Origami404/flake
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

host/oparic: switch to oparic-flakes lib.mkOparicContainer

Browse Source 
Replace container-flake (feat/o4dev branch) dependency with
oparic-flakes (main) + direct o4dev service inputs. Container
is now built via mkOparicContainer with local config and secrets.
This commit is contained in:
Origami404
2026-05-17 20:00:07 +08:00
parent ae0fc05e6d
commit b869120287
5 changed files with 106 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.lock
Generated
+39 -40
View File
@@ -1,34 +1,5 @@
{
"nodes": {
"container-flake": {
"inputs": {
"nixpkgs": "nixpkgs",
"o4dev-admin": "o4dev-admin",
"o4dev-backend": "o4dev-backend",
"o4dev-workflows": "o4dev-workflows",
"production-admin": "production-admin",
"production-backend": "production-backend",
"production-workflows": "production-workflows",
"sops-nix": "sops-nix",
"staging-admin": "staging-admin",
"staging-backend": "staging-backend",
"staging-workflows": "staging-workflows"
},
"locked": {
"lastModified": 1779016756,
"narHash": "sha256-3JVsqxbWOQTl8i1o8xq4WXXuWzZukAIXrGff266SkeE=",
"ref": "refs/heads/feat/o4dev",
"rev": "4223b65050b99382ddaaa366cf046035a4ce847c",
"revCount": 25,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/container-flake"
},
"original": {
"ref": "refs/heads/feat/o4dev",
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/container-flake"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@@ -322,7 +293,7 @@
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"container-flake",
"oparic-flakes",
"nixpkgs"
]
},
@@ -345,7 +316,7 @@
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"container-flake",
"oparic-flakes",
"nixpkgs"
]
},
@@ -368,7 +339,7 @@
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"container-flake",
"oparic-flakes",
"nixpkgs"
]
},
@@ -387,11 +358,36 @@
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/workflows"
}
},
"oparic-flakes": {
"inputs": {
"nixpkgs": "nixpkgs",
"production-admin": "production-admin",
"production-backend": "production-backend",
"production-workflows": "production-workflows",
"sops-nix": "sops-nix",
"staging-admin": "staging-admin",
"staging-backend": "staging-backend",
"staging-workflows": "staging-workflows"
},
"locked": {
"lastModified": 1779018524,
"narHash": "sha256-F4B2BMAFTwNbyAVNF95jTGSN+neogbqzpzkfFbJVzqU=",
"ref": "refs/heads/main",
"rev": "5c8b28a88f27fd88e9afb06d21cbf0ac19f7dcaf",
"revCount": 26,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/container-flake"
},
"original": {
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/container-flake"
}
},
"production-admin": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"container-flake",
"oparic-flakes",
"nixpkgs"
]
},
@@ -414,7 +410,7 @@
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": [
"container-flake",
"oparic-flakes",
"nixpkgs"
]
},
@@ -437,7 +433,7 @@
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": [
"container-flake",
"oparic-flakes",
"nixpkgs"
]
},
@@ -458,19 +454,22 @@
},
"root": {
"inputs": {
"container-flake": "container-flake",
"darwin": "darwin",
"home-manager": "home-manager",
"home-manager-darwin": "home-manager-darwin",
"nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-linux": "nixpkgs-linux",
"o4dev-admin": "o4dev-admin",
"o4dev-backend": "o4dev-backend",
"o4dev-workflows": "o4dev-workflows",
"oparic-flakes": "oparic-flakes",
"sops-nix": "sops-nix_2"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"container-flake",
"oparic-flakes",
"nixpkgs"
]
},
@@ -510,7 +509,7 @@
"inputs": {
"flake-utils": "flake-utils_7",
"nixpkgs": [
"container-flake",
"oparic-flakes",
"nixpkgs"
]
},
@@ -533,7 +532,7 @@
"inputs": {
"flake-utils": "flake-utils_8",
"nixpkgs": [
"container-flake",
"oparic-flakes",
"nixpkgs"
]
},
@@ -556,7 +555,7 @@
"inputs": {
"flake-utils": "flake-utils_9",
"nixpkgs": [
"container-flake",
"oparic-flakes",
"nixpkgs"
]
},
flake.nix
+24 -4
View File
@@ -17,12 +17,32 @@
