emelie/nix-deploy
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Wiki Activity

Bump to nixpkgs 22.05

Browse source
This commit is contained in:
Emelie Graven 2022-08-03 08:57:34 +02:00
parent 41781e6a17
commit 8750d000bc
Signed by: emelie
GPG key ID: C11123726DBB55A1
14 changed files with 170 additions and 163 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/common/services/ssh.nix
View file

@ -4,7 +4,7 @@
enable = true; enable = true;
permitRootLogin = "no"; permitRootLogin = "no";
passwordAuthentication = false; passwordAuthentication = false;
challengeResponseAuthentication = false; kbdInteractiveAuthentication = false;
hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ]; hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ];
kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ]; kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ]; macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];

1
config/common/users.nix
View file

@ -7,6 +7,7 @@
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO4LyBsW1YuUA6i3EL/IZhchSvk7reO4qgRmR/tdQPU emelie@flap" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO4LyBsW1YuUA6i3EL/IZhchSvk7reO4qgRmR/tdQPU emelie@flap"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGRtSxLRqPWmsn161ybDFcMYxrBKhay5a485tlM8hQEuAAAABHNzaDo= emelie@thinky-fed" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGRtSxLRqPWmsn161ybDFcMYxrBKhay5a485tlM8hQEuAAAABHNzaDo= emelie@thinky-fed"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBkWK8PsRh8tOz4800XFN3V2IUm2u95qOaVnuHnMknjiAAAABHNzaDo= emelie@em-work"
]; ];
}; };

BIN
config/hosts/grondahl/data/secrets/secrets.nix
View file

Binary file not shown.

BIN
config/hosts/grondahl/data/secrets/synapse_db_password
View file

Binary file not shown.

BIN
config/hosts/grondahl/data/secrets/synapse_extra_config Normal file
View file

Binary file not shown.

2
config/hosts/grondahl/services/acme.nix
View file

@ -3,7 +3,7 @@
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
email = "admin+certs@anarkafem.dev"; defaults.email = "admin+certs@anarkafem.dev";
}; };
} }

4
config/hosts/grondahl/services/redis.nix
View file

@ -1,11 +1,13 @@
{ config, ... }: { config, ... }:
{ {
services.redis = { services.redis = {
vmOverCommit = true;
servers."" = {
enable = true; enable = true;
unixSocket = "/run/redis/redis.sock"; unixSocket = "/run/redis/redis.sock";
vmOverCommit = true;
unixSocketPerm = 770; unixSocketPerm = 770;
#requirePassfile = config.secrets.files.redis_pass.file; #requirePassfile = config.secrets.files.redis_pass.file;
}; };
};
} }

10
config/hosts/grondahl/services/synapse.nix
View file

@ -3,15 +3,14 @@
{ {
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
extraConfigFiles = [ config.secrets.files.synapse_extra_config.file ];
settings = {
server_name = "anarkafem.dev"; server_name = "anarkafem.dev";
enable_registration = false; enable_registration = false;
registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file; registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file;
turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file; turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file;
max_upload_size = "100M"; max_upload_size = "100M";
database_type = "psycopg2";
database_args = {
password = builtins.toString config.secrets.files.synapse_db_password.file;
};
turn_uris = [ turn_uris = [
"turn:turn.anarkafem.dev:3478?transport=udp" "turn:turn.anarkafem.dev:3478?transport=udp"
"turn:turn.anarkafem.dev:3478?transport=tcp" "turn:turn.anarkafem.dev:3478?transport=tcp"
@ -57,7 +56,7 @@
listeners = [ listeners = [
{ {
port = 8008; port = 8008;
bind_address = "127.0.0.1"; bind_addresses = ["127.0.0.1"];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
@ -70,5 +69,6 @@
} }
]; ];
}; };
};
} }

2
config/hosts/rudiger/services/acme.nix
View file

@ -3,7 +3,7 @@
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
email = "admin+certs@graven.dev"; defaults.email = "admin+certs@graven.dev";
}; };
} }

2
config/hosts/rudiger/services/nextcloud.nix
View file

@ -4,7 +4,7 @@
enable = true; enable = true;
hostName = "cloud.graven.dev"; hostName = "cloud.graven.dev";
https = true; https = true;
package = pkgs.nextcloud22; package = pkgs.nextcloud24;
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
maxUploadSize = "10G"; maxUploadSize = "10G";
webfinger = true; webfinger = true;

4
config/hosts/rudiger/services/redis.nix
View file

@ -1,10 +1,12 @@
{ config, ... }: { config, ... }:
{ {
services.redis = { services.redis = {
vmOverCommit = true;
servers."" = {
enable = true; enable = true;
unixSocket = "/run/redis/redis.sock"; unixSocket = "/run/redis/redis.sock";
vmOverCommit = true;
unixSocketPerm = 770; unixSocketPerm = 770;
#requirePassfile = config.secrets.files.redis_pass.file; #requirePassfile = config.secrets.files.redis_pass.file;
}; };
};
} }

2
config/hosts/wind/services/acme.nix
View file

@ -3,7 +3,7 @@
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
email = "admin+certs@graven.dev"; defaults.email = "admin+certs@graven.dev";
}; };
} }

