Merge pull request #42 from privatevoid-net/updates-20221023

Updates 20221023
2022-10-23 21:53:41 +02:00 · 2022-10-23 21:53:41 +02:00 · c215a58574
commit c215a58574
parent 64cdf850b9 642ebdad7a
9 changed files with 35 additions and 145 deletions
--- a/flake.lock
+++ b/flake.lock
@ -103,6 +103,9 @@
        "flake-utils-pre-commit": [
          "blank"
        ],
        "ghc-utils": [
          "blank"
        ],
        "gomod2nix": [
          "blank"
        ],
@ -120,11 +123,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1665936754,
+        "lastModified": 1666482228,
-        "narHash": "sha256-eAugmGOb0OtfZPBikOIbfZg0BV/sBui4EY1yfVFotAs=",
+        "narHash": "sha256-THlz/EX4V416NkWXPM5ViAXKeN0doaz8yi7Q7EMSGl8=",
        "owner": "nix-community",
        "repo": "dream2nix",
-        "rev": "fa708ced6f97b266092a54fc881b8f373290f505",
+        "rev": "03f9323d2c687df677cbf355ba7135dde03a88ec",
        "type": "github"
      },
      "original": {
@ -311,11 +314,11 @@
      },
      "locked": {
        "host": "git.privatevoid.net",
-        "lastModified": 1663360760,
+        "lastModified": 1666194069,
-        "narHash": "sha256-4O8y84iDaODDGCXuNJFVlcvhK7kQQsf9n3l1HD6Q5Y4=",
+        "narHash": "sha256-p3vx4NG4ZgY8j0p0n3yOy1wENPOeQj60XG+x1wJLiMY=",
        "owner": "max",
        "repo": "nix-super",
-        "rev": "7622f95f9a58ce4db5df6eaec1c6954c16c728ad",
+        "rev": "ad8422ed3f56448a7b05a25ed764c242b3d0dd64",
        "type": "gitlab"
      },
      "original": {
@ -353,11 +356,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1665870850,
+        "lastModified": 1666401273,
-        "narHash": "sha256-EkC/Kkc9cr2orI868OHnh6F8/aqS4TZy38ie+KnhfS8=",
+        "narHash": "sha256-AG3MoIjcWwz1SPjJ2nymWu4NmeVj9P40OpB1lsmxFtg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "945a85cb7ee31f5f8c49432d77b610b777662d4f",
+        "rev": "3933d8bb9120573c0d8d49dc5e890cb211681490",
        "type": "github"
      },
      "original": {
@ -370,11 +373,11 @@
    "nixpkgs-lib": {
      "locked": {
        "dir": "lib",
-        "lastModified": 1665870850,
+        "lastModified": 1666401273,
-        "narHash": "sha256-EkC/Kkc9cr2orI868OHnh6F8/aqS4TZy38ie+KnhfS8=",
+        "narHash": "sha256-AG3MoIjcWwz1SPjJ2nymWu4NmeVj9P40OpB1lsmxFtg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "945a85cb7ee31f5f8c49432d77b610b777662d4f",
+        "rev": "3933d8bb9120573c0d8d49dc5e890cb211681490",
        "type": "github"
      },
      "original": {
@ -395,11 +398,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1665455310,
+        "lastModified": 1666419213,
-        "narHash": "sha256-gEG1UiKz65SNWDU1NJmxLneo+kn7WjxrfucSk1zhU6o=",
+        "narHash": "sha256-HMlUJnMbvRJO7bxwQhn9VQmv0wcBv9Q29NTPD/bbr94=",
        "owner": "nix-community",
        "repo": "poetry2nix",
-        "rev": "d62ba59f1e28c382665c57203a4b9ad11fd7f449",
+        "rev": "3b9040d19e18db212f8f83cb9241f8102b519f94",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -134,6 +134,7 @@
        crane.follows = "blank";
        devshell.follows = "blank";
        flake-utils-pre-commit.follows = "blank";
        ghc-utils.follows = "blank";
        gomod2nix.follows = "blank";
        mach-nix.follows = "blank";
        poetry2nix.follows = "poetry2nix";
--- a/hosts/VEGAS/services/hydra/default.nix
+++ b/hosts/VEGAS/services/hydra/default.nix
@ -1,99 +0,0 @@
 { cluster, config, inputs, lib, pkgs, tools, ... }:
 let
  inherit (tools.meta) domain;
  patroni = cluster.config.links.patroni-pg-access;
 in
 {
  age.secrets = {
    hydraS3 = {
      file = ../../../../secrets/hydra-s3.age;
      group = "hydra";
      mode = "0440";
    };
    hydra-bincache-key = {
      file = ../../../../secrets/hydra-bincache.age;
