diff --git a/config/hosts/forgejo/configuration.nix b/config/hosts/forgejo/configuration.nix new file mode 100644 index 0000000..66a5736 --- /dev/null +++ b/config/hosts/forgejo/configuration.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "forgejo"; + firewall = { + allowedTCPPorts = [ 80 8443 ]; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/config/hosts/unifi-controller/default.nix b/config/hosts/forgejo/default.nix similarity index 52% rename from config/hosts/unifi-controller/default.nix rename to config/hosts/forgejo/default.nix index f66e094..d71bcad 100644 --- a/config/hosts/unifi-controller/default.nix +++ b/config/hosts/forgejo/default.nix @@ -2,6 +2,8 @@ { imports = [ ./configuration.nix - ./unifi.nix + ./forgejo.nix + ./redis.nix + ./nginx.nix ]; } diff --git a/config/hosts/forgejo/forgejo.nix b/config/hosts/forgejo/forgejo.nix new file mode 100644 index 0000000..d9f4a36 --- /dev/null +++ b/config/hosts/forgejo/forgejo.nix @@ -0,0 +1,60 @@ +{ ... }: +{ + services.forgejo = { + enable = true; + database.type = "postgres"; + mailerPasswordFile = "/secrets/forgejo-mailer-password.secret"; + + settings = { + DEFAULT = { + APP_NAME = "Nekoverse Git"; + }; + server = { + DOMAIN = "git.nekover.se"; + PROTOCOL = "http"; + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = 3000; + ROOT_URL = "https://git.nekover.se/"; + # LOCAL_ROOT_URL is apparently what Forgejo uses to access itself. + # Doesn't need to be set. + }; + admin = { + DISABLE_REGULAR_ORG_CREATION = false; + }; + session = { + COOKIE_SECURE = true; + }; + "ui.meta" = { + AUTHOR = "Nekoverse Git"; + DESCRIPTION = "Git instance of the Nekoverse."; + KEYWORDS = "git,forge,forgejo,nekoverse"; + }; + service = { + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + DEFAULT_USER_VISIBILITY = "limited"; + DEFAULT_KEEP_EMAIL_PRIVATE = true; + ENABLE_BASIC_AUTHENTICATION = false; + }; + repo = { + DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls"; + }; + actions = { + ENABLED = true; + ARTIFACT_RETENTION_DAYS = 30; + }; + mailer = { + ENABLED = true; + FROM = "nyareply@nekover.se"; + PROTOCOL = "smtps"; + SMTP_ADDR = "mail-1.grzb.de"; + SMTP_PORT = 465; + USER = "forgejo@nekover.se"; + }; + cache = { + ENABLED = true; + ADAPTER = "redis"; + HOST = "redis+socket:///run/redis-forgejo/redis.sock"; + }; + }; + }; +} diff --git a/config/hosts/forgejo/nginx.nix b/config/hosts/forgejo/nginx.nix new file mode 100644 index 0000000..6df90b1 --- /dev/null +++ b/config/hosts/forgejo/nginx.nix @@ -0,0 +1,37 @@ +{ config, ... }: +{ + services.nginx = { + enable = true; + virtualHosts."git.nekover.se" = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + extraParameters = [ "proxy_protocol" ]; + } + ]; + + locations."/" = { + proxyPass = "${config.services.forgejo.settings.server.PROTOCOL}://${config.services.forgejo.settings.server.HTTP_ADDR}:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}"; + }; + + # Disallow crawling archives to save disk space. + # See: https://forgejo.org/docs/latest/admin/search-engines-indexation/ + locations."/robots.txt" = { + return = "200 \"User-agent: *\\nDisallow: /*/*/archive/\\n\""; + }; + + extraConfig = '' + set_real_ip_from 10.202.41.100; + real_ip_header proxy_protocol; + ''; + }; + }; +} diff --git a/config/hosts/forgejo/redis.nix b/config/hosts/forgejo/redis.nix new file mode 100644 index 0000000..f1533bc --- /dev/null +++ b/config/hosts/forgejo/redis.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + services.redis.servers.forgejo = { + enable = true; + user = "forgejo"; + }; + + systemd.services.forgejo = { + after = [ "redis-forgejo.service" ]; + requires = [ "redis-forgejo.service" ]; + }; +} diff --git a/config/hosts/forgejo/secrets.nix b/config/hosts/forgejo/secrets.nix new file mode 100644 index 0000000..5c23295 --- /dev/null +++ b/config/hosts/forgejo/secrets.nix @@ -0,0 +1,13 @@ +{ keyCommandEnv, ... }: +{ + deployment.keys = { + "forgejo-mailer-password.secret" = { + keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ]; + destDir = "/secrets"; + user = "forgejo"; + group = "forgejo"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; + }; +} diff --git a/config/hosts/mail-1/secrets.nix b/config/hosts/mail-1/secrets.nix index abf9863..581461f 100644 --- a/config/hosts/mail-1/secrets.nix +++ b/config/hosts/mail-1/secrets.nix @@ -89,5 +89,13 @@ permissions = "0640"; uploadAt = "pre-activation"; }; + "mail-forgejo-nekover-se.secret" = { + keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ]; + destDir = "/secrets"; + user = "root"; + group = "root"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; }; } diff --git a/config/hosts/mail-1/simple-nixos-mailserver.nix b/config/hosts/mail-1/simple-nixos-mailserver.nix index 61066e9..a4b426a 100644 --- a/config/hosts/mail-1/simple-nixos-mailserver.nix +++ b/config/hosts/mail-1/simple-nixos-mailserver.nix @@ -56,6 +56,11 @@ sendOnly = true; aliases = [ "nyareply@nekover.se" ]; }; + "forgejo@nekover.se" = { + hashedPasswordFile = "/secrets/mail-forgejo-nekover-se.secret"; + sendOnly = true; + aliases = [ "nyareply@nekover.se" ]; + }; }; certificateScheme = "acme-nginx"; }; diff --git a/config/hosts/mastodon/mastodon.nix b/config/hosts/mastodon/mastodon.nix index 79c0da0..9abd69d 100644 --- a/config/hosts/mastodon/mastodon.nix +++ b/config/hosts/mastodon/mastodon.nix @@ -2,25 +2,24 @@ let mastodonNekoversePatches = pkgs.fetchgit { url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git"; - hash = "sha256-2ZTwgcApKrXnO6isJFZk2oLaFB8hm1OAlPxftxXL25g="; + hash = "sha256-Fcbuj5BGkQd3X/gViqqB+NRIvjUlUED32tNEJrzYh5o="; }; mastodonNekoverseOverlay = final: prev: { mastodon = (prev.mastodon.override rec { - version = "4.2.3"; + version = "4.2.10"; srcOverride = final.applyPatches { src = final.fetchgit { url = "https://github.com/mastodon/mastodon.git"; rev = "v${version}"; - sha256 = "sha256-e8O4kxsrHf+wEtl4S57xIL1VEvhUSjyCbmz4r9p8Zhw="; + sha256 = "sha256-z3veI0CpZk6mBgygqXk8SN/5WWjy5VkKLxC7nOLnyZE="; }; patches = [ "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch" "${mastodonNekoversePatches}/patches/002_disable_image_reprocessing.patch" "${mastodonNekoversePatches}/patches/003_make_toot_cute.patch" "${mastodonNekoversePatches}/patches/005_improve_custom_emoji_support.patch" - "${mastodonNekoversePatches}/patches/006_increase_display_name_character_limit.patch" + "${mastodonNekoversePatches}/patches/006_increase_profile_limits.patch" "${mastodonNekoversePatches}/patches/007_increase_toot_character_limit.patch" - "${mastodonNekoversePatches}/patches/008_increase_profile_metadata_limit.patch" ]; }; yarnHash = "sha256-qoLesubmSvRsXhKwMEWHHXcpcqRszqcdZgHQqnTpNPE="; diff --git a/config/hosts/matrix/matrix-synapse.nix b/config/hosts/matrix/matrix-synapse.nix index 6527503..e719484 100644 --- a/config/hosts/matrix/matrix-synapse.nix +++ b/config/hosts/matrix/matrix-synapse.nix @@ -47,13 +47,6 @@ turn_user_lifetime = 86400000; turn_allow_guests = true; }; - sliding-sync = { - enable = true; - settings = { - SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl; - }; - environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret"; - }; extras = [ "oidc" ]; extraConfigFiles = [ "/secrets/matrix-registration-shared-secret.secret" @@ -62,4 +55,12 @@ "/secrets/matrix-keycloak-client-secret.secret" ]; }; + + services.matrix-sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl; + }; + environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret"; + }; } diff --git