Deadnix, statix, other cleanups
This commit is contained in:
parent
32dd3e9d8a
commit
6b8d8541c6
|
@ -207,7 +207,7 @@
|
||||||
inherit (inputs) tracer bevy-mandelbrot bevy-julia;
|
inherit (inputs) tracer bevy-mandelbrot bevy-julia;
|
||||||
};
|
};
|
||||||
|
|
||||||
legacyPackages = lib.attrsets.mapAttrs (system: pkgs:
|
legacyPackages = lib.attrsets.mapAttrs (_: pkgs:
|
||||||
pkgs.appendOverlays [
|
pkgs.appendOverlays [
|
||||||
fenix.overlays.default
|
fenix.overlays.default
|
||||||
naersk.overlay
|
naersk.overlay
|
||||||
|
@ -224,7 +224,7 @@
|
||||||
inherit specialArgs system;
|
inherit specialArgs system;
|
||||||
|
|
||||||
modules = [
|
modules = [
|
||||||
({ pkgs, ... }: {
|
({ ... }: {
|
||||||
_module.args = extraArgs // {
|
_module.args = extraArgs // {
|
||||||
inherit hostRegistry inputs zentralwerk;
|
inherit hostRegistry inputs zentralwerk;
|
||||||
};
|
};
|
||||||
|
@ -327,7 +327,7 @@
|
||||||
|
|
||||||
radiobert = nixosSystem' {
|
radiobert = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
({ modulesPath, ... }:
|
({ ... }:
|
||||||
{
|
{
|
||||||
nixpkgs.overlays = [ heliwatch.overlay ];
|
nixpkgs.overlays = [ heliwatch.overlay ];
|
||||||
})
|
})
|
||||||
|
@ -763,7 +763,7 @@
|
||||||
else nixosSystem.config.system.build.toplevel
|
else nixosSystem.config.system.build.toplevel
|
||||||
) self.nixosConfigurations
|
) self.nixosConfigurations
|
||||||
// nixos.lib.filterAttrs (name: attr:
|
// nixos.lib.filterAttrs (name: attr:
|
||||||
(builtins.match ".+-tftproot" name != null && lib.isDerivation attr)
|
(lib.match ".+-tftproot" name != null && lib.isDerivation attr)
|
||||||
) self.packages.aarch64-linux
|
) self.packages.aarch64-linux
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
@ -58,7 +58,7 @@
|
||||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets."portunus/seed" = {
|
secrets."portunus/seed" = {
|
||||||
group = config.services.portunus.group;
|
inherit (config.services.portunus) group;
|
||||||
owner = config.services.portunus.user;
|
owner = config.services.portunus.user;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ hostRegistry, zentralwerk, config, ... }:
|
{ config, ... }:
|
||||||
{
|
{
|
||||||
microvm.mem = 2048;
|
microvm.mem = 2048;
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, zentralwerk, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
mymqttui = pkgs.writeScriptBin "mqttui" ''
|
mymqttui = pkgs.writeScriptBin "mqttui" ''
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, nixpkgs, config, lib, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
webroot = "/var/www";
|
webroot = "/var/www";
|
||||||
geminiRoot = "/var/gemini";
|
geminiRoot = "/var/gemini";
|
||||||
|
@ -150,11 +150,11 @@ in
|
||||||
home = "/var/lib/c3d2-web";
|
home = "/var/lib/c3d2-web";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = with config.users.users.c3d2-web; [
|
||||||
"d ${webroot}/c3d2 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
|
"d ${webroot}/c3d2 0755 c3d2-web ${group} -"
|
||||||
"d ${webroot}/log 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
|
"d ${webroot}/log 0755 c3d2-web ${group} -"
|
||||||
"d ${geminiRoot} 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
|
"d ${geminiRoot} 0755 c3d2-web ${group} -"
|
||||||
"d ${config.users.users.c3d2-web.home} 0700 c3d2-web ${config.users.users.c3d2-web.group} -"
|
"d ${home} 0700 c3d2-web ${group} -"
|
||||||
];
|
];
|
||||||
|
|
||||||
# Build script
|
# Build script
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ hostRegistry, config, lib, pkgs, modulesPath, ... }:
|
{ hostRegistry, config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
|
||||||
domain = "direkthilfe.c3d2.de";
|
{
|
||||||
in {
|
|
||||||
networking.hostName = "direkthilfe";
|
networking.hostName = "direkthilfe";
|
||||||
microvm.mem = 1024;
|
microvm.mem = 1024;
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
|
@ -27,7 +26,7 @@ in {
|
||||||
|
|
||||||
services.engelsystem = {
|
services.engelsystem = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = domain;
|
domain = "direkthilfe.c3d2.de";
|
||||||
createDatabase = true;
|
createDatabase = true;
|
||||||
