lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

feat: made some node stable, and npins update

Browse source
This commit is contained in:
catvayor 2024-12-05 17:03:42 +01:00
parent 03ecc71631
commit 015f66b649
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
24 changed files with 1230 additions and 1123 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
hive.nix
View file

@ -3,28 +3,59 @@ let
users = import ./users; users = import ./users;
sources = import ./npins; sources = import ./npins;
inherit (import sources.nix-patches { patchFile = ./patches; }) mkNixpkgsSrc; inherit (import sources.nix-patches { patchFile = ./patches; }) mkNixpkgsSrc;
inherit
(import (mkNixpkgsSrc { unstable = {
src = sources.nixpkgs; nixpkgs = import (mkNixpkgsSrc {
src = sources.nixpkgs-unstable;
version = "unstable"; version = "unstable";
}) { }) }) { };
lib home-manager = "${sources.home-manager-unstable}/nixos";
; nixvim = import sources.nixvim-unstable;
};
stable = {
nixpkgs = import (mkNixpkgsSrc {
src = sources.nixpkgs-stable;
version = "stable";
}) { };
home-manager = "${sources.home-manager-stable}/nixos";
nixvim = import sources.nixvim-stable;
};
inherit (unstable.nixpkgs) lib;
nodes = lib.mapAttrs' (name: _: {
name = lib.removeSuffix ".nix" name;
value = import ./machines/${name};
}) (builtins.readDir ./machines);
nodes-meta = lib.mapAttrs (_: n: n.meta) nodes;
in in
{ {
meta = { meta = rec {
nixpkgs = mkNixpkgsSrc { inherit (unstable) nixpkgs;
src = sources.nixpkgs;
version = "unstable";
};
nodeNixpkgs."kat-mail-test" = mkNixpkgsSrc {
src = sources.nixpkgs;
version = "betamail";
};
specialArgs = { specialArgs = {
inherit mods users sources; inherit mods users sources;
meta = nodes-meta;
versions = {
inherit unstable stable;
}; };
}; };
nodeNixpkgs = lib.mapAttrs (
_: node:
lib.foldl (
pkgs: patch:
import (mkNixpkgsSrc {
src = pkgs;
version = patch;
}) { }
) (if node.unstable then unstable else stable).nixpkgs (node.nixPatches or [])
) nodes-meta;
nodeSpecialArgs = lib.mapAttrs (name: node: {
inherit (node) unstable;
self-version = (if node.unstable then unstable else stable) // {
nixpkgs = nodeNixpkgs."${name}";
};
}) nodes-meta;
};
defaults = defaults =
{ {
name, name,
@ -35,7 +66,4 @@ in
networking.hostName = name; networking.hostName = name;
}; };
} }
// lib.mapAttrs' (name: _: { // lib.mapAttrs (_: n: n.config) nodes
name = lib.removeSuffix ".nix" name;
value = import ./machines/${name};
}) (builtins.readDir ./machines)

3
kat/default.nix
View file

@ -3,6 +3,7 @@
config, config,
pkgs, pkgs,
sources, sources,
self-version,
... ...
}: }:
with lib; with lib;
@ -11,7 +12,7 @@ with lib;
./users ./users
./proxies ./proxies
./root.nix ./root.nix
"${sources.home-manager}/nixos" self-version.home-manager
"${sources.disko}/module.nix" "${sources.disko}/module.nix"
]; ];
options.kat = { options.kat = {

6
kat/users/default.nix
View file

@ -1,4 +1,4 @@
{ config, sources, pkgs, ... }: { config, pkgs, self-version, ... }:
let let
zsh = import ./zsh.nix; zsh = import ./zsh.nix;
in in
@ -9,14 +9,14 @@ in
imports = [ imports = [
zsh.user zsh.user
./neovim.nix ./neovim.nix
(import sources.nixvim).homeManagerModules.nixvim self-version.nixvim.homeManagerModules.nixvim
]; ];
# options.kat = { # options.kat = {
# ssh = mkEnableOption "ssh configuration"; # ssh = mkEnableOption "ssh configuration";
# }; # };
config = { config = {
home = { home = {
stateVersion = config.system.stateVersion; inherit (config.system) stateVersion;
packages = [ pkgs.rlwrap ]; packages = [ pkgs.rlwrap ];
}; };
}; };

147
machines/kat-betamail/configuration.nix Normal file
View file

@ -0,0 +1,147 @@
{
nodes,
sources,
ssh-keys,
...
}:
let
host = "catvayor.sh";
in
{
deployment = {
targetHost = "betamail.kat";
tags = [ "kat-vms" ];
};
imports = [
"${sources.nixos-mailserver}"
./hardware-configuration.nix
./disks.nix
./modo.nix
];
users.users.root.openssh.authorizedKeys.keys = ssh-keys.sylvain;
kat = {
fqdn = "betamail.katvayor.net";
wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k=";
proxies = {
ip = "192.168.122.3";
aliases = [ "catvayor.sh" ];
open-tcp = [
{
internal = 22;
external = 22002;
}
25
465
993
];
};
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
};
systemd.network = {
networks = {
"10-enp1s0" = {
name = "enp1s0";
address = [
"192.168.122.3/24"
"fe80::3/64"
];
routes = [
{
Destination = "10.42.0.2/32";
Gateway = "192.168.122.1";
}
];
dns = [ "192.168.122.1" ];
};
"50-wg0" = {
name = "wg0";
address = [ "10.42.2.1/16" ];
routes = [
{
Gateway = "10.42.0.2";
}
];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/wg/private.key";
};
wireguardPeers = [
{
Endpoint = "10.42.0.2:1194";
AllowedIPs = [
"0.0.0.0/0"
];
PersistentKeepalive = 20;
PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
}
];
};
};
};
networking = {
useDHCP = false;
firewall.enable = false;
};
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = "root";
nginx = {
enable = true;
virtualHosts."catvayor.sh".enableACME = true;
virtualHosts."betamail.katvayor.net" = {
enableACME = true;
addSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:8000/";
};
};
};
};
mailserver = {
enable = true;
fqdn = "betamail.katvayor.net";
domains = [ host ];
loginAccounts = {
"root@${host}" = {
catchAll = [ host ];
aliases = builtins.genList (id: "user${toString id}@${host}") 10 ++ [
"moderators@${host}"
"daemon@${host}"
];
hashedPassword = "$2b$05$FoCVDECXYG0KXPigPuIZtuNFiviwSg8RuXx0FbnzC7ZRp.Mz8VWOe";
};
};
certificateScheme = "acme";
};
system.stateVersion = "23.11";
}

