Compare commits

..

1 commit

Author SHA1 Message Date
jopejoe1 db5e86e4c0
spaceapi: calendar use https instead of webcal 2024-11-10 21:29:53 +01:00
28 changed files with 220 additions and 360 deletions

21
LICENSE
View file

@ -1,21 +0,0 @@
MIT License
Copyright (c) CCCHH
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View file

@ -73,7 +73,3 @@ Build a new NixOS Proxmox VE Template for the chaosknoten:
```shell ```shell
nix build .#proxmox-chaosknoten-nixos-template nix build .#proxmox-chaosknoten-nixos-template
``` ```
## License
This CCCHH nix-infra repository is licensed under the [MIT License](./LICENSE).

View file

@ -6,9 +6,14 @@
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix # - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings # - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
{ config, pkgs, lib, authorizedKeysRepo, ... }: { config, pkgs, lib, ... }:
let let
authorizedKeysRepo = pkgs.fetchgit {
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys";
rev = "b6a29dc7af0a45a8c0b4904290c7cb0c5bc51413";
hash = "sha256-c0aH0wQeJtfXJG5wAbS6aO8yILLI1NNkFAHAeOm8RXA=";
};
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys")); authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
in in
{ {

View file

@ -21,8 +21,7 @@ let
app = "dokuwiki"; app = "dokuwiki";
domain = "eh22.easterhegg.eu"; domain = "eh22.easterhegg.eu";
dataDir = "/srv/www/${domain}"; dataDir = "/srv/www/${domain}";
in in {
{
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${app} ${app}" "d ${dataDir} 0755 ${app} ${app}"
]; ];
@ -77,7 +76,7 @@ in
default = true; default = true;
enableACME = true; enableACME = true;
serverName = "${domain}"; serverName = "${domain}";
listen = [ listen = [
{ {
addr = "0.0.0.0"; addr = "0.0.0.0";

View file

@ -1,10 +1,10 @@
{ ... }: { ... }:
{ {
networking = { networking = {
hostName = "mqtt"; hostName = "mqtt";
domain = "z9.ccchh.net"; domain = "z9.ccchh.net";
}; };
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

View file

@ -1,9 +1,9 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = [ imports = [
./configuration.nix ./configuration.nix
./networking.nix ./networking.nix
./mosquitto.nix ./mosquitto.nix
]; ];
} }

View file

@ -5,29 +5,29 @@
{ ... }: { ... }:
{ {
services.mosquitto = { services.mosquitto = {
enable = true; enable = true;
persistence = true; persistence = true;
# set config for all listeners # set config for all listeners
listeners = [{ listeners = [ {
settings.allow_anonymous = true; settings.allow_anonymous = true;
omitPasswordAuth = true; omitPasswordAuth = true;
acl = [ "topic readwrite #" ]; acl = ["topic readwrite #"];
}]; } ];
bridges.winkekatz = { bridges.winkekatz = {
addresses = [ addresses = [
{ address = "mqtt.winkekatze24.de"; } { address = "mqtt.winkekatze24.de"; }
]; ];
topics = [ topics = [
"winkekatze/allcats/eye/set in 2" "winkekatze/allcats/eye/set in 2"
"winkekatze/allcats in 2" "winkekatze/allcats in 2"
"+/status out 2 winkekatze/ \"\"" "+/status out 2 winkekatze/ \"\""
"+/connected out 2 winkekatze/ \"\"" "+/connected out 2 winkekatze/ \"\""
]; ];
};
}; };
};
networking.firewall.allowedTCPPorts = [ 1883 ]; networking.firewall.allowedTCPPorts = [ 1883 ];
} }

View file

@ -26,7 +26,7 @@
}; };
yuri = { yuri = {
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
]; ];

