Fix building on hera

2020-10-01 07:10:28 +02:00 · 2020-10-01 07:10:28 +02:00 · d4fddef96b
parent 3bd628ab41
commit d4fddef96b
14 changed files with 50 additions and 61 deletions
--- a/home-manager/roles/weechat/default.nix
+++ b/home-manager/roles/weechat/default.nix
@ -1,7 +1,6 @@
 { lib, pkgs, config, ... }:
 with lib;
 let
-  weechatConfig = import ../../../nixos/machines/hera/secret/weechat.nix;
  weechat = pkgs.wrapWeechat pkgs.weechat-unwrapped {
    configure = { availablePlugins, ... }: {
      plugins = builtins.attrValues (availablePlugins // {
@ -87,7 +86,7 @@ in {
            ${server}.autoconnect = on
            ${server}.username = "${serverConfig.user}"
            ${server}.password = "${serverConfig.password}"
-          '') pkgs.privateValue { } "weechat/matrix")}
+          '') (pkgs.privateValue { } "weechat/matrix"))}
      '';
    };
    irc = {
@ -107,7 +106,7 @@ in {
            ${server}.autoconnect = on
            ${server}.username = "${serverConfig.user}"
            ${server}.autojoin = "${serverConfig.channels}"
-          '') pkgs.privateValue { } "weechat/irc")}
+          '') (pkgs.privateValue { } "weechat/irc"))}
      '';
    };
  };
--- a/nixos/machines/hera/cloud.nix
+++ b/nixos/machines/hera/cloud.nix
@ -1,7 +1,11 @@
-{ config, lib, ... }:
+{ pkgs, config, lib, ... }:
 with lib;
 let
-  inherit (config.m-0.private) me cloud;
+  adminCreds = pkgs.privateValue {
+            adminpass = "";
+            dbpass = "";
+            adminuser = "";
+          } "nextcloud-admin";
  inherit (config.m-0) hosts;
  certPath = "/var/lib/acme";
  nextcloud-container = { v6, v4, hostname, rss ? false, extraMounts ? { } }: {
@ -66,26 +70,18 @@ let
            dbname = "nextcloud";
            dbuser = "nextcloud";
            dbhost = "localhost";
-          } // pkgs.privateValue {
-            adminpass = "";
-            dbpass = "";
-            adminuser = "";
-          } "nextcloud-admin";
+          } // adminCreds;
          autoUpdateApps = {
            enable = true;
            startAt = "20:30";
          };
        };

-        redis = { enable = true; };
+        redis.enable = true;

        postgresql = {
          enable = true;
          package = pkgs.postgresql_9_6;
-          initialScript = pkgs.writeText "psql-init" ''
-            create role nextcloud with login password '${cloud.dbpass}';
-            create database nextcloud with owner nextcloud;
-          '';
        };
      };
      systemd = {
@ -109,14 +105,14 @@ let
            };
            startAt = "23:00";
          };
-          "prometheus-nginx-exporter" = {
+          prometheus-nginx-exporter = {
            serviceConfig = { RestartSec = 10; };
          };
-          "nextcloud-setup" = {
+          nextcloud-setup = {
            requires = [ "postgresql.service" ];
            after = [ "postgresql.service" ];
          };
-          "nextcloud-news-updater" = mkIf rss {
+          nextcloud-news-updater = mkIf rss {
            startAt = "20:00";
            serviceConfig = {
              Type = "oneshot";
@ -124,8 +120,8 @@ let
              ExecStart = let
                config = pkgs.writeText "updater.ini" (generators.toINI { } {
                  updater = {
-                    user = cloud.adminuser;
-                    password = cloud.adminpass;
+                    user = adminCreds.adminuser;
+                    password = adminCreds.adminpass;
                    url = "https://${hostname}/";
                    mode = "singlerun";
                  };
--- a/nixos/machines/hera/configuration.nix
+++ b/nixos/machines/hera/configuration.nix
@ -29,7 +29,6 @@ in {
    ./boot.nix
    ./cloud.nix
    ./network.nix
-    ./secret
  ];
  m-0.monitoring = [{
    name = "hera";
--- a/nixos/machines/hera/mail.nix
+++ b/nixos/machines/hera/mail.nix
@ -80,7 +80,7 @@ in {
        postfix = {
          networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
          transport = "email2matrix.maralorn.de smtp:[::1]:2525";
-          virtual = attrsToAliasList (pkgs.privateValue {} "mailing-lists"
+          virtual = attrsToAliasList (pkgs.privateValue {} "mail/forwards"
          // {
          });
        };
@ -91,7 +91,7 @@ in {
        enableImapSsl = true;
        fqdn = "hera.m-0.eu";
        domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
-        loginAccounts = pkgs.privateValue {} "mail-users";
+        loginAccounts = pkgs.privateValue {} "mail/users";
        hierarchySeparator = "/";
        certificateScheme = 1;
        certificateFile = "${certPath}/fullchain.pem";
--- a/nixos/machines/hera/network.nix
+++ b/nixos/machines/hera/network.nix
@ -11,13 +11,16 @@ in {
        address = "213.136.94.190";
        prefixLength = 24;
      }];
-      ipv6.addresses = [{
-        address = hosts.hera;
-        prefixLength = 128;
-      } {
-        address = hosts.hera-wg-host;
-        prefixLength = 128;
-      }];
+      ipv6.addresses = [
+        {
+          address = hosts.hera;
+          prefixLength = 128;
+        }
+        {
+          address = hosts.hera-wg-host;
+          prefixLength = 128;
+        }
+      ];
    };
    defaultGateway = "213.136.94.1";
    defaultGateway6 = {
@ -54,8 +57,7 @@ in {
    nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
    firewall.allowedTCPPorts = [ 8666 ];
    firewall.allowedUDPPorts = [ wireguard.port ];
-    wireguard.interfaces = let
-      {
+    wireguard.interfaces = {
      m0wire = {
        ips = [ "${hosts.hera-wg}/112" ];
        privateKeyFile = pkgs.privatePath "wireguard/hera-private";
@ -63,7 +65,7 @@ in {
        peers = [{
          publicKey = wireguard.pub.apollo;
          allowedIPs = [ "${hosts.apollo-wg}/128" ];
-          presharedKeyFile = pkgs.privatePath "wireguard-psk";
+          presharedKeyFile = pkgs.privatePath "wireguard/psk";
        }];
      };
    };
--- a/nixos/roles/standalone/admin.nix
+++ b/nixos/roles/standalone/admin.nix
--- a/nixos/roles/coturn.nix
+++ b/nixos/roles/coturn.nix
@ -1,4 +1,4 @@
-{ config, ... }: {
+{ config, pkgs, ... }: {
  networking.firewall.allowedTCPPorts = [ 3478 ];

  services = {
@ -7,7 +7,8 @@
      pkey = "/var/lib/acme/hera.m-0.eu/key.pem";
      cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem";
      no-tcp = true;
-      static-auth-secret = config.m-0.private.turn_secret;
+      static-auth-secret = (pkgs.privateValue { turn_shared_secret = ""; }
+        "matrix/server-secrets").turn_shared_secret;
      realm = "maralorn.de";
      use-auth-secret = true;
    };
--- a/nixos/roles/default.nix
+++ b/nixos/roles/default.nix
@ -1,5 +1,5 @@
 { pkgs, config, lib, ... }: {
-  imports = [ ../../common ./modules/laptop.nix ./modules/loginctl-linger.nix ];
+  imports = [ ../../common ./modules/laptop.nix ./modules/loginctl-linger.nix ./admin.nix ];

  i18n = { defaultLocale = "en_US.UTF-8"; };

@ -21,7 +21,10 @@
    acceptTerms = true;
  };

-  users.mutableUsers = false;
+  users = {
+    defaultUserShell = pkgs.zsh;
+    mutableUsers = false;
+  };

  environment = {
    etc = lib.mapAttrs'
@ -90,4 +93,12 @@
      clientMaxBodySize = "500m";
    };
  };
+  programs = {
+    zsh = {
+      enable = true;
+      autosuggestions.enable = true;
+      enableCompletion = true;
+      syntaxHighlighting.enable = true;
+    };
+  };
 }
--- a/nixos/roles/email2matrix.nix
+++ b/nixos/roles/email2matrix.nix
@ -5,7 +5,7 @@ let
    MatrixRoomId = "<missing>";
    MatrixHomeserverUrl = "https://matrix.maralorn.de";
    MatrixUserId = "@marabot:matrix.maralorn.de";
-    MatrixAccessToken = config.m-0.private.matrix_marabot_token;
+    MatrixAccessToken = pkgs.privateValue "" "matrix/marabot-token";
    IgnoreSubject = false;
    IgnoreBody = false;
    SkipMarkdown = false;
--- a/nixos/roles/go-neb.nix
+++ b/nixos/roles/go-neb.nix
@ -7,7 +7,7 @@
    config = {
      clients = [{
        UserId = "@marabot:maralorn.de";
-        AccessToken = config.m-0.private.matrix_marabot_token;
+        AccessToken = pkgs.privateValue "" "matrix/marabot-token";
        HomeServerUrl = "https://matrix.maralorn.de";
        Sync = true;
        AutoJoinRooms = true;
@ -35,12 +35,6 @@
            };
          };
        }
-        {
-          ID = "wikipedia_service";
-          Type = "wikipedia";
-          UserID = "@marabot:maralorn.de"; # requires a Syncing client
-          Config = { };
-        }
      ];
    };
  };
--- a/nixos/roles/monitoring/alertmanager.nix
+++ b/nixos/roles/monitoring/alertmanager.nix
@ -1,4 +1,4 @@
-{ config, ... }: {
+{ config, pkgs, ... }: {
  services = {
    prometheus = {
      alertmanagers =
--- a/nixos/roles/monitoring/default.nix
+++ b/nixos/roles/monitoring/default.nix
@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
  commonOptions = {
    enableACME = true;
--- a/nixos/roles/standalone/default.nix
+++ b/nixos/roles/standalone/default.nix
@ -1,7 +1,5 @@
 { pkgs, config, lib, ... }: {

-  imports = [ ./admin.nix ];
-
  boot = {
    plymouth.enable = true;
    loader = {
@ -14,11 +12,6 @@
    };
  };

-  users = {
-    defaultUserShell = pkgs.zsh;
-    mutableUsers = false;
-  };
-
  security.sudo.extraConfig =
    "\n    Defaults timestamp_type=global, timestamp_timeout=15\n  ";

@ -46,12 +39,6 @@

  programs = {
    mtr.enable = true;
-    zsh = {
-      enable = true;
-      autosuggestions.enable = true;
-      enableCompletion = true;
-      syntaxHighlighting.enable = true;
-    };
  };

 }
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 846e2f77048ed9d79269af80cff3c0999e73433d
+Subproject commit 1d34893fe7ad99502f777bfd7168aa8f05894ea8