privatevoid.net/depot
1
1
Fork 0
Code Issues 25 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

Compare commits

merge into: privatevoid.net:pr-drop-gitlab
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin
...
pull from: privatevoid.net:master
Branches Tags
privatevoid.net:master
privatevoid.net:pr-simulacrum-performance
privatevoid.net:pr-drop-gitlab
privatevoid.net:pr-s3ql-5.2.2-fix
privatevoid.net:staging
privatevoid.net:pr-hyprspace-libp2p-0.37-test
privatevoid.net:pr-consul-acl
privatevoid.net:pr-hci-no-ifd
privatevoid.net:pr-frangiclave
privatevoid.net:attic-ha
privatevoid.net:pg-auto-migrations
privatevoid.net:pkg-ircbot
privatevoid.net:d2n-bug-symlink-bin
Sign in to create a new pull request.

20 commits
pr-drop-gi ... master

Author SHA1 Message Date
Max
0c4cb5a3b1 cluster/services/monitoring: use new Prometheus Remote Write enablement flag 2025-02-06 21:23:42 +01:00
Max
4ca3a1e41d cluster/services/sso: remove OTel Java agent, increase TimeoutStartSec 2025-02-06 20:28:06 +01:00
hercules-ci[bot]
e7d430fe7b
Merge pull request #119 from privatevoid-net/pr-flake-update 
`flake.lock`: Update
 2025-02-06 18:21:33 +00:00
Max
cb6903e3d7 cluster/services/matrix: remove discord bridge 2025-02-06 16:27:51 +01:00
Max
244c7c0e54 cluster/services/patroni: simulacrum: ensure locksmith is started before creating passwords 2025-02-06 02:18:39 +01:00
Max
3119f7f079 cluster/services/consul: allow more start bursting 2025-02-06 02:17:46 +01:00
Max
e5925fecb4 checks/s3ql-upgrade: remove newly-unnecessary call to systemctl stop 2025-02-06 01:12:30 +01:00
Max
4c8a2bf428 modules/nixpkgs-config: provide nixpkgs.system for Hercules CI 2025-02-06 01:12:30 +01:00
Max
bece25564e cluster/services/fbi: use sonarr5 2025-02-06 01:12:30 +01:00
Max
966531bfa7 packages/sonarr5: init at 5.0.0.12 2025-02-06 01:12:30 +01:00
Max
51667448ee packages/stevenblack-hosts: 3.14.82 -> 3.15.15 2025-02-06 01:12:30 +01:00
Max
c87acea15f packages/searxng: 1.0.0pre_39aaac4 -> 1.0.0pre_6324a97 2025-02-06 01:12:30 +01:00
Max
573e1af5eb packages/excalidraw: 0.0.0+04668d8 -> 0.0.0+302664e 2025-02-05 22:01:48 +01:00
Max
cc84a2e360 packages/cinny: 3.2.0 -> 4.2.3 2025-02-05 22:01:48 +01:00
Max
f0022ce998 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41?narHash=sha256-b%2Buqzj%2BWa6xgMS9aNbX4I%2BsXeb5biPDi39VgvSFqFvU%3D' (2024-08-10)
  → 'github:ryantm/agenix/e600439ec4c273cf11e06fe4d9d906fb98fa097c?narHash=sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA%3D' (2025-01-15)
• Updated input 'attic':
    'github:zhaofengli/attic/d0b66cf897e4d55f03d341562c9821dc4e566e54?narHash=sha256-tBuyb8jWBSHHgcIrOfiyQJZGY1IviMzH2V74t7gWfgI%3D' (2024-11-06)
  → 'github:zhaofengli/attic/ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e?narHash=sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl%2Bpwx8fZY53U%3D' (2025-02-02)
• Updated input 'devshell':
    'github:numtide/devshell/dd6b80932022cea34a019e2bb32f6fa9e494dfef?narHash=sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg%3D' (2024-10-07)
  → 'github:numtide/devshell/f7795ede5b02664b57035b3b757876703e2c3eac?narHash=sha256-tO3HrHriyLvipc4xr%2BEwtdlo7wM1OjXNjlWRgmM7peY%3D' (2024-12-31)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/506278e768c2a08bec68eb62932193e341f55c90?narHash=sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS%2Bb4tfNFCwE%3D' (2024-11-01)
  → 'github:hercules-ci/flake-parts/32ea77a06711b758da0ad9bd6a844c5740a87abd?narHash=sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm%2BzmZ7vxbJdo%3D' (2025-02-01)
• Updated input 'hercules-ci-agent':
