diff --git a/configuration/default.nix b/configuration/default.nix
index 239f9f6..f874733 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -22,6 +22,7 @@
./services/foundryvtt.nix
./services/gitea.nix
./services/metrics
+ ./services/minecraft.nix
./services/nextcloud.nix
./services/webserver.nix
./services/wireguard.nix
@@ -70,8 +71,6 @@
8448
# starbound
21025
- # Minecraft
- 25565
config.services.coturn.listening-port
config.services.coturn.tls-listening-port
@@ -80,9 +79,6 @@
];
allowedUDPPorts = [
- # More minecraft
- 25565
-
config.services.coturn.listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-listening-port
diff --git a/configuration/services/battery-manager.nix b/configuration/services/battery-manager.nix
index a16cca1..9da7e32 100644
--- a/configuration/services/battery-manager.nix
+++ b/configuration/services/battery-manager.nix
@@ -4,9 +4,13 @@
services.batteryManager = {
enable = true;
- battery = "3ca39300-c523-4315-b9a3-d030f85a9373";
emailFile = "${config.sops.secrets."battery-manager/email".path}";
passwordFile = "${config.sops.secrets."battery-manager/password".path}";
+
+ settings = {
+ battery_id = "3ca39300-c523-4315-b9a3-d030f85a9373";
+ log_level = "DEBUG";
+ };
};
}
diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix
index c3803f4..18062ed 100644
--- a/configuration/services/conduit/default.nix
+++ b/configuration/services/conduit/default.nix
@@ -59,11 +59,8 @@ in
relay-ips = [ "116.202.158.55" ];
# SSL config
- #
- # TODO(tlater): Switch to letsencrypt once google fix:
- # https://github.com/vector-im/element-android/issues/1533
- pkey = config.sops.secrets."turn/ssl-key".path;
- cert = config.sops.secrets."turn/ssl-cert".path;
+ pkey = "${config.security.acme.certs."tlater.net".directory}/key.pem";
+ cert = "${config.security.acme.certs."tlater.net".directory}/fullchain.pem";
# Based on suggestions from
# https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md
diff --git a/configuration/services/minecraft.nix b/configuration/services/minecraft.nix
new file mode 100644
index 0000000..0477f44
--- /dev/null
+++ b/configuration/services/minecraft.nix
@@ -0,0 +1,83 @@
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+{
+ services.minecraft-server = {
+ enable = true;
+ eula = true;
+ # jvmOpts are set using a file for forge
+ # jvmOpts = "-Xmx8G -Xms8G";
+ openFirewall = true;
+
+ declarative = true;
+
+ whitelist = {
+ tlater = "140d177a-966f-41b8-a4c0-e305babd291b";
+ romino25 = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
+ lasi25 = "0ab6e3d1-544a-47e7-8538-2e6c248e49a4";
+ };
+
+ serverProperties = {
+ allow-flight = true;
+ difficulty = "hard";
+ motd = "tlater.net";
+ spawn-protection = 1;
+ white-list = true;
+ enable-query = true;
+ enable-status = true;
+
+ # Allows the server to write chunks without hogging the main
+ # thread...
+ sync-chunk-writes = false;
+ # Disables chat reporting, because we don't need any of that
+ # drama on a lil' friends-only server.
