emelie/nix-deploy
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Wiki Activity

Bump to nixpkgs 22.05

Browse source
This commit is contained in:
Emelie Graven 2022-08-03 08:57:34 +02:00
parent 41781e6a17
commit 8750d000bc
Signed by: emelie
GPG key ID: C11123726DBB55A1
14 changed files with 170 additions and 163 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/common/services/ssh.nix
View file

@ -4,7 +4,7 @@
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
challengeResponseAuthentication = false;
kbdInteractiveAuthentication = false;
hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ];
kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];

5
config/common/users.nix
View file

@ -5,8 +5,9 @@
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO4LyBsW1YuUA6i3EL/IZhchSvk7reO4qgRmR/tdQPU emelie@flap"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGRtSxLRqPWmsn161ybDFcMYxrBKhay5a485tlM8hQEuAAAABHNzaDo= emelie@thinky-fed"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO4LyBsW1YuUA6i3EL/IZhchSvk7reO4qgRmR/tdQPU emelie@flap"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGRtSxLRqPWmsn161ybDFcMYxrBKhay5a485tlM8hQEuAAAABHNzaDo= emelie@thinky-fed"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBkWK8PsRh8tOz4800XFN3V2IUm2u95qOaVnuHnMknjiAAAABHNzaDo= emelie@em-work"
];
};

BIN
config/hosts/grondahl/data/secrets/secrets.nix
View file

Binary file not shown.

BIN
config/hosts/grondahl/data/secrets/synapse_db_password
View file

Binary file not shown.

BIN
config/hosts/grondahl/data/secrets/synapse_extra_config Normal file
View file

Binary file not shown.

2
config/hosts/grondahl/services/acme.nix
View file

@ -3,7 +3,7 @@
{
security.acme = {
acceptTerms = true;
email = "admin+certs@anarkafem.dev";
defaults.email = "admin+certs@anarkafem.dev";
};
}

10
config/hosts/grondahl/services/redis.nix
View file

@ -1,11 +1,13 @@
{ config, ... }:
{
services.redis = {
enable = true;
unixSocket = "/run/redis/redis.sock";
vmOverCommit = true;
unixSocketPerm = 770;
#requirePassfile = config.secrets.files.redis_pass.file;
servers."" = {
enable = true;
unixSocket = "/run/redis/redis.sock";
unixSocketPerm = 770;
#requirePassfile = config.secrets.files.redis_pass.file;
};
};
}

122
config/hosts/grondahl/services/synapse.nix
View file

@ -3,72 +3,72 @@
{
services.matrix-synapse = {
enable = true;
server_name = "anarkafem.dev";
enable_registration = false;
registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file;
turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file;
max_upload_size = "100M";
database_type = "psycopg2";
database_args = {
password = builtins.toString config.secrets.files.synapse_db_password.file;
};
turn_uris = [
"turn:turn.anarkafem.dev:3478?transport=udp"
"turn:turn.anarkafem.dev:3478?transport=tcp"
"turn:turn.anarkafem.dev:3479?transport=udp"
"turn:turn.anarkafem.dev:3479?transport=tcp"
"turns:turn.anarkafem.dev:5349?transport=udp"
"turns:turn.anarkafem.dev:5349?transport=tcp"
"turns:turn.anarkafem.dev:5350?transport=udp"
"turns:turn.anarkafem.dev:5350?transport=tcp"
];
report_stats = false;
withJemalloc = true;
servers = { "anarkafem.dev" = {}; };
extraConfig = ''
default_room_version: "9"
auto_join_rooms:
- "#suf-aalborg:anarkafem.dev"
'';
logConfig = ''
version: 1
extraConfigFiles = [ config.secrets.files.synapse_extra_config.file ];
settings = {
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
server_name = "anarkafem.dev";
enable_registration = false;
registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file;
turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file;
max_upload_size = "100M";
turn_uris = [
"turn:turn.anarkafem.dev:3478?transport=udp"
"turn:turn.anarkafem.dev:3478?transport=tcp"
"turn:turn.anarkafem.dev:3479?transport=udp"
"turn:turn.anarkafem.dev:3479?transport=tcp"
"turns:turn.anarkafem.dev:5349?transport=udp"
"turns:turn.anarkafem.dev:5349?transport=tcp"
"turns:turn.anarkafem.dev:5350?transport=udp"
"turns:turn.anarkafem.dev:5350?transport=tcp"
];
report_stats = false;
withJemalloc = true;
servers = { "anarkafem.dev" = {}; };
extraConfig = ''
default_room_version: "9"
auto_join_rooms:
- "#suf-aalborg:anarkafem.dev"
'';
logConfig = ''
version: 1
handlers:
console:
class: logging.StreamHandler
formatter: precise
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
handlers:
console:
class: logging.StreamHandler
formatter: precise
root:
level: INFO
handlers: [console]
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
disable_existing_loggers: false
'';
listeners = [
{
port = 8008;
bind_address = "127.0.0.1";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
root:
level: INFO
handlers: [console]
disable_existing_loggers: false
'';
listeners = [
{
port = 8008;
bind_addresses = ["127.0.0.1"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
};
};
}

