diff --git a/flake.lock b/flake.lock index 6e77084..78b8ed1 100644 --- a/flake.lock +++ b/flake.lock @@ -225,11 +225,11 @@ ] }, "locked": { - "lastModified": 1749436314, - "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", + "lastModified": 1747742835, + "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", "owner": "nix-community", "repo": "disko", - "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", + "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", "type": "github" }, "original": { @@ -243,11 +243,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1749410315, - "narHash": "sha256-5H8MuMMSq1WnQcvb1FiDNkKP+uyeZ8HX5GRTMfEOyLI=", + "lastModified": 1742179690, + "narHash": "sha256-s/q3OWRe5m7kwDcAs1BhJEj6aHc5bsBxRnLP7DM77xE=", "owner": "lelgenio", "repo": "dzgui-nix", - "rev": "49adbb1edfb3c25b0cd8256d35673394386065e7", + "rev": "a6d68720c932ac26d549b24f17c776bd2aeb73b4", "type": "github" }, "original": { @@ -504,11 +504,11 @@ ] }, "locked": { - "lastModified": 1749154018, - "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", + "lastModified": 1747556831, + "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", "owner": "nix-community", "repo": "home-manager", - "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", + "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", "type": "github" }, "original": { @@ -545,11 +545,11 @@ ] }, "locked": { - "lastModified": 1749355504, - "narHash": "sha256-L17CdJMD+/FCBOHjREQLXbe2VUnc3rjffenBbu2Kwpc=", + "lastModified": 1747540584, + "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "40a6e15e44b11fbf8f2b1df9d64dbfc117625e94", + "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce", "type": "github" }, "original": { @@ -617,11 +617,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { @@ -678,11 +678,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1749727998, - "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", + "lastModified": 1747953325, + "narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", + "rev": "55d1f923c480dadce40f5231feb472e81b0bab48", "type": "github" }, "original": { @@ -693,11 +693,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1747958103, - "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=", + "lastModified": 1745377448, + "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fe51d34885f7b5e3e7b59572796e1bcb427eccb1", + "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c", "type": "github" }, "original": { @@ -758,11 +758,11 @@ "ranger-icons": { "flake": false, "locked": { - "lastModified": 1749128401, - "narHash": "sha256-qvWqKVS4C5OO6bgETBlVDwcv4eamGlCUltjsBU3gAbA=", + "lastModified": 1736375293, + "narHash": "sha256-ck53eG+mGIQ706sUnEHbJ6vY1/LYnRcpq94JXzwnGTQ=", "owner": "alexanderjeurissen", "repo": "ranger_devicons", - "rev": "1bcaff0366a9d345313dc5af14002cfdcddabb82", + "rev": "f227f212e14996fbb366f945ec3ecaf5dc5f44b0", "type": "github" }, "original": { @@ -850,11 +850,11 @@ ] }, "locked": { - "lastModified": 1749592509, - "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "50754dfaa0e24e313c626900d44ef431f3210138", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { @@ -1010,11 +1010,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1747912973, + "narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3", "type": "github" }, "original": { @@ -1025,11 +1025,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1749716966, - "narHash": "sha256-aF+YOXv07qI7Q267gqapUcAsoQkI3+EcmZczatq6wkg=", + "lastModified": 1748016252, + "narHash": "sha256-P/h9BTZv6r5br/MKkXyEdUdDTU446UaAZzGLQMCMSIw=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "2d991bb5109350801a381bff097809b76ee962f5", + "rev": "4756a2ecc603c347e3d983663d663e96f22225a9", "type": "github" }, "original": { diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml index b34dd36..f354335 100644 --- a/secrets/monolith/default.yaml +++ b/secrets/monolith/default.yaml @@ -5,7 +5,7 @@ gitlab-runners: thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str] docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str] wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str] - wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:MtYDK6P7nwBzr6p+lRX/dkosBfeDUAj/slf/a5SgVXNIbQlkEk7gvfW5iL+C2HgMwowqWx4F+3q2W+kGweqEYzEYAoZ9pR08a7Jci3Szyy49hkamxJXF+Qwhb5VQKxDppESne7DARCF0iYeUjgeXxCYyuWlGpisnkN3HCWrIYCqbk0LS+yqgkNhDxtxMaThGYztfPnLMEV/P5vuge9sRKu3Xi3iX2uDKtx4FTBsX30Lmd8kngOVnP/GaEHDa5ECO+/yW6ZRg3fIaqJ4RV+Vz79ovFUuZV/VE8eY3JOdK5tKIBWb31YUOjP7ccBes7mMhFLO3ceNeh+a6KAJbQ4pCojJwf/cLz663FKr5f/uWDicOBbL64l3+zV5zvSDzFls0ImXMNL6Fe3SaKP7ZcC5rVrRD8P+UN/OSFmbN5LM7uYY8nNsLxTH7MYsRHgTBUmTsFEhLGJIUjtf6J3/NWIlxjBq1MmpgxN0bD6gwVAxDPP489v918tsZtKdG8SJhLUPE4LWKsU7LHpgUBroKlbGE,iv:1jnF2TTlyTR59xM8Bgaz6bubDOwFexHBJipNVa0VPXY=,tag:VsDb6C6wYa9p4Yey3iG4eA==,type:str] + wopus-gitlab-docker-images: ENC[AES256_GCM,data:aGbCjQr1VKgg5n4f8vZKgdXcDw/M5JHez9E2TqipBXQ8D0jXdfPg6laNOJUOD+uPBOIGKUBMEg4OtLblCZFVw/V6wJN16wVbwkDU3uELQ8tPmlYSt4fcy4+5sC6+tV4YeMSKA6yIjD+xpkk=,iv:ojBhf2WdkWHruvTbABAAvuGDVOnsUl+qnhvH09L+lgA=,tag:gWhEkvL1qlcge3bSKVDSIg==,type:str] bitbucket-runners: wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str] wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str] @@ -31,8 +31,8 @@ sops: aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-10T15:49:20Z" - mac: ENC[AES256_GCM,data:NnOgov63LsH2v6culFxfloQ8/jYtous8s+EAjMz1sYEHKtfDD3+PT3NNFWLfOfYKJtzfUrWbxVLP1po4PuRUQciJ6xMFhZG8Mi7mtWrHxyjYH2IL6ZKYXnPiI8YcLU+SY9hYTF95s+Cz1BGJnKSJ9WPeK0qeKRn0PL67/6/Jin4=,iv:C0aNAzJZYjBnLVF8tIAafK81Y/wDTuiVBQMaggSKwDM=,tag:WAMeBpc1qKUItEwd06ziSQ==,type:str] + lastmodified: "2025-05-28T03:04:52Z" + mac: ENC[AES256_GCM,data:THwZcK7nJnCYEUR8CiaQKZ8dQpYbDqnshBBWFzEzPXEWLgFB9+7d6aRh9ZDjZs0rhBTChta3H7YxDJdFh5nAJQy532FJp4S4tBOLHWFZARlKhXngujd0SvxPER55uvxImNFIYX0RDSHUck5jDXCA0tBCmE/Q7DuY7v0+cmRgOV8=,iv:1p3kFMSg0k1n00P6UY5Tttuqvpsb4Se8km5zA9GhAu4=,tag:cDxbHZ+eScDQacwV1sYGIA==,type:str] pgp: - created_at: "2025-03-07T22:49:16Z" enc: |- diff --git a/system/gitlab-runner.nix b/system/gitlab-runner.nix index bb803a4..8db526f 100644 --- a/system/gitlab-runner.nix +++ b/system/gitlab-runner.nix @@ -1,85 +1,55 @@ { pkgs, lib, ... }: let - installNixScript = - { - authenticationTokenConfigFile, - nixCacheSshPrivateKeyPath ? null, - ... - }: - pkgs.writeScriptBin "install-nix" '' - mkdir -p -m 0755 /nix/var/log/nix/drvs - mkdir -p -m 0755 /nix/var/nix/gcroots - mkdir -p -m 0755 /nix/var/nix/profiles - mkdir -p -m 0755 /nix/var/nix/temproots - mkdir -p -m 0755 /nix/var/nix/userpool - mkdir -p -m 1777 /nix/var/nix/gcroots/per-user - mkdir -p -m 1777 /nix/var/nix/profiles/per-user - mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root - mkdir -p -m 0700 "$HOME/.nix-defexpr" + installNixScript = pkgs.writeScriptBin "install-nix" '' + mkdir -p -m 0755 /nix/var/log/nix/drvs + mkdir -p -m 0755 /nix/var/nix/gcroots + mkdir -p -m 0755 /nix/var/nix/profiles + mkdir -p -m 0755 /nix/var/nix/temproots + mkdir -p -m 0755 /nix/var/nix/userpool + mkdir -p -m 1777 /nix/var/nix/gcroots/per-user + mkdir -p -m 1777 /nix/var/nix/profiles/per-user + mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root + mkdir -p -m 0700 "$HOME/.nix-defexpr" - . ${pkgs.nix}/etc/profile.d/nix.sh + . ${pkgs.nix}/etc/profile.d/nix.sh - ${pkgs.nix}/bin/nix-env -i ${ - lib.concatStringsSep " " ( - with pkgs; - [ - nix - cacert - git - openssh - docker - ] - ) - } - - ${lib.optionalString (nixCacheSshPrivateKeyPath != null) '' - NIX_CACHE_SSH_PRIVATE_KEY_PATH="${nixCacheSshPrivateKeyPath}" - NIX_CACHE_SSH_PUBLIC_KEY="# nix-cache.wopus.dev:22 SSH-2.0-OpenSSH_10.0 - nix-cache.wopus.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINU71N5QxdCmM7N25SnOg6u+YLmv92znpeDcyIDamldI" - . ${./gitlab-runner/nix-cache-start} - ''} - ''; -in -rec { - mkNixRunnerFull = - { - authenticationTokenConfigFile, - nixCacheSshPrivateKeyPath ? null, - ... - }@args: - { - # File should contain at least these two variables: - # `CI_SERVER_URL` - # `REGISTRATION_TOKEN` - inherit authenticationTokenConfigFile; # 2 - dockerImage = "alpine:3.18.2"; - dockerVolumes = + ${pkgs.nix}/bin/nix-env -i ${ + lib.concatStringsSep " " ( + with pkgs; [ - "/etc/nix/nix.conf:/etc/nix/nix.conf:ro" - "/nix/store:/nix/store:ro" - "/nix/var/nix/db:/nix/var/nix/db:ro" - "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" - "/tmp:/tmp" - "/var/run/docker.sock:/var/run/docker.sock" - "/var/lib/docker/containers:/var/lib/docker/containers" - "/cache" + nix + cacert + git + openssh + docker ] - ++ lib.optionals (nixCacheSshPrivateKeyPath != null) [ - "${nixCacheSshPrivateKeyPath}:${nixCacheSshPrivateKeyPath}" - ]; - # dockerDisableCache = true; - preBuildScript = "\". ${lib.getExe (installNixScript args)}\""; - environmentVariables = { - ENV = "/etc/profile"; - USER = "root"; - NIX_REMOTE = "daemon"; - NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; - }; - }; - - mkNixRunner = - authenticationTokenConfigFile: - mkNixRunnerFull { - inherit authenticationTokenConfigFile; + ) + } + ''; +in +{ + mkNixRunner = authenticationTokenConfigFile: { + # File should contain at least these two variables: + # `CI_SERVER_URL` + # `REGISTRATION_TOKEN` + inherit authenticationTokenConfigFile; # 2 + dockerImage = "alpine:3.18.2"; + dockerVolumes = [ + "/etc/nix/nix.conf:/etc/nix/nix.conf:ro" + "/nix/store:/nix/store:ro" + "/nix/var/nix/db:/nix/var/nix/db:ro" + "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" + "/tmp:/tmp" + "/var/run/docker.sock:/var/run/docker.sock" + "/var/lib/docker/containers:/var/lib/docker/containers" + ]; + dockerDisableCache = true; + preBuildScript = "\". ${lib.getExe installNixScript}\""; + environmentVariables = { + ENV = "/etc/profile"; + USER = "root"; + NIX_REMOTE = "daemon"; + NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; }; + }; } diff --git a/system/gitlab-runner/nix-cache-start b/system/gitlab-runner/nix-cache-start deleted file mode 100755 index 0fe9d4f..0000000 --- a/system/gitlab-runner/nix-cache-start +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh - -echo "nix-cache: Setting up ssh key and host" >&2 -STORE_HOST_PUB_KEY="$(echo "$NIX_CACHE_SSH_PUBLIC_KEY" | base64 | tr -d '\n')" -STORE_URL="ssh://nix-ssh@nix-cache.wopus.dev?trusted=true&compress=true&ssh-key=$NIX_CACHE_SSH_PRIVATE_KEY_PATH&base64-ssh-public-host-key=$STORE_HOST_PUB_KEY" -echo STORE_URL="$STORE_URL" >&2 - -NIX_EXTRA_CONFIG_FILE=$(mktemp) -cat > "$NIX_EXTRA_CONFIG_FILE" <&2 -export NIX_USER_CONF_FILES="$NIX_EXTRA_CONFIG_FILE:$NIX_USER_CONF_FILES" - -echo "nix-cache: Setting up nix hook" >&2 -nix() { - echo "nix-cache: executing nix hook" >&2 - command nix "$@" - local STATUS="$?" - - local BUILD=no - if test "$STATUS" = "0"; then - for arg in "$@"; do - echo "nix-cache: evaluating arg '$arg'" >&2 - case "$arg" in - build) - echo "nix-cache: enablig upload" >&2 - BUILD=yes - ;; - -*) - echo "nix-cache: ignoring argument '$arg'" >&2 - ;; - *) - if test "$BUILD" = yes; then - echo "nix-cache: Sending path $arg" >&2 - command nix copy --to "$STORE_URL" "$arg" || true - else - echo "nix-cache: not building, ignoring argument '$arg'" >&2 - fi - ;; - esac - done - else - echo "nix-cache: nix exited with code '$STATUS', ignoring" >&2 - fi - - return "$STATUS" -} diff --git a/system/monolith-gitlab-runner.nix b/system/monolith-gitlab-runner.nix index 97f1c95..dd80627 100644 --- a/system/monolith-gitlab-runner.nix +++ b/system/monolith-gitlab-runner.nix @@ -4,24 +4,21 @@ ... }: let - inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner mkNixRunnerFull; + inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner; in { boot.kernel.sysctl."net.ipv4.ip_forward" = true; virtualisation.docker.enable = true; services.gitlab-runner = { enable = true; - settings.concurrent = 6; + settings.concurrent = 12; services = { # runner for building in docker via host's nix-daemon # nix store will be readable in runner, might be insecure thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path; thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path; - wopus-gitlab-nix = mkNixRunnerFull { - authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path; - nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path; - }; + wopus-gitlab-nix = mkNixRunner config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path; default = { # File should contain at least these two variables: @@ -30,6 +27,15 @@ in authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path; dockerImage = "debian:stable"; }; + + wopus-gitlab-docker-images = { + # File should contain at least these two variables: + # `CI_SERVER_URL` + # `CI_SERVER_TOKEN` + authenticationTokenConfigFile = + config.sops.secrets."gitlab-runners/wopus-gitlab-docker-images".path; + dockerImage = "debian:stable"; + }; }; }; systemd.services.gitlab-runner.serviceConfig.Nice = 10; @@ -47,7 +53,7 @@ in "gitlab-runners/wopus-gitlab-nix" = { sopsFile = ../secrets/monolith/default.yaml; }; - "gitlab-runners/wopus-ssh-nix-cache-pk" = { + "gitlab-runners/wopus-gitlab-docker-images" = { sopsFile = ../secrets/monolith/default.yaml; }; }; diff --git a/user/firefox.nix b/user/firefox.nix index d15e569..0403a14 100644 --- a/user/firefox.nix +++ b/user/firefox.nix @@ -34,8 +34,8 @@ in # }) (pkgs.fetchFirefoxAddon { name = "ublock-origin"; - url = "https://addons.mozilla.org/firefox/downloads/file/4492375/ublock_origin-1.64.0.xpi"; - hash = "sha256-ueHIaL0awd78q/LgF3bRqQ7/ujSwf+aiE1DUXwIuDp8="; + url = "https://addons.mozilla.org/firefox/downloads/file/4290466/ublock_origin-1.58.0.xpi"; + hash = "sha256-RwxWmUpxdNshV4rc5ZixWKXcCXDIfFz+iJrGMr0wheo="; }) (pkgs.fetchFirefoxAddon { name = "user_agent_string_switcher"; diff --git a/user/kakoune/filetypes.kak b/user/kakoune/filetypes.kak index b9d19f5..9fa33a6 100644 --- a/user/kakoune/filetypes.kak +++ b/user/kakoune/filetypes.kak @@ -46,18 +46,10 @@ hook global BufCreate .*\.js %{ set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } -hook global BufCreate .*\.jsx %{ - set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" -} - hook global BufCreate .*\.ts %{ set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } -hook global BufCreate .*\.tsx %{ - set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" -} - hook global BufCreate .*\.scss %{ set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" }