changes

2024-06-10 18:52:00 +02:00
parent 5d0827848e
commit 45f1713443
12 changed files with 79 additions and 23 deletions
--- a/hosts/fw.cloonar.com/channel
+++ b/hosts/fw.cloonar.com/channel
@@ -0,0 +1 @@
+https://channels.nixos.org/nixos-24.05
--- a/hosts/fw.cloonar.com/modules/unbound.nix
+++ b/hosts/fw.cloonar.com/modules/unbound.nix
@@ -69,6 +69,7 @@ let
        "\"upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110\""
        "\"upgrade-staging.wienbautvor.at IN A 10.254.240.110\""
        "\"upgrade-staging.wienwohntbesser.at IN A 10.254.240.110\""
+        "\"conf.wrwks.at IN A 10.254.240.105\""

        "\"deconz.cloonar.multimedia IN A 10.42.97.22\""
        "\"metz.cloonar.multimedia IN A 10.42.99.10\""
--- a/hosts/mail.cloonar.com/channel
+++ b/hosts/mail.cloonar.com/channel
@@ -0,0 +1 @@
+https://channels.nixos.org/nixos-24.05
--- a/hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua
+++ b/hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua
@@ -0,0 +1,2 @@
+vim.api.nvim_set_keymap('i', '<M-CR>', 'copilot#Accept("<CR>")', { expr=true, noremap = true, silent = true })
+vim.g.copilot_no_tab_map = true
--- a/hosts/nb-01.cloonar.com/modules/nvim/default.nix
+++ b/hosts/nb-01.cloonar.com/modules/nvim/default.nix
@@ -65,6 +65,7 @@
          luaConfig = builtins.concatStringsSep "\n" (map luaRequire [
            "init"
            "keymappings"
+            "copilot"
            "icons"
            "lspconfig"
            "nvim-cmp"
--- a/hosts/nb-01.cloonar.com/modules/sway/sway.nix
+++ b/hosts/nb-01.cloonar.com/modules/sway/sway.nix
@@ -60,7 +60,7 @@ in {
      freecad
      openscad

-      dbeaver-bin
+
      dbus-sway-environment
      ddev
      dracula-theme
--- a/hosts/web-01.cloonar.com/channel
+++ b/hosts/web-01.cloonar.com/channel
@@ -0,0 +1 @@
+https://channels.nixos.org/nixos-24.05
--- a/hosts/web-01.cloonar.com/configuration.nix
+++ b/hosts/web-01.cloonar.com/configuration.nix
@@ -4,6 +4,7 @@
    ./utils/modules/sops.nix
    ./utils/modules/lego/lego.nix

+
    ./modules/mysql.nix
    ./utils/modules/nginx.nix
    ./modules/bitwarden
@@ -39,16 +40,13 @@
    # ./sites/tandem.paraclub.at.nix
    # ./sites/module.paraclub.at.nix

-    # ./sites/api.optiprot.cloonar.dev.nix
    ./sites/cloonar.dev.nix
    ./sites/paraclub.cloonar.dev.nix
    ./sites/api.paraclub.cloonar.dev.nix
    ./sites/tandem.paraclub.cloonar.dev.nix
    ./sites/module.paraclub.cloonar.dev.nix
    ./sites/gbv-aktuell.cloonar.dev.nix
-    # ./sites/optiprot.cloonar.dev.nix
-    # ./sites/mehr-leistbaren-wohnraum-schaffen.at.nix
-    # ./sites/mehr-leistbaren-wohnraum-schaffen.cloonar.dev.nix
+    ./sites/stage.myhidden.life.nix
  ];

  nixpkgs.config.permittedInsecurePackages = [
--- a/hosts/web-01.cloonar.com/modules/grafana.nix
+++ b/hosts/web-01.cloonar.com/modules/grafana.nix
@@ -90,14 +90,10 @@ in
    locations."/".extraConfig = "proxy_pass http://localhost:3001;";
  };

-  # TODO: fix for nixos 24.05
  services.postgresql.ensureUsers = [
    {
      name = "grafana";
-      ensurePermissions = {
-        "DATABASE \"grafana\"" = "ALL PRIVILEGES";
-        "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
-      };
+      ensureDBOwnership = true;
    }
  ];
  services.postgresql.ensureDatabases = [ "grafana" ];
--- a/hosts/web-01.cloonar.com/modules/loki.nix
+++ b/hosts/web-01.cloonar.com/modules/loki.nix
@@ -46,13 +46,22 @@ in
        };
        chunk_encoding = "snappy";
        # Disable block transfers on shutdown
-        max_transfer_retries = 0;
      };

      # Storage
      storage_config = {
        boltdb.directory = "/var/lib/loki/boltdb";
+        boltdb_shipper = {
+          active_index_directory = "/var/lib/loki/index";
+          cache_location = "/var/lib/loki/boltdb-cache";
+        };
+        tsdb_shipper = {
+          active_index_directory = "/var/lib/loki/tsdb-index";
+          cache_location = "/var/lib/loki/tsdb-cache";
+
+        };
        filesystem.directory = "/var/lib/loki/storage";
+
      };

      limits_config.retention_period = "48h";
@@ -67,15 +76,26 @@ in
        retention_enabled = true;
        compaction_interval = "10m";
        working_directory = "/var/lib/loki/compactor";
+        retention_delete_delay = "2h";
+        retention_delete_worker_count = 150;
+        delete_request_store = "filesystem";
      };

      # Schema
      schema_config.configs = [
        {
          from = "2020-11-08";
-          store = "boltdb";
+          store = "boltdb-shipper";
          object_store = "filesystem";
-          schema = "v11";
+          schema = "v13";
+          index.prefix = "index_";
+          index.period = "24h";
+        }
+        {
+          from = "2024-04-01";
+          store = "tsdb";
+          object_store = "filesystem";
+          schema = "v13";
          index.prefix = "index_";
          index.period = "24h";
        }
@@ -83,15 +103,15 @@ in

      limits_config.ingestion_burst_size_mb = 16;

-      ruler = {
-        storage = {
-          type = "local";
-          local.directory = rulerDir;
-        };
-        rule_path = "/var/lib/loki/ruler";
-        alertmanager_url = "http://alertmanager.cloonar.com";
-        ring.kvstore.store = "inmemory";
-      };
+      # ruler = {
+      #   storage = {
+      #     type = "local";
+      #     local.directory = rulerDir;
+      #   };
+      #   rule_path = "/var/lib/loki/ruler";
+      #   alertmanager_url = "http://alertmanager.cloonar.com";
+      #   ring.kvstore.store = "inmemory";
+      # };

      query_range.cache_results = true;
      query_range.parallelise_shardable_queries = false;
--- a/hosts/web-01.cloonar.com/sites/stage.myhidden.life.nix
+++ b/hosts/web-01.cloonar.com/sites/stage.myhidden.life.nix
@@ -0,0 +1,35 @@
+{ pkgs, lib, config, ... }:
+{
+  services.webstack.instances."stage.myhidden.life" = {
+    enableDefaultLocations = false;
+    enableMysql = true;
+    authorizedKeys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmLPJoHwL+d7dnc3aFLbRCDshxRSQ0dtAVv/LYBn2/PBlZcIyVO9drjr702GL9QuS5DQyjtoZjSOvv1ykBKedUwY3XDyyZgtqjleojKIFMXkdXtD5iG+RUraUfzcFCZU12BYXSeAXK1HmIjSDUtDOlp6lVVWxNpz1vWSRtA/+PULhP+n5Cj7232Wf372+EPfQPntOlcMbyrDLFtj7cUz+E6BH0qdX0l3QtIVnK/C1iagPAwLcwPJd9Sfs8lj5C4g8T9uBJa6OX+87lE4ySYY+Cik9BN59S0ctjXvWCFsPO3udQSC1mf33XdDenc2mbi+lZWTfrN8S2K5CsbxRsVBlbapFBRwufEpN4iQnaTu1QmzDrmktBFAPJ2jvjBJPIx6W3KOy3kUwh9WNhzd/ubf9dFTHzkTzgluo/Zk6/S8fTJiA4rbYKSkLw9Y265bvtR1kfUBLKSa/Axe5dkKysX1RNKfTJEwbh2TfIS3apQPZZc5kIEWfeK/6kbQX7WJZFtTs="
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW5N11DiAUBfjPFCcFX3CRzF6zAWD2sxMC1+IGC73/2"
+    ];
+    extraConfig = ''
+      add_header X-Frame-Options "SAMEORIGIN";
+      add_header X-Content-Type-Options "nosniff";
+
+      index index.php
+
+      charset utf-8;
+
+      error_page 404 /index.php;
+    '';
+    locations."/favicon.ico".extraConfig = ''
+      log_not_found off;
+      access_log off;
+    '';
+    locations."/robots.txt".extraConfig = ''
+      access_log off;
+      log_not_found off;
+    '';
+
+    locations."/".extraConfig = ''
+      try_files $uri $uri/ /index.php$is_args$args;
+    '';
+    phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
+      enabled ++ [ all.imagick ]);
+  };
+}
--- a/utils/modules/autoupgrade.nix
+++ b/utils/modules/autoupgrade.nix
@@ -3,5 +3,5 @@
 {
  system.autoUpgrade.enable = true;
  system.autoUpgrade.allowReboot = false;
-  system.autoUpgrade.channel = "https://channels.nixos.org/nixos-23.11";
+  system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.05";
 }