Merge remote-tracking branch 'orange/master'

flake.lock

@@ -18,11 +18,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1702151865,
+        "lastModified": 1707956935,
-        "narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=",
+        "narHash": "sha256-ZL2TrjVsiFNKOYwYQozpbvQSwvtV/3Me7Zwhmdsfyu4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd",
+        "rev": "a4d4fe8c5002202493e87ec8dbc91335ff55552c",
         "type": "github"
       },
       "original": {

kartei/lass/dishfire.nix

@@ -1,40 +0,0 @@
-{ r6, w6, ... }:
-{
-  nets = rec {
-    internet = {
-      ip4 = rec {
-        addr = "157.90.232.92";
-        prefix = "${addr}/32";
-      };
-      aliases = [
-        "dishfire.i"
-      ];
-      ssh.port = 45621;
-    };
-    retiolum = {
-      via = internet;
-      ip4.addr = "10.243.133.99";
-      ip6.addr = r6 "d15f:1233";
-      aliases = [
-        "dishfire.r"
-        "grafana.lass.r"
-        "prometheus.lass.r"
-        "alert.lass.r"
-      ];
-      tinc = {
-        pubkey = ''
-          -----BEGIN RSA PUBLIC KEY-----
-          MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
-          Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
-          uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
-          R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
-          vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
-          HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
-          -----END RSA PUBLIC KEY-----
-        '';
-        pubkey_ed25519 = "P+bhzhgTNdohWdec//t/e+8cI7zUOsS+Kq/AOtineAO";
-      };
-    };
-  };
-  ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
-}

krebs/1systems/puyak/config.nix

@@ -23,7 +23,6 @@
 
     <stockholm/krebs/2configs/container-networking.nix>
     <stockholm/krebs/2configs/syncthing.nix>
-    <stockholm/krebs/2configs/news-host.nix>
 
     ### shackspace ###
     # handle the worlddomination map via coap

krebs/3modules/go.nix

@@ -20,9 +20,7 @@ let
   };
 
   imp = {
-    services.redis = {
+    services.redis.servers.go.enable = true;
-      enable = true;
-    };
 
     krebs.htgen.go = {
       port = cfg.port;

krebs/3modules/sync-containers3.nix

@@ -43,6 +43,14 @@ in {
               fi
             '';
           };
+          hostname = lib.mkOption {
+            type = lib.types.str;
+            description = ''
+              hostname of the container,
+              his is continously checked by ping and the container is restarted if unreachable
+            '';
+            default = config.name;
+          };
         };
       }));
     };
@@ -68,6 +76,8 @@ in {
             serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ctr.startCommand;
             unitConfig.X-StopOnRemoval = false;
           };
+          # get rid of stateVersion not set warning;
+          system.stateVersion = config.system.nixos.release;
         };
         autoStart = false;
         enableTun = true;
@@ -110,8 +120,8 @@ in {
               set -efux
               consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" ''
                 set -efux
-                if ping -c 1 ${ctr.name}.r; then
+                if ping -c 1 ${ctr.hostname}; then
-                  nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 --inplace --sparse container_sync@${ctr.name}.r:disk "$HOME"/disk.rsync
+                  nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 --inplace --sparse container_sync@${ctr.hostname}:disk "$HOME"/disk.rsync
                   touch "$HOME"/incomplete
                   nice --adjustment=30 rsync --inplace "$HOME"/disk.rsync "$HOME"/disk
                   rm -f "$HOME"/incomplete
@@ -153,7 +163,7 @@ in {
                     export payload
                     if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then
                       # echo 'we are the host, trying to reach container'
-                      if $(retry -t 10 -d 10 -- ping -q -c 1 ${ctr.name}.r > /dev/null); then
+                      if $(retry -t 10 -d 10 -- ping -q -c 1 ${ctr.hostname} > /dev/null); then
                         # echo 'container is reachable, continueing'
                         continue
                       else
@@ -237,8 +247,8 @@ in {
                 /run/current-system/sw/bin/nixos-container start ${ctr.name}
                 # wait for system to become reachable for the first time
                 systemctl start ${ctr.name}_watcher.service
-                retry -t 10 -d 10 -- ping -q -c 1 ${ctr.name}.r > /dev/null
+                retry -t 10 -d 10 -- ping -q -c 1 ${ctr.hostname} > /dev/null
-                while systemctl is-active container@${ctr.name}.service >/devnull && ping -q -c 3 ${ctr.name}.r >/dev/null; do
+                while systemctl is-active container@${ctr.name}.service >/devnull && ping -q -c 3 ${ctr.hostname} >/dev/null; do
                   consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null
                   sleep 10
                 done

krebs/5pkgs/simple/reaktor2-plugins.nix

@@ -1,7 +1,7 @@
-{ lib, pkgs, stockholm, ... }:
+{ pkgs, stockholm, ... }:
-with (builtins.trace (lib.attrNames stockholm) stockholm).lib;
+with stockholm.lib;
 
-rec {
+{
   generators = {
     command_hook = commands: {
       pattern =

krebs/5pkgs/simple/stable-generate/default.nix

@@ -18,7 +18,7 @@ pkgs.writers.writeBashBin "stable-generate" ''
   filename=$(mktemp)
   curl -Ssf "$STABLE_URL/sdapi/v1/txt2img" \
     -X POST \
-    --Header 'Content-Type: application/json' \
+    --header 'Content-Type: application/json' \
     --data "$PAYLOAD" |
       jq -r '.images[0]' |
       base64 --decode > "$filename"