hacc/haccfiles
8
0
Fork 1
Code Issues 1 Pull requests Projects Releases Wiki Activity

less verbose container definitions

Browse source 
move some options (the nopersist & container profiles + allowUnfree
packages) into the evalConfig used for containers, so we don't have to
repeat ourselves as much.

also removed some no-longer-needed specialArgs.

also made thelounge work with nopersist, which for some reason it didn't
use before.
This commit is contained in:
stuebinm 2023-09-27 23:24:23 +02:00
parent 6586f0c552
commit eae84263f5
11 changed files with 38 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
flake.nix
View file

@ -52,10 +52,15 @@
modules = [ modules = [
config config
nix-hexchen.nixosModules.network.nftables nix-hexchen.nixosModules.network.nftables
{ nixpkgs.pkgs = pkgs; } {
nixpkgs.pkgs = pkgs.lib.mkForce pkgs;
nixpkgs.config.allowUnfree = true;
imports = [ profiles.container profiles.nopersist ];
}
]; ];
specialArgs = { specialArgs = {
inherit modules profiles evalConfig; # modules still needed because a profile in nix-hexchen uses it
inherit modules evalConfig;
sources = inputs; sources = inputs;
}; };
}).config.system.build.toplevel; }).config.system.build.toplevel;
@ -71,10 +76,8 @@
{ environment.etc."haccfiles".source = self.outPath; } { environment.etc."haccfiles".source = self.outPath; }
]; ];
specialArgs = { specialArgs = {
# with a few exceptions, the flake inputs can be used the same
# as the niv-style (import nix/sources.nix {})
sources = inputs; sources = inputs;
inherit modules profiles evalConfig; inherit modules evalConfig;
}; };
}; };

4
pkgs/default.nix
View file

@ -1,4 +1,4 @@
{ sources, system ? builtins.currentSystem, ... }@args: { sources, ... }@args:
let let
pkgs = import sources.nixpkgs args; pkgs = import sources.nixpkgs args;
@ -17,7 +17,7 @@ let
# a version of the lounge with some extra css that # a version of the lounge with some extra css that
# hides things the hacc-voc doesn't need # hides things the hacc-voc doesn't need
thelounge-hacked = pkgs.stdenv.mkDerivation { thelounge = pkgs.stdenv.mkDerivation {
name = "thelounge-hacked"; name = "thelounge-hacked";
src = pkgs.thelounge; src = pkgs.thelounge;

6
services/gitea.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }: { config, lib, pkgs, evalConfig, ... }:
{ {
containers.gitea = { containers.gitea = {
@ -12,11 +12,9 @@
isReadOnly = false; isReadOnly = false;
}; };
}; };
path = evalConfig ({ config, lib, pkgs, profiles, ... }: { path = evalConfig ({ config, lib, pkgs, ... }: {
system.stateVersion = "21.11"; system.stateVersion = "21.11";
imports = [ profiles.nopersist profiles.container ];
environment.systemPackages = [ pkgs.gitea ]; environment.systemPackages = [ pkgs.gitea ];
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea"; hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";

7
services/hedgedoc-hacc.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }: { config, lib, pkgs, evalConfig, ... }:
{ {
@ -18,10 +18,7 @@
}; };
"/secrets".hostPath = "/run/secrets/hedgedoc-hacc"; "/secrets".hostPath = "/run/secrets/hedgedoc-hacc";
}; };
path = evalConfig ({ config, lib, pkgs, profiles, ... }: { path = evalConfig ({ config, lib, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.config.allowUnfree = true;
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;
settings = { settings = {

7
services/hedgedoc-i4f.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, modules, evalConfig, sources, ... }: { config, lib, pkgs, evalConfig, ... }:
{ {
containers.pad-i4f = { containers.pad-i4f = {
@ -12,10 +12,7 @@
isReadOnly = false; isReadOnly = false;
}; };
}; };
path = evalConfig ({ config, lib, pkgs, profiles, ... }: { path = evalConfig ({ config, lib, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.config.allowUnfree = true;
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;
settings = { settings = {

16
services/mattermost.nix
View file

@ -1,9 +1,6 @@
{config, pkgs, lib, profiles, modules, evalConfig, sources, ...}: { config, pkgs, lib, evalConfig, ...}:
let
mattermost = pkgs.mattermost;
in {
{
sops.secrets = { sops.secrets = {
"mattermost/env" = {}; "mattermost/env" = {};
}; };
@ -22,17 +19,10 @@ in {
"/secrets".hostPath = "/run/secrets/mattermost"; "/secrets".hostPath = "/run/secrets/mattermost";
}; };
path = evalConfig ({ config, lib, pkgs, profiles, ... }: { path = evalConfig ({ config, lib, pkgs, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.overlays = [ (self: super: { inherit mattermost; }) ];
nixpkgs.config.allowUnfree = true;
systemd.services.mattermost.serviceConfig.EnvironmentFile = systemd.services.mattermost.serviceConfig.EnvironmentFile =
lib.mkForce "/secrets/env"; lib.mkForce "/secrets/env";
# couldn't figure out how to actually overwrite modules, so now
# there's two mattermost modules ...
services.mattermost = { services.mattermost = {
enable = true; enable = true;
siteUrl = "https://mattermost.infra4future.de"; siteUrl = "https://mattermost.infra4future.de";

2
services/murmur.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, sources, ... }: { config, lib, pkgs, ... }:
{ {
hexchen.bindmounts."/var/lib/murmur" = "/persist/var/lib/murmur"; hexchen.bindmounts."/var/lib/murmur" = "/persist/var/lib/murmur";

7
services/nextcloud.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, profiles, modules, evalConfig, ... }: { config, lib, pkgs, evalConfig, ... }:
{ {
containers.nextcloud = { containers.nextcloud = {
@ -14,17 +14,12 @@
}; };
path = evalConfig ({ config, lib, pkgs, profiles, sources, ... }: { path = evalConfig ({ config, lib, pkgs, profiles, sources, ... }: {
imports = [ imports = [
profiles.nopersist
profiles.container
(import "${sources.nixpkgs-unstable}/nixos/modules/services/web-apps/nextcloud.nix") (import "${sources.nixpkgs-unstable}/nixos/modules/services/web-apps/nextcloud.nix")
]; ];
disabledModules = [ disabledModules = [
"services/web-apps/nextcloud.nix" "services/web-apps/nextcloud.nix"
]; ];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.htop ]; environment.systemPackages = [ pkgs.htop ];
services.nextcloud = { services.nextcloud = {

26
services/thelounge.nix
View file

@ -1,30 +1,26 @@
{ config, lib, pkgs, evalConfig, ... }: { config, lib, pkgs, evalConfig, ... }:
let
# necessary since overlays won't propagate into the
# container's config
thelounge = pkgs.thelounge-hacked;
in
{ {
containers.thelounge = { containers.thelounge = {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostAddress = "192.168.100.1"; hostAddress = "192.168.100.1";
localAddress = "192.168.100.4"; localAddress = "192.168.100.4";
bindMounts = {
"/var/lib/thelounge" = {
hostPath = "/persist/containers/thelounge";
isReadOnly = false;
};
};
path = evalConfig ({ config, lib, pkgs, profiles, modules, sources, ... }: { path = evalConfig ({ config, lib, ... }: {
# for some inexplicable reason this does not import nopersist.
# i'm too lazy rn to deal with possible breakages if I add it.
# if you have spoons & nothing else to do, consider this a suggestion!
imports = [ profiles.container ];
nixpkgs.config.allowUnfree = true;
services.thelounge = { services.thelounge = {
enable = true; enable = true;
extraConfig = { extraConfig = {
public = true; public = true;
package = pkgs.thelounge;
# respect X-Forwarded-For # respect X-Forwarded-For
reverseProxy = true; reverseProxy = true;
defaults = { defaults = {
@ -57,10 +53,6 @@ in
leaveMessage = "happy haccing"; leaveMessage = "happy haccing";
}; };
}; };
# override the package we use
systemd.services.thelounge.serviceConfig.ExecStart =
pkgs.lib.mkForce "${thelounge}/bin/thelounge start";
}); });
}; };

6
services/tracktrain.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, evalConfig, ... }: { config, lib, pkgs, evalConfig, ... }:
let let
tracktrain-config = '' tracktrain-config = ''
@ -53,11 +53,9 @@ in
"/secrets".hostPath = "/run/secrets/tracktrain"; "/secrets".hostPath = "/run/secrets/tracktrain";
}; };
path = evalConfig ({ config, lib, pkgs, profiles, ... }: { path = evalConfig ({ config, lib, pkgs, ... }: {
system.stateVersion = "21.11"; system.stateVersion = "21.11";
imports = [ profiles.nopersist profiles.container ];
users.users.tracktrain = { users.users.tracktrain = {
group = "tracktrain"; group = "tracktrain";
isSystemUser = true; isSystemUser = true;

18
services/uffd.nix
View file

@ -1,8 +1,6 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }: { config, lib, pkgs, evalConfig, ... }:
let {
uffd = pkgs.uffd;
in {
containers.uffd = { containers.uffd = {
privateNetwork = true; privateNetwork = true;
hostAddress = "192.168.100.1"; hostAddress = "192.168.100.1";
@ -14,24 +12,20 @@ in {
isReadOnly = false; isReadOnly = false;
}; };
}; };
path = evalConfig ({ config, lib, pkgs, profiles, ... }: { path = evalConfig ({ config, lib, pkgs, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.config.allowUnfree = true;
services.uwsgi = { services.uwsgi = {
enable = true; enable = true;
plugins = [ "python3" ]; plugins = [ "python3" ];
instance = { instance = {
type = "normal"; type = "normal";
pythonPackages = self: with self; [ uffd ]; pythonPackages = _: [ pkgs.uffd ];
module = "uffd:create_app()"; module = "uffd:create_app()";
# socket = "${config.services.uwsgi.runDir}/uwsgi.sock"; # socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
http = ":8080"; http = ":8080";
env = [ env = [
"CONFIG_PATH=/persist/uffd/uffd.conf" "CONFIG_PATH=/persist/uffd/uffd.conf"
]; ];
hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.10/site-packages/uffd flask db upgrade"; hook-pre-app = "exec:FLASK_APP=${pkgs.uffd}/lib/python3.10/site-packages/uffd flask db upgrade";
}; };
}; };
}); });
@ -41,7 +35,7 @@ in {
forceSSL = true; forceSSL = true;
locations = { locations = {
"/".proxyPass = "http://${config.containers.uffd.localAddress}:8080"; "/".proxyPass = "http://${config.containers.uffd.localAddress}:8080";
"/static".root = "${uffd}/lib/python3.10/site-packages/uffd"; "/static".root = "${pkgs.uffd}/lib/python3.10/site-packages/uffd";
"/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png"; "/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png";
"/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg"; "/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg";
"/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg"; "/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg";