treewide: Reformat project with alejandra
This commit is contained in:
parent
58e52dd119
commit
046a88905d
|
@ -1,6 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
./services/gitea.nix
|
./services/gitea.nix
|
||||||
./services/minecraft.nix
|
./services/minecraft.nix
|
||||||
|
@ -18,7 +21,7 @@
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# Enable remote builds from tlater
|
# Enable remote builds from tlater
|
||||||
trustedUsers = [ "@wheel" ];
|
trustedUsers = ["@wheel"];
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg:
|
nixpkgs.config.allowUnfreePredicate = pkg:
|
||||||
|
@ -26,10 +29,10 @@
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
defaultSopsFile = ../keys/external.yaml;
|
defaultSopsFile = ../keys/external.yaml;
|
||||||
secrets.steam = { };
|
secrets.steam = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.kernelParams = [ "highres=off" "nohz=off" ];
|
boot.kernelParams = ["highres=off" "nohz=off"];
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "tlaternet";
|
hostName = "tlaternet";
|
||||||
|
@ -38,15 +41,15 @@
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.eth0.useDHCP = true;
|
interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
firewall.allowedTCPPorts = [ 80 443 2222 2221 25565 21025 ];
|
firewall.allowedTCPPorts = [80 443 2222 2221 25565 21025];
|
||||||
};
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/London";
|
time.timeZone = "Europe/London";
|
||||||
|
|
||||||
users.users.tlater = {
|
users.users.tlater = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = ["wheel"];
|
||||||
openssh.authorizedKeys.keyFiles = [ ../keys/tlater.pub ];
|
openssh.authorizedKeys.keyFiles = [../keys/tlater.pub];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
@ -54,7 +57,7 @@
|
||||||
allowSFTP = false;
|
allowSFTP = false;
|
||||||
passwordAuthentication = false;
|
passwordAuthentication = false;
|
||||||
permitRootLogin = "no";
|
permitRootLogin = "no";
|
||||||
ports = [ 2222 ];
|
ports = [2222];
|
||||||
startWhenNeeded = true;
|
startWhenNeeded = true;
|
||||||
gatewayPorts = "yes";
|
gatewayPorts = "yes";
|
||||||
};
|
};
|
||||||
|
@ -77,12 +80,13 @@
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
'';
|
'';
|
||||||
} extra;
|
}
|
||||||
|
extra;
|
||||||
domain = config.services.nginx.domain;
|
domain = config.services.nginx.domain;
|
||||||
in {
|
in {
|
||||||
"${domain}" = host 3002 { serverAliases = [ "www.${domain}" ]; };
|
"${domain}" = host 3002 {serverAliases = ["www.${domain}"];};
|
||||||
"gitea.${domain}" = host 3000 { };
|
"gitea.${domain}" = host 3000 {};
|
||||||
"nextcloud.${domain}" = host 3001 { };
|
"nextcloud.${domain}" = host 3001 {};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
{ ... }:
|
{...}: {
|
||||||
|
|
||||||
{
|
|
||||||
ids.uids = {
|
ids.uids = {
|
||||||
# System user ids start at 400 (see nixos/modules/programs/shadow.nix)
|
# System user ids start at 400 (see nixos/modules/programs/shadow.nix)
|
||||||
webserver = 400;
|
webserver = 400;
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
# Required for the lish console
|
# Required for the lish console
|
||||||
boot.kernelParams = [ "console=ttyS0,19200n8" ];
|
boot.kernelParams = ["console=ttyS0,19200n8"];
|
||||||
|
|
||||||
boot.loader = {
|
boot.loader = {
|
||||||
# Timeout to allow lish to connect
|
# Timeout to allow lish to connect
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
{ config, ... }:
|
{config, ...}: {
|
||||||
|
|
||||||
{
|
|
||||||
users = {
|
users = {
|
||||||
extraUsers.gitea = {
|
extraUsers.gitea = {
|
||||||
uid = config.ids.uids.git;
|
uid = config.ids.uids.git;
|
||||||
|
@ -8,19 +6,19 @@
|
||||||
description = "Gitea Service";
|
description = "Gitea Service";
|
