Merge pull request #22 from privatevoid-net/platforn-22.05
Platforn 22.05
This commit is contained in:
commit
8f60df5a87
15 changed files with 89 additions and 120 deletions
78
flake.lock
78
flake.lock
|
@ -86,11 +86,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1653308769,
|
||||
"narHash": "sha256-9bylbRkrmaUiYYjcVLd0JyvqpKveOUw5q2mBf2+pR0c=",
|
||||
"lastModified": 1653917170,
|
||||
"narHash": "sha256-FyxOnEE/V4PNEcMU62ikY4FfYPo349MOhMM97HS0XEo=",
|
||||
"owner": "numtide",
|
||||
"repo": "devshell",
|
||||
"rev": "a00abaeb902ff568f9542d4b6f335e3a4db5c548",
|
||||
"rev": "fc7a3e3adde9bbcab68af6d1e3c6eb738e296a92",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -114,11 +114,11 @@
|
|||
"pre-commit-hooks": "pre-commit-hooks"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1653135531,
|
||||
"narHash": "sha256-pYwJrEQrG8BgeVcI+lveK3KbOBDx9MT28HxV09v+jgI=",
|
||||
"lastModified": 1653944295,
|
||||
"narHash": "sha256-xoFmfL71JS/wP5SvkupqDB7SNhDFmb77dyiyniNAwYs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "dream2nix",
|
||||
"rev": "4b3dfb101fd2fdbe25bd128072f138276aa4bc82",
|
||||
"rev": "ca7f4d0a7fb79813b446ebce097c3db538b37b8c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -313,11 +313,11 @@
|
|||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1653740649,
|
||||
"narHash": "sha256-3kZc+D03J+Uleftpdv5BuBogwkc45zvhDte/AI0BvaI=",
|
||||
"lastModified": 1653841712,
|
||||
"narHash": "sha256-XBF4i1MuIRAEbFpj3Z3fVaYxzNEsYapyENtw3vG+q1I=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "hercules-ci-effects",
|
||||
"rev": "6d99ef9727b1327ec7eb6fa2055b74bd88ea4709",
|
||||
"rev": "e14d2131b7c81acca3904b584ac45fb72da64dd2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -333,11 +333,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1653518057,
|
||||
"narHash": "sha256-cam3Nfae5ADeEs6mRPzr0jXB7+DhyMIXz0/0Q13r/yk=",
|
||||
"lastModified": 1653943687,
|
||||
"narHash": "sha256-xXW9t24HLf89+n/92kOqRRfOBE3KDna+9rAOefs5WSQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "64831f938bd413cefde0b0cf871febc494afaa4f",
|
||||
"rev": "8f3e26705178cc8c1d982d37d881fc0d5b5b1837",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -482,17 +482,15 @@
|
|||
"nix-super": {
|
||||
"inputs": {
|
||||
"lowdown-src": "lowdown-src_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"nixpkgs-regression": "nixpkgs-regression"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1652724099,
|
||||
"narHash": "sha256-w9GhILEhu8EdIH1+PnDOT9qWESB8wgbaP2gdIqHPfjk=",
|
||||
"lastModified": 1653842047,
|
||||
"narHash": "sha256-rm8OIwU0+V9KMooDvj4Hdwio5MWjAn6CvdM3MU2tGhk=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "2e3c7f0fed04ddcaec3116a82f226927b243b527",
|
||||
"revCount": 12055,
|
||||
"rev": "c6087c318fbc238269487ec3feee3d6ad762aee7",
|
||||
"revCount": 12253,
|
||||
"type": "git",
|
||||
"url": "https://git.privatevoid.net/max/nix-super-fork"
|
||||
},
|
||||
|
@ -581,16 +579,31 @@
|
|||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1653653155,
|
||||
"narHash": "sha256-zeKfULtxT5f7yDHhg7awVhVEsTsMNGNS2/7xlymUIFU=",
|
||||
"lastModified": 1645296114,
|
||||
"narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "13c15a84ffa02c5dd288f2398cd6eaf107d16dc5",
|
||||
"rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-21.05-small",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1653948565,
|
||||
"narHash": "sha256-jYfs8TQw/xRKOGg7NV+hVEZfYAVnqk4yEKhw111N4h4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7c1e79e294fe1be3cacb6408e3983bf2836c818e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-21.11-small",
|
||||
"ref": "nixos-22.05-small",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -688,24 +701,7 @@
|
|||
"mms": "mms",
|
||||
"nar-serve": "nar-serve",
|
||||
"nix-super": "nix-super",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"unstable": "unstable"
|
||||
}
|
||||
},
|
||||
"unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1653750779,
|
||||
"narHash": "sha256-yQ5bsgAnUMS/MB2uRi+RANcXtlNENYp5+CZNvDVGxFo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "fa66e6d444f37c80d973d75fd3e0d28e286d8ea4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable-small",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
"nixpkgs": "nixpkgs_6"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
|
|
|
@ -2,11 +2,9 @@
|
|||
description = "Private Void system configurations";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11-small";
|
||||
unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05-small";
|
||||
|
||||
nix-super.url = "git+https://git.privatevoid.net/max/nix-super-fork";
|
||||
nix-super.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
home-manager.url = "github:nix-community/home-manager/master";
|
||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
bind = "127.0.0.1";
|
||||
settings.mysqld.bind-address = "127.0.0.1";
|
||||
package = pkgs.mariadb;
|
||||
dataDir = "/srv/storage/database/mariadb/data";
|
||||
};
|
||||
|
|
|
@ -6,7 +6,7 @@ in
|
|||
with tools.nginx.vhosts;
|
||||
with tools.nginx.mappers;
|
||||
{
|
||||
security.acme.email = adminEmail;
|
||||
security.acme.defaults.email = adminEmail;
|
||||
security.acme.acceptTerms = true;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
services.redis = {
|
||||
services.redis.servers.default = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,6 +6,9 @@ let
|
|||
proxy = tools.nginx.vhosts.proxy proxyTarget;
|
||||
in
|
||||
{
|
||||
# n8n uses "Sustainable Use License"
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
reservePortsFor = [ "api" ];
|
||||
|
||||
services.n8n = {
|
||||
|
|
|
@ -3,7 +3,7 @@ let
|
|||
inherit (tools.meta) domain;
|
||||
listener = {
|
||||
port = 8008;
|
||||
bind_address = "127.0.0.1";
|
||||
bind_addresses = lib.singleton "127.0.0.1";
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
|
@ -22,27 +22,6 @@ let
|
|||
"im.vector.riot.jitsi".preferredDomain = config.services.jitsi-meet.hostName;
|
||||
};
|
||||
clientConfigJSON = pkgs.writeText "matrix-client-config.json" (builtins.toJSON clientConfig);
|
||||
extraConfig = {
|
||||
experimental_features.spaces_enabled = true;
|
||||
federation_ip_range_blacklist = cfg.url_preview_ip_range_blacklist;
|
||||
admin_contact = "mailto:admins@${domain}";
|
||||
max_upload_size = "32M";
|
||||
max_spider_size = "10M";
|
||||
emable_registration = true;
|
||||
allow_guest_access = true;
|
||||
push.include_content = true;
|
||||
group_creation_prefix = "unofficial/";
|
||||
app_service_config_files = [
|
||||
"/etc/synapse/discord-registration.yaml"
|
||||
];
|
||||
turn_uris = let
|
||||
combinations = lib.cartesianProductOfSets {
|
||||
proto = [ "udp" "tcp" ];
|
||||
scheme = [ "turns" "turn" ];
|
||||
};
|
||||
makeTurnServer = x: "${x.scheme}:turn.${domain}?transport=${x.proto}";
|
||||
in map makeTurnServer combinations;
|
||||
};
|
||||
cfg = config.services.matrix-synapse;
|
||||
in {
|
||||
imports = [
|
||||
|
@ -82,27 +61,44 @@ in {
|
|||
enable = true;
|
||||
plugins = [ pkgs.matrix-synapse-plugins.matrix-synapse-ldap3 ];
|
||||
|
||||
server_name = domain;
|
||||
listeners = lib.singleton listener;
|
||||
settings = {
|
||||
server_name = domain;
|
||||
listeners = lib.singleton listener;
|
||||
url_preview_enabled = true;
|
||||
experimental_features.spaces_enabled = true;
|
||||
admin_contact = "mailto:admins@${domain}";
|
||||
max_upload_size = "32M";
|
||||
max_spider_size = "10M";
|
||||
emable_registration = true;
|
||||
allow_guest_access = true;
|
||||
push.include_content = true;
|
||||
group_creation_prefix = "unofficial/";
|
||||
app_service_config_files = [
|
||||
"/etc/synapse/discord-registration.yaml"
|
||||
];
|
||||
turn_uris = let
|
||||
combinations = lib.cartesianProductOfSets {
|
||||
proto = [ "udp" "tcp" ];
|
||||
scheme = [ "turns" "turn" ];
|
||||
};
|
||||
makeTurnServer = x: "${x.scheme}:turn.${domain}?transport=${x.proto}";
|
||||
in map makeTurnServer combinations;
|
||||
};
|
||||
|
||||
url_preview_enabled = true;
|
||||
|
||||
extraConfigFiles = [
|
||||
(pkgs.writeText "synapse-extra-config.yaml" (builtins.toJSON extraConfig))
|
||||
] ++ (map (x: config.age.secrets.${x}.path) [
|
||||
extraConfigFiles = map (x: config.age.secrets.${x}.path) [
|
||||
"synapse-ldap"
|
||||
"synapse-db"
|
||||
"synapse-turn"
|
||||
"synapse-keys"
|
||||
]);
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = tools.nginx.mappers.mapSubdomains {
|
||||
matrix = tools.nginx.vhosts.basic // {
|
||||
locations."/".return = "204";
|
||||
locations."/_matrix" = {
|
||||
proxyPass = with listener; "${type}://${bind_address}:${builtins.toString port}";
|
||||
extraConfig = "client_max_body_size ${extraConfig.max_upload_size};";
|
||||
proxyPass = "http://127.0.0.1:8008";
|
||||
extraConfig = "client_max_body_size ${cfg.settings.max_upload_size};";
|
||||
};
|
||||
locations."= /.well-known/matrix/client".alias = clientConfigJSON;
|
||||
};
|
||||
|
|
|
@ -18,7 +18,7 @@ in
|
|||
};
|
||||
};
|
||||
services.nextcloud = {
|
||||
package = pkgs.nextcloud23;
|
||||
package = pkgs.nextcloud24;
|
||||
enable = true;
|
||||
https = true;
|
||||
hostName = "storage.${tools.meta.domain}";
|
||||
|
|
|
@ -17,29 +17,25 @@ in
|
|||
mode = "0400";
|
||||
};
|
||||
services.nginx.virtualHosts = {
|
||||
"${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.bindAddress}:${config.portsStr.keycloak}") {
|
||||
"${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.settings.http-host}:${config.portsStr.keycloak}") {
|
||||
locations."= /".return = "302 /auth/realms/master/account/";
|
||||
};
|
||||
"account.${domain}" = vhosts.redirect "https://${login}/auth/realms/master/account/";
|
||||
};
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
frontendUrl = "https://${login}/auth";
|
||||
bindAddress = "127.0.0.1";
|
||||
httpPort = config.portsStr.keycloak;
|
||||
database = {
|
||||
createLocally = true;
|
||||
type = "postgresql";
|
||||
passwordFile = config.age.secrets.keycloak-dbpass.path;
|
||||
};
|
||||
extraConfig = {
|
||||
"subsystem=undertow" = {
|
||||
"server=default-server" = {
|
||||
"http-listener=default" = {
|
||||
proxy-address-forwarding = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
settings = {
|
||||
http-host = "127.0.0.1";
|
||||
http-port = config.ports.keycloak;
|
||||
hostname = login;
|
||||
proxy = "edge";
|
||||
# for backcompat, TODO: remove
|
||||
http-relative-path = "/auth";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ in
|
|||
with tools.nginx.vhosts;
|
||||
with tools.nginx.mappers;
|
||||
{
|
||||
security.acme.email = adminEmail;
|
||||
security.acme.defaults.email = adminEmail;
|
||||
security.acme.acceptTerms = true;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
|
@ -17,10 +17,6 @@
|
|||
|
||||
jre_headless = patched.jre17_standard;
|
||||
|
||||
} // lib.optionalAttrs config.krb5.enable {
|
||||
bind = patched.kerberized-bind;
|
||||
dnsutils = patched.kerberized-dnsutils;
|
||||
dig = patched.kerberized-dig;
|
||||
})
|
||||
)
|
||||
];
|
||||
|
|
|
@ -21,7 +21,7 @@ let
|
|||
repo = "libvips";
|
||||
rev = "v8.12.2";
|
||||
sha256 = "sha256-ffDJJWe/SzG+lppXEiyfXXL5KLdZgnMjv1SYnuYnh4c=";
|
||||
extraPostFetch = ''
|
||||
postFetch = ''
|
||||
rm -r $out/test/test-suite/images/
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -1,14 +1,7 @@
|
|||
let tools = import ./lib/tools.nix;
|
||||
in with tools;
|
||||
super: rec {
|
||||
kerberized-bind = super.bind.overrideAttrs (attrs: {
|
||||
configureFlags = attrs.configureFlags ++ [ "--with-gssapi=${super.krb5.dev}" ];
|
||||
buildInputs = attrs.buildInputs ++ [ super.krb5 ];
|
||||
});
|
||||
kerberized-dnsutils = kerberized-bind.dnsutils;
|
||||
kerberized-dig = kerberized-bind.dnsutils;
|
||||
|
||||
hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nix_2_4; };
|
||||
hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nixVersions.nix_2_8; };
|
||||
|
||||
lain-ipfs = patch-rename (super.ipfs_latest or super.ipfs) "lain-ipfs" "patches/base/ipfs";
|
||||
|
||||
|
|
|
@ -60,16 +60,7 @@ in
|
|||
meta.mainProgram = "reflex";
|
||||
};
|
||||
|
||||
searxng = let
|
||||
scope = pkgs.python3Packages.overrideScope (final: prev: let
|
||||
pullDownPackages = pypkgs: lib.genAttrs pypkgs (pkgName:
|
||||
final.callPackage "${unstable}/pkgs/development/python-modules/${pkgName}/default.nix" {}
|
||||
);
|
||||
in pullDownPackages [ "httpcore" "httpx" "httpx-socks" "h2" "python-socks" "socksio" ]);
|
||||
in pkgs.callPackage ./web-apps/searxng rec {
|
||||
python3Packages = scope;
|
||||
inherit pins;
|
||||
};
|
||||
searxng = pkgs.callPackage ./web-apps/searxng { inherit pins; };
|
||||
|
||||
sips = pkgs.callPackage ./servers/sips { };
|
||||
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
diff --git a/vendor/github.com/ipfs/go-filestore/fsrefstore.go b/vendor/github.com/ipfs/go-filestore/fsrefstore.go
|
||||
index 19927e0..7ff13aa 100644
|
||||
index 9eb2b43..43e336c 100644
|
||||
--- a/vendor/github.com/ipfs/go-filestore/fsrefstore.go
|
||||
+++ b/vendor/github.com/ipfs/go-filestore/fsrefstore.go
|
||||
@@ -281,9 +281,6 @@ func (f *FileManager) putTo(b *posinfo.FilestoreNode, to putter) error {
|
||||
if !f.AllowFiles {
|
||||
@@ -291,9 +291,6 @@ func (f *FileManager) putTo(ctx context.Context, b *posinfo.FilestoreNode, to pu
|
||||
return ErrFilestoreNotEnabled
|
||||
}
|
||||
- if !filepath.HasPrefix(b.PosInfo.FullPath, f.root) { //nolint:staticcheck
|
||||
//lint:ignore SA1019 // ignore staticcheck
|
||||
- if !filepath.HasPrefix(b.PosInfo.FullPath, f.root) {
|
||||
- return fmt.Errorf("cannot add filestore references outside ipfs root (%s)", f.root)
|
||||
- }
|
||||
|
||||
|
|
Loading…
Reference in a new issue