From 5590ba68f409258292e51c5ba1186f5e36b0785c Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Thu, 5 Dec 2024 14:31:55 +0200 Subject: [PATCH 1/5] Upgrade inputs to 24.11 --- flake.lock | 29 +++++++++++++---------------- flake.nix | 2 +- updates.md | 10 +++++++++- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index b99c44c..8f0ef83 100644 --- a/flake.lock +++ b/flake.lock @@ -71,11 +71,11 @@ ] }, "locked": { - "lastModified": 1731274291, - "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", + "lastModified": 1733168902, + "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", "owner": "nix-community", "repo": "disko", - "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", + "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", "type": "github" }, "original": { @@ -176,27 +176,27 @@ }, "nixpkgs-nixos-stable": { "locked": { - "lastModified": 1731239293, - "narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=", + "lastModified": 1733261153, + "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9256f7c71a195ebe7a218043d9f93390d49e6884", + "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-nixos-unstable": { "locked": { - "lastModified": 1731139594, - "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -272,17 +272,14 @@ "inputs": { "nixpkgs": [ "nixpkgs-nixos-unstable" - ], - "nixpkgs-stable": [ - "nixpkgs-nixos-stable" ] }, "locked": { - "lastModified": 1731213149, - "narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=", + "lastModified": 1733128155, + "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7", + "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 98f5cca..413658d 100644 --- a/flake.nix +++ b/flake.nix @@ -12,7 +12,7 @@ inputs.nixpkgs.follows = "nixpkgs-nixos-stable"; }; nixpkgs-nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-nixos-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs-nixos-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; sops-nix = { url = "github:Mic92/sops-nix"; inputs = { diff --git a/updates.md b/updates.md index 81a414d..0f7994c 100644 --- a/updates.md +++ b/updates.md @@ -39,7 +39,13 @@ For kernel updates, it might be required to reboot machines, which can be done i pssh -l root -H lindberg-nextcloud.backplane.net.qo.is -H lindberg-build.backplane.net.qo.is reboot ``` -## Aplication Updates +## `systemVersion` upgrades + +- Make sure to read through the nixpkgs changelog to catch configuration scheme changes, + successor applications or for the need for manual interventions. +- Pay special attention the applications listed below. + +## Application Updates Some applications have pinned versions to prevent problems due to accidental upgrades. The version switch has to be done manually by switching the package used. @@ -47,3 +53,5 @@ The version switch has to be done manually by switching the package used. This includes the modules for: - `nextcloud` +- `postgresql`, [→ Nixpkgs manual page](https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading) + From f6e63c0fdf84a91ddc450d431c47ebeacb90e09b Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Thu, 5 Dec 2024 14:31:55 +0200 Subject: [PATCH 2/5] Upgrade inputs to 24.11 --- defaults/base-minimal/default.nix | 7 +++++-- flake.lock | 29 +++++++++++++---------------- flake.nix | 3 +-- nixos-modules/meta/network.nix | 2 +- updates.md | 10 +++++++++- 5 files changed, 29 insertions(+), 22 deletions(-) diff --git a/defaults/base-minimal/default.nix b/defaults/base-minimal/default.nix index bd2948f..078d647 100644 --- a/defaults/base-minimal/default.nix +++ b/defaults/base-minimal/default.nix @@ -72,7 +72,7 @@ dates = "weekly"; options = "--delete-older-than 90d"; }; - package = pkgs.nixFlakes; + package = pkgs.nixVersions.stable; extraOptions = '' experimental-features = nix-command flakes ''; @@ -105,7 +105,10 @@ }; programs.autojump.enable = true; - programs.vim.defaultEditor = true; + programs.vim = { + enable = true; + defaultEditor = true; + }; sops.defaultSopsFile = let diff --git a/flake.lock b/flake.lock index b99c44c..8f0ef83 100644 --- a/flake.lock +++ b/flake.lock @@ -71,11 +71,11 @@ ] }, "locked": { - "lastModified": 1731274291, - "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", + "lastModified": 1733168902, + "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", "owner": "nix-community", "repo": "disko", - "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", + "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", "type": "github" }, "original": { @@ -176,27 +176,27 @@ }, "nixpkgs-nixos-stable": { "locked": { - "lastModified": 1731239293, - "narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=", + "lastModified": 1733261153, + "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9256f7c71a195ebe7a218043d9f93390d49e6884", + "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-nixos-unstable": { "locked": { - "lastModified": 1731139594, - "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -272,17 +272,14 @@ "inputs": { "nixpkgs": [ "nixpkgs-nixos-unstable" - ], - "nixpkgs-stable": [ - "nixpkgs-nixos-stable" ] }, "locked": { - "lastModified": 1731213149, - "narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=", + "lastModified": 1733128155, + "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7", + "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 98f5cca..b641eed 100644 --- a/flake.nix +++ b/flake.nix @@ -12,12 +12,11 @@ inputs.nixpkgs.follows = "nixpkgs-nixos-stable"; }; nixpkgs-nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-nixos-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs-nixos-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; sops-nix = { url = "github:Mic92/sops-nix"; inputs = { nixpkgs.follows = "nixpkgs-nixos-unstable"; - nixpkgs-stable.follows = "nixpkgs-nixos-stable"; }; }; private.url = "git+file:./private"; diff --git a/nixos-modules/meta/network.nix b/nixos-modules/meta/network.nix index a17a9e9..3caa3d7 100644 --- a/nixos-modules/meta/network.nix +++ b/nixos-modules/meta/network.nix @@ -146,7 +146,7 @@ in }); }; - # Taken from https://github.com/NixOS/nixpkgs/blob/nixos-21.11/nixos/modules/services/networking/wireguard.nix: + # Taken from https://github.com/NixOS/nixpkgs/blob/nixos-21.11/nixos/modules/services/networking/wireguard.nix: publicKey = mkOption { example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; type = str; diff --git a/updates.md b/updates.md index 81a414d..0f7994c 100644 --- a/updates.md +++ b/updates.md @@ -39,7 +39,13 @@ For kernel updates, it might be required to reboot machines, which can be done i pssh -l root -H lindberg-nextcloud.backplane.net.qo.is -H lindberg-build.backplane.net.qo.is reboot ``` -## Aplication Updates +## `systemVersion` upgrades + +- Make sure to read through the nixpkgs changelog to catch configuration scheme changes, + successor applications or for the need for manual interventions. +- Pay special attention the applications listed below. + +## Application Updates Some applications have pinned versions to prevent problems due to accidental upgrades. The version switch has to be done manually by switching the package used. @@ -47,3 +53,5 @@ The version switch has to be done manually by switching the package used. This includes the modules for: - `nextcloud` +- `postgresql`, [→ Nixpkgs manual page](https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading) + From df83c62e0c626a4b995f8b012b48377ce81b3606 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Fri, 6 Dec 2024 14:04:04 +0200 Subject: [PATCH 3/5] Remove fulberg host --- SUMMARY.md | 1 - defaults/meta/hosts.json | 4 -- defaults/meta/network-physical.nix | 3 -- defaults/meta/network-virtual.nix | 9 ---- defaults/meta/network.md | 4 +- nixos-configurations/calanda/networking.nix | 22 --------- nixos-configurations/fulberg/README.md | 1 - .../fulberg/applications/default.nix | 1 - nixos-configurations/fulberg/backup.nix | 35 -------------- nixos-configurations/fulberg/default.nix | 22 --------- nixos-configurations/fulberg/filesystems.nix | 31 ------------ nixos-configurations/fulberg/networking.nix | 48 ------------------- nixos-configurations/fulberg/secrets.nix | 8 ---- .../lindberg-build/backup.nix | 1 - .../lindberg-nextcloud/secrets.nix | 2 +- nixos-configurations/lindberg/secrets.nix | 2 +- nixos-configurations/stompert/default.nix | 2 +- updates.md | 2 +- 18 files changed, 6 insertions(+), 192 deletions(-) delete mode 100644 nixos-configurations/fulberg/README.md delete mode 100644 nixos-configurations/fulberg/applications/default.nix delete mode 100644 nixos-configurations/fulberg/backup.nix delete mode 100644 nixos-configurations/fulberg/default.nix delete mode 100644 nixos-configurations/fulberg/filesystems.nix delete mode 100644 nixos-configurations/fulberg/networking.nix delete mode 100644 nixos-configurations/fulberg/secrets.nix diff --git a/SUMMARY.md b/SUMMARY.md index 0c7d4e6..f8742a5 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -27,7 +27,6 @@ - [calanda](nixos-configurations/calanda/README.md) - [cyprianspitz](nixos-configurations/cyprianspitz/README.md) -- [fulberg](nixos-configurations/fulberg/README.md) - [lindberg](nixos-configurations/lindberg/README.md) - [stompert](nixos-configurations/stompert/README.md) - [tierberg](nixos-configurations/tierberg/README.md) diff --git a/defaults/meta/hosts.json b/defaults/meta/hosts.json index 1befacf..8780258 100644 --- a/defaults/meta/hosts.json +++ b/defaults/meta/hosts.json @@ -1,8 +1,4 @@ { - "fulberg": { - "hostName": "fulberg", - "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCG9qqpUOJ2RsohIqhMuw3YZZSrnPqhf5ayh5y0Cq/I" - }, "calanda": { "hostName": "calanda", "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdoOZcFFRXIqEWqUnwCk/kqP8DZw6/4omDefCT6aNN4" diff --git a/defaults/meta/network-physical.nix b/defaults/meta/network-physical.nix index 3f20460..69a4057 100644 --- a/defaults/meta/network-physical.nix +++ b/defaults/meta/network-physical.nix @@ -36,9 +36,6 @@ calanda = { v4.ip = "10.1.2.1"; }; - fulberg = { - v4.ip = "10.1.2.2"; - }; }; }; diff --git a/defaults/meta/network-virtual.nix b/defaults/meta/network-virtual.nix index f0b8b3d..6e1fdad 100644 --- a/defaults/meta/network-virtual.nix +++ b/defaults/meta/network-virtual.nix @@ -27,15 +27,6 @@ domain = "backplane.net.qo.is"; hosts = { - fulberg = { - v4.ip = "10.250.0.1"; - endpoint = { - fqdn = physical-network.plessur-ext.hosts.calanda.fqdn; - port = 51821; - }; - publicKey = "xcQOu+pp4ckNygcsLmJL1NmUzbbC+k3I7y+hJ9Ul4nk="; - persistentKeepalive = 25; - }; lindberg = { v4.ip = "10.250.0.2"; #endpoint = { # TODO: Port forwarding diff --git a/defaults/meta/network.md b/defaults/meta/network.md index 3015417..72e13ba 100644 --- a/defaults/meta/network.md +++ b/defaults/meta/network.md @@ -18,7 +18,7 @@ package "plessur.net.qo.is" { ] node calanda - node fulberg + node cyprianspitz cloud plessurnet [ LAN Plessur @@ -26,7 +26,7 @@ package "plessur.net.qo.is" { mediaconvchur - "enp4" calanda calanda "br0 (enp2, wlp1, wlp5)" --- plessurnet - calanda "enp4" -- "eno1" fulberg + plessurnet -- cyprianspitz } package "riedbach.net.qo.is" { diff --git a/nixos-configurations/calanda/networking.nix b/nixos-configurations/calanda/networking.nix index e909427..5aa0760 100644 --- a/nixos-configurations/calanda/networking.nix +++ b/nixos-configurations/calanda/networking.nix @@ -66,14 +66,6 @@ in # DMZ Portforwarding networking.nat.forwardPorts = let - fulbergPort = ( - proto: port: { - destination = "10.1.2.2:${toString port}"; - proto = proto; - sourcePort = port; - loopbackIPs = [ "85.195.200.253" ]; - } - ); cyprianspitzPort = ( proto: port: { destination = "10.1.1.11:${toString port}"; @@ -84,26 +76,12 @@ in ); in [ - { - destination = "10.1.2.2:22"; - proto = "tcp"; - sourcePort = 8022; - } - { - destination = "10.1.2.2:2222"; - proto = "tcp"; - sourcePort = 8222; - } { destination = "10.1.1.11:2222"; proto = "tcp"; sourcePort = 8223; } ] - ++ map (fulbergPort "udp") [ - 51820 - 51821 - ] ++ map (cyprianspitzPort "tcp") [ 80 443 diff --git a/nixos-configurations/fulberg/README.md b/nixos-configurations/fulberg/README.md deleted file mode 100644 index 2db184e..0000000 --- a/nixos-configurations/fulberg/README.md +++ /dev/null @@ -1 +0,0 @@ -# fulberg diff --git a/nixos-configurations/fulberg/applications/default.nix b/nixos-configurations/fulberg/applications/default.nix deleted file mode 100644 index c915eb0..0000000 --- a/nixos-configurations/fulberg/applications/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: { } diff --git a/nixos-configurations/fulberg/backup.nix b/nixos-configurations/fulberg/backup.nix deleted file mode 100644 index e37c8e8..0000000 --- a/nixos-configurations/fulberg/backup.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, pkgs, ... }: -{ - - qois.backup-server = { - enable = true; - backupStorageRoot = "/mnt/nas/backup"; - }; - - services.borgbackup.repos = - let - backupRoot = "/mnt/nas/backup"; - hostBackupRoot = "${backupRoot}/hosts"; - dataBackupRoot = "${backupRoot}/data"; - in - { - "lindberg-nextcloud" = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIpzfp9VqclbPJ42ZrkRpvjMSTeyq0qce03zCRXqIHMw backup@lindberg-nextcloud" - ]; - path = "${hostBackupRoot}/lindberg-nextcloud"; - }; - "lindberg-data" = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTmyoVONC12MgOodvzdPpZzLSVwpkC6zkf+Rg0W36gy backup-data@lindberg" - ]; - path = "${dataBackupRoot}/lindberg"; - }; - "lindberg-build-system" = { - authorizedKeys = [ - "ssh-ed25519 AAAATODOTODOTODONTE5AAAAIGTmyoVONC12MgOodvzdPpZzLSVwpkC6zkf+Rg0W36gy backup-system@lindberg-build" - ]; - path = "${dataBackupRoot}/lindberg-build-system"; - }; - }; -} diff --git a/nixos-configurations/fulberg/default.nix b/nixos-configurations/fulberg/default.nix deleted file mode 100644 index 4605b9d..0000000 --- a/nixos-configurations/fulberg/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: -{ - - imports = [ - ../../defaults/base - ../../defaults/hardware/apu.nix - ../../defaults/meta - ./applications - ./backup.nix - ./filesystems.nix - ./networking.nix - ./secrets.nix - ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like fi:le locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? -} diff --git a/nixos-configurations/fulberg/filesystems.nix b/nixos-configurations/fulberg/filesystems.nix deleted file mode 100644 index 547cd79..0000000 --- a/nixos-configurations/fulberg/filesystems.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, pkgs, ... }: -{ - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/360a6bc9-fc4e-4803-bd53-69320ac32ac5"; - fsType = "btrfs"; - options = [ - "defaults" - "subvol=nixos" - "noatime" - ]; - }; - "/mnt/nas" = { - device = "10.1.1.39:/qois"; - fsType = "nfs"; - options = [ - "defaults" - "noatime" - "soft" - ]; - }; - }; - - swapDevices = [ { device = "/dev/disk/by-uuid/73f91e99-d856-4504-b6b2-d60f855d6d95"; } ]; - - boot.loader.grub = { - enable = true; - device = "/dev/sda"; - }; -} diff --git a/nixos-configurations/fulberg/networking.nix b/nixos-configurations/fulberg/networking.nix deleted file mode 100644 index 125539d..0000000 --- a/nixos-configurations/fulberg/networking.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, pkgs, ... }: -let - meta = config.qois.meta; - plessur-dmz-net = meta.network.physical.plessur-dmz; - getCalandaIp4 = net: net.hosts.calanda.v4.ip; -in -{ - networking.hostName = meta.hosts.fulberg.hostName; - - imports = [ ../../defaults/backplane-net ]; - - # WWAN is currently not available due to a broken SIM-card. - #services.qois.wwan = { - # enable = true; - # apn = "gprs.swisscom.ch"; - # networkInterface = "wwp0s19u1u3i12"; - #}; - - networking.interfaces.enp1s0 = { - useDHCP = false; - ipv4.addresses = [ - { - inherit (plessur-dmz-net.v4) prefixLength; - address = plessur-dmz-net.hosts.fulberg.v4.ip; - } - ]; - }; - - networking.defaultGateway = plessur-dmz-net.v4.gateway; - networking.nameservers = plessur-dmz-net.v4.nameservers; - - # Configure this node to be used as an vpn exit node - qois.backup-client.includePaths = [ "/var/lib/tailscale" ]; - services.tailscale = { - enable = true; - openFirewall = true; - useRoutingFeatures = "server"; - authKeyFile = config.sops.secrets."tailscale/key".path; - extraUpFlags = [ - "--login-server=https://vpn.qo.is" - "--advertise-exit-node" - ( - with meta.network.virtual.backplane.v4; "--advertise-routes=${id}/${builtins.toString prefixLength}" - ) - "--advertise-tags=tag:srv" - ]; - }; -} diff --git a/nixos-configurations/fulberg/secrets.nix b/nixos-configurations/fulberg/secrets.nix deleted file mode 100644 index b7aa8fe..0000000 --- a/nixos-configurations/fulberg/secrets.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - sops.secrets = { - "tailscale/key" = { - restartUnits = [ "tailscale.service" ]; - }; - }; -} diff --git a/nixos-configurations/lindberg-build/backup.nix b/nixos-configurations/lindberg-build/backup.nix index 287f4ad..493171d 100644 --- a/nixos-configurations/lindberg-build/backup.nix +++ b/nixos-configurations/lindberg-build/backup.nix @@ -3,7 +3,6 @@ let vnet = config.qois.meta.network.virtual.backplane.hosts; systemTargets = [ - "fulberg" "tierberg" ]; systemJobs = builtins.listToAttrs ( diff --git a/nixos-configurations/lindberg-nextcloud/secrets.nix b/nixos-configurations/lindberg-nextcloud/secrets.nix index 3fa2f78..8327b13 100644 --- a/nixos-configurations/lindberg-nextcloud/secrets.nix +++ b/nixos-configurations/lindberg-nextcloud/secrets.nix @@ -2,7 +2,7 @@ let backupConfiguration = { restartUnits = [ - "borgbackup-job-system-fulberg.service" + "borgbackup-job-system-cyprianspitz.service" "borgbackup-job-system-tierberg.service" ]; }; diff --git a/nixos-configurations/lindberg/secrets.nix b/nixos-configurations/lindberg/secrets.nix index b9121f7..27905c3 100644 --- a/nixos-configurations/lindberg/secrets.nix +++ b/nixos-configurations/lindberg/secrets.nix @@ -2,7 +2,7 @@ let backupConfiguration = { restartUnits = [ - "borgbackup-job-data-fulberg.service" + "borgbackup-job-data-cyprianspitz.service" "borgbackup-job-data-tierberg.service" ]; }; diff --git a/nixos-configurations/stompert/default.nix b/nixos-configurations/stompert/default.nix index e4cb9a4..d1855d2 100644 --- a/nixos-configurations/stompert/default.nix +++ b/nixos-configurations/stompert/default.nix @@ -59,5 +59,5 @@ # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. - system.stateVersion = "22.11"; # Did you read the comment? + system.stateVersion = "24.11"; # Did you read the comment? } diff --git a/updates.md b/updates.md index 0f7994c..5d7a6e3 100644 --- a/updates.md +++ b/updates.md @@ -28,7 +28,7 @@ deploy-qois .#lindberg-nextcloud .#lindberg-build deploy-qois .#lindberg # Deploy slow physical hosts (maybe do individually) -deploy-qois --confirm-timeout 600 --activation-timeout 600 --targets .#fulberg .#tierberg .#stompert .#stompert +deploy-qois --confirm-timeout 600 --activation-timeout 600 --targets .#tierberg .#stompert .#stompert ``` From 2b415162b620c4bee2b39f688b4f51d896209887 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Fri, 6 Dec 2024 14:26:01 +0200 Subject: [PATCH 4/5] Use attic from nixpkgs --- flake.lock | 145 +----------------- flake.nix | 1 - nixos-configurations/default.nix | 8 - .../lindberg-build/applications/attic.nix | 5 +- 4 files changed, 9 insertions(+), 150 deletions(-) diff --git a/flake.lock b/flake.lock index 8f0ef83..c15a68f 100644 --- a/flake.lock +++ b/flake.lock @@ -1,53 +1,9 @@ { "nodes": { - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1731270564, - "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "47752427561f1c34debb16728a210d378f0ece36", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "repo": "attic", - "type": "github" - } - }, - "crane": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", - "owner": "ipetkov", - "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_2", + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", "utils": "utils" }, "locked": { @@ -100,71 +56,13 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1726042813, - "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "type": "github" }, "original": { @@ -206,38 +104,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1702272962, - "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "private": { "inputs": { "nixpkgs-nixos-unstable": [ @@ -259,7 +125,6 @@ }, "root": { "inputs": { - "attic": "attic", "deploy-rs": "deploy-rs", "disko": "disko", "nixpkgs-nixos-stable": "nixpkgs-nixos-stable", diff --git a/flake.nix b/flake.nix index b641eed..d9dae25 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,6 @@ extra-trusted-public-keys = "qois-infrastructure:lh35ymN7Aoxm5Hz0S6JusxE+cYzMU+x9OMKjDVIpfuE="; }; inputs = { - attic.url = "github:zhaofengli/attic"; deploy-rs.url = "github:serokell/deploy-rs"; disko = { url = "github:nix-community/disko"; diff --git a/nixos-configurations/default.nix b/nixos-configurations/default.nix index 6fccd8b..00253e0 100644 --- a/nixos-configurations/default.nix +++ b/nixos-configurations/default.nix @@ -3,7 +3,6 @@ pkgs, nixpkgs-nixos-stable, disko, - attic, sops-nix, ... }@inputs: @@ -20,13 +19,6 @@ pkgs.lib.genAttrs configs ( modules = [ self.nixosModules.default ./${config}/default.nix - ( - { ... }: - { - imports = [ "${attic}/nixos/atticd.nix" ]; - services.atticd.useFlakeCompatOverlay = false; - } - ) disko.nixosModules.disko sops-nix.nixosModules.sops ( diff --git a/nixos-configurations/lindberg-build/applications/attic.nix b/nixos-configurations/lindberg-build/applications/attic.nix index 2825897..c0b0cc0 100644 --- a/nixos-configurations/lindberg-build/applications/attic.nix +++ b/nixos-configurations/lindberg-build/applications/attic.nix @@ -14,7 +14,7 @@ in # generate secret with # nix run system#openssl rand 64 | base64 -w0 # ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64="output from openssl" - credentialsFile = config.sops.secrets."attic/server_token".path; + environmentFile = config.sops.secrets."attic/server_token".path; settings = { listen = "127.0.0.1:${builtins.toString atticPort}"; @@ -44,6 +44,8 @@ in max-size = 256 * 1024; # 256 KiB }; + garbage-collection.default-retention-period = "6 months"; + database.url = "postgresql:///atticd?host=/run/postgresql"; }; }; @@ -51,6 +53,7 @@ in imports = [ ../../../defaults/webserver ]; qois.postgresql.enable = true; + # Note: Attic cache availability is "best effort", so no artifacts are backed up. services.postgresql = { From 462622a0778fdf794c37b817235764cf0cfd5e93 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Fri, 6 Dec 2024 14:26:21 +0200 Subject: [PATCH 5/5] Require postgres version to be configured manually --- nixos-modules/postgresql/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos-modules/postgresql/default.nix b/nixos-modules/postgresql/default.nix index e2a8e88..823ee2b 100644 --- a/nixos-modules/postgresql/default.nix +++ b/nixos-modules/postgresql/default.nix @@ -12,6 +12,10 @@ with lib; { options.qois.postgresql = { enable = mkEnableOption ''Enable postgresql services with defaults''; + package = mkPackageOption pkgs "postgresql" { + example = "postgresql_15"; + default = null; + }; }; config = mkIf cfg.enable {