privatevoid.net/depot
1
1
Fork 0
Code Issues 18 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

Merge branch 'updates-20220618'

Browse source
This commit is contained in:
Max Headroom 2022-06-18 18:39:01 +02:00
commit 6c3b268306
32 changed files with 419 additions and 222 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

168
flake.lock
View file

@ -45,11 +45,11 @@
"crane": { "crane": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1644785799, "lastModified": 1654444508,
"narHash": "sha256-VpAJO1L0XeBvtCuNGK4IDKp6ENHIpTrlaZT7yfBCvwo=", "narHash": "sha256-4OBvQ4V7jyt7afs6iKUvRzJ1u/9eYnKzVQbeQdiamuY=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "fc7a94f841347c88f2cb44217b2a3faa93e2a0b2", "rev": "db5482bf225acc3160899124a1df5a617cfa27b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -85,6 +85,22 @@
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": {
"lastModified": 1654858401,
"narHash": "sha256-53bw34DtVJ2bnF6WEwy6Tym+qY0pNEiEwARUlvmTZjs=",
"owner": "numtide",
"repo": "devshell",
"rev": "f55e05c6d3bbe9acc7363bc8fc739518b2f02976",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_2": {
"flake": false,
"locked": { "locked": {
"lastModified": 1653917170, "lastModified": 1653917170,
"narHash": "sha256-FyxOnEE/V4PNEcMU62ikY4FfYPo349MOhMM97HS0XEo=", "narHash": "sha256-FyxOnEE/V4PNEcMU62ikY4FfYPo349MOhMM97HS0XEo=",
@ -103,6 +119,7 @@
"inputs": { "inputs": {
"alejandra": "alejandra", "alejandra": "alejandra",
"crane": "crane", "crane": "crane",
"devshell": "devshell_2",
"flake-utils-pre-commit": "flake-utils-pre-commit", "flake-utils-pre-commit": "flake-utils-pre-commit",
"gomod2nix": "gomod2nix", "gomod2nix": "gomod2nix",
"mach-nix": "mach-nix", "mach-nix": "mach-nix",
@ -114,11 +131,11 @@
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1653944295, "lastModified": 1655326915,
"narHash": "sha256-xoFmfL71JS/wP5SvkupqDB7SNhDFmb77dyiyniNAwYs=", "narHash": "sha256-jh8HXBycUQ6JljIqPN53Q4p4kmaYnL5ZL7fu3WHK9dk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "dream2nix", "repo": "dream2nix",
"rev": "ca7f4d0a7fb79813b446ebce097c3db538b37b8c", "rev": "caa9c4b5ef1c2d6f81f2651927b01f246b3d78a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -144,6 +161,22 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1603796912, "lastModified": 1603796912,
@ -295,11 +328,11 @@
"pre-commit-hooks-nix": "pre-commit-hooks-nix" "pre-commit-hooks-nix": "pre-commit-hooks-nix"
}, },
"locked": { "locked": {
"lastModified": 1653571057, "lastModified": 1655108975,
"narHash": "sha256-uh5R2O2qmQVDoFnUVVJnOO4amiEFjsShA6B58qzrmBI=", "narHash": "sha256-BVE61UMEhmXTCkMLoIyuOfGjV0Z4yHNtIiC5VYe02FM=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "hercules-ci-agent", "repo": "hercules-ci-agent",
"rev": "3822c49d81c2ccec4cffd2d1b2897dd86290bb14", "rev": "2ee7b49b01068d0fbd5bec61fdcd12b525dab5d7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -313,11 +346,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1653841712, "lastModified": 1655158531,
"narHash": "sha256-XBF4i1MuIRAEbFpj3Z3fVaYxzNEsYapyENtw3vG+q1I=", "narHash": "sha256-5LeaONqA6pgSNeA39gzu5XUipw3mXNZ04LUiy2TVImU=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "hercules-ci-effects", "repo": "hercules-ci-effects",
"rev": "e14d2131b7c81acca3904b584ac45fb72da64dd2", "rev": "bda248e06dc44cbba9f4db350abbb10c3fe3b6fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -328,16 +361,20 @@
}, },
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"nmd": "nmd",
"nmt": "nmt",
"utils": "utils_2"
}, },
"locked": { "locked": {
"lastModified": 1653943687, "lastModified": 1655381586,
"narHash": "sha256-xXW9t24HLf89+n/92kOqRRfOBE3KDna+9rAOefs5WSQ=", "narHash": "sha256-2IrSYYjxoT+iOihSiH0Elo9wzjbHjDSH+qPvI5BklCs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8f3e26705178cc8c1d982d37d881fc0d5b5b1837", "rev": "1de492f6f8e9937c822333739c5d5b20d93bf49f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -396,7 +433,7 @@
}, },
"mms": { "mms": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nix": "nix", "nix": "nix",
"nixpkgs": [ "nixpkgs": [
@ -486,11 +523,11 @@
"nixpkgs-regression": "nixpkgs-regression" "nixpkgs-regression": "nixpkgs-regression"
}, },
"locked": { "locked": {
"lastModified": 1653842047, "lastModified": 1655504882,
"narHash": "sha256-rm8OIwU0+V9KMooDvj4Hdwio5MWjAn6CvdM3MU2tGhk=", "narHash": "sha256-R3pRcYsxpHuCI4Z/XeiBle6qYQWt8IriZP3vz58OpMk=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c6087c318fbc238269487ec3feee3d6ad762aee7", "rev": "6281f78ce2059dbbcc98319cff773de5d71fd327",
"revCount": 12253, "revCount": 12340,
"type": "git", "type": "git",
"url": "https://git.privatevoid.net/max/nix-super-fork" "url": "https://git.privatevoid.net/max/nix-super-fork"
}, },
@ -525,9 +562,10 @@
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "indirect" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
@ -579,26 +617,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1645296114, "lastModified": 1653988320,
"narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=", "narHash": "sha256-ZaqFFsSDipZ6KVqriwM34T739+KLYJvNmCWzErjAg7c=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1", "rev": "2fa57ed190fd6c7c746319444f34b5917666e5c1",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05-small",
"type": "indirect"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1653948565,
"narHash": "sha256-jYfs8TQw/xRKOGg7NV+hVEZfYAVnqk4yEKhw111N4h4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7c1e79e294fe1be3cacb6408e3983bf2836c818e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -608,6 +631,54 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": {
"locked": {
"lastModified": 1655421536,
"narHash": "sha256-CjPYLRJj/aglDiY+755CYazTugGco0quzlTo1arVil0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "87d9c84817d7be81850c07e8f6a362b1dfc30feb",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nmd": {
"flake": false,
"locked": {
"lastModified": 1653339422,
"narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=",
"owner": "rycee",
"repo": "nmd",
"rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmd",
"type": "gitlab"
}
},
"nmt": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
}
},
"node2nix": { "node2nix": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -718,6 +789,21 @@
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
},
"utils_2": {
"locked": {
"lastModified": 1653893745,
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

6
hosts/VEGAS/services/api/default.nix
View file

@ -2,19 +2,19 @@
let let
inherit (tools.meta) domain; inherit (tools.meta) domain;
apiAddr = "api.${domain}"; apiAddr = "api.${domain}";
proxyTarget = "http://127.0.0.1:${config.portsStr.api}"; proxyTarget = config.links.api.url;
proxy = tools.nginx.vhosts.proxy proxyTarget; proxy = tools.nginx.vhosts.proxy proxyTarget;
in in
{ {
# n8n uses "Sustainable Use License" # n8n uses "Sustainable Use License"
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
reservePortsFor = [ "api" ]; links.api.protocol = "http";
services.n8n = { services.n8n = {
enable = true; enable = true;
settings = { settings = {
port = config.ports.api; inherit (config.links.api) port;
}; };
}; };

6
hosts/VEGAS/services/bitwarden/default.nix
View file

@ -1,17 +1,17 @@
{ config, lib, tools, ... }: { config, lib, tools, ... }:
with tools.nginx; with tools.nginx;
{ {
reservePortsFor = [ "bitwarden" ]; links.bitwarden.protocol = "http";
services.nginx.virtualHosts = mappers.mapSubdomains { services.nginx.virtualHosts = mappers.mapSubdomains {
keychain = vhosts.proxy "http://127.0.0.1:${config.portsStr.bitwarden}"; keychain = vhosts.proxy config.links.bitwarden.url;
}; };
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
backupDir = "/srv/storage/private/bitwarden/backups"; backupDir = "/srv/storage/private/bitwarden/backups";
config = { config = {
dataFolder = "/srv/storage/private/bitwarden/data"; dataFolder = "/srv/storage/private/bitwarden/data";
rocketPort = config.ports.bitwarden; rocketPort = config.links.bitwarden.port;
}; };
#environmentFile = ""; # TODO: agenix #environmentFile = ""; # TODO: agenix
}; };

8
hosts/VEGAS/services/blog/default.nix
View file

@ -17,8 +17,6 @@ let
(mapPaths config) (mapPaths config)
); );
port = config.portsStr.ghost;
contentPath = "/srv/storage/private/ghost"; contentPath = "/srv/storage/private/ghost";
in in
@ -29,7 +27,7 @@ in
mode = "0400"; mode = "0400";
}; };
reservePortsFor = [ "ghost" ]; links.ghost.protocol = "http";
users.users.ghost = { users.users.ghost = {
isSystemUser = true; isSystemUser = true;
@ -99,7 +97,7 @@ in
}; };
server = { server = {
host = "127.0.0.1"; host = "127.0.0.1";
inherit port; inherit (config.links.ghost) port;
}; };
privacy.useTinfoil = true; privacy.useTinfoil = true;
@ -110,6 +108,6 @@ in
}; };
}; };
services.nginx.virtualHosts."blog.${domain}" = tools.nginx.vhosts.proxy "http://127.0.0.1:${port}"; services.nginx.virtualHosts."blog.${domain}" = tools.nginx.vhosts.proxy config.links.ghost.url;
} }

28
hosts/VEGAS/services/fbi/default.nix
View file

@ -1,7 +1,21 @@
{ config, lib, tools, ... }: { config, lib, tools, ... }:
with tools.nginx; with tools.nginx;
{ {
reservePortsFor = [ "ombi" ]; links = {
ombi.protocol = "http";
radarr = {
protocol = "http";
port = 7878;
};
sonarr = {
protocol = "http";
port = 8989;
};
prowlarr = {
protocol = "http";
port = 9696;
};
};
services = { services = {
radarr = { radarr = {
@ -15,14 +29,14 @@ with tools.nginx;
}; };
ombi = { ombi = {
enable = true; enable = true;
port = config.ports.ombi; inherit (config.links.ombi) port;
}; };
nginx.virtualHosts = mappers.mapSubdomains { nginx.virtualHosts = with config.links; mappers.mapSubdomains {
radarr = vhosts.proxy "http://127.0.0.1:7878"; radarr = vhosts.proxy radarr.url;
sonarr = vhosts.proxy "http://127.0.0.1:8989"; sonarr = vhosts.proxy sonarr.url;
fbi-index = vhosts.proxy "http://127.0.0.1:9696"; fbi-index = vhosts.proxy prowlarr.url;
fbi-requests = vhosts.proxy "http://127.0.0.1:${config.portsStr.ombi}"; fbi-requests = vhosts.proxy ombi.url;
}; };
}; };
systemd.services.radarr.serviceConfig.Slice = "mediamanagement.slice"; systemd.services.radarr.serviceConfig.Slice = "mediamanagement.slice";

8
hosts/VEGAS/services/hydra/default.nix
View file

@ -31,15 +31,15 @@ in
) )
); );
reservePortsFor = [ "hydra" ]; links.hydra.protocol = "http";
services.nginx.appendHttpConfig = '' services.nginx.appendHttpConfig = ''
limit_req_zone $binary_remote_addr zone=hydra_api_push_limiter:10m rate=1r/m; limit_req_zone $binary_remote_addr zone=hydra_api_push_limiter:10m rate=1r/m;
''; '';
services.nginx.virtualHosts."hydra.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${config.portsStr.hydra}") { services.nginx.virtualHosts."hydra.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy config.links.hydra.url) {
locations."/api/push" = { locations."/api/push" = {
proxyPass = "http://127.0.0.1:${config.portsStr.hydra}"; proxyPass = config.links.hydra.url;
extraConfig = '' extraConfig = ''
auth_request off; auth_request off;
proxy_method PUT; proxy_method PUT;
@ -54,7 +54,7 @@ in
services.hydra = { services.hydra = {
enable = true; enable = true;
hydraURL = "https://hydra.${domain}"; hydraURL = "https://hydra.${domain}";
port = config.ports.hydra; inherit (config.links.hydra) port;
notificationSender = "hydra@${domain}"; notificationSender = "hydra@${domain}";
buildMachinesFiles = [ "/etc/nix/hydra-machines" ]; buildMachinesFiles = [ "/etc/nix/hydra-machines" ];
useSubstitutes = true; useSubstitutes = true;

