forked from CCCHH/nix-infra
Run "nix fmt" to format this entire flake
This commit is contained in:
parent
71e1684f76
commit
1ad6ac9dc0
8 changed files with 181 additions and 180 deletions
|
@ -1,4 +1,4 @@
|
|||
{ ... }:
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
nix = {
|
||||
|
|
|
@ -16,24 +16,24 @@ let
|
|||
};
|
||||
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
|
||||
in
|
||||
{
|
||||
users.mutableUsers = false;
|
||||
{
|
||||
users.mutableUsers = false;
|
||||
|
||||
users.users.chaos = {
|
||||
isNormalUser = true;
|
||||
description = "Chaos";
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = authorizedKeys;
|
||||
};
|
||||
users.users.chaos = {
|
||||
isNormalUser = true;
|
||||
description = "Chaos";
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = authorizedKeys;
|
||||
};
|
||||
|
||||
users.users.colmena-deploy = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = authorizedKeys;
|
||||
};
|
||||
users.users.colmena-deploy = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = authorizedKeys;
|
||||
};
|
||||
|
||||
nix.settings.trusted-users = [ "colmena-deploy" ];
|
||||
nix.settings.trusted-users = [ "colmena-deploy" ];
|
||||
|
||||
# Since our user doesn't have a password, allow passwordless sudo for wheel.
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
}
|
||||
# Since our user doesn't have a password, allow passwordless sudo for wheel.
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
}
|
||||
|
|
|
@ -40,6 +40,6 @@
|
|||
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 31820 ];
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
|
||||
media_store_path = "/mnt/data/synapse_media_store";
|
||||
max_upload_size = "500M";
|
||||
|
||||
|
||||
admin_contact = "mailto:yuri+ccchh@nekover.se";
|
||||
};
|
||||
|
||||
|
|
|
@ -60,6 +60,6 @@
|
|||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8443 8448 31820 ];
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_15;
|
||||
|
||||
|
||||
initialScript = pkgs.writeText "synapse-init.sql" ''
|
||||
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
||||
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
||||
|
|
|
@ -11,7 +11,7 @@ let
|
|||
version = "main";
|
||||
|
||||
src = spaceapidSrc;
|
||||
|
||||
|
||||
ldflags = [
|
||||
"-X main.version=${version}-${spaceapidSrc.rev}"
|
||||
];
|
||||
|
|
315
flake.nix
315
flake.nix
|
@ -58,169 +58,170 @@
|
|||
});
|
||||
};
|
||||
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
|
||||
in {
|
||||
colmena = {
|
||||
meta = {
|
||||
nixpkgs = nixpkgs.legacyPackages."x86_64-linux";
|
||||
nodeNixpkgs = {
|
||||
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
|
||||
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
|
||||
in
|
||||
{
|
||||
colmena = {
|
||||
meta = {
|
||||
nixpkgs = nixpkgs.legacyPackages."x86_64-linux";
|
||||
nodeNixpkgs = {
|
||||
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
|
||||
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
|
||||
};
|
||||
nodeSpecialArgs = {
|
||||
git = { inherit pkgs-unstable; };
|
||||
};
|
||||
};
|
||||
nodeSpecialArgs = {
|
||||
git = { inherit pkgs-unstable; };
|
||||
|
||||
audio-hauptraum-kueche = {
|
||||
deployment = {
|
||||
targetHost = "audio-hauptraum-kueche.z9.ccchh.net";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "thinkcccluster" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/audio-hauptraum-kueche
|
||||
];
|
||||
};
|
||||
|
||||
audio-hauptraum-tafel = {
|
||||
deployment = {
|
||||
targetHost = "audio-hauptraum-tafel.z9.ccchh.net";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "thinkcccluster" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/audio-hauptraum-tafel
|
||||
];
|
||||
};
|
||||
|
||||
esphome = {
|
||||
deployment = {
|
||||
targetHost = "esphome.z9.ccchh.net";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "thinkcccluster" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/esphome
|
||||
];
|
||||
};
|
||||
|
||||
public-reverse-proxy = {
|
||||
deployment = {
|
||||
targetHost = "public-reverse-proxy.z9.ccchh.net";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "thinkcccluster" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/public-reverse-proxy
|
||||
];
|
||||
};
|
||||
|
||||
netbox = {
|
||||
deployment = {
|
||||
targetHost = "netbox-intern.hamburg.ccc.de";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "chaosknoten" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/netbox
|
||||
];
|
||||
};
|
||||
|
||||
matrix = {
|
||||
deployment = {
|
||||
targetHost = "matrix-intern.hamburg.ccc.de";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "chaosknoten" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/matrix
|
||||
];
|
||||
};
|
||||
|
||||
public-web-static = {
|
||||
deployment = {
|
||||
targetHost = "public-web-static-intern.hamburg.ccc.de";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "chaosknoten" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/public-web-static
|
||||
];
|
||||
};
|
||||
|
||||
git = {
|
||||
deployment = {
|
||||
targetHost = "git.hamburg.ccc.de";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "chaosknoten" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/git
|
||||
];
|
||||
};
|
||||
|
||||
forgejo-actions-runner = {
|
||||
deployment = {
|
||||
targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "chaosknoten" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/forgejo-actions-runner
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
audio-hauptraum-kueche = {
|
||||
deployment = {
|
||||
targetHost = "audio-hauptraum-kueche.z9.ccchh.net";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "thinkcccluster" ];
|
||||
packages.x86_64-linux = {
|
||||
proxmox-nixos-template = nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./config/nixos-generators/proxmox.nix
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
];
|
||||
format = "proxmox";
|
||||
};
|
||||
|
||||
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./config/nixos-generators/proxmox-chaosknoten.nix
|
||||
./config/proxmox-chaosknoten-additional-initial-config.nix
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
];
|
||||
format = "proxmox";
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/audio-hauptraum-kueche
|
||||
];
|
||||
};
|
||||
|
||||
audio-hauptraum-tafel = {
|
||||
deployment = {
|
||||
targetHost = "audio-hauptraum-tafel.z9.ccchh.net";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "thinkcccluster" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/audio-hauptraum-tafel
|
||||
];
|
||||
};
|
||||
|
||||
esphome = {
|
||||
deployment = {
|
||||
targetHost = "esphome.z9.ccchh.net";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "thinkcccluster" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/esphome
|
||||
];
|
||||
};
|
||||
|
||||
public-reverse-proxy = {
|
||||
deployment = {
|
||||
targetHost = "public-reverse-proxy.z9.ccchh.net";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "thinkcccluster" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/public-reverse-proxy
|
||||
];
|
||||
};
|
||||
|
||||
netbox = {
|
||||
deployment = {
|
||||
targetHost = "netbox-intern.hamburg.ccc.de";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "chaosknoten" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/netbox
|
||||
];
|
||||
};
|
||||
|
||||
matrix = {
|
||||
deployment = {
|
||||
targetHost = "matrix-intern.hamburg.ccc.de";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "chaosknoten" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/matrix
|
||||
];
|
||||
};
|
||||
|
||||
public-web-static = {
|
||||
deployment = {
|
||||
targetHost = "public-web-static-intern.hamburg.ccc.de";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "chaosknoten" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/public-web-static
|
||||
];
|
||||
};
|
||||
|
||||
git = {
|
||||
deployment = {
|
||||
targetHost = "git.hamburg.ccc.de";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "chaosknoten" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/git
|
||||
];
|
||||
};
|
||||
|
||||
forgejo-actions-runner = {
|
||||
deployment = {
|
||||
targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de";
|
||||
targetPort = 22;
|
||||
targetUser = "colmena-deploy";
|
||||
tags = [ "chaosknoten" ];
|
||||
};
|
||||
imports = [
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
./config/hosts/forgejo-actions-runner
|
||||
];
|
||||
};
|
||||
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
|
||||
};
|
||||
|
||||
packages.x86_64-linux = {
|
||||
proxmox-nixos-template = nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./config/nixos-generators/proxmox.nix
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
];
|
||||
format = "proxmox";
|
||||
};
|
||||
|
||||
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./config/nixos-generators/proxmox-chaosknoten.nix
|
||||
./config/proxmox-chaosknoten-additional-initial-config.nix
|
||||
./config/common
|
||||
./config/proxmox-vm
|
||||
];
|
||||
format = "proxmox";
|
||||
};
|
||||
};
|
||||
|
||||
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue