diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a9fa2c9..6eba117 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,3 +45,17 @@ jobs: lfs: false - name: "Deploy profile" run: "auto-deploy ${{ matrix.profile }}" + deploy-ci: + needs: deploy + if: success() && github.ref == 'refs/heads/main' + runs-on: nix + env: + SSH_DEPLOY_KEY: "${{ secrets.SSH_DEPLOY_KEY }}" + steps: + - name: Initialize CI + uses: https://git.qo.is/qo.is/actions-nix-init@main + with: + token: ${{ secrets.CI_TOKEN }} + lfs: false + - name: "Deploy profile" + run: "auto-deploy system-ci" diff --git a/defaults/meta/hosts.json b/defaults/meta/hosts.json index 39d478d..37532af 100644 --- a/defaults/meta/hosts.json +++ b/defaults/meta/hosts.json @@ -17,7 +17,7 @@ }, "lindberg-webapps": { "hostName": "lindberg-webapps", - "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJT99lj5OI+V1PlZl/T2ikBORwMiXjDfWpHYfq/GvUM5" + "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByESy+XiBT8/PoE8DUB388B5MA6LVcJBgH1ZgYxr9Mg" }, "batzberg": { "hostName": "batzberg" diff --git a/flake.lock b/flake.lock index dd62963..e0b4195 100644 --- a/flake.lock +++ b/flake.lock @@ -23,15 +23,15 @@ "disko": { "inputs": { "nixpkgs": [ - "nixpkgs-nixos-stable" + "nixpkgs" ] }, "locked": { - "lastModified": 1749200714, - "narHash": "sha256-W8KiJIrVwmf43JOPbbTu5lzq+cmdtRqaNbOsZigjioY=", + "lastModified": 1751854533, + "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", "owner": "nix-community", "repo": "disko", - "rev": "17d08c65c241b1d65b3ddf79e3fac1ddc870b0f6", + "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", "type": "github" }, "original": { @@ -81,11 +81,11 @@ ] }, "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -131,34 +131,18 @@ "type": "github" } }, - "nixpkgs-nixos-stable": { - "locked": { - "lastModified": 1748995628, - "narHash": "sha256-bFufQGSAEYQgjtc4wMrobS5HWN0hDP+ZX+zthYcml9U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8eb3b6a2366a7095939cd22f0dc0e9991313294b", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1749143949, - "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=", + "lastModified": 1751741127, + "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d", + "rev": "29e290002bfff26af1db6f64d070698019460302", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } @@ -170,10 +154,10 @@ ] }, "locked": { - "lastModified": 1747599024, - "narHash": "sha256-qc94Cyt6uaQCVY2VlCtNxGb7hs3DbLvxuhEnSLFL8T8=", - "rev": "bed7588246ec58aacac3d0ff5b191fa6cc9faa98", - "revCount": 17, + "lastModified": 1749920008, + "narHash": "sha256-wn3U2q/+OQYErVyoY9kwZP/fXcDG4ewhJkHX7qHzq8g=", + "rev": "5f8ba2025848dd30539c42ef1f7e6c6f917e70d9", + "revCount": 19, "type": "git", "url": "file:./private" }, @@ -188,7 +172,6 @@ "disko": "disko", "git-hooks-nix": "git-hooks-nix", "nixpkgs": "nixpkgs_2", - "nixpkgs-nixos-stable": "nixpkgs-nixos-stable", "private": "private", "sops-nix": "sops-nix", "treefmt-nix": "treefmt-nix" @@ -201,11 +184,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "type": "github" }, "original": { @@ -236,11 +219,11 @@ ] }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1750931469, + "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index df38c88..b645da8 100644 --- a/flake.nix +++ b/flake.nix @@ -5,8 +5,7 @@ extra-trusted-public-keys = "qois-infrastructure:lh35ymN7Aoxm5Hz0S6JusxE+cYzMU+x9OMKjDVIpfuE="; }; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-nixos-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; treefmt-nix = { url = "github:numtide/treefmt-nix"; @@ -24,7 +23,7 @@ deploy-rs.url = "github:serokell/deploy-rs"; disko = { url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs-nixos-stable"; + inputs.nixpkgs.follows = "nixpkgs"; }; private.url = "git+file:./private"; private.inputs.nixpkgs.follows = "nixpkgs"; @@ -59,7 +58,7 @@ inherit (inputs) deploy-rs disko - nixpkgs-nixos-stable + nixpkgs sops-nix private git-hooks-nix diff --git a/nixos-configurations/calanda/default.nix b/nixos-configurations/calanda/default.nix index a397319..b0109d1 100644 --- a/nixos-configurations/calanda/default.nix +++ b/nixos-configurations/calanda/default.nix @@ -16,5 +16,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-configurations/cyprianspitz/default.nix b/nixos-configurations/cyprianspitz/default.nix index fd20520..a6094df 100644 --- a/nixos-configurations/cyprianspitz/default.nix +++ b/nixos-configurations/cyprianspitz/default.nix @@ -23,5 +23,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-configurations/default.nix