Compare commits
1 commit
main
...
nixOptions
Author | SHA1 | Date | |
---|---|---|---|
e4f5655c88 |
28 changed files with 216 additions and 348 deletions
21
LICENSE
21
LICENSE
|
@ -1,21 +0,0 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) CCCHH
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
|
@ -73,7 +73,3 @@ Build a new NixOS Proxmox VE Template for the chaosknoten:
|
|||
```shell
|
||||
nix build .#proxmox-chaosknoten-nixos-template
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
This CCCHH nix-infra repository is licensed under the [MIT License](./LICENSE).
|
||||
|
|
|
@ -6,9 +6,14 @@
|
|||
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
|
||||
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
|
||||
|
||||
{ config, pkgs, lib, authorizedKeysRepo, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
authorizedKeysRepo = pkgs.fetchgit {
|
||||
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys";
|
||||
rev = "686a6af22f6696f0c0595c56f463c078550049fc";
|
||||
hash = "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=";
|
||||
};
|
||||
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
||||
in
|
||||
{
|
||||
|
|
|
@ -21,8 +21,7 @@ let
|
|||
app = "dokuwiki";
|
||||
domain = "eh22.easterhegg.eu";
|
||||
dataDir = "/srv/www/${domain}";
|
||||
in
|
||||
{
|
||||
in {
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${dataDir} 0755 ${app} ${app}"
|
||||
];
|
||||
|
@ -77,7 +76,7 @@ in
|
|||
default = true;
|
||||
enableACME = true;
|
||||
serverName = "${domain}";
|
||||
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
|
|
|
@ -7,19 +7,13 @@
|
|||
# - https://codeberg.org/forgejo/forgejo/src/branch/forgejo/docs/content/administration/reverse-proxies.en-us.md
|
||||
# - https://forgejo.org/docs/latest/admin/email-setup/
|
||||
|
||||
{ pkgs, ... }:
|
||||
{ pkgs-unstable, ... }:
|
||||
|
||||
{
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
package = pkgs.forgejo;
|
||||
database.type = "postgres";
|
||||
|
||||
secrets = {
|
||||
mailer = {
|
||||
PASSWD = "/run/secrets/forgejo_git_smtp_password";
|
||||
};
|
||||
};
|
||||
mailerPasswordFile = "/run/secrets/forgejo_git_smtp_password";
|
||||
|
||||
settings = {
|
||||
DEFAULT = {
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
networking = {
|
||||
hostName = "mqtt";
|
||||
domain = "z9.ccchh.net";
|
||||
};
|
||||
networking = {
|
||||
hostName = "mqtt";
|
||||
domain = "z9.ccchh.net";
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
system.stateVersion = "23.11";
|
||||
}
|
|
@ -1,9 +1,9 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./configuration.nix
|
||||
./networking.nix
|
||||
./mosquitto.nix
|
||||
];
|
||||
}
|
||||
imports = [
|
||||
./configuration.nix
|
||||
./networking.nix
|
||||
./mosquitto.nix
|
||||
];
|
||||
}
|
|
@ -5,29 +5,29 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
services.mosquitto = {
|
||||
enable = true;
|
||||
persistence = true;
|
||||
services.mosquitto = {
|
||||
enable = true;
|
||||
persistence = true;
|
||||
|
||||
# set config for all listeners
|
||||
listeners = [{
|
||||
settings.allow_anonymous = true;
|
||||
omitPasswordAuth = true;
|
||||
acl = [ "topic readwrite #" ];
|
||||
}];
|
||||
# set config for all listeners
|
||||
listeners = [ {
|
||||
settings.allow_anonymous = true;
|
||||
omitPasswordAuth = true;
|
||||
acl = ["topic readwrite #"];
|
||||
} ];
|
||||
|
||||
bridges.winkekatz = {
|
||||
addresses = [
|
||||
{ address = "mqtt.winkekatze24.de"; }
|
||||
];
|
||||
topics = [
|
||||
"winkekatze/allcats/eye/set in 2"
|
||||
"winkekatze/allcats in 2"
|
||||
"+/status out 2 winkekatze/ \"\""
|
||||
"+/connected out 2 winkekatze/ \"\""
|
||||
];
|
||||
bridges.winkekatz = {
|
||||
addresses = [
|
||||
{ address = "mqtt.winkekatze24.de"; }
|
||||
];
|
||||
topics = [
|
||||
"winkekatze/allcats/eye/set in 2"
