changes from mac-demarco-mini on Sat Apr 18 19:05:32 PDT 2026

2026-04-18 19:05:32 -07:00
parent 34ecc09def
commit 7daad01eb8
16 changed files with 605 additions and 9 deletions
--- a/nix-darwin/.claude/settings.local.json
+++ b/nix-darwin/.claude/settings.local.json
@@ -0,0 +1,10 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(sudo darwin-rebuild switch:*)",
+      "Bash(darwin-rebuild switch:*)"
+    ],
+    "deny": [],
+    "ask": []
+  }
+}
--- a/nix-darwin/aaa
+++ b/nix-darwin/aaa
--- a/nix-darwin/create-user.sh
+++ b/nix-darwin/create-user.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+#!/bin/bash
+
+# Exit on any error
+set -e
+
+# Define variables
+USERNAME="gitearunner"
+
+# Function to check if script is run as root
+check_root() {
+    if [ "$(id -u)" != "0" ]; then
+        echo "This script must be run as root" 1>&2
+        exit 1
+    fi
+}
+
+# Function to create system user
+create_system_user() {
+    # Generate a unique ID (you may need to adjust this logic)
+    UNIQUE_ID=$(dscl . -list /Users UniqueID | awk '{print $2}' | sort -n | tail -1)
+    UNIQUE_ID=$((UNIQUE_ID+1))
+
+    dscl . -create /Users/$USERNAME
+    dscl . -create /Users/$USERNAME RealName "Gitea Runner"
+    dscl . -create /Users/$USERNAME UniqueID $UNIQUE_ID
+    dscl . -create /Users/$USERNAME PrimaryGroupID 20  # 20 is the 'staff' group
+    dscl . -create /Users/$USERNAME NFSHomeDirectory /var/lib/gitea-runner/nix
+    dscl . -create /Users/$USERNAME IsHidden 1
+    /usr/bin/dscl . -create /Users/$USERNAME Password "*"
+
+    echo "System user $USERNAME created with UID $UNIQUE_ID."
+}
+
+# Main execution
+check_root
+create_system_user
+
+echo "Setup complete. The $USERNAME system user has been created."
--- a/nix-darwin/flake.nix
+++ b/nix-darwin/flake.nix
@@ -87,7 +87,7 @@
          url = "https://dev.railbird.ai";
          tokenFile = config.age.secrets.gitea-runner-token.path;
          labels = [
-            "nix-darwin-${pkgs.system}:host"
+            "nix-darwin-${pkgs.stdenv.hostPlatform.system}:host"
            "macos-aarch64-darwin"
            "nix:host"
          ];
--- a/nix-darwin/flake.nix.save
+++ b/nix-darwin/flake.nix.save
@@ -0,0 +1,209 @@
+{
+  description = "Example Darwin system flake";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nix-darwin.url = "github:LnL7/nix-darwin";
+    nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
+    railbird-secrets = {
+      url = "git+ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git";
+    };
+    nix-homebrew.url = "github:zhaofengli-wip/nix-homebrew";
+
+    # Optional: Declarative tap management
+    homebrew-core = {
+      url = "github:homebrew/homebrew-core";
+      flake = false;
+    };
+    homebrew-cask = {
+      url = "github:homebrew/homebrew-cask";
+      flake = false;
+    };
+    home-manager.url = "github:nix-community/home-manager";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = inputs@{ self, nix-darwin, nixpkgs, home-manager, ... }:
+  let
+    libDir = ../dotfiles/lib;
+    configuration = { pkgs, config, ... }: {
+      networking.hostName = "mac-demarco-mini";
+      imports = [ (import ./gitea-actions-runner.nix) ];
+      services.gitea-actions-runner = {
+        user = "gitea-runner";
+        instances.nix = {
+          enable = true;
+          name = config.networking.hostName;
+          url = "https://dev.railbird.ai";
+          token = "H0A7YXAWsKSp9QzvMymfJI12hbxwR7UerEHpCJUe";
+          labels = [
+            "nix-darwin-${pkgs.system}:host"
+            "macos-aarch64-darwin"
+            "nix:host"
+          ];
+          settings = {
+            cache = {
+              enabled = true;
+            };
+            host = {
+              workdir_parent = "/var/lib/gitea-runner/action-cache-dir";
+            };
+          };
+          hostPackages = with pkgs; [
+            bash
+            coreutils
+            curl
+            direnv
+            gawk
+            just
+            git-lfs
+            isort
+            gitFull
+            gnused
+            ncdu
+            nixFlakes
+            nodejs
+            openssh
+            wget
+          ];
+        };
+      };
+
+      launchd.daemons.gitea-runner-nix.serviceConfig.EnvironmentVariables = {
+        XDG_CONFIG_HOME = "/var/lib/gitea-runner";
+        XDG_CACHE_HOME = "/var/lib/gitea-runner/.cache";
+        XDG_RUNTIME_DIR = "/var/lib/gitea-runner/tmp";
+      };
+
+      system.primaryUser = "kat";
+
+      # launchd.daemons.gitea-runner-restarter = {
+      #   serviceConfig = {
+      #     ProgramArguments = [
+      #       "/usr/bin/env"
+      #       "bash"
+      #       "-c"
+      #       ''
+      #         SERVICE_NAME="org.nixos.gitea-runner-nix"
+      #         while true; do
+      #         # Check the second column of launchctl list output for our service
+      #         EXIT_CODE=$(sudo launchctl list | grep "$SERVICE_NAME" | awk '{print $2}')
+      #         if [ -z "$EXIT_CODE" ]; then
+      #         echo "$(date): $SERVICE_NAME is running correctly. Terminating the restarter."
+      #         exit 0
+      #         else
+      #         echo "$(date): $SERVICE_NAME is not running or in error state. Attempting to restart..."
+      #         sudo launchctl bootout system/$SERVICE_NAME 2>/dev/null || true
+      #         sudo launchctl load /Library/LaunchDaemons/$SERVICE_NAME.plist
+      #         sleep 2  # Give the service some time to start
+      #         fi
+      #         done
+      #       ''
+      #     ];
+      #     RunAtLoad = true;
+      #     ThrottleInterval = 300;
+      #   };
+      # };
+
+      launchd.daemons.does-anything-work = {
+        serviceConfig = {
+          ProgramArguments = ["/usr/bin/env" "bash" "-c" "date > /var/log/does-anything-work"];
+          RunAtLoad = true;
+        };
+      };
+
+      nixpkgs.overlays = [(import ../nixos/overlay.nix)];
+      environment.systemPackages = with pkgs; [
+        #python-with-my-packages
+        emacs
+        alejandra
+        cocoapods
+        gitFull
+        just
+        tmux
+        htop
+        nodePackages.prettier
+        nodejs
+        ripgrep
+        slack
+        typescript
+        vim
+        yarn
+      ];
+
+      nixpkgs.config.allowUnfree = true;
+
+
+      # Auto upgrade nix package and the daemon service.
+      launchd.user.envVariables.PATH = config.environment.systemPath;
+
+      programs.direnv.enable = true;
+
+      # Necessary for using flakes on this system.
+      nix.settings.experimental-features = "nix-command flakes";
+
+
+      # Set Git commit hash for darwin-version.
+      system.configurationRevision = self.rev or self.dirtyRev or null;
+
+      # Used for backwards compatibility, please read the changelog before changing
+      system.stateVersion = 4;
+
+      # The platform the configuration will be used on.
+      nixpkgs.hostPlatform = "aarch64-darwin";
+      users.users.kat.openssh.authorizedKeys.keys = inputs.railbird-secrets.keys.kanivanKeys;
+      users.users.gitea-runner = {
+        name = "gitea-runner";
+        isHidden = false;
+        home = "/Users/gitea-runner";
+        createHome = false;
+      };
+
+      home-manager.useGlobalPkgs = true;      home-manager.useUserPackages = true;
+
+      users.users.kat = {
+        name = "kat";
+        home = "/Users/kat";
+      };
+
+      programs.zsh = {
+        enable = true;
+        shellInit = ''
+          fpath+="${libDir}/functions"
+          for file in "${libDir}/functions/"*
+          do
+          autoload "''${file##*/}"
+          done
+        '';
+        interactiveShellInit = ''
+          # eval "$(register-python-argcomplete prb)"
+          # eval "$(register-python-argcomplete prod-prb)"
+          # eval "$(register-python-argcomplete railbird)"
+          # [ -n "$EAT_SHELL_INTEGRATION_DIR" ] && source "$EAT_SHELL_INTEGRATION_DIR/zsh"
+
+          autoload -Uz bracketed-paste-magic
+          zle -N bracketed-paste bracketed-paste-magic
+        '';
+      };
+
+      home-manager.users.kat = {
+        programs.starship = {
+          enable = true;
+        };
+        programs.zsh.enable = true;
+        home.stateVersion = "24.05";
+      };
+    };
+  in
+  {
+    darwinConfigurations."mac-demarco-mini" = nix-darwin.lib.darwinSystem {
+      modules = [
+        home-manager.darwinModules.home-manager
+        configuration
+      ];
+    };
+
+    # Expose the package set, including overlays, for convenience.
+    darwinPackages = self.darwinConfigurations."mac-demarco-mini".pkgs;
+  };
+}
--- a/nix-darwin/gitea-log.log
+++ b/nix-darwin/gitea-log.log
--- a/nix-darwin/gitea-log.stderr
+++ b/nix-darwin/gitea-log.stderr
--- a/nix-darwin/home/kat.nix
+++ b/nix-darwin/home/kat.nix
@@ -22,7 +22,7 @@
    repositories = {
      org = {
        path = "/Users/kat/org";
-        uri = "ssh://gitea@1896Folsom.duckdns.org:1123/kkathuang/org.git";
+        uri = "git@github.com:colonelpanic8/org.git";
        interval = 180;
      };
      password-store = {
--- a/nix-darwin/result
+++ b/nix-darwin/result
@@ -0,0 +1 @@
+/nix/store/n2y9x01zld5simp7y6vnblddq8bnykmm-darwin-system-26.05.06648f4
--- a/nix-darwin/switch-gitea-runner.sh
+++ b/nix-darwin/switch-gitea-runner.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+mkdir -p /var/log/gitea-runner/
+chown -R $1 /var/log/gitea-runner
+chmod 755 /var/log/gitea-runner
+
+mkdir -p /var/lib/gitea-runner/nix
+chown -R $1 /var/lib/gitea-runner
+chmod 755 /var/lib/gitea-runner
				`@@ -0,0 +1 @@`
				`/nix/store/n2y9x01zld5simp7y6vnblddq8bnykmm-darwin-system-26.05.06648f4`