Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure

flake.lock

@@ -50,11 +50,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1685309025,
-        "narHash": "sha256-pZxMM3AMP/ojwhrFD0A2ML4NOgehlBLGHseInnO5evc=",
+        "lastModified": 1686620679,
+        "narHash": "sha256-Ck/r3f+W9mOn3cHn5ii/fogBiJtosFnDaOQveaJ0zVU=",
         "owner": "zhaofengli",
         "repo": "attic",
-        "rev": "b1fb790b5f2afaaa1b2f7f18979b8318abe604bb",
+        "rev": "4fedffe6a1020edfcfa7bef18d21321d4983b3a7",
         "type": "github"
       },
       "original": {
@@ -175,39 +175,6 @@
       }
     },
     "crane_2": {
-      "inputs": {
-        "flake-compat": [
-          "lanzaboote",
-          "flake-compat"
-        ],
-        "flake-utils": [
-          "lanzaboote",
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "lanzaboote",
-          "nixpkgs"
-        ],
-        "rust-overlay": [
-          "lanzaboote",
-          "rust-overlay"
-        ]
-      },
-      "locked": {
-        "lastModified": 1683505101,
-        "narHash": "sha256-VBU64Jfu2V4sUR5+tuQS9erBRAe/QEYUxdVMcJGMZZs=",
-        "owner": "ipetkov",
-        "repo": "crane",
-        "rev": "7b5bd9e5acb2bb0cfba2d65f34d8568a894cdb6c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ipetkov",
-        "repo": "crane",
-        "type": "github"
-      }
-    },
-    "crane_3": {
       "flake": false,
       "locked": {
         "lastModified": 1670284777,
@@ -243,7 +210,7 @@
       "inputs": {
         "alejandra": "alejandra",
         "all-cabal-json": "all-cabal-json",
-        "crane": "crane_3",
+        "crane": "crane_2",
         "devshell": "devshell",
         "flake-parts": "flake-parts_2",
         "flake-utils-pre-commit": "flake-utils-pre-commit",
@@ -698,11 +665,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1686391840,
-        "narHash": "sha256-5S0APl6Mfm6a37taHwvuf11UHnAX0+PnoWQbsYbMUnc=",
+        "lastModified": 1686852570,
+        "narHash": "sha256-Hzufya/HxjSliCwpuLJCGY0WCQajzcpsnhFGa+TCkCM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0144ac418ef633bfc9dbd89b8c199ad3a617c59f",
+        "rev": "4e09c83255c5b23d58714d56672d3946faf1bcef",
         "type": "github"
       },
       "original": {
@@ -713,22 +680,20 @@
     },
     "lanzaboote": {
       "inputs": {
-        "crane": "crane_2",
         "flake-compat": "flake-compat_4",
         "flake-parts": "flake-parts",
         "flake-utils": "flake-utils_3",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
-        "rust-overlay": "rust-overlay_2"
+        "pre-commit-hooks-nix": "pre-commit-hooks-nix"
       },
       "locked": {
-        "lastModified": 1686415556,
-        "narHash": "sha256-88nOOiLYzYGIMEiQ91DxuyUa786mqunRw6k6GipXmxg=",
+        "lastModified": 1686692834,
+        "narHash": "sha256-EFjJ/r4iYVKO+XdL15g9bzOKbCExTGeqNEVHSn0H7/E=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "9f97a908e4059221d39c7b7d0906c88b9fcc9c9b",
+        "rev": "823ad6b70bf09b91c3a9dd9a64678ec80ba3c1ee",
         "type": "github"
       },
       "original": {
@@ -893,11 +858,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1685943944,
-        "narHash": "sha256-GpaQwOkvwkmSWxvWaZqbMKyyOSaBAwgdEcHCqLW/240=",
+        "lastModified": 1686644215,
+        "narHash": "sha256-FYa25w7gt8FqzWLl4UuwLLG7BiKZiAW/PFGbXWW6UAc=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "122dcc32cadf14c5015aa021fae8882c5058263a",
+        "rev": "f17fb67fc81a9f3b166cee711089466ba6617154",
         "type": "github"
       },
       "original": {
@@ -924,11 +889,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1685012353,
-        "narHash": "sha256-U3oOge4cHnav8OLGdRVhL45xoRj4Ppd+It6nPC9nNIU=",
+        "lastModified": 1686519857,
+        "narHash": "sha256-VkBhuq67aXXiCoEmicziuDLUPPjeOTLQoj6OeVai5zM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "aeb75dba965e790de427b73315d5addf91a54955",
+        "rev": "6b1b72c0f887a478a5aac355674ff6df0fc44f44",
         "type": "github"
       },
       "original": {
@@ -1067,22 +1032,6 @@
         "type": "github"
       }
     },
-    "nixpkgs_22-11": {
-      "locked": {
-        "lastModified": 1686392259,
