diff --git a/flake.lock b/flake.lock index 0a6c9c7..547937a 100644 --- a/flake.lock +++ b/flake.lock @@ -68,11 +68,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -83,7 +83,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1710146030, @@ -101,7 +101,25 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_7" }, "locked": { "lastModified": 1726560853, @@ -159,6 +177,136 @@ "type": "github" } }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "thymis", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, + "libcamera-src": { + "flake": false, + "locked": { + "lastModified": 1725630279, + "narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=", + "owner": "raspberrypi", + "repo": "libcamera", + "rev": "69a894c4adad524d3063dd027f5c4774485cf9db", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "repo": "libcamera", + "rev": "69a894c4adad524d3063dd027f5c4774485cf9db", + "type": "github" + } + }, + "libpisp-src": { + "flake": false, + "locked": { + "lastModified": 1724944683, + "narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=", + "owner": "raspberrypi", + "repo": "libpisp", + "rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "v1.0.7", + "repo": "libpisp", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "thymis", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720066371, + "narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "622f829f5fe69310a866c8a6cd07e747c44ef820", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1727571693, + "narHash": "sha256-b7sFVeqMtz8xntCL3tBY3O8suTg5PeF53LTL3eCcKyc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "bb58a3bf239e03fca9d51062e2fe028a4ea5a3d1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "thymis", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1727917377, + "narHash": "sha256-eefXdEPUMuhiV6Vy3ASSyApCseE9OoKDgL/G6qenw/4=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "9ae128172f823956e54947fe471bc6dfa670ecb4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1728056216, + "narHash": "sha256-IrO06gFUDTrTlIP3Sz+mRB6WUoO2YsgMtOD3zi0VEt0=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "b7ca02c7565fbf6d27ff20dd6dbd49c5b82eef28", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1728500571, @@ -176,6 +324,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1725826545, + "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1717281328, "narHash": "sha256-evZPzpf59oNcDUXxh2GHcxHkTEG4fjae2ytWP85jXRo=", @@ -191,7 +355,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1717144377, "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", @@ -207,6 +371,61 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "thymis", + "flake-utils" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "thymis", + "nixpkgs" + ], + "systems": "systems_4", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1727711975, + "narHash": "sha256-zkkL5gw+TNXhVO2zpeH70TKh2dSzUbkBbO6gKHO37s0=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "ef877b8e159b23f36ebc39155021657bed744a68", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, + "raspberry-pi-nix": { + "inputs": { + "libcamera-src": "libcamera-src", + "libpisp-src": "libpisp-src", + "nixpkgs": "nixpkgs_2", + "rpi-bluez-firmware-src": "rpi-bluez-firmware-src", + "rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src", + "rpi-firmware-src": "rpi-firmware-src", + "rpi-linux-6_10_8-src": "rpi-linux-6_10_8-src", + "rpi-linux-6_6_47-src": "rpi-linux-6_6_47-src", + "rpicam-apps-src": "rpicam-apps-src", + "u-boot-src": "u-boot-src" + }, + "locked": { + "lastModified": 1726837731, + "narHash": "sha256-+yZWOHSCwrdSiDviF40o0vb8D+9QfUhcVKWTAskV0Kk=", + "owner": "nix-community", + "repo": "raspberry-pi-nix", + "rev": "d342e97d257f946c16bf6b610cf58d95555be8e7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "raspberry-pi-nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -214,11 +433,114 @@ "nixpkgs": "nixpkgs", "stable": "stable", "tasiaiso-vulpecula-zone": "tasiaiso-vulpecula-zone", + "thymis": "thymis", "tildefriends": "tildefriends", "vedirect-reader": "vedirect-reader", "vulpecula-zone": "vulpecula-zone" } }, + "rpi-bluez-firmware-src": { + "flake": false, + "locked": { + "lastModified": 1708969706, + "narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=", + "owner": "RPi-Distro", + "repo": "bluez-firmware", + "rev": "78d6a07730e2d20c035899521ab67726dc028e1c", + "type": "github" + }, + "original": { + "owner": "RPi-Distro", + "ref": "bookworm", + "repo": "bluez-firmware", + "type": "github" + } + }, + "rpi-firmware-nonfree-src": { + "flake": false, + "locked": { + "lastModified": 1723266537, + "narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=", + "owner": "RPi-Distro", + "repo": "firmware-nonfree", + "rev": "4b356e134e8333d073bd3802d767a825adec3807", + "type": "github" + }, + "original": { + "owner": "RPi-Distro", + "ref": "bookworm", + "repo": "firmware-nonfree", + "type": "github" + } + }, + "rpi-firmware-src": { + "flake": false, + "locked": { + "lastModified": 1725277507, + "narHash": "sha256-DN+NlesZ8YfuVwLKQSHckvpNZxqsbKRflOcS3ShO3Ss=", + "owner": "raspberrypi", + "repo": "firmware", + "rev": "b5eb52b343e9bc1391a8059a38e12e470c109f5c", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "1.20240902", + "repo": "firmware", + "type": "github" + } + }, + "rpi-linux-6_10_8-src": { + "flake": false, + "locked": { + "lastModified": 1725639824, + "narHash": "sha256-ogItkH2cBiNGmenJUPAhAH591qufrWh1zeqAJCNAExw=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "0c0217e02da43439fb08b2f6b09530723331ed15", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "rpi-6.10.y", + "repo": "linux", + "type": "github" + } + }, + "rpi-linux-6_6_47-src": { + "flake": false, + "locked": { + "lastModified": 1725956269, + "narHash": "sha256-zn1Totn8NU8MCJmWRGsdarNeSo8rzscrBnhdRVMBuT0=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "cc50cdbcf3e8f065bd7798a92689f54578b4169f", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "rpi-6.6.y", + "repo": "linux", + "type": "github" + } + }, + "rpicam-apps-src": { + "flake": false, + "locked": { + "lastModified": 1725543038, + "narHash": "sha256-rl5GVigiZWXkpfIteRWUMjtCaPweXRWrBrZOjQ1hiU8=", + "owner": "raspberrypi", + "repo": "rpicam-apps", + "rev": "d7a1a13b041ef2842cd56d7e395b8c9a0ffc3bf5", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "v1.5.1", + "repo": "rpicam-apps", + "type": "github" + } + }, "stable": { "locked": { "lastModified": 1728500571, @@ -281,6 +603,20 @@ } }, "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -295,7 +631,22 @@ "type": "github" } }, - "systems_5": { + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_7": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -331,10 +682,36 @@ "url": "https://git.vulpecula.zone/tasiaiso/tasiaiso.vulpecula.zone" } }, - "tildefriends": { + "thymis": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2" + "home-manager": "home-manager_3", + "nixos-generators": "nixos-generators", + "nixos-hardware": "nixos-hardware", + "nixpkgs": [ + "stable" + ], + "poetry2nix": "poetry2nix", + "raspberry-pi-nix": "raspberry-pi-nix" + }, + "locked": { + "lastModified": 1728493756, + "narHash": "sha256-KI/sVUj4cAm3Z+RQQaoZox8sCLkOuGmHTsfdsEYJa7s=", + "owner": "Thymis-io", + "repo": "thymis", + "rev": "9659b42d0e25c1dc1292374870bcce854770e436", + "type": "github" + }, + "original": { + "owner": "Thymis-io", + "repo": "thymis", + "type": "github" + } + }, + "tildefriends": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1728610894, @@ -351,10 +728,45 @@ "url": "https://dev.tildefriends.net/cory/tildefriends" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "thymis", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1727431250, + "narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "879b29ae9a0378904fbbefe0dadaed43c8905754", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "u-boot-src": { + "flake": false, + "locked": { + "lastModified": 1719857238, + "narHash": "sha256-mJ2TBy0Y5ZtcGFgtU5RKr0UDUp5FWzojbFb+o/ebRJU=", + "type": "tarball", + "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2" + }, + "original": { + "type": "tarball", + "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2" + } + }, "vedirect-reader": { "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_3" + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1717688985, @@ -372,7 +784,7 @@ }, "vulpecula-zone": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "stable" ] diff --git a/flake.nix b/flake.nix index 470b112..b63c6db 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,11 @@ inputs.nixpkgs.follows = "stable"; }; + thymis = { + url = "github:Thymis-io/thymis"; + inputs.nixpkgs.follows = "stable"; + }; + tildefriends.url = "git+https://dev.tildefriends.net/cory/tildefriends?ref=main"; vedirect-reader.url = "git+https://gitea.com/tasiaiso/vedirect-reader"; @@ -45,8 +50,7 @@ self, nixpkgs, stable, - # unstable, - # home-manager-unstable, + thymis, home-manager, vedirect-reader, # nixos-conf-editor, diff --git a/hosts/vulpecula-vps/configuration.nix b/hosts/vulpecula-vps/configuration.nix index b73c943..2735c20 100644 --- a/hosts/vulpecula-vps/configuration.nix +++ b/hosts/vulpecula-vps/configuration.nix @@ -13,6 +13,7 @@ in { ./forgejo.nix ./grafana.nix ./tasiaiso.nix + ./thymis.nix ]; networking = { diff --git a/hosts/vulpecula-vps/thymis.nix b/hosts/vulpecula-vps/thymis.nix new file mode 100644 index 0000000..4235700 --- /dev/null +++ b/hosts/vulpecula-vps/thymis.nix @@ -0,0 +1,35 @@ +{ + lib, + inputs, + ... +}: { + imports = [ + inputs.thymis.nixosModules.thymis-controller + ]; + + services.thymis-controller = { + enable = true; + system-binfmt-aarch64-enable = true; # enables emulation of aarch64 binaries, default is true on x86_64, needed for building aarch64 images on x86_64 + system-binfmt-x86_64-enable = false; # enables emulation of x86_64 binaries, default is false + repo-path = "/var/lib/thymis/repository"; # directory where the controller will store the repository holding the project + database-url = "sqlite:////var/lib/thymis/thymis.sqlite"; # URL of the database + base-url = "https://thymis.vulpecula.zone/"; # base URL of the controller, how it will be accessed from the outside + auth-basic = true; # whether to enable authentication using a basic username/password + auth-basic-username = "admin"; # username for basic authentication + auth-basic-password-file = "/var/lib/thymis/auth-basic-password"; # file containing the password for basic authentication + # content will be automatically generated if it does not exist + listen-host = "127.0.0.1"; # host on which the controller listens for incoming connections + listen-port = 8000; # port on which the controller listens for incoming connections + nginx-vhost-enable = false; # whether to enable the Nginx virtual host + nginx-vhost-name = "wallabag.vulpecula.zone"; # name of the Nginx virtual host + }; + + # Configure the Nginx virtual host + services.nginx = { + virtualHosts."wallabag.vulpecula.zone" = { + serverName = "wallabag.vulpecula.zone"; + enableACME = true; + forceSSL = true; + }; + }; +}