vira: github app mvp

2026-04-09 12:27:30 +08:00 · 2026-03-02 10:26:52 -05:00 · 2026-03-02 10:26:52 -05:00 · 5c56981508
commit 5c56981508
parent 3ac0541208
6 changed files with 41 additions and 7 deletions
--- a/flake.lock
+++ b/flake.lock
@ -177,11 +177,11 @@
    "devour-flake": {
      "flake": false,
      "locked": {
-        "lastModified": 1770055559,
-        "narHash": "sha256-peb6VlxIDoqaHkGPanQ35p8SXy9t54NIJ8XJHgMSuFg=",
+        "lastModified": 1761148089,
+        "narHash": "sha256-Cd9aWk4P2VGYrK2X28D3vVub2kQIaba7tCTVg+G0AII=",
        "owner": "srid",
        "repo": "devour-flake",
-        "rev": "e65d15fd4ef46dbde90ac59be581b2a286c35d0f",
+        "rev": "03d5d9112a79aa6ef80495b325fd015d806b98eb",
        "type": "github"
      },
      "original": {
@ -1395,15 +1395,16 @@
        "warp-tls-simple": "warp-tls-simple"
      },
      "locked": {
-        "lastModified": 1772203970,
-        "narHash": "sha256-HbGiTFdmLAMOBVEpEfQDGJiuH+VUjZK72EV2BB5RO28=",
+        "lastModified": 1772463598,
+        "narHash": "sha256-cXy69YIjZ+4pPanmctn+ReHhUEtY+GJXihcEYkAt7gM=",
        "owner": "juspay",
        "repo": "vira",
-        "rev": "e93bc5344a11c573e6f1f6f33119855971edd46c",
+        "rev": "83e78a8d0530de7f8468ea546764d50c7328de7c",
        "type": "github"
      },
      "original": {
        "owner": "juspay",
+        "ref": "github",
        "repo": "vira",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -29,7 +29,7 @@
    nixos-vscode-server.url = "github:nix-community/nixos-vscode-server";
    nix-index-database.url = "github:nix-community/nix-index-database";
    nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
-    vira.url = "github:juspay/vira";
+    vira.url = "github:juspay/vira/github";
    nix-ai-tools.url = "github:numtide/nix-ai-tools";
    nix-ai-tools.inputs.nixpkgs.follows = "nixpkgs";
    landrun-nix.url = "github:srid/landrun-nix";
--- a/modules/home/services/vira.nix
+++ b/modules/home/services/vira.nix
@ -2,6 +2,7 @@

 let
  inherit (flake) inputs;
+  inherit (flake.inputs) self;
 in
 {
  imports = [
@ -12,6 +13,20 @@ in
    config.services.vira.package # For CLI
  ];

+  # HACK: Hardcoded UID 1000 - should use config.users.users.srid.uid or similar.
+  # The vira module requires an absolute path, but agenix home-manager uses
+  # ${XDG_RUNTIME_DIR} which isn't resolved at evaluation time.
+  # TODO: Find a proper solution - perhaps contribute a fix to vira to accept
+  # runtime paths, or configure agenix to use a static path.
+  age.secrets."vira-github-private-key.age" = {
+    file = self + /secrets/vira-github-private-key.age;
+    path = "/run/user/1000/agenix/vira-github-private-key.age";
+  };
+  age.secrets."vira-github-webhook-secret.age" = {
+    file = self + /secrets/vira-github-webhook-secret.age;
+    path = "/run/user/1000/agenix/vira-github-webhook-secret.age";
+  };
+
  nix.settings.trusted-users = [ "srid" ]; # For cache?

  services.vira = {
@ -26,6 +41,12 @@ in
    autoBuildNewBranches = true;
    package = inputs.vira.packages.${pkgs.stdenv.hostPlatform.system}.default;

+    github = {
+      appId = 2989507;
+      privateKeyFile = config.age.secrets."vira-github-private-key.age".path;
+      webhookSecretFile = config.age.secrets."vira-github-webhook-secret.age".path;
+    };
+
    initialState = {
      repositories = {
        nixos-config = "https://github.com/srid/nixos-config.git";
@ -43,6 +64,7 @@ in
        unionmount = "https://github.com/srid/unionmount.git";
        ema = "https://github.com/srid/ema.git";
        srid = "https://github.com/srid/srid.git";
+        imako = "https://github.com/srid/imako.git";
        landrun-nix = "https://github.com/srid/landrun-nix.git";
        haskell-template = "https://github.com/srid/haskell-template.git";
        commonmark-wikilink = "https://github.com/srid/commonmark-wikilink.git";
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -20,4 +20,6 @@ in
  "hackage-password.age".publicKeys = users ++ systems;
  "juspay-anthropic-api-key.age".publicKeys = users ++ systems;
  "beszel-agent-key.age".publicKeys = users ++ systems;
+  "vira-github-webhook-secret.age".publicKeys = users ++ systems;
+  "vira-github-private-key.age".publicKeys = users ++ systems;
 }
--- a/secrets/vira-github-private-key.age
+++ b/secrets/vira-github-private-key.age
--- a/secrets/vira-github-webhook-secret.age
+++ b/secrets/vira-github-webhook-secret.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 96IXNQ lbpIjcmNNUmfRQrcpjGGm2CLbp0cre40pMYdup6YqRE
+YJEnkWY+7032s+zJZN4s5VxpYj7NprxJf/Dv1L4sDKE
+-> ssh-ed25519 It7HZQ 21bdLHzL8WpmRfnsw4RMo3qHNl+cR3Lnm93FqiM4biw
+P5BKsRr9LvO595rXWOUQaXpN2W2YYtj0Mva7ejxWiHc
+-> ssh-ed25519 0mMrRw R6n4nt1woSumFv7+eAgWGL2hpasHlQq1NHIZRMQKwQM
+/c2LnoScuHvEVJJNcwDVI1JcMjUgignkV1nQh1hwfyY
+--- TrFVD8zIg3/eUAF2OBERnCFXXRxv86b0/s2JjNXMg08
+¢HW¿ã„½@Ÿ5hQuió6<Ü<>§ŒÇv”VzéZiNJ‘÷eçˆ\g¦:¬Y›M¹ßN