diff --git a/.gitignore b/.gitignore index 8e0c3c5..bb24878 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ *.log result *.qcow2 +.direnv/ +book/ diff --git a/README.md b/README.md index da01486..a4fca58 100644 --- a/README.md +++ b/README.md @@ -98,34 +98,3 @@ for documentation we currently just use README.md files. the devshell provides the python package ['grip'](https://github.com/joeyespo/grip) which can be used to preview different README.md files in the browser. the usage is simple, just run ```grip``` in the same folder as the README.md you wanna preview. then open your browser at ```http://localhost:6419 ```. - -## todos... - -#### infrastructure -* [ ] host a local wiki with public available information about the space, for example: - * [ ] how to use coffe machine - * [ ] how to turn on/off electricity - * [ ] how to use beamer - * [ ] how to buecher ausleihen - * ... -* [x] host some pad (codimd aka hedgedoc) -* [ ] some network fileshare for storing the movies and streaming them within the network -* [x] malobeo network infrastructure rework - * [x] request mulvad acc - * [x] remove freifunk, use openwrt with mulvad configured -* [ ] evaluate imposing solutions - * [ ] pdfarranger - -#### external services -we want to host two services that need a bit more resources, this is a booking system for the room itself and a library system. -- [x] analyse best way to include our stuff into external nixOs server - - [x] writing some module that is included by the server - - [x] directly use nixOs container on host - - [x] combination of both (module that manages nginx blabla + nixOs container for the services - -#### bots&progrmaming -* [ ] create telegram bot automatically posting tuesday events -* [x] create webapp/interface replacing current task list pad - * could be a simple form for every tuesday - * [x] element bot should send updates if some tasks are not filled out - diff --git a/book.toml b/book.toml new file mode 100644 index 0000000..5799732 --- /dev/null +++ b/book.toml @@ -0,0 +1,6 @@ +[book] +authors = ["ahtlon"] +language = "de" +multilingual = false +src = "src" +title = "Malobeo Infrastruktur Dokumentation" diff --git a/doc/.gitignore b/doc/.gitignore new file mode 100644 index 0000000..7585238 --- /dev/null +++ b/doc/.gitignore @@ -0,0 +1 @@ +book diff --git a/doc/book.toml b/doc/book.toml new file mode 100644 index 0000000..5799732 --- /dev/null +++ b/doc/book.toml @@ -0,0 +1,6 @@ +[book] +authors = ["ahtlon"] +language = "de" +multilingual = false +src = "src" +title = "Malobeo Infrastruktur Dokumentation" diff --git a/doc/src/Index.md b/doc/src/Index.md new file mode 100644 index 0000000..8b013d6 --- /dev/null +++ b/doc/src/Index.md @@ -0,0 +1 @@ +# Index diff --git a/doc/src/SUMMARY.md b/doc/src/SUMMARY.md new file mode 100644 index 0000000..6792fa4 --- /dev/null +++ b/doc/src/SUMMARY.md @@ -0,0 +1,16 @@ +# Summary + +- [Index](./Index.md) + - [Info]() + - [Aktuelle Server]() + - [Durruti](./server/durruti.md) + - [Lucia](./server/lucia.md) + - [Hardware]() + - [Netzwerk]() + - [Seiten]() + - [Website](./server/website.md) + - [musik](./projekte/musik.md) + - [TODO](./todo.md) + - [How-to]() + - [Updates](./anleitung/updates.md) + - [Rollbacks](./anleitung/rollback.md) \ No newline at end of file diff --git a/doc/src/anleitung/rollback.md b/doc/src/anleitung/rollback.md new file mode 100644 index 0000000..3f08149 --- /dev/null +++ b/doc/src/anleitung/rollback.md @@ -0,0 +1 @@ +# Rollbacks diff --git a/doc/src/anleitung/updates.md b/doc/src/anleitung/updates.md new file mode 100644 index 0000000..35d0173 --- /dev/null +++ b/doc/src/anleitung/updates.md @@ -0,0 +1 @@ +# Updates diff --git a/doc/src/projekte/musik.md b/doc/src/projekte/musik.md new file mode 100644 index 0000000..8ea2074 --- /dev/null +++ b/doc/src/projekte/musik.md @@ -0,0 +1 @@ +# musik diff --git a/doc/src/server/durruti.md b/doc/src/server/durruti.md new file mode 100644 index 0000000..c3b61bf --- /dev/null +++ b/doc/src/server/durruti.md @@ -0,0 +1,2 @@ +# Durruti +Hetzner Server \ No newline at end of file diff --git a/doc/src/server/lucia.md b/doc/src/server/lucia.md new file mode 100644 index 0000000..329f4be --- /dev/null +++ b/doc/src/server/lucia.md @@ -0,0 +1,2 @@ +# Lucia +Lokaler Raspberry Pi 3 \ No newline at end of file diff --git a/doc/src/server/website.md b/doc/src/server/website.md new file mode 100644 index 0000000..e81d8f0 --- /dev/null +++ b/doc/src/server/website.md @@ -0,0 +1,7 @@ +#Website + +hosted on uberspace +runs malobeo.org(wordpress) and forum.malobeo.org(phpbb) +access via ssh with public key or password +Files under /var/www/virtual/malobeo/html + diff --git a/doc/src/todo.md b/doc/src/todo.md new file mode 100644 index 0000000..1d1a429 --- /dev/null +++ b/doc/src/todo.md @@ -0,0 +1,32 @@ +# TODO +- [ ] Dieses wiki schreiben +#### infrastructure +* [ ] host a local wiki with public available information about the space, for example: + * [ ] how to use coffe machine + * [ ] how to turn on/off electricity + * [ ] how to use beamer + * [ ] how to buecher ausleihen + * ... +- [x] host a local wiki with infrastructure information +* [x] host some pad (codimd aka hedgedoc) +* [ ] some network fileshare for storing the movies and streaming them within the network + - Currently developed in the 'fileserver' branch + - NFSV4 based +* [x] malobeo network infrastructure rework + * [x] request mulvad acc + * [x] remove freifunk, use openwrt with mulvad configured +* [ ] evaluate imposing solutions + * [ ] pdfarranger + +#### external services +we want to host two services that need a bit more resources, this is a booking system for the room itself and a library system. +- [x] analyse best way to include our stuff into external nixOs server + - [x] writing some module that is included by the server + - [x] directly use nixOs container on host + - [x] combination of both (module that manages nginx blabla + nixOs container for the services + +#### bots&progrmaming +* [ ] create telegram bot automatically posting tuesday events +* [x] create webapp/interface replacing current task list pad + * could be a simple form for every tuesday + * [x] element bot should send updates if some tasks are not filled out \ No newline at end of file diff --git a/flake.lock b/flake.lock index 796fd2f..9255ef4 100644 --- a/flake.lock +++ b/flake.lock @@ -99,11 +99,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729742320, - "narHash": "sha256-u3Of8xRkN//me8PU+RucKA59/6RNy4B2jcGAF36P4jI=", + "lastModified": 1730161780, + "narHash": "sha256-z5ILcmwMtiCoHTXS1KsQWqigO7HJO8sbyK7f7wn9F/E=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda", + "rev": "07d15e8990d5d86a631641b4c429bc0a7400cfb8", "type": "github" }, "original": { @@ -131,11 +131,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1729357638, - "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", + "lastModified": 1729973466, + "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22", + "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", "type": "github" }, "original": { @@ -147,11 +147,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1729665710, - "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", + "lastModified": 1729880355, + "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", + "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", "type": "github" }, "original": { @@ -163,11 +163,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1729449015, - "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=", + "lastModified": 1729973466, + "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89172919243df199fe237ba0f776c3e3e3d72367", + "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", "type": "github" }, "original": { @@ -199,11 +199,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1729695320, - "narHash": "sha256-Fm4cGAlaDwekQvYX0e6t0VjT6YJs3fRXtkyuE4/NzzU=", + "lastModified": 1729999681, + "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d089e742fb79259b9c4dd9f18e9de1dd4fa3c1ec", + "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56", "type": "github" }, "original": { diff --git a/machines/configuration.nix b/machines/configuration.nix index 05d5c4a..4509ea8 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -42,14 +42,6 @@ let defaultModules = baseModules; in { - moderatio = nixosSystem { - system = "x86_64-linux"; - specialArgs.inputs = inputs; - modules = defaultModules ++ [ - ./moderatio/configuration.nix - ]; - }; - louise = nixosSystem { system = "x86_64-linux"; specialArgs.inputs = inputs; diff --git a/machines/lucia/configuration.nix b/machines/lucia/configuration.nix index f0164bd..440096a 100644 --- a/machines/lucia/configuration.nix +++ b/machines/lucia/configuration.nix @@ -14,7 +14,7 @@ in services.openssh.enable = true; services.openssh.ports = [ 22 ]; - services.openssh.passwordAuthentication = false; + services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PermitRootLogin = "prohibit-password"; users.users.root.openssh.authorizedKeys.keys = sshKeys.admins; @@ -198,7 +198,7 @@ in services.avahi = { enable = true; - nssmdns = true; + nssmdns4 = true; publish = { enable = true; addresses = true; diff --git a/machines/moderatio/configuration.nix b/machines/moderatio/configuration.nix deleted file mode 100644 index 47b9fe1..0000000 --- a/machines/moderatio/configuration.nix +++ /dev/null @@ -1,92 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - services.acpid.enable = true; - - boot.kernelPackages = pkgs.linuxPackages_5_4; - services.xserver.videoDrivers = [ "intel" ]; - services.xserver.deviceSection = '' - Option "DRI" "2" - Option "TearFree" "true" - ''; - - zramSwap.enable = true; - zramSwap.memoryPercent = 150; - - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ./zfs.nix - - ../modules/xserver.nix - ../modules/malobeo_user.nix - ../modules/sshd.nix - ../modules/minimal_tools.nix - ]; - - users.users.malobeo = { - packages = with pkgs; [ - firefox - thunderbird - ]; - }; - - networking.hostName = "moderatio"; # Define your hostname. - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkbOptions in tty. - # }; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? - -} - diff --git a/machines/moderatio/hardware-configuration.nix b/machines/moderatio/hardware-configuration.nix deleted file mode 100644 index 5ca6075..0000000 --- a/machines/moderatio/hardware-configuration.nix +++ /dev/null @@ -1,53 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "rpool/nixos/root"; - fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; - }; - - fileSystems."/home" = - { device = "rpool/nixos/home"; - fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; - }; - - fileSystems."/boot" = - { device = "bpool/nixos/root"; - fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; - }; - - fileSystems."/boot/efis/ata-ST250LT003-9YG14C_W041QXCA-part1" = - { device = "/dev/disk/by-uuid/A0D1-00C1"; - fsType = "vfat"; - }; - - fileSystems."/boot/efi" = - { device = "/boot/efis/ata-ST250LT003-9YG14C_W041QXCA-part1"; - fsType = "none"; - options = [ "bind" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/machines/moderatio/zfs.nix b/machines/moderatio/zfs.nix deleted file mode 100644 index 0052f1f..0000000 --- a/machines/moderatio/zfs.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, pkgs, ... }: - -{ boot.supportedFilesystems = [ "zfs" ]; - networking.hostId = "ae749b82"; - #boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; -boot.loader.efi.efiSysMountPoint = "/boot/efi"; -boot.loader.efi.canTouchEfiVariables = false; -boot.loader.generationsDir.copyKernels = true; -boot.loader.grub.efiInstallAsRemovable = true; -boot.loader.grub.enable = true; -boot.loader.grub.version = 2; -boot.loader.grub.copyKernels = true; -boot.loader.grub.efiSupport = true; -boot.loader.grub.zfsSupport = true; -boot.loader.grub.extraPrepareConfig = '' - mkdir -p /boot/efis - for i in /boot/efis/*; do mount $i ; done - - mkdir -p /boot/efi - mount /boot/efi -''; -boot.loader.grub.extraInstallCommands = '' -ESP_MIRROR=$(mktemp -d) -cp -r /boot/efi/EFI $ESP_MIRROR -for i in /boot/efis/*; do - cp -r $ESP_MIRROR/EFI $i -done -rm -rf $ESP_MIRROR -''; -boot.loader.grub.devices = [ - "/dev/disk/by-id/ata-ST250LT003-9YG14C_W041QXCA" - ]; -users.users.root.initialHashedPassword = "$6$PmoyhSlGGT6SI0t0$.cFsLyhtO1ks1LUDhLjG0vT44/NjuWCBrv5vUSXqwrU5WpaBvvthnLp0Dfwfyd6Zcdx/4izDcjQAgEWs4QdzW0"; -} diff --git a/machines/modules/autoupdate.nix b/machines/modules/autoupdate.nix index 6b28ec0..d5bbb7c 100644 --- a/machines/modules/autoupdate.nix +++ b/machines/modules/autoupdate.nix @@ -100,11 +100,12 @@ in nix = { # Show a diff when activating a new system except for microvms which handle this seperately #diffSystem = config.malobeo.deployment.server or "" == ""; - gc = lib.mkIf config.malobeo.autoUpdate.enable { - automatic = true; - randomizedDelaySec = "6h"; - options = "--delete-older-than 21d"; - }; + #TODO: THIS WIPES HOSTS NIX STORE FROM WITHIN NIXOS-CONTAINER + #gc = lib.mkIf config.malobeo.autoUpdate.enable { + # automatic = true; + # randomizedDelaySec = "6h"; + # options = "--delete-older-than 21d"; + #}; }; environment.systemPackages = [ ( diff --git a/machines/modules/sshd.nix b/machines/modules/sshd.nix index 25109ce..3cf9bc0 100644 --- a/machines/modules/sshd.nix +++ b/machines/modules/sshd.nix @@ -6,7 +6,7 @@ in { services.openssh.enable = true; services.openssh.ports = [ 22 ]; - services.openssh.passwordAuthentication = false; + services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PermitRootLogin = "no"; users.users.root.openssh.authorizedKeys.keys = sshKeys.admins; } diff --git a/machines/modules/xserver.nix b/machines/modules/xserver.nix index 622d1bc..3e34399 100644 --- a/machines/modules/xserver.nix +++ b/machines/modules/xserver.nix @@ -7,7 +7,6 @@ xterm.enable = false; cinnamon.enable = true; }; - - displayManager.defaultSession = "cinnamon"; }; + services.displayManager.defaultSession = "cinnamon"; } diff --git a/outputs.nix b/outputs.nix index 16af3e8..042216d 100644 --- a/outputs.nix +++ b/outputs.nix @@ -18,6 +18,35 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems devShells.default = pkgs.callPackage ./shell.nix { inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key; }; + + packages = { + docs = pkgs.stdenv.mkDerivation { + name = "malobeo-docs"; + phases = [ "buildPhase" ]; + buildInputs = [ pkgs.mdbook ]; + + inputs = pkgs.lib.sourceFilesBySuffices ./doc/. [ ".md" ".toml" ]; + + buildPhase = '' + dest=$out/share/doc + mkdir -p $dest + cp -r --no-preserve=all $inputs/* ./ + mdbook build + ls + cp -r ./book/* $dest + ''; + }; + }; + + apps = { + docs = { + type = "app"; + program = builtins.toString (pkgs.writeScript "docs" '' + ${pkgs.mdbook}/bin/mdbook serve --open ./doc + ''); + }; + }; + })) // rec { nixosConfigurations = import ./machines/configuration.nix (inputs // { inherit inputs; diff --git a/shell.nix b/shell.nix index 76dd87c..db4fd27 100644 --- a/shell.nix +++ b/shell.nix @@ -18,5 +18,6 @@ mkShell { sops-init-gpg-key sops pkgs.python310Packages.grip + pkgs.mdbook ]; } diff --git a/src/SUMMARY.md b/src/SUMMARY.md new file mode 100644 index 0000000..f16e5a5 --- /dev/null +++ b/src/SUMMARY.md @@ -0,0 +1,15 @@ +# Summary + +- [Index](./Index.md) + - [Info]() + - [Aktuelle Server]() + - [Durruti](./server/durruti.md) + - [Lucia](./server/lucia.md) + - [Hardware]() + - [Netzwerk]() + - [Seiten]() + - [musik](./projekte/musik.md) + - [TODO](./todo.md) + - [How-to]() + - [Updates](./anleitung/updates.md) + - [Rollbacks](./anleitung/rollback.md) \ No newline at end of file