From 93ebc92c9edbb0b615f9e32804527d9dc2d9cb9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 13 Jul 2023 11:19:48 +0200
Subject: [PATCH 1/4] README: minor update

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index dc3801c..f256df6 100644
--- a/README.md
+++ b/README.md
@@ -4,8 +4,8 @@ This repository contains nixos modules and terraform code that powers clan.lol.
 The website and git hosting is currently on [hetzner](https://www.hetzner.com/).
 
 ## Servers
-
 - web01:
+  - soon to be replaced by baremetal hardware
   - Instance type: CPX42
   - CPU: 8 vCPUs on AMD
   - RAM: 16GB

From 6d22fd0c35fa548f809d09b23493c0ab5e143c1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 13 Jul 2023 11:29:07 +0200
Subject: [PATCH 2/4] flake: fix evaluation

---
 flake.nix | 44 ++++++++++++++++++++++++++------------------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/flake.nix b/flake.nix
index f60231a..9151b5b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -37,7 +37,12 @@
 
   outputs = inputs@{ flake-parts, ... }:
     flake-parts.lib.mkFlake { inherit inputs; } ({ lib, ... }: {
-      systems = lib.systems.flakeExposed;
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+        "aarch64-darwin"
+        "x86_64-darwin"
+      ];
       imports = [
         inputs.treefmt-nix.flakeModule
         ./targets/flake-module.nix
@@ -49,23 +54,26 @@
           programs.terraform.enable = true;
           programs.nixpkgs-fmt.enable = true;
         };
-        packages.actions-runner = pkgs.callPackage ./pkgs/actions-runner.nix {
-          inherit inputs;
-        };
-        packages.gitea = pkgs.callPackage ./pkgs/gitea {};
-        packages.default = pkgs.mkShell {
-          packages = [
-            pkgs.bashInteractive
-            pkgs.sops
-            (pkgs.terraform.withPlugins (p: [
-              p.namecheap
-              p.netlify
-              p.hcloud
-              p.null
-              p.external
-              p.local
-            ]))
-          ];
+        packages = {
+          default = pkgs.mkShell {
+            packages = [
+              pkgs.bashInteractive
+              pkgs.sops
+              (pkgs.terraform.withPlugins (p: [
+                p.namecheap
+                p.netlify
+                p.hcloud
+                p.null
+                p.external
+                p.local
+              ]))
+            ];
+          };
+        } // lib.optionalAttrs (!pkgs.stdenv.isDarwin) {
+          gitea = pkgs.callPackage ./pkgs/gitea { };
+          actions-runner = pkgs.callPackage ./pkgs/actions-runner.nix {
+            inherit inputs;
+          };
         };
       };
     });

From fd0b984d610c53d385b2ae3bb9365d8381e3547e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 13 Jul 2023 11:29:21 +0200
Subject: [PATCH 3/4] treefmt

---
 modules/web01/gitea/actions-runner.nix | 9 +++++----
 pkgs/zerotier-tcp-proxy.nix            | 4 ++--
 pkgs/zt-tcp-relay.nix                  | 4 ++--
 terraform/web01/dns.tf                 | 2 +-
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/modules/web01/gitea/actions-runner.nix b/modules/web01/gitea/actions-runner.nix
index 6d190a7..ad10ec4 100644
--- a/modules/web01/gitea/actions-runner.nix
+++ b/modules/web01/gitea/actions-runner.nix
@@ -2,7 +2,8 @@
 
 let
   inherit (self.packages.${pkgs.hostPlatform.system}) actions-runner;
-in {
+in
+{
   systemd.services.gitea-actions-runner-nix-image = {
     wantedBy = [ "multi-user.target" ];
     script = ''
@@ -39,12 +40,12 @@ in {
   virtualisation.podman.enable = true;
 