||||||
group = config.users.extraGroups.gitea.name;
|
group = config.users.extraGroups.gitea.name;
|
||||||
};
|
};
|
||||||
extraGroups.gitea = { gid = config.ids.gids.git; };
|
extraGroups.gitea = {gid = config.ids.gids.git;};
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.pods.gitea = {
|
virtualisation.pods.gitea = {
|
||||||
hostname = "gitea.tlater.net";
|
hostname = "gitea.tlater.net";
|
||||||
publish = [ "3000:3000" "2221:2221" ];
|
publish = ["3000:3000" "2221:2221"];
|
||||||
network = "slirp4netns";
|
network = "slirp4netns";
|
||||||
|
|
||||||
containers = {
|
containers = {
|
||||||
gitea = {
|
gitea = {
|
||||||
image = "gitea/gitea:latest";
|
image = "gitea/gitea:latest";
|
||||||
volumes = [ "gitea:/data:Z" "/etc/localtime:/etc/localtime:ro" ];
|
volumes = ["gitea:/data:Z" "/etc/localtime:/etc/localtime:ro"];
|
||||||
dependsOn = [ "postgres" ];
|
dependsOn = ["postgres"];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
DB_TYPE = "postgres";
|
DB_TYPE = "postgres";
|
||||||
|
@ -43,7 +41,7 @@
|
||||||
POSTGRES_DB = "gitea";
|
POSTGRES_DB = "gitea";
|
||||||
POSTGRES_USER = "gitea";
|
POSTGRES_USER = "gitea";
|
||||||
};
|
};
|
||||||
volumes = [ "gitea-postgres-14:/var/lib/postgresql/data" ];
|
volumes = ["gitea-postgres-14:/var/lib/postgresql/data"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
let
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
minecraft-server-args = [
|
minecraft-server-args = [
|
||||||
"-Xms2G"
|
"-Xms2G"
|
||||||
"-Xmx2G"
|
"-Xmx2G"
|
||||||
|
@ -24,12 +27,14 @@ let
|
||||||
"-XX:+PerfDisableSharedMem"
|
"-XX:+PerfDisableSharedMem"
|
||||||
"-XX:MaxTenuringThreshold=1"
|
"-XX:MaxTenuringThreshold=1"
|
||||||
];
|
];
|
||||||
ops = pkgs.writeText "ops.json" (builtins.toJSON [{
|
ops = pkgs.writeText "ops.json" (builtins.toJSON [
|
||||||
|
{
|
||||||
uuid = "140d177a-966f-41b8-a4c0-e305babd291b";
|
uuid = "140d177a-966f-41b8-a4c0-e305babd291b";
|
||||||
name = "TLATER";
|
name = "TLATER";
|
||||||
level = 4;
|
level = 4;
|
||||||
bypassesPlayerLimit = true;
|
bypassesPlayerLimit = true;
|
||||||
}]);
|
}
|
||||||
|
]);
|
||||||
whitelist = pkgs.writeText "whitelist.json" (builtins.toJSON [
|
whitelist = pkgs.writeText "whitelist.json" (builtins.toJSON [
|
||||||
{
|
{
|
||||||
uuid = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
|
uuid = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
|
||||||
|
@ -49,7 +54,6 @@ let
|
||||||
}
|
}
|
||||||
]);
|
]);
|
||||||
eula = pkgs.writeText "eula.txt" "eula=true";
|
eula = pkgs.writeText "eula.txt" "eula=true";
|
||||||
|
|
||||||
in {
|
in {
|
||||||
users = {
|
users = {
|
||||||
extraUsers.minecraft = {
|
extraUsers.minecraft = {
|
||||||
|
@ -58,7 +62,7 @@ in {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
description = "Minecraft server user";
|
description = "Minecraft server user";
|
||||||
};
|
};
|
||||||
extraGroups.minecraft = { gid = config.ids.gids.minecraft; };
|
extraGroups.minecraft = {gid = config.ids.gids.minecraft;};
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.minecraft-voor-kia = let
|
virtualisation.oci-containers.containers.minecraft-voor-kia = let
|
||||||
|
@ -83,22 +87,22 @@ in {
|
||||||
uid = toString config.users.extraUsers.minecraft.uid;
|
uid = toString config.users.extraUsers.minecraft.uid;
|
||||||
gid = toString config.users.extraGroups.minecraft.gid;
|
gid = toString config.users.extraGroups.minecraft.gid;
|
||||||
in {
|
in {
|
||||||
Cmd = [ "forge-server" ] ++ minecraft-server-args;
|
Cmd = ["forge-server"] ++ minecraft-server-args;
|
||||||
WorkingDir = "/var/lib/minecraft";
|
WorkingDir = "/var/lib/minecraft";
|
||||||
Volumes = {
|
Volumes = {
|
||||||
"/var/lib/minecraft" = { };
|
"/var/lib/minecraft" = {};
|
||||||
# Required because some things will try to write to /tmp,
|
# Required because some things will try to write to /tmp,
|
||||||
# which doesn't exist if it's not defined as a volume.
|
# which doesn't exist if it's not defined as a volume.
|
||||||
"/tmp" = { };
|
"/tmp" = {};
|
||||||
};
|
};
|
||||||
ExposedPorts = { "25565" = { }; };
|
ExposedPorts = {"25565" = {};};
|
||||||
User = "${uid}:${gid}";
|
User = "${uid}:${gid}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
extraOptions = [ "--cpus=1.0" ];
|
extraOptions = ["--cpus=1.0"];
|
||||||
autoStart = false;
|
autoStart = false;
|
||||||
ports = [ "25565:25565" ];
|
ports = ["25565:25565"];
|
||||||
volumes = [
|
volumes = [
|
||||||
"minecraft:/var/lib/minecraft"
|
"minecraft:/var/lib/minecraft"
|
||||||
"${eula}:/var/lib/minecraft/eula.txt:ro"
|
"${eula}:/var/lib/minecraft/eula.txt:ro"
|
||||||
|
@ -111,7 +115,7 @@ in {
|
||||||
|
|
||||||
systemd.timers.podman-minecraft-voor-kia-off = {
|
systemd.timers.podman-minecraft-voor-kia-off = {
|
||||||
description = "Turns off the minecraft server every day at 4 am";
|
description = "Turns off the minecraft server every day at 4 am";
|
||||||
wantedBy = [ "podman-minecraft-voor-kia.service" ];
|
wantedBy = ["podman-minecraft-voor-kia.service"];
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
Unit = "podman-minecraft-voor-kia-starter@stop.service";
|
Unit = "podman-minecraft-voor-kia-starter@stop.service";
|
||||||
OnCalendar = "04:00:00";
|
OnCalendar = "04:00:00";
|
||||||
|
@ -120,7 +124,7 @@ in {
|
||||||
|
|
||||||
systemd.timers.podman-minecraft-voor-kia-on = {
|
systemd.timers.podman-minecraft-voor-kia-on = {
|
||||||
description = "Turns on the minecraft server every day at 2 pm";
|
description = "Turns on the minecraft server every day at 2 pm";
|
||||||
wantedBy = [ "podman-minecraft-voor-kia.service" ];
|
wantedBy = ["podman-minecraft-voor-kia.service"];
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
Unit = "podman-minecraft-voor-kia-starter@start.service";
|
Unit = "podman-minecraft-voor-kia-starter@start.service";
|
||||||
OnCalendar = "14:00:00";
|
OnCalendar = "14:00:00";
|
||||||
|
@ -130,8 +134,7 @@ in {
|
||||||
systemd.services."podman-minecraft-voor-kia-starter@" = {
|
systemd.services."podman-minecraft-voor-kia-starter@" = {
|
||||||
description = "Unit to stop/start the minecraft server";
|
description = "Unit to stop/start the minecraft server";
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart =
|
ExecStart = "${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
|
||||||
"${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
|
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,15 +1,13 @@
|
||||||
{ config, ... }:
|
{config, ...}: {
|
||||||
|
|
||||||
{
|
|
||||||
virtualisation.pods.nextcloud = {
|
virtualisation.pods.nextcloud = {
|
||||||
hostname = "nextcloud.tlater.net";
|
hostname = "nextcloud.tlater.net";
|
||||||
publish = [ "3001:80" ];
|
publish = ["3001:80"];
|
||||||
network = "slirp4netns";
|
network = "slirp4netns";
|
||||||
|
|
||||||
containers = {
|
containers = {
|
||||||
nextcloud = {
|
nextcloud = {
|
||||||
image = "nextcloud:fpm-alpine";
|
image = "nextcloud:fpm-alpine";
|
||||||
dependsOn = [ "postgres" ];
|
dependsOn = ["postgres"];
|
||||||
volumes = [
|
volumes = [
|
||||||
"nextcloud-root:/var/www/html"
|
"nextcloud-root:/var/www/html"
|
||||||
"nextcloud-apps:/var/www/html/custom_apps"
|
"nextcloud-apps:/var/www/html/custom_apps"
|
||||||
|
@ -28,18 +26,18 @@
|
||||||
cron = {
|
cron = {
|
||||||
image = "nextcloud:fpm-alpine";
|
image = "nextcloud:fpm-alpine";
|
||||||
entrypoint = "/cron.sh";
|
entrypoint = "/cron.sh";
|
||||||
dependsOn = [ "postgres" "nextcloud" ];
|
dependsOn = ["postgres" "nextcloud"];
|
||||||
extraOptions = [ "--volumes-from=nextcloud-nextcloud" ];
|
extraOptions = ["--volumes-from=nextcloud-nextcloud"];
|
||||||
};
|
};
|
||||||
|
|
||||||
nginx = {
|
nginx = {
|
||||||
image = "nginx:alpine";
|
image = "nginx:alpine";
|
||||||
dependsOn = [ "nextcloud" ];
|
dependsOn = ["nextcloud"];
|
||||||
volumes = [
|
volumes = [
|
||||||
"nextcloud-root:/var/www/html:ro"
|
"nextcloud-root:/var/www/html:ro"
|
||||||
"${./configs/nginx-nextcloud.conf}:/etc/nginx/nginx.conf:ro"
|
"${./configs/nginx-nextcloud.conf}:/etc/nginx/nginx.conf:ro"
|
||||||
];
|
];
|
||||||
extraOptions = [ "--volumes-from=nextcloud-nextcloud" ];
|
extraOptions = ["--volumes-from=nextcloud-nextcloud"];
|
||||||
};
|
};
|
||||||
|
|
||||||
postgres = {
|
postgres = {
|
||||||
|
@ -48,7 +46,7 @@
|
||||||
POSTGRES_DB = "nextcloud";
|
POSTGRES_DB = "nextcloud";
|
||||||
POSTGRES_USER = "nextcloud";
|
POSTGRES_USER = "nextcloud";
|
||||||
};
|
};
|
||||||
volumes = [ "nextcloud-postgres-14:/var/lib/postgresql/data" ];
|
volumes = ["nextcloud-postgres-14:/var/lib/postgresql/data"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
users = {
|
users = {
|
||||||
extraUsers.webserver = {
|
extraUsers.webserver = {
|
||||||
uid = config.ids.uids.webserver;
|
uid = config.ids.uids.webserver;
|
||||||
|
@ -8,7 +10,7 @@
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
description = "tlater.net web server user";
|
description = "tlater.net web server user";
|
||||||
};
|
};
|
||||||
extraGroups.webserver = { gid = config.ids.gids.webserver; };
|
extraGroups.webserver = {gid = config.ids.gids.webserver;};
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.webserver = {
|
virtualisation.oci-containers.containers.webserver = {
|
||||||
|
@ -23,19 +25,19 @@
|
||||||
uid = toString config.users.extraUsers.webserver.uid;
|
uid = toString config.users.extraUsers.webserver.uid;
|
||||||
gid = toString config.users.extraGroups.webserver.gid;
|
gid = toString config.users.extraGroups.webserver.gid;
|
||||||
in {
|
in {
|
||||||
Cmd = [ "tlaternet-webserver" ];
|
Cmd = ["tlaternet-webserver"];
|
||||||
Volumes = { "/srv/mail" = { }; };
|
Volumes = {"/srv/mail" = {};};
|
||||||
Env = [
|
Env = [
|
||||||
"ROCKET_PORT=3002"
|
"ROCKET_PORT=3002"
|
||||||
"ROCKET_TEMPLATE_DIR=${pkgs.tlaternet-templates.templates}/browser/"
|
"ROCKET_TEMPLATE_DIR=${pkgs.tlaternet-templates.templates}/browser/"
|
||||||
];
|
];
|
||||||
ExposedPorts = { "3002" = { }; };
|
ExposedPorts = {"3002" = {};};
|
||||||
User = "${uid}:${gid}";
|
User = "${uid}:${gid}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
ports = [ "3002:3002" ];
|
ports = ["3002:3002"];
|
||||||
volumes = [ "tlaternet-mail:/srv/mail" ];
|
volumes = ["tlaternet-mail:/srv/mail"];
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--hostname=tlater.net"
|
"--hostname=tlater.net"
|
||||||
# Rocket 0.4 doesn't support SIGTERM anyway, so SIGKILL is the cleanest exit possible.
|
# Rocket 0.4 doesn't support SIGTERM anyway, so SIGKILL is the cleanest exit possible.
|
||||||
|
|
59
flake.nix
59
flake.nix
|
@ -26,9 +26,16 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, nixos-hardware, flake-utils, sops-nix
|
outputs = {
|
||||||
, tlaternet-webserver, tlaternet-templates, ... }@inputs:
|
self,
|
||||||
let
|
nixpkgs,
|
||||||
|
nixos-hardware,
|
||||||
|
flake-utils,
|
||||||
|
sops-nix,
|
||||||
|
tlaternet-webserver,
|
||||||
|
tlaternet-templates,
|
||||||
|
...
|
||||||
|
} @ inputs: let
|
||||||
overlays = [
|
overlays = [
|
||||||
(final: prev: {
|
(final: prev: {
|
||||||
tlaternet-webserver =
|
tlaternet-webserver =
|
||||||
|
@ -41,16 +48,18 @@
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
in
|
||||||
in {
|
{
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
tlaternet = let system = "x86_64-linux";
|
tlaternet = let
|
||||||
in nixpkgs.lib.nixosSystem {
|
system = "x86_64-linux";
|
||||||
|
in
|
||||||
|
nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
|
|
||||||
modules = [
|
modules = [
|
||||||
({ modulesPath, ... }: {
|
({modulesPath, ...}: {
|
||||||
imports = [ (modulesPath + "/profiles/headless.nix") ];
|
imports = [(modulesPath + "/profiles/headless.nix")];
|
||||||
nixpkgs.overlays = overlays;
|
nixpkgs.overlays = overlays;
|
||||||
})
|
})
|
||||||
(import ./modules)
|
(import ./modules)
|
||||||
|
@ -62,24 +71,26 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
vm = let system = "x86_64-linux";
|
vm = let
|
||||||
in nixpkgs.lib.nixosSystem {
|
system = "x86_64-linux";
|
||||||
|
in
|
||||||
|
nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
|
|
||||||
modules = [
|
modules = [
|
||||||
({ modulesPath, ... }: {
|
({modulesPath, ...}: {
|
||||||
imports = [ (modulesPath + "/profiles/headless.nix") ];
|
imports = [(modulesPath + "/profiles/headless.nix")];
|
||||||
nixpkgs.overlays = overlays;
|
nixpkgs.overlays = overlays;
|
||||||
})
|
})
|
||||||
(import ./modules)
|
(import ./modules)
|
||||||
|
|
||||||
(import ./configuration)
|
(import ./configuration)
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
({ lib, ... }: {
|
({lib, ...}: {
|
||||||
users.users.tlater.password = "insecure";
|
users.users.tlater.password = "insecure";
|
||||||
|
|
||||||
# Disable graphical tty so -curses works
|
# Disable graphical tty so -curses works
|
||||||
boot.kernelParams = [ "nomodeset" ];
|
boot.kernelParams = ["nomodeset"];
