From 6b1e3fefd83859c810855b17579f06d4ffcffc31 Mon Sep 17 00:00:00 2001 From: Vivian Roest Date: Fri, 2 Jun 2023 17:16:36 +0200 Subject: [PATCH] deploy attic --- flake.lock | 491 +++++++++++------- flake.nix | 4 +- nixos/hosts/hades/attic/configuration.nix | 80 +++ nixos/hosts/hades/default.nix | 10 +- .../docker-registry-proxy/configuration.nix | 42 -- .../hades/docker-registry/configuration.nix | 49 -- nixos/hosts/hades/jackett/configuration.nix | 10 - nixos/hosts/hades/nginx/configuration.nix | 1 + nixos/util.nix | 3 +- 9 files changed, 408 insertions(+), 282 deletions(-) create mode 100644 nixos/hosts/hades/attic/configuration.nix delete mode 100644 nixos/hosts/hades/docker-registry-proxy/configuration.nix delete mode 100644 nixos/hosts/hades/docker-registry/configuration.nix delete mode 100644 nixos/hosts/hades/jackett/configuration.nix diff --git a/flake.lock b/flake.lock index bc027cb6..82a4c50a 100644 --- a/flake.lock +++ b/flake.lock @@ -41,6 +41,28 @@ "type": "github" } }, + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1685309025, + "narHash": "sha256-pZxMM3AMP/ojwhrFD0A2ML4NOgehlBLGHseInnO5evc=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "b1fb790b5f2afaaa1b2f7f18979b8318abe604bb", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, "beautysh": { "inputs": { "nixpkgs": [ @@ -82,9 +104,9 @@ }, "colmena": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2", "stable": "stable" }, "locked": { @@ -103,9 +125,9 @@ }, "comma": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "naersk": "naersk", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "utils": "utils" }, "locked": { @@ -123,6 +145,36 @@ } }, "crane": { + "inputs": { + "flake-compat": [ + "attic", + "flake-compat" + ], + "flake-utils": [ + "attic", + "flake-utils" + ], + "nixpkgs": [ + "attic", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1677892403, + "narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=", + "owner": "ipetkov", + "repo": "crane", + "rev": "105e27adb70a9890986b6d543a67761cbc1964a2", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { "inputs": { "flake-compat": [ "lanzaboote", @@ -155,7 +207,7 @@ "type": "github" } }, - "crane_2": { + "crane_3": { "flake": false, "locked": { "lastModified": 1670284777, @@ -191,7 +243,7 @@ "inputs": { "alejandra": "alejandra", "all-cabal-json": "all-cabal-json", - "crane": "crane_2", + "crane": "crane_3", "devshell": "devshell", "flake-parts": "flake-parts_2", "flake-utils-pre-commit": "flake-utils-pre-commit", @@ -269,11 +321,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -285,11 +337,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", "type": "github" }, "original": { @@ -315,6 +367,22 @@ } }, "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { "flake": false, "locked": { "lastModified": 1668681692, @@ -330,7 +398,7 @@ "type": "github" } }, - "flake-compat_5": { + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1673956053, @@ -346,7 +414,7 @@ "type": "github" } }, - "flake-compat_6": { + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1673956053, @@ -402,11 +470,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -431,6 +499,21 @@ } }, "flake-utils_2": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { "inputs": { "systems": "systems" }, @@ -448,7 +531,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "inputs": { "systems": "systems_2" }, @@ -466,7 +549,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_5": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -481,7 +564,7 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_6": { "locked": { "lastModified": 1678901627, "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", @@ -495,7 +578,7 @@ "type": "indirect" } }, - "flake-utils_6": { + "flake-utils_7": { "inputs": { "systems": "systems_3" }, @@ -627,22 +710,22 @@ }, "lanzaboote": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat_3", + "crane": "crane_2", + "flake-compat": "flake-compat_4", "flake-parts": "flake-parts", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" + "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1685349926, - "narHash": "sha256-c1rKI1glJWdJIPefp9aiyhAkEZ4Sc6Rh/J5VumEXu1M=", + "lastModified": 1685709197, + "narHash": "sha256-ASoXZVoXj6L9PzNDfuDrAxrqaDuH7e1qTzdzkOODu4M=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "2e62c11babeead4b26efbb7f2cd4488baaa2e897", + "rev": "e422970c1bc3351bb7a20cf6e30e78d975280ed3", "type": "github" }, "original": { @@ -685,7 +768,7 @@ "mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "nixpkgs": [ "nixpkgs" ], @@ -752,7 +835,7 @@ "nix": { "inputs": { "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixpkgs-regression": "nixpkgs-regression" }, "locked": { @@ -838,16 +921,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1683408522, - "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "lastModified": 1685012353, + "narHash": "sha256-U3oOge4cHnav8OLGdRVhL45xoRj4Ppd+It6nPC9nNIU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "rev": "aeb75dba965e790de427b73315d5addf91a54955", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -903,16 +986,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1678872516, - "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", + "lastModified": 1685004253, + "narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", + "rev": "3e01645c40b92d29f3ae76344a6d654986a91a91", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } @@ -933,133 +1016,23 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs-stable_3": { "locked": { - "lastModified": 1680668850, - "narHash": "sha256-mQMg13yRsS0LXVzaeoSPwqgPO6yhkGzGewPgMSqXSv8=", + "lastModified": 1678872516, + "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a65e9f64e53fdca6eed31adba836717a11247d2", + "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_22-11": { - "locked": { - "lastModified": 1685468986, - "narHash": "sha256-YSj3K71KjRZgeL0hS3sYLYHI0g8aIVIf9lcsRMCIW2A=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "9af373a61647257d16ae6062cddaa9094d24920c", - "type": "github" - }, - "original": { - "owner": "nixos", "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1685383865, - "narHash": "sha256-3uQytfnotO6QJv3r04ajSXbEFMII0dUtw0uqYlZ4dbk=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "5e871d8aa6f57cc8e0dc087d1c5013f6e212b4ce", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1685168767, - "narHash": "sha256-wQgnxz0PdqbyKKpsWl/RU8T8QhJQcHfeC6lh1xRUTfk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e10802309bf9ae351eb27002c85cfdeb1be3b262", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1672580127, - "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "0874168639713f547c05947c76124f78441ea46c", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-22.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1645296114, - "narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-21.05-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1674736538, - "narHash": "sha256-/DszFMkAgYyB9dTWKkoZa9i0zcrA6Z4hYrOr/u/FSxY=", - "owner": "serokell", - "repo": "nixpkgs", - "rev": "1dfdbb65d77430fc0935e8592d0abc4addcce711", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1682526928, - "narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d6b863fd9b7bb962e6f9fdf292419a775e772891", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_9": { + "nixpkgs_10": { "locked": { "lastModified": 1670507980, "narHash": "sha256-riNZa0xzM1it3pzxciwALeMs+0CsBMWIW2FqulzK8vM=", @@ -1075,19 +1048,161 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1683408522, + "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_22-11": { + "locked": { + "lastModified": 1685650716, + "narHash": "sha256-sDd7QIcMbIb37nuqMrJElvuyE5eVgWuKGtIPP8IWwCc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f7c1500e2eefa58f3c80dd046cba256e10440201", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1680668850, + "narHash": "sha256-mQMg13yRsS0LXVzaeoSPwqgPO6yhkGzGewPgMSqXSv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4a65e9f64e53fdca6eed31adba836717a11247d2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1685693126, + "narHash": "sha256-Q+fZjmYsFYOjOB8RFRkOqQj09tJa4pVh8qaZCYmsw1o=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b49720ccd2ca03ef35e213ebd43bd57c7eb83fa7", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1685168767, + "narHash": "sha256-wQgnxz0PdqbyKKpsWl/RU8T8QhJQcHfeC6lh1xRUTfk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e10802309bf9ae351eb27002c85cfdeb1be3b262", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1672580127, + "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "0874168639713f547c05947c76124f78441ea46c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1645296114, + "narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-21.