|
||||
"winkekatze/allcats in 2"
|
||||
"+/status out 2 winkekatze/ \"\""
|
||||
"+/connected out 2 winkekatze/ \"\""
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 1883 ];
|
||||
}
|
||||
networking.firewall.allowedTCPPorts = [ 1883 ];
|
||||
}
|
|
@ -26,7 +26,7 @@
|
|||
};
|
||||
yuri = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
|
||||
];
|
||||
|
|
|
@ -1,19 +1,10 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
domain = "c3cat.de";
|
||||
dataDir = "/var/www/${domain}";
|
||||
deployUser = "c3cat-website-deploy";
|
||||
in {
|
||||
security.acme.certs."${domain}".extraDomainNames = [ "www.${domain}" ];
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-${domain}" = {
|
||||
"acme-c3cat.de" = {
|
||||
enableACME = true;
|
||||
serverName = "${domain}";
|
||||
serverAliases = [
|
||||
"www.${domain}"
|
||||
];
|
||||
serverName = "c3cat.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
|
@ -23,9 +14,9 @@ in {
|
|||
];
|
||||
};
|
||||
|
||||
"$www.${domain}" = {
|
||||
"c3cat.de" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "${domain}";
|
||||
useACMEHost = "c3cat.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
|
@ -37,7 +28,7 @@ in {
|
|||
];
|
||||
|
||||
locations."/" = {
|
||||
return = "302 https://c3cat.de$request_uri";
|
||||
return = "302 https://wiki.hamburg.ccc.de/club:c3cat:start";
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
|
@ -51,45 +42,5 @@ in {
|
|||
real_ip_header proxy_protocol;
|
||||
'';
|
||||
};
|
||||
|
||||
"${domain}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "${domain}";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 8443;
|
||||
ssl = true;
|
||||
proxyProtocol = true;
|
||||
}
|
||||
];
|
||||
|
||||
root = "${dataDir}";
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
|
||||
];
|
||||
|
||||
users.users."${deployUser}" = {
|
||||
isNormalUser = true;
|
||||
group = "${deployUser}";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcZJzQO4RYinJm6YDUgCELe8OJA/DYOss+8xp7TtxM0 deploy key for c3cat.de"
|
||||
];
|
||||
};
|
||||
users.groups."${deployUser}" = { };
|
||||
}
|
||||
|
|
|
@ -9,7 +9,6 @@
|
|||
./hackertours.hamburg.ccc.de.nix
|
||||
./hamburg.ccc.de.nix
|
||||
./spaceapi.hamburg.ccc.de.nix
|
||||
./staging.c3cat.de.nix
|
||||
./staging.hacker.tours.nix
|
||||
./staging.hackertours.hamburg.ccc.de.nix
|
||||
./staging.hamburg.ccc.de.nix
|
||||
|
|
|
@ -4,8 +4,7 @@ let
|
|||
domain = "hacker.tours";
|
||||
dataDir = "/var/www/${domain}";
|
||||
deployUser = "hackertours-website-deploy";
|
||||
in
|
||||
{
|
||||
in {
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-${domain}" = {
|
||||
enableACME = true;
|
||||
|
|
|
@ -4,8 +4,7 @@ let
|
|||
domain = "hackertours.hamburg.ccc.de";
|
||||
dataDir = "/var/www/${domain}";
|
||||
deployUser = "ht-ccchh-website-deploy";
|
||||
in
|
||||
{
|
||||
in {
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-${domain}" = {
|
||||
enableACME = true;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ ... }:
|
||||
{...}:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -9,4 +9,4 @@
|
|||
./eh11.nix
|
||||
./eh20.nix
|
||||
];
|
||||
}
|
||||
}
|
|
@ -6,7 +6,7 @@ let
|
|||
rev = "74977c56486cd060566bf06678a936e801952f9e";
|
||||
hash = "sha256-ded/NO+Jex2Sa4yWAIRpqANsv8i0vKmJSkM5r9KxaVk=";
|
||||
};
|
||||
in
|
||||
in
|
||||
{
|
||||
security.acme.certs."eh03.easterhegg.eu".extraDomainNames = [
|
||||
"eh2003.hamburg.ccc.de"
|
||||
|
@ -48,7 +48,7 @@ in
|
|||
}];
|
||||
|
||||
locations."/".return = "302 https://eh03.easterhegg.eu";
|
||||
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
|
|
|
@ -48,7 +48,7 @@ in
|
|||
}];
|
||||
|
||||
locations."/".return = "302 https://eh05.easterhegg.eu";
|
||||
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
|
@ -60,7 +60,7 @@ in
|
|||
real_ip_header proxy_protocol;
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
"eh05.easterhegg.eu" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "eh05.easterhegg.eu";
|
||||
|
@ -71,7 +71,7 @@ in
|
|||
ssl = true;
|
||||
proxyProtocol = true;
|
||||
}];
|
||||
|
||||
|
||||
locations."/" = {
|
||||
index = "index.shtml";
|
||||
root = eh05;
|
||||
|
@ -80,7 +80,7 @@ in
|
|||
default_type text/html;
|
||||
# Enable SSI
|
||||
ssi on;
|
||||
'';
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
|
|
|
@ -54,7 +54,7 @@ in
|
|||
}];
|
||||
|
||||
locations."/".return = "302 https://eh07.easterhegg.eu";
|
||||
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
|
@ -86,7 +86,7 @@ in
|
|||
default_type text/html;
|
||||
# Enable SSI
|
||||
ssi on;
|
||||
'';
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
|
|
|
@ -54,7 +54,7 @@ in
|
|||
}];
|
||||
|
||||
locations."/".return = "302 https://eh09.easterhegg.eu";
|
||||
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
|
@ -86,7 +86,7 @@ in
|
|||
default_type text/html;
|
||||
# Enable SSI
|
||||
ssi on;
|
||||
'';
|
||||
'';
|
||||
};
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
|
|
|
@ -54,7 +54,7 @@ in
|
|||
}];
|
||||
|
||||
locations."/".return = "302 https://eh11.easterhegg.eu";
|
||||
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
|
@ -86,7 +86,7 @@ in
|
|||
default_type text/html;
|
||||
# Enable SSI
|
||||
ssi on;
|
||||
'';
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
domain = "staging.c3cat.de";
|
||||
dataDir = "/var/www/${domain}";
|
||||
deployUser = "c3cat-website-deploy";
|
||||
in {
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-${domain}" = {
|
||||
enableACME = true;
|
||||
serverName = "${domain}";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 31820;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
"${domain}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "${domain}";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 8443;
|
||||
ssl = true;
|
||||
proxyProtocol = true;
|
||||
}
|
||||
];
|
||||
|
||||
root = "${dataDir}";
|
||||
|
||||
# Disallow *, since this is staging and doesn't need to be in any search
|
||||
# results.
|
||||
locations."/robots.txt" = {
|
||||
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
|
||||
];
|
||||
|
||||
# c3cat deploy user already defined in c3cat.de.nix.
|
||||
}
|
|
@ -4,8 +4,7 @@ let
|
|||
domain = "staging.hacker.tours";
|
||||
dataDir = "/var/www/${domain}";
|
||||
deployUser = "hackertours-website-deploy";
|
||||
in
|
||||
{
|
||||
in {
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-${domain}" = {
|
||||
enableACME = true;
|
||||
|
|
|
@ -4,8 +4,7 @@ let
|
|||
domain = "staging.hackertours.hamburg.ccc.de";
|
||||
dataDir = "/var/www/${domain}";
|
||||
deployUser = "ht-ccchh-website-deploy";
|
||||
in
|
||||
{
|
||||
in {
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-${domain}" = {
|
||||
enableACME = true;
|
||||
|
|
|
@ -3,12 +3,13 @@
|
|||
# - https://woodpecker-ci.org/docs/administration/agent-config
|
||||
# - https://woodpecker-ci.org/docs/administration/backends/docker
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, pkgs-unstable, ... }:
|
||||
|
||||
{
|
||||
services.woodpecker-agents.agents."docker" = {
|
||||
enable = true;
|
||||
package = pkgs.woodpecker-agent;
|
||||
# Since we use woodpecker-server from unstable, use the agent from unstable as well.
|
||||
package = pkgs-unstable.woodpecker-agent;
|
||||
extraGroups = [ "docker" ];
|
||||
environment = {
|
||||
WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}";
|
||||
|
|
|
@ -5,12 +5,14 @@
|
|||
# - https://woodpecker-ci.org/docs/administration/forges/forgejo
|
||||
# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, pkgs-unstable, ... }:
|
||||
|
||||
{
|
||||
services.woodpecker-server = {
|
||||
enable = true;
|
||||
package = pkgs.woodpecker-server;
|
||||
# Use package from unstable to get at least version 2.6.0 for native Forgejo support.
|
||||
# https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0
|
||||
package = pkgs-unstable.woodpecker-server;
|
||||
environment = {
|
||||
WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
|
||||
WOODPECKER_SERVER_ADDR = ":8001";
|
||||
|
@ -22,7 +24,6 @@
|
|||
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
|
||||
WOODPECKER_FORGEJO = "true";
|
||||
WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
|
||||
WOODPECKER_LIMIT_MEM = "6442450944"; # 6GB
|
||||
# Set via enviornmentFile:
|
||||
# WOODPECKER_FORGEJO_CLIENT
|
||||
# WOODPECKER_FORGEJO_SECRET
|
||||
|
|
|
@ -6,16 +6,16 @@
|
|||
description = "Yate telehony engine";
|
||||
unitConfig = {
|
||||
Type = "simple";
|
||||
After = "network.target";
|
||||
After="network.target";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.yate}/bin/yate -c /yate -e /yate/share -Do";
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
Type="simple";
|
||||
Restart="always";
|
||||
# ...
|
||||
};
|
||||
wantedBy = [ "default.target" ];
|
||||
requiredBy = [ "network.target" ];
|
||||
requiredBy = [ "network.target" ];
|
||||
# ...
|
||||
};
|
||||
}
|
||||
|
|
81
flake.lock
81
flake.lock
|
@ -1,26 +1,12 @@
|
|||
{
|
||||
"nodes": {
|
||||
"authorizedKeysRepo": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1731276342,
|
||||
"narHash": "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=",
|
||||
"rev": "686a6af22f6696f0c0595c56f463c078550049fc",
|
||||
"type": "tarball",
|
||||
"url": "https://git.hamburg.ccc.de/api/v1/repos/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz?rev=686a6af22f6696f0c0595c56f463c078550049fc"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz"
|
||||
}
|
||||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1734224914,
|
||||
"narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=",
|
||||
"lastModified": 1729386149,
|
||||
"narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "538697b664a64fade8ce628d01f35d1f1fd82d77",
|
||||
"rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -32,14 +18,16 @@
|
|||
"nixos-generators": {
|
||||
"inputs": {
|
||||
"nixlib": "nixlib",
|
||||
"nixpkgs": "nixpkgs"
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1734311693,
|
||||
"narHash": "sha256-ODRrnbaUsOe3e4kp+uHl+iJxey5zE3kqiBqJWQxrlnY=",
|
||||
"lastModified": 1729472750,
|
||||
"narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "a5278f7c326205681f1f42a90fa46a75a13627eb",
|
||||
"rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -50,41 +38,57 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1734126203,
|
||||
"narHash": "sha256-0XovF7BYP50rTD2v4r55tR5MuBLet7q4xIz6Rgh3BBU=",
|
||||
"owner": "NixOS",
|
||||
"lastModified": 1731133565,
|
||||
"narHash": "sha256-tCErjTdCUWK06LzkcvwUM+3pyrrmdf8e0VDBBTgqznE=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "71a6392e367b08525ee710a93af2e80083b5b3e2",
|
||||
"rev": "11f65b4b0405cff5b54c813626bddcf5435d7ad2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-24.05-small",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1734298236,
|
||||
"narHash": "sha256-aWhhqY44xBjMoO9r5fyPp5u8tqUNWRZ/m/P+abMSs5c=",
|
||||
"lastModified": 1730602179,
|
||||
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1731265036,
|
||||
"narHash": "sha256-e5I+glVZwQvLT6WIeMFi0Mk+N/jkYauZ31ir2NRZcf8=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "eb919d9300b6a18f8583f58aef16db458fbd7bec",
|
||||
"rev": "8aed22ecd71e5b67e5299efae8b9dc580dec711c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-24.11-small",
|
||||
"ref": "nixos-unstable-small",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"authorizedKeysRepo": "authorizedKeysRepo",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
|
@ -92,14 +96,15 @@
|
|||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1733965552,
|
||||
"narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=",
|
||||
"lastModified": 1731213149,
|
||||
"narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004",
|
||||
"rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
183
flake.nix
183
flake.nix
|
@ -1,17 +1,22 @@
|
|||
{
|
||||
description = "CCCHH Nix Infrastructure";
|
||||
|
||||
nixConfig = {
|
||||
allow-import-from-derivation = true;
|
||||
};
|
||||
|
||||
inputs = {
|
||||
# Use the NixOS small channels for nixpkgs.
|
||||
# https://nixos.org/manual/nixos/stable/#sec-upgrading
|
||||
# https://github.com/NixOS/nixpkgs
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05-small";
