Update deps

forgejo: move runner stuff to dedicated module
tanker: Setup and configure Forgejo Actions
2023-09-15 12:26:03 +02:00 · 2023-09-15 12:21:40 +02:00 · 2023-09-14 00:30:04 +02:00
14 changed files with 146 additions and 95 deletions
--- a/agenix/hosts/argon/config.nix
+++ b/agenix/hosts/argon/config.nix
@ -18,6 +18,10 @@
      file = ./adguardhome-sync/environment.age;
    };
    forgejo-actions-token = {
      file = ./forgejo-actions/token.age;
    };
    weewx-proxy-environment = {
      file = ./weewx-proxy/environment.age;
    };
--- a/agenix/hosts/argon/forgejo-actions/token.age
+++ b/agenix/hosts/argon/forgejo-actions/token.age
--- a/agenix/hosts/tanker/forgejo-actions/token.age
+++ b/agenix/hosts/tanker/forgejo-actions/token.age
@ -1,9 +1,10 @@
 age-encryption.org/v1
-> ssh-ed25519 MtGp6g j3LJbMvC+F+WI80vay1mUtT4AU/iPrVlJspYtDwL5WI
+-> ssh-ed25519 MtGp6g jM+++wGqvWlj9wKwKdrS3d8xpwfLp1ks4GCh3sm/6zM
-JllJKpMrJtNEF2Wjlt+FQZjt0HYg1jcM5Z23Nyr0JDQ
+QkBPJf0lBF617AFcko4KA/Aq6mi6eMWp/ye2Abf2fKk
-> ssh-ed25519 iO8/4g M2tItsaOdbUwDrIR6CniYnQtmdgLBL31D/xdYI27DR4
+-> ssh-ed25519 iO8/4g IGCdvdMB6PdiqxA9yamSUMCfH4Bk0JmtOuZt4WZrFGM
-hdQhMFbQ88Qd0b9/yUqSCp0jmWBVTamHRHxvfzMKQd0
+cz19imzpQAkWv+iCoUzBfMRC5D0yusCMQkROrjBhoJ0
-> a88u-grease %<;6}T6g dP%)[l 5M?k?Ff
+-> PT|e-grease cJG6UW4o
-66xUudBfSs81QpoQPElEtQ9W5IUdTpeO613+2nVdnOVb
+4G+Rp2jt1sZbGLxuKl7DgX1wl1kaOhhEjkloCeaHg0lt6P7bmjcg++jh6hWs7MhO
--- +iZj/5A8YtvHw9xzvg95+S7aYwRvA87KYF8fsZyuORk
+dMp8SKY9
-ÿ§Zh§è#ÊÖÆ&BÕÓ÷îÈKe¡Z`×òŠýD$;TH,ß¡Àì³ÏÿÓL´×%à•ŒƒÈX©Høh$8‚€Ù³„)ÊŒ÷HàX<qã
+--- VdFRpEBs74LJOqJNYwiGeb/wy/e7Wm+aFQnw3AI1pFw
 r‹åkòBúx–µvŠ™aob""éh&éÅîb{ñÌH´òã,’×q¢·Ã RSm½¤ûÃTûo	¾hB•gdµ
÷?GÒ¼n0©î
--- a/flake.lock
+++ b/flake.lock
@ -13,11 +13,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1690228878,
+        "lastModified": 1694734964,
-        "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
+        "narHash": "sha256-FvBMAbl6EMFVODzgaEwQ9z7tfGMQvDeyc0YZ5ArPYPE=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
+        "rev": "20deb735cc405831ba04a0088fecb3887aa255c0",
        "type": "github"
      },
      "original": {
@ -109,11 +109,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1694511957,
+        "lastModified": 1694763556,
-        "narHash": "sha256-teCLY68npc0nuyOHYJURLuJSOME0yotJI29WXcpF1E4=",
+        "narHash": "sha256-csMoysn8NrVAaPuhAB64nRd4CeH+yXEdFcYf04vFfw0=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "be98cffef02e5ebf438ea80b34b86e669c48eff1",
+        "rev": "8aa6ec5ff220f1d9749d636dbeb46ec929f112dc",
        "type": "github"
      },
      "original": {
@ -300,11 +300,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1694585439,
+        "lastModified": 1694643239,
-        "narHash": "sha256-70BlfEsdURx5f8sioj8JuM+R4/SZFyE8UYrULMknxlI=",
+        "narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "a0ddf43b6268f1717afcda54133dea30435eb178",
+        "rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
        "type": "github"
      },
      "original": {
@ -323,11 +323,11 @@
      },
      "locked": {
