From 0fed21c548da0340a42692233926783e92749952 Mon Sep 17 00:00:00 2001 From: TNE Date: Sat, 18 May 2024 03:50:51 +0200 Subject: [PATCH] chore: feat: Clean up flake, update flake, remove meshcentral, remove meshagent, add pgadmin --- assets/dummy.json | 3 - docs/src/SUMMARY.md | 1 - docs/src/hosts/immortalis.md | 3 +- docs/src/important-links.md | 1 - docs/src/nixos-containers/meshcentral.md | 11 - docs/src/nixos-containers/postgres.md | 1 - flake.lock | 252 +++++------------------ flake.nix | 42 ++-- nixos/hosts/immortalis/containers.nix | 15 -- nixos/hosts/meshcentral.nix | 41 ---- nixos/hosts/postgres.nix | 16 +- nixos/hosts/web-front.nix | 20 +- nixos/modules/common.nix | 10 - nixos/modules/garuda-lib.nix | 2 +- nixos/services/meshagent.nix | 52 ----- nixos/services/services.nix | 1 - secrets | 2 +- 17 files changed, 87 insertions(+), 386 deletions(-) delete mode 100644 docs/src/nixos-containers/meshcentral.md delete mode 100644 nixos/hosts/meshcentral.nix delete mode 100644 nixos/services/meshagent.nix diff --git a/assets/dummy.json b/assets/dummy.json index 433d2f8..1ad004b 100644 --- a/assets/dummy.json +++ b/assets/dummy.json @@ -25,9 +25,6 @@ "chaotic-aur": "abcd-efgh" } }, - "meshcentral": { - "cfaccess-user": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890" - }, "ssh": { "team": { "public": "ssh-ed25519 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 team@garudalinux.org" diff --git a/docs/src/SUMMARY.md b/docs/src/SUMMARY.md index 9ec8ef0..b5a2407 100644 --- a/docs/src/SUMMARY.md +++ b/docs/src/SUMMARY.md @@ -22,7 +22,6 @@ - [github-runner](./nixos-containers/github-runner.md) - [lemmy](./nixos-containers/lemmy.md) - [mastodon](./nixos-containers/mastodon.md) - - [meshcentral](./nixos-containers/meshcentral.md) - [postgres](./nixos-containers/postgres.md) - [repo](./nixos-containers/repo.md) - [temeraire](./nixos-containers/temeraire.md) diff --git a/docs/src/hosts/immortalis.md b/docs/src/hosts/immortalis.md index 16f8954..deb7601 100644 --- a/docs/src/hosts/immortalis.md +++ b/docs/src/hosts/immortalis.md @@ -20,7 +20,6 @@ github-runner container systemd-nspawn nixos 24.05 10.0.5.130 iso-runner container systemd-nspawn nixos 24.05 10.0.5.40 lemmy container systemd-nspawn nixos 24.05 10.0.5.120 mastodon container systemd-nspawn nixos 24.05 10.0.5.80 -meshcentral container systemd-nspawn nixos 24.05 10.0.5.60 postgres container systemd-nspawn nixos 24.05 10.0.5.50 temeraire container systemd-nspawn nixos 24.05 10.0.5.20 web-front container systemd-nspawn nixos 24.05 10.0.5.10 @@ -32,7 +31,7 @@ We are seeing: - 1 reverse proxy serving all the websites and services (`web-front`) - 2 Docker dedicated nspawn containers (`docker` & `docker-proxied`) - 4 Chaotic-AUR builders (`chaotic-kde`, `chaotic-v4`, `github-runner` & `temeraire`) -- 5 app dedicated containers (`forum`, `lemmy`, `mastodon`, `meshcentral` & `postgres`) +- 5 app dedicated containers (`forum`, `lemmy`, `mastodon` & `postgres`) ### Connecting to the server diff --git a/docs/src/important-links.md b/docs/src/important-links.md index 66926b5..24ffaeb 100644 --- a/docs/src/important-links.md +++ b/docs/src/important-links.md @@ -29,7 +29,6 @@ This is a collection of important links when working with the infrastructure: - [Freshstatus](https://garudalinux.freshstatus.io/admin/incidents/public) - [Hetzner Robot](https://accounts.hetzner.com/) - [Matrix Admin](https://matrixadmin.garudalinux.net) -- [Meshcentral](https://mesh.garudalinux.net) - [Netdata](https://app.netdata.cloud) - [Renovate Dashboard](https://developer.mend.io/github/garuda-linux) - [Tailscale](https://login.tailscale.com/) diff --git a/docs/src/nixos-containers/meshcentral.md b/docs/src/nixos-containers/meshcentral.md deleted file mode 100644 index 1f5cae9..0000000 --- a/docs/src/nixos-containers/meshcentral.md +++ /dev/null @@ -1,11 +0,0 @@ -# meshcentral - -## General - -The sole purpose of this container is to provide Meshcentral, which is being used for remote access to our servers. - -## Nix expression - -```nix -{{#include ../../../nixos/hosts/meshcentral.nix}} -``` diff --git a/docs/src/nixos-containers/postgres.md b/docs/src/nixos-containers/postgres.md index 6eaa88f..71d559b 100644 --- a/docs/src/nixos-containers/postgres.md +++ b/docs/src/nixos-containers/postgres.md @@ -8,7 +8,6 @@ This container houses our Postgres database. Multiple servces access it: - Mastodon - Matrix - Matrix bridges -- MeshCentral - WikiJs ## Nix expression diff --git a/flake.lock b/flake.lock index 5583f7d..6be0b4d 100644 --- a/flake.lock +++ b/flake.lock @@ -18,9 +18,7 @@ }, "devshell": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] @@ -55,22 +53,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1606424373, - "narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -78,11 +60,11 @@ ] }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -93,16 +75,14 @@ }, "flake-utils": { "inputs": { - "systems": [ - "systems" - ] + "systems": "systems" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -114,6 +94,7 @@ "gitignore": { "inputs": { "nixpkgs": [ + "pre-commit-hooks", "nixpkgs" ] }, @@ -131,29 +112,6 @@ "type": "github" } }, - "hercules-ci-agent": { - "inputs": { - "flake-compat": "flake-compat_2", - "nix-darwin": "nix-darwin", - "nixos-20_09": "nixos-20_09", - "nixos-unstable": "nixos-unstable", - "pre-commit-hooks-nix": "pre-commit-hooks-nix" - }, - "locked": { - "lastModified": 1638731476, - "narHash": "sha256-9/21mkGXngMIMkY3dKGZUq7UkDRJnKbcimx6SO+QstA=", - "owner": "hercules-ci", - "repo": "hercules-ci-agent", - "rev": "81ad6448f41367c8ec89ee541df54419b24f4c53", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "ref": "stable", - "repo": "hercules-ci-agent", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -161,11 +119,11 @@ ] }, "locked": { - "lastModified": 1714203603, - "narHash": "sha256-eT7DENhYy7EPLOqHI9zkIMD9RvMCXcqh6gGqOK5BWYQ=", + "lastModified": 1715930644, + "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", "owner": "nix-community", "repo": "home-manager", - "rev": "c1609d584a6b5e9e6a02010f51bd368cb4782f8e", + "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", "type": "github" }, "original": { @@ -258,64 +216,6 @@ "url": "https://github.com/xiota.keys" } }, - "meshagent_aarch64": { - "flake": false, - "locked": { - "narHash": "sha256-uosckZolm8bp5Pc8pP8ii5huPRtaziyCuEfdH63WWkA=", - "type": "file", - "url": "https://mesh.garudalinux.org/meshagents?id=26" - }, - "original": { - "type": "file", - "url": "https://mesh.garudalinux.org/meshagents?id=26" - } - }, - "meshagent_x86_64": { - "flake": false, - "locked": { - "narHash": "sha256-hudCG5sGwmwwf2Oijh/9UG02M7w2J9ZAshLB4tJtrCQ=", - "type": "file", - "url": "https://mesh.garudalinux.org/meshagents?id=6" - }, - "original": { - "type": "file", - "url": "https://mesh.garudalinux.org/meshagents?id=6" - } - }, - "nix-darwin": { - "inputs": { - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1634994402, - "narHash": "sha256-xmlCVVOYGpZoxgOqsDOVF0B0ASrnbNGVAEzID9qh2xo=", - "owner": "LnL7", - "repo": "nix-darwin", - "rev": "44da835ac40dab5fd231298b59d83487382d2fab", - "type": "github" - }, - "original": { - "owner": "LnL7", - "repo": "nix-darwin", - "type": "github" - } - }, - "nixos-20_09": { - "locked": { - "lastModified": 1623585158, - "narHash": "sha256-AjK7M1/six8IBPOI28nm7yC2k8mZIR2F9QrOwFYHAS0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "115dbbe82eb4ec8aabf959068286468a68e0b244", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-20.09", - "repo": "nixpkgs", - "type": "github" - } - }, "nixos-mailserver": { "inputs": { "blobs": "blobs", @@ -328,11 +228,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1713012165, - "narHash": "sha256-z/soXKDnz+w4Nw0LkRaM73YqolhSmIYy6cpg1F2ps8I=", + "lastModified": 1714720456, + "narHash": "sha256-e0WFe1BHqX23ADpGBc4ZRu38Mg+GICCZCqyS6EWCbHc=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "9f6635a0351c190179dc6904545f950108a23dd8", + "rev": "41059fc548088e49e3ddb3a2b4faeb5de018e60f", "type": "gitlab" }, "original": { @@ -354,43 +254,41 @@ "url": "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/277016.patch" } }, - "nixos-unstable": { + "nixos-patch-pgadmin": { + "flake": false, "locked": { - "lastModified": 1636800699, - "narHash": "sha256-SwbyVxXffu3G2ulJIbTf0iQfqhbGbdml4Dyv5j9BiAI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2fa862644fc15ecb525eb8cd0a60276f1c340c7c", - "type": "github" + "narHash": "sha256-NOQuACBuiomsJ87V/xtIysm6voiS6ZgUxnUA6+F9yy4=", + "type": "file", + "url": "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/312569.patch" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "file", + "url": "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/312569.patch" } }, "nixpkgs": { "locked": { - "lastModified": 1602411953, - "narHash": "sha256-gbupmxRpoQZqL5NBQCJN2GI5G7XDEHHHYKhVwEj5+Ps=", - "owner": "LnL7", + "lastModified": 1715787315, + "narHash": "sha256-cYApT0NXJfqBkKcci7D9Kr4CBYZKOQKDYA23q8XNuWg=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "f780534ea2d0c12e62607ff254b6b45f46653f7a", + "rev": "33d1e753c82ffc557b4a585c77de43d4c922ebb5", "type": "github" }, "original": { - "id": "nixpkgs", - "type": "indirect" + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1713995372, - "narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=", + "lastModified": 1715668745, + "narHash": "sha256-xp62OkRkbUDNUc6VSqH02jB0FbOS+MsfMb7wL1RJOfA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dd37924974b9202f8226ed5d74a252a9785aedf8", + "rev": "9ddcaffecdf098822d944d4147dd8da30b4e6843", "type": "github" }, "original": { @@ -400,33 +298,12 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1714076141, - "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "pre-commit-hooks": { "inputs": { "flake-compat": [ "flake-compat" ], - "flake-utils": [ - "flake-utils" - ], - "gitignore": [ - "gitignore" - ], + "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" ], @@ -435,27 +312,11 @@ ] }, "locked": { - "lastModified": 1713954846, - "narHash": "sha256-RWFafuSb5nkWGu8dDbW7gVb8FOQOPqmX/9MlxUUDguw=", + "lastModified": 1715870890, + "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "6fb82e44254d6a0ece014ec423cb62d92435336f", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "pre-commit-hooks-nix": { - "flake": false, - "locked": { - "lastModified": 1622650193, - "narHash": "sha256-qSzUpJDv04ajS9FXoCq6NjVF3qOt9IiGIiGh0P8amyw=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "0398f0649e0a741660ac5e8216760bae5cc78579", + "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1", "type": "github" }, "original": { @@ -469,9 +330,6 @@ "devshell": "devshell", "flake-compat": "flake-compat", "flake-parts": "flake-parts", - "flake-utils": "flake-utils", - "gitignore": "gitignore", - "hercules-ci-agent": "hercules-ci-agent", "home-manager": "home-manager", "keys_alexjp": "keys_alexjp", "keys_frank": "keys_frank", @@ -480,11 +338,10 @@ "keys_technetium1": "keys_technetium1", "keys_tne": "keys_tne", "keys_xiota": "keys_xiota", - "meshagent_aarch64": "meshagent_aarch64", - "meshagent_x86_64": "meshagent_x86_64", "nixos-mailserver": "nixos-mailserver", "nixos-patch-nat": "nixos-patch-nat", - "nixpkgs": "nixpkgs_2", + "nixos-patch-pgadmin": "nixos-patch-pgadmin", + "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable", "pre-commit-hooks": "pre-commit-hooks", "src-buildiso": "src-buildiso", @@ -493,8 +350,7 @@ "src-chaotic-toolbox": "src-chaotic-toolbox", "src-cloudflare-ipv4": "src-cloudflare-ipv4", "src-garuda-website": "src-garuda-website", - "src-repoctl": "src-repoctl", - "systems": "systems_2" + "src-repoctl": "src-repoctl" } }, "src-buildiso": { @@ -502,12 +358,15 @@ "locked": { "lastModified": 1714290510, "narHash": "sha256-FdssgjLU++yDisnGTzcz61Gys423ycBGd++riwoadqY=", - "type": "tarball", - "url": "https://gitlab.com/garuda-linux/tools/buildiso-docker/-/archive/master/buildiso-docker-master.tar.gz" + "owner": "garuda-linux", + "repo": "tools%2Fbuildiso-docker", + "rev": "55583999d637d1b6e4103b1d4bd50a4d0c5d4fc1", + "type": "gitlab" }, "original": { - "type": "tarball", - "url": "https://gitlab.com/garuda-linux/tools/buildiso-docker/-/archive/master/buildiso-docker-master.tar.gz" + "owner": "garuda-linux", + "repo": "tools%2Fbuildiso-docker", + "type": "gitlab" } }, "src-chaotic-mirror": { @@ -573,14 +432,17 @@ "src-garuda-website": { "flake": false, "locked": { - "lastModified": 1708105675, - "narHash": "sha256-qsoMxiF0uvBMTBSKurHNCFgkH0ejofKZZBwxHW9Kd4Y=", - "type": "tarball", - "url": "https://gitlab.com/garuda-linux/website/garuda/-/archive/master/garuda-master.tar.gz" + "lastModified": 1715033720, + "narHash": "sha256-leljXBInCZITMyIs5l8zuq8jhVqqtJmvtOZOySyAWnM=", + "owner": "garuda-linux", + "repo": "website%2Fgaruda", + "rev": "b977209acfa9cc3416ea7ab3b04f6ed7091a439e", + "type": "gitlab" }, "original": { - "type": "tarball", - "url": "https://gitlab.com/garuda-linux/website/garuda/-/archive/master/garuda-master.tar.gz" + "owner": "garuda-linux", + "repo": "website%2Fgaruda", + "type": "gitlab" } }, "src-repoctl": { @@ -631,7 +493,7 @@ }, "utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1709126324, diff --git a/flake.nix b/flake.nix index b86b353..77dd720 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,6 @@ # Devshell to set up a development environment devshell.url = "github:numtide/devshell"; devshell.inputs.nixpkgs.follows = "nixpkgs"; - devshell.inputs.flake-utils.follows = "flake-utils"; # Used by multiple flakes, have them use the same version flake-compat.url = "github:edolstra/flake-compat"; @@ -18,17 +17,6 @@ flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; - # Required by pre-commit-hooks - flake-utils.url = "github:numtide/flake-utils"; - flake-utils.inputs.systems.follows = "systems"; - - # Gitignore common input - gitignore.url = "github:hercules-ci/gitignore.nix"; - gitignore.inputs.nixpkgs.follows = "nixpkgs"; - - # Hercules CI agent - hercules-ci-agent.url = "github:hercules-ci/hercules-ci-agent/stable"; - # Home-manager for dotfile management home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; @@ -42,17 +30,9 @@ nixos-mailserver.inputs.flake-compat.follows = "flake-compat"; nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs"; - # Meshagent agents for remote management - meshagent_x86_64.url = "https://mesh.garudalinux.org/meshagents?id=6"; - meshagent_x86_64.flake = false; - meshagent_aarch64.url = "https://mesh.garudalinux.org/meshagents?id=26"; - meshagent_aarch64.flake = false; - # Pre-commit hooks via nix-shell or nix develop pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; pre-commit-hooks.inputs.flake-compat.follows = "flake-compat"; - pre-commit-hooks.inputs.flake-utils.follows = "flake-utils"; - pre-commit-hooks.inputs.gitignore.follows = "gitignore"; pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs"; pre-commit-hooks.inputs.nixpkgs-stable.follows = "nixpkgs-stable"; @@ -75,6 +55,7 @@ # Sources for custom applications and files src-chaotic-toolbox.url = "github:chaotic-aur/toolbox"; src-chaotic-toolbox.flake = false; + # TODO: https://github.com/NixOS/nix/pull/9163 src-chaotic-portable-builder = { type = "gitlab"; owner = "garuda-linux"; @@ -84,22 +65,29 @@ src-repoctl.url = "github:cassava/repoctl"; src-repoctl.flake = false; # TODO: https://github.com/NixOS/nix/pull/9163 - src-buildiso.url = "https://gitlab.com/garuda-linux/tools/buildiso-docker/-/archive/master/buildiso-docker-master.tar.gz"; - src-buildiso.flake = false; + src-buildiso = { + type = "gitlab"; + owner = "garuda-linux"; + repo = "tools%2Fbuildiso-docker"; + flake = false; + }; src-chaotic-mirror.url = "github:chaotic-aur/docker-mirror"; src-chaotic-mirror.flake = false; # TODO: https://github.com/NixOS/nix/pull/9163 - src-garuda-website.url = "https://gitlab.com/garuda-linux/website/garuda/-/archive/master/garuda-master.tar.gz"; - src-garuda-website.flake = false; + src-garuda-website = { + type = "gitlab"; + owner = "garuda-linux"; + repo = "website%2Fgaruda"; + flake = false; + }; src-cloudflare-ipv4.url = "https://www.cloudflare.com/ips-v4"; src-cloudflare-ipv4.flake = false; # Patches for nixos, automatically applied if they follow this format nixos-patch-nat.url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/277016.patch"; nixos-patch-nat.flake = false; - - # Common input - systems.url = "github:nix-systems/default"; + nixos-patch-pgadmin.url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/312569.patch"; + nixos-patch-pgadmin.flake = false; }; outputs = diff --git a/nixos/hosts/immortalis/containers.nix b/nixos/hosts/immortalis/containers.nix index 9ffe8db..827df61 100644 --- a/nixos/hosts/immortalis/containers.nix +++ b/nixos/hosts/immortalis/containers.nix @@ -233,19 +233,6 @@ in }; ipAddress = "10.0.5.80"; }; - meshcentral = { - config = import ../meshcentral.nix; - extraOptions = { - bindMounts = { - "meshcentral" = { - hostPath = "/data_1/containers/meshcentral/"; - isReadOnly = false; - mountPoint = "/opt/meshcentral"; - }; - }; - }; - ipAddress = "10.0.5.60"; - }; postgres = { config = import ../postgres.nix; extraOptions = { @@ -375,14 +362,12 @@ in "container@docker-proxied".requires = [ "container@postgres.service" ]; "container@lemmy".requires = [ "container@postgres.service" ]; "container@mastodon".requires = [ "container@postgres.service" ]; - "container@meshcentral".requires = [ "container@postgres.service" ]; "container@postgres" = { before = [ "container@docker-proxied.service" "container@docker.service" "container@lemmy.service" "container@mastodon.service" - "container@meshcentral.service" ]; }; }; diff --git a/nixos/hosts/meshcentral.nix b/nixos/hosts/meshcentral.nix deleted file mode 100644 index d07a2a5..0000000 --- a/nixos/hosts/meshcentral.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ pkgs -, sources -, ... -}: { - imports = sources.defaultModules ++ [ ../modules ]; - - # Meshcentral for easy remote access - # manual installation as Nix version is outdated - environment.systemPackages = with pkgs; [ nodejs ]; - systemd.services.meshcentral = { - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - environment = { "NODE_ENV" = "production"; }; - path = [ pkgs.nodejs ]; - serviceConfig = { - ExecStart = - ''"${pkgs.nodejs}/bin/node" /opt/meshcentral/node_modules/meshcentral''; - Group = "meshcentral"; - PrivateTmp = "true"; - Restart = "always"; - RestartSec = 10; - User = "meshcentral"; - WorkingDirectory = "/opt/meshcentral"; - }; - }; - - # Create Meshcentral user and group for the service to use - users.groups.meshcentral = { }; - users.users.meshcentral = { - home = "/opt/meshcentral"; - group = "meshcentral"; - isNormalUser = true; - }; - - # Open up ports for Meshcentral - networking.firewall.allowedTCPPorts = [ 22260 22261 ]; - - system.stateVersion = "23.05"; -} - diff --git a/nixos/hosts/postgres.nix b/nixos/hosts/postgres.nix index f45d58f..28e0a7e 100644 --- a/nixos/hosts/postgres.nix +++ b/nixos/hosts/postgres.nix @@ -13,7 +13,6 @@ "matrix-discord" "matrix-irc" "matrix-telegram" - "meshcentral" "mastodon" "synapse" "wikijs" @@ -30,10 +29,6 @@ { name = "matrix-bridges"; } - { - name = "meshcentral"; - ensureDBOwnership = true; - } { name = "synapse"; ensureDBOwnership = true; @@ -85,6 +80,17 @@ wantedBy = [ "timers.target" ]; }; + services.pgadmin = { + enable = true; + initialEmail = "team@garudalinux.org"; + initialPasswordFile = garuda-lib.secrets.pgadmin_password; + emailServer.enable = true; + emailServer.passwordFile = garuda-lib.secrets.pgadmin_password; + emailServer.sender = "noreply@garudalinux.org"; + emailServer.username = "aaap"; + openFirewall = true; + }; + # Open up ports for Postgres networking.firewall.allowedTCPPorts = [ 5432 ]; diff --git a/nixos/hosts/web-front.nix b/nixos/hosts/web-front.nix index 54f8ed2..791778a 100644 --- a/nixos/hosts/web-front.nix +++ b/nixos/hosts/web-front.nix @@ -381,24 +381,6 @@ rec { quic = true; useACMEHost = "garudalinux.org"; }; - "mesh.garudalinux.net" = allowOnlyCloudflared { - locations = { - "/" = { - extraConfig = '' - proxy_http_version 1.1; - proxy_send_timeout 330s; - proxy_read_timeout 330s; - - set $delimeter ""; - if ($is_args) { - set $delimeter "&"; - } - set $args "$args''${delimeter}user=cfaccess&pass=${garuda-lib.secrets.meshcentral.cfaccess-user}"; - proxy_pass http://10.0.5.60:22260; - ''; - }; - }; - }; "matrix.garudalinux.org" = { addSSL = true; http3 = true; @@ -469,11 +451,11 @@ rec { }; }; - # Cloudflared access to Meshcentral webinterface services.garuda-cloudflared = { enable = true; ingress = { "matrixadmin.garudalinux.net" = "http://10.0.5.100:8085"; + "pgadmin.garudalinux.net" = "http://10.0.5.50:5050"; } // (generateCloudflaredIngress services.nginx.virtualHosts); tunnel-credentials = garuda-lib.secrets.cloudflare.cloudflared.esxi-web.cred; diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index 29689fb..9902b6c 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -2,7 +2,6 @@ , garuda-lib , inputs , lib -, meshagent , pkgs , ... }: @@ -98,15 +97,6 @@ # Services services = { - garuda-meshagent = { - agentBinary = - if pkgs.hostPlatform.system == "aarch64-linux" then - meshagent.aarch64 - else - meshagent.x86_64; - enable = lib.mkDefault true; - mshFile = garuda-lib.secrets.meshagent_msh; - }; garuda-monitoring.enable = lib.mkIf (!garuda-lib.minimalContainer) true; garuda-tailscale.enable = lib.mkIf (!garuda-lib.minimalContainer) true; locate = { diff --git a/nixos/modules/garuda-lib.nix b/nixos/modules/garuda-lib.nix index c354297..9b40381 100644 --- a/nixos/modules/garuda-lib.nix +++ b/nixos/modules/garuda-lib.nix @@ -51,7 +51,7 @@ in unifiedUID = false; secrets = recursiveUpdate secrets { cachix = "/var/garuda/secrets/cachix"; - meshagent_msh = "/var/garuda/secrets/meshagent.msh"; + pgadmin_password = "/var/garuda/secrets/pgadmin_password"; syncthing = { esxi-build = { cert = "/var/garuda/secrets/syncthing/esxi-build-cert.pem"; diff --git a/nixos/services/meshagent.nix b/nixos/services/meshagent.nix deleted file mode 100644 index f6e595c..0000000 --- a/nixos/services/meshagent.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config -, lib -, pkgs -, ... -}: -with lib; -let - cfg = config.services.garuda-meshagent; - meshagent = pkgs.stdenvNoCC.mkDerivation { - src = cfg.agentBinary; - name = "meshagent_patched"; - nativeBuildInputs = [ pkgs.autoPatchelfHook ]; - installPhase = '' - install -Dm755 "$src" "$out/meshagent" - ''; - dontBuild = true; - dontConfigure = true; - dontUnpack = true; - }; -in -{ - options.services.garuda-meshagent = { - enable = mkEnableOption "Garuda Meshagent"; - mshFile = mkOption { }; - agentBinary = mkOption { }; - }; - - config = mkIf cfg.enable { - systemd.services.meshagent = { - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - description = "meshagent background service"; - path = [ pkgs.wget pkgs.mount ]; - serviceConfig = { - CacheDirectory = "meshagent"; - CacheDirectoryMode = "0755"; - PrivateMounts = "true"; - ExecStart = pkgs.writeShellScript "execstart" '' - set -e - cd "''${CACHE_DIRECTORY}" - cp "${meshagent}/meshagent" ./meshagent - if [ ! -f ./meshagent.msh ]; then cp "${cfg.mshFile}" ./meshagent.msh; fi - mount --bind /run/current-system/sw/bin /bin - ./meshagent - ''; - Restart = "on-failure"; - RestartSec = "30"; - }; - }; - }; -} diff --git a/nixos/services/services.nix b/nixos/services/services.nix index c528bc1..ecc68d3 100644 --- a/nixos/services/services.nix +++ b/nixos/services/services.nix @@ -4,7 +4,6 @@ ./cloudflared.nix ./docker-compose-runner/docker-compose-runner.nix ./iso.nix - ./meshagent.nix ./monitoring/monitoring.nix ./rclone.nix ]; diff --git a/secrets b/secrets index 7195e12..a567528 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 7195e1253cafd16a054ff43b3be36ae62ac6ad9c +Subproject commit a567528a91905ebea5464572e258f6bb94e58cbd