all: add ci config / setup

2023-01-31 12:55:24 -07:00 · 2023-01-31 12:55:24 -07:00 · c39629e62d
commit c39629e62d
parent c4e50ba989
6 changed files with 32 additions and 6 deletions
--- a/configs/ci.nix
+++ b/configs/ci.nix
@ -13,8 +13,8 @@ with lib; {
    };
  };

+  imports = [ ../modules/ts-rev-prox.nix ];
  config = mkIf config.xinCI.enable {
-    imports = [ ../../modules/ts-rev-prox.nix ];
    sops.defaultSopsFile = config.xin-secrets.ci;
    sops.secrets = {
      ci_ed25519_key = {
--- a/default.nix
+++ b/default.nix
@ -18,6 +18,7 @@ let
  };
 in {
  imports = [
+    ./configs/ci.nix
    ./configs/colemak.nix
    ./configs/develop.nix
    ./configs/dns.nix
@ -129,6 +130,16 @@ in {
      };
    };

+    nix = {
+      settings = if config.networking.hostName != "pwntie" then {
+        substituters = [ "https://nix-binary-cache.humpback-trout.ts.net/" ];
+        trusted-public-keys = [
+          "nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
+        ];
+      } else
+        { };
+    };
+
    environment.systemPackages = with pkgs;
      [
        age
--- a/flake.nix
+++ b/flake.nix
@ -66,6 +66,10 @@
      url = "github:qbit/po";
      inputs.nixpkgs.follows = "unstable";
    };
+    tsRevProx = {
+      url = "github:qbit/ts-reverse-proxy";
+      inputs.nixpkgs.follows = "unstable";
+    };

    mcchunkie = {
      url = "github:qbit/mcchunkie";
@ -90,8 +94,8 @@

  outputs = { self, unstable, unstableSmall, stable, oldStable, nixos-hardware
    , reform, sshKnownHosts, microca, gostart, xintray, tsvnstat, pots, po
-    , taskobs, mcchunkie, gqrss, darwin, xin-secrets, talon, peerix, ...
-    }@inputs:
+    , tsRevProx, taskobs, mcchunkie, gqrss, darwin, xin-secrets, talon, peerix
+    , ... }@inputs:
    let
      supportedSystems = [ "x86_64-linux" ];
      #[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
@ -118,6 +122,7 @@
        inputs.reform.overlay
        inputs.gostart.overlay
        inputs.pots.overlay
+        inputs.tsRevProx.overlay
        inputs.talon.overlays.default
      ];

@ -294,6 +299,7 @@
          inherit (tsvnstat.packages.${system}) tsvnstat;
          inherit (pots.packages.${system}) pots;
          inherit (po.packages.${system}) po;
+          inherit (tsRevProx.packages.${system}) ts-reverse-proxy;
        });

      templates."ada" = {
--- a/hosts/pwntie/default.nix
+++ b/hosts/pwntie/default.nix
@ -55,6 +55,11 @@ in {

  environment.systemPackages = with pkgs; [ neovim nixfmt jq ];

+  xinCI = {
+    user = "qbit";
+    enable = true;
+  };
+
  services = {
    emacs = {
      enable = true;
--- a/modules/ts-rev-prox.nix
+++ b/modules/ts-rev-prox.nix
@ -26,7 +26,7 @@ in {
        default = "tsrevprox";
        description = ''
          Name used in for the front facing http server (will be a tailscale name).
-          '';
+        '';
      };

      user = mkOption {
@ -68,7 +68,7 @@ in {
    };
  };

-  config = lib.mkIf (cfg.enable) {
+  config = lib.mkIf cfg.enable {
    users.groups.${cfg.group} = { };
    users.users.${cfg.user} = {
      description = "tsrevprox service user";
@ -91,7 +91,9 @@ in {
        Group = cfg.group;

        ExecStart =
-          "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${toString cfg.reversePort} -ip ${cfg.reverseIP}";
+          "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
+            toString cfg.reversePort
+          } -ip ${cfg.reverseIP}";
        EnvironmentFile = cfg.envFile;
      };
    };
--- a/templates/go/flake.nix
+++ b/templates/go/flake.nix
@ -10,6 +10,8 @@
      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
    in {
+      overlay = final: prev: { inherit (self.packages.${prev.system}) thing; };
+
      packages = forAllSystems (system:
        let pkgs = nixpkgsFor.${system};
        in {