        "dir": "contrib",
-        "lastModified": 1694591514,
+        "lastModified": 1694764612,
-        "narHash": "sha256-IFWKN1v8f+Nq16YKI7/Bn68s+7xD3Sl5VgWEEjVKwLo=",
+        "narHash": "sha256-ESl/NMxS8ld9IU0prayYTATEqxBdj4D3BrXwUiTY2IY=",
        "owner": "neovim",
        "repo": "neovim",
-        "rev": "4607807f9fcb83d4e183f6f67e705ffd7f451077",
+        "rev": "a6e4793bafa0edda2ef5e948cd071dc9626688d8",
        "type": "github"
      },
      "original": {
@ -346,11 +346,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1694593224,
+        "lastModified": 1694766001,
-        "narHash": "sha256-Ik4E8fER3sbpkbFJUErN63PNkKUMNcmsQIg2a2OkRkw=",
+        "narHash": "sha256-vzleD8ZNZ6juhR8Uivadh4V47Iqd0qDVNNTXArCeIwQ=",
        "owner": "nifoc",
        "repo": "nix-overlay",
-        "rev": "4e541b5cbce5a26ac02c4dda5683204f8d5cf525",
+        "rev": "e568419bda1ed080c30d6f91f68ea24edb3fb300",
        "type": "github"
      },
      "original": {
@ -381,11 +381,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1694591211,
+        "lastModified": 1694710316,
-        "narHash": "sha256-NPP7XGZH+Q5ey7nE2zGLrBrzKmLYPhj8YgsTSdhH0D4=",
+        "narHash": "sha256-uRh46iIC86D8BD1wCDA5gRrt+hslUXiD0kx/UjnjBcs=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "3ccd87fcdae4732fe33773cefa4375c641a057e7",
+        "rev": "570256327eb6ca6f7bebe8d93af49459092a0c43",
        "type": "github"
      },
      "original": {
@ -397,11 +397,11 @@
    },
    "nixos-unstable": {
      "locked": {
-        "lastModified": 1694422566,
+        "lastModified": 1694669921,
-        "narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=",
+        "narHash": "sha256-6ESpJ6FsftHV96JO/zn6je07tyV2dlLR7SdLsmkegTY=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb",
+        "rev": "f2ea252d23ebc9a5336bf6a61e0644921f64e67c",
        "type": "github"
      },
      "original": {
--- a/home/programs/nvim/plugins.nix
+++ b/home/programs/nvim/plugins.nix
@ -30,23 +30,23 @@ in
  };
  nvim-web-devicons = buildVimPluginFrom2Nix {
    pname = "nvim-web-devicons";
-    version = "2023-09-11";
+    version = "2023-09-15";
    src = fetchFromGitHub {
      owner = "kyazdani42";
      repo = "nvim-web-devicons";
-      rev = "925e2aa30dc9fe9332060199c19f132ec0f3d493";
+      rev = "973ab742f143a796a779af4d786ec409116a0d87";
-      sha256 = "0i2ixmmapld2j681z606g00ws17vwzmpb0cxvbzsx9bqhap3qgzr";
+      sha256 = "1fmvym6ryxmff5559s6aw6nv4h5cgz2lnkjnhzbwws4iryvc90zl";
      fetchSubmodules = false;
    };
  };
  wezterm-nvim = buildVimPluginFrom2Nix {
    pname = "wezterm.nvim";
-    version = "2023-09-13";
+    version = "2023-09-14";
    src = fetchFromGitHub {
      owner = "willothy";
      repo = "wezterm.nvim";
-      rev = "4d626e4d868a8c53b8a787f50d2fd533673e864f";
+      rev = "cdce700a688735c594a4978a4ea31801f4354fcb";
-      sha256 = "0i061n9sr3lb3gsymz9a7amv667vq1kqczvwmx8i4711k272raz7";
+      sha256 = "044g9pvwbs88s02f131nvzd69v4c9lw4vavjp37h267y292msbyp";
      fetchSubmodules = false;
    };
  };
@ -118,12 +118,12 @@ in
  };
