trajto(reciproka-web): konverti al floko

flake.nix

@@ -8,17 +8,15 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     hakyll-skeleton = {
-      flake = false;
-      url = git+https://reciproka.dev/reciproka/hakyll-skeleton/?ref=consensus;
-    };
-    reciproka-web = {
-      flake = false;
-      url = git+https://reciproka.dev/reciproka/reciproka-web/?ref=consensus;
+      url = "git+https://reciproka.dev/reciproka/hakyll-skeleton/?ref=consensus";
+      inputs.nixpkgs.follows = "nixpkgs";
     };
+    reciproka-web.url = "git+https://reciproka.dev/reciproka/reciproka-web/?ref=consensus";
     resrok-web = {
       flake = false;
       url = git+https://reciproka.dev/resrok/resrok-web/?ref=consensus;
     };
+    nix.url = github:NixOS/nix/?ref=2.24.6;
     nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-24.05;
     nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable;
     utils.url = "github:numtide/flake-utils";

hardware/raspberry_pi_3_model_B.nix

@@ -24,6 +24,7 @@
     loader = {
       generic-extlinux-compatible = {
         enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
+        configurationLimit = 5;
       };
       grub = {
         enable = false; # NixOS wants to enable GRUB by default.

nixos/hosts/flemming/default.nix

@@ -15,6 +15,7 @@
 }: {
   imports = [
     ../../../networks/pi3B_rack.nix
+    ../../../profiles/hakyll-skeleton.nix
   ];
 
   # Comment out deployment when building the SD Image.

nixos/hosts/hollows/default.nix

@@ -0,0 +1,25 @@
+# NixOS configuration for flemming
+#
+# Andy Flemming, AKA Slackbastard is the psuedonym of an Australian anarchist
+# who hosts Yeah Nah Pasaran on radio 3CR and documents fascism and its
+# grave diggers in Australia
+#
+# https://en.wikipedia.org/wiki/Andy_Fleming_(activist)
+# https://slackbastard.anarchobase.com/
+# https://www.3cr.org.au/yeahnahpasaran
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    ../../../networks/pi3B_rack.nix
+  ];
+
+  # Comment out deployment when building the SD Image.
+  deployment.targetHost = "10.42.0.203";
+  networking.hostName = "hollows"; # Define your hostname.
+
+  system.stateVersion = "22.05"; # The version of NixOS originally installed
+}

nixos/hosts/toscano/configuration.nix

@@ -13,7 +13,6 @@
 }: {
   imports = [
     ../../../networks/linode.nix
-    ../../../profiles/hakyll-skeleton.nix
     ../../../profiles/reciproka-web.nix
     ../../../profiles/reciproka-forgejo.nix
     ../../../profiles/resrok-web.nix

outputs.nix

@@ -4,6 +4,7 @@
   reciproka-web,
   ragenix,
   colmena,
+  nix,
   nixpkgs,
   nixpkgsUnstable,
   resrok-web,
@@ -17,6 +18,7 @@ in {
   devShell =
     pkgs.callPackage
     ./shell.nix {
+      inherit (nix.packages."${pkgs.system}") nix;
       inherit (ragenix.packages."${pkgs.system}") ragenix;
       inherit (colmena.packages."${pkgs.system}") colmena;
       inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") alejandra;
@@ -32,22 +34,29 @@ in {
         overlays = [];
       };
     };
+    defaults = {pkgs, ...}: {
+      imports = [
+        ragenix.nixosModules.default
+      ];
+    };
     flemming = {
       imports = [
         ./nixos/hosts/flemming
-        ragenix.nixosModules.default
+      ];
+    };
+    hollows = {
+      imports = [
+        ./nixos/hosts/hollows
       ];
     };
     pred = {
       imports = [
         ./nixos/hosts/pred
-        ragenix.nixosModules.default
       ];
     };
     toscano = {
       imports = [
         ./nixos/hosts/toscano/configuration.nix
-        ragenix.nixosModules.default
       ];
     };
   };

profiles/hakyll-skeleton.nix

@@ -6,8 +6,8 @@
   ...
 }: let
   flake = builtins.getFlake (toString ../.);
-  hakyll-skeleton = import flake.inputs.hakyll-skeleton {};
-  webdomain = "skeleton.reciproka.co";
+  hakyll-skeleton = flake.inputs.hakyll-skeleton.packages."${pkgs.system}".default;
+  webdomain = "skeleton.reciproka.dev";
 in {
   environment.sessionVariables = {
     LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";

profiles/reciproka-forgejo.nix

@@ -25,7 +25,6 @@ in {
         HTTP_PORT = 3002; # Provided unique port
         ROOT_URL = "https://reciproka.dev/"; # Root web URL
       };
-      service.DISABLE_REGISTRATION = true;
     in {
       mailer = {
         ENABLED = true;
@@ -35,6 +34,7 @@ in {
         DEFAULT_BRANCH = "consensus";
       };
       service = {
+        DISABLE_REGISTRATION = true;
         REGISTER_EMAIL_CONFIRM = true;
       };
       "markup.restructuredtext" = {

profiles/reciproka-web.nix

@@ -6,8 +6,8 @@
   ...
 }: let
   flake = builtins.getFlake (toString ../.);
-  reciproka-web = import flake.inputs.reciproka-web {};
-  webdomain = "reciproka.co";
+  reciproka-web = flake.inputs.reciproka-web.packages."${pkgs.system}".default;
+  webdomain = "reciproka.net";
 in {
   environment.sessionVariables = {
     LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
@@ -29,6 +29,13 @@ in {
       "www.${webdomain}" = {
         # Respect our elders :-)
         locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
+        enableACME = true; # Use ACME certs
+        forceSSL = true; # Force SSL
+      };
+      "reciproka.co" = {
+        locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
+        enableACME = true; # Use ACME certs
+        forceSSL = true; # Force SSL
       };
     };
   };
@@ -36,10 +43,9 @@ in {
   security.acme = {
     acceptTerms = true;
     certs = {
-      "${webdomain}" = {
-        email = "admin@${webdomain}";
-        #group = "matrix-synapse";
-      };
+      "${webdomain}" = {email = "admin@${webdomain}";};
+      "www.${webdomain}" = {email = "admin@${webdomain}";};
+      "reciproka.co" = {email = "admin@${webdomain}";};
     };
   };
 

