aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--flake.lock20
-rw-r--r--flake.nix2
-rw-r--r--tharos/cgit.nix1
-rw-r--r--tharos/grafana.nix5
-rw-r--r--tharos/nextcloud.nix8
5 files changed, 24 insertions, 12 deletions
diff --git a/flake.lock b/flake.lock
index 3ee4e26..6e47eb8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
]
},
"locked": {
- "lastModified": 1758287904,
- "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
+ "lastModified": 1780290312,
+ "narHash": "sha256-eTAlX0CwgB84Ts3GaBd944A3DRXVMzgA0EqroZBISUo=",
"owner": "nix-community",
"repo": "disko",
- "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
+ "rev": "115e5211780054d8a890b41f0b7734cafad54dfe",
"type": "github"
},
"original": {
@@ -27,11 +27,11 @@
]
},
"locked": {
- "lastModified": 1759362264,
- "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
+ "lastModified": 1778716662,
+ "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
+ "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
"type": "github"
},
"original": {
@@ -42,16 +42,16 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1759580034,
- "narHash": "sha256-YWo57PL7mGZU7D4WeKFMiW4ex/O6ZolUS6UNBHTZfkI=",
+ "lastModified": 1780751787,
+ "narHash": "sha256-nWR7F46SyrLvN8Ot39XJDpVCswekGakXlOD4KsTYKW0=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "3bcc93c5f7a4b30335d31f21e2f1281cba68c318",
+ "rev": "00fa9a692bafc08a86061886f888b843bf7fbdb0",
"type": "github"
},
"original": {
"owner": "nixos",
- "ref": "nixos-25.05",
+ "ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
diff --git a/flake.nix b/flake.nix
index e4512a1..e82b96e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
{
inputs = {
- nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
flake-parts = {
url = "github:hercules-ci/flake-parts";
diff --git a/tharos/cgit.nix b/tharos/cgit.nix
index e23c10c..241bb63 100644
--- a/tharos/cgit.nix
+++ b/tharos/cgit.nix
@@ -45,6 +45,7 @@
services.cgit.infra = rec {
enable = true;
nginx.virtualHost = "git.${self.domain}";
+ gitHttpBackend.checkExportOkFiles = false;
repos.infra = {
desc = "Quellcode für die technische Infrastruktur des Stadtteilbeirats Heimfeld";
inherit path;
diff --git a/tharos/grafana.nix b/tharos/grafana.nix
index be723c6..0c6fd4f 100644
--- a/tharos/grafana.nix
+++ b/tharos/grafana.nix
@@ -30,6 +30,11 @@
};
security = {
disable_initial_admin_creation = true;
+ # Bisheriger Upstream-Default aus Nixpkgs < 26.05.
+ # Wird von Grafana zur Verschlüsselung sensibler DB-Spalten (Datenquellen-Credentials, Alert-Channel-Secrets, OAuth-Tokens) genutzt.
+ # Aktuell enthält unsere Grafana-DB nichts dergleichen: einzige Datenquelle ist Prometheus auf localhost ohne Auth, kein Admin-Login, keine Notification-Channels.
+ # Sobald sich das ändert, durch einen eigenen Schlüssel via `secret_key_file` ersetzen.
+ secret_key = "SW2YcwTIb9zpOOhoPsMm";
};
"auth.anonymous" = {
enabled = true;
diff --git a/tharos/nextcloud.nix b/tharos/nextcloud.nix
index eedb507..303688d 100644
--- a/tharos/nextcloud.nix
+++ b/tharos/nextcloud.nix
@@ -2,7 +2,12 @@
{
flake.machines.tharos = {
nixos =
- { config, lib, ... }:
+ {
+ config,
+ pkgs,
+ lib,
+ ...
+ }:
let
apps = config.services.nextcloud.package.packages.apps;
nextcloud = config.services.nextcloud.hostName;
@@ -11,6 +16,7 @@
{
services.nextcloud = {
enable = true;
+ package = pkgs.nextcloud32;
hostName = "nextcloud.${self.domain}";
database.createLocally = true;
config.dbtype = "pgsql";