+ enforce-secure-profile = false;
+ };
+
+ package = pkgs.writeShellApplication {
+ name = "minecraft-server";
+ runtimeInputs = with pkgs; [ jdk17_headless ];
+
+ text = ''
+ exec /var/lib/minecraft/run.sh $@
+ '';
+ };
+ };
+
+ systemd.services.minecraft-server = {
+ path = with pkgs; [ jdk17_headless ];
+
+ # Since we read from our own HTTP server, we need to wait for it
+ # to be up
+ after = [ "nginx.service" ];
+
+ serviceConfig = {
+ # Use packwiz to install mods
+ ExecStartPre = [
+ "${pkgs.jdk17_headless}/bin/java -jar ${config.services.minecraft-server.dataDir}/packwiz-installer-bootstrap.jar -g -s server 'https://minecraft.${config.services.nginx.domain}/cobblemon-pack/pack.toml'"
+ ];
+ # Forge requires some bonus JVM options, which they include in a
+ # little `run.sh` script
+ ExecStart = lib.mkForce "${config.services.minecraft-server.dataDir}/run.sh --nogui";
+ };
+ };
+
+ systemd.tmpfiles.settings."10-minecraft" = {
+ "/srv/minecraft".d = {
+ user = "nginx";
+ group = "minecraft";
+ mode = "0775";
+ };
+ };
+
+ services.nginx.virtualHosts."minecraft.${config.services.nginx.domain}" = {
+ forceSSL = true;
+ useACMEHost = "tlater.net";
+ enableHSTS = true;
+
+ root = "/srv/minecraft";
+ };
+}
diff --git a/configuration/sops.nix b/configuration/sops.nix
index 3a1c3d8..0337438 100644
--- a/configuration/sops.nix
+++ b/configuration/sops.nix
@@ -1,18 +1,11 @@
-{ config, lib, ... }:
{
sops = {
defaultSopsFile = ../keys/production.yaml;
secrets = {
- "battery-manager/email" = lib.mkIf config.services.batteryManager.enable {
- owner = "battery-manager";
- group = "battery-manager";
- };
+ "battery-manager/email" = { };
- "battery-manager/password" = lib.mkIf config.services.batteryManager.enable {
- owner = "battery-manager";
- group = "battery-manager";
- };
+ "battery-manager/password" = { };
# Gitea
"forgejo/metrics-token" = {
diff --git a/flake.lock b/flake.lock
index 7f117e9..276b8b2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,206 @@
{
"nodes": {
+ "cachix": {
+ "inputs": {
+ "devenv": [
+ "sonnenshift",
+ "crate2nix"
+ ],
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix"
+ ],
+ "nixpkgs": "nixpkgs_3",
+ "pre-commit-hooks": [
+ "sonnenshift",
+ "crate2nix"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709700175,
+ "narHash": "sha256-A0/6ZjLmT9qdYzKHmevnEIC7G+GiZ4UCr8v0poRPzds=",
+ "owner": "cachix",
+ "repo": "cachix",
+ "rev": "be97b37989f11b724197b5f4c7ffd78f12c8c4bf",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "ref": "latest",
+ "repo": "cachix",
+ "type": "github"
+ }
+ },
+ "cachix_2": {
+ "inputs": {
+ "devenv": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable"
+ ],
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable"
+ ],
+ "nixpkgs": "nixpkgs_4",
+ "pre-commit-hooks": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable"
+ ]
+ },
+ "locked": {
+ "lastModified": 1716549461,
+ "narHash": "sha256-lHy5kgx6J8uD+16SO47dPrbob98sh+W1tf4ceSqPVK4=",
+ "owner": "cachix",
+ "repo": "cachix",
+ "rev": "e2bb269fb8c0828d5d4d2d7b8d09ea85abcacbd4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "ref": "latest",
+ "repo": "cachix",
+ "type": "github"
+ }
+ },
+ "cachix_3": {
+ "inputs": {
+ "devenv": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable"
+ ],
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable"
+ ],
+ "nixpkgs": "nixpkgs_5",
+ "pre-commit-hooks": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable"
+ ]
+ },
+ "locked": {
+ "lastModified": 1716549461,
+ "narHash": "sha256-lHy5kgx6J8uD+16SO47dPrbob98sh+W1tf4ceSqPVK4=",
+ "owner": "cachix",
+ "repo": "cachix",
+ "rev": "e2bb269fb8c0828d5d4d2d7b8d09ea85abcacbd4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "ref": "latest",
+ "repo": "cachix",
+ "type": "github"
+ }
+ },
+ "crate2nix": {
+ "inputs": {
+ "cachix": "cachix",
+ "crate2nix_stable": "crate2nix_stable",
+ "devshell": "devshell_3",
+ "flake-compat": "flake-compat_4",
+ "flake-parts": "flake-parts_3",
+ "nix-test-runner": "nix-test-runner_3",
+ "nixpkgs": [
+ "sonnenshift",
