Fix building on hera
This commit is contained in:
parent
3bd628ab41
commit
d4fddef96b
|
@ -1,7 +1,6 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
weechatConfig = import ../../../nixos/machines/hera/secret/weechat.nix;
|
||||
weechat = pkgs.wrapWeechat pkgs.weechat-unwrapped {
|
||||
configure = { availablePlugins, ... }: {
|
||||
plugins = builtins.attrValues (availablePlugins // {
|
||||
|
@ -87,7 +86,7 @@ in {
|
|||
${server}.autoconnect = on
|
||||
${server}.username = "${serverConfig.user}"
|
||||
${server}.password = "${serverConfig.password}"
|
||||
'') pkgs.privateValue { } "weechat/matrix")}
|
||||
'') (pkgs.privateValue { } "weechat/matrix"))}
|
||||
'';
|
||||
};
|
||||
irc = {
|
||||
|
@ -107,7 +106,7 @@ in {
|
|||
${server}.autoconnect = on
|
||||
${server}.username = "${serverConfig.user}"
|
||||
${server}.autojoin = "${serverConfig.channels}"
|
||||
'') pkgs.privateValue { } "weechat/irc")}
|
||||
'') (pkgs.privateValue { } "weechat/irc"))}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
inherit (config.m-0.private) me cloud;
|
||||
adminCreds = pkgs.privateValue {
|
||||
adminpass = "";
|
||||
dbpass = "";
|
||||
adminuser = "";
|
||||
} "nextcloud-admin";
|
||||
inherit (config.m-0) hosts;
|
||||
certPath = "/var/lib/acme";
|
||||
nextcloud-container = { v6, v4, hostname, rss ? false, extraMounts ? { } }: {
|
||||
|
@ -66,26 +70,18 @@ let
|
|||
dbname = "nextcloud";
|
||||
dbuser = "nextcloud";
|
||||
dbhost = "localhost";
|
||||
} // pkgs.privateValue {
|
||||
adminpass = "";
|
||||
dbpass = "";
|
||||
adminuser = "";
|
||||
} "nextcloud-admin";
|
||||
} // adminCreds;
|
||||
autoUpdateApps = {
|
||||
enable = true;
|
||||
startAt = "20:30";
|
||||
};
|
||||
};
|
||||
|
||||
redis = { enable = true; };
|
||||
redis.enable = true;
|
||||
|
||||
postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_9_6;
|
||||
initialScript = pkgs.writeText "psql-init" ''
|
||||
create role nextcloud with login password '${cloud.dbpass}';
|
||||
create database nextcloud with owner nextcloud;
|
||||
'';
|
||||
};
|
||||
};
|
||||
systemd = {
|
||||
|
@ -109,14 +105,14 @@ let
|
|||
};
|
||||
startAt = "23:00";
|
||||
};
|
||||
"prometheus-nginx-exporter" = {
|
||||
prometheus-nginx-exporter = {
|
||||
serviceConfig = { RestartSec = 10; };
|
||||
};
|
||||
"nextcloud-setup" = {
|
||||
nextcloud-setup = {
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
};
|
||||
"nextcloud-news-updater" = mkIf rss {
|
||||
nextcloud-news-updater = mkIf rss {
|
||||
startAt = "20:00";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
|
@ -124,8 +120,8 @@ let
|
|||
ExecStart = let
|
||||
config = pkgs.writeText "updater.ini" (generators.toINI { } {
|
||||
updater = {
|
||||
user = cloud.adminuser;
|
||||
password = cloud.adminpass;
|
||||
user = adminCreds.adminuser;
|
||||
password = adminCreds.adminpass;
|
||||
url = "https://${hostname}/";
|
||||
mode = "singlerun";
|
||||
};
|
||||
|
|
|
@ -29,7 +29,6 @@ in {
|
|||
./boot.nix
|
||||
./cloud.nix
|
||||
./network.nix
|
||||
./secret
|
||||
];
|
||||
m-0.monitoring = [{
|
||||
name = "hera";
|
||||
|
|
|
@ -80,7 +80,7 @@ in {
|
|||
postfix = {
|
||||
networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
|
||||
transport = "email2matrix.maralorn.de smtp:[::1]:2525";
|
||||
virtual = attrsToAliasList (pkgs.privateValue {} "mailing-lists"
|
||||
virtual = attrsToAliasList (pkgs.privateValue {} "mail/forwards"
|
||||
// {
|
||||
});
|
||||
};
|
||||
|
@ -91,7 +91,7 @@ in {
|
|||
enableImapSsl = true;
|
||||
fqdn = "hera.m-0.eu";
|
||||
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
|
||||
loginAccounts = pkgs.privateValue {} "mail-users";
|
||||
loginAccounts = pkgs.privateValue {} "mail/users";
|
||||
hierarchySeparator = "/";
|
||||
certificateScheme = 1;
|
||||
certificateFile = "${certPath}/fullchain.pem";
|
||||
|
|
|
@ -11,13 +11,16 @@ in {
|
|||
address = "213.136.94.190";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
ipv6.addresses = [{
|
||||
address = hosts.hera;
|
||||
prefixLength = 128;
|
||||
} {
|
||||
address = hosts.hera-wg-host;
|
||||
prefixLength = 128;
|
||||
}];
|
||||
ipv6.addresses = [
|
||||
{
|
||||
address = hosts.hera;
|
||||
prefixLength = 128;
|
||||
}
|
||||
{
|
||||
address = hosts.hera-wg-host;
|
||||
prefixLength = 128;
|
||||
}
|
||||
];
|
||||
};
|
||||
defaultGateway = "213.136.94.1";
|
||||
defaultGateway6 = {
|
||||
|
@ -54,8 +57,7 @@ in {
|
|||
nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
|
||||
firewall.allowedTCPPorts = [ 8666 ];
|
||||
firewall.allowedUDPPorts = [ wireguard.port ];
|
||||
wireguard.interfaces = let
|
||||
{
|
||||
wireguard.interfaces = {
|
||||
m0wire = {
|
||||
ips = [ "${hosts.hera-wg}/112" ];
|
||||
privateKeyFile = pkgs.privatePath "wireguard/hera-private";
|
||||
|
@ -63,7 +65,7 @@ in {
|
|||
peers = [{
|
||||
publicKey = wireguard.pub.apollo;
|
||||
allowedIPs = [ "${hosts.apollo-wg}/128" ];
|
||||
presharedKeyFile = pkgs.privatePath "wireguard-psk";
|
||||
presharedKeyFile = pkgs.privatePath "wireguard/psk";
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }: {
|
||||
{ config, pkgs, ... }: {
|
||||
networking.firewall.allowedTCPPorts = [ 3478 ];
|
||||
|
||||
services = {
|
||||
|
@ -7,7 +7,8 @@
|
|||
pkey = "/var/lib/acme/hera.m-0.eu/key.pem";
|
||||
cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem";
|
||||
no-tcp = true;
|
||||
static-auth-secret = config.m-0.private.turn_secret;
|
||||
static-auth-secret = (pkgs.privateValue { turn_shared_secret = ""; }
|
||||
"matrix/server-secrets").turn_shared_secret;
|
||||
realm = "maralorn.de";
|
||||
use-auth-secret = true;
|
||||
};
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ pkgs, config, lib, ... }: {
|
||||
imports = [ ../../common ./modules/laptop.nix ./modules/loginctl-linger.nix ];
|
||||
imports = [ ../../common ./modules/laptop.nix ./modules/loginctl-linger.nix ./admin.nix ];
|
||||
|
||||
i18n = { defaultLocale = "en_US.UTF-8"; };
|
||||
|
||||
|
@ -21,7 +21,10 @@
|
|||
acceptTerms = true;
|
||||
};
|
||||
|
||||
users.mutableUsers = false;
|
||||
users = {
|
||||
defaultUserShell = pkgs.zsh;
|
||||
mutableUsers = false;
|
||||
};
|
||||
|
||||
environment = {
|
||||
etc = lib.mapAttrs'
|
||||
|
@ -90,4 +93,12 @@
|
|||
clientMaxBodySize = "500m";
|
||||
};
|
||||
};
|
||||
programs = {
|
||||
zsh = {
|
||||
enable = true;
|
||||
autosuggestions.enable = true;
|
||||
enableCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ let
|
|||
MatrixRoomId = "<missing>";
|
||||
MatrixHomeserverUrl = "https://matrix.maralorn.de";
|
||||
MatrixUserId = "@marabot:matrix.maralorn.de";
|
||||
MatrixAccessToken = config.m-0.private.matrix_marabot_token;
|
||||
MatrixAccessToken = pkgs.privateValue "" "matrix/marabot-token";
|
||||
IgnoreSubject = false;
|
||||
IgnoreBody = false;
|
||||
SkipMarkdown = false;
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
config = {
|
||||
clients = [{
|
||||
UserId = "@marabot:maralorn.de";
|
||||
AccessToken = config.m-0.private.matrix_marabot_token;
|
||||
AccessToken = pkgs.privateValue "" "matrix/marabot-token";
|
||||
HomeServerUrl = "https://matrix.maralorn.de";
|
||||
Sync = true;
|
||||
AutoJoinRooms = true;
|
||||
|
@ -35,12 +35,6 @@
|
|||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
ID = "wikipedia_service";
|
||||
Type = "wikipedia";
|
||||
UserID = "@marabot:maralorn.de"; # requires a Syncing client
|
||||
Config = { };
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }: {
|
||||
{ config, pkgs, ... }: {
|
||||
services = {
|
||||
prometheus = {
|
||||
alertmanagers =
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
commonOptions = {
|
||||
enableACME = true;
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
{ pkgs, config, lib, ... }: {
|
||||
|
||||
imports = [ ./admin.nix ];
|
||||
|
||||
boot = {
|
||||
plymouth.enable = true;
|
||||
loader = {
|
||||
|
@ -14,11 +12,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
defaultUserShell = pkgs.zsh;
|
||||
mutableUsers = false;
|
||||
};
|
||||
|
||||
security.sudo.extraConfig =
|
||||
"\n Defaults timestamp_type=global, timestamp_timeout=15\n ";
|
||||
|
||||
|
@ -46,12 +39,6 @@
|
|||
|
||||
programs = {
|
||||
mtr.enable = true;
|
||||
zsh = {
|
||||
enable = true;
|
||||
autosuggestions.enable = true;
|
||||
enableCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
2
private
2
private
|
@ -1 +1 @@
|
|||
Subproject commit 846e2f77048ed9d79269af80cff3c0999e73433d
|
||||
Subproject commit 1d34893fe7ad99502f777bfd7168aa8f05894ea8
|
Loading…
Reference in a new issue