-        "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "ef24b2fa0c5f290a35064b847bc211f25cb85c88",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-22.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs_3": {
       "locked": {
         "lastModified": 1680668850,
@@ -1101,18 +1050,17 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1686406799,
-        "narHash": "sha256-/MHAr6x5/DDEAWFQLgIlyFT9jCXl5O6OWCoNGmfnL3g=",
-        "owner": "nixos",
+        "lastModified": 1686718773,
+        "narHash": "sha256-x+4xs6+jWhFaYwt6REH7e91rm5vt2GCPEfmRdNcHyi4=",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9166729004aef4db3390d7199a45f6c7331275a2",
+        "rev": "ba1a6ec548000d4a50719d14e6f73f63016674d5",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
+        "id": "nixpkgs",
         "ref": "nixos-unstable-small",
-        "repo": "nixpkgs",
-        "type": "github"
+        "type": "indirect"
       }
     },
     "nixpkgs_5": {
@@ -1193,6 +1141,21 @@
         "type": "github"
       }
     },
+    "nixpkgs_stable": {
+      "locked": {
+        "lastModified": 1686736559,
+        "narHash": "sha256-YyUSVoOKIDAscTx7IZhF9x3qgZ9dPNF19fKk+4c5irc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ddf4688dc7aeb14e8a3c549cb6aa6337f187a884",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-23.05",
+        "type": "indirect"
+      }
+    },
     "nixvim": {
       "inputs": {
         "beautysh": "beautysh",
@@ -1201,11 +1164,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1686407073,
-        "narHash": "sha256-FFDLQgHsuGQJlqYs8CwDIHhRszDyX0Xb1wjbCwGQVdI=",
+        "lastModified": 1686822953,
+        "narHash": "sha256-O7famU9SxDRJqa4fob1Ja2Aclr9XqKu3k4uhpvPnZ+c=",
         "owner": "pta2002",
         "repo": "nixvim",
-        "rev": "a2ef858ea5599dc547011c19c40a962bc72a80e7",
+        "rev": "9fd431366acf7a6cb8e38c9b19a70b6376b16014",
         "type": "github"
       },
       "original": {
@@ -1216,11 +1179,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1686462208,
-        "narHash": "sha256-L58OUbCXtIzlBJ5QQBETWgPFgmekOwW99LhiyUp9Cto=",
+        "lastModified": 1686894171,
+        "narHash": "sha256-QyEdSgyOdSGM3kS6N/r+0i47VbeZI41OZik37ipkQBs=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "416eb10d0850d5041169b70e57df91206f7a613d",
+        "rev": "1c14e580cdf9e778d76a15ff13d6d302da628a30",
         "type": "github"
       },
       "original": {
@@ -1316,11 +1279,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1682596858,
-        "narHash": "sha256-Hf9XVpqaGqe/4oDGr30W8HlsWvJXtMsEPHDqHZA6dDg=",
+        "lastModified": 1684842236,
+        "narHash": "sha256-rYWsIXHvNhVQ15RQlBUv67W3YnM+Pd+DuXGMvCBq2IE=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "fb58866e20af98779017134319b5663b8215d912",
+        "rev": "61e567d6497bc9556f391faebe5e410e6623217f",
         "type": "github"
       },
       "original": {
@@ -1387,7 +1350,7 @@
         "nixos-generators": "nixos-generators",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_4",
-        "nixpkgs_22-11": "nixpkgs_22-11",
+        "nixpkgs_stable": "nixpkgs_stable",
         "nixvim": "nixvim",
         "nur": "nur",
         "riff": "riff",
@@ -1457,31 +1420,6 @@
         "type": "github"
       }
     },
-    "rust-overlay_2": {
-      "inputs": {
-        "flake-utils": [
-          "lanzaboote",
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "lanzaboote",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1684030847,
-        "narHash": "sha256-z4tOxaN9Cl8C80u6wyZBpPt9A9MbL21fZ3zdB/vG+AU=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "aa1480f16bec7dda3c62b8cdb184c7e823331ba2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    },
     "stable": {
       "locked": {
         "lastModified": 1669735802,
@@ -1611,11 +1549,11 @@
         "nixpkgs": "nixpkgs_8"
       },
       "locked": {
-        "lastModified": 1683797625,
-        "narHash": "sha256-Fgu9rxFziIJ47NiSdEUGO0PSwN9KTwW9lN0iT3uBpYI=",
+        "lastModified": 1686833044,
+        "narHash": "sha256-pl5qH72KNOgS9ivj06Nh272HTPd5cYPSL768RsYiLDg=",
         "owner": "serokell",
         "repo": "vault-secrets",
-        "rev": "9b23805fd05bf3b291d6f80ddfeb9a97318b6547",
+        "rev": "30c5b1c532d10e40c8a196995acee675d7d731f2",
         "type": "github"
       },
       "original": {

