Ditch podman and deploy a new version of the website #58
|
@ -1,6 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
./services/gitea.nix
|
./services/gitea.nix
|
||||||
./services/minecraft.nix
|
./services/minecraft.nix
|
||||||
|
@ -77,7 +80,8 @@
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
'';
|
'';
|
||||||
} extra;
|
}
|
||||||
|
extra;
|
||||||
domain = config.services.nginx.domain;
|
domain = config.services.nginx.domain;
|
||||||
in {
|
in {
|
||||||
"${domain}" = host 3002 {serverAliases = ["www.${domain}"];};
|
"${domain}" = host 3002 {serverAliases = ["www.${domain}"];};
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
{ ... }:
|
{...}: {
|
||||||
|
|
||||||
{
|
|
||||||
ids.uids = {
|
ids.uids = {
|
||||||
# System user ids start at 400 (see nixos/modules/programs/shadow.nix)
|
# System user ids start at 400 (see nixos/modules/programs/shadow.nix)
|
||||||
webserver = 400;
|
webserver = 400;
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
# Required for the lish console
|
# Required for the lish console
|
||||||
boot.kernelParams = ["console=ttyS0,19200n8"];
|
boot.kernelParams = ["console=ttyS0,19200n8"];
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
{ config, ... }:
|
{config, ...}: {
|
||||||
|
|
||||||
{
|
|
||||||
users = {
|
users = {
|
||||||
extraUsers.gitea = {
|
extraUsers.gitea = {
|
||||||
uid = config.ids.uids.git;
|
uid = config.ids.uids.git;
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
let
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
minecraft-server-args = [
|
minecraft-server-args = [
|
||||||
"-Xms2G"
|
"-Xms2G"
|
||||||
"-Xmx2G"
|
"-Xmx2G"
|
||||||
|
@ -24,12 +27,14 @@ let
|
||||||
"-XX:+PerfDisableSharedMem"
|
"-XX:+PerfDisableSharedMem"
|
||||||
"-XX:MaxTenuringThreshold=1"
|
"-XX:MaxTenuringThreshold=1"
|
||||||
];
|
];
|
||||||
ops = pkgs.writeText "ops.json" (builtins.toJSON [{
|
ops = pkgs.writeText "ops.json" (builtins.toJSON [
|
||||||
|
{
|
||||||
uuid = "140d177a-966f-41b8-a4c0-e305babd291b";
|
uuid = "140d177a-966f-41b8-a4c0-e305babd291b";
|
||||||
name = "TLATER";
|
name = "TLATER";
|
||||||
level = 4;
|
level = 4;
|
||||||
bypassesPlayerLimit = true;
|
bypassesPlayerLimit = true;
|
||||||
}]);
|
}
|
||||||
|
]);
|
||||||
whitelist = pkgs.writeText "whitelist.json" (builtins.toJSON [
|
whitelist = pkgs.writeText "whitelist.json" (builtins.toJSON [
|
||||||
{
|
{
|
||||||
uuid = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
|
uuid = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
|
||||||
|
@ -49,7 +54,6 @@ let
|
||||||
}
|
}
|
||||||
]);
|
]);
|
||||||
eula = pkgs.writeText "eula.txt" "eula=true";
|
eula = pkgs.writeText "eula.txt" "eula=true";
|
||||||
|
|
||||||
in {
|
in {
|
||||||
users = {
|
users = {
|
||||||
extraUsers.minecraft = {
|
extraUsers.minecraft = {
|
||||||
|
@ -130,8 +134,7 @@ in {
|
||||||
systemd.services."podman-minecraft-voor-kia-starter@" = {
|
systemd.services."podman-minecraft-voor-kia-starter@" = {
|
||||||
description = "Unit to stop/start the minecraft server";
|
description = "Unit to stop/start the minecraft server";
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart =
|
ExecStart = "${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
|
||||||
"${pkgs.systemd}/bin/systemctl %i podman-minecraft-voor-kia.service";
|
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
{ config, ... }:
|
{config, ...}: {
|
||||||
|
|
||||||
{
|
|
||||||
virtualisation.pods.nextcloud = {
|
virtualisation.pods.nextcloud = {
|
||||||
hostname = "nextcloud.tlater.net";
|
hostname = "nextcloud.tlater.net";
|
||||||
publish = ["3001:80"];
|
publish = ["3001:80"];
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
users = {
|
users = {
|
||||||
extraUsers.webserver = {
|
extraUsers.webserver = {
|
||||||
uid = config.ids.uids.webserver;
|
uid = config.ids.uids.webserver;
|
||||||
|
|
45
flake.nix
45
flake.nix
|
@ -26,9 +26,16 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, nixos-hardware, flake-utils, sops-nix
|
outputs = {
|
||||||
, tlaternet-webserver, tlaternet-templates, ... }@inputs:
|
self,
|
||||||
let
|
nixpkgs,
|
||||||
|
nixos-hardware,
|
||||||
|
flake-utils,
|
||||||
|
sops-nix,
|
||||||
|
tlaternet-webserver,
|
||||||
|
tlaternet-templates,
|
||||||
|
...
|
||||||
|
} @ inputs: let
|
||||||
overlays = [
|
overlays = [
|
||||||
(final: prev: {
|
(final: prev: {
|
||||||
tlaternet-webserver =
|
tlaternet-webserver =
|
||||||
|
@ -41,11 +48,13 @@
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
in
|
||||||
in {
|
{
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
tlaternet = let system = "x86_64-linux";
|
tlaternet = let
|
||||||
in nixpkgs.lib.nixosSystem {
|
system = "x86_64-linux";
|
||||||
|
in
|
||||||
|
nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
|
|
||||||
modules = [
|
modules = [
|
||||||
|
@ -62,8 +71,10 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
vm = let system = "x86_64-linux";
|
vm = let
|
||||||
in nixpkgs.lib.nixosSystem {
|
system = "x86_64-linux";
|
||||||
|
in
|
||||||
|
nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
|
|
||||||
modules = [
|
modules = [
|
||||||
|
@ -92,18 +103,18 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
} // flake-utils.lib.eachDefaultSystem (system:
|
}
|
||||||
let
|
// flake-utils.lib.eachDefaultSystem (system: let
|
||||||
pkgs = import nixpkgs {inherit system overlays;};
|
pkgs = import nixpkgs {inherit system overlays;};
|
||||||
sops-pkgs = sops-nix.packages.${system};
|
sops-pkgs = sops-nix.packages.${system};
|
||||||
in {
|
in {
|
||||||
devShell =
|
devShell = pkgs.mkShell {
|
||||||
pkgs.mkShell {
|
|
||||||
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
|
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
|
||||||
nativeBuildInputs = with sops-pkgs; [
|
nativeBuildInputs = with sops-pkgs; [
|
||||||
sops-import-keys-hook
|
sops-import-keys-hook
|
||||||
];
|
];
|
||||||
buildInputs = with pkgs; with sops-pkgs; [
|
buildInputs = with pkgs;
|
||||||
|
with sops-pkgs; [
|
||||||
nixfmt
|
nixfmt
|
||||||
git-lfs
|
git-lfs
|
||||||
sops-init-gpg-key
|
sops-init-gpg-key
|
||||||
|
@ -116,7 +127,8 @@
|
||||||
|
|
||||||
ipython
|
ipython
|
||||||
|
|
||||||
python3.withPackages (ppkgs:
|
python3.withPackages
|
||||||
|
(ppkgs:
|
||||||
with pkgs; [
|
with pkgs; [
|
||||||
python-lsp-server
|
python-lsp-server
|
||||||
python-lsp-black
|
python-lsp-black
|
||||||
|
@ -146,8 +158,7 @@
|
||||||
(mapAttrsToList
|
(mapAttrsToList
|
||||||
(host: vm: "hostfwd=::${host}-:${vm}")
|
(host: vm: "hostfwd=::${host}-:${vm}")
|
||||||
ports);
|
ports);
|
||||||
in
|
in ''
|
||||||
''
|
|
||||||
export QEMU_OPTS="-m 3941 -smp 2 -curses"
|
export QEMU_OPTS="-m 3941 -smp 2 -curses"
|
||||||
export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
|
export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
{ inputs, lib, pkgs, ... }:
|
{
|
||||||
|
inputs,
|
||||||
let
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
inherit (lib) makeExtensible foldr attrValues;
|
inherit (lib) makeExtensible foldr attrValues;
|
||||||
tlater-lib = makeExtensible (self:
|
tlater-lib = makeExtensible (self: let
|
||||||
let callLibs = file: import file { inherit self lib pkgs inputs; };
|
callLibs = file: import file {inherit self lib pkgs inputs;};
|
||||||
in {minecraft = callLibs ./minecraft.nix;});
|
in {minecraft = callLibs ./minecraft.nix;});
|
||||||
in tlater-lib.extend (self: super: foldr (a: b: a // b) { } (attrValues super))
|
in
|
||||||
|
tlater-lib.extend (self: super: foldr (a: b: a // b) {} (attrValues super))
