nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.fudo.org:2222/fudosys/NixOS

Browse Source
This commit is contained in:
root 2020-07-23 22:47:35 -07:00
commit 4abde6f83f
13 changed files with 266 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
config/fudo/git.nix
View File

@ -25,35 +25,50 @@ let
}; };
}; };
sshOpts = { ... }: with types; {
options = {
listen-ip = mkOption {
type = str;
description = "IP on which to listen for SSH connections.";
};
listen-port = mkOption {
type = port;
description = "Port on which to listen for SSH connections, on <listen-ip>.";
default = 22;
};
};
};
in { in {
options.fudo.git = { options.fudo.git = with types; {
enable = mkEnableOption "Enable Fudo git web server."; enable = mkEnableOption "Enable Fudo git web server.";
hostname = mkOption { hostname = mkOption {
type = types.str; type = str;
description = "Hostname at which this git server is accessible."; description = "Hostname at which this git server is accessible.";
example = "git.fudo.org"; example = "git.fudo.org";
}; };
site-name = mkOption { site-name = mkOption {
type = types.str; type = str;
description = "Name to use for the git server."; description = "Name to use for the git server.";
default = "Fudo Git"; default = "Fudo Git";
}; };
database = mkOption { database = mkOption {
type = (types.submodule databaseOpts); type = (submodule databaseOpts);
description = "Gitea database options."; description = "Gitea database options.";
}; };
repository-dir = mkOption { repository-dir = mkOption {
type = types.path; type = path;
description = "Path at which to store repositories."; description = "Path at which to store repositories.";
example = /srv/git/repo; example = /srv/git/repo;
}; };
state-dir = mkOption { state-dir = mkOption {
type = types.path; type = path;
description = "Path at which to store server state."; description = "Path at which to store server state.";
example = /srv/git/state; example = /srv/git/state;
}; };
@ -63,6 +78,18 @@ in {
description = "System user as which to run."; description = "System user as which to run.";
default = "git"; default = "git";
}; };
local-port = mkOption {
type = port;
description = "Local port to which the Gitea server will bind. Not globally accessible.";
default = 3543;
};
ssh = mkOption {
type = nullOr (submodule sshOpts);
description = "SSH listen configuration.";
default = null;
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -78,14 +105,23 @@ in {
name = cfg.database.name; name = cfg.database.name;
user = cfg.database.user; user = cfg.database.user;
passwordFile = cfg.database.password-file; passwordFile = cfg.database.password-file;
type = "postgres";
}; };
domain = cfg.hostname; domain = cfg.hostname;
httpAddress = "127.0.0.1"; httpAddress = "127.0.0.1";
httpPort = 3543; httpPort = cfg.local-port;
repositoryRoot = toString cfg.repository-dir; repositoryRoot = toString cfg.repository-dir;
stateDir = toString cfg.state-dir; stateDir = toString cfg.state-dir;
rootUrl = "https://${cfg.hostname}/"; rootUrl = "https://${cfg.hostname}/";
user = mkIf (cfg.user != null) cfg.user; user = mkIf (cfg.user != null) cfg.user;
extraConfig = mkIf (cfg.ssh != null) ''
[server]
START_SSH_SERVER = true
SSH_DOMAIN = ${cfg.hostname}
SSH_PORT = ${toString cfg.ssh.listen-port}
SSH_LISTEN_PORT = ${toString cfg.ssh.listen-port}
SSH_LISTEN_HOST = ${cfg.ssh.listen-ip}
'';
}; };
nginx = { nginx = {
@ -97,15 +133,15 @@ in {
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:3543"; proxyPass = "http://127.0.0.1:${toString cfg.local-port}";
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-By $server_addr:$server_port; proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
''; '';
}; };
}; };
}; };

38
config/fudo/mail-container.nix
View File

@ -160,21 +160,21 @@ in rec {
}; };
}; };
users = { # users = {
users = { # users = {
${container-mail-user} = { # ${container-mail-user} = {
isSystemUser = true; # isSystemUser = true;
uid = container-mail-user-id; # uid = container-mail-user-id;
group = "mailer"; # group = "mailer";
}; # };
}; # };
groups = { # groups = {
${container-mail-group} = { # ${container-mail-group} = {
members = ["mailer"]; # members = ["mailer"];
}; # };
}; # };
}; # };
fudo.mail-server = { fudo.mail-server = {
enable = true; enable = true;
@ -193,10 +193,12 @@ in rec {
dovecot = { dovecot = {
ssl-certificate = "/etc/${container-dovecot-cert}"; ssl-certificate = "/etc/${container-dovecot-cert}";
ssl-private-key = "/etc/dovecot-certs/key.pem"; ssl-private-key = "/etc/dovecot-certs/key.pem";
ldap-ca = "/etc/${container-fudo-ca-cert}"; ldap = {
ldap-urls = cfg.dovecot.ldap-urls; # ca = "/etc/${container-fudo-ca-cert}";
ldap-reader-dn = cfg.dovecot.ldap-reader-dn; server-urls = cfg.dovecot.ldap.server-urls;
ldap-reader-passwd = cfg.dovecot.ldap-reader-passwd; reader-dn = cfg.dovecot.ldap.reader-dn;
reader-passwd = cfg.dovecot.ldap.reader-passwd;
};
}; };
local-domains = cfg.local-domains; local-domains = cfg.local-domains;

37
config/fudo/mail/dovecot.nix
View File

@ -53,30 +53,33 @@ let
} }
''; '';
ldapOpts = with types; { ldapOpts = {
ca = mkOption { options = with types; {
type = str; ca = mkOption {
description = "The path to the CA cert used to sign the LDAP server certificate."; type = nullOr str;
}; description = "The path to the CA cert used to sign the LDAP server certificate.";
default = null;
};
server-urls = mkOption { server-urls = mkOption {
type = listOf str; type = listOf str;
description = "A list of LDAP server URLs used for authentication."; description = "A list of LDAP server URLs used for authentication.";
}; };
reader-dn = mkOption { reader-dn = mkOption {
type = str; type = str;
description = '' description = ''
DN to use for reading user information. Needs access to homeDirectory, DN to use for reading user information. Needs access to homeDirectory,
uidNumber, gidNumber, and uid, but not password attributes. uidNumber, gidNumber, and uid, but not password attributes.
''; '';
}; };
reader-pw = mkOption { reader-passwd = mkOption {
type = str; type = str;
description = '' description = ''
Password for the user specified in ldap-reader-dn. Password for the user specified in ldap-reader-dn.
''; '';
};
}; };
}; };
@ -204,7 +207,7 @@ in {
auth_mechanisms = login plain auth_mechanisms = login plain
${optionalString (cfg.dovecot.ldap != null) ${optionalString (cfg.dovecot.ldap != null)
(ldap-conf cfg.dovecot.ldap)} (ldap-passwd-entry cfg.dovecot.ldap)}
userdb { userdb {
driver = static driver = static
args = uid=${toString cfg.mail-user-id} home=${cfg.mail-directory}/%u args = uid=${toString cfg.mail-user-id} home=${cfg.mail-directory}/%u

4
config/fudo/minecraft-server.nix
View File

@ -43,6 +43,10 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [
cfg.package
];
services.minecraft-server = { services.minecraft-server = {
enable = true; enable = true;
package = cfg.package; package = cfg.package;

6
config/fudo/system.nix
View File

@ -20,6 +20,12 @@ in {
default = []; default = [];
example = ["redis.service"]; example = ["redis.service"];
}; };
tmpOnTmpfs = mkOption {
type = types.bool;
description = "Put tmp filesystem on tmpfs (needs enough RAM).";
default = true;
};
}; };
config = mkIf cfg.disableTransparentHugePages { config = mkIf cfg.disableTransparentHugePages {