package = pkgs.engelsystem.override { php = pkgs.php74; };
|
package = pkgs.engelsystem.override { php = pkgs.php74; };
|
||||||
config = {
|
config = {
|
||||||
|
@ -64,7 +63,7 @@ in {
|
||||||
services.phpfpm.phpPackage = pkgs.php74;
|
services.phpfpm.phpPackage = pkgs.php74;
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."${domain}" = {
|
virtualHosts."${config.services.engelsystem.domain}" = {
|
||||||
default = true;
|
default = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -140,7 +140,7 @@ in {
|
||||||
}
|
}
|
||||||
'' else
|
'' else
|
||||||
"";
|
"";
|
||||||
interface = if conf ? interface then conf.interface else name;
|
interface = conf.interface or name;
|
||||||
in "${neighbor4}${neighbor6}") neighbors));
|
in "${neighbor4}${neighbor6}") neighbors));
|
||||||
in ''
|
in ''
|
||||||
protocol kernel {
|
protocol kernel {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, zentralwerk, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, zentralwerk, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ ./hardware-configuration.nix ];
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, pkgs, lib, modulesPath, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
restartServices = [ "grafana" "influxdb" ];
|
restartServices = [ "grafana" "influxdb" ];
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, pkgs, lib, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -52,5 +52,5 @@
|
||||||
c3d2.hq.statistics.enable = true;
|
c3d2.hq.statistics.enable = true;
|
||||||
services.smartd.enable = true;
|
services.smartd.enable = true;
|
||||||
|
|
||||||
system.stateVersion = "20.09"; # Did you read the comment?
|
system.stateVersion = "20.09";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ self, hostRegistry, hydra-ca, config, lib, pkgs, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cachePort = 5000;
|
cachePort = 5000;
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
# `...-' `...-'
|
# `...-' `...-'
|
||||||
#--------------------------------------------------------------------------------
|
#--------------------------------------------------------------------------------
|
||||||
|
|
||||||
{ config, lib, pkgs, ... }:
|
{ lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
deployment = {
|
deployment = {
|
||||||
persistedShares = [ "/etc" "/home" "/var" ];
|
persistedShares = [ "/etc" "/home" "/var" ];
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
deployment = {
|
deployment = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.hostName = "mediawiki";
|
networking.hostName = "mediawiki";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
microvm.mem = 1024;
|
microvm.mem = 1024;
|
||||||
c3d2.isInHq = false;
|
c3d2.isInHq = false;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, tigger, ... }:
|
{ pkgs, tigger, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
deployment = {
|
deployment = {
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ zentralwerk, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
{
|
{
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ lib, ... }:
|
||||||
let
|
let
|
||||||
netConfig = zentralwerk.lib.config.site.net.serv;
|
|
||||||
|
|
||||||
nfsExports = [
|
nfsExports = [
|
||||||
"var/lib/nfsroot/dacbert"
|
"var/lib/nfsroot/dacbert"
|
||||||
"var/lib/nfsroot/riscbert"
|
"var/lib/nfsroot/riscbert"
|
||||||
|
|
|
@ -37,7 +37,7 @@
|
||||||
xx = "tx"; # transmit only
|
xx = "tx"; # transmit only
|
||||||
when-tx-exists = true;
|
when-tx-exists = true;
|
||||||
};
|
};
|
||||||
in lib.mapAttrs (name: value:
|
in lib.mapAttrs (_: value:
|
||||||
value // {
|
value // {
|
||||||
via = lib.lists.remove "c3d2" value.via;
|
via = lib.lists.remove "c3d2" value.via;
|
||||||
} // (lib.attrsets.optionalAttrs (value.addrs or { } != { }) {
|
} // (lib.attrsets.optionalAttrs (value.addrs or { } != { }) {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
{
|
||||||
exec = {
|
programs.nncp.settings.neigh.emery.exec = {
|
||||||
# A command to asynchronously export store paths to a remote caller.
|
# A command to asynchronously export store paths to a remote caller.
|
||||||
nix-store-export = with pkgs;
|
nix-store-export = with pkgs;
