peter/haccfiles
1
0
Fork 0
forked from hacc/haccfiles
Code Issues Pull requests Projects Releases Wiki Activity

nicer container configs

Browse source 
today i woke up to the realisation that there's an extremely obvious way
to make these nicer, & then i did exactly that. For some reason I did
not think of this when originally removing the dependency to nix-hexchen's
evalConfig.

unfortunately, this is not /quite/ a no-op. The only actual change is
different whitespace in some of the semantically-equivalent
coredns-configs that got unified.
This commit is contained in:
stuebinm 2023-02-18 14:45:14 +01:00
parent aa62e616a3
commit 72c16d9e1c
10 changed files with 63 additions and 183 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
flake.nix
View file

@ -35,14 +35,14 @@
outputs = { self, nixpkgs, nix-hexchen, deploy-rs, ... }@inputs: outputs = { self, nixpkgs, nix-hexchen, deploy-rs, ... }@inputs:
let modules = nix-hexchen.nixosModules; let modules = nix-hexchen.nixosModules;
profiles = nix-hexchen.nixosModules.profiles; profiles = nix-hexchen.nixosModules.profiles // {
container = import ./modules/container-profile.nix;
};
pkgs = import ./pkgs { pkgs = import ./pkgs {
sources = inputs; sources = inputs;
system = "x86_64-linux"; system = "x86_64-linux";
}; };
# simulate the evalConfig as contained in nix-hexchen/lib/hosts.nix, evalConfig = config: (nixpkgs.lib.nixosSystem {
# but compatible with flakes
evalConfig = extraSpecial: config: nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
config config
@ -52,8 +52,8 @@
specialArgs = { specialArgs = {
inherit modules profiles evalConfig; inherit modules profiles evalConfig;
sources = inputs; sources = inputs;
} // extraSpecial;
}; };
}).config.system.build.toplevel;
in { in {
# do this by hand instead of via nix-hexchen/lib/hosts.nix, since that one # do this by hand instead of via nix-hexchen/lib/hosts.nix, since that one
# apparently can't support pkgs depending on flake inputs # apparently can't support pkgs depending on flake inputs

25
modules/container-profile.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib, ...}:
{
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
networking.firewall.enable = false;
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
# I /suspect/ this is not actually needed.
# TODO: find spoons to deal with potential breakage, test removing this
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
system.stateVersion = lib.mkDefault "21.05";
}

26
services/gitea.nix
View file

@ -12,35 +12,17 @@
isReadOnly = false; isReadOnly = false;
}; };
}; };
path = (evalConfig { path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
hosts = { };
groups = { };
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.11"; system.stateVersion = "21.11";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ]; imports = [ profiles.nopersist profiles.container ];
environment.systemPackages = [ pkgs.gitea ]; environment.systemPackages = [ pkgs.gitea ];
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea"; hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.gitea = { services.gitea = {
enable = true; enable = true;
appName = "0x0: git for all creatures"; appName = "0x0: git for all creatures";
@ -106,7 +88,7 @@
AcceptEnv GIT_PROTOCOL AcceptEnv GIT_PROTOCOL
''; '';
}; };
})).config.system.build.toplevel; });
}; };
services.nginx.virtualHosts."git.infra4future.de" = { services.nginx.virtualHosts."git.infra4future.de" = {

26
services/hedgedoc-hacc.nix
View file

@ -12,28 +12,10 @@
isReadOnly = false; isReadOnly = false;
}; };
}; };
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
boot.isContainer = true; imports = [ profiles.nopersist profiles.container ];
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;
settings = { settings = {
@ -93,7 +75,7 @@
startAt = "*-*-* 23:45:00"; startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres"; location = "/persist/backups/postgres";
}; };
})).config.system.build.toplevel; });
}; };
services.nginx.virtualHosts."pad.hacc.earth" = { services.nginx.virtualHosts."pad.hacc.earth" = {
enableACME = true; enableACME = true;

27
services/hedgedoc-i4f.nix
View file

@ -12,29 +12,10 @@
isReadOnly = false; isReadOnly = false;
}; };
}; };
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
boot.isContainer = true; imports = [ profiles.nopersist profiles.container ];
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;
settings = { settings = {
@ -79,7 +60,7 @@
startAt = "*-*-* 23:45:00"; startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres"; location = "/persist/backups/postgres";
}; };
})).config.system.build.toplevel; });
}; };
services.nginx.virtualHosts."pad.infra4future.de" = { services.nginx.virtualHosts."pad.infra4future.de" = {

