tuxcord/tuxcord.nix
8
2
Fork 1
Code Issues 13 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Compare commits

merge into: tuxcord/tuxcord.nix:styling/forgejo
Branches Tags
tuxcord/tuxcord.nix:main tuxcord/tuxcord.nix:staging tuxcord/tuxcord.nix:styling/forgejo tuxcord/tuxcord.nix:auth/authelia tuxcord/tuxcord.nix:auth/authentik
..
pull from: tuxcord/tuxcord.nix:auth/authentik
Branches Tags
tuxcord/tuxcord.nix:staging tuxcord/tuxcord.nix:styling/forgejo tuxcord/tuxcord.nix:auth/authelia tuxcord/tuxcord.nix:auth/authentik tuxcord/tuxcord.nix:main

1 Commits
styling/forgejo .. auth/authentik

Author SHA1 Message Date
javalsai 833a21b1c1 draft: partially getting authentik to work
Check / Nix flake (push) Failing after 8s
Details
Lint / Nix expressions (push) Failing after 9s
Details 
needs manual systemctl start once booted for now

its started at auth.tuxcord.test
 2026-05-05 00:02:48 +02:00
20 changed files with 403 additions and 594 deletions
Expand all files Collapse all files
.envrc
-1
View File
@@ -1 +0,0 @@
use flake
.gitignore
+1 -2
View File
@@ -1,4 +1,3 @@
# Nix
/*.qcow2
/.direnv
/result
/*.qcow2
agenix/authentik.age
+20
View File
@@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-ed25519 Wl2fDA 7PqbYWjorqzuPIDZgOZGIMzZa/P89aGzvORfMAeePRU
J+gesdnj8VwqJSfD1ohDTSp7nBXdM4nEEB5/7aA1PMc
-> ssh-ed25519 zNC8SA z47u0fUlGVYiQr4/S0lLh6WEj7gyedjWsq4fUk5Z1CY
6qR4zdA1gQqpAcm5Q5AZJgn3ZnafXL4OeHfU4WJae40
-> ssh-ed25519 EiAAKw 8mPi6HaHW+oFZHZ0Y2fJ2XISgarW3i/yLKD2QJleFGs
Mch7D28T9eiJm8hmSuI7Wm/rjjT+EzzER9vQ7T6rA3k
-> ssh-rsa eFi+Zw
d3mwAM+p4yz/UK5g4+0WyeOPyEVHQEyzGSB+pPDf6IIXxGbh613h1WD5j3AQQXdH
178Es9PhkiZcy0Y0IsQt4dyqDzuqMMwzLLvLKgsfliFsPBcdo93V5r9rWtFi3+9S
jAfhsFzVUj3KhuBY+xsgBtHpLe5CVV52NnEzXkoJw1wbdunNi62QZvyyC+0NixFV
HW1lxan6g6XXPrXWWrLbZWvpuqvPV6DoLsofzkMm0nd1DhkeHRU1WU8ucnPaETrJ
E5G3YrlfhftwRzp/QzeoSFREmdAJca7ycIJaJuG8QIszTZLOOQBUAxg7sonATGUc
Zutg1lJEfaQSe8oG1iMrJlshGspuSmBc1Ki4iQJjhQnYzvkV+Th9trG3QGq5ur9O
RYCxqjMMzbp6kR2GdJorSM7P5fpzt0sSv2mxd+nQpMoyvOVfbBjmEbiuWrKSlIl0
tXYrI6723mRNsbtmodUdDttaDFnr2r0MWbpHPn/K6y422GEoAiKE96Z7Pcxo2+Ml
--- ILGiZiEBKY+7nych4vWMVWgiFNhF3eP7mtCvJ/JImxM
jFÍ%aë;¸õlËÔ éYÊ×ö…›´töÐ:Â÷ì ®û¦#í õÞ(¹ðÂV°;ê[Ç`üØë:tžS#ˆ
@²ãÒk7²àFž¿ÓEn®†!ÉlÈ¥ÛšŽÃ7°!•Òï‡êY3:+mzÕÒÈö
agenix/secrets.nix
+1
View File
@@ -10,6 +10,7 @@ let
in
{
"ntfy.age".publicKeys = [ tuxcord-ca ] ++ adminSSHKeys;
"authentik.age".publicKeys = [ tuxcord-ca ] ++ adminSSHKeys;
