c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Deadnix, statix, other cleanups

This commit is contained in:
Sandro - 2022-12-04 08:53:28 +01:00
parent 32dd3e9d8a
commit 6b8d8541c6
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
59 changed files with 139 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
flake.nix
View File

@ -207,7 +207,7 @@
inherit (inputs) tracer bevy-mandelbrot bevy-julia; inherit (inputs) tracer bevy-mandelbrot bevy-julia;
}; };
legacyPackages = lib.attrsets.mapAttrs (system: pkgs: legacyPackages = lib.attrsets.mapAttrs (_: pkgs:
pkgs.appendOverlays [ pkgs.appendOverlays [
fenix.overlays.default fenix.overlays.default
naersk.overlay naersk.overlay
@ -224,7 +224,7 @@
inherit specialArgs system; inherit specialArgs system;
modules = [ modules = [
({ pkgs, ... }: { ({ ... }: {
_module.args = extraArgs // { _module.args = extraArgs // {
inherit hostRegistry inputs zentralwerk; inherit hostRegistry inputs zentralwerk;
}; };
@ -327,7 +327,7 @@
radiobert = nixosSystem' { radiobert = nixosSystem' {
modules = [ modules = [
({ modulesPath, ... }: ({ ... }:
{ {
nixpkgs.overlays = [ heliwatch.overlay ]; nixpkgs.overlays = [ heliwatch.overlay ];
}) })
@ -763,7 +763,7 @@
else nixosSystem.config.system.build.toplevel else nixosSystem.config.system.build.toplevel
) self.nixosConfigurations ) self.nixosConfigurations
// nixos.lib.filterAttrs (name: attr: // nixos.lib.filterAttrs (name: attr:
(builtins.match ".+-tftproot" name != null && lib.isDerivation attr) (lib.match ".+-tftproot" name != null && lib.isDerivation attr)
) self.packages.aarch64-linux ) self.packages.aarch64-linux
); );
}; };

4
hosts/auth/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }: { config, ... }:
{ {
c3d2 = { c3d2 = {
@ -58,7 +58,7 @@
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets."portunus/seed" = { secrets."portunus/seed" = {
group = config.services.portunus.group; inherit (config.services.portunus) group;
owner = config.services.portunus.user; owner = config.services.portunus.user;
}; };
}; };

2
hosts/blogs/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, zentralwerk, config, ... }: { config, ... }:
{ {
microvm.mem = 2048; microvm.mem = 2048;
c3d2.deployment = { c3d2.deployment = {

2
hosts/broker/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, zentralwerk, ... }: { config, pkgs, ... }:
let let
mymqttui = pkgs.writeScriptBin "mqttui" '' mymqttui = pkgs.writeScriptBin "mqttui" ''

12
hosts/c3d2-web/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, nixpkgs, config, lib, pkgs, ... }: { config, pkgs, ... }:
let let
webroot = "/var/www"; webroot = "/var/www";
geminiRoot = "/var/gemini"; geminiRoot = "/var/gemini";
@ -150,11 +150,11 @@ in
home = "/var/lib/c3d2-web"; home = "/var/lib/c3d2-web";
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = with config.users.users.c3d2-web; [
"d ${webroot}/c3d2 0755 c3d2-web ${config.users.users.c3d2-web.group} -" "d ${webroot}/c3d2 0755 c3d2-web ${group} -"
"d ${webroot}/log 0755 c3d2-web ${config.users.users.c3d2-web.group} -" "d ${webroot}/log 0755 c3d2-web ${group} -"
"d ${geminiRoot} 0755 c3d2-web ${config.users.users.c3d2-web.group} -" "d ${geminiRoot} 0755 c3d2-web ${group} -"
"d ${config.users.users.c3d2-web.home} 0700 c3d2-web ${config.users.users.c3d2-web.group} -" "d ${home} 0700 c3d2-web ${group} -"
]; ];
# Build script # Build script

2
hosts/dacbert/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, config, lib, pkgs, modulesPath, ... }: { hostRegistry, config, lib, pkgs, ... }:
{ {
c3d2 = { c3d2 = {

