Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure

2023-04-29 19:48:06 +02:00 · 2023-04-29 19:48:06 +02:00 · df8cc8a854
parent 24a16976a7 8c6037a0fd
commit df8cc8a854
10 changed files with 47 additions and 78 deletions
--- a/flake.lock
+++ b/flake.lock
@ -88,11 +88,11 @@
        "stable": "stable"
      },
      "locked": {
-        "lastModified": 1682202576,
-        "narHash": "sha256-vcTEEEHKx4PTfY80bUmZMwXRy0cTDJCkULHhqe1HJS8=",
+        "lastModified": 1682737380,
+        "narHash": "sha256-n3rZkHZls9BNr35o3veK00UsM1KSh/oNTJjLkFbEOY8=",
        "owner": "zhaofengli",
        "repo": "colmena",
-        "rev": "089431737e283ed3e402a7dff578cb442444c431",
+        "rev": "be837ee341b6508c355035973d5f7c7e88d7c64f",
        "type": "github"
      },
      "original": {
@ -502,11 +502,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1682663009,
-        "narHash": "sha256-i5ZDuY5kUBDwbWFUludL2cm6PBb6oj245qTFXSpOkdo=",
+        "lastModified": 1682759296,
+        "narHash": "sha256-FgBfP1e+TnED0lT3L9G6KJ6j07xQElFMRdLIsmKQ0Ss=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "43ba4489bd3f9f69519f5f7ebdb76d0455eccbbe",
+        "rev": "27d89b49e3cd3c83b9609a6ff9173a9b8d2d9ad4",
        "type": "github"
      },
      "original": {
@ -833,11 +833,11 @@
    },
    "nixpkgs_22-11": {
      "locked": {
-        "lastModified": 1682538316,
-        "narHash": "sha256-YuHgVsR7S9zxJWHo7lo2ugd+uDC4ESWg1hA4bEZQv3Y=",
+        "lastModified": 1682669017,
+        "narHash": "sha256-Vi+p4y3wnl0/4gcwTdmCO398kKlDaUrNROtf3GOD2NY=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "15b75800dce80225b44f067c9012b09de37dfad2",
+        "rev": "7449971a3ecf857b4a554cf79b1d9dcc1a4647d8",
        "type": "github"
      },
      "original": {
@ -865,11 +865,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1682688250,
-        "narHash": "sha256-eE/h7+V5M96HmobnZEPbPyinPv+Y+vcs/3gL55I7rRI=",
+        "lastModified": 1682777022,
+        "narHash": "sha256-tzMqNaMS8wDpEnNG8vuPrbOUw1y+AI7BRFznjmCBVjE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "4452d55f8e5c2480b91bbe1eaf4b34c8ee07ebb9",
+        "rev": "6f3b947593983bf1bf0b243717fac8b42a1e014d",
        "type": "github"
      },
      "original": {
@ -965,11 +965,11 @@
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
-        "lastModified": 1682677025,
-        "narHash": "sha256-HQ3E4JKHcj6MWwmo/JoGIrFhBymVszGyFoAv3R6JOxk=",
+        "lastModified": 1682714854,
+        "narHash": "sha256-7vFHIUeaZ47REJopzzY6bX5wb0qmn6fNsQCKOQ8G3Mg=",
        "owner": "pta2002",
        "repo": "nixvim",
-        "rev": "3014192cdc6e5ac59e72c74baa6075c9c9148bfd",
+        "rev": "d0383da7f8579610f49b99b982b662ad197d97d1",
        "type": "github"
      },
      "original": {
@ -980,11 +980,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1682686658,
-        "narHash": "sha256-h2gpcWIEcO5CYfdLFBvxI59cOS65YJejpxVqdh1sZGU=",
+        "lastModified": 1682751794,
+        "narHash": "sha256-+lo+jlBp5Np2UId6CfAQZdG/yLJLZhtoluMj1NkBlDU=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "8814b947eb4f10b1f26ed7cb7b067c58b28b065a",
+        "rev": "b3b850a6da43a794e7fab9566b529ca43e22458a",
        "type": "github"
      },
      "original": {
@ -1280,11 +1280,11 @@
        "nixpkgs": "nixpkgs_9"
      },
      "locked": {
-        "lastModified": 1682689494,
-        "narHash": "sha256-ZGOJ5Mg92Vuf3mMlLL4hu6ENU4Ykk+uAjnoU+rdSFcM=",
+        "lastModified": 1682690091,
+        "narHash": "sha256-j8Uu1Lu+3t5CrLlnHIco6LXIuH7F5KM4pUJZ+QIBiVQ=",
        "ref": "refs/heads/main",
-        "rev": "3393123d5814d572eeccb6c6163bab9f374550ca",
-        "revCount": 2,
+        "rev": "5af2f123dcd9dcf7ddb3856434f8ea1c76b699b3",
+        "revCount": 3,
        "type": "git",
        "url": "https://git.0x76.dev/v/vault-unseal.git"
      },
--- a/flake.nix
+++ b/flake.nix
@ -87,7 +87,7 @@
        nix repl --file "${./.}/repl.nix" $@
      '';
    in {
-      # Make the nixosConfigurations for compat reasons
+      # Make the nixosConfigurations for compat reasons (e.g. vault)
      nixosConfigurations =
        (import (inputs.colmena + "/src/nix/hive/eval.nix") {
          rawFlake = self;
--- a/flux/olympus/apps/services/renovate/cronjob.yaml
+++ b/flux/olympus/apps/services/renovate/cronjob.yaml
@ -19,7 +19,7 @@ spec:
              emptyDir: {}
          containers:
            - name: renovate
-              image: renovate/renovate:35.58.0
+              image: renovate/renovate:35.64.0
              volumeMounts:
                - name: config-volume
                  mountPath: /opt/renovate/
--- a/nixos/common/desktop/home.nix
+++ b/nixos/common/desktop/home.nix
@ -9,6 +9,7 @@ in {
  home.packages = with pkgs; [
    btop
    calibre
+    celluloid
    element-desktop
    fusee-launcher
    gcc
@ -17,6 +18,7 @@ in {
    inputs.webcord.packages.${pkgs.system}.default
    jetbrains.clion
    jetbrains.idea-ultimate
+    kdenlive
    mullvad-vpn
    neofetch
    nixfmt
--- a/nixos/hosts/olympus/database/configuration.nix
+++ b/nixos/hosts/olympus/database/configuration.nix
@ -1,40 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-let
-  databases = [ "umami" "drone" ];
-in
-{
-  imports = [ ];
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "21.11"; # Did you read the comment?
-
-  # Additional packages
-  environment.systemPackages = with pkgs; [ ];
-
-  networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ];
-
-  services.postgresql =
-    {
-      enable = true;
-      package = pkgs.postgresql_14;
-      ensureDatabases = databases;
-      enableTCPIP = true;
-      # Allow all hosts on the server subnet, should probably lock this down more in the future
-      authentication = "host all all 10.42.42.0/24 trust";
-      ensureUsers = map
-        (name: {
-          inherit name;
-          ensurePermissions = { "DATABASE ${name}" = "ALL PRIVILEGES"; };
-        })
-        databases;
-    };
-}
--- a/nixos/hosts/olympus/default.nix
+++ b/nixos/hosts/olympus/default.nix
@ -110,10 +110,7 @@
    ip = "10.42.42.25";
    mac = "1E:ED:97:2C:C3:9D";
  };
-  "database" = {
-    ip = "10.42.42.26";
-    mac = "CE:6E:96:87:18:1B";
-  };
+  # 10.42.42.26
  "bookwyrm" = {
    ip = "10.42.42.27";
    mac = "9E:8A:6C:39:27:DE";
@ -123,11 +120,7 @@
    ip = "10.42.42.28";
    mac = "9E:86:D3:46:EE:AE";
  };
-  "slimmelezer" = {
-    ip = "10.42.42.29";
-    mac = "b4:8a:0a:ee:b0:5e";
-    nix = false;
-  };
+  # 10.42.42.29
  "vault-1" = {
    ip = "10.42.42.30";
    mac = "26:69:0E:7C:B3:79";
--- a/nixos/hosts/olympus/woodpecker/configuration.nix
+++ b/nixos/hosts/olympus/woodpecker/configuration.nix
@ -25,12 +25,18 @@ in {
    quoteEnvironmentValues = false; # Needed for docker
  };

