migrating hades hosts to this repo

.vscode/snippets.code-snippets

@@ -0,0 +1,31 @@
+{
+	// Place your infrastructure workspace snippets here. Each snippet is defined under a snippet name and has a scope, prefix, body and 
+	// description. Add comma separated ids of the languages where the snippet is applicable in the scope field. If scope 
+	// is left empty or omitted, the snippet gets applied to all languages. The prefix is what is 
+	// used to trigger the snippet and the body will be expanded and inserted. Possible variables are: 
+	// $1, $2 for tab stops, $0 for the final cursor position, and ${1:label}, ${2:another} for placeholders. 
+	// Placeholders with the same ids are connected.
+	// Example:
+	// "Print to console": {
+	// 	"scope": "javascript,typescript",
+	// 	"prefix": "log",
+	// 	"body": [
+	// 		"console.log('$1');",
+	// 		"$2"
+	// 	],
+	// 	"description": "Log output to console"
+	// }
+	"Create Host": {
+		"scope": "nix",
+		"prefix": "new_host",
+		"body": [
+			"{",
+			"  hostname = \"$1\";",
+			"  ip = \"$2\";",
+			"  mac = \"$3\";",
+			"  nix = ${4|false,true|};",
+			"}",
+			"$0"
+		]
+	}
+}