  nvim-treesitter = buildVimPluginFrom2Nix {
    pname = "nvim-treesitter";
-    version = "2023-09-13";
+    version = "2023-09-15";
    src = fetchFromGitHub {
      owner = "nvim-treesitter";
      repo = "nvim-treesitter";
-      rev = "9ab4e9cc8989e3811b14897cd0eb21ae35e5541e";
+      rev = "48b237fd3f482aef2f5896b8b7a6ece71c19ad99";
-      sha256 = "1jd3wylb9ibd0pylpmpzhir9290qmmx5gradqxd5vvarr5wvpzak";
+      sha256 = "1vwrz7w2bwd9m0mj2w9w1gpxjqx6z0rg5zs2ciglghfqjgnwvdhg";
      fetchSubmodules = false;
    };
  };
@ -162,12 +162,12 @@ in
  };
  telescope-nvim = buildVimPluginFrom2Nix {
    pname = "telescope.nvim";
-    version = "2023-09-10";
+    version = "2023-09-14";
    src = fetchFromGitHub {
      owner = "nvim-telescope";
      repo = "telescope.nvim";
-      rev = "a19770625aed49ad2a9f591a5e3946707f7359f6";
+      rev = "59812c26d826e8c717e29406267ea1260f71e103";
-      sha256 = "13r2bbmylh9n5yqmc8mff669w6c4wx0j20xiy4sx2cdmfj089a9k";
+      sha256 = "1c5gs74pajsmdq99g6qfzk7vbp1pl6milxy33zrj2mi3d5hqqwwa";
      fetchSubmodules = false;
    };
  };
@ -242,23 +242,23 @@ in
  };
  nvim-lspconfig = buildVimPluginFrom2Nix {
    pname = "nvim-lspconfig";
-    version = "2023-09-12";
+    version = "2023-09-15";
    src = fetchFromGitHub {
      owner = "neovim";
      repo = "nvim-lspconfig";
-      rev = "360a895125ac4f39df6aa8f763635eff07e69fff";
+      rev = "cc388d3f6b9c7c943ae2b2dcd46ad470fd257f91";
-      sha256 = "0sy9w8bl46i9krikxkbnsryrnnccji2hrw29k3ccihnn8nrxwvsl";
+      sha256 = "0xw1xya93qks2azp0rg2k7fyg2ak31c3z897af9d3lx0nrhy31xs";
      fetchSubmodules = false;
    };
  };
  nvim-jdtls = buildVimPluginFrom2Nix {
    pname = "nvim-jdtls";
-    version = "2023-08-01";
+    version = "2023-09-14";
    src = fetchFromGitHub {
      owner = "mfussenegger";
      repo = "nvim-jdtls";
-      rev = "095dc490f362adc85be66dc14bd9665ddd94413b";
+      rev = "697b39e3db0e0d0ce9ee4c2df506a4e0386af6c2";
-      sha256 = "02b1kqfmj03snmvjd1z1piklihxq2n0w7rpdchaf6ylqh0arka7h";
+      sha256 = "0iaccv986r4z1lmfih24dk2ls501bfqw3n7z4h0mwbf7xqm9jml3";
      fetchSubmodules = false;
    };
  };
@ -297,12 +297,12 @@ in
  };
  nvim-lint = buildVimPluginFrom2Nix {
    pname = "nvim-lint";
-    version = "2023-09-07";
+    version = "2023-09-14";
    src = fetchFromGitHub {
      owner = "mfussenegger";
      repo = "nvim-lint";
-      rev = "73682da41b74c9c35f33b1b2dbd0cc02cc59452f";
+      rev = "12517fb62b9760053b3edebc0b03308921a30f5c";
-      sha256 = "061x7p90p1nmjf2fs4alrgyj0w0v8w6kbg2n86q2khl40w522ihk";
+      sha256 = "1qsn5ziprl8wz606rjpri18i25hdsc12b39w4xb2nqkxwx3hdi2l";
      fetchSubmodules = false;
    };
  };
--- a/secrets.nix
+++ b/secrets.nix
@ -87,6 +87,8 @@ in
  "agenix/hosts/argon/acme/credentials.age".publicKeys = argon;
  "agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
  "agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
  "agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
--- a/system/hosts/argon.nix
+++ b/system/hosts/argon.nix
@ -22,6 +22,8 @@ in
    ../nixos/attic.nix
