Compare commits

..

1 commit

Author SHA1 Message Date
e4f5655c88
add required nixConfig option 2024-11-12 22:36:51 +01:00
28 changed files with 216 additions and 348 deletions

21
LICENSE
View file

@ -1,21 +0,0 @@
MIT License
Copyright (c) CCCHH
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View file

@ -73,7 +73,3 @@ Build a new NixOS Proxmox VE Template for the chaosknoten:
```shell
nix build .#proxmox-chaosknoten-nixos-template
```
## License
This CCCHH nix-infra repository is licensed under the [MIT License](./LICENSE).

View file

@ -6,9 +6,14 @@
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
{ config, pkgs, lib, authorizedKeysRepo, ... }:
{ config, pkgs, lib, ... }:
let
authorizedKeysRepo = pkgs.fetchgit {
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys";
rev = "686a6af22f6696f0c0595c56f463c078550049fc";
hash = "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=";
};
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
in
{

View file

@ -21,8 +21,7 @@ let
app = "dokuwiki";
domain = "eh22.easterhegg.eu";
dataDir = "/srv/www/${domain}";
in
{
in {
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${app} ${app}"
];
@ -77,7 +76,7 @@ in
default = true;
enableACME = true;
serverName = "${domain}";
listen = [
{
addr = "0.0.0.0";

View file

@ -7,19 +7,13 @@
# - https://codeberg.org/forgejo/forgejo/src/branch/forgejo/docs/content/administration/reverse-proxies.en-us.md
# - https://forgejo.org/docs/latest/admin/email-setup/
{ pkgs, ... }:
{ pkgs-unstable, ... }:
{
services.forgejo = {
enable = true;
package = pkgs.forgejo;
database.type = "postgres";
secrets = {
mailer = {
PASSWD = "/run/secrets/forgejo_git_smtp_password";
};
};
mailerPasswordFile = "/run/secrets/forgejo_git_smtp_password";
settings = {
DEFAULT = {

View file

@ -1,10 +1,10 @@
{ ... }:
{
networking = {
hostName = "mqtt";
domain = "z9.ccchh.net";
};
networking = {
hostName = "mqtt";
domain = "z9.ccchh.net";
};
system.stateVersion = "23.11";
}
system.stateVersion = "23.11";
}

View file

@ -1,9 +1,9 @@
{ pkgs, ... }:
{
imports = [
./configuration.nix
./networking.nix
./mosquitto.nix
];
}
imports = [
./configuration.nix
./networking.nix
./mosquitto.nix
];
}

View file

@ -5,29 +5,29 @@
{ ... }:
{
services.mosquitto = {
enable = true;
persistence = true;
services.mosquitto = {
enable = true;
persistence = true;
# set config for all listeners
listeners = [{
settings.allow_anonymous = true;
omitPasswordAuth = true;
acl = [ "topic readwrite #" ];
}];
# set config for all listeners
listeners = [ {
settings.allow_anonymous = true;
omitPasswordAuth = true;
acl = ["topic readwrite #"];
} ];
bridges.winkekatz = {
addresses = [
{ address = "mqtt.winkekatze24.de"; }
];
topics = [
"winkekatze/allcats/eye/set in 2"
"winkekatze/allcats in 2"
"+/status out 2 winkekatze/ \"\""
"+/connected out 2 winkekatze/ \"\""
];
bridges.winkekatz = {
addresses = [
{ address = "mqtt.winkekatze24.de"; }
];
topics = [
"winkekatze/allcats/eye/set in 2"
"winkekatze/allcats in 2"
"+/status out 2 winkekatze/ \"\""
"+/connected out 2 winkekatze/ \"\""
];
};
};
};
networking.firewall.allowedTCPPorts = [ 1883 ];
}
networking.firewall.allowedTCPPorts = [ 1883 ];
}

View file

@ -26,7 +26,7 @@
};
yuri = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
];