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
sops-nix.url = "github:Mic92/sops-nix";
container-flake = {
url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/container-flake?ref=refs/heads/feat/o4dev";
oparic-flakes.url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/container-flake";
o4dev-backend = {
url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/backend?ref=refs/heads/main";
inputs.nixpkgs.follows = "oparic-flakes/nixpkgs";
};
o4dev-admin = {
url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/admin?ref=refs/heads/main";
inputs.nixpkgs.follows = "oparic-flakes/nixpkgs";
};
o4dev-workflows = {
url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/workflows?ref=refs/heads/main";
inputs.nixpkgs.follows = "oparic-flakes/nixpkgs";
};
};
outputs = { nixpkgs-linux, nixpkgs-darwin, home-manager, home-manager-darwin, ... }@inputs: {
outputs = { nixpkgs-linux, nixpkgs-darwin, home-manager, home-manager-darwin, ... }@inputs:
let
o4devContainer = inputs.oparic-flakes.lib.mkOparicContainer {
name = "o4dev";
containerConfig = import ./hosts/oparic-local-dev/containers/o4dev/config.nix;
secretsFile = ./hosts/oparic-local-dev/containers/o4dev/secrets.yaml;
backendInput = inputs.o4dev-backend;
adminInput = inputs.o4dev-admin;
workflowsInput = inputs.o4dev-workflows;
};
in {
nixosConfigurations = {
"eris" = nixpkgs-linux.lib.nixosSystem {
system = "x86_64-linux";
@@ -33,7 +53,7 @@
};
"oparic-local-dev" = nixpkgs-linux.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
specialArgs = { inherit inputs o4devContainer; };
modules = [
./hosts/oparic-local-dev/configuration.nix
];
hosts/oparic-local-dev/configuration.nix
+2 -2
View File
@@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }:
{ config, lib, pkgs, inputs, o4devContainer, ... }:
{
imports =
@@ -149,7 +149,7 @@
hostPort = 40000;
protocol = "tcp";
}];
path = inputs.container-flake.nixosConfigurations.o4dev.config.system.build.toplevel;
path = o4devContainer.config.system.build.toplevel;
};
system.stateVersion = "23.11";
hosts/oparic-local-dev/containers/o4dev/config.nix
+24
View File
@@ -0,0 +1,24 @@
{
domainSuffix = "oparic.luo.ee";
dataDir = "/data";
backend = {
port = 54289;
chatApiBaseUrl = "https://api.deepseek.com/v1";
suggestTitleModel = "deepseek-chat";
};
applogGateway = {
port = 9100;
};
clickhouse = {
httpPort = 8123;
database = "oparic_applog";
};
admin = {
basicauthUser = "admin";
basicauthHash = "$2a$14$oeoymHjMd5cPY3jWtbLax.Uyo4nvNLf/CbnbbjwclfYDhEzfBmc1C";
};
}
hosts/oparic-local-dev/containers/o4dev/secrets.yaml
+17
View File
@@ -0,0 +1,17 @@
oparic:
backend: ENC[AES256_GCM,data:GSyPaHF56jqubIDxhbhJJuFfoFuWWudWQqJHFZtftHnG1gC02kBurGTMdS+zLKhRueWWwPYp9RjWoP1I+nzUjrtGzy9muAm4cECwpMup/7w14wRy+7SpfmqmcMY2n5zljV/Cg856RTHauQUyGYLChlLG3PtXwgxr6eDn5q7yO46qv43uPdkzr8QO5U/Q0V2lNsW4r00n4rpaB/oIgoWIx8SVLL9tCOlOGzpudlmIHqj0Sotqc/na+OSFkLLQvsg4O4jd+Leuze65B7RvtwesYcxje+uiGoYrn2YJWPyfA8fdIQwSLBjEz1fQUNPhIY/fpDt2+3/VxV/K1UmS2loYpTYjOsCT6UYJWLXNzeNp/KLu5oGMvt846U5oGIBETgzPm7ExgiVtWvG5Kp444JgT+DhGaiCzxV3fFgoSDALP7FguKWNKd0MuTYJbmFyunM4g+Y3vo5NrF/zVJmMnXlJ7KBQrJw==,iv:M/ORauW8DWc5/c+3pLyeOXdT+i7jpLcyrathDKS1V2o=,tag:wGqKUkxOLOC5ttcJcyBuRw==,type:str]
sops:
age:
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOEw2TiswN25nWEZaSEFo
czFUWmV0dVJKQ3JIRnF3TzV2YXZ5L0ROQ1ZnCnYwZUFmMzIwWWJEUWlkTVpOa3A2
cHA4UWg3SGdHNkFPOHIxMks4OWV0TUEKLS0tIEF4OUt4NHk1QThnM0dwL3RtMitj
UkxzbDhJejA4a0V1Lzd6d0JQSzAyUWMKqhUWjNPpsBrrALq7un53Qxhbp/RfKx67
tp3NWjMly9FI3RR+clQ82ZYaIK0Bm3YAlRI+wdzM7OiAbhNZdwh3Hw==
-----END AGE ENCRYPTED FILE-----
recipient: age1e80f6ea37ha7udmcctaggak9l44khtcn6e966fhcldrzjjxwzals65yasf
lastmodified: "2026-05-17T11:17:24Z"
mac: ENC[AES256_GCM,data:DGTgnEl+ehkA3zLDueXdcfaTgCzAsa1fp7ZAuUl8DOsltF0rCSf4Nc5mGqSsaIyZphkzibU1e/ZD259s3Uw12ZojBG/AWPhVMgr6SxpKpKjQSl+a1dg+8nZuAR7OXoLZUSMWO3H8xkyusA2UrQXMKEmDruZTdhB7abP6vwySUS0=,iv:JBMiqCayLCSVMcbPWWJUsVCNjrXTvKmf8nTAipib+3Y=,tag:aPD0ddGNONtrW7kbzj/vkw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.13.0