Compare commits

...

5 commits

Author SHA1 Message Date
christian c78c278627
Set WOODPECKER_LIMIT_MEM to 6 GB for woodpecker
so pipelines don't get killed by OOM.
2024-11-17 22:43:51 +01:00
jopejoe1 e3c677ea9b
fix: use tar file 2024-11-17 21:15:05 +01:00
christian ecd9fe4adf
fix: use http clone url from forgejo 2024-11-17 21:06:27 +01:00
jopejoe1 2003367108
move authorized keys to flake input 2024-11-17 20:33:38 +01:00
christian 53e33a6641
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565' (2024-10-21)
  → 'github:nix-community/nixos-generators/06ffce1a8d95e95c06a4bcfa117dd960b14a7101' (2024-11-14)
• Updated input 'nixos-generators/nixlib':
    'github:nix-community/nixpkgs.lib/cce4521b6df014e79a7b7afc58c703ed683c916e' (2024-10-20)
  → 'github:nix-community/nixpkgs.lib/e04234d263750db01c78a412690363dc2226e68a' (2024-11-10)
• Updated input 'nixos-generators/nixpkgs':
    follows 'nixpkgs'
  → 'github:NixOS/nixpkgs/aebe249544837ce42588aa4b2e7972222ba12e8f' (2024-11-10)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/11f65b4b0405cff5b54c813626bddcf5435d7ad2' (2024-11-09)
  → 'github:nixos/nixpkgs/bf6132dc791dbdff8b6894c3a85eb27ad8255682' (2024-11-17)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f1675e3b0e1e663a4af49be67ecbc9e749f85eb7' (2024-11-10)
  → 'github:Mic92/sops-nix/472741cf3fee089241ac9ea705bb2b9e0bfa2978' (2024-11-17)
• Removed input 'sops-nix/nixpkgs-stable'
2024-11-17 20:25:16 +01:00
4 changed files with 79 additions and 61 deletions

View file

@ -6,14 +6,9 @@
# - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix # - https://git.grzb.de/yuri/nix-infra/-/blob/342a2f732da042d04e579d98e9f834418b7ebf25/users/colmena-deploy/default.nix
# - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings # - https://nixos.org/manual/nix/stable/command-ref/conf-file.html?highlight=nix.conf#available-settings
{ config, pkgs, lib, ... }: { config, pkgs, lib, authorizedKeysRepo, ... }:
let let
authorizedKeysRepo = builtins.fetchGit {
url = "forgejo@git.hamburg.ccc.de:CCCHH/infrastructure-authorized-keys.git";
ref = "trunk";
rev = "686a6af22f6696f0c0595c56f463c078550049fc";
};
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys")); authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
in in
{ {

View file

@ -22,6 +22,7 @@
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql"; WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker-server@/woodpecker-server?host=/run/postgresql";
WOODPECKER_FORGEJO = "true"; WOODPECKER_FORGEJO = "true";
WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de"; WOODPECKER_FORGEJO_URL = "https://git.hamburg.ccc.de";
WOODPECKER_LIMIT_MEM = "6442450944"; # 6GB
# Set via enviornmentFile: # Set via enviornmentFile:
# WOODPECKER_FORGEJO_CLIENT # WOODPECKER_FORGEJO_CLIENT
# WOODPECKER_FORGEJO_SECRET # WOODPECKER_FORGEJO_SECRET

View file

@ -1,12 +1,26 @@
{ {
"nodes": { "nodes": {
"authorizedKeysRepo": {
"flake": false,
"locked": {
"lastModified": 1731276342,
"narHash": "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=",
"rev": "686a6af22f6696f0c0595c56f463c078550049fc",
"type": "tarball",
"url": "https://git.hamburg.ccc.de/api/v1/repos/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz?rev=686a6af22f6696f0c0595c56f463c078550049fc"
},
"original": {
"type": "tarball",
"url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz"
}
},
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1729386149, "lastModified": 1731200463,
"narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", "narHash": "sha256-qDaAweJjdFbVExqs8aG27urUgcgKufkIngHW3Rzustg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "cce4521b6df014e79a7b7afc58c703ed683c916e", "rev": "e04234d263750db01c78a412690363dc2226e68a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -18,16 +32,14 @@
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
"nixpkgs": [ "nixpkgs": "nixpkgs"
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1729472750, "lastModified": 1731546190,
"narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=", "narHash": "sha256-kJix8nLyFIJ3EC7VtoXK/85C4ZN2dC5oWoS8+ErehqI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565", "rev": "06ffce1a8d95e95c06a4bcfa117dd960b14a7101",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -38,11 +50,27 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1731133565, "lastModified": 1731245184,
"narHash": "sha256-tCErjTdCUWK06LzkcvwUM+3pyrrmdf8e0VDBBTgqznE=", "narHash": "sha256-vmLS8+x+gHRv1yzj3n+GTAEObwmhxmkkukB2DwtJRdU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "aebe249544837ce42588aa4b2e7972222ba12e8f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1731842749,
"narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "11f65b4b0405cff5b54c813626bddcf5435d7ad2", "rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -52,26 +80,11 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1730602179,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"authorizedKeysRepo": "authorizedKeysRepo",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
@ -79,15 +92,14 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1731213149, "lastModified": 1731862312,
"narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=", "narHash": "sha256-NVUTFxKrJp/hjehlF1IvkPnlRYg/O9HFVutbxOM8zNM=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7", "rev": "472741cf3fee089241ac9ea705bb2b9e0bfa2978",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -11,7 +11,7 @@
# See here: https://github.com/nix-community/nixos-generators#using-in-a-flake # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
nixos-generators = { nixos-generators = {
url = "github:nix-community/nixos-generators"; url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs"; #inputs.nixpkgs.follows = "nixpkgs";
}; };
# Add sops-nix as an input for secret management. # Add sops-nix as an input for secret management.
@ -20,10 +20,18 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
authorizedKeysRepo = {
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/686a6af22f6696f0c0595c56f463c078550049fc.tar.gz";
flake = false;
};
}; };
outputs = { self, nixpkgs, nixos-generators, sops-nix, ... }: outputs = { self, nixpkgs, nixos-generators, sops-nix, authorizedKeysRepo, ... }:
let let
specialArgs = {
inherit authorizedKeysRepo;
};
system = "x86_64-linux"; system = "x86_64-linux";
in in
{ {
@ -43,7 +51,7 @@
}; };
nixosConfigurations = { nixosConfigurations = {
audio-hauptraum-kueche = nixpkgs.lib.nixosSystem { audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -53,7 +61,7 @@
}; };
audio-hauptraum-tafel = nixpkgs.lib.nixosSystem { audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -63,7 +71,7 @@
}; };
esphome = nixpkgs.lib.nixosSystem { esphome = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -72,7 +80,7 @@
}; };
public-reverse-proxy = nixpkgs.lib.nixosSystem { public-reverse-proxy = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -81,7 +89,7 @@
}; };
netbox = nixpkgs.lib.nixosSystem { netbox = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -92,7 +100,7 @@
}; };
matrix = nixpkgs.lib.nixosSystem { matrix = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -103,7 +111,7 @@
}; };
public-web-static = nixpkgs.lib.nixosSystem { public-web-static = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -114,7 +122,7 @@
}; };
git = nixpkgs.lib.nixosSystem { git = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -125,7 +133,7 @@
}; };
forgejo-actions-runner = nixpkgs.lib.nixosSystem { forgejo-actions-runner = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -136,7 +144,7 @@
}; };
ptouch-print-server = nixpkgs.lib.nixosSystem { ptouch-print-server = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -145,7 +153,7 @@
}; };
eh22-wiki = nixpkgs.lib.nixosSystem { eh22-wiki = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -155,7 +163,7 @@
}; };
nix-box-june = nixpkgs.lib.nixosSystem { nix-box-june = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -165,7 +173,7 @@
}; };
yate = nixpkgs.lib.nixosSystem { yate = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -174,7 +182,7 @@
}; };
mqtt = nixpkgs.lib.nixosSystem { mqtt = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -183,7 +191,7 @@
}; };
mjolnir = nixpkgs.lib.nixosSystem { mjolnir = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -194,7 +202,7 @@
}; };
woodpecker = nixpkgs.lib.nixosSystem { woodpecker = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -205,7 +213,7 @@
}; };
status = nixpkgs.lib.nixosSystem { status = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -215,7 +223,7 @@
}; };
penpot = nixpkgs.lib.nixosSystem { penpot = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -226,7 +234,7 @@
}; };
hydra = nixpkgs.lib.nixosSystem { hydra = nixpkgs.lib.nixosSystem {
inherit system; inherit system specialArgs;
modules = [ modules = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.proxmox-vm self.nixosModules.proxmox-vm
@ -238,6 +246,7 @@
packages.x86_64-linux = { packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate { proxmox-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./config/nixos-generators/proxmox.nix ./config/nixos-generators/proxmox.nix
@ -248,6 +257,7 @@
}; };
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate { proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./config/nixos-generators/proxmox-chaosknoten.nix ./config/nixos-generators/proxmox-chaosknoten.nix