add krusader
This commit is contained in:
parent
6ef4d1a932
commit
7ce20c3d2c
2 changed files with 32 additions and 58 deletions
|
|
@ -1,10 +1,5 @@
|
||||||
{
|
{ config, pkgs, inputs, lib, ... }:
|
||||||
config,
|
let
|
||||||
pkgs,
|
|
||||||
inputs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
agentPort = 9000;
|
agentPort = 9000;
|
||||||
domain = "ci.cyplo.dev";
|
domain = "ci.cyplo.dev";
|
||||||
uid = 2061;
|
uid = 2061;
|
||||||
|
|
@ -21,8 +16,7 @@
|
||||||
woodpeckerNixStorePath = "/var/lib/woodpecker/nix-store";
|
woodpeckerNixStorePath = "/var/lib/woodpecker/nix-store";
|
||||||
woodpeckerAgentContainer = {
|
woodpeckerAgentContainer = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
forwardPorts = [
|
forwardPorts = [ ];
|
||||||
];
|
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"${woodpeckerEnvSecretPath}" = {
|
"${woodpeckerEnvSecretPath}" = {
|
||||||
hostPath = "${woodpeckerEnvSecretPath}";
|
hostPath = "${woodpeckerEnvSecretPath}";
|
||||||
|
|
@ -37,12 +31,7 @@
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = {
|
config = { config, pkgs, lib, ... }: {
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
users = {
|
users = {
|
||||||
mutableUsers = false;
|
mutableUsers = false;
|
||||||
|
|
@ -55,17 +44,17 @@
|
||||||
};
|
};
|
||||||
groups."${systemGroupName}" = {
|
groups."${systemGroupName}" = {
|
||||||
inherit gid;
|
inherit gid;
|
||||||
members = ["${systemUserName}"];
|
members = [ "${systemUserName}" ];
|
||||||
};
|
};
|
||||||
groups."podman" = {
|
groups."podman" = {
|
||||||
gid = podmanGid;
|
gid = podmanGid;
|
||||||
members = ["${systemUserName}"];
|
members = [ "${systemUserName}" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.woodpecker-agent = {
|
systemd.services.woodpecker-agent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wantedBy = ["multi-user.target"];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
WOODPECKER_SERVER = "${domain}:${toString agentPort}";
|
WOODPECKER_SERVER = "${domain}:${toString agentPort}";
|
||||||
|
|
@ -74,9 +63,7 @@
|
||||||
WOODPECKER_LOG_LEVEL = "debug";
|
WOODPECKER_LOG_LEVEL = "debug";
|
||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
EnvironmentFile = [
|
EnvironmentFile = [ woodpeckerEnvSecretPath ];
|
||||||
woodpeckerEnvSecretPath
|
|
||||||
];
|
|
||||||
ExecStart = "${pkgs.woodpecker-agent}/bin/woodpecker-agent";
|
ExecStart = "${pkgs.woodpecker-agent}/bin/woodpecker-agent";
|
||||||
User = systemUserName;
|
User = systemUserName;
|
||||||
Group = systemGroupName;
|
Group = systemGroupName;
|
||||||
|
|
@ -85,7 +72,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
imports = [../nginx.nix];
|
imports = [ ../nginx.nix ];
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
users."${systemUserName}" = {
|
users."${systemUserName}" = {
|
||||||
|
|
@ -93,45 +80,39 @@ in {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
isNormalUser = false;
|
isNormalUser = false;
|
||||||
group = systemGroupName;
|
group = systemGroupName;
|
||||||
extraGroups = ["podman"];
|
extraGroups = [ "podman" ];
|
||||||
};
|
};
|
||||||
groups."${systemGroupName}" = {
|
groups."${systemGroupName}" = {
|
||||||
inherit gid;
|
inherit gid;
|
||||||
members = ["${systemUserName}"];
|
members = [ "${systemUserName}" ];
|
||||||
};
|
};
|
||||||
groups."podman" = {
|
groups."podman" = {
|
||||||
gid = podmanGid;
|
gid = podmanGid;
|
||||||
members = ["${systemUserName}"];
|
members = [ "${systemUserName}" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."woodpecker-env" =
|
sops.secrets."woodpecker-env" = {
|
||||||
{
|
|
||||||
sopsFile = ../vpsfree1/gitea.sops;
|
sopsFile = ../vpsfree1/gitea.sops;
|
||||||
format = "binary";
|
format = "binary";
|
||||||
path = woodpeckerEnvSecretPath;
|
path = woodpeckerEnvSecretPath;
|
||||||
}
|
} // secretSettings;
|
||||||
// secretSettings;
|
|
||||||
|
|
||||||
