L-Nafaryus/bonfire
L-Nafaryus/bonfire
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects 4 Releases Wiki Activity

Compare commits

base: L-Nafaryus:a2f306e7fc5abcf1c05e4cbe72c23d9e53588932
Branches Tags
L-Nafaryus:master
L-Nafaryus:devel
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-onetagger
L-Nafaryus:packages-wezterm
...
compare: L-Nafaryus:188d29adf4166e777b1458be943862c97581a3c4
Branches Tags
L-Nafaryus:devel
L-Nafaryus:master
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-onetagger
L-Nafaryus:packages-wezterm

2 Commits
a2f306e7fc ... 188d29adf4

Author SHA1 Message Date
L-Nafaryus
188d29adf4
new: packages: nix-minimal and nix-runner docker images 2024-05-03 23:11:30 +05:00
L-Nafaryus
307fabb7ec
catarina: add gitea action runner 2024-05-03 23:10:55 +05:00
9 changed files with 247 additions and 78 deletions
Show Stats Expand all files Collapse all files

2
.secrets

@ -1 +1 @@
Subproject commit f8ed74005067a0f97e022dc5ddf7a1c392f4a0cb Subproject commit d4c4f1fcd08c45e9056968b346184f5f80282fa2

79
flake.lock
View File

@ -38,7 +38,7 @@
"devenv": "devenv", "devenv": "devenv",
"fenix": "fenix_2", "fenix": "fenix_2",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixgl": "nixgl_2", "nixgl": "nixgl",
"nixos-mailserver": "nixos-mailserver_2", "nixos-mailserver": "nixos-mailserver_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@ -100,11 +100,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713738183, "lastModified": 1713979152,
"narHash": "sha256-qd/MuLm7OfKQKyd4FAMqV4H6zYyOfef5lLzRrmXwKJM=", "narHash": "sha256-apdecPuh8SOQnkEET/kW/UcfjCRb8JbV5BKjoH+DcP4=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "f6c6a2fb1b8bd9b65d65ca9342dd0eb180a63f11", "rev": "a5eca68a2cf11adb32787fc141cddd29ac8eb79c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -204,11 +204,11 @@
"rust-analyzer-src": [] "rust-analyzer-src": []
}, },
"locked": { "locked": {
"lastModified": 1713853552, "lastModified": 1714112748,
"narHash": "sha256-OOXi+9cSbst7Crah6UVxHe33O6HK91WgD2yU/p5/dqs=", "narHash": "sha256-jq6Cpf/pQH85p+uTwPPrGG8Ky/zUOTwMJ7mcqc5M4So=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "d596927635ddd8db224bbff6e4ccb08e42649eb5", "rev": "3ae4b908a795b6a3824d401a0702e11a7157d7e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -308,21 +308,6 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
@ -340,7 +325,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_3"
}, },
@ -358,7 +343,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": { "flake-utils_3": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -404,11 +389,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713818326, "lastModified": 1714042918,
"narHash": "sha256-aw3xbVPJauLk/bbrlakIYxKpeuMWzA2feGrkIpIuXd8=", "narHash": "sha256-4AItZA3EQIiSNAxliuYEJumw/LaVfrMv84gYyrs0r3U=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "67de98ae6eed5ad6f91b1142356d71a87ba97f21", "rev": "0c5704eceefcb7bb238a958f532a86e3b59d76db",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -526,28 +511,7 @@
}, },
"nixgl": { "nixgl": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1713543440,
"narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
"owner": "guibou",
"repo": "nixGL",
"rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
"type": "github"
},
"original": {
"owner": "guibou",
"repo": "nixGL",
"type": "github"
}
},
"nixgl_2": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
"bonfire", "bonfire",
@ -618,11 +582,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1713714899, "lastModified": 1714076141,
"narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6143fc5eeb9c4f00163267708e26191d1e918932", "rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -764,7 +728,7 @@
}, },
"poetry2nix": { "poetry2nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -797,7 +761,7 @@
"devenv", "devenv",
"flake-compat" "flake-compat"
], ],
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"oscuro", "oscuro",
@ -826,7 +790,6 @@
"crane": "crane", "crane": "crane",
"fenix": "fenix", "fenix": "fenix",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixgl": "nixgl",
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"oscuro": "oscuro", "oscuro": "oscuro",
@ -864,11 +827,11 @@
"nixpkgs-stable": "nixpkgs-stable_3" "nixpkgs-stable": "nixpkgs-stable_3"
}, },
"locked": { "locked": {
"lastModified": 1713775152, "lastModified": 1713892811,
"narHash": "sha256-xyP8h9jLQ0AmyPy40sIwL7/D03oVpXG9YHoYJ4ecYWA=", "narHash": "sha256-uIGmA2xq41vVFETCF1WW4fFWFT2tqBln+aXnWrvjGRE=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "4371a1301c4d36cc791069d90ae522613a3a335e", "rev": "f1b0adc27265274e3b0c9b872a8f476a098679bd",
"type": "github" "type": "github"
}, },
"original": { "original": {

