Fix actions runner in macos

Actions runner working
Actions runner runs as kat
2024-10-08 23:24:45 -06:00 · 2024-10-08 23:24:45 -06:00 · 2024-10-08 23:24:45 -06:00 · 2024-10-08 23:24:45 -06:00 · 2024-10-08 23:24:45 -06:00 · 2024-10-08 23:24:45 -06:00
24 changed files with 584 additions and 73 deletions
--- a/dotfiles/emacs.d/.mc-lists.el
+++ b/dotfiles/emacs.d/.mc-lists.el
@ -4,6 +4,7 @@
 (setq mc/cmds-to-run-for-all
      '(
        TeX-insert-backslash
        align
        backward-sexp
        beginning-of-buffer
        beginning-of-visual-line
--- a/dotfiles/emacs.d/snippets/python-mode/inp
+++ b/dotfiles/emacs.d/snippets/python-mode/inp
@ -0,0 +1,5 @@
 # -*- mode: snippet -*-
 # name: inp
 # key: inp
 # --
 import numpy as np
--- a/dotfiles/emacs.d/snippets/python-mode/isa
+++ b/dotfiles/emacs.d/snippets/python-mode/isa
@ -0,0 +1,5 @@
 # -*- mode: snippet -*-
 # name: isa
 # key: isa
 # --
 import sqlalchemy as sa
--- a/nix-darwin/flake.lock
+++ b/nix-darwin/flake.lock
@ -3,7 +3,7 @@
    "agenix": {
      "inputs": {
        "darwin": "darwin",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
        "nixpkgs": [
          "railbird-secrets",
          "nixpkgs"
@ -101,6 +101,26 @@
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1723399884,
        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "railbird-secrets",
@ -296,6 +316,7 @@
    },
    "root": {
      "inputs": {
        "home-manager": "home-manager",
        "homebrew-cask": "homebrew-cask",
        "homebrew-core": "homebrew-core",
        "nix-darwin": "nix-darwin",
--- a/nix-darwin/flake.nix
+++ b/nix-darwin/flake.nix
@ -19,21 +19,114 @@
      url = "github:homebrew/homebrew-cask";
      flake = false;
    };
-
+    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
  };
-  outputs = inputs@{ self, nix-darwin, nixpkgs, ... }:
+  outputs = inputs@{ self, nix-darwin, nixpkgs, home-manager, ... }:
  let
    libDir = ../dotfiles/lib;
    configuration = { pkgs, config, ... }: {
      networking.hostName = "mac-demarco-mini";
      imports = [ (import ./gitea-actions-runner.nix) ];
      services.gitea-actions-runner = {
        user = "gitea-runner";
        instances.nix = {
          enable = true;
          name = config.networking.hostName;
          url = "https://dev.railbird.ai";
          token = "H0A7YXAWsKSp9QzvMymfJI12hbxwR7UerEHpCJUe";
          labels = [
            "nix-darwin-${pkgs.system}:host"
            "macos-aarch64-darwin"
            "nix:host"
          ];
          settings = {
            cache = {
              enabled = true;
            };
            host = {
              workdir_parent = "/var/lib/gitea-runner/action-cache-dir";
            };
          };
          hostPackages = with pkgs; [
            bash
            coreutils
            curl
            direnv
            gawk
            just
            git-lfs
            isort
            gitFull
            gnused
            ncdu
            nixFlakes
            nodejs
            openssh
            wget
          ];
        };
      };
      launchd.daemons.gitea-runner-nix.serviceConfig.EnvironmentVariables = {
        XDG_CONFIG_HOME = "/var/lib/gitea-runner";
        XDG_CACHE_HOME = "/var/lib/gitea-runner/.cache";
        XDG_RUNTIME_DIR = "/var/lib/gitea-runner/tmp";
      };
      # launchd.daemons.gitea-runner-restarter = {
      #   serviceConfig = {
      #     ProgramArguments = [
      #       "/usr/bin/env"
      #       "bash"
      #       "-c"
      #       ''
      #         SERVICE_NAME="org.nixos.gitea-runner-nix"
      #         while true; do
      #         # Check the second column of launchctl list output for our service
      #         EXIT_CODE=$(sudo launchctl list | grep "$SERVICE_NAME" | awk '{print $2}')
      #         if [ -z "$EXIT_CODE" ]; then
      #         echo "$(date): $SERVICE_NAME is running correctly. Terminating the restarter."
      #         exit 0
      #         else
      #         echo "$(date): $SERVICE_NAME is not running or in error state. Attempting to restart..."
      #         sudo launchctl bootout system/$SERVICE_NAME 2>/dev/null || true
      #         sudo launchctl load /Library/LaunchDaemons/$SERVICE_NAME.plist
      #         sleep 2  # Give the service some time to start
      #         fi
      #         done
      #       ''
      #     ];
      #     RunAtLoad = true;
      #     ThrottleInterval = 300;
      #   };
      # };
      launchd.daemons.does-anything-work = {
        serviceConfig = {
          ProgramArguments = ["/usr/bin/env" "bash" "-c" "date > /var/log/does-anything-work"];
          RunAtLoad = true;
        };
      };
      nixpkgs.overlays = [(import ../nixos/overlay.nix)];
      environment.systemPackages = with pkgs; [
        python-with-my-packages
 	      emacs
-        slack
+        alejandra
        cocoapods
        gitFull
        ripgrep
        yarn
        nodePackages.prettier
        vim
        just
        tmux
        htop
        nodePackages.prettier
        nodejs
        ripgrep
        slack
        typescript
        vim
        yarn
      ];
      nixpkgs.config.allowUnfree = true;
@ -48,26 +141,63 @@
      # Necessary for using flakes on this system.
      nix.settings.experimental-features = "nix-command flakes";
      # Create /etc/zshrc that loads the nix-darwin environment.
      programs.zsh.enable = true;
      # Set Git commit hash for darwin-version.
      system.configurationRevision = self.rev or self.dirtyRev or null;
-      # Used for backwards compatibility, please read the changelog before changing.