a/config/hosts/nextcloud/nextcloud.nix b/config/hosts/nextcloud/nextcloud.nix index 839d15d..0b1f3a2 100644 --- a/config/hosts/nextcloud/nextcloud.nix +++ b/config/hosts/nextcloud/nextcloud.nix @@ -2,13 +2,12 @@ { services.nextcloud = { enable = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud29; hostName = "cloud.nekover.se"; https = true; config = { dbtype = "pgsql"; adminpassFile = "/secrets/nextcloud-adminpass.secret"; - defaultPhoneRegion = "DE"; }; database.createLocally = true; configureRedis = true; @@ -17,7 +16,7 @@ inherit bookmarks contacts calendar tasks twofactor_webauthn user_oidc; }; maxUploadSize = "16G"; - extraOptions = { + settings = { mail_smtpmode = "smtp"; mail_sendmailmode = "smtp"; mail_smtpsecure = "ssl"; @@ -28,6 +27,7 @@ mail_smtphost = "mail-1.grzb.de"; mail_smtpport = 465; mail_smtpname = "cloud@nekover.se"; + default_phone_region = "DE"; }; # Only contains mail_smtppassword secretFile = "/secrets/nextcloud-secretfile.secret"; diff --git a/config/hosts/torrent/jackett.nix b/config/hosts/torrent/jackett.nix index 1b8707e..6aa6e5e 100644 --- a/config/hosts/torrent/jackett.nix +++ b/config/hosts/torrent/jackett.nix @@ -1,6 +1,8 @@ -{ ... }: +{ nixpkgs-unstable, ... }: { services.jackett = { enable = true; + # use package from unstable to work around faulty test in older jackett version + package = nixpkgs-unstable.legacyPackages."x86_64-linux".jackett; }; } diff --git a/config/hosts/unifi-controller/configuration.nix b/config/hosts/unifi-controller/configuration.nix deleted file mode 100644 index 565cdf7..0000000 --- a/config/hosts/unifi-controller/configuration.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: -{ - boot.loader.grub = { - enable = true; - device = "/dev/vda"; - }; - - networking = { - hostName = "unifi-controller"; - firewall = { - allowedTCPPorts = [ 53 8080 8443 8880 8843 6789 27117 ]; - allowedUDPPorts = [ 53 3478 5514 10001 1900 123 ]; - allowedUDPPortRanges = [ - { - from = 5656; - to = 5699; - } - ]; - }; - }; - - system.stateVersion = "23.11"; -} diff --git a/config/hosts/unifi-controller/unifi.nix b/config/hosts/unifi-controller/unifi.nix deleted file mode 100644 index 75a7094..0000000 --- a/config/hosts/unifi-controller/unifi.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, lib, ... }: -{ - services.unifi = { - enable = true; - unifiPackage = pkgs.unifi; - }; - - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "unifi-controller" - "mongodb" - ]; -} diff --git a/config/hosts/valkyrie/services.nix b/config/hosts/valkyrie/services.nix index 5af708c..dc0fa6d 100644 --- a/config/hosts/valkyrie/services.nix +++ b/config/hosts/valkyrie/services.nix @@ -3,7 +3,7 @@ let wireguard-nat-nftables = import ../../../pkgs/wireguard-nat-nftables pkgs; config = pkgs.writeText "wireguard-nat-nftables-config" (builtins.toJSON { interface = "ens3"; - interface_address = "172.16.4.180"; + interface_address = "172.16.4.239"; wg_interface = "wg0"; pubkey_port_mapping = { # okayu diff --git a/config/hosts/web-public-2/nginx.nix b/config/hosts/web-public-2/nginx.nix index dead4b7..8debb31 100644 --- a/config/hosts/web-public-2/nginx.nix +++ b/config/hosts/web-public-2/nginx.nix @@ -22,6 +22,7 @@ element.nekover.se 127.0.0.1:8443; gameserver.grzb.de 127.0.0.1:8443; git.grzb.de 127.0.0.1:8443; + git.nekover.se 10.202.41.106:8443; hydra.nekover.se 10.202.41.121:8443; id.nekover.se 10.202.41.124:8443; matrix.nekover.se 10.202.41.112:8443; diff --git a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix index d910998..558aa95 100644 --- a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix +++ b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix @@ -5,6 +5,7 @@ let "mail-1.grzb.de" = "mail-1.vs.grzb.de"; "matrix.nekover.se" = "matrix.vs.grzb.de"; "netbox.grzb.de" = "netbox.vs.grzb.de"; + "git.nekover.se" = "forgejo.