nixos/hosts/hades/default.nix

@@ -1,8 +1,62 @@
 [
   {
-    hostname = "archlinux";
-    ip = "192.168.0.200";
-    mac = "00:0c:29:e4:0d:17";
+    hostname = "opnsense";
+    ip = "192.168.0.1";
+    mac = "00:0d:b9:56:b1:d8";
+    nix = false;
+  }
+  {
+    hostname = "nyx-bmc";
+    ip = "192.168.0.99";
+    mac = "d0:50:99:f3:fa:42";
+    nix = false;
+  }
+  {
+    hostname = "nyx";
+    ip = "192.168.0.100";
+    mac = "d0:50:99:de:99:4c";
+    nix = false;
+  }
+  {
+    hostname = "unifi";
+    ip = "192.168.0.101";
+    mac = "5a:00:b7:6c:d1:e2";
+    nix = false;
+  }
+  {
+    hostname = "plex";
+    ip = "192.168.0.102";
+    mac = "00:0c:29:a1:4e:28";
+    nix = false;
+  }
+  {
+    hostname = "MariaDB";
+    ip = "192.168.0.109";
+    mac = "00:0c:29:23:4f:12";
+    nix = false;
+  }
+  {
+    hostname = "bitwarden_rs";
+    ip = "192.168.0.110";
+    mac = "00:0c:29:f5:98:00";
+    nix = false;
+  }
+  {
+    hostname = "rtorrent";
+    ip = "192.168.0.111";
+    mac = "7a:5f:9b:62:49:91";
+    nix = false;
+  }
+  {
+    hostname = "minio";
+    ip = "192.168.0.112";
+    mac = "ae:c6:94:bb:c5:d9";
+    nix = false;
+  }
+  {
+    hostname = "cshub2";
+    ip = "192.168.0.113";
+    mac = "26:8c:f6:f4:21:76";
     nix = false;
   }
   {
@@ -10,4 +64,142 @@
     ip = "192.168.0.114";
     mac = "66:14:8e:b2:50:c4";
   }
+  {
+    hostname = "storage";
+    ip = "192.168.0.115";
+    mac = "00:50:56:91:0d:69";
+    nix = false;
+  }
+  {
+    hostname = "unpackerr";
+    ip = "192.168.0.116";
+    mac = "06:8a:8e:3e:43:45";
+    nix = false;
+  }
+  {
+    hostname = "thelounge";
+    ip = "192.168.0.117";
+    mac = "00:0c:29:2a:69:8f";
+    nix = false;
+  }
+  {
+    hostname = "mail";
+    ip = "192.168.0.118";
+    mac = "00:50:56:91:3b:03";
+    nix = false;
+  }
+  {
+    hostname = "radarr2";
+    ip = "192.168.0.120";
+    mac = "5e:d3:75:93:56:ee";
+    profile = "radarr";
+  }
+  {
+    hostname = "jackett2";
+    ip = "192.168.0.121";
+    mac = "4e:e7:64:b7:88:b8";
+    profile = "jackett";
+  }
+  {
+    hostname = "nginx";
+    ip = "192.168.0.123";
+    mac = "00:0c:29:9b:10:82";
+    nix = false;
+  }
+  {
+    hostname = "pve-storage";
+    ip = "192.168.0.124";
+    mac = "d4:3d:7e:35:0a:bf";
+    nix = false;
+  }
+  {
+    hostname = "database";
+    ip = "192.168.0.126";
+    mac = "82:e8:71:7f:37:b4";
+    nix = false;
+  }
+  {
+    hostname = "dn42";
+    ip = "192.168.0.127";
+    mac = "12:fa:24:02:65:e6";
+    nix = false;
+  }
+  {
+    hostname = "docker-registry-proxy";
+    ip = "192.168.0.128";
+    mac = "0e:11:65:62:66:9f";
+    nix = false;
+  }
+  {
+    hostname = "hassio";
+    ip = "192.168.0.129";
+    mac = "e6:80:32:fb:00:75";
+    nix = false;
+  }
+  {
+    hostname = "docker-registry";
+    ip = "192.168.0.130";
+    mac = "5e:0e:a6:cf:64:70";
+    nix = false;
+  }
+  {
+    hostname = "minecraft";
+    ip = "192.168.0.131";
+    mac = "00:0c:29:9b:e1:c4";
+    nix = false;
+  }
+  {
+    hostname = "sonarr2";
+    ip = "192.168.0.132";
+    mac = "ea:ac:be:53:18:27";
+    profile = "sonarr";
+  }
+  {
+    hostname = "postgres";
+    ip = "192.168.0.133";
+    mac = "6e:92:a9:5e:4c:e2";
+    nix = false;
+  }
+  {
+    hostname = "vault";
+    ip = "192.168.0.134";
+    mac = "56:20:62:16:8a:11";
+    nix = false;
+  }
+  {
+    hostname = "vmetrics";
+    ip = "192.168.0.135";
+    mac = "96:10:41:fd:2a:0a";
+    nix = false;
+  }
+  {
+    hostname = "mastodon";
+    ip = "192.168.0.138";
+    mac = "52:60:8a:06:86:9c";
+    nix = false;
+  }
+  {
+    hostname = "lidarr";
+    ip = "192.168.0.139";
+    mac = "7a:0f:25:e5:7f:e5";
+    nix = false;
+  }
+  {
+    hostname = "prowlarr";
+    ip = "192.168.0.140";
+    mac = "3a:67:8e:98:0c:a2";
+    nix = false;
+  }
+  {
+    hostname = "archlinux";
+    ip = "192.168.0.200";
+    mac = "00:0c:29:e4:0d:17";
+    nix = false;
+  }
+  {
+    hostname = "HP781AFC";
+    ip = "192.168.0.201";
+    mac = "f4:ce:46:78:1a:fc";
+    nix = false;
+  }
 ]

nixos/hosts/hades/jackett/configuration.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+{
+  system.stateVersion = "21.05";
+  networking.interfaces.eth0.useDHCP = true;
+
+  services.jackett = {
+    enable = true;
+    dataDir = "/var/lib/jackett/";
+    openFirewall = true;
+  };
+}

nixos/hosts/hades/radarr/configuration.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+{
+  system.stateVersion = "21.05";
+  networking.interfaces.eth0.useDHCP = true;
+
+  fileSystems."/mnt/storage" = {
+    device = "storage:/mnt/storage";
+    fsType = "nfs";
+  };
+
+  services.radarr = {
+    enable = true;
+    dataDir = "/data/radarr";
+    openFirewall = true;
+  };
+}

nixos/hosts/hades/sonarr/configuration.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+{
+  system.stateVersion = "21.05";
+  networking.interfaces.eth0.useDHCP = true;
+
+  fileSystems."/mnt/storage" = {
+    device = "storage:/mnt/storage";
+    fsType = "nfs";
+  };
+
+  services.sonarr = {
+    enable = true;
+    dataDir = "/data/sonarr";
+    openFirewall = true;
+  };
+}

