diff --git a/config/common/nix.nix b/config/common/nix.nix index f19f681..1b253d6 100644 --- a/config/common/nix.nix +++ b/config/common/nix.nix @@ -1,4 +1,4 @@ -{ ... }: +{ ... }: { nix = { diff --git a/config/common/users.nix b/config/common/users.nix index 06170bc..c36e20a 100644 --- a/config/common/users.nix +++ b/config/common/users.nix @@ -16,24 +16,24 @@ let }; authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys")); in - { - users.mutableUsers = false; +{ + users.mutableUsers = false; - users.users.chaos = { - isNormalUser = true; - description = "Chaos"; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = authorizedKeys; - }; + users.users.chaos = { + isNormalUser = true; + description = "Chaos"; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = authorizedKeys; + }; - users.users.colmena-deploy = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = authorizedKeys; - }; + users.users.colmena-deploy = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = authorizedKeys; + }; - nix.settings.trusted-users = [ "colmena-deploy" ]; + nix.settings.trusted-users = [ "colmena-deploy" ]; - # Since our user doesn't have a password, allow passwordless sudo for wheel. - security.sudo.wheelNeedsPassword = false; - } + # Since our user doesn't have a password, allow passwordless sudo for wheel. + security.sudo.wheelNeedsPassword = false; +} diff --git a/config/hosts/esphome/nginx.nix b/config/hosts/esphome/nginx.nix index ed93972..3c5cfb9 100644 --- a/config/hosts/esphome/nginx.nix +++ b/config/hosts/esphome/nginx.nix @@ -40,6 +40,6 @@ }; }; - + networking.firewall.allowedTCPPorts = [ 80 443 31820 ]; } diff --git a/config/hosts/matrix/matrix-synapse.nix b/config/hosts/matrix/matrix-synapse.nix index e574a59..bcc097d 100644 --- a/config/hosts/matrix/matrix-synapse.nix +++ b/config/hosts/matrix/matrix-synapse.nix @@ -39,7 +39,7 @@ media_store_path = "/mnt/data/synapse_media_store"; max_upload_size = "500M"; - + admin_contact = "mailto:yuri+ccchh@nekover.se"; }; diff --git a/config/hosts/matrix/nginx.nix b/config/hosts/matrix/nginx.nix index 03dba97..74d4291 100644 --- a/config/hosts/matrix/nginx.nix +++ b/config/hosts/matrix/nginx.nix @@ -60,6 +60,6 @@ ''; }; }; - + networking.firewall.allowedTCPPorts = [ 8443 8448 31820 ]; } diff --git a/config/hosts/matrix/postgresql.nix b/config/hosts/matrix/postgresql.nix index a241efd..62b600e 100644 --- a/config/hosts/matrix/postgresql.nix +++ b/config/hosts/matrix/postgresql.nix @@ -4,7 +4,7 @@ services.postgresql = { enable = true; package = pkgs.postgresql_15; - + initialScript = pkgs.writeText "synapse-init.sql" '' CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" diff --git a/config/hosts/public-web-static/spaceapid.nix b/config/hosts/public-web-static/spaceapid.nix index 8c9cb87..d2a25b6 100644 --- a/config/hosts/public-web-static/spaceapid.nix +++ b/config/hosts/public-web-static/spaceapid.nix @@ -11,7 +11,7 @@ let version = "main"; src = spaceapidSrc; - + ldflags = [ "-X main.version=${version}-${spaceapidSrc.rev}" ]; diff --git a/flake.nix b/flake.nix index 8768c79..f66397d 100644 --- a/flake.nix +++ b/flake.nix @@ -58,169 +58,170 @@ }); }; pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; - in { - colmena = { - meta = { - nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; - nodeNixpkgs = { - audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; - audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; + in + { + colmena = { + meta = { + nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; + nodeNixpkgs = { + audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; + audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; + }; + nodeSpecialArgs = { + git = { inherit pkgs-unstable; }; + }; }; - nodeSpecialArgs = { - git = { inherit pkgs-unstable; }; + + audio-hauptraum-kueche = { + deployment = { + targetHost = "audio-hauptraum-kueche.z9.ccchh.net"; + targetPort = 22; + targetUser = "colmena-deploy"; + tags = [ "thinkcccluster" ]; + }; + imports = [ + ./config/common + ./config/proxmox-vm + ./config/hosts/audio-hauptraum-kueche + ]; + }; + + audio-hauptraum-tafel = { + deployment = { + targetHost = "audio-hauptraum-tafel.z9.ccchh.net"; + targetPort = 22; + targetUser = "colmena-deploy"; + tags = [ "thinkcccluster" ]; + }; + imports = [ + ./config/common + ./config/proxmox-vm + ./config/hosts/audio-hauptraum-tafel + ]; + }; + + esphome = { + deployment = { + targetHost = "esphome.z9.ccchh.net"; + targetPort = 22; + targetUser = "colmena-deploy"; + tags = [ "thinkcccluster" ]; + }; + imports = [ + ./config/common + ./config/proxmox-vm + ./config/hosts/esphome + ]; + }; + + public-reverse-proxy = { + deployment = { + targetHost = "public-reverse-proxy.z9.ccchh.net"; + targetPort = 22; + targetUser = "colmena-deploy"; + tags = [ "thinkcccluster" ]; + }; + imports = [ + ./config/common + ./config/proxmox-vm + ./config/hosts/public-reverse-proxy + ]; + }; + + netbox = { + deployment = { + targetHost = "netbox-intern.hamburg.ccc.de"; + targetPort = 22; + targetUser = "colmena-deploy"; + tags = [ "chaosknoten" ]; + }; + imports = [ + ./config/common + ./config/proxmox-vm + ./config/hosts/netbox + ]; + }; + + matrix = { + deployment = { + targetHost = "matrix-intern.hamburg.ccc.de"; + targetPort = 22; + targetUser = "colmena-deploy"; + tags = [ "chaosknoten" ]; + }; + imports = [ + ./config/common + ./config/proxmox-vm + ./config/hosts/matrix + ]; + }; + + public-web-static = { + deployment = { + targetHost = "public-web-static-intern.hamburg.ccc.de"; + targetPort = 22; + targetUser = "colmena-deploy"; + tags = [ "chaosknoten" ]; + }; + imports = [ + ./config/common + ./config/proxmox-vm + ./config/hosts/public-web-static + ]; + }; + + git = { + deployment = { + targetHost = "git.hamburg.ccc.de"; + targetPort = 22; + targetUser = "colmena-deploy"; + tags = [ "chaosknoten" ]; + }; + imports = [ + ./config/common + ./config/proxmox-vm + ./config/hosts/git + ]; + }; + + forgejo-actions-runner = { + deployment = { + targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de"; + targetPort = 22; + targetUser = "colmena-deploy"; + tags = [ "chaosknoten" ]; + }; + imports = [ + ./config/common + ./config/proxmox-vm + ./config/hosts/forgejo-actions-runner + ]; }; }; - audio-hauptraum-kueche = { - deployment = { - targetHost = "audio-hauptraum-kueche.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; + packages.x86_64-linux = { + proxmox-nixos-template = nixos-generators.nixosGenerate { + system = "x86_64-linux"; + modules = [ + ./config/nixos-generators/proxmox.nix + ./config/common + ./config/proxmox-vm + ]; + format = "proxmox"; + }; + + proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate { + system = "x86_64-linux"; + modules = [ + ./config/nixos-generators/proxmox-chaosknoten.nix + ./config/proxmox-chaosknoten-additional-initial-config.nix + ./config/common + ./config/proxmox-vm + ]; + format = "proxmox"; }; - imports = [ - ./config/common - ./config/proxmox-vm - ./config/hosts/audio-hauptraum-kueche - ]; }; - audio-hauptraum-tafel = { - deployment = { - targetHost = "audio-hauptraum-tafel.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ - ./config/common - ./config/proxmox-vm - ./config/hosts/audio-hauptraum-tafel - ]; - }; - - esphome = { - deployment = { - targetHost = "esphome.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ - ./config/common - ./config/proxmox-vm - ./config/hosts/esphome - ]; - }; - - public-reverse-proxy = { - deployment = { - targetHost = "public-reverse-proxy.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ - ./config/common - ./config/proxmox-vm - ./config/hosts/public-reverse-proxy - ]; - }; - - netbox = { - deployment = { - targetHost = "netbox-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ - ./config/common - ./config/proxmox-vm - ./config/hosts/netbox - ]; - }; - - matrix = { - deployment = { - targetHost = "matrix-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ - ./config/common - ./config/proxmox-vm - ./config/hosts/matrix - ]; - }; - - public-web-static = { - deployment = { - targetHost = "public-web-static-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ - ./config/common - ./config/proxmox-vm - ./config/hosts/public-web-static - ]; - }; - - git = { - deployment = { - targetHost = "git.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ - ./config/common - ./config/proxmox-vm - ./config/hosts/git - ]; - }; - - forgejo-actions-runner = { - deployment = { - targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ - ./config/common - ./config/proxmox-vm - ./config/hosts/forgejo-actions-runner - ]; - }; + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; }; - - packages.x86_64-linux = { - proxmox-nixos-template = nixos-generators.nixosGenerate { - system = "x86_64-linux"; - modules = [ - ./config/nixos-generators/proxmox.nix - ./config/common - ./config/proxmox-vm - ]; - format = "proxmox"; - }; - - proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate { - system = "x86_64-linux"; - modules = [ - ./config/nixos-generators/proxmox-chaosknoten.nix - ./config/proxmox-chaosknoten-additional-initial-config.nix - ./config/common - ./config/proxmox-vm - ]; - format = "proxmox"; - }; - }; - - formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; - }; }