From 5c56981508d5839a3d4cd809b6b56d86a08a01bc Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Mon, 2 Mar 2026 10:26:52 -0500 Subject: [PATCH] vira: github app mvp --- flake.lock | 13 +++++++------ flake.nix | 2 +- modules/home/services/vira.nix | 22 ++++++++++++++++++++++ secrets/secrets.nix | 2 ++ secrets/vira-github-private-key.age | Bin 0 -> 2107 bytes secrets/vira-github-webhook-secret.age | 9 +++++++++ 6 files changed, 41 insertions(+), 7 deletions(-) create mode 100644 secrets/vira-github-private-key.age create mode 100644 secrets/vira-github-webhook-secret.age diff --git a/flake.lock b/flake.lock index fc1e37a..b771396 100644 --- a/flake.lock +++ b/flake.lock @@ -177,11 +177,11 @@ "devour-flake": { "flake": false, "locked": { - "lastModified": 1770055559, - "narHash": "sha256-peb6VlxIDoqaHkGPanQ35p8SXy9t54NIJ8XJHgMSuFg=", + "lastModified": 1761148089, + "narHash": "sha256-Cd9aWk4P2VGYrK2X28D3vVub2kQIaba7tCTVg+G0AII=", "owner": "srid", "repo": "devour-flake", - "rev": "e65d15fd4ef46dbde90ac59be581b2a286c35d0f", + "rev": "03d5d9112a79aa6ef80495b325fd015d806b98eb", "type": "github" }, "original": { @@ -1395,15 +1395,16 @@ "warp-tls-simple": "warp-tls-simple" }, "locked": { - "lastModified": 1772203970, - "narHash": "sha256-HbGiTFdmLAMOBVEpEfQDGJiuH+VUjZK72EV2BB5RO28=", + "lastModified": 1772463598, + "narHash": "sha256-cXy69YIjZ+4pPanmctn+ReHhUEtY+GJXihcEYkAt7gM=", "owner": "juspay", "repo": "vira", - "rev": "e93bc5344a11c573e6f1f6f33119855971edd46c", + "rev": "83e78a8d0530de7f8468ea546764d50c7328de7c", "type": "github" }, "original": { "owner": "juspay", + "ref": "github", "repo": "vira", "type": "github" } diff --git a/flake.nix b/flake.nix index 35a1d16..a7e2f18 100644 --- a/flake.nix +++ b/flake.nix @@ -29,7 +29,7 @@ nixos-vscode-server.url = "github:nix-community/nixos-vscode-server"; nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; - vira.url = "github:juspay/vira"; + vira.url = "github:juspay/vira/github"; nix-ai-tools.url = "github:numtide/nix-ai-tools"; nix-ai-tools.inputs.nixpkgs.follows = "nixpkgs"; landrun-nix.url = "github:srid/landrun-nix"; diff --git a/modules/home/services/vira.nix b/modules/home/services/vira.nix index b4152df..c5acf98 100644 --- a/modules/home/services/vira.nix +++ b/modules/home/services/vira.nix @@ -2,6 +2,7 @@ let inherit (flake) inputs; + inherit (flake.inputs) self; in { imports = [ @@ -12,6 +13,20 @@ in config.services.vira.package # For CLI ]; + # HACK: Hardcoded UID 1000 - should use config.users.users.srid.uid or similar. + # The vira module requires an absolute path, but agenix home-manager uses + # ${XDG_RUNTIME_DIR} which isn't resolved at evaluation time. + # TODO: Find a proper solution - perhaps contribute a fix to vira to accept + # runtime paths, or configure agenix to use a static path. + age.secrets."vira-github-private-key.age" = { + file = self + /secrets/vira-github-private-key.age; + path = "/run/user/1000/agenix/vira-github-private-key.age"; + }; + age.secrets."vira-github-webhook-secret.age" = { + file = self + /secrets/vira-github-webhook-secret.age; + path = "/run/user/1000/agenix/vira-github-webhook-secret.age"; + }; + nix.settings.trusted-users = [ "srid" ]; # For cache? services.vira = { @@ -26,6 +41,12 @@ in autoBuildNewBranches = true; package = inputs.vira.packages.${pkgs.stdenv.hostPlatform.system}.default; + github = { + appId = 2989507; + privateKeyFile = config.age.secrets."vira-github-private-key.age".path; + webhookSecretFile = config.age.secrets."vira-github-webhook-secret.age".path; + }; + initialState = { repositories = { nixos-config = "https://github.com/srid/nixos-config.git"; @@ -43,6 +64,7 @@ in unionmount = "https://github.com/srid/unionmount.git"; ema = "https://github.com/srid/ema.git"; srid = "https://github.com/srid/srid.git"; + imako = "https://github.com/srid/imako.git"; landrun-nix = "https://github.com/srid/landrun-nix.git"; haskell-template = "https://github.com/srid/haskell-template.git"; commonmark-wikilink = "https://github.com/srid/commonmark-wikilink.git"; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 420d8cb..40f736d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,4 +20,6 @@ in "hackage-password.age".publicKeys = users ++ systems; "juspay-anthropic-api-key.age".publicKeys = users ++ systems; "beszel-agent-key.age".publicKeys = users ++ systems; + "vira-github-webhook-secret.age".publicKeys = users ++ systems; + "vira-github-private-key.age".publicKeys = users ++ systems; } diff --git a/secrets/vira-github-private-key.age b/secrets/vira-github-private-key.age new file mode 100644 index 0000000000000000000000000000000000000000..f78274b0e15849e78ccdba623234fdee540dcc35 GIT binary patch literal 2107 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT)H1mw`3sf+y2z4=! zh%|K$b9KsbF)FbP&I&d%sB}p)C`^ko3iQ?wHc2cnN%eHkHQ*}Hb~eteG>S^jaW*Os z)7MT9&nd0)wy4Z4%*pX|%lFF2D$Nde3^AxQ%SN}&v&7sZDp0|>xWGF=JJsAjF`_6q zEYHlh(8DY_-_#%?z$Mwh$TAan`jetvmDK+~yhnS1#^em{l6@XdhXm%zkjv*N<}b zS)t!dt{#39Rlrc>RLS1_^3}2z(SiI^8Qu2Hek?X|`(8fg3Df?IdfTqw)uvu^^@fug zW5dpu{*yZ$mV9;Ccy;w8|C8HiZTsE9(YO4x`xO^fhnZ&{n!mI$*%T`nH>taQG zw-PVk&diIP`AbQn@N&{CkC}DfzOwTR{CW|;@_e3SqPOPOXDPfpYrdyBs=T(dumcSYEW{8L%YVht&tbGw8rms>QxklPZnQ_pycC*NNKGAsUXI)YGQa3Rw@`mBh3+2f( z^kypAw48We{aIr3f)JVaU-mrPck-9Zf#$B0%lago*JXdYti#0a9d$+d=HrJdrmZGL z7cO%BykjA_=XG0wBzJDDdhl0a&1v1{)@9jcU-nO}e_kkhWwG12yB*vgVuXI};BDAm z@TB|t=LX)q`n~>cnq8?5&dGcdS8hIE_2I5AKX1^_2XP!#7O|(x>Xk*i>k`&GcqTU- zR(s$YoFl$u@vVQ6vhTQ+{w6IvIem*kmVC~81y_g2U=j}AV_E|{sgMlmBlYpSR4L?*|a*gEN_-_J#Iuz!)7 zm>gMmH?rqlP{Q1h90T5M#SzUHS8`v8FtXfd`;O(Z4$ph9PSdE~bBf&aOjr-{wDgJX z-Zm>|>+Q#ldJ9zR{s$SV9x+J#6L~*zh22F)b`yrA@DEFOv8Q>xH$8KiD^w(!|78CE zA9o%Zh~(e7dXl3{7xI?9`n-M=XB+K zuE@ntduAECUgI;|A|PYpsrW$o+>9vIUcR3H5@OHzrEcgPYv!0)bJXC?X;a~~e^QFW ze4VZGMWf#=QsBA9A}{fiLwfOA5xq@4LPASkS45pP)Jpz5<@@Xj@<;u8pLz;UUZ5J5 z>8h${I&pjAJkG^9qomi*qiYzkbfUuMHTJa}kAoem6Fx=nvH15%NBh)o zpBVLOTcf-0*V+D8nWB}gH+P2R;$71@tb4^SZv2u~r}SCY(dPBEz}2^H4W8w#NEgn( z>3T_<$7kvF_G0mS3DLzzmcCjNwVZExM5*V4h1#1ZzrD2Nmd4F}A1;fg-@2K4>(`MY zsr&2rwqAS}>wf!8(YNLMTK42sZBmi9E?h8EXP5nB?Jo|}re(A?;^Z09N_sv4;*Nd9^-gb)xr{)QIi3Gpc z_WI}D8FR8FoCDa67B$R1VgJzDmc4aR>{&6l=?C93rpopkfoJ`++ChFCTQq5}> zPvYGD=Y5`1@#mnM%-dVWN8`6e^L-RF&uaK6uK8mNSA4gl-V)bj-)R<&N$CfYL+#}I zBr*>*aAxvzZCsi2mrb0v-ZSfo>blF;C*}rpN4>eMa;(BdeC;>0 s|4PI=xWE4V(=|=6KR|2JQK6z~S2=e)WcYt7WuArU7olB}?XisK0PN?vApigX literal 0 HcmV?d00001 diff --git a/secrets/vira-github-webhook-secret.age b/secrets/vira-github-webhook-secret.age new file mode 100644 index 0000000..1cc208f --- /dev/null +++ b/secrets/vira-github-webhook-secret.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 96IXNQ lbpIjcmNNUmfRQrcpjGGm2CLbp0cre40pMYdup6YqRE +YJEnkWY+7032s+zJZN4s5VxpYj7NprxJf/Dv1L4sDKE +-> ssh-ed25519 It7HZQ 21bdLHzL8WpmRfnsw4RMo3qHNl+cR3Lnm93FqiM4biw +P5BKsRr9LvO595rXWOUQaXpN2W2YYtj0Mva7ejxWiHc +-> ssh-ed25519 0mMrRw R6n4nt1woSumFv7+eAgWGL2hpasHlQq1NHIZRMQKwQM +/c2LnoScuHvEVJJNcwDVI1JcMjUgignkV1nQh1hwfyY +--- TrFVD8zIg3/eUAF2OBERnCFXXRxv86b0/s2JjNXMg08 +¢HW¿ã„½@Ÿ5hQuió6<ܧŒÇv”VzéZiNJ‘÷eçˆ\g¦:¬Y›M¹ßN \ No newline at end of file