# tsig-keygen etc.sub.domain.tld.
"dns/tuxcord.net/tuxcord.net.key.age".publicKeys = [ tuxcord-ca ] ++ adminSSHKeys;
assets/branding/logo-head.svg
-112
View File
File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 13 KiB

assets/branding/logo.svg
-109
View File
File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 22 KiB

assets/forgejo/templates/home.tmpl
-12
View File
@@ -1,12 +0,0 @@
{{template "base/head" .}}
<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}"
class="page-content home tw-mb-8 tw-px-8 center" style="height: 100%; flex-direction: column; display: flex; align-items: center; justify-content: space-around;">
<img width="500" height="500" src="{{AssetUrlPrefix}}/images/full-logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
<div class="hero">
<h1 class="ui icon header title">
{{AppName}}
</h1>
<!-- <h2>My own gitea server 😎</h2> -->
</div>
</div>
{{template "base/footer" .}}
assets/forgejo/theme.css
-51
View File
@@ -1,51 +0,0 @@
@import "/assets/css/theme-forgejo-dark.css";
/* :root { */
/* --is-dark-theme: true; */
/* --accent-color: 221, 85, 85; */
/* /1* #d55 *1/ */
/* --gitea-color-primary-dark-4: 221, 85, 85; */
/* --accent-color-secondary: 96, 72, 10; */
/* --accent-color-hover: 170, 68, 68; */
/* --color-primary: rgb(var(--accent-color)); */
/* --color-secondary: rgb(var(--accent-color-secondary)); */
/* --button-color: rgb(var(--accent-color)); */
/* --button-color-hover: rgb(var(--accent-color-hover)); */
/* } */
:root {
--is-dark-theme: true;
--color-primary: #d162a4;
--color-primary-contrast: #fff;
--color-primary-dark-1: #ba3283;
--color-primary-dark-2: #b55690;
--color-primary-dark-3: #ac2c79;
--color-primary-dark-4: #a30262;
--color-primary-dark-5: #8a0253;
--color-primary-dark-6: #710144;
--color-primary-dark-7: #570135;
--color-primary-light-1: #d776af;
--color-primary-light-2: #dd89bb;
--color-primary-light-3: #e29dc6;
--color-primary-light-4: #e8b1d2;
--color-primary-light-5: #eec5dd;
--color-primary-light-6: #f4d8e9;
--color-primary-light-7: #f9ecf4;
--color-primary-alpha-10: #d162a419;
--color-primary-alpha-20: #d162a433;
--color-primary-alpha-30: #d162a44b;
--color-primary-alpha-40: #d162a466;
--color-primary-alpha-50: #d162a480;
--color-primary-alpha-60: #d162a499;
--color-primary-alpha-70: #d162a4b3;
--color-primary-alpha-80: #d162a4cc;
--color-primary-alpha-90: #d162a4e1;
}
.navbar-left > #navbar-logo.item,
.navbar-right > #navbar-logo.item,
.navbar-mobile-right > #navbar-logo.item {
padding: 3px;
}
flake.lock
Generated
+276 -12
View File
@@ -23,6 +23,67 @@
"type": "github"
}
},
"authentik-go": {
"flake": false,
"locked": {
"lastModified": 1771856219,
"narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=",
"owner": "goauthentik",
"repo": "client-go",
"rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d",
"type": "github"
},
"original": {
"owner": "goauthentik",
"repo": "client-go",
"type": "github"
}
},
"authentik-nix": {
"inputs": {
"authentik-go": "authentik-go",
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": "nixpkgs",
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"systems": "systems_2",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1776085803,
"narHash": "sha256-JvvWVbXJYSY8qOReMbAOD4lxcN2cjKV6lg/jLz8CEuY=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "4370b561c8bafb59773ce3a518506bcf1161dbdb",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1775573258,
"narHash": "sha256-Xq7JGI/8ppIydIuWd9KRJKUrh7UpeniwvZ4NAtXbYJ4=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "5249546862986202b901c2afd860992ec48c6ef6",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2026.2.2",
