set branch for deplot to master

build and deploy colmena hive using gitea actions

.gitea/workflows/analysis.yaml

@@ -0,0 +1,15 @@
+on: [push]
+
+jobs:
+  analysis:
+    permissions:
+      contents: read
+      id-token: write
+    name: perform flake analysis
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: Check Nix flake inputs
+        uses: http://github.com/DeterminateSystems/flake-checker-action@main

.gitea/workflows/analysis.yml

@@ -1,14 +0,0 @@
-on: [push]
-
-jobs:
-  build:
-    name: Build Nix targets
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - uses: http://github.com/cachix/install-nix-action@v18
-      - uses: http://github.com/cachix/cachix-action@v12
-        with:
-          name: statix
-      - name: Check Nix flake inputs
-        uses: http://github.com/DeterminateSystems/flake-checker-action@main

.gitea/workflows/deploy.yaml

@@ -0,0 +1,42 @@
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  deploy:
+    permissions:
+      contents: read
+      id-token: write
+    name: build hive configuration
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - name: Restore and save Nix store
+        uses: nix-community/cache-nix-action@v6
+        with:
+          # restore and save a cache using this key
+          primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }}
+          # if there's no cache hit, restore a cache by this prefix
+          restore-prefixes-first-match: nix-${{ runner.os }}-
+          # collect garbage until the Nix store size (in bytes) is at most this number
+          # before trying to save a new cache
+          # 1G = 1073741824
+          gc-max-store-size-linux: 1G
+          # do purge caches
+          purge: true
+          # purge all versions of the cache
+          purge-prefixes: nix-${{ runner.os }}-
+          # created more than this number of seconds ago
+          purge-created: 60000
+          purge-primary-key: never
+      - name: Install SSH key
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.SSH_KEY }}
+          known_hosts: ${{ secrets.KNOWN_HOSTS }}
+      - uses: http://github.com/cachix/cachix-action@v16
+        with:
+          name: colmena
+      - run: nix run .#colmena apply

.gitea/workflows/deploy.yml

@@ -1,13 +0,0 @@
-on:
-  push:
-    branches:
-      - master
-      - test-deploy
-
-jobs:
-  build:
-    name: build hive configuration
-    runs-on: nix-latest
-    steps:
-      - uses: actions/checkout@v5
-      - run: nix run nixpkgs#colmena apply