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de"; "jackett.grzb.de" = "torrent.vs.grzb.de"; "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de"; diff --git a/config/hosts/web-public-2/virtualHosts/element-web-config/config.json b/config/hosts/web-public-2/virtualHosts/element-web-config/config.json index 9877940..1da5a3e 100644 --- a/config/hosts/web-public-2/virtualHosts/element-web-config/config.json +++ b/config/hosts/web-public-2/virtualHosts/element-web-config/config.json @@ -27,7 +27,10 @@ "default_country_code": "DE", "show_labs_settings": true, "features": { - "feature_dehydration": true + "feature_dehydration": true, + "feature_video_rooms": true, + "feature_element_call_video_rooms": true, + "feature_group_calls": true }, "default_federate": true, "default_theme": "dark", @@ -47,4 +50,4 @@ "jitsi": { "preferredDomain": "meet.element.io" } -} +} \ No newline at end of file diff --git a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix index 12a2abb..8fe843c 100644 --- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix @@ -1,9 +1,9 @@ { pkgs, ... }: let - elementWebVersion = "1.11.53"; + elementWebVersion = "1.11.72"; element-web = pkgs.fetchzip { url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz"; - sha256 = "sha256-asgx8g9xswBxdQCVnwaeQ2ycqNlfQzBiKc3Uk9GEWCM="; + sha256 = "sha256-3pa4OVHBWZvHLsnE2JK5+sVpOXBKO5yJSQJNJokdF98="; }; elementWebSecurityHeaders = '' # Configuration best practices diff --git a/flake.lock b/flake.lock index 818a43f..a6fd892 100644 --- a/flake.lock +++ b/flake.lock @@ -19,11 +19,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -34,11 +34,11 @@ }, "nixlib": { "locked": { - "lastModified": 1693701915, - "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", + "lastModified": 1722128034, + "narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", + "rev": "d15f6f6021693898fcd2c6a9bb13707383da9bbc", "type": "github" }, "original": { @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1705400161, - "narHash": "sha256-0MFaNIwwpVWB1N9m7cfHAM2pSVtYESQ7tlHxnDTOhM4=", + "lastModified": 1722214420, + "narHash": "sha256-qfHC1p5hcErGcE672/KhBkyWYloekQpqIxtcbcUVYkA=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "521fb4cdd8a2e1a00d1adf0fea7135d1faf04234", + "rev": "75cbb2a5e19c18840d105a72d036c6c92fc46c5d", "type": "github" }, "original": { @@ -70,88 +70,58 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705781397, - "narHash": "sha256-pOlDs1paCIAhr84QjFG72iv4iBsr0pIQyItxRHJhevE=", + "lastModified": 1722621932, + "narHash": "sha256-Uz5xeHsH7+qZVncZwfzGd+CTjxd0mwaP7Q/pbs7OB5c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5b6c179f7b7adce1ee234df23e5cb9f1a78f87b", + "rev": "15ed5d4537fd46399513bb040bf98415c825281b", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11-small", + "ref": "nixos-24.05-small", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-22_11": { + "nixpkgs-24_05": { "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.11", + "ref": "nixos-24.05", "type": "indirect" } }, - "nixpkgs-23-05": { + "nixpkgs-master": { "locked": { - "lastModified": 1705033721, - "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=", + "lastModified": 1722719323, + "narHash": "sha256-1O9VQB7WD1NKBz9maYGJAU0EqoajEYQSiSlrjdKWz8s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea", + "rev": "7f9ed2e65a92f1496daa9ab73539a9d02c2454b3", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05-small", + "ref": "master", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "nixpkgs-23_11": { - "locked": { - "lastModified": 1705774713, - "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.11", - "type": "indirect" - } - }, "nixpkgs-unstable": { "locked": { - "lastModified": 1705847418, - "narHash": "sha256-I0EzjhMl5D/PI54DYhL/9iXmFmNb75M7PJ8/yrU5Z1A=", + "lastModified": 1722685361, + "narHash": "sha256-6Zn2SVJYffCtenHEHsb2PmzQsX5+cRsforNJZmlK630=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7da66b359bcffc532b67035b54b49c25b0c0480c", + "rev": "6602aa2586f35fc8c6c46246a1dcac6940ca3f0f", "type": "github" }, "original": { @@ -163,11 +133,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1670751203, - "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -180,7 +150,7 @@ "inputs": { "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", - "nixpkgs-23-05": "nixpkgs-23-05", + "nixpkgs-master": "nixpkgs-master", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } @@ -190,33 +160,49 @@ "blobs": "blobs", "flake-compat": "flake-compat", "nixpkgs": "nixpkgs_2", - "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": "nixpkgs-23_05", - "nixpkgs-23_11": "nixpkgs-23_11", + "nixpkgs-24_05": "nixpkgs-24_05", "utils": "utils" }, "locked": { - "lastModified": 1703023684, - "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=", + "lastModified": 1718084203, + "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "4bfb8eb058f098302c97b909df2d019926e11220", + "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixos-mailserver", "type": "gitlab" } }, - "utils": { + "systems": { "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 585b96e..5cf2232 100644 --- a/flake.nix +++ b/flake.nix @@ -1,16 +1,16 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; - nixpkgs-23-05.url = "github:NixOS/nixpkgs/nixos-23.05-small"; + nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-23-05, nixos-generators, simple-nixos-mailserver, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, ... }@inputs: let hosts = import ./hosts.nix inputs; helper = import ./helper.nix inputs; @@ -28,7 +28,7 @@ nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts; specialArgs = { - inherit nixpkgs-unstable hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; # Provide environment for secret key command keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ]; @@ -38,7 +38,7 @@ hydraJobs = { nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host { - inherit nixpkgs-unstable hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; }) hosts; }; diff --git a/hosts.nix b/hosts.nix index dd86f1c..5de4e6f 100644 --- a/hosts.nix +++ b/hosts.nix @@ -1,4 +1,4 @@ -{ nixpkgs, nixpkgs-unstable, nixpkgs-23-05, ... }: +{ nixpkgs, nixpkgs-unstable, ... }: let # Set of environment specific modules environments = { @@ -45,6 +45,10 @@ in site = "vs"; environment = "proxmox"; }; + forgejo = { + site = "vs"; + environment = "proxmox"; + }; keycloak = { site = "vs"; environment = "proxmox"; @@ -110,12 +114,7 @@ in site = "vs"; environment = "proxmox"; }; - unifi-controller = { - site = "wg"; - environment = "proxmox"; - }; valkyrie = { - hostNixpkgs = nixpkgs-23-05; site = "af"; environment = "openstack"; }; diff --git a/pkgs/wireguard-nat-nftables/default.nix b/pkgs/wireguard-nat-nftables/default.nix index e687cee..3ce972e 100644 --- a/pkgs/wireguard-nat-nftables/default.nix +++ b/pkgs/wireguard-nat-nftables/default.nix @@ -1,17 +1,11 @@ { pkgs, ... }: -let - nftablesWithPythonOverlay = final: prev: { - nftables = (prev.nftables.override { withPython = true; }); - }; - pkgs-overlay = pkgs.extend nftablesWithPythonOverlay; -in -pkgs-overlay.python310Packages.buildPythonApplication { +pkgs.python3Packages.buildPythonApplication { pname = "wireguard-nat-nftables"; version = "0.0.1"; - propagatedBuildInputs = with pkgs-overlay; [ + propagatedBuildInputs = with pkgs; [ wireguard-tools - python310Packages.nftables + python3Packages.nftables ]; src = ./src;