diff --git a/.github/workflows/weekly-build-cache.yml b/.github/workflows/weekly-build-cache.yml new file mode 100644 index 0000000..45093e0 --- /dev/null +++ b/.github/workflows/weekly-build-cache.yml @@ -0,0 +1,100 @@ +name: Weekly NixOS Build & Cache + +on: + schedule: + # Run every Sunday at 2 AM UTC + - cron: '0 2 * * 0' + workflow_dispatch: # Allow manual trigger + +jobs: + build-and-cache: + runs-on: nixos + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Configure Git for automated commits + run: | + git config user.name "NixOS Builder Bot" + git config user.email "noreply@servidos.lat" + + - name: Update flake inputs + run: | + nix flake update + + - name: Check for changes + id: check_changes + run: | + if git diff --quiet flake.lock; then + echo "changes=false" >> $GITHUB_OUTPUT + echo "No changes in flake.lock" + else + echo "changes=true" >> $GITHUB_OUTPUT + echo "Changes detected in flake.lock" + fi + + - name: Configure Attic cache + if: steps.check_changes.outputs.changes == 'true' + run: | + # Configure attic client to use your cache server + attic login jawz-cache https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }} + + - name: Build workstation configuration + if: steps.check_changes.outputs.changes == 'true' + run: | + echo "Building workstation configuration..." + nix build .#nixosConfigurations.workstation.config.system.build.toplevel --print-build-logs + + - name: Build miniserver configuration + if: steps.check_changes.outputs.changes == 'true' + run: | + echo "Building miniserver configuration..." + nix build .#nixosConfigurations.miniserver.config.system.build.toplevel --print-build-logs + + - name: Build server configuration + if: steps.check_changes.outputs.changes == 'true' + run: | + echo "Building server configuration..." + nix build .#nixosConfigurations.server.config.system.build.toplevel --print-build-logs + + - name: Push to cache + if: steps.check_changes.outputs.changes == 'true' + run: | + echo "Pushing builds to cache..." + # Push all built derivations to cache + if ls result* 1> /dev/null 2>&1; then + attic push jawz-cache result* + fi + + # Push the specific system derivations we just built + nix build .#nixosConfigurations.workstation.config.system.build.toplevel --print-out-paths | attic push jawz-cache --stdin + nix build .#nixosConfigurations.miniserver.config.system.build.toplevel --print-out-paths | attic push jawz-cache --stdin + nix build .#nixosConfigurations.server.config.system.build.toplevel --print-out-paths | attic push jawz-cache --stdin + + - name: Commit updated flake.lock + if: steps.check_changes.outputs.changes == 'true' + run: | + git add flake.lock + git commit -m "Weekly flake update: $(date -u '+%Y-%m-%d %H:%M UTC')" + git push origin main + + - name: Create release tag + if: steps.check_changes.outputs.changes == 'true' + run: | + TAG_NAME="weekly-$(date -u '+%Y-%m-%d')" + git tag -a "$TAG_NAME" -m "Weekly build and cache update for $(date -u '+%Y-%m-%d')" + git push origin "$TAG_NAME" + + - name: Summary + run: | + if [[ "${{ steps.check_changes.outputs.changes }}" == "true" ]]; then + echo "✅ Weekly build completed successfully!" + echo "- Updated flake.lock" + echo "- Built all NixOS configurations" + echo "- Pushed builds to Atticd cache" + echo "- Committed changes and created release tag" + else + echo "ℹ️ No updates needed - flake.lock is already up to date" + fi \ No newline at end of file diff --git a/config/base.nix b/config/base.nix index 4af7279..54c3347 100644 --- a/config/base.nix +++ b/config/base.nix @@ -94,6 +94,7 @@ "pipe-operators" ]; substituters = [ + config.my.servers.atticd.url "https://nix-gaming.cachix.org" "https://nixpkgs-python.cachix.org" "https://devenv.cachix.org" @@ -103,6 +104,8 @@ "https://cosmic.cachix.org" ]; trusted-public-keys = [ + # TODO: Replace with actual atticd public key after setup + # "cache.servidos.lat:YOUR_ATTICD_PUBLIC_KEY_HERE" "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU=" "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" diff --git a/hosts/server/toggles.nix b/hosts/server/toggles.nix index 34c8d8f..669eb42 100644 --- a/hosts/server/toggles.nix +++ b/hosts/server/toggles.nix @@ -26,7 +26,6 @@ in services = enableList mkEnabled [ "network" "nvidia" - # "wireguard" ]; dev = enableList mkEnabled [ "nix" @@ -46,7 +45,6 @@ in "ffmpeg4discord" "manage-library" "library-report" - # "update-dns" #vps "stream-dl" "pika-list" "find-dup-episodes" @@ -84,6 +82,7 @@ in "gitea" "mealie" "metube" + "atticd" ] // enableList mkEnabledIp [ "audiobookshelf" diff --git a/modules/servers/gitea-actions-runners/nixos-builder.nix b/modules/servers/gitea-actions-runners/nixos-builder.nix new file mode 100644 index 0000000..7992de8 --- /dev/null +++ b/modules/servers/gitea-actions-runners/nixos-builder.nix @@ -0,0 +1,31 @@ +{ + lib, + config, + pkgs, + ... +}: +let + cfg = config.my.servers.gitea; +in +{ + config = lib.mkIf cfg.enable { + services.gitea-actions-runner.instances.nixos-builder = { + enable = true; + url = cfg.url; + name = "${config.networking.hostName}-nixos-builder"; + tokenFile = config.sops.secrets.gitea.path; + labels = [ + "nixos:host" + ]; + hostPackages = builtins.attrValues { + inherit (pkgs) + bash + coreutils + gitMinimal + nix + attic-client + ; + }; + }; + }; +} diff --git a/modules/servers/gitea-actions-runners/ryujinx.nix b/modules/servers/gitea-actions-runners/ryujinx.nix new file mode 100644 index 0000000..f66c298 --- /dev/null +++ b/modules/servers/gitea-actions-runners/ryujinx.nix @@ -0,0 +1,60 @@ +{ + lib, + config, + pkgs, + ... +}: +let + cfg = config.my.servers.gitea; +in +{ + config = lib.mkIf cfg.enable { + services.gitea-actions-runner.instances.ryujinx = { + enable = true; + url = cfg.url; + name = "${config.networking.hostName}-ryujinx"; + tokenFile = config.sops.secrets.gitea.path; + labels = [ + "ubuntu-latest:host" + "ubuntu-20.04:host" + ]; + hostPackages = + let + python3 = pkgs.python3.withPackages ( + ps: + builtins.attrValues { + inherit (ps) + pyyaml + lxml + ; + } + ); + in + builtins.attrValues { + inherit python3; + inherit (pkgs) + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + gnutar + gzip + dotnet-sdk_8 + openal + vulkan-loader + libGL + gtk3 + llvm_15 + rcodesign + gh + p7zip + ; + inherit (pkgs.xorg) libX11; + }; + }; + }; +} diff --git a/modules/servers/gitea.nix b/modules/servers/gitea.nix index f8b1609..f954647 100644 --- a/modules/servers/gitea.nix +++ b/modules/servers/gitea.nix @@ -9,76 +9,32 @@ let setup = import ./setup.nix { inherit lib config; }; in { + imports = [ + ./gitea-actions-runners/ryujinx.nix + ./gitea-actions-runners/nixos-builder.nix + ]; + options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083; config = { sops.secrets = lib.mkIf cfg.enable { gitea.sopsFile = ../../secrets/env.yaml; }; - services = { - gitea = lib.mkIf cfg.enable { - enable = true; - domain = cfg.host; - rootUrl = cfg.url; - settings = { - session.COOKIE_SECURE = true; - server.HTTP_PORT = cfg.port; - mailer = { - ENABLED = true; - PROTOCOL = "sendmail"; - FROM = config.my.smtpemail; - SENDMAIL_PATH = "${pkgs.msmtp}/bin/msmtp"; - }; - }; - database = { - socket = config.my.postgresSocket; - type = "postgres"; - createDatabase = false; + services.gitea = lib.mkIf cfg.enable { + enable = true; + domain = cfg.host; + rootUrl = cfg.url; + settings = { + session.COOKIE_SECURE = true; + server.HTTP_PORT = cfg.port; + mailer = { + ENABLED = true; + PROTOCOL = "sendmail"; + FROM = config.my.smtpemail; + SENDMAIL_PATH = "${pkgs.msmtp}/bin/msmtp"; }; }; - gitea-actions-runner.instances.ryujinx = lib.mkIf cfg.enable { - enable = true; - url = cfg.url; - name = "${config.networking.hostName}-ryujinx"; - tokenFile = config.sops.secrets.gitea.path; - labels = [ - "ubuntu-latest:host" - "ubuntu-20.04:host" - ]; - hostPackages = - let - python3 = pkgs.python3.withPackages ( - ps: - builtins.attrValues { - inherit (ps) - pyyaml - lxml - ; - } - ); - in - builtins.attrValues { - inherit python3; - inherit (pkgs) - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget - gnutar - gzip - dotnet-sdk_8 - openal - vulkan-loader - libGL - gtk3 - llvm_15 - rcodesign - gh - p7zip - ; - inherit (pkgs.xorg) libX11; - }; + database = { + socket = config.my.postgresSocket; + type = "postgres"; + createDatabase = false; }; }; };