|
||||||
[
|
[
|
||||||
|
@ -16,4 +16,4 @@ let
|
||||||
# A command to import store paths from a remote caller.
|
# A command to import store paths from a remote caller.
|
||||||
nix-store-import = [ "${config.nix.package}/bin/nix-store" "--import" ];
|
nix-store-import = [ "${config.nix.package}/bin/nix-store" "--import" ];
|
||||||
};
|
};
|
||||||
in { programs.nncp.settings.neigh = { emery = { inherit exec; }; }; }
|
}
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
{ zentralwerk, oparl-scraper, config, pkgs, ... }:
|
{ oparl-scraper, config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
ratsinfo-scraper = import oparl-scraper { inherit pkgs; };
|
ratsinfo-scraper = import oparl-scraper { inherit pkgs; };
|
||||||
|
|
||||||
netConfig = zentralwerk.lib.config.site.net.serv;
|
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
|
@ -41,7 +39,7 @@ in
|
||||||
path = with pkgs; [
|
path = with pkgs; [
|
||||||
git openssh poppler_utils ratsinfo-scraper
|
git openssh poppler_utils ratsinfo-scraper
|
||||||
];
|
];
|
||||||
script = ''
|
script = /* bash */ ''
|
||||||
if [ -d data ]; then
|
if [ -d data ]; then
|
||||||
pushd data
|
pushd data
|
||||||
git pull
|
git pull
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, pkgs, lib, ... }:
|
{ zentralwerk, config, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
sops.defaultSopsFile = ./secrets.yaml;
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
|
@ -64,7 +64,7 @@
|
||||||
static_configs =
|
static_configs =
|
||||||
let
|
let
|
||||||
zwNets = zentralwerk.lib.config.site.net;
|
zwNets = zentralwerk.lib.config.site.net;
|
||||||
fromNet = net: filter:
|
fromNet = net: _:
|
||||||
map (host:
|
map (host:
|
||||||
"${host}.${net}.zentralwerk.org:9100"
|
"${host}.${net}.zentralwerk.org:9100"
|
||||||
) (builtins.attrNames zwNets.${net}.hosts4);
|
) (builtins.attrNames zwNets.${net}.hosts4);
|
||||||
|
|
|
@ -1,50 +1,48 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
with lib;
|
let
|
||||||
let cfg = config.services.proxy;
|
cfg = config.services.proxy;
|
||||||
|
canonicalize = builtins.replaceStrings [ "*" "." ":" "[" "]" ] [ "all" "_" "_" "" "" ];
|
||||||
canonicalize = builtins.replaceStrings ["*" "." ":" "[" "]"] ["all" "_" "_" "" ""];
|
in
|
||||||
|
{
|
||||||
in {
|
|
||||||
|
|
||||||
options.services.proxy = {
|
options.services.proxy = {
|
||||||
|
enable = lib.mkOption {
|
||||||
enable = mkOption {
|
|
||||||
default = false;
|
default = false;
|
||||||
description = "whether to enable proxy";
|
description = "whether to enable proxy";
|
||||||
type = types.bool;
|
type = lib.types.bool;
|
||||||
};
|
};
|
||||||
|
|
||||||
proxyHosts = mkOption {
|
proxyHosts = lib.mkOption {
|
||||||
type = types.listOf (types.submodule {
|
type = lib.types.listOf (lib.types.submodule {
|
||||||
options = {
|
options = {
|
||||||
hostNames = mkOption {
|
hostNames = lib.mkOption {
|
||||||
type = types.listOf types.str;
|
type = with lib.types; listOf str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
description = ''
|
description = ''
|
||||||
Proxy these hostNames.
|
Proxy these hostNames.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
proxyTo = mkOption {
|
proxyTo = lib.mkOption {
|
||||||
type = types.submodule {
|
type = lib.types.submodule {
|
||||||
options = {
|
options = {
|
||||||
host = mkOption {
|
host = lib.mkOption {
|
||||||
type = types.nullOr types.string;
|
type = with lib.types; nullOr string;
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = ''
|
||||||
Host to forward traffic to.
|
Host to forward traffic to.
|
||||||
Any hostname may only be used once
|
Any hostname may only be used once
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
httpPort = mkOption {
|
httpPort = lib.mkOption {
|
||||||
type = types.int;
|
type = lib.types.int;
|
||||||
default = 80;
|
default = 80;
|
||||||
description = ''
|
description = ''
|
||||||
Port to forward http to.
|
Port to forward http to.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
httpsPort = mkOption {
|
httpsPort = lib.mkOption {
|
||||||
type = types.int;
|
type = lib.types.int;
|
||||||
default = 443;
|
default = 443;
|
||||||
description = ''
|
description = ''
|
||||||
Port to forward http to.
|
Port to forward http to.
|
||||||
|
@ -57,8 +55,8 @@ in {
|
||||||
'';
|
'';
|
||||||
default = { };
|
default = { };
|
||||||
};
|
};
|
||||||
matchArg = mkOption {
|
matchArg = lib.mkOption {
|
||||||
type = types.str;
|
type = lib.types.str;
|
||||||
default = "";
|
default = "";
|
||||||
description = "Optional argument to HAProxy `req.ssl_sni -i`";
|
description = "Optional argument to HAProxy `req.ssl_sni -i`";
|
||||||
};
|
};
|
||||||
|
@ -76,11 +74,9 @@ in {
|
||||||
};
|
};
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
services.haproxy = {
|
services.haproxy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
|
@ -101,10 +97,9 @@ in {
|
||||||
option forwardfor
|
option forwardfor
|
||||||
http-request set-header X-Forwarded-Proto http
|
http-request set-header X-Forwarded-Proto http
|
||||||
http-request set-header X-Forwarded-Port 80
|
http-request set-header X-Forwarded-Port 80
|
||||||
${
|
${lib.concatMapStrings ({ proxyTo, hostNames, matchArg }:
|
||||||
concatMapStrings ({ proxyTo, hostNames, matchArg }:
|
lib.optionalString (hostNames != [ ] && proxyTo.host != null) (
|
||||||
optionalString (hostNames != [ ] && proxyTo.host != null) (
|
lib.concatMapStrings (hostname: ''
|
||||||
concatMapStrings (hostname: ''
|
|
||||||
use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} }
|
use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} }
|
||||||
server ${canonicalize hostname}-http ${proxyTo.host}:${
|
server ${canonicalize hostname}-http ${proxyTo.host}:${
|
||||||
toString proxyTo.httpPort
|
toString proxyTo.httpPort
|
||||||
|
@ -118,13 +113,13 @@ in {
|
||||||
bind :::443 v4v6
|
bind :::443 v4v6
|
||||||
tcp-request inspect-delay 5s
|
tcp-request inspect-delay 5s
|
||||||
tcp-request content accept if { req.ssl_hello_type 1 }
|
tcp-request content accept if { req.ssl_hello_type 1 }
|
||||||
${concatMapStrings ({ proxyTo, hostNames, matchArg }:
|
${lib.concatMapStrings ({ proxyTo, hostNames, matchArg }:
|
||||||
concatMapStrings (hostname: ''
|
lib.concatMapStrings (hostname: ''
|
||||||
use_backend ${canonicalize proxyTo.host}-https if { req.ssl_sni -i ${matchArg} ${hostname} }
|
use_backend ${canonicalize proxyTo.host}-https if { req.ssl_sni -i ${matchArg} ${hostname} }
|
||||||
'') hostNames
|
'') hostNames
|
||||||
) cfg.proxyHosts}
|
) cfg.proxyHosts}
|
||||||
|
|
||||||
${concatMapStrings ({ proxyTo, hostNames, matchArg }: ''
|
${lib.concatMapStrings ({ proxyTo, ... }: ''
|
||||||
backend ${canonicalize proxyTo.host}-https
|
backend ${canonicalize proxyTo.host}-https
|
||||||
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${
|
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${
|
||||||
toString proxyTo.httpsPort
|
toString proxyTo.httpsPort
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
c3d2.hq.statistics.enable = true;
|
c3d2.hq.statistics.enable = true;
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
#imports =
|
#imports =
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ hostRegistry, nixpkgs, config, lib, pkgs, modulesPath, ... }:
|
{ hostRegistry, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, pkgs, config, scrapers, ... }:
|
{ pkgs, config, scrapers, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
freifunkNodes = {
|
freifunkNodes = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
deployment = {
|
deployment = {
|
||||||
# needs to keep just its ssh key for sops-nix
|
# needs to keep just its ssh key for sops-nix
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
_:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ zentralwerk, ... }:
|
_:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
server = "server10";
|
server = "server10";
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ zentralwerk, config, ... }:
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
{
|
{
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
|
||||||
domain = "zengel.datenspuren.de";
|
{
|
||||||
in {
|
|
||||||
networking.hostName = "zengel";
|
networking.hostName = "zengel";
|
||||||
microvm.mem = 1024;
|
microvm.mem = 1024;
