CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 2
Code Issues 1 Pull requests 2 Wiki Activity

Compare commits

base: CCCHH:main
Branches Tags
CCCHH:main
CCCHH:ci-check
CCCHH:ci-check-lix
CCCHH:yate
CCCHH:simple-clean-up
CCCHH:nixOptions
CCCHH:spaceapi
CCCHH:ptouch-print-server
CCCHH:Bendodroid-ldflagsSpaceapid
..
compare: CCCHH:simple-clean-up
Branches Tags
CCCHH:main
CCCHH:ci-check
CCCHH:ci-check-lix
CCCHH:yate
CCCHH:simple-clean-up
CCCHH:nixOptions
CCCHH:spaceapi
CCCHH:ptouch-print-server
CCCHH:Bendodroid-ldflagsSpaceapid

No commits in common. "main" and "simple-clean-up" have entirely different histories.
main ... simple-cle

6 changed files with 69 additions and 83 deletions
Show stats Expand all files Collapse all files

7
config/common/users.nix
View file

@ -6,9 +6,14 @@
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
{ config, pkgs, lib, authorizedKeysRepo, ... }:
{ config, pkgs, lib, ... }:
let
authorizedKeysRepo = builtins.fetchGit {
url = "forgejo@git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git";
ref = "trunk";
rev = "686a6af22f6696f0c0595c56f463c078550049fc";
};
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
in
{

10
config/hosts/git/forgejo.nix
View file

@ -7,19 +7,13 @@
# - https://codeberg.org/forgejo/forgejo/src/branch/forgejo/docs/content/administration/reverse-proxies.en-us.md
# - https://forgejo.org/docs/latest/admin/email-setup/
{ pkgs, ... }:
{ pkgs-unstable, ... }:
{
services.forgejo = {
enable = true;
package = pkgs.forgejo;
database.type = "postgres";
secrets = {
mailer = {
PASSWD = "/run/secrets/forgejo_git_smtp_password";
};
};
mailerPasswordFile = "/run/secrets/forgejo_git_smtp_password";
settings = {
DEFAULT = {

1
config/hosts/woodpecker/woodpecker-server/woodpecker-server.nix
View file

@ -22,7 +22,6 @@
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
WOODPECKER_FORGEJO = "true";
WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
WOODPECKER_LIMIT_MEM = "6442450944"; # 6GB
# Set via enviornmentFile:
# WOODPECKER_FORGEJO_CLIENT
# WOODPECKER_FORGEJO_SECRET

68
flake.lock
View file

@ -1,26 +1,12 @@
{
"nodes": {
"authorizedKeysRepo": {
"flake": false,
"locked": {
"lastModified": 1731276342,
"narHash": "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=",
"rev": "686a6af22f6696f0c0595c56f463c078550049fc",
"type": "tarball",
"url": "https://git.hamburg.ccc.de/api/v1/repos/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz?rev=686a6af22f6696f0c0595c56f463c078550049fc"
},
"original": {
"type": "tarball",
"url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz"
}
},
"nixlib": {
"locked": {
"lastModified": 1734829460,
"narHash": "sha256-dPhc+f2wkmhMqMIfq+hColJdysgVxKP9ilZ5bR0NRZI=",
"lastModified": 1729386149,
"narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "0a31e8d833173ae63e43fd9dbff1ccf09c4f778c",
"rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
"type": "github"
},
"original": {
@ -32,14 +18,16 @@
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": "nixpkgs"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1734915500,
"narHash": "sha256-A7CTIQ8SW0hfbhKlwK+vSsu4pD+Oaelw3v6goX6go+U=",
"lastModified": 1729472750,
"narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "051d1b2dda3b2e81b38d82e2b691e5c2f4d335f4",
"rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
"type": "github"
},
"original": {
@ -50,41 +38,40 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1734435836,
"narHash": "sha256-kMBQ5PRiFLagltK0sH+08aiNt3zGERC2297iB6vrvlU=",
"owner": "NixOS",
"lastModified": 1731133565,
"narHash": "sha256-tCErjTdCUWK06LzkcvwUM+3pyrrmdf8e0VDBBTgqznE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4989a246d7a390a859852baddb1013f825435cee",
"rev": "11f65b4b0405cff5b54c813626bddcf5435d7ad2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"owner": "nixos",
"ref": "nixos-24.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1736408508,
"narHash": "sha256-WIGZ3DPw5H+SPszUXVacK+KTh3sJZShP1vGtDwhquNM=",
"owner": "nixos",
"lastModified": 1730602179,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "530de2c83360057c1650fb8a37ef48cb9ad8f6a6",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11-small",
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"authorizedKeysRepo": "authorizedKeysRepo",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
@ -92,14 +79,15 @@
"inputs": {
"nixpkgs": [
"nixpkgs"
]
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1736203741,
"narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=",
"lastModified": 1731213149,
"narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773",
"rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7",
"type": "github"
},
"original": {

65
flake.nix
View file

@ -5,13 +5,13 @@
# Use the NixOS small channels for nixpkgs.
# https://nixos.org/manual/nixos/stable/#sec-upgrading
# https://github.com/NixOS/nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05-small";
# Add nixos-generators as an input.
# See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
nixos-generators = {
url = "github:nix-community/nixos-generators";
#inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
# Add sops-nix as an input for secret management.
@ -20,21 +20,22 @@
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
authorizedKeysRepo = {
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz";
flake = false;
};
};
outputs = { self, nixpkgs, nixos-generators, sops-nix, authorizedKeysRepo, ... }:
outputs = { self, nixpkgs, nixos-generators, sops-nix, ... }:
let
specialArgs = {
inherit authorizedKeysRepo;
};
system = "x86_64-linux";
in
{
overlays = {
shairportSyncAirplay2 = final: prev: {
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
# See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
});
};
};
nixosModules = {
common = ./config/common;
proxmox-vm = ./config/proxmox-vm;
@ -42,25 +43,27 @@
};
nixosConfigurations = {
audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
{ nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; }
./config/hosts/audio-hauptraum-kueche
];
};
audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
{ nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; }
./config/hosts/audio-hauptraum-tafel
];
};
esphome = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -69,7 +72,7 @@
};
public-reverse-proxy = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -78,7 +81,7 @@
};
netbox = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -89,7 +92,7 @@
};
matrix = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -100,7 +103,7 @@
};
public-web-static = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -111,7 +114,7 @@
};
git = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -122,7 +125,7 @@
};
forgejo-actions-runner = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -133,7 +136,7 @@
};
ptouch-print-server = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -142,7 +145,7 @@
};
eh22-wiki = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -152,7 +155,7 @@
};
nix-box-june = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -162,7 +165,7 @@
};
yate = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -171,7 +174,7 @@
};
mqtt = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -180,7 +183,7 @@
};
mjolnir = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -191,7 +194,7 @@
};
woodpecker = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -202,7 +205,7 @@
};
status = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -212,7 +215,7 @@
};
penpot = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -223,7 +226,7 @@
};
hydra = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
inherit system;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
@ -235,7 +238,6 @@
packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox.nix
@ -246,7 +248,6 @@
};
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox-chaosknoten.nix

1
modules/services/audio/shairport-sync.nix
View file

@ -17,7 +17,6 @@ in
config = mkIf cfg.enable {
services.shairport-sync = {
enable = true;
package = pkgs.shairport-sync-airplay2;
arguments = "-o pw -v";
};