diff --git a/flake.lock b/flake.lock index 548607e..536e374 100644 --- a/flake.lock +++ b/flake.lock @@ -103,6 +103,9 @@ "flake-utils-pre-commit": [ "blank" ], + "ghc-utils": [ + "blank" + ], "gomod2nix": [ "blank" ], @@ -120,11 +123,11 @@ ] }, "locked": { - "lastModified": 1665936754, - "narHash": "sha256-eAugmGOb0OtfZPBikOIbfZg0BV/sBui4EY1yfVFotAs=", + "lastModified": 1666482228, + "narHash": "sha256-THlz/EX4V416NkWXPM5ViAXKeN0doaz8yi7Q7EMSGl8=", "owner": "nix-community", "repo": "dream2nix", - "rev": "fa708ced6f97b266092a54fc881b8f373290f505", + "rev": "03f9323d2c687df677cbf355ba7135dde03a88ec", "type": "github" }, "original": { @@ -311,11 +314,11 @@ }, "locked": { "host": "git.privatevoid.net", - "lastModified": 1663360760, - "narHash": "sha256-4O8y84iDaODDGCXuNJFVlcvhK7kQQsf9n3l1HD6Q5Y4=", + "lastModified": 1666194069, + "narHash": "sha256-p3vx4NG4ZgY8j0p0n3yOy1wENPOeQj60XG+x1wJLiMY=", "owner": "max", "repo": "nix-super", - "rev": "7622f95f9a58ce4db5df6eaec1c6954c16c728ad", + "rev": "ad8422ed3f56448a7b05a25ed764c242b3d0dd64", "type": "gitlab" }, "original": { @@ -353,11 +356,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1665870850, - "narHash": "sha256-EkC/Kkc9cr2orI868OHnh6F8/aqS4TZy38ie+KnhfS8=", + "lastModified": 1666401273, + "narHash": "sha256-AG3MoIjcWwz1SPjJ2nymWu4NmeVj9P40OpB1lsmxFtg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "945a85cb7ee31f5f8c49432d77b610b777662d4f", + "rev": "3933d8bb9120573c0d8d49dc5e890cb211681490", "type": "github" }, "original": { @@ -370,11 +373,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1665870850, - "narHash": "sha256-EkC/Kkc9cr2orI868OHnh6F8/aqS4TZy38ie+KnhfS8=", + "lastModified": 1666401273, + "narHash": "sha256-AG3MoIjcWwz1SPjJ2nymWu4NmeVj9P40OpB1lsmxFtg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "945a85cb7ee31f5f8c49432d77b610b777662d4f", + "rev": "3933d8bb9120573c0d8d49dc5e890cb211681490", "type": "github" }, "original": { @@ -395,11 +398,11 @@ ] }, "locked": { - "lastModified": 1665455310, - "narHash": "sha256-gEG1UiKz65SNWDU1NJmxLneo+kn7WjxrfucSk1zhU6o=", + "lastModified": 1666419213, + "narHash": "sha256-HMlUJnMbvRJO7bxwQhn9VQmv0wcBv9Q29NTPD/bbr94=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "d62ba59f1e28c382665c57203a4b9ad11fd7f449", + "rev": "3b9040d19e18db212f8f83cb9241f8102b519f94", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ccf7e62..94a90a4 100644 --- a/flake.nix +++ b/flake.nix @@ -134,6 +134,7 @@ crane.follows = "blank"; devshell.follows = "blank"; flake-utils-pre-commit.follows = "blank"; + ghc-utils.follows = "blank"; gomod2nix.follows = "blank"; mach-nix.follows = "blank"; poetry2nix.follows = "poetry2nix"; diff --git a/hosts/VEGAS/services/hydra/default.nix b/hosts/VEGAS/services/hydra/default.nix deleted file mode 100644 index b7ab9d5..0000000 --- a/hosts/VEGAS/services/hydra/default.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ cluster, config, inputs, lib, pkgs, tools, ... }: -let - inherit (tools.meta) domain; - patroni = cluster.config.links.patroni-pg-access; -in -{ - age.secrets = { - hydraS3 = { - file = ../../../../secrets/hydra-s3.age; - group = "hydra"; - mode = "0440"; - }; - hydra-bincache-key = { - file = ../../../../secrets/hydra-bincache.age; - group = "hydra"; - mode = "0440"; - }; - hydra-builder-key = { - file = ../../../../secrets/hydra-builder-key.age; - group = "hydra"; - mode = "0440"; - }; - } // lib.mapAttrs' (k: lib.nameValuePair "hydra-database-credentials-for-${k}") - (lib.genAttrs [ "hydra-queue-runner" "hydra-www" "hydra" ] - (x: - { - file = ../../../../secrets/hydra-db-credentials.age; - group = "hydra"; - owner = x; - mode = "0400"; - } - ) - ); - - links.hydra.protocol = "http"; - - services.nginx.appendHttpConfig = '' - limit_req_zone $binary_remote_addr zone=hydra_api_push_limiter:10m rate=1r/m; - ''; - - services.nginx.virtualHosts."hydra.