25
services/mattermost.nix
View file

@ -16,22 +16,11 @@ in {
}; };
}; };
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
boot.isContainer = true; imports = [ profiles.nopersist profiles.container ];
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
nixpkgs.overlays = [ (self: super: { inherit mattermost; }) ]; nixpkgs.overlays = [ (self: super: { inherit mattermost; }) ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
systemd.services.mattermost.serviceConfig.EnvironmentFile = systemd.services.mattermost.serviceConfig.EnvironmentFile =
"/persist/mattermost/secrets.env"; "/persist/mattermost/secrets.env";
@ -226,15 +215,7 @@ in {
networking.firewall.allowedTCPPorts = [ 3000 ]; networking.firewall.allowedTCPPorts = [ 3000 ];
services.coredns = { });
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
}; };
services.nginx.virtualHosts."mattermost.infra4future.de" = { services.nginx.virtualHosts."mattermost.infra4future.de" = {

27
services/nextcloud.nix
View file

@ -12,14 +12,10 @@
isReadOnly = false; isReadOnly = false;
}; };
}; };
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { path = evalConfig ({ config, lib, pkgs, profiles, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
imports = [ imports = [
sources.nix-hexchen.nixosModules.profiles.nopersist profiles.nopersist
profiles.container
(import "${sources.nixpkgs-unstable}/nixos/modules/services/web-apps/nextcloud.nix") (import "${sources.nixpkgs-unstable}/nixos/modules/services/web-apps/nextcloud.nix")
]; ];
@ -27,13 +23,7 @@
"services/web-apps/nextcloud.nix" "services/web-apps/nextcloud.nix"
]; ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
environment.systemPackages = [ pkgs.htop ]; environment.systemPackages = [ pkgs.htop ];
@ -98,16 +88,7 @@
requires = ["postgresql.service"]; requires = ["postgresql.service"];
after = ["postgresql.service"]; after = ["postgresql.service"];
}; };
});
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
}; };
services.nginx.virtualHosts."cloud.infra4future.de" = { services.nginx.virtualHosts."cloud.infra4future.de" = {

26
services/thelounge.nix
View file

@ -12,18 +12,13 @@ in
hostAddress = "192.168.100.1"; hostAddress = "192.168.100.1";
localAddress = "192.168.100.4"; localAddress = "192.168.100.4";
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { path = evalConfig ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true; # for some inexplicable reason this does not import nopersist.
networking.useDHCP = false; # i'm too lazy rn to deal with possible breakages if I add it.
users.users.root.hashedPassword = ""; # if you have spoons & nothing else to do, consider this a suggestion!
system.stateVersion = "21.05"; imports = [ profiles.container ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.thelounge = { services.thelounge = {
enable = true; enable = true;
@ -66,16 +61,7 @@ in
# override the package we use # override the package we use
systemd.services.thelounge.serviceConfig.ExecStart = systemd.services.thelounge.serviceConfig.ExecStart =
pkgs.lib.mkForce "${thelounge}/bin/thelounge start"; pkgs.lib.mkForce "${thelounge}/bin/thelounge start";
});
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
}; };
services.nginx.virtualHosts."webchat.voc.hacc.space" = { services.nginx.virtualHosts."webchat.voc.hacc.space" = {

28
services/tracktrain.nix
View file

@ -47,21 +47,10 @@ in
}; };
}; };
path = (evalConfig { path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
hosts = { };
groups = { };
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.11"; system.stateVersion = "21.11";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ]; imports = [ profiles.nopersist profiles.container ];
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
users.users.tracktrain = { users.users.tracktrain = {
group = "tracktrain"; group = "tracktrain";
@ -87,7 +76,7 @@ in
mkdir -p /persist/tracktrain mkdir -p /persist/tracktrain
cd /persist/tracktrain cd /persist/tracktrain
ln -sf ${pkgs.writeText "tracktrain-config.yaml" tracktrain-config} config.yaml ln -sf ${pkgs.writeText "tracktrain-config.yaml" tracktrain-config} config.yaml
wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" || sleep 4; wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip"
${pkgs.tracktrain}/bin/tracktrain +RTS -T ${pkgs.tracktrain}/bin/tracktrain +RTS -T
''; '';
}; };
@ -157,16 +146,7 @@ in
systemd.services.grafana.serviceConfig.EnvironmentFile = systemd.services.grafana.serviceConfig.EnvironmentFile =
"/persist/secrets.env"; "/persist/secrets.env";
});
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
}; };
} }

24
services/uffd.nix
View file

@ -14,28 +14,10 @@ in {
isReadOnly = false; isReadOnly = false;
}; };
}; };
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
boot.isContainer = true; imports = [ profiles.nopersist profiles.container ];
networking.useDHCP = false;
users.users.root.hashedPassword = "";
system.stateVersion = "21.05";
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.uwsgi = { services.uwsgi = {
enable = true; enable = true;
@ -52,7 +34,7 @@ in {
hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.10/site-packages/uffd flask db upgrade"; hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.10/site-packages/uffd flask db upgrade";
}; };
}; };
})).config.system.build.toplevel; });
}; };
services.nginx.virtualHosts."login.infra4future.de" = { services.nginx.virtualHosts."login.infra4future.de" = {
enableACME = true; enableACME = true;