Merge pull request #22 from privatevoid-net/platforn-22.05

Platforn 22.05
This commit is contained in:
Max Headroom 2022-05-31 09:23:40 +02:00 committed by GitHub
commit 8f60df5a87
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 89 additions and 120 deletions

View file

@ -86,11 +86,11 @@
]
},
"locked": {
"lastModified": 1653308769,
"narHash": "sha256-9bylbRkrmaUiYYjcVLd0JyvqpKveOUw5q2mBf2+pR0c=",
"lastModified": 1653917170,
"narHash": "sha256-FyxOnEE/V4PNEcMU62ikY4FfYPo349MOhMM97HS0XEo=",
"owner": "numtide",
"repo": "devshell",
"rev": "a00abaeb902ff568f9542d4b6f335e3a4db5c548",
"rev": "fc7a3e3adde9bbcab68af6d1e3c6eb738e296a92",
"type": "github"
},
"original": {
@ -114,11 +114,11 @@
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1653135531,
"narHash": "sha256-pYwJrEQrG8BgeVcI+lveK3KbOBDx9MT28HxV09v+jgI=",
"lastModified": 1653944295,
"narHash": "sha256-xoFmfL71JS/wP5SvkupqDB7SNhDFmb77dyiyniNAwYs=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "4b3dfb101fd2fdbe25bd128072f138276aa4bc82",
"rev": "ca7f4d0a7fb79813b446ebce097c3db538b37b8c",
"type": "github"
},
"original": {
@ -313,11 +313,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1653740649,
"narHash": "sha256-3kZc+D03J+Uleftpdv5BuBogwkc45zvhDte/AI0BvaI=",
"lastModified": 1653841712,
"narHash": "sha256-XBF4i1MuIRAEbFpj3Z3fVaYxzNEsYapyENtw3vG+q1I=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "6d99ef9727b1327ec7eb6fa2055b74bd88ea4709",
"rev": "e14d2131b7c81acca3904b584ac45fb72da64dd2",
"type": "github"
},
"original": {
@ -333,11 +333,11 @@
]
},
"locked": {
"lastModified": 1653518057,
"narHash": "sha256-cam3Nfae5ADeEs6mRPzr0jXB7+DhyMIXz0/0Q13r/yk=",
"lastModified": 1653943687,
"narHash": "sha256-xXW9t24HLf89+n/92kOqRRfOBE3KDna+9rAOefs5WSQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "64831f938bd413cefde0b0cf871febc494afaa4f",
"rev": "8f3e26705178cc8c1d982d37d881fc0d5b5b1837",
"type": "github"
},
"original": {
@ -482,17 +482,15 @@
"nix-super": {
"inputs": {
"lowdown-src": "lowdown-src_2",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs": "nixpkgs_5",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1652724099,
"narHash": "sha256-w9GhILEhu8EdIH1+PnDOT9qWESB8wgbaP2gdIqHPfjk=",
"lastModified": 1653842047,
"narHash": "sha256-rm8OIwU0+V9KMooDvj4Hdwio5MWjAn6CvdM3MU2tGhk=",
"ref": "refs/heads/master",
"rev": "2e3c7f0fed04ddcaec3116a82f226927b243b527",
"revCount": 12055,
"rev": "c6087c318fbc238269487ec3feee3d6ad762aee7",
"revCount": 12253,
"type": "git",
"url": "https://git.privatevoid.net/max/nix-super-fork"
},
@ -581,16 +579,31 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1653653155,
"narHash": "sha256-zeKfULtxT5f7yDHhg7awVhVEsTsMNGNS2/7xlymUIFU=",
"lastModified": 1645296114,
"narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13c15a84ffa02c5dd288f2398cd6eaf107d16dc5",
"rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05-small",
"type": "indirect"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1653948565,
"narHash": "sha256-jYfs8TQw/xRKOGg7NV+hVEZfYAVnqk4yEKhw111N4h4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7c1e79e294fe1be3cacb6408e3983bf2836c818e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11-small",
"ref": "nixos-22.05-small",
"repo": "nixpkgs",
"type": "github"
}
@ -688,24 +701,7 @@
"mms": "mms",
"nar-serve": "nar-serve",
"nix-super": "nix-super",
"nixpkgs": "nixpkgs_5",
"unstable": "unstable"
}
},
"unstable": {
"locked": {
"lastModified": 1653750779,
"narHash": "sha256-yQ5bsgAnUMS/MB2uRi+RANcXtlNENYp5+CZNvDVGxFo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fa66e6d444f37c80d973d75fd3e0d28e286d8ea4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
"nixpkgs": "nixpkgs_6"
}
},
"utils": {

