diff --git a/flake.lock b/flake.lock index a97896b..00b77b7 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1715699772, - "narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=", + "lastModified": 1718194053, + "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", "owner": "serokell", "repo": "deploy-rs", - "rev": "b3ea6f333f9057b77efd9091119ba67089399ced", + "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", "type": "github" }, "original": { @@ -55,11 +55,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -73,11 +73,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1712623723, - "narHash": "sha256-jPD5+M+QPyMRk52zfFMIeHdv7yXYJ/yNGqwS0PhYF+E=", + "lastModified": 1719541573, + "narHash": "sha256-9j8Rtv5UWsD4A3jAh8MpopNGmftSAoI8htssmXLu8jU=", "owner": "reckenrode", "repo": "nix-foundryvtt", - "rev": "6025615b431170558c3c13f16b549fc0126425e1", + "rev": "1176cc325e5e1d46c7a018663a8e02e699e838ec", "type": "github" }, "original": { @@ -102,43 +102,28 @@ "type": "github" } }, - "nixpkgs-23_05": { + "nixpkgs-24_05": { "locked": { - "lastModified": 1704290814, - "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "nixpkgs-23_11": { - "locked": { - "lastModified": 1706098335, - "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "type": "indirect" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1716061101, - "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", + "lastModified": 1719663039, + "narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", + "rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119", "type": "github" }, "original": { @@ -150,11 +135,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716330097, - "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", + "lastModified": 1719848872, + "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", + "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", "type": "github" }, "original": { @@ -166,43 +151,43 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1701389149, - "narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=", + "lastModified": 1718437845, + "narHash": "sha256-ZT7Oc1g4I4pHVGGjQFnewFVDRLH5cIZhEzODLz9YXeY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5de0b32be6e85dc1a9404c75131316e4ffbc634c", + "rev": "752c634c09ceb50c45e751f8791cb45cb3d46c9e", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1716361217, - "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", + "lastModified": 1719838683, + "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", + "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_4": { "locked": { - "lastModified": 1705856552, - "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -226,21 +211,20 @@ "blobs": "blobs", "flake-compat": "flake-compat_2", "nixpkgs": "nixpkgs_4", - "nixpkgs-23_05": "nixpkgs-23_05", - "nixpkgs-23_11": "nixpkgs-23_11", + "nixpkgs-24_05": "nixpkgs-24_05", "utils": "utils_2" }, "locked": { - "lastModified": 1706219574, - "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", + "lastModified": 1718084203, + "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", + "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixos-mailserver", "type": "gitlab" } @@ -253,11 +237,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1716400300, - "narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=", + "lastModified": 1719873517, + "narHash": "sha256-D1dxZmXf6M2h5lNE1m6orojuUawVPjogbGRsqSBX+1g=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b549832718b8946e875c016a4785d204fcfc2e53", + "rev": "a11224af8d824935f363928074b4717ca2e280db", "type": "github" }, "original": { @@ -281,6 +265,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems" @@ -300,12 +299,15 @@ } }, "utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 818328a..774b968 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,12 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.url = "github:serokell/deploy-rs"; simple-nixos-mailserver.url = - "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; + "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; foundryvtt.url = "github:reckenrode/nix-foundryvtt"; }; @@ -73,7 +73,7 @@ }; storage1 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - specialArgs = { inherit nixpkgs; }; + specialArgs = { inherit nixpkgs inputs; }; modules = [ defaultModuleArgs sops-nix.nixosModules.sops diff --git a/modules/gitlab-runner.nix b/modules/gitlab-runner.nix index 39d272b..e1a0fa7 100644 --- a/modules/gitlab-runner.nix +++ b/modules/gitlab-runner.nix @@ -1,9 +1,7 @@ { config, lib, pkgs, ... }: with lib; -let - cfg = config.custom.services.gitlab-runner; -in -{ +let cfg = config.custom.services.gitlab-runner; +in { options.custom.services.gitlab-runner = { enable = mkEnableOption "gitlab-runner"; }; @@ -35,58 +33,52 @@ in }; }; - config = - let - hostConfig = config; - in - args@{ config, ... }: { + config = let hostConfig = config; + in args@{ config, ... }: { - nix = { - package = pkgs.nixUnstable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - - environment.systemPackages = with pkgs; [ - git - htop - nload - ]; - - users.groups.gitlab-runner = { }; - users.users.gitlab-runner = { - isSystemUser = true; - group = config.users.groups.gitlab-runner.name; - }; - - programs.ssh.extraConfig = '' - StrictHostKeyChecking=no - UserKnownHostsFile=/dev/null + nix = { + package = pkgs.nixVersions.latest; + extraOptions = '' + experimental-features = nix-command flakes ''; + }; - services = { - openssh.enable = true; - gitlab-runner = { - enable = true; - services = { - shell = { - registrationConfigFile = hostConfig.sops.secrets.runnerRegistrationConfig.path; - executor = "shell"; - tagList = [ "nix" ]; - }; + environment.systemPackages = with pkgs; [ git htop nload ]; + + users.groups.gitlab-runner = { }; + users.users.gitlab-runner = { + isSystemUser = true; + group = config.users.groups.gitlab-runner.name; + }; + + programs.ssh.extraConfig = '' + StrictHostKeyChecking=no + UserKnownHostsFile=/dev/null + ''; + + services = { + openssh.enable = true; + gitlab-runner = { + enable = true; + services = { + shell = { + registrationConfigFile = + hostConfig.sops.secrets.runnerRegistrationConfig.path; + executor = "shell"; + tagList = [ "nix" ]; }; }; }; - - systemd.services.gitlab-runner.serviceConfig = { - DynamicUser = lib.mkForce false; - User = config.users.users.gitlab-runner.name; - Group = config.users.groups.gitlab-runner.name; - }; - - system.stateVersion = "22.05"; }; + + systemd.services.gitlab-runner.serviceConfig = { + DynamicUser = lib.mkForce false; + User = config.users.users.gitlab-runner.name; + Group = config.users.groups.gitlab-runner.name; + }; + + system.stateVersion = "22.05"; + }; }; }; } diff --git a/modules/grafana.nix b/modules/grafana.nix index 3aaaa00..b849e52 100644 --- a/modules/grafana.nix +++ b/modules/grafana.nix @@ -126,10 +126,12 @@ in { max_chunk_age = "1h"; chunk_target_size = 999999; chunk_retain_period = "30s"; - max_transfer_retries = 0; }; - limits_config = { ingestion_rate_mb = 16; }; + limits_config = { + ingestion_rate_mb = 16; + allow_structured_metadata = false; + }; schema_config = { configs = [{ @@ -150,7 +152,6 @@ in { "${config.services.loki.dataDir}/boltdb-index"; cache_location = "${config.services.loki.dataDir}/boltdb-cache"; cache_ttl = "24h"; - shared_store = "filesystem"; }; filesystem = { @@ -163,7 +164,7 @@ in { reject_old_samples_max_age = "168h"; }; - chunk_store_config = { max_look_back_period = "0s"; }; + querier.engine.max_look_back_period = "0s"; table_manager = { retention_deletes_enabled = false; @@ -172,7 +173,6 @@ in { compactor = { working_directory = "${config.services.loki.dataDir}"; - shared_store = "filesystem"; compactor_ring = { kvstore = { store = "inmemory"; }; }; }; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index b1b4448..5472b03 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -74,11 +74,13 @@ in { dbpassFile = "${config.sops.secrets.nextcloudDbPassword.path}"; adminpassFile = "${config.sops.secrets.nextcloudAdminPassword.path}"; adminuser = "root"; - overwriteProtocol = "https"; - defaultPhoneRegion = "BE"; }; - extraOptions = { maintenance_window_start = 1; }; + settings = { + overwriteProtocol = "https"; + default_phone_region = "BE"; + maintenance_window_start = 1; + }; phpOptions = { short_open_tag = "Off"; diff --git a/modules/postgresql.nix b/modules/postgresql.nix index 3a8ba6f..f268a67 100644 --- a/modules/postgresql.nix +++ b/modules/postgresql.nix @@ -56,7 +56,7 @@ in { script = '' set -u PSQL() { - psql --port=${toString pgsql.port} "$@" + psql --port=${toString pgsql.settings.port} "$@" } PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"' diff --git a/profiles/db.nix b/profiles/db.nix index a3d78ec..b27d8c3 100644 --- a/profiles/db.nix +++ b/profiles/db.nix @@ -3,7 +3,7 @@ networking.firewall.interfaces."eth1".allowedTCPPorts = [ config.services.prometheus.exporters.node.port - config.services.postgresql.port + config.services.postgresql.settings.port ]; sops.secrets = { diff --git a/profiles/storage.nix b/profiles/storage.nix index d1f12c2..b4c1835 100644 --- a/profiles/storage.nix +++ b/profiles/storage.nix @@ -272,10 +272,12 @@ services.foundryvtt = { enable = true; + package = inputs.foundryvtt.packages.${pkgs.system}.foundryvtt_11; hostName = "vtt.${config.networking.domain}"; language = "fr.core"; proxyPort = 443; proxySSL = true; + upnp = false; }; services.nginx.virtualHosts."vtt.${config.networking.domain}" = {