From ba05f561e7d5a73998c179f5a070dfb1c99ef40c Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 18 Aug 2025 12:42:55 +0200 Subject: [PATCH 1/2] update deps --- flake.lock | 132 ++++++++++++++++++++++++++--------------------------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/flake.lock b/flake.lock index 1935971..27521bd 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1753879613, - "narHash": "sha256-oYhCJSAIZiu3maM2q6JBzh0+MYd4KTaq5eNFIstUurE=", + "lastModified": 1755108317, + "narHash": "sha256-j7RGK7nyoHuJzQjVFBngpsVowIn4DAtprn66UyAFNRQ=", "owner": "emmanuelrosa", "repo": "erosanix", - "rev": "0ad38bd182cd737f0f4b878ea04cb3676ecd4000", + "rev": "5aa322a6e586a2b46af65ab6c9a3d6042a95ff2e", "type": "github" }, "original": { @@ -94,11 +94,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1753944209, - "narHash": "sha256-dcGdqxhRRGoA/S38BsWOrwIiLYEBOqXKauHdFwKR310=", + "lastModified": 1755153894, + "narHash": "sha256-DEKeIg3MQy5GMFiFRUzcx1hGGBN2ypUPTo0jrMAdmH4=", "owner": "nix-community", "repo": "fenix", - "rev": "5ef8607d6e8a08cfb3946aaacaa0494792adf4ae", + "rev": "f6874c6e512bc69d881d979a45379b988b80a338", "type": "github" }, "original": { @@ -114,11 +114,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1753960679, - "narHash": "sha256-q82/pjksNMev2AJqK1v38BcK29kB2f7yB2GTEsrlR2M=", + "lastModified": 1755083788, + "narHash": "sha256-CXiS6gfw0NH+luSpNhtRZjy4NqVFrmsYpoetu3N/fMk=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "c709bb72ee604949ff54df9519dc6cb0c6040007", + "rev": "523078b104590da5850a61dfe291650a6b49809c", "type": "github" }, "original": { @@ -230,11 +230,11 @@ ] }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -411,11 +411,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1753279958, - "narHash": "sha256-EJ1udnwKYgWeAJzncAccbLPtbSWiuIANryXTGI9nY6w=", + "lastModified": 1755072091, + "narHash": "sha256-FCkbELHIFXlVREaopW13QFMzwLPr/otjucmyNLQQXeg=", "owner": "vinceliuice", "repo": "grub2-themes", - "rev": "6c26f99622cb1c705b3fe2dbe1eb88521096b25a", + "rev": "03d8c9cf0d1bcf67765ac5fa35263f1b08c584fa", "type": "github" }, "original": { @@ -432,11 +432,11 @@ ] }, "locked": { - "lastModified": 1753902883, - "narHash": "sha256-F7IUdBe//PDtcztUdu3XYxzJuKbYip6TwIRWLdrftO0=", + "lastModified": 1754593854, + "narHash": "sha256-fiWzQKZP92+2nm9wGBa/UYuEdVJkshHqNpCFfklas8k=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "d01709bf0100183045927c03b90db78fb8e40bda", + "rev": "e0b9a3efdcf0c6c59ed3352ffb2b003ab6aa2fed", "type": "github" }, "original": { @@ -452,11 +452,11 @@ ] }, "locked": { - "lastModified": 1753943136, - "narHash": "sha256-eiEE5SabVcIlGSTRcRyBjmJMaYAV95SJnjy8YSsVeW4=", + "lastModified": 1755121891, + "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd82507edd860c453471c46957cbbe3c9fd01b5c", + "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", "type": "github" }, "original": { @@ -473,11 +473,11 @@ ] }, "locked": { - "lastModified": 1753938227, - "narHash": "sha256-KzjI9khMC2tOL5FClh3sHq8Gax1O5Rw0bH1hvJ3FU3E=", + "lastModified": 1755151620, + "narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "8d1f0004594e0eddc00159ad7666e669a6bcb711", + "rev": "16e12d22754d97064867006acae6e16da7a142a6", "type": "github" }, "original": { @@ -492,11 +492,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1753618592, - "narHash": "sha256-9sDACkrSbZOA1srKWQzvbkBFHZeXvHW8EYpWrVZPxDg=", + "lastModified": 1754828166, + "narHash": "sha256-i7c+fpXVsnvj2+63Gl3YfU1hVyxbLeqeFj55ZBZACWI=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "81b2f78680ca3864bfdc0d4cbc3444af3e1ff271", + "rev": "f01c8d121a3100230612be96e4ac668e15eafb77", "type": "github" }, "original": { @@ -549,11 +549,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1753928630, - "narHash": "sha256-ASqyvmJ2EEUCyDJGMHRQ1ZqWnCd4SiVd7hi7dGBuSvw=", + "lastModified": 1755137329, + "narHash": "sha256-9MxuOLH7jk58IVUUDWwLeqk9U4ATE6X37955Ld+4/zw=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "30af81148ee29a4a13c938c25d3e68877b1b27fb", + "rev": "d9330bc35048238597880e89fb173799de9db5e9", "type": "github" }, "original": { @@ -621,11 +621,11 @@ ] }, "locked": { - "lastModified": 1753704990, - "narHash": "sha256-5E14xuNWy2Un1nFR55k68hgbnD8U2x/rE5DXJtYKusw=", + "lastModified": 1755171343, + "narHash": "sha256-h6bbfhqWcHlx9tcyYa7dhaEiNpusLCcFYkJ/AnltLW8=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "58c814cc6d4a789191f9c12e18277107144b0c91", + "rev": "e37cfef071466a9ca649f6899aff05226ce17e9e", "type": "github" }, "original": { @@ -636,11 +636,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751186460, - "narHash": "sha256-tSnI50oYaXOi/SFUmJC+gZ2xE9pAhTnV0D2/3JoKL7g=", + "lastModified": 1754002724, + "narHash": "sha256-1NBby4k2UU9FR7a9ioXtCOpv8jYO0tZAGarMsxN8sz8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dd5540905b1a13176efa13fa2f8dac776bcb275a", + "rev": "8271ed4b2e366339dd622f329151e45745ade121", "type": "github" }, "original": { @@ -652,11 +652,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -683,11 +683,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1753948617, - "narHash": "sha256-68ounbeMLJTO/Igq0rEqjldNReb/r2gR9zgLU2qiH7A=", + "lastModified": 1755061300, + "narHash": "sha256-eov82CkCrpiECJa3dyQ2da1sPGnAP3HK0UEra5eupaM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4f1a1d0af135001efc1a58c8f31ede7bb1045874", + "rev": "d4df8d6cc1ccfd3e4349a1d54e4fb1171e7ec1f5", "type": "github" }, "original": { @@ -715,11 +715,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1753965693, - "narHash": "sha256-ks84bo0xIjUdRJGqLHQTyXR5OGb+8zUQg+XarbSEtrw=", + "lastModified": 1755178357, + "narHash": "sha256-rzgUmlO5/pt7uPAlY6E70clNjg9JmrgBxalEj2zKq08=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "113bb8d5ca48dc31c62835b5fafed82092d87a91", + "rev": "6eac4364f979ef460fb6ebd17ca65b8dae03cba4", "type": "github" }, "original": { @@ -747,11 +747,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "lastModified": 1755027561, + "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", "type": "github" }, "original": { @@ -763,11 +763,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1753432016, - "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=", + "lastModified": 1755049066, + "narHash": "sha256-ANrc15FSoOAdNbfKHxqEJjZLftIwIsenJGRb/04K41s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6027c30c8e9810896b92429f0092f624f7b1aace", + "rev": "e45f8f193029378d0aaee5431ba098dc80054e9a", "type": "github" }, "original": { @@ -843,11 +843,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1753878721, - "narHash": "sha256-Y+Kr6FTHggnZ31nhaiOhIboIi+dhnLmQ9p0xf0wwnDc=", + "lastModified": 1755115677, + "narHash": "sha256-98Ad2F5w1xW94KymQiBohNBYpFqMa0K28v9S1SzyTY8=", "owner": "notashelf", "repo": "nvf", - "rev": "e35a74c44a35b28fd09f136dd3c0dbe9f300258f", + "rev": "c5dc7192496a1fad38134e54f8b4fca8ac51a9fe", "type": "github" }, "original": { @@ -866,11 +866,11 @@ ] }, "locked": { - "lastModified": 1748196248, - "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=", + "lastModified": 1754501628, + "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "b7697abe89967839b273a863a3805345ea54ab56", + "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133", "type": "github" }, "original": { @@ -905,11 +905,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1753838657, - "narHash": "sha256-4FA7NTmrAqW5yt4A3hhzgDmAFD0LbGRMGKhb1LBSItI=", + "lastModified": 1755004716, + "narHash": "sha256-TbhPR5Fqw5LjAeI3/FOPhNNFQCF3cieKCJWWupeZmiA=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "8611b714597c89b092f3d4874f14acd3f72f44fd", + "rev": "b2a58b8c6eff3c3a2c8b5c70dbf69ead78284194", "type": "github" }, "original": { @@ -946,11 +946,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -978,11 +978,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1753919664, - "narHash": "sha256-U7Ts8VbVD4Z6n67gFx00dkpQJu27fMu173IUopX3pNI=", + "lastModified": 1755027820, + "narHash": "sha256-hBSU7BEhd05y/pC9tliYjkFp8AblkbNEkPei229+0Pg=", "owner": "nix-community", "repo": "stylix", - "rev": "30f5022236cf8dd257941cb0f910e198e7e464c7", + "rev": "c592717e9f713bbae5f718c784013d541346363d", "type": "github" }, "original": { From 3994f1fb98fc1cf44e8349e7e92938fcc2dbb367 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 18 Aug 2025 12:43:21 +0200 Subject: [PATCH 2/2] woot, got actions working! --- .forgejo/workflows/action.yml | 2 +- .../services/development/forgejo/default.nix | 57 ++++++++++++------- 2 files changed, 36 insertions(+), 23 deletions(-) diff --git a/.forgejo/workflows/action.yml b/.forgejo/workflows/action.yml index 1119f37..4aac00e 100644 --- a/.forgejo/workflows/action.yml +++ b/.forgejo/workflows/action.yml @@ -9,7 +9,7 @@ on: jobs: hello: name: Print hello world - runs-on: ubuntu-latest + runs-on: default steps: - name: Echo run: | diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo/default.nix index 5342b56..84b8ba6 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo/default.nix @@ -11,6 +11,8 @@ in }; config = mkIf cfg.enable { + ${namespace}.services.virtualisation.podman.enable = true; + environment.systemPackages = with pkgs; [ forgejo ]; services = { @@ -52,35 +54,46 @@ in UPDATE_AVATAR = true; }; - # actions = { - # ENABLED = true; - # DEFAULT_ACTIONS_URL = "forgejo"; - # }; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "https://git.kruining.eu"; + }; session = { COOKIE_SECURE = true; }; + + mailer = { + ENABLED = true; + SMTP_ADDR = "smpts://smtp.black-mail.nl"; + FROM = "noreply@kruining.eu"; + USER = "noreply@kruining.eu"; + }; }; + + mailerPasswordFile = "/var/lib/forgejo/custom/mail_password"; }; - # gitea-actions-runner = { - # package = pkgs.forgejo-actions-runner; - # instances.default = { - # enable = true; - # name = "monolith"; - # url = "https://git.kruining.eu"; - # # Obtaining the path to the runner token file may differ - # # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd - # tokenFile = config.age.secrets.forgejo-runner-token.path; - # labels = [ - # "ubuntu-latest:docker://node:16-bullseye" - # "ubuntu-22.04:docker://node:16-bullseye" - # "ubuntu-20.04:docker://node:16-bullseye" - # "ubuntu-18.04:docker://node:16-buster" - # "native:host" - # ]; - # }; - # }; + openssh.settings.AllowUsers = [ "forgejo" ]; + + gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = "monolith"; + url = "https://git.kruining.eu"; + # Obtaining the path to the runner token file may differ + # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd + # tokenFile = config.age.secrets.forgejo-runner-token.path; + token = "ZBetud1F0IQ9VjVFpZ9bu0FXgx9zcsy1x25yvjhw"; + labels = [ + "default:docker://node:22-bullseye" + ]; + settings = { + + }; + }; + }; caddy = { enable = true;