formatting and updating to 24.05

flake.nix

@@ -5,7 +5,7 @@
   };
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
 
     # naersk and flake utils are not used by this flake directly, but needed
     # for the follows in all the other ones.
@@ -177,27 +177,27 @@
 
       # function that generates a system with the given number
       generate_system = (id:
-      let
-        myRegistry = registry.traffic-stop-box."${toString id}";
-      in
+        let
+          myRegistry = registry.traffic-stop-box."${toString id}";
+        in
         {
           "${myRegistry.hostName}" = {
-              system = myRegistry.arch;
-              specialArgs = { inherit self inputs; registry = myRegistry; };
-              modules =
-                [
-                  # box-specific config
-                  ./hosts/traffic-stop-box/${toString id}
-
-                  # default modules
-                  sops-nix.nixosModules.sops
-                  ./modules/traffic-stop-box
-                  ./modules/TLMS
-                  {
-                    deployment-TLMS.monitoring.enable = myRegistry.monitoring;
-                  }
-                ] ++ stop-box-modules;
-            };
+            system = myRegistry.arch;
+            specialArgs = { inherit self inputs; registry = myRegistry; };
+            modules =
+              [
+                # box-specific config
+                ./hosts/traffic-stop-box/${toString id}
+
+                # default modules
+                sops-nix.nixosModules.sops
+                ./modules/traffic-stop-box
+                ./modules/TLMS
+                {
+                  deployment-TLMS.monitoring.enable = myRegistry.monitoring;
+                }
+              ] ++ stop-box-modules;
+          };
         }
       );
 

hosts/notice-me-senpai/grafana.nix

@@ -59,7 +59,7 @@ in
             } // (
               if exporter == "r09-receiver" then {
                 scrape_interval = "10s";
-              } else {}
+              } else { }
             );
 
             # generate scraper config

hosts/tram-borzoi/postgres.nix

@@ -33,10 +33,7 @@
       }
       {
         name = "borzoi";
-        ensurePermissions = {
-          "DATABASE borzoi" = "ALL PRIVILEGES";
-          "ALL TABLES IN SCHEMA public" = "ALL";
-        };
+        ensureDBOwnership = true;
       }
     ];
   };

modules/TLMS/base.nix

@@ -88,6 +88,7 @@ in
 
   users.motd = if config.networking.hostName == "data-hoarder" then prodMotd else regMotd;
 
+  programs.screen.enable = true;
   programs.screen.screenrc = ''
     defscrollback 10000
 

modules/TLMS/wg.nix

@@ -45,7 +45,8 @@ in
       endpointRegistries =
         let
           ep = (lib.filter
-            (x: x.wgAddr4 != registry.wgAddr4 && (!isNull x.publicWireguardEndpoint)) registries);
+            (x: x.wgAddr4 != registry.wgAddr4 && (!isNull x.publicWireguardEndpoint))
+            registries);
         in
         assert lib.assertMsg (lib.length ep == 1) "there should be exactly one endpoint"; ep;
 

modules/data-hoarder/kindergarten.nix

@@ -16,10 +16,11 @@
         enableACME = true;
         forceSSL = true;
         locations."~ ^/(de|en)" = {
-          root = if (config.deployment-TLMS.domain == "tlm.solutions") then
-            "${pkgs.kindergarten}"
-          else
-            "${pkgs.kindergarten-staging}";
+          root =
+            if (config.deployment-TLMS.domain == "tlm.solutions") then
+              "${pkgs.kindergarten}"
+            else
+              "${pkgs.kindergarten-staging}";
           # index = "index.html";
           tryFiles = "$uri /$1/index.html =404";
           extraConfig = ''

modules/data-hoarder/nginx.nix

@@ -20,7 +20,8 @@ let
     # STS
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
   '';
-in {
+in
+{
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 
   security.acme.acceptTerms = true;

