Compare commits
1 commit
Author | SHA1 | Date | |
---|---|---|---|
jopejoe1 | db5e86e4c0 |
21
LICENSE
21
LICENSE
|
@ -1,21 +0,0 @@
|
||||||
MIT License
|
|
||||||
|
|
||||||
Copyright (c) CCCHH
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
|
||||||
in the Software without restriction, including without limitation the rights
|
|
||||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
copies of the Software, and to permit persons to whom the Software is
|
|
||||||
furnished to do so, subject to the following conditions:
|
|
||||||
|
|
||||||
The above copyright notice and this permission notice shall be included in all
|
|
||||||
copies or substantial portions of the Software.
|
|
||||||
|
|
||||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
SOFTWARE.
|
|
|
@ -73,7 +73,3 @@ Build a new NixOS Proxmox VE Template for the chaosknoten:
|
||||||
```shell
|
```shell
|
||||||
nix build .#proxmox-chaosknoten-nixos-template
|
nix build .#proxmox-chaosknoten-nixos-template
|
||||||
```
|
```
|
||||||
|
|
||||||
## License
|
|
||||||
|
|
||||||
This CCCHH nix-infra repository is licensed under the [MIT License](./LICENSE).
|
|
||||||
|
|
|
@ -6,9 +6,14 @@
|
||||||
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
|
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
|
||||||
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
|
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
|
||||||
|
|
||||||
{ config, pkgs, lib, authorizedKeysRepo, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
authorizedKeysRepo = pkgs.fetchgit {
|
||||||
|
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys";
|
||||||
|
rev = "b6a29dc7af0a45a8c0b4904290c7cb0c5bc51413";
|
||||||
|
hash = "sha256-c0aH0wQeJtfXJG5wAbS6aO8yILLI1NNkFAHAeOm8RXA=";
|
||||||
|
};
|
||||||
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
|
@ -21,8 +21,7 @@ let
|
||||||
app = "dokuwiki";
|
app = "dokuwiki";
|
||||||
domain = "eh22.easterhegg.eu";
|
domain = "eh22.easterhegg.eu";
|
||||||
dataDir = "/srv/www/${domain}";
|
dataDir = "/srv/www/${domain}";
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d ${dataDir} 0755 ${app} ${app}"
|
"d ${dataDir} 0755 ${app} ${app}"
|
||||||
];
|
];
|
||||||
|
@ -77,7 +76,7 @@ in
|
||||||
default = true;
|
default = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
serverName = "${domain}";
|
serverName = "${domain}";
|
||||||
|
|
||||||
listen = [
|
listen = [
|
||||||
{
|
{
|
||||||
addr = "0.0.0.0";
|
addr = "0.0.0.0";
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "mqtt";
|
hostName = "mqtt";
|
||||||
domain = "z9.ccchh.net";
|
domain = "z9.ccchh.net";
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
}
|
}
|
|
@ -1,9 +1,9 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./mosquitto.nix
|
./mosquitto.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
|
@ -5,29 +5,29 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.mosquitto = {
|
services.mosquitto = {
|
||||||
enable = true;
|
enable = true;
|
||||||
persistence = true;
|
persistence = true;
|
||||||
|
|
||||||
# set config for all listeners
|
# set config for all listeners
|
||||||
listeners = [{
|
listeners = [ {
|
||||||
settings.allow_anonymous = true;
|
settings.allow_anonymous = true;
|
||||||
omitPasswordAuth = true;