148
machines/kat-betamail/default.nix
View file

@ -1,147 +1,7 @@
{ {
nodes, meta = {
sources, unstable = false;
ssh-keys, pkgsPatches = [ "betamail" ];
...
}:
let
host = "catvayor.sh";
in
{
deployment = {
targetHost = "betamail.kat";
tags = [ "kat-vms" ];
}; };
imports = [ config = import ./configuration.nix;
"${sources.nixos-mailserver}"
./hardware-configuration.nix
./disks.nix
./modo.nix
];
users.users.root.openssh.authorizedKeys.keys = ssh-keys.sylvain;
kat = {
fqdn = "betamail.katvayor.net";
wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k=";
proxies = {
ip = "192.168.122.3";
aliases = [ "catvayor.sh" ];
open-tcp = [
{
internal = 22;
external = 22002;
}
25
465
993
];
};
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
};
systemd.network = {
networks = {
"10-enp1s0" = {
name = "enp1s0";
address = [
"192.168.122.3/24"
"fe80::3/64"
];
routes = [
{
Destination = "10.42.0.2/32";
Gateway = "192.168.122.1";
}
];
dns = [ "192.168.122.1" ];
};
"50-wg0" = {
name = "wg0";
address = [ "10.42.2.1/16" ];
routes = [
{
Gateway = "10.42.0.2";
}
];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/wg/private.key";
};
wireguardPeers = [
{
Endpoint = "10.42.0.2:1194";
AllowedIPs = [
"0.0.0.0/0"
];
PersistentKeepalive = 20;
PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
}
];
};
};
};
networking = {
useDHCP = false;
firewall.enable = false;
};
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = "root";
nginx = {
enable = true;
virtualHosts."catvayor.sh".enableACME = true;
virtualHosts."betamail.katvayor.net" = {
enableACME = true;
addSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:8000/";
};
};
};
};
mailserver = {
enable = true;
fqdn = "betamail.katvayor.net";
domains = [ host ];
loginAccounts = {
"root@${host}" = {
catchAll = [ host ];
aliases = builtins.genList (id: "user${toString id}@${host}") 10 ++ [
"moderators@${host}"
"daemon@${host}"
];
hashedPassword = "$2b$05$FoCVDECXYG0KXPigPuIZtuNFiviwSg8RuXx0FbnzC7ZRp.Mz8VWOe";
};
};
certificateScheme = "acme";
};
system.stateVersion = "23.11";
} }

91
machines/kat-degette/configuration.nix Normal file
View file

@ -0,0 +1,91 @@
{
lib,
ssh-keys,
...
}:
{
deployment = {
targetHost = "degette.kat";
tags = [ "kat-vms" ];
};
imports = [ ./hardware-configuration.nix ];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
};
kat = {
fqdn = "degette.katvayor.net";
proxies = {
ip = "192.168.122.2";
open-tcp = [
{
internal = 22;
external = 22000;
}
];
};
};
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.122.2";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fe80::2";
prefixLength = 64;
}
];
};
defaultGateway = "192.168.122.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
nameservers = [
"192.168.122.1"
"fe80::1%enp1s0"
];
};
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = "root";
nginx = {
enable = true;
virtualHosts."degette.katvayor.net" = {
enableACME = true;
addSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:8000/";
};
};
};
};
users.users.root.openssh.authorizedKeys.keys = with ssh-keys; sylvain ++ gaby;
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
networking.firewall.enable = false;
system.stateVersion = "23.11";
}

91
machines/kat-degette/default.nix
View file

@ -1,91 +1,4 @@
{ {
lib, meta.unstable = false;
ssh-keys, config = import ./configuration.nix;
...
}:
{
deployment = {
targetHost = "degette.kat";
tags = [ "kat-vms" ];
};
imports = [ ./hardware-configuration.nix ];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
};
kat = {
fqdn = "degette.katvayor.net";
proxies = {
ip = "192.168.122.2";
open-tcp = [
{
internal = 22;
external = 22000;
}
];
};
};
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.122.2";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fe80::2";
prefixLength = 64;
}
];
};
defaultGateway = "192.168.122.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
nameservers = [
"192.168.122.1"
"fe80::1%enp1s0"
];
};
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = "root";
nginx = {
enable = true;
virtualHosts."degette.katvayor.net" = {
enableACME = true;
addSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:8000/";
};
};
};
};
users.users.root.openssh.authorizedKeys.keys = with ssh-keys; sylvain ++ gaby;
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
networking.firewall.enable = false;
system.stateVersion = "23.11";
} }

4
machines/kat-iso.nix
View file

@ -1,3 +1,6 @@
{
meta.unstable = true;
config =
{ {
pkgs, pkgs,
modulesPath, modulesPath,
@ -41,4 +44,5 @@
}; };
system.stateVersion = lib.mkForce "24.11"; system.stateVersion = lib.mkForce "24.11";
};
} }

4
machines/kat-kexec.nix
View file

@ -1,3 +1,6 @@
{
meta.unstable = true;
config =
{ {
pkgs, pkgs,
lib, lib,
@ -41,4 +44,5 @@
}; };
system.stateVersion = lib.mkForce "24.11"; system.stateVersion = lib.mkForce "24.11";
};
} }

109
machines/kat-manah/configuration.nix Normal file
View file

@ -0,0 +1,109 @@
{
pkgs,
nodes,
...
}:
{
deployment.targetHost = "manah.kat";
imports = [
./hardware-configuration.nix
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernel.sysctl."net.ipv4.ip_forward" = true;
kernelModules = [
"kvm-intel"
"kvm-amd"
];
};
kat = {
fqdn = "manah.katvayor.net";
proxies = {
ip = "10.42.0.1";
open-tcp = [
9000
9500
];
redirects = [
"kat-orchid"
"kat-son"
"kat-www"
"kat-degette"
"kat-betamail"
];
};
wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";
};
systemd.network = {
enable = true;
networks = {
"50-wg0" = {
name = "wg0";
address = [ "10.42.0.1/16" ];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/etc/wg/private.key";
};
wireguardPeers = [
{
Endpoint = "watcher.katvayor.net:1194";
AllowedIPs = [
"10.42.0.2/32"
];
PersistentKeepalive = 20;
PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
}
];
};
};
};
environment.systemPackages = with pkgs; [
dnsmasq
tcpdump
];
programs.virt-manager.enable = true;
virtualisation.libvirtd = {
enable = true;
qemu.vhostUserPackages = [ pkgs.virtiofsd ];
};
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
services = {
openssh.enable = true;
weechat = {
enable = true;
binary = "${pkgs.weechat}/bin/weechat-headless";
};
};
networking.firewall = {
allowedTCPPorts = [
9000
9500
53
];
allowedUDPPorts = [ 67 ];
};
system.stateVersion = "23.11";
}

109
machines/kat-manah/default.nix
View file

@ -1,109 +1,4 @@
{ {
pkgs, meta.unstable = true;
nodes, config = import ./configuration.nix;
...
}:
{
deployment.targetHost = "manah.kat";
imports = [
./hardware-configuration.nix
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernel.sysctl."net.ipv4.ip_forward" = true;
kernelModules = [
"kvm-intel"
"kvm-amd"
];
};
kat = {
fqdn = "manah.katvayor.net";
proxies = {
ip = "10.42.0.1";
open-tcp = [
9000
9500
];
redirects = [
"kat-orchid"
"kat-son"
"kat-www"
"kat-degette"
"kat-betamail"
];
};
wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";
};
systemd.network = {
enable = true;
networks = {
"50-wg0" = {
name = "wg0";
address = [ "10.42.0.1/16" ];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/etc/wg/private.key";
};
wireguardPeers = [
{
Endpoint = "watcher.katvayor.net:1194";
AllowedIPs = [
"10.42.0.2/32"
];
PersistentKeepalive = 20;
PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
}
];
};
};
};
environment.systemPackages = with pkgs; [
dnsmasq
tcpdump
];
programs.virt-manager.enable = true;
virtualisation.libvirtd = {
enable = true;
qemu.vhostUserPackages = [ pkgs.virtiofsd ];
};
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
services = {
openssh.enable = true;
weechat = {
enable = true;
binary = "${pkgs.weechat}/bin/weechat-headless";
};
};
networking.firewall = {
allowedTCPPorts = [
9000
9500
53
];
allowedUDPPorts = [ 67 ];
};
system.stateVersion = "23.11";
} }

207
machines/kat-orchid/configuration.nix Normal file
View file

@ -0,0 +1,207 @@
{
config,
lib,
pkgs,
kat-path,
ssh-keys,
sources,
self-version,
...
}:
{
deployment = {
targetHost = "orchid.kat";
tags = [ "kat-vms" ];
};
imports = [
./hardware-configuration.nix
./disks.nix
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
};
kat = {
fqdn = "orchid.katvayor.net";
proxies = {
ip = "192.168.122.6";
aliases = [
"simply-wise.fr"
"www.simply-wise.fr"
];
open-tcp = [
{
internal = 22;
external = 22042;
}
];
};
};
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
firewall.allowedTCPPorts = [
80
443
];
interfaces."enp1s0" = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.122.6";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fe80::6";
prefixLength = 64;
}
];
};
defaultGateway = "192.168.122.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
nameservers = [
"192.168.122.1"
"fe80::1%enp1s0"
];
};
nixpkgs.config.allowUnfree = true;
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
certs."orchid.katvayor.net".extraDomainNames = [
"simply-wise.fr"
"www.simply-wise.fr"
];
};
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = "root";
nginx = {
enable = true;
virtualHosts = {
"orchid.katvayor.net" = {
enableACME = true;
forceSSL = true;
locations = {
"/static/".alias = "/srv/orchid/";
"/" = {
recommendedProxySettings = true;
proxyPass = "https://192.168.123.2/";
};
};
};
"simply-wise.fr" = {
useACMEHost = "orchid.katvayor.net";
forceSSL = true;
serverAliases = [ "www.simply-wise.fr" ];
locations."/" = {
root = pkgs.runCommand "building" { } ''
mkdir -p $out
ln -nsf ${./building.html} $out/building.html
'';
extraConfig = ''
internal;
error_page 404 =503 /building.html;
'';
};
};
};
};
};
containers.wordpress =
let
inherit (config.security.acme) certs;
in
{
privateNetwork = true;
bindMounts.certs = {
hostPath = certs."orchid.katvayor.net".directory;
mountPoint = certs."orchid.katvayor.net".directory;
isReadOnly = true;
};
hostAddress = "192.168.123.1";
localAddress = "192.168.123.2";
autoStart = true;
specialArgs = {
inherit kat-path ssh-keys sources self-version;
};
config = {
imports = [ kat-path ];
kat.addArgs = false;
boot.kernel.enable = false;
systemd.network.enable = lib.mkForce false;
networking.firewall.allowedTCPPorts = [
80
443
];
services = {
nginx = {
enable = true;
virtualHosts."orchid.katvayor.net" = {
addSSL = true;
sslCertificate = "${certs."orchid.katvayor.net".directory}/fullchain.pem";
sslCertificateKey = "${certs."orchid.katvayor.net".directory}/key.pem";
sslTrustedCertificate = "${certs."orchid.katvayor.net".directory}/chain.pem";
};
};
openssh.enable = true;
wordpress = {
webserver = "nginx";
sites."orchid.katvayor.net" = {
themes = {
inherit (pkgs.wordpressPackages.themes) twentytwentythree;
};
};
};
};
environment.systemPackages = [ pkgs.wp-cli ];
system.stateVersion = "24.11";
};
};
fileSystems."/home/orchid/content/www" = {
device = "/srv/orchid";
options = [ "bind" ];
};
systemd = {
tmpfiles.settings."10-srv-orchid"."/srv/orchid" = {
d = {
group = "users";
user = "orchid";
};
Z = {
group = "users";
user = "orchid";
mode = "0755";
};
};
timers.srv-tmpfiles = {
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "*-*-* *:*:07..57/10";
};
services.srv-tmpfiles = {
path = [ pkgs.systemd ];
script = ''
systemd-tmpfiles --create --prefix=/srv
'';
};
};
users.users.orchid.isNormalUser = true;
home-manager.users.orchid = { };
system.stateVersion = "23.11";
}

206
machines/kat-orchid/default.nix
View file

@ -1,206 +1,4 @@
{ {
config, meta.unstable = false;
lib, config = import ./configuration.nix;
pkgs,
kat-path,
ssh-keys,
sources,
...
}:
{
deployment = {
targetHost = "orchid.kat";
tags = [ "kat-vms" ];
};
imports = [
./hardware-configuration.nix
./disks.nix
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
};
kat = {
fqdn = "orchid.katvayor.net";
proxies = {
ip = "192.168.122.6";
aliases = [
"simply-wise.fr"
"www.simply-wise.fr"
];
open-tcp = [
{
internal = 22;
external = 22042;
}
];
};
};
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
firewall.allowedTCPPorts = [
80
443
];
interfaces."enp1s0" = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.122.6";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fe80::6";
prefixLength = 64;
}
];
};
defaultGateway = "192.168.122.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
nameservers = [
"192.168.122.1"
"fe80::1%enp1s0"
];
};
nixpkgs.config.allowUnfree = true;
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
certs."orchid.katvayor.net".extraDomainNames = [
"simply-wise.fr"
"www.simply-wise.fr"
];
};
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = "root";
nginx = {
enable = true;
virtualHosts = {
"orchid.katvayor.net" = {
enableACME = true;
forceSSL = true;
locations = {
"/static/".alias = "/srv/orchid/";
"/" = {
recommendedProxySettings = true;
proxyPass = "https://192.168.123.2/";
};
};
};
"simply-wise.fr" = {
useACMEHost = "orchid.katvayor.net";
forceSSL = true;
serverAliases = [ "www.simply-wise.fr" ];
locations."/" = {
root = pkgs.runCommand "building" { } ''
mkdir -p $out
ln -nsf ${./building.html} $out/building.html
'';
extraConfig = ''
internal;
error_page 404 =503 /building.html;
'';
};
};
};
};
};
containers.wordpress =
let
inherit (config.security.acme) certs;
in
{
privateNetwork = true;
bindMounts.certs = {
hostPath = certs."orchid.katvayor.net".directory;
mountPoint = certs."orchid.katvayor.net".directory;
isReadOnly = true;
};
hostAddress = "192.168.123.1";
localAddress = "192.168.123.2";
autoStart = true;
specialArgs = {
inherit kat-path ssh-keys sources;
};
config = {
imports = [ kat-path ];
kat.addArgs = false;
boot.kernel.enable = false;
systemd.network.enable = lib.mkForce false;
networking.firewall.allowedTCPPorts = [
80
443
];
services = {
nginx = {
enable = true;
virtualHosts."orchid.katvayor.net" = {
addSSL = true;
sslCertificate = "${certs."orchid.katvayor.net".directory}/fullchain.pem";
sslCertificateKey = "${certs."orchid.katvayor.net".directory}/key.pem";
sslTrustedCertificate = "${certs."orchid.katvayor.net".directory}/chain.pem";
};
};
openssh.enable = true;
wordpress = {
webserver = "nginx";
sites."orchid.katvayor.net" = {
themes = {
inherit (pkgs.wordpressPackages.themes) twentytwentythree;
};
};
};
};
environment.systemPackages = [ pkgs.wp-cli ];
system.stateVersion = "24.11";
};
};
fileSystems."/home/orchid/content/www" = {
device = "/srv/orchid";
options = [ "bind" ];
};
systemd = {
tmpfiles.settings."10-srv-orchid"."/srv/orchid" = {
d = {
group = "users";
user = "orchid";
};
Z = {
group = "users";
user = "orchid";
mode = "0755";
};
};
timers.srv-tmpfiles = {
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "*-*-* *:*:07..57/10";
};
services.srv-tmpfiles = {
path = [ pkgs.systemd ];
script = ''
systemd-tmpfiles --create --prefix=/srv
'';
};
};
users.users.orchid.isNormalUser = true;
home-manager.users.orchid = { };
system.stateVersion = "23.11";
} }

