Ditch podman and deploy a new version of the website #58

Manually merged
tlater merged 13 commits from tlater/new-website into master 2022-10-14 06:16:48 +01:00
17 changed files with 405 additions and 353 deletions
Showing only changes of commit 046a88905d - Show all commits

View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
imports = [ imports = [
./services/gitea.nix ./services/gitea.nix
./services/minecraft.nix ./services/minecraft.nix
@ -77,7 +80,8 @@
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
''; '';
} extra; }
extra;
domain = config.services.nginx.domain; domain = config.services.nginx.domain;
in { in {
"${domain}" = host 3002 {serverAliases = ["www.${domain}"];}; "${domain}" = host 3002 {serverAliases = ["www.${domain}"];};

View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
ids.uids = { ids.uids = {
# System user ids start at 400 (see nixos/modules/programs/shadow.nix) # System user ids start at 400 (see nixos/modules/programs/shadow.nix)
webserver = 400; webserver = 400;

View file

@ -1,6 +1,9 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
# Required for the lish console # Required for the lish console
boot.kernelParams = ["console=ttyS0,19200n8"]; boot.kernelParams = ["console=ttyS0,19200n8"];

View file

@ -1,6 +1,4 @@
{ config, ... }: {config, ...}: {
{
users = { users = {
extraUsers.gitea = { extraUsers.gitea = {
uid = config.ids.uids.git; uid = config.ids.uids.git;

View file

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
let pkgs,
lib,
...
}: let
minecraft-server-args = [ minecraft-server-args = [
"-Xms2G" "-Xms2G"
"-Xmx2G" "-Xmx2G"
@ -24,12 +27,14 @@ let
"-XX:+PerfDisableSharedMem" "-XX:+PerfDisableSharedMem"
"-XX:MaxTenuringThreshold=1" "-XX:MaxTenuringThreshold=1"
]; ];
ops = pkgs.writeText "ops.json" (builtins.toJSON [{ ops = pkgs.writeText "ops.json" (builtins.toJSON [
{
uuid = "140d177a-966f-41b8-a4c0-e305babd291b"; uuid = "140d177a-966f-41b8-a4c0-e305babd291b";
name = "TLATER"; name = "TLATER";
level = 4; level = 4;
bypassesPlayerLimit = true; bypassesPlayerLimit = true;
}]); }
]);
whitelist = pkgs.writeText "whitelist.json" (builtins.toJSON [ whitelist = pkgs.writeText "whitelist.json" (builtins.toJSON [
{ {
uuid = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c"; uuid = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
@ -49,7 +54,6 @@ let
} }
]); ]);
eula = pkgs.writeText "eula.txt" "eula=true"; eula = pkgs.writeText "eula.txt" "eula=true";
in { in {
users = { users = {
extraUsers.minecraft = { extraUsers.minecraft = {
@ -130,8 +134,7 @@ in {
systemd.services."podman-minecraft-voor-kia-starter@" = { systemd.services."podman-minecraft-voor-kia-starter@" = {
description = "Unit to stop/start the minecraft server"; description = "Unit to stop/start the minecraft server";
serviceConfig = { serviceConfig = {
ExecStart = ExecStart = "${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
"${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
Type = "oneshot"; Type = "oneshot";
}; };
}; };

View file

@ -1,6 +1,4 @@
{ config, ... }: {config, ...}: {
{
virtualisation.pods.nextcloud = { virtualisation.pods.nextcloud = {
hostname = "nextcloud.tlater.net"; hostname = "nextcloud.tlater.net";
publish = ["3001:80"]; publish = ["3001:80"];

View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
users = { users = {
extraUsers.webserver = { extraUsers.webserver = {
uid = config.ids.uids.webserver; uid = config.ids.uids.webserver;