|
omitPasswordAuth = true;
|
||||||
acl = [ "topic readwrite #" ];
|
acl = ["topic readwrite #"];
|
||||||
}];
|
} ];
|
||||||
|
|
||||||
bridges.winkekatz = {
|
bridges.winkekatz = {
|
||||||
addresses = [
|
addresses = [
|
||||||
{ address = "mqtt.winkekatze24.de"; }
|
{ address = "mqtt.winkekatze24.de"; }
|
||||||
];
|
];
|
||||||
topics = [
|
topics = [
|
||||||
"winkekatze/allcats/eye/set in 2"
|
"winkekatze/allcats/eye/set in 2"
|
||||||
"winkekatze/allcats in 2"
|
"winkekatze/allcats in 2"
|
||||||
"+/status out 2 winkekatze/ \"\""
|
"+/status out 2 winkekatze/ \"\""
|
||||||
"+/connected out 2 winkekatze/ \"\""
|
"+/connected out 2 winkekatze/ \"\""
|
||||||
];
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 1883 ];
|
networking.firewall.allowedTCPPorts = [ 1883 ];
|
||||||
}
|
}
|
|
@ -26,7 +26,7 @@
|
||||||
};
|
};
|
||||||
yuri = {
|
yuri = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
|
||||||
];
|
];
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
},
|
},
|
||||||
"calendar": {
|
"calendar": {
|
||||||
"type": "ical",
|
"type": "ical",
|
||||||
"url": "webcal://cloud.hamburg.ccc.de/remote.php/dav/public-calendars/QJAdExziSnNJEz5g/?export"
|
"url": "https://cloud.hamburg.ccc.de/remote.php/dav/public-calendars/QJAdExziSnNJEz5g/?export"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"links": [
|
"links": [
|
||||||
|
|
|
@ -1,19 +1,10 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
let
|
{
|
||||||
domain = "c3cat.de";
|
|
||||||
dataDir = "/var/www/${domain}";
|
|
||||||
deployUser = "c3cat-website-deploy";
|
|
||||||
in {
|
|
||||||
security.acme.certs."${domain}".extraDomainNames = [ "www.${domain}" ];
|
|
||||||
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"acme-${domain}" = {
|
"acme-c3cat.de" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
serverName = "${domain}";
|
serverName = "c3cat.de";
|
||||||
serverAliases = [
|
|
||||||
"www.${domain}"
|
|
||||||
];
|
|
||||||
|
|
||||||
listen = [
|
listen = [
|
||||||
{
|
{
|
||||||
|
@ -23,9 +14,9 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
"$www.${domain}" = {
|
"c3cat.de" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "${domain}";
|
useACMEHost = "c3cat.de";
|
||||||
|
|
||||||
listen = [
|
listen = [
|
||||||
{
|
{
|
||||||
|
@ -37,7 +28,7 @@ in {
|
||||||
];
|
];
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
return = "302 https://c3cat.de$request_uri";
|
return = "302 https://wiki.hamburg.ccc.de/club:c3cat:start";
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -51,45 +42,5 @@ in {
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
"${domain}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
useACMEHost = "${domain}";
|
|
||||||
|
|
||||||
listen = [
|
|
||||||
{
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
port = 8443;
|
|
||||||
ssl = true;
|
|
||||||
proxyProtocol = true;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
root = "${dataDir}";
|
|
||||||
|
|
||||||
extraConfig = ''
|
|
||||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
|
||||||
# $remote_port to the client address and client port, when using proxy
|
|
||||||
# protocol.
|
|
||||||
# First set our proxy protocol proxy as trusted.
|
|
||||||
set_real_ip_from 172.31.17.140;
