10 changed files with 41 additions and 76 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+result
--- a/0
+++ b/0
--- a/flake.lock
+++ b/flake.lock
@ -10,11 +10,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1654325492,
-        "narHash": "sha256-+eegOXTfWyVygrqWCid1pg5IdCjmh0G8o5uA93IQFdA=",
+        "lastModified": 1654885765,
+        "narHash": "sha256-BU8uDapI/ZS1B/K0M1n/AvQ3ZIwBk0NMytM49WqZo8w=",
        "owner": "zhaofengli",
        "repo": "colmena",
-        "rev": "b5629dca833fc0bd545898c2dd2d9d5ae1fd5066",
+        "rev": "1b3c272b5873f809c18434924d99967c73d4e2cf",
        "type": "github"
      },
      "original": {
@ -206,11 +206,11 @@
        "utils": "utils_3"
      },
      "locked": {
-        "lastModified": 1654583212,
-        "narHash": "sha256-TNM2Y4lnCnGsmRfYRVoYzaApSL3GE9NDad0ApJ4CCOg=",
+        "lastModified": 1654910231,
+        "narHash": "sha256-BGKT7IL+IrZLBQFJ0PxC8lFUV4Y3IONmi/SbaabsWlY=",
        "owner": "jyooru",
        "repo": "nix-minecraft-servers",
-        "rev": "3423f5faf24744490963f1024da214c37f199a9f",
+        "rev": "14465ed2e2804484d1d456afee0d8fded6eb05bd",
        "type": "github"
      },
      "original": {
@ -257,11 +257,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1654230545,
-        "narHash": "sha256-8Vlwf0x8ow6pPOK2a04bT+pxIeRnM1+O0Xv9/CuDzRs=",
+        "lastModified": 1654682581,
+        "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "236cc2971ac72acd90f0ae3a797f9f83098b17ec",
+        "rev": "e0169d7a9d324afebf5679551407756c77af8930",
        "type": "github"
      },
      "original": {
@ -325,11 +325,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1654503399,
-        "narHash": "sha256-io7/mE1uPMznvFILtRSUafuaofyOqaQZKjSQLR6qTZk=",
+        "lastModified": 1654872670,
+        "narHash": "sha256-96CAJ3AujffxOECfEMFvonrznS/xPvP+R6oKYkD3UVw=",
        "owner": "serokell",
        "repo": "serokell.nix",
-        "rev": "eb14d979cc8257663dd94d6098a86c8c1ce99e72",
+        "rev": "faf02c7b2ac9900ae44c2068a10237c5db73f692",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -7,17 +7,17 @@

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    
+
    deploy-rs.url = "github:serokell/deploy-rs";
    deploy-rs.inputs.nixpkgs.follows = "nixpkgs";

    colmena.url = "github:zhaofengli/colmena";
    colmena.inputs.nixpkgs.follows = "nixpkgs";
-    
+
    serokell-nix.url = "github:serokell/serokell.nix";
    serokell-nix.inputs.nixpkgs.follows = "nixpkgs";
    serokell-nix.inputs.deploy-rs.follows = "deploy-rs";
-    
+
    vault-secrets.url = "github:serokell/vault-secrets";
    vault-secrets.inputs.nixpkgs.follows = "nixpkgs";

@ -80,8 +80,6 @@

      pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];

-      deployChecks = mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;
-      checks = { };
    in
    {
      # Make the config and deploy sets
@ -112,7 +110,7 @@
      devShells.${system}.default = pkgs.mkShell {
        VAULT_ADDR = "http://vault.olympus:8200/";
        # This only support bash so just execute zsh in bash as a workaround :/
-        shellHook = "zsh";
+        shellHook = "zsh; exit $?";
        buildInputs = with pkgs; [
          deploy-rs.packages.${system}.deploy-rs
          fluxcd
@ -129,6 +127,11 @@
        ];
      };

-      checks = lib.recursiveUpdate deployChecks checks;
+      # Filter out non-system checks: https://github.com/NixOS/nixpkgs/issues/175875#issuecomment-1152996862
+      checks = lib.filterAttrs
+        (a: _: a == system)
+        (builtins.mapAttrs
+          (system: deployLib: deployLib.deployChecks self.deploy)
+          deploy-rs.lib);
    };
 }
--- a/hosts.nix
+++ b/hosts.nix
@ -82,12 +82,9 @@
    ip = "10.42.42.17";
    mac = "0A:06:5E:E7:9A:0C";
  }
-  {
-    hostname = "plausible";
-    ip = "10.42.42.18";
-    mac = "82:34:70:FA:44:6F";
-    nix = false;
-  }
+  # {
+    # ip = "10.42.42.18";
+  # }
  {
    hostname = "victoriametrics";
    ip = "10.42.42.19";
--- a/nixos/hosts/_template/configuration.nix
+++ b/nixos/hosts/_template/configuration.nix
@ -15,7 +15,7 @@
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "21.11"; # Did you read the comment?
+  system.stateVersion = "22.11"; # Did you read the comment?

  # Additional packages
  environment.systemPackages = with pkgs; [ ];
--- a/nixos/hosts/bastion/configuration.nix
+++ b/nixos/hosts/bastion/configuration.nix
@ -34,6 +34,10 @@ in {
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.05"; # Did you read the comment?

+  virtualisation.podman = {
+    enable = true;
+  };
+
  # Additional packages
  environment.systemPackages = with pkgs; [
    binutils
--- a/nixos/hosts/gitea/configuration.nix
+++ b/nixos/hosts/gitea/configuration.nix
@ -23,6 +23,8 @@

  networking.firewall.allowedTCPPorts = [ config.services.gitea.httpPort ];

+  services.openssh.startWhenNeeded = false;
+
  services.gitea = {
    enable = true;
    domain = "git.0x76.dev";
@ -34,7 +36,6 @@
    disableRegistration = true;
    cookieSecure = true;
    
-
    settings = {
      ui = {
        DEFAULT_THEME = "arc-green";
--- a/nixos/hosts/k3s/configuration.nix
+++ b/nixos/hosts/k3s/configuration.nix
@ -5,9 +5,14 @@
  ];

  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  boot.loader.grub.device = "/dev/sda";
+  boot.loader.grub = {
+    enable = true;
+    version = 2;
+    device = "/dev/sda";
+  };
+
+  boot.kernel.sysctl."fs.inotify.max_user_instances" = 2147483647; # INT_MAX, dynamically limited based on available memory
+  boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;

  networking.hostName = "k3s-node1";

--- a/nixos/hosts/plausible/configuration.nix
+++ b/nixos/hosts/plausible/configuration.nix
@ -1,46 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-let
-  vs = config.vault-secrets.secrets;
-  cfg = config.services.plausible;
-in
-{
-  imports = [ ];
-
-  networking.hostName = "plausible";
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "21.11"; # Did you read the comment?
-
-  # Additional packages
-  environment.systemPackages = with pkgs; [ ];
-
-  networking.firewall.allowedTCPPorts = [ cfg.server.port ];
-  networking.firewall.allowedUDPPorts = [ ];
-
-  vault-secrets.secrets.plausible = { };
-
-  services.plausible = {
-    enable = true;
-    releaseCookiePath = "${pkgs.runCommand "cookie" { } ''
-        ${pkgs.openssl}/bin/openssl rand -base64 64 >"$out"
-      ''}";
-    server = {
-      baseUrl = "https://analytics.0x76.dev";
-      secretKeybaseFile = "${vs.plausible}/secretkeybase";
-    };
-    adminUser = {
-      activate = true;
-      email = "plausible@xirion.net";
-      passwordFile = "${vs.plausible}/password";
-    };
-  };
-}