   systemd.services.gitea-runner-nix = {
-    after = [ 
+    after = [
       "gitea-actions-runner-nix-token.service"
       "gitea-actions-runner-nix-image.service"
     ];
-    requires = [ 
-      "gitea-actions-runner-nix-token.service" 
+    requires = [
+      "gitea-actions-runner-nix-token.service"
       "gitea-actions-runner-nix-image.service"
     ];
   };
diff --git a/pkgs/zerotier-tcp-proxy.nix b/pkgs/zerotier-tcp-proxy.nix
index 733fcb8..bba8179 100644
--- a/pkgs/zerotier-tcp-proxy.nix
+++ b/pkgs/zerotier-tcp-proxy.nix
@@ -9,8 +9,8 @@ stdenv.mkDerivation {
   };
   patches = [
     (fetchpatch {
-       url = "https://github.com/zerotier/ZeroTierOne/commit/dd2006d494e85a41d8b818b37460e7cf458a2aee.patch";
-       hash = "sha256-nuao04pDha7h62RHviUZYx21p6bNOyiU78kBBq2o2Rs=";
+      url = "https://github.com/zerotier/ZeroTierOne/commit/dd2006d494e85a41d8b818b37460e7cf458a2aee.patch";
+      hash = "sha256-nuao04pDha7h62RHviUZYx21p6bNOyiU78kBBq2o2Rs=";
     })
   ];
   buildPhase = ''
diff --git a/pkgs/zt-tcp-relay.nix b/pkgs/zt-tcp-relay.nix
index 4f188e6..84ad860 100644
--- a/pkgs/zt-tcp-relay.nix
+++ b/pkgs/zt-tcp-relay.nix
@@ -18,8 +18,8 @@ rustPlatform.buildRustPackage {
   patches = [
     # https://github.com/alexander-akhmetov/zt-tcp-relay/pull/19
     (fetchpatch {
-     url = "https://github.com/alexander-akhmetov/zt-tcp-relay/commit/69f0a4f1f210dcd7a305036d4737d9a29215824d.patch";
-     hash = "sha256-kqZS9IjwEggLE6CQFaacL2TyTUn0PQCz1TPdoZdDrk0=";
+      url = "https://github.com/alexander-akhmetov/zt-tcp-relay/commit/69f0a4f1f210dcd7a305036d4737d9a29215824d.patch";
+      hash = "sha256-kqZS9IjwEggLE6CQFaacL2TyTUn0PQCz1TPdoZdDrk0=";
     })
   ];
 
diff --git a/terraform/web01/dns.tf b/terraform/web01/dns.tf
index c9ebdb6..5ecf1af 100644
--- a/terraform/web01/dns.tf
+++ b/terraform/web01/dns.tf
@@ -86,7 +86,7 @@ resource "netlify_dns_record" "dkim" {
   hostname = "v1._domainkey.${var.domain}"
   type     = "TXT"
   # take from `systemctl status opendkim`
-  value    = "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTFSkQcM0v6mC4kiWEoF/EgK/hPVgOBJlHesLVIe+8BmidylaUowKlyC2gECipXhoVX9++OfMFAKNtGrIJcCTVNH/DRGkhbHLSxzzXijCbJ7G/fjpHRifpxMydEmybQDKdidR44YMR74Aj0OwUEgu+N/yJZ2+ubOlstW0fZJaJwQIDAQAB"
+  value = "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTFSkQcM0v6mC4kiWEoF/EgK/hPVgOBJlHesLVIe+8BmidylaUowKlyC2gECipXhoVX9++OfMFAKNtGrIJcCTVNH/DRGkhbHLSxzzXijCbJ7G/fjpHRifpxMydEmybQDKdidR44YMR74Aj0OwUEgu+N/yJZ2+ubOlstW0fZJaJwQIDAQAB"
 }
 
 resource "netlify_dns_record" "adsp" {

From 52c4cdb0068ccf81aafbdc65667bbb1b2e03546c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 13 Jul 2023 11:37:15 +0200
Subject: [PATCH 4/4] make ci check a bit less verbose

---
 .gitea/workflows/check.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitea/workflows/check.yaml b/.gitea/workflows/check.yaml
index c2e6648..39684ab 100644
--- a/.gitea/workflows/check.yaml
+++ b/.gitea/workflows/check.yaml
@@ -6,4 +6,4 @@ jobs:
     runs-on: nix
     steps:
       - uses: actions/checkout@v3
-      - run: nix flake check -vL
+      - run: nix flake check -L