Merge branch 'staging'

This commit is contained in:
Max Headroom 2022-05-25 20:45:29 +02:00
commit 9a6ad0b080
8 changed files with 156 additions and 27 deletions

View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1648942457, "lastModified": 1652712410,
"narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=", "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01", "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -29,11 +29,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1648332543, "lastModified": 1652972885,
"narHash": "sha256-9FWmFNLCOp4y0I8Yb4GvgGXxtDq3nBDSTI9qyCi2LJ4=", "narHash": "sha256-OKTV5Mi0WyDGsF6GcTwWkgJPNRkskD5yqCZZmghZYHI=",
"owner": "kamadorueda", "owner": "kamadorueda",
"repo": "alejandra", "repo": "alejandra",
"rev": "5cbb3486c7959646f452830c0a223edc5db5b951", "rev": "69d2075e432c562099965829d8bc4da701b10d20",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -67,7 +67,7 @@
"locked": { "locked": {
"lastModified": 1638903228, "lastModified": 1638903228,
"narHash": "sha256-mEbLD0A9gp159pFtdK4n1Yp2uFSE1T2nOr8BkfwgrC8=", "narHash": "sha256-mEbLD0A9gp159pFtdK4n1Yp2uFSE1T2nOr8BkfwgrC8=",
"ref": "master", "ref": "refs/heads/master",
"rev": "0d11e93f47be21051683e1b38f6b0dcb3f0a71cf", "rev": "0d11e93f47be21051683e1b38f6b0dcb3f0a71cf",
"revCount": 244, "revCount": 244,
"type": "git", "type": "git",
@ -86,11 +86,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1650900878, "lastModified": 1653308769,
"narHash": "sha256-qhNncMBSa9STnhiLfELEQpYC1L4GrYHNIzyCZ/pilsI=", "narHash": "sha256-9bylbRkrmaUiYYjcVLd0JyvqpKveOUw5q2mBf2+pR0c=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "d97df53b5ddaa1cfbea7cddbd207eb2634304733", "rev": "a00abaeb902ff568f9542d4b6f335e3a4db5c548",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -114,11 +114,11 @@
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1650924659, "lastModified": 1653135531,
"narHash": "sha256-tWF0/yM+5yB5NSvc3NXAhkya4KSswKczzrTkFR6DucY=", "narHash": "sha256-pYwJrEQrG8BgeVcI+lveK3KbOBDx9MT28HxV09v+jgI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "dream2nix", "repo": "dream2nix",
"rev": "c93972bd52977de332812fcc97ff77f8b85bcf42", "rev": "4b3dfb101fd2fdbe25bd128072f138276aa4bc82",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -333,11 +333,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1651007090, "lastModified": 1653340164,
"narHash": "sha256-C/OoQRzTUOWEr1sd3xTKA2GudA1YG1XB3MlL6KfTchg=", "narHash": "sha256-t6BPApyasx6FOv2cEVyFBXvkEDrknyUe7bngMbNSBkA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "778af87a981eb2bfa3566dff8c3fb510856329ef", "rev": "e66f0ff69a6c0698b35034b842c4b68814440778",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -485,11 +485,11 @@
"nixpkgs-regression": "nixpkgs-regression" "nixpkgs-regression": "nixpkgs-regression"
}, },
"locked": { "locked": {
"lastModified": 1650040615, "lastModified": 1652724099,
"narHash": "sha256-kUpPsz2XRBaXuJ/z9tAtL5TLTApdwrcHCmzzfmARn58=", "narHash": "sha256-w9GhILEhu8EdIH1+PnDOT9qWESB8wgbaP2gdIqHPfjk=",
"ref": "master", "ref": "refs/heads/master",
"rev": "0883a093d9d23401ddac12b3a94f38c8ed135428", "rev": "2e3c7f0fed04ddcaec3116a82f226927b243b527",
"revCount": 11896, "revCount": 12055,
"type": "git", "type": "git",
"url": "https://git.privatevoid.net/max/nix-super-fork" "url": "https://git.privatevoid.net/max/nix-super-fork"
}, },
@ -606,11 +606,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1650998007, "lastModified": 1653319070,
"narHash": "sha256-NcJnbGDBBN023x8s3ll3HZxBcQoPq1ry9E2sjg+4flc=", "narHash": "sha256-Z3cv967iN6mXgxhq1cjOoPod23XgNttCWHXMnMZUq9E=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a3917caedfead19f853aa5769de4c3ea4e4db584", "rev": "1c813bbdc330b45fe922c642eb610902aecd5673",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -710,7 +710,24 @@
"mms": "mms", "mms": "mms",
"nar-serve": "nar-serve", "nar-serve": "nar-serve",
"nix-super": "nix-super", "nix-super": "nix-super",
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_6",
"unstable": "unstable"
}
},
"unstable": {
"locked": {
"lastModified": 1653315696,
"narHash": "sha256-7tLCnzCz/fq86NEoF9+g/NkQRA2J+nkgytc7l2HuWnY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c11d9597c1b3cdc4fb44cbab48deec2cfbaa5281",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"utils": { "utils": {

View file

@ -3,6 +3,7 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11-small";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nix-super.url = "git+https://git.privatevoid.net/max/nix-super-fork"; nix-super.url = "git+https://git.privatevoid.net/max/nix-super-fork";
nix-super.inputs.nixpkgs.follows = "nixpkgs"; nix-super.inputs.nixpkgs.follows = "nixpkgs";
@ -65,7 +66,7 @@
mkDeployEffect = branch: name: host: let mkDeployEffect = branch: name: host: let
subdomain = host.enterprise.subdomain or "services"; subdomain = host.enterprise.subdomain or "services";
hostname = "${lib.toLower name}.${subdomain}.${meta.domain}"; hostname = "${lib.toLower name}.${subdomain}.${meta.domain}";
in effects.runIf (branch == "master") (effects.runNixOS { in effects.runIf (branch == "master" || branch == "staging") (effects.runNixOS {
requiredSystemFeatures = [ "hci-deploy-agent-nixos" ]; requiredSystemFeatures = [ "hci-deploy-agent-nixos" ];
config = self.nixosConfigurations.${name}.config // { outPath = "wtfwtfwtfwtfwtfwtf"; }; config = self.nixosConfigurations.${name}.config // { outPath = "wtfwtfwtfwtfwtfwtf"; };
secretsMap.ssh = "deploy-ssh"; secretsMap.ssh = "deploy-ssh";

View file

@ -0,0 +1,30 @@
{ config, inputs, lib, pkgs, tools, ... }:
let
port = config.portsStr.searxng;
in
{
reservePortsFor = [ "searxng" ];
age.secrets.searxng-secrets.file = ../../../../secrets/searxng-secrets.age;
services.searx = {
enable = true;
runInUwsgi = true;
package = inputs.self.packages.${pkgs.system}.searxng;
environmentFile = config.age.secrets.searxng-secrets.path;
settings = {
server = {
secret_key = "@SEARXNG_SECRET@";
};
};
uwsgiConfig = {
http = "127.0.0.1:${port}";
cache2 = "name=searxcache,items=2000,blocks=2000,blocksize=65536,bitmap=1";
buffer-size = 65536;
env = ["SEARXNG_SETTINGS_PATH=/run/searx/settings.yml"];
disable-logging = true;
};
};
services.nginx.virtualHosts."search.${tools.meta.domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${port}") {
extraConfig = "access_log off;";
};
}

View file

@ -35,6 +35,7 @@
./services/nix/binary-cache.nix ./services/nix/binary-cache.nix
./services/nix/nar-serve.nix ./services/nix/nar-serve.nix
./services/object-storage ./services/object-storage
./services/searxng
./services/sips ./services/sips
./services/sso ./services/sso
./services/uptime-kuma ./services/uptime-kuma