flake.nix

@@ -5,9 +5,9 @@
   # * https://github.com/Infinidoge/nix-minecraft
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
+    nixpkgs.url = "nixpkgs/nixos-unstable-small";
 
-    nixpkgs_22-11.url = "github:nixos/nixpkgs/nixos-22.11";
+    nixpkgs_stable.url = "nixpkgs/nixos-23.05";
 
     nur.url = "github:nix-community/NUR";
 
@@ -46,7 +46,7 @@
     attic.url = "github:zhaofengli/attic";
   };
 
-  outputs = { self, nixpkgs, nixpkgs_22-11, vault-secrets, colmena
+  outputs = { self, nixpkgs, nixpkgs_stable, vault-secrets, colmena
     , nixos-generators, nur, attic, ... }@inputs:
     let
       inherit (nixpkgs) lib;
@@ -62,13 +62,13 @@
         overlays = [ (import ./nixos/pkgs) vault-secrets.overlay nur.overlay ];
       };
 
-      pkgs_22-11 = import nixpkgs_22-11 {
+      pkgs_stable = import nixpkgs_stable {
         inherit system;
         config.allowUnfree = true;
       };
 
       # Define args each module gets access to (access to hosts is useful for DNS/DHCP)
-      specialArgs = { inherit hosts flat_hosts inputs pkgs_22-11; };
+      specialArgs = { inherit hosts flat_hosts inputs pkgs_stable; };
 
       # Script to apply local colmena deployments
       apply-local = pkgs.writeShellScriptBin "apply-local" ''

flux/olympus/apps/services/renovate/cronjob.yaml

@@ -19,7 +19,7 @@ spec:
               emptyDir: {}
           containers:
             - name: renovate
-              image: renovate/renovate:35.115.2
+              image: renovate/renovate:35.117.3
               volumeMounts:
                 - name: config-volume
                   mountPath: /opt/renovate/

nixos/hosts/hades/default.nix

@@ -66,10 +66,6 @@
     ip = "192.168.0.111";
     mac = "7a:5f:9b:62:49:91";
   };
-  "minio" = {
-    ip = "192.168.0.112";
-    mac = "ae:c6:94:bb:c5:d9";
-  };
   "cshub2" = {
     ip = "192.168.0.113";
     mac = "26:8c:f6:f4:21:76";

nixos/hosts/hades/lucy/configuration.nix

@@ -36,9 +36,14 @@ in {
   system.stateVersion = "23.05"; # Did you read the comment?
 
