From d10dbca7ce598a5dd25588f483a834230cc1595d Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Mon, 13 Feb 2023 17:09:49 +0100 Subject: [PATCH] fixed container IPs + unstable overlay + bugfixes --- flake.lock | 72 ++++++++++++++----- flake.nix | 16 ++++- hosts/common/base/default.nix | 2 +- .../lkk-nix-1/services/containers/baserow.nix | 2 +- .../services/containers/briefkasten.nix | 2 +- .../lkk-nix-1/services/containers/matomo.nix | 2 +- .../services/containers/nextcloud.nix | 2 +- .../services/containers/wireguard.nix | 1 + .../services/containers/wordpress.nix | 2 +- hosts/lkk-nix-1/services/gitea.nix | 2 + hosts/lkk-nix-1/services/invidious.nix | 2 + 11 files changed, 81 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 79cd62f..97aad69 100644 --- a/flake.lock +++ b/flake.lock @@ -2,14 +2,15 @@ "nodes": { "agenix": { "inputs": { + "darwin": "darwin", "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1665870395, - "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=", + "lastModified": 1676153903, + "narHash": "sha256-uetRyjgMiZCs6srmZ10M764Vn7F53M9mVuqnzHmyBqU=", "owner": "ryantm", "repo": "agenix", - "rev": "a630400067c6d03c9b3e0455347dc8559db14288", + "rev": "ea17cc71b4e1bc5b2601f210a1c85db9453ad723", "type": "github" }, "original": { @@ -18,6 +19,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", @@ -25,11 +48,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1672327199, - "narHash": "sha256-pFlngSHXKBhAmbaKZ4FYtu57LLunG+vWdL7a5vw1RvQ=", + "lastModified": 1674127017, + "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=", "owner": "serokell", "repo": "deploy-rs", - "rev": "a5619f5660a00f58c2b7c16d89058e92327ac9b8", + "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77", "type": "github" }, "original": { @@ -62,11 +85,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1671966569, - "narHash": "sha256-jbLgfSnmLchARBNFRvCic63CFQ9LAyvlXnBpc2kwjQc=", + "lastModified": 1675935446, + "narHash": "sha256-WajulTn7QdwC7QuXRBavrANuIXE5z+08EdxdRw1qsNs=", "owner": "nix-community", "repo": "home-manager", - "rev": "c55fa26ce05fee8e063db22918d05a73d430b2ea", + "rev": "2dce7f1a55e785a22d61668516df62899278c9e4", "type": "github" }, "original": { @@ -77,11 +100,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1665732960, - "narHash": "sha256-WBZ+uSHKFyjvd0w4inbm0cNExYTn8lpYFcHEes8tmec=", + "lastModified": 1674641431, + "narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4428e23312933a196724da2df7ab78eb5e67a88e", + "rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc", "type": "github" }, "original": { @@ -91,6 +114,22 @@ "type": "github" } }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1676202775, + "narHash": "sha256-gV/RnfVZkGLHn+5rmX2GSh5aquVHpWOJw1cnpEV03tQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d917136f550a8c36efb1724390c7245105f79023", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1671417167, @@ -109,11 +148,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1671883564, - "narHash": "sha256-C15oAtyupmLB3coZY7qzEHXjhtUx/+77olVdqVMruAg=", + "lastModified": 1676177817, + "narHash": "sha256-OQnBnuKkpwkfNY31xQyfU5hNpLs1ilWt+hVY6ztEEOM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dac57a4eccf1442e8bf4030df6fcbb55883cb682", + "rev": "1b82144edfcd0c86486d2e07c7298f85510e7fb8", "type": "github" }, "original": { @@ -128,7 +167,8 @@ "agenix": "agenix", "deploy-rs": "deploy-rs", "home-manager": "home-manager", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_3", + "nixpkgs-unstable": "nixpkgs-unstable" } }, "utils": { diff --git a/flake.nix b/flake.nix index 0b46c6e..3d0fe29 100644 --- a/flake.nix +++ b/flake.nix @@ -10,19 +10,31 @@ }; agenix.url = "github:ryantm/agenix"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; deploy-rs.url = "github:serokell/deploy-rs"; }; - outputs = { self, nixpkgs, home-manager, agenix, deploy-rs, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, agenix, deploy-rs + , ... }@inputs: let inherit (self) outputs; lib = nixpkgs.lib; allowUnfree = { nixpkgs.config.allowUnfree = true; }; + system = "x86_64-linux"; + overlay-unstable = final: prev: { + unstable = nixpkgs-unstable.legacyPackages.