Default microvm mounts to etc, home, var; random cleanups

hosts/auth/default.nix

@@ -1,12 +1,7 @@
 { config, ... }:
 
 {
-  c3d2 = {
+  c3d2.deployment.server = "server10";
-    deployment = {
-      server = "server10";
-      mounts = [ "etc" "home" "var"];
-    };
-  };
 
   system.stateVersion = "22.05";
 

hosts/bind/default.nix

@@ -20,26 +20,23 @@ in
   c3d2 = {
     isInHq = false;
     hq.statistics.enable = true;
-    deployment = {
+    deployment.server = "server10";
-      server = "server10";
-      mounts = [ "etc" "home" "var"];
-    };
   };
 
   system.stateVersion = "22.05";
 
-  networking.hostName = "bind";
+  networking = {
-
+    hostName = "bind";
-  networking.firewall.allowedTCPPorts = [
+    firewall = {
-    # DNS
+      allowedTCPPorts = [
-    53
+        53 # DNS
-    # HTTP(s)
+        80 443 # HTTP(s)
-    80 443
+      ];
-  ];
+      allowedUDPPorts = [
-  networking.firewall.allowedUDPPorts = [
+        53 # DNS
-    # DNS
+      ];
-    53
+    };
-  ];
+  };
 
   # DNS server
   services.bind = {

hosts/blogs/default.nix

@@ -1,11 +1,9 @@
 { config, ... }:
+
 {
   microvm.mem = 2048;
-  c3d2.deployment = {
+  c3d2.deployment.server = "server10";
-    server = "server10";
+
-    mounts = [ "etc" "home" "var"];
-  };
-  system.stateVersion = "22.05";
   networking = {
     hostName = "blogs";
     firewall.allowedTCPPorts = [
@@ -27,10 +25,14 @@
     };
   };
 
-  services.nginx.enable = true;
+  services.nginx = {
-  services.nginx.virtualHosts."blogs.c3d2.de" = {
+    enable = true;
-    forceSSL = true;
+    virtualHosts."blogs.c3d2.de" = {
-    enableACME = true;
+      forceSSL = true;
-    locations."/".proxyPass = "http://localhost:7878";
+      enableACME = true;
+      locations."/".proxyPass = "http://localhost:7878";
+    };
   };
+
+  system.stateVersion = "22.05";
 }

hosts/broker/default.nix

@@ -12,12 +12,7 @@ let
   mqttWebsocketPort = 9001;
 in
 {
-  c3d2 = {
+  c3d2.deployment.server = "server10";
-    deployment = {
-      server = "server10";
-      mounts = [ "etc" "var"];
-    };
-  };
 
   microvm.mem = 1024;
 

hosts/c3d2-web/default.nix

@@ -5,15 +5,15 @@ let
   deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service";
 in
 {
-  microvm.vcpu = 8;
+  microvm = {
-  microvm.mem = 1024;
+    vcpu = 8;
-  c3d2.deployment = {
+    mem = 1024;
-    server = "server10";
-    mounts = [ "etc" "home" "var"];
   };
+  c3d2.deployment.server = "server10";
+
   boot.tmpOnTmpfs = true;
   system.stateVersion = "22.05";
-  # Network setup
+
   networking.hostName = "c3d2-web";
   networking.firewall.allowedTCPPorts = [
     # telme10
@@ -154,17 +154,22 @@ in
   };
 
   # Build user
-  users.groups.c3d2-web = {};
+  users = {
-  users.users.c3d2-web = {
+    groups = {
-    isSystemUser = true;
+      c3d2-web = { };
-    group = "c3d2-web";
+      telme10 = { };
-    home = "/var/lib/c3d2-web";
+    };
-  };
+    users = {
-
+      c3d2-web = {
-  users.groups.telme10 = {};
+        isSystemUser = true;
-  users.users.telme10 = {
+        group = "c3d2-web";
-    isSystemUser = true;
+        home = "/var/lib/c3d2-web";
-    group = "telme10";
+      };
+      telme10 = {
+        isSystemUser = true;
+        group = "telme10";
+      };
+    };
   };
 
   systemd.tmpfiles.rules = with config.users.users.c3d2-web; [

hosts/caveman/default.nix

@@ -3,10 +3,9 @@
 {
   system.stateVersion = "22.05";
 
