diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b1443ae..a17f24d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,15 +9,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v30 + - uses: cachix/install-nix-action@v31 with: nix_path: nixpkgs=channel:nixos-unstable - name: Free Disk Space uses: jlumbroso/free-disk-space@main with: tool-cache: true - - uses: DeterminateSystems/magic-nix-cache-action@v8 - - uses: cachix/cachix-action@v15 + - uses: DeterminateSystems/magic-nix-cache-action@v13 + - uses: cachix/cachix-action@v16 with: name: callumio-public authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' diff --git a/.github/workflows/update-flake.yml b/.github/workflows/update-flake.yml index 72e4eb3..d59245a 100644 --- a/.github/workflows/update-flake.yml +++ b/.github/workflows/update-flake.yml @@ -12,9 +12,9 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix - uses: cachix/install-nix-action@v30 + uses: cachix/install-nix-action@v31 - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@v24 + uses: DeterminateSystems/update-flake-lock@v27 with: token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} pr-labels: | diff --git a/flake.lock b/flake.lock index 4eb157f..760da77 100644 --- a/flake.lock +++ b/flake.lock @@ -26,11 +26,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -121,6 +121,27 @@ "type": "github" } }, + "copyparty": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "unstable" + ] + }, + "locked": { + "lastModified": 1754693757, + "narHash": "sha256-hdw5A2GJQddldh0PWxs9U618aNmGtiIAcT2zHYJZ0to=", + "owner": "9001", + "repo": "copyparty", + "rev": "392a4db55bc4d27300bff5bc82638513e6c900d3", + "type": "github" + }, + "original": { + "owner": "9001", + "repo": "copyparty", + "type": "github" + } + }, "crane": { "locked": { "lastModified": 1731098351, @@ -263,11 +284,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1753761817, - "narHash": "sha256-FE908x/ihUlr5yn1f+PTMyOjcwotGUodzn7Ej6zZf5U=", + "lastModified": 1754512310, + "narHash": "sha256-gXE5lTYMOhpDJo+siLXW/3BzySPmLMD12GVB1QFVbyw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "b657cfddb78408e9b53b4a8aaeaac71fc7ea182e", + "rev": "2008f9aa7a5ccde48bfc1de5a919be5898da09c2", "type": "gitlab" }, "original": { @@ -347,11 +368,11 @@ ] }, "locked": { - "lastModified": 1754091436, - "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -475,6 +496,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_2" }, @@ -817,11 +853,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754028485, - "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "lastModified": 1754689972, + "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", "type": "github" }, "original": { @@ -1008,7 +1044,7 @@ "nvf_2": { "inputs": { "flake-parts": "flake-parts_4", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "mnw": "mnw", "nixpkgs": "nixpkgs_3", "systems": "systems_3" @@ -1071,11 +1107,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", "type": "github" }, "original": { @@ -1114,6 +1150,7 @@ "root": { "inputs": { "agenix": "agenix", + "copyparty": "copyparty", "devour-flake": "devour-flake", "disko": "disko", "firefox-addons": "firefox-addons", @@ -1262,11 +1299,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1753979771, - "narHash": "sha256-MdMdQymbivEWWkC5HqeLYtP8FYu0SqiSpiRlyw9Fm3Y=", + "lastModified": 1754599117, + "narHash": "sha256-AzAYdZlat002vCjCKWdFpGi2xUaiOU4DtIPnv1nomD8=", "owner": "danth", "repo": "stylix", - "rev": "5b81b0c4fbab3517b39d63f493760d33287150ad", + "rev": "312dec38b2231b21f36903d1bdce96daa11548ff", "type": "github" }, "original": { @@ -1483,11 +1520,11 @@ ] }, "locked": { - "lastModified": 1754061284, - "narHash": "sha256-ONcNxdSiPyJ9qavMPJYAXDNBzYobHRxw0WbT38lKbwU=", + "lastModified": 1754492133, + "narHash": "sha256-B+3g9+76KlGe34Yk9za8AF3RL+lnbHXkLiVHLjYVOAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "58bd4da459f0a39e506847109a2a5cfceb837796", + "rev": "1298185c05a56bff66383a20be0b41a307f52228", "type": "github" }, "original": { @@ -1513,11 +1550,11 @@ }, "unstable": { "locked": { - "lastModified": 1753939845, - "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", + "lastModified": 1754498491, + "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "94def634a20494ee057c76998843c015909d6311", + "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index a9929b8..eab8f66 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ } @ inputs: let mods = import ./modules; cLib = import ./lib {inherit (nixpkgs) lib;}; - mkLinuxSystem = mod: + mkLinuxSystem = mod: ovl: nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs cLib;}; modules = @@ -19,7 +19,7 @@ inputs.agenix.nixosModules.default { nixpkgs.config.allowUnfree = true; - nixpkgs.overlays = [self.overlays.default]; + nixpkgs.overlays = [self.overlays.default] ++ ovl; } ] ++ mod @@ -39,8 +39,8 @@ inherit (mods) homeManagerModules nixosModules; # TODO: use ./hosts/ nixosConfigurations = { - artemis = mkLinuxSystem [./hosts/artemis inputs.lanzaboote.nixosModules.lanzaboote]; - hermes = mkLinuxSystem [./hosts/hermes]; + artemis = mkLinuxSystem [./hosts/artemis inputs.lanzaboote.nixosModules.lanzaboote] []; + hermes = mkLinuxSystem [./hosts/hermes inputs.copyparty.nixosModules.default] [inputs.copyparty.overlays.default]; }; diskoConfigurations = {}; # maybe? om.health.default = {nix-version.min-required = "2.18.5";}; @@ -105,7 +105,6 @@ url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; - # i don't need darwin!!! inputs.darwin.follows = ""; }; @@ -116,7 +115,6 @@ stylix = { url = "github:danth/stylix/release-25.05"; - #url = "github:danth/stylix/993fcabd83d1e0ee5ea038b87041593cc73c1ebe"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -151,8 +149,6 @@ flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; systems.url = "github:nix-systems/default"; - #systems.url = "github:nix-systems/default-linux"; - #systems.url = "github:nix-systems/x86_64-linux"; treefmt-nix.url = "github:numtide/treefmt-nix"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; @@ -162,7 +158,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # my custom programs nish = { url = "github:callumio/nish"; inputs = { @@ -183,5 +178,9 @@ systems.follows = "systems"; }; }; + copyparty = { + url = "github:9001/copyparty"; + inputs.nixpkgs.follows = "unstable"; + }; }; } diff --git a/hosts/hermes/copyparty.nix b/hosts/hermes/copyparty.nix new file mode 100644 index 0000000..8fc9923 --- /dev/null +++ b/hosts/hermes/copyparty.nix @@ -0,0 +1,34 @@ +{config, ...}: let + domain = "files.cleslie.uk"; +in { + services = { + cloudflare-dyndns.domains = [domain]; + copyparty = { + enable = true; + settings = { + i = "127.0.0.1"; + p = [3210]; + }; + accounts = { + c.passwordFile = config.age.secrets.copyparty-c.path; + }; + volumes = { + "/media" = { + path = "/var/lib/media/library"; + access = { + r = "*"; + rw = ["c"]; + }; + }; + }; + }; + caddy.virtualHosts.${domain}.extraConfig = '' + reverse_proxy http://127.0.0.1:3210 + ''; + }; + age.secrets."copyparty-c" = { + file = ../../secrets/copyparty-c.age; + mode = "400"; + owner = "copyparty"; + }; +} diff --git a/hosts/hermes/default.nix b/hosts/hermes/default.nix index d6978bd..6487805 100644 --- a/hosts/hermes/default.nix +++ b/hosts/hermes/default.nix @@ -2,6 +2,7 @@ imports = [ ./hardware-configuration.nix ./configuration.nix + ./copyparty.nix ./ddns.nix ./quassel.nix ./fail2ban.nix diff --git a/modules/nix.nix b/modules/nix.nix index df56701..329b39a 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -1,6 +1,7 @@ {inputs, ...}: { nix = { registry.nixpkgs.flake = inputs.nixpkgs; + registry.unstable.flake = inputs.unstable; gc = { automatic = true; dates = "weekly"; diff --git a/secrets/cloudflare-api.age b/secrets/cloudflare-api.age index 1ee3de6..60ba28a 100644 --- a/secrets/cloudflare-api.age +++ b/secrets/cloudflare-api.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 /RyXeg p2ROUhWiDQDOjALQnhhf566js8ivYTsgwNfCaaoe6yQ -UnCc2/4lb+PxnrKdAPVqwAyXavFGr8M3NV3+fSSdAU0 --> ssh-ed25519 aSaoJQ hHqpvUCaH5RLAQwTdH1llfF/0aTraXtl25qFDaFhUwk -+4VMHc3PGR9HBlVTw4anbYORQPgFl24WGF5pwmt7w20 ---- qa7ctM764SNg3u/ITk+6DRXbLqF1Lom1xgKysY9DrkE -Z;Q -7k4%#pqvy] ieǺ]ɩi!4=s䉁JfpHs29sF}˪#i8 \ No newline at end of file +-> ssh-ed25519 /RyXeg 9MmkRSN4Pxm/euJsg3CiOmfGURBb6OSPzluA80cYOAE +QYMH4LFbOsK6kIExn68Bxaof+kam3TTbMcHhCJ412KY +-> ssh-ed25519 aSaoJQ bDhF3Ibh5hG/E8kSOMYA2zsixtOrn39YfM8SQOH02Sc +IryhokRkj3Hqb/09850ROdHu45e7ldHVE1yJJXsGjZ8 +--- xn812SYQ+FfSlMJ89BFtjNJZYVz7G1Tl63lhLF9jops +?|8` JE巓T7ۓA5W]ט"'2Ј*`Jɧ`Oq!< \ No newline at end of file diff --git a/secrets/copyparty-c.age b/secrets/copyparty-c.age new file mode 100644 index 0000000..514f9dc --- /dev/null +++ b/secrets/copyparty-c.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 /RyXeg L3snhcjG3XkMDoehtE1UyJ32D8vzLE8+D7ZQp4m+S0w +FqrvB5ve6xLedf2N982uQB7FBRQinubVFSpJ1wj7fBw +-> ssh-ed25519 aSaoJQ AHhV+ob0AO5/jkoNy/138Qjpnq6bgQJOS7gu9NxPagg +5ie/QslRuqJBzOXHWulGIFnZXaPUHBbWhxKJnoCDsXg +--- vhZK1PYh5jncrrXGGWiE0mvDCN/O/Rvh2WGYBBimC8w +/NGOtfmAx}OA}i2t~q ] \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f66bfbb..9d0b2e5 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -10,6 +10,7 @@ in { "mesh-conf-infra.age".publicKeys = keys.c ++ allSystems; "mesh-conf-cleslie.age".publicKeys = keys.c ++ allSystems; "forgejo-password.age".publicKeys = keys.c ++ [systems.hermes]; + "copyparty-c.age".publicKeys = keys.c ++ [systems.hermes]; "cloudflare-api.age".publicKeys = keys.c ++ [systems.hermes]; "vaultwarden-env.age".publicKeys = keys.c ++ [systems.hermes]; }