diff --git a/flake.lock b/flake.lock index ec69a93..235f731 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1713728172, - "narHash": "sha256-rac5WwUyZGxVqcNh2PIOxXJFGPXBSFPfkox1AdqwVgk=", + "lastModified": 1720147808, + "narHash": "sha256-hlWEQGUbIwYb+vnd8egzlW/P++yKu3HjV/rOdOPVank=", "owner": "hercules-ci", "repo": "arion", - "rev": "add0e67d2b83814667490985ea4ef1226d3b4511", + "rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318", "type": "github" }, "original": { @@ -71,11 +71,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1713731448, - "narHash": "sha256-IDZfplo83qIi66Vpq1bqwwhm9FNs+6xW3d6EhMBGNCk=", + "lastModified": 1721379485, + "narHash": "sha256-Pcfv3IB4yGiSC4N5BqD6T9u+YYBiwjJ+VGzg0WGCjK8=", "owner": "famedly", "repo": "conduit", - "rev": "27753b1d9624fc7a295eaf6009b71ede5804de62", + "rev": "44dd21f432a22c82adab77c25469c336976f4081", "type": "gitlab" }, "original": { @@ -201,11 +201,11 @@ "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -222,11 +222,11 @@ ] }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, "original": { @@ -244,11 +244,11 @@ ] }, "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "type": "github" }, "original": { @@ -329,11 +329,11 @@ ] }, "locked": { - "lastModified": 1710478346, - "narHash": "sha256-Xjf8BdnQG0tLhPMlqQdwCIjOp7Teox0DP3N/jjyiGM4=", + "lastModified": 1719226092, + "narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "64e7763d72c1e4c1e5e6472640615b6ae2d40fbf", + "rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5", "type": "github" }, "original": { @@ -416,11 +416,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713537308, - "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=", + "lastModified": 1720031269, + "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f", + "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", "type": "github" }, "original": { @@ -430,33 +430,18 @@ "type": "github" } }, - "nixpkgs-22_11": { + "nixpkgs-24_05": { "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "type": "indirect" } }, @@ -494,11 +479,11 @@ }, "nixpkgsOld": { "locked": { - "lastModified": 1713725259, - "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=", + "lastModified": 1720535198, + "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7", + "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", "type": "github" }, "original": { @@ -510,11 +495,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1713714899, - "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", + "lastModified": 1722062969, + "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", + "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", "type": "github" }, "original": { @@ -590,27 +575,27 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1713725259, - "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=", + "lastModified": 1722087241, + "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7", + "rev": "8c50662509100d53229d4be607f1a3a31157fa12", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_7": { "locked": { - "lastModified": 1670751203, - "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -652,21 +637,20 @@ "blobs": "blobs", "flake-compat": "flake-compat_4", "nixpkgs": "nixpkgs_7", - "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-24_05": "nixpkgs-24_05", "utils": "utils" }, "locked": { - "lastModified": 1687462267, - "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", + "lastModified": 1718084203, + "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "24128c3052090311688b09a400aa408ba61c6ee5", + "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "repo": "nixos-mailserver", "type": "gitlab" } @@ -686,13 +670,31 @@ "type": "github" } }, - "utils": { + "systems_2": { "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index a39505c..423f76c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,12 @@ { inputs = { nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-23.11"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable"; #nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; arion.url = "github:hercules-ci/arion"; mms.url = "github:mkaito/nixos-modded-minecraft-servers"; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; conduit = { url = "gitlab:famedly/conduit"; }; diff --git a/justfile b/justfile index 5e18a7e..50bf727 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,6 @@ deploy: colmena apply -build: - colmena build - update: nix flake update --commit-lock-file just deploy diff --git a/modules/base-stuff.nix b/modules/base-stuff.nix index 877cb4d..f07075a 100644 --- a/modules/base-stuff.nix +++ b/modules/base-stuff.nix @@ -65,6 +65,7 @@ }; programs.mosh.enable = true; + users.defaultUserShell = pkgs.nushell; services.openssh = { enable = true; @@ -72,7 +73,7 @@ }; environment.systemPackages = with pkgs; [ - vim + helix wget neofetch btop @@ -93,4 +94,11 @@ device = "/dev/sda2"; } ]; + + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 14d"; + }; + virtualisation.docker.autoPrune.enable = true; } diff --git a/modules/containers/default.nix b/modules/containers/default.nix index 7c58c2d..b34141e 100644 --- a/modules/containers/default.nix +++ b/modules/containers/default.nix @@ -2,7 +2,7 @@ imports = [ ./katzencafe-wiki.nix ./phtanumb-wiki.nix - ./calckey.nix + # ./calckey.nix ./penpot.nix ./nextcloud.nix ]; diff --git a/modules/containers/katzencafe-wiki.nix b/modules/containers/katzencafe-wiki.nix index 8daac7a..5cd6b32 100644 --- a/modules/containers/katzencafe-wiki.nix +++ b/modules/containers/katzencafe-wiki.nix @@ -1,5 +1,4 @@ -{ pkgsOld, ... }: -{ +{pkgsOld, ...}: { containers."katzenwiki" = { autoStart = true; privateNetwork = true; @@ -17,11 +16,15 @@ # localAddress = "10.0.2.2"; # }; # }; - config = { config, pkgs, ... }: { - environment.systemPackages = with pkgs; [btop ]; + config = { + config, + pkgs, + ... + }: { + environment.systemPackages = with pkgs; [btop]; networking.firewall.enable = false; # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; - environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; + environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; services.mediawiki = { enable = true; name = "katzenwiki"; @@ -37,9 +40,9 @@ port = 80; ssl = false; } - ]; + ]; }; - passwordFile = "/var/lib/mediawiki/passwordFile"; + passwordFile = "/var/lib/mediawiki/passwordFile"; extraConfig = '' # $wgShowExceptionDetails = true; # $wgDebugToolbar = true; @@ -48,7 +51,7 @@ # Disable anonymous editing $wgGroupPermissions['*']['edit'] = false; - $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin']; + $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin']; $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['oidc_admin']['userrights'] = true; @@ -86,12 +89,12 @@ # NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work. # i should figure out why to make this work when setting up new instances... "katzenwikiPwFile" = { - keyCommand = [ "pass" "wikis/katzenwiki/password" ]; + keyCommand = ["pass" "wikis/katzenwiki/password"]; destDir = "/katzenwiki"; name = "passwordFile"; }; "katzenwikiKeycloakClientSecret" = { - keyCommand = [ "pass" "wikis/katzenwiki/keycloak-secret" ]; + keyCommand = ["pass" "wikis/katzenwiki/keycloak-secret"]; destDir = "/katzenwiki"; name = "keycloakClientSecret"; permissions = "0604"; diff --git a/modules/containers/nextcloud.nix b/modules/containers/nextcloud.nix index 5728858..3f1f311 100644 --- a/modules/containers/nextcloud.nix +++ b/modules/containers/nextcloud.nix @@ -35,13 +35,13 @@ trustedProxies = ["10.0.3.1"]; }; hostName = "wolke.katzen.cafe"; - package = pkgs.nextcloud27; + package = pkgs.nextcloud29; extraApps = with config.services.nextcloud.package.packages.apps; { inherit bookmarks calendar contacts; user_oidc = pkgs.fetchNextcloudApp rec { - url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz"; - sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w"; - license = "agpl3"; + url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v5.0.3/user_oidc-v5.0.3.tar.gz"; + sha256 = "sha256-oaN4nYIKzP7r9pB/6szZnkR+liSMARd3Nb8aM3m9WeE="; + license = "gpl3"; }; }; }; @@ -51,7 +51,8 @@ ensureUsers = [ { name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + # ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; }; diff --git a/modules/containers/phtanumb-wiki.nix b/modules/containers/phtanumb-wiki.nix index 0d69c08..682e8e5 