From 296b8ef3e8edef525ee2d7d4973cf16d42b85e2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A1r=C3=A1ndi=20Tam=C3=A1s?= Date: Tue, 28 Nov 2023 21:53:36 +0100 Subject: [PATCH] [OPS-1514] Fix errors after bumping flake inputs Problem: we need to update flake inputs from time to time, this bump caused some CI test failures Solution: - fix terraform license change - fix infinite recursion related to mdadm.conf - fix services.dnsmaq.servers - fix services.dnsmaq dependency on efi.mount - remove obsolete docker options --- flake.nix | 6 +++++- lib/common/edna/server.nix | 7 +++++-- servers/alzirr/platform.nix | 7 +++---- servers/wasat/default.nix | 4 ++-- 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 1625f88..b60c05d 100644 --- a/flake.nix +++ b/flake.nix @@ -88,7 +88,11 @@ }; } // flake-utils.lib.eachDefaultSystem (system: let - pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} allOverlays; + pkgsAllowUnfree = import nixpkgs { + inherit system; + config.allowUnfreePredicate = pkg: builtins.elem (pkg.pname) [ "terraform" ]; + }; + pkgs = serokell-nix.lib.pkgsWith pkgsAllowUnfree allOverlays; tfConfigAst = terranix.lib.terranixConfigurationAst { inherit system pkgs; diff --git a/lib/common/edna/server.nix b/lib/common/edna/server.nix index 7a41df9..cc1701e 100644 --- a/lib/common/edna/server.nix +++ b/lib/common/edna/server.nix @@ -1,4 +1,4 @@ -{pkgs, lib, config, ...}: +{pkgs, lib, config, inputs, ...}: let inherit (builtins) toJSON; inherit (pkgs) writeText; @@ -7,13 +7,16 @@ profile = "/nix/var/nix/profiles/per-user/deploy/edna-docker"; in { + imports = [ + inputs.serokell-nix.nixosModules.docker + ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; vault-secrets.secrets.docker-backend.quoteEnvironmentValues = false; virtualisation.docker = { enable = true; - logLevel = "warn"; storageDriver = "overlay2"; networks.edna = {}; }; diff --git a/servers/alzirr/platform.nix b/servers/alzirr/platform.nix index 8ab9591..eba1c0b 100644 --- a/servers/alzirr/platform.nix +++ b/servers/alzirr/platform.nix @@ -44,12 +44,11 @@ # machines irrespective of host names. # We do not worry about plugging disks into the wrong machine because # we will never exchange disks between machines. - environment.etc."mdadm.conf".text = '' - HOMEHOST hetzner - ''; # The RAIDs are assembled in stage1, so we need to make the config # available there. - boot.swraid.mdadmConf = config.environment.etc."mdadm.conf".text; + boot.swraid.mdadmConf = '' + HOMEHOST hetzner + ''; # Default mdmonitor service does not work, fix it by directing events to the log. # See https://github.com/NixOS/nixpkgs/issues/72394 diff --git a/servers/wasat/default.nix b/servers/wasat/default.nix index f987be8..65529e7 100644 --- a/servers/wasat/default.nix +++ b/servers/wasat/default.nix @@ -62,7 +62,7 @@ in { # dns server blocking malicious hostnames services.dnsmasq = { enable = true; - servers = [ "1.1.1.1" "1.0.0.1" ]; + settings.server = [ "1.1.1.1" "1.0.0.1" ]; resolveLocalQueries = false; extraConfig = '' interface=wg-serokell @@ -73,5 +73,5 @@ in { }; # dnsmasq needs wireguard interface - systemd.services.dnsmasq.after = [ "wireguard-wg-serokell.service" ]; + systemd.services.dnsmasq.after = [ "wireguard-wg-serokell.service" "efi.mount"]; }