Ditch podman and deploy a new version of the website #58

Manually merged
tlater merged 13 commits from tlater/new-website into master 2022-10-14 06:16:48 +01:00
17 changed files with 405 additions and 353 deletions
Showing only changes of commit 046a88905d - Show all commits

View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
imports = [
./services/gitea.nix
./services/minecraft.nix
@ -77,7 +80,8 @@
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
'';
} extra;
}
extra;
domain = config.services.nginx.domain;
in {
"${domain}" = host 3002 {serverAliases = ["www.${domain}"];};

View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
ids.uids = {
# System user ids start at 400 (see nixos/modules/programs/shadow.nix)
webserver = 400;

View file

@ -1,6 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
# Required for the lish console
boot.kernelParams = ["console=ttyS0,19200n8"];

View file

@ -1,6 +1,4 @@
{ config, ... }:
{
{config, ...}: {
users = {
extraUsers.gitea = {
uid = config.ids.uids.git;

View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
minecraft-server-args = [
"-Xms2G"
"-Xmx2G"
@ -24,12 +27,14 @@ let
"-XX:+PerfDisableSharedMem"
"-XX:MaxTenuringThreshold=1"
];
ops = pkgs.writeText "ops.json" (builtins.toJSON [{
ops = pkgs.writeText "ops.json" (builtins.toJSON [
{
uuid = "140d177a-966f-41b8-a4c0-e305babd291b";
name = "TLATER";
level = 4;
bypassesPlayerLimit = true;
}]);
}
]);
whitelist = pkgs.writeText "whitelist.json" (builtins.toJSON [
{
uuid = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
@ -49,7 +54,6 @@ let
}
]);
eula = pkgs.writeText "eula.txt" "eula=true";
in {
users = {
extraUsers.minecraft = {
@ -130,8 +134,7 @@ in {
systemd.services."podman-minecraft-voor-kia-starter@" = {
description = "Unit to stop/start the minecraft server";
serviceConfig = {
ExecStart =
"${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
ExecStart = "${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
Type = "oneshot";
};
};

View file

@ -1,6 +1,4 @@
{ config, ... }:
{
{config, ...}: {
virtualisation.pods.nextcloud = {
hostname = "nextcloud.tlater.net";
publish = ["3001:80"];

View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
users = {
extraUsers.webserver = {
uid = config.ids.uids.webserver;

View file

@ -26,9 +26,16 @@
};
};
outputs = { self, nixpkgs, nixos-hardware, flake-utils, sops-nix
, tlaternet-webserver, tlaternet-templates, ... }@inputs:
let
outputs = {
self,
nixpkgs,
nixos-hardware,
flake-utils,
sops-nix,
tlaternet-webserver,
tlaternet-templates,
...
} @ inputs: let
overlays = [
(final: prev: {
tlaternet-webserver =
@ -41,11 +48,13 @@
};
})
];
in {
in
{
nixosConfigurations = {
tlaternet = let system = "x86_64-linux";
in nixpkgs.lib.nixosSystem {
tlaternet = let
system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
inherit system;
modules = [
@ -62,8 +71,10 @@
];
};
vm = let system = "x86_64-linux";
in nixpkgs.lib.nixosSystem {
vm = let
system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
inherit system;
modules = [
@ -92,18 +103,18 @@
];
};
};
} // flake-utils.lib.eachDefaultSystem (system:
let
}
// flake-utils.lib.eachDefaultSystem (system: let
pkgs = import nixpkgs {inherit system overlays;};
sops-pkgs = sops-nix.packages.${system};
in {
devShell =
pkgs.mkShell {
devShell = pkgs.mkShell {
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
nativeBuildInputs = with sops-pkgs; [
sops-import-keys-hook
];
buildInputs = with pkgs; with sops-pkgs; [
buildInputs = with pkgs;
with sops-pkgs; [
nixfmt
git-lfs
sops-init-gpg-key
@ -116,7 +127,8 @@
ipython
python3.withPackages (ppkgs:
python3.withPackages
(ppkgs:
with pkgs; [
python-lsp-server
python-lsp-black
@ -146,8 +158,7 @@
(mapAttrsToList
(host: vm: "hostfwd=::${host}-:${vm}")
ports);
in
''
in ''
export QEMU_OPTS="-m 3941 -smp 2 -curses"
export QEMU_NET_OPTS="${QEMU_NET_OPTS}"

View file

@ -1,8 +1,12 @@
{ inputs, lib, pkgs, ... }:
let
{
inputs,
lib,
pkgs,
...
}: let
inherit (lib) makeExtensible foldr attrValues;
tlater-lib = makeExtensible (self:
let callLibs = file: import file { inherit self lib pkgs inputs; };
tlater-lib = makeExtensible (self: let
callLibs = file: import file {inherit self lib pkgs inputs;};
in {minecraft = callLibs ./minecraft.nix;});
in tlater-lib.extend (self: super: foldr (a: b: a // b) { } (attrValues super))
in
tlater-lib.extend (self: super: foldr (a: b: a // b) {} (attrValues super))

View file

@ -1,6 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
# Make a modpack given its mod inputs.
#
# Mods should be attrsets in this format:
@ -13,7 +15,11 @@
#
# This may be nice to read from a json ;)
#
mkModpack = { name, version, mods }:
mkModpack = {
name,
version,
mods,
}:
pkgs.stdenv.mkDerivation {
inherit name version;
srcs = map pkgs.local.fetchFromCurseForge mods;
@ -28,7 +34,11 @@
'';
};
mkModpackZip = { name, version, mods }:
mkModpackZip = {
name,
version,
mods,
}:
pkgs.stdenv.mkDerivation {
inherit name version;
srcs = map pkgs.local.fetchFromCurseForge mods;