nixos/hosts/olympus/dhcp/configuration.nix

@@ -1,12 +1,13 @@
 { config, pkgs, hosts, ... }:
 let
+  inherit (builtins) filter hasAttr;
   hostToDhcp = { hostname, mac, ip, ... }: {
     ethernetAddress = mac;
     hostName = hostname;
     ipAddress = ip;
   };
   localDomain = config.networking.domain;
-  hosts' = builtins.filter (builtins.hasAttr "ip") hosts.${localDomain};
+  hosts' = filter (h: hasAttr "ip" h && hasAttr "mac" h) hosts.${localDomain};
 in {
   imports = [ ];
 

nixos/hosts/olympus/dns/configuration.nix

@@ -28,7 +28,7 @@ in {
 
   services.unbound = {
     enable = true;
-    package = pkgs.v.unbound;
+    package = pkgs.unbound;
     settings = {
       server = {
         use-syslog = "yes";

nixos/pkgs/default.nix

@@ -8,18 +8,20 @@ final: prev: {
 
   discord = prev.discord.override { withOpenASAR = true; };
 
-  vmagent = prev.callPackage ./vmagent { };
-
   catppuccin.cursors = prev.callPackage ./catppuccin/cursors { };
 
-  v = {
-    unbound = prev.unbound.override {
-      withSystemd = true;
-      withDoH = true;
-      withDNSCrypt = true;
-      withTFO = true;
-    };
+  unbound = prev.unbound.override {
+    withSystemd = true;
+    withDoH = true;
+    withDNSCrypt = true;
+    withTFO = true;
+  };
 
+  v = {
+    glitch-soc = prev.callPackage ./glitch-soc { };
+
+
+    vmagent = prev.callPackage ./vmagent { };
     gitea-agatheme = prev.callPackage ./gitea-agatheme { };
   };
 }

