diff options
| -rw-r--r-- | flake.lock | 143 | ||||
| -rw-r--r-- | flake.nix | 2 | ||||
| -rw-r--r-- | machines/labsrv01/default.nix | 2 | ||||
| -rw-r--r-- | machines/labsrv01/secrets.yaml | 5 | ||||
| -rw-r--r-- | modules/attic.nix | 78 | ||||
| -rw-r--r-- | modules/buildbot.nix | 27 |
6 files changed, 241 insertions, 16 deletions
@@ -1,7 +1,47 @@ { "nodes": { + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs-stable" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1758711588, + "narHash": "sha256-0nZlCCDC5PfndsQJXXtcyrtrfW49I3KadGMDlutzaGU=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "12cbeca141f46e1ade76728bce8adc447f2166c6", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, "crane": { "locked": { + "lastModified": 1751562746, + "narHash": "sha256-smpugNIkmDeicNz301Ll1bD7nFOty97T79m4GUMUczA=", + "owner": "ipetkov", + "repo": "crane", + "rev": "aed2020fd3dc26e1e857d4107a5a67a33ab6c1fd", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "locked": { "lastModified": 1765145449, "narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=", "owner": "ipetkov", @@ -17,7 +57,7 @@ }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs-stable" ], @@ -140,6 +180,22 @@ "flake-compat": { "flake": false, "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", @@ -153,7 +209,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1696426674, @@ -169,7 +225,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1761588595, @@ -188,6 +244,27 @@ "flake-parts": { "inputs": { "nixpkgs-lib": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ "determinate", "nix", "nixpkgs" @@ -206,7 +283,7 @@ "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixos-anywhere", @@ -229,7 +306,7 @@ }, "git-hooks-nix": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "gitignore": [ "determinate", "nix" @@ -298,7 +375,7 @@ }, "lanzaboote": { "inputs": { - "crane": "crane", + "crane": "crane_2", "nixpkgs": [ "nixpkgs-stable" ], @@ -322,7 +399,7 @@ }, "nix": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "git-hooks-nix": "git-hooks-nix", "nixpkgs": "nixpkgs", "nixpkgs-23-11": "nixpkgs-23-11", @@ -341,6 +418,27 @@ "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737420293, + "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-vm-test": { "inputs": { "nixpkgs": [ @@ -365,7 +463,7 @@ "nixos-anywhere": { "inputs": { "disko": "disko_2", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "nix-vm-test": "nix-vm-test", "nixos-images": "nixos-images", "nixos-stable": "nixos-stable", @@ -478,16 +576,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1767799921, - "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", + "lastModified": 1751741127, + "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", + "rev": "29e290002bfff26af1db6f64d070698019460302", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } @@ -508,6 +606,22 @@ "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1767799921, + "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1767767207, @@ -540,7 +654,7 @@ }, "pre-commit": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "gitignore": "gitignore", "nixpkgs": [ "lanzaboote", @@ -563,13 +677,14 @@ }, "root": { "inputs": { + "attic": "attic", "deploy-rs": "deploy-rs", "determinate": "determinate", "disko": "disko", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "nixos-anywhere": "nixos-anywhere", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs-stable": "nixpkgs-stable_2", "nixpkgs-stable-release": "nixpkgs-stable-release", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix" @@ -17,6 +17,8 @@ inputs.determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; inputs.deploy-rs.url = "github:serokell/deploy-rs"; inputs.deploy-rs.inputs.nixpkgs.follows = "nixpkgs-stable"; + inputs.attic.url = "github:zhaofengli/attic"; + inputs.attic.inputs.nixpkgs.follows = "nixpkgs-stable"; outputs = { self, nixpkgs-stable, nixos-anywhere, lanzaboote, deploy-rs, ... }@inputs: let diff --git a/machines/labsrv01/default.nix b/machines/labsrv01/default.nix index 8988cd4..6ce9feb 100644 --- a/machines/labsrv01/default.nix +++ b/machines/labsrv01/default.nix @@ -21,6 +21,8 @@ ./homes.nix ../../modules/cgit.nix + ../../modules/buildbot.nix + ../../modules/attic.nix ]; hardware.facter.reportPath = ./facter.json; diff --git a/machines/labsrv01/secrets.yaml b/machines/labsrv01/secrets.yaml index 8cc4c39..1b80887 100644 --- a/machines/labsrv01/secrets.yaml +++ b/machines/labsrv01/secrets.yaml @@ -2,6 +2,7 @@ kj_hashed_password: ENC[AES256_GCM,data:sRf0uBBnua/hxn3fZGA9mZAKvg3dm2vgs5Cnanbo luks_passphrase: ENC[AES256_GCM,data:mUZKrVNPIduciZNx1iuHL4lwjI4=,iv:fz6sIdtJ5LJR8xWsAysYg/6+XgN9dQUHp401/YtwmIE=,tag:kW9B3qZyCwFUzUi0HCIQxw==,type:str] ssh_host_key_ed25519: ENC[AES256_GCM,data:9ZMQKFJojbkCayblF2NCpXTAo8Xe4oFjPNtNhTMN14gnhVSUmg5oE3Y5fwy9zYUAqq2714rBQZ72r7f4jNKzrShzRuOaX81OKvxyuTaBCVU7q292R3KVTkkw4RKg90QMQnHs9DZxyKWesbfCkO3nmDCCNB6QVKnQN+Y/01iTUzkK9F/4h9512SiysENm3eJv76MrhRfp60PH23Hpq92Ao4O7vYBKpqt4K4+T+zFbpSb8qvO/oUcjgp5tokUapJzxUm4UJBHYeEbmGB9KB/ZAdGW73e9TRujWLJ1YjjEXW+k2rD5+oUuBopdMLktpkElTO5ZVxZdbrjud5ZFGT5MM425YSkXTt52PhfW96Z08dM/GvCLdonXn6jGVT2VSlocoajzz966EDDcRNxXA8iUCgqCXQSdNrLXC4dU+hBGdXlz6oy7Jx2mebMRMVYhCCECV0hlfhgH0fk7TTIzmQc+YvO0XnFBnfmvj31m7L8ww5HHC89zTwH9XcheW7kObCPtRN6qW+lxtKeNIXT4iKB8M,iv:dYwEHTpNcqzplORzQsgTXdBsVpBP9PsATBhe1j2CIxg=,tag:xpwgeBOLgyZTDBLC4NuOKA==,type:str] ssh_host_key_rsa: ENC[AES256_GCM,data:ZZc6nODPr2d+ug6WTkKXsyX+6tqY6PxtSQW/Mvx8ZgrlVSS+xdmL78Nby/ETZd6hhBcs02j2AqqhQ4zMeqBbZ5bQGN8S45y6HSVHjSqZEagqtEU8aYPI5FeHQ//UwapAqhBcIvJMn5H+R+UlWIE2fjB6mgNDOPWEgBz2X5nFYG8lCHCL9OfpBQi0HKgLvYN5FTXB/MQWocF1JEwo2cYKB/lQO7g30R0BCMnrA/SBUIK34BCYyz6aMCU2O7AT5w2QWxPT/S6jDMHaiFDrs8khXdbNfYiobcj0+kCwCRrw33+ophZKCFCPRZS7fzcjaBK+q8ab3eOLkAPGsLHkq7OZNyMNkrx7Idbh7tvokhoF3zyRsxTgRNIArbai7F5hiaGra3z5jIGWukRUNYcV6B/MJxAu+gsNRg4OWOb0sgvYZpAyHdvjB9+qdE0tGcizOhVpoQtCKJ4TEcXFX3iI5KO/Uf60+KTJKjsISSirFl8nmB2kuVzI/7OMNXO9rPZBYK0WgKIbITF0zfiO90JEmfqhbDvgQy91Cb5wtGKSeSxvyfCnamUQI7FANOU0oc0jSJnh9SO54u/Ns0/T3d19v2svMEn7LAT9OSxyRNm5i63AOEfdwrjN5si3TB3m6pURX+kNzobTthoCyHPY9qllmula3TDApblAzJXA6L2kHvQw9yci2Aun9REyWaG9Uujc3o++YJZgGtZ8EZpi6SMM+gBfe2tQBsGDKSt3U43rEtncndC7spW9VFHknwWqJEeGTTxV4dshqQDqs6ehU7R2rvf82H9RCjLqSKXv8+6QA5tUVgSy0RQ+lKS0wB4bERao1n6oMHGsS4Ux30ilqpfRtJ6VyU93UU7jcRoWCFndTTcydtbF9lJw8fyQaoTgWt+UTbBqbrDICbl28HpjvPmrHppcOLTSFlgPC8umJ5ct7puMyaHeBGv+No5rYwGKcx7ECPlxQjX4u2TNHqC+L7+KtwJqeozJoq6FmQ/FXMCuHHdKcrIeExWbN4AxA10PM8DU/sc0MAsckhf8ykCY78Pth6L76Y/fwF980pef3LtKrvZgtU4MrP4svjUmKm4e/OLELRwpKUgxSwXStXLVNZqcExRu40+1qFDw4wP64IyXaXYVlW1sCXrbMWBl4RfK/96nez9auIhIYVe/cYrM0d6oOYk4V01f8n3mJZZBe1RPUVoANseIYHnLmKoWB0uzEcKO9mnyIaJq8TYMpAIzdJ7q+YoLRzARwv7k6EeUcXaoYzmDvCm8om7OCsESf82p//do+g30UQWvkSSL19yNiMyvHAxRoTBJiisNHeicc8Fr904djetLVMH0Ag/01CZjPzexisaOqFHEkZ493rnWOtfXsAK1aj86yjhJwz4wwXfBuD8pb0bNkK6fQu1zWuCJKb3EwAehKAXvxvCvMQg/1O85/GMuLDRp6WwUy58ii5t13M6VYBMovhgGB6oVYCsjCAeHaJxNmlB8fqfsIDYOrZ2b4qHjydDoA9YeXSoTgFw/bHxSniFEfhRJxhS2UvB3qbJmTyurVpmBigaOiD3GIu+knJHplRXrycL2sKMCEDXAmu9Sy0H3OCwWB/NdDIFQziMMe+UaVIUFdZF+vEoKLz9WWlECdHkmQ4Jl4wEovTTYgwQNzDxG9gPG0Osio3F45Bp0aNdLxBniBvZm5it+yZyks4EYzp/JgOdIGHcWntwS0cP0KQbAcUcrGab0Q6ooipbTjbvW8WymVazXIsxyi7Bema6xYjhYVKZdpNFd76WFpiSgLWuhELBIF9v4tpAhICJ/j6oxKfn3t7UUYTbdxIcS+fZlgajEPGJayaWuvA5BpsCEwBIsE0Q0WWQ6k53YjuPTRFS02k3R1blXtqg54w14r2ewTTp7hJsKFAtEzJiZEiat70pb/LTS30AK93ELLn82fupzJh1KTz85YdKOxWxPCWksCALvMw7tch3B/2YDyawi3dtgp7otZS6l8ToT1yw8gJO0NqKPa37vpcjpVQ498RQC+7xkY8YxsQ4Rz6kE5xTtEPiy1VhxVmac67Z8wn14JDHceCrAVO5AmNTWTFw1AaFmNOlbTIIyy7+a3VJMQA1wz/eVjcdX/XdbTN54vfdfl9BBGVOf0FwabHBf87mTjKwlzDiOzKf/Je7h2AG7fmSJNqv1CA4WJsmSmmCsyEdTz+R8PMzOr2EiTIxwO/1ZfzAl4bP0z4R4ngV3ZeN3F3Ws+byXQs6dLz8916fC/Z51sqjjqDLmWE5KIZ945tO9Of1jFbbmiIMaLeIcENtQ7qS3CwDDvUCnyHBUP01oNGBJQAsOGeIv0FcuAH3MZinSjTXD4z5plZYpISPDMHI4QWk528zewP+lXHc4AbFWbopLaC04R+ln2pEodkWsegY9dDE5zu8ecaqDHczrwUDrYJ7XvzyzZvoNAfG/gfyhLzvLNlu1yNPyAzG0W4WM1Y5S1sFjJVSG+xeMeUBz/o+N69jw4YBraoUcQtA2SWl+DNWLwq3VZWuQIine/e/xjaFlRPXOeNh+6WV/nFtjXeh8E/ONWf6lNgDxsW3PBPulzQOLo8gNWSqVyCjzbu8yfxovzrS+XTATnJfVOcUs7rrSedf9SNdiwGS7sMJOPX/Qc4uG/lu0zW5o+rHU3ihlysTiccaQZyR9UPaUPI7r0Gzw5qOTuh1HqIVebBTeqZnon9NAO5MgccZMA7C0d6NPCg8OK4ypSXFPZmSr+b5LTusAutwMD+laoG6UX1hviehCa1Hi3TIxMRpcUWlOSfh+moUBbsMF0frlLauKxZNqI6IUndRdQMpF7msk10z8hzPgH87Y/LVfWnQrgizBA47SPGNLShxQCYcRLYgDjbI3f3Zx8YWlqICWf+6jt2AsfvesGF0wLEnL6HX4xvh4esfhlE+1ulxIRvESI7m8QV5Z03kM4P3O2AnP19mShq7++pBW1IhNZ5DXRtpzYtqTrTs5lX/KC8w3YhBXEplIbNJqZr0tP2jk6D+6+bLsNH21nYsHrmvEcWTAA8wkZS7a1eFzQYFy2tCKoZZnGSZmCIVgajPPz2HV/MOtcOmXnjnn77Jhhppk78gsVCzT0XTr732aeNvMB9RlATdJi6BZVST7fsMbissaKL/EVS4vgKXrFjH8ZVW9qgFGuctK7IMoIeGYI01ChpDwXvEJlJmvV/kG/Wr2PkRKFxs6bBnGQ7neUaoSg1VGoXxItF1Dur7wwiJYj176U/vSIeQiNQq+8viApqhwx5OKTK+Uk+B7/MJESRZNhGbN2qxgipMDqtoTSquorQGeRGY9EtJlUzfsTy5AUOjAyrBKRVz61of4Tn//YE5OMir/zBgY1C8FMEvbg7kWuk3oNICC/cN4KmdIfbOhGgL/l9zTXEvongr2PeXkG4jfas/oeszOtODfBRVkoYy7XQRiYMMaVxHZSsxhb9GaQqC/4HPijTeaz8ACSN5ePUG2EfXFWg==,iv:hi0vB6gaq59QAraJKrdLaJ3HZ4Z7vHBzX2ol84vDQfs=,tag:LDrM8GR5xMPn3W44J/VNLA==,type:str] +attic_server_token_rs256_secret_base64: ENC[AES256_GCM,data:MwjViLvZ1ZSaYC/EV2YH8E7blgMbGaV6cRxekv4BWARVDzfnVo613CpGRmv3OowRhFWWGMw2C93RLuTxN0awL8fPJY5GIEYREopWiJ36S/lvSTFlTQTqIPdv7jrFhuhlFHG8txWe9P3gpZNPRjcN6JYMkI2G5loKoj+2OKkYrqUqqmvGczGWk4soEt7hbFMPD0RGXPxMkHJENJlewpALgEuW8iNPIeXCd0LsK+Uo8Dw0+3LPpgCChL5OvF9tCzbDv6IlTITTQ69B6YexRmB89qj2H+HWua9uzB5kMOqrFyErg20wGJWlUygwgHbkNamwZXgTwhG4VNEovv8W4Zk76R4WDoRdzRB8b1K5TEH6erzaYgOab834lXaHeDVoB88lJ+uGoXA+XJKfNhMDH9py7qUqT845c4y2N+3ziHT7DLWD8FzFVAr5GQGYX6BpBJjmsgBRPcr3lKbWcUsZIQ3zP6nMTz2o7eIF++A6AGv05rCwYpj37L3Fv7u9KWwjsn0wqvtCNhp4WiLtv2iX3e85L3Vf5N6koa00kJ15bkiknlyOTH0FgveFymyGYlwL1Ox2i1cfw1qKux139Q8iKhi0SRQ9Des+ncfJODD0OgPW+nZVKjk24PqViU5EsMD5LDRpk/hYwjeQGYBnhf3pMJVeIU2or74xwHUPpNQYmVuquMQdKA9j6pvUgldIkEjFcolPXtZCy696dGIqVmL8rPMZj4Ou2krO6syHdiIAL0aae2THf0DjwrLKSGI+qU0AvC88181xToaiusb1+895B9vJ+D6xx7eIdmhg0iUow/bxaaq8WoT4G5Ybt2HEnsIg/aFA1jSdOe4HYAUkWMj/PcaRD5NqsXy3RNkpFhKI3BnwIIFld77rIqjjMtnr/vRafQmtkiiT7DwIOpz16PFUea5DFQNOgNnkaWsLWMkMo8SzHLmLH/HCvbVPjjvFhrVTHZKyWkDh1a5lsLfaloGaEAWlHjFjD4DPYdyWv9au2N9VgKr1ehW0T1hZGryOj/BqUJRm/YkQk8HPLmhM5LHekxmxLAV+JrK4F3GfNmFRYlxBiqEh11Z3o6eUO8GZR8anAjLd1Jb/LOT9U1nHUl+Qqs3RKXbamUJxBW7GBnZnj3sX5MXNUrKgbUJaqX+VPLSMivtEq54PdsbJdLSVDyjZt3yiVMWOo/ri0nSGagKxmHkx3+3Vfrfb9TB2RzsOr18csIiu0hLpAyeYQRNRq7FGrpeor4DiMPXSOMR8OMk8k/C9BIUpyN6B0ePf9CxU+kECu393EFdoP0S9fwRaC76w/cPA+cwydzQFlfi54FFMFDK6YbJcs9SaeT5RWq/DKCSriZdLQrMh4Sesun4O+6b7WcI90IzIuH6eGE9vi2gaahgP/t89UQT02Sws8UrbUb/ZQmK+Zq6LZcjBV3Pl9+VFfdmgI+agopzDb8F2e0D11B1taOwGKx/nVVyvLsv75gc+1yfsze4JZbC67Au0oDKa5CrVlkWDcP4LIsiphsKu1NXpC6WmCwb7wUk7LJHee20V1DyLReTOLonO5+ncZxlkqE4zNMkw51O3HXz48un3N+wKjH0sPgYwcXYd1NavEDJ+FOfJm8d5cnwZWTrz/kkObJ0BgthPzerQsLk5Xf2x3BMXrVYLy/Ar5kezYaGkLC62g/JZEEN+Dj1MDV6P5H1E623ryIs/etncbcUErXC25ymhMwmlrMHm02DgcRvcSV4TAUP9ct6I8DAHMnI1M7TWfKFz4qN6bGDUG0tPL1Jz4Ai5lVQNNywly3vODlGRZ1nOmvZXMrmu4FMoiesfPkViz8MoQWszJY5ir/c/QugmEcwTFz3o6nTVyCqiHGDK8YWY9knKyR6/cpu5pSD9IhZepnXuB6wwFfYw5DQFky0CvkzPU42dhqHN7NUZAgUcxTqJkc9myl+cnf5PHxfg/uSp9eBgoW4asHnd4WkkFlTjznErb/wkKylfm2lTSwGqmwHUttHqxkxVZtwtaQY9gbdR+Dh10QxEMbfC5fuOTFpQtGZERCRRkyx52cNmxEAMFIxf+c/dN/49ZEOLiJWCDPtAyu/hTR3r/fLXHu4JevmA2xJmF1ayrX3cwpZ6OYa4sBVFL/7y6kicAaG9Sq1aw1geZDxtMk3XsFLObJlKioA/LMLdpqqw2CFb7/JMP8z65OvyRCfFHNnNDKL4TMcBi85YF2+qO10TWDtmxCa1wgktYtQ2qRHJO7KryR1wkSEObPKhRnra11uKE+f4Vcp6hj6wHByfrDaUpy/AzXTdPzhVT5khFwCuuiUwR7QSjENVLk84xLQe6WFp2AnlqCqN827BuTZcqNg0wB0M9gRgK0JN7c9kfn8r888aJoAywqPZn86NbhzSzfWJMz5pfE54BSQwZl9DnEDceaykhgAUAKQ9zlMM22QhmrSrCypOgzEDmnG29uAtBWEODSp90XnbvOTRpx2yHDRAOxpOz3AMovevSmlEg3zlmbLDgMnQozcMY9Twaj197+BPvdqmoUsKztnRo9aCrw61VA46s/1CuHXEA8RHNiGAAv2JQjLeO6jy+/trTxeHw4obLW1dLXrerHu5Z4uOjJW8BVL2yyEprvAHPuosIvnt466Ciw2CVoj/Cc1Qze0x+THhbOhoQKuutUGLaMPSZScKk2z7qwIQ8bLDFs8oNn/BFmPg2MyDFaExVhCuLfC4PZBDo9bKkqk7uYZgAVY/N8iCVxkkA0V2FEJ919/whyx2z+OfVMXfoYcX80xlAXffnFypoT27xiQ7dvuAqHGM5J5FOX59cG0Ye7po92V0KZgTf8IpbwXF5rTXRrUI+ZNEwVXDXmd1MxbGo8ZVH/Rl1wPhpxVy/GfCv+LgNcMmazRarMfBriDApB0QrLK5KgF5T4S0Pir65HHXyrYJtRez7H+6OEtbK27+ty1kr5bItJGcGAFsyi96asW47elJcH+kKVSUic88bV9GUrRY3vZV53bcnMJiajIS2iKsLtF9poikjE/GH3f6pJkqTVBR0K6wxpJpCnPX2JpT3zrVx8uIStcXkawsGuBD4oiQyMLGrYjt1n4IIq44u7C+pf84XNMwk30Sgtyj43bMQn1Q/9pQLPt2zkakLjKYHa/xmKIOghqq3aL1JW0ipRxH1dcgWEoWEgk6VUvZTwF9XlWq5Qu/kKJrbxvuQkzzDK1nqt1q2aAd8GxnXZ5TuYBWlrk3Y/+/FiMtROLkR4at0R5W0ZLxYPXJq1LzLIiNLzXMklsPKSQs6qAc5nQIN+6RTgaA4RlDsl/KLEsxWZ843XsurxtEbf6b2LB9YPahFuUXJpLu4WwevHaE0riSpCOhvk/mBXJi1ZevveZvPNzrsIv2IWMBGjdbmbs8Pl/8XPcMt6FZgDc8GjqxHX8gub06czp5vkitRhQKM7t+ocQ3gLsJsWoDhi5UhxazxfPwKMkObJqX5xIQcmjmlJ39ZAsBeJu5O8EVQuqG3LAt31Cr6QAPRxFkzd5YERk5W2Jl60sfSSL0oCwswWoZ/02n+5o9gLZ59ENPrsMZh2qhoc5pcOiCaDV41MppoVEs4rDRAJkmvdQROkPkt+UcktIwcJ5LrjJWJ8cujsm24hfkU4+fjY+7Y0TTgUw00J7ufC+SgF5WHNv/mnepp2e1qehLHzAL8El49dB9C4HEtcwp6db0D9yq7FWW9kmM/dq1+K+bZlEZwAJC0JpcKJ3haDncRNsx/WBwEHC6QeNmsMKgtlp2RqHHKf+HkwLDnPXZ0YM3aSIw060CLJQJiTb71EWOm4Z1GoXkWafrrNrQQYjxlFjU65jnIosdTH0jYAefdA4yBEZYbrgFczFm+0cyEoehrf3peRrrbU9OkkryEZb5fNqeY7jIvBefuH3enAq/l46aYCxgRiL7nQg2vudEYq1hF5VuiEdf5OOtr78k+NY7toRHyz6AGcJf0SNMJUo8c5ps3DSxazkFrOpBPhxWXpFyd6sNmGJZARppVkZh6j1kgsQA+Um4OcnXF/0alHmjHBG0F2j+tcMRWQAsOjzW2brqNaKjKZlIg20rLkIcqPxGvTNQfEaivhDIa/NpdE/CXNpewsToVyM6AgbCCR+zxjEj9M5a5XjGLhLrHyifIT2KTVyWj9vBFrXEMtfNnuQKkcnkh7Y/zIRnhrEFqsN3B/LaAO5NS9bhzimeTffSp8Q3+LIQIJmcBScq9WcP3kge2hwgpQaHjTwyO2Ct/F1YjBeGfAk0+kcE27ediVpXqLVKbufMEWQ80qPhC74RQbgLQlWG6R4dWzSHo0DqIvztv4/oNsn/g1SdGUMINfKkZuonNKGJEjYX6/6YaFfIUMACIScRYUDeST5dAl/UY2sjYUZVbOmp2aU+Q201CCJ9CvVOzh14XjuBSmq0nr1M55XDNmpUHWfHyRqPioGb1biVeCb9VV5avQVk+GJ7FoR0IGbQSFFiCdxyJNVhK5XAEbn9gMGKI9xUdDDazU0+c4EU2GNcbYkCiLVHab/uNeSJbRY15K39pilQYVfsvD9WawKSFKp/1KwpcMKF5jks36B54D5LV77P3RYdFCcIqkAzxeKnRIWCAsLU0xtHS1Y2X3ElQfuXhyg112NlpIvNTK5aCPgHcivYdppoqIfUY/vQmUuHVUjDjBma2uqbYxayw2/Ys8z4QzkoLBTtcn1HdNkyj11Cf5icQAYjRXPR+F/Un1ruDrq7viEFmOyvefNY388yO5h9LwHbV/FYeeRdBsKnQ+XeD9TRDCdALUftlPVxWM7izbkHNt0Y5cZGEL3/iMYd+1ig5w+AysPCHlfRJxdxBsXa7YyRQKrWR/EVYHx07B2m4SwH3scVDZg7ULM8ujIAOo8FnFqfKhvGva0acAGvmj+ZERAMhFnE2eIVtJhgmvnszw26H0/WBQ4dE9arFFhQNE/ZM8CV+QD9+P6RPFb/vqSZmWeTUZA9y7mk6U7By+yWsuHJ7EWbnsIL/knbmCdyDwd/Ma4mWpw+kKuNYLDJu2xxhKbBBlKSyIiVjWFZ4JWd6XHqo0iL6IjC0OufY/IHeMg8r12XFNxpTGiEQ09A8YtS2FDLNv75BHHmkeFXXPnRsNH84gUqrgE4QhMei9ipc0+EjXNkbecFar1vSav0WlN6M/yOnACpggL6I/uGErd2yNmS95E8BfpLgFdLAlY5vL7t7QvjpybEydOZznCaft6MJ2Tm4DL8GRYPaAItQoPLfGdRdrPU3Bg4W91rJj3SWLzh6NvoPklFEgiTm4ARdyuBvAcqlLNFJZpSgRTnoY5zn0L0SewIX+FxKk8du4VaUaqTRWMB14ipcSQ64om2/H3kxhVc2qT+uuiJIcE2+jOP628Y68AWi6L3CIWGS7kijiS4X7Qda57EmaYRYNQHxl6JZe7Iz1Y0KqpdClGQRLWePsjXLmzQkgvypulIcNOTP4Q0lafGWiOukHTm6TEmQk1FaaTOsEcQtqd4pp8WlnkV2RBj2c7cWo8oBfpzghxwAXnULTYrCn/DjoIeCmqzbNhpAs04P9iEABkc3WkAgtsmElUtKGbihc8eTs0WT7NN3CRhizKcpFUI/oCXVqHgWx7b2STJ+/BPw/Zs/AjNy347OABUF4uPPoFr7kI0P2tUh9nwBdRN9ACpIuK+q4ZJxOJ5m0C2R66tkNndMYCrL9CzRT3cNmKt5wbqqVer2W2diKTEogINqWfuB9Cv5KVuldOP01jxSxbDB9gUafCitPT5MjmqIn42252T2ozOvfjxe/FN4n+TGHP4Y4gqb6BEAfiqYgB4fcztN57tNK3Xxg==,iv:Kz93X9K6D4aQC/5rxFfJhCsKXXGBnI3HorWmS4sT51w=,tag:re8EPpRgFty7fcIVbau65Q==,type:str] sops: age: - recipient: age10gj7wx2syxd9xtt032xxrvtz9hcpnh5xfhzdaaw8qztt6xt6jyrqme3pdp @@ -22,7 +23,7 @@ sops: UDVDZ2luUHlCQVd0aGFQTkY1Uk1yRnMKwstz0FxW/34F05oXBIuOHJwGTrZydHzr Vv8g5OnJyFoq+VYkKP1nbwjViYX+4eX0kfWWyWmk3jZw9qw5XgJXVA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-09T00:57:16Z" - mac: ENC[AES256_GCM,data:Ot7rsi0yQQhv98oo7EwpkQD/Ixkp742J3mI1RxtAXA9fzACpAiW899h/CKWamTMamOH/vyclSB/PjXEA9S9ORtsSCZ1K9AqWYNEAkU2eprArqnJXpvDV62OuITkwRJOqczxAZMKhMMldck/K0LaPnSY1QCCszMlYmHoRfdIH7QQ=,iv:ryFoPecOClZSFLbcqQyg1zqohVk2CydGjp5K1obDMeo=,tag:u36T4rjoducSqFG0+807Xg==,type:str] + lastmodified: "2026-01-09T10:22:26Z" + mac: ENC[AES256_GCM,data:UpGXxcQqiMPAU2rZdl4kxLSFA93jm0lff8CjJsnu5xKA+BgCdeGR0RdQoYWxDucXX29c9EMdq2glE6lHCh2YH53ESKjWBrO3ZX8pUel3I5Ndi7WPVrVFJvbCOEUk6+HVXPEORFmo6bMwm/9RgEtPDwvfc+cJYLMeOYqegd+lo0k=,iv:V3YCwqgDMwnY0TBxH5C1TmqioM3rKJHTeWl9ywWUgJs=,tag:1u14shhCpa6IkIjYUb8Ztg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/modules/attic.nix b/modules/attic.nix new file mode 100644 index 0000000..7476d57 --- /dev/null +++ b/modules/attic.nix @@ -0,0 +1,78 @@ +{ + inputs, + config, + pkgs, + ... +}: +let + atticdPort = 3215; +in +{ + imports = [ + inputs.attic.nixosModules.atticd + ]; + + sops.secrets = { + attic_server_token_rs256_secret_base64 = { }; + }; + + systemd.services.atticd-env = + let + createEnvScript = pkgs.writeShellScript "atticd-env" '' + set -euo pipefail + umask 077 + value="$(<${config.sops.secrets.attic_server_token_rs256_secret_base64.path})" + printf "ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=\"%s\"\n" "$value" > /etc/atticd.env + ''; + in + { + description = "Create /etc/atticd.env if missing"; + before = [ "atticd.service" ]; + wantedBy = [ "atticd.service" ]; + unitConfig.ConditionPathExists = "!/etc/atticd.env"; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = createEnvScript; + }; + }; + + services.atticd = { + enable = true; + environmentFile = "/etc/atticd.env"; + mode = "monolithic"; + + settings = { + api-endpoint = "https://attic.kjtsanaktsidis.id.au"; + allowed-hosts = [ "attic.kjtsanaktsidis.id.au" ]; + listen = "[::]:${builtins.toString atticdPort}"; + jwt = { }; + chunking = { + nar-size-threshold = 64 * 1024; # 64 KiB + min-size = 16 * 1024; # 16 KiB + avg-size = 64 * 1024; # 64 KiB + max-size = 256 * 1024; # 256 KiB + }; + database = { + url = "sqlite:///var/lib/atticd/server.db"; + }; + storage = { + type = "local"; + path = "/var/lib/atticd/storage"; + }; + }; + }; + + + services.nginx = { + virtualHosts."attic.kjtsanaktsidis.id.au" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://localhost:${builtins.toString atticdPort}"; + }; + }; + }; + }; +} diff --git a/modules/buildbot.nix b/modules/buildbot.nix new file mode 100644 index 0000000..6ace501 --- /dev/null +++ b/modules/buildbot.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: +{ + services.buildbot-master = { + enable = true; + home = "/var/lib/buildbot"; + title = "KJ's NixOS buildbot"; + port = 3214; + listenAddress = "::1"; + buildbotUrl = "https://buildbot.kjtsanaktsidis.id.au/"; + }; + + services.nginx = { + virtualHosts."buildbot.kjtsanaktsidis.id.au" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://localhost:${builtins.toString config.services.buildbot-master.port}"; + }; + }; + }; + }; +} |