154
machines/kat-probook/configuration.nix Normal file
View file

@ -0,0 +1,154 @@
{
pkgs,
nodes,
users,
...
}:
{
deployment.allowLocalDeployment = true;
imports = [
./hardware-configuration.nix
users.catvayor
./router.nix
];
fileSystems."/tmp" = {
fsType = "tmpfs";
device = "tmpfs";
options = [
"nosuid"
"nodev"
"relatime"
"size=12G"
];
};
boot = {
kernel.sysctl."net.ipv4.ip_forward" = true;
binfmt.emulatedSystems = [ "aarch64-linux" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
nix.settings.trusted-users = [
"root"
"@wheel"
];
networking.networkmanager = {
enable = true;
unmanaged = [
"enp2s0"
"wg0"
];
};
kat.wireguardPubKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
systemd.network = {
wait-online.anyInterface = true;
networks = {
"50-wg0" = {
name = "wg0";
address = [
"10.10.10.13/24"
"10.42.1.1/16"
];
};
"10-enp2s0" = {
name = "enp2s0";
DHCP = "ipv4";
networkConfig.IPv6AcceptRA = "yes";
dhcpV4Config.RouteMetric = 500;
dhcpV6Config.RouteMetric = 500;
ipv6AcceptRAConfig.RouteMetric = 500;
};
};
netdevs."50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig.PrivateKeyFile = "/wg/private.key";
wireguardPeers = [
{
AllowedIPs = [
"10.10.10.0/24"
];
PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es=";
Endpoint = "129.199.129.76:1194";
PersistentKeepalive = 25;
}
{
AllowedIPs = [
"10.42.0.0/16"
];
PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
Endpoint = "watcher.katvayor.net:1194";
PersistentKeepalive = 25;
}
];
};
};
nixpkgs.config.allowUnfree = true;
security.rtkit.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
};
environment.systemPackages = with pkgs; [ brightnessctl ];
fonts.packages = with pkgs; [
fira-code-nerdfont
font-awesome
];
services = {
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
};
syncthing = {
enable = true;
systemService = true;
dataDir = "/home/catvayor";
user = "catvayor";
group = "users";
openDefaultPorts = true;
settings = {
folders."essentials" = {
path = "~/essentials";
id = "vgpwu-fk3ct";
devices = [
"katel"
];
};
devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ";
};
};
};
programs = {
steam.enable = true;
virt-manager.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
home-manager.users = {
"root".kat.neovim.lsp = true;
"catvayor".kat.neovim.lsp = true;
};
virtualisation.libvirtd.enable = true;
system.stateVersion = "23.11";
}

154
machines/kat-probook/default.nix
View file

@ -1,154 +1,4 @@
{ {
pkgs, meta.unstable = true;
nodes, config = import ./configuration.nix;
users,
...
}:
{
deployment.allowLocalDeployment = true;
imports = [
./hardware-configuration.nix
users.catvayor
./router.nix
];
fileSystems."/tmp" = {
fsType = "tmpfs";
device = "tmpfs";
options = [
"nosuid"
"nodev"
"relatime"
"size=12G"
];
};
boot = {
kernel.sysctl."net.ipv4.ip_forward" = true;
binfmt.emulatedSystems = [ "aarch64-linux" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
nix.settings.trusted-users = [
"root"
"@wheel"
];
networking.networkmanager = {
enable = true;
unmanaged = [
"enp2s0"
"wg0"
];
};
kat.wireguardPubKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
systemd.network = {
wait-online.anyInterface = true;
networks = {
"50-wg0" = {
name = "wg0";
address = [
"10.10.10.13/24"
"10.42.1.1/16"
];
};
"10-enp2s0" = {
name = "enp2s0";
DHCP = "ipv4";
networkConfig.IPv6AcceptRA = "yes";
dhcpV4Config.RouteMetric = 500;
dhcpV6Config.RouteMetric = 500;
ipv6AcceptRAConfig.RouteMetric = 500;
};
};
netdevs."50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig.PrivateKeyFile = "/wg/private.key";
wireguardPeers = [
{
AllowedIPs = [
"10.10.10.0/24"
];
PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es=";
Endpoint = "129.199.129.76:1194";
PersistentKeepalive = 25;
}
{
AllowedIPs = [
"10.42.0.0/16"
];
PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
Endpoint = "watcher.katvayor.net:1194";
PersistentKeepalive = 25;
}
];
};
};
nixpkgs.config.allowUnfree = true;
security.rtkit.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
};
environment.systemPackages = with pkgs; [ brightnessctl ];
fonts.packages = with pkgs; [
fira-code-nerdfont
font-awesome
];
services = {
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
};
syncthing = {
enable = true;
systemService = true;
dataDir = "/home/catvayor";
user = "catvayor";
group = "users";
openDefaultPorts = true;
settings = {
folders."essentials" = {
path = "~/essentials";
id = "vgpwu-fk3ct";
devices = [
"katel"
];
};
devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ";
};
};
};
programs = {
steam.enable = true;
virt-manager.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
home-manager.users = {
"root".kat.neovim.lsp = true;
"catvayor".kat.neovim.lsp = true;
};
virtualisation.libvirtd.enable = true;
system.stateVersion = "23.11";
} }

80
machines/kat-son/configuration.nix Normal file
View file

@ -0,0 +1,80 @@
{
lib,
...
}:
{
deployment = {
targetHost = "son.kat";
tags = [ "kat-vms" ];
};
imports = [
./hardware-configuration.nix
./disks.nix
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
};
kat = {
fqdn = "son.katvayor.net";
proxies.ip = "192.168.122.5";
};
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.122.5";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fe80::5";
prefixLength = 64;
}
];
};
defaultGateway = "192.168.122.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
nameservers = [
"192.168.122.1"
"fe80::1%enp1s0"
];
};
networking.firewall.enable = false;
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = "root";
nginx = {
enable = true;
virtualHosts = {
"son.katvayor.net" = {
enableACME = true;
addSSL = true;
};
};
};
};
system.stateVersion = "23.11";
}

80
machines/kat-son/default.nix
View file

@ -1,80 +1,4 @@
{ {
lib, meta.unstable = true;
... config = import ./configuration.nix;
}:
{
deployment = {
targetHost = "son.kat";
tags = [ "kat-vms" ];
};
imports = [
./hardware-configuration.nix
./disks.nix
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
};
kat = {
fqdn = "son.katvayor.net";
proxies.ip = "192.168.122.5";
};
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.122.5";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fe80::5";
prefixLength = 64;
}
];
};
defaultGateway = "192.168.122.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
nameservers = [
"192.168.122.1"
"fe80::1%enp1s0"
];
};
networking.firewall.enable = false;
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = "root";
nginx = {
enable = true;
virtualHosts = {
"son.katvayor.net" = {
enableACME = true;
addSSL = true;
};
};
};
};
system.stateVersion = "23.11";
} }

115
machines/kat-watcher/configuration.nix Normal file
View file

@ -0,0 +1,115 @@
{
pkgs,
nodes,
...
}:
{
deployment.targetHost = "watcher.kat";
imports = [
./hardware-configuration.nix
./disks.nix
];
boot = {
loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
kernel.sysctl."net.ipv4.ip_forward" = true;
};
kat = {
wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
fqdn = "watcher.katvayor.net";
proxies.redirects = [ "kat-manah" ];
};
networking = {
useDHCP = false;
firewall.allowedUDPPorts = [ 1194 ];
nftables = {
enable = true;
tables.nat = {
family = "ip";
content = ''
chain postrouting {
type nat hook postrouting priority 100;
ip saddr 10.42.0.0/16 masquerade
}
'';
};
};
};
systemd.network = {
enable = true;
networks = {
"10-ens3" = {
name = "ens3";
address = [
"51.83.69.54/32"
"2001:41d0:305:2100::5c52/56"
];
routes = [
{ Destination = "51.83.68.1/32"; }
{
Destination = "213.186.33.99/32";
Gateway = "51.83.68.1";
}
{ Gateway = "51.83.68.1"; }
{ Gateway = "2001:41d0:305:2100::1"; }
];
dns = [ "213.186.33.99" ];
};
"50-wg0" = {
name = "wg0";
address = [ "10.42.0.2/16" ];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 1194;
PrivateKeyFile = "/etc/wg/private.key";
};
wireguardPeers = [
{
AllowedIPs = [
"10.42.0.1/32"
];
PublicKey = nodes.kat-manah.config.kat.wireguardPubKey;
}
{
AllowedIPs = [
"10.42.1.1/32"
];
PublicKey = nodes.kat-probook.config.kat.wireguardPubKey;
}
{
AllowedIPs = [
"10.42.2.1/32"
];
PublicKey = nodes.kat-betamail.config.kat.wireguardPubKey;
}
];
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
environment.systemPackages = with pkgs; [ tcpdump ];
services.openssh.enable = true;
system.stateVersion = "23.11";
}

