CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 3
Code Issues Pull requests 2 Projects Wiki Activity

Run "nix fmt" to format this entire flake

Browse source
This commit is contained in:
June 2024-03-06 22:50:32 +01:00 committed by June
parent 71e1684f76
commit 1ad6ac9dc0
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
8 changed files with 181 additions and 180 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/common/nix.nix
View file

@ -1,4 +1,4 @@
{ ... }:
{ ... }:
{
nix = {

34
config/common/users.nix
View file

@ -16,24 +16,24 @@ let
};
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
in
{
users.mutableUsers = false;
{
users.mutableUsers = false;
users.users.chaos = {
isNormalUser = true;
description = "Chaos";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = authorizedKeys;
};
users.users.chaos = {
isNormalUser = true;
description = "Chaos";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = authorizedKeys;
};
users.users.colmena-deploy = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = authorizedKeys;
};
users.users.colmena-deploy = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = authorizedKeys;
};
nix.settings.trusted-users = [ "colmena-deploy" ];
nix.settings.trusted-users = [ "colmena-deploy" ];
# Since our user doesn't have a password, allow passwordless sudo for wheel.
security.sudo.wheelNeedsPassword = false;
}
# Since our user doesn't have a password, allow passwordless sudo for wheel.
security.sudo.wheelNeedsPassword = false;
}

2
config/hosts/esphome/nginx.nix
View file

@ -40,6 +40,6 @@
};
};
networking.firewall.allowedTCPPorts = [ 80 443 31820 ];
}

2
config/hosts/matrix/matrix-synapse.nix
View file

@ -39,7 +39,7 @@
media_store_path = "/mnt/data/synapse_media_store";
max_upload_size = "500M";
admin_contact = "mailto:yuri+ccchh@nekover.se";
};

2
config/hosts/matrix/nginx.nix
View file

@ -60,6 +60,6 @@
'';
};
};
networking.firewall.allowedTCPPorts = [ 8443 8448 31820 ];
}

2
config/hosts/matrix/postgresql.nix
View file

@ -4,7 +4,7 @@
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"

2
config/hosts/public-web-static/spaceapid.nix
View file

@ -11,7 +11,7 @@ let
version = "main";
src = spaceapidSrc;
ldflags = [
"-X main.version=${version}-${spaceapidSrc.rev}"
];

315
flake.nix
View file

@ -58,169 +58,170 @@
});
};
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
in {
colmena = {
meta = {
nixpkgs = nixpkgs.legacyPackages."x86_64-linux";
nodeNixpkgs = {
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
in
{
colmena = {
meta = {
nixpkgs = nixpkgs.legacyPackages."x86_64-linux";
nodeNixpkgs = {
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
};
nodeSpecialArgs = {
git = { inherit pkgs-unstable; };
};
};
nodeSpecialArgs = {
git = { inherit pkgs-unstable; };
audio-hauptraum-kueche = {
deployment = {
targetHost = "audio-hauptraum-kueche.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-kueche
];
};
audio-hauptraum-tafel = {
deployment = {
targetHost = "audio-hauptraum-tafel.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-tafel
];
};
esphome = {
deployment = {
targetHost = "esphome.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/esphome
];
};
public-reverse-proxy = {
deployment = {
targetHost = "public-reverse-proxy.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-reverse-proxy
];
};
netbox = {
deployment = {
targetHost = "netbox-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/netbox
];
};
matrix = {
deployment = {
targetHost = "matrix-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/matrix
];
};
public-web-static = {
deployment = {
targetHost = "public-web-static-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-web-static
];
};
git = {
deployment = {
targetHost = "git.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/git
];
};
forgejo-actions-runner = {
deployment = {
targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/forgejo-actions-runner
];
};
};
audio-hauptraum-kueche = {
deployment = {
targetHost = "audio-hauptraum-kueche.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox-chaosknoten.nix
./config/proxmox-chaosknoten-additional-initial-config.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-kueche
];
};
audio-hauptraum-tafel = {
deployment = {
targetHost = "audio-hauptraum-tafel.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-tafel
];
};
esphome = {
deployment = {
targetHost = "esphome.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/esphome
];
};
public-reverse-proxy = {
deployment = {
targetHost = "public-reverse-proxy.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-reverse-proxy
];
};
netbox = {
deployment = {
targetHost = "netbox-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/netbox
];
};
matrix = {
deployment = {
targetHost = "matrix-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/matrix
];
};
public-web-static = {
deployment = {
targetHost = "public-web-static-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-web-static
];
};
git = {
deployment = {
targetHost = "git.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/git
];
};
forgejo-actions-runner = {
deployment = {
targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/forgejo-actions-runner
];
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox-chaosknoten.nix
./config/proxmox-chaosknoten-additional-initial-config.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
}