      group = "hydra";
      mode = "0440";
    };
    hydra-builder-key = {
      file = ../../../../secrets/hydra-builder-key.age;
      group = "hydra";
      mode = "0440";
    };
  } // lib.mapAttrs' (k: lib.nameValuePair "hydra-database-credentials-for-${k}")
  (lib.genAttrs [ "hydra-queue-runner" "hydra-www" "hydra" ]
    (x:
      {
        file = ../../../../secrets/hydra-db-credentials.age;
        group = "hydra";
        owner = x;
        mode = "0400";
      }
    )
  );
  links.hydra.protocol = "http";
  services.nginx.appendHttpConfig = ''
    limit_req_zone $binary_remote_addr zone=hydra_api_push_limiter:10m rate=1r/m;
  '';
  services.nginx.virtualHosts."hydra.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy config.links.hydra.url) {
    locations."/api/push" = {
      proxyPass = config.links.hydra.url;
      extraConfig = ''
        auth_request off;
        proxy_method PUT;
        limit_req zone=hydra_api_push_limiter burst=3 nodelay;
        limit_req_status 429;
      '';
    };
  };
  services.oauth2_proxy.nginx.virtualHosts = [ "hydra.${domain}" ];
  services.hydra = {
    enable = true;
    package = inputs.self.packages.${pkgs.system}.hydra;
    hydraURL = "https://hydra.${domain}";
    dbi = "dbi:Pg:dbname=hydra;host=${patroni.ipv4};port=${patroni.portStr};user=hydra;";
    inherit (config.links.hydra) port;
    notificationSender = "hydra@${domain}";
    buildMachinesFiles = [ "/etc/nix/hydra-machines" ];
    useSubstitutes = true;
    extraConfig = ''
      store_uri = s3://nix-store?scheme=https&endpoint=object-storage.${domain}&secret-key=${config.age.secrets.hydra-bincache-key.path}
      server_store_uri = https://cache.${domain}
    '';
    extraEnv = {
      AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hydraS3.path;
      PGPASSFILE = config.age.secrets."hydra-database-credentials-for-hydra".path;
    };
  };
  # override weird hydra module stuff
  systemd.services = { 
    hydra-send-stats = lib.mkForce {};
  } // lib.genAttrs [ "hydra-notify" "hydra-queue-runner" "hydra-server" ]
  (x: let
      name = if x == "hydra-server" then "hydra-www" else
             if x == "hydra-notify" then "hydra-queue-runner" else x;
    in {
      environment = {
        PGPASSFILE = lib.mkForce config.age.secrets."hydra-database-credentials-for-${name}".path;
      };
    }
  );
  nix.extraOptions = lib.mkForce ''
    allowed-uris = https://git.${domain} https://github.com https://git.sr.ht
    keep-outputs = true
    keep-derivations = true
  '';
  programs.ssh.knownHosts.git = {
    hostNames = [ "git.${domain}" ];
    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz2nGA+Y4OxhMKsV6vKIns3hOoBkK557712h7FfWXcE";
  };
 }
--- a/hosts/VEGAS/system.nix
+++ b/hosts/VEGAS/system.nix
@ -21,7 +21,6 @@
      ./services/bitwarden
      ./services/fbi
      ./services/gitlab
      ./services/hydra
      ./services/jokes
      ./services/nextcloud
      ./services/nfs
--- a/packages/monitoring/grafana/default.nix
+++ b/packages/monitoring/grafana/default.nix
@ -2,7 +2,7 @@
 buildGoModule rec {
  pname = "grafana";
-  version = "9.1.2";
+  version = "9.2.1";
  excludedPackages = [ "alert_webhook_listener" "clean-swagger" "release_publisher" "slow_proxy" "slow_proxy_mac" "macaron" "devenv" ];
@ -10,15 +10,15 @@ buildGoModule rec {
    rev = "v${version}";
    owner = "grafana";
    repo = "grafana";
-    sha256 = "sha256-Xj9pbOmAqlEwxmEPfwC9Seoqh7HLXAhsa2ux7hIRgos=";
+    sha256 = "sha256-0TMvSILkT29Ebm/P3PK1NKNs+TbE+874aDRybahhMGg=";
  };
  srcStatic = fetchurl {
    url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz";
-    sha256 = "sha256-OwgqXMNy65FtDJcTDrfe3a+q4K70p/380jQAxcom1S4=";
+    sha256 = "sha256-yL6qyAOZT47eiPkdxeBARkChP0L4vj1y7LDvrPUBmQQ=";