11
hosts/direkthilfe/default.nix
View File

@ -1,7 +1,6 @@
{ pkgs, ... }: { config, pkgs, ... }:
let
domain = "direkthilfe.c3d2.de"; {
in {
networking.hostName = "direkthilfe"; networking.hostName = "direkthilfe";
microvm.mem = 1024; microvm.mem = 1024;
c3d2.deployment = { c3d2.deployment = {
@ -27,7 +26,7 @@ in {
services.engelsystem = { services.engelsystem = {
enable = true; enable = true;
domain = domain; domain = "direkthilfe.c3d2.de";
createDatabase = true; createDatabase = true;
package = pkgs.engelsystem.override { php = pkgs.php74; }; package = pkgs.engelsystem.override { php = pkgs.php74; };
config = { config = {
@ -64,7 +63,7 @@ in {
services.phpfpm.phpPackage = pkgs.php74; services.phpfpm.phpPackage = pkgs.php74;
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."${domain}" = { virtualHosts."${config.services.engelsystem.domain}" = {
default = true; default = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

2
hosts/dn42/default.nix
View File

@ -140,7 +140,7 @@ in {
} }
'' else '' else
""; "";
interface = if conf ? interface then conf.interface else name; interface = conf.interface or name;
in "${neighbor4}${neighbor6}") neighbors)); in "${neighbor4}${neighbor6}") neighbors));
in '' in ''
protocol kernel { protocol kernel {

2
hosts/factorio/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }: { config, lib, ... }:
{ {
c3d2 = { c3d2 = {

2
hosts/ftp/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, zentralwerk, ... }: { config, pkgs, ... }:
{ {
c3d2 = { c3d2 = {

2
hosts/gitea/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, zentralwerk, ... }: { config, pkgs, lib, ... }:
{ {
c3d2 = { c3d2 = {

2
hosts/glotzbert/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];

2
hosts/glotzbert/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, modulesPath, ... }:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

2
hosts/grafana/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, lib, modulesPath, ... }: { config, pkgs, ... }:
let let
restartServices = [ "grafana" "influxdb" ]; restartServices = [ "grafana" "influxdb" ];

2
hosts/hedgedoc/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }: { config, pkgs, ... }:
{ {
c3d2 = { c3d2 = {

4
hosts/hydra/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, lib, ... }: { config, pkgs, ... }:
{ {
imports = [ imports = [
@ -52,5 +52,5 @@
c3d2.hq.statistics.enable = true; c3d2.hq.statistics.enable = true;
services.smartd.enable = true; services.smartd.enable = true;
system.stateVersion = "20.09"; # Did you read the comment? system.stateVersion = "20.09";
} }

2
hosts/hydra/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

2
hosts/hydra/hydra.nix
View File

@ -1,4 +1,4 @@
{ self, hostRegistry, hydra-ca, config, lib, pkgs, ... }: { config, lib, ... }:
let let
cachePort = 5000; cachePort = 5000;

2
hosts/leon/default.nix
View File

@ -26,7 +26,7 @@
# `...-' `...-' # `...-' `...-'
#-------------------------------------------------------------------------------- #--------------------------------------------------------------------------------
{ config, lib, pkgs, ... }: { lib, pkgs, ... }:
{ {
deployment = { deployment = {
persistedShares = [ "/etc" "/home" "/var" ]; persistedShares = [ "/etc" "/home" "/var" ];

2
hosts/leoncloud/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
deployment = { deployment = {

2
hosts/matemat/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }: { pkgs, ... }:
{ {
c3d2 = { c3d2 = {

2
hosts/mediawiki/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
networking.hostName = "mediawiki"; networking.hostName = "mediawiki";

2
hosts/mobilizon/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, ... }: { config, pkgs, ... }:
{ {
microvm.mem = 1024; microvm.mem = 1024;
c3d2.isInHq = false; c3d2.isInHq = false;

2
hosts/mucbot/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, tigger, ... }: { pkgs, tigger, ... }:
{ {
deployment = { deployment = {

4
hosts/network-homepage/default.nix
View File

@ -1,6 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }: { zentralwerk, pkgs, ... }:
with lib;
{ {
system.stateVersion = "22.05"; system.stateVersion = "22.05";

4
hosts/nfsroot/default.nix
View File

@ -1,7 +1,5 @@
{ zentralwerk, config, lib, pkgs, ... }: { lib, ... }:
let let
netConfig = zentralwerk.lib.config.site.net.serv;
nfsExports = [ nfsExports = [
"var/lib/nfsroot/dacbert" "var/lib/nfsroot/dacbert"
"var/lib/nfsroot/riscbert" "var/lib/nfsroot/riscbert"

2
hosts/nncp/default.nix
View File

@ -37,7 +37,7 @@
xx = "tx"; # transmit only xx = "tx"; # transmit only
when-tx-exists = true; when-tx-exists = true;
}; };
in lib.mapAttrs (name: value: in lib.mapAttrs (_: value:
value // { value // {
via = lib.lists.remove "c3d2" value.via; via = lib.lists.remove "c3d2" value.via;
} // (lib.attrsets.optionalAttrs (value.addrs or { } != { }) { } // (lib.attrsets.optionalAttrs (value.addrs or { } != { }) {

8
hosts/nncp/neighbours.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: { config, pkgs, ... }:
let {
exec = { programs.nncp.settings.neigh.emery.exec = {
# A command to asynchronously export store paths to a remote caller. # A command to asynchronously export store paths to a remote caller.
nix-store-export = with pkgs; nix-store-export = with pkgs;
[ [
@ -16,4 +16,4 @@ let
# A command to import store paths from a remote caller. # A command to import store paths from a remote caller.
nix-store-import = [ "${config.nix.package}/bin/nix-store" "--import" ]; nix-store-import = [ "${config.nix.package}/bin/nix-store" "--import" ];
}; };
in { programs.nncp.settings.neigh = { emery = { inherit exec; }; }; } }

8
hosts/oparl/default.nix
View File

@ -1,9 +1,7 @@
{ zentralwerk, oparl-scraper, config, pkgs, ... }: { oparl-scraper, config, pkgs, ... }:
let let
ratsinfo-scraper = import oparl-scraper { inherit pkgs; }; ratsinfo-scraper = import oparl-scraper { inherit pkgs; };
netConfig = zentralwerk.lib.config.site.net.serv;
in in
{ {
c3d2.deployment = { c3d2.deployment = {
@ -41,7 +39,7 @@ in
path = with pkgs; [ path = with pkgs; [
git openssh poppler_utils ratsinfo-scraper git openssh poppler_utils ratsinfo-scraper
]; ];
script = '' script = /* bash */ ''
if [ -d data ]; then if [ -d data ]; then
pushd data pushd data
git pull git pull

4
hosts/prometheus/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, lib, ... }: { zentralwerk, config, lib, ... }:
{ {
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
@ -64,7 +64,7 @@
static_configs = static_configs =
let let
zwNets = zentralwerk.lib.config.site.net; zwNets = zentralwerk.lib.config.site.net;
fromNet = net: filter: fromNet = net: _:
map (host: map (host:
"${host}.${net}.zentralwerk.org:9100" "${host}.${net}.zentralwerk.org:9100"
) (builtins.attrNames zwNets.${net}.hosts4); ) (builtins.attrNames zwNets.${net}.hosts4);

63
hosts/public-access-proxy/proxy.nix
View File

@ -1,50 +1,48 @@
{ config, lib, pkgs, ... }: { config, lib, ... }:
with lib; let
let cfg = config.services.proxy; cfg = config.services.proxy;
canonicalize = builtins.replaceStrings [ "*" "." ":" "[" "]" ] [ "all" "_" "_" "" "" ];
canonicalize = builtins.replaceStrings ["*" "." ":" "[" "]"] ["all" "_" "_" "" ""]; in
{
in {
options.services.proxy = { options.services.proxy = {
enable = lib.mkOption {
enable = mkOption {
default = false; default = false;
description = "whether to enable proxy"; description = "whether to enable proxy";
type = types.bool; type = lib.types.bool;
}; };
proxyHosts = mkOption { proxyHosts = lib.mkOption {
type = types.listOf (types.submodule { type = lib.types.listOf (lib.types.submodule {
options = { options = {
hostNames = mkOption { hostNames = lib.mkOption {
type = types.listOf types.str; type = with lib.types; listOf str;
default = [ ]; default = [ ];
description = '' description = ''
Proxy these hostNames. Proxy these hostNames.
''; '';
}; };
proxyTo = mkOption { proxyTo = lib.mkOption {
type = types.submodule { type = lib.types.submodule {
options = { options = {
host = mkOption { host = lib.mkOption {
type = types.nullOr types.string; type = with lib.types; nullOr string;
default = null; default = null;
description = '' description = ''
Host to forward traffic to. Host to forward traffic to.
Any hostname may only be used once Any hostname may only be used once
''; '';
}; };
httpPort = mkOption { httpPort = lib.mkOption {
type = types.int; type = lib.types.int;
default = 80; default = 80;
description = '' description = ''
Port to forward http to. Port to forward http to.
''; '';
}; };
httpsPort = mkOption { httpsPort = lib.mkOption {
type = types.int; type = lib.types.int;
default = 443; default = 443;
description = '' description = ''
Port to forward http to. Port to forward http to.
@ -57,8 +55,8 @@ in {
''; '';
default = { }; default = { };
}; };
matchArg = mkOption { matchArg = lib.mkOption {
type = types.str; type = lib.types.str;
default = ""; default = "";
description = "Optional argument to HAProxy `req.ssl_sni -i`"; description = "Optional argument to HAProxy `req.ssl_sni -i`";
}; };
@ -76,11 +74,9 @@ in {
}; };
}]; }];
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.haproxy = { services.haproxy = {
enable = true; enable = true;
config = '' config = ''
@ -101,10 +97,9 @@ in {
option forwardfor option forwardfor
http-request set-header X-Forwarded-Proto http http-request set-header X-Forwarded-Proto http
http-request set-header X-Forwarded-Port 80 http-request set-header X-Forwarded-Port 80
${ ${lib.concatMapStrings ({ proxyTo, hostNames, matchArg }:
concatMapStrings ({ proxyTo, hostNames, matchArg }: lib.optionalString (hostNames != [ ] && proxyTo.host != null) (
optionalString (hostNames != [ ] && proxyTo.host != null) ( lib.concatMapStrings (hostname: ''
concatMapStrings (hostname: ''
use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} } use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} }
server ${canonicalize hostname}-http ${proxyTo.host}:${ server ${canonicalize hostname}-http ${proxyTo.host}:${
toString proxyTo.httpPort toString proxyTo.httpPort
@ -118,13 +113,13 @@ in {
bind :::443 v4v6 bind :::443 v4v6
tcp-request inspect-delay 5s tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 } tcp-request content accept if { req.ssl_hello_type 1 }
${concatMapStrings ({ proxyTo, hostNames, matchArg }: ${lib.concatMapStrings ({ proxyTo, hostNames, matchArg }:
concatMapStrings (hostname: '' lib.concatMapStrings (hostname: ''
use_backend ${canonicalize proxyTo.host}-https if { req.ssl_sni -i ${matchArg} ${hostname} } use_backend ${canonicalize proxyTo.host}-https if { req.ssl_sni -i ${matchArg} ${hostname} }
'') hostNames '') hostNames
) cfg.proxyHosts} ) cfg.proxyHosts}
${concatMapStrings ({ proxyTo, hostNames, matchArg }: '' ${lib.concatMapStrings ({ proxyTo, ... }: ''
backend ${canonicalize proxyTo.host}-https backend ${canonicalize proxyTo.host}-https
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${ server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${
toString proxyTo.httpsPort toString proxyTo.httpsPort

2
hosts/public-access-proxy/stats.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: { pkgs, ... }:
{ {
c3d2.hq.statistics.enable = true; c3d2.hq.statistics.enable = true;

2
hosts/pulsebert/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
#imports = #imports =

2
hosts/rpi-netboot/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, nixpkgs, config, lib, pkgs, modulesPath, ... }: { hostRegistry, lib, pkgs, ... }:
{ {
c3d2 = { c3d2 = {

2
hosts/scrape/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, pkgs, config, scrapers, ... }: { pkgs, config, scrapers, ... }:
let let
freifunkNodes = { freifunkNodes = {