virtualisation.podman = {
|
virtualisation.podman = { enable = true; };
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
systemd.services.woodpecker-make-path = {
|
systemd.services.woodpecker-make-path = {
|
||||||
script = ''
|
script = ''
|
||||||
mkdir -p ${woodpeckerNixStorePath}
|
mkdir -p ${woodpeckerNixStorePath}
|
||||||
chown -R ${systemUserName}:${systemGroupName} ${woodpeckerNixStorePath}
|
chown -R ${systemUserName}:${systemGroupName} ${woodpeckerNixStorePath}
|
||||||
'';
|
'';
|
||||||
serviceConfig = {
|
serviceConfig = { Type = "oneshot"; };
|
||||||
Type = "oneshot";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
containers.woodpecker-agent1 = woodpeckerAgentContainer;
|
containers.woodpecker-agent1 = woodpeckerAgentContainer;
|
||||||
containers.woodpecker-agent2 = woodpeckerAgentContainer;
|
containers.woodpecker-agent2 = woodpeckerAgentContainer;
|
||||||
containers.woodpecker-agent3 = woodpeckerAgentContainer;
|
containers.woodpecker-agent3 = woodpeckerAgentContainer;
|
||||||
containers.woodpecker-agent4 = woodpeckerAgentContainer;
|
containers.woodpecker-agent4 = woodpeckerAgentContainer;
|
||||||
systemd.services."container@woodpecker-agent1".requires = ["woodpecker-make-path.service"];
|
systemd.services."container@woodpecker-agent1".requires =
|
||||||
systemd.services."container@woodpecker-agent2".requires = ["woodpecker-make-path.service"];
|
[ "woodpecker-make-path.service" ];
|
||||||
systemd.services."container@woodpecker-agent3".requires = ["woodpecker-make-path.service"];
|
systemd.services."container@woodpecker-agent2".requires =
|
||||||
systemd.services."container@woodpecker-agent4".requires = ["woodpecker-make-path.service"];
|
[ "woodpecker-make-path.service" ];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,18 +1,12 @@
|
||||||
{
|
{ config, pkgs, discord, inputs, nixpkgs-nixos-stable-and-unfree
|
||||||
config,
|
, nixpkgs-nixos-unstable-and-unfree, ... }:
|
||||||
pkgs,
|
let
|
||||||
discord,
|
|
||||||
inputs,
|
|
||||||
nixpkgs-nixos-stable-and-unfree,
|
|
||||||
nixpkgs-nixos-unstable-and-unfree,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
|
unstable = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system};
|
||||||
nixpkgs-master = inputs.nixpkgs-master.legacyPackages.${pkgs.system};
|
nixpkgs-master = inputs.nixpkgs-master.legacyPackages.${pkgs.system};
|
||||||
in {
|
in {
|
||||||
security.chromiumSuidSandbox.enable = true;
|
security.chromiumSuidSandbox.enable = true;
|
||||||
|
|
||||||
home-manager.users.cyryl = {...}: {
|
home-manager.users.cyryl = { ... }: {
|
||||||
gtk = {
|
gtk = {
|
||||||
enable = true;
|
enable = true;
|
||||||
iconTheme = {
|
iconTheme = {
|
||||||
|
|
@ -27,7 +21,7 @@ in {
|
||||||
style.package = pkgs.adwaita-qt;
|
style.package = pkgs.adwaita-qt;
|
||||||
};
|
};
|
||||||
|
|
||||||
imports = [];
|
imports = [ ];
|
||||||
|
|
||||||
programs.chromium.enable = true;
|
programs.chromium.enable = true;
|
||||||
programs.firefox.enable = true;
|
programs.firefox.enable = true;
|
||||||
|
|
@ -51,6 +45,7 @@ in {
|
||||||
gnome-screenshot
|
gnome-screenshot
|
||||||
gparted
|
gparted
|
||||||
inkscape
|
inkscape
|
||||||
|
krusader
|
||||||
libreoffice
|
libreoffice
|
||||||
mindforger
|
mindforger
|
||||||
modem-manager-gui
|
modem-manager-gui
|
||||||
|
|
@ -81,9 +76,7 @@ in {
|
||||||
yubikey-manager-qt
|
yubikey-manager-qt
|
||||||
yubikey-personalization
|
yubikey-personalization
|
||||||
yubikey-personalization-gui
|
yubikey-personalization-gui
|
||||||
]
|
] ++ [ unstable.gnucash unstable.thunderbird ] ++ [
|
||||||
++ [unstable.gnucash unstable.thunderbird]
|
|
||||||
++ [
|
|
||||||
nixpkgs-nixos-stable-and-unfree.discord
|
nixpkgs-nixos-stable-and-unfree.discord
|
||||||
nixpkgs-nixos-unstable-and-unfree.hopper
|
nixpkgs-nixos-unstable-and-unfree.hopper
|
||||||
];
|
];
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue