diff --git a/config/default.nix b/config/default.nix index f4a512b9..ee9d7e31 100644 --- a/config/default.nix +++ b/config/default.nix @@ -47,9 +47,6 @@ Defaults env_keep += "TMUX" ''; - security.tpm2.enable = true; - security.tpm2.abrmd.enable = true; - programs.gnupg.agent = { enable = true; enableSSHSupport = true; diff --git a/config/nutty-noon.nix b/config/nutty-noon.nix index 08c30750..c37f9d53 100644 --- a/config/nutty-noon.nix +++ b/config/nutty-noon.nix @@ -6,6 +6,8 @@ (modulesPath + "/installer/scan/not-detected.nix") ./systemd-boot.nix ./desktop.nix + ./services/tpm2.nix + ./services/hydra.nix ]; hardware.cpu.amd.updateMicrocode = true; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp" ]; diff --git a/config/services/hydra.nix b/config/services/hydra.nix new file mode 100644 index 00000000..c37c0b7e --- /dev/null +++ b/config/services/hydra.nix @@ -0,0 +1,19 @@ +{ ... }: { + imports = [ + ./postgres.nix + ]; + services.hydra = { + enable = true; + hydraURL = "http://localhost:3000"; + notificationSender = "hydra@chir.rs"; + }; + services.postgresql.ensureDatabases = [ "hydra" ]; + services.postgresql.ensureUsers = [ + { + name = "hydra"; + ensurePermissions = { + "DATABASE hydra" = "ALL PRIVILEGES"; + }; + } + ]; +} diff --git a/config/services/tpm2.nix b/config/services/tpm2.nix new file mode 100644 index 00000000..8831b433 --- /dev/null +++ b/config/services/tpm2.nix @@ -0,0 +1,4 @@ +{ ... }: { + security.tpm2.enable = true; + security.tpm2.abrmd.enable = true; +} diff --git a/config/thinkrac.nix b/config/thinkrac.nix index 0bf5b3de..826e28ef 100644 --- a/config/thinkrac.nix +++ b/config/thinkrac.nix @@ -6,6 +6,7 @@ (modulesPath + "/installer/scan/not-detected.nix") ./systemd-boot.nix ./desktop.nix + ./services/tpm2.nix ]; hardware.cpu.intel.updateMicrocode = true; diff --git a/flake.lock b/flake.lock index f2154935..578724f1 100644 --- a/flake.lock +++ b/flake.lock @@ -332,11 +332,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1645185725, - "narHash": "sha256-dI58jOZ2ny+UUrrA7yyIcMa90zY61+1izvbNx7eZJvI=", + "lastModified": 1645190567, + "narHash": "sha256-TjwpdmAxSCoqhsirBMQzcr75G7ZAe9rmWx1NMM+8/g8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "997d3f8fcc3dcfaa92082e21a064aa596b55ee5c", + "rev": "f3f7067be520c161c8d9234aeed953993b8b47f2", "type": "github" }, "original": { diff --git a/modules/gitea.nix b/modules/gitea.nix index cd53cb5b..cd7eeff2 100644 --- a/modules/gitea.nix +++ b/modules/gitea.nix @@ -4,12 +4,7 @@ with lib; let cfg = config.services.gitea; - opt = options.services.gitea; gitea = cfg.package; - pg = config.services.postgresql; - useMysql = cfg.database.type == "mysql"; - usePostgresql = cfg.database.type == "postgres"; - useSqlite = cfg.database.type == "sqlite3"; configFile = pkgs.writeText "app.ini" '' APP_NAME = ${cfg.appName} RUN_USER = ${cfg.user}