View file

@ -1,8 +1,5 @@
{lib, ...}:
with lib;
{
with lib; {
imports = [./virtualisation/pods.nix];
options.services.nginx.domain = mkOption {

View file

@ -1,13 +1,14 @@
{ lib, config, options, ... }:
with lib;
let
{
lib,
config,
options,
...
}:
with lib; let
cfg = config.virtualisation.pods;
list-to-args = arg: list:
concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list);
possibly-unset-arg = arg: val:
(optionalString (val != null) "--${arg}=${escapeShellArg val}");
possibly-unset-arg = arg: val: (optionalString (val != null) "--${arg}=${escapeShellArg val}");
mkPod = name: pod: rec {
path = [config.virtualisation.podman.package];
@ -55,7 +56,6 @@ let
PIDFile = "/run/podman/pods/${name}.pid";
};
};
in {
options.virtualisation.pods = mkOption {
type = with types;
@ -64,8 +64,7 @@ in {
added-hosts = mkOption {
type = listOf str;
default = [];
description =
"Additional hosts to add to /etc/hosts for each container.";
description = "Additional hosts to add to /etc/hosts for each container.";
example = literalExample ''
[ "database:10.0.0.1" ]
'';
@ -74,8 +73,7 @@ in {
cgroup-parent = mkOption {
type = nullOr str;
default = null;
description =
"The cgroups path under which the pod cgroup will be created.";
description = "The cgroups path under which the pod cgroup will be created.";
};
dns = mkOption {
@ -192,20 +190,23 @@ in {
nameValuePair "podman-${pname}-${cname}" rec {
after = ["pod-${pname}.service"];
requires = after;
}) pod.containers) cfg);
})
pod.containers)
cfg);
# Override the oci-container settings for containers defined in pods.
#
# I.e., set the --pod=podname setting, and update the dependsOn so
# it points to containers in the same pod.
podifyContainer = container: podname:
container // {
container
// {
dependsOn =
map (dependency: "${podname}-${dependency}") container.dependsOn;
extraOptions = container.extraOptions ++ ["--pod=${podname}"];
};
in lib.mkIf (cfg != { }) {
in
lib.mkIf (cfg != {}) {
virtualisation.podman.enable = true;
virtualisation.oci-containers.backend = "podman";
@ -215,6 +216,7 @@ in {
(pname: pod:
mapAttrs' (cname: container:
nameValuePair "${pname}-${cname}" (podifyContainer container pname))
pod.containers) cfg);
pod.containers)
cfg);
};
}

View file

@ -1,10 +1,14 @@
{ lib, fetchurl }:
{
lib,
fetchurl,
}:
with builtins;
{ project, id, filename, ... }@args:
let
{
project,
id,
filename,
...
} @ args: let
# I think this is supposed to be some weak automation
# protection. This split "id" is simply part of the download URL.
#
@ -16,8 +20,9 @@ let
url = "https://media.forgecdn.net/files/${a}/${b}/${encoded-filename}";
otherArgs = removeAttrs args ["project" "project_id" "id" "filename"];
in fetchurl (otherArgs // {
in
fetchurl (otherArgs
// {
inherit url;
# Rename files to avoid names incompatible with the nix store
name = "${project}.jar";

View file

@ -1,6 +1,8 @@
{ pkgs, local-lib, ... }:
let
{
pkgs,
local-lib,
...
}: let
inherit (pkgs.lib) callPackageWith;
callPackage = callPackageWith (pkgs // {inherit local-lib;});
in {

View file

@ -1,7 +1,15 @@
{ lib, stdenv, fetchurl, busybox, coreutils, jre_headless, runtimeShell
, mods ? null, modConfig ? null, defaultconfigs ? null }:
let
{
lib,
stdenv,
fetchurl,
busybox,
coreutils,
jre_headless,
runtimeShell,
mods ? null,
modConfig ? null,
defaultconfigs ? null,
}: let
name = "forge-server";
version = "1.16.5-36.2.2";
mirror = "https://files.minecraftforge.net/maven/net/minecraftforge/forge";
@ -43,8 +51,8 @@ let
outputHashMode = "recursive";
outputHash = "VuUGc5JnzcRhDt9aaGrU+yUrJILVdU2vzv1PxLwdAig=";
};
in stdenv.mkDerivation rec {
in
stdenv.mkDerivation rec {
inherit name version src unpackCmd nativeBuildInputs;
buildPhase = ''

View file

@ -1,8 +1,12 @@
{ lib, local-lib, stdenv }:
{
lib,
local-lib,
stdenv,
}:
local-lib.minecraft.mkModpackZip {
name = "voor-kia-client";
version = "1.1";
mods = (builtins.fromJSON (builtins.readFile ./voor-kia/mods.json))
mods =
(builtins.fromJSON (builtins.readFile ./voor-kia/mods.json))
++ (builtins.fromJSON (builtins.readFile ./voor-kia/client-mods.json));
}

View file

@ -1,5 +1,8 @@
{ lib, local-lib, stdenv }:
{
lib,
local-lib,
stdenv,
}:
local-lib.minecraft.mkModpack {
name = "voor-kia";
version = "1.0";