diff --git a/flake.nix b/flake.nix index b68697e..46ab7e2 100644 --- a/flake.nix +++ b/flake.nix @@ -35,14 +35,14 @@ outputs = { self, nixpkgs, nix-hexchen, deploy-rs, ... }@inputs: let modules = nix-hexchen.nixosModules; - profiles = nix-hexchen.nixosModules.profiles; + profiles = nix-hexchen.nixosModules.profiles // { + container = import ./modules/container-profile.nix; + }; pkgs = import ./pkgs { sources = inputs; system = "x86_64-linux"; }; - # simulate the evalConfig as contained in nix-hexchen/lib/hosts.nix, - # but compatible with flakes - evalConfig = extraSpecial: config: nixpkgs.lib.nixosSystem { + evalConfig = config: (nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ config @@ -52,8 +52,8 @@ specialArgs = { inherit modules profiles evalConfig; sources = inputs; - } // extraSpecial; - }; + }; + }).config.system.build.toplevel; in { # do this by hand instead of via nix-hexchen/lib/hosts.nix, since that one # apparently can't support pkgs depending on flake inputs diff --git a/modules/container-profile.nix b/modules/container-profile.nix new file mode 100644 index 0000000..53e051f --- /dev/null +++ b/modules/container-profile.nix @@ -0,0 +1,25 @@ +{ lib, ...}: + +{ + boot.isContainer = true; + networking.useDHCP = false; + users.users.root.hashedPassword = ""; + networking.firewall.enable = false; + services.coredns = { + enable = true; + config = '' + .:53 { + forward . 1.1.1.1 + } + ''; + }; + + # I /suspect/ this is not actually needed. + # TODO: find spoons to deal with potential breakage, test removing this + networking.defaultGateway = { + address = "192.168.100.1"; + interface = "eth0"; + }; + + system.stateVersion = lib.mkDefault "21.05"; +} diff --git a/services/gitea.nix b/services/gitea.nix index e09c379..92ce8c0 100644 --- a/services/gitea.nix +++ b/services/gitea.nix @@ -12,35 +12,17 @@ isReadOnly = false; }; }; - path = (evalConfig { - hosts = { }; - groups = { }; - } ({ config, lib, pkgs, profiles, modules, sources, ... }: { - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; + path = evalConfig ({ config, lib, pkgs, profiles, ... }: { system.stateVersion = "21.11"; - imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ]; + imports = [ profiles.nopersist profiles.container ]; environment.systemPackages = [ pkgs.gitea ]; hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea"; nixpkgs.config.allowUnfree = true; - networking.firewall.enable = false; - networking.defaultGateway = { - address = "192.168.100.1"; - interface = "eth0"; - }; - services.coredns = { - enable = true; - config = '' - .:53 { - forward . 1.1.1.1 - } - ''; - }; + services.gitea = { enable = true; appName = "0x0: git for all creatures"; @@ -106,7 +88,7 @@ AcceptEnv GIT_PROTOCOL ''; }; - })).config.system.build.toplevel; + }); }; services.nginx.virtualHosts."git.infra4future.de" = { diff --git a/services/hedgedoc-hacc.nix b/services/hedgedoc-hacc.nix index 54abf17..1a3740d 100644 --- a/services/hedgedoc-hacc.nix +++ b/services/hedgedoc-hacc.nix @@ -12,28 +12,10 @@ isReadOnly = false; }; }; - path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; - system.stateVersion = "21.05"; - - imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ]; - + path = evalConfig ({ config, lib, pkgs, profiles, ... }: { + imports = [ profiles.nopersist profiles.container ]; nixpkgs.config.allowUnfree = true; - networking.firewall.enable = false; - networking.defaultGateway = { - address = "192.168.100.1"; - interface = "eth0"; - }; - services.coredns = { - enable = true; - config = '' - .:53 { - forward . 1.1.1.1 - } - ''; - }; + services.hedgedoc = { enable = true; settings = { @@ -93,7 +75,7 @@ startAt = "*-*-* 23:45:00"; location = "/persist/backups/postgres"; }; - })).config.system.build.toplevel; + }); }; services.nginx.virtualHosts."pad.hacc.earth" = { enableACME = true; diff --git a/services/hedgedoc-i4f.nix b/services/hedgedoc-i4f.nix index 7c8ffa7..bb2e376 100644 --- a/services/hedgedoc-i4f.nix +++ b/services/hedgedoc-i4f.nix @@ -12,29 +12,10 @@ isReadOnly = false; }; }; - path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; - system.stateVersion = "21.05"; - - - imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ]; - + path = evalConfig ({ config, lib, pkgs, profiles, ... }: { + imports = [ profiles.nopersist profiles.container ]; nixpkgs.config.allowUnfree = true; - networking.firewall.enable = false; - networking.defaultGateway = { - address = "192.168.100.1"; - interface = "eth0"; - }; - services.coredns = { - enable = true; - config = '' - .:53 { - forward . 1.1.1.1 - } - ''; - }; + services.hedgedoc = { enable = true; settings = { @@ -79,7 +60,7 @@ startAt = "*-*-* 23:45:00"; location = "/persist/backups/postgres"; }; - })).config.system.build.toplevel; + }); }; services.nginx.virtualHosts."pad.infra4future.de" = { diff --git a/services/mattermost.nix b/services/mattermost.nix index 8576bbe..397d567 100644 --- a/services/mattermost.nix +++ b/services/mattermost.nix @@ -16,22 +16,11 @@ in { }; }; - path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; - system.stateVersion = "21.05"; - - imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ]; - + path = evalConfig ({ config, lib, pkgs, profiles, ... }: { + imports = [ profiles.nopersist profiles.container ]; nixpkgs.overlays = [ (self: super: { inherit mattermost; }) ]; nixpkgs.config.allowUnfree = true; - networking.firewall.enable = false; - networking.defaultGateway = { - address = "192.168.100.1"; - interface = "eth0"; - }; systemd.services.mattermost.serviceConfig.EnvironmentFile = "/persist/mattermost/secrets.env"; @@ -226,15 +215,7 @@ in { networking.firewall.allowedTCPPorts = [ 3000 ]; - services.coredns = { - enable = true; - config = '' - .:53 { - forward . 1.1.1.1 - } - ''; - }; - })).config.system.build.toplevel; + }); }; services.nginx.virtualHosts."mattermost.infra4future.de" = { diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 5187efe..015e15b 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -12,14 +12,10 @@ isReadOnly = false; }; }; - path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; - system.stateVersion = "21.05"; - + path = evalConfig ({ config, lib, pkgs, profiles, sources, ... }: { imports = [ - sources.nix-hexchen.nixosModules.profiles.nopersist + profiles.nopersist + profiles.container (import "${sources.nixpkgs-unstable}/nixos/modules/services/web-apps/nextcloud.nix") ]; @@ -27,13 +23,7 @@ "services/web-apps/nextcloud.nix" ]; - nixpkgs.config.allowUnfree = true; - networking.firewall.enable = false; - networking.defaultGateway = { - address = "192.168.100.1"; - interface = "eth0"; - }; environment.systemPackages = [ pkgs.htop ]; @@ -98,16 +88,7 @@ requires = ["postgresql.service"]; after = ["postgresql.service"]; }; - - services.coredns = { - enable = true; - config = '' - .:53 { - forward . 1.1.1.1 - } - ''; - }; - })).config.system.build.toplevel; + }); }; services.nginx.virtualHosts."cloud.infra4future.de" = { diff --git a/services/thelounge.nix b/services/thelounge.nix index 5593ce9..f8d1517 100644 --- a/services/thelounge.nix +++ b/services/thelounge.nix @@ -12,18 +12,13 @@ in hostAddress = "192.168.100.1"; localAddress = "192.168.100.4"; - path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; - system.stateVersion = "21.05"; + path = evalConfig ({ config, lib, pkgs, profiles, modules, sources, ... }: { + # for some inexplicable reason this does not import nopersist. + # i'm too lazy rn to deal with possible breakages if I add it. + # if you have spoons & nothing else to do, consider this a suggestion! + imports = [ profiles.container ]; nixpkgs.config.allowUnfree = true; - networking.firewall.enable = false; - networking.defaultGateway = { - address = "192.168.100.1"; - interface = "eth0"; - }; services.thelounge = { enable = true; @@ -66,16 +61,7 @@ in # override the package we use systemd.services.thelounge.serviceConfig.ExecStart = pkgs.lib.mkForce "${thelounge}/bin/thelounge start"; - - services.coredns = { - enable = true; - config = '' - .:53 { - forward . 1.1.1.1 - } - ''; - }; - })).config.system.build.toplevel; + }); }; services.nginx.virtualHosts."webchat.voc.hacc.space" = { diff --git a/services/tracktrain.nix b/services/tracktrain.nix index d33d948..bb7e72f 100644 --- a/services/tracktrain.nix +++ b/services/tracktrain.nix @@ -47,21 +47,10 @@ in }; }; - path = (evalConfig { - hosts = { }; - groups = { }; - } ({ config, lib, pkgs, profiles, modules, sources, ... }: { - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; + path = evalConfig ({ config, lib, pkgs, profiles, ... }: { system.stateVersion = "21.11"; - imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ]; - networking.firewall.enable = false; - networking.defaultGateway = { - address = "192.168.100.1"; - interface = "eth0"; - }; + imports = [ profiles.nopersist profiles.container ]; users.users.tracktrain = { group = "tracktrain"; @@ -87,7 +76,7 @@ in mkdir -p /persist/tracktrain cd /persist/tracktrain ln -sf ${pkgs.writeText "tracktrain-config.yaml" tracktrain-config} config.yaml - wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" + wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" || sleep 4; wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" ${pkgs.tracktrain}/bin/tracktrain +RTS -T ''; }; @@ -157,16 +146,7 @@ in systemd.services.grafana.serviceConfig.EnvironmentFile = "/persist/secrets.env"; - - services.coredns = { - enable = true; - config = '' - .:53 { - forward . 1.1.1.1 - } - ''; - }; - })).config.system.build.toplevel; + }); }; } diff --git a/services/uffd.nix b/services/uffd.nix index 9a22947..79b44f6 100644 --- a/services/uffd.nix +++ b/services/uffd.nix @@ -14,28 +14,10 @@ in { isReadOnly = false; }; }; - path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; - system.stateVersion = "21.05"; - - imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ]; + path = evalConfig ({ config, lib, pkgs, profiles, ... }: { + imports = [ profiles.nopersist profiles.container ]; nixpkgs.config.allowUnfree = true; - networking.firewall.enable = false; - networking.defaultGateway = { - address = "192.168.100.1"; - interface = "eth0"; - }; - services.coredns = { - enable = true; - config = '' - .:53 { - forward . 1.1.1.1 - } - ''; - }; services.uwsgi = { enable = true; @@ -52,7 +34,7 @@ in { hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.10/site-packages/uffd flask db upgrade"; }; }; - })).config.system.build.toplevel; + }); }; services.nginx.virtualHosts."login.infra4future.de" = { enableACME = true;