secrets/fiscalvelvetpoet.age

@@ -1,18 +1,21 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyAveERD
-RlloME0vRXYwbWtqVFpOdS83ODFpcSsvQUNmOHA3Qm01Mi9rSEYwCnBvT0V3NzU4
-YUVFUmdwUDBoQjlMa0V2SzBGbWJGT1QwL1Nqd1NRV2xabDAKLT4gc3NoLWVkMjU1
-MTkgUWQwZXBRIDFjNnRyalVlMCsya1JvQXdXUGlBdFVsaTVFK3hDaDFneXJTM012
-dnFka2sKa3J5ZlBtekxGM01sK09SVnY1SmZEMi9HSUpONDI4ZFVudW9LbjRkaitU
-cwotPiBzc2gtZWQyNTUxOSBaRDhsTXcgSnZ4djlnZlF1ZVI2UEhsSUl0dlRWTzJa
-bU9SZ0IwYXNkdzJ2ZEEvcHgyWQp4VC9waVdRK09aSlZkT1hNbTh5RUV4ck8rNjMr
-SXpPK0cxME9VS01XaEs0Ci0+IHNzaC1lZDI1NTE5IGY1VGhBZyBsMm50NjZxK0RZ
-eUowTVJnQVpDWHlodTJmSitPekFnMVArZVdscVRtVVVJCjNEV0laQXNmcjJaVWFM
-R0tDdzFWdFNBaFFjU3YzQzZWckdVS3RBWG1CKzQKLT4gUzJeVD4iKC1ncmVhc2UK
-L0xsMEtLejZxVHE4U0VLbGhIYTlDS2IzQWVsL2FpTmppay9sZUxWK01BCi0tLSB5
-WWNJSVJOZUoxanlRbnRRQ1kvYzVrVFpSN293UWhuelZrRWVFQlltdllrCg3cGJL9
-MEIrfgtvsPdHOqpkp8TeeRVLIephesuve8S17Lujt2WPmigzf7fCQ1rc9/W/VMsT
-g6tQhsdPeQTynPih1htXlweypUU8mdAMT49qV+TumR0SybuM0eff+emLK7juUQCw
-zoy8rZlsPnDI0zYuDpWsVYFdnkS3cm4YHd7CNlAyF+jWk2Z87C8BaGhPxWvDL92b
-DwZpLuniZKBB6uew
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBSMUhj
+Zk9XdkxaZkpXYkF3K2lpbkR5dmZYYzJhUi9UanpBVEI1S2IvZXhNCnpyT09mZHNv
+YktCcUd5Y2w1bnNNajFjaWl6Um9yWFpUTkFGdjRINnZFRW8KLT4gc3NoLWVkMjU1
+MTkgUWQwZXBRIHE3RXdLUC82TVNJdHIvU2xnWGF1QktCZGkxbFhsT0dxVDRZZWgy
+aVBUbDQKUkxqdTc5ZlhQaG5OOXhtSVBlR2FCR2c3ZGR2cnFUWnN0WkQxRDRlWlg1
+YwotPiBzc2gtZWQyNTUxOSB1N1ozancgR2pTOVZ5cGpmdzMzT1ZYelAwTTI1TVpG
+QUdlZ0xBZEo4NkpoZlZEVGlFTQpFelJDQ0RKaFFsVlRESERmMWJIQjZJcmh1QzBI
+VFU3QmZGZ2JKcFMyNmJrCi0+IHNzaC1lZDI1NTE5IFpEOGxNdyBYSHdCdXJRTUVI
+eDFJZHRHY2JhUTRha1JNRFg5c3ppbVo0OGdQSXdPOUdJCjBFSTVpd2JWd2xkTjZx
+VDVuMlVHb1Z1aEhYU2kxWkpwV2hJUDZQRzNkckUKLT4gc3NoLWVkMjU1MTkgZjVU
+aEFnIG1zay9zeUFtd3dkOTJQUFR6S0ZnUm9jbmQ0TkJQU2pJTTYrMmNEaE5KeTAK
+WXN2OFM2anNYYXF6Wk9rUnFjQzNGSjdhTGFyVDhhd1dORWxRaUpuRG9XUQotPiBe
+d3pXUTxFLWdyZWFzZSBvVT16IFw3Oz02IGQ/ZFVjQS4KVnBKTVc0YzR3SEhaOS80
+bzE1NXMxaHh1QStNaXZ4eGZrbDdrV0k5YW5rQTdKbGJsbzZsRzFLMi9veTAKLS0t
+IGdEblEzcTdkcWVFVURycTJsTUl5MHEySUdTRTJub1hMVnJNekMxQTAxTGcKot0G
+3I1FgBm5Hw3MkQXfRdX6FgzAAEmH0t+v8R087u7vDbzVFVwVWGm4qQuHTwYNa1Yu
+5gcM8LAg9N/ZV6Mc7+OlqKoKTs6S+VhphfbuDPrwJZUJT/OO30MgEdgemZ+JtQoA
+O5str1O/0MBTQRyqJglcIjD2rPQcl9cZQupvJeaTOkdoLQ3Pv8aUrZBg3yHg6JX4
+N5siGxgv/NfGcpCvkUM=
 -----END AGE ENCRYPTED FILE-----

secrets/forgejo.age

@@ -1,12 +1,13 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBFWmM3
-SGVENHM5NFRwbmMxWFcxNXppV25reUNpbnFxejhPbWIyWTdKMlEwCk42VG9zemQ0
-eXNzMjRtdXFZZGtVSW5XTEFvQzBjN1ZaUzJUdGZzeW1uYkEKLT4gc3NoLWVkMjU1
-MTkgZjVUaEFnIEpkVVJpZkdiSHRBMjdyMFBZRXNrQXF2RG9mbVRLcFVjSWpyOEYv
-L0tmQVEKdFlKbGx2ZElmVUxTcVdiZGkyVk1sMSswSnJ6VERXYWVLMWRDWTdwWU9j
-ZwotPiBiP0BeJk85Pi1ncmVhc2UgbCl0NGw2IHdOdjg1biBnIV89Wm83RyBFe31r
-ZTtoCklFVk83MWQ3MnRPL1RTQm9PU3RDY1RKajZkR21RLzVoVUVXS2ovTEpHWGY1
-V0lNTWlsRm9IRktpTmwyYVFwZncKZ0ZDQmxuUDBMaFNHcmcKLS0tIG45U1prZUJX
-Wi9iOGE5UDBiNzBOTVY0V1FFaTBpOXN4V1NpQVc2bm82cW8KWN4G2p4FkRBeVkKt
-MR6puzAlFaXiQrE26RPrHepdfQz62+zu0eFKQd6+w/dwUMoyoElBCCZeWyiA
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBuMjdR
+ZzN1QTRIend1TWhLSDZzQ0JQUG9tZFdGZUo4QUljV3pnaEdDR1VzCi9PRXFnTDlD
+NFhtYW4reHphUFFqUVBDd2pxY2liOXgwRUlIZzcvZTdWWTAKLT4gc3NoLWVkMjU1
+MTkgZjVUaEFnIGRvQUFSMzFzVmZLT0Z4SlczNmdicThCYklBbisvcmlzejI4b3Jm
+ZVRTVmsKWDlKTkV6STJaSEVDL0tMVmMvcUt0L3pOS0xXU281bjRXSkJDSXloLzZE
+OAotPiBVLWdyZWFzZSBCZTMgM01ZIEd0OWcKdnMvd0FJOEhmQTdTcElld0JsNXdD
+bS9hWUtHam1PR0tyTmowck1rVEEzZXc0QjhWNjVNZVU0anRCS1lrMkRtVApQcVdV
+djJORHppTEFib1VLOC9LbG5OdWhNdEZKWGJyQ3Z6dUFTOEw5WjZsT2E4SDRSSUlK
+aEpWRUNYRlZTdwotLS0geFBJK21QRGZxd3lZRjZRanhDeFRDTTd6T1p2UGhiNXBm
+NnhaWkptcDFsYwqWryUWy5DtJHpelFVJu9DnS2rUS9JVnjIHCj2MNYrs6f5cxzZP
+4+CUjz1Agu+ODFUvsl/ccIvcaS0=
 -----END AGE ENCRYPTED FILE-----

secrets/root.age

@@ -1,19 +1,22 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBGTW5o
-dWVTNjFIN1AwV01tVlV4Sy9NcDZ1QjZZdDVMTkE0cTJxOHJ2NFFzCjYyRXBYNVhB
-RUQwaVM2cFNpMEEzZTNHWVV4V0FDTXdGQ0FHLzNOaE14KzgKLT4gc3NoLWVkMjU1
-MTkgUWQwZXBRIDZTQmdzdFoxQ24waHNXb2N1cW9Uc3NMcnNWV0VOSmcwVmEzVzFS
-elJuZ1kKV1lWUm1LZUMzdzYxdDQ4VDBGdDRXNnNMbTFIMFl1WFdSZ092dm5hWXRy
-VQotPiBzc2gtZWQyNTUxOSBaRDhsTXcgbzdQYlpmQnBQVHEwV3EwNjNDU1hCSTlu
-OWh5NDdrL0N6cDRPVUlyQndrTQptckpUNXR4YmhDMnJkR2FTK2Z6RzkwNFRjRjRP
-cThwNElxMHRxbkp3QjA4Ci0+IHNzaC1lZDI1NTE5IGY1VGhBZyB1K0dXUXVuMC9Z
-U0Vnbjg5U3J3eFRFOU9OYUNTLzlGYTE4aHZVd1k0Z0Z3CnpSQkswMjlScDBZV3ow
-NkdDdmZsN2UraFlxd1pzQ2xLWWVXbVBXU281OGMKLT4gQi9JLWdyZWFzZSB1UiU2
-MiBzIGI4RWVOdyAhbUJhVHRTXgpKSGs2Sk44WkNMSUlvWjVLUTdsOGJkM3pNNzVL
-clVPR1hkOXM3Tk1aUUszUnViN2xPM3EvVEhjZGpmSGhQOE5CCk5FWVdzTkx6SkND
-QW9PU1pyV0I4Wm9Jdnh4RQotLS0gQ2JRYnA0Y2I5a1ZpZStidFBtWWZyditpZ25o
-Mmw2KzZOY1dEMDRZcUEyTQrRvJW1UGMHGZbY6U8p4nqv0JPPBJjAWd6JWMll0bio
-b413jw7QNzFVsSeVKLN+ggneRsCYi4ax4Zwq4iZCn7+3C4xB//SyLmmlmnnW+0tR
-odrfE0r84I12AK35SKZjLQBw5osOiYB9lSbloZTMHVguvKjwqcg1V3eX6909yeou
-urCplU5qLT2XFrtLSWGtax3D49lOezWwoLC/uZPm9MX97g==
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBsWm9s
+UzB6bzM2VU9IR3Y2MUcrdmtJTk1nM3h0VFV4WFNaaU9pZ0pHMWxBClpiRDZ3VVU1
+VkE5SHhJZXc4RGJOenY3Qzc1eXN6Y1M2d1ZnU1dIbHFvQUUKLT4gc3NoLWVkMjU1
+MTkgUWQwZXBRIGVCZURhelZkTFpoRldaVlZoZzVBenBjbEROUlIrTERnN2VpNmhP
+dVFNSDQKNXNWNU5iOGRBV3ZMVzdSVXRPSTkvQzJpblVsbERJekM0VHdnbEwyd0tG
+VQotPiBzc2gtZWQyNTUxOSB1N1ozancgY2pvTllQbytTbDBZaHlSbVFxa2ZYbmFt
+OTlvYTQrMUcybVdJd2gxb2Jsbwo4RXBLMkdYSFY3aHYxSGZnS0h4S21ablBueFBz
+L2JFaEhaYWR5VFFNQzhVCi0+IHNzaC1lZDI1NTE5IFpEOGxNdyBDZGNmblJIWGtx
+QWhEeldzVGZmUWJ6anM4Y2hTT0tpUVNpNDVyRDJRQ240Clk2bmpCVlI4RWduRS80
+cVRVWWwycDdtdVpFS25BSDAzOEh5YUcxdW9GclkKLT4gc3NoLWVkMjU1MTkgZjVU
+aEFnIDZBbXVIQVdoaVl6TlZXR1FmeEtwL0hBNWc4c0lvSFlQTzZVc1VJZ09PMXcK
+VnhFVVg4eTZiRU1YbUhxUzJrYXRUeWpVVFdOSWpUNHNvUWZCRXd1U3Y3VQotPiBB
+IW9WfGMlLWdyZWFzZQo2WmhadWt6cFZ3S2FONDFIWUFPWWpMOXFRT1d2alNPajVI
+aUJrdmVVT1J1OHA3Uy9LMjdadSs4RnhldGNxWGNtCitJSHhKSlhnMzI0UDdtSFBX
+T0tuY0NvRkI5Q0F6YkJmSHI3aFlReHJORVNLL1RJMkI5QUt5NllmcGcKLS0tIGFQ
+YXpDdDhnR05PaGQ0WEdVd2hMUURnRmtnbDVvWkt0ZDNtaVhxT0ZIbFUKcYbxjmgx
+v7X82tsU3fuTUo9l2q3HmHECwKlvyqsXyyJst+/jJgANfE7/tHm0t6Dm4fPgBvdN
+0AqTDx1p7PLvfQhMuhD2G9mHGLwcom3xUOI8h6JkMCv+bojWD9RCEB+wsAwfCzVV
+pStMrMl6copsy1/E4yXkkm+kBgIMFeGzQvRyZ+UCri0rjzsGFQWEgUgD3fFcNJIq
+HCYi0uW970YK2qI=
 -----END AGE ENCRYPTED FILE-----

secrets/secrets.nix

@@ -11,9 +11,10 @@ let
   users = [fiscalvelvetpoet];
 
   flemming = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK16f3Fjj0BY9vjtXahezMAP3I329hHEQXCceRTkr+Yu";
+  hollows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGB8EUbqoarM4GmPgE2DBF4z/L6wVNc+lF27Z83XDUz";
   pred = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMK5BOK1ldtZ+SV4QxfNm/PfOLOWv3/VHf/JbdMMoMzw";
   toscano = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWcukRkNUQUbgXQle8q9xszDZOnDf3BVpPSFgycJVVE";
-  systems = [flemming pred toscano];
+  systems = [flemming hollows pred toscano];
 in {
   "root.age".publicKeys = ops ++ systems;
   "fiscalvelvetpoet.age".publicKeys = [fiscalvelvetpoet] ++ systems;

shell.nix

@@ -4,6 +4,7 @@
   alejandra,
   mkShell,
   colmena,
+  nix,
 }:
 with pkgs;
   mkShell {