2
hosts/sdrweb/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, ... }: { config, pkgs, ... }:
{ {
deployment = { deployment = {
# needs to keep just its ssh key for sops-nix # needs to keep just its ssh key for sops-nix

2
hosts/server10/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, ... }:
{ {
imports = [ imports = [

2
hosts/server10/hardware-configuration.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

2
hosts/server8/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { ... }:
{ {
imports = [ imports = [

2
hosts/server8/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

2
hosts/server9/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: _:
{ {
imports = [ imports = [

2
hosts/server9/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

3
hosts/spaceapi/default.nix
View File

@ -1,4 +1,5 @@
{ zentralwerk, ... }: _:
{ {
c3d2.deployment = { c3d2.deployment = {
server = "server10"; server = "server10";

4
hosts/ticker/default.nix
View File

@ -1,6 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }: { zentralwerk, config, ... }:
with lib;
{ {
system.stateVersion = "22.05"; system.stateVersion = "22.05";

11
hosts/zengel/default.nix
View File

@ -1,7 +1,6 @@
{ pkgs, ... }: { config, pkgs, ... }:
let
domain = "zengel.datenspuren.de"; {
in {
networking.hostName = "zengel"; networking.hostName = "zengel";
microvm.mem = 1024; microvm.mem = 1024;
c3d2.deployment = { c3d2.deployment = {
@ -13,7 +12,7 @@ in {
services.engelsystem = { services.engelsystem = {
enable = true; enable = true;
domain = domain; domain = "zengel.datenspuren.de";
createDatabase = true; createDatabase = true;
package = pkgs.engelsystem.override { php = pkgs.php74; }; package = pkgs.engelsystem.override { php = pkgs.php74; };
config = { config = {
@ -50,7 +49,7 @@ in {
services.phpfpm.phpPackage = pkgs.php74; services.phpfpm.phpPackage = pkgs.php74;
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."${domain}" = { virtualHosts."${config.services.engelsystem.domain}" = {
default = true; default = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

2
modules/audio-server.nix
View File

@ -35,7 +35,7 @@
bluetoothSupport = true; bluetoothSupport = true;
advancedBluetoothCodecs = true; advancedBluetoothCodecs = true;
zeroconfSupport = true; zeroconfSupport = true;
}).overrideAttrs (oldAttrs: { }).overrideAttrs (_: {
# one test times out # one test times out
doCheck = false; doCheck = false;
}); });

2
modules/backup.nix
View File

@ -2,7 +2,7 @@
{ {
config.services.postgresqlBackup = { config.services.postgresqlBackup = {
enable = config.services.postgresql.enable; inherit (config.services.postgresql) enable;
backupAll = true; backupAll = true;
compression = "zstd"; compression = "zstd";
# compressionLevel = 9; # TODO: only available with 21.11 # compressionLevel = 9; # TODO: only available with 21.11

8
modules/c3d2.nix
View File

@ -169,21 +169,21 @@ in
config = config =
let let
adminKeys = (with builtins; lib.lists.flatten ( adminKeys = with builtins; lib.lists.flatten (
map map
(getAttr "sshKeys") (getAttr "sshKeys")
(attrValues cfg.users) (attrValues cfg.users)
)); );
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x); mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
in in
{ {
networking.hosts = lib.mkIf cfg.mergeHostsFile networking.hosts = lib.mkIf cfg.mergeHostsFile
(( ((
lib.attrsets.mapAttrs' (n: v: { name = v.ip4; value = [ "${n}.c3d2" ]; }) lib.attrsets.mapAttrs' (n: v: { name = v.ip4; value = [ "${n}.c3d2" ]; })
(lib.attrsets.filterAttrs (n: v: v.ip4 != null) cfg.hosts) (lib.attrsets.filterAttrs (_: v: v.ip4 != null) cfg.hosts)
) // ( ) // (
lib.attrsets.mapAttrs' (n: v: { name = v.ip6; value = [ "${n}.c3d2" ]; }) lib.attrsets.mapAttrs' (n: v: { name = v.ip6; value = [ "${n}.c3d2" ]; })
(lib.attrsets.filterAttrs (n: v: v.ip6 != null) cfg.hosts) (lib.attrsets.filterAttrs (_: v: v.ip6 != null) cfg.hosts)
)); ));
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp; programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;

