all: add ci config / setup

configs/ci.nix

@@ -13,8 +13,8 @@ with lib; {
     };
   };
 
+  imports = [ ../modules/ts-rev-prox.nix ];
   config = mkIf config.xinCI.enable {
-    imports = [ ../../modules/ts-rev-prox.nix ];
     sops.defaultSopsFile = config.xin-secrets.ci;
     sops.secrets = {
       ci_ed25519_key = {

default.nix

@@ -18,6 +18,7 @@ let
   };
 in {
   imports = [
+    ./configs/ci.nix
     ./configs/colemak.nix
     ./configs/develop.nix
     ./configs/dns.nix
@@ -129,6 +130,16 @@ in {
       };
     };
 
+    nix = {
+      settings = if config.networking.hostName != "pwntie" then {
+        substituters = [ "https://nix-binary-cache.humpback-trout.ts.net/" ];
+        trusted-public-keys = [
+          "nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
+        ];
+      } else
+        { };
+    };
+
     environment.systemPackages = with pkgs;
       [
         age

flake.nix

@@ -66,6 +66,10 @@
       url = "github:qbit/po";
       inputs.nixpkgs.follows = "unstable";
     };
+    tsRevProx = {
+      url = "github:qbit/ts-reverse-proxy";
+      inputs.nixpkgs.follows = "unstable";
+    };
 
     mcchunkie = {
       url = "github:qbit/mcchunkie";
@@ -90,8 +94,8 @@
 
   outputs = { self, unstable, unstableSmall, stable, oldStable, nixos-hardware
     , reform, sshKnownHosts, microca, gostart, xintray, tsvnstat, pots, po
-    , taskobs, mcchunkie, gqrss, darwin, xin-secrets, talon, peerix, ...
+    , tsRevProx, taskobs, mcchunkie, gqrss, darwin, xin-secrets, talon, peerix
-    }@inputs:
+    , ... }@inputs:
     let
       supportedSystems = [ "x86_64-linux" ];
       #[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
@@ -118,6 +122,7 @@
         inputs.reform.overlay
         inputs.gostart.overlay
         inputs.pots.overlay
+        inputs.tsRevProx.overlay
         inputs.talon.overlays.default
       ];
 
@@ -294,6 +299,7 @@
           inherit (tsvnstat.packages.${system}) tsvnstat;
           inherit (pots.packages.${system}) pots;
           inherit (po.packages.${system}) po;
+          inherit (tsRevProx.packages.${system}) ts-reverse-proxy;
         });
 
       templates."ada" = {

hosts/pwntie/default.nix

@@ -55,6 +55,11 @@ in {
 
   environment.systemPackages = with pkgs; [ neovim nixfmt jq ];
 
+  xinCI = {
+    user = "qbit";
+    enable = true;
+  };
+
   services = {
     emacs = {
       enable = true;

modules/ts-rev-prox.nix

@@ -68,7 +68,7 @@ in {
     };
   };
 
-  config = lib.mkIf (cfg.enable) {
+  config = lib.mkIf cfg.enable {
     users.groups.${cfg.group} = { };
     users.users.${cfg.user} = {
       description = "tsrevprox service user";
@@ -91,7 +91,9 @@ in {
         Group = cfg.group;
 
         ExecStart =
-          "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${toString cfg.reversePort} -ip ${cfg.reverseIP}";
+          "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
+            toString cfg.reversePort
+          } -ip ${cfg.reverseIP}";
         EnvironmentFile = cfg.envFile;
       };
     };

templates/go/flake.nix

@@ -10,6 +10,8 @@
       forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
       nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
     in {
+      overlay = final: prev: { inherit (self.packages.${prev.system}) thing; };
+
       packages = forAllSystems (system:
         let pkgs = nixpkgsFor.${system};
         in {