  };
-  vendorSha256 = "sha256-6mf49PWp3htCDvXIQuc/mmqqFXFJcP8jDoDSQGi4rKc=";
+  vendorSha256 = "sha256-021b+Jdk1VUGNSVNef89KLbWLdy4XhhEry4S2S0AhRg=";
  nativeBuildInputs = [ wire ];
--- a/packages/monitoring/opentelemetry-java-agent-bin/default.nix
+++ b/packages/monitoring/opentelemetry-java-agent-bin/default.nix
@ -2,7 +2,7 @@
 fetchurl rec {
  name = "opentelemetry-java-agent-${meta.version}.jar";
-  meta.version = "1.15.0";
+  meta.version = "1.19.1";
  url = "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v${meta.version}/opentelemetry-javaagent.jar";
-  sha256 = "sha256-FoHax7pS3ohZ70TCKVkGsAONDmr4/FFjY5SSoCfySy0=";
+  sha256 = "sha256-f1kc0eqBrK+QmlRaZRiJq5OAKa2wrtTyLeBN8uK6698=";
 }
--- a/packages/patched-derivations.nix
+++ b/packages/patched-derivations.nix
@ -16,8 +16,6 @@ super: rec {
    ];
  })) "patches/base/dvc";
  hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nixVersions.nix_2_8; };
  sssd = (super.sssd.override { withSudo = true; }).overrideAttrs (old: {
    postFixup = (old.postFixup or "") + ''
      ${super.removeReferencesTo}/bin/remove-references-to -t ${super.stdenv.cc.cc} $out/modules/ldb/memberof.so
--- a/packages/sources/sources.json
+++ b/packages/sources/sources.json
@ -22,9 +22,9 @@
        "repo": "excalidraw"
      },
      "branch": "master",
-      "revision": "fdc462ec013d59536bf40e95cdec89c1ccda340d",
+      "revision": "78e254fb300b00b3cee58f8a82989e0bc9b04945",
-      "url": "https://github.com/excalidraw/excalidraw/archive/fdc462ec013d59536bf40e95cdec89c1ccda340d.tar.gz",
+      "url": "https://github.com/excalidraw/excalidraw/archive/78e254fb300b00b3cee58f8a82989e0bc9b04945.tar.gz",
-      "hash": "050v3n8i7vbicxp91mc9ivvzk260if7l6qgd9xly3bvph3812vab"
+      "hash": "15bwnxy2xch8icf23jlmlqcsik1230h40pn467maykhgjgdyi70c"
    },
    "searxng": {
      "type": "Git",
@ -34,9 +34,9 @@
        "repo": "searxng"
      },
      "branch": "master",
-      "revision": "1a5b0965789d100a33fad69cf6779b23e6595ef4",
+      "revision": "710a3a001fccb9cdb8a4da6689f1ceb67675a871",
-      "url": "https://github.com/searxng/searxng/archive/1a5b0965789d100a33fad69cf6779b23e6595ef4.tar.gz",
+      "url": "https://github.com/searxng/searxng/archive/710a3a001fccb9cdb8a4da6689f1ceb67675a871.tar.gz",
-      "hash": "11sjh9za9pj5s1g1i2f2jsmrrw4c1p6ln72nqi6n50xxklxikfsd"
+      "hash": "1dbc5qgxhqr0kymq9gx84kq80n7amnpiidqvqbhwh4gv1097yanb"
    },
    "stevenblack-hosts": {
      "type": "GitRelease",
@ -47,10 +47,10 @@
      },
      "pre_releases": false,
      "version_upper_bound": null,
-      "version": "3.11.23",
+      "version": "3.11.25",
-      "revision": "ca5397fc85e64381eb79e4494eab3fe13cc90547",
+      "revision": "56409ed72b36b48db884d31fa8f06e02de711fa4",
-      "url": "https://api.github.com/repos/StevenBlack/hosts/tarball/3.11.23",
+      "url": "https://api.github.com/repos/StevenBlack/hosts/tarball/3.11.25",
-      "hash": "0dsf9hknvahvz23jjqvbj0zkl0gcp3j3a50skh3bksqsk5yjgsgb"
+      "hash": "1pa5bx2dpgsd0dkr2m0ynz3fs44idms1lw7fmirb9mw3f85l64fs"
    },
    "tempo": {
      "type": "GitRelease",
--- a/patches/base/hydra/fix-queue-runner-hang.patch
+++ b/patches/base/hydra/fix-queue-runner-hang.patch
@ -1,12 +0,0 @@
 diff --git a/src/hydra-queue-runner/queue-monitor.cc b/src/hydra-queue-runner/queue-monitor.cc
 --- a/src/hydra-queue-runner/queue-monitor.cc
 +++ b/src/hydra-queue-runner/queue-monitor.cc
@@ -42,7 +42,7 @@ void State::queueMonitorLoop()
         /* Sleep until we get notification from the database about an
            event. */
         if (done && !quit) {
 -            conn->await_notification();
 +            conn->await_notification(5*60, 0);
             nrQueueWakeups++;
         } else