|
||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
||||
|
||||
# Add nixos-generators as an input.
|
||||
# See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
|
||||
nixos-generators = {
|
||||
url = "github:nix-community/nixos-generators";
|
||||
#inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
# Add sops-nix as an input for secret management.
|
||||
|
@ -20,214 +25,214 @@
|
|||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
authorizedKeysRepo = {
|
||||
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz";
|
||||
flake = false;
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixos-generators, sops-nix, authorizedKeysRepo, ... }:
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
|
||||
let
|
||||
specialArgs = {
|
||||
inherit authorizedKeysRepo;
|
||||
};
|
||||
system = "x86_64-linux";
|
||||
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
|
||||
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
|
||||
# See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
|
||||
configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
|
||||
buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
|
||||
});
|
||||
};
|
||||
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
|
||||
in
|
||||
{
|
||||
nixosModules = {
|
||||
common = ./config/common;
|
||||
proxmox-vm = ./config/proxmox-vm;
|
||||
prometheus-exporter = ./config/extra/prometheus-exporter.nix;
|
||||
};
|
||||
nixosConfigurations = {
|
||||
audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
|
||||
./config/hosts/audio-hauptraum-kueche
|
||||
];
|
||||
};
|
||||
|
||||
audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
|
||||
./config/hosts/audio-hauptraum-tafel
|
||||
];
|
||||
};
|
||||
|
||||
esphome = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/esphome
|
||||
];
|
||||
};
|
||||
|
||||
public-reverse-proxy = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/public-reverse-proxy
|
||||
];
|
||||
};
|
||||
|
||||
netbox = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
sops-nix.nixosModules.sops
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/netbox
|
||||
];
|
||||
};
|
||||
|
||||
matrix = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
sops-nix.nixosModules.sops
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/matrix
|
||||
];
|
||||
};
|
||||
|
||||
public-web-static = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
sops-nix.nixosModules.sops
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/public-web-static
|
||||
];
|
||||
};
|
||||
|
||||
git = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
sops-nix.nixosModules.sops
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/git
|
||||
];
|
||||
};
|
||||
|
||||
forgejo-actions-runner = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
sops-nix.nixosModules.sops
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/forgejo-actions-runner
|
||||
];
|
||||
};
|
||||
|
||||
ptouch-print-server = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/ptouch-print-server
|
||||
];
|
||||
};
|
||||
|
||||
eh22-wiki = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/eh22-wiki
|
||||
];
|
||||
};
|
||||
|
||||
nix-box-june = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/nix-box-june
|
||||
];
|
||||
};
|
||||
|
||||
yate = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/yate
|
||||
];
|
||||
};
|
||||
|
||||
mqtt = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/mqtt
|
||||
];
|
||||
};
|
||||
|
||||
mjolnir = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
sops-nix.nixosModules.sops
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/mjolnir
|
||||
];
|
||||
};
|
||||
|
||||
woodpecker = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
sops-nix.nixosModules.sops
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/woodpecker
|
||||
];
|
||||
specialArgs = {
|
||||
inherit pkgs-unstable;
|
||||
};
|
||||
};
|
||||
|
||||
status = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
sops-nix.nixosModules.sops
|
||||
./config/hosts/status
|
||||
];
|
||||
};
|
||||
|
||||
penpot = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
sops-nix.nixosModules.sops
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/penpot
|
||||
];
|
||||
};
|
||||
|
||||
hydra = nixpkgs.lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
inherit system;
|
||||
modules = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
self.nixosModules.prometheus-exporter
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/extra/prometheus-exporter.nix
|
||||
./config/hosts/hydra
|
||||
];
|
||||
};
|
||||
|
@ -235,24 +240,22 @@
|
|||
|
||||
packages.x86_64-linux = {
|
||||
proxmox-nixos-template = nixos-generators.nixosGenerate {
|
||||
inherit specialArgs;
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./config/nixos-generators/proxmox.nix
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
];
|
||||
format = "proxmox";
|
||||
};
|
||||
|
||||
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
|
||||
inherit specialArgs;
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./config/nixos-generators/proxmox-chaosknoten.nix
|
||||
./config/proxmox-chaosknoten-additional-initial-config.nix
|
||||
self.nixosModules.common
|
||||
self.nixosModules.proxmox-vm
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
];
|
||||
format = "proxmox";
|
||||
};
|
||||
|
|
|
@ -17,7 +17,6 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
services.shairport-sync = {
|
||||
enable = true;
|
||||
package = pkgs.shairport-sync-airplay2;
|
||||
arguments = "-o pw -v";
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue