fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: fi:main
Branches Tags
fi:main
fi:ikiwiki
fi:mas
..
compare: fi:ikiwiki
Branches Tags
fi:main
fi:ikiwiki
fi:mas

1 commit
main ... ikiwiki

Author SHA1 Message Date
fi b54be988cc Setup ikiwiki host 2024-11-21 05:19:26 +01:00
26 changed files with 146 additions and 282 deletions
Show stats Expand all files Collapse all files

2
config/hosts/forgejo/forgejo.nix
View file

@ -3,6 +3,7 @@
services.forgejo = {
enable = true;
database.type = "postgres";
mailerPasswordFile = "/secrets/forgejo-mailer-password.secret";
settings = {
DEFAULT = {
@ -59,6 +60,5 @@
HOST = "redis+socket:///run/redis-forgejo/redis.sock";
};
};
secrets.mailer.PASSWD = "/secrets/forgejo-mailer-password.secret";
};
}

22
config/hosts/ikiwiki/ikiwiki.nix
View file

@ -133,4 +133,26 @@ in
"multi-user.target"
];
};
systemd.services.ikiwiki-auth-setup = {
description = "Setup auth subdirectory for ikiwiki.cgi";
script = ''
mkdir -p ${ikiwikiSettings.destdir}/auth
if [ ! -f ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi ]; then
ln -s ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi
fi
'';
serviceConfig = {
Type = "simple";
User = config.users.users.ikiwiki.name;
Group = config.users.users.ikiwiki.group;
Requires = [ "ikiwiki-settings-setup.service" ];
};
wantedBy = [
"multi-user.target"
];
};
}

8
config/hosts/keycloak/keycloak.nix
View file

@ -3,10 +3,10 @@
services.keycloak = {
enable = true;
settings = {
hostname = "https://id.nekover.se";
hostname-admin = "https://keycloak-admin.nekover.se";
proxy-headers = "xforwarded";
http-enabled = true;
hostname = "id.nekover.se";
hostname-admin = "keycloak-admin.nekover.se";
hostname-strict-backchannel = true;
proxy = "edge";
http-host = "127.0.0.1";
http-port = 8080;
};

14
config/hosts/keycloak/nginx.nix
View file

@ -41,13 +41,6 @@
proxy_buffer_size 128k;
proxy_buffers 8 128k;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
# Hide the X-Forwarded header.
proxy_hide_header X-Forwarded;
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
@ -103,13 +96,6 @@
proxy_buffer_size 128k;
proxy_buffers 8 128k;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
# Hide the X-Forwarded header.
proxy_hide_header X-Forwarded;
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that

36
config/hosts/mail-1/configuration.nix
View file

@ -15,20 +15,28 @@
];
routes = [
{
Gateway = "10.202.41.1";
Destination = "10.201.0.0/16";
routeConfig = {
Gateway = "10.202.41.1";
Destination = "10.201.0.0/16";
};
}
{
Gateway = "10.202.41.1";
Destination = "10.202.0.0/16";
routeConfig = {
Gateway = "10.202.41.1";
Destination = "10.202.0.0/16";
};
}
{
Gateway = "10.202.41.1";
Destination = "172.21.87.0/24";
routeConfig = {
Gateway = "10.202.41.1";
Destination = "172.21.87.0/24";
};
}
{
Gateway = "10.202.41.1";
Destination = "212.53.203.19/32";
routeConfig = {
Gateway = "10.202.41.1";
Destination = "212.53.203.19/32";
};
}
];
linkConfig.RequiredForOnline = "routable";
@ -54,11 +62,13 @@
PrivateKeyFile = "/secrets/wireguard-mail-1-wg0-privatekey.secret";
};
wireguardPeers = [{
PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ=";
PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret";
Endpoint = "212.53.203.19:51822";
AllowedIPs = [ "0.0.0.0/0" ];
PersistentKeepalive = 25;
wireguardPeerConfig = {
PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ=";
PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret";
Endpoint = "212.53.203.19:51822";
AllowedIPs = [ "0.0.0.0/0" ];
PersistentKeepalive = 25;
};
}];
};
};

36
config/hosts/mail-2/configuration.nix
View file

@ -15,20 +15,28 @@
];
routes = [
{
Gateway = "10.201.41.1";
Destination = "10.201.0.0/16";
routeConfig = {
Gateway = "10.201.41.1";
Destination = "10.201.0.0/16";
};
}
{
Gateway = "10.201.41.1";
Destination = "10.202.0.0/16";
routeConfig = {
Gateway = "10.201.41.1";
Destination = "10.202.0.0/16";
};
}
{
Gateway = "10.201.41.1";
Destination = "172.21.87.0/24";
routeConfig = {
Gateway = "10.201.41.1";
Destination = "172.21.87.0/24";
};
}
{
Gateway = "10.201.41.1";
Destination = "217.160.117.160/32";
routeConfig = {
Gateway = "10.201.41.1";
Destination = "217.160.117.160/32";
};
}
];
linkConfig.RequiredForOnline = "routable";
@ -54,11 +62,13 @@
PrivateKeyFile = "/secrets/wireguard-mail-2-wg0-privatekey.secret";
};
wireguardPeers = [{
PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4=";
PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret";
Endpoint = "217.160.117.160:51820";
AllowedIPs = [ "0.0.0.0/0" ];
PersistentKeepalive = 25;
wireguardPeerConfig = {
PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4=";
PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret";
Endpoint = "217.160.117.160:51820";
AllowedIPs = [ "0.0.0.0/0" ];
PersistentKeepalive = 25;
};
}];
};
};

25
config/hosts/mastodon/mastodon.nix
View file

@ -5,39 +5,28 @@ let
rev = "v2.2";
hash = "sha256-KyXDnpZh1DrY59jvdU42UicgBVvEGtvAGeU1mNxJauQ=";
};
mastodonModern = pkgs.fetchgit {
url = "https://git.gay/freeplay/Mastodon-Modern.git";
rev = "e9e53496789234d5782b5b3d97ed66a130b1678a";
hash = "sha256-lUq57Gbr1UCMVGoO4xTT3wYPNwohdepxSPCX+WP6AS8=";
};
mastodonNekoversePatches = pkgs.fetchgit {
url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";
hash = "sha256-3jWbKll5RGB1vfEmONVivzGYcoONEkBEHh/rOt9LXlU=";
};
mastodonNekoverseOverlay = final: prev: {
mastodon = (prev.mastodon.override rec {
version = "4.3.3";
version = "4.3.1";
srcOverride = final.applyPatches {
src = pkgs.stdenv.mkDerivation {
name = "mastodonWithThemes";
src = pkgs.fetchgit {
url = "https://github.com/mastodon/mastodon.git";
rev = "v${version}";
sha256 = "sha256-6FyLhRy+/uW+RYt+IRHpkTABjKGTQYjR/4GSPN+GlGY=";
sha256 = "sha256-JlpQGyVPTLcB3RcWMBrmYc1AAUT1JLfS4IDas9ZoWh4=";
};
# mastodon ships with broken symlinks, disable the check for that for now
dontCheckForBrokenSymlinks = true;
installPhase = ''
cp -r ./ $out/
cp -r ${tangerineUI}/mastodon/app/javascript/styles/* $out/app/javascript/styles/
echo "@import 'mastodon/variables';
@import 'application';" >> $out/app/javascript/styles/modern-dark.scss
cat ${mastodonModern}/modern.css >> $out/app/javascript/styles/modern-dark.scss
echo "tangerineui: styles/tangerineui.scss
tangerineui-purple: styles/tangerineui-purple.scss
tangerineui-cherry: styles/tangerineui-cherry.scss
tangerineui-lagoon: styles/tangerineui-lagoon.scss
modern-dark: styles/modern-dark.scss" >> $out/config/themes.yml
tangerineui-lagoon: styles/tangerineui-lagoon.scss" >> $out/config/themes.yml
'';
};
patches = [
@ -50,14 +39,6 @@ let
];
};
yarnHash = "sha256-e5c04M6XplAgaVyldU5HmYMYtY3MAWs+a8Z/BGSyGBg=";
}).overrideAttrs (old: {
mastodonModules = old.mastodonModules.overrideAttrs (old: {
# FIXME: Remove once fixed in nixpkgs. See https://github.com/NixOS/nixpkgs/issues/380366
postBuild = ''
# Remove workspace "package" as it contains broken symlinks
rm -r ~/node_modules/@mastodon
'';
});
});
};
pkgs-overlay = pkgs.extend mastodonNekoverseOverlay;

1
config/hosts/matrix/default.nix
View file

@ -4,7 +4,6 @@
./configuration.nix
./hardware-configuration.nix
./postgresql.nix
./matrix-authentication-service.nix
./matrix-synapse.nix
./nginx.nix
];

97
config/hosts/matrix/matrix-authentication-service.nix
View file

@ -1,97 +0,0 @@
{ pkgs, ... }:
let
masSettings = {
http = {
listeners = [
{
name = "web";
resources = [
{ name = "discovery"; }
{ name = "human"; }
{ name = "oauth"; }
{ name = "compat"; }
{ name = "graphql"; }
{
name = "assets";
path = "${pkgs.matrix-authentication-service}/share/matrix-authentication-service/assets/";
}
];
binds = [{
host = "localhost";
port = 8080;
}];
proxy_protocol = false;
}
{
name = "internal";
resources = [{
name = "health";
}];
binds = [{
host = "localhost";
port = 8081;
}];
proxy_protocol = false;
}
];
trusted_proxies = [
"192.168.0.0/16"
"172.16.0.0/12"
"10.0.0.0/10"
"127.0.0.1/8"
"fd00::/8"
"::1/128"
];
public_base = "https://mas.nekover.se";
};
database = {
uri = "postgresql://mas_user:mas@localhost/mas";
max_connections = 10;
min_connections = 0;
connect_timeout = 30;
idle_timeout = 600;
max_lifetime = 1800;
};
passwords = {
enabled = true;
schemes = [
{
version = 1;
algorithm = "bcrypt";
}
{
version = 2;
algorithm = "argon2id";
}
];
minimum_complexity = 8;
};
};
masSettingsFile = ((pkgs.formats.yaml { }).generate "mas-config" masSettings);
in
{
environment.systemPackages = with pkgs; [
matrix-authentication-service
syn2mas
];
systemd.services.matrix-authentication-service = {
description = "Matrix Authentication Service";
after = [ "network-online.target" "postgresql.service" ];
requires = [ "postgresql.service" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.matrix-authentication-service}/bin/mas-cli server --config=${masSettingsFile} --config=/secrets/matrix-mas-secret-config.secret";
WorkingDirectory = "${pkgs.matrix-authentication-service}";
User = "matrix-synapse";
Group = "matrix-synapse";
};
wantedBy = [
"multi-user.target"
];
};
}

2
config/hosts/matrix/matrix-synapse.nix
View file

@ -52,7 +52,7 @@
"/secrets/matrix-registration-shared-secret.secret"
"/secrets/matrix-turn-shared-secret.secret"
"/secrets/matrix-email-smtp-pass.secret"
"/secrets/matrix-homeserver-mas-config.secret"
"/secrets/matrix-keycloak-client-secret.secret"
];
};
}

87
config/hosts/matrix/nginx.nix
View file

@ -2,65 +2,40 @@
{
services.nginx = {
enable = true;
virtualHosts = {
"matrix.nekover.se" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
];
locations = {
"~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
proxyPass = "http://localhost:8009";
priority = 998;
};
"~ ^/_matrix/client/(.*)/(login|logout|refresh)" = {
proxyPass = "http://localhost:8080";
priority = 999;
};
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
'';
};
virtualHosts."matrix.nekover.se" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
];
locations = {
"~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
proxyPass = "http://127.0.0.1:8009";
priority = 999;
};
extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol;
'';
};
"mas.nekover.se" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
];
locations."/" = {
proxyPass = "http://localhost:8080";
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://127.0.0.1:8008";
extraConfig = ''
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
'';
};
extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol;
'';
};
extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol;
'';
};
};
}

