From 066e915e43bbe1927864548c49b380b62c2e431f Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Mon, 18 Aug 2025 17:38:46 -0500 Subject: [PATCH] remove opencode, it is a nightmare to keep updated, using nix-ld instead --- common/_containers/forgejo.nix | 1 + common/_containers/librechat.nix | 3 - common/_services/forejo.nix | 0 common/_services/librechat.nix | 0 common/flake.lock | 35 --------- common/flake.nix | 28 ------- common/programs/default.nix | 1 - common/programs/opencode.nix | 34 -------- common/secrets/secrets/secrets.nix | 39 ++++++++-- common/secrets/secrets/zitadel_master_key.age | 15 ++++ flake.nix | 4 - hosts/lio/flake.lock | 78 +++---------------- hosts/lio/flake.nix | 17 +++- hosts/oracle/o001/nginx.nix | 7 ++ 14 files changed, 82 insertions(+), 180 deletions(-) create mode 100644 common/_services/forejo.nix create mode 100644 common/_services/librechat.nix delete mode 100644 common/programs/opencode.nix create mode 100644 common/secrets/secrets/zitadel_master_key.age diff --git a/common/_containers/forgejo.nix b/common/_containers/forgejo.nix index 0cb91a5..92793a9 100644 --- a/common/_containers/forgejo.nix +++ b/common/_containers/forgejo.nix @@ -7,6 +7,7 @@ let name = "forgejo"; hostDataDir = "/var/lib/${name}"; + hostAddress = "10.0.0.1"; containerAddress = "10.0.0.2"; hostAddress6 = "fc00::1"; diff --git a/common/_containers/librechat.nix b/common/_containers/librechat.nix index ca3d470..e20314f 100644 --- a/common/_containers/librechat.nix +++ b/common/_containers/librechat.nix @@ -65,8 +65,6 @@ in MEILI_MASTER_KEY = "ringofstormsLibreChat"; RAG_PORT = toString cfg.ragPort; RAG_API_URL = "http://librechat_rag_api:${toString cfg.ragPort}"; - # DEBUG_CONSOLE = "true"; - # DEBUG_LOGGING = "true"; }; environmentFiles = [ "${cfg.dataDir}/.env" ]; volumes = [ @@ -129,7 +127,6 @@ in environment = { DB_HOST = "librechat_vectordb"; RAG_PORT = toString cfg.ragPort; - OPENAI_API_KEY = "not_using_openai"; }; dependsOn = [ "librechat_vectordb" ]; environmentFiles = [ "${cfg.dataDir}/.env" ]; diff --git a/common/_services/forejo.nix b/common/_services/forejo.nix new file mode 100644 index 0000000..e69de29 diff --git a/common/_services/librechat.nix b/common/_services/librechat.nix new file mode 100644 index 0000000..e69de29 diff --git a/common/flake.lock b/common/flake.lock index 90a5a9b..c2fa076 100644 --- a/common/flake.lock +++ b/common/flake.lock @@ -153,22 +153,6 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1741379970, @@ -185,23 +169,6 @@ "type": "github" } }, - "opencode": { - "flake": false, - "locked": { - "lastModified": 1754526276, - "narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=", - "owner": "sst", - "repo": "opencode", - "rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114", - "type": "github" - }, - "original": { - "owner": "sst", - "ref": "v0.3.133", - "repo": "opencode", - "type": "github" - } - }, "ragenix": { "inputs": { "agenix": "agenix", @@ -228,8 +195,6 @@ "inputs": { "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", - "nixpkgs-unstable": "nixpkgs-unstable", - "opencode": "opencode", "ragenix": "ragenix" } }, diff --git a/common/flake.nix b/common/flake.nix index 8ae5be0..f95574c 100644 --- a/common/flake.nix +++ b/common/flake.nix @@ -4,11 +4,6 @@ home-manager.url = "github:rycee/home-manager/release-25.05"; ragenix.url = "github:yaxitech/ragenix"; nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest"; - - # tmp - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - opencode.url = "github:sst/opencode/v0.4.12"; - opencode.flake = false; }; outputs = @@ -16,8 +11,6 @@ home-manager, ragenix, nix-flatpak, - opencode, - nixpkgs-unstable, ... }: { @@ -30,27 +23,6 @@ }: { imports = [ - ( - { ... }: - { - nixpkgs.overlays = [ - (final: prev: { - opencode = nixpkgs-unstable.legacyPackages.${prev.system}.opencode.overrideAttrs (old: rec { - version = "0.4.12"; - src = opencode; - node_modules = old.node_modules.overrideAttrs (nmOld: { - outputHash = "sha256-LmNn4DdnSLVmGS5yqLyk/0e5pCiKfBzKIGRvvwZ6jHY="; - }); - tui = old.tui.overrideAttrs (tuiOld: { - src = src; - modRoot = "packages/tui"; - vendorHash = "sha256-jINbGug/SPGBjsXNsC9X2r5TwvrOl5PJDL+lrOQP69Q="; - }); - }); - }) - ]; - } - ) home-manager.nixosModules.home-manager ragenix.nixosModules.age nix-flatpak.nixosModules.nix-flatpak diff --git a/common/programs/default.nix b/common/programs/default.nix index 10ad478..c56a1ab 100644 --- a/common/programs/default.nix +++ b/common/programs/default.nix @@ -14,7 +14,6 @@ in ./podman.nix ./incus.nix ./flatpaks.nix - ./opencode.nix ./virt-manager.nix ]; config = { diff --git a/common/programs/opencode.nix b/common/programs/opencode.nix deleted file mode 100644 index 4036410..0000000 --- a/common/programs/opencode.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - ccfg = import ../config.nix; - cfg_path = [ - ccfg.custom_config_key - "programs" - "opencode" - ]; - cfg = lib.attrsets.getAttrFromPath cfg_path config; -in -{ - options = - { } - // lib.attrsets.setAttrByPath cfg_path { - enable = lib.mkEnableOption "opencode"; - }; - - config = lib.mkIf cfg.enable ({ - - - environment.systemPackages = with pkgs; [ - opencode - ]; - - environment.shellAliases = { - "oc" = "all_proxy='' http_proxy='' https_proxy='' opencode"; - }; - }); -} diff --git a/common/secrets/secrets/secrets.nix b/common/secrets/secrets/secrets.nix index d5e3eba..510d00a 100644 --- a/common/secrets/secrets/secrets.nix +++ b/common/secrets/secrets/secrets.nix @@ -7,23 +7,46 @@ # `nix run github:yaxitech/ragenix -- -i ~/.ssh/ragenix_authority --rules ~/.config/nixos-config/common/secrets/secrets.nix` <-r(eykey)|-e(edit) > let - publicKeys = [ + authorityKey = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdG4tG18VeuEr/g4GM7HWUzHuUVcR9k6oS3TPBs4JRF ragenix authority key" + ]; + + gpdPocket3 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzAQ2Dzl8EvQtYLjEZS5K0bQeNop8QRkwrfxMkBagW2 root@gpdPocket3" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr/aS0qyn5hCLR6wH1P2GhH3hGOqniewMkIseGZ23HB josh@gpdPocket3" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4PwrrOuZJWRjlc2dKBUKKE4ybqifJeVOn7x9J5IxIS josh@joe" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+GYfPPKxR/18RdD736G7IQhImX/CYU3A+Gifud3CHg root@joe" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9GW9W3DT9AqTonG5rDta3ziZdYOEEdukh2ErJfHxoP root@h002" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC60tzOVF0mcyfnYK2V/omzikuyE8Ol0K+yAjGxBV7q4 luser@h002" + ]; + + lio = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGp6oInUcGVnDl5axV1EHflMfZUiHxtqNa4eAuye/av root@lio" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxNhtJNx/y4W54kAGmm2pF80l437z1RLWl/GTVKy0Pd josh@lio" + ]; + + joe = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4PwrrOuZJWRjlc2dKBUKKE4ybqifJeVOn7x9J5IxIS josh@joe" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+GYfPPKxR/18RdD736G7IQhImX/CYU3A+Gifud3CHg root@joe" + ]; + + oren = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7bNX7R9ApoX/cHdXIhQdpA2sHrC9ii6VAulboAIJM2 root@oren" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICauUtSa71+oQAiLxp3GMMbmNXcbr9Mc7eK8b/lqZbbS josh@oren" + ]; + + h001 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTAz6n35c3r8kSuWJM1JzMVx6jK+0EBwpJA5eTIvy3N root@h001" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRHer3NrJiklp4oDNRCzDxc9fXpXn5rPAXGFce8ugy2 luser@h001" + ]; + + h002 = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9GW9W3DT9AqTonG5rDta3ziZdYOEEdukh2ErJfHxoP root@h002" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC60tzOVF0mcyfnYK2V/omzikuyE8Ol0K+yAjGxBV7q4 luser@h002" + ]; + + h003 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHsV5r9sWYgrr9t9p12Epzm6WtxN/XsKSCb46+ODQvVT root@h003" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILQLt2Hc+CN6+e7/sf3Fv0FQlp6+yrIbIJ/J9AdnJCjI luser@h003" ]; + + publicKeys = authorityKey ++ gpdPocket3 ++ lio ++ joe ++ oren ++ h001 ++ h002 ++ h003; in { ## To make a new secret: @@ -71,11 +94,9 @@ in "nix2l002.age" = { inherit publicKeys; }; - # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode "nix2linode.age" = { inherit publicKeys; }; - # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle "nix2oracle.age" = { inherit publicKeys; }; @@ -98,4 +119,8 @@ in "us_chi_wg.age" = { inherit publicKeys; }; + "zitadel_master_key.age" = { + # h001 only + publicKeys = authorityKey ++ h001; + }; } diff --git a/common/secrets/secrets/zitadel_master_key.age b/common/secrets/secrets/zitadel_master_key.age new file mode 100644 index 0000000..3b07b55 --- /dev/null +++ b/common/secrets/secrets/zitadel_master_key.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USAyWGFw +bUJNQkwvcjRKUWU5WWozTWZHb21IdDNlT0VwK21LQ2FZNEJWWWxJCjBBUDV4MkRt +Y3F5TWVMN0xLMjBibkJMcmUwdEwxM2pONUlLSU1EOXV5dXMKLT4gc3NoLWVkMjU1 +MTkgcGVGQlFnIGJPcEx2TnFZZjVicDlYaVdwRmJHSnIvZlpRNkx5RG8zVmZTaTFq +bmkwM1kKK0o3ZVViNnBjS2NZbFV4TERBczJNQWxtWU1IYTNoL1EzQlNxWHhFNDZL +TQotPiBzc2gtZWQyNTUxOSA5di8ySEEgZm5nYXdJMElxVTE4TnVnY0xSVFVtMXFs +NTNobnI1MjdMNDhWRmpkL1BnSQpXRHcwSVVCajFhQlp4N2J5VGhKc3E2eHpYZmd6 +TlU2MXdtdmNrSUJpZjFFCi0+IG5wImA0LWdyZWFzZQpuSHRTckxXVTd4eTFETWE4 +MEQ0QXNaTzhSTmFOdjI5Vyt1bDVRU1k5dExiUVk3bEdCeGN2UFV4Y3RTR1MvalNn +CkhHWFF4TGtPcktieDZnQTRkdk9ndnllU05zSVlMOWh0R1ZncUlWNy9WZURiCi0t +LSAxdW84VUg5d21jT2hrNEJ0NlBES1NRRjU4b05JQW80dk9IL29LZGlST0FjCnt8 +t+yvFWU0LlFGAWmLc9i4XFUpexZf8rC2bfw3FkNPuCzAyvbowhBJnGkqK+2C+mtL +za43EsGaLvA5s8ObhLw= +-----END AGE ENCRYPTED FILE----- diff --git a/flake.nix b/flake.nix index 786a8a0..8dab2ba 100644 --- a/flake.nix +++ b/flake.nix @@ -7,10 +7,6 @@ home-manager.url = "github:rycee/home-manager/release-25.05"; ragenix.url = "github:yaxitech/ragenix"; nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest"; - - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - opencode.url = "github:sst/opencode/v0.4.12"; - opencode.flake = false; # ====== }; diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index 8a61296..eb8b21e 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -29,24 +29,17 @@ "inputs": { "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", - "opencode": "opencode", "ragenix": "ragenix" }, "locked": { - "lastModified": 1755097136, - "narHash": "sha256-26LJsGUnccrlWNAm+2ttCapbCLY8dx4+gyqFPmuHM0c=", - "ref": "refs/heads/master", - "rev": "1f619f0b73766710597fc888fbb725affd46424a", - "revCount": 593, - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "path": "../../common", + "type": "path" }, "original": { - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" - } + "path": "../../common", + "type": "path" + }, + "parent": [] }, "crane": { "locked": { @@ -179,39 +172,7 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1741379970, "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", @@ -227,7 +188,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1754937576, "narHash": "sha256-3sWA5WJybUE16kIMZ3+uxcxKZY/JRR4DFBqLdSLBo7w=", @@ -243,7 +204,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1753848940, "narHash": "sha256-jH7fqN4HzsIlj2c/SAuVWmgUIjBwDdEKVnL97xlECHY=", @@ -1138,29 +1099,12 @@ "type": "github" } }, - "opencode": { - "flake": false, - "locked": { - "lastModified": 1754890102, - "narHash": "sha256-3o8bHU5vSG+MxbvjLzlqeagnW9hnekl0hlj3EiNFaaQ=", - "owner": "sst", - "repo": "opencode", - "rev": "4580c88c0b38519e8187d2df1035e9538b51ec2a", - "type": "github" - }, - "original": { - "owner": "sst", - "ref": "v0.4.12", - "repo": "opencode", - "type": "github" - } - }, "ragenix": { "inputs": { "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "rust-overlay": "rust-overlay" }, "locked": { @@ -1180,13 +1124,13 @@ "root": { "inputs": { "common": "common", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "ros_neovim": "ros_neovim" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index 9e7c997..f76c096 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -42,6 +42,16 @@ { programs = { steam.enable = true; + nix-ld = { + enable = true; + libraries = with pkgs; [ + icu + gmp + glibc + openssl + stdenv.cc.cc + ]; + }; }; environment.systemPackages = with pkgs; [ @@ -50,8 +60,14 @@ steam ffmpeg-full appimage-run + nodejs_24 ]; + environment.shellAliases = { + "oc" = + "all_proxy='' http_proxy='' https_proxy='' /home/josh/other/opencode/node_modules/opencode-linux-x64/bin/opencode"; + }; + # Also allow this key to work for root user, this will let us use this as a remote builder easier users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" @@ -76,7 +92,6 @@ tailnet.enableExitNode = true; ssh.enable = true; docker.enable = true; - opencode.enable = true; virt-manager.enable = true; flatpaks = { enable = true; diff --git a/hosts/oracle/o001/nginx.nix b/hosts/oracle/o001/nginx.nix index dbde258..b93eb3b 100644 --- a/hosts/oracle/o001/nginx.nix +++ b/hosts/oracle/o001/nginx.nix @@ -133,6 +133,13 @@ proxyPass = "http://100.64.0.13"; }; }; + "sso.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://100.64.0.13"; + }; + }; "obsidiansync.joshuabell.xyz" = { enableACME = true; forceSSL = true;