   # Additional packages
-  environment.systemPackages = with pkgs; [ gcc go jq rustup trivy nuclei-latest ];
-
-  networking.firewall.allowedTCPPorts = [ ];
+  environment.systemPackages = with pkgs; [
+    gcc
+    go
+    jq
+    rustup
+    trivy
+    nuclei-latest
+  ];
 
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -46,6 +51,20 @@ in {
 
   virtualisation.docker.enable = true;
 
+  services.mosquitto = {
+    enable = true;
+    listeners = [{
+      acl = [ "pattern readwrite #" ];
+      omitPasswordAuth = true;
+      settings.allow_anonymous = true;
+    }];
+  };
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 1883 ];
+  };
+
   users.extraUsers.laura.extraGroups = [ "wheel" "docker" ];
   users.extraUsers.victor.extraGroups = [ "docker" ];
 }

nixos/hosts/hades/mastodon/configuration.nix

@@ -65,7 +65,7 @@ in {
     smtp = {
       createLocally = false;
       fromAddress = "mastodon@xirion.net";
-      host = "mail.xirion.net";
+      host = "mail.0x76.dev";
       user = "mastodon@xirion.net";
       authenticate = true;
       port = 587;

nixos/hosts/hades/overseerr/overseerr.nix

@@ -2,7 +2,7 @@ _: {
   networking.firewall.allowedTCPPorts = [ 5055 ];
   # TODO: Write NixOS package https://github.com/NixOS/nixpkgs/issues/135885
   virtualisation.oci-containers.containers.overseerr = {
-    image = "ghcr.io/sct/overseerr:1.32.5";
+    image = "ghcr.io/sct/overseerr:1.33.0";
     environment = { TZ = "Europe/Amsterdam"; };
     ports = [ "5055:5055" ];
     volumes = [ "/var/lib/overseerr/config:/app/config" ];

nixos/hosts/hades/unifi/configuration.nix

@@ -1,13 +1,13 @@
-{ pkgs, lib, ... }: {
+{ pkgs, lib, pkgs_stable,... }: {
   system.stateVersion = "21.05";
   networking.interfaces.eth0.useDHCP = true;
 
-  environment.systemPackages = [ pkgs.mongodb-4_2 ];
+  environment.systemPackages = [ pkgs_stable.mongodb-4_2 ];
 
   services.unifi = {
     enable = true;
     unifiPackage = pkgs.unifi;
-    mongodbPackage = pkgs.mongodb-4_2;
+    mongodbPackage = pkgs_stable.mongodb-4_2;
     openFirewall = true;
   };
 

nixos/hosts/olympus/mailserver/configuration.nix

@@ -79,6 +79,10 @@ in {
         hashedPasswordFile = "${vs.mailserver}/snapraid@0x76.dev";
         sendOnly = true;
       };
+      "mastodon@xirion.net" = {
+        hashedPasswordFile = "${vs.mailserver}/mastodon@xirion.net";
+        sendOnly = true;
+      };
     };
 
