Ditch podman and deploy a new version of the website #58
|
@ -1,6 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./services/gitea.nix
|
||||
./services/minecraft.nix
|
||||
|
@ -77,7 +80,8 @@
|
|||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
'';
|
||||
} extra;
|
||||
}
|
||||
extra;
|
||||
domain = config.services.nginx.domain;
|
||||
in {
|
||||
"${domain}" = host 3002 {serverAliases = ["www.${domain}"];};
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
{...}: {
|
||||
ids.uids = {
|
||||
# System user ids start at 400 (see nixos/modules/programs/shadow.nix)
|
||||
webserver = 400;
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# Required for the lish console
|
||||
boot.kernelParams = ["console=ttyS0,19200n8"];
|
||||
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
{config, ...}: {
|
||||
users = {
|
||||
extraUsers.gitea = {
|
||||
uid = config.ids.uids.git;
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
minecraft-server-args = [
|
||||
"-Xms2G"
|
||||
"-Xmx2G"
|
||||
|
@ -24,12 +27,14 @@ let
|
|||
"-XX:+PerfDisableSharedMem"
|
||||
"-XX:MaxTenuringThreshold=1"
|
||||
];
|
||||
ops = pkgs.writeText "ops.json" (builtins.toJSON [{
|
||||
ops = pkgs.writeText "ops.json" (builtins.toJSON [
|
||||
{
|
||||
uuid = "140d177a-966f-41b8-a4c0-e305babd291b";
|
||||
name = "TLATER";
|
||||
level = 4;
|
||||
bypassesPlayerLimit = true;
|
||||
}]);
|
||||
}
|
||||
]);
|
||||
whitelist = pkgs.writeText "whitelist.json" (builtins.toJSON [
|
||||
{
|
||||
uuid = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
|
||||
|
@ -49,7 +54,6 @@ let
|
|||
}
|
||||
]);
|
||||
eula = pkgs.writeText "eula.txt" "eula=true";
|
||||
|
||||
in {
|
||||
users = {
|
||||
extraUsers.minecraft = {
|
||||
|
@ -130,8 +134,7 @@ in {
|
|||
systemd.services."podman-minecraft-voor-kia-starter@" = {
|
||||
description = "Unit to stop/start the minecraft server";
|
||||
serviceConfig = {
|
||||
ExecStart =
|
||||
"${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
|
||||
ExecStart = "${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
{config, ...}: {
|
||||
virtualisation.pods.nextcloud = {
|
||||
hostname = "nextcloud.tlater.net";
|
||||
publish = ["3001:80"];
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
users = {
|
||||
extraUsers.webserver = {
|
||||
uid = config.ids.uids.webserver;
|
||||
|
|
45
flake.nix
45
flake.nix
|
@ -26,9 +26,16 @@
|
|||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixos-hardware, flake-utils, sops-nix
|
||||
, tlaternet-webserver, tlaternet-templates, ... }@inputs:
|
||||
let
|
||||
outputs = {
|
||||
self,
|
||||
nixpkgs,
|
||||
nixos-hardware,
|
||||
flake-utils,
|
||||
sops-nix,
|
||||
tlaternet-webserver,
|
||||
tlaternet-templates,
|
||||
...
|
||||
} @ inputs: let
|
||||
overlays = [
|
||||
(final: prev: {
|
||||
tlaternet-webserver =
|
||||
|
@ -41,11 +48,13 @@
|
|||
};
|
||||
})
|
||||
];
|
||||
|
||||
in {
|
||||
in
|
||||
{
|
||||
nixosConfigurations = {
|
||||
tlaternet = let system = "x86_64-linux";
|
||||
in nixpkgs.lib.nixosSystem {
|
||||
tlaternet = let
|
||||
system = "x86_64-linux";
|
||||
in
|
||||
nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
|
||||
modules = [
|
||||
|
@ -62,8 +71,10 @@
|
|||
];
|
||||
};
|
||||
|
||||
vm = let system = "x86_64-linux";
|
||||
in nixpkgs.lib.nixosSystem {
|
||||
vm = let
|
||||
system = "x86_64-linux";
|
||||
in
|
||||
nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
|
||||
modules = [
|
||||
|
@ -92,18 +103,18 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
} // flake-utils.lib.eachDefaultSystem (system:
|
||||
let
|
||||
}
|
||||
// flake-utils.lib.eachDefaultSystem (system: let
|
||||
pkgs = import nixpkgs {inherit system overlays;};
|
||||
sops-pkgs = sops-nix.packages.${system};
|
||||
in {
|
||||
devShell =
|
||||
pkgs.mkShell {
|
||||
devShell = pkgs.mkShell {
|
||||
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
|
||||
nativeBuildInputs = with sops-pkgs; [
|
||||
sops-import-keys-hook
|
||||
];
|
||||
buildInputs = with pkgs; with sops-pkgs; [
|
||||
buildInputs = with pkgs;
|
||||
with sops-pkgs; [
|
||||
nixfmt
|
||||
git-lfs
|
||||
sops-init-gpg-key
|
||||
|
@ -116,7 +127,8 @@
|
|||
|
||||
ipython
|
||||
|
||||
python3.withPackages (ppkgs:
|
||||
python3.withPackages
|
||||
(ppkgs:
|
||||
with pkgs; [
|
||||
python-lsp-server
|
||||
python-lsp-black
|
||||
|
@ -146,8 +158,7 @@
|
|||
(mapAttrsToList
|
||||
(host: vm: "hostfwd=::${host}-:${vm}")
|
||||
ports);
|
||||
in
|
||||
''
|
||||
in ''
|
||||
export QEMU_OPTS="-m 3941 -smp 2 -curses"
|
||||
export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
|
||||
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
{ inputs, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
{
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) makeExtensible foldr attrValues;
|
||||
tlater-lib = makeExtensible (self:
|
||||
let callLibs = file: import file { inherit self lib pkgs inputs; };
|
||||
tlater-lib = makeExtensible (self: let
|
||||
callLibs = file: import file {inherit self lib pkgs inputs;};
|
||||
in {minecraft = callLibs ./minecraft.nix;});
|
||||
in tlater-lib.extend (self: super: foldr (a: b: a // b) { } (attrValues super))
|
||||
in
|
||||
tlater-lib.extend (self: super: foldr (a: b: a // b) {} (attrValues super))
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# Make a modpack given its mod inputs.
|
||||
#
|
||||
# Mods should be attrsets in this format:
|
||||
|
@ -13,7 +15,11 @@
|
|||
#
|
||||
# This may be nice to read from a json ;)
|
||||
#
|
||||
mkModpack = { name, version, mods }:
|
||||
mkModpack = {
|
||||
name,
|
||||
version,
|
||||
mods,
|
||||
}:
|
||||
pkgs.stdenv.mkDerivation {
|
||||
inherit name version;
|
||||
srcs = map pkgs.local.fetchFromCurseForge mods;
|
||||
|
@ -28,7 +34,11 @@
|
|||
'';
|
||||
};
|
||||
|
||||
mkModpackZip = { name, version, mods }:
|
||||
mkModpackZip = {
|
||||
name,
|
||||
version,
|
||||
mods,
|
||||
}:
|
||||
pkgs.stdenv.mkDerivation {
|
||||
inherit name version;
|
||||
srcs = map pkgs.local.fetchFromCurseForge mods;
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{lib, ...}:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
with lib; {
|
||||
imports = [./virtualisation/pods.nix];
|
||||
|
||||
options.services.nginx.domain = mkOption {
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
{ lib, config, options, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
options,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.virtualisation.pods;
|
||||
list-to-args = arg: list:
|
||||
concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list);
|
||||
possibly-unset-arg = arg: val:
|
||||
(optionalString (val != null) "--${arg}=${escapeShellArg val}");
|
||||
possibly-unset-arg = arg: val: (optionalString (val != null) "--${arg}=${escapeShellArg val}");
|
||||
|
||||
mkPod = name: pod: rec {
|
||||
path = [config.virtualisation.podman.package];
|
||||
|
@ -55,7 +56,6 @@ let
|
|||
PIDFile = "/run/podman/pods/${name}.pid";
|
||||
};
|
||||
};
|
||||
|
||||
in {
|
||||
options.virtualisation.pods = mkOption {
|
||||
type = with types;
|
||||
|
@ -64,8 +64,7 @@ in {
|
|||
added-hosts = mkOption {
|
||||
type = listOf str;
|
||||
default = [];
|
||||
description =
|
||||
"Additional hosts to add to /etc/hosts for each container.";
|
||||
description = "Additional hosts to add to /etc/hosts for each container.";
|
||||
example = literalExample ''
|
||||
[ "database:10.0.0.1" ]
|
||||
'';
|
||||
|
@ -74,8 +73,7 @@ in {
|
|||
cgroup-parent = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description =
|
||||
"The cgroups path under which the pod cgroup will be created.";
|
||||
description = "The cgroups path under which the pod cgroup will be created.";
|
||||
};
|
||||
|
||||
dns = mkOption {
|
||||
|
@ -192,20 +190,23 @@ in {
|
|||
nameValuePair "podman-${pname}-${cname}" rec {
|
||||
after = ["pod-${pname}.service"];
|
||||
requires = after;
|
||||
}) pod.containers) cfg);
|
||||
})
|
||||
pod.containers)
|
||||
cfg);
|
||||
|
||||
# Override the oci-container settings for containers defined in pods.
|
||||
#
|
||||
# I.e., set the --pod=podname setting, and update the dependsOn so
|
||||
# it points to containers in the same pod.
|
||||
podifyContainer = container: podname:
|
||||
container // {
|
||||
container
|
||||
// {
|
||||
dependsOn =
|
||||
map (dependency: "${podname}-${dependency}") container.dependsOn;
|
||||
extraOptions = container.extraOptions ++ ["--pod=${podname}"];
|
||||
};
|
||||
|
||||
in lib.mkIf (cfg != { }) {
|
||||
in
|
||||
lib.mkIf (cfg != {}) {
|
||||
virtualisation.podman.enable = true;
|
||||
virtualisation.oci-containers.backend = "podman";
|
||||
|
||||
|
@ -215,6 +216,7 @@ in {
|
|||
(pname: pod:
|
||||
mapAttrs' (cname: container:
|
||||
nameValuePair "${pname}-${cname}" (podifyContainer container pname))
|
||||
pod.containers) cfg);
|
||||
pod.containers)
|
||||
cfg);
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
{ lib, fetchurl }:
|
||||
|
||||
{
|
||||
lib,
|
||||
fetchurl,
|
||||
}:
|
||||
with builtins;
|
||||
|
||||
{ project, id, filename, ... }@args:
|
||||
|
||||
let
|
||||
{
|
||||
project,
|
||||
id,
|
||||
filename,
|
||||
...
|
||||
} @ args: let
|
||||
# I think this is supposed to be some weak automation
|
||||
# protection. This split "id" is simply part of the download URL.
|
||||
#
|
||||
|
@ -16,8 +20,9 @@ let
|
|||
|
||||
url = "https://media.forgecdn.net/files/${a}/${b}/${encoded-filename}";
|
||||
otherArgs = removeAttrs args ["project" "project_id" "id" "filename"];
|
||||
|
||||
in fetchurl (otherArgs // {
|
||||
in
|
||||
fetchurl (otherArgs
|
||||
// {
|
||||
inherit url;
|
||||
# Rename files to avoid names incompatible with the nix store
|
||||
name = "${project}.jar";
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ pkgs, local-lib, ... }:
|
||||
|
||||
let
|
||||
{
|
||||
pkgs,
|
||||
local-lib,
|
||||
...
|
||||
}: let
|
||||
inherit (pkgs.lib) callPackageWith;
|
||||
callPackage = callPackageWith (pkgs // {inherit local-lib;});
|
||||
in {
|
||||
|
|
|
@ -1,7 +1,15 @@
|
|||
{ lib, stdenv, fetchurl, busybox, coreutils, jre_headless, runtimeShell
|
||||
, mods ? null, modConfig ? null, defaultconfigs ? null }:
|
||||
|
||||
let
|
||||
{
|
||||
lib,
|
||||
stdenv,
|
||||
fetchurl,
|
||||
busybox,
|
||||
coreutils,
|
||||
jre_headless,
|
||||
runtimeShell,
|
||||
mods ? null,
|
||||
modConfig ? null,
|
||||
defaultconfigs ? null,
|
||||
}: let
|
||||
name = "forge-server";
|
||||
version = "1.16.5-36.2.2";
|
||||
mirror = "https://files.minecraftforge.net/maven/net/minecraftforge/forge";
|
||||
|
@ -43,8 +51,8 @@ let
|
|||
outputHashMode = "recursive";
|
||||
outputHash = "VuUGc5JnzcRhDt9aaGrU+yUrJILVdU2vzv1PxLwdAig=";
|
||||
};
|
||||
|
||||
in stdenv.mkDerivation rec {
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
inherit name version src unpackCmd nativeBuildInputs;
|
||||
|
||||
buildPhase = ''
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
{ lib, local-lib, stdenv }:
|
||||
|
||||
{
|
||||
lib,
|
||||
local-lib,
|
||||
stdenv,
|
||||
}:
|
||||
local-lib.minecraft.mkModpackZip {
|
||||
name = "voor-kia-client";
|
||||
version = "1.1";
|
||||
mods = (builtins.fromJSON (builtins.readFile ./voor-kia/mods.json))
|
||||
mods =
|
||||
(builtins.fromJSON (builtins.readFile ./voor-kia/mods.json))
|
||||
++ (builtins.fromJSON (builtins.readFile ./voor-kia/client-mods.json));
|
||||
}
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
{ lib, local-lib, stdenv }:
|
||||
|
||||
{
|
||||
lib,
|
||||
local-lib,
|
||||
stdenv,
|
||||
}:
|
||||
local-lib.minecraft.mkModpack {
|
||||
name = "voor-kia";
|
||||
version = "1.0";
|
||||
|
|
Loading…
Reference in a new issue