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
|
@ -13,7 +12,7 @@ in {
|
||||||
|
|
||||||
services.engelsystem = {
|
services.engelsystem = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = domain;
|
domain = "zengel.datenspuren.de";
|
||||||
createDatabase = true;
|
createDatabase = true;
|
||||||
package = pkgs.engelsystem.override { php = pkgs.php74; };
|
package = pkgs.engelsystem.override { php = pkgs.php74; };
|
||||||
config = {
|
config = {
|
||||||
|
@ -50,7 +49,7 @@ in {
|
||||||
services.phpfpm.phpPackage = pkgs.php74;
|
services.phpfpm.phpPackage = pkgs.php74;
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."${domain}" = {
|
virtualHosts."${config.services.engelsystem.domain}" = {
|
||||||
default = true;
|
default = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
bluetoothSupport = true;
|
bluetoothSupport = true;
|
||||||
advancedBluetoothCodecs = true;
|
advancedBluetoothCodecs = true;
|
||||||
zeroconfSupport = true;
|
zeroconfSupport = true;
|
||||||
}).overrideAttrs (oldAttrs: {
|
}).overrideAttrs (_: {
|
||||||
# one test times out
|
# one test times out
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
});
|
});
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
config.services.postgresqlBackup = {
|
config.services.postgresqlBackup = {
|
||||||
enable = config.services.postgresql.enable;
|
inherit (config.services.postgresql) enable;
|
||||||
backupAll = true;
|
backupAll = true;
|
||||||
compression = "zstd";
|
compression = "zstd";
|
||||||
# compressionLevel = 9; # TODO: only available with 21.11
|
# compressionLevel = 9; # TODO: only available with 21.11
|
||||||
|
|
|
@ -169,21 +169,21 @@ in
|
||||||
|
|
||||||
config =
|
config =
|
||||||
let
|
let
|
||||||
adminKeys = (with builtins; lib.lists.flatten (
|
adminKeys = with builtins; lib.lists.flatten (
|
||||||
map
|
map
|
||||||
(getAttr "sshKeys")
|
(getAttr "sshKeys")
|
||||||
(attrValues cfg.users)
|
(attrValues cfg.users)
|
||||||
));
|
);
|
||||||
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
|
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
networking.hosts = lib.mkIf cfg.mergeHostsFile
|
networking.hosts = lib.mkIf cfg.mergeHostsFile
|
||||||
((
|
((
|
||||||
lib.attrsets.mapAttrs' (n: v: { name = v.ip4; value = [ "${n}.c3d2" ]; })
|
lib.attrsets.mapAttrs' (n: v: { name = v.ip4; value = [ "${n}.c3d2" ]; })
|
||||||
(lib.attrsets.filterAttrs (n: v: v.ip4 != null) cfg.hosts)
|
(lib.attrsets.filterAttrs (_: v: v.ip4 != null) cfg.hosts)
|
||||||
) // (
|
) // (
|
||||||
lib.attrsets.mapAttrs' (n: v: { name = v.ip6; value = [ "${n}.c3d2" ]; })
|
lib.attrsets.mapAttrs' (n: v: { name = v.ip6; value = [ "${n}.c3d2" ]; })
|
||||||
(lib.attrsets.filterAttrs (n: v: v.ip6 != null) cfg.hosts)
|
(lib.attrsets.filterAttrs (_: v: v.ip6 != null) cfg.hosts)
|
||||||
));
|
));
|
||||||
|
|
||||||
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
|
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, hostRegistry, config, lib, pkgs, ... }:
|
{ zentralwerk, hostRegistry, config, lib, ... }:
|
||||||
let
|
let
|
||||||
inherit (config.networking) hostName;
|
inherit (config.networking) hostName;
|
||||||
|
|
||||||
|
@ -15,8 +15,6 @@ let
|
||||||
then net
|
then net
|
||||||
else result
|
else result
|
||||||
) null [ "cluster" "serv" ];
|
) null [ "cluster" "serv" ];
|
||||||
|
|
||||||
ipv4Addr = zentralwerk.lib.config.site.net.${serverNet hostName}.hosts4.${hostName};
|
|
||||||
in {
|
in {
|
||||||
# Open firewall between cluster members
|
# Open firewall between cluster members
|
||||||
networking.firewall.extraCommands = lib.concatMapStrings (server:
|
networking.firewall.extraCommands = lib.concatMapStrings (server:
|
||||||
|
@ -41,7 +39,7 @@ in {
|
||||||
);
|
);
|
||||||
nomad = {
|
nomad = {
|
||||||
datacenter = "c3d2";
|
datacenter = "c3d2";
|
||||||
servers = servers;
|
inherit servers;
|
||||||
# run tasks only on these:
|
# run tasks only on these:
|
||||||
client.enable = builtins.elem hostName microvmServers;
|
client.enable = builtins.elem hostName microvmServers;
|
||||||
client.meta =
|
client.meta =
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
networks = mkOption {
|
networks = mkOption {
|
||||||
type = with types; listOf str;
|
type = with types; listOf str;
|
||||||
default = builtins.attrNames (
|
default = builtins.attrNames (
|
||||||
lib.filterAttrs (net: { hosts4, hosts6, ... }:
|
lib.filterAttrs (_: { hosts4, hosts6, ... }:
|
||||||
hosts4 ? ${config.networking.hostName} ||
|
hosts4 ? ${config.networking.hostName} ||
|
||||||
lib.filterAttrs (ctx: hosts6:
|
lib.filterAttrs (_: hosts6:
|
||||||
hosts6 ? ${config.networking.hostName}
|
hosts6 ? ${config.networking.hostName}
|
||||||
) hosts6 != {}
|
) hosts6 != {}
|
||||||
) zentralwerk.lib.config.site.net
|
) zentralwerk.lib.config.site.net
|
||||||
|
|
|
@ -31,8 +31,7 @@ in
|
||||||
{
|
{
|
||||||
microvm = {
|
microvm = {
|
||||||
hypervisor = "cloud-hypervisor";
|
hypervisor = "cloud-hypervisor";
|
||||||
vcpu = config.deployment.vcpu;
|
inherit (config.deployment) mem vcpu;
|
||||||
mem = config.deployment.mem;
|
|
||||||
|
|
||||||
preStart = ''
|
preStart = ''
|
||||||
# Discard old writable store overlay
|
# Discard old writable store overlay
|
||||||
|
|
|
@ -1,28 +1,6 @@
|
||||||
{ hostRegistry, config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
{
|
||||||
|
|
||||||
nginxGlobalLogging = ''
|
|
||||||
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
|
|
||||||
'"remote_addr": "$remote_addr", '
|
|
||||||
'"body_bytes_sent": $body_bytes_sent, '
|
|
||||||
'"request_time": $request_time, '
|
|
||||||
'"response_status": $status, '
|
|
||||||
'"request": "$request", '
|
|
||||||
'"request_method": "$request_method", '
|
|
||||||
'"host": "$host",'
|
|
||||||
'"upstream_cache_status": "$upstream_cache_status",'
|
|
||||||
'"upstream_addr": "$upstream_addr",'
|
|
||||||
'"http_x_forwarded_for": "$http_x_forwarded_for",'
|
|
||||||
'"http_referrer": "$http_referer", '
|
|
||||||
'"http_user_agent": "$http_user_agent" }';
|
|
||||||
|
|
||||||
# replace the hostnames with the IP or hostname of your Graylog2 server
|
|
||||||
access_log syslog:server=graylog.server.org:12301 graylog2_json;
|
|
||||||
error_log syslog:server=graylog.server.org:12302;
|
|
||||||
'';
|
|
||||||
|
|
||||||
in {
|
|
||||||
# add central logging
|
# add central logging
|
||||||
services.journalbeat = {
|
services.journalbeat = {
|
||||||
enable = false;
|
enable = false;
|
||||||
|
|
|
@ -19,9 +19,9 @@ let
|
||||||
"${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}";
|
"${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}";
|
||||||
|
|
||||||
nets = builtins.attrNames (
|
nets = builtins.attrNames (
|
||||||
lib.filterAttrs (net: { hosts4, hosts6, ... }:
|
lib.filterAttrs (_: { hosts4, hosts6, ... }:
|
||||||
hosts4 ? ${hostName} ||
|
hosts4 ? ${hostName} ||
|
||||||
lib.filterAttrs (ctx: hosts6:
|
lib.filterAttrs (_: hosts6:
|
||||||
hosts6 ? ${hostName}
|
hosts6 ? ${hostName}
|
||||||
) hosts6 != {}
|
) hosts6 != {}
|
||||||
) zentralwerk.lib.config.site.net
|
) zentralwerk.lib.config.site.net
|
||||||
|
|
|
@ -1,13 +1,10 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, ... }:
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
nncpCfgFile = "/run/nncp.hjson";
|
nncpCfgFile = "/run/nncp.hjson";
|
||||||
programCfg = lib.optionalAttrs (config.programs ? nncp) config.programs.nncp;
|
programCfg = lib.optionalAttrs (config.programs ? nncp) config.programs.nncp;
|
||||||
callerCfg = config.services.nncp.caller;
|
callerCfg = config.services.nncp.caller;
|
||||||
daemonCfg = config.services.nncp.daemon;
|
daemonCfg = config.services.nncp.daemon;
|
||||||
settingsFormat = pkgs.formats.json { };
|
|
||||||
jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
|
|
||||||
pkg = programCfg.package;
|
pkg = programCfg.package;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -15,13 +12,13 @@ in
|
||||||
|
|
||||||
services.nncp = {
|
services.nncp = {
|
||||||
caller = {
|
caller = {
|
||||||
enable = mkEnableOption ''
|
enable = lib.mkEnableOption ''
|
||||||
croned NNCP TCP daemon caller.
|
croned NNCP TCP daemon caller.