View file

@ -26,9 +26,16 @@
}; };
}; };
outputs = { self, nixpkgs, nixos-hardware, flake-utils, sops-nix outputs = {
, tlaternet-webserver, tlaternet-templates, ... }@inputs: self,
let nixpkgs,
nixos-hardware,
flake-utils,
sops-nix,
tlaternet-webserver,
tlaternet-templates,
...
} @ inputs: let
overlays = [ overlays = [
(final: prev: { (final: prev: {
tlaternet-webserver = tlaternet-webserver =
@ -41,11 +48,13 @@
}; };
}) })
]; ];
in
in { {
nixosConfigurations = { nixosConfigurations = {
tlaternet = let system = "x86_64-linux"; tlaternet = let
in nixpkgs.lib.nixosSystem { system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
@ -62,8 +71,10 @@
]; ];
}; };
vm = let system = "x86_64-linux"; vm = let
in nixpkgs.lib.nixosSystem { system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
@ -92,18 +103,18 @@
]; ];
}; };
}; };
} // flake-utils.lib.eachDefaultSystem (system: }
let // flake-utils.lib.eachDefaultSystem (system: let
pkgs = import nixpkgs {inherit system overlays;}; pkgs = import nixpkgs {inherit system overlays;};
sops-pkgs = sops-nix.packages.${system}; sops-pkgs = sops-nix.packages.${system};
in { in {
devShell = devShell = pkgs.mkShell {
pkgs.mkShell {
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"]; sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
nativeBuildInputs = with sops-pkgs; [ nativeBuildInputs = with sops-pkgs; [
sops-import-keys-hook sops-import-keys-hook
]; ];
buildInputs = with pkgs; with sops-pkgs; [ buildInputs = with pkgs;
with sops-pkgs; [
nixfmt nixfmt
git-lfs git-lfs
sops-init-gpg-key sops-init-gpg-key
@ -116,7 +127,8 @@
ipython ipython
python3.withPackages (ppkgs: python3.withPackages
(ppkgs:
with pkgs; [ with pkgs; [
python-lsp-server python-lsp-server
python-lsp-black python-lsp-black
@ -146,8 +158,7 @@
(mapAttrsToList (mapAttrsToList
(host: vm: "hostfwd=::${host}-:${vm}") (host: vm: "hostfwd=::${host}-:${vm}")
ports); ports);
in in ''
''
export QEMU_OPTS="-m 3941 -smp 2 -curses" export QEMU_OPTS="-m 3941 -smp 2 -curses"
export QEMU_NET_OPTS="${QEMU_NET_OPTS}" export QEMU_NET_OPTS="${QEMU_NET_OPTS}"

View file

@ -1,8 +1,12 @@
{ inputs, lib, pkgs, ... }: {
inputs,
let lib,
pkgs,
...
}: let
inherit (lib) makeExtensible foldr attrValues; inherit (lib) makeExtensible foldr attrValues;
tlater-lib = makeExtensible (self: tlater-lib = makeExtensible (self: let
let callLibs = file: import file { inherit self lib pkgs inputs; }; callLibs = file: import file {inherit self lib pkgs inputs;};
in {minecraft = callLibs ./minecraft.nix;}); in {minecraft = callLibs ./minecraft.nix;});
in tlater-lib.extend (self: super: foldr (a: b: a // b) { } (attrValues super)) in
tlater-lib.extend (self: super: foldr (a: b: a // b) {} (attrValues super))

View file

@ -1,6 +1,8 @@
{ lib, pkgs, ... }:
{ {
lib,
pkgs,
...
}: {
# Make a modpack given its mod inputs. # Make a modpack given its mod inputs.
# #
# Mods should be attrsets in this format: # Mods should be attrsets in this format:
@ -13,7 +15,11 @@
# #
# This may be nice to read from a json ;) # This may be nice to read from a json ;)
# #
mkModpack = { name, version, mods }: mkModpack = {
name,
version,
mods,
}:
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
inherit name version; inherit name version;
srcs = map pkgs.local.fetchFromCurseForge mods; srcs = map pkgs.local.fetchFromCurseForge mods;
@ -28,7 +34,11 @@
''; '';
}; };
mkModpackZip = { name, version, mods }: mkModpackZip = {
name,
version,
mods,
}:
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
inherit name version; inherit name version;
srcs = map pkgs.local.fetchFromCurseForge mods; srcs = map pkgs.local.fetchFromCurseForge mods;

View file

@ -1,8 +1,5 @@
{lib, ...}: {lib, ...}:
with lib; {
with lib;
{
imports = [./virtualisation/pods.nix]; imports = [./virtualisation/pods.nix];
options.services.nginx.domain = mkOption { options.services.nginx.domain = mkOption {

View file

@ -1,13 +1,14 @@
{ lib, config, options, ... }: {
lib,
with lib; config,
options,
let ...
}:
with lib; let
cfg = config.virtualisation.pods; cfg = config.virtualisation.pods;
list-to-args = arg: list: list-to-args = arg: list:
concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list); concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list);
possibly-unset-arg = arg: val: possibly-unset-arg = arg: val: (optionalString (val != null) "--${arg}=${escapeShellArg val}");
(optionalString (val != null) "--${arg}=${escapeShellArg val}");
mkPod = name: pod: rec { mkPod = name: pod: rec {
path = [config.virtualisation.podman.package]; path = [config.virtualisation.podman.package];
@ -55,7 +56,6 @@ let
PIDFile = "/run/podman/pods/${name}.pid"; PIDFile = "/run/podman/pods/${name}.pid";
}; };
}; };
in { in {
options.virtualisation.pods = mkOption { options.virtualisation.pods = mkOption {
type = with types; type = with types;
@ -64,8 +64,7 @@ in {
added-hosts = mkOption { added-hosts = mkOption {
type = listOf str; type = listOf str;
default = []; default = [];
description = description = "Additional hosts to add to /etc/hosts for each container.";
"Additional hosts to add to /etc/hosts for each container.";
example = literalExample '' example = literalExample ''
[ "database:10.0.0.1" ] [ "database:10.0.0.1" ]
''; '';
@ -74,8 +73,7 @@ in {
cgroup-parent = mkOption { cgroup-parent = mkOption {
type = nullOr str; type = nullOr str;
default = null; default = null;
description = description = "The cgroups path under which the pod cgroup will be created.";
"The cgroups path under which the pod cgroup will be created.";
}; };
dns = mkOption { dns = mkOption {
@ -192,20 +190,23 @@ in {
nameValuePair "podman-${pname}-${cname}" rec { nameValuePair "podman-${pname}-${cname}" rec {
after = ["pod-${pname}.service"]; after = ["pod-${pname}.service"];
requires = after; requires = after;
}) pod.containers) cfg); })
pod.containers)
cfg);
# Override the oci-container settings for containers defined in pods. # Override the oci-container settings for containers defined in pods.
# #
# I.e., set the --pod=podname setting, and update the dependsOn so # I.e., set the --pod=podname setting, and update the dependsOn so
# it points to containers in the same pod. # it points to containers in the same pod.
podifyContainer = container: podname: podifyContainer = container: podname:
container // { container
// {
dependsOn = dependsOn =
map (dependency: "${podname}-${dependency}") container.dependsOn; map (dependency: "${podname}-${dependency}") container.dependsOn;
extraOptions = container.extraOptions ++ ["--pod=${podname}"]; extraOptions = container.extraOptions ++ ["--pod=${podname}"];
}; };
in
in lib.mkIf (cfg != { }) { lib.mkIf (cfg != {}) {
virtualisation.podman.enable = true; virtualisation.podman.enable = true;
virtualisation.oci-containers.backend = "podman"; virtualisation.oci-containers.backend = "podman";
@ -215,6 +216,7 @@ in {
(pname: pod: (pname: pod:
mapAttrs' (cname: container: mapAttrs' (cname: container:
nameValuePair "${pname}-${cname}" (podifyContainer container pname)) nameValuePair "${pname}-${cname}" (podifyContainer container pname))
pod.containers) cfg); pod.containers)
cfg);
}; };
} }

View file

@ -1,10 +1,14 @@
{ lib, fetchurl }: {
lib,
fetchurl,
}:
with builtins; with builtins;
{
{ project, id, filename, ... }@args: project,
id,
let filename,
...
} @ args: let
# I think this is supposed to be some weak automation # I think this is supposed to be some weak automation
# protection. This split "id" is simply part of the download URL. # protection. This split "id" is simply part of the download URL.
# #
@ -16,8 +20,9 @@ let
url = "https://media.forgecdn.net/files/${a}/${b}/${encoded-filename}"; url = "https://media.forgecdn.net/files/${a}/${b}/${encoded-filename}";
otherArgs = removeAttrs args ["project" "project_id" "id" "filename"]; otherArgs = removeAttrs args ["project" "project_id" "id" "filename"];
in
in fetchurl (otherArgs // { fetchurl (otherArgs
// {
inherit url; inherit url;
# Rename files to avoid names incompatible with the nix store # Rename files to avoid names incompatible with the nix store
name = "${project}.jar"; name = "${project}.jar";

View file

@ -1,6 +1,8 @@
{ pkgs, local-lib, ... }: {
pkgs,
let local-lib,
...
}: let
inherit (pkgs.lib) callPackageWith; inherit (pkgs.lib) callPackageWith;
callPackage = callPackageWith (pkgs // {inherit local-lib;}); callPackage = callPackageWith (pkgs // {inherit local-lib;});
in { in {

View file

@ -1,7 +1,15 @@
{ lib, stdenv, fetchurl, busybox, coreutils, jre_headless, runtimeShell {
, mods ? null, modConfig ? null, defaultconfigs ? null }: lib,
stdenv,
let fetchurl,
busybox,
coreutils,
jre_headless,
runtimeShell,
mods ? null,
modConfig ? null,
defaultconfigs ? null,
}: let
name = "forge-server"; name = "forge-server";
version = "1.16.5-36.2.2"; version = "1.16.5-36.2.2";
mirror = "https://files.minecraftforge.net/maven/net/minecraftforge/forge"; mirror = "https://files.minecraftforge.net/maven/net/minecraftforge/forge";
@ -43,8 +51,8 @@ let
outputHashMode = "recursive"; outputHashMode = "recursive";
outputHash = "VuUGc5JnzcRhDt9aaGrU+yUrJILVdU2vzv1PxLwdAig="; outputHash = "VuUGc5JnzcRhDt9aaGrU+yUrJILVdU2vzv1PxLwdAig=";
}; };
in
in stdenv.mkDerivation rec { stdenv.mkDerivation rec {
inherit name version src unpackCmd nativeBuildInputs; inherit name version src unpackCmd nativeBuildInputs;
buildPhase = '' buildPhase = ''

View file

@ -1,8 +1,12 @@
{ lib, local-lib, stdenv }: {
lib,
local-lib,
stdenv,
}:
local-lib.minecraft.mkModpackZip { local-lib.minecraft.mkModpackZip {
name = "voor-kia-client"; name = "voor-kia-client";
version = "1.1"; version = "1.1";
mods = (builtins.fromJSON (builtins.readFile ./voor-kia/mods.json)) mods =
(builtins.fromJSON (builtins.readFile ./voor-kia/mods.json))
++ (builtins.fromJSON (builtins.readFile ./voor-kia/client-mods.json)); ++ (builtins.fromJSON (builtins.readFile ./voor-kia/client-mods.json));
} }

View file

@ -1,5 +1,8 @@
{ lib, local-lib, stdenv }: {
lib,
local-lib,
stdenv,
}:
local-lib.minecraft.mkModpack { local-lib.minecraft.mkModpack {
name = "voor-kia"; name = "voor-kia";
version = "1.0"; version = "1.0";