10
hosts/VEGAS/services/ipfs/default.nix
View file

@ -3,7 +3,7 @@ with tools.nginx;
let let
inherit (tools.meta) domain; inherit (tools.meta) domain;
cfg = config.services.ipfs; cfg = config.services.ipfs;
gwPort = config.portsStr.ipfsGateway; gw = config.links.ipfsGateway;
in in
{ {
imports = [ imports = [
@ -31,7 +31,7 @@ in
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"top-level.${domain}".locations = { "top-level.${domain}".locations = {
"~ ^/ip[fn]s" = { "~ ^/ip[fn]s" = {
proxyPass = "http://127.0.0.1:${gwPort}"; proxyPass = gw.url;
extraConfig = '' extraConfig = ''
add_header X-Content-Type-Options ""; add_header X-Content-Type-Options "";
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
@ -43,7 +43,7 @@ in
locations = { locations = {
"= /".return = "404"; "= /".return = "404";
"~ ^/ip[fn]s" = { "~ ^/ip[fn]s" = {
proxyPass = "http://127.0.0.1:${gwPort}"; proxyPass = gw.url;
extraConfig = '' extraConfig = ''
add_header X-Content-Type-Options ""; add_header X-Content-Type-Options "";
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
@ -54,7 +54,7 @@ in
}; };
"ipfs.admin.${domain}" = vhosts.basic // { "ipfs.admin.${domain}" = vhosts.basic // {
locations."/api".proxyPass = "http://unix:/run/ipfs/ipfs-api.sock:"; locations."/api".proxyPass = "http://unix:/run/ipfs/ipfs-api.sock:";
locations."/ipns/webui.ipfs.${domain}".proxyPass = "http://127.0.0.1:${gwPort}/ipns/webui.ipfs.${domain}"; locations."/ipns/webui.ipfs.${domain}".proxyPass = "${gw.url}/ipns/webui.ipfs.${domain}";
locations."= /".return = "302 /ipns/webui.ipfs.${domain}"; locations."= /".return = "302 /ipns/webui.ipfs.${domain}";
locations."/debug/metrics/prometheus" = { locations."/debug/metrics/prometheus" = {
proxyPass = "http://unix:/run/ipfs/ipfs-api.sock:"; proxyPass = "http://unix:/run/ipfs/ipfs-api.sock:";
@ -85,7 +85,7 @@ in
useACMEHost = "ipfs.${domain}"; useACMEHost = "ipfs.${domain}";
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:${gwPort}"; proxyPass = gw.url;
extraConfig = '' extraConfig = ''
add_header X-Content-Type-Options ""; add_header X-Content-Type-Options "";
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;

4
hosts/VEGAS/services/minecraft/num.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
reservePortsFor = [ "mc-num" ]; links.mc-num = {};
services.modded-minecraft-servers.instances.num = { services.modded-minecraft-servers.instances.num = {
enable = true; enable = true;
rsyncSSHKeys = [ rsyncSSHKeys = [
@ -10,7 +10,7 @@
jvmInitialAllocation = "2G"; jvmInitialAllocation = "2G";
jvmMaxAllocation = "8G"; jvmMaxAllocation = "8G";
serverConfig = { serverConfig = {
server-port = config.ports.mc-num; server-port = config.links.mc-num.port;
motd = "Welcome to num's minecraft server"; motd = "Welcome to num's minecraft server";
}; };
}; };

37
hosts/VEGAS/services/monitoring/default.nix
View file

@ -2,7 +2,7 @@
let let
inherit (tools.meta) domain; inherit (tools.meta) domain;
inherit (config) ports portsStr; inherit (config) links;
cfg = { inherit (config.services) loki; }; cfg = { inherit (config.services) loki; };
@ -34,10 +34,21 @@ in
file = ../../../../secrets/grafana-secrets.age; file = ../../../../secrets/grafana-secrets.age;
}; };
reservePortsFor = [ "grafana" "prometheus" "loki" "loki-grpc" ]; links = {
grafana.protocol = "http";
prometheus.protocol = "http";
loki = {
protocol = "http";
ipv4 = myNode.hypr.addr;
};
loki-grpc = {
protocol = "grpc";
ipv4 = myNode.hypr.addr;
};
};
services.grafana = { services.grafana = {
enable = true; enable = true;
port = ports.grafana; inherit (links.grafana) port;
rootUrl = "https://monitoring.${domain}/"; rootUrl = "https://monitoring.${domain}/";
dataDir = "/srv/storage/private/grafana"; dataDir = "/srv/storage/private/grafana";
analytics.reporting.enable = false; analytics.reporting.enable = false;
@ -63,13 +74,13 @@ in
datasources = [ datasources = [
{ {
name = "Prometheus"; name = "Prometheus";
url = "http://127.0.0.1:${portsStr.prometheus}"; inherit (links.prometheus) url;
type = "prometheus"; type = "prometheus";
isDefault = true; isDefault = true;
} }
{ {
name = "Loki"; name = "Loki";
url = "http://${myNode.hypr.addr}:${portsStr.loki}"; inherit (links.loki) url;
type = "loki"; type = "loki";
} }
]; ];
@ -80,14 +91,14 @@ in
EnvironmentFile = config.age.secrets.grafana-secrets.path; EnvironmentFile = config.age.secrets.grafana-secrets.path;
}; };
services.nginx.virtualHosts."monitoring.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${portsStr.grafana}") { services.nginx.virtualHosts."monitoring.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy links.grafana.url) {
locations."/".proxyWebsockets = true; locations."/".proxyWebsockets = true;
}; };
services.prometheus = { services.prometheus = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = links.prometheus.ipv4;
port = ports.prometheus; inherit (links.prometheus) port;
globalConfig = { globalConfig = {
scrape_interval = "60s"; scrape_interval = "60s";
}; };
@ -130,12 +141,12 @@ in
auth_enabled = false; auth_enabled = false;
server = { server = {
log_level = "warn"; log_level = "warn";
http_listen_address = myNode.hypr.addr; http_listen_address = links.loki.ipv4;
http_listen_port = ports.loki; http_listen_port = links.loki.port;
grpc_listen_address = "127.0.0.1"; grpc_listen_address = links.loki-grpc.ipv4;
grpc_listen_port = ports.loki-grpc; grpc_listen_port = links.loki-grpc.port;
}; };
frontend_worker.frontend_address = "127.0.0.1:${portsStr.loki-grpc}"; frontend_worker.frontend_address = links.loki-grpc.tuple;
ingester = { ingester = {
lifecycler = { lifecycler = {
address = "127.0.0.1"; address = "127.0.0.1";

4
hosts/VEGAS/services/nix/binary-cache.nix
View file

@ -10,8 +10,8 @@ in
{ {
services.nginx.upstreams.nar-serve.extraConfig = '' services.nginx.upstreams.nar-serve.extraConfig = ''
random; random;
server 127.0.0.1:${config.portsStr.nar-serve-self} fail_timeout=0; server ${config.links.nar-serve-self.tuple} fail_timeout=0;
server 127.0.0.1:${config.portsStr.nar-serve-nixos-org} fail_timeout=0; server ${config.links.nar-serve-nixos-org.tuple} fail_timeout=0;
''; '';
services.nginx.appendHttpConfig = '' services.nginx.appendHttpConfig = ''
proxy_cache_path /var/cache/nginx/nixstore levels=1:2 keys_zone=nixstore:10m max_size=10g inactive=24h use_temp_path=off; proxy_cache_path /var/cache/nginx/nixstore levels=1:2 keys_zone=nixstore:10m max_size=10g inactive=24h use_temp_path=off;

12
hosts/VEGAS/services/nix/nar-serve.nix
View file

@ -12,11 +12,11 @@
}; };
in in
{ {
reservePortsFor = [ links = {
"nar-serve-self" nar-serve-self.protocol = "http";
"nar-serve-nixos-org" nar-serve-nixos-org.protocol = "http";
]; };
systemd.services.nar-serve-self = mkNarServe "https://cache.${tools.meta.domain}" config.portsStr.nar-serve-self; systemd.services.nar-serve-self = mkNarServe "https://cache.${tools.meta.domain}" config.links.nar-serve-self.portStr;
systemd.services.nar-serve-nixos-org = mkNarServe "https://cache.nixos.org" config.portsStr.nar-serve-nixos-org; systemd.services.nar-serve-nixos-org = mkNarServe "https://cache.nixos.org" config.links.nar-serve-nixos-org.portStr;
} }

20
hosts/VEGAS/services/object-storage/default.nix
View file

@ -1,8 +1,7 @@
{ config, inputs, lib, pkgs, tools, ... }: { config, inputs, lib, pkgs, tools, ... }:
with tools.nginx; with tools.nginx;
let let
minioPort = config.portsStr.minio; inherit (config) links;
consolePort = config.portsStr.minioConsole;
mapPaths = lib.mapAttrsRecursive ( mapPaths = lib.mapAttrsRecursive (
path: value: lib.nameValuePair path: value: lib.nameValuePair
@ -17,7 +16,10 @@ let
); );
in in
{ {
reservePortsFor = [ "minio" "minioConsole" ]; links = {
minio.protocol = "http";
minioConsole.protocol = "http";
};
age.secrets.minio-root-credentials = { age.secrets.minio-root-credentials = {
file = ../../../../secrets/minio-root-credentials.age; file = ../../../../secrets/minio-root-credentials.age;
@ -30,8 +32,8 @@ in
rootCredentialsFile = config.age.secrets.minio-root-credentials.path; rootCredentialsFile = config.age.secrets.minio-root-credentials.path;
dataDir = [ "/srv/storage/objects" ]; dataDir = [ "/srv/storage/objects" ];
browser = true; browser = true;
listenAddress = "127.0.0.1:${minioPort}"; listenAddress = links.minio.tuple;
consoleAddress = "127.0.0.1:${consolePort}"; consoleAddress = links.minioConsole.tuple;
}; };
systemd.services.minio.serviceConfig = { systemd.services.minio.serviceConfig = {
Slice = "remotefshost.slice"; Slice = "remotefshost.slice";
@ -40,17 +42,17 @@ in
# TODO: vhosts.proxy? # TODO: vhosts.proxy?
"object-storage" = vhosts.basic // { "object-storage" = vhosts.basic // {
locations = { locations = {
"/".proxyPass = "http://127.0.0.1:${minioPort}"; "/".proxyPass = links.minio.url;
"= /dashboard".proxyPass = "http://127.0.0.1:${minioPort}"; "= /dashboard".proxyPass = links.minio.url;
}; };
extraConfig = "client_max_body_size 4G;"; extraConfig = "client_max_body_size 4G;";
}; };
"console.object-storage" = vhosts.basic // { "console.object-storage" = vhosts.basic // {
locations = { locations = {
"/".proxyPass = "http://127.0.0.1:${consolePort}"; "/".proxyPass = links.minioConsole.url;
}; };
}; };
"cdn" = lib.recursiveUpdate (vhosts.proxy "http://127.0.0.1:${minioPort}/content-delivery$request_uri") { "cdn" = lib.recursiveUpdate (vhosts.proxy "${links.minio.url}/content-delivery$request_uri") {
locations."= /".return = "302 /index.html"; locations."= /".return = "302 /index.html";
}; };
}; };

8
hosts/VEGAS/services/searxng/default.nix
View file

@ -1,9 +1,9 @@
{ config, inputs, lib, pkgs, tools, ... }: { config, inputs, lib, pkgs, tools, ... }:
let let
port = config.portsStr.searxng; inherit (config) links;
in in
{ {
reservePortsFor = [ "searxng" ]; links.searxng.protocol = "http";
age.secrets.searxng-secrets.file = ../../../../secrets/searxng-secrets.age; age.secrets.searxng-secrets.file = ../../../../secrets/searxng-secrets.age;
services.searx = { services.searx = {
@ -45,14 +45,14 @@ in
}; };
}; };
uwsgiConfig = { uwsgiConfig = {
http = "127.0.0.1:${port}"; http = links.searxng.tuple;
cache2 = "name=searxcache,items=2000,blocks=2000,blocksize=65536,bitmap=1"; cache2 = "name=searxcache,items=2000,blocks=2000,blocksize=65536,bitmap=1";
buffer-size = 65536; buffer-size = 65536;
env = ["SEARXNG_SETTINGS_PATH=/run/searx/settings.yml"]; env = ["SEARXNG_SETTINGS_PATH=/run/searx/settings.yml"];
disable-logging = true; disable-logging = true;
}; };
}; };
services.nginx.virtualHosts."search.${tools.meta.domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${port}") { services.nginx.virtualHosts."search.${tools.meta.domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy links.searxng.url) {
extraConfig = "access_log off;"; extraConfig = "access_log off;";
}; };
systemd.services.uwsgi.after = [ "wireguard-wgmv-es7.service" "network-addresses-wgmv-es7.service" ]; systemd.services.uwsgi.after = [ "wireguard-wgmv-es7.service" "network-addresses-wgmv-es7.service" ];

17
hosts/VEGAS/services/sips/default.nix
View file

@ -3,6 +3,7 @@ let
host = tools.identity.autoDomain "sips"; host = tools.identity.autoDomain "sips";
inherit (inputs.self.packages.${pkgs.system}) sips; inherit (inputs.self.packages.${pkgs.system}) sips;
inherit (config) links;
connStringNet = "host=127.0.0.1 sslmode=disable dbname=sips user=sips"; connStringNet = "host=127.0.0.1 sslmode=disable dbname=sips user=sips";
connString = "host=/var/run/postgresql dbname=sips user=sips"; connString = "host=/var/run/postgresql dbname=sips user=sips";
@ -23,14 +24,18 @@ in
mode = "0400"; mode = "0400";
}; };
reservePortsFor = [ "sips" "sipsInternal" "sipsIpfsApiProxy" ]; links = {
sips.protocol = "http";
sipsInternal.protocol = "http";
sipsIpfsApiProxy.protocol = "http";
};
systemd.services.sips = { systemd.services.sips = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" ]; after = [ "network.target" "postgresql.service" ];
requires = [ "sips-ipfs-api-proxy.service" ]; requires = [ "sips-ipfs-api-proxy.service" ];
serviceConfig = { serviceConfig = {
ExecStart = "${sips}/bin/sips --dbdriver postgres --db \"${connString}\" --addr 127.0.0.1:${config.portsStr.sipsInternal} --api http://127.0.0.1:${config.portsStr.sipsIpfsApiProxy} --apitimeout 604800s"; ExecStart = "${sips}/bin/sips --dbdriver postgres --db \"${connString}\" --addr ${links.sipsInternal.tuple} --api ${links.sipsIpfsApiProxy.url} --apitimeout 604800s";
PrivateNetwork = true; PrivateNetwork = true;
DynamicUser = true; DynamicUser = true;
}; };
@ -41,7 +46,7 @@ in
after = [ "network.target" "sips.service" ]; after = [ "network.target" "sips.service" ];
bindsTo = [ "sips.service" ]; bindsTo = [ "sips.service" ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.socat}/bin/socat tcp4-listen:${config.portsStr.sipsIpfsApiProxy},fork,reuseaddr,bind=127.0.0.1 unix-connect:/run/ipfs/ipfs-api.sock"; ExecStart = "${pkgs.socat}/bin/socat tcp4-listen:${links.sipsIpfsApiProxy.portStr},fork,reuseaddr,bind=${links.sipsIpfsApiProxy.ipv4} unix-connect:/run/ipfs/ipfs-api.sock";
PrivateNetwork = true; PrivateNetwork = true;
DynamicUser = true; DynamicUser = true;
SupplementaryGroups = "ipfs"; SupplementaryGroups = "ipfs";
@ -54,7 +59,7 @@ in
bindsTo = [ "sips.service" ]; bindsTo = [ "sips.service" ];
requires = [ "sips-proxy.socket" ]; requires = [ "sips-proxy.socket" ];
serviceConfig = { serviceConfig = {
ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd 127.0.0.1:${config.portsStr.sipsInternal}"; ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd ${links.sipsInternal.tuple}";
PrivateNetwork = true; PrivateNetwork = true;
DynamicUser = true; DynamicUser = true;
SupplementaryGroups = "ipfs"; SupplementaryGroups = "ipfs";
@ -66,11 +71,11 @@ in
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
socketConfig = { socketConfig = {
ListenStream = "127.0.0.1:${config.portsStr.sips}"; ListenStream = "${links.sips.tuple}";
}; };
}; };
environment.systemPackages = [ sipsctl ]; environment.systemPackages = [ sipsctl ];
services.nginx.virtualHosts.${host} = tools.nginx.vhosts.proxy "http://127.0.0.1:${config.portsStr.sips}"; services.nginx.virtualHosts.${host} = tools.nginx.vhosts.proxy links.sips.url;
} }

9
hosts/VEGAS/services/sso/default.nix
View file

@ -3,10 +3,11 @@ with tools.nginx;
let let
login = "login.${tools.meta.domain}"; login = "login.${tools.meta.domain}";
cfg = config.services.keycloak; cfg = config.services.keycloak;
kc = config.links.keycloak;
in in
{ {
tested.requiredChecks = [ "keycloak" ]; tested.requiredChecks = [ "keycloak" ];
reservePortsFor = [ "keycloak" ]; links.keycloak.protocol = "http";
imports = [ imports = [
./identity-management.nix ./identity-management.nix
@ -18,7 +19,7 @@ in
mode = "0400"; mode = "0400";
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.settings.http-host}:${config.portsStr.keycloak}") { "${login}" = lib.recursiveUpdate (vhosts.proxy kc.url) {
locations."= /".return = "302 /auth/realms/master/account/"; locations."= /".return = "302 /auth/realms/master/account/";
}; };
"account.${domain}" = vhosts.redirect "https://${login}/auth/realms/master/account/"; "account.${domain}" = vhosts.redirect "https://${login}/auth/realms/master/account/";
@ -31,8 +32,8 @@ in
passwordFile = config.age.secrets.keycloak-dbpass.path; passwordFile = config.age.secrets.keycloak-dbpass.path;
}; };
settings = { settings = {
http-host = "127.0.0.1"; http-host = kc.ipv4;
http-port = config.ports.keycloak; http-port = kc.port;
hostname = login; hostname = login;
proxy = "edge"; proxy = "edge";
# for backcompat, TODO: remove # for backcompat, TODO: remove

10
hosts/VEGAS/services/uptime-kuma/default.nix
View file

@ -5,13 +5,13 @@ let
flakePkgs = inputs.self.packages.${pkgs.system}; flakePkgs = inputs.self.packages.${pkgs.system};
port = config.portsStr.uptime-kuma; link = config.links.uptime-kuma;
dataDir = "/srv/storage/private/uptime-kuma"; dataDir = "/srv/storage/private/uptime-kuma";
in in
{ {
reservePortsFor = [ "uptime-kuma" ]; links.uptime-kuma.protocol = "http";
users.users.uptime-kuma = { users.users.uptime-kuma = {
isSystemUser = true; isSystemUser = true;
@ -62,8 +62,8 @@ in
environment = { environment = {
NODE_ENV = "production"; NODE_ENV = "production";
DATA_DIR = dataDir; DATA_DIR = dataDir;
UPTIME_KUMA_HOST = "127.0.0.1"; UPTIME_KUMA_HOST = link.ipv4;
UPTIME_KUMA_PORT = port; UPTIME_KUMA_PORT = link.portStr;
UPTIME_KUMA_HIDE_LOG = lib.concatStringsSep "," [ UPTIME_KUMA_HIDE_LOG = lib.concatStringsSep "," [
"debug_monitor" "debug_monitor"
"info_monitor" "info_monitor"
@ -71,7 +71,7 @@ in
}; };
}; };
services.nginx.virtualHosts."status.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${port}") { services.nginx.virtualHosts."status.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy link.url) {
locations = { locations = {
"/".proxyWebsockets = true; "/".proxyWebsockets = true;
"=/".return = "302 /status/${builtins.replaceStrings ["."] ["-"] domain}"; "=/".return = "302 /status/${builtins.replaceStrings ["."] ["-"] domain}";

10
hosts/prophet/services/reflex/default.nix
View file

@ -1,9 +1,7 @@
{ config, inputs, pkgs, tools, ... }: { config, inputs, pkgs, tools, ... }:
let {
port = config.portsStr.nixIpfs; links.nixIpfs.protocol = "http";
in {
reservePortsFor = [ "nixIpfs" ];
systemd.services.nix-ipfs-cache = { systemd.services.nix-ipfs-cache = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -14,7 +12,7 @@ in {
CacheDirectory = "nix-ipfs-cache"; CacheDirectory = "nix-ipfs-cache";
}; };
environment = { environment = {
REFLEX_PORT = port; REFLEX_PORT = config.links.nixIpfs.portStr;
IPFS_API = config.services.ipfs.apiAddress; IPFS_API = config.services.ipfs.apiAddress;
NIX_CACHES = toString [ NIX_CACHES = toString [
"https://cache.nixos.org" "https://cache.nixos.org"
@ -24,5 +22,5 @@ in {
}; };
}; };
services.nginx.virtualHosts."reflex.${tools.meta.domain}" = tools.nginx.vhosts.proxy "http://127.0.0.1:${port}"; services.nginx.virtualHosts."reflex.${tools.meta.domain}" = tools.nginx.vhosts.proxy config.links.nixIpfs.url;
} }

2
modules/autopatch/default.nix
View file

@ -7,8 +7,6 @@
patched = import ../../packages/patched-derivations.nix super; patched = import ../../packages/patched-derivations.nix super;
in { in {
ipfs = patched.lain-ipfs;
hydra-unstable = patched.hydra; hydra-unstable = patched.hydra;
inherit (patched) sssd; inherit (patched) sssd;

9
modules/ipfs/default.nix
View file

@ -1,10 +1,10 @@
{ config, lib, pkgs, tools, ... }: { config, inputs, lib, pkgs, tools, ... }:
let let
inherit (tools.meta) domain; inherit (tools.meta) domain;
cfg = config.services.ipfs; cfg = config.services.ipfs;
apiAddress = "/unix/run/ipfs/ipfs-api.sock"; apiAddress = "/unix/run/ipfs/ipfs-api.sock";
ipfsApi = pkgs.writeTextDir "api" apiAddress; ipfsApi = pkgs.writeTextDir "api" apiAddress;
gwPort = config.portsStr.ipfsGateway; gw = config.links.ipfsGateway;
in in
{ {
age.secrets.ipfs-swarm-key = { age.secrets.ipfs-swarm-key = {
@ -14,7 +14,7 @@ in
inherit (cfg) group; inherit (cfg) group;
}; };
reservePortsFor = [ "ipfsGateway" ]; links.ipfsGateway.protocol = "http";
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 4001 ]; allowedTCPPorts = [ 4001 ];
@ -23,12 +23,13 @@ in
services.ipfs = { services.ipfs = {
enable = true; enable = true;
package = inputs.self.packages.${pkgs.system}.ipfs;
startWhenNeeded = false; startWhenNeeded = false;
autoMount = true; autoMount = true;
autoMigrate = false; autoMigrate = false;
inherit apiAddress; inherit apiAddress;
gatewayAddress = "/ip4/127.0.0.1/tcp/${gwPort}"; gatewayAddress = "/ip4/${gw.ipv4}/tcp/${gw.portStr}";
dataDir = "/srv/storage/ipfs/repo"; dataDir = "/srv/storage/ipfs/repo";
localDiscovery = false; localDiscovery = false;

11
modules/monitoring/default.nix
View file

@ -4,16 +4,17 @@ let
writeJSON = filename: data: pkgs.writeText filename (builtins.toJSON data); writeJSON = filename: data: pkgs.writeText filename (builtins.toJSON data);
inherit (config) ports portsStr;
relabel = from: to: { relabel = from: to: {
source_labels = [ from ]; source_labels = [ from ];
target_label = to; target_label = to;
}; };
in in
{ {
# same as remote loki port # remote loki
reservePortsFor = [ "loki" ]; links.loki = {
protocol = "http";
ipv4 = hosts.VEGAS.hypr.addr;
};
services.journald.extraConfig = "Storage=volatile"; services.journald.extraConfig = "Storage=volatile";
@ -41,7 +42,7 @@ in
server.disable = true; server.disable = true;
positions.filename = "\${STATE_DIRECTORY:/tmp}/promtail-positions.yaml"; positions.filename = "\${STATE_DIRECTORY:/tmp}/promtail-positions.yaml";
clients = [ clients = [
{ url = "http://${hosts.VEGAS.hypr.addr}:${portsStr.loki}/loki/api/v1/push"; } { url = "${config.links.loki.url}/loki/api/v1/push"; }
]; ];
scrape_configs = [ scrape_configs = [
{ {

2
modules/nix-config/server.nix
View file

@ -5,7 +5,7 @@ let
else x; else x;
in { in {
nix = { nix = {
package = inputs.nix-super.defaultPackage.${pkgs.system}; package = inputs.nix-super.packages.${pkgs.system}.default;
trustedUsers = [ "root" "@wheel" "@admins" ]; trustedUsers = [ "root" "@wheel" "@admins" ];

56
modules/port-magic/default.nix
View file

@ -1,59 +1,11 @@
{ config, lib, ... }: { config, lib, ... }:
with builtins;
with lib; with lib;
let {
cfg = config.reservedPorts; options.links = mkOption {
type = types.attrsOf (types.submodule ./link.nix);
portNames = config.reservePortsFor; description = "Port Magic links.";
portHash = flip pipe [
(hashString "sha512")
stringToCharacters
(filter (n: match "[0-9]" n == []))
(map toInt)
(foldl add 0)
(mul 1009) # prime number
(flip mod cfg.amount)
(add cfg.start)
];
ports = genAttrs portNames portHash;
portsEnd = cfg.start + cfg.amount;
in {
options = {
reservedPorts = {
amount = mkOption {
type = types.int;
default = 10000;
description = "Amount of ports to reserve at most.";
};
start = mkOption {
type = types.int;
default = 30000;
description = "Starting point for reserved ports.";
};
};
reservePortsFor = mkOption {
type = types.listOf types.str;
default = [];
description = "List of application names for which to automatically reserve ports.";
};
ports = mkOption {
type = types.attrsOf (types.ints.between cfg.start portsEnd);
default = {}; default = {};
description = "Named network ports.";
};
portsStr = mkOption {
readOnly = true;
type = types.attrsOf types.str;
description = "Named network ports, as strings.";
};
};
config = lib.mkIf (config.reservePortsFor != []) {
inherit ports;
portsStr = mapAttrs (_: toString) ports;
}; };
} }

76
modules/port-magic/link.nix Normal file
View file

@ -0,0 +1,76 @@
{ config, lib, name, ... }:
with builtins;
with lib;
let
cfg = config;
portHash = flip pipe [
(hashString "md5")
(substring 0 7)
(hash: (fromTOML "v=0x${hash}").v)
(flip mod cfg.reservedPorts.amount)
(add cfg.reservedPorts.start)
];
in
{
options = {
ipv4 = mkOption {
type = types.str;
default = "127.0.0.1";
description = "The IPv4 address.";
};
hostname = mkOption {
type = types.str;
description = "The hostname.";
};
port = mkOption {
type = types.int;
description = "The TCP or UDP port.";
};
portStr = mkOption {
type = types.str;
description = "The TCP or UDP port, as a string.";
};
reservedPorts = {
amount = mkOption {
type = types.int;
default = 10000;
description = "Amount of ports to reserve at most.";
};
start = mkOption {
type = types.int;
default = 30000;
description = "Starting point for reserved ports.";
};
};
protocol = mkOption {
type = types.str;
description = "The protocol in URL scheme name format.";
};
path = mkOption {
type = types.nullOr types.path;
default = null;
description = "The resource path.";
};
url = mkOption {
type = types.str;
description = "The URL.";
};
tuple = mkOption {
type = types.str;
description = "The hostname:port tuple.";
};
};
config = mkIf true {
hostname = mkDefault cfg.ipv4;
port = mkDefault (portHash "${cfg.hostname}:${name}");
portStr = toString cfg.port;
tuple = "${cfg.hostname}:${cfg.portStr}";
url = "${cfg.protocol}://${cfg.hostname}:${cfg.portStr}${if cfg.path == null then "" else cfg.path}";
};
}

19
packages/dream2nix-overrides/nodejs/default.nix
View file

@ -10,24 +10,9 @@
let let
versionGate = pkg: target: versionGate = pkg: target:
assert assert
lib.assertMsg (lib.versionAtLeast target.version pkg.version) lib.assertMsg (lib.versionOlder pkg.version target.version)
"${pkg.name} has reached the desired version upstream"; "${pkg.name} has reached the desired version upstream";
target; target;
vips_8_12_2' = pkgs.vips.overrideAttrs (_: {
version = "8.12.2";
src = pkgs.fetchFromGitHub {
owner = "libvips";
repo = "libvips";
rev = "v8.12.2";
sha256 = "sha256-ffDJJWe/SzG+lppXEiyfXXL5KLdZgnMjv1SYnuYnh4c=";
postFetch = ''
rm -r $out/test/test-suite/images/
'';
};
});
vips_8_12_2 = versionGate pkgs.vips vips_8_12_2';
in in
{ {
@ -36,7 +21,7 @@ in
pkg-config pkg-config
]; ];
buildInputs = old: old ++ [ buildInputs = old: old ++ [
vips_8_12_2 vips
]; ];
}; };
ghost.build = { ghost.build = {

69
packages/networking/ipfs/default.nix Normal file
View file

@ -0,0 +1,69 @@
{ lib, buildGoModule, fetchurl, nixosTests, openssl, pkg-config }:
buildGoModule rec {
pname = "ipfs";
version = "0.13.0"; # When updating, also check if the repo version changed and adjust repoVersion below
rev = "v${version}";
repoVersion = "12"; # Also update ipfs-migrator when changing the repo version
# go-ipfs makes changes to it's source tarball that don't match the git source.
src = fetchurl {
url = "https://github.com/ipfs/go-ipfs/releases/download/${rev}/go-ipfs-source.tar.gz";
sha256 = "sha256-eEIHsmtD3vF48RVFHEz28gkVv7u50pMBE8Z+oaM6pLM=";
};
# tarball contains multiple files/directories
postUnpack = ''
mkdir ipfs-src
shopt -s extglob
mv !(ipfs-src) ipfs-src || true
cd ipfs-src
'';
sourceRoot = ".";
subPackages = [ "cmd/ipfs" ];
buildInputs = [ openssl ];
nativeBuildInputs = [ pkg-config ];
tags = [ "openssl" ];
passthru.tests.ipfs = nixosTests.ipfs;
vendorSha256 = null;
outputs = [ "out" "systemd_unit" "systemd_unit_hardened" ];
patches = [
./ipfs-allow-publish-with-ipns-mounted.patch
./ipfs-fuse-nuke-getxattr.patch
./ipfs-unsafe-allow-all-paths-for-filestore.patch
./lain-webui-0.13.0.patch
];
postPatch = ''
substituteInPlace 'misc/systemd/ipfs.service' \
--replace '/usr/bin/ipfs' "$out/bin/ipfs"
substituteInPlace 'misc/systemd/ipfs-hardened.service' \
--replace '/usr/bin/ipfs' "$out/bin/ipfs"
'';
postInstall = ''
install --mode=444 -D 'misc/systemd/ipfs-api.socket' "$systemd_unit/etc/systemd/system/ipfs-api.socket"
install --mode=444 -D 'misc/systemd/ipfs-gateway.socket' "$systemd_unit/etc/systemd/system/ipfs-gateway.socket"
install --mode=444 -D 'misc/systemd/ipfs.service' "$systemd_unit/etc/systemd/system/ipfs.service"
install --mode=444 -D 'misc/systemd/ipfs-api.socket' "$systemd_unit_hardened/etc/systemd/system/ipfs-api.socket"
install --mode=444 -D 'misc/systemd/ipfs-gateway.socket' "$systemd_unit_hardened/etc/systemd/system/ipfs-gateway.socket"
install --mode=444 -D 'misc/systemd/ipfs-hardened.service' "$systemd_unit_hardened/etc/systemd/system/ipfs.service"
'';
meta = with lib; {
description = "A global, versioned, peer-to-peer filesystem";
homepage = "https://ipfs.io/";
license = licenses.mit;
platforms = platforms.unix;
maintainers = with maintainers; [ fpletz ];
};
}