2
config/hosts/rudiger/services/acme.nix
View file

@ -3,7 +3,7 @@
{
security.acme = {
acceptTerms = true;
email = "admin+certs@graven.dev";
defaults.email = "admin+certs@graven.dev";
};
}

2
config/hosts/rudiger/services/nextcloud.nix
View file

@ -4,7 +4,7 @@
enable = true;
hostName = "cloud.graven.dev";
https = true;
package = pkgs.nextcloud22;
package = pkgs.nextcloud24;
autoUpdateApps.enable = true;
maxUploadSize = "10G";
webfinger = true;

12
config/hosts/rudiger/services/redis.nix
View file

@ -1,10 +1,12 @@
{ config, ... }:
{
services.redis = {
enable = true;
unixSocket = "/run/redis/redis.sock";
vmOverCommit = true;
unixSocketPerm = 770;
#requirePassfile = config.secrets.files.redis_pass.file;
};
servers."" = {
enable = true;
unixSocket = "/run/redis/redis.sock";
unixSocketPerm = 770;
#requirePassfile = config.secrets.files.redis_pass.file;
};
};
}

2
config/hosts/wind/services/acme.nix
View file

@ -3,7 +3,7 @@
{
security.acme = {
acceptTerms = true;
email = "admin+certs@graven.dev";
defaults.email = "admin+certs@graven.dev";
};
}

148
config/hosts/wind/services/synapse.nix
View file

@ -3,87 +3,89 @@
{
services.matrix-synapse = {
enable = true;
server_name = "graven.dev";
enable_registration = false;
registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file;
turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file;
max_upload_size = "100M";
database_type = "psycopg2";
database_user = "synapse";
database_name = "synapse";
turn_uris = [
"turn:turn.graven.dev:3478?transport=udp"
"turn:turn.graven.dev:3478?transport=tcp"
"turn:turn.graven.dev:3479?transport=udp"
"turn:turn.graven.dev:3479?transport=tcp"
"turns:turn.graven.dev:5349?transport=udp"
"turns:turn.graven.dev:5349?transport=tcp"
"turns:turn.graven.dev:5350?transport=udp"
"turns:turn.graven.dev:5350?transport=tcp"
];
report_stats = true;
withJemalloc = true;
settings = {
server_name = "graven.dev";
enable_registration = false;
registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file;
turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file;
max_upload_size = "100M";
database.name = "psycopg2";
database.args.user = "synapse";
database.args.database = "synapse";
turn_uris = [
"turn:turn.graven.dev:3478?transport=udp"
"turn:turn.graven.dev:3478?transport=tcp"
"turn:turn.graven.dev:3479?transport=udp"
"turn:turn.graven.dev:3479?transport=tcp"
"turns:turn.graven.dev:5349?transport=udp"
"turns:turn.graven.dev:5349?transport=tcp"
"turns:turn.graven.dev:5350?transport=udp"
"turns:turn.graven.dev:5350?transport=tcp"
];
report_stats = true;
extraConfig = ''
password_config:
enabled: false
oidc_providers:
- idp_id: authentik
idp_name: authentik
discover: true
issuer: "https://auth.graven.dev/application/o/synapse/"
client_id: "7a77036d3b360265895f2ab5a51264ba586c93d5"
client_secret: "a9f9146fd13338230481a71c824d122bfb5e8a2118f2cdaf882746ad6726aeecd50ef522338acec89d3f8ccb8014124e022a6af6769807ea4271931f219a3f55"
allow_existing_users: true
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
localpart_template: "{{ user.name }}"
display_name_template: "{{ user.name|capitalize }}"
'';
extraConfig = ''
password_config:
enabled: false
oidc_providers:
- idp_id: authentik
idp_name: authentik
discover: true
issuer: "https://auth.graven.dev/application/o/synapse/"
client_id: "7a77036d3b360265895f2ab5a51264ba586c93d5"
client_secret: "a9f9146fd13338230481a71c824d122bfb5e8a2118f2cdaf882746ad6726aeecd50ef522338acec89d3f8ccb8014124e022a6af6769807ea4271931f219a3f55"
allow_existing_users: true
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
localpart_template: "{{ user.name }}"
display_name_template: "{{ user.name|capitalize }}"
'';
logConfig = ''
version: 1
logConfig = ''
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: WARN
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: WARN
root:
level: WARN
handlers: [console]
root:
level: WARN
handlers: [console]
disable_existing_loggers: false
'';
listeners = [
{
port = 8008;
bind_address = "127.0.0.1";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
disable_existing_loggers: false
'';
listeners = [
{
port = 8008;
bind_addresses = ["127.0.0.1"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
};
};
}

26
config/sources/nix/sources.json
View file

@ -5,10 +5,10 @@
"homepage": "https://github.com/nmattia/niv",
"owner": "nmattia",
"repo": "niv",
"rev": "df49d53b71ad5b6b5847b32e5254924d60703c46",
"sha256": "1j5p8mi1wi3pdcq0lfb881p97i232si07nb605dl92cjwnira88c",
"rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41",
"sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7",
"type": "tarball",
"url": "https://github.com/nmattia/niv/archive/df49d53b71ad5b6b5847b32e5254924d60703c46.tar.gz",
"url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixos-hardware": {
@ -17,22 +17,22 @@
"homepage": "",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "f4160a629bac3538939a3005c8b5c7fb320bcf59",
"sha256": "0w4k1fis534iafc72cjmig72697pz4s3fjj211fhzf443zh49in7",
"rev": "ea3efc80f8ab83cb73aec39f4e76fe87afb15a08",
"sha256": "0h87y6z42ch128j6yslydvdzajqcrqzhihi4nrpwida4js2pl1ak",
"type": "tarball",
"url": "https://github.com/NixOS/nixos-hardware/archive/f4160a629bac3538939a3005c8b5c7fb320bcf59.tar.gz",
"url": "https://github.com/NixOS/nixos-hardware/archive/ea3efc80f8ab83cb73aec39f4e76fe87afb15a08.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs": {
"branch": "release-21.11",
"branch": "release-22.05",
"description": "Nix Packages collection",
"homepage": "",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "838eefb4f93f2306d4614aafb9b2375f315d917f",
"sha256": "1bm8cmh1wx4h8b4fhbs75hjci3gcrpi7k1m1pmiy3nc0gjim9vkg",
"rev": "c55096e021c6ab0be3945be2535b3b4324e4f571",
"sha256": "0smvw72cv80zq1y1y5vjfjbz0bv6mg8iznhv779s2vn5dz1s3kwx",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/838eefb4f93f2306d4614aafb9b2375f315d917f.tar.gz",
"url": "https://github.com/NixOS/nixpkgs/archive/c55096e021c6ab0be3945be2535b3b4324e4f571.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixus": {
@ -41,10 +41,10 @@
"homepage": "",
"owner": "Infinisil",
"repo": "nixus",
"rev": "d1e1057a31f16a75d9f871e311c4aaaf664561b9",
"sha256": "0d4576dssr6l4vdpi86rbf6dyn3jfl3csvmn9csd4n6dj53f5pqm",
"rev": "a7b742f2f4c9d37cd84b8f0ab7ee57c4b3d9f393",
"sha256": "0pyplivs96vxnnnj3w8drd806xxzhrxcn969hh1bhbds4h4s5k16",
"type": "tarball",
"url": "https://github.com/Infinisil/nixus/archive/d1e1057a31f16a75d9f871e311c4aaaf664561b9.tar.gz",
"url": "https://github.com/Infinisil/nixus/archive/a7b742f2f4c9d37cd84b8f0ab7ee57c4b3d9f393.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}
}