From a3f9b26429117061aebf2cbac64331f40369577b Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Tue, 5 Nov 2024 00:02:41 +0100 Subject: [PATCH 01/15] move overlay to overlays output --- flake.nix | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index b787f78..7fd9b80 100644 --- a/flake.nix +++ b/flake.nix @@ -26,23 +26,25 @@ outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }: let system = "x86_64-linux"; - shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: { - shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: { - # See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md - configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ]; - buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ]; - }); - }; pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; in { + overlays = { + shairportSyncAirplay2 = final: prev: { + shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: { + # See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md + configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ]; + buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ]; + }); + }; + }; nixosConfigurations = { audio-hauptraum-kueche = nixpkgs.lib.nixosSystem { inherit system; modules = [ ./config/common ./config/proxmox-vm - { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; } + { nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; } ./config/hosts/audio-hauptraum-kueche ]; }; @@ -52,7 +54,7 @@ modules = [ ./config/common ./config/proxmox-vm - { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; } + { nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; } ./config/hosts/audio-hauptraum-tafel ]; }; From 609a0a14c6207432acd2f074475a82267eba9bb7 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Tue, 5 Nov 2024 22:43:53 +0100 Subject: [PATCH 02/15] make use of nixosModules output --- flake.nix | 111 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 58 insertions(+), 53 deletions(-) diff --git a/flake.nix b/flake.nix index 7fd9b80..da7b32e 100644 --- a/flake.nix +++ b/flake.nix @@ -38,12 +38,17 @@ }); }; }; + nixosModules = { + common = ./config/common; + proxmox-vm = ./config/proxmox-vm; + prometheus-exporter = ./config/extra/prometheus-exporter.nix; + }; nixosConfigurations = { audio-hauptraum-kueche = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm { nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; } ./config/hosts/audio-hauptraum-kueche ]; @@ -52,8 +57,8 @@ audio-hauptraum-tafel = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm { nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; } ./config/hosts/audio-hauptraum-tafel ]; @@ -62,8 +67,8 @@ esphome = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ./config/hosts/esphome ]; }; @@ -71,8 +76,8 @@ public-reverse-proxy = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ./config/hosts/public-reverse-proxy ]; }; @@ -80,10 +85,10 @@ netbox = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/netbox ]; }; @@ -91,10 +96,10 @@ matrix = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/matrix ]; }; @@ -102,10 +107,10 @@ public-web-static = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/public-web-static ]; }; @@ -113,10 +118,10 @@ git = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/git ]; }; @@ -124,10 +129,10 @@ forgejo-actions-runner = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/forgejo-actions-runner ]; }; @@ -135,8 +140,8 @@ ptouch-print-server = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ./config/hosts/ptouch-print-server ]; }; @@ -144,9 +149,9 @@ eh22-wiki = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm - ./config/extra/prometheus-exporter.nix + self.nixosModules.common + self.nixosModules.proxmox-vm + self.nixosModules.prometheus-exporter ./config/hosts/eh22-wiki ]; }; @@ -154,9 +159,9 @@ nix-box-june = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm - ./config/extra/prometheus-exporter.nix + self.nixosModules.common + self.nixosModules.proxmox-vm + self.nixosModules.prometheus-exporter ./config/hosts/nix-box-june ]; }; @@ -164,8 +169,8 @@ yate = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ./config/hosts/yate ]; }; @@ -173,8 +178,8 @@ mqtt = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ./config/hosts/mqtt ]; }; @@ -182,10 +187,10 @@ mjolnir = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/mjolnir ]; }; @@ -193,10 +198,10 @@ woodpecker = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/woodpecker ]; specialArgs = { @@ -207,8 +212,8 @@ status = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops ./config/hosts/status ]; @@ -217,10 +222,10 @@ penpot = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/penpot ]; }; @@ -228,9 +233,9 @@ hydra = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm - ./config/extra/prometheus-exporter.nix + self.nixosModules.common + self.nixosModules.proxmox-vm + self.nixosModules.prometheus-exporter ./config/hosts/hydra ]; }; @@ -241,8 +246,8 @@ system = "x86_64-linux"; modules = [ ./config/nixos-generators/proxmox.nix - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ]; format = "proxmox"; }; @@ -252,8 +257,8 @@ modules = [ ./config/nixos-generators/proxmox-chaosknoten.nix ./config/proxmox-chaosknoten-additional-initial-config.nix - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ]; format = "proxmox"; }; From 12ed0e954b8aa482e2c62a65da3a313b7da56f8e Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Tue, 5 Nov 2024 22:52:02 +0100 Subject: [PATCH 03/15] format files with `nix fmt` --- config/hosts/eh22-wiki/dokuwiki.nix | 5 ++- config/hosts/mqtt/configuration.nix | 12 ++--- config/hosts/mqtt/default.nix | 12 ++--- config/hosts/mqtt/mosquitto.nix | 44 +++++++++---------- config/hosts/nix-box-june/users.nix | 2 +- .../virtualHosts/hacker.tours.nix | 3 +- .../hackertours.hamburg.ccc.de.nix | 3 +- .../historic-easterhegg/default.nix | 4 +- .../virtualHosts/historic-easterhegg/eh03.nix | 4 +- .../virtualHosts/historic-easterhegg/eh05.nix | 8 ++-- .../virtualHosts/historic-easterhegg/eh07.nix | 4 +- .../virtualHosts/historic-easterhegg/eh09.nix | 4 +- .../virtualHosts/historic-easterhegg/eh11.nix | 4 +- .../virtualHosts/staging.hacker.tours.nix | 3 +- .../staging.hackertours.hamburg.ccc.de.nix | 3 +- config/hosts/yate/service.nix | 8 ++-- 16 files changed, 64 insertions(+), 59 deletions(-) diff --git a/config/hosts/eh22-wiki/dokuwiki.nix b/config/hosts/eh22-wiki/dokuwiki.nix index c0eafaa..f9a7cbd 100644 --- a/config/hosts/eh22-wiki/dokuwiki.nix +++ b/config/hosts/eh22-wiki/dokuwiki.nix @@ -21,7 +21,8 @@ let app = "dokuwiki"; domain = "eh22.easterhegg.eu"; dataDir = "/srv/www/${domain}"; -in { +in +{ systemd.tmpfiles.rules = [ "d ${dataDir} 0755 ${app} ${app}" ]; @@ -76,7 +77,7 @@ in { default = true; enableACME = true; serverName = "${domain}"; - + listen = [ { addr = "0.0.0.0"; diff --git a/config/hosts/mqtt/configuration.nix b/config/hosts/mqtt/configuration.nix index 18d0184..793807d 100644 --- a/config/hosts/mqtt/configuration.nix +++ b/config/hosts/mqtt/configuration.nix @@ -1,10 +1,10 @@ { ... }: { - networking = { - hostName = "mqtt"; - domain = "z9.ccchh.net"; - }; + networking = { + hostName = "mqtt"; + domain = "z9.ccchh.net"; + }; - system.stateVersion = "23.11"; -} \ No newline at end of file + system.stateVersion = "23.11"; +} diff --git a/config/hosts/mqtt/default.nix b/config/hosts/mqtt/default.nix index bb61c12..bc91d9f 100644 --- a/config/hosts/mqtt/default.nix +++ b/config/hosts/mqtt/default.nix @@ -1,9 +1,9 @@ { pkgs, ... }: { - imports = [ - ./configuration.nix - ./networking.nix - ./mosquitto.nix - ]; -} \ No newline at end of file + imports = [ + ./configuration.nix + ./networking.nix + ./mosquitto.nix + ]; +} diff --git a/config/hosts/mqtt/mosquitto.nix b/config/hosts/mqtt/mosquitto.nix index 672c05d..d093bd8 100644 --- a/config/hosts/mqtt/mosquitto.nix +++ b/config/hosts/mqtt/mosquitto.nix @@ -5,29 +5,29 @@ { ... }: { - services.mosquitto = { - enable = true; - persistence = true; + services.mosquitto = { + enable = true; + persistence = true; - # set config for all listeners - listeners = [ { - settings.allow_anonymous = true; - omitPasswordAuth = true; - acl = ["topic readwrite #"]; - } ]; + # set config for all listeners + listeners = [{ + settings.allow_anonymous = true; + omitPasswordAuth = true; + acl = [ "topic readwrite #" ]; + }]; - bridges.winkekatz = { - addresses = [ - { address = "mqtt.winkekatze24.de"; } - ]; - topics = [ - "winkekatze/allcats/eye/set in 2" - "winkekatze/allcats in 2" - "+/status out 2 winkekatze/ \"\"" - "+/connected out 2 winkekatze/ \"\"" - ]; - }; + bridges.winkekatz = { + addresses = [ + { address = "mqtt.winkekatze24.de"; } + ]; + topics = [ + "winkekatze/allcats/eye/set in 2" + "winkekatze/allcats in 2" + "+/status out 2 winkekatze/ \"\"" + "+/connected out 2 winkekatze/ \"\"" + ]; }; + }; - networking.firewall.allowedTCPPorts = [ 1883 ]; -} \ No newline at end of file + networking.firewall.allowedTCPPorts = [ 1883 ]; +} diff --git a/config/hosts/nix-box-june/users.nix b/config/hosts/nix-box-june/users.nix index 9f1b217..dfb333e 100644 --- a/config/hosts/nix-box-june/users.nix +++ b/config/hosts/nix-box-june/users.nix @@ -26,7 +26,7 @@ }; yuri = { isNormalUser = true; - openssh.authorizedKeys.keys = [ + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara" ]; diff --git a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix index 7eaa086..1ee6180 100644 --- a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix +++ b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix @@ -4,7 +4,8 @@ let domain = "hacker.tours"; dataDir = "/var/www/${domain}"; deployUser = "hackertours-website-deploy"; -in { +in +{ services.nginx.virtualHosts = { "acme-${domain}" = { enableACME = true; diff --git a/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix index 2077ca7..b0104b6 100644 --- a/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix @@ -4,7 +4,8 @@ let domain = "hackertours.hamburg.ccc.de"; dataDir = "/var/www/${domain}"; deployUser = "ht-ccchh-website-deploy"; -in { +in +{ services.nginx.virtualHosts = { "acme-${domain}" = { enableACME = true; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix index fe53d04..69d8855 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix @@ -1,4 +1,4 @@ -{...}: +{ ... }: { imports = [ @@ -9,4 +9,4 @@ ./eh11.nix ./eh20.nix ]; -} \ No newline at end of file +} diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix index 60d4f21..2c5dd86 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix @@ -6,7 +6,7 @@ let rev = "74977c56486cd060566bf06678a936e801952f9e"; hash = "sha256-ded/NO+Jex2Sa4yWAIRpqANsv8i0vKmJSkM5r9KxaVk="; }; -in +in { security.acme.certs."eh03.easterhegg.eu".extraDomainNames = [ "eh2003.hamburg.ccc.de" @@ -48,7 +48,7 @@ in }]; locations."/".return = "302 https://eh03.easterhegg.eu"; - + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix index 7651666..37cb893 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix @@ -48,7 +48,7 @@ in }]; locations."/".return = "302 https://eh05.easterhegg.eu"; - + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy @@ -60,7 +60,7 @@ in real_ip_header proxy_protocol; ''; }; - + "eh05.easterhegg.eu" = { forceSSL = true; useACMEHost = "eh05.easterhegg.eu"; @@ -71,7 +71,7 @@ in ssl = true; proxyProtocol = true; }]; - + locations."/" = { index = "index.shtml"; root = eh05; @@ -80,7 +80,7 @@ in default_type text/html; # Enable SSI ssi on; - ''; + ''; }; extraConfig = '' diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix index 40fe480..ebfa712 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix @@ -54,7 +54,7 @@ in }]; locations."/".return = "302 https://eh07.easterhegg.eu"; - + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy @@ -86,7 +86,7 @@ in default_type text/html; # Enable SSI ssi on; - ''; + ''; }; extraConfig = '' diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix index f7416ed..ea274af 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix @@ -54,7 +54,7 @@ in }]; locations."/".return = "302 https://eh09.easterhegg.eu"; - + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy @@ -86,7 +86,7 @@ in default_type text/html; # Enable SSI ssi on; - ''; + ''; }; extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix index c409641..39d7fad 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix @@ -54,7 +54,7 @@ in }]; locations."/".return = "302 https://eh11.easterhegg.eu"; - + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy @@ -86,7 +86,7 @@ in default_type text/html; # Enable SSI ssi on; - ''; + ''; }; extraConfig = '' diff --git a/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix b/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix index 382f1b6..14ede9b 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix @@ -4,7 +4,8 @@ let domain = "staging.hacker.tours"; dataDir = "/var/www/${domain}"; deployUser = "hackertours-website-deploy"; -in { +in +{ services.nginx.virtualHosts = { "acme-${domain}" = { enableACME = true; diff --git a/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix index 4b71d53..79ca38c 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix @@ -4,7 +4,8 @@ let domain = "staging.hackertours.hamburg.ccc.de"; dataDir = "/var/www/${domain}"; deployUser = "ht-ccchh-website-deploy"; -in { +in +{ services.nginx.virtualHosts = { "acme-${domain}" = { enableACME = true; diff --git a/config/hosts/yate/service.nix b/config/hosts/yate/service.nix index e426a31..e031d4d 100644 --- a/config/hosts/yate/service.nix +++ b/config/hosts/yate/service.nix @@ -6,16 +6,16 @@ description = "Yate telehony engine"; unitConfig = { Type = "simple"; - After="network.target"; + After = "network.target"; }; serviceConfig = { ExecStart = "${pkgs.yate}/bin/yate -c /yate -e /yate/share -Do"; - Type="simple"; - Restart="always"; + Type = "simple"; + Restart = "always"; # ... }; wantedBy = [ "default.target" ]; - requiredBy = [ "network.target" ]; + requiredBy = [ "network.target" ]; # ... }; } From 0d7805dc9c199f9d43ff0e4388813771d5bc6129 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Tue, 5 Nov 2024 22:56:55 +0100 Subject: [PATCH 04/15] remove nixpkgs-unstable the current version of woodpecker-server in stable now has the features this was original used for, not other usages of unstable are in tree left so removing it. --- .../woodpecker-agent/woodpecker-agent.nix | 5 ++--- .../woodpecker-server/woodpecker-server.nix | 6 ++---- flake.lock | 17 ----------------- flake.nix | 7 +------ 4 files changed, 5 insertions(+), 30 deletions(-) diff --git a/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix b/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix index dc89021..8c6847b 100644 --- a/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix +++ b/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix @@ -3,13 +3,12 @@ # - https://woodpecker-ci.org/docs/administration/agent-config # - https://woodpecker-ci.org/docs/administration/backends/docker -{ config, pkgs, pkgs-unstable, ... }: +{ config, pkgs, ... }: { services.woodpecker-agents.agents."docker" = { enable = true; - # Since we use woodpecker-server from unstable, use the agent from unstable as well. - package = pkgs-unstable.woodpecker-agent; + package = pkgs.woodpecker-agent; extraGroups = [ "docker" ]; environment = { WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}"; diff --git a/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix b/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix index 464af13..2baafc5 100644 --- a/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix +++ b/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix @@ -5,14 +5,12 @@ # - https://woodpecker-ci.org/docs/administration/forges/forgejo # - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING -{ config, pkgs, pkgs-unstable, ... }: +{ config, pkgs, ... }: { services.woodpecker-server = { enable = true; - # Use package from unstable to get at least version 2.6.0 for native Forgejo support. - # https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0 - package = pkgs-unstable.woodpecker-server; + package = pkgs.woodpecker-server; environment = { WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de"; WOODPECKER_SERVER_ADDR = ":8001"; diff --git a/flake.lock b/flake.lock index 24f50dd..f09abde 100644 --- a/flake.lock +++ b/flake.lock @@ -68,27 +68,10 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1730449684, - "narHash": "sha256-Hlv3rTPxnO+DpKRXw9yjzERLdk05h7+fEbZxWM2taCw=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ab464abbeb3a2833288c6e907488c49c2e599f88", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix" } }, diff --git a/flake.nix b/flake.nix index da7b32e..f575ac6 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,6 @@ # https://nixos.org/manual/nixos/stable/#sec-upgrading # https://github.com/NixOS/nixpkgs nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05-small"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; # Add nixos-generators as an input. # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake @@ -23,10 +22,9 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }: + outputs = { self, nixpkgs, nixos-generators, sops-nix, ... }: let system = "x86_64-linux"; - pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; in { overlays = { @@ -204,9 +202,6 @@ self.nixosModules.prometheus-exporter ./config/hosts/woodpecker ]; - specialArgs = { - inherit pkgs-unstable; - }; }; status = nixpkgs.lib.nixosSystem { From c8e7bd1ccfd1b23f8dce95b36a0ec7cab471cfc2 Mon Sep 17 00:00:00 2001 From: June Date: Sun, 10 Nov 2024 19:26:26 +0100 Subject: [PATCH 05/15] git: enable sending of e-mails to watchers of repositories --- config/hosts/git/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/hosts/git/forgejo.nix b/config/hosts/git/forgejo.nix index bb7099f..d7e7c1b 100644 --- a/config/hosts/git/forgejo.nix +++ b/config/hosts/git/forgejo.nix @@ -45,6 +45,7 @@ DEFAULT_USER_VISIBILITY = "limited"; DEFAULT_KEEP_EMAIL_PRIVATE = true; ENABLE_BASIC_AUTHENTICATION = false; + ENABLE_NOTIFY_MAIL = true; }; repo = { DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls"; From 2ba371f8cd0a97e5f95765cc0b09dfe113638e0f Mon Sep 17 00:00:00 2001 From: June Date: Sun, 10 Nov 2024 19:38:05 +0100 Subject: [PATCH 06/15] git: disable making org users auto watch new repos on creation Also explicitly disable making users auto watch repos after their first commit to it. --- config/hosts/git/forgejo.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/hosts/git/forgejo.nix b/config/hosts/git/forgejo.nix index d7e7c1b..a57a37f 100644 --- a/config/hosts/git/forgejo.nix +++ b/config/hosts/git/forgejo.nix @@ -46,6 +46,8 @@ DEFAULT_KEEP_EMAIL_PRIVATE = true; ENABLE_BASIC_AUTHENTICATION = false; ENABLE_NOTIFY_MAIL = true; + AUTO_WATCH_NEW_REPOS = false; + AUTO_WATCH_ON_CHANGES = false; }; repo = { DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls"; From ff1a12846afa1fc25cd9a98f3e31eceb954b2b09 Mon Sep 17 00:00:00 2001 From: c6ristian Date: Tue, 11 Jun 2024 23:19:13 +0200 Subject: [PATCH 07/15] Add how to generate the NixOS Proxmox VE templates --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index b55e1f2..f7ae196 100644 --- a/README.md +++ b/README.md @@ -62,3 +62,14 @@ This is exactly what we're doing to set the default deployment user to `colmena- }; ``` This secret would then be available under `/run/secrets/forgejo_git_smtp_password` on the host. + +## Build NixOS Proxmox VE Template + +Build a now NixOS Proxmox VE Template for the thinkcccore's +```shell +nix build .#proxmox-nixos-template +``` +Build a now NixOS Proxmox VE Template for the chaosknoten +```shell +nix build .#proxmox-chaosknoten-nixos-template +``` \ No newline at end of file From 1fcd8c64215c2f59617e17d21e806ae15fcf823c Mon Sep 17 00:00:00 2001 From: c6ristian Date: Sat, 22 Jun 2024 15:56:13 +0200 Subject: [PATCH 08/15] fix typo and writing improvement --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f7ae196..bd3a29a 100644 --- a/README.md +++ b/README.md @@ -65,11 +65,11 @@ This is exactly what we're doing to set the default deployment user to `colmena- ## Build NixOS Proxmox VE Template -Build a now NixOS Proxmox VE Template for the thinkcccore's +Build a new NixOS Proxmox VE Template for the thinkcccore's: ```shell nix build .#proxmox-nixos-template ``` -Build a now NixOS Proxmox VE Template for the chaosknoten +Build a new NixOS Proxmox VE Template for the chaosknoten: ```shell nix build .#proxmox-chaosknoten-nixos-template -``` \ No newline at end of file +``` From afb4fc71cef9691a56fc1afc8eb80dbd289faf91 Mon Sep 17 00:00:00 2001 From: c6ristian Date: Sun, 10 Nov 2024 23:10:50 +0100 Subject: [PATCH 09/15] Update infrastructure-authorized-keys rev --- config/common/users.