6
modules/cluster/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, lib, pkgs, ... }: { zentralwerk, hostRegistry, config, lib, ... }:
let let
inherit (config.networking) hostName; inherit (config.networking) hostName;
@ -15,8 +15,6 @@ let
then net then net
else result else result
) null [ "cluster" "serv" ]; ) null [ "cluster" "serv" ];
ipv4Addr = zentralwerk.lib.config.site.net.${serverNet hostName}.hosts4.${hostName};
in { in {
# Open firewall between cluster members # Open firewall between cluster members
networking.firewall.extraCommands = lib.concatMapStrings (server: networking.firewall.extraCommands = lib.concatMapStrings (server:
@ -41,7 +39,7 @@ in {
); );
nomad = { nomad = {
datacenter = "c3d2"; datacenter = "c3d2";
servers = servers; inherit servers;
# run tasks only on these: # run tasks only on these:
client.enable = builtins.elem hostName microvmServers; client.enable = builtins.elem hostName microvmServers;
client.meta = client.meta =

4
modules/cluster/deployment-options.nix
View File

@ -13,9 +13,9 @@
networks = mkOption { networks = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = builtins.attrNames ( default = builtins.attrNames (
lib.filterAttrs (net: { hosts4, hosts6, ... }: lib.filterAttrs (_: { hosts4, hosts6, ... }:
hosts4 ? ${config.networking.hostName} || hosts4 ? ${config.networking.hostName} ||
lib.filterAttrs (ctx: hosts6: lib.filterAttrs (_: hosts6:
hosts6 ? ${config.networking.hostName} hosts6 ? ${config.networking.hostName}
) hosts6 != {} ) hosts6 != {}
) zentralwerk.lib.config.site.net ) zentralwerk.lib.config.site.net

3
modules/cluster/deployment.nix
View File

@ -31,8 +31,7 @@ in
{ {
microvm = { microvm = {
hypervisor = "cloud-hypervisor"; hypervisor = "cloud-hypervisor";
vcpu = config.deployment.vcpu; inherit (config.deployment) mem vcpu;
mem = config.deployment.mem;
preStart = '' preStart = ''
# Discard old writable store overlay # Discard old writable store overlay

26
modules/logging.nix
View File

@ -1,28 +1,6 @@
{ hostRegistry, config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let {
nginxGlobalLogging = ''
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"remote_addr": "$remote_addr", '
'"body_bytes_sent": $body_bytes_sent, '
'"request_time": $request_time, '
'"response_status": $status, '
'"request": "$request", '
'"request_method": "$request_method", '
'"host": "$host",'
'"upstream_cache_status": "$upstream_cache_status",'
'"upstream_addr": "$upstream_addr",'
'"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent" }';
# replace the hostnames with the IP or hostname of your Graylog2 server
access_log syslog:server=graylog.server.org:12301 graylog2_json;
error_log syslog:server=graylog.server.org:12302;
'';
in {
# add central logging # add central logging
services.journalbeat = { services.journalbeat = {
enable = false; enable = false;

4
modules/microvm.nix
View File

@ -19,9 +19,9 @@ let
"${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}"; "${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}";
nets = builtins.attrNames ( nets = builtins.attrNames (
lib.filterAttrs (net: { hosts4, hosts6, ... }: lib.filterAttrs (_: { hosts4, hosts6, ... }:
hosts4 ? ${hostName} || hosts4 ? ${hostName} ||
lib.filterAttrs (ctx: hosts6: lib.filterAttrs (_: hosts6:
hosts6 ? ${hostName} hosts6 ? ${hostName}
) hosts6 != {} ) hosts6 != {}
) zentralwerk.lib.config.site.net ) zentralwerk.lib.config.site.net

38
modules/nncp.nix
View File

@ -1,13 +1,10 @@
{ config, lib, pkgs, ... }: { config, lib, ... }:
with lib;
let let
nncpCfgFile = "/run/nncp.hjson"; nncpCfgFile = "/run/nncp.hjson";
programCfg = lib.optionalAttrs (config.programs ? nncp) config.programs.nncp; programCfg = lib.optionalAttrs (config.programs ? nncp) config.programs.nncp;
callerCfg = config.services.nncp.caller; callerCfg = config.services.nncp.caller;
daemonCfg = config.services.nncp.daemon; daemonCfg = config.services.nncp.daemon;
settingsFormat = pkgs.formats.json { };
jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
pkg = programCfg.package; pkg = programCfg.package;
in in
{ {
@ -15,13 +12,13 @@ in
services.nncp = { services.nncp = {
caller = { caller = {
enable = mkEnableOption '' enable = lib.mkEnableOption ''
croned NNCP TCP daemon caller. croned NNCP TCP daemon caller.
The daemon will take configuration from The daemon will take configuration from
<xref linkend="opt-programs.nncp.settings"/> <xref linkend="opt-programs.nncp.settings"/>
''; '';
extraArgs = mkOption { extraArgs = lib.mkOption {
type = with types; listOf str; type = with lib.types; listOf str;
description = "Extra command-line arguments to pass to caller."; description = "Extra command-line arguments to pass to caller.";
default = [ ]; default = [ ];
example = [ "-autotoss" ]; example = [ "-autotoss" ];
@ -29,18 +26,18 @@ in
}; };
daemon = { daemon = {
enable = mkEnableOption '' enable = lib.mkEnableOption ''
NNCP TCP synronization daemon. NNCP TCP synronization daemon.
The daemon will take configuration from The daemon will take configuration from
<xref linkend="opt-programs.nncp.settings"/> <xref linkend="opt-programs.nncp.settings"/>
''; '';
socketActivation = { socketActivation = {
enable = mkEnableOption '' enable = lib.mkEnableOption ''
Whether to run nncp-daemon persistently or socket-activated. Whether to run nncp-daemon persistently or socket-activated.
''; '';
listenStreams = mkOption { listenStreams = lib.mkOption {
type = with types; listOf str; type = with lib.types; listOf str;
description = '' description = ''
TCP sockets to bind to. TCP sockets to bind to.
See <xref linkend="opt-systemd.sockets._name_.listenStreams"/>. See <xref linkend="opt-systemd.sockets._name_.listenStreams"/>.
@ -49,8 +46,8 @@ in
}; };
}; };
extraArgs = mkOption { extraArgs = lib.mkOption {
type = with types; listOf str; type = with lib.types; listOf str;
description = "Extra command-line arguments to pass to daemon."; description = "Extra command-line arguments to pass to daemon.";
default = [ ]; default = [ ];
example = [ "-autotoss" ]; example = [ "-autotoss" ];
@ -60,15 +57,14 @@ in
}; };
}; };
config = mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) { config = lib.mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) {
assertions = [{ assertions = [{
assertion = with builtins; assertion =
let let
callerCongfigured = callerCongfigured =
let neigh = config.programs.nncp.settings.neigh or { }; let neigh = config.programs.nncp.settings.neigh or { };
in lib.lists.any (x: hasAttr "calls" x && x.calls != [ ]) in lib.lists.any (x: lib.hasAttr "calls" x && x.calls != [ ])
(attrValues neigh); (lib.attrValues neigh);
in !callerCfg.enable || callerCongfigured; in !callerCfg.enable || callerCongfigured;
message = "NNCP caller enabled but call configuration is missing"; message = "NNCP caller enabled but call configuration is missing";
}]; }];
@ -89,7 +85,7 @@ in
}; };
}; };
systemd.services."nncp-daemon" = mkIf daemonCfg.enable { systemd.services."nncp-daemon" = lib.mkIf daemonCfg.enable {
enable = !daemonCfg.socketActivation.enable; enable = !daemonCfg.socketActivation.enable;
description = "NNCP TCP syncronization daemon."; description = "NNCP TCP syncronization daemon.";
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ]; documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
@ -106,7 +102,7 @@ in
}; };
}; };
systemd.services."nncp-daemon@" = mkIf daemonCfg.socketActivation.enable { systemd.services."nncp-daemon@" = lib.mkIf daemonCfg.socketActivation.enable {
description = "NNCP TCP syncronization daemon."; description = "NNCP TCP syncronization daemon.";
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ]; documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
after = [ "network.target" ]; after = [ "network.target" ];
@ -123,7 +119,7 @@ in
}; };
}; };
systemd.sockets.nncp-daemon = mkIf daemonCfg.socketActivation.enable { systemd.sockets.nncp-daemon = lib.mkIf daemonCfg.socketActivation.enable {
inherit (daemonCfg.socketActivation) listenStreams; inherit (daemonCfg.socketActivation) listenStreams;
description = "socket for NNCP TCP syncronization."; description = "socket for NNCP TCP syncronization.";
conflicts = [ "nncp-daemon.service" ]; conflicts = [ "nncp-daemon.service" ];

