bendodroid/nix-infra
0
0
Fork 0
forked from CCCHH/nix-infra
Code Pull requests Activity

Run "nix fmt" to format this entire flake

Browse source
This commit is contained in:
June 2024-03-06 22:50:32 +01:00 committed by June
parent 71e1684f76
commit 1ad6ac9dc0
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
8 changed files with 181 additions and 180 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/common/nix.nix
View file

@ -1,4 +1,4 @@
{ ... }: { ... }:
{ {
nix = { nix = {

34
config/common/users.nix
View file

@ -16,24 +16,24 @@ let
}; };
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys")); authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
in in
{ {
users.mutableUsers = false; users.mutableUsers = false;
users.users.chaos = { users.users.chaos = {
isNormalUser = true; isNormalUser = true;
description = "Chaos"; description = "Chaos";
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = authorizedKeys; openssh.authorizedKeys.keys = authorizedKeys;
}; };
users.users.colmena-deploy = { users.users.colmena-deploy = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = authorizedKeys; openssh.authorizedKeys.keys = authorizedKeys;
}; };
nix.settings.trusted-users = [ "colmena-deploy" ]; nix.settings.trusted-users = [ "colmena-deploy" ];
# Since our user doesn't have a password, allow passwordless sudo for wheel. # Since our user doesn't have a password, allow passwordless sudo for wheel.
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
} }

2
config/hosts/esphome/nginx.nix
View file

@ -40,6 +40,6 @@
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 31820 ]; networking.firewall.allowedTCPPorts = [ 80 443 31820 ];
} }

2
config/hosts/matrix/matrix-synapse.nix
View file

@ -39,7 +39,7 @@
media_store_path = "/mnt/data/synapse_media_store"; media_store_path = "/mnt/data/synapse_media_store";
max_upload_size = "500M"; max_upload_size = "500M";
admin_contact = "mailto:yuri+ccchh@nekover.se"; admin_contact = "mailto:yuri+ccchh@nekover.se";
}; };

2
config/hosts/matrix/nginx.nix
View file

@ -60,6 +60,6 @@
''; '';
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8443 8448 31820 ]; networking.firewall.allowedTCPPorts = [ 8443 8448 31820 ];
} }

2
config/hosts/matrix/postgresql.nix
View file

@ -4,7 +4,7 @@
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_15; package = pkgs.postgresql_15;
initialScript = pkgs.writeText "synapse-init.sql" '' initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"

2
config/hosts/public-web-static/spaceapid.nix
View file

@ -11,7 +11,7 @@ let
version = "main"; version = "main";
src = spaceapidSrc; src = spaceapidSrc;
ldflags = [ ldflags = [
"-X main.version=${version}-${spaceapidSrc.rev}" "-X main.version=${version}-${spaceapidSrc.rev}"
]; ];

315
flake.nix
View file

@ -58,169 +58,170 @@
}); });
}; };
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
in { in
colmena = { {
meta = { colmena = {
nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; meta = {
nodeNixpkgs = { nixpkgs = nixpkgs.legacyPackages."x86_64-linux";
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; nodeNixpkgs = {
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
};
nodeSpecialArgs = {
git = { inherit pkgs-unstable; };
};
}; };
nodeSpecialArgs = {
git = { inherit pkgs-unstable; }; audio-hauptraum-kueche = {
deployment = {
targetHost = "audio-hauptraum-kueche.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-kueche
];
};
audio-hauptraum-tafel = {
deployment = {
targetHost = "audio-hauptraum-tafel.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-tafel
];
};
esphome = {
deployment = {
targetHost = "esphome.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/esphome
];
};
public-reverse-proxy = {
deployment = {
targetHost = "public-reverse-proxy.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-reverse-proxy
];
};
netbox = {
deployment = {
targetHost = "netbox-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/netbox
];
};
matrix = {
deployment = {
targetHost = "matrix-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/matrix
];
};
public-web-static = {
deployment = {
targetHost = "public-web-static-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-web-static
];
};
git = {
deployment = {
targetHost = "git.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/git
];
};
forgejo-actions-runner = {
deployment = {
targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/forgejo-actions-runner
];
}; };
}; };
audio-hauptraum-kueche = { packages.x86_64-linux = {
deployment = { proxmox-nixos-template = nixos-generators.nixosGenerate {
targetHost = "audio-hauptraum-kueche.z9.ccchh.net"; system = "x86_64-linux";
targetPort = 22; modules = [
targetUser = "colmena-deploy"; ./config/nixos-generators/proxmox.nix
tags = [ "thinkcccluster" ]; ./config/common
./config/proxmox-vm
];
format = "proxmox";
};
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox-chaosknoten.nix
./config/proxmox-chaosknoten-additional-initial-config.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
}; };
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-kueche
];
}; };
audio-hauptraum-tafel = { formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
deployment = {
targetHost = "audio-hauptraum-tafel.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-tafel
];
};
esphome = {
deployment = {
targetHost = "esphome.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/esphome
];
};
public-reverse-proxy = {
deployment = {
targetHost = "public-reverse-proxy.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-reverse-proxy
];
};
netbox = {
deployment = {
targetHost = "netbox-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/netbox
];
};
matrix = {
deployment = {
targetHost = "matrix-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/matrix
];
};
public-web-static = {
deployment = {
targetHost = "public-web-static-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-web-static
];
};
git = {
deployment = {
targetHost = "git.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/git
];
};
forgejo-actions-runner = {
deployment = {
targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/forgejo-actions-runner
];
};
}; };
packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox-chaosknoten.nix
./config/proxmox-chaosknoten-additional-initial-config.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
} }