|
|
||||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
|
||||||
# header.
|
|
||||||
real_ip_header proxy_protocol;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
|
|
||||||
];
|
|
||||||
|
|
||||||
users.users."${deployUser}" = {
|
|
||||||
isNormalUser = true;
|
|
||||||
group = "${deployUser}";
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcZJzQO4RYinJm6YDUgCELe8OJA/DYOss+8xp7TtxM0 deploy key for c3cat.de"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
users.groups."${deployUser}" = { };
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,7 +9,6 @@
|
||||||
./hackertours.hamburg.ccc.de.nix
|
./hackertours.hamburg.ccc.de.nix
|
||||||
./hamburg.ccc.de.nix
|
./hamburg.ccc.de.nix
|
||||||
./spaceapi.hamburg.ccc.de.nix
|
./spaceapi.hamburg.ccc.de.nix
|
||||||
./staging.c3cat.de.nix
|
|
||||||
./staging.hacker.tours.nix
|
./staging.hacker.tours.nix
|
||||||
./staging.hackertours.hamburg.ccc.de.nix
|
./staging.hackertours.hamburg.ccc.de.nix
|
||||||
./staging.hamburg.ccc.de.nix
|
./staging.hamburg.ccc.de.nix
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
elementWebVersion = "1.11.84";
|
elementWebVersion = "1.11.80";
|
||||||
element-web = pkgs.fetchzip {
|
element-web = pkgs.fetchzip {
|
||||||
url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
|
url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
|
||||||
sha256 = "sha256-z2qaKKyUq2S/r3xUUU3ym0FgFbiQr6bcltuKvUMPbH4=";
|
sha256 = "sha256-sudWmNehxGsbZTNirTkoWQ/Bln1DC1CI30wocw9VoH8=";
|
||||||
};
|
};
|
||||||
elementSecurityHeaders = ''
|
elementSecurityHeaders = ''
|
||||||
# Configuration best practices
|
# Configuration best practices
|
||||||
|
|
|
@ -4,8 +4,7 @@ let
|
||||||
domain = "hacker.tours";
|
domain = "hacker.tours";
|
||||||
dataDir = "/var/www/${domain}";
|
dataDir = "/var/www/${domain}";
|
||||||
deployUser = "hackertours-website-deploy";
|
deployUser = "hackertours-website-deploy";
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"acme-${domain}" = {
|
"acme-${domain}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -4,8 +4,7 @@ let
|
||||||
domain = "hackertours.hamburg.ccc.de";
|
domain = "hackertours.hamburg.ccc.de";
|
||||||
dataDir = "/var/www/${domain}";
|
dataDir = "/var/www/${domain}";
|
||||||
deployUser = "ht-ccchh-website-deploy";
|
deployUser = "ht-ccchh-website-deploy";
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"acme-${domain}" = {
|
"acme-${domain}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ ... }:
|
{...}:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -9,4 +9,4 @@
|
||||||
./eh11.nix
|
./eh11.nix
|
||||||
./eh20.nix
|
./eh20.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
|
@ -6,7 +6,7 @@ let
|
||||||
rev = "74977c56486cd060566bf06678a936e801952f9e";
|
rev = "74977c56486cd060566bf06678a936e801952f9e";
|
||||||
hash = "sha256-ded/NO+Jex2Sa4yWAIRpqANsv8i0vKmJSkM5r9KxaVk=";
|
hash = "sha256-ded/NO+Jex2Sa4yWAIRpqANsv8i0vKmJSkM5r9KxaVk=";
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
security.acme.certs."eh03.easterhegg.eu".extraDomainNames = [
|
security.acme.certs."eh03.easterhegg.eu".extraDomainNames = [
|
||||||
"eh2003.hamburg.ccc.de"
|
"eh2003.hamburg.ccc.de"
|
||||||
|
@ -48,7 +48,7 @@ in
|
||||||
}];
|
}];
|
||||||
|
|
||||||
locations."/".return = "302 https://eh03.easterhegg.eu";
|
locations."/".return = "302 https://eh03.easterhegg.eu";
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
# $remote_port to the client address and client port, when using proxy
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
|
|
@ -48,7 +48,7 @@ in
|
||||||
}];
|
}];
|
||||||
|
|
||||||
locations."/".return = "302 https://eh05.easterhegg.eu";
|
locations."/".return = "302 https://eh05.easterhegg.eu";
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
# $remote_port to the client address and client port, when using proxy
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
@ -60,7 +60,7 @@ in
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
"eh05.easterhegg.eu" = {
|
"eh05.easterhegg.eu" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "eh05.easterhegg.eu";
|
useACMEHost = "eh05.easterhegg.eu";
|
||||||
|
@ -71,7 +71,7 @@ in
|
||||||
ssl = true;
|
ssl = true;
|
||||||
proxyProtocol = true;
|
proxyProtocol = true;
|
||||||
}];
|
}];
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
index = "index.shtml";
|
index = "index.shtml";
|
||||||
root = eh05;
|
root = eh05;
|
||||||
|
@ -80,7 +80,7 @@ in
|
||||||
default_type text/html;
|
default_type text/html;
|
||||||
# Enable SSI
|
# Enable SSI
|
||||||
ssi on;
|
ssi on;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
|
|
@ -54,7 +54,7 @@ in
|
||||||
}];
|
}];
|
||||||
|
|
||||||
