diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..b2be92b7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index e69de29b..00000000 diff --git a/flake.lock b/flake.lock index 909fe269..d2d24344 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1654325492, - "narHash": "sha256-+eegOXTfWyVygrqWCid1pg5IdCjmh0G8o5uA93IQFdA=", + "lastModified": 1654885765, + "narHash": "sha256-BU8uDapI/ZS1B/K0M1n/AvQ3ZIwBk0NMytM49WqZo8w=", "owner": "zhaofengli", "repo": "colmena", - "rev": "b5629dca833fc0bd545898c2dd2d9d5ae1fd5066", + "rev": "1b3c272b5873f809c18434924d99967c73d4e2cf", "type": "github" }, "original": { @@ -206,11 +206,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1654583212, - "narHash": "sha256-TNM2Y4lnCnGsmRfYRVoYzaApSL3GE9NDad0ApJ4CCOg=", + "lastModified": 1654910231, + "narHash": "sha256-BGKT7IL+IrZLBQFJ0PxC8lFUV4Y3IONmi/SbaabsWlY=", "owner": "jyooru", "repo": "nix-minecraft-servers", - "rev": "3423f5faf24744490963f1024da214c37f199a9f", + "rev": "14465ed2e2804484d1d456afee0d8fded6eb05bd", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1654230545, - "narHash": "sha256-8Vlwf0x8ow6pPOK2a04bT+pxIeRnM1+O0Xv9/CuDzRs=", + "lastModified": 1654682581, + "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "236cc2971ac72acd90f0ae3a797f9f83098b17ec", + "rev": "e0169d7a9d324afebf5679551407756c77af8930", "type": "github" }, "original": { @@ -325,11 +325,11 @@ ] }, "locked": { - "lastModified": 1654503399, - "narHash": "sha256-io7/mE1uPMznvFILtRSUafuaofyOqaQZKjSQLR6qTZk=", + "lastModified": 1654872670, + "narHash": "sha256-96CAJ3AujffxOECfEMFvonrznS/xPvP+R6oKYkD3UVw=", "owner": "serokell", "repo": "serokell.nix", - "rev": "eb14d979cc8257663dd94d6098a86c8c1ce99e72", + "rev": "faf02c7b2ac9900ae44c2068a10237c5db73f692", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b6792efa..604c60b8 100644 --- a/flake.nix +++ b/flake.nix @@ -7,17 +7,17 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - + deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; colmena.url = "github:zhaofengli/colmena"; colmena.inputs.nixpkgs.follows = "nixpkgs"; - + serokell-nix.url = "github:serokell/serokell.nix"; serokell-nix.inputs.nixpkgs.follows = "nixpkgs"; serokell-nix.inputs.deploy-rs.follows = "deploy-rs"; - + vault-secrets.url = "github:serokell/vault-secrets"; vault-secrets.inputs.nixpkgs.follows = "nixpkgs"; @@ -80,8 +80,6 @@ pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ]; - deployChecks = mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib; - checks = { }; in { # Make the config and deploy sets @@ -112,7 +110,7 @@ devShells.${system}.default = pkgs.mkShell { VAULT_ADDR = "http://vault.olympus:8200/"; # This only support bash so just execute zsh in bash as a workaround :/ - shellHook = "zsh"; + shellHook = "zsh; exit $?"; buildInputs = with pkgs; [ deploy-rs.packages.${system}.deploy-rs fluxcd @@ -129,6 +127,11 @@ ]; }; - checks = lib.recursiveUpdate deployChecks checks; + # Filter out non-system checks: https://github.com/NixOS/nixpkgs/issues/175875#issuecomment-1152996862 + checks = lib.filterAttrs + (a: _: a == system) + (builtins.mapAttrs + (system: deployLib: deployLib.deployChecks self.deploy) + deploy-rs.lib); }; } diff --git a/hosts.nix b/hosts.nix index 6747fc68..a4d23b3f 100644 --- a/hosts.nix +++ b/hosts.nix @@ -82,12 +82,9 @@ ip = "10.42.42.17"; mac = "0A:06:5E:E7:9A:0C"; } - { - hostname = "plausible"; - ip = "10.42.42.18"; - mac = "82:34:70:FA:44:6F"; - nix = false; - } + # { + # ip = "10.42.42.18"; + # } { hostname = "victoriametrics"; ip = "10.42.42.19"; diff --git a/nixos/hosts/template/configuration.nix b/nixos/hosts/_template/configuration.nix similarity index 93% rename from nixos/hosts/template/configuration.nix rename to nixos/hosts/_template/configuration.nix index 0feed4a6..b33d3f0b 100644 --- a/nixos/hosts/template/configuration.nix +++ b/nixos/hosts/_template/configuration.nix @@ -15,7 +15,7 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.11"; # Did you read the comment? + system.stateVersion = "22.11"; # Did you read the comment? # Additional packages environment.systemPackages = with pkgs; [ ]; diff --git a/nixos/hosts/bastion/configuration.nix b/nixos/hosts/bastion/configuration.nix index 0042a4cd..ce4b96c5 100644 --- a/nixos/hosts/bastion/configuration.nix +++ b/nixos/hosts/bastion/configuration.nix @@ -34,6 +34,10 @@ in { # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.05"; # Did you read the comment? + virtualisation.podman = { + enable = true; + }; + # Additional packages environment.systemPackages = with pkgs; [ binutils diff --git a/nixos/hosts/gitea/configuration.nix b/nixos/hosts/gitea/configuration.nix index 6f9f14ca..f59a01a8 100644 --- a/nixos/hosts/gitea/configuration.nix +++ b/nixos/hosts/gitea/configuration.nix @@ -23,6 +23,8 @@ networking.firewall.allowedTCPPorts = [ config.services.gitea.httpPort ]; + services.openssh.startWhenNeeded = false; + services.gitea = { enable = true; domain = "git.0x76.dev"; @@ -34,7 +36,6 @@ disableRegistration = true; cookieSecure = true; - settings = { ui = { DEFAULT_THEME = "arc-green"; diff --git a/nixos/hosts/k3s/configuration.nix b/nixos/hosts/k3s/configuration.nix index 4dceed6c..8cba9ebd 100644 --- a/nixos/hosts/k3s/configuration.nix +++ b/nixos/hosts/k3s/configuration.nix @@ -5,9 +5,14 @@ ]; # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; + boot.loader.grub = { + enable = true; + version = 2; + device = "/dev/sda"; + }; + + boot.kernel.sysctl."fs.inotify.max_user_instances" = 2147483647; # INT_MAX, dynamically limited based on available memory + boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576; networking.hostName = "k3s-node1"; diff --git a/nixos/hosts/plausible/configuration.nix b/nixos/hosts/plausible/configuration.nix deleted file mode 100644 index 15449c18..00000000 --- a/nixos/hosts/plausible/configuration.nix +++ /dev/null @@ -1,46 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: -let - vs = config.vault-secrets.secrets; - cfg = config.services.plausible; -in -{ - imports = [ ]; - - networking.hostName = "plausible"; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.11"; # Did you read the comment? - - # Additional packages - environment.systemPackages = with pkgs; [ ]; - - networking.firewall.allowedTCPPorts = [ cfg.server.port ]; - networking.firewall.allowedUDPPorts = [ ]; - - vault-secrets.secrets.plausible = { }; - - services.plausible = { - enable = true; - releaseCookiePath = "${pkgs.runCommand "cookie" { } '' - ${pkgs.openssl}/bin/openssl rand -base64 64 >"$out" - ''}"; - server = { - baseUrl = "https://analytics.0x76.dev"; - secretKeybaseFile = "${vs.plausible}/secretkeybase"; - }; - adminUser = { - activate = true; - email = "plausible@xirion.net"; - passwordFile = "${vs.plausible}/password"; - }; - }; -}