+  # For some reason networking is broken in podman
  virtualisation.podman = {
-    enable = true;
+    enable = false;
    dockerSocket.enable = true;
    dockerCompat = true;
  };

+  virtualisation.docker = {
+    enable = true;
+    autoPrune.enable = true;
+  };
+
  services.woodpecker-server = {
    enable = true;
    environment = {
@ -49,12 +55,12 @@ in {
    docker = {
      enable = true;
      environment = {
-        DOCKER_HOST = "unix:///run/podman/podman.sock";
+        # DOCKER_HOST = "unix:///run/podman/podman.sock";
        WOODPECKER_BACKEND = "docker";
        WOODPECKER_SERVER = "localhost:9000";
      };
      environmentFile = [ "${vs.woodpecker}/environment" ];
-      extraGroups = [ "podman" ];
+      extraGroups = [ "docker" ];
    };
  };
 }
--- a/nixos/hosts/thalassa/eevee/configuration.nix
+++ b/nixos/hosts/thalassa/eevee/configuration.nix
@ -41,6 +41,8 @@

  environment.systemPackages = with pkgs; [ wireguard-tools ];

+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;
--- a/nixos/hosts/thalassa/eevee/hardware.nix
+++ b/nixos/hosts/thalassa/eevee/hardware.nix
@ -23,7 +23,12 @@
  };

  # udev
-  services.udev.packages = with pkgs; [ wooting-udev-rules ];
+  services.udev.packages = with pkgs; [
+    android-udev-rules
+    logitech-udev-rules
+    qmk-udev-rules
+    wooting-udev-rules
+  ];

  # FS
  fileSystems."/".options = [ "compress=zstd" ];
--- a/nixos/util.nix
+++ b/nixos/util.nix
@ -2,6 +2,7 @@
 let
  inherit (builtins) filter attrValues concatMap mapAttrs;
  inherit (nixpkgs.lib.attrsets) mapAttrsToList;
+  inherit (nixpkgs.lib) nixosSystem;
  base_imports = [
    home-manager.nixosModules.home-manager
    mailserver.nixosModules.mailserver
@ -44,7 +45,7 @@ in {
  mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host:
    let
      # this makes local apply work a bit nicer
-      name = if realm == "thalassa" then hostname else "${hostname}.${realm}";
+      name = if type == "local" then hostname else "${hostname}.${realm}";
    in {
      "${name}" = {
        imports = resolve_imports host;