Compare commits
21 Commits
3d79cc84a3
...
stage
| Author | SHA1 | Date | |
|---|---|---|---|
| 2762c323e9 | |||
| bd71d6e2f5 | |||
| 4899a37a82 | |||
| 99200dc201 | |||
| 4fb1c8957a | |||
| d2c274fca5 | |||
| eac627765a | |||
| 63de76572b | |||
| cbb94d9f4e | |||
| 84745a3dc7 | |||
| 1d3a931fd0 | |||
| 23b0695cf2 | |||
| b1a26b681f | |||
| 401ab250f1 | |||
| cd864b4061 | |||
|
6d2c5267a4 | ||
|
|
76bcc114a1 | ||
|
|
f2a482a46f | ||
|
|
969d8d8d5e | ||
|
|
518a7d0ffb | ||
|
|
2d6ad9f090 |
@@ -11,6 +11,7 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.pia-vpn;
|
||||
hostName = config.networking.hostName;
|
||||
|
||||
mkContainer = name: ctr: {
|
||||
autoStart = true;
|
||||
@@ -28,6 +29,9 @@ let
|
||||
config = { config, pkgs, lib, ... }: {
|
||||
imports = allModules ++ [ ctr.config ];
|
||||
|
||||
ntfy-alerts.ignoredUnits = [ "logrotate" ];
|
||||
ntfy-alerts.hostLabel = "${hostName}/${name}";
|
||||
|
||||
# Static IP with gateway pointing to VPN container
|
||||
networking.useNetworkd = true;
|
||||
systemd.network.enable = true;
|
||||
|
||||
@@ -6,6 +6,7 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.pia-vpn;
|
||||
hostName = config.networking.hostName;
|
||||
scripts = import ./scripts.nix;
|
||||
|
||||
# Port forwarding derived state
|
||||
@@ -98,6 +99,8 @@ in
|
||||
|
||||
# Route ntfy alerts through the host proxy (VPN container has no gateway on eth0)
|
||||
ntfy-alerts.curlExtraArgs = "--proxy http://${cfg.hostAddress}:${toString cfg.proxyPort}";
|
||||
ntfy-alerts.ignoredUnits = [ "logrotate" ];
|
||||
ntfy-alerts.hostLabel = "${hostName}/pia-vpn";
|
||||
|
||||
# Enable forwarding so bridge traffic can go through WG
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
|
||||
@@ -26,6 +26,12 @@
|
||||
default = [ ];
|
||||
description = "Unit names to skip failure notifications for.";
|
||||
};
|
||||
|
||||
hostLabel = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = config.networking.hostName;
|
||||
description = "Label used in ntfy alert titles to identify this host/container.";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf config.thisMachine.hasRole."ntfy" {
|
||||
|
||||
@@ -32,7 +32,7 @@ in
|
||||
--max-time 30 --retry 3 \
|
||||
${cfg.curlExtraArgs} \
|
||||
-H "Authorization: Bearer $NTFY_TOKEN" \
|
||||
-H "Title: Service failure on ${config.networking.hostName}" \
|
||||
-H "Title: Service failure on ${cfg.hostLabel}" \
|
||||
-H "Priority: high" \
|
||||
-H "Tags: rotating_light" \
|
||||
-H "Message: Unit $unit failed at $(date +%c)" \
|
||||
|
||||
@@ -19,6 +19,15 @@ in
|
||||
"--hdr-itm-enabled"
|
||||
"--adaptive-sync"
|
||||
];
|
||||
steamArgs = [
|
||||
"-steamos3"
|
||||
"-gamepadui"
|
||||
"-pipewire-dmabuf"
|
||||
];
|
||||
env = {
|
||||
STEAM_ENABLE_VOLUME_HANDLER = "1";
|
||||
STEAM_DISABLE_AUDIO_DEVICE_SWITCHING = "1";
|
||||
};
|
||||
};
|
||||
environment.systemPackages = [ pkgs.gamescope-wsi ];
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{ config, lib, ... }:
|
||||
{ config, lib, allModules, ... }:
|
||||
|
||||
# Gitea Actions Runner inside a NixOS container.
|
||||
# The container shares the host's /nix/store (read-only) and nix-daemon socket,
|
||||
@@ -8,7 +8,7 @@
|
||||
|
||||
let
|
||||
thisMachineIsARunner = config.thisMachine.hasRole."gitea-actions-runner";
|
||||
hostOverlays = config.nixpkgs.overlays;
|
||||
hostName = config.networking.hostName;
|
||||
containerName = "gitea-runner";
|
||||
giteaRunnerUid = 991;
|
||||
giteaRunnerGid = 989;
|
||||
@@ -32,8 +32,10 @@ in
|
||||
};
|
||||
|
||||
config = { config, lib, pkgs, ... }: {
|
||||
system.stateVersion = "25.11";
|
||||
nixpkgs.overlays = hostOverlays;
|
||||
imports = allModules;
|
||||
|
||||
ntfy-alerts.ignoredUnits = [ "logrotate" ];
|
||||
ntfy-alerts.hostLabel = "${hostName}/${containerName}";
|
||||
|
||||
services.gitea-actions-runner.instances.inst = {
|
||||
enable = true;
|
||||
|
||||
56
flake.lock
generated
56
flake.lock
generated
@@ -53,11 +53,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772587858,
|
||||
"narHash": "sha256-w0/XBU20BdBeEIJ9i3ecr9Lc6c8uQaXUn/ri+aOsyJk=",
|
||||
"lastModified": 1773106230,
|
||||
"narHash": "sha256-ob/uMOU6CyRES+/SIxnMDhDAZUQr228JdBPKkGu8m/c=",
|
||||
"owner": "sadjow",
|
||||
"repo": "claude-code-nix",
|
||||
"rev": "0a5fc14be38fabfcfff18db749b63c9c15726765",
|
||||
"rev": "5cbf0a4eba950cdc7d7982774a9bc189ab21cb99",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -186,11 +186,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1769939035,
|
||||
"narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=",
|
||||
"lastModified": 1772893680,
|
||||
"narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "a8ca480175326551d6c4121498316261cbb5b260",
|
||||
"rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -228,11 +228,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772569491,
|
||||
"narHash": "sha256-bdr6ueeXO1Xg91sFkuvaysYF0mVdwHBpdyhTjBEWv+s=",
|
||||
"lastModified": 1773179137,
|
||||
"narHash": "sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "924e61f5c2aeab38504028078d7091077744ab17",
|
||||
"rev": "3f98e2bbc661ec0aaf558d8a283d6955f05f1d09",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -250,11 +250,11 @@
|
||||
"spectrum": "spectrum"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772338235,
|
||||
"narHash": "sha256-9XcwtSIL/c+pkC3SBNuxCJuSktFOBV1TLvvkhekyB8I=",
|
||||
"lastModified": 1773018425,
|
||||
"narHash": "sha256-fpgZBmZpKoEXEowBK/6m8g9FcOLWQ4UxhXHqCw2CpSM=",
|
||||
"owner": "astro",
|
||||
"repo": "microvm.nix",
|
||||
"rev": "9d1ff9b53532908a5eba7707931c9093508b6b92",
|
||||
"rev": "25ebda3c558e923720c965832dc9a04f559a055c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -270,11 +270,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772341813,
|
||||
"narHash": "sha256-/PQ0ubBCMj/MVCWEI/XMStn55a8dIKsvztj4ZVLvUrQ=",
|
||||
"lastModified": 1772945408,
|
||||
"narHash": "sha256-PMt48sEQ8cgCeljQ9I/32uoBq/8t8y+7W/nAZhf72TQ=",
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "a2051ff239ce2e8a0148fa7a152903d9a78e854f",
|
||||
"rev": "1c1d8ea87b047788fd7567adf531418c5da321ec",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -285,11 +285,11 @@
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1771969195,
|
||||
"narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
|
||||
"lastModified": 1772972630,
|
||||
"narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
|
||||
"rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -301,11 +301,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1772542754,
|
||||
"narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=",
|
||||
"lastModified": 1772963539,
|
||||
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4",
|
||||
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -344,11 +344,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772064816,
|
||||
"narHash": "sha256-ks1D9Rtmopd5F/8ENjEUJpSYYMxv603/v6TRen9Hq54=",
|
||||
"lastModified": 1773194666,
|
||||
"narHash": "sha256-YbsbqtTB3q0JjP7/G7GO58ea49cps1+8sb95/Bt7oVs=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "nixos-mailserver",
|
||||
"rev": "ea4dc17f4bc0f65eed082fa394509e4543072b56",
|
||||
"rev": "489fbc4e0ef987cfdce700476abafe3269ebf3e5",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
@@ -361,11 +361,11 @@
|
||||
"spectrum": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1759482047,
|
||||
"narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
|
||||
"lastModified": 1772189877,
|
||||
"narHash": "sha256-i1p90Rgssb//aNiTDFq46ZG/fk3LmyRLChtp/9lddyA=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
|
||||
"revCount": 996,
|
||||
"rev": "fe39e122d898f66e89ffa17d4f4209989ccb5358",
|
||||
"revCount": 1255,
|
||||
"type": "git",
|
||||
"url": "https://spectrum-os.org/git/spectrum"
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user