diff --git a/flake.nix b/flake.nix index a39505c..423f76c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,12 @@ { inputs = { nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-23.11"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable"; #nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; arion.url = "github:hercules-ci/arion"; mms.url = "github:mkaito/nixos-modded-minecraft-servers"; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; conduit = { url = "gitlab:famedly/conduit"; }; diff --git a/justfile b/justfile index 5e18a7e..50bf727 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,6 @@ deploy: colmena apply -build: - colmena build - update: nix flake update --commit-lock-file just deploy diff --git a/modules/base-stuff.nix b/modules/base-stuff.nix index 877cb4d..f07075a 100644 --- a/modules/base-stuff.nix +++ b/modules/base-stuff.nix @@ -65,6 +65,7 @@ }; programs.mosh.enable = true; + users.defaultUserShell = pkgs.nushell; services.openssh = { enable = true; @@ -72,7 +73,7 @@ }; environment.systemPackages = with pkgs; [ - vim + helix wget neofetch btop @@ -93,4 +94,11 @@ device = "/dev/sda2"; } ]; + + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; + virtualisation.docker.autoPrune.enable = true; } diff --git a/modules/containers/default.nix b/modules/containers/default.nix index 7c58c2d..b34141e 100644 --- a/modules/containers/default.nix +++ b/modules/containers/default.nix @@ -2,7 +2,7 @@ imports = [ ./katzencafe-wiki.nix ./phtanumb-wiki.nix - ./calckey.nix + # ./calckey.nix ./penpot.nix ./nextcloud.nix ]; diff --git a/modules/containers/katzencafe-wiki.nix b/modules/containers/katzencafe-wiki.nix index 8daac7a..5cd6b32 100644 --- a/modules/containers/katzencafe-wiki.nix +++ b/modules/containers/katzencafe-wiki.nix @@ -1,5 +1,4 @@ -{ pkgsOld, ... }: -{ +{pkgsOld, ...}: { containers."katzenwiki" = { autoStart = true; privateNetwork = true; @@ -17,11 +16,15 @@ # localAddress = "10.0.2.2"; # }; # }; - config = { config, pkgs, ... }: { - environment.systemPackages = with pkgs; [btop ]; + config = { + config, + pkgs, + ... + }: { + environment.systemPackages = with pkgs; [btop]; networking.firewall.enable = false; # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; - environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; + environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; services.mediawiki = { enable = true; name = "katzenwiki"; @@ -37,9 +40,9 @@ port = 80; ssl = false; } - ]; + ]; }; - passwordFile = "/var/lib/mediawiki/passwordFile"; + passwordFile = "/var/lib/mediawiki/passwordFile"; extraConfig = '' # $wgShowExceptionDetails = true; # $wgDebugToolbar = true; @@ -48,7 +51,7 @@ # Disable anonymous editing $wgGroupPermissions['*']['edit'] = false; - $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin']; + $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin']; $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['oidc_admin']['userrights'] = true; @@ -86,12 +89,12 @@ # NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work. # i should figure out why to make this work when setting up new instances... "katzenwikiPwFile" = { - keyCommand = [ "pass" "wikis/katzenwiki/password" ]; + keyCommand = ["pass" "wikis/katzenwiki/password"]; destDir = "/katzenwiki"; name = "passwordFile"; }; "katzenwikiKeycloakClientSecret" = { - keyCommand = [ "pass" "wikis/katzenwiki/keycloak-secret" ]; + keyCommand = ["pass" "wikis/katzenwiki/keycloak-secret"]; destDir = "/katzenwiki"; name = "keycloakClientSecret"; permissions = "0604"; diff --git a/modules/containers/nextcloud.nix b/modules/containers/nextcloud.nix index 5728858..3f1f311 100644 --- a/modules/containers/nextcloud.nix +++ b/modules/containers/nextcloud.nix @@ -35,13 +35,13 @@ trustedProxies = ["10.0.3.1"]; }; hostName = "wolke.katzen.cafe"; - package = pkgs.nextcloud27; + package = pkgs.nextcloud29; extraApps = with config.services.nextcloud.package.packages.apps; { inherit bookmarks calendar contacts; user_oidc = pkgs.fetchNextcloudApp rec { - url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz"; - sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w"; - license = "agpl3"; + url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v5.0.3/user_oidc-v5.0.3.tar.gz"; + sha256 = "sha256-oaN4nYIKzP7r9pB/6szZnkR+liSMARd3Nb8aM3m9WeE="; + license = "gpl3"; }; }; }; @@ -51,7 +51,8 @@ ensureUsers = [ { name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + # ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; }; diff --git a/modules/containers/phtanumb-wiki.nix b/modules/containers/phtanumb-wiki.nix index 0d69c08..682e8e5 100644 --- a/modules/containers/phtanumb-wiki.nix +++ b/modules/containers/phtanumb-wiki.nix @@ -1,11 +1,14 @@ -{ pkgsOld, ... }: { + pkgs, + pkgsOld, + ... +}: { containers."phtanumb-wiki" = { autoStart = true; privateNetwork = true; hostAddress = "10.0.1.1"; localAddress = "10.0.1.2"; - nixpkgs = pkgsOld.path; + nixpkgs = pkgs.path; bindMounts = { "/var/mediawiki" = { hostPath = "/phtanum-b/wiki"; @@ -18,11 +21,15 @@ # localAddress = "10.0.1.2"; # }; # }; - config = { config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ luajit ]; + config = { + config, + pkgs, + ... + }: { + environment.systemPackages = with pkgs; [luajit]; networking.firewall.enable = false; - # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; - environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; + # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; + environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; services.mediawiki = { enable = true; name = "phtanum-b"; @@ -38,7 +45,7 @@ } ]; }; - passwordFile = "/var/mediawiki/passwordFile"; + passwordFile = "/var/mediawiki/passwordFile"; extraConfig = '' # $wgShowExceptionDetails = true; # $wgDebugToolbar = true; @@ -58,7 +65,7 @@ $wgScribuntoUseGeSHi = true; $wgScribuntoUseCodeEditor = true; - $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin']; + $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin']; $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['oidc_admin']['userrights'] = true; @@ -93,13 +100,13 @@ }; # this is cursed. why do the extensions 404??? #JsonConfig = pkgs.fetchzip { - #url = "https://extdist.wmflabs.org/dist/extensions/JsonConfig-REL1_39-9840e0b.tar.gz"; - #sha256 = "sha256-m6JfUftyokJUauAg8SV8p1daUiOpFMvxNMa3el/RrJ0="; + #url = "https://extdist.wmflabs.org/dist/extensions/JsonConfig-REL1_39-9840e0b.tar.gz"; + #sha256 = "sha256-m6JfUftyokJUauAg8SV8p1daUiOpFMvxNMa3el/RrJ0="; #}; TemplateData = null; Scribunto = null; ParserFunctions = null; - #VisualEditor = null; + #VisualEditor = null; WikiEditor = null; CodeEditor = null; }; @@ -110,11 +117,11 @@ }; deployment.keys = { "passwordFile" = { - keyCommand = [ "pass" "wikis/phtanumb/password" ]; + keyCommand = ["pass" "wikis/phtanumb/password"]; destDir = "/phtanum-b/wiki"; }; "keycloakClientSecret" = { - keyCommand = [ "pass" "wikis/phtanumb/keycloak-secret" ]; + keyCommand = ["pass" "wikis/phtanumb/keycloak-secret"]; destDir = "/phtanum-b/wiki"; permissions = "0604"; }; diff --git a/modules/mailserver.nix b/modules/mailserver.nix index 0500e51..b2ff7b4 100644 --- a/modules/mailserver.nix +++ b/modules/mailserver.nix @@ -1,15 +1,16 @@ -{ inputs, ... }: -{ - imports = [ inputs.simple-nixos-mailserver.nixosModule ]; +{inputs, ...}: { + imports = [inputs.simple-nixos-mailserver.nixosModule]; + # hack to fix https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275 + services.dovecot2.sieve.extensions = ["fileinto"]; mailserver = { enable = true; fqdn = "mail.katzen.cafe"; sendingFqdn = "katzen.cafe"; - domains = [ "katzen.cafe" ]; + domains = ["katzen.cafe"]; loginAccounts = { "admin@katzen.cafe" = { hashedPasswordFile = "/var/lib/secrets/admin-mail-pw"; - aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ]; + aliases = ["postmaster@katzen.cafe" "abuse@katzen.cafe"]; }; "noreply@katzen.cafe" = { hashedPasswordFile = "/var/lib/secrets/noreply-mail-pw"; @@ -19,11 +20,11 @@ }; deployment.keys = { "admin-mail-pw" = { - keyCommand = [ "pass" "mailpws/hashes/admin" ]; + keyCommand = ["pass" "mailpws/hashes/admin"]; destDir = "/var/lib/secrets"; }; "noreply-mail-pw" = { - keyCommand = [ "pass" "mailpws/hashes/noreply" ]; + keyCommand = ["pass" "mailpws/hashes/noreply"]; destDir = "/var/lib/secrets"; }; }; diff --git a/modules/postgres.nix b/modules/postgres.nix index a21deea..8f91437 100644 --- a/modules/postgres.nix +++ b/modules/postgres.nix @@ -1,13 +1,13 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { services.postgresql = { enable = true; ensureUsers = [ { name = "forgejo"; - ensurePermissions = { - "DATABASE \"forgejo\"" = "ALL PRIVILEGES"; - }; + # ensurePermissions = { + # "DATABASE \"forgejo\"" = "ALL PRIVILEGES"; + # }; + ensureDBOwnership = true; } ]; ensureDatabases = [