less verbose container definitions

move some options (the nopersist & container profiles + allowUnfree
packages) into the evalConfig used for containers, so we don't have to
repeat ourselves as much.

also removed some no-longer-needed specialArgs.

also made thelounge work with nopersist, which for some reason it didn't
use before.
This commit is contained in:
stuebinm 2023-09-27 23:24:23 +02:00
parent 6586f0c552
commit eae84263f5
11 changed files with 38 additions and 74 deletions

View file

@ -52,10 +52,15 @@
modules = [
config
nix-hexchen.nixosModules.network.nftables
{ nixpkgs.pkgs = pkgs; }
{
nixpkgs.pkgs = pkgs.lib.mkForce pkgs;
nixpkgs.config.allowUnfree = true;
imports = [ profiles.container profiles.nopersist ];
}
];
specialArgs = {
inherit modules profiles evalConfig;
# modules still needed because a profile in nix-hexchen uses it
inherit modules evalConfig;
sources = inputs;
};
}).config.system.build.toplevel;
@ -71,10 +76,8 @@
{ environment.etc."haccfiles".source = self.outPath; }
];
specialArgs = {
# with a few exceptions, the flake inputs can be used the same
# as the niv-style (import nix/sources.nix {})
sources = inputs;
inherit modules profiles evalConfig;
inherit modules evalConfig;
};
};

View file

@ -1,4 +1,4 @@
{ sources, system ? builtins.currentSystem, ... }@args:
{ sources, ... }@args:
let
pkgs = import sources.nixpkgs args;
@ -17,7 +17,7 @@ let
# a version of the lounge with some extra css that
# hides things the hacc-voc doesn't need
thelounge-hacked = pkgs.stdenv.mkDerivation {
thelounge = pkgs.stdenv.mkDerivation {
name = "thelounge-hacked";
src = pkgs.thelounge;

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
{ config, lib, pkgs, evalConfig, ... }:
{
containers.gitea = {
@ -12,11 +12,9 @@
isReadOnly = false;
};
};
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
path = evalConfig ({ config, lib, pkgs, ... }: {
system.stateVersion = "21.11";
imports = [ profiles.nopersist profiles.container ];
environment.systemPackages = [ pkgs.gitea ];
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
{ config, lib, pkgs, evalConfig, ... }:
{
@ -18,10 +18,7 @@
};
"/secrets".hostPath = "/run/secrets/hedgedoc-hacc";
};
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.config.allowUnfree = true;
path = evalConfig ({ config, lib, ... }: {
services.hedgedoc = {
enable = true;
settings = {

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, modules, evalConfig, sources, ... }:
{ config, lib, pkgs, evalConfig, ... }:
{
containers.pad-i4f = {
@ -12,10 +12,7 @@
isReadOnly = false;
};
};
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.config.allowUnfree = true;
path = evalConfig ({ config, lib, ... }: {
services.hedgedoc = {
enable = true;
settings = {

View file

@ -1,9 +1,6 @@
{config, pkgs, lib, profiles, modules, evalConfig, sources, ...}:
let
mattermost = pkgs.mattermost;
in {
{ config, pkgs, lib, evalConfig, ...}:
{
sops.secrets = {
"mattermost/env" = {};
};
@ -22,17 +19,10 @@ in {
"/secrets".hostPath = "/run/secrets/mattermost";
};
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.overlays = [ (self: super: { inherit mattermost; }) ];
nixpkgs.config.allowUnfree = true;
path = evalConfig ({ config, lib, pkgs, ... }: {
systemd.services.mattermost.serviceConfig.EnvironmentFile =
lib.mkForce "/secrets/env";
# couldn't figure out how to actually overwrite modules, so now
# there's two mattermost modules ...
services.mattermost = {
enable = true;
siteUrl = "https://mattermost.infra4future.de";

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, sources, ... }:
{ config, lib, pkgs, ... }:
{
hexchen.bindmounts."/var/lib/murmur" = "/persist/var/lib/murmur";

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, profiles, modules, evalConfig, ... }:
{ config, lib, pkgs, evalConfig, ... }:
{
containers.nextcloud = {
@ -14,17 +14,12 @@
};
path = evalConfig ({ config, lib, pkgs, profiles, sources, ... }: {
imports = [
profiles.nopersist
profiles.container
(import "${sources.nixpkgs-unstable}/nixos/modules/services/web-apps/nextcloud.nix")
];
disabledModules = [
"services/web-apps/nextcloud.nix"
];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.htop ];
services.nextcloud = {

View file

@ -1,30 +1,26 @@
{ config, lib, pkgs, evalConfig, ... }:
let
# necessary since overlays won't propagate into the
# container's config
thelounge = pkgs.thelounge-hacked;
in
{
containers.thelounge = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.4";
bindMounts = {
"/var/lib/thelounge" = {
hostPath = "/persist/containers/thelounge";
isReadOnly = false;
};
};
path = evalConfig ({ config, lib, pkgs, profiles, modules, sources, ... }: {
# for some inexplicable reason this does not import nopersist.
# i'm too lazy rn to deal with possible breakages if I add it.
# if you have spoons & nothing else to do, consider this a suggestion!
imports = [ profiles.container ];
nixpkgs.config.allowUnfree = true;
path = evalConfig ({ config, lib, ... }: {
services.thelounge = {
enable = true;
extraConfig = {
public = true;
package = pkgs.thelounge;
# respect X-Forwarded-For
reverseProxy = true;
defaults = {
@ -57,10 +53,6 @@ in
leaveMessage = "happy haccing";
};
};
# override the package we use
systemd.services.thelounge.serviceConfig.ExecStart =
pkgs.lib.mkForce "${thelounge}/bin/thelounge start";
});
};

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, evalConfig, ... }:
{ config, lib, pkgs, evalConfig, ... }:
let
tracktrain-config = ''
@ -53,11 +53,9 @@ in
"/secrets".hostPath = "/run/secrets/tracktrain";
};
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
path = evalConfig ({ config, lib, pkgs, ... }: {
system.stateVersion = "21.11";
imports = [ profiles.nopersist profiles.container ];
users.users.tracktrain = {
group = "tracktrain";
isSystemUser = true;

View file

@ -1,8 +1,6 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
{ config, lib, pkgs, evalConfig, ... }:
let
uffd = pkgs.uffd;
in {
{
containers.uffd = {
privateNetwork = true;
hostAddress = "192.168.100.1";
@ -14,24 +12,20 @@ in {
isReadOnly = false;
};
};
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
imports = [ profiles.nopersist profiles.container ];
nixpkgs.config.allowUnfree = true;
path = evalConfig ({ config, lib, pkgs, ... }: {
services.uwsgi = {
enable = true;
plugins = [ "python3" ];
instance = {
type = "normal";
pythonPackages = self: with self; [ uffd ];
pythonPackages = _: [ pkgs.uffd ];
module = "uffd:create_app()";
# socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
http = ":8080";
env = [
"CONFIG_PATH=/persist/uffd/uffd.conf"
];
hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.10/site-packages/uffd flask db upgrade";
hook-pre-app = "exec:FLASK_APP=${pkgs.uffd}/lib/python3.10/site-packages/uffd flask db upgrade";
};
};
});
@ -41,7 +35,7 @@ in {
forceSSL = true;
locations = {
"/".proxyPass = "http://${config.containers.uffd.localAddress}:8080";
"/static".root = "${uffd}/lib/python3.10/site-packages/uffd";
"/static".root = "${pkgs.uffd}/lib/python3.10/site-packages/uffd";
"/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png";
"/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg";
"/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg";