retry

.github/workflows/deploy.yml

@@ -1,6 +1,11 @@
-on: [push]
+on:
+  push:
+    branches:
+      - master
 jobs:
-  test:
+  build:
     runs-on: nixos-latest
     steps:
-      - run: echo All good!
+      - uses: actions/checkout@v4
+      - run: nix develop
+      - run: colmena build -v --on @fili

.github/workflows/lint.yml

@@ -0,0 +1,7 @@
+on: [push]
+jobs:
+  lint:
+    runs-on: nixos-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix fmt -- --check .

fili/configuration.nix

@@ -16,7 +16,6 @@ _: {
     networkmanager.enable = true;
   };
 
-
   nix.settings = {
     # users that can interact with nix
     trusted-users = [

fili/lib/auth.nix

@@ -1,4 +1,5 @@
-{ baseUrl, clientId }: {
+{ baseUrl, clientId }:
+{
   inherit clientId;
 
   userAuthUrl = "${baseUrl}/ui/oauth2";

fili/services/auth/kanidm.nix

@@ -1,9 +1,11 @@
-{pkgs, config, ...}: let
+{ pkgs, config, ... }:
+let
   lib = pkgs.lib;
   domain = "auth.donsz.nl";
   port = 3013;
   backupsDir = "/var/lib/kanidm/backup";
-in {
+in
+{
   services.kanidm.enableServer = true;
   services.kanidm.package = pkgs.kanidm_1_6;
   services.kanidm.serverSettings = {
@@ -26,8 +28,7 @@ in {
       mkdir -p "${backupsDir}"
     '';
     serviceConfig = {
-      SupplementaryGroups =
+      SupplementaryGroups = [ config.security.acme.certs.${domain}.group ];
-        [ config.security.acme.certs.${domain}.group ];
     };
   };
 

fili/services/auth/oauth2-proxy.nix

@@ -1,12 +1,17 @@
-{pkgs, config, ...}: {
+{ pkgs, config, ... }:
+{
   sops.secrets.oauth2-proxy = {
     sopsFile = ../../../secrets/oauth2-proxy.env;
   };
 
   services.oauth2-proxy =
     let
-      auth = import ../../lib/auth.nix { baseUrl = "https://auth.donsz.nl"; clientId = "homeserver"; };
+      auth = import ../../lib/auth.nix {
-    in {
+        baseUrl = "https://auth.donsz.nl";
+        clientId = "homeserver";
+      };
+    in
+    {
       enable = true;
 
       provider = "oidc";

fili/services/forgejo.nix

@@ -1,4 +1,9 @@
-{ lib, pkgs, config, ... }:
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
 let
   cfg = config.services.forgejo;
   srv = cfg.settings.server;

fili/services/nginx.nix

@@ -1,4 +1,5 @@
-{pkgs, config, ...}: {
+{ pkgs, config, ... }:
+{
   services.nginx = {
     enable = true;
     statusPage = true;

fili/services/websites/homepage.nix

@@ -1,4 +1,5 @@
-{flakes, pkgs, ...}: {
+{ flakes, pkgs, ... }:
+{
   services.nginx = {
     virtualHosts."donsz.nl" = {
       forceSSL = true;

fili/services/websites/mapf.nix

@@ -1,4 +1,5 @@
-{flakes,...}: {
+{ flakes, ... }:
+{
   # imports = [
   #   flakes.mapf.nixosModules.default
   # ];

fili/services/websites/totpal.nix

@@ -1,8 +1,6 @@
 { flakes, pkgs, ... }:
 let
-  totpal =
+  totpal = flakes.totpal.packages.${pkgs.system}.default;
-    flakes.totpal.packages.${pkgs.system}.default
-  ;
 in
 {
   services.nginx = {
@@ -17,8 +15,7 @@ in
     };
   };
 
-  systemd.services.totpal =
+  systemd.services.totpal = {
-    {
     description = "totpal";
     serviceConfig = {
       Type = "simple";