flake.lock

@@ -340,36 +340,6 @@
       }
     },
     "nixpkgs_7": {
-      "locked": {
-        "lastModified": 1744440957,
-        "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_8": {
-      "locked": {
-        "lastModified": 1744463964,
-        "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
-        "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
-        "revCount": 782401,
-        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.782401%2Brev-2631b0b7abcea6e640ce31cd78ea58910d31e650/01962c8a-63c4-7abd-a3df-63a17b548cc7/source.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
-      }
-    },
-    "nixpkgs_9": {
       "locked": {
         "lastModified": 1736549401,
         "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=",
@@ -385,56 +355,6 @@
         "type": "github"
       }
     },
-    "pyproject-build-systems": {
-      "inputs": {
-        "nixpkgs": [
-          "striped-back",
-          "nixpkgs"
-        ],
-        "pyproject-nix": [
-          "striped-back",
-          "pyproject-nix"
-        ],
-        "uv2nix": [
-          "striped-back",
-          "uv2nix"
-        ]
-      },
-      "locked": {
-        "lastModified": 1744599653,
-        "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
-        "owner": "pyproject-nix",
-        "repo": "build-system-pkgs",
-        "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "pyproject-nix",
-        "repo": "build-system-pkgs",
-        "type": "github"
-      }
-    },
-    "pyproject-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "striped-back",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1743438845,
-        "narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=",
-        "owner": "pyproject-nix",
-        "repo": "pyproject.nix",
-        "rev": "8063ec98edc459571d042a640b1c5e334ecfca1e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "pyproject-nix",
-        "repo": "pyproject.nix",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -444,8 +364,6 @@
         "nix-minecraft": "nix-minecraft",
         "nixpkgs": "nixpkgs_5",
         "shoblog-front": "shoblog-front",
-        "striped-back": "striped-back",
-        "striped-front": "striped-front",
         "testing-grounds": "testing-grounds",
         "unstable": "unstable"
       }
@@ -484,45 +402,6 @@
         "type": "github"
       }
     },
-    "striped-back": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_7",
-        "pyproject-build-systems": "pyproject-build-systems",
-        "pyproject-nix": "pyproject-nix",
-        "uv2nix": "uv2nix"
-      },
-      "locked": {
-        "lastModified": 1748719386,
-        "narHash": "sha256-nyXHemXPEKnqIVIYIorSbt64zRwMvijyGQGCW3zUUkc=",
-        "ref": "refs/heads/master",
-        "rev": "bdfd6f1f4aac6a00ae4509f14b3a63c84d169edf",
-        "revCount": 8,
-        "type": "git",
-        "url": "ssh://git@gitlab.com/striped1/striped-back"
-      },
-      "original": {
-        "type": "git",
-        "url": "ssh://git@gitlab.com/striped1/striped-back"
-      }
-    },
-    "striped-front": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_8"
-      },
-      "locked": {
-        "lastModified": 1748718798,
-        "narHash": "sha256-KUxbrUjRfuKjkJZLzKr11WEXLfPs38YrW/CMG6XbnbY=",
-        "ref": "refs/heads/master",
-        "rev": "a553f10147dad9e41829f67b247817a079f6f671",
-        "revCount": 11,
-        "type": "git",
-        "url": "ssh://git@gitlab.com/striped1/striped-front"
-      },
-      "original": {
-        "type": "git",
-        "url": "ssh://git@gitlab.com/striped1/striped-front"
-      }
-    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
@@ -555,7 +434,7 @@
     },
     "testing-grounds": {
       "inputs": {
-        "nixpkgs": "nixpkgs_9"
+        "nixpkgs": "nixpkgs_7"
       },
       "locked": {
         "lastModified": 1755527993,
@@ -586,31 +465,6 @@
         "repo": "nixpkgs",
         "type": "github"
       }
-    },
-    "uv2nix": {
-      "inputs": {
-        "nixpkgs": [
-          "striped-back",
-          "nixpkgs"
-        ],
-        "pyproject-nix": [
-          "striped-back",
-          "pyproject-nix"
-        ]
-      },
-      "locked": {
-        "lastModified": 1744797880,
-        "narHash": "sha256-gt9JBkYjZAEvGwCG7RMAAAr0j2RsaRmOMj/vV0briXk=",
-        "owner": "pyproject-nix",
-        "repo": "uv2nix",
-        "rev": "3583e037163491ecd833f1d5d3eedf3869543c5d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "pyproject-nix",
-        "repo": "uv2nix",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -18,8 +18,8 @@
     nix-minecraft.url = "github:Infinidoge/nix-minecraft";
     testing-grounds.url = "gitlab:shobu13/testing-grounds";
     shoblog-front.url = "gitlab:shobu13/shoblog";
-    striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front";
-    striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back";
+    # striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front";
+    # striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back";
     
     copyparty.url = "github:9001/copyparty";
 
@@ -38,8 +38,8 @@
     disko,
     
     shoblog-front,
-    striped-front,
-    striped-back,
+    # striped-front,
+    # striped-back,
     nix-minecraft,
     testing-grounds,
     copyparty,
@@ -109,5 +109,9 @@
           '';
         };
       });
+
+      packages = forEachSupportedSystem ({pkgs}: {
+        inherit (colmena.packages."${pkgs.system}") colmena;
+      });
     };
 }

hosts/sin/homepage.nix

@@ -1,12 +1,12 @@
-
-{inputs, pkgs, ...}: {
+{ inputs, pkgs, ... }:
+{
   services.homepage-dashboard = {
     enable = true;
     openFirewall = true;
     allowedHosts = "dashboard.shobu.fr";
     settings = {
       title = "Shobu's homelab dashboard";
-      description = "a dashboard of free and wesome bullshit";
+      description = "a dashboard of free and awesome bullshit";
       startUrl = "https://dashboard.shobu.fr";
       base = "https://dashboard.shobu.fr";
       headerStyle = "boxed";
@@ -16,7 +16,7 @@
       };
 
       layout = [
-        {"resources" = {};}
+        { "resources" = { }; }
         {
           "about me stuff" = {
             tab = "Public";
@@ -44,7 +44,7 @@
     widgets = [
       {
         greeting = {
-          text = "Welcome on my services and links dashboard, make yourself home.";
+          text = "Welcome on my services and links dashboard, make yourself home. :3";
         };
       }
       {

hosts/thea/nginx.nix

@@ -1,6 +1,6 @@
 {inputs, ...}:
 let
-  striped-front = inputs.striped-front;
+  # striped-front = inputs.striped-front;
 
   sin-address = "192.168.1.14";
 in {
@@ -77,12 +77,12 @@ in {
             '';
           };
         };
-        "striped.shobu.fr" = {
-          enableACME = true;
-          forceSSL = true;
+        # "striped.shobu.fr" = {
+        #   enableACME = true;
+        #   forceSSL = true;
 