nixos/pkgs/glitch-soc/default.nix

@@ -0,0 +1,123 @@
+{ lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, bundlerEnv, nixosTests
+, yarn, callPackage, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript
+, fetchYarnDeps, fixup_yarn_lock
+
+  # Allow building a fork or custom version of Mastodon:
+, pname ? "mastodon"
+, version ? import ./version.nix
+, srcOverride ? null
+, dependenciesDir ? ./.  # Should contain gemset.nix, yarn.nix and package.json.
+}:
+
+stdenv.mkDerivation rec {
+  inherit pname version;
+
+  # Using overrideAttrs on src does not build the gems and modules with the overridden src.
+  # Putting the callPackage up in the arguments list also does not work.
+  src = if srcOverride != null then srcOverride else callPackage ./source.nix {};
+
+  yarnOfflineCache = fetchYarnDeps {
+    yarnLock = "${src}/yarn.lock";
+    sha256 = "sha256-b0XNhcCcTtYEdy1ZzRGwOrLpgpsMlt9qLf5CBa+1BL8=";
+  };
+
+  mastodon-gems = bundlerEnv {
+    name = "${pname}-gems-${version}";
+    inherit version;
+    ruby = ruby_3_0;
+    gemdir = src;
+    gemset = dependenciesDir + "/gemset.nix";
+    # This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem
+    # symlinks with directories, resolving this error when running rake:
+    #   /nix/store/451rhxkggw53h7253izpbq55nrhs7iv0-mastodon-gems-3.0.1/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `<module:Bundler>': uninitialized constant Bundler::Settings (NameError)
+    postBuild = ''
+      for gem in "$out"/lib/ruby/gems/*/gems/*; do
+        cp -a "$gem/" "$gem.new"
+        rm "$gem"
+        # needed on macOS, otherwise the mv yields permission denied
+        chmod +w "$gem.new"
+        mv "$gem.new" "$gem"
+      done
+    '';
+  };
+
+  mastodon-modules = stdenv.mkDerivation {
+    pname = "${pname}-modules";
+    inherit src version;
+
+    nativeBuildInputs = [ fixup_yarn_lock nodejs-slim yarn mastodon-gems mastodon-gems.wrappedRuby ];
+
+    RAILS_ENV = "production";
+    NODE_ENV = "production";
+
+    buildPhase = ''
+      export HOME=$PWD
+      fixup_yarn_lock ~/yarn.lock
+      yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
+      yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress
+
+      patchShebangs ~/bin
+      patchShebangs ~/node_modules
+
+      # skip running yarn install
+      rm -rf ~/bin/yarn
+
+      OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
+        rails assets:precompile
+      yarn cache clean --offline
+      rm -rf ~/node_modules/.cache
+    '';
+
+    installPhase = ''
+      mkdir -p $out/public
+      cp -r node_modules $out/node_modules
+      cp -r public/assets $out/public
+      cp -r public/packs $out/public
+    '';
+  };
+
+  propagatedBuildInputs = [ imagemagick ffmpeg file mastodon-gems.wrappedRuby ];
+  buildInputs = [ mastodon-gems nodejs-slim ];
+
+  buildPhase = ''
+    ln -s ${mastodon-modules}/node_modules node_modules
+    ln -s ${mastodon-modules}/public/assets public/assets
+    ln -s ${mastodon-modules}/public/packs public/packs
+
+    patchShebangs bin/
+    for b in $(ls ${mastodon-gems}/bin/)
+    do
+      if [ ! -f bin/$b ]; then
+        ln -s ${mastodon-gems}/bin/$b bin/$b
+      fi
+    done
+
+    rm -rf log
+    ln -s /var/log/mastodon log
+    ln -s /tmp tmp
+  '';
+
+  installPhase = let
+    run-streaming = writeShellScript "run-streaming.sh" ''
+      # NixOS helper script to consistently use the same NodeJS version the package was built with.
+      ${nodejs-slim}/bin/node ./streaming
+    '';
+  in ''
+    mkdir -p $out
+    cp -r * $out/
+    ln -s ${run-streaming} $out/run-streaming.sh
+  '';
+
+  passthru = {
+    tests.mastodon = nixosTests.mastodon;
+    updateScript = callPackage ./update.nix {};
+  };
+
+  meta = with lib; {
+    description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
+    homepage = "https://joinmastodon.org";
+    license = licenses.agpl3Plus;
+    platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
+    maintainers = with maintainers; [ petabyteboy happy-river erictapen izorkin ];
+  };
+}

nixos/pkgs/glitch-soc/source.nix

@@ -0,0 +1,11 @@
+# This file was generated by pkgs.mastodon.updateScript.
+{ fetchgit, applyPatches }: let
+  src = fetchgit {
+    url = "https://github.com/NULLx76/glitch-soc.git";
+    rev = "475fbad464ec97dcb639d37cb53168cc59327b86";
+    sha256 = "0f226mr7y3qn1pw2na1qvs4g067474626fxm3wh96yw15gqjw2gj";
+  };
+in applyPatches {
+  inherit src;
+  patches = [];
+}

nixos/pkgs/glitch-soc/update.nix

@@ -0,0 +1,30 @@
+{ pkgs
+, runCommand
+, lib
+, makeWrapper
+, yarn2nix
+, bundix
+, coreutils
+, diffutils
+, nix-prefetch-git
+, gnused
+, jq
+}:
+let
+  binPath = lib.makeBinPath [ yarn2nix bundix coreutils diffutils nix-prefetch-git gnused jq ];
+in
+runCommand "mastodon-update-script"
+{
+  nativeBuildInputs = [ makeWrapper ];
+
+  meta = {
+    maintainers = with lib.maintainers; [ happy-river ];
+    description = "Utility to generate Nix expressions for Mastodon's dependencies";
+    platforms = lib.platforms.unix;
+  };
+} ''
+  mkdir -p $out/bin
+  cp ${./update.sh} $out/bin/update.sh
+  patchShebangs $out/bin/update.sh
+  wrapProgram $out/bin/update.sh --prefix PATH : ${binPath}
+''

nixos/pkgs/glitch-soc/update.sh

@@ -0,0 +1,98 @@
+#!/usr/bin/env bash
+set -e
+
+URL=https://github.com/mastodon/mastodon.git
+
+POSITIONAL=()
+while [[ $# -gt 0 ]]; do
+    key="$1"
+
+    case $key in
+        --url)
+            URL="$2"
+            shift # past argument
+            shift # past value
+            ;;
+        --ver)
+            VERSION="$2"
+            shift # past argument
+            shift # past value
+            ;;
+        --rev)
+            REVISION="$2"
+            shift # past argument
+            shift # past value
+            ;;
+        --patches)
+            PATCHES="$2"
+            shift # past argument
+            shift # past value
+            ;;
+        *)  # unknown option
+            POSITIONAL+=("$1")
+            shift # past argument
+            ;;
+    esac
+done
+
+if [[ -z "$VERSION" || -n "$POSITIONAL" ]]; then
+    echo "Usage: update.sh [--url URL] --ver VERSION [--rev REVISION] [--patches PATCHES]"
+    echo "URL may be any path acceptable to 'git clone' and VERSION the"
+    echo "semantic version number.  If VERSION is not a revision acceptable to"
+    echo "'git checkout', you must provide one in REVISION.  If URL is not"
+    echo "provided, it defaults to https://github.com/mastodon/mastodon.git."
+    echo "PATCHES, if provided, should be one or more Nix expressions"
+    echo "separated by spaces."
+    exit 1
+fi
+
+if [[ -z "$REVISION" ]]; then
+    REVISION="$VERSION"
+fi
+
+rm -f gemset.nix version.nix source.nix
+TARGET_DIR="$PWD"
+
+
+WORK_DIR=$(mktemp -d)
+
+# Check that working directory was created.
+if [[ ! "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
+    echo "Could not create temporary directory"
+    exit 1
+fi
+
+# Delete the working directory on exit.
+function cleanup {
+    # Report errors, if any, from nix-prefetch-git
+    grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true
+    rm -rf "$WORK_DIR"
+}
+trap cleanup EXIT
+
+echo "Fetching source code $REVISION from $URL"
+JSON=$(nix-prefetch-git --url "$URL" --rev "$REVISION"  2> $WORK_DIR/nix-prefetch-git.out)
+SHA=$(echo $JSON | jq -r .sha256)
+FETCHED_SOURCE_DIR=$(grep '^path is' $WORK_DIR/nix-prefetch-git.out | sed 's/^path is //')
+
+echo "Creating version.nix"
+echo \"$VERSION\" | sed 's/^"v/"/' > version.nix
+
+cat > source.nix << EOF
+# This file was generated by pkgs.mastodon.updateScript.
+{ fetchgit, applyPatches }: let
+  src = fetchgit {
+    url = "$URL";
+    rev = "$REVISION";
+    sha256 = "$SHA";
+  };
+in applyPatches {
+  inherit src;
+  patches = [$PATCHES];
+}
+EOF
+SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
+
+echo "Creating gemset.nix"
+bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
+echo "" >> $TARGET_DIR/gemset.nix  # Create trailing newline to please EditorConfig checks

nixos/pkgs/glitch-soc/version.nix

@@ -0,0 +1 @@
+"3.5.3"

nixos/pkgs/vmagent/default.nix

@@ -1,20 +1,19 @@
 { lib, fetchFromGitHub, buildGoModule }:
 buildGoModule rec {
   pname = "vmagent";
-  version = "1.80.0";
+  version = "1.59.0";
 
   src = fetchFromGitHub {
     owner = "VictoriaMetrics";
     repo = "VictoriaMetrics";
     rev = "v${version}";
-    sha256 = "sha256-SIwl8Mgbkk/z3xZ6wCmce7D2T2A2+dcuQ607BOsfrkQ=";
-    # sha256 = lib.fakeSha256;
+    sha256 = "1mfdhv20m2xqsg37pdv4vbxdg8iri79grc4g4p9ph0js9yd6nbys";
   };
 
   vendorSha256 = null;
 
   subPackages = [ "app/vmagent" ];
-
+  
   meta = with lib; {
     description = "VictoriaMetrics metrics scraper";
     homepage = "https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent";