diff --git a/hosts/fw.cloonar.com/channel b/hosts/fw.cloonar.com/channel new file mode 100644 index 0000000..425c774 --- /dev/null +++ b/hosts/fw.cloonar.com/channel @@ -0,0 +1 @@ +https://channels.nixos.org/nixos-24.05 diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index c6a84eb..6eab6d3 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -69,6 +69,7 @@ let "\"upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110\"" "\"upgrade-staging.wienbautvor.at IN A 10.254.240.110\"" "\"upgrade-staging.wienwohntbesser.at IN A 10.254.240.110\"" + "\"conf.wrwks.at IN A 10.254.240.105\"" "\"deconz.cloonar.multimedia IN A 10.42.97.22\"" "\"metz.cloonar.multimedia IN A 10.42.99.10\"" diff --git a/hosts/mail.cloonar.com/channel b/hosts/mail.cloonar.com/channel new file mode 100644 index 0000000..425c774 --- /dev/null +++ b/hosts/mail.cloonar.com/channel @@ -0,0 +1 @@ +https://channels.nixos.org/nixos-24.05 diff --git a/hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua b/hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua index e69de29..d2cdc77 100644 --- a/hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua +++ b/hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua @@ -0,0 +1,2 @@ +vim.api.nvim_set_keymap('i', '', 'copilot#Accept("")', { expr=true, noremap = true, silent = true }) +vim.g.copilot_no_tab_map = true diff --git a/hosts/nb-01.cloonar.com/modules/nvim/default.nix b/hosts/nb-01.cloonar.com/modules/nvim/default.nix index 7a6f51b..1cd65b4 100644 --- a/hosts/nb-01.cloonar.com/modules/nvim/default.nix +++ b/hosts/nb-01.cloonar.com/modules/nvim/default.nix @@ -65,6 +65,7 @@ luaConfig = builtins.concatStringsSep "\n" (map luaRequire [ "init" "keymappings" + "copilot" "icons" "lspconfig" "nvim-cmp" diff --git a/hosts/nb-01.cloonar.com/modules/sway/sway.nix b/hosts/nb-01.cloonar.com/modules/sway/sway.nix index 92c90d2..9f2137e 100644 --- a/hosts/nb-01.cloonar.com/modules/sway/sway.nix +++ b/hosts/nb-01.cloonar.com/modules/sway/sway.nix @@ -60,7 +60,7 @@ in { freecad openscad - dbeaver-bin + dbus-sway-environment ddev dracula-theme diff --git a/hosts/web-01.cloonar.com/channel b/hosts/web-01.cloonar.com/channel new file mode 100644 index 0000000..425c774 --- /dev/null +++ b/hosts/web-01.cloonar.com/channel @@ -0,0 +1 @@ +https://channels.nixos.org/nixos-24.05 diff --git a/hosts/web-01.cloonar.com/configuration.nix b/hosts/web-01.cloonar.com/configuration.nix index 16a9c9a..63b7c90 100644 --- a/hosts/web-01.cloonar.com/configuration.nix +++ b/hosts/web-01.cloonar.com/configuration.nix @@ -4,6 +4,7 @@ ./utils/modules/sops.nix ./utils/modules/lego/lego.nix + ./modules/mysql.nix ./utils/modules/nginx.nix ./modules/bitwarden @@ -39,16 +40,13 @@ # ./sites/tandem.paraclub.at.nix # ./sites/module.paraclub.at.nix - # ./sites/api.optiprot.cloonar.dev.nix ./sites/cloonar.dev.nix ./sites/paraclub.cloonar.dev.nix ./sites/api.paraclub.cloonar.dev.nix ./sites/tandem.paraclub.cloonar.dev.nix ./sites/module.paraclub.cloonar.dev.nix ./sites/gbv-aktuell.cloonar.dev.nix - # ./sites/optiprot.cloonar.dev.nix - # ./sites/mehr-leistbaren-wohnraum-schaffen.at.nix - # ./sites/mehr-leistbaren-wohnraum-schaffen.cloonar.dev.nix + ./sites/stage.myhidden.life.nix ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/hosts/web-01.cloonar.com/modules/grafana.nix b/hosts/web-01.cloonar.com/modules/grafana.nix index ca055d3..c8edf0a 100644 --- a/hosts/web-01.cloonar.com/modules/grafana.nix +++ b/hosts/web-01.cloonar.com/modules/grafana.nix @@ -90,14 +90,10 @@ in locations."/".extraConfig = "proxy_pass http://localhost:3001;"; }; - # TODO: fix for nixos 24.05 services.postgresql.ensureUsers = [ { name = "grafana"; - ensurePermissions = { - "DATABASE \"grafana\"" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; services.postgresql.ensureDatabases = [ "grafana" ]; diff --git a/hosts/web-01.cloonar.com/modules/loki.nix b/hosts/web-01.cloonar.com/modules/loki.nix index 0ce4a81..9652286 100644 --- a/hosts/web-01.cloonar.com/modules/loki.nix +++ b/hosts/web-01.cloonar.com/modules/loki.nix @@ -46,13 +46,22 @@ in }; chunk_encoding = "snappy"; # Disable block transfers on shutdown - max_transfer_retries = 0; }; # Storage storage_config = { boltdb.directory = "/var/lib/loki/boltdb"; + boltdb_shipper = { + active_index_directory = "/var/lib/loki/index"; + cache_location = "/var/lib/loki/boltdb-cache"; + }; + tsdb_shipper = { + active_index_directory = "/var/lib/loki/tsdb-index"; + cache_location = "/var/lib/loki/tsdb-cache"; + + }; filesystem.directory = "/var/lib/loki/storage"; + }; limits_config.retention_period = "48h"; @@ -67,15 +76,26 @@ in retention_enabled = true; compaction_interval = "10m"; working_directory = "/var/lib/loki/compactor"; + retention_delete_delay = "2h"; + retention_delete_worker_count = 150; + delete_request_store = "filesystem"; }; # Schema schema_config.configs = [ { from = "2020-11-08"; - store = "boltdb"; + store = "boltdb-shipper"; object_store = "filesystem"; - schema = "v11"; + schema = "v13"; + index.prefix = "index_"; + index.period = "24h"; + } + { + from = "2024-04-01"; + store = "tsdb"; + object_store = "filesystem"; + schema = "v13"; index.prefix = "index_"; index.period = "24h"; } @@ -83,15 +103,15 @@ in limits_config.ingestion_burst_size_mb = 16; - ruler = { - storage = { - type = "local"; - local.directory = rulerDir; - }; - rule_path = "/var/lib/loki/ruler"; - alertmanager_url = "http://alertmanager.cloonar.com"; - ring.kvstore.store = "inmemory"; - }; + # ruler = { + # storage = { + # type = "local"; + # local.directory = rulerDir; + # }; + # rule_path = "/var/lib/loki/ruler"; + # alertmanager_url = "http://alertmanager.cloonar.com"; + # ring.kvstore.store = "inmemory"; + # }; query_range.cache_results = true; query_range.parallelise_shardable_queries = false; diff --git a/hosts/web-01.cloonar.com/sites/stage.myhidden.life.nix b/hosts/web-01.cloonar.com/sites/stage.myhidden.life.nix new file mode 100644 index 0000000..ae0f872 --- /dev/null +++ b/hosts/web-01.cloonar.com/sites/stage.myhidden.life.nix @@ -0,0 +1,35 @@ +{ pkgs, lib, config, ... }: +{ + services.webstack.instances."stage.myhidden.life" = { + enableDefaultLocations = false; + enableMysql = true; + authorizedKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmLPJoHwL+d7dnc3aFLbRCDshxRSQ0dtAVv/LYBn2/PBlZcIyVO9drjr702GL9QuS5DQyjtoZjSOvv1ykBKedUwY3XDyyZgtqjleojKIFMXkdXtD5iG+RUraUfzcFCZU12BYXSeAXK1HmIjSDUtDOlp6lVVWxNpz1vWSRtA/+PULhP+n5Cj7232Wf372+EPfQPntOlcMbyrDLFtj7cUz+E6BH0qdX0l3QtIVnK/C1iagPAwLcwPJd9Sfs8lj5C4g8T9uBJa6OX+87lE4ySYY+Cik9BN59S0ctjXvWCFsPO3udQSC1mf33XdDenc2mbi+lZWTfrN8S2K5CsbxRsVBlbapFBRwufEpN4iQnaTu1QmzDrmktBFAPJ2jvjBJPIx6W3KOy3kUwh9WNhzd/ubf9dFTHzkTzgluo/Zk6/S8fTJiA4rbYKSkLw9Y265bvtR1kfUBLKSa/Axe5dkKysX1RNKfTJEwbh2TfIS3apQPZZc5kIEWfeK/6kbQX7WJZFtTs=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW5N11DiAUBfjPFCcFX3CRzF6zAWD2sxMC1+IGC73/2" + ]; + extraConfig = '' + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + + index index.php + + charset utf-8; + + error_page 404 /index.php; + ''; + locations."/favicon.ico".extraConfig = '' + log_not_found off; + access_log off; + ''; + locations."/robots.txt".extraConfig = '' + access_log off; + log_not_found off; + ''; + + locations."/".extraConfig = '' + try_files $uri $uri/ /index.php$is_args$args; + ''; + phpPackage = pkgs.php82.withExtensions ({ enabled, all }: + enabled ++ [ all.imagick ]); + }; +} diff --git a/utils/modules/autoupgrade.nix b/utils/modules/autoupgrade.nix index d1805a4..7726dfd 100644 --- a/utils/modules/autoupgrade.nix +++ b/utils/modules/autoupgrade.nix @@ -3,5 +3,5 @@ { system.autoUpgrade.enable = true; system.autoUpgrade.allowReboot = false; - system.autoUpgrade.channel = "https://channels.nixos.org/nixos-23.11"; + system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.05"; }