     indexDir = "/var/lib/dovecot/indices";
@@ -99,11 +103,12 @@ in {
 
   services.roundcube = {
     enable = true;
-    package =
-      pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
+    package = pkgs.roundcube.withPlugins
+      (plugins: [ plugins.persistent_login pkgs.v.roundcube-swipe ]);
     plugins = [
       "archive"
       "managesieve"
+      "swipe"
       # "enigma"
       # "markasjunk"
       "persistent_login"
@@ -117,6 +122,19 @@ in {
       $config['smtp_host'] = "tls://${config.mailserver.fqdn}";
       $config['smtp_user'] = "%u";
       $config['smtp_pass'] = "%p";
+
+      $config['swipe_actions'] = [
+        'messagelist' => [
+          'left' => 'archive',
+          'right' => 'archive',
+          'down' => 'none'
+        ],
+        'contactlist' => [
+          'left' => 'none',
+          'right' => 'none',
+          'down' => 'none'
+        ]
+      ];
     '';
   };
 

nixos/hosts/olympus/unifi/configuration.nix

@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ pkgs, lib, ... }:
+{ pkgs, pkgs_stable, lib, ... }:
 
 {
   imports = [ ];
@@ -22,7 +22,7 @@
   services.unifi = {
     enable = true;
     unifiPackage = pkgs.unifi;
-    mongodbPackage = pkgs.mongodb-4_2;
+    mongodbPackage = pkgs_stable.mongodb-4_2;
     openFirewall = true;
   };
 }

nixos/pkgs/default.nix

@@ -14,6 +14,8 @@ _final: prev: {
 
     dnd-5e-latex-template = prev.callPackage ./dnd-5e-latex-template { };
 
+    roundcube-swipe = prev.callPackage ./roundcube-swipe { };
+
     gitea-agatheme = prev.callPackage ./gitea-agatheme { };
 
     # nix-shell -p "(vscode-with-extensions.override {vscodeExtensions = with vscode-extensions; [ jnoortheen.nix-ide ]; })" -I nixpkgs=.

nixos/pkgs/plex-pass/sources.json

@@ -1,14 +1,14 @@
 [
   {
-    "version": "1.32.4.7164",
+    "version": "1.32.4.7195",
     "platform": "aarch64-linux",
-    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.4.7164-1dc22f47b/debian/plexmediaserver_1.32.4.7164-1dc22f47b_arm64.deb",
-    "hash": "1k61rrdjlwhf14q8qdj976a53wf9f9ask0fwynldyqbvjfjgy0ws"
+    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.4.7195-7c8f9d3b6/debian/plexmediaserver_1.32.4.7195-7c8f9d3b6_arm64.deb",
+    "hash": "0fqmwijyp3nkii47s9w0a23r291cbifxgip2flp49wxlr7hbrgj1"
   },
   {
-    "version": "1.32.4.7164",
+    "version": "1.32.4.7195",
     "platform": "x86_64-linux",
-    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.4.7164-1dc22f47b/debian/plexmediaserver_1.32.4.7164-1dc22f47b_amd64.deb",
-    "hash": "0sa537yx7gjbabmisb26yrrlg7ql124qhwlc20r5m1hbq8i1i23w"
+    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.4.7195-7c8f9d3b6/debian/plexmediaserver_1.32.4.7195-7c8f9d3b6_amd64.deb",
+    "hash": "18c0wxfqrhisbrsp51hb3r95bxgi47p3ykaj146k3x2n627j2ycn"
   }
 ]

nixos/pkgs/roundcube-swipe/default.nix

@@ -0,0 +1,19 @@
+{ runCommand, fetchFromGitHub }:
+let
+  roundcubePlugin = { pname, version, src }:
+
+    runCommand "roundcube-plugin-swipe-${version}" { } ''
+      mkdir -p $out/plugins/
+      cp -r ${src} $out/plugins/swipe
+    '';
+in roundcubePlugin rec {
+  pname = "roundcube-swipe";
+  version = "0.5";
+
+  src = fetchFromGitHub {
+    owner = "johndoh";
+    repo = pname;
+    rev = "de96f82183bc593d879c335e6614fa983d51abfc";
+    sha256 = "sha256-vrMSvGwUzufSFDsUvUSL9JLR/+GtWdebVqgKiXMOOq4=";
+  };
+}