diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index c6da891..b30ab13 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -1,12 +1,32 @@ on: [push] + jobs: - format: - runs-on: nix + # Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows + update-lockfile: + runs-on: ubuntu-latest + steps: - - run: nix --experimental-features 'nix-command flakes' fmt - build: - runs-on: nix - steps: - - run: nix --experimental-features 'nix-command flakes' flake update - - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven - - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda \ No newline at end of file + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + with: + logger: pretty + +# - name: Update Lockfile +# uses: DeterminateSystems/update-flake-lock@main +# id: update +# with: +# pr-title: "chore(deps): flake inputs" +# commit-msg: "chore(deps): flake inputs" +# token: ${{ secrets.GITHUB_TOKEN }} + +# build: +# runs-on: nix +# steps: +# - run: nix-env -iA nixpkgs.nodejs_20 +# - uses: actions/checkout@v4 +# - run: nix --experimental-features 'nix-command flakes' flake update +# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven +# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda diff --git a/flake.lock b/flake.lock index 48c7dac..afe9f93 100644 --- a/flake.lock +++ b/flake.lock @@ -218,11 +218,11 @@ ] }, "locked": { - "lastModified": 1716506851, - "narHash": "sha256-fzY708SyfHwLOFrg5ZU0fXW9mNdvRvqz64jg97vvpJM=", + "lastModified": 1717036776, + "narHash": "sha256-joKTxvywYlKspGGKOIXho6oRbggOPyayEqAyuZCavO0=", "ref": "refs/heads/main", - "rev": "18fa4a89e208cb8e881f5f71c75bbd4c1c2fd37d", - "revCount": 83, + "rev": "b4b38e6b5fe18da9464f291ae5fbf2ea9acb9ccb", + "revCount": 86, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -250,26 +250,26 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1716827240, - "narHash": "sha256-0LHXNvx7KEsn3j9w/4VtQiEWKrqJmmWn1k/169x/N04=", - "ref": "refs/heads/main", - "rev": "f8a243d7e9db4689bcfc7726df75d5725daf4b60", - "revCount": 40, + "lastModified": 1717092160, + "narHash": "sha256-dype0zRMyP94Uo8YC1vWQ6lkvXLYMep6+Xo7AW4K9cs=", + "ref": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9", + "rev": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9", + "revCount": 42, "type": "git", - "url": "file:///home/aires/Development/nix-configuration/nix-secrets" + "url": "file:./nix-secrets" }, "original": { "type": "git", - "url": "file:///home/aires/Development/nix-configuration/nix-secrets" + "url": "file:./nix-secrets" } }, "nixos-hardware": { "locked": { - "lastModified": 1716588418, - "narHash": "sha256-3EpFUFlZjE+UkBlSXp2lC65ysgUmpAHl13kjh45+et0=", + "lastModified": 1717000136, + "narHash": "sha256-MyFE1416Wsb9UxTNiHTGoOvtUl5JuCftj4EBfz9oPHU=", "ref": "master", - "rev": "80736f76ded618a54dce2db319247aeb902ce795", - "revCount": 1683, + "rev": "2575b7552f52b34dadb08f140326fbbd19056355", + "revCount": 1685, "type": "git", "url": "https://code.8bitbuddhism.com/aires/nixos-hardware" }, @@ -313,11 +313,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716542732, - "narHash": "sha256-0Y9fRr0CUqWT4KgBITmaGwlnNIGMYuydu2L8iLTfHU4=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d12251ef6e8e6a46e05689eeccd595bdbd3c9e60", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7e3c9c3..7922fa2 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,7 @@ # Hardware configurations nixos-hardware.url = "git+https://code.8bitbuddhism.com/aires/nixos-hardware?ref=master"; + #nixos-hardware.url = "git+https://github.com/NixOS/nixos-hardware?ref=master"; # Home-manager home-manager = { @@ -35,7 +36,7 @@ # "Secrets management" nix-secrets = { - url = "git+file:///home/aires/Development/nix-configuration/nix-secrets"; + url = "git+file:./nix-secrets"; flake = false; }; @@ -104,6 +105,7 @@ system = "x86_64-linux"; modules = defaultModules ++ [ nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-gpu-intel ./hosts/Dimaga ]; }; @@ -112,6 +114,7 @@ system = "x86_64-linux"; modules = defaultModules ++ [ nixos-hardware.nixosModules.common-cpu-amd-pstate + nixos-hardware.nixosModules.common-gpu-amd ./hosts/Haven ]; }; diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index 1b9e004..ca57a20 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -19,7 +19,6 @@ in imports = [ ./hardware-configuration.nix ]; system.stateVersion = "24.05"; - system.autoUpgrade.enable = lib.mkForce false; host = { role = "server"; @@ -51,6 +50,7 @@ in enable = true; home = "/storage/services/airsonic-advanced"; }; + autoUpgrade.pushUpdates = true; boinc.enable = true; cache = { enable = false; # Disable for now @@ -114,4 +114,41 @@ in # Allow Haven to be a build target for other architectures (mainly ARM64) boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + # Automatically update Flake configuration for other hosts to use + systemd.services."nixos-update-flake" = { + serviceConfig = { + Type = "oneshot"; + User = config.users.users.aires.name; + }; + path = with pkgs; [ + # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 + coreutils + gnutar + xz.bin + gzip + git + config.nix.package.out + openssh + ]; + script = '' + set -eu + cd ${config.secrets.nixConfigFolder} + git pull --recurse-submodules + nix flake update + git add flake.lock + git diff --quiet && git diff --staged --quiet || git commit -am "Update flake.lock" && git push # Courtesy of https://stackoverflow.com/a/40255467 + ''; + }; + + systemd.timers."nixos-update-flake-timer" = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = "true"; + Unit = "nixos-update-flake.service"; + }; + }; } diff --git a/hosts/Shura/bluetooth/vitrix-pdp-pro-params b/hosts/Shura/bluetooth/vitrix-pdp-pro-params new file mode 100644 index 0000000..25a32b9 --- /dev/null +++ b/hosts/Shura/bluetooth/vitrix-pdp-pro-params @@ -0,0 +1,42 @@ +[General] +Name=Victrix Pro BFG +Appearance=0x03c4 +AddressType=public +SupportedTechnologies=LE; +Trusted=true +Blocked=false +WakeAllowed=true +Services=00001800-0000-1000-8000-00805f9b34fb;00001801-0000-1000-8000-00805f9b34fb;0000180a-0000-1000-8000-00805f9b34fb;0000180f-0000-1000-8000-00805f9b34fb;00001812-0000-1000-8000-00805f9b34fb;00001813-0000-1000-8000-00805f9b34fb;f95a48e6-a721-11e9-a2a3-022ae2dbcce4; + +[LongTermKey] +Key=F12268049C72EA0561E2E77DEA02AC12 +Authenticated=0 +EncSize=16 +EDiv=29996 +Rand=5139827239406697411 + +[PeripheralLongTermKey] +Key=CC60B7A9080383302B61EC2127E0D5CD +Authenticated=0 +EncSize=16 +EDiv=59630 +Rand=6653202288716901387 + +[SlaveLongTermKey] +Key=CC60B7A9080383302B61EC2127E0D5CD +Authenticated=0 +EncSize=16 +EDiv=59630 +Rand=6653202288716901387 + +[DeviceID] +Source=2 +Vendor=3695 +Product=587 +Version=768 + +[ConnectionParameters] +MinInterval=6 +MaxInterval=6 +Latency=0 +Timeout=300 \ No newline at end of file diff --git a/hosts/Shura/default.nix b/hosts/Shura/default.nix index a7b20a3..546befb 100644 --- a/hosts/Shura/default.nix +++ b/hosts/Shura/default.nix @@ -15,6 +15,9 @@ let mano-touchpad-bluetooth = pkgs.writeText "info" ( builtins.readFile ./bluetooth/mano-touchpad-bluetooth-params ); + vitrix-pdp-pro-bluetooth = pkgs.writeText "info" ( + builtins.readFile ./bluetooth/vitrix-pdp-pro-params + ); # Use gremlin user's monitor configuration for GDM (desktop monitor primary). See https://discourse.nixos.org/t/gdm-monitor-configuration/6356/4 monitorsXmlContent = builtins.readFile ./monitors.xml; @@ -75,6 +78,7 @@ in "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:0E:DD:72:2F:0C/info - - - - ${shure-aonic-bluetooth}" "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F4:6A:D7:3A:16:75/info - - - - ${xbox-elite-bluetooth}" "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F8:5D:3C:7D:9A:00/info - - - - ${mano-touchpad-bluetooth}" + "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:34:30:47:37:AB/info - - - - ${vitrix-pdp-pro-bluetooth}" ]; # Configure the virtual machine created by nixos-rebuild build-vm diff --git a/modules/base/programs.nix b/modules/base/programs.nix index ddd29d8..fbd58fa 100644 --- a/modules/base/programs.nix +++ b/modules/base/programs.nix @@ -17,7 +17,7 @@ nh = { enable = true; - flake = "${config.users.users.aires.home}/Development/nix-configuration"; + flake = "${config.secrets.nixConfigFolder}"; # Alternative garbage collection system to nix.gc.automatic clean = { diff --git a/modules/base/system.nix b/modules/base/system.nix index 35df0b1..f19e31b 100644 --- a/modules/base/system.nix +++ b/modules/base/system.nix @@ -26,15 +26,6 @@ }; }; - # Configure automatic updates - system.autoUpgrade = { - enable = true; - flake = "${config.users.users.aires.home}/Development/nix-configuration"; - dates = "daily"; - allowReboot = false; - operation = "switch"; - }; - services = { # Enable fwupd (firmware updater) fwupd.enable = true; diff --git a/modules/services/autoupgrade.nix b/modules/services/autoupgrade.nix new file mode 100644 index 0000000..d62fc99 --- /dev/null +++ b/modules/services/autoupgrade.nix @@ -0,0 +1,108 @@ +# Run automatic updates. Replaces system.autoUpgrade. +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.host.services.autoUpgrade; + + # List of packages to include in each service's $PATH + pathPkgs = with pkgs; [ + # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 + coreutils + git + gnutar + gzip + config.nix.package.out + nh + config.programs.ssh.package + sudo + xz.bin + ]; +in +{ + options = { + host.services.autoUpgrade = { + enable = lib.mkOption { + default = true; + type = lib.types.bool; + description = "Enables automatic system updates."; + }; + pushUpdates = lib.mkEnableOption ( + lib.mdDoc "Updates the flake.lock file and pushes it back to the repo." + ); + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + # Pull and apply updates. + systemd.services."nixos-upgrade" = { + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + path = pathPkgs; + script = '' + cd ${config.secrets.nixConfigFolder} + # Check if there are changes from Git. + echo "Pulling latest version..." + sudo -u aires git fetch + sudo -u aires git diff --quiet --exit-code main origin/main || true + # If we have changes (git diff returns 1), pull changes and run the update + if [ $? -eq 1 ]; then + echo "Updates found, running nixos-rebuild..." + sudo -u aires git pull --recurse-submodules + nh os switch + else + echo "No updates found. Exiting." + fi + ''; + }; + systemd.timers."nixos-upgrade-timer" = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = "true"; + Unit = "nixos-upgrade.service"; + }; + }; + }) + (lib.mkIf cfg.pushUpdates { + # Automatically update Flake configuration for other hosts to use + systemd.services."nixos-upgrade-flake" = { + serviceConfig = { + Type = "oneshot"; + User = config.users.users.aires.name; + }; + path = pathPkgs; + # Git diffing strategy courtesy of https://stackoverflow.com/a/40255467 + script = '' + set -eu + cd ${config.secrets.nixConfigFolder} + # Make sure we're up-to-date + echo "Pulling the latest version..." + git pull --recurse-submodules + nix flake update --commit-lock-file + git push + ''; + }; + + systemd.timers."nixos-upgrade-flake-timer" = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = "true"; + Unit = "nixos-upgrade-flake.service"; + }; + }; + }) + ]; +} diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 6e43a35..bab4501 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -72,11 +72,13 @@ in labels = [ "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/ "debian:docker://node:20-bullseye" + "ubuntu-latest:docker://ubuntu:latest" ]; settings = { # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml - container.validVolumes = "**"; + container.options = "-v /nix:/nix"; + container.validVolumes = [ "/nix" ]; }; }; }; @@ -96,6 +98,12 @@ in }; }; + # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/) + networking.firewall.interfaces.podman4 = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + systemd.services = { nginx.wants = [ config.systemd.services.forgejo.name ]; } // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; }; diff --git a/nix-secrets b/nix-secrets index f8a243d..42ddf14 160000 --- a/nix-secrets +++ b/nix-secrets @@ -1 +1 @@ -Subproject commit f8a243d7e9db4689bcfc7726df75d5725daf4b60 +Subproject commit 42ddf14d36d9fab1eb070f51fdf1991d1a21dde9