diff --git a/configs/ci.nix b/configs/ci.nix index 8c6d22e..d60c208 100644 --- a/configs/ci.nix +++ b/configs/ci.nix @@ -13,8 +13,8 @@ with lib; { }; }; + imports = [ ../modules/ts-rev-prox.nix ]; config = mkIf config.xinCI.enable { - imports = [ ../../modules/ts-rev-prox.nix ]; sops.defaultSopsFile = config.xin-secrets.ci; sops.secrets = { ci_ed25519_key = { diff --git a/default.nix b/default.nix index 3b8d1f1..5f9351f 100644 --- a/default.nix +++ b/default.nix @@ -18,6 +18,7 @@ let }; in { imports = [ + ./configs/ci.nix ./configs/colemak.nix ./configs/develop.nix ./configs/dns.nix @@ -129,6 +130,16 @@ in { }; }; + nix = { + settings = if config.networking.hostName != "pwntie" then { + substituters = [ "https://nix-binary-cache.humpback-trout.ts.net/" ]; + trusted-public-keys = [ + "nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0=" + ]; + } else + { }; + }; + environment.systemPackages = with pkgs; [ age diff --git a/flake.nix b/flake.nix index ed184b0..6c44e91 100644 --- a/flake.nix +++ b/flake.nix @@ -66,6 +66,10 @@ url = "github:qbit/po"; inputs.nixpkgs.follows = "unstable"; }; + tsRevProx = { + url = "github:qbit/ts-reverse-proxy"; + inputs.nixpkgs.follows = "unstable"; + }; mcchunkie = { url = "github:qbit/mcchunkie"; @@ -90,8 +94,8 @@ outputs = { self, unstable, unstableSmall, stable, oldStable, nixos-hardware , reform, sshKnownHosts, microca, gostart, xintray, tsvnstat, pots, po - , taskobs, mcchunkie, gqrss, darwin, xin-secrets, talon, peerix, ... - }@inputs: + , tsRevProx, taskobs, mcchunkie, gqrss, darwin, xin-secrets, talon, peerix + , ... }@inputs: let supportedSystems = [ "x86_64-linux" ]; #[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; @@ -118,6 +122,7 @@ inputs.reform.overlay inputs.gostart.overlay inputs.pots.overlay + inputs.tsRevProx.overlay inputs.talon.overlays.default ]; @@ -294,6 +299,7 @@ inherit (tsvnstat.packages.${system}) tsvnstat; inherit (pots.packages.${system}) pots; inherit (po.packages.${system}) po; + inherit (tsRevProx.packages.${system}) ts-reverse-proxy; }); templates."ada" = { diff --git a/hosts/pwntie/default.nix b/hosts/pwntie/default.nix index 16b9a20..e5174b0 100644 --- a/hosts/pwntie/default.nix +++ b/hosts/pwntie/default.nix @@ -55,6 +55,11 @@ in { environment.systemPackages = with pkgs; [ neovim nixfmt jq ]; + xinCI = { + user = "qbit"; + enable = true; + }; + services = { emacs = { enable = true; diff --git a/modules/ts-rev-prox.nix b/modules/ts-rev-prox.nix index 0f7838f..b0487a2 100644 --- a/modules/ts-rev-prox.nix +++ b/modules/ts-rev-prox.nix @@ -26,7 +26,7 @@ in { default = "tsrevprox"; description = '' Name used in for the front facing http server (will be a tailscale name). - ''; + ''; }; user = mkOption { @@ -68,7 +68,7 @@ in { }; }; - config = lib.mkIf (cfg.enable) { + config = lib.mkIf cfg.enable { users.groups.${cfg.group} = { }; users.users.${cfg.user} = { description = "tsrevprox service user"; @@ -91,7 +91,9 @@ in { Group = cfg.group; ExecStart = - "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${toString cfg.reversePort} -ip ${cfg.reverseIP}"; + "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${ + toString cfg.reversePort + } -ip ${cfg.reverseIP}"; EnvironmentFile = cfg.envFile; }; }; diff --git a/templates/go/flake.nix b/templates/go/flake.nix index c836e94..0fb4a3d 100644 --- a/templates/go/flake.nix +++ b/templates/go/flake.nix @@ -10,6 +10,8 @@ forAllSystems = nixpkgs.lib.genAttrs supportedSystems; nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); in { + overlay = final: prev: { inherit (self.packages.${prev.system}) thing; }; + packages = forAllSystems (system: let pkgs = nixpkgsFor.${system}; in {