From 13afaf15a43856b0d75e779278a0c9237539a57e Mon Sep 17 00:00:00 2001
From: chaos <chaos@owo.monster>
Date: Sat, 14 Oct 2023 13:51:03 +0100
Subject: [PATCH] fix tmpos on wsl, fix public webdav, add better tarball
 builder for wsl

---
 .../containers/storage/default.nix            |  1 +
 .../containers/storage/secrets.nix            |  3 +-
 hosts/nixos.nix                               |  1 +
 modules/nixos/wslBuildTarballExt.nix          | 52 +++++++++++++++++++
 outputs.nix                                   |  4 ++
 profiles/base/boot.nix                        |  7 ++-
 6 files changed, 66 insertions(+), 2 deletions(-)
 create mode 100644 modules/nixos/wslBuildTarballExt.nix

diff --git a/hosts/hetzner-arm/containers/storage/default.nix b/hosts/hetzner-arm/containers/storage/default.nix
index cae4e83..28db464 100644
--- a/hosts/hetzner-arm/containers/storage/default.nix
+++ b/hosts/hetzner-arm/containers/storage/default.nix
@@ -69,6 +69,7 @@ in {
       "/Main/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_main}";
       "/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}";
       "/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}";
+      "/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_public}";
       "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_uploads}";
     };
     extraConfig = ''
diff --git a/hosts/hetzner-arm/containers/storage/secrets.nix b/hosts/hetzner-arm/containers/storage/secrets.nix
index dd94669..ff851bf 100644
--- a/hosts/hetzner-arm/containers/storage/secrets.nix
+++ b/hosts/hetzner-arm/containers/storage/secrets.nix
@@ -36,6 +36,7 @@
       "api-keys/data/storage/webdav/Main"
       "api-keys/data/storage/webdav/Media"
       "api-keys/data/storage/webdav/Public"
+      "api-keys/data/storage/webdav/Uploads"
 
       "private-public-keys/data/rclone/Chaos-Media-Crypt"
     ];
@@ -82,7 +83,7 @@
         if [ -f "$2" ]; then
           rm "$2"
         fi
-        
+
         touch "$2"
 
         data=$(kv_get "$1" | base64)
diff --git a/hosts/nixos.nix b/hosts/nixos.nix
index 6767042..2a49388 100644
--- a/hosts/nixos.nix
+++ b/hosts/nixos.nix
@@ -38,6 +38,7 @@
     tree.modules.nixos.rcloneSync
     tree.modules.nixos.secrets
     tree.modules.nixos.postgreSQLRemoteBackup
+    tree.modules.nixos.wslBuildTarballExt
   ];
 
   nixosUnstableSystem = nixpkgs-unstable.lib.nixosSystem;
diff --git a/modules/nixos/wslBuildTarballExt.nix b/modules/nixos/wslBuildTarballExt.nix
new file mode 100644
index 0000000..c754b7c
--- /dev/null
+++ b/modules/nixos/wslBuildTarballExt.nix
@@ -0,0 +1,52 @@
+{ config, pkgs, lib, ... }: let
+  inherit (lib.modules) mkIf;
+  cfg = config.wsl;
+in
+{
+  config = mkIf cfg.enable {
+    system.build.tarballBuilderExt = pkgs.writeShellApplication {
+      name = "nixos-wsl-tarball-builder-ext";
+
+      runtimeInputs = with pkgs; [
+        coreutils
+        gnutar
+        zstd
+        nixos-install-tools
+        config.nix.package
+      ];
+
+      text = ''
+        if ! [ $EUID -eq 0 ]; then
+          echo "This script must be run as root!"
+          exit 1
+        fi
+
+        out=''${1:-nixos-wsl.tar.zst}
+
+        root=$(mktemp -p "''${TMPDIR:-/tmp}" -d nixos-wsl-tarball.XXXXXXXXXX)
+        # FIXME: fails in CI for some reason, but we don't really care because it's CI
+        trap 'rm -rf "$root" || true' INT TERM EXIT
+
+        chmod o+rx "$root"
+
+        echo "[NixOS-WSL] Installing..."
+        nixos-install \
+          --root "$root" \
+          --no-root-passwd \
+          --system ${config.system.build.toplevel} \
+          --substituters ""
+
+        echo "[NixOS-WSL] Compressing..."
+        tar -C "$root" \
+          -cz \
+          --sort=name \
+          --mtime='@1' \
+          --owner=0 \
+          --group=0 \
+          --numeric-owner \
+          . \
+          > "$out"
+      '';
+    };
+  };
+}
\ No newline at end of file
diff --git a/outputs.nix b/outputs.nix
index 40a5e8e..f806e07 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -9,6 +9,10 @@
 in
   {
     nixosConfigurations = hosts.nixosConfigurations;
+
+    extras = {
+      wsl-tarball-builder = hosts.nixosConfigurations.wsl.config.system.build.tarballBuilderExt;
+    };
   }
   // (inputs.flake-utils.lib.eachDefaultSystem (
     system: let
diff --git a/profiles/base/boot.nix b/profiles/base/boot.nix
index 1236cd6..3213166 100644
--- a/profiles/base/boot.nix
+++ b/profiles/base/boot.nix
@@ -1 +1,6 @@
-{...}: {boot.tmp.useTmpfs = true;}
+{config, ...}: {
+  boot.tmp.useTmpfs =
+    if config ? "wsl" && config.wsl.enable
+    then false
+    else true;
+}