+ "nixpkgs"
+ ],
+ "pre-commit-hooks": "pre-commit-hooks_3"
+ },
+ "locked": {
+ "lastModified": 1739473963,
+ "narHash": "sha256-ItAhpjNUzEWd/cgZVyW/jvoGbCec4TK29e1Mnmn1oJE=",
+ "owner": "nix-community",
+ "repo": "crate2nix",
+ "rev": "be31feae9a82c225c0fd1bdf978565dc452a483a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "crate2nix",
+ "type": "github"
+ }
+ },
+ "crate2nix_stable": {
+ "inputs": {
+ "cachix": "cachix_2",
+ "crate2nix_stable": "crate2nix_stable_2",
+ "devshell": "devshell_2",
+ "flake-compat": "flake-compat_3",
+ "flake-parts": "flake-parts_2",
+ "nix-test-runner": "nix-test-runner_2",
+ "nixpkgs": "nixpkgs_7",
+ "pre-commit-hooks": "pre-commit-hooks_2"
+ },
+ "locked": {
+ "lastModified": 1719760004,
+ "narHash": "sha256-esWhRnt7FhiYq0CcIxw9pvH+ybOQmWBfHYMtleaMhBE=",
+ "owner": "nix-community",
+ "repo": "crate2nix",
+ "rev": "1dee214bb20855fa3e1e7bb98d28922ddaff8c57",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "0.14.1",
+ "repo": "crate2nix",
+ "type": "github"
+ }
+ },
+ "crate2nix_stable_2": {
+ "inputs": {
+ "cachix": "cachix_3",
+ "crate2nix_stable": "crate2nix_stable_3",
+ "devshell": "devshell",
+ "flake-compat": "flake-compat_2",
+ "flake-parts": "flake-parts",
+ "nix-test-runner": "nix-test-runner",
+ "nixpkgs": "nixpkgs_6",
+ "pre-commit-hooks": "pre-commit-hooks"
+ },
+ "locked": {
+ "lastModified": 1712821484,
+ "narHash": "sha256-rGT3CW64cJS9nlnWPFWSc1iEa3dNZecVVuPVGzcsHe8=",
+ "owner": "nix-community",
+ "repo": "crate2nix",
+ "rev": "42883afcad3823fa5811e967fb7bff54bc3c9d6d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "0.14.0",
+ "repo": "crate2nix",
+ "type": "github"
+ }
+ },
+ "crate2nix_stable_3": {
+ "inputs": {
+ "flake-utils": "flake-utils"
+ },
+ "locked": {
+ "lastModified": 1702842982,
+ "narHash": "sha256-A9AowkHIjsy1a4LuiPiVP88FMxyCWK41flZEZOUuwQM=",
+ "owner": "nix-community",
+ "repo": "crate2nix",
+ "rev": "75ac2973affa6b9b4f661a7b592cba6e4f51d426",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "0.12.0",
+ "repo": "crate2nix",
+ "type": "github"
+ }
+ },
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
@@ -20,6 +221,78 @@
"type": "github"
}
},
+ "devshell": {
+ "inputs": {
+ "flake-utils": "flake-utils_2",
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1717408969,
+ "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_2": {
+ "inputs": {
+ "flake-utils": "flake-utils_3",
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1717408969,
+ "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_3": {
+ "inputs": {
+ "flake-utils": "flake-utils_4",
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1711099426,
+ "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
"disko": {
"inputs": {
"nixpkgs": [
@@ -27,11 +300,11 @@
]
},
"locked": {
- "lastModified": 1737038063,
- "narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=",
+ "lastModified": 1739634831,
+ "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=",
"owner": "nix-community",
"repo": "disko",
- "rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2",
+ "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142",
"type": "github"
},
"original": {
@@ -42,7 +315,7 @@
},
"dream2nix": {
"inputs": {
- "nixpkgs": "nixpkgs_3",
+ "nixpkgs": "nixpkgs_8",
"purescript-overlay": "purescript-overlay",
"pyproject-nix": "pyproject-nix"
},
@@ -99,6 +372,48 @@
}
},
"flake-compat_2": {
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_3": {
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_4": {
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@@ -114,16 +429,157 @@
"type": "github"
}
},
+ "flake-parts": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1719745305,
+ "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-parts_2": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1719745305,
+ "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-parts_3": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "sonnenshift",
+ "crate2nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1712014858,
+ "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
- "lastModified": 1726560853,
- "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+ "lastModified": 1694529238,
+ "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+ "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_2": {
+ "inputs": {
+ "systems": "systems_3"
+ },
+ "locked": {
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_3": {
+ "inputs": {
+ "systems": "systems_4"
+ },
+ "locked": {
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_4": {
+ "inputs": {
+ "systems": "systems_5"
+ },
+ "locked": {
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_5": {
+ "inputs": {
+ "systems": "systems_6"
+ },
+ "locked": {
+ "lastModified": 1710146030,
+ "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@@ -152,25 +608,123 @@
"type": "github"
}
},
- "nix-github-actions": {
+ "gitignore": {
"inputs": {
"nixpkgs": [
"sonnenshift",
- "poetry2nixi",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
- "lastModified": 1729742964,
- "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
- "owner": "nix-community",
- "repo": "nix-github-actions",
- "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
- "owner": "nix-community",
- "repo": "nix-github-actions",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "gitignore_2": {
+ "inputs": {
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "pre-commit-hooks",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "gitignore_3": {
+ "inputs": {
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "pre-commit-hooks",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "nix-test-runner": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1588761593,
+ "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=",
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
+ "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
+ "type": "github"
+ }
+ },
+ "nix-test-runner_2": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1588761593,
+ "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=",
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
+ "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
+ "type": "github"
+ }
+ },
+ "nix-test-runner_3": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1588761593,
+ "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=",
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
+ "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
"type": "github"
}
},
@@ -190,29 +744,13 @@
"type": "github"
}
},
- "nixpkgs-crowdsec": {
- "locked": {
- "lastModified": 1738085579,
- "narHash": "sha256-7mLjMrOiiIi0vI7BJwbEipYQzwA7JF/NWHP+LM4q5S8=",
- "owner": "tlater",
- "repo": "nixpkgs",
- "rev": "426a7afc9a6ecfdac544bda4022acef31e36df34",
- "type": "github"
- },
- "original": {
- "owner": "tlater",
- "ref": "tlater/fix-crowdsec",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1737192615,
- "narHash": "sha256-jtucJjcdryEZQw1g0RThPSPxCdWNHF42sLp8pmMMGDs=",
+ "lastModified": 1739611738,
+ "narHash": "sha256-3bnOIZz8KXtzcaXGuH9Eriv0HiQyr1EIfcye+VHLQZE=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "09c71b16e6efc9e90edae7eb8b63348702ff9a85",
+ "rev": "31ff66eb77d02e9ac34b7256a02edb1c43fb9998",
"type": "github"
},
"original": {
@@ -224,11 +762,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1737171713,
- "narHash": "sha256-9mWmMXCto7e8U9hM8ZFozElv4dgOMTe308SSc7rEEFs=",
+ "lastModified": 1739578539,
+ "narHash": "sha256-jGiez5BtGGJUB/LXzRa+4AQurMO9acc1B69kBfgQhJc=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "8773174492fc61571b578f34a59953baba46471a",
+ "rev": "30d4471a8a2a13b716530d3aad60b9846ea5ff83",
"type": "github"
},
"original": {
@@ -239,6 +777,80 @@
}
},
"nixpkgs_3": {
+ "locked": {
+ "lastModified": 1700612854,
+ "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_4": {
+ "locked": {
+ "lastModified": 1715534503,
+ "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_5": {
+ "locked": {
+ "lastModified": 1715534503,
+ "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_6": {
+ "locked": {
+ "lastModified": 1719506693,
+ "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
+ "path": "/nix/store/4p0avw1s3vf27hspgqsrqs37gxk4i83i-source",
+ "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a",
+ "type": "path"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_7": {
+ "locked": {
+ "lastModified": 1719506693,
+ "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
+ "path": "/nix/store/4p0avw1s3vf27hspgqsrqs37gxk4i83i-source",
+ "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a",
+ "type": "path"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_8": {
"locked": {
"lastModified": 1729850857,
"narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=",
@@ -254,34 +866,118 @@
"type": "github"
}
},
- "poetry2nixi": {
+ "pre-commit-hooks": {
"inputs": {
- "flake-utils": "flake-utils",
- "nix-github-actions": "nix-github-actions",
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "flake-compat"
+ ],
+ "gitignore": "gitignore",
"nixpkgs": [
"sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
"nixpkgs"
],
- "systems": "systems_3",
- "treefmt-nix": "treefmt-nix"
+ "nixpkgs-stable": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
},
"locked": {
- "lastModified": 1738741221,
- "narHash": "sha256-UiTOA89yQV5YNlO1ZAp4IqJUGWOnTyBC83netvt8rQE=",
- "owner": "nix-community",
- "repo": "poetry2nix",
- "rev": "be1fe795035d3d36359ca9135b26dcc5321b31fb",
+ "lastModified": 1719259945,
+ "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
"type": "github"
},
"original": {
- "owner": "nix-community",
- "repo": "poetry2nix",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "type": "github"
+ }
+ },
+ "pre-commit-hooks_2": {
+ "inputs": {
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "flake-compat"
+ ],
+ "gitignore": "gitignore_2",
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "nixpkgs"
+ ],
+ "nixpkgs-stable": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1719259945,
+ "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "type": "github"
+ }
+ },
+ "pre-commit-hooks_3": {
+ "inputs": {
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix",
+ "flake-compat"
+ ],
+ "flake-utils": "flake-utils_5",
+ "gitignore": "gitignore_3",
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "nixpkgs"
+ ],
+ "nixpkgs-stable": [
+ "sonnenshift",
+ "crate2nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1712055707,
+ "narHash": "sha256-4XLvuSIDZJGS17xEwSrNuJLL7UjDYKGJSbK1WWX2AK8=",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "rev": "e35aed5fda3cc79f88ed7f1795021e559582093a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"purescript-overlay": {
"inputs": {
- "flake-compat": "flake-compat_2",
+ "flake-compat": "flake-compat_5",
"nixpkgs": [
"tlaternet-webserver",
"dream2nix",
@@ -326,7 +1022,6 @@
"disko": "disko",
"foundryvtt": "foundryvtt",
"nixpkgs": "nixpkgs_2",
- "nixpkgs-crowdsec": "nixpkgs-crowdsec",
"nixpkgs-unstable": "nixpkgs-unstable",
"sonnenshift": "sonnenshift",
"sops-nix": "sops-nix",
@@ -375,21 +1070,22 @@
},
"sonnenshift": {
"inputs": {
+ "crate2nix": "crate2nix",
"nixpkgs": [
"nixpkgs"
- ],
- "poetry2nixi": "poetry2nixi"
+ ]
},
"locked": {
- "lastModified": 1738867540,
- "narHash": "sha256-co2Fs1VoWtTzo7IAeRtaNnyofoUWFOv/Aa/+vSorurA=",
- "ref": "refs/heads/main",
- "rev": "c6eeff42799c9d4073a241056198004d89bf87df",
- "revCount": 15,
+ "lastModified": 1740082109,
+ "narHash": "sha256-WdRNkwsIotFOSymee/yQyH46RmYtuxd1FENhvGL4KRc=",
+ "ref": "tlater/rust-rewrite",
+ "rev": "a1b48cf2ba194054e2d8816c94a84cebc4fb5de0",
+ "revCount": 23,
"type": "git",
"url": "ssh://git@github.com/sonnenshift/battery-manager"
},
"original": {
+ "ref": "tlater/rust-rewrite",
"type": "git",
"url": "ssh://git@github.com/sonnenshift/battery-manager"
}
@@ -401,11 +1097,11 @@
]
},
"locked": {
- "lastModified": 1737107480,
- "narHash": "sha256-GXUE9+FgxoZU8v0p6ilBJ8NH7k8nKmZjp/7dmMrCv3o=",
+ "lastModified": 1739262228,
+ "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "4c4fb93f18b9072c6fa1986221f9a3d7bf1fe4b6",
+ "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
