store path to docker exec and correct key in gitea runner conf

This reverts commit 009dc9373f.

.gitea/workflows/deploy.yaml

@@ -11,26 +11,8 @@ jobs:
     name: build hive configuration
     runs-on: ubuntu-22.04
     steps:
+      - uses: cachix/install-nix-action@v31
       - uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-      - name: Restore and save Nix store
-        uses: nix-community/cache-nix-action@v6
-        with:
-          # restore and save a cache using this key
-          primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }}
-          # if there's no cache hit, restore a cache by this prefix
-          restore-prefixes-first-match: nix-${{ runner.os }}-
-          # collect garbage until the Nix store size (in bytes) is at most this number
-          # before trying to save a new cache
-          # 1G = 1073741824
-          gc-max-store-size-linux: 1G
-          # do purge caches
-          purge: true
-          # purge all versions of the cache
-          purge-prefixes: nix-${{ runner.os }}-
-          # created more than this number of seconds ago
-          purge-created: 60000
-          purge-primary-key: never
       - name: Install SSH key
         uses: shimataro/ssh-key-action@v2
         with:

hosts/sin/configuration.nix

@@ -2,6 +2,7 @@
   modulesPath,
   lib,
   pkgs,
+  config,
   ...
 }:
 {
@@ -51,18 +52,25 @@
 
   time.timeZone = "Europe/Paris";
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
   nixpkgs.config.allowUnfree = true;
 
   users.users = {
     zimablade = {
       isNormalUser = true;
       extraGroups = [ "wheel" ];
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos"
+      ];
     };
     shobu = {
       isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos"
+      ];
     };
   };
 
@@ -71,10 +79,12 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos"
   ];
 
-  environment.systemPackages = map lib.lowPrio [
+  environment.systemPackages =
+    map lib.lowPrio [
       pkgs.curl
       pkgs.gitMinimal
-  ] ++ (with pkgs; [
+    ]
+    ++ (with pkgs; [
       helix
       httpie
       btop

hosts/sin/copyparty.nix

@@ -1,17 +1,22 @@
-{inputs, pkgs, ...}: {
+{ inputs, pkgs, config, ... }:
+{
   imports = [ inputs.copyparty.nixosModules.default ];
   nixpkgs.overlays = [ inputs.copyparty.overlays.default ];
   environment.systemPackages = [ pkgs.copyparty ];
   services.copyparty = {
     enable = true;
 
+    group = "starr";
+
     settings = {
       p = [ 8086 ];
       e2dsa = true;
       e2ts = true;
       z = true;
       qr = true;
+      xff-hdr = "X-Real-IP";
       xff-src = "lan";
+      rproxy = 1;
       http-only = true;
       og = true;
       shr = "/shares";

hosts/sin/ollama.nix

@@ -0,0 +1,21 @@
+{ inputs, ... }:
+{
+  # virtualisation.docker = {
+  #   enable = true;
+  #   storageDriver = "btrfs";
+  # };
+
+  services.ollama = {
+    enable = true;
+    openFirewall = true;
+    loadModels = [ ];
+    acceleration = "cuda";
+  };
+
+  services.open-webui = {
+    enable = true;
+    openFirewall = true;
+    host = "0.0.0.0";
+    port = 8050;
+  };
+}

hosts/sin/transmission.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, nixpkgs, lib, ... }:
+{
 
   users.users."starr" = {
     extraGroups = [ "transmission" ];
@@ -14,13 +15,32 @@
     transmission.gid = 989;
   };
 
-  virtualisation.oci-containers = let
+  systemd.services = {
+    docker-transmission-network = {
+      after = [
+        "network.target"
+        "docker-gluetun.service"
+        "docker-transmission.service"
+      ];
+      wantedBy = [
+        "docker-gluetun.service"
+        "docker-transmission.service"
+      ];
+      serviceConfig = {
+        ExecStart = "${lib.getExe nixpkgs.docker} network create docker-transmission";
+      };
+    };
+  };
+
+  virtualisation.oci-containers =
+    let
       peerport = "63369";
-  in {
+    in
+    {
       backend = "docker";
       containers = {
         gluetun = {
-        image = "qmcgaw/gluetun";
+          image = "qmcgasw/gluetun";
           environment = {
             VPN_SERVICE_PROVIDER = "airvpn";
             VPN_TYPE = "wireguard";
@@ -36,6 +56,7 @@
           extraOptions = [
             "--cap-add=NET_ADMIN"
             "--device=/dev/net/tun"
+            "--network=docker-transmission"
           ];
           ports = [
             "13277:13277"
@@ -56,7 +77,7 @@
             "gluetun"
           ];
           extraOptions = [
-          "--network=container:gluetun"
+            "--network=docker-transmission"
           ];
           environment = {
             PUID = toString config.users.users.transmission.uid;

hosts/thea/nginx.nix

@@ -3,9 +3,14 @@ let
   # striped-front = inputs.striped-front;
 
   sin-address = "192.168.1.14";
-in {
+in
+{
 
-  networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+    8448
+  ];
 
   services.nginx = {
     enable = true;
@@ -105,6 +110,9 @@ in {
 
             locations."/" = {
               proxyPass = "http://${sin-address}:8086";
+              extraConfig = ''
+                proxy_set_header X-Real-IP $remote_addr;
+              '';
             };
           };
           # "matrix.shobu.fr" = {

modules/gitea/thea/virtualisation.nix

@@ -23,6 +23,8 @@
         text = ''
           container:
             network: "host"
+            valid_volumes:
+              - "/nix/store:/nix/store"
         '';
       };
     in