    'github:hercules-ci/hercules-ci-agent/c303cc8e437c0fd26b9452472e7df5aa374e9177?narHash=sha256-/Vdg5ZKtP71ZEKVV6JXlrOEu0CM2Flcs%2BnwDmWRzgjQ%3D' (2024-08-15)
  → 'github:hercules-ci/hercules-ci-agent/cae08186393d9736f2b3a5d30b2c7efe5569e337?narHash=sha256-cGd3JaoHeN7g%2BqLrvvwR%2B1RbJ0oTJp3LiHDL3OlJJUg%3D' (2025-01-15)
• Updated input 'hercules-ci-agent/nixpkgs':
    'github:NixOS/nixpkgs/00d80d13810dbfea8ab4ed1009b09100cca86ba8?narHash=sha256-H3%2BEC5cYuq%2BgQW8y0lSrrDZfH71LB4DAf%2BTDFyvwCNA%3D' (2024-07-01)
  → 'github:NixOS/nixpkgs/9abb87b552b7f55ac8916b6fc9e5cb486656a2f3?narHash=sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ%3D' (2025-01-13)
• Updated input 'hercules-ci-effects':
    'github:hercules-ci/hercules-ci-effects/b89ac4d66d618b915b1f0a408e2775fe3821d141?narHash=sha256-mnynlrPeiW0nUQ8KGZHb3WyxAxA3Ye/BH8gMjdoKP6E%3D' (2024-11-06)
  → 'github:hercules-ci/hercules-ci-effects/6d1b6d5d59758b4f5f05745f774fc13cdc59da43?narHash=sha256-oJN/yvRL7G0WlR/hTkQIjFbPkzCV%2BsFnNB/38Tb9RL4%3D' (2025-01-30)
• Updated input 'hyprspace':
    'github:hyprspace/hyprspace/b54fd70812b98994630cfa6aac17ad7c2be9b468?narHash=sha256-zWajCfHFqPa3Z72DHcxBUq4bmcCu1lpEKUbZZewpYOE%3D' (2024-07-15)
  → 'github:hyprspace/hyprspace/a5957e485ff0c2e9133e7da5408ec1273681688e?narHash=sha256-v4pmfHApR11CNLVMko9uqDU3jYFYrNkEYB/5gLf7ubY%3D' (2025-01-12)
• Updated input 'hyprspace/nixpkgs':
    'github:NixOS/nixpkgs/7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856?narHash=sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY%3D' (2024-04-25)
  → 'github:NixOS/nixpkgs/6df24922a1400241dae323af55f30e4318a6ca65?narHash=sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk%3D' (2025-01-02)
• Updated input 'nix-filter':
    'github:numtide/nix-filter/776e68c1d014c3adde193a18db9d738458cd2ba4?narHash=sha256-SCHiL%2B1f7q9TAnxpasriP6fMarWE5H43t25F5/9e28I%3D' (2024-10-29)
  → 'github:numtide/nix-filter/f7653272fd234696ae94229839a99b73c9ab7de0?narHash=sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms%3D' (2024-11-13)
• Updated input 'nix-super':
    '1eb19dd804.tar.gz?narHash=sha256-HSNUAfhtG/A2hnrzPMT3asZZ2Wb3dAmedOr1VzptOCg%3D' (2024-11-10)
  → '09416ef023.tar.gz?narHash=sha256-rciw6KIBxnH4utK%2B7B0bnhexz%2BhFJ53YE4xAPvPS/SE%3D' (2024-12-04)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/4aa36568d413aca0ea84a1684d2d46f55dbabad7?narHash=sha256-Zwl8YgTVJTEum%2BL%2B0zVAWvXAGbWAuXHax3KzuejaDyo%3D' (2024-11-05)
  → 'github:NixOS/nixpkgs/ceaea203f3ae1787b1bd13f021f686391696fc5b?narHash=sha256-CZ8T4vP3ag2hwkpSZjatxJb55ouszvmnWw09qxGW9TU%3D' (2025-02-05)
• Updated input 'repin-flake-utils':
    'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a?narHash=sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ%3D' (2024-09-17)
  → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b?narHash=sha256-l0KFg5HjrsfsO/JpG%2Br7fRrqm12kzFHyUHqHCVpMMbI%3D' (2024-11-13)
 2025-02-05 22:01:48 +01:00
Max
666b0cd6c4 packages/kanidm: update unixd-authenticated.patch 2025-02-01 22:21:51 +01:00
Max
a9948efc53 packages: factor out acceptVulnerabilities function 2025-02-01 22:21:51 +01:00
Max
ac73a38060 cluster/services/patroni: adjust test for different numbers of replicas 2024-11-30 21:20:03 +01:00
Max
f2cbe6676b cluster/services/patroni: remove thunderskin from workers 2024-11-26 21:40:18 +01:00
Max Headroom
c90ec0e101 Merge pull request 'Drop GitLab' (#121) from pr-drop-gitlab into master 
Reviewed-on: #121
 2024-11-16 16:56:34 +02:00
20 changed files with 1819 additions and 120 deletions
Show stats Expand all files Collapse all files

1
cluster/services/consul/ready.nix
View file

@ -49,6 +49,7 @@ in
DynamicUser = true; DynamicUser = true;
TimeoutStartSec = "5m"; TimeoutStartSec = "5m";
Type = "oneshot"; Type = "oneshot";
StartLimitBurst = 25;
}; };
}; };
} }

1
cluster/services/fbi/host.nix
View file

@ -30,6 +30,7 @@ with depot.lib.nginx;
}; };
sonarr = { sonarr = {
enable = true; enable = true;
package = depot.packages.sonarr5;
}; };
prowlarr = { prowlarr = {
enable = true; enable = true;

22
cluster/services/matrix/bridges/discord.nix
View file

@ -1,22 +0,0 @@
{ cluster, depot, ... }:
let
inherit (depot.lib.meta) domain;
in
{
services.matrix-appservice-discord = {
enable = true;
environmentFile = cluster.config.services.matrix.secrets.discordAppServiceToken.path;
settings = {
bridge = {
inherit domain;
homeserverUrl = "https://matrix.${domain}:443";
disablePresence = false;
disableTypingNotifications = false;
disableDeletionForwarding = false;
enableSelfServiceBridging = true;
disableReadReceipts = false;
disableJoinLeaveNotifications = true;
};
};
};
}

1
cluster/services/matrix/default.nix
View file

@ -10,7 +10,6 @@
homeserver = [ homeserver = [
./homeserver.nix ./homeserver.nix
./coturn.nix ./coturn.nix
./bridges/discord.nix
]; ];
static = [ static = [
./federation.nix ./federation.nix

5
cluster/services/matrix/homeserver.nix
View file

@ -77,9 +77,6 @@ in {
# HACK: upstream has a weird assertion that doesn't work with our HAProxy setup # HACK: upstream has a weird assertion that doesn't work with our HAProxy setup
# this host gets overridden by dbConfigOut # this host gets overridden by dbConfigOut
database = lib.recursiveUpdate dbConfig.database { args.host = "_patroni.local"; }; database = lib.recursiveUpdate dbConfig.database { args.host = "_patroni.local"; };
app_service_config_files = [
"/etc/synapse/discord-registration.yaml"
];
turn_uris = let turn_uris = let
combinations = lib.cartesianProduct { combinations = lib.cartesianProduct {
proto = [ "udp" "tcp" ]; proto = [ "udp" "tcp" ];
@ -115,7 +112,7 @@ in {
}; };
}; };
systemd.services = lib.mkMerge [ systemd.services = lib.mkMerge [
(lib.genAttrs [ "coturn" "matrix-appservice-discord" "matrix-synapse" ] (_: { (lib.genAttrs [ "coturn" "matrix-synapse" ] (_: {
serviceConfig = { serviceConfig = {
Slice = "communications.slice"; Slice = "communications.slice";
}; };

2
cluster/services/monitoring/server.nix
View file

@ -7,7 +7,7 @@ in
enable = true; enable = true;
listenAddress = prometheus-ingest.ipv4; listenAddress = prometheus-ingest.ipv4;
inherit (prometheus-ingest) port; inherit (prometheus-ingest) port;
extraFlags = [ "--enable-feature=remote-write-receiver" ]; extraFlags = [ "--web.enable-remote-write-receiver" ];
globalConfig = { globalConfig = {
scrape_interval = "60s"; scrape_interval = "60s";
}; };

2
cluster/services/patroni/default.nix
View file

@ -14,7 +14,7 @@
}; };
services.patroni = { services.patroni = {
nodes = { nodes = {
worker = [ "grail" "thunderskin" "VEGAS" ]; worker = [ "grail" "VEGAS" ];
haproxy = [ "checkmate" "grail" "VEGAS" "prophet" ]; haproxy = [ "checkmate" "grail" "VEGAS" "prophet" ];
}; };
nixos = { nixos = {

9
cluster/services/patroni/simulacrum/test.nix
View file

@ -1,8 +1,9 @@
{ cluster, ... }: { cluster, lib, ... }:
let let
clusterName = "poseidon"; clusterName = "poseidon";
link = cluster.config.links.patroni-pg-access; link = cluster.config.links.patroni-pg-access;
expectedReplicas = (lib.length cluster.config.services.patroni.nodes.worker) - 1;
in in
{ {
defaults = { depot, pkgs, ... }: { defaults = { depot, pkgs, ... }: {
@ -26,7 +27,7 @@ in
def booted(nodes): def booted(nodes):
return filter(lambda node: node.booted, nodes) return filter(lambda node: node.booted, nodes)
def wait_for_all_nodes_ready(expected_replicas=2): def wait_for_all_nodes_ready(expected_replicas=${toString expectedReplicas}):
booted_nodes = booted(nodes) booted_nodes = booted(nodes)
for node in booted_nodes: for node in booted_nodes:
node.wait_for_unit("patroni.service") node.wait_for_unit("patroni.service")
@ -71,7 +72,7 @@ in
for node in nodes: for node in nodes:
node.crash() node.crash()
wait_for_all_nodes_ready(1) wait_for_all_nodes_ready(${toString (expectedReplicas - 1)})
# Execute some queries while a node is down. # Execute some queries while a node is down.
run_dummy_queries() run_dummy_queries()
@ -107,6 +108,8 @@ in
clients[0].succeed(f"{setEnv} consul kv delete --recurse services/incandescence/providers/patroni/formulae/database/existingdb") clients[0].succeed(f"{setEnv} consul kv delete --recurse services/incandescence/providers/patroni/formulae/database/existingdb")
clients[0].succeed(f"{setEnv} consul kv delete --recurse services/incandescence/providers/patroni/formulae/user/existinguser") clients[0].succeed(f"{setEnv} consul kv delete --recurse services/incandescence/providers/patroni/formulae/user/existinguser")
for client in clients:
node.systemctl("start locksmith.service")
for node in nodes: for node in nodes:
node.systemctl("restart incandescence-patroni.target") node.systemctl("restart incandescence-patroni.target")
clients[0].succeed("[[ $(psql -h ${link.ipv4} -p ${link.portStr} -U postgres --tuples-only --csv --command=\"SELECT pg_roles.rolname FROM pg_database JOIN pg_roles ON pg_database.datdba = pg_roles.oid WHERE pg_database.datname = 'existingdb'\") == existinguser ]]") clients[0].succeed("[[ $(psql -h ${link.ipv4} -p ${link.portStr} -U postgres --tuples-only --csv --command=\"SELECT pg_roles.rolname FROM pg_database JOIN pg_roles ON pg_database.datdba = pg_roles.oid WHERE pg_database.datname = 'existingdb'\") == existinguser ]]")

12
cluster/services/sso/host.nix
View file

@ -46,15 +46,5 @@ in
http-relative-path = "/auth"; http-relative-path = "/auth";
}; };
}; };
systemd.services.keycloak.environment = { systemd.services.keycloak.serviceConfig.TimeoutStartSec = 300;
JAVA_OPTS = builtins.concatStringsSep " " [
"-javaagent:${depot.packages.opentelemetry-java-agent-bin}"
"-Dotel.resource.attributes=service.name=keycloak"
"-Dotel.traces.exporter=otlp"
];
OTEL_EXPORTER_OTLP_PROTOCOL = "grpc";
OTEL_EXPORTER_OTLP_ENDPOINT = cluster.config.ways.ingest-traces-otlp.url;
OTEL_TRACES_SAMPLER = "parentbased_traceidratio";
OTEL_TRACES_SAMPLER_ARG = "0.50";
};
} }