|
||||||
|
|
||||||
# Sets the base domain for nginx to localhost so that we
|
# Sets the base domain for nginx to localhost so that we
|
||||||
# can easily test locally with the VM.
|
# can easily test locally with the VM.
|
||||||
|
@ -92,18 +103,18 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
} // flake-utils.lib.eachDefaultSystem (system:
|
}
|
||||||
let
|
// flake-utils.lib.eachDefaultSystem (system: let
|
||||||
pkgs = import nixpkgs { inherit system overlays; };
|
pkgs = import nixpkgs {inherit system overlays;};
|
||||||
sops-pkgs = sops-nix.packages.${system};
|
sops-pkgs = sops-nix.packages.${system};
|
||||||
in {
|
in {
|
||||||
devShell =
|
devShell = pkgs.mkShell {
|
||||||
pkgs.mkShell {
|
|
||||||
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
|
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
|
||||||
nativeBuildInputs = with sops-pkgs; [
|
nativeBuildInputs = with sops-pkgs; [
|
||||||
sops-import-keys-hook
|
sops-import-keys-hook
|
||||||
];
|
];
|
||||||
buildInputs = with pkgs; with sops-pkgs; [
|
buildInputs = with pkgs;
|
||||||
|
with sops-pkgs; [
|
||||||
nixfmt
|
nixfmt
|
||||||
git-lfs
|
git-lfs
|
||||||
sops-init-gpg-key
|
sops-init-gpg-key
|
||||||
|
@ -116,7 +127,8 @@
|
||||||
|
|
||||||
ipython
|
ipython
|
||||||
|
|
||||||
python3.withPackages (ppkgs:
|
python3.withPackages
|
||||||
|
(ppkgs:
|
||||||
with pkgs; [
|
with pkgs; [
|
||||||
python-lsp-server
|
python-lsp-server
|
||||||
python-lsp-black
|
python-lsp-black
|
||||||
|
@ -146,8 +158,7 @@
|
||||||
(mapAttrsToList
|
(mapAttrsToList
|
||||||
(host: vm: "hostfwd=::${host}-:${vm}")
|
(host: vm: "hostfwd=::${host}-:${vm}")
|
||||||
ports);
|
ports);
|
||||||
in
|
in ''
|
||||||
''
|
|
||||||
export QEMU_OPTS="-m 3941 -smp 2 -curses"
|
export QEMU_OPTS="-m 3941 -smp 2 -curses"
|
||||||
export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
|
export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
{ inputs, lib, pkgs, ... }:
|
{
|
||||||
|
inputs,
|
||||||
let
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
inherit (lib) makeExtensible foldr attrValues;
|
inherit (lib) makeExtensible foldr attrValues;
|
||||||
tlater-lib = makeExtensible (self:
|
tlater-lib = makeExtensible (self: let
|
||||||
let callLibs = file: import file { inherit self lib pkgs inputs; };
|
callLibs = file: import file {inherit self lib pkgs inputs;};
|
||||||
in { minecraft = callLibs ./minecraft.nix; });
|
in {minecraft = callLibs ./minecraft.nix;});
|
||||||
in tlater-lib.extend (self: super: foldr (a: b: a // b) { } (attrValues super))
|
in
|
||||||
|
tlater-lib.extend (self: super: foldr (a: b: a // b) {} (attrValues super))
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
{ lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
# Make a modpack given its mod inputs.
|
# Make a modpack given its mod inputs.
|
||||||
#
|
#
|
||||||
# Mods should be attrsets in this format:
|
# Mods should be attrsets in this format:
|
||||||
|
@ -13,7 +15,11 @@
|
||||||
#
|
#
|
||||||
# This may be nice to read from a json ;)
|
# This may be nice to read from a json ;)
|
||||||
#
|
#
|
||||||
mkModpack = { name, version, mods }:
|
mkModpack = {
|
||||||
|
name,
|
||||||
|
version,
|
||||||
|
mods,
|
||||||
|
}:
|
||||||
pkgs.stdenv.mkDerivation {
|
pkgs.stdenv.mkDerivation {
|
||||||
inherit name version;
|
inherit name version;
|
||||||
srcs = map pkgs.local.fetchFromCurseForge mods;
|
srcs = map pkgs.local.fetchFromCurseForge mods;
|
||||||
|
@ -28,7 +34,11 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
mkModpackZip = { name, version, mods }:
|
mkModpackZip = {
|
||||||
|
name,
|
||||||
|
version,
|
||||||
|
mods,
|
||||||
|
}:
|
||||||
pkgs.stdenv.mkDerivation {
|
pkgs.stdenv.mkDerivation {
|
||||||
inherit name version;
|
inherit name version;
|
||||||
srcs = map pkgs.local.fetchFromCurseForge mods;
|
srcs = map pkgs.local.fetchFromCurseForge mods;
|
||||||
|
@ -37,7 +47,7 @@
|
||||||
preUnpack = "mkdir -p src/";
|
preUnpack = "mkdir -p src/";
|
||||||
unpackCmd = "cp $curSrc src/";
|
unpackCmd = "cp $curSrc src/";
|
||||||
|
|
||||||
buildInputs = [ pkgs.zip];
|
buildInputs = [pkgs.zip];
|
||||||
|
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
zip voor-kia-mods.zip *.jar
|
zip voor-kia-mods.zip *.jar
|
||||||
|
|
|
@ -1,9 +1,6 @@
|
||||||
{ lib, ... }:
|
{lib, ...}:
|
||||||
|
with lib; {
|
||||||
with lib;
|
imports = [./virtualisation/pods.nix];
|
||||||
|
|
||||||
{
|
|
||||||
imports = [ ./virtualisation/pods.nix ];
|
|
||||||
|
|
||||||
options.services.nginx.domain = mkOption {
|
options.services.nginx.domain = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
|
|
@ -1,20 +1,21 @@
|
||||||
{ lib, config, options, ... }:
|
{
|
||||||
|
lib,
|
||||||
with lib;
|
config,
|
||||||
|
options,
|
||||||
let
|
...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
cfg = config.virtualisation.pods;
|
cfg = config.virtualisation.pods;
|
||||||
list-to-args = arg: list:
|
list-to-args = arg: list:
|
||||||
concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list);
|
concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list);
|
||||||
possibly-unset-arg = arg: val:
|
possibly-unset-arg = arg: val: (optionalString (val != null) "--${arg}=${escapeShellArg val}");
|
||||||
(optionalString (val != null) "--${arg}=${escapeShellArg val}");
|
|
||||||
|
|
||||||
mkPod = name: pod: rec {
|
mkPod = name: pod: rec {
|
||||||
path = [ config.virtualisation.podman.package ];
|
path = [config.virtualisation.podman.package];
|
||||||
|
|
||||||
wants = [ "network.target" ];
|
wants = ["network.target"];
|
||||||
after = [ "network-online.target" ];
|
after = ["network-online.target"];
|
||||||
wantedBy = [ "multi-user.target" "default.target" ];
|
wantedBy = ["multi-user.target" "default.target"];
|
||||||
|
|
||||||
environment.PODMAN_SYSTEMD_UNIT = "%n";
|
environment.PODMAN_SYSTEMD_UNIT = "%n";
|
||||||
|
|
||||||
|
@ -55,7 +56,6 @@ let
|
||||||
PIDFile = "/run/podman/pods/${name}.pid";
|
PIDFile = "/run/podman/pods/${name}.pid";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options.virtualisation.pods = mkOption {
|
options.virtualisation.pods = mkOption {
|
||||||
type = with types;
|
type = with types;
|
||||||
|
@ -63,9 +63,8 @@ in {
|
||||||
options = {
|
options = {
|
||||||
added-hosts = mkOption {
|
added-hosts = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
default = [ ];
|
default = [];
|
||||||
description =
|
description = "Additional hosts to add to /etc/hosts for each container.";
|
||||||
"Additional hosts to add to /etc/hosts for each container.";
|
|
||||||
example = literalExample ''
|
example = literalExample ''
|
||||||
[ "database:10.0.0.1" ]
|
[ "database:10.0.0.1" ]
|
||||||
'';
|
'';
|
||||||
|
@ -74,25 +73,24 @@ in {
|
||||||
cgroup-parent = mkOption {
|
cgroup-parent = mkOption {
|
||||||
type = nullOr str;
|
type = nullOr str;
|
||||||
default = null;
|
default = null;
|
||||||
description =
|
description = "The cgroups path under which the pod cgroup will be created.";
|
||||||
"The cgroups path under which the pod cgroup will be created.";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
dns = mkOption {
|
dns = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
default = [ ];
|
default = [];
|
||||||
description = "The dns servers to set in /etc/resolv.conf.";
|
description = "The dns servers to set in /etc/resolv.conf.";
|
||||||
};
|
};
|
||||||
|
|
||||||
dns-opt = mkOption {
|
dns-opt = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
default = [ ];
|
default = [];
|
||||||
description = "dns options to set in /etc/resolv.conf.";
|
description = "dns options to set in /etc/resolv.conf.";
|
||||||
};
|
};
|
||||||
|
|
||||||
dns-search = mkOption {
|
dns-search = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
default = [ ];
|
default = [];
|
||||||
description = "Search domains to set in /etc/resolv.conf.";
|
description = "Search domains to set in /etc/resolv.conf.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -156,20 +154,20 @@ in {
|
||||||
|
|
||||||
publish = mkOption {
|
publish = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
default = [ ];
|
default = [];
|
||||||
description = "List of ports to publish from the pod.";
|
description = "List of ports to publish from the pod.";
|
||||||
};
|
};
|
||||||
|
|
||||||
share = mkOption {
|
share = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
default = [ ];
|
default = [];
|
||||||
description = "List of kernel namespaces to share.";
|
description = "List of kernel namespaces to share.";
|
||||||
};
|
};
|
||||||
|
|
||||||
containers = options.virtualisation.oci-containers.containers;
|
containers = options.virtualisation.oci-containers.containers;
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
default = { };
|
default = {};
|
||||||
description = "Podman pods to run as systemd services.";
|
description = "Podman pods to run as systemd services.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -178,7 +176,7 @@ in {
|
||||||
#
|
#
|
||||||
# TODO: See if there's a generic version for this somewhere in the
|
# TODO: See if there's a generic version for this somewhere in the
|
||||||
# pkgs lib?
|
# pkgs lib?
|
||||||
mergeAttrs = attrList: foldr (a: b: a // b) { } attrList;
|
mergeAttrs = attrList: foldr (a: b: a // b) {} attrList;
|
||||||
|
|
||||||
# Create services for all defined pods
|
# Create services for all defined pods
|
||||||
pod-services = mapAttrs' (n: v: nameValuePair "pod-${n}" (mkPod n v)) cfg;
|
pod-services = mapAttrs' (n: v: nameValuePair "pod-${n}" (mkPod n v)) cfg;
|
||||||
|
@ -190,22 +188,25 @@ in {
|
||||||
pod-container-services = mergeAttrs (mapAttrsToList (pname: pod:
|
pod-container-services = mergeAttrs (mapAttrsToList (pname: pod:
|
||||||
mapAttrs' (cname: container:
|
mapAttrs' (cname: container:
|
||||||
nameValuePair "podman-${pname}-${cname}" rec {
|
nameValuePair "podman-${pname}-${cname}" rec {
|
||||||
after = [ "pod-${pname}.service" ];
|
after = ["pod-${pname}.service"];
|
||||||
requires = after;
|
requires = after;
|
||||||
}) pod.containers) cfg);
|
})
|
||||||
|
pod.containers)
|
||||||
|
cfg);
|
||||||
|
|
||||||
# Override the oci-container settings for containers defined in pods.
|
# Override the oci-container settings for containers defined in pods.
|
||||||
#
|
#
|
||||||
# I.e., set the --pod=podname setting, and update the dependsOn so
|
# I.e., set the --pod=podname setting, and update the dependsOn so
|
||||||
# it points to containers in the same pod.
|
# it points to containers in the same pod.
|
||||||
podifyContainer = container: podname:
|
podifyContainer = container: podname:
|
||||||
container // {
|
container
|
||||||
|
// {
|
||||||
dependsOn =
|
dependsOn =
|
||||||
map (dependency: "${podname}-${dependency}") container.dependsOn;
|
map (dependency: "${podname}-${dependency}") container.dependsOn;
|
||||||
extraOptions = container.extraOptions ++ [ "--pod=${podname}" ];
|
extraOptions = container.extraOptions ++ ["--pod=${podname}"];
|
||||||
};
|
};
|
||||||
|
in
|
||||||
in lib.mkIf (cfg != { }) {
|
lib.mkIf (cfg != {}) {
|
||||||
virtualisation.podman.enable = true;
|
virtualisation.podman.enable = true;
|
||||||
virtualisation.oci-containers.backend = "podman";
|
virtualisation.oci-containers.backend = "podman";
|
||||||
|
|
||||||
|
@ -215,6 +216,7 @@ in {
|
||||||
(pname: pod:
|
(pname: pod:
|
||||||
mapAttrs' (cname: container:
|
mapAttrs' (cname: container:
|
||||||
nameValuePair "${pname}-${cname}" (podifyContainer container pname))
|
nameValuePair "${pname}-${cname}" (podifyContainer container pname))
|
||||||
pod.containers) cfg);
|
pod.containers)
|
||||||
|
cfg);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
{ lib, fetchurl }:
|
{
|
||||||
|
lib,
|
||||||
|
fetchurl,
|
||||||
|
}:
|
||||||
with builtins;
|
with builtins;
|
||||||
|
{
|
||||||
{ project, id, filename, ... }@args:
|
project,
|
||||||
|
id,
|
||||||
let
|
filename,
|
||||||
|
...
|
||||||
|
} @ args: let
|
||||||
# I think this is supposed to be some weak automation
|
# I think this is supposed to be some weak automation
|
||||||
# protection. This split "id" is simply part of the download URL.
|
# protection. This split "id" is simply part of the download URL.
|
||||||
#
|
#
|
||||||
|
@ -12,15 +16,16 @@ let
|
||||||
# really an odd one...
|
# really an odd one...
|
||||||
a = head (match "0*([[:digit:]]+)" (substring 0 4 (toString id)));
|
a = head (match "0*([[:digit:]]+)" (substring 0 4 (toString id)));
|
||||||
b = head (match "0*([[:digit:]]+)" (substring 4 7 (toString id)));
|
b = head (match "0*([[:digit:]]+)" (substring 4 7 (toString id)));
|
||||||
encoded-filename = replaceStrings [ " " ] [ "%20" ] filename;
|
encoded-filename = replaceStrings [" "] ["%20"] filename;
|
||||||
|
|
||||||
url = "https://media.forgecdn.net/files/${a}/${b}/${encoded-filename}";
|
url = "https://media.forgecdn.net/files/${a}/${b}/${encoded-filename}";
|
||||||
otherArgs = removeAttrs args [ "project" "project_id" "id" "filename" ];
|
otherArgs = removeAttrs args ["project" "project_id" "id" "filename"];
|
||||||
|
in
|
||||||
in fetchurl (otherArgs // {
|
fetchurl (otherArgs
|
||||||
|
// {
|
||||||
inherit url;
|
inherit url;
|
||||||
# Rename files to avoid names incompatible with the nix store
|
# Rename files to avoid names incompatible with the nix store
|
||||||
name = "${project}.jar";
|
name = "${project}.jar";
|
||||||
# Avoid accidental URL globbing
|
