diff --git a/config/hosts/mjolnir/networking.nix b/config/hosts/mjolnir/networking.nix index 4d4693d..a441814 100644 --- a/config/hosts/mjolnir/networking.nix +++ b/config/hosts/mjolnir/networking.nix @@ -1,24 +1,18 @@ { ... }: { - networking.useDHCP = false; - - services.cloud-init = { - enable = true; - network.enable = true; - - # Version without ssh of: - # https://github.com/NixOS/nixpkgs/blob/3c9db02515ef1d9b6b709fc60ba9a540957f661c/nixos/modules/services/system/cloud-init.nix#L145 - # So we don't get ssh hostkey regenerations. - settings.cloud_config_modules = [ - "disk_setup" - "mounts" - "ssh-import-id" - "set-passwords" - "timezone" - "disable-ec2-metadata" - "runcmd" + networking = { + interfaces.net0 = { + ipv4.addresses = [ + { + address = "172.31.17.161"; + prefixLength = 25; + } ]; + }; + defaultGateway = "172.31.17.129"; + nameservers = [ "212.12.50.158" "192.76.134.90" ]; + search = [ "hamburg.ccc.de" ]; }; systemd.network.links."10-net0" = { diff --git a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix index 20bb644..1ee6180 100644 --- a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix +++ b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix @@ -22,10 +22,6 @@ in "${domain}" = { forceSSL = true; useACMEHost = "${domain}"; - - locations."/shop" = { - return = "302 https://tickets.hamburg.ccc.de"; - }; listen = [ { diff --git a/deployment_configuration.json b/deployment_configuration.json index 929f2be..9c2f99a 100644 --- a/deployment_configuration.json +++ b/deployment_configuration.json @@ -16,7 +16,7 @@ "targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de" }, "mjolnir": { - "targetHostname": "mjolnir.hosts.hamburg.ccc.de" + "targetHostname": "mjolnir-intern.hamburg.ccc.de" }, "woodpecker": { "targetHostname": "woodpecker-intern.hamburg.ccc.de" diff --git a/flake.lock b/flake.lock index 76a3fc3..3d624db 100644 --- a/flake.lock +++ b/flake.lock @@ -17,18 +17,52 @@ "url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys" } }, - "nixpkgs": { + "nixlib": { "locked": { - "lastModified": 1761173472, - "narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb", + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-25.05", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1736657626, + "narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -49,10 +83,27 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1761173472, + "narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "authorizedKeysRepo": "authorizedKeysRepo", - "nixpkgs": "nixpkgs", + "nixos-generators": "nixos-generators", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix" } diff --git a/flake.nix b/flake.nix index be9e8fb..3901c78 100644 --- a/flake.nix +++ b/flake.nix @@ -8,12 +8,12 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; - # # Add nixos-generators as an input. - # # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake - # nixos-generators = { - # url = "github:nix-community/nixos-generators"; - # #inputs.nixpkgs.follows = "nixpkgs"; - # }; + # Add nixos-generators as an input. + # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake + nixos-generators = { + url = "github:nix-community/nixos-generators"; + #inputs.nixpkgs.follows = "nixpkgs"; + }; # Add sops-nix as an input for secret management. # See here: https://github.com/Mic92/sops-nix?tab=readme-ov-file#flakes-current-recommendation @@ -28,7 +28,7 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, authorizedKeysRepo, ... }: + outputs = { self, nixpkgs, nixos-generators, nixpkgs-unstable, sops-nix, authorizedKeysRepo, ... }: let specialArgs = { inherit authorizedKeysRepo; @@ -233,30 +233,30 @@ }; }; - # packages.x86_64-linux = { - # proxmox-nixos-template = nixos-generators.nixosGenerate { - # inherit specialArgs; - # system = "x86_64-linux"; - # modules = [ - # ./config/nixos-generators/proxmox.nix - # self.nixosModules.common - # self.nixosModules.proxmox-vm - # ]; - # format = "proxmox"; - # }; + packages.x86_64-linux = { + proxmox-nixos-template = nixos-generators.nixosGenerate { + inherit specialArgs; + system = "x86_64-linux"; + modules = [ + ./config/nixos-generators/proxmox.nix + self.nixosModules.common + self.nixosModules.proxmox-vm + ]; + format = "proxmox"; + }; - # proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate { - # inherit specialArgs; - # system = "x86_64-linux"; - # modules = [ - # ./config/nixos-generators/proxmox-chaosknoten.nix - # ./config/proxmox-chaosknoten-additional-initial-config.nix - # self.nixosModules.common - # self.nixosModules.proxmox-vm - # ]; - # format = "proxmox"; - # }; - # }; + proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate { + inherit specialArgs; + system = "x86_64-linux"; + modules = [ + ./config/nixos-generators/proxmox-chaosknoten.nix + ./config/proxmox-chaosknoten-additional-initial-config.nix + self.nixosModules.common + self.nixosModules.proxmox-vm + ]; + format = "proxmox"; + }; + }; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; diff --git a/modules/services/audio/shairport-sync.nix b/modules/services/audio/shairport-sync.nix index 43d1285..f02485f 100644 --- a/modules/services/audio/shairport-sync.nix +++ b/modules/services/audio/shairport-sync.nix @@ -18,47 +18,33 @@ in services.shairport-sync = { enable = true; package = pkgs.shairport-sync-airplay2; - arguments = "-o pw -v"; + settings = { + diagnostics = { + log_verbosity = 1; + }; + general = { + name = cfg.name; + output_backend = "pw"; + }; + metadata = { + enabled = "yes"; + include_cover_art = "yes"; + cover_art_cache_directory = "/tmp/shairport-sync/.cache/coverart"; + pipe_name = "/tmp/shairport-sync-metadata"; + pipe_timeout = 5000; + }; + mqtt = { + enabled = "yes"; + hostname = "mqtt.ccchh.net"; + port = 1883; + publish_parsed = "yes"; + publish_cover = "yes"; + }; + }; }; users.users.shairport.extraGroups = [ "pipewire" "audio" ]; - environment.etc.shairport-sync-config = { - enable = true; - text = '' - // Config for MQTT and metadata. - // For reference see: - // https://github.com/mikebrady/shairport-sync/blob/8c607e2d61ea5fde8ed0b48b2471a543840c31e6/scripts/shairport-sync.conf - // https://github.com/mikebrady/shairport-sync/blob/0f0f65b67649d4a25d06f13b56a6077a90b0f6cc/MQTT.md - general = - { - name = "${cfg.name}"; - } - - metadata = - { - enabled = "yes"; // set this to yes to get Shairport Sync to solicit metadata from the source and to pass it on via a pipe - include_cover_art = "yes"; // set to "yes" to get Shairport Sync to solicit cover art from the source and pass it via the pipe. You must also set "enabled" to "yes". - cover_art_cache_directory = "/tmp/shairport-sync/.cache/coverart"; // artwork will be stored in this directory if the dbus or MPRIS interfaces are enabled or if the MQTT client is in use. Set it to "" to prevent caching, which may be useful on some systems - pipe_name = "/tmp/shairport-sync-metadata"; - pipe_timeout = 5000; // wait for this number of milliseconds for a blocked pipe to unblock before giving up - }; - - - mqtt = - { - enabled = "yes"; // set this to yes to enable the mqtt-metadata-service - hostname = "mqtt.ccchh.net"; // Hostname of the MQTT Broker - port = 1883; // Port on the MQTT Broker to connect to - // publish_raw = "no"; //whether to publish all available metadata under the codes given in the 'metadata' docs. - publish_parsed = "yes"; //whether to publish a small (but useful) subset of metadata under human-understandable topics - publish_cover = "yes"; //whether to publish the cover over mqtt in binary form. This may lead to a bit of load on the broker - // enable_remote = "yes"; //whether to remote control via MQTT. RC is available under `topic`/remote. - }; - ''; - target = "shairport-sync.conf"; - }; - systemd.services.shairport-sync = { serviceConfig = { Restart = "on-failure";