100644 --- a/modules/containers/phtanumb-wiki.nix +++ b/modules/containers/phtanumb-wiki.nix @@ -1,11 +1,14 @@ -{ pkgsOld, ... }: { + pkgs, + pkgsOld, + ... +}: { containers."phtanumb-wiki" = { autoStart = true; privateNetwork = true; hostAddress = "10.0.1.1"; localAddress = "10.0.1.2"; - nixpkgs = pkgsOld.path; + nixpkgs = pkgs.path; bindMounts = { "/var/mediawiki" = { hostPath = "/phtanum-b/wiki"; @@ -18,11 +21,15 @@ # localAddress = "10.0.1.2"; # }; # }; - config = { config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ luajit ]; + config = { + config, + pkgs, + ... + }: { + environment.systemPackages = with pkgs; [luajit]; networking.firewall.enable = false; - # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; - environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; + # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; + environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; services.mediawiki = { enable = true; name = "phtanum-b"; @@ -38,7 +45,7 @@ } ]; }; - passwordFile = "/var/mediawiki/passwordFile"; + passwordFile = "/var/mediawiki/passwordFile"; extraConfig = '' # $wgShowExceptionDetails = true; # $wgDebugToolbar = true; @@ -58,7 +65,7 @@ $wgScribuntoUseGeSHi = true; $wgScribuntoUseCodeEditor = true; - $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin']; + $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin']; $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['oidc_admin']['userrights'] = true; @@ -93,13 +100,13 @@ }; # this is cursed. why do the extensions 404??? #JsonConfig = pkgs.fetchzip { - #url = "https://extdist.wmflabs.org/dist/extensions/JsonConfig-REL1_39-9840e0b.tar.gz"; - #sha256 = "sha256-m6JfUftyokJUauAg8SV8p1daUiOpFMvxNMa3el/RrJ0="; + #url = "https://extdist.wmflabs.org/dist/extensions/JsonConfig-REL1_39-9840e0b.tar.gz"; + #sha256 = "sha256-m6JfUftyokJUauAg8SV8p1daUiOpFMvxNMa3el/RrJ0="; #}; TemplateData = null; Scribunto = null; ParserFunctions = null; - #VisualEditor = null; + #VisualEditor = null; WikiEditor = null; CodeEditor = null; }; @@ -110,11 +117,11 @@ }; deployment.keys = { "passwordFile" = { - keyCommand = [ "pass" "wikis/phtanumb/password" ]; + keyCommand = ["pass" "wikis/phtanumb/password"]; destDir = "/phtanum-b/wiki"; }; "keycloakClientSecret" = { - keyCommand = [ "pass" "wikis/phtanumb/keycloak-secret" ]; + keyCommand = ["pass" "wikis/phtanumb/keycloak-secret"]; destDir = "/phtanum-b/wiki"; permissions = "0604"; }; diff --git a/modules/mailserver.nix b/modules/mailserver.nix index 0500e51..b2ff7b4 100644 --- a/modules/mailserver.nix +++ b/modules/mailserver.nix @@ -1,15 +1,16 @@ -{ inputs, ... }: -{ - imports = [ inputs.simple-nixos-mailserver.nixosModule ]; +{inputs, ...}: { + imports = [inputs.simple-nixos-mailserver.nixosModule]; + # hack to fix https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275 + services.dovecot2.sieve.extensions = ["fileinto"]; mailserver = { enable = true; fqdn = "mail.katzen.cafe"; sendingFqdn = "katzen.cafe"; - domains = [ "katzen.cafe" ]; + domains = ["katzen.cafe"]; loginAccounts = { "admin@katzen.cafe" = { hashedPasswordFile = "/var/lib/secrets/admin-mail-pw"; - aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ]; + aliases = ["postmaster@katzen.cafe" "abuse@katzen.cafe"]; }; "noreply@katzen.cafe" = { hashedPasswordFile = "/var/lib/secrets/noreply-mail-pw"; @@ -19,11 +20,11 @@ }; deployment.keys = { "admin-mail-pw" = { - keyCommand = [ "pass" "mailpws/hashes/admin" ]; + keyCommand = ["pass" "mailpws/hashes/admin"]; destDir = "/var/lib/secrets"; }; "noreply-mail-pw" = { - keyCommand = [ "pass" "mailpws/hashes/noreply" ]; + keyCommand = ["pass" "mailpws/hashes/noreply"]; destDir = "/var/lib/secrets"; }; }; diff --git a/modules/postgres.nix b/modules/postgres.nix index a21deea..8f91437 100644 --- a/modules/postgres.nix +++ b/modules/postgres.nix @@ -1,13 +1,13 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { services.postgresql = { enable = true; ensureUsers = [ { name = "forgejo"; - ensurePermissions = { - "DATABASE \"forgejo\"" = "ALL PRIVILEGES"; - }; + # ensurePermissions = { + # "DATABASE \"forgejo\"" = "ALL PRIVILEGES"; + # }; + ensureDBOwnership = true; } ]; ensureDatabases = [