From 32b3011efdba76140e9d40f37b538756ffd4da46 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Sun, 23 Mar 2025 16:10:42 +0100 Subject: [PATCH 1/9] Switch back to nixos-mailserver main --- flake.lock | 5 ++--- flake.nix | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a0815531..efa8dde9 100644 --- a/flake.lock +++ b/flake.lock @@ -361,14 +361,13 @@ "locked": { "lastModified": 1742413977, "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=", - "owner": "yu-re-ka", + "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", "rev": "b4fbffe79c00f19be94b86b4144ff67541613659", "type": "gitlab" }, "original": { - "owner": "yu-re-ka", - "ref": "dovecot2-modules", + "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index f90d5d3b..9c7f5934 100644 --- a/flake.nix +++ b/flake.nix @@ -69,7 +69,7 @@ }; }; nixos-mailserver = { - url = "gitlab:yu-re-ka/nixos-mailserver/dovecot2-modules"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; inputs.nixpkgs.follows = "nixpkgs"; }; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; From 49a4a19c751bde1c8375f16ae9bb9c0c9defbbb9 Mon Sep 17 00:00:00 2001 From: CharBOTte Date: Sun, 23 Mar 2025 16:52:09 +0000 Subject: [PATCH 2/9] Update dependencies --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index efa8dde9..ad16bfa6 100644 --- a/flake.lock +++ b/flake.lock @@ -139,11 +139,11 @@ ] }, "locked": { - "lastModified": 1742595055, - "narHash": "sha256-cEetDber6LF8W4ThmRc4rwKs/o8y2GH0pUdX7e6CnAQ=", + "lastModified": 1742741935, + "narHash": "sha256-ZCNvPYWkL9hxzgWn1gmYCZItqBU4ujsWjwWNpcwCjfQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "e9f41de2a81f04390afd106959adf352a207628f", + "rev": "ebb88c3428dcdd95c06dca4d49b9791a65ab777b", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1742721191, - "narHash": "sha256-TPIHB+dW1SXBkL/KBVdgzOWz59CGYcX/yKk1/tEmxdE=", + "lastModified": 1742746894, + "narHash": "sha256-aQWTB6oW33NWrPqd7D+K5ZW7hpz9d5ktskNjAPXKOYY=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "f42d70c2f52e2e1da8e6cdd0fb1a5a1485e51a5e", + "rev": "9452615e48e59a0230689d652fbd4577f8196439", "type": "github" }, "original": { @@ -276,11 +276,11 @@ ] }, "locked": { - "lastModified": 1742740113, - "narHash": "sha256-0FpSJtQ6rlBg/5ywpXw4CFzE+27rlZWj3GSx8QvyONM=", + "lastModified": 1742744903, + "narHash": "sha256-qd2uiGol/kb9Dk0vgOOLBl9VsycG0VfteM78OduFl2Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "b61ae3b677a07c30cf6be5233e772b97a3a8b2fb", + "rev": "5ff90f09d1bd189b722e60798513724cdd3580b6", "type": "github" }, "original": { @@ -444,11 +444,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1742740271, - "narHash": "sha256-lvHGAYLICWYt7yLTZYtN7zXsanTYl8G/npxcwe3UPNw=", + "lastModified": 1742748143, + "narHash": "sha256-tSkSeKotw3OF2X4radGblFMUT9jngeH7Jfggo+9IzUc=", "owner": "nix-community", "repo": "NUR", - "rev": "d5e510e8b40bc20a1082a1f419161310bead3238", + "rev": "e1122e9df149e70316ed8c27e43d4a528bf96667", "type": "github" }, "original": { From a4d51b63c9bd896bf20b099be0ece53ce8811a89 Mon Sep 17 00:00:00 2001 From: CharBOTte Date: Sun, 23 Mar 2025 20:50:19 +0000 Subject: [PATCH 3/9] Update dependencies --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index ad16bfa6..3bebebe2 100644 --- a/flake.lock +++ b/flake.lock @@ -184,11 +184,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1742746894, - "narHash": "sha256-aQWTB6oW33NWrPqd7D+K5ZW7hpz9d5ktskNjAPXKOYY=", + "lastModified": 1742750000, + "narHash": "sha256-03p4sJr5edbuXd5AkoUTr46co5+/B4APV/Sbv/hoDHk=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "9452615e48e59a0230689d652fbd4577f8196439", + "rev": "7ea1ac244572b6186965d15ef05ec5d466aac1ea", "type": "github" }, "original": { @@ -444,11 +444,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1742748143, - "narHash": "sha256-tSkSeKotw3OF2X4radGblFMUT9jngeH7Jfggo+9IzUc=", + "lastModified": 1742751914, + "narHash": "sha256-G//YHkdXeW8I8SjhANbTFgmAaUvb0n2qeLcs+KKsQdE=", "owner": "nix-community", "repo": "NUR", - "rev": "e1122e9df149e70316ed8c27e43d4a528bf96667", + "rev": "57e0d726d3d7b3543ab743eadd09aad608e1aa6e", "type": "github" }, "original": { From c43c5ccdcb514653d94a1d0c27a91f35dcbe8f4d Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Wed, 26 Mar 2025 09:28:21 +0100 Subject: [PATCH 4/9] Use lixFromNixpkgs overlay for lix --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 9c7f5934..387edaca 100644 --- a/flake.nix +++ b/flake.nix @@ -129,7 +129,7 @@ www-chvp-be.overlays.default ]; commonModules = [ - lix-module.nixosModules.default # Even though it's a "nixosModule" it's actually compatible with Darwin as well + lix-module.nixosModules.lixFromNixpkgs # Even though it's a "nixosModule" it's actually compatible with Darwin as well ./modules/shared ]; nixosModules = [ From 2368267e904cb77306f96d58ee606538fc250e77 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Wed, 26 Mar 2025 20:55:26 +0100 Subject: [PATCH 5/9] Enable mumble server --- machines/marabethia/default.nix | 1 + machines/marabethia/hardware.nix | 4 ++++ modules/nixos/services/default.nix | 1 + modules/nixos/services/mumble/default.nix | 21 +++++++++++++++++++++ secrets.nix | 2 ++ secrets/passwords/services/murmur.age | 10 ++++++++++ 6 files changed, 39 insertions(+) create mode 100644 modules/nixos/services/mumble/default.nix create mode 100644 secrets/passwords/services/murmur.age diff --git a/machines/marabethia/default.nix b/machines/marabethia/default.nix index db92865e..562ddcaf 100644 --- a/machines/marabethia/default.nix +++ b/machines/marabethia/default.nix @@ -91,6 +91,7 @@ git.enable = true; mail.enable = true; matrix.enable = true; + mumble.enable = true; nextcloud.enable = true; nginx.hosts = [ { diff --git a/machines/marabethia/hardware.nix b/machines/marabethia/hardware.nix index f7fe8faf..a8e541b9 100644 --- a/machines/marabethia/hardware.nix +++ b/machines/marabethia/hardware.nix @@ -65,6 +65,10 @@ device = "zroot/safe/services/forgejo"; fsType = "zfs"; }; + "/var/lib/murmur" = { + device = "zroot/local/services/murmur"; + fsType = "zfs"; + }; "/var/vmail" = { device = "zroot/safe/services/mail"; fsType = "zfs"; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 8c23dda0..d52b4cae 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -8,6 +8,7 @@ ./git ./mail ./matrix + ./mumble ./nextcloud ./nginx ./torrents diff --git a/modules/nixos/services/mumble/default.nix b/modules/nixos/services/mumble/default.nix new file mode 100644 index 00000000..23228eab --- /dev/null +++ b/modules/nixos/services/mumble/default.nix @@ -0,0 +1,21 @@ +{ config, pkgs, lib, ... }: + +{ + options.chvp.services.mumble.enable = lib.mkOption { + default = false; + example = true; + }; + + + config = lib.mkIf config.chvp.services.mumble.enable { + services.murmur = { + enable = true; + openFirewall = true; + password = "$MURMURD_PASSWORD"; + }; + age.secrets."passwords/services/murmur" = { + file = ../../../../secrets/passwords/services/murmur.age; + owner = "murmur"; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index b2af858e..a82ecdca 100644 --- a/secrets.nix +++ b/secrets.nix @@ -66,6 +66,8 @@ in "secrets/passwords/services/git/mail-password.age".publicKeys = [ marabethia ] ++ users; "secrets/passwords/services/git/token-file.age".publicKeys = [ elendel ] ++ users; + "secrets/passwords/services/murmur.age".publicKeys = [ marabethia ] ++ users; + "secrets/passwords/services/nextcloud-admin.age".publicKeys = [ marabethia ] ++ users; "secrets/passwords/services/data-basic-auth.age".publicKeys = [ elendel ] ++ users; diff --git a/secrets/passwords/services/murmur.age b/secrets/passwords/services/murmur.age new file mode 100644 index 00000000..8d4b6db9 --- /dev/null +++ b/secrets/passwords/services/murmur.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 9+Fe5A XyJjsUUO2h7f++xRBDG49iHLxFxuR9acUOwa9+/1DBU +RRgrX0Vzyvah+bZXIvyYJizEx6YoAn2IahJlTqRjCYc +-> ssh-ed25519 s9rb8g D9Pms7pInTp1a2XzkjnxM1YX9hM+yDfHGfn2vrbIPDs +SLG08eiFDMSO2hegu/aSrWdUW6FfIp3AIY3i0oy9CBE +-> ssh-ed25519 +xxExQ MziN/GpIcgNK8kI8ZXvmLBY7kEhG/JJu9zxv1Aj/mx4 +qgwxeoeXNTvTXiJ9niZg6xbbZ2GspyCZTgTYpN7zkL0 +--- v9mX4yRYWvCIj/tIfM6i3gLmZUWpm+Yj+ks1ecasgDM +eGO*K^ˣ)t1f +ՒRVDR*n6|EE4)IY \ No newline at end of file From 4be71f7de68191fd10e30412d76912527b8120cd Mon Sep 17 00:00:00 2001 From: CharBOTte Date: Thu, 27 Mar 2025 06:54:04 +0000 Subject: [PATCH 6/9] Update dependencies --- flake.lock | 62 +++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 3bebebe2..ad41f752 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1742633756, - "narHash": "sha256-sZW/LHBFev9b2BZljlAKKb88JsDx0ebtd+hSZHCxY+4=", + "lastModified": 1742985972, + "narHash": "sha256-RQ283gaz2bxCNaY+8CJZURYL0gJSLT+da7wSYmxYR10=", "owner": "accentor", "repo": "api", - "rev": "12844b427f1c2f8a1b92adba51bae84530b7fcd0", + "rev": "37f102a1a7792aaf3b61165ca169e8a16792c7c1", "type": "github" }, "original": { @@ -74,11 +74,11 @@ ] }, "locked": { - "lastModified": 1742633842, - "narHash": "sha256-0LjEDL0HMgZ0vwqL0JEwPX1lTVVenzEsbBEr5oCbz7s=", + "lastModified": 1742986115, + "narHash": "sha256-zOijWG+HRfg4okuwvgulTgqS6OosD/jqmqmQOfLGou0=", "owner": "accentor", "repo": "web", - "rev": "3c63be693318dff9a2e0d9bdf686b604e9160d43", + "rev": "204b53502032355dbdea0adbc3ddb601863fe3c5", "type": "github" }, "original": { @@ -139,11 +139,11 @@ ] }, "locked": { - "lastModified": 1742741935, - "narHash": "sha256-ZCNvPYWkL9hxzgWn1gmYCZItqBU4ujsWjwWNpcwCjfQ=", + "lastModified": 1742869675, + "narHash": "sha256-rgwUZJZVztaNYPTsf6MIqirPL5r2JTMMyHuzk1ezyYk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "ebb88c3428dcdd95c06dca4d49b9791a65ab777b", + "rev": "bb81755a3674951724d79b8cba6bbff01409d44d", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1742750000, - "narHash": "sha256-03p4sJr5edbuXd5AkoUTr46co5+/B4APV/Sbv/hoDHk=", + "lastModified": 1743057265, + "narHash": "sha256-p5LFxNbAwqt0DgulXaKnLnKXz0FXjyXlhmPP+zDX9Mc=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "7ea1ac244572b6186965d15ef05ec5d466aac1ea", + "rev": "3c71542fc0dd16002a5336767c1a9e0d10a3a746", "type": "github" }, "original": { @@ -276,11 +276,11 @@ ] }, "locked": { - "lastModified": 1742744903, - "narHash": "sha256-qd2uiGol/kb9Dk0vgOOLBl9VsycG0VfteM78OduFl2Y=", + "lastModified": 1742996658, + "narHash": "sha256-snxgTLVq6ooaD3W3mPHu7LVWpoZKczhxHAUZy2ea4oA=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ff90f09d1bd189b722e60798513724cdd3580b6", + "rev": "693840c01b9bef9e54100239cef937e53d4661bf", "type": "github" }, "original": { @@ -374,11 +374,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742422364, - "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", + "lastModified": 1742889210, + "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", + "rev": "698214a32beb4f4c8e3942372c694f40848b360d", "type": "github" }, "original": { @@ -421,11 +421,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1742512142, - "narHash": "sha256-8XfURTDxOm6+33swQJu/hx6xw1Tznl8vJJN5HwVqckg=", + "lastModified": 1742751704, + "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7105ae3957700a9646cc4b766f5815b23ed0c682", + "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", "type": "github" }, "original": { @@ -444,11 +444,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1742751914, - "narHash": "sha256-G//YHkdXeW8I8SjhANbTFgmAaUvb0n2qeLcs+KKsQdE=", + "lastModified": 1743053172, + "narHash": "sha256-LNjMhRFqWouMltiniW/6OgurfjxKqeS4QW64K7I+qdA=", "owner": "nix-community", "repo": "NUR", - "rev": "57e0d726d3d7b3543ab743eadd09aad608e1aa6e", + "rev": "c8dc3e94a8b2ce71a2d5539158220a7bfa405839", "type": "github" }, "original": { @@ -507,11 +507,11 @@ ] }, "locked": { - "lastModified": 1742523106, - "narHash": "sha256-MC2qdq9wp+MKNzIJ+wc3w6dhFZ1CWV8oo1FArjcb9TQ=", + "lastModified": 1742985818, + "narHash": "sha256-32n52OiAuf40VtjqKAUtWlIkE6O7zMVMiCJRFu1QXi4=", "owner": "chvp", "repo": "tetris", - "rev": "5d3ef8c91cd1dc8bf5e33f8ed47c7f75c05b2548", + "rev": "e7ab5cd51385ad09807fbc44f519d6045b7ec76c", "type": "github" }, "original": { @@ -557,11 +557,11 @@ ] }, "locked": { - "lastModified": 1742520959, - "narHash": "sha256-XI8tnbuFR+ZHGcqBQxyerb/M4pzoXgtp4Qoc2RXSUzg=", + "lastModified": 1742985351, + "narHash": "sha256-Fgy7qd1QxVL2nse9WUvhTgLmtDdsT25lGVntsrQ+YCo=", "ref": "refs/heads/main", - "rev": "e209c92e435232e3d6e23917df17ffb9cbd2492b", - "revCount": 98, + "rev": "0ba0f88a6e3613c7dd776ab31bd62dc107dc3a0e", + "revCount": 100, "type": "git", "url": "https://git.chvp.be/chvp/www.chvp.be" }, From 08a58e3f88da04cb322315d4241506a1cf5565c8 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Thu, 27 Mar 2025 09:32:43 +0100 Subject: [PATCH 7/9] Configure mumble further --- modules/nixos/services/mumble/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/mumble/default.nix b/modules/nixos/services/mumble/default.nix index 23228eab..4410b3b2 100644 --- a/modules/nixos/services/mumble/default.nix +++ b/modules/nixos/services/mumble/default.nix @@ -10,9 +10,14 @@ config = lib.mkIf config.chvp.services.mumble.enable { services.murmur = { enable = true; + environmentFile = config.age.secrets."passwords/services/murmur".path; openFirewall = true; password = "$MURMURD_PASSWORD"; + sslKey = "${config.security.acme.certs."vanpetegem.me".directory}/key.pem"; + sslCert = "${config.security.acme.certs."vanpetegem.me".directory}/cert.pem"; + sslCa = "${config.security.acme.certs."vanpetegem.me".directory}/chain.pem"; }; + users.users.murmur.extraGroups = [ "acme" ]; age.secrets."passwords/services/murmur" = { file = ../../../../secrets/passwords/services/murmur.age; owner = "murmur"; From aa9cceca550b88bdd583b51e923fa1647a6ecf80 Mon Sep 17 00:00:00 2001 From: CharBOTte Date: Thu, 27 Mar 2025 08:53:58 +0000 Subject: [PATCH 8/9] Update dependencies --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ad41f752..a1cf2034 100644 --- a/flake.lock +++ b/flake.lock @@ -184,11 +184,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1743057265, - "narHash": "sha256-p5LFxNbAwqt0DgulXaKnLnKXz0FXjyXlhmPP+zDX9Mc=", + "lastModified": 1743063724, + "narHash": "sha256-Rc0+3NxNeVcU1uOppQa5lGuVQQNPSKEqGN051iILccc=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "3c71542fc0dd16002a5336767c1a9e0d10a3a746", + "rev": "616ec6ce6e0df878a95ad6884452fd728e8e9386", "type": "github" }, "original": { @@ -421,11 +421,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1742751704, - "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", + "lastModified": 1742937945, + "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", + "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", "type": "github" }, "original": { @@ -444,11 +444,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1743053172, - "narHash": "sha256-LNjMhRFqWouMltiniW/6OgurfjxKqeS4QW64K7I+qdA=", + "lastModified": 1743058919, + "narHash": "sha256-o8Uh5+5DbEuwoaYo1d9G0mLyIQ6LcN4GcWpOvdoZIMY=", "owner": "nix-community", "repo": "NUR", - "rev": "c8dc3e94a8b2ce71a2d5539158220a7bfa405839", + "rev": "28d3daa92d92a61134fba2cddcd85e80d83fc0ad", "type": "github" }, "original": { From 8d4cedfad792efab1fc7544577e36aa189a74e8f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 27 Mar 2025 09:00:40 +0000 Subject: [PATCH 9/9] Update https://github.com/cachix/install-nix-action action to v31 --- .forgejo/workflows/cachix.yml | 2 +- .forgejo/workflows/update.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/cachix.yml b/.forgejo/workflows/cachix.yml index 751f6033..8bbdf9dd 100644 --- a/.forgejo/workflows/cachix.yml +++ b/.forgejo/workflows/cachix.yml @@ -20,7 +20,7 @@ jobs: steps: - uses: actions/checkout@v4 - run: apt update && apt install -y sudo - - uses: https://github.com/cachix/install-nix-action@v30 + - uses: https://github.com/cachix/install-nix-action@v31 with: enable_kvm: false github_access_token: '${{ secrets.ACCESS_TOKEN_GITHUB }}' diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index ddc38c72..d91cc6f4 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -14,7 +14,7 @@ jobs: steps: - uses: actions/checkout@v4 - run: apt update && apt install -y sudo - - uses: https://github.com/cachix/install-nix-action@v30 + - uses: https://github.com/cachix/install-nix-action@v31 with: enable_kvm: false github_access_token: '${{ secrets.ACCESS_TOKEN_GITHUB }}' @@ -40,7 +40,7 @@ jobs: with: name: flake.lock - run: apt update && apt install -y sudo - - uses: https://github.com/cachix/install-nix-action@v30 + - uses: https://github.com/cachix/install-nix-action@v31 with: enable_kvm: false github_access_token: '${{ secrets.ACCESS_TOKEN_GITHUB }}'