diff --git a/config/hosts/forgejo/configuration.nix b/config/hosts/forgejo/configuration.nix deleted file mode 100644 index 66a5736..0000000 --- a/config/hosts/forgejo/configuration.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - boot.loader.grub = { - enable = true; - device = "/dev/vda"; - }; - - networking = { - hostName = "forgejo"; - firewall = { - allowedTCPPorts = [ 80 8443 ]; - }; - }; - - system.stateVersion = "23.11"; -} diff --git a/config/hosts/forgejo/forgejo.nix b/config/hosts/forgejo/forgejo.nix deleted file mode 100644 index d9f4a36..0000000 --- a/config/hosts/forgejo/forgejo.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ ... }: -{ - services.forgejo = { - enable = true; - database.type = "postgres"; - mailerPasswordFile = "/secrets/forgejo-mailer-password.secret"; - - settings = { - DEFAULT = { - APP_NAME = "Nekoverse Git"; - }; - server = { - DOMAIN = "git.nekover.se"; - PROTOCOL = "http"; - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = 3000; - ROOT_URL = "https://git.nekover.se/"; - # LOCAL_ROOT_URL is apparently what Forgejo uses to access itself. - # Doesn't need to be set. - }; - admin = { - DISABLE_REGULAR_ORG_CREATION = false; - }; - session = { - COOKIE_SECURE = true; - }; - "ui.meta" = { - AUTHOR = "Nekoverse Git"; - DESCRIPTION = "Git instance of the Nekoverse."; - KEYWORDS = "git,forge,forgejo,nekoverse"; - }; - service = { - ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - DEFAULT_USER_VISIBILITY = "limited"; - DEFAULT_KEEP_EMAIL_PRIVATE = true; - ENABLE_BASIC_AUTHENTICATION = false; - }; - repo = { - DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls"; - }; - actions = { - ENABLED = true; - ARTIFACT_RETENTION_DAYS = 30; - }; - mailer = { - ENABLED = true; - FROM = "nyareply@nekover.se"; - PROTOCOL = "smtps"; - SMTP_ADDR = "mail-1.grzb.de"; - SMTP_PORT = 465; - USER = "forgejo@nekover.se"; - }; - cache = { - ENABLED = true; - ADAPTER = "redis"; - HOST = "redis+socket:///run/redis-forgejo/redis.sock"; - }; - }; - }; -} diff --git a/config/hosts/forgejo/nginx.nix b/config/hosts/forgejo/nginx.nix deleted file mode 100644 index 6df90b1..0000000 --- a/config/hosts/forgejo/nginx.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, ... }: -{ - services.nginx = { - enable = true; - virtualHosts."git.nekover.se" = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "0.0.0.0"; - port = 80; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - extraParameters = [ "proxy_protocol" ]; - } - ]; - - locations."/" = { - proxyPass = "${config.services.forgejo.settings.server.PROTOCOL}://${config.services.forgejo.settings.server.HTTP_ADDR}:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}"; - }; - - # Disallow crawling archives to save disk space. - # See: https://forgejo.org/docs/latest/admin/search-engines-indexation/ - locations."/robots.txt" = { - return = "200 \"User-agent: *\\nDisallow: /*/*/archive/\\n\""; - }; - - extraConfig = '' - set_real_ip_from 10.202.41.100; - real_ip_header proxy_protocol; - ''; - }; - }; -} diff --git a/config/hosts/forgejo/redis.nix b/config/hosts/forgejo/redis.nix deleted file mode 100644 index f1533bc..0000000 --- a/config/hosts/forgejo/redis.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: -{ - services.redis.servers.forgejo = { - enable = true; - user = "forgejo"; - }; - - systemd.services.forgejo = { - after = [ "redis-forgejo.service" ]; - requires = [ "redis-forgejo.service" ]; - }; -} diff --git a/config/hosts/forgejo/secrets.nix b/config/hosts/forgejo/secrets.nix deleted file mode 100644 index 5c23295..0000000 --- a/config/hosts/forgejo/secrets.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ keyCommandEnv, ... }: -{ - deployment.keys = { - "forgejo-mailer-password.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ]; - destDir = "/secrets"; - user = "forgejo"; - group = "forgejo"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; - }; -} diff --git a/config/hosts/mail-1/secrets.nix b/config/hosts/mail-1/secrets.nix index 581461f..abf9863 100644 --- a/config/hosts/mail-1/secrets.nix +++ b/config/hosts/mail-1/secrets.nix @@ -89,13 +89,5 @@ permissions = "0640"; uploadAt = "pre-activation"; }; - "mail-forgejo-nekover-se.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ]; - destDir = "/secrets"; - user = "root"; - group = "root"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; }; } diff --git a/config/hosts/mail-1/simple-nixos-mailserver.nix b/config/hosts/mail-1/simple-nixos-mailserver.nix index a4b426a..61066e9 100644 --- a/config/hosts/mail-1/simple-nixos-mailserver.nix +++ b/config/hosts/mail-1/simple-nixos-mailserver.nix @@ -56,11 +56,6 @@ sendOnly = true; aliases = [ "nyareply@nekover.se" ]; }; - "forgejo@nekover.se" = { - hashedPasswordFile = "/secrets/mail-forgejo-nekover-se.secret"; - sendOnly = true; - aliases = [ "nyareply@nekover.se" ]; - }; }; certificateScheme = "acme-nginx"; }; diff --git a/config/hosts/mastodon/mastodon.nix b/config/hosts/mastodon/mastodon.nix index 9abd69d..79c0da0 100644 --- a/config/hosts/mastodon/mastodon.nix +++ b/config/hosts/mastodon/mastodon.nix @@ -2,24 +2,25 @@ let mastodonNekoversePatches = pkgs.fetchgit { url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git"; - hash = "sha256-Fcbuj5BGkQd3X/gViqqB+NRIvjUlUED32tNEJrzYh5o="; + hash = "sha256-2ZTwgcApKrXnO6isJFZk2oLaFB8hm1OAlPxftxXL25g="; }; mastodonNekoverseOverlay = final: prev: { mastodon = (prev.mastodon.override rec { - version = "4.2.10"; + version = "4.2.3"; srcOverride = final.applyPatches { src = final.fetchgit { url = "https://github.com/mastodon/mastodon.git"; rev = "v${version}"; - sha256 = "sha256-z3veI0CpZk6mBgygqXk8SN/5WWjy5VkKLxC7nOLnyZE="; + sha256 = "sha256-e8O4kxsrHf+wEtl4S57xIL1VEvhUSjyCbmz4r9p8Zhw="; }; patches = [ "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch" "${mastodonNekoversePatches}/patches/002_disable_image_reprocessing.patch" "${mastodonNekoversePatches}/patches/003_make_toot_cute.patch" "${mastodonNekoversePatches}/patches/005_improve_custom_emoji_support.patch" - "${mastodonNekoversePatches}/patches/006_increase_profile_limits.patch" + "${mastodonNekoversePatches}/patches/006_increase_display_name_character_limit.patch" "${mastodonNekoversePatches}/patches/007_increase_toot_character_limit.patch" + "${mastodonNekoversePatches}/patches/008_increase_profile_metadata_limit.patch" ]; }; yarnHash = "sha256-qoLesubmSvRsXhKwMEWHHXcpcqRszqcdZgHQqnTpNPE="; diff --git a/config/hosts/matrix/matrix-synapse.nix b/config/hosts/matrix/matrix-synapse.nix index e719484..6527503 100644 --- a/config/hosts/matrix/matrix-synapse.nix +++ b/config/hosts/matrix/matrix-synapse.nix @@ -47,6 +47,13 @@ turn_user_lifetime = 86400000; turn_allow_guests = true; }; + sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl; + }; + environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret"; + }; extras = [ "oidc" ]; extraConfigFiles = [ "/secrets/matrix-registration-shared-secret.secret" @@ -55,12 +62,4 @@ "/secrets/matrix-keycloak-client-secret.secret" ]; }; - - services.matrix-sliding-sync = { - enable = true; - settings = { - SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl; - }; - environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret"; - }; } diff --git a/config/hosts/nextcloud/nextcloud.nix b/config/hosts/nextcloud/nextcloud.nix index 0b1f3a2..839d15d 100644 --- a/config/hosts/nextcloud/nextcloud.nix +++ b/config/hosts/nextcloud/nextcloud.nix @@ -2,12 +2,13 @@ { services.nextcloud = { enable = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud28; hostName = "cloud.nekover.se"; https = true; config = { dbtype = "pgsql"; adminpassFile = "/secrets/nextcloud-adminpass.secret"; + defaultPhoneRegion = "DE"; }; database.createLocally = true; configureRedis = true; @@ -16,7 +17,7 @@ inherit bookmarks contacts calendar tasks twofactor_webauthn user_oidc; }; maxUploadSize = "16G"; - settings = { + extraOptions = { mail_smtpmode = "smtp"; mail_sendmailmode = "smtp"; mail_smtpsecure = "ssl"; @@ -27,7 +28,6 @@ mail_smtphost = "mail-1.grzb.de"; mail_smtpport = 465; mail_smtpname = "cloud@nekover.se"; - default_phone_region = "DE"; }; # Only contains mail_smtppassword secretFile = "/secrets/nextcloud-secretfile.secret"; diff --git a/config/hosts/torrent/jackett.nix b/config/hosts/torrent/jackett.nix index 6aa6e5e..1b8707e 100644 --- a/config/hosts/torrent/jackett.nix +++ b/config/hosts/torrent/jackett.nix @@ -1,8 +1,6 @@ -{ nixpkgs-unstable, ... }: +{ ... }: { services.jackett = { enable = true; - # use package from unstable to work around faulty test in older jackett version - package = nixpkgs-unstable.legacyPackages."x86_64-linux".jackett; }; } diff --git a/config/hosts/unifi-controller/configuration.nix b/config/hosts/unifi-controller/configuration.nix new file mode 100644 index 0000000..565cdf7 --- /dev/null +++ b/config/hosts/unifi-controller/configuration.nix @@ -0,0 +1,23 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "unifi-controller"; + firewall = { + allowedTCPPorts = [ 53 8080 8443 8880 8843 6789 27117 ]; + allowedUDPPorts = [ 53 3478 5514 10001 1900 123 ]; + allowedUDPPortRanges = [ + { + from = 5656; + to = 5699; + } + ]; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/config/hosts/forgejo/default.nix b/config/hosts/unifi-controller/default.nix similarity index 52% rename from config/hosts/forgejo/default.nix rename to config/hosts/unifi-controller/default.nix index d71bcad..f66e094 100644 --- a/config/hosts/forgejo/default.nix +++ b/config/hosts/unifi-controller/default.nix @@ -2,8 +2,6 @@ { imports = [ ./configuration.nix - ./forgejo.nix - ./redis.nix - ./nginx.nix + ./unifi.nix ]; } diff --git a/config/hosts/unifi-controller/unifi.nix b/config/hosts/unifi-controller/unifi.nix new file mode 100644 index 0000000..75a7094 --- /dev/null +++ b/config/hosts/unifi-controller/unifi.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, ... }: +{ + services.unifi = { + enable = true; + unifiPackage = pkgs.unifi; + }; + + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "unifi-controller" + "mongodb" + ]; +} diff --git a/config/hosts/valkyrie/services.nix b/config/hosts/valkyrie/services.nix index dc0fa6d..5af708c 100644 --- a/config/hosts/valkyrie/services.nix +++ b/config/hosts/valkyrie/services.nix @@ -3,7 +3,7 @@ let wireguard-nat-nftables = import ../../../pkgs/wireguard-nat-nftables pkgs; config = pkgs.writeText "wireguard-nat-nftables-config" (builtins.toJSON { interface = "ens3"; - interface_address = "172.16.4.239"; + interface_address = "172.16.4.180"; wg_interface = "wg0"; pubkey_port_mapping = { # okayu diff --git a/config/hosts/web-public-2/nginx.nix b/config/hosts/web-public-2/nginx.nix index 8debb31..dead4b7 100644 --- a/config/hosts/web-public-2/nginx.nix +++ b/config/hosts/web-public-2/nginx.nix @@ -22,7 +22,6 @@ element.nekover.se 127.0.0.1:8443; gameserver.grzb.de 127.0.0.1:8443; git.grzb.de 127.0.0.1:8443; - git.nekover.se 10.202.41.106:8443; hydra.nekover.se 10.202.41.121:8443; id.nekover.se 10.202.41.124:8443; matrix.nekover.se 10.202.41.112:8443; diff --git a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix index 558aa95..d910998 100644 --- a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix +++ b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix @@ -5,7 +5,6 @@ let "mail-1.grzb.de" = "mail-1.vs.grzb.de"; "matrix.nekover.se" = "matrix.vs.grzb.de"; "netbox.grzb.de" = "netbox.vs.grzb.de"; - "git.nekover.se" = "forgejo.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de"; "jackett.grzb.de" = "torrent.vs.grzb.de"; "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de"; diff --git a/config/hosts/web-public-2/virtualHosts/element-web-config/config.json b/config/hosts/web-public-2/virtualHosts/element-web-config/config.json index 1da5a3e..9877940 100644 --- a/config/hosts/web-public-2/virtualHosts/element-web-config/config.json +++ b/config/hosts/web-public-2/virtualHosts/element-web-config/config.json @@ -27,10 +27,7 @@ "default_country_code": "DE", "show_labs_settings": true, "features": { - "feature_dehydration": true, - "feature_video_rooms": true, - "feature_element_call_video_rooms": true, - "feature_group_calls": true + "feature_dehydration": true }, "default_federate": true, "default_theme": "dark", @@ -50,4 +47,4 @@ "jitsi": { "preferredDomain": "meet.element.io" } -} \ No newline at end of file +} diff --git a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix index 8fe843c..12a2abb 100644 --- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix @@ -1,9 +1,9 @@ { pkgs, ... }: let - elementWebVersion = "1.11.72"; + elementWebVersion = "1.11.53"; element-web = pkgs.fetchzip { url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz"; - sha256 = "sha256-3pa4OVHBWZvHLsnE2JK5+sVpOXBKO5yJSQJNJokdF98="; + sha256 = "sha256-asgx8g9xswBxdQCVnwaeQ2ycqNlfQzBiKc3Uk9GEWCM="; }; elementWebSecurityHeaders = '' # Configuration best practices diff --git a/flake.lock b/flake.lock index a6fd892..818a43f 100644 --- a/flake.lock +++ b/flake.lock @@ -19,11 +19,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -34,11 +34,11 @@ }, "nixlib": { "locked": { - "lastModified": 1722128034, - "narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=", + "lastModified": 1693701915, + "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "d15f6f6021693898fcd2c6a9bb13707383da9bbc", + "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", "type": "github" }, "original": { @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1722214420, - "narHash": "sha256-qfHC1p5hcErGcE672/KhBkyWYloekQpqIxtcbcUVYkA=", + "lastModified": 1705400161, + "narHash": "sha256-0MFaNIwwpVWB1N9m7cfHAM2pSVtYESQ7tlHxnDTOhM4=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "75cbb2a5e19c18840d105a72d036c6c92fc46c5d", + "rev": "521fb4cdd8a2e1a00d1adf0fea7135d1faf04234", "type": "github" }, "original": { @@ -70,58 +70,88 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722621932, - "narHash": "sha256-Uz5xeHsH7+qZVncZwfzGd+CTjxd0mwaP7Q/pbs7OB5c=", + "lastModified": 1705781397, + "narHash": "sha256-pOlDs1paCIAhr84QjFG72iv4iBsr0pIQyItxRHJhevE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "15ed5d4537fd46399513bb040bf98415c825281b", + "rev": "c5b6c179f7b7adce1ee234df23e5cb9f1a78f87b", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05-small", + "ref": "nixos-23.11-small", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-24_05": { + "nixpkgs-22_11": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.05", + "ref": "nixos-22.11", "type": "indirect" } }, - "nixpkgs-master": { + "nixpkgs-23-05": { "locked": { - "lastModified": 1722719323, - "narHash": "sha256-1O9VQB7WD1NKBz9maYGJAU0EqoajEYQSiSlrjdKWz8s=", + "lastModified": 1705033721, + "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7f9ed2e65a92f1496daa9ab73539a9d02c2454b3", + "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea", "type": "github" }, "original": { "owner": "NixOS", - "ref": "master", + "ref": "nixos-23.05-small", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-unstable": { + "nixpkgs-23_05": { "locked": { - "lastModified": 1722685361, - "narHash": "sha256-6Zn2SVJYffCtenHEHsb2PmzQsX5+cRsforNJZmlK630=", + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6602aa2586f35fc8c6c46246a1dcac6940ca3f0f", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-23_11": { + "locked": { + "lastModified": 1705774713, + "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.11", + "type": "indirect" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1705847418, + "narHash": "sha256-I0EzjhMl5D/PI54DYhL/9iXmFmNb75M7PJ8/yrU5Z1A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7da66b359bcffc532b67035b54b49c25b0c0480c", "type": "github" }, "original": { @@ -133,11 +163,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1670751203, + "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", "type": "github" }, "original": { @@ -150,7 +180,7 @@ "inputs": { "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", - "nixpkgs-master": "nixpkgs-master", + "nixpkgs-23-05": "nixpkgs-23-05", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } @@ -160,49 +190,33 @@ "blobs": "blobs", "flake-compat": "flake-compat", "nixpkgs": "nixpkgs_2", - "nixpkgs-24_05": "nixpkgs-24_05", + "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": "nixpkgs-23_11", "utils": "utils" }, "locked": { - "lastModified": 1718084203, - "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", + "lastModified": 1703023684, + "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", + "rev": "4bfb8eb058f098302c97b909df2d019926e11220", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-24.05", + "ref": "nixos-23.11", "repo": "nixos-mailserver", "type": "gitlab" } }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { - "inputs": { - "systems": "systems" - }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5cf2232..585b96e 100644 --- a/flake.nix +++ b/flake.nix @@ -1,16 +1,16 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; - nixpkgs-master.url = "github:NixOS/nixpkgs/master"; + nixpkgs-23-05.url = "github:NixOS/nixpkgs/nixos-23.05-small"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-23-05, nixos-generators, simple-nixos-mailserver, ... }@inputs: let hosts = import ./hosts.nix inputs; helper = import ./helper.nix inputs; @@ -28,7 +28,7 @@ nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts; specialArgs = { - inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; + inherit nixpkgs-unstable hosts simple-nixos-mailserver; # Provide environment for secret key command keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ]; @@ -38,7 +38,7 @@ hydraJobs = { nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host { - inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; + inherit nixpkgs-unstable hosts simple-nixos-mailserver; }) hosts; }; diff --git a/hosts.nix b/hosts.nix index 5de4e6f..dd86f1c 100644 --- a/hosts.nix +++ b/hosts.nix @@ -1,4 +1,4 @@ -{ nixpkgs, nixpkgs-unstable, ... }: +{ nixpkgs, nixpkgs-unstable, nixpkgs-23-05, ... }: let # Set of environment specific modules environments = { @@ -45,10 +45,6 @@ in site = "vs"; environment = "proxmox"; }; - forgejo = { - site = "vs"; - environment = "proxmox"; - }; keycloak = { site = "vs"; environment = "proxmox"; @@ -114,7 +110,12 @@ in site = "vs"; environment = "proxmox"; }; + unifi-controller = { + site = "wg"; + environment = "proxmox"; + }; valkyrie = { + hostNixpkgs = nixpkgs-23-05; site = "af"; environment = "openstack"; }; diff --git a/pkgs/wireguard-nat-nftables/default.nix b/pkgs/wireguard-nat-nftables/default.nix index 3ce972e..e687cee 100644 --- a/pkgs/wireguard-nat-nftables/default.nix +++ b/pkgs/wireguard-nat-nftables/default.nix @@ -1,11 +1,17 @@ { pkgs, ... }: -pkgs.python3Packages.buildPythonApplication { +let + nftablesWithPythonOverlay = final: prev: { + nftables = (prev.nftables.override { withPython = true; }); + }; + pkgs-overlay = pkgs.extend nftablesWithPythonOverlay; +in +pkgs-overlay.python310Packages.buildPythonApplication { pname = "wireguard-nat-nftables"; version = "0.0.1"; - propagatedBuildInputs = with pkgs; [ + propagatedBuildInputs = with pkgs-overlay; [ wireguard-tools - python3Packages.nftables + python310Packages.nftables ]; src = ./src;