Merge pull request #1 from ClicksMinutePer/update-23.05
diff --git a/default/configuration.nix b/default/configuration.nix
index 3b8888e..0ccf399 100644
--- a/default/configuration.nix
+++ b/default/configuration.nix
@@ -129,12 +129,8 @@
nix.settings.experimental-features = [ "nix-command" "flakes" ];
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
# Open ports in the firewall.
- networking.firewall.allowedTCPPorts = [ 22 80 443 25 465 587 110 995 143 993 ];
+ networking.firewall.allowedTCPPorts = [ 80 443 25 465 587 110 995 143 993 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
diff --git a/flake.lock b/flake.lock
index bf6af46..4932c73 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
"utils": "utils"
},
"locked": {
- "lastModified": 1682063650,
- "narHash": "sha256-VaDHh2z6xlnTHaONlNVHP7qEMcK5rZ8Js3sT6mKb2XY=",
+ "lastModified": 1685948350,
+ "narHash": "sha256-1FldJ059so0X/rScdbIiOlQbjjSNCCTdj2cUr5pHU4A=",
"owner": "serokell",
"repo": "deploy-rs",
- "rev": "c2ea4e642dc50fd44b537e9860ec95867af30d39",
+ "rev": "65211db63ba1199f09b4c9f27e5eba5ec50d76ac",
"type": "github"
},
"original": {
@@ -41,11 +41,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1681202837,
- "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+ "lastModified": 1685518550,
+ "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+ "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
@@ -58,23 +58,19 @@
"inputs": {
"nixpkgs": [
"nixpkgs"
- ],
- "utils": [
- "deploy-rs",
- "utils"
]
},
"locked": {
- "lastModified": 1681092193,
- "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
+ "lastModified": 1685599623,
+ "narHash": "sha256-Tob4CMOVHue0D3RzguDBCtUmX5ji2PsdbQDbIOIKvsc=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
+ "rev": "93db05480c0c0f30382d3e80779e8386dcb4f9dd",
"type": "github"
},
"original": {
"owner": "nix-community",
- "ref": "release-22.11",
+ "ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
@@ -97,11 +93,11 @@
},
"nixpkgs-stable": {
"locked": {
- "lastModified": 1683504292,
- "narHash": "sha256-jlZbBIKGa6IMGkcJkQ08pbKnouTAPfeq1fD5I7l/rBw=",
+ "lastModified": 1685758009,
+ "narHash": "sha256-IT4Z5WGhafrq+xbDTyuKrRPRQ1f+kVOtE+4JU1CHFeo=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "ba0086c178d4ed60a7899f739caea553eca2e046",
+ "rev": "eaf03591711b46d21abc7082a8ebee4681f9dbeb",
"type": "github"
},
"original": {
@@ -113,11 +109,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1683777345,
- "narHash": "sha256-V2p/A4RpEGqEZussOnHYMU6XglxBJGCODdzoyvcwig8=",
+ "lastModified": 1686089707,
+ "narHash": "sha256-LTNlJcru2qJ0XhlhG9Acp5KyjB774Pza3tRH0pKIb3o=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "635a306fc8ede2e34cb3dd0d6d0a5d49362150ed",
+ "rev": "af21c31b2a1ec5d361ed8050edd0303c31306397",
"type": "github"
},
"original": {
@@ -129,16 +125,16 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1682817260,
- "narHash": "sha256-kFMXzKNj4d/0Iqbm5l57rHSLyUeyCLMuvlROZIuuhvk=",
+ "lastModified": 1686059680,
+ "narHash": "sha256-sp0WlCIeVczzB0G8f8iyRg3IYW7KG31mI66z7HIZwrI=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "db1e4eeb0f9a9028bcb920e00abbc1409dd3ef36",
+ "rev": "a558f7ac29f50c4b937fb5c102f587678ae1c9fb",
"type": "github"
},
"original": {
"owner": "nixos",
- "ref": "nixos-22.11",
+ "ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
@@ -185,11 +181,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
- "lastModified": 1683545104,
- "narHash": "sha256-48wC0zzHAej/wLFWIgV+uj63AvQ2UUk85g7wmXJzTqk=",
+ "lastModified": 1685848844,
+ "narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "36b062a2c85a0efb37de1300c79c54602a094fab",
+ "rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index fd128a1..8dab2a3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,33 +1,27 @@
{
description = "A flake to deploy and configure Clicks' NixOS server";
- inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
- inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+ inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
inputs.flake-utils.url = "github:numtide/flake-utils";
inputs.deploy-rs.url = "github:serokell/deploy-rs";
- inputs.home-manager.url = "github:nix-community/home-manager/release-22.11";
+ inputs.home-manager.url = "github:nix-community/home-manager/release-23.05";
inputs.sops-nix.url = "github:Mic92/sops-nix";
inputs.scalpel.url = "github:polygon/scalpel";
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
- inputs.home-manager.inputs.utils.follows = "deploy-rs/utils";
inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
inputs.scalpel.inputs.nixpkgs.follows = "nixpkgs";
inputs.scalpel.inputs.sops-nix.follows = "sops-nix";
- outputs = { self, nixpkgs, deploy-rs, home-manager, sops-nix, scalpel, nixpkgs-unstable, ... }@inputs:
+ outputs = { self, nixpkgs, deploy-rs, home-manager, sops-nix, scalpel, ... }@inputs:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
- pkgs-unstable = import nixpkgs-unstable {
- inherit system;
- config.allowUnfree = true;
- };
in
rec {
nixosConfigurations.clicks =
@@ -40,7 +34,6 @@
./modules/cache.nix
./modules/caddy.nix
./modules/clamav.nix
- ./modules/code-server.nix
./modules/dmarc.nix
./modules/dnsmasq.nix
./modules/doas.nix
@@ -59,12 +52,12 @@
./modules/postgres.nix
./modules/samba.nix
./modules/scalpel.nix
+ ./modules/ssh.nix
./modules/static-ip.nix
./modules/tesseract.nix
sops-nix.nixosModules.sops
{
users.mutableUsers = false;
- _module.args = { inherit pkgs-unstable; };
}
];
specialArgs = { base = null; };
diff --git a/modules/code-server.nix b/modules/code-server.nix
deleted file mode 100644
index 39b7f3e..0000000
--- a/modules/code-server.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ pkgs, ... }: {
- services.code-server = {
- enable = true;
- host = "0.0.0.0";
- auth = "none";
- package = (pkgs.buildFHSUserEnv {
- name = "code-server";
- targetPkgs = pkgs: with pkgs; [ code-server git ];
- runScript = "code-server";
- });
- };
-}
diff --git a/modules/dmarc.nix b/modules/dmarc.nix
index 7ab2e7a..c79721d 100644
--- a/modules/dmarc.nix
+++ b/modules/dmarc.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, pkgs-unstable, ... }: {
+{ config, lib, pkgs, ... }: {
users.users.parsedmarc = {
isSystemUser = true;
createHome = true;
@@ -29,6 +29,8 @@
host = "mail.clicks.codes";
user = "dmarc@clicks.codes";
password = { _secret = config.sops.secrets.imap_password.path; };
+ };
+ settings.mailbox = {
watch = true;
delete = false;
};
@@ -47,5 +49,4 @@
chgrp clicks ${config.services.geoipupdate.settings.DatabaseDirectory}
# The license agreement does not allow us to let non-clicks users access the database
'';
- services.elasticsearch.package = pkgs-unstable.elasticsearch;
}
diff --git a/modules/dnsmasq.nix b/modules/dnsmasq.nix
index 3d3b6bd..51dd06d 100644
--- a/modules/dnsmasq.nix
+++ b/modules/dnsmasq.nix
@@ -3,12 +3,12 @@
nscd.enableNsncd = true;