modules/data-hoarder/postgres.nix

@@ -1,28 +1,29 @@
 { lib, pkgs, config, inputs, self, registry, ... }: {
 
   services.postgresql = {
-    inherit (registry.postgres) port;
+    settings.port = registry.port;
     enable = true;
     enableTCPIP = true;
-    authentication = let
-      senpai-ip =
-        self.unevaluatedNixosConfigurations.notice-me-senpai.specialArgs.registry.wgAddr4;
-    in pkgs.lib.mkOverride 10 ''
-      local	all	all	trust
-      host	all	all	127.0.0.1/32	trust
-      host	all	all	::1/128	trust
-      host	tlms	grafana	${senpai-ip}/32	scram-sha-256
-    '';
+    authentication =
+      let
+        senpai-ip =
+          self.unevaluatedNixosConfigurations.notice-me-senpai.specialArgs.registry.wgAddr4;
+      in
+      pkgs.lib.mkOverride 10 ''
+        local	all	all	trust
+        host	all	all	127.0.0.1/32	trust
+        host	all	all	::1/128	trust
+        host	tlms	grafana	${senpai-ip}/32	scram-sha-256
+      '';
     package = pkgs.postgresql_14;
     ensureDatabases = [ "tlms" ];
     ensureUsers = [
-      { name = "grafana"; }
       {
         name = "tlms";
-        ensurePermissions = {
-          "DATABASE tlms" = "ALL PRIVILEGES";
-          "ALL TABLES IN SCHEMA public" = "ALL";
-        };
+        ensureDBOwnership = true;
+      }
+      {
+        name = "grafana";
       }
     ];
   };

modules/data-hoarder/secrets.nix

@@ -4,7 +4,8 @@ let
   data-accumulator-user = config.TLMS.dataAccumulator.user;
   trekkie-user = config.TLMS.trekkie.user;
   chemo-user = config.TLMS.chemo.user;
-in {
+in
+{
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 
   users.groups = {

modules/data-hoarder/website.nix

@@ -4,12 +4,12 @@
     virtualHosts = {
       "${(builtins.replaceStrings [ "tlm.solutions" ] [ "dvb.solutions" ]
         config.deployment-TLMS.domain)}" = {
-          enableACME = true;
-          forceSSL = true;
-          extraConfig = ''
-            rewrite ^ https://kid.${config.deployment-TLMS.domain}/ permanent;
-          '';
-        };
+        enableACME = true;
+        forceSSL = true;
+        extraConfig = ''
+          rewrite ^ https://kid.${config.deployment-TLMS.domain}/ permanent;
+        '';
+      };
       "${config.deployment-TLMS.domain}" = {
         enableACME = true;
         forceSSL = true;

modules/traffic-stop-box/radio-config.nix

@@ -8,14 +8,16 @@
   } // registry.r09-receiver;
 
   # find all the servers with data-accumulator configured
-  TLMS.telegramDecoder = let
-    registries = builtins.attrValues (builtins.mapAttrs (name: value: value.specialArgs.registry) self.unevaluatedNixosConfigurations);
-    filteredDataHoarders = builtins.filter (other: other ? port-data_accumulator) registries;
-    urlFromRegistry = other: "http://${other.wgAddr4}:${toString other.port-data_accumulator.port}";
-  in {
-    enable = true;
-    server = builtins.map urlFromRegistry filteredDataHoarders;
-    configFile = registry.telegramDecoderConfig;
-    authTokenFile = config.sops.secrets.telegram-decoder-token.path;
-  };
+  TLMS.telegramDecoder =
+    let
+      registries = builtins.attrValues (builtins.mapAttrs (name: value: value.specialArgs.registry) self.unevaluatedNixosConfigurations);
+      filteredDataHoarders = builtins.filter (other: other ? port-data_accumulator) registries;
+      urlFromRegistry = other: "http://${other.wgAddr4}:${toString other.port-data_accumulator.port}";
+    in
+    {
+      enable = true;
+      server = builtins.map urlFromRegistry filteredDataHoarders;
+      configFile = registry.telegramDecoderConfig;
+      authTokenFile = config.sops.secrets.telegram-decoder-token.path;
+    };
 }