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy config.links.hydra.url) { - locations."/api/push" = { - proxyPass = config.links.hydra.url; - extraConfig = '' - auth_request off; - proxy_method PUT; - limit_req zone=hydra_api_push_limiter burst=3 nodelay; - limit_req_status 429; - ''; - }; - }; - - services.oauth2_proxy.nginx.virtualHosts = [ "hydra.${domain}" ]; - - services.hydra = { - enable = true; - package = inputs.self.packages.${pkgs.system}.hydra; - hydraURL = "https://hydra.${domain}"; - dbi = "dbi:Pg:dbname=hydra;host=${patroni.ipv4};port=${patroni.portStr};user=hydra;"; - inherit (config.links.hydra) port; - notificationSender = "hydra@${domain}"; - buildMachinesFiles = [ "/etc/nix/hydra-machines" ]; - useSubstitutes = true; - extraConfig = '' - store_uri = s3://nix-store?scheme=https&endpoint=object-storage.${domain}&secret-key=${config.age.secrets.hydra-bincache-key.path} - server_store_uri = https://cache.${domain} - ''; - extraEnv = { - AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hydraS3.path; - PGPASSFILE = config.age.secrets."hydra-database-credentials-for-hydra".path; - }; - }; - - # override weird hydra module stuff - - systemd.services = { - hydra-send-stats = lib.mkForce {}; - } // lib.genAttrs [ "hydra-notify" "hydra-queue-runner" "hydra-server" ] - (x: let - name = if x == "hydra-server" then "hydra-www" else - if x == "hydra-notify" then "hydra-queue-runner" else x; - in { - environment = { - PGPASSFILE = lib.mkForce config.age.secrets."hydra-database-credentials-for-${name}".path; - }; - } - ); - - nix.extraOptions = lib.mkForce '' - allowed-uris = https://git.${domain} https://github.com https://git.sr.ht - keep-outputs = true - keep-derivations = true - ''; - - programs.ssh.knownHosts.git = { - hostNames = [ "git.${domain}" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz2nGA+Y4OxhMKsV6vKIns3hOoBkK557712h7FfWXcE"; - }; -} diff --git a/hosts/VEGAS/system.nix b/hosts/VEGAS/system.nix index 5911822..c90be30 100644 --- a/hosts/VEGAS/system.nix +++ b/hosts/VEGAS/system.nix @@ -21,7 +21,6 @@ ./services/bitwarden ./services/fbi ./services/gitlab - ./services/hydra ./services/jokes ./services/nextcloud ./services/nfs diff --git a/packages/monitoring/grafana/default.nix b/packages/monitoring/grafana/default.nix index 9da86aa..9d328ae 100644 --- a/packages/monitoring/grafana/default.nix +++ b/packages/monitoring/grafana/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "grafana"; - version = "9.1.2"; + version = "9.2.1"; excludedPackages = [ "alert_webhook_listener" "clean-swagger" "release_publisher" "slow_proxy" "slow_proxy_mac" "macaron" "devenv" ]; @@ -10,15 +10,15 @@ buildGoModule rec { rev = "v${version}"; owner = "grafana"; repo = "grafana"; - sha256 = "sha256-Xj9pbOmAqlEwxmEPfwC9Seoqh7HLXAhsa2ux7hIRgos="; + sha256 = "sha256-0TMvSILkT29Ebm/P3PK1NKNs+TbE+874aDRybahhMGg="; }; srcStatic = fetchurl { url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz"; - sha256 = "sha256-OwgqXMNy65FtDJcTDrfe3a+q4K70p/380jQAxcom1S4="; + sha256 = "sha256-yL6qyAOZT47eiPkdxeBARkChP0L4vj1y7LDvrPUBmQQ="; }; - vendorSha256 = "sha256-6mf49PWp3htCDvXIQuc/mmqqFXFJcP8jDoDSQGi4rKc="; + vendorSha256 = "sha256-021b+Jdk1VUGNSVNef89KLbWLdy4XhhEry4S2S0AhRg="; nativeBuildInputs = [ wire ]; diff --git a/packages/monitoring/opentelemetry-java-agent-bin/default.nix b/packages/monitoring/opentelemetry-java-agent-bin/default.nix index e3cfe46..0dc17f5 100644 --- a/packages/monitoring/opentelemetry-java-agent-bin/default.nix +++ b/packages/monitoring/opentelemetry-java-agent-bin/default.nix @@ -2,7 +2,7 @@ fetchurl rec { name = "opentelemetry-java-agent-${meta.version}.jar"; - meta.version = "1.15.0"; + meta.version = "1.19.1"; url = "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v${meta.version}/opentelemetry-javaagent.jar"; - sha256 = "sha256-FoHax7pS3ohZ70TCKVkGsAONDmr4/FFjY5SSoCfySy0="; + sha256 = "sha256-f1kc0eqBrK+QmlRaZRiJq5OAKa2wrtTyLeBN8uK6698="; } diff --git a/packages/patched-derivations.nix b/packages/patched-derivations.nix index 43f158b..321f814 100644 --- a/packages/patched-derivations.nix +++ b/packages/patched-derivations.nix @@ -16,8 +16,6 @@ super: rec { ]; })) "patches/base/dvc"; - hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nixVersions.nix_2_8; }; - sssd = (super.sssd.override { withSudo = true; }).overrideAttrs (old: { postFixup = (old.postFixup or "") + '' ${super.removeReferencesTo}/bin/remove-references-to -t ${super.stdenv.cc.cc} $out/modules/ldb/memberof.so diff --git a/packages/sources/sources.json b/packages/sources/sources.json index 1a6eacb..7e19e33 100644 --- a/packages/sources/sources.json +++ b/packages/sources/sources.json @@ -22,9 +22,9 @@ "repo": "excalidraw" }, "branch": "master", - "revision": "fdc462ec013d59536bf40e95cdec89c1ccda340d", - "url": "https://github.com/excalidraw/excalidraw/archive/fdc462ec013d59536bf40e95cdec89c1ccda340d.tar.gz", - "hash": "050v3n8i7vbicxp91mc9ivvzk260if7l6qgd9xly3bvph3812vab" + "revision": "78e254fb300b00b3cee58f8a82989e0bc9b04945", + "url": "https://github.com/excalidraw/excalidraw/archive/78e254fb300b00b3cee58f8a82989e0bc9b04945.tar.gz", + "hash": "15bwnxy2xch8icf23jlmlqcsik1230h40pn467maykhgjgdyi70c" }, "searxng": { "type": "Git", @@ -34,9 +34,9 @@ "repo": "searxng" }, "branch": "master", - "revision": "1a5b0965789d100a33fad69cf6779b23e6595ef4", - "url": "https://github.com/searxng/searxng/archive/1a5b0965789d100a33fad69cf6779b23e6595ef4.tar.gz", - "hash": "11sjh9za9pj5s1g1i2f2jsmrrw4c1p6ln72nqi6n50xxklxikfsd" + "revision": "710a3a001fccb9cdb8a4da6689f1ceb67675a871", + "url": "https://github.com/searxng/searxng/archive/710a3a001fccb9cdb8a4da6689f1ceb67675a871.tar.gz", + "hash": "1dbc5qgxhqr0kymq9gx84kq80n7amnpiidqvqbhwh4gv1097yanb" }, "stevenblack-hosts": { "type": "GitRelease", @@ -47,10 +47,10 @@ }, "pre_releases": false, "version_upper_bound": null, - "version": "3.11.23", - "revision": "ca5397fc85e64381eb79e4494eab3fe13cc90547", - "url": "https://api.github.com/repos/StevenBlack/hosts/tarball/3.11.23", - "hash": "0dsf9hknvahvz23jjqvbj0zkl0gcp3j3a50skh3bksqsk5yjgsgb" + "version": "3.11.25", + "revision": "56409ed72b36b48db884d31fa8f06e02de711fa4", + "url": "https://api.github.com/repos/StevenBlack/hosts/tarball/3.11.25", + "hash": "1pa5bx2dpgsd0dkr2m0ynz3fs44idms1lw7fmirb9mw3f85l64fs" }, "tempo": { "type": "GitRelease", diff --git a/patches/base/hydra/fix-queue-runner-hang.patch b/patches/base/hydra/fix-queue-runner-hang.patch deleted file mode 100644 index 62c5b5c..0000000 --- a/patches/base/hydra/fix-queue-runner-hang.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/hydra-queue-runner/queue-monitor.cc b/src/hydra-queue-runner/queue-monitor.cc ---- a/src/hydra-queue-runner/queue-monitor.cc -+++ b/src/hydra-queue-runner/queue-monitor.cc -@@ -42,7 +42,7 @@ void State::queueMonitorLoop() - - /* Sleep until we get notification from the database about an - event. */ - if (done && !quit) { -- conn->await_notification(); -+ conn->await_notification(5*60, 0); - nrQueueWakeups++; - } else