View file

@ -2,11 +2,9 @@
description = "Private Void system configurations";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11-small";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05-small";
nix-super.url = "git+https://git.privatevoid.net/max/nix-super-fork";
nix-super.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager/master";
home-manager.inputs.nixpkgs.follows = "nixpkgs";

View file

@ -10,7 +10,7 @@
services.mysql = {
enable = true;
bind = "127.0.0.1";
settings.mysqld.bind-address = "127.0.0.1";
package = pkgs.mariadb;
dataDir = "/srv/storage/database/mariadb/data";
};

View file

@ -6,7 +6,7 @@ in
with tools.nginx.vhosts;
with tools.nginx.mappers;
{
security.acme.email = adminEmail;
security.acme.defaults.email = adminEmail;
security.acme.acceptTerms = true;
services.nginx = {
enable = true;

View file

@ -1,5 +1,5 @@
{
services.redis = {
services.redis.servers.default = {
enable = true;
};
}

View file

@ -6,6 +6,9 @@ let
proxy = tools.nginx.vhosts.proxy proxyTarget;
in
{
# n8n uses "Sustainable Use License"
nixpkgs.config.allowUnfree = true;
reservePortsFor = [ "api" ];
services.n8n = {

View file

@ -3,7 +3,7 @@ let
inherit (tools.meta) domain;
listener = {
port = 8008;
bind_address = "127.0.0.1";
bind_addresses = lib.singleton "127.0.0.1";
type = "http";
tls = false;
x_forwarded = true;
@ -22,27 +22,6 @@ let
"im.vector.riot.jitsi".preferredDomain = config.services.jitsi-meet.hostName;
};
clientConfigJSON = pkgs.writeText "matrix-client-config.json" (builtins.toJSON clientConfig);
extraConfig = {
experimental_features.spaces_enabled = true;
federation_ip_range_blacklist = cfg.url_preview_ip_range_blacklist;
admin_contact = "mailto:admins@${domain}";
max_upload_size = "32M";
max_spider_size = "10M";
emable_registration = true;
allow_guest_access = true;
push.include_content = true;
group_creation_prefix = "unofficial/";
app_service_config_files = [
"/etc/synapse/discord-registration.yaml"
];
turn_uris = let
combinations = lib.cartesianProductOfSets {
proto = [ "udp" "tcp" ];
scheme = [ "turns" "turn" ];
};
makeTurnServer = x: "${x.scheme}:turn.${domain}?transport=${x.proto}";
in map makeTurnServer combinations;
};
cfg = config.services.matrix-synapse;
in {
imports = [
@ -82,27 +61,44 @@ in {
enable = true;
plugins = [ pkgs.matrix-synapse-plugins.matrix-synapse-ldap3 ];
server_name = domain;
listeners = lib.singleton listener;
settings = {
server_name = domain;
listeners = lib.singleton listener;
url_preview_enabled = true;
experimental_features.spaces_enabled = true;
admin_contact = "mailto:admins@${domain}";
max_upload_size = "32M";
max_spider_size = "10M";
emable_registration = true;
allow_guest_access = true;
push.include_content = true;
group_creation_prefix = "unofficial/";
app_service_config_files = [
"/etc/synapse/discord-registration.yaml"
];
turn_uris = let
combinations = lib.cartesianProductOfSets {
proto = [ "udp" "tcp" ];
scheme = [ "turns" "turn" ];
};
makeTurnServer = x: "${x.scheme}:turn.${domain}?transport=${x.proto}";
in map makeTurnServer combinations;
};
url_preview_enabled = true;
extraConfigFiles = [
(pkgs.writeText "synapse-extra-config.yaml" (builtins.toJSON extraConfig))
] ++ (map (x: config.age.secrets.${x}.path) [
extraConfigFiles = map (x: config.age.secrets.${x}.path) [
"synapse-ldap"
"synapse-db"
"synapse-turn"
"synapse-keys"
]);
];
};
services.nginx.virtualHosts = tools.nginx.mappers.mapSubdomains {
matrix = tools.nginx.vhosts.basic // {
locations."/".return = "204";
locations."/_matrix" = {
proxyPass = with listener; "${type}://${bind_address}:${builtins.toString port}";
extraConfig = "client_max_body_size ${extraConfig.max_upload_size};";
proxyPass = "http://127.0.0.1:8008";
extraConfig = "client_max_body_size ${cfg.settings.max_upload_size};";
};
locations."= /.well-known/matrix/client".alias = clientConfigJSON;
};

View file

@ -18,7 +18,7 @@ in
};
};
services.nextcloud = {
package = pkgs.nextcloud23;
package = pkgs.nextcloud24;
enable = true;
https = true;
hostName = "storage.${tools.meta.domain}";

View file

@ -17,29 +17,25 @@ in
mode = "0400";
};
services.nginx.virtualHosts = {
"${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.bindAddress}:${config.portsStr.keycloak}") {
"${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.settings.http-host}:${config.portsStr.keycloak}") {
locations."= /".return = "302 /auth/realms/master/account/";
};
"account.${domain}" = vhosts.redirect "https://${login}/auth/realms/master/account/";
};
services.keycloak = {
enable = true;
frontendUrl = "https://${login}/auth";
bindAddress = "127.0.0.1";
httpPort = config.portsStr.keycloak;
database = {
createLocally = true;
type = "postgresql";
passwordFile = config.age.secrets.keycloak-dbpass.path;
};
extraConfig = {
"subsystem=undertow" = {
"server=default-server" = {
"http-listener=default" = {
proxy-address-forwarding = true;
};
};
};
settings = {
http-host = "127.0.0.1";
http-port = config.ports.keycloak;
hostname = login;
proxy = "edge";
# for backcompat, TODO: remove
http-relative-path = "/auth";
};
};
}

View file

@ -6,7 +6,7 @@ in
with tools.nginx.vhosts;
with tools.nginx.mappers;
{
security.acme.email = adminEmail;
security.acme.defaults.email = adminEmail;
security.acme.acceptTerms = true;
services.nginx = {
enable = true;

View file

@ -17,10 +17,6 @@
jre_headless = patched.jre17_standard;
} // lib.optionalAttrs config.krb5.enable {
bind = patched.kerberized-bind;
dnsutils = patched.kerberized-dnsutils;
dig = patched.kerberized-dig;
})
)
];

View file

@ -21,7 +21,7 @@ let
repo = "libvips";
rev = "v8.12.2";
sha256 = "sha256-ffDJJWe/SzG+lppXEiyfXXL5KLdZgnMjv1SYnuYnh4c=";
extraPostFetch = ''
postFetch = ''
rm -r $out/test/test-suite/images/
'';
};

View file

@ -1,14 +1,7 @@
let tools = import ./lib/tools.nix;
in with tools;
super: rec {
kerberized-bind = super.bind.overrideAttrs (attrs: {
configureFlags = attrs.configureFlags ++ [ "--with-gssapi=${super.krb5.dev}" ];
buildInputs = attrs.buildInputs ++ [ super.krb5 ];
});
kerberized-dnsutils = kerberized-bind.dnsutils;
kerberized-dig = kerberized-bind.dnsutils;
hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nix_2_4; };
hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nixVersions.nix_2_8; };
lain-ipfs = patch-rename (super.ipfs_latest or super.ipfs) "lain-ipfs" "patches/base/ipfs";

View file

@ -60,16 +60,7 @@ in
meta.mainProgram = "reflex";
};
searxng = let
scope = pkgs.python3Packages.overrideScope (final: prev: let
pullDownPackages = pypkgs: lib.genAttrs pypkgs (pkgName:
final.callPackage "${unstable}/pkgs/development/python-modules/${pkgName}/default.nix" {}
);
in pullDownPackages [ "httpcore" "httpx" "httpx-socks" "h2" "python-socks" "socksio" ]);
in pkgs.callPackage ./web-apps/searxng rec {
python3Packages = scope;
inherit pins;
};
searxng = pkgs.callPackage ./web-apps/searxng { inherit pins; };
sips = pkgs.callPackage ./servers/sips { };

View file

@ -1,12 +1,12 @@
diff --git a/vendor/github.com/ipfs/go-filestore/fsrefstore.go b/vendor/github.com/ipfs/go-filestore/fsrefstore.go
index 19927e0..7ff13aa 100644
index 9eb2b43..43e336c 100644
--- a/vendor/github.com/ipfs/go-filestore/fsrefstore.go
+++ b/vendor/github.com/ipfs/go-filestore/fsrefstore.go
@@ -281,9 +281,6 @@ func (f *FileManager) putTo(b *posinfo.FilestoreNode, to putter) error {
if !f.AllowFiles {
@@ -291,9 +291,6 @@ func (f *FileManager) putTo(ctx context.Context, b *posinfo.FilestoreNode, to pu
return ErrFilestoreNotEnabled
}
- if !filepath.HasPrefix(b.PosInfo.FullPath, f.root) { //nolint:staticcheck
//lint:ignore SA1019 // ignore staticcheck
- if !filepath.HasPrefix(b.PosInfo.FullPath, f.root) {
- return fmt.Errorf("cannot add filestore references outside ipfs root (%s)", f.root)
- }