From 9d873d82c7265308e2b9fa6b111e0a8cc0bfb557 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 8 Jun 2025 18:00:50 +0200 Subject: [PATCH 01/25] chore(deps): lock file maintenance --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index dd62963..351da24 100644 --- a/flake.lock +++ b/flake.lock @@ -133,11 +133,11 @@ }, "nixpkgs-nixos-stable": { "locked": { - "lastModified": 1748995628, - "narHash": "sha256-bFufQGSAEYQgjtc4wMrobS5HWN0hDP+ZX+zthYcml9U=", + "lastModified": 1749173751, + "narHash": "sha256-ENY3y3v6S9ZmLDDLI3LUT8MXmfXg/fSt2eA4GCnMVCE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8eb3b6a2366a7095939cd22f0dc0e9991313294b", + "rev": "ed29f002b6d6e5e7e32590deb065c34a31dc3e91", "type": "github" }, "original": { @@ -149,11 +149,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1749143949, - "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { From c047a5b4ed0c9ab6f17b209e3fdb53e0cfc537be Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 14 Jun 2025 19:20:58 +0200 Subject: [PATCH 02/25] chore(deps): lock file maintenance --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 351da24..7454489 100644 --- a/flake.lock +++ b/flake.lock @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1749200714, - "narHash": "sha256-W8KiJIrVwmf43JOPbbTu5lzq+cmdtRqaNbOsZigjioY=", + "lastModified": 1749436314, + "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", "owner": "nix-community", "repo": "disko", - "rev": "17d08c65c241b1d65b3ddf79e3fac1ddc870b0f6", + "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", "type": "github" }, "original": { @@ -81,11 +81,11 @@ ] }, "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "lastModified": 1749636823, + "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "rev": "623c56286de5a3193aa38891a6991b28f9bab056", "type": "github" }, "original": { @@ -133,11 +133,11 @@ }, "nixpkgs-nixos-stable": { "locked": { - "lastModified": 1749173751, - "narHash": "sha256-ENY3y3v6S9ZmLDDLI3LUT8MXmfXg/fSt2eA4GCnMVCE=", + "lastModified": 1749668643, + "narHash": "sha256-gaWJEWGBW/g1u6o5IM4Un0vluv86cigLuBnjsKILffc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ed29f002b6d6e5e7e32590deb065c34a31dc3e91", + "rev": "1965fd20a39c8e441746bee66d550af78f0c0a7b", "type": "github" }, "original": { @@ -149,11 +149,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1749794982, + "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1749592509, + "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "50754dfaa0e24e313c626900d44ef431f3210138", "type": "github" }, "original": { From 87e85c370bd6236a834f95e6cbe4818a7dffc316 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sat, 14 Jun 2025 19:42:29 +0300 Subject: [PATCH 03/25] Update lindberg-webapps configurations --- defaults/meta/hosts.json | 2 +- flake.lock | 9 +++++---- nixos-configurations/lindberg-webapps/disko-config.nix | 2 +- packages/sops-config/default.nix | 2 +- private | 2 +- 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/defaults/meta/hosts.json b/defaults/meta/hosts.json index 39d478d..37532af 100644 --- a/defaults/meta/hosts.json +++ b/defaults/meta/hosts.json @@ -17,7 +17,7 @@ }, "lindberg-webapps": { "hostName": "lindberg-webapps", - "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJT99lj5OI+V1PlZl/T2ikBORwMiXjDfWpHYfq/GvUM5" + "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByESy+XiBT8/PoE8DUB388B5MA6LVcJBgH1ZgYxr9Mg" }, "batzberg": { "hostName": "batzberg" diff --git a/flake.lock b/flake.lock index 7454489..1fee195 100644 --- a/flake.lock +++ b/flake.lock @@ -170,10 +170,11 @@ ] }, "locked": { - "lastModified": 1747599024, - "narHash": "sha256-qc94Cyt6uaQCVY2VlCtNxGb7hs3DbLvxuhEnSLFL8T8=", - "rev": "bed7588246ec58aacac3d0ff5b191fa6cc9faa98", - "revCount": 17, + "lastModified": 1749920008, + "narHash": "sha256-wn3U2q/+OQYErVyoY9kwZP/fXcDG4ewhJkHX7qHzq8g=", + "ref": "refs/heads/main", + "rev": "5f8ba2025848dd30539c42ef1f7e6c6f917e70d9", + "revCount": 19, "type": "git", "url": "file:./private" }, diff --git a/nixos-configurations/lindberg-webapps/disko-config.nix b/nixos-configurations/lindberg-webapps/disko-config.nix index 8a7d268..6024053 100644 --- a/nixos-configurations/lindberg-webapps/disko-config.nix +++ b/nixos-configurations/lindberg-webapps/disko-config.nix @@ -3,7 +3,7 @@ disko.devices.disk = { system = { type = "disk"; - device = "/dev/vda"; + device = "/dev/vdb"; content = { type = "gpt"; partitions = { diff --git a/packages/sops-config/default.nix b/packages/sops-config/default.nix index 9655950..74e5c79 100644 --- a/packages/sops-config/default.nix +++ b/packages/sops-config/default.nix @@ -75,7 +75,7 @@ writeText ".sops.yaml" ( # Secrets for all hosts { - path_regex = "private/nixos-configurations/secrets\.sops\.(yaml|json|env|ini)$"; + path_regex = "private/nixos-modules/shared-secrets/default\.sops\.(yaml|json|env|ini)$"; pgp = toCommaList userPgpKeys; age = toCommaList (userAgeKeys ++ builtins.attrValues serverAgeKeys); } diff --git a/private b/private index bed7588..5f8ba20 160000 --- a/private +++ b/private @@ -1 +1 @@ -Subproject commit bed7588246ec58aacac3d0ff5b191fa6cc9faa98 +Subproject commit 5f8ba2025848dd30539c42ef1f7e6c6f917e70d9 From 1b47c7a057b322d8835c39cac4b12086c7dcb377 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sat, 14 Jun 2025 14:23:40 +0300 Subject: [PATCH 04/25] Fix static page readme --- nixos-modules/static-page/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-modules/static-page/README.md b/nixos-modules/static-page/README.md index 19fce35..19469d9 100644 --- a/nixos-modules/static-page/README.md +++ b/nixos-modules/static-page/README.md @@ -1,5 +1,5 @@ # Static Pages -This module enables static nginx sites, with data served from "/var/lib/nginx/$domain/root". +This module enables static nginx sites, with data served from "/var/lib/nginx-$domain/root". To deploy the site, a user `nginx-$domain` is added, of which a `root` profile in the home folder can be deployed, e.g. with deploy-rs. From b295ae93966fe46e206eb731eeeddb49422382cd Mon Sep 17 00:00:00 2001 From: Raphael Borun Das Gupta Date: Sat, 14 Jun 2025 21:04:26 +0200 Subject: [PATCH 05/25] qois.cloud: make adminpassFile an option --- nixos-modules/cloud/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos-modules/cloud/default.nix b/nixos-modules/cloud/default.nix index ee503bb..aaba0ef 100644 --- a/nixos-modules/cloud/default.nix +++ b/nixos-modules/cloud/default.nix @@ -3,6 +3,7 @@ config, lib, pkgs, + options, ... }: @@ -30,6 +31,10 @@ with lib; "nextcloud30" ]; }; + + adminpassFile = options.services.nextcloud.config.adminpassFile // { + default = config.sops.secrets."nextcloud/admin".path; + }; }; config = mkIf cfg.enable { @@ -59,7 +64,7 @@ with lib; database.createLocally = true; config = { - adminpassFile = config.sops.secrets."nextcloud/admin".path; + inherit (cfg) adminpassFile; adminuser = "root"; dbtype = "pgsql"; }; From ff14c257522c14e2b2c3ddf8affd53b9f5d91883 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 15 Jun 2025 18:00:35 +0200 Subject: [PATCH 06/25] chore(deps): lock file maintenance --- flake.lock | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 1fee195..40aa612 100644 --- a/flake.lock +++ b/flake.lock @@ -133,11 +133,11 @@ }, "nixpkgs-nixos-stable": { "locked": { - "lastModified": 1749668643, - "narHash": "sha256-gaWJEWGBW/g1u6o5IM4Un0vluv86cigLuBnjsKILffc=", + "lastModified": 1749834526, + "narHash": "sha256-izgPGLeUeFB9loC+n2X6TO2n8pOGvVcR3jKqxTGOwgc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1965fd20a39c8e441746bee66d550af78f0c0a7b", + "rev": "db8414903dd6b3042e1ac471eafc18ca4ccb54a4", "type": "github" }, "original": { @@ -172,7 +172,6 @@ "locked": { "lastModified": 1749920008, "narHash": "sha256-wn3U2q/+OQYErVyoY9kwZP/fXcDG4ewhJkHX7qHzq8g=", - "ref": "refs/heads/main", "rev": "5f8ba2025848dd30539c42ef1f7e6c6f917e70d9", "revCount": 19, "type": "git", From bf04053c50a07661076fbba82763e1a369788526 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 16 Jun 2025 18:00:36 +0200 Subject: [PATCH 07/25] chore(deps): lock file maintenance --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 40aa612..2bec67a 100644 --- a/flake.lock +++ b/flake.lock @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1749436314, - "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", + "lastModified": 1750040002, + "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", "owner": "nix-community", "repo": "disko", - "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", + "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", "type": "github" }, "original": { @@ -133,11 +133,11 @@ }, "nixpkgs-nixos-stable": { "locked": { - "lastModified": 1749834526, - "narHash": "sha256-izgPGLeUeFB9loC+n2X6TO2n8pOGvVcR3jKqxTGOwgc=", + "lastModified": 1749995256, + "narHash": "sha256-LEGfcombb0otUf23oAmYCXR4+lMQKa49XmU0G5HItGI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "db8414903dd6b3042e1ac471eafc18ca4ccb54a4", + "rev": "daa45f10955cc2207ac9c5f0206774d2f757c162", "type": "github" }, "original": { From 415e6d05f6836a4c329dd98acda15f0707ec29a0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Jun 2025 18:00:17 +0200 Subject: [PATCH 08/25] chore(deps): lock file maintenance --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2bec67a..8dd8a0f 100644 --- a/flake.lock +++ b/flake.lock @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1749592509, - "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", + "lastModified": 1750119275, + "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "50754dfaa0e24e313c626900d44ef431f3210138", + "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", "type": "github" }, "original": { From 15a3bd940ba50a617375c3b0579ce3cc7454102c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 18 Jun 2025 18:00:53 +0200 Subject: [PATCH 09/25] chore(deps): lock file maintenance --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8dd8a0f..40ce132 100644 --- a/flake.lock +++ b/flake.lock @@ -133,11 +133,11 @@ }, "nixpkgs-nixos-stable": { "locked": { - "lastModified": 1749995256, - "narHash": "sha256-LEGfcombb0otUf23oAmYCXR4+lMQKa49XmU0G5HItGI=", + "lastModified": 1750151854, + "narHash": "sha256-3za+1J9FifMetO7E/kwgyW+dp+8pPBNlWKfcBovnn6M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "daa45f10955cc2207ac9c5f0206774d2f757c162", + "rev": "ad5c70bcc5cc5178205161b7a7d61a6e80f6d244", "type": "github" }, "original": { @@ -149,11 +149,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1750134718, + "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", "type": "github" }, "original": { From 3295f6f128deafaaab80cc1239f039215d1c09ac Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 20 Jun 2025 18:00:52 +0200 Subject: [PATCH 10/25] chore(deps): lock file maintenance --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 40ce132..09dfc29 100644 --- a/flake.lock +++ b/flake.lock @@ -133,11 +133,11 @@ }, "nixpkgs-nixos-stable": { "locked": { - "lastModified": 1750151854, - "narHash": "sha256-3za+1J9FifMetO7E/kwgyW+dp+8pPBNlWKfcBovnn6M=", + "lastModified": 1750330365, + "narHash": "sha256-hJ7XMNVsTnnbV2NPmStCC07gvv5l2x7+Skb7hyUzazg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad5c70bcc5cc5178205161b7a7d61a6e80f6d244", + "rev": "d883b6213afa179b58ba8bace834f1419707d0ad", "type": "github" }, "original": { @@ -149,11 +149,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1750134718, - "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", + "lastModified": 1750365781, + "narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", + "rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54", "type": "github" }, "original": { From a76519ac015c55d06444559a12f790327c9611b7 Mon Sep 17 00:00:00 2001 From: Raphael Borun Das Gupta Date: Sat, 21 Jun 2025 10:26:16 +0200 Subject: [PATCH 11/25] qois.cloud: add basic test (WIP) --- nixos-modules/cloud/test.nix | 36 ++++++++++++++++++++++++++++++++++++ nixos-modules/cloud/test.py | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 nixos-modules/cloud/test.nix create mode 100644 nixos-modules/cloud/test.py diff --git a/nixos-modules/cloud/test.nix b/nixos-modules/cloud/test.nix new file mode 100644 index 0000000..386dcba --- /dev/null +++ b/nixos-modules/cloud/test.nix @@ -0,0 +1,36 @@ +{ + ... +}: +{ + # Note: This extends the default configuration from ${self}/checks/nixos-modules + nodes.webserver = + { pkgs, lib, ... }: + let + inherit (pkgs) curl gnugrep; + inherit (lib) mkForce; + cloud-domain = "cloud.example.com"; + in + { + qois.cloud = { + enable = true; + domain = cloud-domain; + package = pkgs.nextcloud31; + adminpassFile = "${pkgs.writeText "adminpass" "insecure"}"; # Don't try this at home! + }; + + qois.postgresql.package = pkgs.postgresql; + sops.secrets = mkForce { }; + + # Disable TLS services + services.nginx.virtualHosts."${cloud-domain}" = { + forceSSL = mkForce false; + enableACME = mkForce false; + }; + + # Test environment + environment.systemPackages = [ + curl + gnugrep + ]; + }; +} diff --git a/nixos-modules/cloud/test.py b/nixos-modules/cloud/test.py new file mode 100644 index 0000000..5e484b9 --- /dev/null +++ b/nixos-modules/cloud/test.py @@ -0,0 +1,34 @@ +def test(subtest, webserver): + webserver.wait_for_unit("nginx") + webserver.wait_for_open_port(80) + webserver.wait_for_unit("nextcloud-setup.service") + webserver.wait_for_unit("phpfpm-nextcloud.service") + + # Helpers + def curl_variable_test(node, variable, expected, url): + value = node.succeed( + f"curl -s --no-location -o /dev/null -w '%{{{variable}}}' '{url}'" + ) + assert value == expected, ( + f"expected {variable} to be '{expected}' but got '{value}'" + ) + + def expect_http_code(node, code, url): + curl_variable_test(node, "http_code", code, url) + + def expect_http_content_contains(node, expectedContentSnippet, url): + content = node.succeed(f"curl --no-location --silent '{url}'") + assert expectedContentSnippet in content, f""" + expected in content: + {expectedContentSnippet} + at {url} but got following content: + {content} + """ + + # Tests + with subtest("website is successfully served on cloud.example.com"): + webserver.succeed("grep cloud.example.com /etc/hosts") + expect_http_code(webserver, "200", "http://cloud.example.com") + expect_http_content_contains( + webserver, "Log in to cloud.qoo.is", "http://docs.example.com" + ) From e76a4f04ccf5b338eceedb546de994f8b9269e79 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Wed, 25 Jun 2025 23:53:10 +0300 Subject: [PATCH 12/25] Replace nixpkgs with stable and update inputs --- flake.lock | 40 ++++++++++---------------------- flake.nix | 7 +++--- nixos-configurations/default.nix | 4 ++-- 3 files changed, 17 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index 09dfc29..0821973 100644 --- a/flake.lock +++ b/flake.lock @@ -23,15 +23,15 @@ "disko": { "inputs": { "nixpkgs": [ - "nixpkgs-nixos-stable" + "nixpkgs" ] }, "locked": { - "lastModified": 1750040002, - "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", + "lastModified": 1750680230, + "narHash": "sha256-kD88T/NqmcgfOBFAwphN30ccaUdj6K6+LG0XdM2w2LA=", "owner": "nix-community", "repo": "disko", - "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", + "rev": "8fd2d6c75009ac75f9a6fb18c33a239806778d01", "type": "github" }, "original": { @@ -81,11 +81,11 @@ ] }, "locked": { - "lastModified": 1749636823, - "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "623c56286de5a3193aa38891a6991b28f9bab056", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -131,13 +131,13 @@ "type": "github" } }, - "nixpkgs-nixos-stable": { + "nixpkgs_2": { "locked": { - "lastModified": 1750330365, - "narHash": "sha256-hJ7XMNVsTnnbV2NPmStCC07gvv5l2x7+Skb7hyUzazg=", + "lastModified": 1750646418, + "narHash": "sha256-4UAN+W0Lp4xnUiHYXUXAPX18t+bn6c4Btry2RqM9JHY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d883b6213afa179b58ba8bace834f1419707d0ad", + "rev": "1f426f65ac4e6bf808923eb6f8b8c2bfba3d18c5", "type": "github" }, "original": { @@ -147,22 +147,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1750365781, - "narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "private": { "inputs": { "nixpkgs": [ @@ -172,6 +156,7 @@ "locked": { "lastModified": 1749920008, "narHash": "sha256-wn3U2q/+OQYErVyoY9kwZP/fXcDG4ewhJkHX7qHzq8g=", + "ref": "refs/heads/main", "rev": "5f8ba2025848dd30539c42ef1f7e6c6f917e70d9", "revCount": 19, "type": "git", @@ -188,7 +173,6 @@ "disko": "disko", "git-hooks-nix": "git-hooks-nix", "nixpkgs": "nixpkgs_2", - "nixpkgs-nixos-stable": "nixpkgs-nixos-stable", "private": "private", "sops-nix": "sops-nix", "treefmt-nix": "treefmt-nix" diff --git a/flake.nix b/flake.nix index df38c88..9a3f1eb 100644 --- a/flake.nix +++ b/flake.nix @@ -5,8 +5,7 @@ extra-trusted-public-keys = "qois-infrastructure:lh35ymN7Aoxm5Hz0S6JusxE+cYzMU+x9OMKjDVIpfuE="; }; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-nixos-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; treefmt-nix = { url = "github:numtide/treefmt-nix"; @@ -24,7 +23,7 @@ deploy-rs.url = "github:serokell/deploy-rs"; disko = { url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs-nixos-stable"; + inputs.nixpkgs.follows = "nixpkgs"; }; private.url = "git+file:./private"; private.inputs.nixpkgs.follows = "nixpkgs"; @@ -59,7 +58,7 @@ inherit (inputs) deploy-rs disko - nixpkgs-nixos-stable + nixpkgs sops-nix private git-hooks-nix diff --git a/nixos-configurations/default.nix b/nixos-configurations/default.nix index 475d6d5..96f9aa1 100644 --- a/nixos-configurations/default.nix +++ b/nixos-configurations/default.nix @@ -1,12 +1,12 @@ { self, pkgs, - nixpkgs-nixos-stable, + nixpkgs, ... }@inputs: let inherit (pkgs.lib) genAttrs; - inherit (nixpkgs-nixos-stable.lib) nixosSystem; + inherit (nixpkgs.lib) nixosSystem; configs = self.lib.foldersWithNix ./.; in genAttrs configs ( From afc2be57f58c4532378960c92e77c6ea45eec42e Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Thu, 26 Jun 2025 00:07:30 +0300 Subject: [PATCH 13/25] Fix formatting --- nixos-modules/static-page/test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos-modules/static-page/test.py b/nixos-modules/static-page/test.py index 295635f..a922edd 100644 --- a/nixos-modules/static-page/test.py +++ b/nixos-modules/static-page/test.py @@ -14,9 +14,9 @@ def test(subtest, webserver): value = node.succeed( f"curl -s --no-location -o /dev/null -w '%{{{variable}}}' '{url}'" ) - assert value == expected, ( - f"expected {variable} to be '{expected}' but got '{value}'" - ) + assert ( + value == expected + ), f"expected {variable} to be '{expected}' but got '{value}'" def expect_http_code(node, code, url): curl_variable_test(node, "http_code", code, url) From 2ddc256314d897900276a117993b2902841ecf09 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 28 Jun 2025 20:00:39 +0200 Subject: [PATCH 14/25] chore(deps): lock file maintenance --- flake.lock | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 0821973..76bf5b1 100644 --- a/flake.lock +++ b/flake.lock @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1750680230, - "narHash": "sha256-kD88T/NqmcgfOBFAwphN30ccaUdj6K6+LG0XdM2w2LA=", + "lastModified": 1750903843, + "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", "owner": "nix-community", "repo": "disko", - "rev": "8fd2d6c75009ac75f9a6fb18c33a239806778d01", + "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", "type": "github" }, "original": { @@ -156,7 +156,6 @@ "locked": { "lastModified": 1749920008, "narHash": "sha256-wn3U2q/+OQYErVyoY9kwZP/fXcDG4ewhJkHX7qHzq8g=", - "ref": "refs/heads/main", "rev": "5f8ba2025848dd30539c42ef1f7e6c6f917e70d9", "revCount": 19, "type": "git", @@ -220,11 +219,11 @@ ] }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1750931469, + "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", "type": "github" }, "original": { From 525bce9cee212fdcd8b213f16b2f08860a53705b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 29 Jun 2025 18:00:34 +0200 Subject: [PATCH 15/25] chore(deps): lock file maintenance --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 76bf5b1..c92fa82 100644 --- a/flake.lock +++ b/flake.lock @@ -133,11 +133,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1750646418, - "narHash": "sha256-4UAN+W0Lp4xnUiHYXUXAPX18t+bn6c4Btry2RqM9JHY=", + "lastModified": 1751048012, + "narHash": "sha256-MYbotu4UjWpTsq01wglhN5xDRfZYLFtNk7SBY0BcjkU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1f426f65ac4e6bf808923eb6f8b8c2bfba3d18c5", + "rev": "a684c58d46ebbede49f280b653b9e56100aa3877", "type": "github" }, "original": { From 2866526d20758541d66e70572168ebe7b471d2d8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 29 Jun 2025 18:10:30 +0200 Subject: [PATCH 16/25] chore(deps): update nixpkgs to nixos-25.05 --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index c92fa82..169d559 100644 --- a/flake.lock +++ b/flake.lock @@ -133,16 +133,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1751048012, - "narHash": "sha256-MYbotu4UjWpTsq01wglhN5xDRfZYLFtNk7SBY0BcjkU=", + "lastModified": 1750969886, + "narHash": "sha256-zW/OFnotiz/ndPFdebpo3X0CrbVNf22n4DjN2vxlb58=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a684c58d46ebbede49f280b653b9e56100aa3877", + "rev": "a676066377a2fe7457369dd37c31fd2263b662f4", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 9a3f1eb..b645da8 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ extra-trusted-public-keys = "qois-infrastructure:lh35ymN7Aoxm5Hz0S6JusxE+cYzMU+x9OMKjDVIpfuE="; }; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; treefmt-nix = { url = "github:numtide/treefmt-nix"; From e2ff429bcc44306c2ac35ed65987b794c19ab1b5 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sun, 29 Jun 2025 19:46:15 +0300 Subject: [PATCH 17/25] Optimize nextcloud php config --- nixos-modules/cloud/default.nix | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nixos-modules/cloud/default.nix b/nixos-modules/cloud/default.nix index ee503bb..e54f2d7 100644 --- a/nixos-modules/cloud/default.nix +++ b/nixos-modules/cloud/default.nix @@ -83,16 +83,22 @@ with lib; }; phpOptions = { - "opcache.interned_strings_buffer" = "23"; + "opcache.interned_strings_buffer" = "64"; + "opcache.memory_consumption" = "512"; + "opcache.save_comments" = "1"; + "opcache.max_accelerated_files" = "50000"; + "opcache.fast_shutdown" = "1"; + "opcache.jit" = "1255"; + "opcache.jit_buffer_size" = "8M"; }; poolSettings = { "pm" = "dynamic"; - "pm.max_children" = "256"; - "pm.max_requests" = "500"; - "pm.max_spare_servers" = "16"; - "pm.min_spare_servers" = "2"; - "pm.start_servers" = "8"; + "pm.max_children" = "480"; + "pm.max_requests" = "2000"; + "pm.max_spare_servers" = "72"; + "pm.min_spare_servers" = "24"; + "pm.start_servers" = "48"; }; configureRedis = true; @@ -116,12 +122,6 @@ with lib; }; }; - services.phpfpm.pools.nextcloud.settings = { - "pm.max_children" = lib.mkForce "256"; - "pm.max_spare_servers" = lib.mkForce "16"; - "pm.start_servers" = lib.mkForce "8"; - }; - users.users.nextcloud.extraGroups = [ "postdrop" ]; systemd.services.nextcloud-cron = { From 78afd3ecb7ba99af229ea5e1c541eb79c0ab7813 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sun, 29 Jun 2025 19:55:32 +0300 Subject: [PATCH 18/25] Set system.stateVersion to 25.05 --- nixos-configurations/calanda/default.nix | 2 +- nixos-configurations/cyprianspitz/default.nix | 2 +- nixos-configurations/lindberg-build/default.nix | 2 +- nixos-configurations/lindberg-nextcloud/default.nix | 2 +- nixos-configurations/lindberg-webapps/default.nix | 2 +- nixos-configurations/lindberg/default.nix | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/nixos-configurations/calanda/default.nix b/nixos-configurations/calanda/default.nix index a397319..b0109d1 100644 --- a/nixos-configurations/calanda/default.nix +++ b/nixos-configurations/calanda/default.nix @@ -16,5 +16,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-configurations/cyprianspitz/default.nix b/nixos-configurations/cyprianspitz/default.nix index fd20520..a6094df 100644 --- a/nixos-configurations/cyprianspitz/default.nix +++ b/nixos-configurations/cyprianspitz/default.nix @@ -23,5 +23,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-configurations/lindberg-build/default.nix b/nixos-configurations/lindberg-build/default.nix index dc3a626..cd093a4 100644 --- a/nixos-configurations/lindberg-build/default.nix +++ b/nixos-configurations/lindberg-build/default.nix @@ -19,5 +19,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-configurations/lindberg-nextcloud/default.nix b/nixos-configurations/lindberg-nextcloud/default.nix index 3bfc14a..eab10d4 100644 --- a/nixos-configurations/lindberg-nextcloud/default.nix +++ b/nixos-configurations/lindberg-nextcloud/default.nix @@ -46,5 +46,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-configurations/lindberg-webapps/default.nix b/nixos-configurations/lindberg-webapps/default.nix index 00b64a7..d3ba75b 100644 --- a/nixos-configurations/lindberg-webapps/default.nix +++ b/nixos-configurations/lindberg-webapps/default.nix @@ -19,5 +19,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/nixos-configurations/lindberg/default.nix b/nixos-configurations/lindberg/default.nix index 2bf286c..cb2e35c 100644 --- a/nixos-configurations/lindberg/default.nix +++ b/nixos-configurations/lindberg/default.nix @@ -24,5 +24,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? } From 3b5abde73d9a263333c910489875937f0273874c Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sun, 29 Jun 2025 19:57:56 +0300 Subject: [PATCH 19/25] Fix fmt --- nixos-modules/static-page/test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos-modules/static-page/test.py b/nixos-modules/static-page/test.py index a922edd..295635f 100644 --- a/nixos-modules/static-page/test.py +++ b/nixos-modules/static-page/test.py @@ -14,9 +14,9 @@ def test(subtest, webserver): value = node.succeed( f"curl -s --no-location -o /dev/null -w '%{{{variable}}}' '{url}'" ) - assert ( - value == expected - ), f"expected {variable} to be '{expected}' but got '{value}'" + assert value == expected, ( + f"expected {variable} to be '{expected}' but got '{value}'" + ) def expect_http_code(node, code, url): curl_variable_test(node, "http_code", code, url) From fd211eff840dfee626dda285bbcb538536ed3f0e Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sun, 29 Jun 2025 21:01:54 +0300 Subject: [PATCH 20/25] Deploy CI hosts after all other deployments --- .github/workflows/ci.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a9fa2c9..6eba117 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,3 +45,17 @@ jobs: lfs: false - name: "Deploy profile" run: "auto-deploy ${{ matrix.profile }}" + deploy-ci: + needs: deploy + if: success() && github.ref == 'refs/heads/main' + runs-on: nix + env: + SSH_DEPLOY_KEY: "${{ secrets.SSH_DEPLOY_KEY }}" + steps: + - name: Initialize CI + uses: https://git.qo.is/qo.is/actions-nix-init@main + with: + token: ${{ secrets.CI_TOKEN }} + lfs: false + - name: "Deploy profile" + run: "auto-deploy system-ci" From eb82809aacf562f2ca5c70aff1f198061b4f2ffe Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Jun 2025 18:00:36 +0200 Subject: [PATCH 21/25] chore(deps): lock file maintenance --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 169d559..7fc742c 100644 --- a/flake.lock +++ b/flake.lock @@ -133,11 +133,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1750969886, - "narHash": "sha256-zW/OFnotiz/ndPFdebpo3X0CrbVNf22n4DjN2vxlb58=", + "lastModified": 1751211869, + "narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a676066377a2fe7457369dd37c31fd2263b662f4", + "rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51", "type": "github" }, "original": { From e955cfc61c2dea7280d2782a84449bcf0d1e52ae Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 4 Jul 2025 18:00:33 +0200 Subject: [PATCH 22/25] chore(deps): lock file maintenance --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 7fc742c..b3edf58 100644 --- a/flake.lock +++ b/flake.lock @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1750903843, - "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", + "lastModified": 1751607816, + "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", "owner": "nix-community", "repo": "disko", - "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", + "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", "type": "github" }, "original": { @@ -133,11 +133,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1751211869, - "narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=", + "lastModified": 1751479989, + "narHash": "sha256-M5KgdpVBVcW4HRVq9/OSRbrxlwsQ1ogEKqnvzsClDqU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51", + "rev": "34627c90f062da515ea358360f448da57769236e", "type": "github" }, "original": { @@ -184,11 +184,11 @@ ] }, "locked": { - "lastModified": 1750119275, - "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "type": "github" }, "original": { From 8790efa9c7e04033176a7f29e620f9167b845f62 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 5 Jul 2025 18:00:36 +0200 Subject: [PATCH 23/25] chore(deps): lock file maintenance --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b3edf58..fd60b11 100644 --- a/flake.lock +++ b/flake.lock @@ -133,11 +133,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1751479989, - "narHash": "sha256-M5KgdpVBVcW4HRVq9/OSRbrxlwsQ1ogEKqnvzsClDqU=", + "lastModified": 1751582995, + "narHash": "sha256-u7ubvtxdTnFPpV27AHpgoKn7qHuE7sgWgza/1oj5nzA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "34627c90f062da515ea358360f448da57769236e", + "rev": "7a732ed41ca0dd64b4b71b563ab9805a80a7d693", "type": "github" }, "original": { From 3cac920bff5aeb3d48ad61de8a2fe70dd2d5885d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 6 Jul 2025 18:00:36 +0200 Subject: [PATCH 24/25] chore(deps): lock file maintenance --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index fd60b11..3c82399 100644 --- a/flake.lock +++ b/flake.lock @@ -133,11 +133,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1751582995, - "narHash": "sha256-u7ubvtxdTnFPpV27AHpgoKn7qHuE7sgWgza/1oj5nzA=", + "lastModified": 1751741127, + "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7a732ed41ca0dd64b4b71b563ab9805a80a7d693", + "rev": "29e290002bfff26af1db6f64d070698019460302", "type": "github" }, "original": { From 1c98a3a704934b3987dfd9dcbe3eba489dac5514 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 7 Jul 2025 18:00:17 +0200 Subject: [PATCH 25/25] chore(deps): lock file maintenance --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3c82399..e0b4195 100644 --- a/flake.lock +++ b/flake.lock @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1751607816, - "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", + "lastModified": 1751854533, + "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", "owner": "nix-community", "repo": "disko", - "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", + "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", "type": "github" }, "original": {