From 23bbc3196980bbdfa90083de3c3a59aed26e3a9a Mon Sep 17 00:00:00 2001 From: Noratrieb <48135649+Noratrieb@users.noreply.github.com> Date: Wed, 1 Jan 2025 21:20:34 +0100 Subject: [PATCH] Update to NixOS 24.11 --- newinfra/nix/deploy/smoke-tests.sh | 55 +++++++++++++++---- newinfra/nix/hive.nix | 16 +++--- .../modules/{ingress => caddy}/base.Caddyfile | 0 .../{ingress => caddy}/caddy-build.nix | 0 .../caddy-static-prepare/default.nix | 0 .../caddy-static-prepare/prepare.py | 0 .../debugging-page/index.html | 0 .../modules/{ingress => caddy}/default.nix | 0 .../modules/{ingress => caddy}/vps1.Caddyfile | 8 ++- .../modules/{ingress => caddy}/vps3.Caddyfile | 0 .../modules/{ingress => caddy}/vps4.Caddyfile | 0 newinfra/nix/modules/dns/noratrieb.dev.nix | 2 +- newinfra/nix/modules/registry/default.nix | 1 + 13 files changed, 60 insertions(+), 22 deletions(-) rename newinfra/nix/modules/{ingress => caddy}/base.Caddyfile (100%) rename newinfra/nix/modules/{ingress => caddy}/caddy-build.nix (100%) rename newinfra/nix/modules/{ingress => caddy}/caddy-static-prepare/default.nix (100%) rename newinfra/nix/modules/{ingress => caddy}/caddy-static-prepare/prepare.py (100%) rename newinfra/nix/modules/{ingress => caddy}/debugging-page/index.html (100%) rename newinfra/nix/modules/{ingress => caddy}/default.nix (100%) rename newinfra/nix/modules/{ingress => caddy}/vps1.Caddyfile (95%) rename newinfra/nix/modules/{ingress => caddy}/vps3.Caddyfile (100%) rename newinfra/nix/modules/{ingress => caddy}/vps4.Caddyfile (100%) diff --git a/newinfra/nix/deploy/smoke-tests.sh b/newinfra/nix/deploy/smoke-tests.sh index 798c9ae..c97be0a 100755 --- a/newinfra/nix/deploy/smoke-tests.sh +++ b/newinfra/nix/deploy/smoke-tests.sh @@ -4,20 +4,51 @@ set -eux -# Check DNS name servers -dig @dns1.infra.noratrieb.dev dns1.infra.noratrieb.dev +noall +answer | grep 154.38.163.74 -dig @dns2.infra.noratrieb.dev dns1.infra.noratrieb.dev +noall +answer | grep 154.38.163.74 +check_dig_answer() { + type="$1" + host="$2" + grep="$3" -dig @dns1.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1 -dig @dns2.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1 + dig @dns1.infra.noratrieb.dev "$type" "$host" +noall +answer | grep "$grep" + dig @dns2.infra.noratrieb.dev "$type" "$host" +noall +answer | grep "$grep" + +} + +# Check DNS name servers +check_dig_answer A "dns1.infra.noratrieb.dev" "154.38.163.74" + +check_dig_answer A "nilstrieb.dev" "161.97.165.1" # Check the NS records. The trailing dot matters! -dig @dns1.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev." -dig @dns2.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev." +check_dig_answer NS noratrieb.dev "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev." + +# Mail stuff +check_dig_answer MX noratrieb.dev "mail.protonmail.ch." +check_dig_answer MX noratrieb.dev "mailsec.protonmail.ch." +check_dig_answer TXT noratrieb.dev "protonmail-verification=09106d260e40df267109be219d9c7b2759e808b5" +check_dig_answer TXT noratrieb.dev "v=spf1 include:_spf.protonmail.ch ~all" # Check HTTP responses -curl --fail -s https://vps1.infra.noratrieb.dev -o /dev/null -curl --fail -s https://vps3.infra.noratrieb.dev -o /dev/null -curl --fail -s https://vps4.infra.noratrieb.dev -o /dev/null -curl --fail -s https://vps5.infra.noratrieb.dev -o /dev/null -curl --fail -s https://noratrieb.dev -o /dev/null +http_hosts=( + noratrieb.dev + nilstrieb.dev + vps1.infra.noratrieb.dev + vps3.infra.noratrieb.dev + vps4.infra.noratrieb.dev + vps5.infra.noratrieb.dev + bisect-rustc.noratrieb.dev + docker.noratrieb.dev + does-it-build.noratrieb.dev + grafana.noratrieb.dev + hugo-chat.noratrieb.dev + api.hugo-chat.noratrieb.dev/api/v2/rooms + uptime.noratrieb.dev + www.noratrieb.dev + + # legacy: + blog.noratrieb.dev +) + +for http_host in "${http_hosts[@]}"; do + curl --fail -s "https://${http_host}/" -o /dev/null +done diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix index 467c2c9..f6250c7 100644 --- a/newinfra/nix/hive.nix +++ b/newinfra/nix/hive.nix @@ -5,11 +5,11 @@ # - A path to a Nixpkgs checkout # - The Nixpkgs lambda (e.g., import ) # - An initialized Nixpkgs attribute set - nixpkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f3c995fd7be05f3243f8ecd65d798.tar.gz"); # nixos-24.05 2025-01-01 + nixpkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/3ffbbdbac0566a0977da3d2657b89cbcfe9a173b.tar.gz"); # nixos-24.11 2025-01-01 specialArgs = { - website = import (fetchTarball "https://github.com/Noratrieb/website/archive/ab44e5ef7586a220fc1d251bda333a8752bb7783.tar.gz"); - blog = fetchTarball "https://github.com/Noratrieb/blog/archive/ab95691e6faebdbd7a6d37150a79b2b813ea181f.tar.gz"; + website = import (fetchTarball "https://github.com/Noratrieb/website/archive/5637e3cb59b00c80feca6a293c158046a4e1efe4.tar.gz"); + blog = fetchTarball "https://github.com/Noratrieb/blog/archive/3f1978cc85668495bc5a9ac43d5c44fa844c97d6.tar.gz"; slides = fetchTarball "https://github.com/Noratrieb/slides/archive/0401f35c22b124b69447655f0c537badae9e223c.tar.gz"; pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/270b01fc1118dfd713c1c41530d1a7d98f04527d.tar.gz"); @@ -161,7 +161,7 @@ (modulesPath + "/profiles/qemu-guest.nix") ./modules/contabo ./modules/wg-mesh - ./modules/ingress + ./modules/caddy ./modules/garage ./modules/podman ./modules/registry @@ -175,7 +175,7 @@ ./apps/killua ]; - deployment.tags = [ "ingress" "eu" "apps" "website" ]; + deployment.tags = [ "caddy" "eu" "apps" "website" ]; system.stateVersion = "23.11"; }; # VPS3 is the primary monitoring/metrics server. @@ -184,7 +184,7 @@ (modulesPath + "/profiles/qemu-guest.nix") ./modules/contabo ./modules/wg-mesh - ./modules/ingress + ./modules/caddy ./modules/garage ./modules/prometheus ]; @@ -196,7 +196,7 @@ vps4 = { lib, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") - ./modules/ingress + ./modules/caddy ./modules/wg-mesh ./modules/garage ./modules/backup @@ -256,7 +256,7 @@ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./modules/contabo - ./modules/ingress + ./modules/caddy ./modules/wg-mesh ./modules/garage ]; diff --git a/newinfra/nix/modules/ingress/base.Caddyfile b/newinfra/nix/modules/caddy/base.Caddyfile similarity index 100% rename from newinfra/nix/modules/ingress/base.Caddyfile rename to newinfra/nix/modules/caddy/base.Caddyfile diff --git a/newinfra/nix/modules/ingress/caddy-build.nix b/newinfra/nix/modules/caddy/caddy-build.nix similarity index 100% rename from newinfra/nix/modules/ingress/caddy-build.nix rename to newinfra/nix/modules/caddy/caddy-build.nix diff --git a/newinfra/nix/modules/ingress/caddy-static-prepare/default.nix b/newinfra/nix/modules/caddy/caddy-static-prepare/default.nix similarity index 100% rename from newinfra/nix/modules/ingress/caddy-static-prepare/default.nix rename to newinfra/nix/modules/caddy/caddy-static-prepare/default.nix diff --git a/newinfra/nix/modules/ingress/caddy-static-prepare/prepare.py b/newinfra/nix/modules/caddy/caddy-static-prepare/prepare.py similarity index 100% rename from newinfra/nix/modules/ingress/caddy-static-prepare/prepare.py rename to newinfra/nix/modules/caddy/caddy-static-prepare/prepare.py diff --git a/newinfra/nix/modules/ingress/debugging-page/index.html b/newinfra/nix/modules/caddy/debugging-page/index.html similarity index 100% rename from newinfra/nix/modules/ingress/debugging-page/index.html rename to newinfra/nix/modules/caddy/debugging-page/index.html diff --git a/newinfra/nix/modules/ingress/default.nix b/newinfra/nix/modules/caddy/default.nix similarity index 100% rename from newinfra/nix/modules/ingress/default.nix rename to newinfra/nix/modules/caddy/default.nix diff --git a/newinfra/nix/modules/ingress/vps1.Caddyfile b/newinfra/nix/modules/caddy/vps1.Caddyfile similarity index 95% rename from newinfra/nix/modules/ingress/vps1.Caddyfile rename to newinfra/nix/modules/caddy/vps1.Caddyfile index 19428da..6ab60ac 100644 --- a/newinfra/nix/modules/ingress/vps1.Caddyfile +++ b/newinfra/nix/modules/caddy/vps1.Caddyfile @@ -60,7 +60,13 @@ docker.noratrieb.dev { } ################################################################ -# deadname redirects +# redirects + +blog.noratrieb.dev { + log + redir https://noratrieb.dev/blog{uri} permanent +} + nilstrieb.dev { log redir https://noratrieb.dev{uri} permanent diff --git a/newinfra/nix/modules/ingress/vps3.Caddyfile b/newinfra/nix/modules/caddy/vps3.Caddyfile similarity index 100% rename from newinfra/nix/modules/ingress/vps3.Caddyfile rename to newinfra/nix/modules/caddy/vps3.Caddyfile diff --git a/newinfra/nix/modules/ingress/vps4.Caddyfile b/newinfra/nix/modules/caddy/vps4.Caddyfile similarity index 100% rename from newinfra/nix/modules/ingress/vps4.Caddyfile rename to newinfra/nix/modules/caddy/vps4.Caddyfile diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix index 301a311..8ca375e 100644 --- a/newinfra/nix/modules/dns/noratrieb.dev.nix +++ b/newinfra/nix/modules/dns/noratrieb.dev.nix @@ -55,7 +55,7 @@ let ns2 = dns2; # --- website stuff - blog.CNAME = [ (cname "noratrieb.github.io") ]; + blog = vps1; www = vps1; # --- legacy crap diff --git a/newinfra/nix/modules/registry/default.nix b/newinfra/nix/modules/registry/default.nix index c49ec87..13b1e97 100644 --- a/newinfra/nix/modules/registry/default.nix +++ b/newinfra/nix/modules/registry/default.nix @@ -28,6 +28,7 @@ storage = { s3 = { regionendpoint = "http://127.0.0.1:3900"; + forcepathstyle = true; # ensure it doesn't try docker-registry.127.0.0.1 as the host region = "garage"; bucket = "docker-registry"; # accesskey = ""; ENV REGISTRY_STORAGE_S3_ACCESSKEY