28
config/hosts/wind/services/synapse.nix
View file

@ -3,14 +3,16 @@
{ {
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
withJemalloc = true;
settings = {
server_name = "graven.dev"; server_name = "graven.dev";
enable_registration = false; enable_registration = false;
registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file; registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file;
turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file; turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file;
max_upload_size = "100M"; max_upload_size = "100M";
database_type = "psycopg2"; database.name = "psycopg2";
database_user = "synapse"; database.args.user = "synapse";
database_name = "synapse"; database.args.database = "synapse";
turn_uris = [ turn_uris = [
"turn:turn.graven.dev:3478?transport=udp" "turn:turn.graven.dev:3478?transport=udp"
"turn:turn.graven.dev:3478?transport=tcp" "turn:turn.graven.dev:3478?transport=tcp"
@ -22,12 +24,11 @@
"turns:turn.graven.dev:5350?transport=tcp" "turns:turn.graven.dev:5350?transport=tcp"
]; ];
report_stats = true; report_stats = true;
withJemalloc = true;
extraConfig = '' extraConfig = ''
password_config: password_config:
enabled: false enabled: false
oidc_providers: oidc_providers:
- idp_id: authentik - idp_id: authentik
idp_name: authentik idp_name: authentik
discover: true discover: true
@ -46,33 +47,33 @@ oidc_providers:
''; '';
logConfig = '' logConfig = ''
version: 1 version: 1
formatters: formatters:
precise: precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers: handlers:
console: console:
class: logging.StreamHandler class: logging.StreamHandler
formatter: precise formatter: precise
loggers: loggers:
synapse.storage.SQL: synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive # beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens. # information such as access tokens.
level: WARN level: WARN
root: root:
level: WARN level: WARN
handlers: [console] handlers: [console]
disable_existing_loggers: false disable_existing_loggers: false
''; '';
listeners = [ listeners = [
{ {
port = 8008; port = 8008;
bind_address = "127.0.0.1"; bind_addresses = ["127.0.0.1"];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
@ -85,5 +86,6 @@ disable_existing_loggers: false
} }
]; ];
}; };
};
} }

26
config/sources/nix/sources.json
View file

@ -5,10 +5,10 @@
"homepage": "https://github.com/nmattia/niv", "homepage": "https://github.com/nmattia/niv",
"owner": "nmattia", "owner": "nmattia",
"repo": "niv", "repo": "niv",
"rev": "df49d53b71ad5b6b5847b32e5254924d60703c46", "rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41",
"sha256": "1j5p8mi1wi3pdcq0lfb881p97i232si07nb605dl92cjwnira88c", "sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7",
"type": "tarball", "type": "tarball",
"url": "https://github.com/nmattia/niv/archive/df49d53b71ad5b6b5847b32e5254924d60703c46.tar.gz", "url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixos-hardware": { "nixos-hardware": {
@ -17,22 +17,22 @@
"homepage": "", "homepage": "",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "f4160a629bac3538939a3005c8b5c7fb320bcf59", "rev": "ea3efc80f8ab83cb73aec39f4e76fe87afb15a08",
"sha256": "0w4k1fis534iafc72cjmig72697pz4s3fjj211fhzf443zh49in7", "sha256": "0h87y6z42ch128j6yslydvdzajqcrqzhihi4nrpwida4js2pl1ak",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixos-hardware/archive/f4160a629bac3538939a3005c8b5c7fb320bcf59.tar.gz", "url": "https://github.com/NixOS/nixos-hardware/archive/ea3efc80f8ab83cb73aec39f4e76fe87afb15a08.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixpkgs": { "nixpkgs": {
"branch": "release-21.11", "branch": "release-22.05",
"description": "Nix Packages collection", "description": "Nix Packages collection",
"homepage": "", "homepage": "",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "838eefb4f93f2306d4614aafb9b2375f315d917f", "rev": "c55096e021c6ab0be3945be2535b3b4324e4f571",
"sha256": "1bm8cmh1wx4h8b4fhbs75hjci3gcrpi7k1m1pmiy3nc0gjim9vkg", "sha256": "0smvw72cv80zq1y1y5vjfjbz0bv6mg8iznhv779s2vn5dz1s3kwx",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/838eefb4f93f2306d4614aafb9b2375f315d917f.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/c55096e021c6ab0be3945be2535b3b4324e4f571.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixus": { "nixus": {
@ -41,10 +41,10 @@
"homepage": "", "homepage": "",
"owner": "Infinisil", "owner": "Infinisil",
"repo": "nixus", "repo": "nixus",
"rev": "d1e1057a31f16a75d9f871e311c4aaaf664561b9", "rev": "a7b742f2f4c9d37cd84b8f0ab7ee57c4b3d9f393",
"sha256": "0d4576dssr6l4vdpi86rbf6dyn3jfl3csvmn9csd4n6dj53f5pqm", "sha256": "0pyplivs96vxnnnj3w8drd806xxzhrxcn969hh1bhbds4h4s5k16",
"type": "tarball", "type": "tarball",
"url": "https://github.com/Infinisil/nixus/archive/d1e1057a31f16a75d9f871e311c4aaaf664561b9.tar.gz", "url": "https://github.com/Infinisil/nixus/archive/a7b742f2f4c9d37cd84b8f0ab7ee57c4b3d9f393.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
} }
} }