|
||||||
The daemon will take configuration from
|
The daemon will take configuration from
|
||||||
<xref linkend="opt-programs.nncp.settings"/>
|
<xref linkend="opt-programs.nncp.settings"/>
|
||||||
'';
|
'';
|
||||||
extraArgs = mkOption {
|
extraArgs = lib.mkOption {
|
||||||
type = with types; listOf str;
|
type = with lib.types; listOf str;
|
||||||
description = "Extra command-line arguments to pass to caller.";
|
description = "Extra command-line arguments to pass to caller.";
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = [ "-autotoss" ];
|
example = [ "-autotoss" ];
|
||||||
|
@ -29,18 +26,18 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
daemon = {
|
daemon = {
|
||||||
enable = mkEnableOption ''
|
enable = lib.mkEnableOption ''
|
||||||
NNCP TCP synronization daemon.
|
NNCP TCP synronization daemon.
|
||||||
The daemon will take configuration from
|
The daemon will take configuration from
|
||||||
<xref linkend="opt-programs.nncp.settings"/>
|
<xref linkend="opt-programs.nncp.settings"/>
|
||||||
'';
|
'';
|
||||||
|
|
||||||
socketActivation = {
|
socketActivation = {
|
||||||
enable = mkEnableOption ''
|
enable = lib.mkEnableOption ''
|
||||||
Whether to run nncp-daemon persistently or socket-activated.
|
Whether to run nncp-daemon persistently or socket-activated.
|
||||||
'';
|
'';
|
||||||
listenStreams = mkOption {
|
listenStreams = lib.mkOption {
|
||||||
type = with types; listOf str;
|
type = with lib.types; listOf str;
|
||||||
description = ''
|
description = ''
|
||||||
TCP sockets to bind to.
|
TCP sockets to bind to.
|
||||||
See <xref linkend="opt-systemd.sockets._name_.listenStreams"/>.
|
See <xref linkend="opt-systemd.sockets._name_.listenStreams"/>.
|
||||||
|
@ -49,8 +46,8 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
extraArgs = mkOption {
|
extraArgs = lib.mkOption {
|
||||||
type = with types; listOf str;
|
type = with lib.types; listOf str;
|
||||||
description = "Extra command-line arguments to pass to daemon.";
|
description = "Extra command-line arguments to pass to daemon.";
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = [ "-autotoss" ];
|
example = [ "-autotoss" ];
|
||||||
|
@ -60,15 +57,14 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) {
|
config = lib.mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) {
|
||||||
|
|
||||||
assertions = [{
|
assertions = [{
|
||||||
assertion = with builtins;
|
assertion =
|
||||||
let
|
let
|
||||||
callerCongfigured =
|
callerCongfigured =
|
||||||
let neigh = config.programs.nncp.settings.neigh or { };
|
let neigh = config.programs.nncp.settings.neigh or { };
|
||||||
in lib.lists.any (x: hasAttr "calls" x && x.calls != [ ])
|
in lib.lists.any (x: lib.hasAttr "calls" x && x.calls != [ ])
|
||||||
(attrValues neigh);
|
(lib.attrValues neigh);
|
||||||
in !callerCfg.enable || callerCongfigured;
|
in !callerCfg.enable || callerCongfigured;
|
||||||
message = "NNCP caller enabled but call configuration is missing";
|
message = "NNCP caller enabled but call configuration is missing";
|
||||||
}];
|
}];
|
||||||
|
@ -89,7 +85,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."nncp-daemon" = mkIf daemonCfg.enable {
|
systemd.services."nncp-daemon" = lib.mkIf daemonCfg.enable {
|
||||||
enable = !daemonCfg.socketActivation.enable;
|
enable = !daemonCfg.socketActivation.enable;
|
||||||
description = "NNCP TCP syncronization daemon.";
|
description = "NNCP TCP syncronization daemon.";
|
||||||
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
|
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
|
||||||
|
@ -106,7 +102,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."nncp-daemon@" = mkIf daemonCfg.socketActivation.enable {
|
systemd.services."nncp-daemon@" = lib.mkIf daemonCfg.socketActivation.enable {
|
||||||
description = "NNCP TCP syncronization daemon.";
|
description = "NNCP TCP syncronization daemon.";
|
||||||
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
|
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
@ -123,7 +119,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.sockets.nncp-daemon = mkIf daemonCfg.socketActivation.enable {
|
systemd.sockets.nncp-daemon = lib.mkIf daemonCfg.socketActivation.enable {
|
||||||
inherit (daemonCfg.socketActivation) listenStreams;
|
inherit (daemonCfg.socketActivation) listenStreams;
|
||||||
description = "socket for NNCP TCP syncronization.";
|
description = "socket for NNCP TCP syncronization.";
|
||||||
conflicts = [ "nncp-daemon.service" ];
|
conflicts = [ "nncp-daemon.service" ];
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
inherit (pkgs) plume;
|
|
||||||
cfg = config.services.plume;
|
cfg = config.services.plume;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -33,7 +32,7 @@ in
|
||||||
ids.uids.plume = 499;
|
ids.uids.plume = 499;
|
||||||
users.users.${cfg.user} = {
|
users.users.${cfg.user} = {
|
||||||
uid = config.ids.uids.plume;
|
uid = config.ids.uids.plume;
|
||||||
group = cfg.group;
|
inherit (cfg) group;
|
||||||
home = "/var/lib/plume";
|
home = "/var/lib/plume";
|
||||||
};
|
};
|
||||||
users.groups.${cfg.group} = {};
|
users.groups.${cfg.group} = {};
|
||||||
|
@ -52,11 +51,11 @@ in
|
||||||
after = [ "postgresql.service" ];
|
after = [ "postgresql.service" ];
|
||||||
requires = [ "postgresql.service" ];
|
requires = [ "postgresql.service" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = [ plume ];
|
path = [ pkgs.plume ];
|
||||||
script = ''
|
script = ''
|
||||||
ln -sf ${cfg.envFile} .env
|
ln -sf ${cfg.envFile} .env
|
||||||
mkdir -p static/media
|
mkdir -p static/media
|
||||||
for f in ${plume}/share/plume/static/*; do
|
for f in ${pkgs.plume}/share/plume/static/*; do
|
||||||
n=$(basename "$f")
|
n=$(basename "$f")
|
||||||
if [ "$n" != media ]; then
|
if [ "$n" != media ]; then
|
||||||
rm -f "static/$n"
|
rm -f "static/$n"
|
||||||
|
@ -79,7 +78,7 @@ in
|
||||||
#! ${pkgs.runtimeShell} -e
|
#! ${pkgs.runtimeShell} -e
|
||||||
|
|
||||||
plm() {
|
plm() {
|
||||||
sudo -u ${config.services.plume.user} -- ${plume}/bin/plm $@
|
sudo -u ${config.services.plume.user} -- ${pkgs.plume}/bin/plm $@
|
||||||
}
|
}
|
||||||
|
|
||||||
plm migration run
|
plm migration run
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ hostRegistry, config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
{
|
{
|
||||||
boot = {
|
boot = {
|
||||||
loader.generic-extlinux-compatible.enable = false;
|
loader.generic-extlinux-compatible.enable = false;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ stdenv, fetchgit, fetchpatch, }:
|
{ stdenv, fetchgit }:
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
pname = "bmxd";
|
pname = "bmxd";
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ naersk
|
{ naersk
|
||||||
, fenix
|
, fenix
|
||||||
, curl
|
|
||||||
, nodejs
|
, nodejs
|
||||||
, rustPlatform
|
, rustPlatform
|
||||||
, stdenv
|
, stdenv
|
||||||
|
@ -137,7 +136,7 @@ let
|
||||||
"--package=plume-front"
|
"--package=plume-front"
|
||||||
];
|
];
|
||||||
copyLibs = true;
|
copyLibs = true;
|
||||||
overrideMain = oa: {
|
overrideMain = _: {
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
wasm-pack build --mode no-install --target web --release plume-front
|
wasm-pack build --mode no-install --target web --release plume-front
|
||||||
'';
|
'';
|
||||||
|
|
12
packages.nix
12
packages.nix
|
@ -5,12 +5,7 @@ let
|
||||||
let
|
let
|
||||||
hostConf = hostRegistry.hosts."${name}";
|
hostConf = hostRegistry.hosts."${name}";
|
||||||
in
|
in
|
||||||
if hostConf ? ip4
|
hostConf.ip4 or (hostConf.ip6 or (throw "Host ${name} has no ip4 or ip6 address"));
|
||||||
then hostConf.ip4
|
|
||||||
else if hostConf ? ip6
|
|
||||||
then hostConf.ip6
|
|
||||||
else throw "Host ${name} has no ip4 or ip6 address";
|
|
||||||
|
|
||||||
|
|
||||||
# all the input flakes for `nix copy` to the build machine,
|
# all the input flakes for `nix copy` to the build machine,
|
||||||
# allowing --override-input
|
# allowing --override-input
|
||||||
|
@ -309,10 +304,7 @@ lib.attrsets.mapAttrs
|
||||||
];
|
];
|
||||||
}).config.microvm.declaredRunner;
|
}).config.microvm.declaredRunner;
|
||||||
|
|
||||||
"${host}-tftproot" =
|
"${host}-tftproot" = config.system.build.tftproot or (lib.trace "No tftproot for ${host}" null);
|
||||||
if config.system.build ? tftproot
|
|
||||||
then config.system.build.tftproot
|
|
||||||
else lib.trace "No tftproot for ${host}" null;
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
{ }
|
{ }
|
||||||
|
|
Loading…
Reference in New Issue