tasiaiso/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

add thymis

Browse source
This commit is contained in:
Tasia Iso 2024-10-13 16:43:59 +02:00
parent 70342e334b
commit 78fe1d414a
Signed by: tasiaiso
SSH key fingerprint: SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
4 changed files with 466 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

436
flake.lock
View file

@ -68,11 +68,11 @@
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
@ -83,7 +83,7 @@
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1710146030,
@ -101,7 +101,25 @@
},
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
"systems": "systems_6"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1726560853,
@ -159,6 +177,136 @@
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"thymis",
"nixpkgs"
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
},
"libcamera-src": {
"flake": false,
"locked": {
"lastModified": 1725630279,
"narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=",
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
"type": "github"
}
},
"libpisp-src": {
"flake": false,
"locked": {
"lastModified": 1724944683,
"narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=",
"owner": "raspberrypi",
"repo": "libpisp",
"rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.0.7",
"repo": "libpisp",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"thymis",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1720066371,
"narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "622f829f5fe69310a866c8a6cd07e747c44ef820",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1727571693,
"narHash": "sha256-b7sFVeqMtz8xntCL3tBY3O8suTg5PeF53LTL3eCcKyc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "bb58a3bf239e03fca9d51062e2fe028a4ea5a3d1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"thymis",
"nixpkgs"
]
},
"locked": {
"lastModified": 1727917377,
"narHash": "sha256-eefXdEPUMuhiV6Vy3ASSyApCseE9OoKDgL/G6qenw/4=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "9ae128172f823956e54947fe471bc6dfa670ecb4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1728056216,
"narHash": "sha256-IrO06gFUDTrTlIP3Sz+mRB6WUoO2YsgMtOD3zi0VEt0=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "b7ca02c7565fbf6d27ff20dd6dbd49c5b82eef28",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1728500571,
@ -176,6 +324,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1725826545,
"narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1717281328,
"narHash": "sha256-evZPzpf59oNcDUXxh2GHcxHkTEG4fjae2ytWP85jXRo=",
@ -191,7 +355,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1717144377,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
@ -207,6 +371,61 @@
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": [
"thymis",
"flake-utils"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"thymis",
"nixpkgs"
],
"systems": "systems_4",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1727711975,
"narHash": "sha256-zkkL5gw+TNXhVO2zpeH70TKh2dSzUbkBbO6gKHO37s0=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "ef877b8e159b23f36ebc39155021657bed744a68",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"raspberry-pi-nix": {
"inputs": {
"libcamera-src": "libcamera-src",
"libpisp-src": "libpisp-src",
"nixpkgs": "nixpkgs_2",
"rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
"rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
"rpi-firmware-src": "rpi-firmware-src",
"rpi-linux-6_10_8-src": "rpi-linux-6_10_8-src",
"rpi-linux-6_6_47-src": "rpi-linux-6_6_47-src",
"rpicam-apps-src": "rpicam-apps-src",
"u-boot-src": "u-boot-src"
},
"locked": {
"lastModified": 1726837731,
"narHash": "sha256-+yZWOHSCwrdSiDviF40o0vb8D+9QfUhcVKWTAskV0Kk=",
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"rev": "d342e97d257f946c16bf6b610cf58d95555be8e7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
@ -214,11 +433,114 @@
"nixpkgs": "nixpkgs",
"stable": "stable",
"tasiaiso-vulpecula-zone": "tasiaiso-vulpecula-zone",
"thymis": "thymis",
"tildefriends": "tildefriends",
"vedirect-reader": "vedirect-reader",
"vulpecula-zone": "vulpecula-zone"
}
},
"rpi-bluez-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1708969706,
"narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
"owner": "RPi-Distro",
"repo": "bluez-firmware",
"rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "bluez-firmware",
"type": "github"
}
},
"rpi-firmware-nonfree-src": {
"flake": false,
"locked": {
"lastModified": 1723266537,
"narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=",
"owner": "RPi-Distro",
"repo": "firmware-nonfree",
"rev": "4b356e134e8333d073bd3802d767a825adec3807",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "firmware-nonfree",
"type": "github"
}
},
"rpi-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1725277507,
"narHash": "sha256-DN+NlesZ8YfuVwLKQSHckvpNZxqsbKRflOcS3ShO3Ss=",
"owner": "raspberrypi",
"repo": "firmware",
"rev": "b5eb52b343e9bc1391a8059a38e12e470c109f5c",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "1.20240902",
"repo": "firmware",
"type": "github"
}
},
"rpi-linux-6_10_8-src": {
"flake": false,
"locked": {
"lastModified": 1725639824,
"narHash": "sha256-ogItkH2cBiNGmenJUPAhAH591qufrWh1zeqAJCNAExw=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "0c0217e02da43439fb08b2f6b09530723331ed15",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.10.y",
"repo": "linux",
"type": "github"
}
},
"rpi-linux-6_6_47-src": {
"flake": false,
"locked": {
"lastModified": 1725956269,
"narHash": "sha256-zn1Totn8NU8MCJmWRGsdarNeSo8rzscrBnhdRVMBuT0=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "cc50cdbcf3e8f065bd7798a92689f54578b4169f",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.6.y",
"repo": "linux",
"type": "github"
}
},
"rpicam-apps-src": {
"flake": false,
"locked": {
"lastModified": 1725543038,
"narHash": "sha256-rl5GVigiZWXkpfIteRWUMjtCaPweXRWrBrZOjQ1hiU8=",
"owner": "raspberrypi",
"repo": "rpicam-apps",
"rev": "d7a1a13b041ef2842cd56d7e395b8c9a0ffc3bf5",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.5.1",
"repo": "rpicam-apps",
"type": "github"
}
},
"stable": {
"locked": {
"lastModified": 1728500571,
@ -281,6 +603,20 @@
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -295,7 +631,22 @@
"type": "github"
}
},
"systems_5": {
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -331,10 +682,36 @@
"url": "https://git.vulpecula.zone/tasiaiso/tasiaiso.vulpecula.zone"
}
},
"tildefriends": {
"thymis": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2"
"home-manager": "home-manager_3",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": [
"stable"
],
"poetry2nix": "poetry2nix",
"raspberry-pi-nix": "raspberry-pi-nix"
},
"locked": {
"lastModified": 1728493756,
"narHash": "sha256-KI/sVUj4cAm3Z+RQQaoZox8sCLkOuGmHTsfdsEYJa7s=",
"owner": "Thymis-io",
"repo": "thymis",
"rev": "9659b42d0e25c1dc1292374870bcce854770e436",
"type": "github"
},
"original": {
"owner": "Thymis-io",
"repo": "thymis",
"type": "github"
}
},
"tildefriends": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1728610894,
@ -351,10 +728,45 @@
"url": "https://dev.tildefriends.net/cory/tildefriends"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"thymis",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1727431250,
"narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "879b29ae9a0378904fbbefe0dadaed43c8905754",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"u-boot-src": {
"flake": false,
"locked": {
"lastModified": 1719857238,
"narHash": "sha256-mJ2TBy0Y5ZtcGFgtU5RKr0UDUp5FWzojbFb+o/ebRJU=",
"type": "tarball",
"url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
},
"original": {
"type": "tarball",
"url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
}
},
"vedirect-reader": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3"
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1717688985,
@ -372,7 +784,7 @@
},
"vulpecula-zone": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_5",
"nixpkgs": [
"stable"
]

8
flake.nix
View file

@ -17,6 +17,11 @@
inputs.nixpkgs.follows = "stable";
};
thymis = {
url = "github:Thymis-io/thymis";
inputs.nixpkgs.follows = "stable";
};
tildefriends.url = "git+https://dev.tildefriends.net/cory/tildefriends?ref=main";
vedirect-reader.url = "git+https://gitea.com/tasiaiso/vedirect-reader";
@ -45,8 +50,7 @@
self,
nixpkgs,
stable,
# unstable,
# home-manager-unstable,
thymis,
home-manager,
vedirect-reader,
# nixos-conf-editor,

1
hosts/vulpecula-vps/configuration.nix
View file

@ -13,6 +13,7 @@ in {
./forgejo.nix
./grafana.nix
./tasiaiso.nix
./thymis.nix
];
networking = {

35
hosts/vulpecula-vps/thymis.nix Normal file
View file

@ -0,0 +1,35 @@
{
lib,
inputs,
...
}: {
imports = [
inputs.thymis.nixosModules.thymis-controller
];
services.thymis-controller = {
enable = true;
system-binfmt-aarch64-enable = true; # enables emulation of aarch64 binaries, default is true on x86_64, needed for building aarch64 images on x86_64
system-binfmt-x86_64-enable = false; # enables emulation of x86_64 binaries, default is false
repo-path = "/var/lib/thymis/repository"; # directory where the controller will store the repository holding the project
database-url = "sqlite:////var/lib/thymis/thymis.sqlite"; # URL of the database
base-url = "https://thymis.vulpecula.zone/"; # base URL of the controller, how it will be accessed from the outside
auth-basic = true; # whether to enable authentication using a basic username/password
auth-basic-username = "admin"; # username for basic authentication
auth-basic-password-file = "/var/lib/thymis/auth-basic-password"; # file containing the password for basic authentication
# content will be automatically generated if it does not exist
listen-host = "127.0.0.1"; # host on which the controller listens for incoming connections
listen-port = 8000; # port on which the controller listens for incoming connections
nginx-vhost-enable = false; # whether to enable the Nginx virtual host
nginx-vhost-name = "wallabag.vulpecula.zone"; # name of the Nginx virtual host
};
# Configure the Nginx virtual host
services.nginx = {
virtualHosts."wallabag.vulpecula.zone" = {
serverName = "wallabag.vulpecula.zone";
enableACME = true;
forceSSL = true;
};
};
}