-  c3d2.hq.statistics.enable = true;
+  c3d2 = {
-  c3d2.deployment = {
+    deployment.server = "server10";
-    server = "server10";
+    hq.statistics.enable = true;
-    mounts = [ "etc" "var"];
   };
   microvm = {
     vcpu = 8;

hosts/direkthilfe/default.nix

@@ -1,27 +1,31 @@
 { config, pkgs, ... }:
 
 {
-  networking.hostName = "direkthilfe";
   microvm.mem = 1024;
-  c3d2.deployment = {
+  c3d2.deployment.server = "server10";
-    server = "server10";
+
-    mounts = [ "etc" "home" "var"];
+  networking = {
+    firewall.allowedTCPPorts = [ 22 80 443 ];
+    hostName = "direkthilfe";
+  };
+
+  service.openssh = {
+    enable = true;
+    extraConfig = ''
+      Match Group sftponly
+        # ChrootDirectory /home/%u
+        ForceCommand internal-sftp
+        AllowTcpForwarding no
+    '';
   };
 
-  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
-  services.openssh.enable = true;
-  services.openssh.extraConfig = ''
-    Match Group sftponly
-      # ChrootDirectory /home/%u
-      ForceCommand internal-sftp
-      AllowTcpForwarding no
-  '';
   users.groups.sftponly = {};
   users.users.hilfe = {
     isNormalUser = true;
     group = "users";
     extraGroups = [ "sftponly" ];
   };
+
   environment.systemPackages = with pkgs; [ vim git ];
 
   services.engelsystem = {

hosts/dn42/default.nix

@@ -18,11 +18,9 @@ in {
       interface = "c3d2";
       statistics.enable = true;
     };
-    deployment = {
+    deployment.server = "server10";
-      server = "server10";
-      mounts = [ "etc" "home" "var"];
-    };
   };
+
   services.collectd.plugins.exec =
     let
       routecount = pkgs.writeScript "run-routecount" ''

hosts/factorio/default.nix

@@ -1,12 +1,7 @@
 { config, lib, ... }:
 
 {
-  c3d2 = {
+  c3d2.deployment.server = "server10";
-    deployment = {
-      server = "server10";
-      mounts = [ "etc" "home" "var"];
-    };
-  };
 
   microvm.mem = 8 * 1024;
 

hosts/freifunk/default.nix

@@ -43,7 +43,6 @@ in {
     hq.statistics.enable = true;
     deployment = {
       server = "server10";
-      mounts = [ "etc" "home" "var"];
       autoNetSetup = false;
     };
   };

hosts/ftp/default.nix

@@ -1,23 +1,18 @@
 { config, pkgs, ... }:
 
 {
-  c3d2 = {
+  c3d2.deployment.server = "server9";
-    deployment = {
-      server = "server9";
-      mounts = [ "etc" "var"];
-    };
-  };
 
-  microvm.mem = 1024;
+  microvm = {
-  microvm.shares = [
+    mem = 1024;
-    {
+    shares = [{
       tag = "ftp";
       source = "/tank/storage/ftp";
       mountPoint = "/var/www";
       proto = "virtiofs";
       socket = "ftp.socket";
-    }
+    }];
-  ];
+  };
 
   networking = {
     hostName = "ftp";

hosts/gitea/default.nix

@@ -1,12 +1,7 @@
 { config, pkgs, lib, zentralwerk, ... }:
 
 {
-  c3d2 = {
+  c3d2.deployment.server = "server10";
-    deployment = {
-      server = "server10";
-      mounts = [ "etc" "home" "var"];
-    };
-  };
 
   microvm.mem = 4 * 1024;
 

hosts/grafana/default.nix

@@ -1,14 +1,11 @@
 { config, pkgs, ... }:
 
-let
+{
-  restartServices = [ "grafana" "influxdb" ];
-in {
   microvm.mem = 4096;
-  c3d2.deployment = {
+  c3d2 = {
-    server = "server10";
+    deployment.server = "server10";
-    mounts = [ "etc" "home" "var"];
+    isInHq = false;
   };
-  c3d2.isInHq = false;
 
   services.openssh.enable = true;
 
@@ -91,7 +88,7 @@ in {
           Restart = "always";
         };
       }
-    ) {} restartServices
+    ) {} [ "grafana" "influxdb" ]
     // {
       # work around our slow storage that can't keep up
       influxdb.serviceConfig.LimitNOFILE = "1048576:1048576";

hosts/hedgedoc/default.nix

@@ -1,12 +1,7 @@
 { config, pkgs, zentralwerk, ... }:
 
 {
-  c3d2 = {
+  c3d2.deployment.server = "server10";
-    deployment = {
-      server = "server10";
-      mounts = [ "etc" "home" "var"];
-    };
-  };
 
   microvm.mem = 1024;
 

hosts/jabber/default.nix

@@ -37,13 +37,11 @@ in
   };
 
   c3d2 = {
-    isInHq = false;
+    deployment.server = "server10";
     hq.statistics.enable = true;
-    deployment = {
+    isInHq = false;
-      server = "server10";
-      mounts = [ "etc" "home" "var"];
-    };
   };
+
   services.collectd.plugins.exec = ''
     Exec "${config.services.collectd.user}" "${pkgs.ruby}/bin/ruby" "${./prosody-stats.rb}"
   '';

hosts/mailtngbert/default.nix

@@ -42,12 +42,9 @@ in
   };
 
   c3d2 = {
-    isInHq = false;
+    deployment.server = "server10";
     hq.statistics.enable = true;
-    deployment = {
+    isInHq = false;
-      server = "server10";
-      mounts = [ "etc" "var" ];
-    };
   };
 
   sops.defaultSopsFile = ./secrets.yaml;

hosts/matemat/default.nix

@@ -1,17 +1,10 @@
 { pkgs, ... }:
 
 {
-  c3d2 = {
+  c3d2.deployment.server = "server10";
-    deployment = {
-      server = "server10";
-      mounts = [ "etc" "home" "var"];
-    };
-  };
 
   microvm.mem = 2 * 1024;
 
-  system.stateVersion = "22.05";
-
   networking = {
     hostName = "matemat";
     firewall.allowedTCPPorts = [ 80 443 ];
@@ -56,4 +49,6 @@
       from = "nek0@c3d2.de";
     };
   };
+
+  system.stateVersion = "22.05";
 }

hosts/mediawiki/default.nix

@@ -1,14 +1,13 @@
 { config, lib, pkgs, ... }:
 
 {
-  networking.hostName = "mediawiki";
+  networking = {
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+    firewall.allowedTCPPorts = [ 80 443 ];
-
+    hostName = "mediawiki";
-  c3d2.deployment = {
-    server = "server10";
-    mounts = [ "etc" "home" "var" ];
   };
 
+  c3d2.deployment.server = "server10";
+
   services.postgresql =
     let
       cfg = config.services.mediawiki;

hosts/mobilizon/default.nix

@@ -1,12 +1,12 @@
 { config, pkgs, ... }:
 {
-  c3d2.isInHq = false;
+  c3d2 = {
-  c3d2.deployment = {
+    deployment.server = "server10";
-    server = "server10";
+    isInHq = false;
-    mounts = [ "etc" "home" "var"];
   };
+
   microvm.mem = 2048;
-  system.stateVersion = "22.05";
+
   networking = {
     hostName = "mobilizon";
     firewall.allowedTCPPorts = [ 80 443 ];
@@ -47,4 +47,6 @@
       enableACME = true;
     };
   };
+
+  system.stateVersion = "22.05";
 }

hosts/network-homepage/default.nix

@@ -1,12 +1,9 @@
 { zentralwerk, pkgs, ... }:
 
