diff --git a/flake.lock b/flake.lock index 235f731..ec69a93 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1720147808, - "narHash": "sha256-hlWEQGUbIwYb+vnd8egzlW/P++yKu3HjV/rOdOPVank=", + "lastModified": 1713728172, + "narHash": "sha256-rac5WwUyZGxVqcNh2PIOxXJFGPXBSFPfkox1AdqwVgk=", "owner": "hercules-ci", "repo": "arion", - "rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318", + "rev": "add0e67d2b83814667490985ea4ef1226d3b4511", "type": "github" }, "original": { @@ -71,11 +71,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1721379485, - "narHash": "sha256-Pcfv3IB4yGiSC4N5BqD6T9u+YYBiwjJ+VGzg0WGCjK8=", + "lastModified": 1713731448, + "narHash": "sha256-IDZfplo83qIi66Vpq1bqwwhm9FNs+6xW3d6EhMBGNCk=", "owner": "famedly", "repo": "conduit", - "rev": "44dd21f432a22c82adab77c25469c336976f4081", + "rev": "27753b1d9624fc7a295eaf6009b71ede5804de62", "type": "gitlab" }, "original": { @@ -201,11 +201,11 @@ "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -222,11 +222,11 @@ ] }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "type": "github" }, "original": { @@ -244,11 +244,11 @@ ] }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1709336216, + "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "type": "github" }, "original": { @@ -329,11 +329,11 @@ ] }, "locked": { - "lastModified": 1719226092, - "narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=", + "lastModified": 1710478346, + "narHash": "sha256-Xjf8BdnQG0tLhPMlqQdwCIjOp7Teox0DP3N/jjyiGM4=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5", + "rev": "64e7763d72c1e4c1e5e6472640615b6ae2d40fbf", "type": "github" }, "original": { @@ -416,11 +416,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720031269, - "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", + "lastModified": 1713537308, + "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", + "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f", "type": "github" }, "original": { @@ -430,18 +430,33 @@ "type": "github" } }, - "nixpkgs-24_05": { + "nixpkgs-22_11": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.05", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs-23_05": { + "locked": { + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", "type": "indirect" } }, @@ -479,11 +494,11 @@ }, "nixpkgsOld": { "locked": { - "lastModified": 1720535198, - "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", + "lastModified": 1713725259, + "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", + "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7", "type": "github" }, "original": { @@ -495,11 +510,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1722062969, - "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", + "lastModified": 1713714899, + "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", + "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", "type": "github" }, "original": { @@ -575,27 +590,27 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1722087241, - "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", + "lastModified": 1713725259, + "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c50662509100d53229d4be607f1a3a31157fa12", + "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_7": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1670751203, + "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", "type": "github" }, "original": { @@ -637,20 +652,21 @@ "blobs": "blobs", "flake-compat": "flake-compat_4", "nixpkgs": "nixpkgs_7", - "nixpkgs-24_05": "nixpkgs-24_05", + "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-23_05": "nixpkgs-23_05", "utils": "utils" }, "locked": { - "lastModified": 1718084203, - "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", + "lastModified": 1687462267, + "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", + "rev": "24128c3052090311688b09a400aa408ba61c6ee5", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-24.05", + "ref": "nixos-23.05", "repo": "nixos-mailserver", "type": "gitlab" } @@ -670,31 +686,13 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { - "inputs": { - "systems": "systems_2" - }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 423f76c..a39505c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,12 @@ { inputs = { nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-23.11"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable"; #nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; arion.url = "github:hercules-ci/arion"; mms.url = "github:mkaito/nixos-modded-minecraft-servers"; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; conduit = { url = "gitlab:famedly/conduit"; }; diff --git a/justfile b/justfile index 50bf727..5e18a7e 100644 --- a/justfile +++ b/justfile @@ -1,6 +1,9 @@ deploy: colmena apply +build: + colmena build + update: nix flake update --commit-lock-file just deploy diff --git a/modules/base-stuff.nix b/modules/base-stuff.nix index f07075a..877cb4d 100644 --- a/modules/base-stuff.nix +++ b/modules/base-stuff.nix @@ -65,7 +65,6 @@ }; programs.mosh.enable = true; - users.defaultUserShell = pkgs.nushell; services.openssh = { enable = true; @@ -73,7 +72,7 @@ }; environment.systemPackages = with pkgs; [ - helix + vim wget neofetch btop @@ -94,11 +93,4 @@ device = "/dev/sda2"; } ]; - - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 14d"; - }; - virtualisation.docker.autoPrune.enable = true; } diff --git a/modules/containers/default.nix b/modules/containers/default.nix index b34141e..7c58c2d 100644 --- a/modules/containers/default.nix +++ b/modules/containers/default.nix @@ -2,7 +2,7 @@ imports = [ ./katzencafe-wiki.nix ./phtanumb-wiki.nix - # ./calckey.nix + ./calckey.nix ./penpot.nix ./nextcloud.nix ]; diff --git a/modules/containers/katzencafe-wiki.nix b/modules/containers/katzencafe-wiki.nix index 5cd6b32..8daac7a 100644 --- a/modules/containers/katzencafe-wiki.nix +++ b/modules/containers/katzencafe-wiki.nix @@ -1,4 +1,5 @@ -{pkgsOld, ...}: { +{ pkgsOld, ... }: +{ containers."katzenwiki" = { autoStart = true; privateNetwork = true; @@ -16,15 +17,11 @@ # localAddress = "10.0.2.2"; # }; # }; - config = { - config, - pkgs, - ... - }: { - environment.systemPackages = with pkgs; [btop]; + config = { config, pkgs, ... }: { + environment.systemPackages = with pkgs; [btop ]; networking.firewall.enable = false; # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; - environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; + environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; services.mediawiki = { enable = true; name = "katzenwiki"; @@ -40,9 +37,9 @@ port = 80; ssl = false; } - ]; + ]; }; - passwordFile = "/var/lib/mediawiki/passwordFile"; + passwordFile = "/var/lib/mediawiki/passwordFile"; extraConfig = '' # $wgShowExceptionDetails = true; # $wgDebugToolbar = true; @@ -51,7 +48,7 @@ # Disable anonymous editing $wgGroupPermissions['*']['edit'] = false; - $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin']; + $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin']; $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['oidc_admin']['userrights'] = true; @@ -89,12 +86,12 @@ # NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work. # i should figure out why to make this work when setting up new instances... "katzenwikiPwFile" = { - keyCommand = ["pass" "wikis/katzenwiki/password"]; + keyCommand = [ "pass" "wikis/katzenwiki/password" ]; destDir = "/katzenwiki"; name = "passwordFile"; }; "katzenwikiKeycloakClientSecret" = { - keyCommand = ["pass" "wikis/katzenwiki/keycloak-secret"]; + keyCommand = [ "pass" "wikis/katzenwiki/keycloak-secret" ]; destDir = "/katzenwiki"; name = "keycloakClientSecret"; permissions = "0604"; diff --git a/modules/containers/nextcloud.nix b/modules/containers/nextcloud.nix index 3f1f311..5728858 100644 --- a/modules/containers/nextcloud.nix +++ b/modules/containers/nextcloud.nix @@ -35,13 +35,13 @@ trustedProxies = ["10.0.3.1"]; }; hostName = "wolke.katzen.cafe"; - package = pkgs.nextcloud29; + package = pkgs.nextcloud27; extraApps = with config.services.nextcloud.package.packages.apps; { inherit bookmarks calendar contacts; user_oidc = pkgs.fetchNextcloudApp rec { - url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v5.0.3/user_oidc-v5.0.3.tar.gz"; - sha256 = "sha256-oaN4nYIKzP7r9pB/6szZnkR+liSMARd3Nb8aM3m9WeE="; - license = "gpl3"; + url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz"; + sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w"; + license = "agpl3"; }; }; }; @@ -51,8 +51,7 @@ ensureUsers = [ { name = "nextcloud"; - # ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; - ensureDBOwnership = true; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } ]; }; diff --git a/modules/containers/phtanumb-wiki.nix b/modules/containers/phtanumb-wiki.nix index 682e8e5..0d69c08 100644 --- a/modules/containers/phtanumb-wiki.nix +++ b/modules/containers/phtanumb-wiki.nix @@ -1,14 +1,11 @@ +{ pkgsOld, ... }: { - pkgs, - pkgsOld, - ... -}: { containers."phtanumb-wiki" = { autoStart = true; privateNetwork = true; hostAddress = "10.0.1.1"; localAddress = "10.0.1.2"; - nixpkgs = pkgs.path; + nixpkgs = pkgsOld.path; bindMounts = { "/var/mediawiki" = { hostPath = "/phtanum-b/wiki"; @@ -21,15 +18,11 @@ # localAddress = "10.0.1.2"; # }; # }; - config = { - config, - pkgs, - ... - }: { - environment.systemPackages = with pkgs; [luajit]; + config = { config, pkgs, ... }: { + environment.systemPackages = with pkgs; [ luajit ]; networking.firewall.enable = false; - # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; - environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; + # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; + environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; services.mediawiki = { enable = true; name = "phtanum-b"; @@ -45,7 +38,7 @@ } ]; }; - passwordFile = "/var/mediawiki/passwordFile"; + passwordFile = "/var/mediawiki/passwordFile"; extraConfig = '' # $wgShowExceptionDetails = true; # $wgDebugToolbar = true; @@ -65,7 +58,7 @@ $wgScribuntoUseGeSHi = true; $wgScribuntoUseCodeEditor = true; - $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin']; + $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin']; $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['oidc_admin']['userrights'] = true; @@ -100,13 +93,13 @@ }; # this is cursed. why do the extensions 404??? #JsonConfig = pkgs.fetchzip { - #url = "https://extdist.wmflabs.org/dist/extensions/JsonConfig-REL1_39-9840e0b.tar.gz"; - #sha256 = "sha256-m6JfUftyokJUauAg8SV8p1daUiOpFMvxNMa3el/RrJ0="; + #url = "https://extdist.wmflabs.org/dist/extensions/JsonConfig-REL1_39-9840e0b.tar.gz"; + #sha256 = "sha256-m6JfUftyokJUauAg8SV8p1daUiOpFMvxNMa3el/RrJ0="; #}; TemplateData = null; Scribunto = null; ParserFunctions = null; - #VisualEditor = null; + #VisualEditor = null; WikiEditor = null; CodeEditor = null; }; @@ -117,11 +110,11 @@ }; deployment.keys = { "passwordFile" = { - keyCommand = ["pass" "wikis/phtanumb/password"]; + keyCommand = [ "pass" "wikis/phtanumb/password" ]; destDir = "/phtanum-b/wiki"; }; "keycloakClientSecret" = { - keyCommand = ["pass" "wikis/phtanumb/keycloak-secret"]; + keyCommand = [ "pass" "wikis/phtanumb/keycloak-secret" ]; destDir = "/phtanum-b/wiki"; permissions = "0604"; }; diff --git a/modules/mailserver.nix b/modules/mailserver.nix index b2ff7b4..0500e51 100644 --- a/modules/mailserver.nix +++ b/modules/mailserver.nix @@ -1,16 +1,15 @@ -{inputs, ...}: { - imports = [inputs.simple-nixos-mailserver.nixosModule]; - # hack to fix https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275 - services.dovecot2.sieve.extensions = ["fileinto"]; +{ inputs, ... }: +{ + imports = [ inputs.simple-nixos-mailserver.nixosModule ]; mailserver = { enable = true; fqdn = "mail.katzen.cafe"; sendingFqdn = "katzen.cafe"; - domains = ["katzen.cafe"]; + domains = [ "katzen.cafe" ]; loginAccounts = { "admin@katzen.cafe" = { hashedPasswordFile = "/var/lib/secrets/admin-mail-pw"; - aliases = ["postmaster@katzen.cafe" "abuse@katzen.cafe"]; + aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ]; }; "noreply@katzen.cafe" = { hashedPasswordFile = "/var/lib/secrets/noreply-mail-pw"; @@ -20,11 +19,11 @@ }; deployment.keys = { "admin-mail-pw" = { - keyCommand = ["pass" "mailpws/hashes/admin"]; + keyCommand = [ "pass" "mailpws/hashes/admin" ]; destDir = "/var/lib/secrets"; }; "noreply-mail-pw" = { - keyCommand = ["pass" "mailpws/hashes/noreply"]; + keyCommand = [ "pass" "mailpws/hashes/noreply" ]; destDir = "/var/lib/secrets"; }; }; diff --git a/modules/postgres.nix b/modules/postgres.nix index 8f91437..a21deea 100644 --- a/modules/postgres.nix +++ b/modules/postgres.nix @@ -1,13 +1,13 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ services.postgresql = { enable = true; ensureUsers = [ { name = "forgejo"; - # ensurePermissions = { - # "DATABASE \"forgejo\"" = "ALL PRIVILEGES"; - # }; - ensureDBOwnership = true; + ensurePermissions = { + "DATABASE \"forgejo\"" = "ALL PRIVILEGES"; + }; } ]; ensureDatabases = [