9
modules/plume.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
inherit (pkgs) plume;
cfg = config.services.plume; cfg = config.services.plume;
in in
{ {
@ -33,7 +32,7 @@ in
ids.uids.plume = 499; ids.uids.plume = 499;
users.users.${cfg.user} = { users.users.${cfg.user} = {
uid = config.ids.uids.plume; uid = config.ids.uids.plume;
group = cfg.group; inherit (cfg) group;
home = "/var/lib/plume"; home = "/var/lib/plume";
}; };
users.groups.${cfg.group} = {}; users.groups.${cfg.group} = {};
@ -52,11 +51,11 @@ in
after = [ "postgresql.service" ]; after = [ "postgresql.service" ];
requires = [ "postgresql.service" ]; requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ plume ]; path = [ pkgs.plume ];
script = '' script = ''
ln -sf ${cfg.envFile} .env ln -sf ${cfg.envFile} .env
mkdir -p static/media mkdir -p static/media
for f in ${plume}/share/plume/static/*; do for f in ${pkgs.plume}/share/plume/static/*; do
n=$(basename "$f") n=$(basename "$f")
if [ "$n" != media ]; then if [ "$n" != media ]; then
rm -f "static/$n" rm -f "static/$n"
@ -79,7 +78,7 @@ in
#! ${pkgs.runtimeShell} -e #! ${pkgs.runtimeShell} -e
plm() { plm() {
sudo -u ${config.services.plume.user} -- ${plume}/bin/plm $@ sudo -u ${config.services.plume.user} -- ${pkgs.plume}/bin/plm $@
} }
plm migration run plm migration run

2
modules/rpi-netboot.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
boot = { boot = {
loader.generic-extlinux-compatible.enable = false; loader.generic-extlinux-compatible.enable = false;

2
overlays/bmxd.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchgit, fetchpatch, }: { stdenv, fetchgit }:
stdenv.mkDerivation { stdenv.mkDerivation {
pname = "bmxd"; pname = "bmxd";

3
overlays/plume/default.nix
View File

@ -1,6 +1,5 @@
{ naersk { naersk
, fenix , fenix
, curl
, nodejs , nodejs
, rustPlatform , rustPlatform
, stdenv , stdenv
@ -137,7 +136,7 @@ let
"--package=plume-front" "--package=plume-front"
]; ];
copyLibs = true; copyLibs = true;
overrideMain = oa: { overrideMain = _: {
buildPhase = '' buildPhase = ''
wasm-pack build --mode no-install --target web --release plume-front wasm-pack build --mode no-install --target web --release plume-front
''; '';

12
packages.nix
View File

@ -5,12 +5,7 @@ let
let let
hostConf = hostRegistry.hosts."${name}"; hostConf = hostRegistry.hosts."${name}";
in in
if hostConf ? ip4 hostConf.ip4 or (hostConf.ip6 or (throw "Host ${name} has no ip4 or ip6 address"));
then hostConf.ip4
else if hostConf ? ip6
then hostConf.ip6
else throw "Host ${name} has no ip4 or ip6 address";
# all the input flakes for `nix copy` to the build machine, # all the input flakes for `nix copy` to the build machine,
# allowing --override-input # allowing --override-input
@ -309,10 +304,7 @@ lib.attrsets.mapAttrs
]; ];
}).config.microvm.declaredRunner; }).config.microvm.declaredRunner;
"${host}-tftproot" = "${host}-tftproot" = config.system.build.tftproot or (lib.trace "No tftproot for ${host}" null);
if config.system.build ? tftproot
then config.system.build.tftproot
else lib.trace "No tftproot for ${host}" null;
} }
) )
{ } { }