hswaw/machines/customs: upgrade to workspace nixos-unstable 2021-08-11

Change-Id: I6eb4408d40e14f24ebbe3f9f3aef0be952b44e8b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1167
Reviewed-by: vuko <vuko@hackerspace.pl>

hswaw/machines/customs.hackerspace.pl/checkinator-tracker.nix

@@ -46,7 +46,8 @@ let
 in {
   users.users."${user}" = {
     group           = "${group}";
-    useDefaultShell = true;
+    isSystemUser = true;
+    uid = 1001;
   };
   users.groups."${group}" = {};
 

hswaw/machines/customs.hackerspace.pl/checkinator-web.nix

@@ -80,7 +80,8 @@ let
 in {
   users.users."${user}" = {
     group           = "${group}";
-    useDefaultShell = true;
+    isSystemUser = true;
+    uid = 1002;
   };
   users.groups."${group}" = {};
 

hswaw/machines/customs.hackerspace.pl/configuration.nix

@@ -497,30 +497,31 @@ in {
 
   services.unbound = {
     enable = true;
-    interfaces = [
-      networks.lan.ipv4
-      "127.0.0.1"
-      "::1"
-      # networks.lan.ipv6 TODO
-    ];
-    allowedAccess = [
-      "127.0.0.1/8"
-      "10.0.0.0/8"
-    ];
-    extraConfig = builtins.concatStringsSep "\n" ((map (
-      name: ''
-        stub-zone:
-            name: ${name}
-            stub-addr: ${networks.uplink.ipv4}
-      ''
-    ) [ "waw.hackerspace.pl" "api.eye.fi" "api.ustream.tv" "i"]) ++ [''
-      forward-zone:
-          name: "."
-          forward-addr: 185.236.240.1
-    '']);
-  };
 
-  
+    settings = {
+      server = {
+        interface = [
+          networks.lan.ipv4
+          "127.0.0.1"
+          "::1"
+          # networks.lan.ipv6 TODO
+        ];
+        access-control = [
+          "127.0.0.1/8 allow"
+          "10.0.0.0/8 allow"
+        ];
+      };
+
+      stub-zone = map (name: {
+        name = name;
+        stub-addr = networks.uplink.ipv4;
+      }) [ "waw.hackerspace.pl" "api.eye.fi" "api.ustream.tv" "i" ];
+      forward-zone = {
+        name = ".";
+        forward-addr = "185.236.240.1";
+      };
+    };
+  };
 
   # Public VPN access for Hackerspace members
   services.openvpn.servers.members.config = ''
@@ -528,11 +529,11 @@ in {
     auth-user-pass-verify ${openvpn-auth}/bin/openvpn-auth-member via-env
     verify-client-cert none
     username-as-common-name
-    
+
     #user _openvpn
     #group _openvpn
     multihome
-    
+
     port 20001
     proto udp
     proto udp6
@@ -543,14 +544,14 @@ in {
     key ${secrets-path}/openvpn-public/server.key
     dh ${secrets-path}/openvpn-public/dh.pem
     server 10.9.1.0 255.255.255.0
-    
+
     push "route 10.8.0.0 255.255.0.0"
     push "route 10.9.0.0 255.255.0.0"
     push "route 10.10.0.0 255.255.0.0"
     push "route 10.11.0.0 255.255.0.0"
     push "dhcp-option DNS ${networks.lan.ipv4}"
     push "dhcp-option DOMAIN waw.hackerspace.pl"
-    
+
     ifconfig-pool-persist /var/lib/openvpn-public/ipp.txt
     #client-config-dir /var/lib/openvpn-public/ccd
     client-to-client

hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix

@@ -7,7 +7,8 @@ let
 in {
   users.users."${user}" = {
     group           = "${group}";
-    useDefaultShell = true;
+    isSystemUser = true;
+    uid = 1004;
   };
   users.groups."${group}" = {};
 

hswaw/machines/customs.hackerspace.pl/mikrotik-exporter.nix

@@ -18,7 +18,8 @@ let
 in {
   users.users."${user}" = {
     group           = "${group}";
-    useDefaultShell = true;
+    isSystemUser = true;
+    uid = 1003;
   };
   users.groups."${group}" = {};
 

ops/machines.nix

@@ -152,7 +152,7 @@ in {
     ../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
   ];
 
-  "customs.hackerspace.pl" = mkMachine nixpkgsCustoms [
+  "customs.hackerspace.pl" = mkMachine pkgs [
     ../hswaw/machines/customs.hackerspace.pl/configuration.nix
   ];
 }