-          root = "${striped-front.packages.x86_64-linux.default}/dist";
-        };
+        #   root = "${striped-front.packages.x86_64-linux.default}/dist";
+        # };
         "dashboard.shobu.fr" = {
           enableACME = true;
           forceSSL = true;

modules/gitea/thea/default.nix

@@ -1,29 +1,56 @@
-{nodes, ...}:let
+{
+  nodes,
+  inputs,
+  pkgs,
+  ...
+}:
+let
   sin-address = "192.168.1.14";
-in{
+  unstable = import inputs.unstable { system = pkgs.system; };
+in
+{
   imports = [
     ./virtualisation.nix
   ];
-  networking.nat.forwardPorts = [{
-    sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT;
-    proto = "tcp";
-    destination = "${sin-address}:22";  
-  }];
+  networking.nat.forwardPorts = [
+    {
+      sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT;
+      proto = "tcp";
+      destination = "${sin-address}:22";
+    }
+  ];
 
-  services.gitea-actions-runner.instances = {
-    "gitea.shobu.fr-runner" = {
-      enable = true;
-      name = "gitea.shobu.fr-runner";
-      url = nodes.sin.config.services.gitea.settings.server.ROOT_URL;
-      token = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW";
-      labels = [
-        "debian-latest:docker://debian:latest"
-        "ubuntu-latest:docker://ubuntu:latest"
-        "nix-latest:docker://nixos/nix:latest"
-        "debian-latest:docker://node:18-bullseye"
-        "ubuntu-latest:docker://node:18-bullseye"
-        #"native:host"
-      ];
-    };
-  };
+  services.gitea-actions-runner.package = unstable.gitea-actions-runner;
+
+  # services.gitea-actions-runner.instances = {
+  #   "gitea.shobu.fr-runner" = {
+  #     enable = true;
+  #     name = "gitea.shobu.fr-runner";
+  #     url = nodes.sin.config.services.gitea.settings.server.ROOT_URL;
+  #     token = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW";
+  #     labels = [
+  #       "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
+  #     ];
+  #     settings = {
+  #       cache = {
+  #         # Enable cache server to use actions/cache.
+  #         enabled = true;
+  #         # The directory to store the cache data.
+  #         # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  #         dir = "";
+  #         # The host of the cache server.
+  #         # It's not for the address to listen, but the address to connect from job containers.
+  #         # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  #         host = "";
+  #         # The port of the cache server.
+  #         # 0 means to use a random available port.
+  #         port = 0;
+  #         # The external cache server URL. Valid only when enable is true.
+  #         # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  #         # The URL should generally end with "/".
+  #         external_server = "";
+  #       };
+  #     };
+  #   };
+  # };
 }

modules/gitea/thea/virtualisation.nix

@@ -1,4 +1,5 @@
-{nodes, pkgs, ...}: {
+{ nodes, pkgs, ... }:
+{
   systemd.sockets.podman.socketConfig.Symlinks = [
     "/run/docker.sock"
   ];
@@ -15,32 +16,34 @@
     };
   };
 
-  # virtualisation.oci-containers.containers = let
-  #   runner_config = pkgs.writeTextFile {
-  #     name = "config.yml";
-  #     text = ''
-  #         container:
-  #           network: "host"
-  #       '';
-  #   };
-  # in {
-  #   gitea-runner = {
-  #     image = "gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944";
-  #     autoStart = true;
+  virtualisation.oci-containers.containers =
+    let
+      runner_config = pkgs.writeTextFile {
+        name = "config.yml";
+        text = ''
+          container:
+            network: "host"
+        '';
+      };
+    in
+    {
+      gitea-runner = {
+        image = "gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944";
+        autoStart = true;
 
-  #     # capabilities = {
-  #     #   NET_RAW = true;
-  #     # };
+        # capabilities = {
+        #   NET_RAW = true;
+        # };
 
-  #     environment = {
-  #       GITEA_INSTANCE_URL = nodes.sin.config.services.gitea.settings.server.ROOT_URL;
-  #       GITEA_RUNNER_REGISTRATION_TOKEN = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW";
-  #       CONFIG_FILE = "/config.yml";
-  #     };
-  #     volumes = [
-  #       "/var/run/docker.sock:/var/run/docker.sock"
-  #       "${runner_config}:/config.yml:ro"
-  #     ];
-  #   };
-  # };
+        environment = {
+          GITEA_INSTANCE_URL = nodes.sin.config.services.gitea.settings.server.ROOT_URL;
+          GITEA_RUNNER_REGISTRATION_TOKEN = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW";
+          CONFIG_FILE = "/config.yml";
+        };
+        volumes = [
+          "/var/run/docker.sock:/var/run/docker.sock"
+          "${runner_config}:/config.yml:ro"
+        ];
+      };
+    };
 }