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/common/users.nix b/config/common/users.nix index 59682c4..026929b 100644 --- a/config/common/users.nix +++ b/config/common/users.nix @@ -11,8 +11,8 @@ let authorizedKeysRepo = pkgs.fetchgit { url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys"; - rev = "b6a29dc7af0a45a8c0b4904290c7cb0c5bc51413"; - hash = "sha256-c0aH0wQeJtfXJG5wAbS6aO8yILLI1NNkFAHAeOm8RXA="; + rev = "686a6af22f6696f0c0595c56f463c078550049fc"; + hash = "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc="; }; authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys")); in From 33b2cbf5d098c87db3904740ad27c803055547ec Mon Sep 17 00:00:00 2001 From: c6ristian Date: Sun, 10 Nov 2024 23:14:58 +0100 Subject: [PATCH 10/15] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:nixos/nixpkgs/38edd08881ce4dc24056eec173b43587a93c990f' (2024-11-01) → 'github:nixos/nixpkgs/11f65b4b0405cff5b54c813626bddcf5435d7ad2' (2024-11-09) • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/ab464abbeb3a2833288c6e907488c49c2e599f88' (2024-11-01) → 'github:nixos/nixpkgs/8aed22ecd71e5b67e5299efae8b9dc580dec711c' (2024-11-10) • Updated input 'sops-nix': 'github:Mic92/sops-nix/1666d16426abe79af5c47b7c0efa82fd31bf4c56' (2024-10-27) → 'github:Mic92/sops-nix/f1675e3b0e1e663a4af49be67ecbc9e749f85eb7' (2024-11-10) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26) → 'github:NixOS/nixpkgs/3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c' (2024-11-03) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 24f50dd..58d521b 100644 --- a/flake.lock +++ b/flake.lock @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730428893, - "narHash": "sha256-fLLUd2dO/Vnf96UDr8YPzerYi+n99l3S5yIUDnmcPBE=", + "lastModified": 1731133565, + "narHash": "sha256-tCErjTdCUWK06LzkcvwUM+3pyrrmdf8e0VDBBTgqznE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "38edd08881ce4dc24056eec173b43587a93c990f", + "rev": "11f65b4b0405cff5b54c813626bddcf5435d7ad2", "type": "github" }, "original": { @@ -54,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1729973466, - "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1730449684, - "narHash": "sha256-Hlv3rTPxnO+DpKRXw9yjzERLdk05h7+fEbZxWM2taCw=", + "lastModified": 1731265036, + "narHash": "sha256-e5I+glVZwQvLT6WIeMFi0Mk+N/jkYauZ31ir2NRZcf8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ab464abbeb3a2833288c6e907488c49c2e599f88", + "rev": "8aed22ecd71e5b67e5299efae8b9dc580dec711c", "type": "github" }, "original": { @@ -100,11 +100,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1729999681, - "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=", + "lastModified": 1731213149, + "narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56", + "rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7", "type": "github" }, "original": { From c84d9e7d0af00a8ca8adcf59616473bee14efc89 Mon Sep 17 00:00:00 2001 From: fi Date: Mon, 11 Nov 2024 02:43:08 +0100 Subject: [PATCH 11/15] Update element to 1.11.84 --- .../public-web-static/virtualHosts/element.hamburg.ccc.de.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix index 5f0792f..1836f25 100644 --- a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix @@ -1,10 +1,10 @@ { pkgs, ... }: let - elementWebVersion = "1.11.80"; + elementWebVersion = "1.11.84"; element-web = pkgs.fetchzip { url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz"; - sha256 = "sha256-sudWmNehxGsbZTNirTkoWQ/Bln1DC1CI30wocw9VoH8="; + sha256 = "sha256-z2qaKKyUq2S/r3xUUU3ym0FgFbiQr6bcltuKvUMPbH4="; }; elementSecurityHeaders = '' # Configuration best practices From 4978ffc75816bd376dc4862914115825e3ad79a4 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Tue, 5 Nov 2024 00:02:41 +0100 Subject: [PATCH 12/15] move overlay to overlays output --- flake.nix | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index b787f78..7fd9b80 100644 --- a/flake.nix +++ b/flake.nix @@ -26,23 +26,25 @@ outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }: let system = "x86_64-linux"; - shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: { - shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: { - # See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md - configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ]; - buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ]; - }); - }; pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; in { + overlays = { + shairportSyncAirplay2 = final: prev: { + shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: { + # See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md + configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ]; + buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ]; + }); + }; + }; nixosConfigurations = { audio-hauptraum-kueche = nixpkgs.lib.nixosSystem { inherit system; modules = [ ./config/common ./config/proxmox-vm - { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; } + { nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; } ./config/hosts/audio-hauptraum-kueche ]; }; @@ -52,7 +54,7 @@ modules = [ ./config/common ./config/proxmox-vm - { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; } + { nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; } ./config/hosts/audio-hauptraum-tafel ]; }; From 1283d7664fefcd2d23f58c3631cc9d469333b418 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Tue, 5 Nov 2024 22:43:53 +0100 Subject: [PATCH 13/15] make use of nixosModules output --- flake.nix | 111 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 58 insertions(+), 53 deletions(-) diff --git a/flake.nix b/flake.nix index 7fd9b80..da7b32e 100644 --- a/flake.nix +++ b/flake.nix @@ -38,12 +38,17 @@ }); }; }; + nixosModules = { + common = ./config/common; + proxmox-vm = ./config/proxmox-vm; + prometheus-exporter = ./config/extra/prometheus-exporter.nix; + }; nixosConfigurations = { audio-hauptraum-kueche = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm { nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; } ./config/hosts/audio-hauptraum-kueche ]; @@ -52,8 +57,8 @@ audio-hauptraum-tafel = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm { nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; } ./config/hosts/audio-hauptraum-tafel ]; @@ -62,8 +67,8 @@ esphome = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ./config/hosts/esphome ]; }; @@ -71,8 +76,8 @@ public-reverse-proxy = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ./config/hosts/public-reverse-proxy ]; }; @@ -80,10 +85,10 @@ netbox = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/netbox ]; }; @@ -91,10 +96,10 @@ matrix = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/matrix ]; }; @@ -102,10 +107,10 @@ public-web-static = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/public-web-static ]; }; @@ -113,10 +118,10 @@ git = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/git ]; }; @@ -124,10 +129,10 @@ forgejo-actions-runner = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/forgejo-actions-runner ]; }; @@ -135,8 +140,8 @@ ptouch-print-server = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ./config/hosts/ptouch-print-server ]; }; @@ -144,9 +149,9 @@ eh22-wiki = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm - ./config/extra/prometheus-exporter.nix + self.nixosModules.common + self.nixosModules.proxmox-vm + self.nixosModules.prometheus-exporter ./config/hosts/eh22-wiki ]; }; @@ -154,9 +159,9 @@ nix-box-june = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm - ./config/extra/prometheus-exporter.nix + self.nixosModules.common + self.nixosModules.proxmox-vm + self.nixosModules.prometheus-exporter ./config/hosts/nix-box-june ]; }; @@ -164,8 +169,8 @@ yate = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ./config/hosts/yate ]; }; @@ -173,8 +178,8 @@ mqtt = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ./config/hosts/mqtt ]; }; @@ -182,10 +187,10 @@ mjolnir = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/mjolnir ]; }; @@ -193,10 +198,10 @@ woodpecker = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/woodpecker ]; specialArgs = { @@ -207,8 +212,8 @@ status = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops ./config/hosts/status ]; @@ -217,10 +222,10 @@ penpot = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm sops-nix.nixosModules.sops - ./config/extra/prometheus-exporter.nix + self.nixosModules.prometheus-exporter ./config/hosts/penpot ]; }; @@ -228,9 +233,9 @@ hydra = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ./config/common - ./config/proxmox-vm - ./config/extra/prometheus-exporter.nix + self.nixosModules.common + self.nixosModules.proxmox-vm + self.nixosModules.prometheus-exporter ./config/hosts/hydra ]; }; @@ -241,8 +246,8 @@ system = "x86_64-linux"; modules = [ ./config/nixos-generators/proxmox.nix - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ]; format = "proxmox"; }; @@ -252,8 +257,8 @@ modules = [ ./config/nixos-generators/proxmox-chaosknoten.nix ./config/proxmox-chaosknoten-additional-initial-config.nix - ./config/common - ./config/proxmox-vm + self.nixosModules.common + self.nixosModules.proxmox-vm ]; format = "proxmox"; }; From 39b73b092666b2ca1261ff0ce6e5636ac7890e49 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Tue, 5 Nov 2024 22:52:02 +0100 Subject: [PATCH 14/15] format files with `nix fmt` --- config/hosts/eh22-wiki/dokuwiki.nix | 5 ++- config/hosts/mqtt/configuration.nix | 12 ++--- config/hosts/mqtt/default.nix | 12 ++--- config/hosts/mqtt/mosquitto.nix | 44 +++++++++---------- config/hosts/nix-box-june/users.nix | 2 +- .../virtualHosts/hacker.tours.nix | 3 +- .../hackertours.hamburg.ccc.de.nix | 3 +- .../historic-easterhegg/default.nix | 4 +- .../virtualHosts/historic-easterhegg/eh03.nix | 4 +- .../virtualHosts/historic-easterhegg/eh05.nix | 8 ++-- .../virtualHosts/historic-easterhegg/eh07.nix | 4 +- .../virtualHosts/historic-easterhegg/eh09.nix | 4 +- .../virtualHosts/historic-easterhegg/eh11.nix | 4 +- .../virtualHosts/staging.hacker.tours.nix | 3 +- .../staging.hackertours.hamburg.ccc.de.nix | 3 +- config/hosts/yate/service.nix | 8 ++-- 16 files changed, 64 insertions(+), 59 deletions(-) diff --git a/config/hosts/eh22-wiki/dokuwiki.nix b/config/hosts/eh22-wiki/dokuwiki.nix index c0eafaa..f9a7cbd 100644 --- a/config/hosts/eh22-wiki/dokuwiki.nix +++ b/config/hosts/eh22-wiki/dokuwiki.nix @@ -21,7 +21,8 @@ let app = "dokuwiki"; domain = "eh22.easterhegg.eu"; dataDir = "/srv/www/${domain}"; -in { +in +{ systemd.tmpfiles.rules = [ "d ${dataDir} 0755 ${app} ${app}" ]; @@ -76,7 +77,7 @@ in { default = true; enableACME = true; serverName = "${domain}"; - + listen = [ { addr = "0.0.0.0"; diff --git a/config/hosts/mqtt/configuration.nix b/config/hosts/mqtt/configuration.nix index 18d0184..793807d 100644 --- a/config/hosts/mqtt/configuration.nix +++ b/config/hosts/mqtt/configuration.nix @@ -1,10 +1,10 @@ { ... }: { - networking = { - hostName = "mqtt"; - domain = "z9.ccchh.net"; - }; + networking = { + hostName = "mqtt"; + domain = "z9.ccchh.net"; + }; - system.stateVersion = "23.11"; -} \ No newline at end of file + system.stateVersion = "23.11"; +} diff --git a/config/hosts/mqtt/default.nix b/config/hosts/mqtt/default.nix index bb61c12..bc91d9f 100644 --- a/config/hosts/mqtt/default.nix +++ b/config/hosts/mqtt/default.nix @@ -1,9 +1,9 @@ { pkgs, ... }: { - imports = [ - ./configuration.nix - ./networking.nix - ./mosquitto.nix - ]; -} \ No newline at end of file + imports = [ + ./configuration.nix + ./networking.nix + ./mosquitto.nix + ]; +} diff --git a/config/hosts/mqtt/mosquitto.nix b/config/hosts/mqtt/mosquitto.nix index 672c05d..d093bd8 100644 --- a/config/hosts/mqtt/mosquitto.nix +++ b/config/hosts/mqtt/mosquitto.nix @@ -5,29 +5,29 @@ { ... }: { - services.mosquitto = { - enable = true; - persistence = true; + services.mosquitto = { + enable = true; + persistence = true; - # set config for all listeners - listeners = [ { - settings.allow_anonymous = true; - omitPasswordAuth = true; - acl = ["topic readwrite #"]; - } ]; + # set config for all listeners + listeners = [{ + settings.allow_anonymous = true; + omitPasswordAuth = true; + acl = [ "topic readwrite #" ]; + }]; - bridges.winkekatz = { - addresses = [ - { address = "mqtt.winkekatze24.de"; } - ]; - topics = [ - "winkekatze/allcats/eye/set in 2" - "winkekatze/allcats in 2" - "+/status out 2 winkekatze/ \"\"" - "+/connected out 2 winkekatze/ \"\"" - ]; - }; + bridges.winkekatz = { + addresses = [ + { address = "mqtt.winkekatze24.de"; } + ]; + topics = [ + "winkekatze/allcats/eye/set in 2" + "winkekatze/allcats in 2" + "+/status out 2 winkekatze/ \"\"" + "+/connected out 2 winkekatze/ \"\"" + ]; }; + }; - networking.firewall.allowedTCPPorts = [ 1883 ]; -} \ No newline at end of file + networking.firewall.allowedTCPPorts = [ 1883 ]; +} diff --git a/config/hosts/nix-box-june/users.nix b/config/hosts/nix-box-june/users.nix index 9f1b217..dfb333e 100644 --- a/config/hosts/nix-box-june/users.nix +++ b/config/hosts/nix-box-june/users.nix @@ -26,7 +26,7 @@ }; yuri = { isNormalUser = true; - openssh.authorizedKeys.keys = [ + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara" ]; diff --git a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix index 7eaa086..1ee6180 100644 --- a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix +++ b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix @@ -4,7 +4,8 @@ let domain = "hacker.tours"; dataDir = "/var/www/${domain}"; deployUser = "hackertours-website-deploy"; -in { +in +{ services.nginx.virtualHosts = { "acme-${domain}" = { enableACME = true; diff --git a/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix index 2077ca7..b0104b6 100644 --- a/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/hackertours.hamburg.ccc.de.nix @@ -4,7 +4,8 @@ let domain = "hackertours.hamburg.ccc.de"; dataDir = "/var/www/${domain}"; deployUser = "ht-ccchh-website-deploy"; -in { +in +{ services.nginx.virtualHosts = { "acme-${domain}" = { enableACME = true; diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix index fe53d04..69d8855 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/default.nix @@ -1,4 +1,4 @@ -{...}: +{ ... }: { imports = [ @@ -9,4 +9,4 @@ ./eh11.nix ./eh20.nix ]; -} \ No newline at end of file +} diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix index 60d4f21..2c5dd86 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh03.nix @@ -6,7 +6,7 @@ let rev = "74977c56486cd060566bf06678a936e801952f9e"; hash = "sha256-ded/NO+Jex2Sa4yWAIRpqANsv8i0vKmJSkM5r9KxaVk="; }; -in +in { security.acme.certs."eh03.easterhegg.eu".extraDomainNames = [ "eh2003.hamburg.ccc.de" @@ -48,7 +48,7 @@ in }]; locations."/".return = "302 https://eh03.easterhegg.eu"; - + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix index 7651666..37cb893 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh05.nix @@ -48,7 +48,7 @@ in }]; locations."/".return = "302 https://eh05.easterhegg.eu"; - + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy @@ -60,7 +60,7 @@ in real_ip_header proxy_protocol; ''; }; - + "eh05.easterhegg.eu" = { forceSSL = true; useACMEHost = "eh05.easterhegg.eu"; @@ -71,7 +71,7 @@ in ssl = true; proxyProtocol = true; }]; - + locations."/" = { index = "index.shtml"; root = eh05; @@ -80,7 +80,7 @@ in default_type text/html; # Enable SSI ssi on; - ''; + ''; }; extraConfig = '' diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix index 40fe480..ebfa712 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh07.nix @@ -54,7 +54,7 @@ in }]; locations."/".return = "302 https://eh07.easterhegg.eu"; - + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy @@ -86,7 +86,7 @@ in default_type text/html; # Enable SSI ssi on; - ''; + ''; }; extraConfig = '' diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix index f7416ed..ea274af 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh09.nix @@ -54,7 +54,7 @@ in }]; locations."/".return = "302 https://eh09.easterhegg.eu"; - + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy @@ -86,7 +86,7 @@ in default_type text/html; # Enable SSI ssi on; - ''; + ''; }; extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and diff --git a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix index c409641..39d7fad 100644 --- a/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix +++ b/config/hosts/public-web-static/virtualHosts/historic-easterhegg/eh11.nix @@ -54,7 +54,7 @@ in }]; locations."/".return = "302 https://eh11.easterhegg.eu"; - + extraConfig = '' # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy @@ -86,7 +86,7 @@ in default_type text/html; # Enable SSI ssi on; - ''; + ''; }; extraConfig = '' diff --git a/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix b/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix index 382f1b6..14ede9b 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hacker.tours.nix @@ -4,7 +4,8 @@ let domain = "staging.hacker.tours"; dataDir = "/var/www/${domain}"; deployUser = "hackertours-website-deploy"; -in { +in +{ services.nginx.virtualHosts = { "acme-${domain}" = { enableACME = true; diff --git a/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix index 4b71d53..79ca38c 100644 --- a/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/staging.hackertours.hamburg.ccc.de.nix @@ -4,7 +4,8 @@ let domain = "staging.hackertours.hamburg.ccc.de"; dataDir = "/var/www/${domain}"; deployUser = "ht-ccchh-website-deploy"; -in { +in +{ services.nginx.virtualHosts = { "acme-${domain}" = { enableACME = true; diff --git a/config/hosts/yate/service.nix b/config/hosts/yate/service.nix index e426a31..e031d4d 100644 --- a/config/hosts/yate/service.nix +++ b/config/hosts/yate/service.nix @@ -6,16 +6,16 @@ description = "Yate telehony engine"; unitConfig = { Type = "simple"; - After="network.target"; + After = "network.target"; }; serviceConfig = { ExecStart = "${pkgs.yate}/bin/yate -c /yate -e /yate/share -Do"; - Type="simple"; - Restart="always"; + Type = "simple"; + Restart = "always"; # ... }; wantedBy = [ "default.target" ]; - requiredBy = [ "network.target" ]; + requiredBy = [ "network.target" ]; # ... }; } From 281ad152d6d88f854e35a086704bb2fb0a78c090 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Tue, 5 Nov 2024 22:56:55 +0100 Subject: [PATCH 15/15] remove nixpkgs-unstable the current version of woodpecker-server in stable now has the features this was original used for, not other usages of unstable are in tree left so removing it. --- .../woodpecker-agent/woodpecker-agent.nix | 5 ++--- .../woodpecker-server/woodpecker-server.nix | 6 ++---- flake.lock | 17 ----------------- flake.nix | 7 +------ 4 files changed, 5 insertions(+), 30 deletions(-) diff --git a/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix b/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix index dc89021..8c6847b 100644 --- a/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix +++ b/config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix @@ -3,13 +3,12 @@ # - https://woodpecker-ci.org/docs/administration/agent-config # - https://woodpecker-ci.org/docs/administration/backends/docker -{ config, pkgs, pkgs-unstable, ... }: +{ config, pkgs, ... }: { services.woodpecker-agents.agents."docker" = { enable = true; - # Since we use woodpecker-server from unstable, use the agent from unstable as well. - package = pkgs-unstable.woodpecker-agent; + package = pkgs.woodpecker-agent; extraGroups = [ "docker" ]; environment = { WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}"; diff --git a/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix b/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix index 464af13..2baafc5 100644 --- a/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix +++ b/config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix @@ -5,14 +5,12 @@ # - https://woodpecker-ci.org/docs/administration/forges/forgejo # - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING -{ config, pkgs, pkgs-unstable, ... }: +{ config, pkgs, ... }: { services.woodpecker-server = { enable = true; - # Use package from unstable to get at least version 2.6.0 for native Forgejo support. - # https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0 - package = pkgs-unstable.woodpecker-server; + package = pkgs.woodpecker-server; environment = { WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de"; WOODPECKER_SERVER_ADDR = ":8001"; diff --git a/flake.lock b/flake.lock index 58d521b..74a5396 100644 --- a/flake.lock +++ b/flake.lock @@ -68,27 +68,10 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1731265036, - "narHash": "sha256-e5I+glVZwQvLT6WIeMFi0Mk+N/jkYauZ31ir2NRZcf8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8aed22ecd71e5b67e5299efae8b9dc580dec711c", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix" } }, diff --git a/flake.nix b/flake.nix index da7b32e..f575ac6 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,6 @@ # https://nixos.org/manual/nixos/stable/#sec-upgrading # https://github.com/NixOS/nixpkgs nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05-small"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; # Add nixos-generators as an input. # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake @@ -23,10 +22,9 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }: + outputs = { self, nixpkgs, nixos-generators, sops-nix, ... }: let system = "x86_64-linux"; - pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; in { overlays = { @@ -204,9 +202,6 @@ self.nixosModules.prometheus-exporter ./config/hosts/woodpecker ]; - specialArgs = { - inherit pkgs-unstable; - }; }; status = nixpkgs.lib.nixosSystem {