From d4fddef96ba76bc53b619016caccab34da7b7124 Mon Sep 17 00:00:00 2001 From: Malte Brandy Date: Thu, 1 Oct 2020 07:10:28 +0200 Subject: [PATCH] Fix building on hera --- home-manager/roles/weechat/default.nix | 5 ++--- nixos/machines/hera/cloud.nix | 30 +++++++++++-------------- nixos/machines/hera/configuration.nix | 1 - nixos/machines/hera/mail.nix | 4 ++-- nixos/machines/hera/network.nix | 22 +++++++++--------- nixos/roles/{standalone => }/admin.nix | 0 nixos/roles/coturn.nix | 5 +++-- nixos/roles/default.nix | 15 +++++++++++-- nixos/roles/email2matrix.nix | 2 +- nixos/roles/go-neb.nix | 8 +------ nixos/roles/monitoring/alertmanager.nix | 2 +- nixos/roles/monitoring/default.nix | 2 +- nixos/roles/standalone/default.nix | 13 ----------- private | 2 +- 14 files changed, 50 insertions(+), 61 deletions(-) rename nixos/roles/{standalone => }/admin.nix (100%) diff --git a/home-manager/roles/weechat/default.nix b/home-manager/roles/weechat/default.nix index 027ec4f7..e6ecb311 100644 --- a/home-manager/roles/weechat/default.nix +++ b/home-manager/roles/weechat/default.nix @@ -1,7 +1,6 @@ { lib, pkgs, config, ... }: with lib; let - weechatConfig = import ../../../nixos/machines/hera/secret/weechat.nix; weechat = pkgs.wrapWeechat pkgs.weechat-unwrapped { configure = { availablePlugins, ... }: { plugins = builtins.attrValues (availablePlugins // { @@ -87,7 +86,7 @@ in { ${server}.autoconnect = on ${server}.username = "${serverConfig.user}" ${server}.password = "${serverConfig.password}" - '') pkgs.privateValue { } "weechat/matrix")} + '') (pkgs.privateValue { } "weechat/matrix"))} ''; }; irc = { @@ -107,7 +106,7 @@ in { ${server}.autoconnect = on ${server}.username = "${serverConfig.user}" ${server}.autojoin = "${serverConfig.channels}" - '') pkgs.privateValue { } "weechat/irc")} + '') (pkgs.privateValue { } "weechat/irc"))} ''; }; }; diff --git a/nixos/machines/hera/cloud.nix b/nixos/machines/hera/cloud.nix index 20a38a15..58146eb8 100644 --- a/nixos/machines/hera/cloud.nix +++ b/nixos/machines/hera/cloud.nix @@ -1,7 +1,11 @@ -{ config, lib, ... }: +{ pkgs, config, lib, ... }: with lib; let - inherit (config.m-0.private) me cloud; + adminCreds = pkgs.privateValue { + adminpass = ""; + dbpass = ""; + adminuser = ""; + } "nextcloud-admin"; inherit (config.m-0) hosts; certPath = "/var/lib/acme"; nextcloud-container = { v6, v4, hostname, rss ? false, extraMounts ? { } }: { @@ -66,26 +70,18 @@ let dbname = "nextcloud"; dbuser = "nextcloud"; dbhost = "localhost"; - } // pkgs.privateValue { - adminpass = ""; - dbpass = ""; - adminuser = ""; - } "nextcloud-admin"; + } // adminCreds; autoUpdateApps = { enable = true; startAt = "20:30"; }; }; - redis = { enable = true; }; + redis.enable = true; postgresql = { enable = true; package = pkgs.postgresql_9_6; - initialScript = pkgs.writeText "psql-init" '' - create role nextcloud with login password '${cloud.dbpass}'; - create database nextcloud with owner nextcloud; - ''; }; }; systemd = { @@ -109,14 +105,14 @@ let }; startAt = "23:00"; }; - "prometheus-nginx-exporter" = { + prometheus-nginx-exporter = { serviceConfig = { RestartSec = 10; }; }; - "nextcloud-setup" = { + nextcloud-setup = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; }; - "nextcloud-news-updater" = mkIf rss { + nextcloud-news-updater = mkIf rss { startAt = "20:00"; serviceConfig = { Type = "oneshot"; @@ -124,8 +120,8 @@ let ExecStart = let config = pkgs.writeText "updater.ini" (generators.toINI { } { updater = { - user = cloud.adminuser; - password = cloud.adminpass; + user = adminCreds.adminuser; + password = adminCreds.adminpass; url = "https://${hostname}/"; mode = "singlerun"; }; diff --git a/nixos/machines/hera/configuration.nix b/nixos/machines/hera/configuration.nix index 5bca8842..97f1bb20 100644 --- a/nixos/machines/hera/configuration.nix +++ b/nixos/machines/hera/configuration.nix @@ -29,7 +29,6 @@ in { ./boot.nix ./cloud.nix ./network.nix - ./secret ]; m-0.monitoring = [{ name = "hera"; diff --git a/nixos/machines/hera/mail.nix b/nixos/machines/hera/mail.nix index 15e47e61..42af8356 100644 --- a/nixos/machines/hera/mail.nix +++ b/nixos/machines/hera/mail.nix @@ -80,7 +80,7 @@ in { postfix = { networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ]; transport = "email2matrix.maralorn.de smtp:[::1]:2525"; - virtual = attrsToAliasList (pkgs.privateValue {} "mailing-lists" + virtual = attrsToAliasList (pkgs.privateValue {} "mail/forwards" // { }); }; @@ -91,7 +91,7 @@ in { enableImapSsl = true; fqdn = "hera.m-0.eu"; domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ]; - loginAccounts = pkgs.privateValue {} "mail-users"; + loginAccounts = pkgs.privateValue {} "mail/users"; hierarchySeparator = "/"; certificateScheme = 1; certificateFile = "${certPath}/fullchain.pem"; diff --git a/nixos/machines/hera/network.nix b/nixos/machines/hera/network.nix index a6a152bf..f56b3901 100644 --- a/nixos/machines/hera/network.nix +++ b/nixos/machines/hera/network.nix @@ -11,13 +11,16 @@ in { address = "213.136.94.190"; prefixLength = 24; }]; - ipv6.addresses = [{ - address = hosts.hera; - prefixLength = 128; - } { - address = hosts.hera-wg-host; - prefixLength = 128; - }]; + ipv6.addresses = [ + { + address = hosts.hera; + prefixLength = 128; + } + { + address = hosts.hera-wg-host; + prefixLength = 128; + } + ]; }; defaultGateway = "213.136.94.1"; defaultGateway6 = { @@ -54,8 +57,7 @@ in { nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ]; firewall.allowedTCPPorts = [ 8666 ]; firewall.allowedUDPPorts = [ wireguard.port ]; - wireguard.interfaces = let - { + wireguard.interfaces = { m0wire = { ips = [ "${hosts.hera-wg}/112" ]; privateKeyFile = pkgs.privatePath "wireguard/hera-private"; @@ -63,7 +65,7 @@ in { peers = [{ publicKey = wireguard.pub.apollo; allowedIPs = [ "${hosts.apollo-wg}/128" ]; - presharedKeyFile = pkgs.privatePath "wireguard-psk"; + presharedKeyFile = pkgs.privatePath "wireguard/psk"; }]; }; }; diff --git a/nixos/roles/standalone/admin.nix b/nixos/roles/admin.nix similarity index 100% rename from nixos/roles/standalone/admin.nix rename to nixos/roles/admin.nix diff --git a/nixos/roles/coturn.nix b/nixos/roles/coturn.nix index 08d41c3c..c1017ee2 100644 --- a/nixos/roles/coturn.nix +++ b/nixos/roles/coturn.nix @@ -1,4 +1,4 @@ -{ config, ... }: { +{ config, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 3478 ]; services = { @@ -7,7 +7,8 @@ pkey = "/var/lib/acme/hera.m-0.eu/key.pem"; cert = "/var/lib/acme/hera.m-0.eu/fullchain.pem"; no-tcp = true; - static-auth-secret = config.m-0.private.turn_secret; + static-auth-secret = (pkgs.privateValue { turn_shared_secret = ""; } + "matrix/server-secrets").turn_shared_secret; realm = "maralorn.de"; use-auth-secret = true; }; diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix index e156d62f..b777e832 100644 --- a/nixos/roles/default.nix +++ b/nixos/roles/default.nix @@ -1,5 +1,5 @@ { pkgs, config, lib, ... }: { - imports = [ ../../common ./modules/laptop.nix ./modules/loginctl-linger.nix ]; + imports = [ ../../common ./modules/laptop.nix ./modules/loginctl-linger.nix ./admin.nix ]; i18n = { defaultLocale = "en_US.UTF-8"; }; @@ -21,7 +21,10 @@ acceptTerms = true; }; - users.mutableUsers = false; + users = { + defaultUserShell = pkgs.zsh; + mutableUsers = false; + }; environment = { etc = lib.mapAttrs' @@ -90,4 +93,12 @@ clientMaxBodySize = "500m"; }; }; + programs = { + zsh = { + enable = true; + autosuggestions.enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + }; + }; } diff --git a/nixos/roles/email2matrix.nix b/nixos/roles/email2matrix.nix index 8310a5f8..34bab168 100644 --- a/nixos/roles/email2matrix.nix +++ b/nixos/roles/email2matrix.nix @@ -5,7 +5,7 @@ let MatrixRoomId = ""; MatrixHomeserverUrl = "https://matrix.maralorn.de"; MatrixUserId = "@marabot:matrix.maralorn.de"; - MatrixAccessToken = config.m-0.private.matrix_marabot_token; + MatrixAccessToken = pkgs.privateValue "" "matrix/marabot-token"; IgnoreSubject = false; IgnoreBody = false; SkipMarkdown = false; diff --git a/nixos/roles/go-neb.nix b/nixos/roles/go-neb.nix index 4292197c..4333169a 100644 --- a/nixos/roles/go-neb.nix +++ b/nixos/roles/go-neb.nix @@ -7,7 +7,7 @@ config = { clients = [{ UserId = "@marabot:maralorn.de"; - AccessToken = config.m-0.private.matrix_marabot_token; + AccessToken = pkgs.privateValue "" "matrix/marabot-token"; HomeServerUrl = "https://matrix.maralorn.de"; Sync = true; AutoJoinRooms = true; @@ -35,12 +35,6 @@ }; }; } - { - ID = "wikipedia_service"; - Type = "wikipedia"; - UserID = "@marabot:maralorn.de"; # requires a Syncing client - Config = { }; - } ]; }; }; diff --git a/nixos/roles/monitoring/alertmanager.nix b/nixos/roles/monitoring/alertmanager.nix index 94695d02..2c7d69d6 100644 --- a/nixos/roles/monitoring/alertmanager.nix +++ b/nixos/roles/monitoring/alertmanager.nix @@ -1,4 +1,4 @@ -{ config, ... }: { +{ config, pkgs, ... }: { services = { prometheus = { alertmanagers = diff --git a/nixos/roles/monitoring/default.nix b/nixos/roles/monitoring/default.nix index a6aa398f..b95c45ca 100644 --- a/nixos/roles/monitoring/default.nix +++ b/nixos/roles/monitoring/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: let commonOptions = { enableACME = true; diff --git a/nixos/roles/standalone/default.nix b/nixos/roles/standalone/default.nix index 6df34291..bd3641b1 100644 --- a/nixos/roles/standalone/default.nix +++ b/nixos/roles/standalone/default.nix @@ -1,7 +1,5 @@ { pkgs, config, lib, ... }: { - imports = [ ./admin.nix ]; - boot = { plymouth.enable = true; loader = { @@ -14,11 +12,6 @@ }; }; - users = { - defaultUserShell = pkgs.zsh; - mutableUsers = false; - }; - security.sudo.extraConfig = "\n Defaults timestamp_type=global, timestamp_timeout=15\n "; @@ -46,12 +39,6 @@ programs = { mtr.enable = true; - zsh = { - enable = true; - autosuggestions.enable = true; - enableCompletion = true; - syntaxHighlighting.enable = true; - }; }; } diff --git a/private b/private index 846e2f77..1d34893f 160000 --- a/private +++ b/private @@ -1 +1 @@ -Subproject commit 846e2f77048ed9d79269af80cff3c0999e73433d +Subproject commit 1d34893fe7ad99502f777bfd7168aa8f05894ea8