001_momo_koeln: Install caddy and keycloak #214

Merged
axeman merged 8 commits from momo/keycloak into momo/main 2023-04-25 16:02:44 +00:00
29 changed files with 95 additions and 381 deletions
Showing only changes of commit b55dace1ea - Show all commits

View file

@ -1,11 +0,0 @@
#!/usr/bin/env sh
set -e
# Setup ssh inside container
mkdir -p ~/.ssh
echo "$GITEA_SSH_KEY" > ~/.ssh/id_rsa
echo "[git.b12f.io]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4uaREL7acSSCNAX+voDYl1Kj7JipP62fR5x1UyGP9u" >> ~/.ssh/known_hosts
echo "Host git.b12f.io" >> ~/.ssh/config
echo " Port 2222" >> ~/.ssh/config
chmod -R 600 ~/.ssh

View file

@ -1,12 +0,0 @@
#!/usr/bin/env sh
set -e
set -u
LOCAL="$DRONE_BRANCH"
[ "$LOCAL" = "main" ] && UPSTREAM=origin/devos || UPSTREAM=origin/main
git fetch --all
git checkout "$LOCAL"
git merge "$UPSTREAM"
git push origin "$LOCAL"

View file

@ -1,38 +0,0 @@
---
name: Bug report
about: Create a report to help improve
title: ''
labels: 'bug'
assignees: ''
---
Your issue may already be reported!
Please search on the [issue tracker](../) before creating one.
## Expected Behavior
<!--- What should happen? -->
<!--- How it should work? -->
## Current Behavior
<!--- What happens instead of the expected behavior? -->
## Possible Solution
<!--- Not obligatory, but suggest a fix/reason for the bug, -->
<!--- or ideas how to implement the addition or change -->
## Steps to Reproduce
<!--- An unambiguous set of steps to reproduce this bug. -->
<!--- Linked fork or gist if needed. -->
1.
2.
3.
4.
## Context
<!--- How has this issue affected you? What are you trying to accomplish? -->
<!--- Providing context helps us come up with a solution that is most useful in the real world. -->
## Your Environment
<!--- Include relevant details about the environment you experienced the bug in. -->
<!--- If you have run `bud update`, for example, post the flake.lock file. -->

View file

@ -1,22 +0,0 @@
---
name: Commuity Request
about: inspire contribution to the `community` branch
title: ''
labels: 'community'
assignees: ''
---
Your issue may already be reported!
Please search on the [issue tracker](../) before creating one.
## Ideas
<!--- The `community` branch is meant to provide various preconfigured system options, -->
<!--- useful to all kinds of users. -->
<!--- The point is to engage the community for what it thinks are -->
<!--- sane defaults for various tools. -->
## Requests
<!--- Have a tool that you'd like to see a system profile for? -->
<!--- Feel free to request it here. -->

View file

@ -1,24 +0,0 @@
---
name: Feature request
about: Suggest an idea
title: ''
labels: 'enhancement'
assignees: ''
---
Your issue may already be reported!
Please search on the [issue tracker](../) before creating one.
## Would your feature fix an existing issue?
<!--- If your idea is related to, or resolves other issues, please mention. -->
## Describe the solution you'd like
<!--- What you want to happen. -->
## Describe alternatives you've considered
<!--- Any alternative solutions or features you've considered? -->
## Additional context
<!--- Is this feature only useful for a particular usecase? -->
<!--- Please elaborate. -->

View file

@ -1,16 +0,0 @@
---
name: Upstream notice (Issues or Changes)
about: Create an upstream notice to help our research
title: '[ <put the upstream project> ]: <topic>'
labels: 'upstream'
assignees: ''
---
## Link
<!-- just place a link to the upstream issue, or PR -->
## Context
<!-- We want to make this as cheap for you as possible.
Context is not required but helpful -->

View file

@ -1,29 +0,0 @@
name: "Check & Cachix"
on:
push:
branches:
- main
- trying
- staging
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: cachix/install-nix-action@v13
with:
install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210415_76980a1/install
extra_nix_config: |
experimental-features = nix-command flakes
system-features = nixos-test benchmark big-parallel kvm recursive-nix
substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org
trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
- uses: cachix/cachix-action@v10
with:
name: nrdxp
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix -Lv flake check
- run: nix -Lv build ".#nixosConfigurations.NixOS.config.system.build.toplevel"
- run: nix -Lv develop -c echo OK
- run: nix -Lv develop --command bud --help