locations."/".return = "302 https://eh07.easterhegg.eu";
|
locations."/".return = "302 https://eh07.easterhegg.eu";
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
# $remote_port to the client address and client port, when using proxy
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
@ -86,7 +86,7 @@ in
|
||||||
default_type text/html;
|
default_type text/html;
|
||||||
# Enable SSI
|
# Enable SSI
|
||||||
ssi on;
|
ssi on;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
|
|
@ -54,7 +54,7 @@ in
|
||||||
}];
|
}];
|
||||||
|
|
||||||
locations."/".return = "302 https://eh09.easterhegg.eu";
|
locations."/".return = "302 https://eh09.easterhegg.eu";
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
# $remote_port to the client address and client port, when using proxy
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
@ -86,7 +86,7 @@ in
|
||||||
default_type text/html;
|
default_type text/html;
|
||||||
# Enable SSI
|
# Enable SSI
|
||||||
ssi on;
|
ssi on;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
|
|
@ -54,7 +54,7 @@ in
|
||||||
}];
|
}];
|
||||||
|
|
||||||
locations."/".return = "302 https://eh11.easterhegg.eu";
|
locations."/".return = "302 https://eh11.easterhegg.eu";
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
# $remote_port to the client address and client port, when using proxy
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
@ -86,7 +86,7 @@ in
|
||||||
default_type text/html;
|
default_type text/html;
|
||||||
# Enable SSI
|
# Enable SSI
|
||||||
ssi on;
|
ssi on;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
|
|
@ -1,60 +0,0 @@
|
||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
domain = "staging.c3cat.de";
|
|
||||||
dataDir = "/var/www/${domain}";
|
|
||||||
deployUser = "c3cat-website-deploy";
|
|
||||||
in {
|
|
||||||
services.nginx.virtualHosts = {
|
|
||||||
"acme-${domain}" = {
|
|
||||||
enableACME = true;
|
|
||||||
serverName = "${domain}";
|
|
||||||
|
|
||||||
listen = [
|
|
||||||
{
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
port = 31820;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"${domain}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
useACMEHost = "${domain}";
|
|
||||||
|
|
||||||
listen = [
|
|
||||||
{
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
port = 8443;
|
|
||||||
ssl = true;
|
|
||||||
proxyProtocol = true;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
root = "${dataDir}";
|
|
||||||
|
|
||||||
# Disallow *, since this is staging and doesn't need to be in any search
|
|
||||||
# results.
|
|
||||||
locations."/robots.txt" = {
|
|
||||||
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
|
|
||||||
};
|
|
||||||
|
|
||||||
extraConfig = ''
|
|
||||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
|
||||||
# $remote_port to the client address and client port, when using proxy
|
|
||||||
# protocol.
|
|
||||||
# First set our proxy protocol proxy as trusted.
|
|
||||||
set_real_ip_from 172.31.17.140;
|
|
||||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
|
||||||
# header.
|
|
||||||
real_ip_header proxy_protocol;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
|
|
||||||
];
|
|
||||||
|
|
||||||
# c3cat deploy user already defined in c3cat.de.nix.
|
|
||||||
}
|
|
|
@ -4,8 +4,7 @@ let
|
||||||
domain = "staging.hacker.tours";
|
domain = "staging.hacker.tours";
|
||||||
dataDir = "/var/www/${domain}";
|
dataDir = "/var/www/${domain}";
|
||||||
deployUser = "hackertours-website-deploy";
|
deployUser = "hackertours-website-deploy";
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"acme-${domain}" = {
|
"acme-${domain}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -4,8 +4,7 @@ let
|
||||||
domain = "staging.hackertours.hamburg.ccc.de";
|
domain = "staging.hackertours.hamburg.ccc.de";
|
||||||
dataDir = "/var/www/${domain}";
|
dataDir = "/var/www/${domain}";
|
||||||
deployUser = "ht-ccchh-website-deploy";
|
deployUser = "ht-ccchh-website-deploy";
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"acme-${domain}" = {
|
"acme-${domain}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -3,12 +3,13 @@
|
||||||
# - https://woodpecker-ci.org/docs/administration/agent-config
|
# - https://woodpecker-ci.org/docs/administration/agent-config
|
||||||
# - https://woodpecker-ci.org/docs/administration/backends/docker
|
# - https://woodpecker-ci.org/docs/administration/backends/docker
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, pkgs-unstable, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.woodpecker-agents.agents."docker" = {
|
services.woodpecker-agents.agents."docker" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.woodpecker-agent;