"repo": "authentik",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@@ -46,6 +107,7 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
@@ -61,6 +123,21 @@
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1767039857,
@@ -80,6 +157,24 @@
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1777678872,
"narHash": "sha256-EPIFsulyon7Z1vLQq5Fk64GR8L7cQsT+IPhcsukVbgk=",
@@ -94,6 +189,27 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": [
"authentik-nix",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks-nix": {
"inputs": {
"flake-compat": [
@@ -188,9 +304,35 @@
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
"authentik-nix",
"flake-utils"
],
"nixpkgs": [
"authentik-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1725806412,
"narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=",
"owner": "willibutz",
"repo": "napalm",
"rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5",
"type": "github"
},
"original": {
"owner": "willibutz",
"ref": "avoid-foldl-stack-overflow",
"repo": "napalm",
"type": "github"
}
},
"nix-alien": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"nix-index-database": [
"nix-index-database"
],
@@ -234,12 +376,12 @@
},
"nix-super": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"flake-parts": [
"flake-parts"
],
"git-hooks-nix": "git-hooks-nix",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression"
},
@@ -259,15 +401,18 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1771903837,
"narHash": "sha256-jEA8WggGKtMFeNeCKq3NK8cLEjJmG6/RLUElYYbBZ0E=",
"rev": "e764fc9a405871f1f6ca3d1394fb422e0a0c3951",
"type": "tarball",
"url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.6495.e764fc9a4058/nixexprs.tar.xz"
"lastModified": 1771848320,
"narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2fc6539b481e1d2569f25f8799236694180c0993",
"type": "github"
},
"original": {
"type": "tarball",
"url": "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz"
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-23-11": {
@@ -287,6 +432,21 @@
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1777168982,
"narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
@@ -318,6 +478,19 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1771903837,
"narHash": "sha256-jEA8WggGKtMFeNeCKq3NK8cLEjJmG6/RLUElYYbBZ0E=",
"rev": "e764fc9a405871f1f6ca3d1394fb422e0a0c3951",
"type": "tarball",
"url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.6495.e764fc9a4058/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
"url": "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1777428379,
"narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=",
@@ -333,15 +506,66 @@
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"nixpkgs"
],
"pyproject-nix": [
"authentik-nix",
"pyproject-nix"
],
"uv2nix": [
"authentik-nix",
"uv2nix"
]
},
"locked": {
"lastModified": 1771423342,
"narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "04e9c186e01f0830dad3739088070e4c551191a4",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1771518446,
"narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"flake-parts": "flake-parts",
"authentik-nix": "authentik-nix",
"flake-parts": "flake-parts_2",
"impermanence": "impermanence",
"nix-alien": "nix-alien",
"nix-index-database": "nix-index-database",
"nix-super": "nix-super",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
}
},
"systems": {
@@ -358,6 +582,46 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"nixpkgs"
],
"pyproject-nix": [
"authentik-nix",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1772187362,
"narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "abe65de114300de41614002fe9dce2152ac2ac23",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
}
},
"root": "root",
flake.nix
+7
View File
@@ -31,6 +31,13 @@
url = "github:privatevoid-net/nix-super";
inputs.flake-parts.follows = "flake-parts";
};
authentik-nix = {
url = "github:nix-community/authentik-nix";
# inputs.nixpkgs.follows = "nixpkgs"
# inputs.flake-parts.follows = "flake-parts"
};
};
outputs =
nixos/common.nix
+2 -1
View File
@@ -18,6 +18,7 @@ in
agenix.nixosModules.default
impermanence.nixosModules.default
nix-index-database.nixosModules.nix-index
authentik-nix.nixosModules.default
./hardware.nix
./impermanence.nix
@@ -99,7 +100,7 @@ in
extraHosts =
let
subdomains = [ "git" ];
subdomains = [ "git" "auth" ];
inherit (config.networking) fqdn;
hosts = [ fqdn ] ++ map (sub: "${sub}.${fqdn}") subdomains;
nixos/modules/authentik.nix
+17
View File
@@ -0,0 +1,17 @@
{ config, self, ... }:
let
inherit (config.networking) fqdn;
in
{
age.secrets.authentik.file = "${self}/agenix/authentik.age";
services.authentik = {
enable = true;
environmentFile = config.age.secrets.authentik.path; # just trust, this specifies port 3001
# nginx = {
# enable = true;
# enableACME = true;
# host = "auth.${fqdn}";
# };
};
}
nixos/modules/default.nix
+2 -1
View File
@@ -1,9 +1,10 @@
{
imports = [
./acme.nix
./authentik.nix
./dns.nix
./fail2ban.nix
./forgejo.nix
./gitea.nix
./host.nix
./nginx.nix
./snapper.nix
nixos/modules/forgejo.nix
-125
View File
@@ -1,125 +0,0 @@
{ config, pkgs, ... }:
let
inherit (config.networking) fqdn;
acmeEnabled = config.acme.enable;
themeName = "tuxcord";
forgejoPublic = pkgs.linkFarm "forgejo-public" [
{
name = "assets/css/theme-${themeName}.css";
path = ../../assets/forgejo/theme.css;
}
{
name = "assets/img";
path = makeForgejoImages {
big = ../../assets/branding/logo.svg;
small = ../../assets/branding/logo-head.svg;
rasterWidth = 1024;
};
}
{
name = "assets/images/full-logo.svg";
path = ../../assets/branding/logo.svg;
}
];
forgejoTemplates = ../../assets/forgejo/templates;
makeForgejoImages =
{
big,
small,
rasterWidth,
}:
pkgs.stdenv.mkDerivation rec {
name = "forgejo-images";
srcs = [
big
small
];
unpackPhase = "true";
buildInputs = with pkgs; [
inkscape
];
# https://forgejo.org/docs/next/contributor/customization/#changing-the-logo
buildPhase = ''
mkdir -p $out
cp "${big}" $out/logo.svg
inkscape -w ${toString rasterWidth} ${big} -o $out/logo.png
cp "${small}" $out/favicon.svg
inkscape -w ${toString rasterWidth} ${small} -o $out/favicon.png
'';
};
in
{
services.forgejo = {
enable = true;
database.type = "mysql";
lfs.enable = true;
settings = {
DEFAULT = {
APP_NAME = "TuxCord Code Forge";
};
server = {
DOMAIN = fqdn;
ROOT_URL = "${if acmeEnabled then "https" else "http"}://${fqdn}/";
HTTP_PORT = 3000;
};
service = {
DISABLE_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
DEFAULT_BRANCH = "main";
};
ui = {
DEFAULT_THEME = themeName;
};
# TODO: once we have email setup this would be nice
mailer.ENABLED = true;
actions = {
ENABLED = true;
# DEFAULT_ACTIONS_URL = "github";
};
};
};
systemd.services.forgejo-branding = {
enable = true;
wantedBy = [ "forgejo.service" ];
before = [ "forgejo.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "forgejo-branding.oneshot" ''
${pkgs.rsync}/bin/rsync -rl --chown forgejo:forgejo --delete ${forgejoPublic}/ ${config.services.forgejo.customDir}/public
${pkgs.rsync}/bin/rsync -rl --chown forgejo:forgejo --delete ${forgejoTemplates}/ ${config.services.forgejo.customDir}/templates
'';
};
};
environment.persistence."/persist".directories = [
{
directory = config.services.forgejo.stateDir;
group = "forgejo";
user = "forgejo";
}
];
}
nixos/modules/gitea.nix
+40
View File
@@ -0,0 +1,40 @@
{ config, ... }:
let
inherit (config.networking) fqdn;
acmeEnabled = config.acme.enable;
in
{
services.gitea = {
enable = true;
appName = "TuxCord Gitea";
database.type = "mysql";
lfs.enable = true;
settings = {
server = {
DOMAIN = fqdn;
ROOT_URL = "${if acmeEnabled then "https" else "http"}://${fqdn}/";
HTTP_PORT = 3000;
};
service = {
DISABLE_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
DEFAULT_BRANCH = "main";
};
# ui.DEFAULT_THEME = "...";
# TODO: once we have email setup this would be nice
mailer.ENABLED = true;
};
};
}
nixos/modules/nginx.nix
+5 -1
View File
@@ -58,7 +58,11 @@ in
};
"git.${fqdn}" = mkVhost { } {
"/" = mkProxy config.services.forgejo.settings.server.HTTP_PORT;
"/" = mkProxy config.services.gitea.settings.server.HTTP_PORT;
};
"auth.${fqdn}" = mkVhost { } {
"/" = mkProxy 3001;
};
};
};
nixos/openssh.nix
+1 -2
View File
@@ -1,4 +1,3 @@
{ config, ... }:
{
services.openssh = {
enable = true;
@@ -13,5 +12,5 @@
};
};
networking.firewall.allowedTCPPorts = config.services.openssh.ports;
networking.firewall.allowedTCPPorts = [ 22 ];
}
npins/default.nix
+28 -141
View File
@@ -9,15 +9,8 @@
*/
# Generated by npins. Do not modify; will be overwritten regularly
let
# Backwards-compatibly make something that previously didn't take any arguments take some
# The function must return an attrset, and will unfortunately be eagerly evaluated
# Same thing, but it catches eval errors on the default argument so that one may still call it with other arguments
mkFunctor =
fn:
let
e = builtins.tryEval (fn { });
in
(if e.success then e.value else { error = fn { }; }) // { __functor = _self: fn; };
data = builtins.fromJSON (builtins.readFile ./sources.json);
version = data.version;
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
range =
@@ -28,6 +21,7 @@ let
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
concatMapStrings = f: list: concatStrings (map f list);
concatStrings = builtins.concatStringsSep "";
# If the environment variable NPINS_OVERRIDE_${name} is set, then use
@@ -54,90 +48,41 @@ let
mkSource =
name: spec:
{
pkgs ? null,
}:
assert spec ? type;
let
# Unify across builtin and pkgs fetchers.
# `fetchGit` requires a wrapper because of slight API differences.
fetchers =
if pkgs == null then
{
inherit (builtins) fetchTarball fetchurl;
# Frustratingly, due to flakes and `fetchTree`, `fetchGit`
# has a different signature than the other builtin
# fetchers
fetchGit = args: (builtins.fetchGit args).outPath;
}
else
{
fetchTarball =
{
url,
sha256,
}:
pkgs.fetchzip {
inherit url sha256;
extension = "tar";
};
inherit (pkgs) fetchurl;
fetchGit =
{
url,
submodules,
rev,
name,
lfs,
narHash,
}:
pkgs.fetchgit {
inherit url rev name lfs;
fetchSubmodules = submodules;
hash = narHash;
};
};
path =
if spec.type == "Git" then
mkGitSource fetchers spec
mkGitSource spec
else if spec.type == "GitRelease" then
mkGitSource fetchers spec
mkGitSource spec
else if spec.type == "PyPi" then
mkPyPiSource fetchers spec
mkPyPiSource spec
else if spec.type == "Channel" then
mkChannelSource fetchers spec
else if spec.type == "Url" || spec.type == "MutableUrl" then
mkUrlSource fetchers spec
else if spec.type == "Container" then
mkContainerSource pkgs spec
mkChannelSource spec
else if spec.type == "Tarball" then
mkTarballSource spec
else
builtins.throw "Unknown source type ${spec.type}";
in
spec // { outPath = mayOverride name path; };
mkGitSource =
{
fetchTarball,
fetchGit,
...
}:
{
repository,
revision,
url ? null,
submodules,
hash,
lfs,
branch ? null,
...
}:
assert repository ? type;
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
# In the latter case, there we will always be an url to the tarball
if url != null && !submodules then
fetchTarball {
builtins.fetchTarball {
inherit url;
sha256 = hash;
sha256 = hash; # FIXME: check nix version & use SRI hashes
}
else
let
@@ -148,8 +93,6 @@ let
"https://github.com/${repository.owner}/${repository.repo}.git"
else if repository.type == "GitLab" then
"${repository.server}/${repository.repo_path}.git"
else if repository.type == "Forgejo" then
"${repository.server}/${repository.owner}/${repository.repo}.git"
else
throw "Unrecognized repository type ${repository.type}";
urlToName =
@@ -164,96 +107,40 @@ let
"${if matched == null then "source" else builtins.head matched}${appendShort}";
name = urlToName url revision;
in
fetchGit {
builtins.fetchGit {
rev = revision;
narHash = hash;
inherit name submodules url lfs;
inherit name;
# hash = hash;
inherit url submodules;
};
mkPyPiSource =
{ fetchurl, ... }:
{
url,
hash,
...
}:
fetchurl {
{ url, hash, ... }:
builtins.fetchurl {
inherit url;
sha256 = hash;
};
mkChannelSource =
{ fetchTarball, ... }:
{
url,
hash,
...
}:
fetchTarball {
{ url, hash, ... }:
builtins.fetchTarball {
inherit url;
sha256 = hash;
};
mkUrlSource =
{
fetchTarball,
fetchurl,
...
}:
mkTarballSource =
{
url,
locked_url ? url,
hash,
unpack,
...
}:
(if unpack then fetchTarball else fetchurl) {
inherit url;
builtins.fetchTarball {
url = locked_url;
sha256 = hash;
};
mkContainerSource =
pkgs:
{
image_name,
image_tag,
image_digest,
hash,
...
}:
if pkgs == null then
builtins.throw "container sources require passing in a Nixpkgs value: https://github.com/andir/npins/blob/master/README.md#using-the-nixpkgs-fetchers"
else
pkgs.dockerTools.pullImage {
imageName = image_name;
imageDigest = image_digest;
finalImageTag = image_tag;
hash = hash;
};
in
mkFunctor (
{
input ? ./sources.json,
}:
let
data =
if builtins.isPath input then
# while `readFile` will throw an error anyways if the path doesn't exist,
# we still need to check beforehand because *our* error can be caught but not the one from the builtin
# See: <https://git.lix.systems/lix-project/lix/issues/1098>
if builtins.pathExists input then
builtins.fromJSON (builtins.readFile input)
else
throw "Input path ${toString input} does not exist"
else if builtins.isAttrs input then
input
else
throw "Unsupported input type ${builtins.typeOf input}, must be a path or an attrset";
version = data.version;
in
if version == 8 then
builtins.mapAttrs (name: spec: mkFunctor (mkSource name spec)) data.pins
else
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
)
if version == 5 then
builtins.mapAttrs mkSource data.pins
else
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
npins/sources.json
+2 -3
View File
@@ -8,11 +8,10 @@
},
"branch": "main",
"submodules": false,
"lfs": true,
"revision": "b18dd7b863644debb0a843a5b21bb490bfe7d048",
"url": null,
"hash": "sha256-xYH9RXYZDVotUW8fKIEC9u0GJeEg2nV/23aQlEyeQso="
"hash": "18czfxaldy0zhjprdsqzxnzj3p9qlc4canwigr13iw2wisi4ww5y"
}
},
"version": 8
"version": 5
}
shells/default.nix
+1 -21
View File
@@ -2,26 +2,6 @@
{
perSystem =
{ pkgs, ... }:
let
npins' = pkgs.npins.overrideAttrs (
final: old: {
src = pkgs.fetchFromGitHub {
owner = "javalsai";
repo = "npins";
rev = "f3def7dfeecc16884cb0601f6c904d5142f47383";
hash = "sha256-ejeOGmDw+D4KddFJ5OAPradqoS+p2eAhhS4fOLQOWOk=";
};
cargoHash = null;
cargoDeps = pkgs.rustPlatform.fetchCargoVendor {
src = final.src;
hash = "sha256-mG4UClFBgiWBraWQ12N3CSyapaIpuXI9F8wQGwh/ooQ=";
};
cargoBuildFeatures = [ ];
}
);
in
{
devShells.default = pkgs.mkShell {
name = "configuration.nix";
@@ -53,7 +33,7 @@
jujutsu
nix-output-monitor
nixfmt
npins'
npins
parted
smartmontools
statix