15
flake.nix
View File

@ -12,10 +12,6 @@
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixgl = {
url = "github:guibou/nixGL";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-mailserver = { nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -35,16 +31,15 @@
}; };
oscuro = { oscuro = {
url = "github:L-Nafaryus/oscuro"; url = "github:L-Nafaryus/oscuro";
inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = inputs @ { self, nixpkgs, home-manager, nixgl, nixos-mailserver, sops-nix, crane, fenix, oscuro, ... }: { outputs = { self, nixpkgs, home-manager, nixos-mailserver, sops-nix, crane, fenix, oscuro, ... }: {
lib = import ./lib {}; lib = import ./lib {};
nixosConfigurations = { nixosConfigurations = {
astora = with nixpkgs; lib.nixosSystem { astora = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
@ -52,10 +47,10 @@
./nixosModules/bonfire.nix ./nixosModules/bonfire.nix
self.nixosModules.spoofdpi self.nixosModules.spoofdpi
]; ];
specialArgs = { inherit inputs self; }; specialArgs = { inherit self; };
}; };
catarina = with nixpkgs; lib.nixosSystem { catarina = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
nixos-mailserver.nixosModules.mailserver nixos-mailserver.nixosModules.mailserver
@ -67,7 +62,7 @@
self.nixosModules.papermc self.nixosModules.papermc
self.nixosModules.qbittorrent-nox self.nixosModules.qbittorrent-nox
]; ];
specialArgs = { inherit inputs self; }; specialArgs = { inherit self; };
}; };
}; };

12
nixosConfigurations/astora/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, inputs, ... }: { pkgs, lib, ... }:
{ {
system.stateVersion = "23.11"; system.stateVersion = "23.11";
@ -31,7 +31,6 @@
(final: prev: { (final: prev: {
blender = prev.blender.override { cudaSupport = true; }; blender = prev.blender.override { cudaSupport = true; };
}) })
inputs.nixgl.overlay
]; ];
}; };
@ -150,4 +149,13 @@
programs.steam.enable = true; programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576"; systemd.extraConfig = "DefaultLimitNOFILE=1048576";
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
} }

19
nixosConfigurations/catarina/default.nix
View File

@ -1,9 +1,11 @@
{ config, pkgs, lib, inputs, self, ... }: { config, pkgs, lib, self, ... }:
{ let bonfire-pkgs = self.packages.${pkgs.system};
in {
system.stateVersion = "23.11"; system.stateVersion = "23.11";
imports = [ imports = [
./hardware.nix ./users.nix ./hardware.nix
./users.nix
./services/papermc.nix ./services/papermc.nix
./services/gitea.nix ./services/gitea.nix
]; ];
@ -33,7 +35,7 @@
config.allowUnfree = true; config.allowUnfree = true;
config.cudaSupport = false; config.cudaSupport = false;
config.packageOverrides = super: { config.packageOverrides = super: {
lego = self.packages.${pkgs.system}.lego; lego = bonfire-pkgs.lego;
}; };
}; };
@ -192,6 +194,15 @@
discordTokenFile = config.sops.secrets.discordToken.path; discordTokenFile = config.sops.secrets.discordToken.path;
}; };
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
# Packages # Packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget wget

20
nixosConfigurations/catarina/services/gitea.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, ... }:
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@ -86,4 +86,22 @@
useACMEHost = "elnafo.ru"; useACMEHost = "elnafo.ru";
locations."/".proxyPass = "http://127.0.0.1:3001"; locations."/".proxyPass = "http://127.0.0.1:3001";
}; };
services.gitea-actions-runner = {
instances = {
master = {
enable = true;
name = "master";
url = config.services.gitea.settings.server.ROOT_URL;
tokenFile = config.sops.secrets."gitea-runner/master-token".path;
labels = [
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
"nix-minimal:docker://vcs.elnafo.ru/l-nafaryus/nix-minimal:latest"
"nix-runner:docker://vcs.elnafo.ru/l-nafaryus/nix-runner:latest"
];
settings.container.network = "host";
};
};
};
} }

8
packages/default.nix
View File

@ -10,8 +10,8 @@ in forAllSystems(system:
pkgs = nixpkgsFor.${system}; pkgs = nixpkgsFor.${system};
bonfire = self; bonfire = self;
bonfire-lib = self.lib; bonlib = self.lib;
bonfire-pkgs = self.packages.${system}; bonpkgs = self.packages.${system};
crane = self.inputs.crane; crane = self.inputs.crane;
crane-lib = self.inputs.crane.lib.${system}; crane-lib = self.inputs.crane.lib.${system};
@ -32,4 +32,8 @@ in forAllSystems(system:
ultimmc = pkgs.libsForQt5.callPackage ./ultimmc { inherit bonfire; }; ultimmc = pkgs.libsForQt5.callPackage ./ultimmc { inherit bonfire; };
cargo-shuttle = pkgs.callPackage ./cargo-shuttle { inherit bonfire crane-lib; }; cargo-shuttle = pkgs.callPackage ./cargo-shuttle { inherit bonfire crane-lib; };
nix-minimal = pkgs.callPackage ./nix-minimal { inherit bonpkgs bonlib; };
nix-runner = pkgs.callPackage ./nix-runner { inherit bonpkgs bonlib; };
}) })

136
packages/nix-minimal/default.nix Normal file
View File

@ -0,0 +1,136 @@
{
pkgs,
lib,
bonlib,
extraPaths ? [],
...
}:
let
nixPath = pkgs.writeText "nixpkgsError" ''_: throw '''
This container doesn't include nixpkgs.
Hint: override the NIX_PATH environment variable with eg:
"NIX_PATH=nixpkgs=channel:nixos-unstable"
''' '';
builderIds = let forEach = n: if n == 1 then [n] else [n] ++ forEach (n - 1); in forEach 32;
withFakeNss = with pkgs; [
(writeTextDir "etc/passwd" (
builtins.concatStringsSep "\n" (
map (n: "nixbld${toString n}:x:${toString (30000 + n)}:30000:Nix build user ${toString n}:/var/empty:/bin/false") builderIds)
+ "\n" + ''
root:x:0:0:System administrator:/root:${bashInteractive}/bin/bash
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:${shadow}/bin/nologin
''))
(writeTextDir "etc/group" ''
root:x:0:
wheel:x:1:
kmem:x:2:
tty:x:3:
messagebus:x:4:
disk:x:6:
audio:x:17:
floppy:x:18:
uucp:x:19:
lp:x:20:
cdrom:x:24:
tape:x:25:
video:x:26:
dialout:x:27:
utmp:x:29:
adm:x:55:
keys:x:96:
users:x:100:
input:x:174:
nixbld:x:30000:${builtins.concatStringsSep "," (map (n: "nixbld${toString n}") builderIds)}
nogroup:x:65534:
'')
(writeTextDir "etc/nsswitch.conf" ''
passwd: files mymachines systemd
group: files mymachines systemd
shadow: files
hosts: files mymachines dns myhostname
networks: files
ethers: files
services: files
protocols: files
rpc: files
'')
];
withNixConf = with pkgs; [
(writeTextDir "etc/nix/nix.conf" ''
accept-flake-config = true
experimental-features = nix-command flakes
show-trace = true
max-jobs = auto
trusted-users = root
'')
];
in pkgs.dockerTools.buildImageWithNixDb {
name = "nix-minimal";
tag = "latest";
copyToRoot = pkgs.buildEnv {
name = "image-root";
pathsToLink = [ "/bin" "/etc" ];
paths = with pkgs; [
dockerTools.usrBinEnv
coreutils
bashInteractive
nix
cacert
gnutar
gzip
xz
openssh
((git.override {
perlSupport = false;
pythonSupport = false;
withpcre2 = false;
withManual = false;
}).overrideAttrs (_: { doInstallCheck = false; }))
iana-etc
] ++ withFakeNss ++ withNixConf ++ extraPaths;
};
runAsRoot = with pkgs; ''
#!${runtimeShell}
${dockerTools.shadowSetup}
'';
config = {
Cmd = [ "/bin/bash" ];
Env = [
"USER=root"
"PATH=/bin:/usr/bin:/nix/var/nix/profiles/default/bin"
"PAGER=cat"
"ENV=/etc/profile.d/nix.sh"
"BASH_ENV=/etc/profile.d/nix.sh"
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
"NIX_BUILD_SHELL=/bin/bash"
"NIX_PATH=nixpkgs=${nixPath}"
];
};
} // {
meta = with lib; {
homepage = "https://vcs.elnafo.ru/L-Nafaryus/bonfire";
description = "Minimal image with a Nix package manager";
longDescription = ''
Minimal docker image with Nix package manager (https://nixos.org/).
Enabled features: nix-command, flakes.
Versions: latest
'';
platforms = platforms.linux;
license = licenses.lgpl21Plus;
maintainers = with bonlib.maintainers; [ L-Nafaryus ];
};
}

34
packages/nix-runner/default.nix Normal file
View File

@ -0,0 +1,34 @@
{
pkgs,
lib,
bonpkgs,
bonlib,
extraPaths ? [],
...
}:
pkgs.dockerTools.buildImage {
name = "nix-runner";
tag = "latest";
fromImage = bonpkgs.nix-minimal;
copyToRoot = pkgs.buildEnv {
name = "image-root";
pathsToLink = [ "/bin" ];
paths = with pkgs; [
nodejs
jq
cachix
] ++ extraPaths;
};
config.Cmd = [ "/bin/bash" ];
} // {
meta = bonpkgs.nix-minimal.meta // {
description = "Image for action runners with a Nix package manager";
longDescription = ''
Docker image for action runners with Nix package manager (https://nixos.org/).
Enabled features: nix-command, flakes.
Versions: latest
'';
};
}