b/nixos-configurations/default.nix index 475d6d5..96f9aa1 100644 --- a/nixos-configurations/default.nix +++ b/nixos-configurations/default.nix @@ -1,12 +1,12 @@ { self, pkgs, - nixpkgs-nixos-stable, + nixpkgs, ... }@inputs: let inherit (pkgs.lib) genAttrs; - inherit (nixpkgs-nixos-stable.lib) nixosSystem; + inherit (nixpkgs.lib) nixosSystem; configs = self.lib.foldersWithNix ./.; in genAttrs configs ( diff --git a/nixos-configurations/lindberg-build/default.nix b/nixos-configurations/lindberg-build/default.nix index dc3a626..cd093a4 100644 --- a/nixos-configurations/lindberg-build/default.nix +++ b/nixos-configurations/lindberg-build/default.nix @@ -19,5 +19,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-configurations/lindberg-nextcloud/default.nix b/nixos-configurations/lindberg-nextcloud/default.nix index 3bfc14a..eab10d4 100644 --- a/nixos-configurations/lindberg-nextcloud/default.nix +++ b/nixos-configurations/lindberg-nextcloud/default.nix @@ -46,5 +46,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-configurations/lindberg-webapps/default.nix b/nixos-configurations/lindberg-webapps/default.nix index 00b64a7..d3ba75b 100644 --- a/nixos-configurations/lindberg-webapps/default.nix +++ b/nixos-configurations/lindberg-webapps/default.nix @@ -19,5 +19,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-configurations/lindberg-webapps/disko-config.nix b/nixos-configurations/lindberg-webapps/disko-config.nix index 8a7d268..6024053 100644 --- a/nixos-configurations/lindberg-webapps/disko-config.nix +++ b/nixos-configurations/lindberg-webapps/disko-config.nix @@ -3,7 +3,7 @@ disko.devices.disk = { system = { type = "disk"; - device = "/dev/vda"; + device = "/dev/vdb"; content = { type = "gpt"; partitions = { diff --git a/nixos-configurations/lindberg/default.nix b/nixos-configurations/lindberg/default.nix index 2bf286c..cb2e35c 100644 --- a/nixos-configurations/lindberg/default.nix +++ b/nixos-configurations/lindberg/default.nix @@ -24,5 +24,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-modules/cloud/default.nix b/nixos-modules/cloud/default.nix index ee503bb..e54f2d7 100644 --- a/nixos-modules/cloud/default.nix +++ b/nixos-modules/cloud/default.nix @@ -83,16 +83,22 @@ with lib; }; phpOptions = { - "opcache.interned_strings_buffer" = "23"; + "opcache.interned_strings_buffer" = "64"; + "opcache.memory_consumption" = "512"; + "opcache.save_comments" = "1"; + "opcache.max_accelerated_files" = "50000"; + "opcache.fast_shutdown" = "1"; + "opcache.jit" = "1255"; + "opcache.jit_buffer_size" = "8M"; }; poolSettings = { "pm" = "dynamic"; - "pm.max_children" = "256"; - "pm.max_requests" = "500"; - "pm.max_spare_servers" = "16"; - "pm.min_spare_servers" = "2"; - "pm.start_servers" = "8"; + "pm.max_children" = "480"; + "pm.max_requests" = "2000"; + "pm.max_spare_servers" = "72"; + "pm.min_spare_servers" = "24"; + "pm.start_servers" = "48"; }; configureRedis = true; @@ -116,12 +122,6 @@ with lib; }; }; - services.phpfpm.pools.nextcloud.settings = { - "pm.max_children" = lib.mkForce "256"; - "pm.max_spare_servers" = lib.mkForce "16"; - "pm.start_servers" = lib.mkForce "8"; - }; - users.users.nextcloud.extraGroups = [ "postdrop" ]; systemd.services.nextcloud-cron = { diff --git a/nixos-modules/static-page/README.md b/nixos-modules/static-page/README.md index 19fce35..19469d9 100644 --- a/nixos-modules/static-page/README.md +++ b/nixos-modules/static-page/README.md @@ -1,5 +1,5 @@ # Static Pages -This module enables static nginx sites, with data served from "/var/lib/nginx/$domain/root". +This module enables static nginx sites, with data served from "/var/lib/nginx-$domain/root". To deploy the site, a user `nginx-$domain` is added, of which a `root` profile in the home folder can be deployed, e.g. with deploy-rs. diff --git a/packages/sops-config/default.nix b/packages/sops-config/default.nix index 9655950..74e5c79 100644 --- a/packages/sops-config/default.nix +++ b/packages/sops-config/default.nix @@ -75,7 +75,7 @@ writeText ".sops.yaml" ( # Secrets for all hosts { - path_regex = "private/nixos-configurations/secrets\.sops\.(yaml|json|env|ini)$"; + path_regex = "private/nixos-modules/shared-secrets/default\.sops\.(yaml|json|env|ini)$"; pgp = toCommaList userPgpKeys; age = toCommaList (userAgeKeys ++ builtins.attrValues serverAgeKeys); } diff --git a/private b/private index bed7588..5f8ba20 160000 --- a/private +++ b/private @@ -1 +1 @@ -Subproject commit bed7588246ec58aacac3d0ff5b191fa6cc9faa98 +Subproject commit 5f8ba2025848dd30539c42ef1f7e6c6f917e70d9