+      # Used for backwards compatibility, please read the changelog before changing
      # $ darwin-rebuild changelog
      system.stateVersion = 4;
      # The platform the configuration will be used on.
      nixpkgs.hostPlatform = "aarch64-darwin";
      users.users.kat.openssh.authorizedKeys.keys = inputs.railbird-secrets.keys.kanivanKeys;
      users.users.gitea-runner = {
        name = "gitea-runner";
        isHidden = false;
        home = "/Users/gitea-runner";
        createHome = false;
      };
      home-manager.useGlobalPkgs = true;      home-manager.useUserPackages = true;
      users.users.kat = {
        name = "kat";
        home = "/Users/kat";
      };
      programs.zsh = {
        enable = true;
        shellInit = ''
          fpath+="${libDir}/functions"
          for file in "${libDir}/functions/"*
          do
          autoload "''${file##*/}"
          done
        '';
        interactiveShellInit = ''
          # eval "$(register-python-argcomplete prb)"
          # eval "$(register-python-argcomplete prod-prb)"
          # eval "$(register-python-argcomplete railbird)"
          # [ -n "$EAT_SHELL_INTEGRATION_DIR" ] && source "$EAT_SHELL_INTEGRATION_DIR/zsh"
          autoload -Uz bracketed-paste-magic
          zle -N bracketed-paste bracketed-paste-magic
        '';
      };
      home-manager.users.kat = {
        programs.starship = {
          enable = true;
        };
        programs.zsh.enable = true;
        home.stateVersion = "24.05";
      };
    };
  in
  {
-    # Build darwin flake using:
+    darwinConfigurations."mac-demarco-mini" = nix-darwin.lib.darwinSystem {
    # $ darwin-rebuild build --flake .#Kats-Mac-mini
    darwinConfigurations."Kats-Mac-mini" = nix-darwin.lib.darwinSystem {
      modules = [
        home-manager.darwinModules.home-manager
        configuration
      ];
    };
--- a/nix-darwin/gitea-actions-runner.nix
+++ b/nix-darwin/gitea-actions-runner.nix
@ -0,0 +1,176 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.services.gitea-actions-runner;
  settingsFormat = pkgs.formats.yaml {};
  hasDockerScheme = instance:
    instance.labels == [] || any (label: hasInfix ":docker:" label) instance.labels;
  wantsContainerRuntime = any hasDockerScheme (attrValues cfg.instances);
  hasHostScheme = instance: any (label: hasSuffix ":host" label) instance.labels;
  tokenXorTokenFile = instance:
    (instance.token == null && instance.tokenFile != null)
    || (instance.token != null && instance.tokenFile == null);
 in {
  options.services.gitea-actions-runner = {
    package = mkOption {
      type = types.package;
      default = pkgs.gitea-actions-runner;
      defaultText = literalExpression "pkgs.gitea-actions-runner";
      description = "The gitea-actions-runner package to use.";
    };
    user = mkOption {
      type = types.str;
      default = "gitea-runner";
      description = "The user account under which the Gitea Actions Runner should run.";
    };
    instances = mkOption {
      default = {};
      description = "Gitea Actions Runner instances.";
      type = types.attrsOf (types.submodule {
        options = {
          enable = mkEnableOption "Gitea Actions Runner instance";
          name = mkOption {
            type = types.str;
            example = "my-runner";
            description = "The name identifying the runner instance towards the Gitea/Forgejo instance.";
          };
          url = mkOption {
            type = types.str;
            example = "https://forge.example.com";
            description = "Base URL of your Gitea/Forgejo instance.";
          };
          token = mkOption {
            type = types.nullOr types.str;
            default = null;
            description = "Plain token to register at the configured Gitea/Forgejo instance.";
          };
          tokenFile = mkOption {
            type = types.nullOr (types.either types.str types.path);
            default = null;
            description = "Path to a file containing the token to register at the configured Gitea/Forgejo instance.";
          };
          labels = mkOption {
            type = types.listOf types.str;
            default = [];
            example = ["macos:host" "x86_64:host"];
            description = "Labels used to map jobs to their runtime environment.";
          };
          settings = mkOption {
            description = "Configuration for `act_runner daemon`.";
            type = types.submodule {
              freeformType = settingsFormat.type;
            };
            default = {};
          };
          hostPackages = mkOption {
            type = types.listOf types.package;
            default = with pkgs; [
              bash
              coreutils
              curl
              gawk
              git
              gnused
              nodejs
              wget
              openssh
            ];
            description = "List of packages available to actions when the runner is configured with a host execution label.";
          };
        };
      });
    };
  };
  config = mkIf (cfg.instances != {}) {
    assertions = [
      {
        assertion = all tokenXorTokenFile (attrValues cfg.instances);
        message = "Instances of gitea-actions-runner can have `token` or `tokenFile`, not both.";
      }
    ];
    users.users.${cfg.user} = {
      name = cfg.user;
      description = "Gitea Actions Runner user";
    };
    launchd.daemons =
      (mapAttrs' (
          name: instance:
            nameValuePair "gitea-runner-${name}" {
              serviceConfig = {
                ProgramArguments = [
                  "/usr/bin/env"
                  "bash"
                  "-c"
                  ''
                    cd /var/lib/gitea-runner/${name}
                    exec ${cfg.package}/bin/act_runner daemon --config ${settingsFormat.generate "config.yaml" instance.settings}
                  ''
                ];
                KeepAlive = true;
                ThrottleInterval = 5;
                SessionCreate = true;
                UserName = cfg.user;
                GroupName = "staff";
                WorkingDirectory = "/var/lib/gitea-runner/${name}";
                EnvironmentVariables = {
                  PATH = (lib.makeBinPath (instance.hostPackages ++ [cfg.package])) + ":/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin";
                };
              };
            }
        )
        cfg.instances)
      // (mapAttrs' (
          name: instance:
            nameValuePair "gitea-runner-setup-${name}"
            {
              serviceConfig = {
                EnvironmentVariables =
                  {}
                  // optionalAttrs (instance.token != null) {
                    TOKEN = instance.token;
                  };
                RunAtLoad = true;
                ProgramArguments = [
                  "${pkgs.writeShellScript "gitea-runner-setup-${name}" ''
                    mkdir -p /var/lib/gitea-runner/${name}
                    cd /var/lib/gitea-runner/${name}
                    if [ ! -e "/var/lib/gitea-runner/${name}/.runner" ]; then
                        ${cfg.package}/bin/act_runner register --no-interactive \
                        --instance ${escapeShellArg instance.url} \
                        --token "$TOKEN" \
                        --name ${escapeShellArg instance.name} \
                        --labels ${escapeShellArg (concatStringsSep "," instance.labels)} \
                        --config ${settingsFormat.generate "config.yaml" instance.settings}
                    fi
                    # Start the runner
                    chown -R ${cfg.user} /var/lib/gitea-runner
                    chown -R ${cfg.user} /var/log/gitea-runner
                  ''}"
                ];
              };
            }
        )
        cfg.instances);
  };
 }
--- a/nixos/base.nix
+++ b/nixos/base.nix
@ -70,5 +70,5 @@ makeEnable config "myModules.base" true {
  programs.dconf.enable = true;
  home-manager.users = forEachUser (import ./home-manager.nix);
-  nix.settings.trusted-users = realUsers;
+  nix.settings.trusted-users = realUsers ++ ["gitea-runner"];
 }
--- a/nixos/gitea-runner.nix
+++ b/nixos/gitea-runner.nix
@ -1,7 +1,7 @@
 { pkgs, config, makeEnable, ... }:
 makeEnable config "myModules.gitea-runner" false {
  age.secrets.gitea-runner-token = {
-    file = ./secrets/gitea-runner-token.${config.networking.hostName}.age;
+    file = ./secrets/gitea-runner-token.age;
    group = "docker";
  };
--- a/nixos/k3s.nix
+++ b/nixos/k3s.nix
@ -1,23 +1,96 @@
-{ config, makeEnable, ... }:
+{
-makeEnable config "myModules.railbird-k3s" false {
+  pkgs,
-  services.k3s = {
+  config,
-    enable = true;
+  lib,
-    role = "server";
+  ...
-    clusterInit = true;
+}:
-    containerdConfigTemplate = ''
+with lib; let
-      {{ template "base" . }}
+  cfg = config.myModules.railbird-k3s;
-
+  mount-path = "/var/lib/railbird/bucket";
-      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia]
+  bucket-name = "railbird-dev-videos";
-      privileged_without_host_devices = false
+in {
-      runtime_engine = ""
+  options = {
-      runtime_root = ""
+    myModules.railbird-k3s = {
-      runtime_type = "io.containerd.runc.v2"
+      enable = mkEnableOption "railbird k3s";
-
+      serverAddr = mkOption {
-      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options]
+        type = lib.types.str;
-      BinaryName = "/run/current-system/sw/bin/nvidia-container-runtime"
+        default = "";
-    '';
+      };
-    gracefulNodeShutdown = {
+    };
  };
  config = mkIf cfg.enable {
    age.secrets."1896Folsom-k3s-token.age".file = ./secrets/1896Folsom-k3s-token.age;
    age.secrets."k3s-registry.yaml.age".file = ./secrets/k3s-registry.yaml.age;
    age.secrets.api-service-key = {
      file = ./secrets/api_service_account_key.json.age;
      owner = "railbird";
      group = "users";
    };
    environment.etc."rancher/k3s/registries.yaml".source = config.age.secrets."k3s-registry.yaml.age".path;
    services.dockerRegistry = {
      enable = true;
      listenAddress = "0.0.0.0";
      port = 5279;
      enableDelete = true;
      enableGarbageCollect = true;
    };
    systemd.services.mount-railbird-bucket = {
      after = ["agenix.service"];
      description = "Mount railbird bucket";
      serviceConfig = {
        Type = "simple";
        RemainAfterExit = true;
        ExecStartPre = [
          "-${pkgs.util-linux}/bin/umount -f ${mount-path}"
          "${pkgs.coreutils}/bin/mkdir -p ${mount-path}"
          "${pkgs.coreutils}/bin/chown railbird:users ${mount-path}"
          "${pkgs.coreutils}/bin/chmod 0775 ${mount-path}"
        ];
        ExecStart = "${pkgs.gcsfuse}/bin/gcsfuse --implicit-dirs --key-file ${config.age.secrets.api-service-key.path} ${bucket-name} ${mount-path}";
        User = "root";
      };
    };
    services.k3s = {
      enable = true;
      clusterInit = cfg.serverAddr == "";
      serverAddr = cfg.serverAddr;
      configPath = pkgs.writeTextFile {
        name = "k3s-config.yaml";
        text = ''
          kubelet-arg:
          - "eviction-hard=nodefs.available<2Gi"
          - "eviction-soft=nodefs.available<5Gi"
          - "eviction-soft-grace-period=nodefs.available=5m"
        '';
      };
      tokenFile = config.age.secrets."1896Folsom-k3s-token.age".path;
      extraFlags = [
        "--tls-san ryzen-shine.local"
        "--tls-san nixquick.local"
        "--tls-san biskcomp.local"
        "--tls-san jimi-hendnix.local"
        "--tls-san dev.railbird.ai"
        "--node-label nixos-nvidia-cdi=enabled"
      ];
      containerdConfigTemplate = ''
        {{ template "base" . }}
        [plugins]
        "io.containerd.grpc.v1.cri".enable_cdi = true
        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia]
        privileged_without_host_devices = false
        runtime_engine = ""
        runtime_root = ""
        runtime_type = "io.containerd.runc.v2"
        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options]
        BinaryName = "/run/current-system/sw/bin/nvidia-container-runtime"
      '';
      gracefulNodeShutdown = {
        enable = true;
      };
    };
  };
 }
--- a/nixos/keys.nix
+++ b/nixos/keys.nix
@ -23,6 +23,7 @@ rec {
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFrOYD3ReFc2+xFUylBFHREcm1lO7BRJGW5JrOoY3I8s ivanm@strixi-minaj"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYy93265G59aA1ksckjqlfeHq0vpEpzC8BwqCrpeXdh kat@Kats-Mac-mini.local"
  ];
  deanKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan"
--- a/nixos/machines/biskcomp.nix
+++ b/nixos/machines/biskcomp.nix
@ -33,6 +33,12 @@ in
  myModules.gitea.enable = true;
  myModules.gitea-runner.enable = false;
  myModules.railbird-k3s = {
    enable = true;
    serverAddr = "https://dev.railbird.ai:6443";
  };
  services.k3s.disableAgent = true;
  services.vaultwarden = {
    enable = true;
    config = {
--- a/nixos/machines/jimi-hendnix.nix
+++ b/nixos/machines/jimi-hendnix.nix
@ -5,6 +5,10 @@
    ../configuration.nix
  ];
  myModules.railbird-k3s = {
    enable = true;
    serverAddr = "https://ryzen-shine.local:6443";
  };
  myModules.base.enable = true;
  myModules.desktop.enable = true;
  myModules.xmonad.enable = true;
@ -18,10 +22,7 @@
  myModules.postgres.enable = true;
  hardware.enableRedistributableFirmware = true;
-
+  myModules.nvidia.enable = true;
  # install nvidia drivers in addition to intel one
  hardware.opengl.extraPackages = [ pkgs.linuxPackages.nvidia_x11.out ];
  hardware.opengl.extraPackages32 = [ pkgs.linuxPackages.nvidia_x11.lib32 ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.kernelModules = [ "kvm-intel" ];
--- a/nixos/machines/nixquick.nix
+++ b/nixos/machines/nixquick.nix
@ -19,6 +19,10 @@
  myModules.vscode.enable = true;
  myModules.kat.enable = true;
  myModules.nvidia.enable = true;
  myModules.railbird-k3s = {
    enable = true;
    serverAddr = "https://dev.railbird.ai:6443";
  };
  networking.hostName = "nixquick";
--- a/nixos/machines/railbird-sf.nix
+++ b/nixos/machines/railbird-sf.nix
@ -12,58 +12,36 @@
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  boot.loader.systemd-boot.enable = true;
  modules.postgres.enable = true;
-  hardware.opengl.extraPackages = [ pkgs.linuxPackages.nvidia_x11.out ];
+  services.k3s.role = "agent";
-  hardware.opengl.extraPackages32 = [ pkgs.linuxPackages.nvidia_x11.lib32 ];
+  services.k3s.extraFlags = lib.mkForce ["--node-label nixos-nvidia-cdi=enabled"];
  services.xserver = {
    videoDrivers = [ "nvidia" ];
  };
  # Enable OpenGL
  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
  };
  hardware.nvidia = {
    # Modesetting is required.
    modesetting.enable = true;
    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
    powerManagement.enable = false;
    # Fine-grained power management. Turns off GPU when not in use.
    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
    powerManagement.finegrained = false;
    # Use the NVidia open source kernel module (not to be confused with the
    # independent third-party "nouveau" open source driver).
    # Support is limited to the Turing and later architectures. Full list of
    # supported GPUs is at:
    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
    # Only available from driver 515.43.04+
    # Currently alpha-quality/buggy, so false is currently the recommended setting.
    open = false;
    # Enable the Nvidia settings menu,
 	  # accessible via `nvidia-settings`.
    nvidiaSettings = true;
    # Optionally, you may need to select the appropriate driver version for your specific GPU.
    package = config.boot.kernelPackages.nvidiaPackages.stable;
  };
  features.full.enable = false;
  myModules.base.enable = true;
  myModules.desktop.enable = true;
  myModules.xmonad.enable = false;
  myModules.gnome.enable = true;
  myModules.code.enable = true;
  myModules.syncthing.enable = true;
  myModules.fonts.enable = true;
-  myModules.plasma.enable = false;
+  myModules.plasma.enable = true;
  myModules.nvidia.enable = true;
  myModules.gitea-runner.enable = true;
  myModules.railbird-k3s = {
    enable = false;
    serverAddr = "https://dev.railbird.ai:6443";
  };
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/a317d456-6f84-41ee-a149-8e466e414aae";
--- a/nixos/machines/ryzen-shine.nix
+++ b/nixos/machines/ryzen-shine.nix
@ -16,6 +16,7 @@
  };
  myModules.gitea-runner.enable = true;
  myModules.postgres.enable = true;
  myModules.railbird-k3s.enable = true;
  boot.loader.systemd-boot.configurationLimit = 5;
--- a/nixos/machines/strixi-minaj.nix
+++ b/nixos/machines/strixi-minaj.nix
@ -6,6 +6,7 @@
    inputs.nixos-hardware.nixosModules.asus-rog-strix-g834jzr
  ];
  hardware.nvidia.open = false;
  myModules.base.enable = true;
  myModules.desktop.enable = true;
  myModules.xmonad.enable = true;
--- a/nixos/nvidia.nix
+++ b/nixos/nvidia.nix
@ -4,7 +4,10 @@ makeEnable config "myModules.nvidia" false {
  environment.systemPackages = with pkgs; [
    nvidia-container-toolkit
  ];
-  hardware.nvidia-container-toolkit.enable = true;
+  hardware.nvidia-container-toolkit = {
    enable = true;
    mount-nvidia-executables = true;
  };
  hardware.nvidia.open = false;
  hardware.graphics.extraPackages = [ pkgs.linuxPackages.nvidia_x11.out ];
  hardware.graphics.extraPackages32 = [ pkgs.linuxPackages.nvidia_x11.lib32 ];
--- a/nixos/raspberry-pi.nix
+++ b/nixos/raspberry-pi.nix
@ -12,6 +12,7 @@ makeEnable config "myModules.raspberry-pi" false {
  # hardware.raspberry-pi."4".audio.enable = true;
  boot = {
    initrd.systemd.tpm2.enable = false;
    initrd.availableKernelModules = [
      "usbhid"
      "usb_storage"
--- a/nixos/secrets/1896Folsom-k3s-token.age
+++ b/nixos/secrets/1896Folsom-k3s-token.age
@ -0,0 +1,51 @@
 age-encryption.org/v1
 -> ssh-ed25519 ZgrTqA MGp4jtyXCV3QBrIuy/WQthJGxLUnFNgZlf3HNtZtukY
 jbskLgoJDhl755Qn4ZdW5nYK7Ug2eLm4oQyazff6Uf4
 -> ssh-ed25519 ZaBdSg hjFZhYc4AKvp8585jS4pivMFTxPd0miyQdjJQjQvERQ
 4P8PqJ7gz99nuGyAOh73gECCNTa8U56t/byr0h1plLo
 -> ssh-ed25519 MHZylw iZq2dXCa4gSDpmbQazU4JPCXnbXjrMx2Nh0FCYACCTM
 yVE+tooOjxvD1OBziXHz5yv0k2purR/QouE3SSzinPw
 -> ssh-ed25519 sIUg6g ppAmkq3uj/heZ/RhK6BCz3o6d9l6tw+FeoV+GM4jh2M
 F+Og7e744NSgaUs9zZ28ttPdbl0xkN82KgqGnfv/9sM
 -> ssh-ed25519 TnanwQ GwsA+F4Co/Vxg5I04GxBW6EPPXOT2PtHCdiq6KEFJ0w
 vcJiXNxnh32Q00VodKXhvTmiTglxSCiSPLwOFXrQPxU
 -> ssh-rsa gwJx0Q
 EoF9WbtAgRZyWQPtcwrQTIxXMfNSl6Fpm7DITAwocm04U2aoNEnhvsU/0olrCGpU
 ez4CTnTZuOCVe8yr9KYjy9bU/41L2k89P/yk92i0Fm9412tIvYodSx0Qjju4hpPo
 ptLAp+5wUgeRarEpnPHQBKnyeR4PcaVAeAYyiFHKjFZIaZ6oBEHbJGd8QO02RwAG
 2hnGkVzHhQOxnd6VN4h4xP4BfWXZ8rwTigenVMSwMkrWg0Xx+iXPvGhbLh0P/o5d
 VKtISQGzfL9rr2N4VYJHUT6JgQHNy66qd9YKrcY0bRanlMSeR7p217f/sKOc9SIL
 h9URYNbaxGhdx9JuQVywIA
 -> ssh-ed25519 YFIoHA xsirlZemMNZIOEcc164PM3SO2gJ6DrNM1xU2Phj/TWA
 v0cCi2mVuPMpy17w6q1GLgv/5k6wetFFBUzeAw6YGK8
 -> ssh-ed25519 KQfiow wVCBy3SI6pY/Q1C5Zqq6//KPHma8PR8Qd5DhwO7+SSY
 ODABvuKUzhcuUj/YVwa1tCdgj/WBrhMHpwOmjgMTNDo
 -> ssh-ed25519 kScIxg 9qaWKYi08kVEz5HnFluLfHJz0dNl0gqSj+yTBRmX5U8
 2NBABg/XbcWq4gZp3vtnLZ4yBAZkPdXckDGnHc0rC1U
 -> ssh-ed25519 HzX1zw hMbFcHddfBJ+fU2Ay+J+siEi/rH0kTXTRJS1pFe9rFg
 IBPsFZ2vBc/t0L+anbugwX9A8lj8t6AykZzSovxTCxc
 -> ssh-ed25519 KQfiow 5mUphYz0qwZi78nxpxrQNWeXdum5o1cVj76sSrDgIlA
 KamxIS2NJaI7DTy9SJisGU+KTKTsDx7dXw7TlsSnq9o
 -> ssh-ed25519 1o2X0w zwmrw9msofsTJ9qkqaQWs0CWG2ArWXIb3hX/eFlM/2E
 L8CTuqIKNU1Ff2vWmIWtvLPmI8MOSlUobTLzQGladMg
 -> ssh-ed25519 KQ5iUA 03zopYKa8ki6hqJiiFOoAE0cNEg6uGWk7VF3teDzkws
 FxHYVfs2lCDlWspyv+03yjdJHSIIDUq8PTkhyLyomdM
 -> ssh-ed25519 AKGkDw BBg9+2iPHediKJ0xd/tVcoofbJvws2QIF2yskvE1OBs
 ZM32S8i6ZNG1cPSO3Ojkyy4JYKnJMXv72/RsE1g2o2Y
 -> ssh-ed25519 0eS5+A VedHoAI2jnrcY5E+Db6qyoJJnevOJ4NF1YzSGUAP6R4
 jO9JaT6BiuiriIpWzc6fpJMDxqu3718KMMcHWFtHq14
 -> ssh-ed25519 9/4Prw gcQ7zE+fSceLHLIi26qs348WJH7Jta36N1dPRIp2+2E
 69jtpz9PVWh1KJM5fKUy923ddah7PiwvabFsNST19Ag
 -> ssh-ed25519 gAk3+Q C30KhWJmYd4D3bCuoD7hOZrehDhjMhTpzB1PmqRqph4
 BEpcSaCnz8zLOho7Da7mBtAeLeCJMXbMkyg8CW5OKQI
 -> ssh-ed25519 X6eGtQ EP1F3zxhA6pPsFl638bLkYgsBDn1NHH4xbR3U50ZtSA
 0h8Oe4zZ68GwzHp07LjUmKA69paiGBQGcakpIi8w+VA
 -> ssh-ed25519 0ma8Cw hQ1jQxz3XqtHo3ENzLiX85dmrtD2KpFb+Nx9t95EugM
 1oFklRDdtko9lf9GxJbu0IH7uTD7Iae8nLA6KoVLA1g
 -> ssh-ed25519 Tp0Z1Q VvWo+U0VBidsCCtQKWfEqcgnjzbi7TlSPdrqaZcAGzA
 zRKu1PrurMXm/hQL1DzdgXQLDwebJCtcDzdiceBS00I
 -> ssh-ed25519 qQi7yA kOOIJPZqdp7dRRxPLqwDlNv4OXUI+RYXkA5IlI0YP04
 HnwjK1XmdwIL478UXhRPVPU5YCJYALnpmryF0Kaz5vA
 --- 3MSdvhunDcposjHvMTMOSX6jM4Zj6EndDVgEMMrDpiM
 òEÑ“É4š˜à`|[áØ
]BÌs/€£a1o7ðF'<27>xU§<55>¤qšáðpdäid®,£ìp“bB0ØL‰nÃã~Qm|žK\ŽçiM™G>¿ðx9ÿïÒ€Ù9òwQŒÝ=ýl^YÊÐ+E[J¤É<C2A4>yë€§ûåœDàQÃè1k†Ó
 4‡ñH«Èh!
--- a/nixos/secrets/api_service_account_key.json.age
+++ b/nixos/secrets/api_service_account_key.json.age
--- a/nixos/secrets/gitea-runner-token.age
+++ b/nixos/secrets/gitea-runner-token.age
@ -0,0 +1,50 @@
 age-encryption.org/v1
 -> ssh-ed25519 ZgrTqA fUdYNjuALrimf6eo5FoqjGF0Zvzo4HBMW6cr53NO+D4
 YPI8i4LK2Iz0C89Cx91kx0z+oLQmzVp7rTI9r7+TJcc
 -> ssh-ed25519 ZaBdSg 4INz9+Kf25/qCECW0ylv3oZ0j6ouFJigP+gVSvm97Vc
 mmzlvBxYh703ZEzf73FF7ifDjysMEl2GOT5heGEn+Ts
 -> ssh-ed25519 MHZylw I/e6YCpLKOmjfmnkhF9qsG1S690YuCuHkHm10SOTSTo
 3hnodZC9lVNTsigacqP26JibaaRdModVJCsaiugBNCs
 -> ssh-ed25519 sIUg6g VTWz7slnoJSC5bpGw6o5G7n2y439GbjNiZaFMLaN5jI
 lIJgwvZSyv422Nqct3LmB65ga66y4WSp0ok9RVN9G0s
 -> ssh-ed25519 TnanwQ jnix1dT8u58lNCEmn4mMEn/66XNhYkfOmlQzz9ybpXA
 rpJ1RE1aN8ZFvwXdnWMz5WmtIPVYuaoFW+dUxUHSue0
 -> ssh-rsa gwJx0Q
 d3ys74cy6D+bpqZoaWyzcCHlgY+2sxSR4U41KpLTa1CodYQfhf/QzfhMhNRbKNrg
 eoFB4Z9QSIkbqQedkqmR+gjDtklSG/Jz/1QZxkKm3pRulDq0YA+crduA72Xs+ReF
 yRfAotYMZ+fJvJBJ4C604XzX2JyDsZ9pMxvzH3ntWLL2ay9wgY8beVekCfyAEgr6
 EmFE1xPS5/SvEGz/3x0pxn6qtGXR7JAQYIZw7xVgpLvaY+yGjBGgF97RT8NZKmps
 Y+4DpQMVhJpMREpsGa78zN2PNsZoV3uc/rT7GLfhX1NJxjDfQ5whLF4ykrerg4ZB
 Mm3HhALUqeGd8trA+dRZiw
 -> ssh-ed25519 YFIoHA U7m8uc58dgdk3HS920pXyMUwSustTkyHbomhhYvKxhc
 8TRED2gwbj1IeZxFR9EmkTqsVLgl1pLgja7FpRvw8WY
 -> ssh-ed25519 KQfiow et6x8B9B0X0hX695r/tfriEoInXXcHUkAiaQhXK6NGo
 UkJcdPjs1q//FDy+dGY2uaaGbgw6azVB1/zc5wrdQy8
 -> ssh-ed25519 kScIxg 9UbFUlg4SGEY7L8vOummxwHhypcipPtRq/yhw8k6K2g
 vfLB37DdDA7nEXlNSkJUXwDwQ5UoDonkiKIhSjG4N24
 -> ssh-ed25519 HzX1zw 4LkDXxeqKtYI8EhwXccMRlRw88flevLGFgzwt9nbNWY
 EtrL0itCfPvQtrIFWXqnPoje6Cy//KHZ//OwcibLy4s
 -> ssh-ed25519 KQfiow VPlZHErfIKR0NOG8/Rqwu7LQKP13izSQVck8s217LkM
 v8+OEZZTe+pybXqEtUQ1ILNQ2TbB4QSIkHacMQUkYGg
 -> ssh-ed25519 1o2X0w s8Of4YUoOKrBMa2AjcBYFXPEqwmjZEKGpGwf0F5Z9wo
 ifK7DqiArFCFIjxMHxLB1vlzZ+H/60H+a4xdmdvkf0I
 -> ssh-ed25519 KQ5iUA 1Jn+jIAmcJ1QUbC2Yz6XfVoM4XbS3HHEXJHJvDS3mlE
 rsmCtAlqxVzUfJeRT5kmU0FI5cAiCtqA1bpeG0aci+c
 -> ssh-ed25519 AKGkDw uB/GYB86+P5I9EtWJjCyrPYJKxlF8KLwjVacnS3FYg0
 kAsGXL4c1IDU3rklHnyMpY454DLSCibhEy5U9vfoQxE
 -> ssh-ed25519 0eS5+A xe3LGZVaCS6rCrULdfdtHpuwdnib0FizFhseyWjUxBQ
 nKmumufCm1WQj1MdfawMWFHztFJhP/7+4h8f7PD4+z8
 -> ssh-ed25519 9/4Prw vsOHzuM608TC+t+dqQbMHtZnTcfgGHJq/CfVazWeVFk
 I/w6R2t/pmdA+Ktool+1hU21GjjG/hwe0vSq89jtULw
 -> ssh-ed25519 gAk3+Q GMi0sxNOfeqbmMuU25wGnZdLx8D7zTYZ5Nx5OLjOaCA
 eweAPpjwjHYdySCtWbzwpM9RZ+Ohim/0HQiy2bssIFg
 -> ssh-ed25519 X6eGtQ bTbsvZYuHIYj6AUQ8hLvn9OKLhapi3VqU7nUDT2kxRQ
 X0Kh45FK79mdXA1AqySw/rC73maypSP5BpKso0BKHeM
 -> ssh-ed25519 0ma8Cw miWf5St4zNDpl7ydZPm4NDbhN0Pp5jAP28IdIXfoA38
 yH13uHPwUCRyaXqnieNvkDDNkrACPaoIVFQUiVK2ZLk
 -> ssh-ed25519 Tp0Z1Q dvgXe3vQqY9le3KaROdzaP4jnjQ8kljfC+D/sSpwjnw
 /fwCFlvRRwUZ0ebYXJTdlGRxY6H9elCh5ULsyLve6IM
 -> ssh-ed25519 qQi7yA 83iacCsgW3Iw83C753dqBCM6/i8qyKLqJ0AvEIgxsT4
 uI6NwcRcJUJMYR7vMhZvlnmdWRV9J4FUm8KbDutuKTo
 --- o88XKoHrskw3WGcaj1Ie6UzwfWcfKl76oO8zwk2jcNk
 z…ðÆeïYòUêp[ò4ËVëî-þLE%EÚ›Â¾Ó<C2BE>BSWõ²Õ–½ñ0¼ÿ¯=¢‡-Jt•ÌO<C38C>õšï<C5A1>ç€–É9èp_Kd¬
--- a/nixos/secrets/gpg-keys.age
+++ b/nixos/secrets/gpg-keys.age
--- a/nixos/secrets/k3s-registry.yaml.age
+++ b/nixos/secrets/k3s-registry.yaml.age
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@ -11,7 +11,10 @@ in
  "gitea-runner-token.adele.age".publicKeys = keys.agenixKeys;
  "gitea-runner-token.railbird-sf.age".publicKeys = keys.agenixKeys ++ keys.railbird-sf;
  "gitea-runner-token.mac-demarco-mini.age".publicKeys = keys.agenixKeys ++ keys.railbird-sf;
  "gitea-runner-token.age".publicKeys = keys.agenixKeys ++ keys.railbird-sf;
  "nextcloud-admin.age".publicKeys = keys.agenixKeys;
  "ryzen-shine-kubernetes-token.age".publicKeys = keys.agenixKeys;
  "1896Folsom-k3s-token.age".publicKeys = keys.agenixKeys ++ keys.railbird-sf;
  "api_service_account_key.json.age".publicKeys = keys.agenixKeys;
  "k3s-registry.yaml.age".publicKeys = keys.agenixKeys ++ keys.railbird-sf;
 }
Author	SHA1	Message	Date
Kat Huang	1d31f870c5	Fix actions runner in macos	2024-10-08 23:24:45 -06:00
Kat Huang	9f3f835253	Actions runner working	2024-10-08 23:24:45 -06:00
Kat Huang	066902e37a	Actions runner runs as kat	2024-10-08 23:24:45 -06:00
Kat Huang	d790bc9e25	Put gitea actions runner in its own user	2024-10-08 23:24:45 -06:00
Kat Huang	1ea8333994	Gitea runner working	2024-10-08 23:24:45 -06:00
Kat Huang	e464d8fec5	[nix-darwin] Updates	2024-10-08 23:24:45 -06:00
Kat Huang	14a32c151c	[NixOS] Add mac mini key	2024-10-08 23:24:45 -06:00
Kat Huang	bfdf5f221e	[Darwin-nix] Add cocoapods	2024-10-08 23:24:45 -06:00
Ivan Malison	ae29832dbc	[NixOS] Disable k3s for now on railbird-sf	2024-10-08 13:17:26 -06:00
Ivan Malison	ae6ce6b19c	[NixOS] Fix command	2024-10-07 15:16:16 -06:00
Ivan Malison	8e1abde359	[NixOS] Fix permissions	2024-10-07 15:12:41 -06:00
Ivan Malison	c25cd05b15	[NixOS] Just run bucket mounting as root	2024-10-07 15:01:43 -06:00
Ivan Malison	5deba06fb0	[NixOS] Trying to mount bucket	2024-10-07 15:00:14 -06:00
Ivan Malison	7dcc785da6	[Emacs] Add import shortcuts for numpy and sqlalchemy	2024-10-06 17:58:49 -06:00
Ivan Malison	5eb3654d0c	[git] Remove dumb gitconfig	2024-10-03 18:43:05 -06:00
Your Name	cbcf03c784	[NixOS] Make gitea-runner a trusted user	2024-10-03 15:18:46 -06:00
Your Name	a9d5ee5eb0	Revert "[NixOS] Disable gitea-runner" This reverts commit `8402c6f1d2`.	2024-10-03 14:28:41 -06:00
Your Name	8402c6f1d2	[NixOS] Disable gitea-runner	2024-10-03 14:16:52 -06:00
Your Name	da8b6b3b75	[NixOS] Bump runner token	2024-10-03 01:22:57 -06:00
Your Name	526bf6e2a9	[NixOS] New gitea-runner secret	2024-10-03 01:22:57 -06:00
Your Name	04870cd682	[NixOS] Biskcomp dev.railbird.ai for k3s	2024-10-02 23:04:36 -06:00
Your Name	46108ab249	[NixOS] Fix	2024-10-02 22:05:11 -06:00
Your Name	a8e23460f9	[NixOS] Fix	2024-10-02 22:03:01 -06:00
Your Name	a88018fe47	[NixOS] Remove flags that don't work with agent for railbird-sf	2024-10-02 22:02:24 -06:00
Your Name	5757681ce0	[NixOS] railbird-sf is only an agent	2024-10-02 21:55:36 -06:00
Your Name	6c393b3837	[NixOS] Fix gpg key import	2024-10-02 19:55:09 -06:00
Your Name	618f927cb9	[NixOS] Fix cdi issues with k3s containerd	2024-10-02 18:54:27 -06:00
Your Name	bb259bf358	[NixOS] Add nixos-nvidia-cdi=enabled label to k3s	2024-10-02 16:24:02 -06:00
Your Name	3f7de563db	[NixOS] Fix	2024-10-02 16:15:52 -06:00
Your Name	6ae5f4c503	[NixOS] Remove labels	2024-10-02 16:10:48 -06:00
Your Name	e6c3d55fc8	[NixOS] label -> labels	2024-10-02 16:05:20 -06:00
Your Name	36331ea60c	[NixOS] Add label for nvidia cdi	2024-10-02 16:04:16 -06:00
Your Name	6b18d0accf	[NixOS] Set cdi spec dirs	2024-10-02 15:43:59 -06:00
Your Name	9a764fc7c8	[NixOS] Its registry.yaml registries.yaml	2024-10-02 14:32:21 -06:00
Your Name	9100167e4d	[NixOS] Another registry.yaml fix	2024-10-01 19:09:12 -06:00
Your Name	e0e98bc237	[NixOS] Fix whitespace issue in registry.yaml	2024-10-01 18:59:42 -06:00
Your Name	4c989fcda3	[NixOS] Make registry.yaml real	2024-10-01 18:29:32 -06:00
Your Name	35f8c10e7c	[NixOS] k3s registry file working in principle	2024-10-01 16:27:34 -06:00
Your Name	ac49823b4c	Try a local serverAddr for biskcomp	2024-09-30 21:36:34 -06:00
Ivan Malison	daaead9c1e	[Emacs] Align with all cursors	2024-09-30 21:34:10 -06:00
Your Name	c5c86145b1	[NixOS] Encrypt k3s token to railbird-sf	2024-09-30 21:05:39 -06:00
Your Name	32755e1411	[NixOS] Enable k3s on biskcomp nixquick and railbird-sf	2024-09-30 20:47:12 -06:00
Your Name	de27a133e7	[NixOS] Take 3	2024-09-30 20:40:39 -06:00
Your Name	f89155e4d2	[NixOS] Actually fix	2024-09-30 20:40:03 -06:00
Your Name	f345cf8f18	[NixOS] Disable tmp2	2024-09-30 20:38:51 -06:00
Your Name	4cb9c006d7	[NixOS] railbird-sf tweaks	2024-10-01 00:41:48 +00:00
Ivan Malison	1dd54ba638	[NixOS] Allow another alias for api connection	2024-09-30 18:26:14 -06:00
Ivan Malison	517c2f333e	[NixOS] Another fix	2024-09-30 17:25:02 -06:00
Ivan Malison	d850ba999d	[NixOS] Add tls aliases	2024-09-30 17:23:42 -06:00
Ivan Malison	dd9f5ccf88	[NixOS] Try to fix insecure skip arg	2024-09-30 17:17:41 -06:00
Ivan Malison	59da59c74f	[NixOS] Ignore insecure tls	2024-09-30 17:15:13 -06:00
Ivan Malison	1f36c4942b	[NixOS] Fix serverAddr port for k3s	2024-09-30 16:49:10 -06:00
Ivan Malison	eaa46e7034	[NixOS] Fix k3s definition	2024-09-30 16:42:58 -06:00
Ivan Malison	f00d9bdb12	[NixOS] Try to connect jimi-hendnix to ryzen-shine in k3s	2024-09-30 16:35:50 -06:00
Ivan Malison	1003c33dee	[NixOS] Use myModules.nvidia in jimi-hendnix	2024-09-30 15:19:29 -06:00