View file

@ -1,27 +0,0 @@
name: Deploy Docs to GitHub Pages
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: Setup mdBook
uses: peaceiris/actions-mdbook@v1
with:
mdbook-version: 'latest'
- run: mdbook build doc
- name: Deploy
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_branch: gh-pages
publish_dir: ./doc/book
cname: devos.divnix.com

View file

@ -1,71 +0,0 @@
name: Release
on:
push:
tags:
- v*
jobs:
changelog:
name: Update Changelog
runs-on: ubuntu-latest
steps:
- name: Get version from tag
env:
GITHUB_REF: ${{ github.ref }}
run: |
export CURRENT_VERSION=${GITHUB_TAG/refs\/tags\/v/}
echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@v2
with:
ref: main
- name: Update Changelog
uses: heinrichreimer/github-changelog-generator-action@v2.1.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
issues: false
issuesWoLabels: false
pullRequests: true
prWoLabels: true
addSections: '{"documentation":{"prefix":"**Documentation:**","labels":["documentation"]}}'
- uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: Update Changelog for tag ${{ env.CURRENT_VERSION }}
file_pattern: CHANGELOG.md
release_notes:
name: Create Release Notes
runs-on: ubuntu-latest
needs: changelog
steps:
- name: Get version from tag
env:
GITHUB_REF: ${{ github.ref }}
run: |
export CURRENT_VERSION=${GITHUB_TAG/refs\/tags\/v/}
echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@v2
with:
ref: main
- name: Get Changelog Entry
id: changelog_reader
uses: mindsers/changelog-reader-action@v1
with:
version: ${{ env.CURRENT_VERSION }}
path: ./CHANGELOG.md
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
body: ${{ steps.changelog_reader.outputs.log_entry }}
draft: false
prerelease: false

View file

@ -5,7 +5,6 @@ let
ciSystems = [
"aarch64-linux"
"i686-linux"
"x86_64-linux"
];

View file

@ -59,5 +59,5 @@ list of strings
_*Default*_
```
["aarch64-linux","aarch64-darwin","i686-linux","x86_64-darwin","x86_64-linux"]
["aarch64-linux","aarch64-darwin","x86_64-darwin","x86_64-linux"]
```

View file

@ -1,5 +1,9 @@
[book]
authors = ["Timothy DeHerrera"]
authors = [
"Timothy DeHerrera",
"Parthiv Seetharaman",
"David Arnold",
]
language = "en"
multilingual = false
src = "."

View file

@ -9,8 +9,7 @@
Users are a special case of [profiles](profiles.md) that define system
users and [home-manager][home-manager] configurations. For your convenience,
home manager is wired in by default so all you have to worry about is declaring
your users. For a fully fleshed out example, check out the developers personal
[branch](https://github.com/divnix/devos/tree/nrd/users/nrd/default.nix).
your users.
## Basic Usage
@ -60,18 +59,6 @@ using the `homeConfigurations` flake output.
This is great for keeping your environment consistent across Unix-like systems,
including macOS.
### From within the projects devshell:
```sh
# builds the pub-solar user defined in the PubSolarOS host
nix build '.#homeConfigurations."pub-solar@PubSolarOS".activationPackage'
# build and activate
nix build '.#homeConfigurations."pub-solar@PubSolarOS".activationPackage' && ./result/activate && unlink result
```
### Manually from outside the project:
```sh
# build
nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPackage"
@ -81,5 +68,5 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac
```
[home-manager]: https://nix-community.github.io/home-manager
[modules-list]: https://github.com/divnix/devos/tree/main/users/modules/module-list.nix
[modules-list]: https://github.com/divnix/digga/tree/main/users/modules/module-list.nix
[portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers

View file

@ -4,7 +4,8 @@ The only dependency is nix, so make sure you have it [installed][install-nix].
## Get the Template
If you currently don't have flakes setup, you can utilize the digga shell to pull the template:
If you currently don't have flakes setup, you can utilize the digga shell to
pull the template:
```sh
nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \
@ -22,37 +23,26 @@ Then make sure to create the git repository:
```sh
git init
git add .
git commit -m init
git commit
```
To drop into a nix-shell, if you don't have flakes setup, use the digga shell to create a `flake.lock`:
```sh
nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \
--run "nix flake lock"
```
Or if you do have flakes support, just run:
```sh
nix flake lock
```
Finally, run `nix-shell` to get to an interactive shell with all the dependencies, including the unstable nix
version required. You can run `menu` to confirm that you are using digga (expected output includes [docs], [general commands], [linter], etc.).
Finally, run `nix-shell` to get to an interactive shell with all the
dependencies, including the unstable nix version required. You can run `menu` to
confirm that you are using digga (expected output includes [docs], [general
commands], [linter], etc.).
In addition, the [binary cache](../integrations/cachix.md) is added for faster deployment.
> ##### _Notes:_
> # _Notes:_
>
> - Flakes ignore files that have not been added to git, so be sure to stage new
> files before building the system.
> - You can choose to simply clone the repo with git if you want to follow
> upstream changes.
> - If the `nix-shell -p cachix --run "cachix use nrdxp"` line doesn't work
> you can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"`
> - If the `nix-shell -p cachix --run "cachix use nrdxp"` line doesn't work you
> can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"`
## Next Steps:
## Next Steps
- [Make installable ISO](./iso.md)

View file

@ -14,12 +14,21 @@ be built during CI.
## Integration Tests
All your profiles defined in suites will be tested in a NixOS VM.
All your profiles defined in suites can be tested against an individual host.
Simply use digga's pre-baked `digga.lib.allProfilesTest` like so:
```nix
{
hosts = {
Morty.tests = [ allProfilesTest ];
};
}
```
You can write integration tests for one or more NixOS VMs that can,
optionally, be networked together, and yes, it's as awesome as it sounds!
Be sure to use the `mkTest` function from digga, `digga.lib.pkgs-lib.mkTest`
Be sure to use the `mkTest` function from Digga, `digga.lib.mkTest`
which wraps the official [testing-python][testing-python] function to ensure
that the system is setup exactly as it is for a bare DevOS system. There are
already great resources for learning how to use these tests effectively,
@ -28,7 +37,7 @@ and the examples in [nixpkgs][nixos-tests].
[test-doc]: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests
[test-blog]: https://www.haskellforall.com/2020/11/how-to-use-nixos-for-lightweight.html
[default]: https://github.com/divnix/devos/tree/main/tests/default.nix
[default]: https://github.com/divnix/devos/tree/core/tests/default.nix
[run-test]: https://github.com/NixOS/nixpkgs/blob/6571462647d7316aff8b8597ecdf5922547bf365/lib/debug.nix#L154-L166
[nixos-tests]: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests
[testing-python]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib/testing-python.nix

View file

@ -2,8 +2,6 @@
description = "A highly structured configuration database.";
nixConfig.extra-experimental-features = "nix-command flakes";
nixConfig.extra-substituters = "https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org";
nixConfig.extra-trusted-public-keys = "nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
inputs = {
# Track channels with commits tested and built by hydra
@ -99,9 +97,7 @@
imports = [(digga.lib.importHosts ./hosts)];
hosts = {
/*
set host specific properties here
*/
# Set host-specific properties here
bootstrap = {
modules = [
digga.nixosModules.bootstrapIso

View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
# Use the GRUB 2 boot loader.
boot.loader.systemd-boot.enable = false;
boot.loader.grub.enable = true;
@ -11,8 +14,8 @@
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" "dm-snapshot"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
@ -20,18 +23,18 @@
device = "/dev/disk/by-uuid/531ee357-5777-498f-abbf-64bb4cff9a14";
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f5b3152a-a3bd-46d1-968f-53d50fca921e";
fileSystems."/" = {
device = "/dev/disk/by-uuid/f5b3152a-a3bd-46d1-968f-53d50fca921e";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1fd053f8-725b-418d-aed1-aee71dac2b62";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1fd053f8-725b-418d-aed1-aee71dac2b62";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/46191ecf-244c-4445-b1c0-ae3059871a70"; }
swapDevices = [
{device = "/dev/disk/by-uuid/967d1933-131d-4b56-8aa9-15c11ff940c9";}
];
networking = {

View file

@ -1,2 +1,10 @@
{lib}:
lib.makeExtensible (self: {})
lib.makeExtensible (self: let
callLibs = file: import file {lib = self;};
in rec {
## Define your own library functions here!
#id = x: x;
## Or in files, containing functions that take {lib}
#foo = callLibs ./foo.nix;
## In configs, they can be used under "lib.our"
})

View file

@ -96,7 +96,13 @@ in {
};
# Enable bluetooth
hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true;
hardware.bluetooth = mkIf cfg.bluetooth.enable {
enable = true;
# disable useless SIM Access Profile plugin
disabledPlugins = [
"sap"
];
};
services.blueman.enable = mkIf cfg.bluetooth.enable true;
# Enable audio server & client

View file

@ -56,12 +56,12 @@ in {
# Caddy reverse proxy for local services like cups
services.caddy = {
enable = cfg.enableCaddy;
globalConfig = ''
enable = lib.mkDefault cfg.enableCaddy;
globalConfig = lib.mkDefault ''
default_bind 127.0.0.1
auto_https off
'';
extraConfig = concatStringsSep "\n" [
extraConfig = lib.mkDefault (concatStringsSep "\n" [
(lib.optionalString
config.pub-solar.printing.enable
''
@ -79,7 +79,7 @@ in {
file_server
}
'')
];
]);
};
};
}

View file

@ -15,13 +15,14 @@
auto-optimise-store = true;
# Prevents impurities in builds
sandbox = true;
# give root and @wheel special privileges with nix
# Give root and @wheel special privileges with nix
trusted-users = ["root" "@wheel"];
# This is just a representation of the nix default
system-features = ["nixos-test" "benchmark" "big-parallel" "kvm"];
# Allow only group wheel to connect to the nix daemon
allowed-users = ["@wheel"];
};
# Generally useful nix option defaults
extraOptions = ''
extraOptions = lib.mkForce ''
experimental-features = flakes nix-command
min-free = 536870912
keep-outputs = true
keep-derivations = true

View file

@ -23,7 +23,7 @@ let
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
mkdir -p $(dirname \\$nix_user_config_file)
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
echo '{"extra-experimental-features":{"nix-command flakes":true}}' > \\$nix_user_config_file
chown -R build /home/build/
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz

View file

@ -1,13 +0,0 @@
{
pkgs,
lib,
...
}: let
folder = ./.;
toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key && key != "default.nix";
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in {
inherit imports;
nix.settings.substituters = ["https://cache.nixos.org/"];
}

View file

@ -1,10 +0,0 @@
{
nix.settings = {
substituters = [
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
}

View file

@ -1,10 +0,0 @@
{
nix.settings = {
substituters = [
"https://nrdxp.cachix.org"
];
trusted-public-keys = [
"nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4="
];
};
}

View file

@ -7,8 +7,6 @@
}: let
inherit (lib) fileContents;
in {
imports = [../cachix];
config = {
pub-solar.audio.mopidy.enable = true;
pub-solar.audio.bluetooth.enable = true;

View file

@ -7,7 +7,6 @@
}: let
inherit (lib) fileContents;
in {
imports = [../cachix];
config = {
pub-solar.graphical.wayland.software-renderer.enable = true;
pub-solar.sway.terminal = "foot";

View file

@ -8,11 +8,11 @@
inherit
(pkgs)
agenix
alejandra
cachix
editorconfig-checker
mdbook
nix
alejandra
nodePackages
nvfetcher
shellcheck
shfmt
@ -25,21 +25,23 @@
prettier
;
hooks = import ./hooks;
pkgWithCategory = category: package: {inherit package category;};
devos = pkgWithCategory "devos";
linter = pkgWithCategory "linter";
docs = pkgWithCategory "docs";
formatter = pkgWithCategory "linter";
in {
_file = toString ./.;
imports = ["${extraModulesPath}/git/hooks.nix"];
git = {inherit hooks;};
imports = ["${extraModulesPath}/git/hooks.nix" ./hooks];
# override for our own welcome
devshell.name = pkgs.lib.mkForce "PubSolarOS";
packages = [
alejandra
editorconfig-checker
nodePackages.prettier
shellcheck
shfmt
];
commands = with pkgs;
[
(devos nix)
@ -50,14 +52,7 @@ in {
help = pkgs.nvfetcher.meta.description;
command = "cd $PRJ_ROOT/pkgs; ${pkgs.nvfetcher}/bin/nvfetcher -c ./sources.toml $@";
}
(linter alejandra)
(linter editorconfig-checker)
(linter nodePackages.prettier)
(linter shfmt)
(linter shellcheck)
(linter treefmt)
(docs mdbook)
(formatter treefmt)
]
++ lib.optionals (!pkgs.stdenv.buildPlatform.isi686) [
(devos cachix)

View file

@ -1,4 +1,6 @@
{
git.hooks = {
enable = true;
pre-commit.text = builtins.readFile ./pre-commit.sh;
};
}