0
patches/base/ipfs/ipfs-allow-publish-with-ipns-mounted.patch → packages/networking/ipfs/ipfs-allow-publish-with-ipns-mounted.patch
View file

0
patches/base/ipfs/ipfs-fuse-nuke-getxattr.patch → packages/networking/ipfs/ipfs-fuse-nuke-getxattr.patch
View file

0
patches/base/ipfs/ipfs-unsafe-allow-all-paths-for-filestore.patch → packages/networking/ipfs/ipfs-unsafe-allow-all-paths-for-filestore.patch
View file

2
patches/base/ipfs/lain-webui-0.10.0.patch → packages/networking/ipfs/lain-webui-0.13.0.patch
View file

@ -4,7 +4,7 @@
package corehttp package corehttp
// TODO: move to IPNS // TODO: move to IPNS
-const WebUIPath = "/ipfs/bafybeihcyruaeza7uyjd6ugicbcrqumejf6uf353e5etdkhotqffwtguva" // v2.13.0 -const WebUIPath = "/ipfs/bafybeiednzu62vskme5wpoj4bjjikeg3xovfpp4t7vxk5ty2jxdi4mv4bu" // v2.15.0
+const WebUIPath = "/ipns/webui.ipfs.privatevoid.net" +const WebUIPath = "/ipns/webui.ipfs.privatevoid.net"
// this is a list of all past webUI paths. // this is a list of all past webUI paths.

2
packages/patched-derivations.nix
View file

@ -3,8 +3,6 @@ in with tools;
super: rec { super: rec {
hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nixVersions.nix_2_8; }; hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nixVersions.nix_2_8; };
lain-ipfs = patch-rename (super.ipfs_latest or super.ipfs) "lain-ipfs" "patches/base/ipfs";
sssd = (super.sssd.override { withSudo = true; }).overrideAttrs (old: { sssd = (super.sssd.override { withSudo = true; }).overrideAttrs (old: {
postFixup = (old.postFixup or "") + '' postFixup = (old.postFixup or "") + ''
${super.removeReferencesTo}/bin/remove-references-to -t ${super.stdenv.cc.cc} $out/modules/ldb/memberof.so ${super.removeReferencesTo}/bin/remove-references-to -t ${super.stdenv.cc.cc} $out/modules/ldb/memberof.so

12
packages/projects.nix
View file

@ -6,7 +6,7 @@ let
pins = import ./sources; pins = import ./sources;
dream2nix = inputs.dream2nix.lib2.init { dream2nix = inputs.dream2nix.lib2.init {
systems = [ system ]; inherit pkgs;
config = { config = {
projectRoot = ./.; projectRoot = ./.;
overridesDirs = [ ./dream2nix-overrides ]; overridesDirs = [ ./dream2nix-overrides ];
@ -23,27 +23,29 @@ in
packages = rec { packages = rec {
ghost = let ghost = let
version = "4.41.3"; version = "4.41.3";
dream = dream2nix.makeFlakeOutputs { dream = dream2nix.makeOutputs {
source = pkgs.fetchzip { source = pkgs.fetchzip {
url = "https://github.com/TryGhost/Ghost/releases/download/v${version}/Ghost-${version}.zip"; url = "https://github.com/TryGhost/Ghost/releases/download/v${version}/Ghost-${version}.zip";
sha256 = "sha256-mqN43LSkd9MHoIHyGS1VsPvpqWqX4Bx5KHcp3KOHw5A="; sha256 = "sha256-mqN43LSkd9MHoIHyGS1VsPvpqWqX4Bx5KHcp3KOHw5A=";
stripRoot = false; stripRoot = false;
}; };
}; };
inherit (dream.packages.${system}) ghost; inherit (dream.packages) ghost;
in in
ghost; ghost;
uptime-kuma = let uptime-kuma = let
dream = dream2nix.makeFlakeOutputs { dream = dream2nix.makeOutputs {
source = pins.uptime-kuma; source = pins.uptime-kuma;
}; };
inherit (dream.packages.${system}) uptime-kuma; inherit (dream.packages) uptime-kuma;
in in
uptime-kuma; uptime-kuma;
hyprspace = pkgs.callPackage ./networking/hyprspace { iproute2mac = null; }; hyprspace = pkgs.callPackage ./networking/hyprspace { iproute2mac = null; };
ipfs = pkgs.callPackage ./networking/ipfs { };
npins = let npins = let
inherit (inputs.self.packages.${system}) nix-super; inherit (inputs.self.packages.${system}) nix-super;
in pkgs.callPackage ./tools/npins { in pkgs.callPackage ./tools/npins {

14
packages/sources/sources.json
View file

@ -8,9 +8,9 @@
"repo": "searxng" "repo": "searxng"
}, },
"branch": "master", "branch": "master",
"revision": "51ba817e06bb15ca1768010d6873d1d7bf48b0b6", "revision": "8177bf3f0a4d4f22cf63812dc86a80535cd15d68",
"url": "https://github.com/searxng/searxng/archive/51ba817e06bb15ca1768010d6873d1d7bf48b0b6.tar.gz", "url": "https://github.com/searxng/searxng/archive/8177bf3f0a4d4f22cf63812dc86a80535cd15d68.tar.gz",
"hash": "0g2gy6pjd7w6dg1n4f3ci7k3qkwwnkd0kcww88rk12v2rlsrijm3" "hash": "0hbz28sldk56id721r6c0fc9bahs99i90wygsddiba6n7kcn49zm"
}, },
"stevenblack": { "stevenblack": {
"type": "GitRelease", "type": "GitRelease",
@ -21,10 +21,10 @@
}, },
"pre_releases": false, "pre_releases": false,
"version_upper_bound": null, "version_upper_bound": null,
"version": "3.10.3", "version": "3.10.9",
"revision": "bbddccb8fe47ccc02edcf4866099daf921e3eb64", "revision": "1ed8b1f54ba3ce2f6f8a1c329fc5726aa04d24c5",
"url": "https://api.github.com/repos/StevenBlack/hosts/tarball/3.10.3", "url": "https://api.github.com/repos/StevenBlack/hosts/tarball/3.10.9",
"hash": "0sy624j4q1xb1wn3s9wjfii6yrimwpm4j5qy4z9hjjbcmr39xb2g" "hash": "1xskv09qrxly22vj32s6g8jnx4ijqy5pqmvwri8rx6w1vsklbg47"
}, },
"uptime-kuma": { "uptime-kuma": {
"type": "GitRelease", "type": "GitRelease",