[nixpkgs] update

This reverts commit 753c44a875.

.gitignore

@@ -3,3 +3,5 @@
 *.log
 result
 *.qcow2
+.direnv/
+book/

README.md

@@ -98,34 +98,3 @@ for documentation we currently just use README.md files.
 
 the devshell provides the python package ['grip'](https://github.com/joeyespo/grip) which can be used to preview different README.md files in the browser.
 the usage is simple, just run ```grip``` in the same folder as the README.md you wanna preview. then open your browser at ```http://localhost:6419 ```.
-
-## todos...
-
-#### infrastructure
-* [ ] host a local wiki with public available information about the space, for example:
-  * [ ] how to use coffe machine
-  * [ ] how to turn on/off electricity
-  * [ ] how to use beamer
-  * [ ] how to buecher ausleihen
-  * ...
-* [x] host some pad (codimd aka hedgedoc)
-* [ ] some network fileshare for storing the movies and streaming them within the network
-* [x] malobeo network infrastructure rework
-  * [x] request mulvad acc
-  * [x] remove freifunk, use openwrt with mulvad configured
-* [ ] evaluate imposing solutions
-    * [ ] pdfarranger
-
-#### external services
-we want to host two services that need a bit more resources, this is a booking system for the room itself and a library system.
-- [x] analyse best way to include our stuff into external nixOs server
-  - [x] writing some module that is included by the server
-  - [x] directly use nixOs container on host
-  - [x] combination of both (module that manages nginx blabla + nixOs container for the services
-
-#### bots&progrmaming
-* [ ] create telegram bot automatically posting tuesday events
-* [x] create webapp/interface replacing current task list pad
-  * could be a simple form for every tuesday
-  * [x] element bot should send updates if some tasks are not filled out
-

doc/.gitignore

@@ -0,0 +1 @@
+book

doc/book.toml

@@ -0,0 +1,6 @@
+[book]
+authors = ["ahtlon"]
+language = "de"
+multilingual = false
+src = "src"
+title = "Malobeo Infrastruktur Dokumentation"

doc/src/Index.md

@@ -0,0 +1 @@
+# Index

doc/src/SUMMARY.md

@@ -0,0 +1,16 @@
+# Summary
+
+- [Index](./Index.md)
+    - [Info]()
+        - [Aktuelle Server]()
+            - [Durruti](./server/durruti.md)
+            - [Lucia](./server/lucia.md)
+        - [Hardware]()
+        - [Netzwerk]()
+        - [Seiten]()
+            - [Website](./server/website.md)
+            - [musik](./projekte/musik.md)
+        - [TODO](./todo.md)
+    - [How-to]()
+        - [Updates](./anleitung/updates.md)
+        - [Rollbacks](./anleitung/rollback.md)

doc/src/anleitung/rollback.md

@@ -0,0 +1 @@
+# Rollbacks

doc/src/anleitung/updates.md

@@ -0,0 +1 @@
+# Updates

doc/src/projekte/musik.md

@@ -0,0 +1 @@
+# musik

doc/src/server/durruti.md

@@ -0,0 +1,2 @@
+# Durruti
+Hetzner Server

doc/src/server/lucia.md

@@ -0,0 +1,2 @@
+# Lucia
+Lokaler Raspberry Pi 3

doc/src/server/website.md

@@ -0,0 +1,7 @@
+#Website
+
+hosted on uberspace  
+runs malobeo.org(wordpress) and forum.malobeo.org(phpbb)  
+access via ssh with public key or password  
+Files under /var/www/virtual/malobeo/html
+

doc/src/todo.md

@@ -0,0 +1,32 @@
+# TODO
+- [ ] Dieses wiki schreiben
+#### infrastructure
+* [ ] host a local wiki with public available information about the space, for example:
+  * [ ] how to use coffe machine
+  * [ ] how to turn on/off electricity
+  * [ ] how to use beamer
+  * [ ] how to buecher ausleihen
+  * ...
+- [x] host a local wiki with infrastructure information
+* [x] host some pad (codimd aka hedgedoc)
+* [ ] some network fileshare for storing the movies and streaming them within the network
+  - Currently developed in the 'fileserver' branch
+    - NFSV4 based
+* [x] malobeo network infrastructure rework
+  * [x] request mulvad acc
+  * [x] remove freifunk, use openwrt with mulvad configured
+* [ ] evaluate imposing solutions
+    * [ ] pdfarranger
+
+#### external services
+we want to host two services that need a bit more resources, this is a booking system for the room itself and a library system.
+- [x] analyse best way to include our stuff into external nixOs server
+  - [x] writing some module that is included by the server
+  - [x] directly use nixOs container on host
+  - [x] combination of both (module that manages nginx blabla + nixOs container for the services
+
+#### bots&progrmaming
+* [ ] create telegram bot automatically posting tuesday events
+* [x] create webapp/interface replacing current task list pad
+  * could be a simple form for every tuesday
+  * [x] element bot should send updates if some tasks are not filled out

flake.lock

@@ -99,11 +99,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1729742320,
-        "narHash": "sha256-u3Of8xRkN//me8PU+RucKA59/6RNy4B2jcGAF36P4jI=",
+        "lastModified": 1730919458,
+        "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda",
+        "rev": "e1cc1f6483393634aee94514186d21a4871e78d7",
         "type": "github"
       },
       "original": {
@@ -131,11 +131,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1729357638,
-        "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
+        "lastModified": 1730602179,
+        "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
+        "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
         "type": "github"
       },
       "original": {
@@ -147,11 +147,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1729665710,
-        "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
+        "lastModified": 1730785428,
+        "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
+        "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
         "type": "github"
       },
       "original": {
@@ -163,11 +163,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1729449015,
-        "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=",
+        "lastModified": 1730883749,
+        "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "89172919243df199fe237ba0f776c3e3e3d72367",
+        "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
         "type": "github"
       },
       "original": {
@@ -199,11 +199,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1729695320,
-        "narHash": "sha256-Fm4cGAlaDwekQvYX0e6t0VjT6YJs3fRXtkyuE4/NzzU=",
+        "lastModified": 1731047660,
+        "narHash": "sha256-iyp51lPWEQz4c5VH9bVbAuBcFP4crETU2QJYh5V0NYA=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "d089e742fb79259b9c4dd9f18e9de1dd4fa3c1ec",
+        "rev": "60e1bce1999f126e3b16ef45f89f72f0c3f8d16f",
         "type": "github"
       },
       "original": {

machines/configuration.nix

@@ -42,14 +42,6 @@ let
   defaultModules = baseModules;
 in
 {
-  moderatio = nixosSystem {
-    system = "x86_64-linux";
-    specialArgs.inputs = inputs;
-    modules = defaultModules ++ [
-      ./moderatio/configuration.nix
-    ];
-  };
-
   louise = nixosSystem {
     system = "x86_64-linux";
     specialArgs.inputs = inputs;

machines/lucia/configuration.nix

@@ -14,7 +14,7 @@ in
 
   services.openssh.enable = true;
   services.openssh.ports = [ 22 ];
-  services.openssh.passwordAuthentication = false;
+  services.openssh.settings.PasswordAuthentication = false;
   services.openssh.settings.PermitRootLogin = "prohibit-password";
   users.users.root.openssh.authorizedKeys.keys = sshKeys.admins;
 
@@ -198,7 +198,7 @@ in
 
   services.avahi = {
     enable = true;
-    nssmdns = true;
+    nssmdns4 = true;
     publish = {
       enable = true;
       addresses = true;

machines/moderatio/configuration.nix

@@ -1,92 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  services.acpid.enable = true;
-
-  boot.kernelPackages = pkgs.linuxPackages_5_4;
-  services.xserver.videoDrivers = [ "intel" ];
-  services.xserver.deviceSection = ''
-    Option "DRI" "2"
-    Option "TearFree" "true"
-  '';
-
-  zramSwap.enable = true;
-  zramSwap.memoryPercent = 150;
-
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      ./zfs.nix
-
-      ../modules/xserver.nix
-      ../modules/malobeo_user.nix
-      ../modules/sshd.nix
-      ../modules/minimal_tools.nix
-    ];
-
-  users.users.malobeo = {
-    packages = with pkgs; [
-      firefox
-      thunderbird
-    ];
-  };
-
-  networking.hostName = "moderatio"; # Define your hostname.
-  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
-
-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
-
-  # Select internationalisation properties.
-  # i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  #   useXkbConfig = true; # use xkbOptions in tty.
-  # };
-
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  # Enable sound.
-  sound.enable = true;
-  hardware.pulseaudio.enable = true;
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "22.05"; # Did you read the comment?
-
-}
-

machines/moderatio/hardware-configuration.nix

@@ -1,53 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "rpool/nixos/root";
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
-    };
-
-  fileSystems."/home" =
-    { device = "rpool/nixos/home";
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "bpool/nixos/root";
-      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
-    };
-
-  fileSystems."/boot/efis/ata-ST250LT003-9YG14C_W041QXCA-part1" =
-    { device = "/dev/disk/by-uuid/A0D1-00C1";
-      fsType = "vfat";
-    };
-
-  fileSystems."/boot/efi" =
-    { device = "/boot/efis/ata-ST250LT003-9YG14C_W041QXCA-part1";
-      fsType = "none";
-      options = [ "bind" ];
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
-
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

machines/moderatio/zfs.nix

@@ -1,34 +0,0 @@
-{ config, pkgs, ... }:
-
-{ boot.supportedFilesystems = [ "zfs" ];
-  networking.hostId = "ae749b82";
-  #boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
-boot.loader.efi.efiSysMountPoint = "/boot/efi";
-boot.loader.efi.canTouchEfiVariables = false;
-boot.loader.generationsDir.copyKernels = true;
-boot.loader.grub.efiInstallAsRemovable = true;
-boot.loader.grub.enable = true;
-boot.loader.grub.version = 2;
-boot.loader.grub.copyKernels = true;
-boot.loader.grub.efiSupport = true;
-boot.loader.grub.zfsSupport = true;
-boot.loader.grub.extraPrepareConfig = ''
-  mkdir -p /boot/efis
-  for i in  /boot/efis/*; do mount $i ; done
-
-  mkdir -p /boot/efi
-  mount /boot/efi
-'';
-boot.loader.grub.extraInstallCommands = ''
-ESP_MIRROR=$(mktemp -d)
-cp -r /boot/efi/EFI $ESP_MIRROR
-for i in /boot/efis/*; do
- cp -r $ESP_MIRROR/EFI $i
-done
-rm -rf $ESP_MIRROR
-'';
-boot.loader.grub.devices = [
-      "/dev/disk/by-id/ata-ST250LT003-9YG14C_W041QXCA"
-    ];
-users.users.root.initialHashedPassword = "$6$PmoyhSlGGT6SI0t0$.cFsLyhtO1ks1LUDhLjG0vT44/NjuWCBrv5vUSXqwrU5WpaBvvthnLp0Dfwfyd6Zcdx/4izDcjQAgEWs4QdzW0";
-}

machines/modules/sshd.nix

@@ -6,7 +6,7 @@ in
 {
   services.openssh.enable = true;
   services.openssh.ports = [ 22 ];
-  services.openssh.passwordAuthentication = false;
+  services.openssh.settings.PasswordAuthentication = false;
   services.openssh.settings.PermitRootLogin = "no";
   users.users.root.openssh.authorizedKeys.keys = sshKeys.admins;
 }

machines/modules/xserver.nix

@@ -7,7 +7,6 @@
       xterm.enable = false;
       cinnamon.enable = true;
     };
-
-    displayManager.defaultSession = "cinnamon";
   };
+  services.displayManager.defaultSession = "cinnamon";
 }

outputs.nix

@@ -18,6 +18,35 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
     devShells.default = pkgs.callPackage ./shell.nix {
       inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key;
     };
+
+    packages = {
+      docs = pkgs.stdenv.mkDerivation {
+        name = "malobeo-docs";
+        phases = [ "buildPhase" ];
+        buildInputs = [ pkgs.mdbook ];
+      
+        inputs = pkgs.lib.sourceFilesBySuffices ./doc/. [ ".md" ".toml" ];
+      
+        buildPhase = ''
+          dest=$out/share/doc
+          mkdir -p $dest
+          cp -r --no-preserve=all $inputs/* ./
+          mdbook build
+          ls
+          cp -r ./book/* $dest
+        '';
+      };
+    };
+
+    apps = {
+      docs = {
+        type = "app";
+        program = builtins.toString (pkgs.writeScript "docs" ''
+          ${pkgs.mdbook}/bin/mdbook serve --open ./doc
+        '');
+      };
+    };
+
   })) // rec {
     nixosConfigurations = import ./machines/configuration.nix (inputs // {
       inherit inputs;

shell.nix

@@ -18,5 +18,6 @@ mkShell {
     sops-init-gpg-key
     sops
     pkgs.python310Packages.grip
+    pkgs.mdbook
   ];
 }