View file

@ -27,7 +27,7 @@
}, },
"calendar": { "calendar": {
"type": "ical", "type": "ical",
"url": "webcal://cloud.hamburg.ccc.de/remote.php/dav/public-calendars/QJAdExziSnNJEz5g/?export" "url": "https://cloud.hamburg.ccc.de/remote.php/dav/public-calendars/QJAdExziSnNJEz5g/?export"
} }
}, },
"links": [ "links": [

View file

@ -1,19 +1,10 @@
{ pkgs, ... }: { pkgs, ... }:
let {
domain = "c3cat.de";
dataDir = "/var/www/${domain}";
deployUser = "c3cat-website-deploy";
in {
security.acme.certs."${domain}".extraDomainNames = [ "www.${domain}" ];
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"acme-${domain}" = { "acme-c3cat.de" = {
enableACME = true; enableACME = true;
serverName = "${domain}"; serverName = "c3cat.de";
serverAliases = [
"www.${domain}"
];
listen = [ listen = [
{ {
@ -23,9 +14,9 @@ in {
]; ];
}; };
"$www.${domain}" = { "c3cat.de" = {
forceSSL = true; forceSSL = true;
useACMEHost = "${domain}"; useACMEHost = "c3cat.de";
listen = [ listen = [
{ {
@ -37,7 +28,7 @@ in {
]; ];
locations."/" = { locations."/" = {
return = "302 https://c3cat.de$request_uri"; return = "302 https://wiki.hamburg.ccc.de/club:c3cat:start";
}; };
extraConfig = '' extraConfig = ''
@ -51,45 +42,5 @@ in {
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
''; '';
}; };
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "${dataDir}";
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
}; };
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
];
users.users."${deployUser}" = {
isNormalUser = true;
group = "${deployUser}";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcZJzQO4RYinJm6YDUgCELe8OJA/DYOss+8xp7TtxM0 deploy key for c3cat.de"
];
};
users.groups."${deployUser}" = { };
} }

View file

@ -9,7 +9,6 @@
./hackertours.hamburg.ccc.de.nix ./hackertours.hamburg.ccc.de.nix
./hamburg.ccc.de.nix ./hamburg.ccc.de.nix
./spaceapi.hamburg.ccc.de.nix ./spaceapi.hamburg.ccc.de.nix
./staging.c3cat.de.nix
./staging.hacker.tours.nix ./staging.hacker.tours.nix
./staging.hackertours.hamburg.ccc.de.nix ./staging.hackertours.hamburg.ccc.de.nix
./staging.hamburg.ccc.de.nix ./staging.hamburg.ccc.de.nix

View file

@ -1,10 +1,10 @@
{ pkgs, ... }: { pkgs, ... }:
let let
elementWebVersion = "1.11.84"; elementWebVersion = "1.11.80";
element-web = pkgs.fetchzip { element-web = pkgs.fetchzip {
url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz"; url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
sha256 = "sha256-z2qaKKyUq2S/r3xUUU3ym0FgFbiQr6bcltuKvUMPbH4="; sha256 = "sha256-sudWmNehxGsbZTNirTkoWQ/Bln1DC1CI30wocw9VoH8=";
}; };
elementSecurityHeaders = '' elementSecurityHeaders = ''
# Configuration best practices # Configuration best practices

View file

@ -4,8 +4,7 @@ let
domain = "hacker.tours"; domain = "hacker.tours";
dataDir = "/var/www/${domain}"; dataDir = "/var/www/${domain}";
deployUser = "hackertours-website-deploy"; deployUser = "hackertours-website-deploy";
in in {
{
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"acme-${domain}" = { "acme-${domain}" = {
enableACME = true; enableACME = true;

View file

@ -4,8 +4,7 @@ let
domain = "hackertours.hamburg.ccc.de"; domain = "hackertours.hamburg.ccc.de";
dataDir = "/var/www/${domain}"; dataDir = "/var/www/${domain}";
deployUser = "ht-ccchh-website-deploy"; deployUser = "ht-ccchh-website-deploy";
in in {
{
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"acme-${domain}" = { "acme-${domain}" = {
enableACME = true; enableACME = true;

View file

@ -1,4 +1,4 @@
{ ... }: {...}:
{ {
imports = [ imports = [
@ -9,4 +9,4 @@
./eh11.nix ./eh11.nix
./eh20.nix ./eh20.nix
]; ];
} }

View file

@ -6,7 +6,7 @@ let
rev = "74977c56486cd060566bf06678a936e801952f9e"; rev = "74977c56486cd060566bf06678a936e801952f9e";
hash = "sha256-ded/NO+Jex2Sa4yWAIRpqANsv8i0vKmJSkM5r9KxaVk="; hash = "sha256-ded/NO+Jex2Sa4yWAIRpqANsv8i0vKmJSkM5r9KxaVk=";
}; };
in in
{ {
security.acme.certs."eh03.easterhegg.eu".extraDomainNames = [ security.acme.certs."eh03.easterhegg.eu".extraDomainNames = [
"eh2003.hamburg.ccc.de" "eh2003.hamburg.ccc.de"
@ -48,7 +48,7 @@ in
}]; }];
locations."/".return = "302 https://eh03.easterhegg.eu"; locations."/".return = "302 https://eh03.easterhegg.eu";
extraConfig = '' extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and # Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy # $remote_port to the client address and client port, when using proxy

View file

@ -48,7 +48,7 @@ in
}]; }];
locations."/".return = "302 https://eh05.easterhegg.eu"; locations."/".return = "302 https://eh05.easterhegg.eu";
extraConfig = '' extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and # Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy # $remote_port to the client address and client port, when using proxy
@ -60,7 +60,7 @@ in
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
''; '';
}; };
"eh05.easterhegg.eu" = { "eh05.easterhegg.eu" = {
forceSSL = true; forceSSL = true;
useACMEHost = "eh05.easterhegg.eu"; useACMEHost = "eh05.easterhegg.eu";
@ -71,7 +71,7 @@ in
ssl = true; ssl = true;
proxyProtocol = true; proxyProtocol = true;
}]; }];
locations."/" = { locations."/" = {
index = "index.shtml"; index = "index.shtml";
root = eh05; root = eh05;
@ -80,7 +80,7 @@ in
default_type text/html; default_type text/html;
# Enable SSI # Enable SSI
ssi on; ssi on;
''; '';
}; };
extraConfig = '' extraConfig = ''

View file

@ -54,7 +54,7 @@ in
}]; }];
locations."/".return = "302 https://eh07.easterhegg.eu"; locations."/".return = "302 https://eh07.easterhegg.eu";
extraConfig = '' extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and # Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy # $remote_port to the client address and client port, when using proxy
@ -86,7 +86,7 @@ in
default_type text/html; default_type text/html;
# Enable SSI # Enable SSI
ssi on; ssi on;
''; '';
}; };
extraConfig = '' extraConfig = ''

View file

@ -54,7 +54,7 @@ in
}]; }];
locations."/".return = "302 https://eh09.easterhegg.eu"; locations."/".return = "302 https://eh09.easterhegg.eu";
extraConfig = '' extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and # Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy # $remote_port to the client address and client port, when using proxy
@ -86,7 +86,7 @@ in
default_type text/html; default_type text/html;
# Enable SSI # Enable SSI
ssi on; ssi on;
''; '';
}; };
extraConfig = '' extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and # Make use of the ngx_http_realip_module to set the $remote_addr and

View file

@ -54,7 +54,7 @@ in
}]; }];
locations."/".return = "302 https://eh11.easterhegg.eu"; locations."/".return = "302 https://eh11.easterhegg.eu";
extraConfig = '' extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and # Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy # $remote_port to the client address and client port, when using proxy
@ -86,7 +86,7 @@ in
default_type text/html; default_type text/html;
# Enable SSI # Enable SSI
ssi on; ssi on;
''; '';
}; };
extraConfig = '' extraConfig = ''

View file

@ -1,60 +0,0 @@
{ pkgs, ... }:
let
domain = "staging.c3cat.de";
dataDir = "/var/www/${domain}";
deployUser = "c3cat-website-deploy";
in {
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;
serverName = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "${dataDir}";
# Disallow *, since this is staging and doesn't need to be in any search
# results.
locations."/robots.txt" = {
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
];
# c3cat deploy user already defined in c3cat.de.nix.
}

View file

@ -4,8 +4,7 @@ let
domain = "staging.hacker.tours"; domain = "staging.hacker.tours";
dataDir = "/var/www/${domain}"; dataDir = "/var/www/${domain}";
deployUser = "hackertours-website-deploy"; deployUser = "hackertours-website-deploy";
in in {
{
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"acme-${domain}" = { "acme-${domain}" = {
enableACME = true; enableACME = true;

View file

@ -4,8 +4,7 @@ let
domain = "staging.hackertours.hamburg.ccc.de"; domain = "staging.hackertours.hamburg.ccc.de";
dataDir = "/var/www/${domain}"; dataDir = "/var/www/${domain}";
deployUser = "ht-ccchh-website-deploy"; deployUser = "ht-ccchh-website-deploy";
in in {
{
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"acme-${domain}" = { "acme-${domain}" = {
enableACME = true; enableACME = true;

View file

@ -3,12 +3,13 @@
# - https://woodpecker-ci.org/docs/administration/agent-config # - https://woodpecker-ci.org/docs/administration/agent-config
# - https://woodpecker-ci.org/docs/administration/backends/docker # - https://woodpecker-ci.org/docs/administration/backends/docker
{ config, pkgs, ... }: { config, pkgs, pkgs-unstable, ... }:
{ {
services.woodpecker-agents.agents."docker" = { services.woodpecker-agents.agents."docker" = {
enable = true; enable = true;
package = pkgs.woodpecker-agent; # Since we use woodpecker-server from unstable, use the agent from unstable as well.
package = pkgs-unstable.woodpecker-agent;
extraGroups = [ "docker" ]; extraGroups = [ "docker" ];
environment = { environment = {
WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}"; WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}";

View file

@ -5,12 +5,14 @@
# - https://woodpecker-ci.org/docs/administration/forges/forgejo # - https://woodpecker-ci.org/docs/administration/forges/forgejo
# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING # - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
{ config, pkgs, ... }: { config, pkgs, pkgs-unstable, ... }:
{ {
services.woodpecker-server = { services.woodpecker-server = {
enable = true; enable = true;
package = pkgs.woodpecker-server; # Use package from unstable to get at least version 2.6.0 for native Forgejo support.
# https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0
package = pkgs-unstable.woodpecker-server;
environment = { environment = {
WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de"; WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
WOODPECKER_SERVER_ADDR = ":8001"; WOODPECKER_SERVER_ADDR = ":8001";
@ -22,7 +24,6 @@
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql"; WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
WOODPECKER_FORGEJO = "true"; WOODPECKER_FORGEJO = "true";
WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de"; WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
WOODPECKER_LIMIT_MEM = "6442450944"; # 6GB
# Set via enviornmentFile: # Set via enviornmentFile:
# WOODPECKER_FORGEJO_CLIENT # WOODPECKER_FORGEJO_CLIENT
# WOODPECKER_FORGEJO_SECRET # WOODPECKER_FORGEJO_SECRET

View file

@ -6,16 +6,16 @@
description = "Yate telehony engine"; description = "Yate telehony engine";
unitConfig = { unitConfig = {
Type = "simple"; Type = "simple";
After = "network.target"; After="network.target";
}; };
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.yate}/bin/yate -c /yate -e /yate/share -Do"; ExecStart = "${pkgs.yate}/bin/yate -c /yate -e /yate/share -Do";
Type = "simple"; Type="simple";
Restart = "always"; Restart="always";
# ... # ...
}; };
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
requiredBy = [ "network.target" ]; requiredBy = [ "network.target" ];
# ... # ...
}; };
} }

View file

@ -1,26 +1,12 @@
{ {
"nodes": { "nodes": {
"authorizedKeysRepo": {
"flake": false,
"locked": {
"lastModified": 1731276342,
"narHash": "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=",
"rev": "686a6af22f6696f0c0595c56f463c078550049fc",
"type": "tarball",
"url": "https://git.hamburg.ccc.de/api/v1/repos/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz?rev=686a6af22f6696f0c0595c56f463c078550049fc"
},
"original": {
"type": "tarball",
"url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz"
}
},
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1731200463, "lastModified": 1729386149,
"narHash": "sha256-qDaAweJjdFbVExqs8aG27urUgcgKufkIngHW3Rzustg=", "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "e04234d263750db01c78a412690363dc2226e68a", "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -32,14 +18,16 @@
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
"nixpkgs": "nixpkgs" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1731546190, "lastModified": 1729472750,
"narHash": "sha256-kJix8nLyFIJ3EC7VtoXK/85C4ZN2dC5oWoS8+ErehqI=", "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "06ffce1a8d95e95c06a4bcfa117dd960b14a7101", "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -50,27 +38,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1731245184, "lastModified": 1730428893,
"narHash": "sha256-vmLS8+x+gHRv1yzj3n+GTAEObwmhxmkkukB2DwtJRdU=", "narHash": "sha256-fLLUd2dO/Vnf96UDr8YPzerYi+n99l3S5yIUDnmcPBE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "aebe249544837ce42588aa4b2e7972222ba12e8f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1731842749,
"narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682", "rev": "38edd08881ce4dc24056eec173b43587a93c990f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -80,11 +52,43 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1729973466,
"narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1730449684,
"narHash": "sha256-Hlv3rTPxnO+DpKRXw9yjzERLdk05h7+fEbZxWM2taCw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ab464abbeb3a2833288c6e907488c49c2e599f88",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"authorizedKeysRepo": "authorizedKeysRepo",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
@ -92,14 +96,15 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1731862312, "lastModified": 1729999681,
"narHash": "sha256-NVUTFxKrJp/hjehlF1IvkPnlRYg/O9HFVutbxOM8zNM=", "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "472741cf3fee089241ac9ea705bb2b9e0bfa2978", "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"type": "github" "type": "github"
}, },
"original": { "original": {

188
flake.nix
View file

@ -6,12 +6,13 @@
# https://nixos.org/manual/nixos/stable/#sec-upgrading # https://nixos.org/manual/nixos/stable/#sec-upgrading
# https://github.com/NixOS/nixpkgs # https://github.com/NixOS/nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05-small"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
# Add nixos-generators as an input. # Add nixos-generators as an input.
# See here: https://github.com/nix-community/nixos-generators#using-in-a-flake # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
nixos-generators = { nixos-generators = {
url = "github:nix-community/nixos-generators"; url = "github:nix-community/nixos-generators";
#inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Add sops-nix as an input for secret management. # Add sops-nix as an input for secret management.
@ -20,225 +21,214 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
authorizedKeysRepo = {
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz";
flake = false;
};
}; };
outputs = { self, nixpkgs, nixos-generators, sops-nix, authorizedKeysRepo, ... }: outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
let let
specialArgs = {
inherit authorizedKeysRepo;
};
system = "x86_64-linux"; system = "x86_64-linux";
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
# See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
});
};
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
in in
{ {
overlays = {
shairportSyncAirplay2 = final: prev: {
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
# See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
});
};
};
nixosModules = {
common = ./config/common;
proxmox-vm = ./config/proxmox-vm;
prometheus-exporter = ./config/extra/prometheus-exporter.nix;
};
nixosConfigurations = { nixosConfigurations = {
audio-hauptraum-kueche = nixpkgs.lib.nixosSystem { audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
{ nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; } { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
./config/hosts/audio-hauptraum-kueche ./config/hosts/audio-hauptraum-kueche
]; ];
}; };
audio-hauptraum-tafel = nixpkgs.lib.nixosSystem { audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
{ nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; } { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
./config/hosts/audio-hauptraum-tafel ./config/hosts/audio-hauptraum-tafel
]; ];
}; };
esphome = nixpkgs.lib.nixosSystem { esphome = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
./config/hosts/esphome ./config/hosts/esphome
]; ];
}; };
public-reverse-proxy = nixpkgs.lib.nixosSystem { public-reverse-proxy = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
./config/hosts/public-reverse-proxy ./config/hosts/public-reverse-proxy
]; ];
}; };
netbox = nixpkgs.lib.nixosSystem { netbox = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/netbox ./config/hosts/netbox
]; ];
}; };
matrix = nixpkgs.lib.nixosSystem { matrix = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/matrix ./config/hosts/matrix
]; ];
}; };
public-web-static = nixpkgs.lib.nixosSystem { public-web-static = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/public-web-static ./config/hosts/public-web-static
]; ];
}; };
git = nixpkgs.lib.nixosSystem { git = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/git ./config/hosts/git
]; ];
}; };
forgejo-actions-runner = nixpkgs.lib.nixosSystem { forgejo-actions-runner = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/forgejo-actions-runner ./config/hosts/forgejo-actions-runner
]; ];
}; };
ptouch-print-server = nixpkgs.lib.nixosSystem { ptouch-print-server = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
./config/hosts/ptouch-print-server ./config/hosts/ptouch-print-server
]; ];
}; };
eh22-wiki = nixpkgs.lib.nixosSystem { eh22-wiki = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/eh22-wiki ./config/hosts/eh22-wiki
]; ];
}; };
nix-box-june = nixpkgs.lib.nixosSystem { nix-box-june = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/nix-box-june ./config/hosts/nix-box-june
]; ];
}; };
yate = nixpkgs.lib.nixosSystem { yate = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
./config/hosts/yate ./config/hosts/yate
]; ];
}; };
mqtt = nixpkgs.lib.nixosSystem { mqtt = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
./config/hosts/mqtt ./config/hosts/mqtt
]; ];
}; };
mjolnir = nixpkgs.lib.nixosSystem { mjolnir = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/mjolnir ./config/hosts/mjolnir
]; ];
}; };
woodpecker = nixpkgs.lib.nixosSystem { woodpecker = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/woodpecker ./config/hosts/woodpecker
]; ];
specialArgs = {
inherit pkgs-unstable;
};
}; };
status = nixpkgs.lib.nixosSystem { status = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./config/hosts/status ./config/hosts/status
]; ];
}; };
penpot = nixpkgs.lib.nixosSystem { penpot = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/penpot ./config/hosts/penpot
]; ];
}; };
hydra = nixpkgs.lib.nixosSystem { hydra = nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system;
modules = [ modules = [
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
self.nixosModules.prometheus-exporter ./config/extra/prometheus-exporter.nix
./config/hosts/hydra ./config/hosts/hydra
]; ];
}; };
@ -246,24 +236,22 @@
packages.x86_64-linux = { packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate { proxmox-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./config/nixos-generators/proxmox.nix ./config/nixos-generators/proxmox.nix
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
]; ];
format = "proxmox"; format = "proxmox";
}; };
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate { proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./config/nixos-generators/proxmox-chaosknoten.nix ./config/nixos-generators/proxmox-chaosknoten.nix
./config/proxmox-chaosknoten-additional-initial-config.nix ./config/proxmox-chaosknoten-additional-initial-config.nix
self.nixosModules.common ./config/common
self.nixosModules.proxmox-vm ./config/proxmox-vm
]; ];
format = "proxmox"; format = "proxmox";
}; };