80
flake.lock generated
View file

@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1723293904, "lastModified": 1736955230,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -39,11 +39,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730906442, "lastModified": 1738524606,
"narHash": "sha256-tBuyb8jWBSHHgcIrOfiyQJZGY1IviMzH2V74t7gWfgI=", "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "attic", "repo": "attic",
"rev": "d0b66cf897e4d55f03d341562c9821dc4e566e54", "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -117,11 +117,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1728330715, "lastModified": 1735644329,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "rev": "f7795ede5b02664b57035b3b757876703e2c3eac",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -214,11 +214,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730504689, "lastModified": 1738453229,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90", "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -304,11 +304,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1723736589, "lastModified": 1736919270,
"narHash": "sha256-/Vdg5ZKtP71ZEKVV6JXlrOEu0CM2Flcs+nwDmWRzgjQ=", "narHash": "sha256-cGd3JaoHeN7g+qLrvvwR+1RbJ0oTJp3LiHDL3OlJJUg=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "hercules-ci-agent", "repo": "hercules-ci-agent",
"rev": "c303cc8e437c0fd26b9452472e7df5aa374e9177", "rev": "cae08186393d9736f2b3a5d30b2c7efe5569e337",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -327,11 +327,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730903510, "lastModified": 1738237977,
"narHash": "sha256-mnynlrPeiW0nUQ8KGZHb3WyxAxA3Ye/BH8gMjdoKP6E=", "narHash": "sha256-oJN/yvRL7G0WlR/hTkQIjFbPkzCV+sFnNB/38Tb9RL4=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "hercules-ci-effects", "repo": "hercules-ci-effects",
"rev": "b89ac4d66d618b915b1f0a408e2775fe3821d141", "rev": "6d1b6d5d59758b4f5f05745f774fc13cdc59da43",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -369,11 +369,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1721084841, "lastModified": 1736693502,
"narHash": "sha256-zWajCfHFqPa3Z72DHcxBUq4bmcCu1lpEKUbZZewpYOE=", "narHash": "sha256-v4pmfHApR11CNLVMko9uqDU3jYFYrNkEYB/5gLf7ubY=",
"owner": "hyprspace", "owner": "hyprspace",
"repo": "hyprspace", "repo": "hyprspace",
"rev": "b54fd70812b98994630cfa6aac17ad7c2be9b468", "rev": "a5957e485ff0c2e9133e7da5408ec1273681688e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -451,11 +451,11 @@
}, },
"nix-filter": { "nix-filter": {
"locked": { "locked": {
"lastModified": 1730207686, "lastModified": 1731533336,
"narHash": "sha256-SCHiL+1f7q9TAnxpasriP6fMarWE5H43t25F5/9e28I=", "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
"owner": "numtide", "owner": "numtide",
"repo": "nix-filter", "repo": "nix-filter",
"rev": "776e68c1d014c3adde193a18db9d738458cd2ba4", "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -500,11 +500,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731271232, "lastModified": 1733338937,
"narHash": "sha256-HSNUAfhtG/A2hnrzPMT3asZZ2Wb3dAmedOr1VzptOCg=", "narHash": "sha256-rciw6KIBxnH4utK+7B0bnhexz+hFJ53YE4xAPvPS/SE=",
"rev": "1eb19dd804a83d99c497118af8ab781eee569c65", "rev": "09416ef0230295a5645532874a662a798e14087b",
"type": "tarball", "type": "tarball",
"url": "https://forge.privatevoid.net/api/v1/repos/max/nix-super/archive/1eb19dd804a83d99c497118af8ab781eee569c65.tar.gz" "url": "https://forge.privatevoid.net/api/v1/repos/max/nix-super/archive/09416ef0230295a5645532874a662a798e14087b.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@ -513,11 +513,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1719848872, "lastModified": 1736798957,
"narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -529,11 +529,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1714076141, "lastModified": 1735834308,
"narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=", "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856", "rev": "6df24922a1400241dae323af55f30e4318a6ca65",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -561,11 +561,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1730785428, "lastModified": 1738758495,
"narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "narHash": "sha256-CZ8T4vP3ag2hwkpSZjatxJb55ouszvmnWw09qxGW9TU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "rev": "ceaea203f3ae1787b1bd13f021f686391696fc5b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -582,11 +582,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726560853, "lastModified": 1731533236,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {

10
modules/nixpkgs-config/default.nix
View file

@ -1,9 +1,15 @@
{ depot, lib, ... }: { depot, lib, pkgs, ... }:
{ {
imports = [ imports = [
depot.inputs.nixpkgs.nixosModules.readOnlyPkgs depot.inputs.nixpkgs.nixosModules.readOnlyPkgs
]; ];
nixpkgs.overlays = lib.mkForce []; options.nixpkgs.system = lib.mkOption {
type = lib.types.str;
default = pkgs.system;
readOnly = true;
};
config.nixpkgs.overlays = lib.mkForce [];
} }

1
packages/checks/s3ql-upgrade.nix
View file

@ -56,7 +56,6 @@ testers.runNixOSTest {
machine.succeed("echo HelloWorld > /srv/test/hello/world.txt") machine.succeed("echo HelloWorld > /srv/test/hello/world.txt")
with subtest("should upgrade"): with subtest("should upgrade"):
machine.succeed("systemctl stop remote-storage-test.service")
machine.succeed("/run/current-system/specialisation/upgrade/bin/switch-to-configuration test") machine.succeed("/run/current-system/specialisation/upgrade/bin/switch-to-configuration test")
machine.wait_for_unit("remote-storage-test.service") machine.wait_for_unit("remote-storage-test.service")
machine.succeed("systemctl is-active remote-storage-test.service") machine.succeed("systemctl is-active remote-storage-test.service")

31
packages/patched-derivations.nix
View file

@ -2,6 +2,13 @@ let
tools = import ./lib/tools.nix; tools = import ./lib/tools.nix;
pins = import ./sources; pins = import ./sources;
acceptVulnerabilities = drv:
assert drv.meta ? knownVulnerabilities && builtins.length drv.meta.knownVulnerabilities > 0;
drv.overrideAttrs (old: {
meta = old.meta // {
knownVulnerabilities = [];
};
});
in with tools; in with tools;
super: rec { super: rec {
acme-dns = patch super.acme-dns "patches/base/acme-dns"; acme-dns = patch super.acme-dns "patches/base/acme-dns";
@ -19,7 +26,7 @@ super: rec {
}; };
jitsi-meet-insecure = let jitsi-meet-insecure = let
olm-insecure = assert builtins.length super.olm.meta.knownVulnerabilities > 0; super.olm.overrideAttrs (o: { meta = o.meta // { knownVulnerabilities = []; }; }); olm-insecure = acceptVulnerabilities super.olm;
in super.jitsi-meet.override { olm = olm-insecure; }; in super.jitsi-meet.override { olm = olm-insecure; };
jre17_standard = let jre17_standard = let
@ -55,4 +62,26 @@ super: rec {
super.python3Packages.systemd super.python3Packages.systemd
]; ];
}); });
sonarr5 = let
version = "5.0.0.12";
src = super.fetchFromGitHub {
owner = "Sonarr";
repo = "Sonarr";
tag = "v${version}";
hash = "sha256-Pw+dvXNp0kQSwK+y3xZzcDivy45zgpqfZe1OUM8GOqY=";
};
in super.sonarr.override {
buildDotnetModule = args: super.buildDotnetModule (args // {
inherit version src;
nugetDeps = ./servers/sonarr/deps.json;
dotnet-sdk = super.dotnetCorePackages.sdk_8_0;
dotnet-runtime = super.dotnetCorePackages.aspnetcore_8_0;
dotnetFlags = map (builtins.replaceStrings ["net6.0" super.sonarr.version] ["net8.0" version]) args.dotnetFlags;
});
fetchYarnDeps = args: super.fetchYarnDeps (args // {
yarnLock = "${src}/yarn.lock";
hash = "sha256-ckaU3me5fGcOhK0m8BzMWaXc+zPpYyu+GhUHLts9edY=";
});
};
} }

1692
packages/servers/sonarr/deps.json Normal file
View file

File diff suppressed because it is too large Load diff

28
packages/sources/sources.json
View file

@ -9,10 +9,10 @@
}, },
"pre_releases": false, "pre_releases": false,
"version_upper_bound": null, "version_upper_bound": null,
"version": "v3.2.0", "version": "v4.2.3",
"revision": "9ecb233763048c730d24ddacecc8c002d3c8fc89", "revision": "a142630ff970e47303fb0aeff0f7cad6f6fbdaf3",
"url": "https://api.github.com/repos/cinnyapp/cinny/tarball/v3.2.0", "url": "https://api.github.com/repos/cinnyapp/cinny/tarball/v4.2.3",
"hash": "17ndz0x5zws2y533c3wa80mhk0k5n1d4il9agv04aglpd75vn1n0" "hash": "1dh1kxfkl69l6dmwria60s37qnbip4yz29n3l5jfw4lz218i1186"
}, },
"excalidraw": { "excalidraw": {
"type": "Git", "type": "Git",
@ -22,9 +22,9 @@
"repo": "excalidraw" "repo": "excalidraw"
}, },
"branch": "master", "branch": "master",
"revision": "04668d8263b35bf76f1390b25abeeed4181820f6", "revision": "302664e500c7f2ee44a1f107d8f4680c0254305b",
"url": "https://github.com/excalidraw/excalidraw/archive/04668d8263b35bf76f1390b25abeeed4181820f6.tar.gz", "url": "https://github.com/excalidraw/excalidraw/archive/302664e500c7f2ee44a1f107d8f4680c0254305b.tar.gz",
"hash": "10vxvyzx5nw2f0ykw3ng5lh2hiy6nrgpdqiypmcq9caxi6qn7h11" "hash": "02a9jy73lqgmb8h2zcs37h932gzxg7ky2pvb65wd7kcqrcybpp6n"
}, },
"searxng": { "searxng": {
"type": "Git", "type": "Git",
@ -34,9 +34,9 @@
"repo": "searxng" "repo": "searxng"
}, },
"branch": "master", "branch": "master",
"revision": "39aaac40d63d53555b7fc12d56f0825c85ecf567", "revision": "6324a9752a2b21a1dcb709c7fb643e361189163e",
"url": "https://github.com/searxng/searxng/archive/39aaac40d63d53555b7fc12d56f0825c85ecf567.tar.gz", "url": "https://github.com/searxng/searxng/archive/6324a9752a2b21a1dcb709c7fb643e361189163e.tar.gz",
"hash": "0bhlh28n7p36v1q67xqmzxz6icm7kqgqxiyz806swfzykp9hfzxg" "hash": "0b2wy613mds5xl5pqizrb8ncbhk1m8xcbnnsycqks1vypyvr00q4"
}, },
"stevenblack-hosts": { "stevenblack-hosts": {
"type": "GitRelease", "type": "GitRelease",
@ -47,10 +47,10 @@
}, },
"pre_releases": false, "pre_releases": false,
"version_upper_bound": null, "version_upper_bound": null,
"version": "3.14.82", "version": "3.15.15",
"revision": "73ef1823bb9b76d6cbde5d349e82eed0d5dcb4cb", "revision": "a39424667f67c4f9836126fefa2fb25fe83839b6",
"url": "https://api.github.com/repos/StevenBlack/hosts/tarball/3.14.82", "url": "https://api.github.com/repos/StevenBlack/hosts/tarball/3.15.15",
"hash": "1f3d1m27xph8canm7ll0c2fbh6gzf4pfqmrbhix1fg2hxz1pwbqm" "hash": "0kpha475jsw8fbq2z1mn4m94a6a5skgmkia0q6w8sh8lba30y9y3"
} }
}, },
"version": 2 "version": 2

1
packages/system-filter.nix
View file

@ -5,6 +5,7 @@
keycloak = [ "x86_64-linux" ]; keycloak = [ "x86_64-linux" ];
prometheus-jitsi-exporter = [ "aarch64-linux" ]; prometheus-jitsi-exporter = [ "aarch64-linux" ];
searxng = [ "x86_64-linux" ]; searxng = [ "x86_64-linux" ];
sonarr5 = [ "x86_64-linux" ];
tempo = [ "x86_64-linux" ]; tempo = [ "x86_64-linux" ];
}; };
} }

2
packages/web-apps/cinny/default.nix
View file

@ -11,7 +11,7 @@ let
src = fetchzip { src = fetchzip {
name = "cinny-tarball-${version}"; name = "cinny-tarball-${version}";
url = "https://github.com/${repo.owner}/${repo.repo}/releases/download/${cinny.version}/cinny-${cinny.version}.tar.gz"; url = "https://github.com/${repo.owner}/${repo.repo}/releases/download/${cinny.version}/cinny-${cinny.version}.tar.gz";
sha256 = "sha256-4mOMVwwoR8NJVD7kikXAEN3kUAoH5hYHz0md0LYX7bo="; sha256 = "sha256-T2XKSR59lZoazTN0boQhBOYZTac/a+K1OZrgeKwsbvU=";
}; };
buildCommand = '' buildCommand = ''

2
packages/web-apps/excalidraw/default.nix
View file

@ -27,7 +27,7 @@ let
offlineCache = fetchYarnDeps { offlineCache = fetchYarnDeps {
name = "excalidraw-yarn-cache-${builtins.hashString "sha256" (builtins.readFile "${excalidraw}/yarn.lock")}"; name = "excalidraw-yarn-cache-${builtins.hashString "sha256" (builtins.readFile "${excalidraw}/yarn.lock")}";
yarnLock = src + "/yarn.lock"; yarnLock = src + "/yarn.lock";
hash = "sha256-iEk6yh+2sQkm/oucAGj16x/SpKc1WqXYtYTos82R0bQ="; hash = "sha256-SthMtDZtGGTVRYYRHIPUbQe8ixZ9XSFMAl35MMN4JHY=";
}; };
configurePhase = '' configurePhase = ''

3
packages/web-apps/searxng/default.nix
View file

@ -50,6 +50,9 @@ toPythonModule (buildPythonApplication rec {
fasttext-predict fasttext-predict
pybind11 pybind11
pytomlpp pytomlpp
msgspec
typer
isodate
(callPackage ./deps/chompjs.nix {}) (callPackage ./deps/chompjs.nix {})
]; ];

18
patches/base/kanidm/unixd-authenticated.patch
View file

@ -1,5 +1,5 @@
diff --git a/unix_integration/resolver/src/idprovider/kanidm.rs b/unix_integration/resolver/src/idprovider/kanidm.rs diff --git a/unix_integration/resolver/src/idprovider/kanidm.rs b/unix_integration/resolver/src/idprovider/kanidm.rs
index 63cedb4d5..35c45fb0e 100644 index d0a6a8159..7ebc0449d 100644
--- a/unix_integration/resolver/src/idprovider/kanidm.rs --- a/unix_integration/resolver/src/idprovider/kanidm.rs
+++ b/unix_integration/resolver/src/idprovider/kanidm.rs +++ b/unix_integration/resolver/src/idprovider/kanidm.rs
@@ -7,6 +7,7 @@ use kanidm_proto::internal::OperationError; @@ -7,6 +7,7 @@ use kanidm_proto::internal::OperationError;
@ -10,7 +10,7 @@ index 63cedb4d5..35c45fb0e 100644
use tokio::sync::{broadcast, Mutex}; use tokio::sync::{broadcast, Mutex};
use kanidm_lib_crypto::CryptoPolicy; use kanidm_lib_crypto::CryptoPolicy;
@@ -38,6 +39,8 @@ struct KanidmProviderInternal { @@ -39,6 +40,8 @@ struct KanidmProviderInternal {
hmac_key: HmacKey, hmac_key: HmacKey,
crypto_policy: CryptoPolicy, crypto_policy: CryptoPolicy,
pam_allow_groups: BTreeSet<String>, pam_allow_groups: BTreeSet<String>,
@ -19,7 +19,7 @@ index 63cedb4d5..35c45fb0e 100644
} }
pub struct KanidmProvider { pub struct KanidmProvider {
@@ -102,6 +105,19 @@ impl KanidmProvider { @@ -103,6 +106,19 @@ impl KanidmProvider {
.map(|GroupMap { local, with }| (local, Id::Name(with))) .map(|GroupMap { local, with }| (local, Id::Name(with)))
.collect(); .collect();
@ -39,7 +39,7 @@ index 63cedb4d5..35c45fb0e 100644
Ok(KanidmProvider { Ok(KanidmProvider {
inner: Mutex::new(KanidmProviderInternal { inner: Mutex::new(KanidmProviderInternal {
state: CacheState::OfflineNextCheck(now), state: CacheState::OfflineNextCheck(now),
@@ -109,6 +125,8 @@ impl KanidmProvider { @@ -110,6 +126,8 @@ impl KanidmProvider {
hmac_key, hmac_key,
crypto_policy, crypto_policy,
pam_allow_groups, pam_allow_groups,
@ -48,10 +48,10 @@ index 63cedb4d5..35c45fb0e 100644
}), }),
map_group, map_group,
}) })
@@ -256,7 +274,11 @@ impl KanidmProviderInternal { @@ -262,7 +280,11 @@ impl KanidmProviderInternal {
} let mut max_attempts = 3;
while max_attempts > 0 {
async fn attempt_online(&mut self, _tpm: &mut tpm::BoxedDynTpm, now: SystemTime) -> bool { max_attempts -= 1;
- match self.client.auth_anonymous().await { - match self.client.auth_anonymous().await {
+ let auth_method = match (&self.auth_name, &self.auth_password) { + let auth_method = match (&self.auth_name, &self.auth_password) {
+ (Some(name), Some(password)) => self.client.auth_simple_password(name, password).await, + (Some(name), Some(password)) => self.client.auth_simple_password(name, password).await,
@ -59,5 +59,5 @@ index 63cedb4d5..35c45fb0e 100644
+ }; + };
+ match auth_method { + match auth_method {
Ok(_uat) => { Ok(_uat) => {
debug!("provider is now online");
self.state = CacheState::Online; self.state = CacheState::Online;
true