79
config/fudo/vpn.nix Normal file
View File

@ -0,0 +1,79 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.fudo.vpn;
peerOpts = { peer-name, ... }: {
options = with types; {
public-key = mkOption {
type = str;
description = "Peer public key.";
};
allowed-ips = mkOption {
type = listOf str;
description = "List of allowed IP ranges from which this peer can connect.";
example = [ "10.100.0.0/16" ];
default = [];
};
};
};
in {
options.fudo.vpn = with types; {
enable = mkEnableOption "Enable Fudo VPN";
ips = mkOption {
type = str;
description = "IP range to assign this interface.";
default = "10.100.0.0/16";
};
private-key-file = mkOption {
type = str;
description = "Path to the secret key (generated with wg [genkey/pubkey]).";
example = "/path/to/secret.key";
};
listen-port = mkOption {
type = port;
description = "Port on which to listen for incoming connections.";
default = 51820;
};
peers = mkOption {
type = listOf str;
description = "A list of peers for which to generate config files.";
default = [];
};
peers = mkOption {
type = loaOf (submodule peerOpts);
description = "A list of peers allowed to connect.";
default = {};
example = {
peer0 = {
public-key = "xyz";
allowed-ips = ["10.100.1.0/24"];
};
};
};
};
config = mkIf cfg.enable {
networking.wireguard = {
enable = true;
interfaces.wgtun0 = {
generatePrivateKeyFile = false;
ips = [ cfg.ips ];
listenPort = cfg.listen-port;
peers = mapAttrsToList (peer-name: peer-config: {
publicKey = peer-config.public-key;
allowedIPs = peer-config.allowed-ips;
}) cfg.peers;
privateKeyFile = cfg.private-key-file;
};
};
};
}

1
config/local.nix
View File

@ -22,6 +22,7 @@ with lib;
./fudo/secure-dns-proxy.nix ./fudo/secure-dns-proxy.nix
./fudo/slynk.nix ./fudo/slynk.nix
./fudo/system.nix ./fudo/system.nix
./fudo/vpn.nix
./fudo/webmail.nix ./fudo/webmail.nix
./informis/cl-gemini.nix ./informis/cl-gemini.nix

16
defaults.nix
View File

@ -53,6 +53,7 @@
lispPackages.cl-ppcre lispPackages.cl-ppcre
lispPackages.clx lispPackages.clx
lispPackages.quicklisp lispPackages.quicklisp
lsof
lshw lshw
mkpasswd mkpasswd
ncurses5 ncurses5
@ -68,7 +69,6 @@
pinentry.curses pinentry.curses
pv pv
pwgen pwgen
racket
ruby ruby
rustc rustc
sbcl sbcl
@ -142,6 +142,7 @@
openssh = { openssh = {
enable = true; enable = true;
startWhenNeeded = true; startWhenNeeded = true;
permitRootLogin = "prohibit-password";
extraConfig = '' extraConfig = ''
GSSAPIAuthentication yes GSSAPIAuthentication yes
GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes
@ -165,12 +166,13 @@
security.pam = { security.pam = {
enableSSHAgentAuth = true; enableSSHAgentAuth = true;
# TODO: add yubico? # TODO: add yubico?
services.sshd = { services = {
# This should only ask for a code if ~/.google_authenticator exists, but it asks anyway. sshd = {
# googleAuthenticator.enable = true; # This should only ask for a code if ~/.google_authenticator exists, but it asks anyway.
makeHomeDir = true; # googleAuthenticator.enable = true;
# Fails! makeHomeDir = true;
# requireWheel = true; sshAgentAuth = true;
};
}; };
}; };

2
fudo/profiles/common-ui.nix
View File

@ -34,6 +34,7 @@ let
mplayer mplayer
mpv mpv
pdftk pdftk
racket
redshift redshift
rhythmbox rhythmbox
shotwell shotwell
@ -139,6 +140,7 @@ in mkIf ((profile == "desktop") || (profile == "laptop")) {
terminus_font terminus_font
ubuntu_font_family ubuntu_font_family
ucsFonts ucsFonts
ultimate-oldschool-pc-font-pack
unifont unifont
vistafonts vistafonts
xlibs.fontadobe100dpi xlibs.fontadobe100dpi

7
fudo/profiles/server.nix
View File

@ -53,8 +53,9 @@ in {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
ldns ldns
ldns.examples ldns.examples
test-config racket-minimal
reboot-if-necessary reboot-if-necessary
test-config
]; ];
noXlibs = true; noXlibs = true;
@ -66,8 +67,8 @@ in {
networking = { networking = {
networkmanager.enable = mkForce false; networkmanager.enable = mkForce false;
}; }
;
boot.tmpOnTmpfs = true; boot.tmpOnTmpfs = true;
services.xserver.enable = false; services.xserver.enable = false;

159
hosts/france.nix
View File

@ -7,7 +7,7 @@ let
mail-hostname = hostname; mail-hostname = hostname;
host_ipv4 = "208.81.3.117"; host_ipv4 = "208.81.3.117";
# Use a special IP for git.fudo.org, since it needs to be SSH-able # Use a special IP for git.fudo.org, since it needs to be SSH-able
docker_ipv4 = "208.81.3.126"; git_ipv4 = "208.81.3.126";
all-hostnames = []; all-hostnames = [];
acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem"; acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem";
@ -34,6 +34,15 @@ in {
../defaults.nix ../defaults.nix
]; ];
# services.openssh = {
# listenAddresses = [
# {
# addr = host_ipv4;
# port = 22;
# }
# ];
# };
fudo.common = { fudo.common = {
# Sets some server-common settings. See /etc/nixos/fudo/profiles/... # Sets some server-common settings. See /etc/nixos/fudo/profiles/...
profile = "server"; profile = "server";
@ -118,12 +127,6 @@ in {
fudo_git = "ALL PRIVILEGES"; fudo_git = "ALL PRIVILEGES";
}; };
}; };
gitlab_postgres = {
password = fileContents "/srv/gitlab/secure/db.passwd";
databases = {
gitlab = "ALL PRIVILEGES";
};
};
grafana = { grafana = {
password = fileContents "/srv/grafana/secure/db.passwd"; password = fileContents "/srv/grafana/secure/db.passwd";
databases = { databases = {
@ -151,7 +154,6 @@ in {
databases = { databases = {
fudo_git = ["niten"]; fudo_git = ["niten"];
gitlab = ["niten"];
grafana = ["niten"]; grafana = ["niten"];
mattermost = ["niten"]; mattermost = ["niten"];
webmail = ["niten"]; webmail = ["niten"];
@ -237,11 +239,13 @@ in {
state-directory = "${system-mail-directory}/var"; state-directory = "${system-mail-directory}/var";
mail-directory = "${system-mail-directory}/mailboxes"; mail-directory = "${system-mail-directory}/mailboxes";
dovecot.ldap-reader-dn = "cn=user_db_reader,dc=fudo,dc=org"; dovecot.ldap = {
dovecot.ldap-reader-passwd = fileContents /srv/ldap/secure/user_db.passwd; reader-dn = "cn=user_db_reader,dc=fudo,dc=org";
reader-passwd = fileContents /srv/ldap/secure/user_db.passwd;
# FIXME: use SSL once I can figure out Acme SSL cert CA for LDAP. # FIXME: use SSL once I can figure out Acme SSL cert CA for LDAP.
dovecot.ldap-urls = [ "ldap://france.fudo.org" ]; server-urls = [ "ldap://france.fudo.org" ];
};
clamav.enable = true; clamav.enable = true;
@ -270,27 +274,27 @@ in {
"webmail.test.fudo.org" = { "webmail.test.fudo.org" = {
title = "Fudo Webmail"; title = "Fudo Webmail";
favicon = "/etc/nixos/static/fudo.org/favicon.ico"; favicon = "/etc/nixos/static/fudo.org/favicon.ico";
mail-server = mail-hostname; mail-server = "mail.fudo.org";
domain = "test.fudo.org"; domain = "fudo.org";
edit-mode = "Plain"; edit-mode = "Plain";
database = { database = {
name = "webmail"; name = "webmail";
hostname = "localhost"; hostname = "localhost";
user = "webmail"; user = "webmail";
password-file = /srv/webmail/secure/db.passwd; password-file = "/srv/webmail/secure/db.passwd";
}; };
}; };
"webmail.test.selby.ca" = { "webmail.test.selby.ca" = {
title = "Selby Webmail"; title = "Selby Webmail";
favicon = "/etc/nixos/static/selby.ca/favicon.ico"; favicon = "/etc/nixos/static/selby.ca/favicon.ico";
mail-server = mail-hostname; mail-server = "mail.selby.ca";
domain = "test.selby.ca"; domain = "selby.ca";
database = { database = {
name = "webmail"; name = "webmail";
hostname = "localhost"; hostname = "localhost";
user = "webmail"; user = "webmail";
password-file = /srv/webmail/secure/db.passwd; password-file = "/srv/webmail/secure/db.passwd";
}; };
}; };
}; };
@ -314,7 +318,7 @@ in {
fudo.git = { fudo.git = {
enable = true; enable = true;
hostname = "git.test.fudo.org"; hostname = "git.fudo.org";
site-name = "Fudo Git"; site-name = "Fudo Git";
user = "fudo_git"; user = "fudo_git";
database = { database = {
@ -325,6 +329,10 @@ in {
}; };
repository-dir = /srv/git/repo; repository-dir = /srv/git/repo;
state-dir = /srv/git/state; state-dir = /srv/git/state;
ssh = {
listen-ip = git_ipv4;
listen-port = 2222;
};
}; };
networking = { networking = {
@ -368,7 +376,7 @@ in {
macAddress = "02:6d:e2:e1:ad:ca"; macAddress = "02:6d:e2:e1:ad:ca";
ipv4.addresses = [ ipv4.addresses = [
{ {
address = docker_ipv4; address = git_ipv4;
prefixLength = 28; prefixLength = 28;
} }
]; ];
@ -449,42 +457,7 @@ in {
isNormalUser = false; isNormalUser = false;
uid = 8006; uid = 8006;
}; };
gitlab = {
isNormalUser = false;
uid = 8002;
};
gitlab_postgres = {
isNormalUser = false;
group = config.fudo.postgresql.socket-group;
uid = 8003;
};
gitlab_redis = {
isNormalUser = false;
group = "redis-local";
uid = 8004;
};
gitlab_www = {
isNormalUser = false;
group = "nogroup";
uid = 8005;
};
}; };
extraGroups = {
redis-local = {
members = ["redis"];
gid = 7001;
};
};
};
boot.kernel.sysctl = {
# For Redis
"vm.overcommit_memory" = 1;
}; };
fudo.system = { fudo.system = {
@ -492,10 +465,6 @@ in {
postHugePageServices = ["redis.service"]; postHugePageServices = ["redis.service"];
}; };
systemd.services.redis.postStart = ''
chgrp redis-local ${config.services.redis.unixSocket}
'';
security.acme.certs = { security.acme.certs = {
"archiva.fudo.org".email = config.fudo.common.admin-email; "archiva.fudo.org".email = config.fudo.common.admin-email;
"git.fudo.org".email = config.fudo.common.admin-email; "git.fudo.org".email = config.fudo.common.admin-email;
@ -503,15 +472,6 @@ in {
services = { services = {
redis = {
enable = true;
bind = "127.0.0.1";
unixSocket = "/run/redis/redis.socket";
extraConfig = ''
unixsocketperm 770
'';
};
nginx = { nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -534,22 +494,6 @@ in {
''; '';
}; };
}; };
"git.fudo.org" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8002";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
}; };
}; };
}; };
@ -568,60 +512,15 @@ in {
SSL_ENABLED = "false"; SSL_ENABLED = "false";
}; };
}; };
gitlab = {
image = "gitlab/gitlab-ce:12.8.1-ce.0";
ports = [
"127.0.0.1:8002:80"
"${docker_ipv4}::22"
];
# user = toString config.users.users.gitlab.uid;
volumes = [
"/run/redis:/var/opt/gitlab/redis"
"/srv/gitlab/builds:/var/opt/gitlab/gitlab-ci/builds"
"/srv/gitlab/config:/etc/gitlab"
"/srv/gitlab/logs:/var/log/gitlab"
"/srv/gitlab/gitlab:/var/opt/gitlab"
"${config.fudo.postgresql.socket-directory}:/run/postgresql"
"${config.fudo.postgresql.socket-directory}:/var/opt/gitlab/postgresql"
];
extraDockerOptions = [
"--hostname=git.fudo.org"
];
};
}; };
systemd.services.docker-gitlab-config = let
gitlab-config = pkgs.writeText "gitlab-config.rb" ''
gitlab_rails['db_adapter'] = "postgresql"
gitlab_rails['db_encoding'] = "unicode"
gitlab_rails['db_database'] = "gitlab"
gitlab_rails['db_username'] = "gitlab_postgres"
gitlab_rails['db_password'] = "${fileContents /srv/gitlab/secure/db.passwd}"
user['uid'] = "${toString config.users.users.gitlab.uid}"
user['gid'] = "${toString config.users.groups.redis-local.gid}"
# Provided externally
redis['enable'] = false
postgresql['enable'] = false
web_server['uid'] = "${toString config.users.users.gitlab_www.uid}"
web_server['gid'] = "${toString config.users.groups.nogroup.gid}"
'';
in {
# before = ["docker-gitlab.service"];
script = "cp -f ${gitlab-config} /srv/gitlab/config/gitlab.rb";
};
systemd.services.docker-gitlab.requires = ["docker-gitlab-config.service"];
### ###
# Minecraft # Minecraft
### ###
fudo.minecraft-server = { fudo.minecraft-server = {
enable = true; enable = true;
package = pkgs.minecraft-server_1_15_2; package = pkgs.minecraft-server_1_16_1;
data-dir = minecraft-data-dir; data-dir = minecraft-data-dir;
world-name = "selbyland"; world-name = "selbyland";
motd = "Welcome to the Selby Minecraft server."; motd = "Welcome to the Selby Minecraft server.";

29
hosts/procul.nix
View File

@ -55,6 +55,13 @@ in {
}; };
}; };
# For WireGuard
nat = {
enable = true;
externalInterface = "extif0";
internalInterfaces = [ "wgtun0" ];
};
interfaces = { interfaces = {
extif0 = { extif0 = {
# result of: # result of:
@ -119,6 +126,8 @@ in {
]; ];
}; };
system.tmpOnTmpfs = false;
secure-dns-proxy = { secure-dns-proxy = {
enable = true; enable = true;
upstream-dns = [ "https://cloudflare-dns.com/dns-query" ]; upstream-dns = [ "https://cloudflare-dns.com/dns-query" ];
@ -263,6 +272,26 @@ in {
}; };
}; };
fudo.vpn = {
enable = true;
ips = "10.100.0.0/16";
private-key-file = "/srv/wireguard/secure/secret.key";
peers = {
peter = {
allowed-ips = [ "10.100.1.0/24" ];
public-key = "d1NfRFWRkcKq2gxvqfMy7Oe+JFYf5DjomnsTyisvgB4=";
};
ken = {
allowed-ips = [ "10.100.2.0/24" ];
public-key = "y294rTCK0iSRhA6EIOErPzEuqzJMuYAG4XbHasySMVU=";
};
helen = {
allowed-ips = [ "10.100.3.0/24" ];
public-key = "7Hdko6RibhIYdoPLWXGwmElY5vKvZ+rURmqFTDUfC2w=";
};
};
};
informis.cl-gemini = { informis.cl-gemini = {
enable = true; enable = true;

13
packages/local.nix
View File

@ -22,6 +22,19 @@
}; };
}); });
# DON'T LEAVE THE HASH--Nix will think the package hasn't changed
minecraft-server_1_16_1 = let
version = "1.16.1";
url = "https://launcher.mojang.com/v1/objects/a412fd69db1f81db3f511c1463fd304675244077/server.jar";
sha256 = "0nwkdig6yw4cnm2ld78z4j4xzhbm1rwv55vfxz0gzhsbf93xb0i7";
in (pkgs.minecraft-server.overrideAttrs (oldAttrs: rec {
name = "minecraft-server-${version}";
inherit version;
src = pkgs.fetchurl {
inherit url sha256;
};
}));
postgresql_11_gssapi = pkgs.postgresql_11.overrideAttrs (oldAttrs: rec { postgresql_11_gssapi = pkgs.postgresql_11.overrideAttrs (oldAttrs: rec {
configureFlags = oldAttrs.configureFlags ++ [ "--with-gssapi" ]; configureFlags = oldAttrs.configureFlags ++ [ "--with-gssapi" ];
buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ]; buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ];