diff --git a/flake.lock b/flake.lock index 1fc8073..47f7738 100644 --- a/flake.lock +++ b/flake.lock @@ -5,14 +5,14 @@ "flake-parts": "flake-parts", "haskell-flake": "haskell-flake", "hercules-ci-effects": "hercules-ci-effects", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1700828696, - "narHash": "sha256-/XW6G0x1xrD2jvSC/69OxW6D3vCSpgTwNxpZZj4BrhI=", + "lastModified": 1703950660, + "narHash": "sha256-GgynJdQ6KngwFBd4YbMYbwesyOiMTZAFymsStE0PSfM=", "owner": "hercules-ci", "repo": "arion", - "rev": "172e69d5632faa173dcbbd4465eec6b91061c4c8", + "rev": "f295eabd25b7c894ab405be784e2a010f83fde55", "type": "github" }, "original": { @@ -42,14 +42,14 @@ "crane": "crane", "fenix": "fenix", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1694631477, - "narHash": "sha256-35SgWnBkWTyyRwVPyUKoShjzXfX0H1+HDdEEjZ/LsXc=", + "lastModified": 1705514181, + "narHash": "sha256-Y9qOM42lqfvVdg9VZ7lH6VXRcuAkH0T/FbgX+hW/1IQ=", "owner": "famedly", "repo": "conduit", - "rev": "3bfdae795d4d9ec9aeaac7465e7535ac88e47756", + "rev": "247599510290163181b8884fc2418d9e86e584c8", "type": "gitlab" }, "original": { @@ -163,11 +163,11 @@ ] }, "locked": { - "lastModified": 1675933616, - "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", "type": "github" }, "original": { @@ -178,14 +178,18 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "arion", + "hercules-ci-effects", + "nixpkgs" + ] }, "locked": { - "lastModified": 1688466019, - "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "lastModified": 1696343447, + "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4", "type": "github" }, "original": { @@ -193,29 +197,6 @@ "type": "indirect" } }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "arion", - "hercules-ci-effects", - "hercules-ci-agent", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1688466019, - "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -265,56 +246,20 @@ "type": "github" } }, - "haskell-flake_2": { - "locked": { - "lastModified": 1684780604, - "narHash": "sha256-2uMZsewmRn7rRtAnnQNw1lj0uZBMh4m6Cs/7dV5YF08=", - "owner": "srid", - "repo": "haskell-flake", - "rev": "74210fa80a49f1b6f67223debdbf1494596ff9f2", - "type": "github" - }, - "original": { - "owner": "srid", - "ref": "0.3.0", - "repo": "haskell-flake", - "type": "github" - } - }, - "hercules-ci-agent": { - "inputs": { - "flake-parts": "flake-parts_3", - "haskell-flake": "haskell-flake_2", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1688568579, - "narHash": "sha256-ON0M56wtY/TIIGPkXDlJboAmuYwc73Hi8X9iJGtxOhM=", - "owner": "hercules-ci", - "repo": "hercules-ci-agent", - "rev": "367dd8cd649b57009a6502e878005a1e54ad78c5", - "type": "github" - }, - "original": { - "id": "hercules-ci-agent", - "type": "indirect" - } - }, "hercules-ci-effects": { "inputs": { "flake-parts": "flake-parts_2", - "hercules-ci-agent": "hercules-ci-agent", "nixpkgs": [ "arion", "nixpkgs" ] }, "locked": { - "lastModified": 1689397210, - "narHash": "sha256-fVxZnqxMbsDkB4GzGAs/B41K0wt/e+B/fLxmTFF/S20=", + "lastModified": 1701009247, + "narHash": "sha256-GuX16rzRze2y7CsewJLTV6qXkXWyEwp6VCZXi8HLruU=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "0a63bfa3f00a3775ea3a6722b247880f1ffe91ce", + "rev": "31b6cd7569191bfcd0a548575b0e2ef953ed7d09", "type": "github" }, "original": { @@ -344,7 +289,7 @@ "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_2", "nix": "nix", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1669478601, @@ -363,7 +308,7 @@ "nix": { "inputs": { "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "nixpkgs-regression": "nixpkgs-regression" }, "locked": { @@ -382,11 +327,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1688322751, - "narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=", + "lastModified": 1701436327, + "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0fbe93c5a7cac99f90b60bdf5f149383daaa615f", + "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a", "type": "github" }, "original": { @@ -426,24 +371,6 @@ "type": "indirect" } }, - "nixpkgs-lib": { - "locked": { - "dir": "lib", - "lastModified": 1688049487, - "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-regression": { "locked": { "lastModified": 1643052045, @@ -478,11 +405,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1700794826, - "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", + "lastModified": 1705496572, + "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", + "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", "type": "github" }, "original": { @@ -493,22 +420,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1676300157, - "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1689444953, "narHash": "sha256-0o56bfb2LC38wrinPdCGLDScd77LVcr7CrH1zK7qvDg=", @@ -524,7 +435,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1657693803, "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", @@ -540,7 +451,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1669378442, "narHash": "sha256-nm+4PN0A4SnV0SzEchxrMyKPvI3Ld/aoom4PnHeHucs=", @@ -556,23 +467,23 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { - "lastModified": 1700851152, - "narHash": "sha256-3PWITNJZyA3jz5IGREJRfSykM6xSLmD8u5A3WpBCyDM=", + "lastModified": 1705641746, + "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1216a5ba22a93a4a3a3bfdb4bff0f4727c576fcc", + "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1670751203, "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", @@ -592,7 +503,7 @@ "arion": "arion", "conduit": "conduit", "mms": "mms", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "nixpkgsOld": "nixpkgsOld", "nixpkgsUnstable": "nixpkgsUnstable", "simple-nixos-mailserver": "simple-nixos-mailserver" @@ -646,7 +557,7 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", "utils": "utils" diff --git a/flake.nix b/flake.nix index 2c61090..d797d1c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,67 +1,81 @@ { inputs = { nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-22.11"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable"; #nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; arion.url = "github:hercules-ci/arion"; mms.url = "github:mkaito/nixos-modded-minecraft-servers"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; conduit = { - url = "gitlab:famedly/conduit"; + url = "gitlab:famedly/conduit"; }; }; - outputs = { self, nixpkgsOld, nixpkgs, nixpkgsUnstable, ... }@inputs: - let - hostPkgs = import nixpkgs { system = "x86_64-linux"; }; - in { - devShell."x86_64-linux" = with hostPkgs; mkShell { - buildInputs = [ colmena pass ]; + outputs = { + self, + nixpkgsOld, + nixpkgs, + nixpkgsUnstable, + ... + } @ inputs: let + hostPkgs = import nixpkgs {system = "x86_64-linux";}; + in { + devShell."x86_64-linux" = with hostPkgs; + mkShell { + buildInputs = [colmena pass]; }; - colmena = { - meta = { - nixpkgs = import nixpkgs { + colmena = { + meta = { + nixpkgs = import nixpkgs { + system = "aarch64-linux"; + overlays = []; + }; + specialArgs = { + inherit inputs nixpkgsUnstable; + pkgsUnstable = import nixpkgsUnstable { system = "aarch64-linux"; overlays = []; }; - specialArgs = { - inherit inputs; - pkgsUnstable = import nixpkgsUnstable { - system = "aarch64-linux"; - overlays = []; - }; - pkgsOld = import nixpkgsOld { - system = "aarch64-linux"; - overlays = []; - }; + pkgsOld = import nixpkgsOld { + system = "aarch64-linux"; + overlays = []; }; }; - - katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: { - deployment = { - targetHost = "katzen.cafe"; - buildOnTarget = true; - }; - imports = [ - ./modules/base-stuff.nix - ./modules/proxy.nix - ./modules/postgres.nix - ./modules/jitsi.nix - ./modules/containers - ./modules/conduit.nix - ./modules/keycloak.nix - ./modules/forgejo.nix - ./modules/mumble.nix - ./modules/modded-mc.nix - ./modules/monitoring.nix - ./modules/mailserver.nix - ./modules/vaultwarden.nix - ./modules/hedgedoc.nix - ]; - - system.stateVersion = "22.11"; - }; + }; + + katzencafe = { + name, + nodes, + pkgs, + pkgsUnstable, + inputs, + ... + }: { + deployment = { + targetHost = "katzen.cafe"; + buildOnTarget = true; + }; + imports = [ + ./modules/base-stuff.nix + ./modules/proxy.nix + ./modules/postgres.nix + ./modules/jitsi.nix + ./modules/containers + ./modules/conduit.nix + ./modules/keycloak.nix + ./modules/forgejo.nix + ./modules/mumble.nix + ./modules/modded-mc.nix + ./modules/monitoring.nix + ./modules/mailserver.nix + ./modules/vaultwarden.nix + ./modules/hedgedoc.nix + ./modules/invidious.nix + ]; + + system.stateVersion = "22.11"; }; }; + }; } diff --git a/modules/containers/nextcloud.nix b/modules/containers/nextcloud.nix index 17173c9..5728858 100644 --- a/modules/containers/nextcloud.nix +++ b/modules/containers/nextcloud.nix @@ -41,6 +41,7 @@ user_oidc = pkgs.fetchNextcloudApp rec { url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz"; sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w"; + license = "agpl3"; }; }; }; diff --git a/modules/forgejo.nix b/modules/forgejo.nix index 2084542..b6ca052 100644 --- a/modules/forgejo.nix +++ b/modules/forgejo.nix @@ -1,12 +1,27 @@ -{ pkgs, pkgsUnstable, ... }: { - services.gitea = { + pkgs, + pkgsUnstable, + ... +}: { + users.users.gitea = { + home = "/var/lib/gitea"; + useDefaultShell = true; + group = "gitea"; + isSystemUser = true; + }; + users.groups.gitea = {}; + services.forgejo = { enable = true; package = pkgsUnstable.forgejo; repositoryRoot = "/forgejo/repos"; + stateDir = "/var/lib/gitea"; appName = "Katzenschmiede"; + user = "gitea"; + group = "gitea"; database = { type = "postgres"; + name = "gitea"; + user = "gitea"; }; settings = { openid = { @@ -42,7 +57,7 @@ }; deployment.keys = { "noreply-mail-pw-plain" = { - keyCommand = [ "pass" "mailpws/plain/noreply" ]; + keyCommand = ["pass" "mailpws/plain/noreply"]; destDir = "/var/lib/secrets"; permissions = "0604"; }; diff --git a/modules/invidious.nix b/modules/invidious.nix new file mode 100644 index 0000000..7b08bf2 --- /dev/null +++ b/modules/invidious.nix @@ -0,0 +1,34 @@ +{ + nixpkgsUnstable, + pkgsUnstable, + ... +}: { + imports = [ + "${nixpkgsUnstable}/nixos/modules/services/web-apps/invidious.nix" + ]; + disabledModules = [ + "services/web-apps/invidious.nix" + ]; + services.invidious = { + enable = true; + domain = "catio.katzen.cafe"; + serviceScale = 8; + http3-ytproxy.enable = true; + http3-ytproxy.package = pkgsUnstable.http3-ytproxy; + nginx.enable = true; + port = 3033; + settings = { + registration_enabled = true; + admins = ["adminkatze"]; + banner = "Experimental katzen.cafe invidious instance! Meow!"; + use_pubsub_feeds = true; + dark_mode = "dark"; + force_resolve = "ipv6"; + save_player_pos = true; + db = { + user = "invidious"; + name = "invidious"; + }; + }; + }; +}