diff --git a/flake.lock b/flake.lock index cac82d8..fc0e579 100644 --- a/flake.lock +++ b/flake.lock @@ -1,34 +1,5 @@ { "nodes": { - "container-flake": { - "inputs": { - "nixpkgs": "nixpkgs", - "o4dev-admin": "o4dev-admin", - "o4dev-backend": "o4dev-backend", - "o4dev-workflows": "o4dev-workflows", - "production-admin": "production-admin", - "production-backend": "production-backend", - "production-workflows": "production-workflows", - "sops-nix": "sops-nix", - "staging-admin": "staging-admin", - "staging-backend": "staging-backend", - "staging-workflows": "staging-workflows" - }, - "locked": { - "lastModified": 1779016756, - "narHash": "sha256-3JVsqxbWOQTl8i1o8xq4WXXuWzZukAIXrGff266SkeE=", - "ref": "refs/heads/feat/o4dev", - "rev": "4223b65050b99382ddaaa366cf046035a4ce847c", - "revCount": 25, - "type": "git", - "url": "ssh://gitea@git.inclyc.cn:20122/oparic/container-flake" - }, - "original": { - "ref": "refs/heads/feat/o4dev", - "type": "git", - "url": "ssh://gitea@git.inclyc.cn:20122/oparic/container-flake" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -322,7 +293,7 @@ "inputs": { "flake-utils": "flake-utils", "nixpkgs": [ - "container-flake", + "oparic-flakes", "nixpkgs" ] }, @@ -345,7 +316,7 @@ "inputs": { "flake-utils": "flake-utils_2", "nixpkgs": [ - "container-flake", + "oparic-flakes", "nixpkgs" ] }, @@ -368,7 +339,7 @@ "inputs": { "flake-utils": "flake-utils_3", "nixpkgs": [ - "container-flake", + "oparic-flakes", "nixpkgs" ] }, @@ -387,11 +358,36 @@ "url": "ssh://gitea@git.inclyc.cn:20122/oparic/workflows" } }, + "oparic-flakes": { + "inputs": { + "nixpkgs": "nixpkgs", + "production-admin": "production-admin", + "production-backend": "production-backend", + "production-workflows": "production-workflows", + "sops-nix": "sops-nix", + "staging-admin": "staging-admin", + "staging-backend": "staging-backend", + "staging-workflows": "staging-workflows" + }, + "locked": { + "lastModified": 1779018524, + "narHash": "sha256-F4B2BMAFTwNbyAVNF95jTGSN+neogbqzpzkfFbJVzqU=", + "ref": "refs/heads/main", + "rev": "5c8b28a88f27fd88e9afb06d21cbf0ac19f7dcaf", + "revCount": 26, + "type": "git", + "url": "ssh://gitea@git.inclyc.cn:20122/oparic/container-flake" + }, + "original": { + "type": "git", + "url": "ssh://gitea@git.inclyc.cn:20122/oparic/container-flake" + } + }, "production-admin": { "inputs": { "flake-utils": "flake-utils_4", "nixpkgs": [ - "container-flake", + "oparic-flakes", "nixpkgs" ] }, @@ -414,7 +410,7 @@ "inputs": { "flake-utils": "flake-utils_5", "nixpkgs": [ - "container-flake", + "oparic-flakes", "nixpkgs" ] }, @@ -437,7 +433,7 @@ "inputs": { "flake-utils": "flake-utils_6", "nixpkgs": [ - "container-flake", + "oparic-flakes", "nixpkgs" ] }, @@ -458,19 +454,22 @@ }, "root": { "inputs": { - "container-flake": "container-flake", "darwin": "darwin", "home-manager": "home-manager", "home-manager-darwin": "home-manager-darwin", "nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-linux": "nixpkgs-linux", + "o4dev-admin": "o4dev-admin", + "o4dev-backend": "o4dev-backend", + "o4dev-workflows": "o4dev-workflows", + "oparic-flakes": "oparic-flakes", "sops-nix": "sops-nix_2" } }, "sops-nix": { "inputs": { "nixpkgs": [ - "container-flake", + "oparic-flakes", "nixpkgs" ] }, @@ -510,7 +509,7 @@ "inputs": { "flake-utils": "flake-utils_7", "nixpkgs": [ - "container-flake", + "oparic-flakes", "nixpkgs" ] }, @@ -533,7 +532,7 @@ "inputs": { "flake-utils": "flake-utils_8", "nixpkgs": [ - "container-flake", + "oparic-flakes", "nixpkgs" ] }, @@ -556,7 +555,7 @@ "inputs": { "flake-utils": "flake-utils_9", "nixpkgs": [ - "container-flake", + "oparic-flakes", "nixpkgs" ] }, diff --git a/flake.nix b/flake.nix index 2674a0f..664bc3a 100644 --- a/flake.nix +++ b/flake.nix @@ -17,12 +17,32 @@ inputs.nixpkgs.follows = "nixpkgs-darwin"; }; sops-nix.url = "github:Mic92/sops-nix"; - container-flake = { - url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/container-flake?ref=refs/heads/feat/o4dev"; + oparic-flakes.url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/container-flake"; + o4dev-backend = { + url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/backend?ref=refs/heads/main"; + inputs.nixpkgs.follows = "oparic-flakes/nixpkgs"; + }; + o4dev-admin = { + url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/admin?ref=refs/heads/main"; + inputs.nixpkgs.follows = "oparic-flakes/nixpkgs"; + }; + o4dev-workflows = { + url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/workflows?ref=refs/heads/main"; + inputs.nixpkgs.follows = "oparic-flakes/nixpkgs"; }; }; - outputs = { nixpkgs-linux, nixpkgs-darwin, home-manager, home-manager-darwin, ... }@inputs: { + outputs = { nixpkgs-linux, nixpkgs-darwin, home-manager, home-manager-darwin, ... }@inputs: + let + o4devContainer = inputs.oparic-flakes.lib.mkOparicContainer { + name = "o4dev"; + containerConfig = import ./hosts/oparic-local-dev/containers/o4dev/config.nix; + secretsFile = ./hosts/oparic-local-dev/containers/o4dev/secrets.yaml; + backendInput = inputs.o4dev-backend; + adminInput = inputs.o4dev-admin; + workflowsInput = inputs.o4dev-workflows; + }; + in { nixosConfigurations = { "eris" = nixpkgs-linux.lib.nixosSystem { system = "x86_64-linux"; @@ -33,7 +53,7 @@ }; "oparic-local-dev" = nixpkgs-linux.lib.nixosSystem { system = "x86_64-linux"; - specialArgs = { inherit inputs; }; + specialArgs = { inherit inputs o4devContainer; }; modules = [ ./hosts/oparic-local-dev/configuration.nix ]; diff --git a/hosts/oparic-local-dev/configuration.nix b/hosts/oparic-local-dev/configuration.nix index 6b498d9..e4bcc62 100644 --- a/hosts/oparic-local-dev/configuration.nix +++ b/hosts/oparic-local-dev/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, ... }: +{ config, lib, pkgs, inputs, o4devContainer, ... }: { imports = @@ -149,7 +149,7 @@ hostPort = 40000; protocol = "tcp"; }]; - path = inputs.container-flake.nixosConfigurations.o4dev.config.system.build.toplevel; + path = o4devContainer.config.system.build.toplevel; }; system.stateVersion = "23.11"; diff --git a/hosts/oparic-local-dev/containers/o4dev/config.nix b/hosts/oparic-local-dev/containers/o4dev/config.nix new file mode 100644 index 0000000..6a8ef00 --- /dev/null +++ b/hosts/oparic-local-dev/containers/o4dev/config.nix @@ -0,0 +1,24 @@ +{ + domainSuffix = "oparic.luo.ee"; + dataDir = "/data"; + + backend = { + port = 54289; + chatApiBaseUrl = "https://api.deepseek.com/v1"; + suggestTitleModel = "deepseek-chat"; + }; + + applogGateway = { + port = 9100; + }; + + clickhouse = { + httpPort = 8123; + database = "oparic_applog"; + }; + + admin = { + basicauthUser = "admin"; + basicauthHash = "$2a$14$oeoymHjMd5cPY3jWtbLax.Uyo4nvNLf/CbnbbjwclfYDhEzfBmc1C"; + }; +} diff --git a/hosts/oparic-local-dev/containers/o4dev/secrets.yaml b/hosts/oparic-local-dev/containers/o4dev/secrets.yaml new file mode 100644 index 0000000..5748bbc --- /dev/null +++ b/hosts/oparic-local-dev/containers/o4dev/secrets.yaml @@ -0,0 +1,17 @@ +oparic: + backend: ENC[AES256_GCM,data:GSyPaHF56jqubIDxhbhJJuFfoFuWWudWQqJHFZtftHnG1gC02kBurGTMdS+zLKhRueWWwPYp9RjWoP1I+nzUjrtGzy9muAm4cECwpMup/7w14wRy+7SpfmqmcMY2n5zljV/Cg856RTHauQUyGYLChlLG3PtXwgxr6eDn5q7yO46qv43uPdkzr8QO5U/Q0V2lNsW4r00n4rpaB/oIgoWIx8SVLL9tCOlOGzpudlmIHqj0Sotqc/na+OSFkLLQvsg4O4jd+Leuze65B7RvtwesYcxje+uiGoYrn2YJWPyfA8fdIQwSLBjEz1fQUNPhIY/fpDt2+3/VxV/K1UmS2loYpTYjOsCT6UYJWLXNzeNp/KLu5oGMvt846U5oGIBETgzPm7ExgiVtWvG5Kp444JgT+DhGaiCzxV3fFgoSDALP7FguKWNKd0MuTYJbmFyunM4g+Y3vo5NrF/zVJmMnXlJ7KBQrJw==,iv:M/ORauW8DWc5/c+3pLyeOXdT+i7jpLcyrathDKS1V2o=,tag:wGqKUkxOLOC5ttcJcyBuRw==,type:str] +sops: + age: + - enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOEw2TiswN25nWEZaSEFo + czFUWmV0dVJKQ3JIRnF3TzV2YXZ5L0ROQ1ZnCnYwZUFmMzIwWWJEUWlkTVpOa3A2 + cHA4UWg3SGdHNkFPOHIxMks4OWV0TUEKLS0tIEF4OUt4NHk1QThnM0dwL3RtMitj + UkxzbDhJejA4a0V1Lzd6d0JQSzAyUWMKqhUWjNPpsBrrALq7un53Qxhbp/RfKx67 + tp3NWjMly9FI3RR+clQ82ZYaIK0Bm3YAlRI+wdzM7OiAbhNZdwh3Hw== + -----END AGE ENCRYPTED FILE----- + recipient: age1e80f6ea37ha7udmcctaggak9l44khtcn6e966fhcldrzjjxwzals65yasf + lastmodified: "2026-05-17T11:17:24Z" + mac: ENC[AES256_GCM,data:DGTgnEl+ehkA3zLDueXdcfaTgCzAsa1fp7ZAuUl8DOsltF0rCSf4Nc5mGqSsaIyZphkzibU1e/ZD259s3Uw12ZojBG/AWPhVMgr6SxpKpKjQSl+a1dg+8nZuAR7OXoLZUSMWO3H8xkyusA2UrQXMKEmDruZTdhB7abP6vwySUS0=,iv:JBMiqCayLCSVMcbPWWJUsVCNjrXTvKmf8nTAipib+3Y=,tag:aPD0ddGNONtrW7kbzj/vkw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.13.0