|
# Since we use woodpecker-server from unstable, use the agent from unstable as well.
|
||||||
|
package = pkgs-unstable.woodpecker-agent;
|
||||||
extraGroups = [ "docker" ];
|
extraGroups = [ "docker" ];
|
||||||
environment = {
|
environment = {
|
||||||
WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}";
|
WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}";
|
||||||
|
|
|
@ -5,12 +5,14 @@
|
||||||
# - https://woodpecker-ci.org/docs/administration/forges/forgejo
|
# - https://woodpecker-ci.org/docs/administration/forges/forgejo
|
||||||
# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
|
# - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, pkgs-unstable, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.woodpecker-server = {
|
services.woodpecker-server = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.woodpecker-server;
|
# Use package from unstable to get at least version 2.6.0 for native Forgejo support.
|
||||||
|
# https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.6.0
|
||||||
|
package = pkgs-unstable.woodpecker-server;
|
||||||
environment = {
|
environment = {
|
||||||
WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
|
WOODPECKER_HOST = "https://woodpecker.hamburg.ccc.de";
|
||||||
WOODPECKER_SERVER_ADDR = ":8001";
|
WOODPECKER_SERVER_ADDR = ":8001";
|
||||||
|
@ -22,7 +24,6 @@
|
||||||
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
|
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
|
||||||
WOODPECKER_FORGEJO = "true";
|
WOODPECKER_FORGEJO = "true";
|
||||||
WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
|
WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
|
||||||
WOODPECKER_LIMIT_MEM = "6442450944"; # 6GB
|
|
||||||
# Set via enviornmentFile:
|
# Set via enviornmentFile:
|
||||||
# WOODPECKER_FORGEJO_CLIENT
|
# WOODPECKER_FORGEJO_CLIENT
|
||||||
# WOODPECKER_FORGEJO_SECRET
|
# WOODPECKER_FORGEJO_SECRET
|
||||||
|
|
|
@ -6,16 +6,16 @@
|
||||||
description = "Yate telehony engine";
|
description = "Yate telehony engine";
|
||||||
unitConfig = {
|
unitConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
After = "network.target";
|
After="network.target";
|
||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.yate}/bin/yate -c /yate -e /yate/share -Do";
|
ExecStart = "${pkgs.yate}/bin/yate -c /yate -e /yate/share -Do";
|
||||||
Type = "simple";
|
Type="simple";
|
||||||
Restart = "always";
|
Restart="always";
|
||||||
# ...
|
# ...
|
||||||
};
|
};
|
||||||
wantedBy = [ "default.target" ];
|
wantedBy = [ "default.target" ];
|
||||||
requiredBy = [ "network.target" ];
|
requiredBy = [ "network.target" ];