View file

@ -1,19 +1,10 @@
{ pkgs, ... }:
let
domain = "c3cat.de";
dataDir = "/var/www/${domain}";
deployUser = "c3cat-website-deploy";
in {
security.acme.certs."${domain}".extraDomainNames = [ "www.${domain}" ];
{
services.nginx.virtualHosts = {
"acme-${domain}" = {
"acme-c3cat.de" = {
enableACME = true;
serverName = "${domain}";
serverAliases = [
"www.${domain}"
];
serverName = "c3cat.de";
listen = [
{
@ -23,9 +14,9 @@ in {
];
};
"$www.${domain}" = {
"c3cat.de" = {
forceSSL = true;
useACMEHost = "${domain}";
useACMEHost = "c3cat.de";
listen = [
{
@ -37,7 +28,7 @@ in {
];
locations."/" = {
return = "302 https://c3cat.de$request_uri";
return = "302 https://wiki.hamburg.ccc.de/club:c3cat:start";
};
extraConfig = ''
@ -51,45 +42,5 @@ in {
real_ip_header proxy_protocol;
'';
};
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "${dataDir}";
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
];
users.users."${deployUser}" = {
isNormalUser = true;
group = "${deployUser}";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcZJzQO4RYinJm6YDUgCELe8OJA/DYOss+8xp7TtxM0 deploy key for c3cat.de"
];
};
users.groups."${deployUser}" = { };
}

View file

@ -9,7 +9,6 @@
./hackertours.hamburg.ccc.de.nix
./hamburg.ccc.de.nix
./spaceapi.hamburg.ccc.de.nix
./staging.c3cat.de.nix
./staging.hacker.tours.nix
./staging.hackertours.hamburg.ccc.de.nix
./staging.hamburg.ccc.de.nix

View file

@ -4,8 +4,7 @@ let
domain = "hacker.tours";
dataDir = "/var/www/${domain}";
deployUser = "hackertours-website-deploy";
in
{
in {
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;

View file

@ -4,8 +4,7 @@ let
domain = "hackertours.hamburg.ccc.de";
dataDir = "/var/www/${domain}";
deployUser = "ht-ccchh-website-deploy";
in
{
in {
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;

View file

@ -1,4 +1,4 @@
{ ... }:
{...}:
{
imports = [
@ -9,4 +9,4 @@
./eh11.nix
./eh20.nix
];
}
}

View file

@ -6,7 +6,7 @@ let
rev = "74977c56486cd060566bf06678a936e801952f9e";
hash = "sha256-ded/NO+Jex2Sa4yWAIRpqANsv8i0vKmJSkM5r9KxaVk=";
};
in
in
{
security.acme.certs."eh03.easterhegg.eu".extraDomainNames = [
"eh2003.hamburg.ccc.de"
@ -48,7 +48,7 @@ in
}];
locations."/".return = "302 https://eh03.easterhegg.eu";
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy

View file

@ -48,7 +48,7 @@ in
}];
locations."/".return = "302 https://eh05.easterhegg.eu";
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
@ -60,7 +60,7 @@ in
real_ip_header proxy_protocol;
'';
};
"eh05.easterhegg.eu" = {
forceSSL = true;
useACMEHost = "eh05.easterhegg.eu";
@ -71,7 +71,7 @@ in
ssl = true;
proxyProtocol = true;
}];
locations."/" = {
index = "index.shtml";
root = eh05;
@ -80,7 +80,7 @@ in
default_type text/html;
# Enable SSI
ssi on;
'';
'';
};
extraConfig = ''

View file

@ -54,7 +54,7 @@ in
}];
locations."/".return = "302 https://eh07.easterhegg.eu";
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
@ -86,7 +86,7 @@ in
default_type text/html;
# Enable SSI
ssi on;
'';
'';
};
extraConfig = ''

View file

@ -54,7 +54,7 @@ in
}];
locations."/".return = "302 https://eh09.easterhegg.eu";
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
@ -86,7 +86,7 @@ in
default_type text/html;
# Enable SSI
ssi on;
'';
'';
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and

View file

@ -54,7 +54,7 @@ in
}];
locations."/".return = "302 https://eh11.easterhegg.eu";
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
@ -86,7 +86,7 @@ in
default_type text/html;
# Enable SSI
ssi on;
'';
'';
};
extraConfig = ''

View file

@ -1,60 +0,0 @@
{ pkgs, ... }:
let
domain = "staging.c3cat.de";
dataDir = "/var/www/${domain}";
deployUser = "c3cat-website-deploy";
in {
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;
serverName = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "${dataDir}";
# Disallow *, since this is staging and doesn't need to be in any search
# results.
locations."/robots.txt" = {
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
];
# c3cat deploy user already defined in c3cat.de.nix.
}

View file

@ -4,8 +4,7 @@ let
domain = "staging.hacker.tours";
dataDir = "/var/www/${domain}";
deployUser = "hackertours-website-deploy";
in
{
in {
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;

View file

@ -4,8 +4,7 @@ let
domain = "staging.hackertours.hamburg.ccc.de";
dataDir = "/var/www/${domain}";
deployUser = "ht-ccchh-website-deploy";
in
{
in {
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;

View file

@ -3,12 +3,13 @@
# - https://woodpecker-ci.org/docs/administration/agent-config
# - https://woodpecker-ci.org/docs/administration/backends/docker
{ config, pkgs, ... }:
{ config, pkgs, pkgs-unstable, ... }:
{
services.woodpecker-agents.agents."docker" = {
enable = true;
package = pkgs.woodpecker-agent;
# Since we use woodpecker-server from unstable, use the agent from unstable as well.
package = pkgs-unstable.woodpecker-agent;
extraGroups = [ "docker" ];
environment = {
WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}";

View file

@ -5,12 +5,14 @@
# - https://woodpecker-ci.org/docs/administration/forges/forgejo
# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
{ config, pkgs, ... }:
{ config, pkgs, pkgs-unstable, ... }:
{
services.woodpecker-server = {
enable = true;
package = pkgs.woodpecker-server;
# Use package from unstable to get at least version 2.6.0 for native Forgejo support.
# https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0
package = pkgs-unstable.woodpecker-server;
environment = {
WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
WOODPECKER_SERVER_ADDR = ":8001";
@ -22,7 +24,6 @@
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
WOODPECKER_FORGEJO = "true";
WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
WOODPECKER_LIMIT_MEM = "6442450944"; # 6GB
# Set via enviornmentFile:
# WOODPECKER_FORGEJO_CLIENT
# WOODPECKER_FORGEJO_SECRET

View file

@ -6,16 +6,16 @@
description = "Yate telehony engine";
unitConfig = {
Type = "simple";
After = "network.target";
After="network.target";
};
serviceConfig = {
ExecStart = "${pkgs.yate}/bin/yate -c /yate -e /yate/share -Do";
Type = "simple";
Restart = "always";
Type="simple";
Restart="always";
# ...
};
wantedBy = [ "default.target" ];
requiredBy = [ "network.target" ];
requiredBy = [ "network.target" ];
# ...
};
}

View file

@ -1,26 +1,12 @@
{
"nodes": {
"authorizedKeysRepo": {
"flake": false,
"locked": {
"lastModified": 1731276342,
"narHash": "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=",
"rev": "686a6af22f6696f0c0595c56f463c078550049fc",
"type": "tarball",
"url": "https://git.hamburg.ccc.de/api/v1/repos/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz?rev=686a6af22f6696f0c0595c56f463c078550049fc"
},
"original": {
"type": "tarball",
"url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz"
}
},
"nixlib": {
"locked": {
"lastModified": 1734224914,
"narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=",
"lastModified": 1729386149,
"narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "538697b664a64fade8ce628d01f35d1f1fd82d77",
"rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
"type": "github"
},
"original": {
@ -32,14 +18,16 @@
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": "nixpkgs"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1734311693,
"narHash": "sha256-ODRrnbaUsOe3e4kp+uHl+iJxey5zE3kqiBqJWQxrlnY=",
"lastModified": 1729472750,
"narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "a5278f7c326205681f1f42a90fa46a75a13627eb",
"rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
"type": "github"
},
"original": {
@ -50,41 +38,57 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1734126203,
"narHash": "sha256-0XovF7BYP50rTD2v4r55tR5MuBLet7q4xIz6Rgh3BBU=",
"owner": "NixOS",
"lastModified": 1731133565,
"narHash": "sha256-tCErjTdCUWK06LzkcvwUM+3pyrrmdf8e0VDBBTgqznE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "71a6392e367b08525ee710a93af2e80083b5b3e2",
"rev": "11f65b4b0405cff5b54c813626bddcf5435d7ad2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"owner": "nixos",
"ref": "nixos-24.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1734298236,
"narHash": "sha256-aWhhqY44xBjMoO9r5fyPp5u8tqUNWRZ/m/P+abMSs5c=",
"lastModified": 1730602179,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1731265036,
"narHash": "sha256-e5I+glVZwQvLT6WIeMFi0Mk+N/jkYauZ31ir2NRZcf8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "eb919d9300b6a18f8583f58aef16db458fbd7bec",
"rev": "8aed22ecd71e5b67e5299efae8b9dc580dec711c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11-small",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"authorizedKeysRepo": "authorizedKeysRepo",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix"
}
},
@ -92,14 +96,15 @@
"inputs": {
"nixpkgs": [
"nixpkgs"
]
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1733965552,
"narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=",
"lastModified": 1731213149,
"narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004",
"rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7",
"type": "github"
},
"original": {