"type": "github"
},
"original": {
@@ -459,6 +1155,51 @@
"type": "github"
}
},
+ "systems_4": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_5": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_6": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
"tlaternet-webserver": {
"inputs": {
"dream2nix": "dream2nix",
@@ -481,28 +1222,6 @@
"url": "https://gitea.tlater.net/tlaternet/tlaternet.git"
}
},
- "treefmt-nix": {
- "inputs": {
- "nixpkgs": [
- "sonnenshift",
- "poetry2nixi",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1730120726,
- "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
- "owner": "numtide",
- "repo": "treefmt-nix",
- "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "treefmt-nix",
- "type": "github"
- }
- },
"utils": {
"inputs": {
"systems": "systems"
diff --git a/flake.nix b/flake.nix
index 3d04d7c..737a17f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -23,11 +23,9 @@
};
sonnenshift = {
- url = "git+ssh://git@github.com/sonnenshift/battery-manager";
+ url = "git+ssh://git@github.com/sonnenshift/battery-manager?ref=tlater/rust-rewrite";
inputs.nixpkgs.follows = "nixpkgs";
};
-
- nixpkgs-crowdsec.url = "github:tlater/nixpkgs/tlater/fix-crowdsec";
};
outputs =
@@ -106,7 +104,6 @@
in
{
default = vm.config.system.build.vm;
- crowdsec = pkgs.callPackage "${inputs.nixpkgs-crowdsec}/pkgs/by-name/cr/crowdsec/package.nix" { };
crowdsec-hub = localPkgs.crowdsec.hub;
crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer;
};
diff --git a/modules/crowdsec/default.nix b/modules/crowdsec/default.nix
index 0d0ff1c..c0003a5 100644
--- a/modules/crowdsec/default.nix
+++ b/modules/crowdsec/default.nix
@@ -1,5 +1,4 @@
{
- flake-inputs,
pkgs,
lib,
config,
@@ -9,8 +8,6 @@ let
cfg = config.security.crowdsec;
settingsFormat = pkgs.formats.yaml { };
- crowdsec = flake-inputs.self.packages.${pkgs.system}.crowdsec;
-
hub = pkgs.fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
@@ -19,14 +16,14 @@ let
};
cscli = pkgs.writeShellScriptBin "cscli" ''
- export PATH="$PATH:${crowdsec}/bin/"
+ export PATH="$PATH:${cfg.package}/bin/"
sudo=exec
if [ "$USER" != "crowdsec" ]; then
sudo='exec /run/wrappers/bin/sudo -u crowdsec'
fi
- $sudo ${crowdsec}/bin/cscli "$@"
+ $sudo ${cfg.package}/bin/cscli "$@"
'';
acquisitions = ''
@@ -53,7 +50,7 @@ in
package = lib.mkOption {
type = package;
- default = crowdsec;
+ default = pkgs.crowdsec;
};
stateDirectory = lib.mkOption {
diff --git a/pkgs/crowdsec/_sources/generated.json b/pkgs/crowdsec/_sources/generated.json
index 8485779..634bc18 100644
--- a/pkgs/crowdsec/_sources/generated.json
+++ b/pkgs/crowdsec/_sources/generated.json
@@ -21,7 +21,7 @@
},
"crowdsec-hub": {
"cargoLocks": null,
- "date": "2025-01-30",
+ "date": "2025-02-16",
"extract": null,
"name": "crowdsec-hub",
"passthru": null,
@@ -33,10 +33,10 @@
"name": null,
"owner": "crowdsecurity",
"repo": "hub",
- "rev": "8f102f5ac79af59d3024ca2771b65ec87411ac02",
- "sha256": "sha256-8K1HkBg0++Au1dr2KMrl9b2ruqXdo+vqWngOCwL11Mo=",
+ "rev": "f7d7f476f88a4af05e1cfb3994536990adecfb57",
+ "sha256": "sha256-m78uipryHDKixJzrF4K59ioAJ3WJN1JlXEC0DNVMCJ8=",
"type": "github"
},
- "version": "8f102f5ac79af59d3024ca2771b65ec87411ac02"
+ "version": "f7d7f476f88a4af05e1cfb3994536990adecfb57"
}
}
\ No newline at end of file
diff --git a/pkgs/crowdsec/_sources/generated.nix b/pkgs/crowdsec/_sources/generated.nix
index 6f845ec..7ef44e6 100644
--- a/pkgs/crowdsec/_sources/generated.nix
+++ b/pkgs/crowdsec/_sources/generated.nix
@@ -14,14 +14,14 @@
};
crowdsec-hub = {
pname = "crowdsec-hub";
- version = "8f102f5ac79af59d3024ca2771b65ec87411ac02";
+ version = "f7d7f476f88a4af05e1cfb3994536990adecfb57";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
- rev = "8f102f5ac79af59d3024ca2771b65ec87411ac02";
+ rev = "f7d7f476f88a4af05e1cfb3994536990adecfb57";
fetchSubmodules = false;
- sha256 = "sha256-8K1HkBg0++Au1dr2KMrl9b2ruqXdo+vqWngOCwL11Mo=";
+ sha256 = "sha256-m78uipryHDKixJzrF4K59ioAJ3WJN1JlXEC0DNVMCJ8=";
};
- date = "2025-01-30";
+ date = "2025-02-16";
};
}