    (import ../nixos/forgejo-runner.nix (args // { name = "argon"; tag = "ubuntu-latest-arm64"; }))
    ../nixos/tailscale.nix
    ../nixos/unbound.nix
@ -45,12 +47,14 @@ in
      substituters = [
        "https://attic.cache.daniel.sx/nifoc-systems"
        "https://attic.cache.daniel.sx/nifoc-ci"
        "https://nifoc.cachix.org"
        "https://nix-community.cachix.org"
      ];
      trusted-public-keys = [
        "nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
        "nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk="
        "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
--- a/system/hosts/tanker.nix
+++ b/system/hosts/tanker.nix
@ -33,6 +33,7 @@ in
    ../nixos/fedifetcher.nix
    ../nixos/forgejo.nix
    (import ../nixos/forgejo-runner.nix (args // { name = "tanker"; tag = "ubuntu-latest-amd64"; }))
    (import ../nixos/home-proxy.nix (args // { inherit secret; }))
@ -72,12 +73,14 @@ in
      substituters = [
        "https://attic.cache.daniel.sx/nifoc-systems"
        "https://attic.cache.daniel.sx/nifoc-ci"
        "https://nifoc.cachix.org"
        "https://nix-community.cachix.org"
      ];
      trusted-public-keys = [
        "nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
        "nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk="
        "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
@ -109,10 +112,6 @@ in
    hostName = "tanker";
    hostId = "d89f488a";
    useNetworkd = true;
    extraHosts = ''
      127.0.0.1 attic.cache.daniel.sx
    '';
  };
  systemd = {
--- a/system/nixos/forgejo-runner.nix
+++ b/system/nixos/forgejo-runner.nix
@ -0,0 +1,24 @@
 { pkgs, config, name, tag, ... }:
 let
  forgejoUrl = "https://git.kempkens.io";
 in
 {
  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances = {
      tanker = {
        enable = true;
        url = forgejoUrl;
        inherit name;
        tokenFile = config.age.secrets.forgejo-actions-token.path;
        labels = [
          "${tag}:docker://ghcr.io/catthehacker/ubuntu:act-latest"
        ];
      };
    };
  };
 }
--- a/system/nixos/forgejo.nix
+++ b/system/nixos/forgejo.nix
@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ pkgs, ... }:
 let
  fqdn = "git.kempkens.io";
@ -24,6 +24,7 @@ in
          PROTOCOL = "http+unix";
          DOMAIN = fqdn;
          ROOT_URL = "https://${fqdn}/";
          LANDING_PAGE = "explore";
        };
        service = {
@ -42,35 +43,13 @@ in
          SAME_SITE = "strict";
        };
        repository = {
          DISABLE_HTTP_GIT = true;
        };
        actions = {
          ENABLED = true;
        };
        other = {
          SHOW_FOOTER_VERSION = false;
-        };
+          SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
      };
    };
    gitea-actions-runner = {
      package = pkgs.forgejo-actions-runner;
      instances = {
        tanker = {
          enable = true;
          url = "https://${fqdn}";
          name = "tanker";
          tokenFile = config.age.secrets.forgejo-actions-token.path;
          labels = [
            "debian-bullseye:docker://node:18-bullseye"
            "debian-bookworm:docker://node:18-bookworm"
          ];
        };
      };
    };
--- a/system/nixos/nginx-argon.nix
+++ b/system/nixos/nginx-argon.nix
@ -1,3 +1,5 @@
 { lib, config, ... }:
 {
  services.nginx.virtualHosts."default.internal.kempkens.network" = {
    listen = [
@ -34,4 +36,20 @@
      return = "418";
    };
  };
  networking.firewall.interfaces =
    let
      interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
    in
    builtins.listToAttrs
      (builtins.map
        (iface:
          {
            name = iface;
            value = {
              allowedTCPPorts = [ 80 443 ];
              allowedUDPPorts = [ 443 ];
            };
          })
        (builtins.filter builtins.isString interfaces));
 }
--- a/system/nixos/nginx-mediaserver.nix
+++ b/system/nixos/nginx-mediaserver.nix
@ -1,3 +1,5 @@
 { lib, config, ... }:
 {
  services.nginx.virtualHosts."default.internal.kempkens.network" = {
    listen = [
@ -34,4 +36,20 @@
      return = "418";
    };
  };
  networking.firewall.interfaces =
    let
      interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
    in
    builtins.listToAttrs
      (builtins.map
        (iface:
          {
            name = iface;
            value = {
              allowedTCPPorts = [ 80 443 ];
              allowedUDPPorts = [ 443 ];
            };
          })
        (builtins.filter builtins.isString interfaces));
 }
--- a/system/nixos/nginx-tanker.nix
+++ b/system/nixos/nginx-tanker.nix
@ -1,3 +1,5 @@
 { lib, config, ... }:
 {
  services.nginx.virtualHosts."default.kempkens.io" = {
    listen = [
@ -34,4 +36,20 @@
      return = "418";
    };
  };
  networking.firewall.interfaces =
    let
      interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
    in
    builtins.listToAttrs
      (builtins.map
        (iface:
          {
            name = iface;
            value = {
              allowedTCPPorts = [ 80 443 ];
              allowedUDPPorts = [ 443 ];
            };
          })
        (builtins.filter builtins.isString interfaces));
 }
--- a/system/nixos/nginx.nix
+++ b/system/nixos/nginx.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, config, ... }:
+{ pkgs, ... }:
 {
  services.nginx = {
@ -25,20 +25,4 @@
      access_log /var/log/nginx/access.log combined_anon buffer=32k flush=5m;
    '';
  };
  networking.firewall.interfaces =
    let
      interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
    in
    builtins.listToAttrs
      (builtins.map
        (iface:
          {
            name = iface;
            value = {
              allowedTCPPorts = [ 80 443 ];
              allowedUDPPorts = [ 443 ];
            };
          })
        (builtins.filter builtins.isString interfaces));
 }
Author	SHA1	Message	Date
Daniel Kempkens	44fc1c6095	Update deps	2023-09-15 12:26:03 +02:00
Daniel Kempkens	aed54daa2b	forgejo: move runner stuff to dedicated module	2023-09-15 12:21:40 +02:00
Daniel Kempkens	c0e392ae2a	tanker: Setup and configure Forgejo Actions	2023-09-14 00:30:04 +02:00