183
flake.nix
View file

@ -1,17 +1,22 @@
{
description = "CCCHH Nix Infrastructure";
nixConfig = {
allow-import-from-derivation = true;
};
inputs = {
# Use the NixOS small channels for nixpkgs.
# https://nixos.org/manual/nixos/stable/#sec-upgrading
# https://github.com/NixOS/nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
# Add nixos-generators as an input.
# See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
nixos-generators = {
url = "github:nix-community/nixos-generators";
#inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
# Add sops-nix as an input for secret management.
@ -20,214 +25,214 @@
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
authorizedKeysRepo = {
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz";
flake = false;
};
};
outputs = { self, nixpkgs, nixos-generators, sops-nix, authorizedKeysRepo, ... }:
outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
let
specialArgs = {
inherit authorizedKeysRepo;
};
system = "x86_64-linux";
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
# See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
});
};
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
in
{
nixosModules = {
common = ./config/common;
proxmox-vm = ./config/proxmox-vm;
prometheus-exporter = ./config/extra/prometheus-exporter.nix;
};
nixosConfigurations = {
audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
./config/hosts/audio-hauptraum-kueche
];
};
audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
./config/hosts/audio-hauptraum-tafel
];
};
esphome = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
./config/hosts/esphome
];
};
public-reverse-proxy = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
./config/hosts/public-reverse-proxy
];
};
netbox = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter
./config/extra/prometheus-exporter.nix
./config/hosts/netbox
];
};
matrix = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter
./config/extra/prometheus-exporter.nix
./config/hosts/matrix
];
};
public-web-static = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter
./config/extra/prometheus-exporter.nix
./config/hosts/public-web-static
];
};
git = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter
./config/extra/prometheus-exporter.nix
./config/hosts/git
];
};
forgejo-actions-runner = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter
./config/extra/prometheus-exporter.nix
./config/hosts/forgejo-actions-runner
];
};
ptouch-print-server = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
./config/hosts/ptouch-print-server
];
};
eh22-wiki = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
self.nixosModules.prometheus-exporter
./config/common
./config/proxmox-vm
./config/extra/prometheus-exporter.nix
./config/hosts/eh22-wiki
];
};
nix-box-june = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
self.nixosModules.prometheus-exporter
./config/common
./config/proxmox-vm
./config/extra/prometheus-exporter.nix
./config/hosts/nix-box-june
];
};
yate = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
./config/hosts/yate
];
};
mqtt = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
./config/hosts/mqtt
];
};
mjolnir = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter
./config/extra/prometheus-exporter.nix
./config/hosts/mjolnir
];
};
woodpecker = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter
./config/extra/prometheus-exporter.nix
./config/hosts/woodpecker
];
specialArgs = {
inherit pkgs-unstable;
};
};
status = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
./config/hosts/status
];
};
penpot = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter
./config/extra/prometheus-exporter.nix
./config/hosts/penpot
];
};
hydra = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
self.nixosModules.prometheus-exporter
./config/common
./config/proxmox-vm
./config/extra/prometheus-exporter.nix
./config/hosts/hydra
];
};
@ -235,24 +240,22 @@
packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox.nix
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox-chaosknoten.nix
./config/proxmox-chaosknoten-additional-initial-config.nix
self.nixosModules.common
self.nixosModules.proxmox-vm
./config/common
./config/proxmox-vm
];
format = "proxmox";
};

View file

@ -17,7 +17,6 @@ in
config = mkIf cfg.enable {
services.shairport-sync = {
enable = true;
package = pkgs.shairport-sync-airplay2;
arguments = "-o pw -v";
};