 {
-  system.stateVersion = "22.05";
+  c3d2 = {
-
+    hq.statistics.enable = true;
-  c3d2.hq.statistics.enable = true;
+    deployment.server = "server10";
-  c3d2.deployment = {
-    server = "server10";
-    mounts = [ "etc" "var"];
   };
 
   networking = {
@@ -27,4 +24,6 @@
       };
     };
   };
+
+  system.stateVersion = "22.05";
 }

hosts/nfsroot/default.nix

@@ -25,10 +25,8 @@ in {
       autoCreate = false;
     }) nfsExports;
   };
-  c3d2.deployment = {
+
-    server = "server10";
+  c3d2.deployment.server = "server10";
-    mounts = [ "etc" "home" "var"];
-  };
 
   fileSystems = builtins.foldl' (fileSystems: export: fileSystems // {
     "/${export}".options = [ "relatime" "discard" ];

hosts/nncp/default.nix

@@ -9,12 +9,13 @@
     mac = "de:ec:9a:6f:3f:63";
   }];
 
-  c3d2.mergeNncpSettings = false;
+  c3d2 = {
-  c3d2.hq.statistics.enable = true;
+    deployment = {
-  c3d2.deployment = {
+      server = "server10";
-    server = "server10";
+      autoNetSetup = false;
-    mounts = [ "etc" "home" "var" ];
+    };
-    autoNetSetup = false;
+    hq.statistics.enable = true;
+    mergeNncpSettings = false;
   };
 
   system.stateVersion = "22.05";
@@ -68,5 +69,4 @@
       extraArgs = [ "-autotoss" ];
     };
   };
-
 }

hosts/oparl/default.nix

@@ -4,10 +4,7 @@ let
   ratsinfo-scraper = import oparl-scraper { inherit pkgs; };
 in
 {
-  c3d2.deployment = {
+  c3d2.deployment.server = "server10";
-    server = "server10";
-    mounts = [ "etc" "home" "var"];
-  };
   microvm.mem = 1024;
 
   networking.hostName = "oparl";

hosts/public-access-proxy/default.nix

@@ -6,10 +6,7 @@
     ./stats.nix
   ];
 
-  c3d2.deployment = {
+  c3d2.deployment.server = "server10";
-    server = "server10";
-    mounts = [ "etc" "var"];
-  };
 
   networking.hostName = "public-access-proxy";
 

hosts/scrape/default.nix

@@ -12,10 +12,7 @@ let
 in {
   c3d2 = {
     isInHq = false;
-    deployment = {
+    deployment.server = "server10";
-      server = "server10";
-      mounts = [ "etc" "home" "var"];
-    };
   };
 
   networking.hostName = "scrape";

hosts/spaceapi/default.nix

@@ -1,22 +1,17 @@
 _:
 
 {
-  c3d2.deployment = {
+  c3d2.deployment.server = "server10";
-    server = "server10";
+
-    mounts = [ "etc" "var"];
+  networking = {
+    firewall.enable = false;
+    hostName = "spaceapi";
   };
 
-  networking.hostName = "spaceapi";
+  services.spaceapi.enable = true;
-  networking.firewall.enable = false;
-
-  services.spaceapi = { enable = true; };
 
   # HACK for ‘ekg-json-0.1.0.6’ nixos-22.05
-  nixpkgs.config.allowBroken = true;
+  # nixpkgs.config.allowBroken = true;
 
-  # This value determines the NixOS release with which your system is to be
+  system.stateVersion = "19.03";
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "19.03"; # Did you read the comment?
 }

hosts/ticker/default.nix

@@ -3,10 +3,9 @@
 {
   system.stateVersion = "22.05";
 
-  c3d2.hq.statistics.enable = true;
+  c3d2 = {
-  c3d2.deployment = {
+    deployment.server = "server10";
-    server = "server10";
+    hq.statistics.enable = true;
-    mounts = [ "etc" "var"];
   };
 
   networking = {

hosts/zengel/default.nix

@@ -3,10 +3,7 @@
 {
   networking.hostName = "zengel";
   microvm.mem = 1024;
-  c3d2.deployment = {
+  c3d2.deployment.server = "server10";
-    server = "server10";
-    mounts = [ "etc" "home" "var"];
-  };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 

modules/microvm.nix

@@ -56,7 +56,7 @@ in
     mounts = mkOption {
       description = "Persistent filesystems to create, without leading /.";
       type = with types; listOf str;
-      default = [ "etc" ];
+      default = [ "etc" "home" "var" ];
     };
 
     mountBase = mkOption {