nicer container configs

today i woke up to the realisation that there's an extremely obvious way
to make these nicer, & then i did exactly that. For some reason I did
not think of this when originally removing the dependency to nix-hexchen's
evalConfig.

unfortunately, this is not /quite/ a no-op. The only actual change is
different whitespace in some of the semantically-equivalent
coredns-configs that got unified.
This commit is contained in:
stuebinm 2023-02-18 14:45:14 +01:00
parent aa62e616a3
commit 72c16d9e1c
10 changed files with 63 additions and 183 deletions

View file

@ -35,14 +35,14 @@
outputs = { self, nixpkgs, nix-hexchen, deploy-rs, ... }@inputs:
let modules = nix-hexchen.nixosModules;
profiles = nix-hexchen.nixosModules.profiles;
profiles = nix-hexchen.nixosModules.profiles // {
container = import ./modules/container-profile.nix;
};
pkgs = import ./pkgs {
sources = inputs;
system = "x86_64-linux";
};
# simulate the evalConfig as contained in nix-hexchen/lib/hosts.nix,
# but compatible with flakes
evalConfig = extraSpecial: config: nixpkgs.lib.nixosSystem {
evalConfig = config: (nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
config
@ -52,8 +52,8 @@
specialArgs = {
inherit modules profiles evalConfig;
sources = inputs;
} // extraSpecial;
};
}).config.system.build.toplevel;
in {
# do this by hand instead of via nix-hexchen/lib/hosts.nix, since that one
# apparently can't support pkgs depending on flake inputs

View file

@ -0,0 +1,25 @@
{ lib, ...}:
{
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
networking.firewall.enable = false;
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
# I /suspect/ this is not actually needed.
# TODO: find spoons to deal with potential breakage, test removing this
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
system.stateVersion = lib.mkDefault "21.05";
}

View file

@ -12,35 +12,17 @@
isReadOnly = false;
};
};
path = (evalConfig {
hosts = { };
groups = { };
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
system.stateVersion = "21.11";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
imports = [ profiles.nopersist profiles.container ];
environment.systemPackages = [ pkgs.gitea ];
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.gitea = {
enable = true;
appName = "0x0: git for all creatures";
@ -106,7 +88,7 @@
AcceptEnv GIT_PROTOCOL
'';
};
})).config.system.build.toplevel;
});
};
services.nginx.virtualHosts."git.infra4future.de" = {

View file

@ -12,28 +12,10 @@
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.hedgedoc = {
enable = true;
settings = {
@ -93,7 +75,7 @@
startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres";
};
})).config.system.build.toplevel;
});
};
services.nginx.virtualHosts."pad.hacc.earth" = {
enableACME = true;

View file

@ -12,29 +12,10 @@
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.hedgedoc = {
enable = true;
settings = {
@ -79,7 +60,7 @@
startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres";
};
})).config.system.build.toplevel;
});
};
services.nginx.virtualHosts."pad.infra4future.de" = {

View file

@ -16,22 +16,11 @@ in {
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.overlays = [ (self: super: { inherit mattermost; }) ];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
systemd.services.mattermost.serviceConfig.EnvironmentFile =
"/persist/mattermost/secrets.env";
@ -226,15 +215,7 @@ in {
networking.firewall.allowedTCPPorts = [ 3000 ];
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
});
};
services.nginx.virtualHosts."mattermost.infra4future.de" = {

View file

@ -12,14 +12,10 @@
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
path = evalConfig ({ config, lib, pkgs, profiles, sources, ... }: {
imports = [
sources.nix-hexchen.nixosModules.profiles.nopersist
profiles.nopersist
profiles.container
(import "${sources.nixpkgs-unstable}/nixos/modules/services/web-apps/nextcloud.nix")
];
@ -27,13 +23,7 @@
"services/web-apps/nextcloud.nix"
];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
environment.systemPackages = [ pkgs.htop ];
@ -98,16 +88,7 @@
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
});
};
services.nginx.virtualHosts."cloud.infra4future.de" = {

View file

@ -12,18 +12,13 @@ in
hostAddress = "192.168.100.1";
localAddress = "192.168.100.4";
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
path = evalConfig ({ config, lib, pkgs, profiles, modules, sources, ... }: {
# for some inexplicable reason this does not import nopersist.
# i'm too lazy rn to deal with possible breakages if I add it.
# if you have spoons & nothing else to do, consider this a suggestion!
imports = [ profiles.container ];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.thelounge = {
enable = true;
@ -66,16 +61,7 @@ in
# override the package we use
systemd.services.thelounge.serviceConfig.ExecStart =
pkgs.lib.mkForce "${thelounge}/bin/thelounge start";
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
});
};
services.nginx.virtualHosts."webchat.voc.hacc.space" = {

View file

@ -47,21 +47,10 @@ in
};
};
path = (evalConfig {
hosts = { };
groups = { };
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
system.stateVersion = "21.11";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
imports = [ profiles.nopersist profiles.container ];
users.users.tracktrain = {
group = "tracktrain";
@ -87,7 +76,7 @@ in
mkdir -p /persist/tracktrain
cd /persist/tracktrain
ln -sf ${pkgs.writeText "tracktrain-config.yaml" tracktrain-config} config.yaml
wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip"
wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" || sleep 4; wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip"
${pkgs.tracktrain}/bin/tracktrain +RTS -T
'';
};
@ -157,16 +146,7 @@ in
systemd.services.grafana.serviceConfig.EnvironmentFile =
"/persist/secrets.env";
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
});
};
}

View file

@ -14,28 +14,10 @@ in {
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.uwsgi = {
enable = true;
@ -52,7 +34,7 @@ in {
hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.10/site-packages/uffd flask db upgrade";
};
};
})).config.system.build.toplevel;
});
};
services.nginx.virtualHosts."login.infra4future.de" = {
enableACME = true;