115
machines/kat-watcher/default.nix
View file

@ -1,115 +1,4 @@
{ {
pkgs, meta.unstable = true;
nodes, config = import ./configuration.nix;
...
}:
{
deployment.targetHost = "watcher.kat";
imports = [
./hardware-configuration.nix
./disks.nix
];
boot = {
loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
kernel.sysctl."net.ipv4.ip_forward" = true;
};
kat = {
wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
fqdn = "watcher.katvayor.net";
proxies.redirects = [ "kat-manah" ];
};
networking = {
useDHCP = false;
firewall.allowedUDPPorts = [ 1194 ];
nftables = {
enable = true;
tables.nat = {
family = "ip";
content = ''
chain postrouting {
type nat hook postrouting priority 100;
ip saddr 10.42.0.0/16 masquerade
}
'';
};
};
};
systemd.network = {
enable = true;
networks = {
"10-ens3" = {
name = "ens3";
address = [
"51.83.69.54/32"
"2001:41d0:305:2100::5c52/56"
];
routes = [
{ Destination = "51.83.68.1/32"; }
{
Destination = "213.186.33.99/32";
Gateway = "51.83.68.1";
}
{ Gateway = "51.83.68.1"; }
{ Gateway = "2001:41d0:305:2100::1"; }
];
dns = [ "213.186.33.99" ];
};
"50-wg0" = {
name = "wg0";
address = [ "10.42.0.2/16" ];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 1194;
PrivateKeyFile = "/etc/wg/private.key";
};
wireguardPeers = [
{
AllowedIPs = [
"10.42.0.1/32"
];
PublicKey = nodes.kat-manah.config.kat.wireguardPubKey;
}
{
AllowedIPs = [
"10.42.1.1/32"
];
PublicKey = nodes.kat-probook.config.kat.wireguardPubKey;
}
{
AllowedIPs = [
"10.42.2.1/32"
];
PublicKey = nodes.kat-betamail.config.kat.wireguardPubKey;
}
];
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
environment.systemPackages = with pkgs; [ tcpdump ];
services.openssh.enable = true;
system.stateVersion = "23.11";
} }

119
machines/kat-www/configuration.nix Normal file
View file

@ -0,0 +1,119 @@
{
config,
lib,
pkgs,
...
}:
{
deployment = {
targetHost = "www.kat";
tags = [ "kat-vms" ];
};
imports = [
./hardware-configuration.nix
./disks.nix
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
};
kat = {
fqdn = "website.katvayor.net";
proxies = {
aliases = [
"www.katvayor.net"
"katvayor.net"
"netbox.katvayor.net"
];
ip = "192.168.122.7";
};
};
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.122.7";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fe80::7";
prefixLength = 64;
}
];
};
defaultGateway = "192.168.122.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
nameservers = [
"192.168.122.1"
"fe80::1%enp1s0"
];
};
networking.firewall.enable = false;
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
certs."website.katvayor.net".extraDomainNames = [ "netbox.katvayor.net" ];
};
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = "root";
nginx = {
enable = true;
virtualHosts = {
"website.katvayor.net" = {
serverAliases = [
"www.katvayor.net"
"katvayor.net"
];
enableACME = true;
addSSL = true;
locations."/" = {
alias = "/var/lib/www/";
index = "index.html";
};
};
"netbox.katvayor.net" = {
useACMEHost = "website.katvayor.net";
addSSL = true;
locations = {
"/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:8001";
};
"/static/".alias = "${config.services.netbox.dataDir}/static/";
};
};
};
};
netbox = {
enable = true;
package = pkgs.netbox_4_1;
listenAddress = "127.0.0.1";
secretKeyFile = "${config.services.netbox.dataDir}/secret.key";
};
};
users.users.nginx.extraGroups = [ "netbox" ];
system.stateVersion = "23.11";
}

119
machines/kat-www/default.nix
View file

@ -1,119 +1,4 @@
{ {
config, meta.unstable = false;
lib, config = import ./configuration.nix;
pkgs,
...
}:
{
deployment = {
targetHost = "www.kat";
tags = [ "kat-vms" ];
};
imports = [
./hardware-configuration.nix
./disks.nix
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
};
kat = {
fqdn = "website.katvayor.net";
proxies = {
aliases = [
"www.katvayor.net"
"katvayor.net"
"netbox.katvayor.net"
];
ip = "192.168.122.7";
};
};
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.122.7";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fe80::7";
prefixLength = 64;
}
];
};
defaultGateway = "192.168.122.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
nameservers = [
"192.168.122.1"
"fe80::1%enp1s0"
];
};
networking.firewall.enable = false;
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
certs."website.katvayor.net".extraDomainNames = [ "netbox.katvayor.net" ];
};
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = "root";
nginx = {
enable = true;
virtualHosts = {
"website.katvayor.net" = {
serverAliases = [
"www.katvayor.net"
"katvayor.net"
];
enableACME = true;
addSSL = true;
locations."/" = {
alias = "/var/lib/www/";
index = "index.html";
};
};
"netbox.katvayor.net" = {
useACMEHost = "website.katvayor.net";
addSSL = true;
locations = {
"/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:8001";
};
"/static/".alias = "${config.services.netbox.dataDir}/static/";
};
};
};
};
netbox = {
enable = true;
package = pkgs.netbox_4_1;
listenAddress = "127.0.0.1";
secretKeyFile = "${config.services.netbox.dataDir}/secret.key";
};
};
users.users.nginx.extraGroups = [ "netbox" ];
system.stateVersion = "23.11";
} }

58
npins/sources.json
View file

@ -15,7 +15,19 @@
"url": "https://api.github.com/repos/nix-community/disko/tarball/v1.9.0", "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.9.0",
"hash": "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388" "hash": "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388"
}, },
"home-manager": { "home-manager-stable": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "nix-community",
"repo": "home-manager"
},
"branch": "release-24.11",
"revision": "62d536255879be574ebfe9b87c4ac194febf47c5",
"url": "https://github.com/nix-community/home-manager/archive/62d536255879be574ebfe9b87c4ac194febf47c5.tar.gz",
"hash": "0v9bsc6r2626kap2m12zxw47m4p2kpr4pjldr7wvgqq48vwd72cm"
},
"home-manager-unstable": {
"type": "Git", "type": "Git",
"repository": { "repository": {
"type": "GitHub", "type": "GitHub",
@ -23,9 +35,9 @@
"repo": "home-manager" "repo": "home-manager"
}, },
"branch": "master", "branch": "master",
"revision": "2f607e07f3ac7e53541120536708e824acccfaa8", "revision": "65912bc6841cf420eb8c0a20e03df7cbbff5963f",
"url": "https://github.com/nix-community/home-manager/archive/2f607e07f3ac7e53541120536708e824acccfaa8.tar.gz", "url": "https://github.com/nix-community/home-manager/archive/65912bc6841cf420eb8c0a20e03df7cbbff5963f.tar.gz",
"hash": "19w63qccz78v0spx03911z98w1bvlxvd07hb0ma14a4vdzi4ninj" "hash": "026hmc30kkyd9ihpjd6cm1b22galdi164ardhmj5x5jcszhjx4r9"
}, },
"nix-patches": { "nix-patches": {
"type": "GitRelease", "type": "GitRelease",
@ -49,9 +61,9 @@
"repo": "nixos-images" "repo": "nixos-images"
}, },
"branch": "main", "branch": "main",
"revision": "16f7f3496167ff95a1ef823bf56309a5d42237e1", "revision": "a5e3e9e083d607b8a780d69323148ac99c09787b",
"url": "https://github.com/nix-community/nixos-images/archive/16f7f3496167ff95a1ef823bf56309a5d42237e1.tar.gz", "url": "https://github.com/nix-community/nixos-images/archive/a5e3e9e083d607b8a780d69323148ac99c09787b.tar.gz",
"hash": "0nwpxajd6ny9qry58ch624ahr4nmsbkxq1m9ijqcwk8jx0cgv3vy" "hash": "1nacp8n3in0bv59jl3s8k3yhc3dv96dpfv9r508jjr35bvvgzx91"
}, },
"nixos-mailserver": { "nixos-mailserver": {
"type": "Git", "type": "Git",
@ -65,13 +77,31 @@
"url": "https://gitlab.com/api/v4/projects/simple-nixos-mailserver%2Fnixos-mailserver/repository/archive.tar.gz?sha=af7d3bf5daeba3fc28089b015c0dd43f06b176f2", "url": "https://gitlab.com/api/v4/projects/simple-nixos-mailserver%2Fnixos-mailserver/repository/archive.tar.gz?sha=af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
"hash": "1j0r52ij5pw8b8wc5xz1bmm5idwkmsnwpla6smz8gypcjls860ma" "hash": "1j0r52ij5pw8b8wc5xz1bmm5idwkmsnwpla6smz8gypcjls860ma"
}, },
"nixpkgs": { "nixpkgs-stable": {
"type": "Channel",
"name": "nixos-24.11",
"url": "https://releases.nixos.org/nixos/24.11/nixos-24.11.710315.b681065d0919/nixexprs.tar.xz",
"hash": "0j2djx0mqp2hiq1w7sl5837mzgqrc3534257b9sdv8p5672gpbmv"
},
"nixpkgs-unstable": {
"type": "Channel", "type": "Channel",
"name": "nixpkgs-unstable", "name": "nixpkgs-unstable",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre704822.85f7e662eda4/nixexprs.tar.xz", "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre716127.566e53c2ad75/nixexprs.tar.xz",
"hash": "0dqlz0xqd3nn49hnx943y5sfqd7nmj25s6gi1pjm907j3vbgg47k" "hash": "182d5xq2w70znk61b8bn0cyq4jmp7vw239vmxbmsvv13zrjainbv"
}, },
"nixvim": { "nixvim-stable": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "nix-community",
"repo": "nixvim"
},
"branch": "nixos-24.11",
"revision": "667b2a5f7a7925fb3247fd3201f4a9e0bcebcd48",
"url": "https://github.com/nix-community/nixvim/archive/667b2a5f7a7925fb3247fd3201f4a9e0bcebcd48.tar.gz",
"hash": "181fhbqfz4lqrpsg2c3hkn0d95s736wkhsrbcl0mndjgm3202bpb"
},
"nixvim-unstable": {
"type": "Git", "type": "Git",
"repository": { "repository": {
"type": "GitHub", "type": "GitHub",
@ -79,9 +109,9 @@
"repo": "nixvim" "repo": "nixvim"
}, },
"branch": "main", "branch": "main",
"revision": "aabbd60633947baba11db44df84f402edc241440", "revision": "38885227461de58a712362c1c484803d6c90a8b2",
"url": "https://github.com/nix-community/nixvim/archive/aabbd60633947baba11db44df84f402edc241440.tar.gz", "url": "https://github.com/nix-community/nixvim/archive/38885227461de58a712362c1c484803d6c90a8b2.tar.gz",
"hash": "1mkmz8mvydj4mbfqipywncf68i8dcnag088cr4xkp2z3h4ary0ap" "hash": "1cyx21v1dm4r6n5y2d32wpzhxy534h8j79ws1wi2b6rlpcqasrkg"
} }
}, },
"version": 3 "version": 3

10
patches/default.nix
View file

@ -1,11 +1,15 @@
rec { let
unstable = [ general = [
{ {
_type = "static"; _type = "static";
path = ./nginx-fallback.patch; path = ./nginx-fallback.patch;
} }
]; ];
betamail = unstable ++ [ in
{
unstable = general;
stable = general;
betamail = [
{ {
_type = "static"; _type = "static";
path = ./procmail_322.patch; path = ./procmail_322.patch;

2
shell.nix
View file

@ -1,6 +1,6 @@
let let
sources = import ./npins; sources = import ./npins;
pkgs = import sources.nixpkgs { }; pkgs = import sources.nixpkgs-unstable { };
in in
pkgs.mkShell { pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [