, "lastModified": 1732014248,
"narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1119,12 +1162,13 @@
"lix-eval-jobs": "lix-eval-jobs", "lix-eval-jobs": "lix-eval-jobs",
"lix-module": "lix-module", "lix-module": "lix-module",
"mobile-nixos": "mobile-nixos", "mobile-nixos": "mobile-nixos",
"nix-fast-build": "nix-fast-build",
"nix-on-droid": "nix-on-droid", "nix-on-droid": "nix-on-droid",
"nixDarwin": "nixDarwin", "nixDarwin": "nixDarwin",
"nixThePlanet": "nixThePlanet", "nixThePlanet": "nixThePlanet",
"nixosHardware": "nixosHardware", "nixosHardware": "nixosHardware",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_7",
"treefmt-nix": "treefmt-nix_2", "treefmt-nix": "treefmt-nix_3",
"vscode-server": "vscode-server" "vscode-server": "vscode-server"
} }
}, },
@ -1256,15 +1300,36 @@
"treefmt-nix_2": { "treefmt-nix_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nix-fast-build",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1732013921, "lastModified": 1723808491,
"narHash": "sha256-grEEN4LjL4DTDZUyZjVcj9dXRykH/SKnpOIADN0q5w8=", "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "5f5c2787576f3e39bbc2ebdbf8521b3177c5c19c", "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1732187120,
"narHash": "sha256-XdW2mYXvPHYtZ8oQqO3tRYtxx7kI0Hs3NU64IwAtD68=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "37f8f47cb618eddee0c0dd31a582b1cd3013c7f6",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View file

@ -62,6 +62,10 @@
}; };
catppuccin.url = "github:catppuccin/nix"; catppuccin.url = "github:catppuccin/nix";
emacs-overlay.url = "github:nix-community/emacs-overlay"; emacs-overlay.url = "github:nix-community/emacs-overlay";
nix-fast-build = {
url = "github:Mic92/nix-fast-build";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs =

2
hosts/default.nix
View file

@ -110,11 +110,13 @@
"cloudflare-dyndns-api-token" = { }; "cloudflare-dyndns-api-token" = { };
"restic-hetzner-password" = { }; "restic-hetzner-password" = { };
"hass-ssh-key".owner = "hass"; "hass-ssh-key".owner = "hass";
"sisko-attic-environment-file".owner = "atticd";
"autistici-password" = { "autistici-password" = {
# FIXME terrible, should create a third ad-hoc group # FIXME terrible, should create a third ad-hoc group
owner = "grafana"; owner = "grafana";
group = "forgejo"; group = "forgejo";
}; };
}; };
}; };
}; };

3
hosts/sisko/default.nix
View file

@ -18,7 +18,7 @@
"sisko-proxy" "sisko-proxy"
"invidious" "invidious"
"searx" "searx"
"sisko-nfs" "sisko-share"
"forgejo" "forgejo"
"prometheus" "prometheus"
"grafana" "grafana"
@ -30,6 +30,7 @@
"immich" "immich"
"paperless" "paperless"
"syncthing" "syncthing"
"atticd"
] ]
++ [ ++ [
./disko.nix ./disko.nix

52
modules/atticd/default.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, lib, ... }:
{
services.atticd = {
enable = true;
settings = {
listen = "0.0.0.0:8081";
allowed-hosts = [ ]; # Allow all hosts
# api-endpoint = "https://cache.staging.mlabs.city/";
soft-delete-caches = false;
require-proof-of-possession = true;
database.url = "sqlite://${config.services.atticd.settings.storage.path}/server.db?mode=rwc";
storage = {
type = "local";
path = "/mnt/hd/atticd";
};
compression = {
level = 8;
type = "zstd";
};
chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB
min-size = 16 * 1024; # 16 KiB
avg-size = 64 * 1024; # 64 KiB
max-size = 256 * 1024; # 256 KiB
};
};
environmentFile = config.age.secrets.sisko-attic-environment-file.path;
};
systemd.services.atticd = {
serviceConfig = {
DynamicUser = lib.mkForce false;
};
};
systemd.tmpfiles.rules = [
"d config.services.atticd.settings.storage.path 770 atticd atticd"
];
users = {
groups.atticd = { };
users.atticd = {
group = "atticd";
home = config.services.atticd.settings.storage.path;
isSystemUser = true;
};
};
}