|
||||||
# ...
|
# ...
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
97
flake.lock
97
flake.lock
|
@ -1,26 +1,12 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"authorizedKeysRepo": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731276342,
|
|
||||||
"narHash": "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=",
|
|
||||||
"rev": "686a6af22f6696f0c0595c56f463c078550049fc",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://git.hamburg.ccc.de/api/v1/repos/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz?rev=686a6af22f6696f0c0595c56f463c078550049fc"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixlib": {
|
"nixlib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731200463,
|
"lastModified": 1729386149,
|
||||||
"narHash": "sha256-qDaAweJjdFbVExqs8aG27urUgcgKufkIngHW3Rzustg=",
|
"narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs.lib",
|
"repo": "nixpkgs.lib",
|
||||||
"rev": "e04234d263750db01c78a412690363dc2226e68a",
|
"rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -32,14 +18,16 @@
|
||||||
"nixos-generators": {
|
"nixos-generators": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixlib": "nixlib",
|
"nixlib": "nixlib",
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731546190,
|
"lastModified": 1729472750,
|
||||||
"narHash": "sha256-kJix8nLyFIJ3EC7VtoXK/85C4ZN2dC5oWoS8+ErehqI=",
|
"narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-generators",
|
"repo": "nixos-generators",
|
||||||
"rev": "06ffce1a8d95e95c06a4bcfa117dd960b14a7101",
|
"rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -50,27 +38,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731245184,
|
"lastModified": 1730428893,
|
||||||
"narHash": "sha256-vmLS8+x+gHRv1yzj3n+GTAEObwmhxmkkukB2DwtJRdU=",
|
"narHash": "sha256-fLLUd2dO/Vnf96UDr8YPzerYi+n99l3S5yIUDnmcPBE=",
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "aebe249544837ce42588aa4b2e7972222ba12e8f",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixpkgs-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731842749,
|
|
||||||
"narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=",
|
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682",
|
"rev": "38edd08881ce4dc24056eec173b43587a93c990f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -80,11 +52,43 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729973466,
|
||||||
|
"narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-24.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-unstable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1730449684,
|
||||||
|
"narHash": "sha256-Hlv3rTPxnO+DpKRXw9yjzERLdk05h7+fEbZxWM2taCw=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "ab464abbeb3a2833288c6e907488c49c2e599f88",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-unstable-small",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"authorizedKeysRepo": "authorizedKeysRepo",
|
|
||||||
"nixos-generators": "nixos-generators",
|
"nixos-generators": "nixos-generators",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs",
|
||||||
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
"sops-nix": "sops-nix"
|
"sops-nix": "sops-nix"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -92,14 +96,15 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
],
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731862312,
|
"lastModified": 1729999681,
|
||||||
"narHash": "sha256-NVUTFxKrJp/hjehlF1IvkPnlRYg/O9HFVutbxOM8zNM=",
|
"narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "472741cf3fee089241ac9ea705bb2b9e0bfa2978",
|
"rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
188
flake.nix
188
flake.nix
|
@ -6,12 +6,13 @@
|
||||||
# https://nixos.org/manual/nixos/stable/#sec-upgrading
|
# https://nixos.org/manual/nixos/stable/#sec-upgrading
|
||||||
# https://github.com/NixOS/nixpkgs
|
# https://github.com/NixOS/nixpkgs
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05-small";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05-small";
|
||||||
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
||||||
|
|
||||||
# Add nixos-generators as an input.
|
# Add nixos-generators as an input.
|
||||||
# See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
|
# See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
|
||||||
nixos-generators = {
|
nixos-generators = {
|
||||||
url = "github:nix-community/nixos-generators";
|
url = "github:nix-community/nixos-generators";
|
||||||
#inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Add sops-nix as an input for secret management.
|
# Add sops-nix as an input for secret management.
|
||||||
|
@ -20,225 +21,214 @@
|
||||||
url = "github:Mic92/sops-nix";
|
url = "github:Mic92/sops-nix";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
authorizedKeysRepo = {
|
|
||||||
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz";
|
|
||||||
flake = false;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, nixos-generators, sops-nix, authorizedKeysRepo, ... }:
|
outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
|
||||||
let
|
let
|
||||||
specialArgs = {
|
|
||||||
inherit authorizedKeysRepo;
|
|
||||||
};
|
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
|
||||||
|
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
|
||||||
|
# See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
|
||||||
|
configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
|
||||||
|
buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
|
||||||
|
});
|
||||||
|
};
|
||||||
|
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
overlays = {
|
|
||||||
shairportSyncAirplay2 = final: prev: {
|
|
||||||
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
|
|
||||||
# See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
|
|
||||||
configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
|
|
||||||
buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
|
|
||||||
});
|
|
||||||
};
|
|
||||||
};
|
|
||||||
nixosModules = {
|
|
||||||
common = ./config/common;
|
|
||||||
proxmox-vm = ./config/proxmox-vm;
|
|
||||||
prometheus-exporter = ./config/extra/prometheus-exporter.nix;
|
|
||||||
};
|
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
|
audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
{ nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; }
|
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
|
||||||
./config/hosts/audio-hauptraum-kueche
|
./config/hosts/audio-hauptraum-kueche
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
|
audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
{ nixpkgs.overlays = [ self.overlays.shairportSyncAirplay2 ]; }
|
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
|
||||||
./config/hosts/audio-hauptraum-tafel
|
./config/hosts/audio-hauptraum-tafel
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
esphome = nixpkgs.lib.nixosSystem {
|
esphome = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
./config/hosts/esphome
|
./config/hosts/esphome
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
public-reverse-proxy = nixpkgs.lib.nixosSystem {
|
public-reverse-proxy = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
./config/hosts/public-reverse-proxy
|
./config/hosts/public-reverse-proxy
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
netbox = nixpkgs.lib.nixosSystem {
|
netbox = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/netbox
|
./config/hosts/netbox
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
matrix = nixpkgs.lib.nixosSystem {
|
matrix = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/matrix
|
./config/hosts/matrix
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
public-web-static = nixpkgs.lib.nixosSystem {
|
public-web-static = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/public-web-static
|
./config/hosts/public-web-static
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
git = nixpkgs.lib.nixosSystem {
|
git = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/git
|
./config/hosts/git
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
forgejo-actions-runner = nixpkgs.lib.nixosSystem {
|
forgejo-actions-runner = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/forgejo-actions-runner
|
./config/hosts/forgejo-actions-runner
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
ptouch-print-server = nixpkgs.lib.nixosSystem {
|
ptouch-print-server = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
./config/hosts/ptouch-print-server
|
./config/hosts/ptouch-print-server
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
eh22-wiki = nixpkgs.lib.nixosSystem {
|
eh22-wiki = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/eh22-wiki
|
./config/hosts/eh22-wiki
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
nix-box-june = nixpkgs.lib.nixosSystem {
|
nix-box-june = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/nix-box-june
|
./config/hosts/nix-box-june
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
yate = nixpkgs.lib.nixosSystem {
|
yate = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
./config/hosts/yate
|
./config/hosts/yate
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
mqtt = nixpkgs.lib.nixosSystem {
|
mqtt = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
./config/hosts/mqtt
|
./config/hosts/mqtt
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
mjolnir = nixpkgs.lib.nixosSystem {
|
mjolnir = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/mjolnir
|
./config/hosts/mjolnir
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
woodpecker = nixpkgs.lib.nixosSystem {
|
woodpecker = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/woodpecker
|
./config/hosts/woodpecker
|
||||||
];
|
];
|
||||||
|
specialArgs = {
|
||||||
|
inherit pkgs-unstable;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
status = nixpkgs.lib.nixosSystem {
|
status = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
./config/hosts/status
|
./config/hosts/status
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
penpot = nixpkgs.lib.nixosSystem {
|
penpot = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/penpot
|
./config/hosts/penpot
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
hydra = nixpkgs.lib.nixosSystem {
|
hydra = nixpkgs.lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
self.nixosModules.prometheus-exporter
|
./config/extra/prometheus-exporter.nix
|
||||||
./config/hosts/hydra
|
./config/hosts/hydra
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -246,24 +236,22 @@
|
||||||
|
|
||||||
packages.x86_64-linux = {
|
packages.x86_64-linux = {
|
||||||
proxmox-nixos-template = nixos-generators.nixosGenerate {
|
proxmox-nixos-template = nixos-generators.nixosGenerate {
|
||||||
inherit specialArgs;
|
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
./config/nixos-generators/proxmox.nix
|
./config/nixos-generators/proxmox.nix
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
];
|
];
|
||||||
format = "proxmox";
|
format = "proxmox";
|
||||||
};
|
};
|
||||||
|
|
||||||
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
|
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
|
||||||
inherit specialArgs;
|
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
./config/nixos-generators/proxmox-chaosknoten.nix
|
./config/nixos-generators/proxmox-chaosknoten.nix
|
||||||
./config/proxmox-chaosknoten-additional-initial-config.nix
|
./config/proxmox-chaosknoten-additional-initial-config.nix
|
||||||
self.nixosModules.common
|
./config/common
|
||||||
self.nixosModules.proxmox-vm
|
./config/proxmox-vm
|
||||||
];
|
];
|
||||||
format = "proxmox";
|
format = "proxmox";
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue