hswaw/machines/customs: upgrade to workspace nixos-unstable 2021-08-11
Change-Id: I6eb4408d40e14f24ebbe3f9f3aef0be952b44e8b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1167
Reviewed-by: vuko <vuko@hackerspace.pl>
diff --git a/hswaw/machines/customs.hackerspace.pl/checkinator-tracker.nix b/hswaw/machines/customs.hackerspace.pl/checkinator-tracker.nix
index 44ab46d..74617c7 100644
--- a/hswaw/machines/customs.hackerspace.pl/checkinator-tracker.nix
+++ b/hswaw/machines/customs.hackerspace.pl/checkinator-tracker.nix
@@ -46,7 +46,8 @@
in {
users.users."${user}" = {
group = "${group}";
- useDefaultShell = true;
+ isSystemUser = true;
+ uid = 1001;
};
users.groups."${group}" = {};
diff --git a/hswaw/machines/customs.hackerspace.pl/checkinator-web.nix b/hswaw/machines/customs.hackerspace.pl/checkinator-web.nix
index c8b2542..26da702 100644
--- a/hswaw/machines/customs.hackerspace.pl/checkinator-web.nix
+++ b/hswaw/machines/customs.hackerspace.pl/checkinator-web.nix
@@ -80,7 +80,8 @@
in {
users.users."${user}" = {
group = "${group}";
- useDefaultShell = true;
+ isSystemUser = true;
+ uid = 1002;
};
users.groups."${group}" = {};
diff --git a/hswaw/machines/customs.hackerspace.pl/configuration.nix b/hswaw/machines/customs.hackerspace.pl/configuration.nix
index c00debb..f744154 100644
--- a/hswaw/machines/customs.hackerspace.pl/configuration.nix
+++ b/hswaw/machines/customs.hackerspace.pl/configuration.nix
@@ -497,30 +497,31 @@
services.unbound = {
enable = true;
- interfaces = [
- networks.lan.ipv4
- "127.0.0.1"
- "::1"
- # networks.lan.ipv6 TODO
- ];
- allowedAccess = [
- "127.0.0.1/8"
- "10.0.0.0/8"
- ];
- extraConfig = builtins.concatStringsSep "\n" ((map (
- name: ''
- stub-zone:
- name: ${name}
- stub-addr: ${networks.uplink.ipv4}
- ''
- ) [ "waw.hackerspace.pl" "api.eye.fi" "api.ustream.tv" "i"]) ++ [''
- forward-zone:
- name: "."
- forward-addr: 185.236.240.1
- '']);
- };
-
+ settings = {
+ server = {
+ interface = [
+ networks.lan.ipv4
+ "127.0.0.1"
+ "::1"
+ # networks.lan.ipv6 TODO
+ ];
+ access-control = [
+ "127.0.0.1/8 allow"
+ "10.0.0.0/8 allow"
+ ];
+ };
+
+ stub-zone = map (name: {
+ name = name;
+ stub-addr = networks.uplink.ipv4;
+ }) [ "waw.hackerspace.pl" "api.eye.fi" "api.ustream.tv" "i" ];
+ forward-zone = {
+ name = ".";
+ forward-addr = "185.236.240.1";
+ };
+ };
+ };
# Public VPN access for Hackerspace members
services.openvpn.servers.members.config = ''
@@ -528,11 +529,11 @@
auth-user-pass-verify ${openvpn-auth}/bin/openvpn-auth-member via-env
verify-client-cert none
username-as-common-name
-
+
#user _openvpn
#group _openvpn
multihome
-
+
port 20001
proto udp
proto udp6
@@ -543,14 +544,14 @@
key ${secrets-path}/openvpn-public/server.key
dh ${secrets-path}/openvpn-public/dh.pem
server 10.9.1.0 255.255.255.0
-
+
push "route 10.8.0.0 255.255.0.0"
push "route 10.9.0.0 255.255.0.0"
push "route 10.10.0.0 255.255.0.0"
push "route 10.11.0.0 255.255.0.0"
push "dhcp-option DNS ${networks.lan.ipv4}"
push "dhcp-option DOMAIN waw.hackerspace.pl"
-
+
ifconfig-pool-persist /var/lib/openvpn-public/ipp.txt
#client-config-dir /var/lib/openvpn-public/ccd
client-to-client
diff --git a/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
index c82ef5b..65f911a 100644
--- a/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
+++ b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
@@ -7,7 +7,8 @@
in {
users.users."${user}" = {
group = "${group}";
- useDefaultShell = true;
+ isSystemUser = true;
+ uid = 1004;
};
users.groups."${group}" = {};
diff --git a/hswaw/machines/customs.hackerspace.pl/mikrotik-exporter.nix b/hswaw/machines/customs.hackerspace.pl/mikrotik-exporter.nix
index 26399f3..8ea056e 100644
--- a/hswaw/machines/customs.hackerspace.pl/mikrotik-exporter.nix
+++ b/hswaw/machines/customs.hackerspace.pl/mikrotik-exporter.nix
@@ -18,7 +18,8 @@
in {
users.users."${user}" = {
group = "${group}";
- useDefaultShell = true;
+ isSystemUser = true;
+ uid = 1003;
};
users.groups."${group}" = {};
diff --git a/ops/machines.nix b/ops/machines.nix
index 0a97bcd..7dd1232 100644
--- a/ops/machines.nix
+++ b/ops/machines.nix
@@ -152,7 +152,7 @@
../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
];
- "customs.hackerspace.pl" = mkMachine nixpkgsCustoms [
+ "customs.hackerspace.pl" = mkMachine pkgs [
../hswaw/machines/customs.hackerspace.pl/configuration.nix
];
}