chore: nixfmt *

nix/os/containers/backup.nix

@@ -1,4 +1,9 @@
+<<<<<<< HEAD
 { config, hostAddress, localAddress, subvolumes, targetPathSuffix ? "" }:
+=======
+{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? ""
+, autoStart ? false }:
+>>>>>>> 82ff04b (chore: nixfmt *)
 
 let
   passwords = import ../../variables/passwords.crypt.nix;
@@ -108,6 +113,11 @@ in {
     modifier = "rw";
   }];
 
+<<<<<<< HEAD
+=======
+  extraFlags = [ "--resolv-conf=bind-host" ];
+
+>>>>>>> 82ff04b (chore: nixfmt *)
   privateNetwork = true;
   forwardPorts = [ ];
 

nix/os/containers/ipxe.nix

@@ -0,0 +1,163 @@
+{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443 }:
+
+let passwords = import ../../variables/passwords.crypt.nix;
+in {
+  config = { config, pkgs, lib, ... }: {
+    imports = [ ../profiles/containers/configuration.nix ];
+
+    networking.firewall.enable = false;
+
+    services.ddclientovh = {
+      enable = true;
+      domain = "www.stefanjunker.de";
+    };
+
+    security.acme = {
+      acceptTerms = true;
+      certs."www.stefanjunker.de".email = "mail@stefanjunker.de";
+      preliminarySelfsigned = true;
+
+      # can be used for debugging
+      # server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+    };
+
+    services.nginx.enable = true;
+    services.nginx.recommendedProxySettings = true;
+    services.nginx.virtualHosts."www.stefanjunker.de" = {
+      default = true;
+      addSSL = true;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = httpPort;
+          ssl = false;
+        }
+        {
+          addr = "0.0.0.0";
+          port = httpsPort;
+          ssl = true;
+        }
+      ];
+
+      root = "/var/www/stefanjunker.de/htdocs";
+
+      enableACME = true;
+      # serverAliases = [
+      #   "www.stefanjunker.de"
+      # ];
+      # sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
+      # sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
+
+      locations."/fi" = { index = "index.php"; };
+
+      locations."~ ^(.+.php)(.*)$".extraConfig = ''
+        fastcgi_split_path_info  ^(.+\.php)(.*)$;
+
+        fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
+        fastcgi_index index.php;
+      '';
+
+      locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };
+
+      locations."/hedgedoc/socket.io/" = {
+        proxyPass = "http://127.0.0.1:3000/socket.io/";
+        proxyWebsockets = true;
+      };
+
+    };
+
+    services.phpfpm.pools.mypool = {
+      user = "nobody";
+      phpPackage = pkgs.php5;
+      settings = {
+        "listen.owner" = config.services.nginx.user;
+        "pm" = "dynamic";
+        "pm.max_children" = 5;
+        "pm.start_servers" = 2;
+        "pm.min_spare_servers" = 1;
+        "pm.max_spare_servers" = 3;
+        "pm.max_requests" = 500;
+
+        "php_admin_value[error_reporting]" =
+          "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
+      };
+    };
+
+    # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
+    systemd.services."phpfpm-mypool" = {
+      serviceConfig = { Type = lib.mkForce "simple"; };
+    };
+
+    services.mysql = {
+      enable = true;
+      package = pkgs.mariadb;
+    };
+
+    services.hedgedoc = {
+      enable = true;
+      configuration = {
+        domain = "www.stefanjunker.de";
+        urlPath = "hedgedoc";
+        protocolUseSSL = true;
+        db = {
+          dialect = "sqlite";
+          storage = "/var/lib/codimd/db.codimd.sqlite";
+        };
+
+        allowAnonymous = false;
+        allowAnonymousEdits = false;
+        allowGravatar = false;
+        allowFreeURL = false;
+        defaultPermission = "private";
+        allowEmailRegister = false;
+
+        # oauth2 provider config
+        inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox;
+
+        uploadsPath = "/var/lib/codimd/uploads";
+      };
+    };
+  };
+
+  autoStart = true;
+
+  bindMounts = {
+    "/etc/secrets/" = {
+      hostPath = "/var/lib/container-volumes/webserver/etc-secrets";
+      isReadOnly = true;
+    };
+
+    "/var/www" = {
+      hostPath = "/var/lib/container-volumes/webserver/var-www";
+      isReadOnly = false;
+    };
+
+    "/var/lib/mysql" = {
+      hostPath = "/var/lib/container-volumes/webserver/var-lib-mysql";
+      isReadOnly = false;
+    };
+
+    "/var/lib/codimd" = {
+      hostPath = "/var/lib/container-volumes/webserver/var-lib-codimd";
+      isReadOnly = false;
+    };
+  };
+
+  privateNetwork = true;
+  forwardPorts = [
+    {
+      # http
+      containerPort = 80;
+      hostPort = httpPort;
+      protocol = "tcp";
+    }
+    {
+      # https
+      containerPort = 443;
+      hostPort = httpsPort;
+      protocol = "tcp";
+    }
+  ];
+
+  inherit hostAddress localAddress;
+}

nix/os/devices/steveej-t14/versions.nix

@@ -2,8 +2,7 @@ let
   nixpkgs = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-22.05";
-    rev = ''
+    rev = "26eb67abc9a7370a51fcb86ece18eaf19ae9207f";
-      26eb67abc9a7370a51fcb86ece18eaf19ae9207f'';
   };
 
 in {
@@ -13,25 +12,21 @@ in {
   "channels-nixos-unstable" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable";
-    rev = ''
+    rev = "fdebb81f45a1ba2c4afca5fd9f526e1653ad0949";
-      fdebb81f45a1ba2c4afca5fd9f526e1653ad0949'';
   };
   "channels-nixos-unstable-small" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable-small";
-    rev = ''
+    rev = "83018dd5d795a7f0729c94c2d234986f2858c300";
-      83018dd5d795a7f0729c94c2d234986f2858c300'';
   };
   "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
-    rev = ''
+    rev = "06e2c42ae411d57087217096cacb409ade96ac74";
-      06e2c42ae411d57087217096cacb409ade96ac74'';
   };
   "home-manager-module" = {
     url = "https://github.com/nix-community/home-manager";
     ref = "release-22.05";
-    rev = ''
+    rev = "b81e128fc053ab3159d7b464d9b7dedc9d6a6891";
-      b81e128fc053ab3159d7b464d9b7dedc9d6a6891'';
   };
 }

nix/os/devices/vmd32387.contaboserver.net/versions.nix

@@ -2,8 +2,7 @@ let
   nixpkgs = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-22.05";
-    rev = ''
+    rev = "b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3";
-      b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3'';
   };
 
 in {
@@ -12,13 +11,11 @@ in {
   "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
-    rev = ''
+    rev = "6b10854c8194f1ebaa5bce623e71c6da1c008861";
-      6b10854c8194f1ebaa5bce623e71c6da1c008861'';
   };
   "home-manager-module" = {
     url = "https://github.com/nix-community/home-manager";
     ref = "release-22.05";
-    rev = ''
+    rev = "f0ecd4b1db5e15103e955b18cb94bea4296e5c45";
-      f0ecd4b1db5e15103e955b18cb94bea4296e5c45'';
   };
 }

shell.nix

@@ -45,6 +45,7 @@ in pkgs.stdenv.mkDerivation {
     ripgrep
     neovim
     glxinfo
+    nixfmt
 
     ntfy