diff options
| author | makefu <github@syntax-fehler.de> | 2023-07-02 16:05:52 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2023-07-02 16:06:38 +0200 |
| commit | 777a2fe7347e55450c63170db336cbe8518961bd (patch) | |
| tree | 69fa95da7f3458b1e19cb6a54ed34a505147b5b3 | |
| parent | ecfa5966701bbda871aca18ff81d2200f1990f88 (diff) | |
treewide: replace stockholm/lib with stockholm.lib
47 files changed, 71 insertions, 107 deletions
diff --git a/2configs/bepasty-dual.nix b/2configs/bepasty-dual.nix index f63dbefd8..fd52d504a 100644 --- a/2configs/bepasty-dual.nix +++ b/2configs/bepasty-dual.nix @@ -10,7 +10,7 @@ # wildcard.krebsco.de.key # bepasty-secret.nix <- contains single string -with import <stockholm/lib>; +with pkgs.stockholm.lib; let sec = toString <secrets>; # secKey is nothing worth protecting on a local machine diff --git a/2configs/bgt/download.binaergewitter.de.nix b/2configs/bgt/download.binaergewitter.de.nix index 31da31a71..7664dacaa 100644 --- a/2configs/bgt/download.binaergewitter.de.nix +++ b/2configs/bgt/download.binaergewitter.de.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let ident = (builtins.readFile ./auphonic.pub); bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; diff --git a/2configs/collectd/collectd-base.nix b/2configs/collectd/collectd-base.nix index 9168d1fa9..3f41aa04f 100644 --- a/2configs/collectd/collectd-base.nix +++ b/2configs/collectd/collectd-base.nix @@ -2,7 +2,7 @@ # graphite-web on port 8080 # carbon cache on port 2003 (tcp/udp) -with import <stockholm/lib>; +with pkgs.stockholm.lib; let connect-time-cfg = with pkgs; writeText "collectd-connect-time.cfg" '' LoadPlugin python diff --git a/2configs/dcpp/hub.nix b/2configs/dcpp/hub.nix index f0aac3f32..7b5163d54 100644 --- a/2configs/dcpp/hub.nix +++ b/2configs/dcpp/hub.nix @@ -2,7 +2,7 @@ # search also generates ddclient entries for all other logs -with import <stockholm/lib>; +with pkgs.stockholm.lib; let ddclientUser = "ddclient"; sec = toString <secrets>; diff --git a/2configs/deployment/boot-euer.nix b/2configs/deployment/boot-euer.nix index f890ea7ad..6d83d1efc 100644 --- a/2configs/deployment/boot-euer.nix +++ b/2configs/deployment/boot-euer.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # more than just nginx config but not enough to become a module -with import <stockholm/lib>; +with pkgs.stockholm.lib; let hostname = config.krebs.build.host.name; bootscript = pkgs.writeTextDir "runit" '' diff --git a/2configs/deployment/graphs.nix b/2configs/deployment/graphs.nix index 1f6deb1bf..286b7301d 100644 --- a/2configs/deployment/graphs.nix +++ b/2configs/deployment/graphs.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let external-ip = config.krebs.build.host.nets.internet.ip4.addr; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; diff --git a/2configs/deployment/photostore.krebsco.de.nix b/2configs/deployment/photostore.krebsco.de.nix index 19a8df235..9e0c870c3 100644 --- a/2configs/deployment/photostore.krebsco.de.nix +++ b/2configs/deployment/photostore.krebsco.de.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # more than just nginx config but not enough to become a module -with import <stockholm/lib>; +with pkgs.stockholm.lib; let wsgi-sock = "${workdir}/uwsgi-photostore.sock"; workdir = config.services.uwsgi.runDir; diff --git a/2configs/elchos/irc-token.nix b/2configs/elchos/irc-token.nix index 4844bf29f..c8873c631 100644 --- a/2configs/elchos/irc-token.nix +++ b/2configs/elchos/irc-token.nix @@ -1,5 +1,5 @@ {pkgs, ...}: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let secret = (import <secrets/elchos-token.nix>); in { diff --git a/2configs/elchos/search.nix b/2configs/elchos/search.nix index e7b91e6a8..b9d4ed5de 100644 --- a/2configs/elchos/search.nix +++ b/2configs/elchos/search.nix @@ -2,7 +2,7 @@ # search also generates ddclient entries for all other logs -with import <stockholm/lib>; +with pkgs.stockholm.lib; let #primary-itf = "eth0"; #primary-itf = "wlp2s0"; diff --git a/2configs/elchos/stats.nix b/2configs/elchos/stats.nix index 2036b391f..12cce0507 100644 --- a/2configs/elchos/stats.nix +++ b/2configs/elchos/stats.nix @@ -4,7 +4,7 @@ # graphite-web on port 8080 # carbon cache on port 2003 (tcp/udp) -with import <stockholm/lib>; +with pkgs.stockholm.lib; { networking.firewall = { diff --git a/2configs/exim-retiolum.nix b/2configs/exim-retiolum.nix index 1f433ab44..172c5279b 100644 --- a/2configs/exim-retiolum.nix +++ b/2configs/exim-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; { networking.firewall.allowedTCPPorts = [ 25 ]; diff --git a/2configs/filepimp-share.nix b/2configs/filepimp-share.nix index 850d432f3..cd6dc4279 100644 --- a/2configs/filepimp-share.nix +++ b/2configs/filepimp-share.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let hostname = config.krebs.build.host.name; in { diff --git a/2configs/fs/vm-single-partition.nix b/2configs/fs/vm-single-partition.nix index 26908c357..568d21af6 100644 --- a/2configs/fs/vm-single-partition.nix +++ b/2configs/fs/vm-single-partition.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: # vda1 ext4 (label nixos) -> only root partition -with import <stockholm/lib>; +with pkgs.stockholm.lib; { imports = [ ./single-partition-ext4.nix diff --git a/2configs/git/cgit-retiolum.nix b/2configs/git/cgit-retiolum.nix index 114febe8b..1fffebd21 100644 --- a/2configs/git/cgit-retiolum.nix +++ b/2configs/git/cgit-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with import <stockholm/lib>; +with pkgs.stockholm.lib; let repos = pub-repos // priv-repos // krebs-repos // connector-repos // krebsroot-repos; diff --git a/2configs/graphite-standalone.nix b/2configs/graphite-standalone.nix index 51c4c9561..1b39c648f 100644 --- a/2configs/graphite-standalone.nix +++ b/2configs/graphite-standalone.nix @@ -2,7 +2,7 @@ # graphite-web on port 8080 # carbon cache on port 2003 (tcp/udp) -with import <stockholm/lib>; +with pkgs.stockholm.lib; { imports = [ ]; diff --git a/2configs/home/metube.nix b/2configs/home/metube.nix index e6008d475..f9ad3ec09 100644 --- a/2configs/home/metube.nix +++ b/2configs/home/metube.nix @@ -1,6 +1,6 @@ { pkgs, lib, ...}: # docker run -d -p 8081:8081 -v /path/to/downloads:/downloads --user 1001:1001 alexta69/metube -with import <stockholm/lib>; +with pkgs.stockholm.lib; let port = "2348"; dl-dir = "/media/cryptX/youtube/music"; diff --git a/2configs/home/photoprism.nix b/2configs/home/photoprism.nix index 2f8a86430..096ad2979 100644 --- a/2configs/home/photoprism.nix +++ b/2configs/home/photoprism.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ...}: +{ pkgs, config, lib, ...}: # Start | docker-compose up -d # Stop | docker-compose stop # Update | docker-compose pull @@ -19,9 +19,9 @@ let statedir = "/media/cryptX/lib/photoprism/appsrv"; db-dir = "/media/cryptX/lib/photoprism/mysql"; internal-ip = "192.168.111.11"; - sec = import <secrets/photoprism.nix>; in { + sops.secrets."photoprism/envfile" = {}; virtualisation.oci-containers.backend = "docker"; services.nginx.virtualHosts."photos" = { @@ -80,8 +80,6 @@ in PHOTOPRISM_DETECT_NSFW = "false"; # Flag photos as private that MAY be offensive (requires TensorFlow) PHOTOPRISM_UPLOAD_NSFW = "true"; # Allow uploads that MAY be offensive PHOTOPRISM_AUTH_MODE = "password"; - PHOTOPRISM_ADMIN_USER = "admin"; - PHOTOPRISM_ADMIN_PASSWORD = "admin"; #PHOTOPRISM_DATABASE_DRIVER = "postgres"; #PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432"; @@ -92,8 +90,6 @@ in PHOTOPRISM_DATABASE_DRIVER= "mysql"; # Use MariaDB (or MySQL) instead of SQLite for improved performance PHOTOPRISM_DATABASE_SERVER= "mysql-photoprism:3306" ; # MariaDB database server (hostname:port) PHOTOPRISM_DATABASE_NAME= "photoprism"; # MariaDB database schema name - PHOTOPRISM_DATABASE_USER= sec.db.username; # MariaDB database user name - PHOTOPRISM_DATABASE_PASSWORD= sec.db.password; # MariaDB database user password PHOTOPRISM_SITE_URL = "http://localhost:2342/"; # Public PhotoPrism URL PHOTOPRISM_SITE_TITLE = "PhotoPrism"; @@ -122,11 +118,11 @@ in # "--innodb-lock-wait-timeout=50" #]; volumes= [ "${db-dir}:/var/lib/mysql" ]; + environmentFiles = [ + config.sops.secrets."photoprism/envfile".path + ]; environment = { - MYSQL_ROOT_PASSWORD = "dickidibutt"; MYSQL_DATABASE= "photoprism"; - MYSQL_USER = sec.db.username; - MYSQL_PASSWORD = sec.db.password; }; }; #virtualisation.oci-containers.containers.postgres-prism = { diff --git a/2configs/home/zigbee2mqtt/default.nix b/2configs/home/zigbee2mqtt/default.nix index 8bb8a929b..ca68a1548 100644 --- a/2configs/home/zigbee2mqtt/default.nix +++ b/2configs/home/zigbee2mqtt/default.nix @@ -2,11 +2,14 @@ let dataDir = "/var/lib/zigbee2mqtt"; - sec = import <secrets/zigbee2mqtt.nix>; internal-ip = "192.168.111.11"; webport = 8521; in - { +{ + sops.secrets."zigbee2mqtt" = { + owner = "zigbee2mqtt"; + path = "/var/lib/zigbee2mqtt/configuration.yaml"; + }; # symlink the zigbee controller #services.udev.extraRules = '' # SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dialout" @@ -20,50 +23,6 @@ in services.zigbee2mqtt = { enable = true; inherit dataDir; - settings = { - permit_join = true; - serial.port = "/dev/cc2531"; - homeassistant = true; - mqtt = { - server = "mqtt://omo.lan:1883"; - base_topic = "/ham/zigbee"; - user = sec.mqtt.username; - password = sec.mqtt.password; - include_device_information = true; - client_id = "zigbee2mqtt"; - }; - availability = { - active.timeout = 10; - passive.timeout = 1500; - }; - frontend = { - port = webport; - }; - advanced = { - log_level = "debug"; - log_output = [ "console" ]; - last_seen = "ISO_8601"; - elapsed = true; - pan_id = 6755; - inherit (sec.zigbee) network_key; - }; - map_options.graphviz.colors = { - fill = { - enddevice = "#fff8ce" ; - coordinator = "#e04e5d"; - router = "#4ea3e0"; - }; - font = { - coordinator= "#ffffff"; - router = "#ffffff"; - enddevice = "#000000"; - }; - line = { - active = "#009900"; - inactive = "#994444"; - }; - }; - }; }; services.nginx.recommendedProxySettings = true; diff --git a/2configs/hw/tp-x200.nix b/2configs/hw/tp-x200.nix index f06425aec..d9d30d591 100644 --- a/2configs/hw/tp-x200.nix +++ b/2configs/hw/tp-x200.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; { imports = [ ./tp-x2x0.nix ]; diff --git a/2configs/lanparty/lancache-dns.nix b/2configs/lanparty/lancache-dns.nix index c9da7c4c4..92dae1c7b 100644 --- a/2configs/lanparty/lancache-dns.nix +++ b/2configs/lanparty/lancache-dns.nix @@ -1,5 +1,5 @@ { pkgs, lib, config, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let upstream-server = "8.8.8.8"; # make sure the router pins the ip address to the deployed host diff --git a/2configs/lanparty/lancache.nix b/2configs/lanparty/lancache.nix index bcacf2e15..a0c30016b 100644 --- a/2configs/lanparty/lancache.nix +++ b/2configs/lanparty/lancache.nix @@ -1,5 +1,5 @@ { pkgs, lib, config, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let # see https://github.com/zeropingheroes/lancache for full docs lancache= pkgs.stdenv.mkDerivation rec { diff --git a/2configs/mail-client.nix b/2configs/mail-client.nix index e08aadc5e..ff8fc053a 100644 --- a/2configs/mail-client.nix +++ b/2configs/mail-client.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; { environment.systemPackages = with pkgs; [ abook diff --git a/2configs/mattermost-docker.nix b/2configs/mattermost-docker.nix index a887a6a8f..0957036a2 100644 --- a/2configs/mattermost-docker.nix +++ b/2configs/mattermost-docker.nix @@ -1,6 +1,6 @@ {config, lib, ...}: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let sec = toString <secrets>; ssl_cert = "${sec}/wildcard.krebsco.de.crt"; diff --git a/2configs/minimal.nix b/2configs/minimal.nix index e24eae61b..bc739bbf6 100644 --- a/2configs/minimal.nix +++ b/2configs/minimal.nix @@ -7,7 +7,7 @@ # the only true timezone (even after the the removal of DST) time.timeZone = "Europe/Berlin"; - # networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name; + networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name; # we use gpg if necessary (or nothing at all) programs.ssh.startAgent = false; diff --git a/2configs/nginx/euer.blog.nix b/2configs/nginx/euer.blog.nix index 24696adf2..67150edfc 100644 --- a/2configs/nginx/euer.blog.nix +++ b/2configs/nginx/euer.blog.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let sec = toString <secrets>; hostname = config.krebs.build.host.name; diff --git a/2configs/nginx/euer.mon.nix b/2configs/nginx/euer.mon.nix index c9db15b73..daa745cf2 100644 --- a/2configs/nginx/euer.mon.nix +++ b/2configs/nginx/euer.mon.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let hostname = config.krebs.build.host.name; user = config.services.nginx.user; diff --git a/2configs/nginx/euer.test.nix b/2configs/nginx/euer.test.nix index 40c376130..519276dd0 100644 --- a/2configs/nginx/euer.test.nix +++ b/2configs/nginx/euer.test.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let hostname = config.krebs.build.host.name; user = config.services.nginx.user; diff --git a/2configs/nginx/euer.wiki.nix b/2configs/nginx/euer.wiki.nix index a925b9f78..bd1744325 100644 --- a/2configs/nginx/euer.wiki.nix +++ b/2configs/nginx/euer.wiki.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let sec = toString <secrets>; ext-dom = "wiki.euer.krebsco.de"; diff --git a/2configs/nginx/gold.krebsco.de.nix b/2configs/nginx/gold.krebsco.de.nix index 083c0f8d7..af467c94b 100644 --- a/2configs/nginx/gold.krebsco.de.nix +++ b/2configs/nginx/gold.krebsco.de.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let gold = pkgs.fetchFromGitHub { owner = "krebs"; diff --git a/2configs/nginx/gum.krebsco.de.nix b/2configs/nginx/gum.krebsco.de.nix index 3e96e6826..f722542a1 100644 --- a/2configs/nginx/gum.krebsco.de.nix +++ b/2configs/nginx/gum.krebsco.de.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let in { services.nginx = { diff --git a/2configs/nginx/icecult.nix b/2configs/nginx/icecult.nix index e817e55d8..4c7af7d91 100644 --- a/2configs/nginx/icecult.nix +++ b/2configs/nginx/icecult.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let icecult = pkgs.fetchFromGitHub { diff --git a/2configs/nginx/public_html.nix b/2configs/nginx/public_html.nix index 676d1f110..167a47776 100644 --- a/2configs/nginx/public_html.nix +++ b/2configs/nginx/public_html.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; { services.nginx = { diff --git a/2configs/nginx/rompr.nix b/2configs/nginx/rompr.nix index c7dc3ff17..b7a74048e 100644 --- a/2configs/nginx/rompr.nix +++ b/2configs/nginx/rompr.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let user = config.services.nginx.user; group = config.services.nginx.group; diff --git a/2configs/nginx/update.connector.one.nix b/2configs/nginx/update.connector.one.nix index 44345dcd8..dbbed03fc 100644 --- a/2configs/nginx/update.connector.one.nix +++ b/2configs/nginx/update.connector.one.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; { services.nginx = { enable = mkDefault true; diff --git a/2configs/nsupdate-data.nix b/2configs/nsupdate-data.nix index 3b6518f60..c10916f8d 100644 --- a/2configs/nsupdate-data.nix +++ b/2configs/nsupdate-data.nix @@ -2,7 +2,7 @@ # search also generates ddclient entries for all other logs -with import <stockholm/lib>; +with pkgs.stockholm.lib; let #primary-itf = "eth0"; #primary-itf = "wlp2s0"; diff --git a/2configs/sabnzbd.nix b/2configs/sabnzbd.nix index 90a9f284f..f05042756 100644 --- a/2configs/sabnzbd.nix +++ b/2configs/sabnzbd.nix @@ -1,6 +1,6 @@ { pkgs, config, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let web-port = 8080; in { diff --git a/2configs/shack/events-publisher/default.nix b/2configs/shack/events-publisher/default.nix index 964e5ccbb..0dcc49aed 100644 --- a/2configs/shack/events-publisher/default.nix +++ b/2configs/shack/events-publisher/default.nix @@ -1,5 +1,5 @@ { pkgs, ... }: -with import <stockholm/lib>; +with pkgs.stockholm.lib; let shack-announce = pkgs.callPackage (builtins.fetchTarball { url = "https://github.com/makefu/events-publisher/archive/419afdfe16ebf7f2360d2ba64b67ca88948832bd.tar.gz"; diff --git a/2configs/share/anon-sftp.nix b/2configs/share/anon-sftp.ni |