dnsmasq = {
enable = true;
- servers = [ "1.1.1.1" "1.0.0.1" ];
- extraConfig = ''
- local=/local/
- domain=local
- expand-hosts
- '';
+ settings = {
+ servers = [ "1.1.1.1" "1.0.0.1" ];
+ local = "/local/";
+ domain = "local";
+ expand-hosts = true;
+ };
};
avahi = {
enable = true;
diff --git a/modules/git.nix b/modules/git.nix
index dac2036..747f686 100644
--- a/modules/git.nix
+++ b/modules/git.nix
@@ -3,8 +3,6 @@
services.gitea = {
enable = false;
- rootUrl = "https://git.clicks.codes/";
- httpPort = 6064;
settings.mailer = {
ENABLED = true;
FROM = "git@clicks.codes";
@@ -25,6 +23,8 @@
DEFAULT_ENABLE_TIMETRACKING = true;
};
settings.server = {
+ ROOT_URL = "https://git.clicks.codes/";
+ HTTP_PORT = 6064;
SSH_DOMAIN = "ssh.clicks.codes";
DOMAIN = "localhost";
DISABLE_SSH = false;
diff --git a/modules/node.nix b/modules/node.nix
index d5f832f..0de7e98 100644
--- a/modules/node.nix
+++ b/modules/node.nix
@@ -1,6 +1,6 @@
{ config, pkgs, ... }: {
environment.systemPackages = with pkgs; [
- nodejs-19_x
+ nodejs_20
nodePackages.typescript
yarn
nodePackages.pm2
diff --git a/modules/ssh.nix b/modules/ssh.nix
new file mode 100644
index 0000000..70e1ebb
--- /dev/null
+++ b/modules/ssh.nix
@@ -0,0 +1,7 @@
+{
+ services.openssh = {
+ enable = true;
+ settings.PasswordAuthentication = false;
+ };
+ networking.firewall.allowedTCPPorts = [ 22 ];
+}
diff --git a/services/README.md b/services/README.md
index 6caca82..b804fb8 100644
--- a/services/README.md
+++ b/services/README.md
@@ -8,9 +8,3 @@
- all configuration should be [home-manager](https://github.com/nix-community/home-manager)
configuration files rather than NixOS configuration files
-## Installed services
-
-<!-- spell-checker:words etherpad -->
-- etherpad: <https://etherpad.org/>
- - uses git-sync with home-manager to sync the release-3.x
- - runs using a systemd service
diff --git a/services/etherpad/default.nix b/services/etherpad/default.nix
deleted file mode 100644
index 80fbd43..0000000
--- a/services/etherpad/default.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ pkgs, config, lib, ... }: {
- home.packages = [ pkgs.nodejs-14_x ];
-
- services.git-sync = {
- enable = false;
-
- repositories = {
- "etherpad" = {
- path = "${config.home.homeDirectory}/etherpad/";
- uri = "https://github.com/ether/etherpad-lite";
- };
- };
- };
-
- systemd.user.services = {
- git-sync-etherpad.Service = {
- Environment = [
- "GIT_SYNC_EXECHOOK_COMMAND=${pkgs.systemd}/bin/systemctl restart etherpad --user"
- "GIT_SYNC_REV=1.8.18"
- "GIT_SYNC_ONE_TIME=true"
- ];
- ExecStart = lib.mkForce (builtins.replaceStrings [ "\n" ] [ "" ]
- ''${pkgs.bashInteractive}/bin/sh -c "
- ${pkgs.coreutils}/bin/mkdir -p ${config.services.git-sync.repositories.etherpad.path}
- && cd ${config.services.git-sync.repositories.etherpad.path}
- && ${pkgs.git}/bin/git clone ${config.services.git-sync.repositories.etherpad.uri} .
- && ${pkgs.git}/bin/git checkout $GIT_SYNC_REV
- ; ${config.services.git-sync.package}/bin/git-sync"'');
- };
- /* etherpad = { */
- /* Unit.Description = "A service to run etherpad"; */
-
- /* Install.WantedBy = [ "default.target" ]; */
-
- /* Service = rec { */
- /* ExecStart = "${pkgs.bashInteractive}/bin/sh -c \"export PATH=$PATH:/run/current-system/sw/bin && ${WorkingDirectory}src/bin/run.sh\""; */
- /* Restart = "always"; */
- /* WorkingDirectory = "${config.home.homeDirectory}/etherpad/"; */
- /* }; */
- /* }; */
- };
-}