1
modules/forgejo-runners/default.nix
View file

@ -23,6 +23,7 @@ let
nix-fast-build nix-fast-build
curl curl
tea tea
attic-client
] ]
}; do }; do
for bin in "$dir"/bin/*; do for bin in "$dir"/bin/*; do

21
modules/home-assistant/default.nix
View file

@ -70,15 +70,6 @@ in
"::1" "::1"
]; ];
}; };
# ffmpeg = {};
# camera = [
# {
# name = "EyeToy";
# platform = "ffmpeg";
# input = "/dev/video1";
# extra_arguments = "-vcodec h264";
# }
# ];
homeassistant = { homeassistant = {
unit_system = "metric"; unit_system = "metric";
time_zone = "Europe/Rome"; time_zone = "Europe/Rome";
@ -87,17 +78,6 @@ in
internal_url = "http://rock5b.fleet:8123"; internal_url = "http://rock5b.fleet:8123";
}; };
logger.default = "WARNING"; logger.default = "WARNING";
# backup = {};
# media_player = [{
# platform = "webostv";
# host = "10.1.1.213";
# name = "TV";
# timeout = "5";
# turn_on_action = {
# service = "wake_on_lan.send_magic_packet";
# data.mac = "20:28:bc:74:14:c2";
# };
# }];
wake_on_lan = { }; wake_on_lan = { };
switch = [ switch = [
{ {
@ -109,7 +89,6 @@ in
} }
]; ];
shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"''; shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"'';
# shell_command.turn_off_picard = ''whoami'';
prometheus = { prometheus = {
namespace = "hass"; namespace = "hass";
}; };

6
modules/nix/default.nix
View file

@ -2,17 +2,23 @@
config, config,
lib, lib,
fleetFlake, fleetFlake,
pkgs,
... ...
}: }:
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: _: { (final: _: {
nix-fast-build = fleetFlake.inputs.nix-fast-build.packages.${final.system}.nix-fast-build // {
nix = final.nix;
};
nix-eval-job = fleetFlake.inputs.lix-eval-jobs.packages.${final.system}.nix-eval-jobs // { nix-eval-job = fleetFlake.inputs.lix-eval-jobs.packages.${final.system}.nix-eval-jobs // {
nix = final.nix; nix = final.nix;
}; };
}) })
]; ];
environment.systemPackages = [ pkgs.nix-fast-build ];
nix = { nix = {
optimise.automatic = true; optimise.automatic = true;

20
modules/sisko-nfs/default.nix
View file

@ -1,20 +0,0 @@
{
systemd.tmpfiles.rules = [
"d /export 770 nobody nogroup"
];
fileSystems."/export/hd" = {
device = "/mnt/hd";
options = [ "bind" ];
};
services.nfs.server = {
enable = true;
exports = ''
/export 10.100.0.1/24(rw,fsid=0,no_subtree_check)
/export/hd 10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash)
'';
};
networking.firewall.allowedTCPPorts = [ 2049 ];
}

39
modules/sisko-share/default.nix Normal file
View file

@ -0,0 +1,39 @@
{
systemd.tmpfiles.rules = [
"d /export 770 nobody nogroup"
];
fileSystems."/export/hd" = {
device = "/mnt/hd";
options = [ "bind" ];
};
services.nfs.server = {
enable = true;
exports = ''
/export 10.100.0.1/24(rw,fsid=0,no_subtree_check)
/export/hd 10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash)
'';
};
services.webdav = {
enable = true;
settings = {
address = "10.1.1.2"; # accessible only in LAN, used by Kodi installed on the TV
port = 9999;
scope = "/mnt/hd/torrent";
modify = false;
auth = false; # TODO should we enable authentication? It's only reachable in LAN
debug = true;
users = [ ];
};
};
users.users.webdav.extraGroups = [ "transmission" ];
networking.firewall.allowedTCPPorts = [
2049
9999
];
}

5
secrets/secrets.nix
View file

@ -161,6 +161,11 @@ with keys.users;
ccr-gpg ccr-gpg
sisko sisko
]; ];
"sisko-attic-environment-file.age".publicKeys = [
ccr-ssh
ccr-gpg
sisko
];
# WireGuard # WireGuard
"picard-wireguard-private-key.age".publicKeys = [ "picard-wireguard-private-key.age".publicKeys = [

BIN
secrets/sisko-attic-environment-file.age Normal file
View file

Binary file not shown.