5
config/hosts/matrix/postgresql.nix
View file

@ -8,11 +8,6 @@
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mas_user" WITH LOGIN PASSWORD 'mas';
CREATE DATABASE "mas" WITH OWNER "mas_user"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
}

12
config/hosts/matrix/secrets.nix
View file

@ -33,16 +33,8 @@
permissions = "0640";
uploadAt = "pre-activation";
};
"matrix-homeserver-mas-config.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "matrix/homeserver-mas-config" ];
destDir = "/secrets";
user = "matrix-synapse";
group = "matrix-synapse";
permissions = "0640";
uploadAt = "pre-activation";
};
"matrix-mas-secret-config.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "matrix/mas-secret-config" ];
"matrix-keycloak-client-secret.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "matrix/keycloak-client-secret" ];
destDir = "/secrets";
user = "matrix-synapse";
group = "matrix-synapse";

2
config/hosts/nextcloud/nextcloud.nix
View file

@ -2,7 +2,7 @@
{
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
package = pkgs.nextcloud29;
hostName = "cloud.nekover.se";
https = true;
config = {

2
config/hosts/torrent/configuration.nix
View file

@ -25,5 +25,5 @@
};
};
system.stateVersion = "24.11";
system.stateVersion = "23.11";
}

6
config/hosts/torrent/jackett.nix
View file

@ -1,8 +1,8 @@
{ nixpkgs-master, ... }:
{ nixpkgs-unstable, ... }:
{
services.jackett = {
enable = true;
# use package from master to work around faulty test in older jackett version
package = nixpkgs-master.legacyPackages."x86_64-linux".jackett;
# use package from unstable to work around faulty test in older jackett version
package = nixpkgs-unstable.legacyPackages."x86_64-linux".jackett;
};
}

12
config/hosts/torrent/sonarr.nix
View file

@ -1,17 +1,5 @@
{ ... }:
{
# The sonarr package is dependend on .NET 6 which is marked as insecure.
# It doesn't seem to build with the later .NET versions.
# In the meantime allow the installation of these insecure packages since sonarr is only reachable locally.
nixpkgs.config = {
permittedInsecurePackages = [
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
];
};
services.sonarr = {
enable = true;
user = "torrent";

2
config/hosts/valkyrie/configuration.nix
View file

@ -96,5 +96,5 @@
services.prometheus.exporters.node.enable = false;
system.stateVersion = "24.11";
system.stateVersion = "23.05";
}

3
config/hosts/valkyrie/containers/uptime-kuma/default.nix
View file

@ -1,6 +1,7 @@
{ ... }:
{ nixpkgs-unstable, ... }:
{
containers.uptime-kuma = {
nixpkgs = nixpkgs-unstable;
autoStart = true;
config = { ... }: {
networking.useHostResolvConf = true;

2
config/hosts/web-public-2/nginx.nix
View file

@ -17,6 +17,7 @@
stream {
map $ssl_preread_server_name $address {
anisync.grzb.de 127.0.0.1:8443;
birdsite.nekover.se 10.202.41.107:8443;
cloud.nekover.se 10.202.41.122:8443;
element.nekover.se 127.0.0.1:8443;
fi.nekover.se 10.202.41.125:8443;
@ -25,7 +26,6 @@
git.nekover.se 10.202.41.106:8443;
hydra.nekover.se 10.202.41.121:8443;
id.nekover.se 10.202.41.124:8443;
mas.nekover.se 10.202.41.112:8443;
matrix.nekover.se 10.202.41.112:8443;
mewtube.nekover.se 127.0.0.1:8443;
nekover.se 127.0.0.1:8443;

1
config/hosts/web-public-2/virtualHosts/acme-challenge.nix
View file

@ -3,7 +3,6 @@ let
acmeDomainMap = {
"jellyfin.grzb.de" = "jellyfin.vs.grzb.de";
"mail-1.grzb.de" = "mail-1.vs.grzb.de";
"mas.nekover.se" = "matrix.vs.grzb.de";
"matrix.nekover.se" = "matrix.vs.grzb.de";
"netbox.grzb.de" = "netbox.vs.grzb.de";
"git.nekover.se" = "forgejo.vs.grzb.de";

2
config/hosts/web-public-2/virtualHosts/nekover.se.nix
View file

@ -16,7 +16,7 @@
'';
};
locations."/.well-known/matrix/client" = {
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.nekover.se\"}, \"org.matrix.msc2965.authentication\": {\"issuer\": \"https://mas.nekover.se\", \"account\": \"https://mas.nekover.se/account\"}}'";
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.nekover.se\"}, \"org.matrix.msc2965.authentication\": {\"issuer\": \"https://id.nekover.se/realms/nekoverse\", \"account\": \"https://id.nekover.se/realms/nekoverse/account/\"}}'";
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin *;

2
config/nixos-generators/default.nix
View file

@ -10,5 +10,5 @@
firewall.enable = true;
};
system.stateVersion = "24.11";
system.stateVersion = "23.05";
}

38
flake.lock
View file

@ -34,11 +34,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"lastModified": 1731805462,
"narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734",
"type": "github"
},
"original": {
@ -55,11 +55,11 @@
]
},
"locked": {
"lastModified": 1737057290,
"narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
"lastModified": 1732151224,
"narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
"rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c",
"type": "github"
},
"original": {
@ -70,16 +70,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1739188370,
"narHash": "sha256-2h/5uQaKwQeRXIgpOJpzgeO3qe93AonbJFk0CxTSygY=",
"lastModified": 1731842749,
"narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8ae4ee7978617d3af98721a62f14f25befc0beef",
"rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11-small",
"ref": "nixos-24.05-small",
"repo": "nixpkgs",
"type": "github"
}
@ -101,11 +101,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1739319052,
"narHash": "sha256-L8Tq1dnW96U70vrNpCCGCLHz4rX1GhNRCrRI/iox9wc=",
"lastModified": 1732154639,
"narHash": "sha256-GeEhJmh0/KEQmoe4Lmsv9VC0SrQn4K9V27KbHJ0Zs/g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "83a2581c81ff5b06f7c1a4e7cc736a455dfcf7b4",
"rev": "516819d9b5b97ee1f461aecb4caed7aa6b769d5d",
"type": "github"
},
"original": {
@ -117,11 +117,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1739303263,
"narHash": "sha256-c/Z/6gZLN8BIpYh1B3qMzEn0TArjf4F2lmy59lDLVBM=",
"lastModified": 1732136765,
"narHash": "sha256-622zKMMp0mw2a+fJJoVQdNmxwRGDkWsDTn5OSPK8DLk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6cc4213488e886db863878a1e3dc26cc932d38b8",
"rev": "e35b0f3f9787cfe51f406f7dd5a4446a858bfdb2",
"type": "github"
},
"original": {
@ -164,11 +164,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1734885828,
"narHash": "sha256-G0fB1YBlkalu8lLGRB07K8CpUWNVd+unfrjNomSL7SM=",
"lastModified": 1718084203,
"narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "636b82f4175e3f6b1e80d2189bb0469e2ae01a55",
"rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
"type": "gitlab"
},
"original": {

4
flake.nix
View file

@ -1,6 +1,6 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
nixos-generators = {
@ -31,7 +31,7 @@
inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
# Provide environment for secret key command
keyCommandEnv = [ "env" "GNUPGHOME=/home/fi/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/fi/pass/infra" ];
keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ];
};
};
} // builtins.mapAttrs (helper.generateColmenaHost) hosts;

5
hosts.nix
View file

@ -82,6 +82,10 @@ in
site = "vs";
environment = "proxmox";
};
nitter = {
site = "vs";
environment = "proxmox";
};
coturn = {
site = "vs";
environment = "proxmox";
@ -92,7 +96,6 @@ in
environment = "proxmox";
};
torrent = {
hostNixpkgs = nixpkgs-unstable;
site = "vs";
environment = "proxmox";
};