Compare commits
4 Commits
ustetind-g
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
850d0b0ec5
|
|||
|
02792fc20e
|
|||
| 40dd069a52 | |||
|
04a838fc62
|
20
flake.nix
20
flake.nix
@ -33,13 +33,13 @@
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
|
||||
let
|
||||
nixlib = nixpkgs.lib;
|
||||
inherit (nixpkgs) lib;
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
"aarch64-darwin"
|
||||
];
|
||||
forAllSystems = f: nixlib.genAttrs systems f;
|
||||
forAllSystems = f: lib.genAttrs systems f;
|
||||
allMachines = builtins.attrNames self.nixosConfigurations;
|
||||
importantMachines = [
|
||||
"bekkalokk"
|
||||
@ -49,11 +49,11 @@
|
||||
"ildkule"
|
||||
];
|
||||
in {
|
||||
inputs = nixlib.mapAttrs (_: src: src.outPath) inputs;
|
||||
inputs = lib.mapAttrs (_: src: src.outPath) inputs;
|
||||
|
||||
nixosConfigurations = let
|
||||
unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
|
||||
nixosConfig = nixpkgs: name: config: nixpkgs.lib.nixosSystem (nixpkgs.lib.recursiveUpdate
|
||||
nixosConfig = nixpkgs: name: config: lib.nixosSystem (lib.recursiveUpdate
|
||||
rec {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {
|
||||
@ -156,19 +156,19 @@
|
||||
in rec {
|
||||
default = important-machines;
|
||||
important-machines = pkgs.linkFarm "important-machines"
|
||||
(nixlib.getAttrs importantMachines self.packages.x86_64-linux);
|
||||
(lib.getAttrs importantMachines self.packages.x86_64-linux);
|
||||
all-machines = pkgs.linkFarm "all-machines"
|
||||
(nixlib.getAttrs allMachines self.packages.x86_64-linux);
|
||||
(lib.getAttrs allMachines self.packages.x86_64-linux);
|
||||
|
||||
simplesamlphp = pkgs.callPackage ./packages/simplesamlphp { };
|
||||
|
||||
} //
|
||||
(nixlib.pipe null [
|
||||
(lib.pipe null [
|
||||
(_: pkgs.callPackage ./packages/mediawiki-extensions { })
|
||||
(nixlib.flip builtins.removeAttrs ["override" "overrideDerivation"])
|
||||
(nixlib.mapAttrs' (name: nixlib.nameValuePair "mediawiki-${name}"))
|
||||
(lib.flip builtins.removeAttrs ["override" "overrideDerivation"])
|
||||
(lib.mapAttrs' (name: lib.nameValuePair "mediawiki-${name}"))
|
||||
])
|
||||
// nixlib.genAttrs allMachines
|
||||
// lib.genAttrs allMachines
|
||||
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel);
|
||||
};
|
||||
};
|
||||
|
||||
@ -27,6 +27,7 @@ in
|
||||
users.users."gitea-web" = {
|
||||
group = "gitea-web";
|
||||
isSystemUser = true;
|
||||
shell = pkgs.bash;
|
||||
};
|
||||
|
||||
sops.secrets."gitea/web-secret-provider/token" = {
|
||||
@ -58,6 +59,7 @@ in
|
||||
key-dir = "/var/lib/gitea-web/keys/%i";
|
||||
authorized-keys-path = "/var/lib/gitea-web/authorized_keys.d/%i";
|
||||
rrsync-script = pkgs.writeShellScript "rrsync-chown" ''
|
||||
mkdir -p "$1"
|
||||
${lib.getExe pkgs.rrsync} -wo "$1"
|
||||
${pkgs.coreutils}/bin/chown -R gitea-web:gitea-web "$1"
|
||||
'';
|
||||
|
||||
@ -34,7 +34,21 @@ def get_org_repo_list(args: argparse.Namespace, token: str):
|
||||
f"{args.api_url}/orgs/{args.org}/repos",
|
||||
headers = { 'Authorization': 'token ' + token },
|
||||
)
|
||||
return [repo["name"] for repo in result.json()]
|
||||
|
||||
results = [repo["name"] for repo in result.json()]
|
||||
target = int(result.headers['X-Total-Count'])
|
||||
|
||||
i = 2
|
||||
while len(results) < target:
|
||||
result = requests.get(
|
||||
f"{args.api_url}/orgs/{args.org}/repos",
|
||||
params = { 'page': i },
|
||||
headers = { 'Authorization': 'token ' + token },
|
||||
)
|
||||
results += [repo["name"] for repo in result.json()]
|
||||
i += 1
|
||||
|
||||
return results
|
||||
|
||||
|
||||
def generate_ssh_key(args: argparse.Namespace, repository: str):
|
||||
|
||||
@ -16,19 +16,28 @@
|
||||
networking.hostName = "ustetind";
|
||||
|
||||
networking.useHostResolvConf = lib.mkForce false;
|
||||
# systemd.network.enable = lib.mkForce false;
|
||||
# networking.useDHCP = lib.mkForce true;
|
||||
# networking.address = with values.hosts.georg; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||
|
||||
systemd.network.networks."30-lxc-veth" = values.defaultNetworkConfig // {
|
||||
matchConfig = {
|
||||
Type = "ether";
|
||||
Kind = "veth";
|
||||
Name = [
|
||||
"eth*"
|
||||
];
|
||||
systemd.network.networks = {
|
||||
"30-lxc-eth" = values.defaultNetworkConfig // {
|
||||
matchConfig = {
|
||||
Type = "ether";
|
||||
Kind = "veth";
|
||||
Name = [
|
||||
"eth*"
|
||||
];
|
||||
};
|
||||
address = with values.hosts.ustetind; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||
};
|
||||
"40-podman-veth" = values.defaultNetworkConfig // {
|
||||
matchConfig = {
|
||||
Type = "ether";
|
||||
Kind = "veth";
|
||||
Name = [
|
||||
"veth*"
|
||||
];
|
||||
};
|
||||
DHCP = "yes";
|
||||
};
|
||||
address = with values.hosts.ustetind; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||
};
|
||||
|
||||
system.stateVersion = "24.11";
|
||||
|
||||
@ -27,5 +27,15 @@ lib.mkMerge [
|
||||
(mkRunner "alpha")
|
||||
(mkRunner "beta")
|
||||
(mkRunner "epsilon")
|
||||
{ virtualisation.podman.enable = true; }
|
||||
{
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
autoPrune.enable = true;
|
||||
};
|
||||
|
||||
networking.dhcpcd.IPv6rs = false;
|
||||
|
||||
networking.firewall.interfaces."podman+".allowedUDPPorts = [53 5353];
|
||||
}
|
||||
]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user