# Avoid accidental URL globbing
|
||||||
curlOpts = "--globoff";
|
curlOpts = "--globoff";
|
||||||
})
|
})
|
||||||
|
|
|
@ -1,19 +1,21 @@
|
||||||
{ pkgs, local-lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
let
|
local-lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
inherit (pkgs.lib) callPackageWith;
|
inherit (pkgs.lib) callPackageWith;
|
||||||
callPackage = callPackageWith (pkgs // { inherit local-lib; });
|
callPackage = callPackageWith (pkgs // {inherit local-lib;});
|
||||||
in {
|
in {
|
||||||
# Forge
|
# Forge
|
||||||
forge-server = callPackage ./minecraft/forge-server.nix { };
|
forge-server = callPackage ./minecraft/forge-server.nix {};
|
||||||
|
|
||||||
# Build support
|
# Build support
|
||||||
fetchFromCurseForge = callPackage ./build-support/fetchFromCurseForge.nix { };
|
fetchFromCurseForge = callPackage ./build-support/fetchFromCurseForge.nix {};
|
||||||
|
|
||||||
# Minecraft modpacks
|
# Minecraft modpacks
|
||||||
voor-kia = callPackage ./minecraft/voor-kia.nix { };
|
voor-kia = callPackage ./minecraft/voor-kia.nix {};
|
||||||
voor-kia-client = callPackage ./minecraft/voor-kia-client.nix { };
|
voor-kia-client = callPackage ./minecraft/voor-kia-client.nix {};
|
||||||
|
|
||||||
# Starbound
|
# Starbound
|
||||||
starbound = callPackage ./starbound { };
|
starbound = callPackage ./starbound {};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,15 @@
|
||||||
{ lib, stdenv, fetchurl, busybox, coreutils, jre_headless, runtimeShell
|
{
|
||||||
, mods ? null, modConfig ? null, defaultconfigs ? null }:
|
lib,
|
||||||
|
stdenv,
|
||||||
let
|
fetchurl,
|
||||||
|
busybox,
|
||||||
|
coreutils,
|
||||||
|
jre_headless,
|
||||||
|
runtimeShell,
|
||||||
|
mods ? null,
|
||||||
|
modConfig ? null,
|
||||||
|
defaultconfigs ? null,
|
||||||
|
}: let
|
||||||
name = "forge-server";
|
name = "forge-server";
|
||||||
version = "1.16.5-36.2.2";
|
version = "1.16.5-36.2.2";
|
||||||
mirror = "https://files.minecraftforge.net/maven/net/minecraftforge/forge";
|
mirror = "https://files.minecraftforge.net/maven/net/minecraftforge/forge";
|
||||||
|
@ -14,7 +22,7 @@ let
|
||||||
|
|
||||||
unpackCmd = "mkdir -p src; cp $curSrc src/forge-${version}-installer.jar";
|
unpackCmd = "mkdir -p src; cp $curSrc src/forge-${version}-installer.jar";
|
||||||
|
|
||||||
nativeBuildInputs = [ jre_headless ];
|
nativeBuildInputs = [jre_headless];
|
||||||
|
|
||||||
# Somewhat evil pre-install step to run through the network
|
# Somewhat evil pre-install step to run through the network
|
||||||
# dependency resolution forge needs. This is also common for gradle
|
# dependency resolution forge needs. This is also common for gradle
|
||||||
|
@ -43,8 +51,8 @@ let
|
||||||
outputHashMode = "recursive";
|
outputHashMode = "recursive";
|
||||||
outputHash = "VuUGc5JnzcRhDt9aaGrU+yUrJILVdU2vzv1PxLwdAig=";
|
outputHash = "VuUGc5JnzcRhDt9aaGrU+yUrJILVdU2vzv1PxLwdAig=";
|
||||||
};
|
};
|
||||||
|
in
|
||||||
in stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
inherit name version src unpackCmd nativeBuildInputs;
|
inherit name version src unpackCmd nativeBuildInputs;
|
||||||
|
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
|
@ -109,4 +117,4 @@ in stdenv.mkDerivation rec {
|
||||||
license = licenses.unfreeRedistributable;
|
license = licenses.unfreeRedistributable;
|
||||||
platforms = platforms.unix;
|
platforms = platforms.unix;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
{ lib, local-lib, stdenv }:
|
{
|
||||||
|
lib,
|
||||||
|
local-lib,
|
||||||
|
stdenv,
|
||||||
|
}:
|
||||||
local-lib.minecraft.mkModpackZip {
|
local-lib.minecraft.mkModpackZip {
|
||||||
name = "voor-kia-client";
|
name = "voor-kia-client";
|
||||||
version = "1.1";
|
version = "1.1";
|
||||||
mods = (builtins.fromJSON (builtins.readFile ./voor-kia/mods.json))
|
mods =
|
||||||
|
(builtins.fromJSON (builtins.readFile ./voor-kia/mods.json))
|
||||||
++ (builtins.fromJSON (builtins.readFile ./voor-kia/client-mods.json));
|
++ (builtins.fromJSON (builtins.readFile ./voor-kia/client-mods.json));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
{ lib, local-lib, stdenv }:
|
{
|
||||||
|
lib,
|
||||||
|
local-lib,
|
||||||
|
stdenv,
|
||||||
|
}:
|
||||||
local-lib.minecraft.mkModpack {
|
local-lib.minecraft.mkModpack {
|
||||||
name = "voor-kia";
|
name = "voor-kia";
|
||||||
version = "1.0";
|
version = "1.0";
|
||||||
|
|
Loading…
Reference in a new issue