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1674736538, + "narHash": "sha256-/DszFMkAgYyB9dTWKkoZa9i0zcrA6Z4hYrOr/u/FSxY=", + "owner": "serokell", + "repo": "nixpkgs", + "rev": "1dfdbb65d77430fc0935e8592d0abc4addcce711", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1682526928, + "narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d6b863fd9b7bb962e6f9fdf292419a775e772891", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "beautysh": "beautysh", - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_4", + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_5", "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1685370907, - "narHash": "sha256-3AHPdXt/w2dyH4qGaflR8eSdZiQ6Lhlj38rDS6ZPgyY=", + "lastModified": 1685708456, + "narHash": "sha256-3zKQMUJhAK19NIzWyLBn3ggEsMtgamVd7l0+PWtFYEM=", "owner": "pta2002", "repo": "nixvim", - "rev": "cf6a614e8b89eea8f989ef6103debe65984a1fd5", + "rev": "1f285df66498952c9b1315fdc591c0c3e1d3b5f1", "type": "github" }, "original": { @@ -1098,11 +1213,11 @@ }, "nur": { "locked": { - "lastModified": 1685612768, - "narHash": "sha256-XD1LKFG1N/VpcqQ63lQd6LdPHPAl/XbbLa00p5hfMW4=", + "lastModified": 1685699083, + "narHash": "sha256-EqgVvQLjMuXMU0yiSRoCZZnnU8ATWdd8vWzWOBAeT4M=", "owner": "nix-community", "repo": "NUR", - "rev": "23621ea768b76cc7d98a1bd66f4bd90f049d9dda", + "rev": "7dbd5a6621059db78edd523eb1da98252d96b23d", "type": "github" }, "original": { @@ -1157,14 +1272,14 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_5", - "flake-utils": "flake-utils_4", + "flake-compat": "flake-compat_6", + "flake-utils": "flake-utils_5", "gitignore": "gitignore_2", "nixpkgs": [ "nixvim", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { "lastModified": 1684842236, @@ -1195,7 +1310,7 @@ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1682596858, @@ -1242,7 +1357,7 @@ "inputs": { "fenix": "fenix", "naersk": "naersk_2", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1677774593, @@ -1260,6 +1375,7 @@ }, "root": { "inputs": { + "attic": "attic", "colmena": "colmena", "comma": "comma", "home-manager": "home-manager", @@ -1267,7 +1383,7 @@ "mailserver": "mailserver", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs_22-11": "nixpkgs_22-11", "nixvim": "nixvim", "nur": "nur", @@ -1312,6 +1428,33 @@ } }, "rust-overlay": { + "inputs": { + "flake-utils": [ + "attic", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "attic", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1675391458, + "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { "inputs": { "flake-utils": [ "lanzaboote", @@ -1444,10 +1587,10 @@ }, "vault-secrets": { "inputs": { - "flake-compat": "flake-compat_6", - "flake-utils": "flake-utils_5", + "flake-compat": "flake-compat_7", + "flake-utils": "flake-utils_6", "nix": "nix", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1683797625, @@ -1465,8 +1608,8 @@ }, "vault-unseal": { "inputs": { - "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_8" + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1683013874, @@ -1485,7 +1628,7 @@ "webcord": { "inputs": { "dream2nix": "dream2nix", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "webcord": "webcord_2" }, "locked": { diff --git a/flake.nix b/flake.nix index 4c581b0c..af4845ae 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ # * https://github.com/Infinidoge/nix-minecraft inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs_22-11.url = "github:nixos/nixpkgs/nixos-22.11"; @@ -42,6 +42,8 @@ }; vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git"; + + attic.url = "github:zhaofengli/attic"; }; outputs = { self, nixpkgs, nixpkgs_22-11, vault-secrets, colmena diff --git a/nixos/hosts/hades/attic/configuration.nix b/nixos/hosts/hades/attic/configuration.nix new file mode 100644 index 00000000..c13b4308 --- /dev/null +++ b/nixos/hosts/hades/attic/configuration.nix @@ -0,0 +1,80 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ pkgs, config, ... }: +let vs = config.vault-secrets.secrets; +in { + imports = [ ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? + + # Additional packages + environment.systemPackages = with pkgs; [ ]; + + vault-secrets.secrets.attic = { + services = [ "atticd" ]; + }; + + + services.atticd = { + enable = true; + + credentialsFile = "${vs.attic}/environment"; + + settings = { + listen = "[::]:8080"; + allowed-hosts = [ "attic.xirion.net" ]; + api-endpoint = "https://attic.xirion.net/"; + require-proof-of-possession = false; + + garbage-collection = { + interval = "12 hours"; + default-retention-period = "1 month"; + }; + + compression = { + type = "zstd"; + level = 8; + }; + + storage = { + type = "s3"; + region = "hades"; + bucket = "attic"; + endpoint = "http://garage.hades:3900"; + }; + + # Data chunking + # + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8080 ]; +} diff --git a/nixos/hosts/hades/default.nix b/nixos/hosts/hades/default.nix index 875312e9..24679252 100644 --- a/nixos/hosts/hades/default.nix +++ b/nixos/hosts/hades/default.nix @@ -139,17 +139,17 @@ mac = "12:fa:24:02:65:e6"; nix = false; }; - # "docker-registry-proxy" = { - # ip = "192.168.0.128"; - # mac = "0e:11:65:62:66:9f"; - # }; + "attic" = { + ip = "192.168.0.128"; + mac = "9E:AF:E9:FE:D4:D9"; + }; "hassio" = { ip = "192.168.0.129"; mac = "e6:80:32:fb:00:75"; nix = false; }; # "docker-registry" = { - # ip = "192.168.0.130"; + # ip = "192.168.0.130"attic, ; # mac = "5e:0e:a6:cf:64:70"; # }; "minecraft" = { diff --git a/nixos/hosts/hades/docker-registry-proxy/configuration.nix b/nixos/hosts/hades/docker-registry-proxy/configuration.nix deleted file mode 100644 index 5bf46699..00000000 --- a/nixos/hosts/hades/docker-registry-proxy/configuration.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, ... }: -let vs = config.vault-secrets.secrets; -in { - system.stateVersion = "22.05"; - - networking.interfaces.eth0.useDHCP = true; - - # the registry port and metrics port - networking.firewall.allowedTCPPorts = - [ config.services.dockerRegistry.port 5001 ]; - - vault-secrets.secrets.docker-registry = { }; - - # Sets the minio user and password - systemd.services.docker-registry.serviceConfig.EnvironmentFile = - "${vs.docker-registry}/environment"; - - services.dockerRegistry = { - enable = true; - enableDelete = true; - enableGarbageCollect = true; - listenAddress = "0.0.0.0"; - storagePath = null; # We want to store in s3 - garbageCollectDates = "weekly"; - extraConfig = { - # S3 Storages - storage.s3 = { - regionendpoint = "https://o.xirion.net"; - bucket = "docker-registry-proxy"; - region = "us-east-1"; # Fake but needed - }; - - # The actual proxy - proxy.remoteurl = "https://registry-1.docker.io"; - - # Enable prom under :5001/metrics - http.debug.addr = "0.0.0.0:5001"; - http.debug.prometheus.enabled = true; - }; - }; -} - diff --git a/nixos/hosts/hades/docker-registry/configuration.nix b/nixos/hosts/hades/docker-registry/configuration.nix deleted file mode 100644 index 0dcb94f8..00000000 --- a/nixos/hosts/hades/docker-registry/configuration.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, ... }: -let vs = config.vault-secrets.secrets; -in { - system.stateVersion = "22.05"; - - networking.interfaces.eth0.useDHCP = true; - - # the registry port and metrics port - networking.firewall.allowedTCPPorts = - [ config.services.dockerRegistry.port 5001 ]; - - vault-secrets.secrets.docker-registry = { }; - - # Sets the minio user and password - systemd.services.docker-registry.serviceConfig.EnvironmentFile = - "${vs.docker-registry}/environment"; - - services.dockerRegistry = { - enable = true; - enableDelete = true; - enableGarbageCollect = true; - listenAddress = "0.0.0.0"; - storagePath = null; # We want to store in s3 - garbageCollectDates = "weekly"; - - extraConfig = { - # S3 Storages - storage.s3 = { - regionendpoint = "https://o.xirion.net"; - bucket = "docker-registry"; - region = "us-east-1"; # Fake but needed - }; - - # Enable prom under :5001/metrics - http.debug.addr = "0.0.0.0:5001"; - http.debug.prometheus.enabled = true; - - # Webhooks - notifications.endpoints = [{ - name = "keel"; - url = "http://10.10.10.17:9300/v1/webhooks/registry"; - timeout = "500ms"; - treshold = 5; - backoff = "1s"; - }]; - }; - }; -} - diff --git a/nixos/hosts/hades/jackett/configuration.nix b/nixos/hosts/hades/jackett/configuration.nix deleted file mode 100644 index 982919bf..00000000 --- a/nixos/hosts/hades/jackett/configuration.nix +++ /dev/null @@ -1,10 +0,0 @@ -_: { - system.stateVersion = "21.05"; - networking.interfaces.eth0.useDHCP = true; - - services.jackett = { - enable = true; - dataDir = "/var/lib/jackett/"; - openFirewall = true; - }; -} diff --git a/nixos/hosts/hades/nginx/configuration.nix b/nixos/hosts/hades/nginx/configuration.nix index 0585596a..5b38cac8 100644 --- a/nixos/hosts/hades/nginx/configuration.nix +++ b/nixos/hosts/hades/nginx/configuration.nix @@ -63,6 +63,7 @@ in { virtualHosts."pass.xirion.net" = proxy "http://bitwarden_rs"; virtualHosts."repo.xirion.net" = proxy "http://archlinux"; virtualHosts."thelounge.xirion.net" = proxy "http://thelounge:9000"; + virtualHosts."attic.xirion.net" = proxy "http://attic.hades:8080"; virtualHosts."tautulli.xirion.net" = proxy "http://tautulli.hades:8080"; virtualHosts."peepeepoopoo.xirion.net" = proxy "http://tautulli.hades:8080"; # Deprecated but Ricardo has it bookmarked already! diff --git a/nixos/util.nix b/nixos/util.nix index 05f10f5a..3ed3f20a 100644 --- a/nixos/util.nix +++ b/nixos/util.nix @@ -1,10 +1,11 @@ -{ nixpkgs, home-manager, mailserver, lanzaboote, ... }: +{ nixpkgs, home-manager, mailserver, lanzaboote, attic, ... }: let inherit (builtins) filter attrValues concatMap mapAttrs; inherit (nixpkgs.lib.attrsets) mapAttrsToList; base_imports = [ home-manager.nixosModules.home-manager mailserver.nixosModules.mailserver + attic.nixosModules.atticd ]; type_import = let import_cases = {