View file

@ -1,6 +1,7 @@
{ pkgs, inputs, system, ... }@args: { pkgs, inputs, system, ... }@args:
let let
inherit (pkgs) lib; inherit (pkgs) lib;
inherit (inputs) unstable;
dream2nix = inputs.dream2nix.lib2.init { dream2nix = inputs.dream2nix.lib2.init {
systems = [ system ]; systems = [ system ];
config = { config = {
@ -13,9 +14,10 @@ let
}); });
mkShell = import lib/devshell.nix args; mkShell = import lib/devshell.nix args;
in in
{ {
packages = { packages = rec {
ghost = let ghost = let
version = "4.41.3"; version = "4.41.3";
dream = dream2nix.makeFlakeOutputs { dream = dream2nix.makeFlakeOutputs {
@ -53,6 +55,16 @@ in
meta.mainProgram = "reflex"; meta.mainProgram = "reflex";
}; };
searxng = let
scope = pkgs.python3Packages.overrideScope (final: prev: let
pullDownPackages = pypkgs: lib.genAttrs pypkgs (pkgName:
final.callPackage "${unstable}/pkgs/development/python-modules/${pkgName}/default.nix" {}
);
in pullDownPackages [ "httpcore" "httpx" "httpx-socks" "h2" "python-socks" "socksio" ]);
in pkgs.callPackage ./web-apps/searxng rec {
python3Packages = scope;
};
sips = pkgs.callPackage ./servers/sips { }; sips = pkgs.callPackage ./servers/sips { };
}; };

View file

@ -0,0 +1,55 @@
{ lib, nixosTests, python3, python3Packages, fetchFromGitHub, fetchpatch }:
with python3Packages;
toPythonModule (buildPythonApplication rec {
pname = "searxng";
version = "20220520";
src = fetchFromGitHub {
owner = "searxng";
repo = "searxng";
rev = "61535a4c206aa247a6fa87697b70668048086e27";
sha256 = "sha256-Ek/YZ4YzXxA/spmEAgcqItSmsYa/aVTeOBZbFPqNpJ4=";
};
postPatch = ''
sed -i 's/==.*$//' requirements.txt
'';
preBuild = ''
export SEARX_DEBUG="true";
'';
propagatedBuildInputs = [
Babel
certifi
python-dateutil
flask
flaskbabel
brotli
jinja2
langdetect
lxml
h2
pygments
pyyaml
redis
uvloop
setproctitle
httpx
httpx-socks
markdown-it-py
];
# tests try to connect to network
doCheck = false;
pythonImportsCheck = [ "searx" ];
postInstall = ''
# Create a symlink for easier access to static data
mkdir -p $out/share
ln -s ../${python3.sitePackages}/searx/static $out/share/
'';
})

View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A o9pCQmL63KDruN/Gg/HshjgwhLE+JTl2pf7LvUaTRgQ
0ce3ziGDsBAQDWN2m/wcmhrG3Clwg2uAn5sWOISQRSU
-> ssh-ed25519 5/zT0w 7knP/WouF96lob3C6d1Pbs7+UujopARgw4g5oFoAlwg
lMCk97Hn+MwrgX1gpzyQwwSvcGAkoEqo7CDoDt52hL0
-> ssh-ed25519 d3WGuA yy+s/ktB3e16m7vrvE9T8fWleEjdTVcBsnOFsalK+1A
Xy4VSB8bJlKgCnm9XPdg7ntbD6shYVgMUH+OHcpfhHk
-> 0l-grease KU= d*EvjiX8 ] >:U
WYZYD6eSEKEVQPkb3XUVk/4EKnAxD9IQoMJmCtabDUkXsznlZxjbVvTIfyuermh2
--- CB9M2EiC80aVNSFJWHQroQyqp07mryoDCOWv5PEKGjs
½%MØõ‡ý:ç ,¾.ϳ³/ä„!aÅeüž‘½ð¾õ¹Ò,¸>¥Sw[L}««Ø(ˆFš&×÷œ,j…&ýð"£»uŠÙ <0C>´<><11>%= Y%¿ÀÍ”ÌkÕ±Z£l°ªÑóúΨâ¥+Sk‡¬Ñˆ] ÞHµþ9á®ÅÂÈKQÄøg:áVÈ\§øÓsyÂú¿<C3BA>% FÀ~vBâÕƒZemX;TÅ´

View file

@ -35,6 +35,7 @@ in with hosts;
"nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"searxng-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"sips-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "sips-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];