jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jahanson:b3fdd10c71694ca00d25dc7404eeceb90136076f
Branches Tags
jahanson:main
jahanson:talos-pxe-bootstrap
jahanson:update_flake_lock_action
jahanson:renovate/lock-file-maintenance
..
compare: jahanson:ab6c439e7227a385e8671c5c4e515d7a3f58c561
Branches Tags
jahanson:main
jahanson:talos-pxe-bootstrap
jahanson:update_flake_lock_action
jahanson:renovate/lock-file-maintenance

1 commit
b3fdd10c71 ... ab6c439e72

Author SHA1 Message Date
Renovate Bot
ab6c439e72 Update docker.io/1password/connect-sync Docker tag to v1.7.3
Some checks failed
Build / nix-build (native-aarch64, varda) (pull_request) Successful in 1m29s
Details
Build / nix-build (native-x86_64, telchar) (pull_request) Failing after 1m2s
Details
2024-07-27 19:32:09 +00:00
20 changed files with 45 additions and 108 deletions
Show stats Expand all files Collapse all files

7
.forgejo/workflows/build.yaml
View file

@ -23,6 +23,13 @@ jobs:
uses: https://github.com/actions/checkout@v4 uses: https://github.com/actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Write ssh key
id: sshkey
uses: https://github.com/timheuer/base64-to-file@v1
with:
encodedString: "${{ secrets.SSH_USER }}"
fileName: id_ed25519
fileDir: ~/.ssh
- uses: https://github.com/cachix/cachix-action@v15 - uses: https://github.com/cachix/cachix-action@v15
if: ${{ !github.event.pull_request.head.repo.fork }} if: ${{ !github.event.pull_request.head.repo.fork }}
with: with:

1
.gitignore vendored
View file

@ -4,4 +4,3 @@ age.key
result* result*
.direnv .direnv
.kube .kube
.github

1
nixos/home/jahanson/global.nix
View file

@ -33,6 +33,7 @@ with config;
p7zip p7zip
# cli # cli
_1password
bat bat
dbus dbus
direnv direnv

8
nixos/home/jahanson/workstation.nix
View file

@ -5,9 +5,9 @@ with config;
./global.nix ./global.nix
]; ];
myHome = { myHome.programs.firefox.enable = true;
programs.firefox.enable = true;
shell = { myHome.shell = {
starship.enable = true; starship.enable = true;
fish.enable = true; fish.enable = true;
wezterm.enable = true; wezterm.enable = true;
@ -20,13 +20,13 @@ with config;
signingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDSAmssproxG+KsVn2DfuteBAemHrmmAFzCtldpKl4J"; signingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDSAmssproxG+KsVn2DfuteBAemHrmmAFzCtldpKl4J";
}; };
}; };
};
home = { home = {
# Install these packages for my user # Install these packages for my user
packages = with pkgs; packages = with pkgs;
[ [
#apps #apps
_1password-gui
discord discord
flameshot flameshot
jetbrains.datagrip jetbrains.datagrip

2
nixos/hosts/gandalf/default.nix
View file

@ -84,8 +84,6 @@ in
samba.extraConfig = import ./config/samba-config.nix { }; samba.extraConfig = import ./config/samba-config.nix { };
resticBackup.local.enable = false; resticBackup.local.enable = false;
resticBackup.remote.enable = false; resticBackup.remote.enable = false;
resticBackup.local.noWarning = true;
resticBackup.remote.noWarning = true;
# Borg # Borg
borgbackup = { borgbackup = {
enable = true; enable = true;

1
nixos/hosts/telchar/default.nix
View file

@ -46,6 +46,5 @@
mySystem = { mySystem = {
purpose = "Development"; purpose = "Development";
system.motd.networkInterfaces = [ "wlp1s0" ]; system.motd.networkInterfaces = [ "wlp1s0" ];
security._1password.enable = true;
}; };
} }

2
nixos/hosts/telperion/default.nix
View file

@ -68,8 +68,6 @@
system.motd.networkInterfaces = [ "enp2s0" "wlp3s0" ]; system.motd.networkInterfaces = [ "enp2s0" "wlp3s0" ];
system.resticBackup.local.enable = false; system.resticBackup.local.enable = false;
system.resticBackup.remote.enable = false; system.resticBackup.remote.enable = false;
system.resticBackup.local.noWarning = true;
system.resticBackup.remote.noWarning = true;
services = { services = {
podman.enable = true; podman.enable = true;

2
nixos/modules/nixos/editor/default.nix
View file

@ -56,7 +56,7 @@ in
# Enable vscode & addons # Enable vscode & addons
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(vscode-with-extensions.override { (vscode-with-extensions.override {
inherit (unstable) vscode; vscode = unstable.vscode;
# Merge all the extension packages together. # Merge all the extension packages together.
vscodeExtensions = vscodeExtensions =
vscodeCommunityExtensionsPackages ++ nixpkgsExtensionsPackages ++ marketplaceExtensionsPackages; vscodeCommunityExtensionsPackages ++ nixpkgsExtensionsPackages ++ marketplaceExtensionsPackages;

10
nixos/modules/nixos/security/1password/config/1password-startup.desktop
View file

@ -1,10 +0,0 @@
[Desktop Entry]
Name=1Password
Exec=1password %U --silent
Terminal=false
Type=Application
Icon=1password
StartupWMClass=1Password
Comment=Password manager and secure wallet
MimeType=x-scheme-handler/onepassword;
Categories=Office;

35
nixos/modules/nixos/security/1password/default.nix
View file

@ -1,35 +0,0 @@
{ config, lib, ... }:
with lib; let
cfg = config.mySystem.security._1password;
user = "jahanson";
in
{
options.mySystem.security._1password = {
enable = mkEnableOption "_1password";
};
config = mkIf cfg.enable {
programs = {
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "${user}" ];
};
};
home-manager.users.${user} = {
home.file = {
".config/autostart/1password-startup.desktop".source = ./config/1password-startup.desktop;
};
};
environment.etc = {
"1password/custom_allowed_browsers" = {
text = ''
vivaldi-bin
'';
mode = "0755";
};
};
};
}

1
nixos/modules/nixos/security/default.nix
View file

@ -1,7 +1,6 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
./1password
./acme ./acme
]; ];
} }

2
nixos/modules/nixos/services/bind/default.nix
View file

@ -26,7 +26,7 @@ in
services.bind = { services.bind = {
enable = true; enable = true;
inherit (cfg) package; inherit (cfg) package;
inherit (cfg) extraConfig; extraConfig = cfg.extraConfig;
}; };
# Clean up journal files # Clean up journal files

2
nixos/modules/nixos/services/haproxy/default.nix
View file

@ -32,7 +32,7 @@ in
services.haproxy = { services.haproxy = {
enable = true; enable = true;
inherit (cfg) package; inherit (cfg) package;
inherit (cfg) config; config = cfg.config;
}; };
}; };
} }

16
nixos/modules/nixos/services/restic/default.nix
View file

@ -7,12 +7,6 @@ in
options.mySystem.system.resticBackup = { options.mySystem.system.resticBackup = {
local = { local = {
enable = mkEnableOption "Local backups" // { default = true; }; enable = mkEnableOption "Local backups" // { default = true; };
noWarning = mkOption
{
type = types.bool;
description = "Disable warning for local backups";
default = false;
};
location = mkOption location = mkOption
{ {
type = types.str; type = types.str;
@ -22,12 +16,6 @@ in
}; };
remote = { remote = {
enable = mkEnableOption "Remote backups" // { default = true; }; enable = mkEnableOption "Remote backups" // { default = true; };
noWarning = mkOption
{
type = types.bool;
description = "Disable warning for remote backups";
default = false;
};
location = mkOption location = mkOption
{ {
type = types.str; type = types.str;
@ -46,8 +34,8 @@ in
# Warn if backups are disable and machine isnt a dev box # Warn if backups are disable and machine isnt a dev box
warnings = [ warnings = [
(mkIf (!cfg.local.noWarning && !cfg.local.enable && config.mySystem.purpose != "Development") "WARNING: Local backups are disabled for ${config.system.name}!") (mkIf (!cfg.local.enable && config.mySystem.purpose != "Development") "WARNING: Local backups are disabled for ${config.system.name}!")
(mkIf (!cfg.remote.noWarning && !cfg.remote.enable && config.mySystem.purpose != "Development") "WARNING: Remote backups are disabled for ${config.system.name}!") (mkIf (!cfg.remote.enable && config.mySystem.purpose != "Development") "WARNING: Remote backups are disabled for ${config.system.name}!")
]; ];
sops.secrets = mkIf (cfg.local.enable || cfg.remote.enable) { sops.secrets = mkIf (cfg.local.enable || cfg.remote.enable) {

6
nixos/modules/nixos/system/borg/default.nix
View file

@ -27,9 +27,9 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.borgbackup.jobs."borgbackup" = { services.borgbackup.jobs."borgbackup" = {
inherit (cfg) paths; paths = cfg.paths;
inherit (cfg) exclude; exclude = cfg.exclude;
inherit (cfg) repo; repo = cfg.repo;
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
passCommand = "cat ${cfg.repoKeyPath}"; passCommand = "cat ${cfg.repoKeyPath}";

4
nixos/overlays/go/default.nix
View file

@ -2,7 +2,7 @@
let let
finalVersion = "1.22.5"; finalVersion = "1.22.5";
in in
final: prev: { (final: prev: {
go_1_22 = prev.go_1_22.overrideAttrs (oldAttrs: { go_1_22 = prev.go_1_22.overrideAttrs (oldAttrs: {
version = finalVersion; version = finalVersion;
src = prev.fetchurl { src = prev.fetchurl {
@ -10,4 +10,4 @@ final: prev: {
hash = "sha256-rJxyPyJJaa7mJLw0/TTJ4T8qIS11xxyAfeZEu0bhEvY="; hash = "sha256-rJxyPyJJaa7mJLw0/TTJ4T8qIS11xxyAfeZEu0bhEvY=";
}; };
}); });
} })

4
nixos/overlays/talosctl/default.nix
View file

@ -2,7 +2,7 @@
let let
finalVersion = "1.7.5"; finalVersion = "1.7.5";
in in
final: prev: { (final: prev: {
talosctl = prev.talosctl.overrideAttrs (oldAttrs: { talosctl = prev.talosctl.overrideAttrs (oldAttrs: {
version = finalVersion; version = finalVersion;
src = prev.fetchFromGitHub { src = prev.fetchFromGitHub {
@ -16,4 +16,4 @@ final: prev: {
updateScript = ./update.sh; updateScript = ./update.sh;
}; };
}); });
} })

8
nixos/overlays/warp-terminal/default.nix
View file

@ -2,12 +2,12 @@
let let
versions = lib.importJSON ./versions.json; versions = lib.importJSON ./versions.json;
in in
final: prev: { (final: prev: {
warp-terminal = prev.warp-terminal.overrideAttrs (oldAttrs: { warp-terminal = prev.warp-terminal.overrideAttrs (oldAttrs: {
inherit (versions.linux) version; version = versions.linux.version;
src = prev.fetchurl { src = prev.fetchurl {
url = "https://releases.warp.dev/stable/v${versions.linux.version}/warp-terminal-v${versions.linux.version}-1-x86_64.pkg.tar.zst"; url = "https://releases.warp.dev/stable/v${versions.linux.version}/warp-terminal-v${versions.linux.version}-1-x86_64.pkg.tar.zst";
inherit (versions.linux) hash; hash = versions.linux.hash;
}; };
}); });
} })

15
shell.nix
View file

@ -17,16 +17,15 @@ pkgs.mkShell {
NIX_CONFIG = "experimental-features = nix-command flakes"; NIX_CONFIG = "experimental-features = nix-command flakes";
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
cachix
git
gitleaks
go-task
home-manager
nil
nix nix
home-manager
git
nil
nixpkgs-fmt nixpkgs-fmt
pre-commit go-task
sops sops
statix pre-commit
gitleaks
cachix
]; ];
} }

6
statix.toml
View file

@ -1,6 +0,0 @@
disabled = [
"empty_pattern"
]
nix_version = '2.4'
ignore = ['.direnv']