From 6a4960066d550781b8494205312c4795588bb420 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Sat, 6 Dec 2025 21:15:41 +0100 Subject: [PATCH 1/4] shairport-sync: use settings module instead of custom text string --- modules/services/audio/shairport-sync.nix | 60 +++++++++-------------- 1 file changed, 23 insertions(+), 37 deletions(-) diff --git a/modules/services/audio/shairport-sync.nix b/modules/services/audio/shairport-sync.nix index 43d1285..f02485f 100644 --- a/modules/services/audio/shairport-sync.nix +++ b/modules/services/audio/shairport-sync.nix @@ -18,47 +18,33 @@ in services.shairport-sync = { enable = true; package = pkgs.shairport-sync-airplay2; - arguments = "-o pw -v"; + settings = { + diagnostics = { + log_verbosity = 1; + }; + general = { + name = cfg.name; + output_backend = "pw"; + }; + metadata = { + enabled = "yes"; + include_cover_art = "yes"; + cover_art_cache_directory = "/tmp/shairport-sync/.cache/coverart"; + pipe_name = "/tmp/shairport-sync-metadata"; + pipe_timeout = 5000; + }; + mqtt = { + enabled = "yes"; + hostname = "mqtt.ccchh.net"; + port = 1883; + publish_parsed = "yes"; + publish_cover = "yes"; + }; + }; }; users.users.shairport.extraGroups = [ "pipewire" "audio" ]; - environment.etc.shairport-sync-config = { - enable = true; - text = '' - // Config for MQTT and metadata. - // For reference see: - // https://github.com/mikebrady/shairport-sync/blob/8c607e2d61ea5fde8ed0b48b2471a543840c31e6/scripts/shairport-sync.conf - // https://github.com/mikebrady/shairport-sync/blob/0f0f65b67649d4a25d06f13b56a6077a90b0f6cc/MQTT.md - general = - { - name = "${cfg.name}"; - } - - metadata = - { - enabled = "yes"; // set this to yes to get Shairport Sync to solicit metadata from the source and to pass it on via a pipe - include_cover_art = "yes"; // set to "yes" to get Shairport Sync to solicit cover art from the source and pass it via the pipe. You must also set "enabled" to "yes". - cover_art_cache_directory = "/tmp/shairport-sync/.cache/coverart"; // artwork will be stored in this directory if the dbus or MPRIS interfaces are enabled or if the MQTT client is in use. Set it to "" to prevent caching, which may be useful on some systems - pipe_name = "/tmp/shairport-sync-metadata"; - pipe_timeout = 5000; // wait for this number of milliseconds for a blocked pipe to unblock before giving up - }; - - - mqtt = - { - enabled = "yes"; // set this to yes to enable the mqtt-metadata-service - hostname = "mqtt.ccchh.net"; // Hostname of the MQTT Broker - port = 1883; // Port on the MQTT Broker to connect to - // publish_raw = "no"; //whether to publish all available metadata under the codes given in the 'metadata' docs. - publish_parsed = "yes"; //whether to publish a small (but useful) subset of metadata under human-understandable topics - publish_cover = "yes"; //whether to publish the cover over mqtt in binary form. This may lead to a bit of load on the broker - // enable_remote = "yes"; //whether to remote control via MQTT. RC is available under `topic`/remote. - }; - ''; - target = "shairport-sync.conf"; - }; - systemd.services.shairport-sync = { serviceConfig = { Restart = "on-failure"; From b16f0190e0e33c41a7c0dd761bc416242048c6a8 Mon Sep 17 00:00:00 2001 From: June Date: Sat, 27 Dec 2025 23:21:35 +0100 Subject: [PATCH 2/4] disable nixos-generators input as its broken a. makes infra-rebuild fail --- flake.lock | 65 ++++++------------------------------------------------ flake.nix | 60 ++++++++++++++++++++++++------------------------- 2 files changed, 37 insertions(+), 88 deletions(-) diff --git a/flake.lock b/flake.lock index 3d624db..76a3fc3 100644 --- a/flake.lock +++ b/flake.lock @@ -17,52 +17,18 @@ "url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys" } }, - "nixlib": { - "locked": { - "lastModified": 1736643958, - "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1751903740, - "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "032decf9db65efed428afd2fa39d80f7089085eb", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1736657626, - "narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=", - "owner": "NixOS", + "lastModified": 1761173472, + "narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e", + "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } @@ -83,27 +49,10 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1761173472, - "narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "authorizedKeysRepo": "authorizedKeysRepo", - "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix" } diff --git a/flake.nix b/flake.nix index 3901c78..be9e8fb 100644 --- a/flake.nix +++ b/flake.nix @@ -8,12 +8,12 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; - # Add nixos-generators as an input. - # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake - nixos-generators = { - url = "github:nix-community/nixos-generators"; - #inputs.nixpkgs.follows = "nixpkgs"; - }; + # # Add nixos-generators as an input. + # # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake + # nixos-generators = { + # url = "github:nix-community/nixos-generators"; + # #inputs.nixpkgs.follows = "nixpkgs"; + # }; # Add sops-nix as an input for secret management. # See here: https://github.com/Mic92/sops-nix?tab=readme-ov-file#flakes-current-recommendation @@ -28,7 +28,7 @@ }; }; - outputs = { self, nixpkgs, nixos-generators, nixpkgs-unstable, sops-nix, authorizedKeysRepo, ... }: + outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, authorizedKeysRepo, ... }: let specialArgs = { inherit authorizedKeysRepo; @@ -233,30 +233,30 @@ }; }; - packages.x86_64-linux = { - proxmox-nixos-template = nixos-generators.nixosGenerate { - inherit specialArgs; - system = "x86_64-linux"; - modules = [ - ./config/nixos-generators/proxmox.nix - self.nixosModules.common - self.nixosModules.proxmox-vm - ]; - format = "proxmox"; - }; + # packages.x86_64-linux = { + # proxmox-nixos-template = nixos-generators.nixosGenerate { + # inherit specialArgs; + # system = "x86_64-linux"; + # modules = [ + # ./config/nixos-generators/proxmox.nix + # self.nixosModules.common + # self.nixosModules.proxmox-vm + # ]; + # format = "proxmox"; + # }; - proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate { - inherit specialArgs; - system = "x86_64-linux"; - modules = [ - ./config/nixos-generators/proxmox-chaosknoten.nix - ./config/proxmox-chaosknoten-additional-initial-config.nix - self.nixosModules.common - self.nixosModules.proxmox-vm - ]; - format = "proxmox"; - }; - }; + # proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate { + # inherit specialArgs; + # system = "x86_64-linux"; + # modules = [ + # ./config/nixos-generators/proxmox-chaosknoten.nix + # ./config/proxmox-chaosknoten-additional-initial-config.nix + # self.nixosModules.common + # self.nixosModules.proxmox-vm + # ]; + # format = "proxmox"; + # }; + # }; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; From 971274b473e6384c88d2262e71d1dbf65dde67f7 Mon Sep 17 00:00:00 2001 From: ViMaSter Date: Fri, 26 Dec 2025 19:54:29 +0100 Subject: [PATCH 3/4] feat: Adds a shortcode to the shop --- config/hosts/public-web-static/virtualHosts/hacker.tours.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix index 1ee6180..20bb644 100644 --- a/config/hosts/public-web-static/virtualHosts/hacker.tours.nix +++ b/config/hosts/public-web-static/virtualHosts/hacker.tours.nix @@ -22,6 +22,10 @@ in "${domain}" = { forceSSL = true; useACMEHost = "${domain}"; + + locations."/shop" = { + return = "302 https://tickets.hamburg.ccc.de"; + }; listen = [ { From c9e27a5bb6ad80362a2cb573a36045532200d806 Mon Sep 17 00:00:00 2001 From: June Date: Wed, 7 Jan 2026 19:20:50 +0100 Subject: [PATCH 4/4] mjolnir: use cloud-init for network configuration and move to new net. Switch to cloud-init to align with the Ansible infra. Also move to new network and hostname. --- config/hosts/mjolnir/networking.nix | 28 +++++++++++++++++----------- deployment_configuration.json | 2 +- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/config/hosts/mjolnir/networking.nix b/config/hosts/mjolnir/networking.nix index a441814..4d4693d 100644 --- a/config/hosts/mjolnir/networking.nix +++ b/config/hosts/mjolnir/networking.nix @@ -1,18 +1,24 @@ { ... }: { - networking = { - interfaces.net0 = { - ipv4.addresses = [ - { - address = "172.31.17.161"; - prefixLength = 25; - } + networking.useDHCP = false; + + services.cloud-init = { + enable = true; + network.enable = true; + + # Version without ssh of: + # https://github.com/NixOS/nixpkgs/blob/3c9db02515ef1d9b6b709fc60ba9a540957f661c/nixos/modules/services/system/cloud-init.nix#L145 + # So we don't get ssh hostkey regenerations. + settings.cloud_config_modules = [ + "disk_setup" + "mounts" + "ssh-import-id" + "set-passwords" + "timezone" + "disable-ec2-metadata" + "runcmd" ]; - }; - defaultGateway = "172.31.17.129"; - nameservers = [ "212.12.50.158" "192.76.134.90" ]; - search = [ "hamburg.ccc.de" ]; }; systemd.network.links."10-net0" = { diff --git a/deployment_configuration.json b/deployment_configuration.json index 9c2f99a..929f2be 100644 --- a/deployment_configuration.json +++ b/deployment_configuration.json @@ -16,7 +16,7 @@ "targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de" }, "mjolnir": { - "targetHostname": "mjolnir-intern.hamburg.ccc.de" + "targetHostname": "mjolnir.hosts.hamburg.ccc.de" }, "woodpecker": { "targetHostname": "woodpecker-intern.hamburg.ccc.de"