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
{ lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
# Make a modpack given its mod inputs.
|
# Make a modpack given its mod inputs.
|
||||||
#
|
#
|
||||||
# Mods should be attrsets in this format:
|
# Mods should be attrsets in this format:
|
||||||
|
@ -13,7 +15,11 @@
|
||||||
#
|
#
|
||||||
# This may be nice to read from a json ;)
|
# This may be nice to read from a json ;)
|
||||||
#
|
#
|
||||||
mkModpack = { name, version, mods }:
|
mkModpack = {
|
||||||
|
name,
|
||||||
|
version,
|
||||||
|
mods,
|
||||||
|
}:
|
||||||
pkgs.stdenv.mkDerivation {
|
pkgs.stdenv.mkDerivation {
|
||||||
inherit name version;
|
inherit name version;
|
||||||
srcs = map pkgs.local.fetchFromCurseForge mods;
|
srcs = map pkgs.local.fetchFromCurseForge mods;
|
||||||
|
@ -28,7 +34,11 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
mkModpackZip = { name, version, mods }:
|
mkModpackZip = {
|
||||||
|
name,
|
||||||
|
version,
|
||||||
|
mods,
|
||||||
|
}:
|
||||||
pkgs.stdenv.mkDerivation {
|
pkgs.stdenv.mkDerivation {
|
||||||
inherit name version;
|
inherit name version;
|
||||||
srcs = map pkgs.local.fetchFromCurseForge mods;
|
srcs = map pkgs.local.fetchFromCurseForge mods;
|
||||||
|
|
|
@ -1,8 +1,5 @@
|
||||||
{lib, ...}:
|
{lib, ...}:
|
||||||
|
with lib; {
|
||||||
with lib;
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [./virtualisation/pods.nix];
|
imports = [./virtualisation/pods.nix];
|
||||||
|
|
||||||
options.services.nginx.domain = mkOption {
|
options.services.nginx.domain = mkOption {
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
{ lib, config, options, ... }:
|
{
|
||||||
|
lib,
|
||||||
with lib;
|
config,
|
||||||
|
options,
|
||||||
let
|
...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
cfg = config.virtualisation.pods;
|
cfg = config.virtualisation.pods;
|
||||||
list-to-args = arg: list:
|
list-to-args = arg: list:
|
||||||
concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list);
|
concatStringsSep " " (map (e: "--${arg}=${escapeShellArg e}") list);
|
||||||
possibly-unset-arg = arg: val:
|
possibly-unset-arg = arg: val: (optionalString (val != null) "--${arg}=${escapeShellArg val}");
|
||||||
(optionalString (val != null) "--${arg}=${escapeShellArg val}");
|
|
||||||
|
|
||||||
mkPod = name: pod: rec {
|
mkPod = name: pod: rec {
|
||||||
path = [config.virtualisation.podman.package];
|
path = [config.virtualisation.podman.package];
|
||||||
|
@ -55,7 +56,6 @@ let
|
||||||
PIDFile = "/run/podman/pods/${name}.pid";
|
PIDFile = "/run/podman/pods/${name}.pid";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options.virtualisation.pods = mkOption {
|
options.virtualisation.pods = mkOption {
|
||||||
type = with types;
|
type = with types;
|
||||||
|
@ -64,8 +64,7 @@ in {
|
||||||
added-hosts = mkOption {
|
added-hosts = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
default = [];
|
default = [];
|
||||||
description =
|
description = "Additional hosts to add to /etc/hosts for each container.";
|
||||||
"Additional hosts to add to /etc/hosts for each container.";
|
|
||||||
example = literalExample ''
|
example = literalExample ''
|
||||||
[ "database:10.0.0.1" ]
|
[ "database:10.0.0.1" ]
|
||||||
'';
|
'';
|
||||||
|
@ -74,8 +73,7 @@ in {
|
||||||
cgroup-parent = mkOption {
|
cgroup-parent = mkOption {
|
||||||
type = nullOr str;
|
type = nullOr str;
|
||||||
default = null;
|
default = null;
|
||||||
description =
|
description = "The cgroups path under which the pod cgroup will be created.";
|
||||||
"The cgroups path under which the pod cgroup will be created.";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
dns = mkOption {
|
dns = mkOption {
|
||||||
|
@ -192,20 +190,23 @@ in {
|
||||||
nameValuePair "podman-${pname}-${cname}" rec {
|
nameValuePair "podman-${pname}-${cname}" rec {
|
||||||
after = ["pod-${pname}.service"];
|
after = ["pod-${pname}.service"];
|
||||||
requires = after;
|
requires = after;
|
||||||
}) pod.containers) cfg);
|
})
|
||||||
|
pod.containers)
|
||||||
|
cfg);
|
||||||
|
|
||||||
# Override the oci-container settings for containers defined in pods.
|
# Override the oci-container settings for containers defined in pods.
|
||||||
#
|
#
|
||||||
# I.e., set the --pod=podname setting, and update the dependsOn so
|
# I.e., set the --pod=podname setting, and update the dependsOn so
|
||||||
# it points to containers in the same pod.
|
# it points to containers in the same pod.
|
||||||
podifyContainer = container: podname:
|
podifyContainer = container: podname:
|
||||||
container // {
|
container
|
||||||
|
// {
|
||||||
dependsOn =
|
dependsOn =
|
||||||
map (dependency: "${podname}-${dependency}") container.dependsOn;
|
map (dependency: "${podname}-${dependency}") container.dependsOn;
|
||||||
extraOptions = container.extraOptions ++ ["--pod=${podname}"];
|
extraOptions = container.extraOptions ++ ["--pod=${podname}"];
|
||||||
};
|
};
|
||||||
|
in
|
||||||
in lib.mkIf (cfg != { }) {
|
lib.mkIf (cfg != {}) {
|
||||||
virtualisation.podman.enable = true;
|
virtualisation.podman.enable = true;
|
||||||
virtualisation.oci-containers.backend = "podman";
|
virtualisation.oci-containers.backend = "podman";
|
||||||
|
|
||||||
|
@ -215,6 +216,7 @@ in {
|
||||||
(pname: pod:
|
(pname: pod:
|
||||||
mapAttrs' (cname: container:
|
mapAttrs' (cname: container:
|
||||||
nameValuePair "${pname}-${cname}" (podifyContainer container pname))
|
nameValuePair "${pname}-${cname}" (podifyContainer container pname))
|
||||||
pod.containers) cfg);
|
pod.containers)
|
||||||
|
cfg);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
{ lib, fetchurl }:
|
{
|
||||||
|
lib,
|
||||||
|
fetchurl,
|
||||||
|
}:
|
||||||
with builtins;
|
with builtins;
|
||||||
|
{
|
||||||
{ project, id, filename, ... }@args:
|
project,
|
||||||
|
id,
|
||||||
let
|
filename,
|
||||||
|
...
|
||||||
|
} @ args: let
|
||||||
# I think this is supposed to be some weak automation
|
# I think this is supposed to be some weak automation
|
||||||
# protection. This split "id" is simply part of the download URL.
|
# protection. This split "id" is simply part of the download URL.
|
||||||
#
|
#
|
||||||
|
@ -16,8 +20,9 @@ let
|
||||||
|
|
||||||
url = "https://media.forgecdn.net/files/${a}/${b}/${encoded-filename}";
|
url = "https://media.forgecdn.net/files/${a}/${b}/${encoded-filename}";
|
||||||
otherArgs = removeAttrs args ["project" "project_id" "id" "filename"];
|
otherArgs = removeAttrs args ["project" "project_id" "id" "filename"];
|
||||||
|
in
|
||||||
in fetchurl (otherArgs // {
|
fetchurl (otherArgs
|
||||||
|
// {
|
||||||
inherit url;
|
inherit url;
|
||||||
# Rename files to avoid names incompatible with the nix store
|
# Rename files to avoid names incompatible with the nix store
|
||||||
name = "${project}.jar";
|
name = "${project}.jar";
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
{ pkgs, local-lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
let
|
local-lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
inherit (pkgs.lib) callPackageWith;
|
inherit (pkgs.lib) callPackageWith;
|
||||||
callPackage = callPackageWith (pkgs // {inherit local-lib;});
|
callPackage = callPackageWith (pkgs // {inherit local-lib;});
|
||||||
in {
|
in {
|
||||||
|
|
|
@ -1,7 +1,15 @@
|
||||||
{ lib, stdenv, fetchurl, busybox, coreutils, jre_headless, runtimeShell
|
{
|
||||||
, mods ? null, modConfig ? null, defaultconfigs ? null }:
|
lib,
|
||||||
|
stdenv,
|
||||||
let
|
fetchurl,
|
||||||
|
busybox,
|
||||||
|
coreutils,
|
||||||
|
jre_headless,
|
||||||
|
runtimeShell,
|
||||||
|
mods ? null,
|
||||||
|
modConfig ? null,
|
||||||
|
defaultconfigs ? null,
|
||||||
|
}: let
|
||||||
name = "forge-server";
|
name = "forge-server";
|
||||||
version = "1.16.5-36.2.2";
|
version = "1.16.5-36.2.2";
|
||||||
mirror = "https://files.minecraftforge.net/maven/net/minecraftforge/forge";
|
mirror = "https://files.minecraftforge.net/maven/net/minecraftforge/forge";
|
||||||
|
@ -43,8 +51,8 @@ let
|
||||||
outputHashMode = "recursive";
|
outputHashMode = "recursive";
|
||||||
outputHash = "VuUGc5JnzcRhDt9aaGrU+yUrJILVdU2vzv1PxLwdAig=";
|
outputHash = "VuUGc5JnzcRhDt9aaGrU+yUrJILVdU2vzv1PxLwdAig=";
|
||||||
};
|
};
|
||||||
|
in
|
||||||
in stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
inherit name version src unpackCmd nativeBuildInputs;
|
inherit name version src unpackCmd nativeBuildInputs;
|
||||||
|
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
{ lib, local-lib, stdenv }:
|
{
|
||||||
|
lib,
|
||||||
|
local-lib,
|
||||||
|
stdenv,
|
||||||
|
}:
|
||||||
local-lib.minecraft.mkModpackZip {
|
local-lib.minecraft.mkModpackZip {
|
||||||
name = "voor-kia-client";
|
name = "voor-kia-client";
|
||||||
version = "1.1";
|
version = "1.1";
|
||||||
mods = (builtins.fromJSON (builtins.readFile ./voor-kia/mods.json))
|
mods =
|
||||||
|
(builtins.fromJSON (builtins.readFile ./voor-kia/mods.json))
|
||||||
++ (builtins.fromJSON (builtins.readFile ./voor-kia/client-mods.json));
|
++ (builtins.fromJSON (builtins.readFile ./voor-kia/client-mods.json));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
{ lib, local-lib, stdenv }:
|
{
|
||||||
|
lib,
|
||||||
|
local-lib,
|
||||||
|
stdenv,
|
||||||
|
}:
|
||||||
local-lib.minecraft.mkModpack {
|
local-lib.minecraft.mkModpack {
|
||||||
name = "voor-kia";
|
name = "voor-kia";
|
||||||
version = "1.0";
|
version = "1.0";
|
||||||
|
|
Loading…
Reference in a new issue