Update to NixOS 24.11

newinfra/nix/deploy/smoke-tests.sh

@@ -4,20 +4,51 @@
 
 set -eux
 
-# Check DNS name servers
-dig @dns1.infra.noratrieb.dev dns1.infra.noratrieb.dev +noall +answer | grep 154.38.163.74
-dig @dns2.infra.noratrieb.dev dns1.infra.noratrieb.dev +noall +answer | grep 154.38.163.74
+check_dig_answer() {
+    type="$1"
+    host="$2"
+    grep="$3"
 
-dig @dns1.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1
-dig @dns2.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1
+    dig @dns1.infra.noratrieb.dev "$type" "$host" +noall +answer | grep "$grep"
+    dig @dns2.infra.noratrieb.dev "$type" "$host" +noall +answer | grep "$grep"
+
+}
+
+# Check DNS name servers
+check_dig_answer A "dns1.infra.noratrieb.dev" "154.38.163.74"
+
+check_dig_answer A "nilstrieb.dev" "161.97.165.1"
 
 # Check the NS records. The trailing dot matters!
-dig @dns1.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev."
-dig @dns2.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev."
+check_dig_answer NS noratrieb.dev "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev."
+
+# Mail stuff
+check_dig_answer MX noratrieb.dev "mail.protonmail.ch."
+check_dig_answer MX noratrieb.dev "mailsec.protonmail.ch."
+check_dig_answer TXT noratrieb.dev "protonmail-verification=09106d260e40df267109be219d9c7b2759e808b5"
+check_dig_answer TXT noratrieb.dev "v=spf1 include:_spf.protonmail.ch ~all"
 
 # Check HTTP responses
-curl --fail -s https://vps1.infra.noratrieb.dev -o /dev/null
-curl --fail -s https://vps3.infra.noratrieb.dev -o /dev/null
-curl --fail -s https://vps4.infra.noratrieb.dev -o /dev/null
-curl --fail -s https://vps5.infra.noratrieb.dev -o /dev/null
-curl --fail -s https://noratrieb.dev -o /dev/null
+http_hosts=(
+    noratrieb.dev
+    nilstrieb.dev
+    vps1.infra.noratrieb.dev
+    vps3.infra.noratrieb.dev
+    vps4.infra.noratrieb.dev
+    vps5.infra.noratrieb.dev
+    bisect-rustc.noratrieb.dev
+    docker.noratrieb.dev
+    does-it-build.noratrieb.dev
+    grafana.noratrieb.dev
+    hugo-chat.noratrieb.dev
+    api.hugo-chat.noratrieb.dev/api/v2/rooms
+    uptime.noratrieb.dev
+    www.noratrieb.dev
+
+    # legacy:
+    blog.noratrieb.dev
+)
+
+for http_host in "${http_hosts[@]}"; do
+    curl --fail -s "https://${http_host}/" -o /dev/null
+done

newinfra/nix/hive.nix

@@ -5,11 +5,11 @@
     # - A path to a Nixpkgs checkout
     # - The Nixpkgs lambda (e.g., import <nixpkgs>)
     # - An initialized Nixpkgs attribute set
-    nixpkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f3c995fd7be05f3243f8ecd65d798.tar.gz"); # nixos-24.05 2025-01-01
+    nixpkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/3ffbbdbac0566a0977da3d2657b89cbcfe9a173b.tar.gz"); # nixos-24.11 2025-01-01
 
     specialArgs = {
-      website = import (fetchTarball "https://github.com/Noratrieb/website/archive/ab44e5ef7586a220fc1d251bda333a8752bb7783.tar.gz");
-      blog = fetchTarball "https://github.com/Noratrieb/blog/archive/ab95691e6faebdbd7a6d37150a79b2b813ea181f.tar.gz";
+      website = import (fetchTarball "https://github.com/Noratrieb/website/archive/5637e3cb59b00c80feca6a293c158046a4e1efe4.tar.gz");
+      blog = fetchTarball "https://github.com/Noratrieb/blog/archive/3f1978cc85668495bc5a9ac43d5c44fa844c97d6.tar.gz";
       slides = fetchTarball "https://github.com/Noratrieb/slides/archive/0401f35c22b124b69447655f0c537badae9e223c.tar.gz";
 
       pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/270b01fc1118dfd713c1c41530d1a7d98f04527d.tar.gz");
@@ -161,7 +161,7 @@
       (modulesPath + "/profiles/qemu-guest.nix")
       ./modules/contabo
       ./modules/wg-mesh
-      ./modules/ingress
+      ./modules/caddy
       ./modules/garage
       ./modules/podman
       ./modules/registry
@@ -175,7 +175,7 @@
       ./apps/killua
     ];
 
-    deployment.tags = [ "ingress" "eu" "apps" "website" ];
+    deployment.tags = [ "caddy" "eu" "apps" "website" ];
     system.stateVersion = "23.11";
   };
   # VPS3 is the primary monitoring/metrics server.
@@ -184,7 +184,7 @@
       (modulesPath + "/profiles/qemu-guest.nix")
       ./modules/contabo
       ./modules/wg-mesh
-      ./modules/ingress
+      ./modules/caddy
       ./modules/garage
       ./modules/prometheus
     ];
@@ -196,7 +196,7 @@
   vps4 = { lib, modulesPath, ... }: {
     imports = [
       (modulesPath + "/profiles/qemu-guest.nix")
-      ./modules/ingress
+      ./modules/caddy
       ./modules/wg-mesh
       ./modules/garage
       ./modules/backup
@@ -256,7 +256,7 @@
       imports = [
         (modulesPath + "/profiles/qemu-guest.nix")
         ./modules/contabo
-        ./modules/ingress
+        ./modules/caddy
         ./modules/wg-mesh
         ./modules/garage
       ];

newinfra/nix/modules/caddy/vps1.Caddyfile

@@ -60,7 +60,13 @@ docker.noratrieb.dev {
 }
 
 ################################################################
-# deadname redirects
+# redirects
+
+blog.noratrieb.dev {
+	log
+	redir https://noratrieb.dev/blog{uri} permanent
+}
+
 nilstrieb.dev {
 	log
 	redir https://noratrieb.dev{uri} permanent

newinfra/nix/modules/dns/noratrieb.dev.nix

@@ -55,7 +55,7 @@ let
         ns2 = dns2;
 
         # --- website stuff
-        blog.CNAME = [ (cname "noratrieb.github.io") ];
+        blog = vps1;
         www = vps1;
 
         # --- legacy crap

newinfra/nix/modules/registry/default.nix

@@ -28,6 +28,7 @@
       storage = {
         s3 = {
           regionendpoint = "http://127.0.0.1:3900";
+          forcepathstyle = true; # ensure it doesn't try docker-registry.127.0.0.1 as the host
           region = "garage";
           bucket = "docker-registry";
           # accesskey = ""; ENV REGISTRY_STORAGE_S3_ACCESSKEY