${prev.system}; + }; in { nixosConfigurations = { lkk-nix-1 = lib.nixosSystem { specialArgs = { inherit inputs; }; - modules = [ ./hosts/lkk-nix-1 agenix.nixosModule ]; + modules = [ + ./hosts/lkk-nix-1 + agenix.nixosModules.default + ({ config, pkgs, ... }: { + nixpkgs.overlays = [ overlay-unstable ]; + }) + ]; }; }; homeConfigurations = { diff --git a/hosts/common/base/default.nix b/hosts/common/base/default.nix index 19537dc..a7a9d4e 100644 --- a/hosts/common/base/default.nix +++ b/hosts/common/base/default.nix @@ -10,7 +10,7 @@ nixpkgs.config.allowUnfree = true; environment.systemPackages = [ - inputs.agenix.defaultPackage."x86_64-linux" + inputs.agenix.packages.x86_64-linux.default pkgs.busybox ]; } diff --git a/hosts/lkk-nix-1/services/containers/baserow.nix b/hosts/lkk-nix-1/services/containers/baserow.nix index a0e7fc7..197dc31 100644 --- a/hosts/lkk-nix-1/services/containers/baserow.nix +++ b/hosts/lkk-nix-1/services/containers/baserow.nix @@ -20,6 +20,6 @@ }; ports = [ "3001:80" ]; volumes = [ "baserow_data:/baserow/data" ]; - extraOptions = [ "--add-host=postgres:10.88.0.1" ]; + extraOptions = [ "--add-host=postgres:10.88.0.1" "--ip=10.88.0.11" ]; }; } diff --git a/hosts/lkk-nix-1/services/containers/briefkasten.nix b/hosts/lkk-nix-1/services/containers/briefkasten.nix index 28b8ce0..13c7160 100644 --- a/hosts/lkk-nix-1/services/containers/briefkasten.nix +++ b/hosts/lkk-nix-1/services/containers/briefkasten.nix @@ -3,6 +3,6 @@ image = "docker.io/ndom91/briefkasten"; environmentFiles = [ config.age.secrets.briefkasten-env.path ]; ports = [ "3009:3000" ]; - extraOptions = [ "--add-host=postgres:10.88.0.1" ]; + extraOptions = [ "--add-host=postgres:10.88.0.1" "--ip=10.88.0.19" ]; }; } diff --git a/hosts/lkk-nix-1/services/containers/matomo.nix b/hosts/lkk-nix-1/services/containers/matomo.nix index 06f7700..ee5e251 100644 --- a/hosts/lkk-nix-1/services/containers/matomo.nix +++ b/hosts/lkk-nix-1/services/containers/matomo.nix @@ -11,6 +11,6 @@ }; ports = [ "3003:80" ]; volumes = [ "matomo_data:/var/www/html" ]; - extraOptions = [ "--add-host=mysql:10.88.0.1" ]; + extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.13" ]; }; } diff --git a/hosts/lkk-nix-1/services/containers/nextcloud.nix b/hosts/lkk-nix-1/services/containers/nextcloud.nix index 8d9e04d..c92ac77 100644 --- a/hosts/lkk-nix-1/services/containers/nextcloud.nix +++ b/hosts/lkk-nix-1/services/containers/nextcloud.nix @@ -9,6 +9,6 @@ }; ports = [ "3005:80" ]; volumes = [ "nextcloud_data:/var/www/html" ]; - extraOptions = [ "--add-host=mysql:10.88.0.1" ]; + extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.15" ]; }; } diff --git a/hosts/lkk-nix-1/services/containers/wireguard.nix b/hosts/lkk-nix-1/services/containers/wireguard.nix index 21850da..fc060b0 100644 --- a/hosts/lkk-nix-1/services/containers/wireguard.nix +++ b/hosts/lkk-nix-1/services/containers/wireguard.nix @@ -9,6 +9,7 @@ "--cap-add=SYS_MODULE" "--sysctl=net.ipv4.conf.all.src_valid_mark=1" "--sysctl=net.ipv4.ip_forward=1" + "--ip=10.88.0.17" ]; }; } diff --git a/hosts/lkk-nix-1/services/containers/wordpress.nix b/hosts/lkk-nix-1/services/containers/wordpress.nix index 3ff8f90..c68d0b0 100644 --- a/hosts/lkk-nix-1/services/containers/wordpress.nix +++ b/hosts/lkk-nix-1/services/containers/wordpress.nix @@ -9,6 +9,6 @@ }; ports = [ "3002:80" ]; volumes = [ "lanakk_blog_data:/var/www/html" ]; - extraOptions = [ "--add-host=mysql:10.88.0.1" ]; + extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.12" ]; }; } diff --git a/hosts/lkk-nix-1/services/gitea.nix b/hosts/lkk-nix-1/services/gitea.nix index 48ae586..8913539 100644 --- a/hosts/lkk-nix-1/services/gitea.nix +++ b/hosts/lkk-nix-1/services/gitea.nix @@ -1,6 +1,8 @@ +{ config, pkgs, ... }: { services.gitea = { enable = true; + package = pkgs.unstable.gitea; rootUrl = "https://code.lanakk.com"; dump = { enable = true; diff --git a/hosts/lkk-nix-1/services/invidious.nix b/hosts/lkk-nix-1/services/invidious.nix index a9bca32..5f12f3c 100644 --- a/hosts/lkk-nix-1/services/invidious.nix +++ b/hosts/lkk-nix-1/services/invidious.nix @@ -1,6 +1,8 @@ +{ config, pkgs, ... }: { services.invidious = { enable = true; + package = pkgs.unstable.invidious; port = 3006; domain = "video.lanakk.com"; };