Merge pull request #42 from privatevoid-net/updates-20221023

Updates 20221023
This commit is contained in:
Max Headroom 2022-10-23 21:53:41 +02:00 committed by GitHub
commit c215a58574
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 35 additions and 145 deletions

View file

@ -103,6 +103,9 @@
"flake-utils-pre-commit": [
"blank"
],
"ghc-utils": [
"blank"
],
"gomod2nix": [
"blank"
],
@ -120,11 +123,11 @@
]
},
"locked": {
"lastModified": 1665936754,
"narHash": "sha256-eAugmGOb0OtfZPBikOIbfZg0BV/sBui4EY1yfVFotAs=",
"lastModified": 1666482228,
"narHash": "sha256-THlz/EX4V416NkWXPM5ViAXKeN0doaz8yi7Q7EMSGl8=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "fa708ced6f97b266092a54fc881b8f373290f505",
"rev": "03f9323d2c687df677cbf355ba7135dde03a88ec",
"type": "github"
},
"original": {
@ -311,11 +314,11 @@
},
"locked": {
"host": "git.privatevoid.net",
"lastModified": 1663360760,
"narHash": "sha256-4O8y84iDaODDGCXuNJFVlcvhK7kQQsf9n3l1HD6Q5Y4=",
"lastModified": 1666194069,
"narHash": "sha256-p3vx4NG4ZgY8j0p0n3yOy1wENPOeQj60XG+x1wJLiMY=",
"owner": "max",
"repo": "nix-super",
"rev": "7622f95f9a58ce4db5df6eaec1c6954c16c728ad",
"rev": "ad8422ed3f56448a7b05a25ed764c242b3d0dd64",
"type": "gitlab"
},
"original": {
@ -353,11 +356,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1665870850,
"narHash": "sha256-EkC/Kkc9cr2orI868OHnh6F8/aqS4TZy38ie+KnhfS8=",
"lastModified": 1666401273,
"narHash": "sha256-AG3MoIjcWwz1SPjJ2nymWu4NmeVj9P40OpB1lsmxFtg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "945a85cb7ee31f5f8c49432d77b610b777662d4f",
"rev": "3933d8bb9120573c0d8d49dc5e890cb211681490",
"type": "github"
},
"original": {
@ -370,11 +373,11 @@
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1665870850,
"narHash": "sha256-EkC/Kkc9cr2orI868OHnh6F8/aqS4TZy38ie+KnhfS8=",
"lastModified": 1666401273,
"narHash": "sha256-AG3MoIjcWwz1SPjJ2nymWu4NmeVj9P40OpB1lsmxFtg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "945a85cb7ee31f5f8c49432d77b610b777662d4f",
"rev": "3933d8bb9120573c0d8d49dc5e890cb211681490",
"type": "github"
},
"original": {
@ -395,11 +398,11 @@
]
},
"locked": {
"lastModified": 1665455310,
"narHash": "sha256-gEG1UiKz65SNWDU1NJmxLneo+kn7WjxrfucSk1zhU6o=",
"lastModified": 1666419213,
"narHash": "sha256-HMlUJnMbvRJO7bxwQhn9VQmv0wcBv9Q29NTPD/bbr94=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "d62ba59f1e28c382665c57203a4b9ad11fd7f449",
"rev": "3b9040d19e18db212f8f83cb9241f8102b519f94",
"type": "github"
},
"original": {

View file

@ -134,6 +134,7 @@
crane.follows = "blank";
devshell.follows = "blank";
flake-utils-pre-commit.follows = "blank";
ghc-utils.follows = "blank";
gomod2nix.follows = "blank";
mach-nix.follows = "blank";
poetry2nix.follows = "poetry2nix";

View file

@ -1,99 +0,0 @@
{ cluster, config, inputs, lib, pkgs, tools, ... }:
let
inherit (tools.meta) domain;
patroni = cluster.config.links.patroni-pg-access;
in
{
age.secrets = {
hydraS3 = {
file = ../../../../secrets/hydra-s3.age;
group = "hydra";
mode = "0440";
};
hydra-bincache-key = {
file = ../../../../secrets/hydra-bincache.age;
group = "hydra";
mode = "0440";
};
hydra-builder-key = {
file = ../../../../secrets/hydra-builder-key.age;
group = "hydra";
mode = "0440";
};
} // lib.mapAttrs' (k: lib.nameValuePair "hydra-database-credentials-for-${k}")
(lib.genAttrs [ "hydra-queue-runner" "hydra-www" "hydra" ]
(x:
{
file = ../../../../secrets/hydra-db-credentials.age;
group = "hydra";
owner = x;
mode = "0400";
}
)
);
links.hydra.protocol = "http";
services.nginx.appendHttpConfig = ''
limit_req_zone $binary_remote_addr zone=hydra_api_push_limiter:10m rate=1r/m;
'';
services.nginx.virtualHosts."hydra.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy config.links.hydra.url) {
locations."/api/push" = {
proxyPass = config.links.hydra.url;
extraConfig = ''
auth_request off;
proxy_method PUT;
limit_req zone=hydra_api_push_limiter burst=3 nodelay;
limit_req_status 429;
'';
};
};
services.oauth2_proxy.nginx.virtualHosts = [ "hydra.${domain}" ];
services.hydra = {
enable = true;
package = inputs.self.packages.${pkgs.system}.hydra;
hydraURL = "https://hydra.${domain}";
dbi = "dbi:Pg:dbname=hydra;host=${patroni.ipv4};port=${patroni.portStr};user=hydra;";
inherit (config.links.hydra) port;
notificationSender = "hydra@${domain}";
buildMachinesFiles = [ "/etc/nix/hydra-machines" ];
useSubstitutes = true;
extraConfig = ''
store_uri = s3://nix-store?scheme=https&endpoint=object-storage.${domain}&secret-key=${config.age.secrets.hydra-bincache-key.path}
server_store_uri = https://cache.${domain}
'';
extraEnv = {
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hydraS3.path;
PGPASSFILE = config.age.secrets."hydra-database-credentials-for-hydra".path;
};
};
# override weird hydra module stuff
systemd.services = {
hydra-send-stats = lib.mkForce {};
} // lib.genAttrs [ "hydra-notify" "hydra-queue-runner" "hydra-server" ]
(x: let
name = if x == "hydra-server" then "hydra-www" else
if x == "hydra-notify" then "hydra-queue-runner" else x;
in {
environment = {
PGPASSFILE = lib.mkForce config.age.secrets."hydra-database-credentials-for-${name}".path;
};
}
);
nix.extraOptions = lib.mkForce ''
allowed-uris = https://git.${domain} https://github.com https://git.sr.ht
keep-outputs = true
keep-derivations = true
'';
programs.ssh.knownHosts.git = {
hostNames = [ "git.${domain}" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz2nGA+Y4OxhMKsV6vKIns3hOoBkK557712h7FfWXcE";
};
}

View file

@ -21,7 +21,6 @@
./services/bitwarden
./services/fbi
./services/gitlab
./services/hydra
./services/jokes
./services/nextcloud
./services/nfs

View file

@ -2,7 +2,7 @@
buildGoModule rec {
pname = "grafana";
version = "9.1.2";
version = "9.2.1";
excludedPackages = [ "alert_webhook_listener" "clean-swagger" "release_publisher" "slow_proxy" "slow_proxy_mac" "macaron" "devenv" ];
@ -10,15 +10,15 @@ buildGoModule rec {
rev = "v${version}";
owner = "grafana";
repo = "grafana";
sha256 = "sha256-Xj9pbOmAqlEwxmEPfwC9Seoqh7HLXAhsa2ux7hIRgos=";
sha256 = "sha256-0TMvSILkT29Ebm/P3PK1NKNs+TbE+874aDRybahhMGg=";
};
srcStatic = fetchurl {
url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz";
sha256 = "sha256-OwgqXMNy65FtDJcTDrfe3a+q4K70p/380jQAxcom1S4=";
sha256 = "sha256-yL6qyAOZT47eiPkdxeBARkChP0L4vj1y7LDvrPUBmQQ=";
};
vendorSha256 = "sha256-6mf49PWp3htCDvXIQuc/mmqqFXFJcP8jDoDSQGi4rKc=";
vendorSha256 = "sha256-021b+Jdk1VUGNSVNef89KLbWLdy4XhhEry4S2S0AhRg=";
nativeBuildInputs = [ wire ];

View file

@ -2,7 +2,7 @@
fetchurl rec {
name = "opentelemetry-java-agent-${meta.version}.jar";
meta.version = "1.15.0";
meta.version = "1.19.1";
url = "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v${meta.version}/opentelemetry-javaagent.jar";
sha256 = "sha256-FoHax7pS3ohZ70TCKVkGsAONDmr4/FFjY5SSoCfySy0=";
sha256 = "sha256-f1kc0eqBrK+QmlRaZRiJq5OAKa2wrtTyLeBN8uK6698=";
}

View file

@ -16,8 +16,6 @@ super: rec {
];
})) "patches/base/dvc";
hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nixVersions.nix_2_8; };
sssd = (super.sssd.override { withSudo = true; }).overrideAttrs (old: {
postFixup = (old.postFixup or "") + ''
${super.removeReferencesTo}/bin/remove-references-to -t ${super.stdenv.cc.cc} $out/modules/ldb/memberof.so

View file

@ -22,9 +22,9 @@
"repo": "excalidraw"
},
"branch": "master",
"revision": "fdc462ec013d59536bf40e95cdec89c1ccda340d",
"url": "https://github.com/excalidraw/excalidraw/archive/fdc462ec013d59536bf40e95cdec89c1ccda340d.tar.gz",
"hash": "050v3n8i7vbicxp91mc9ivvzk260if7l6qgd9xly3bvph3812vab"
"revision": "78e254fb300b00b3cee58f8a82989e0bc9b04945",
"url": "https://github.com/excalidraw/excalidraw/archive/78e254fb300b00b3cee58f8a82989e0bc9b04945.tar.gz",
"hash": "15bwnxy2xch8icf23jlmlqcsik1230h40pn467maykhgjgdyi70c"
},
"searxng": {
"type": "Git",
@ -34,9 +34,9 @@
"repo": "searxng"
},
"branch": "master",
"revision": "1a5b0965789d100a33fad69cf6779b23e6595ef4",
"url": "https://github.com/searxng/searxng/archive/1a5b0965789d100a33fad69cf6779b23e6595ef4.tar.gz",
"hash": "11sjh9za9pj5s1g1i2f2jsmrrw4c1p6ln72nqi6n50xxklxikfsd"
"revision": "710a3a001fccb9cdb8a4da6689f1ceb67675a871",
"url": "https://github.com/searxng/searxng/archive/710a3a001fccb9cdb8a4da6689f1ceb67675a871.tar.gz",
"hash": "1dbc5qgxhqr0kymq9gx84kq80n7amnpiidqvqbhwh4gv1097yanb"
},
"stevenblack-hosts": {
"type": "GitRelease",
@ -47,10 +47,10 @@
},
"pre_releases": false,
"version_upper_bound": null,
"version": "3.11.23",
"revision": "ca5397fc85e64381eb79e4494eab3fe13cc90547",
"url": "https://api.github.com/repos/StevenBlack/hosts/tarball/3.11.23",
"hash": "0dsf9hknvahvz23jjqvbj0zkl0gcp3j3a50skh3bksqsk5yjgsgb"
"version": "3.11.25",
"revision": "56409ed72b36b48db884d31fa8f06e02de711fa4",
"url": "https://api.github.com/repos/StevenBlack/hosts/tarball/3.11.25",
"hash": "1pa5bx2dpgsd0dkr2m0ynz3fs44idms1lw7fmirb9mw3f85l64fs"
},
"tempo": {
"type": "GitRelease",

View file

@ -1,12 +0,0 @@
diff --git a/src/hydra-queue-runner/queue-monitor.cc b/src/hydra-queue-runner/queue-monitor.cc
--- a/src/hydra-queue-runner/queue-monitor.cc
+++ b/src/hydra-queue-runner/queue-monitor.cc
@@ -42,7 +42,7 @@ void State::queueMonitorLoop()
/* Sleep until we get notification from the database about an
event. */
if (done && !quit) {
- conn->await_notification();
+ conn->await_notification(5*60, 0);
nrQueueWakeups++;
} else