openssh & piped fixes

2023-02-09 15:22:55 +00:00 · 2023-02-09 15:22:55 +00:00 · 55bef5d7d4
parent 788880739c
commit 55bef5d7d4
6 changed files with 59 additions and 79 deletions
--- a/flake.lock
+++ b/flake.lock
@ -9,11 +9,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1672327199,
-        "narHash": "sha256-pFlngSHXKBhAmbaKZ4FYtu57LLunG+vWdL7a5vw1RvQ=",
+        "lastModified": 1674127017,
+        "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "a5619f5660a00f58c2b7c16d89058e92327ac9b8",
+        "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
        "type": "github"
      },
      "original": {
@ -138,11 +138,11 @@
        "utils": "utils_4"
      },
      "locked": {
-        "lastModified": 1673343300,
-        "narHash": "sha256-5Xdj6kpXYMie0MlnGwqK5FaMdsedxvyuakWtyKB3zaQ=",
+        "lastModified": 1674556204,
+        "narHash": "sha256-HCRmkZsq01h2Evch08zpgE9jeHdMtGdT1okWotyvuhY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "176e455371a8371586e8a3ff0d56ee9f3ca2324e",
+        "rev": "c59f0eac51da91c6989fd13a68e156f63c0e60b6",
        "type": "github"
      },
      "original": {
@ -191,11 +191,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1673540789,
-        "narHash": "sha256-xqnxBOK3qctIeUVxecydrEDbEXjsvHCPGPbvsl63M/U=",
+        "lastModified": 1674459583,
+        "narHash": "sha256-L0UZl/u2H3HGsrhN+by42c5kNYeKtdmJiPzIRvEVeiM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "0f213d0fee84280d8c3a97f7469b988d6fe5fcdf",
+        "rev": "1b1f50645af2a70dc93eae18bfd88d330bfbcf7f",
        "type": "github"
      },
      "original": {
@ -207,11 +207,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1673711115,
-        "narHash": "sha256-RY2xKMbs+GDbH3mszx5NsJ9HbVVSa9w6qUItE6UDcGQ=",
+        "lastModified": 1674574136,
+        "narHash": "sha256-1VZkgpWft6Ifs35aIAry1vHUGLzxUe5M2eBvHhYVByA=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "39f8d3cbd719478c3505de5f31a7000404ee6c42",
+        "rev": "b87197cac6c38db9e32d76c6f286fee98e2ba752",
        "type": "github"
      },
      "original": {
@ -233,18 +233,34 @@
        "tree-input": "tree-input"
      }
    },
+    "std": {
+      "locked": {
+        "lastModified": 1671250799,
+        "narHash": "sha256-uPIakP98gOf6504NtrAb2/0O0BgRRXNShM0PTV8z+T0=",
+        "owner": "chessai",
+        "repo": "nix-std",
+        "rev": "b300fd6dfeae8cc331c7d8cde0e81b404d50d40c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "chessai",
+        "repo": "nix-std",
+        "type": "github"
+      }
+    },
    "tree-input": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs-unstable"
-        ]
+        ],
+        "std": "std"
      },
      "locked": {
-        "lastModified": 1670085069,
-        "narHash": "sha256-IO9HcAjncPp/0sUGcCUWVwa0XoBVFQKx+oY+8EBRcTc=",
+        "lastModified": 1674066361,
+        "narHash": "sha256-1f7L1be7u3x0jNDJ+W641kM9pZfd2ZLkjziRvKIZMvw=",
        "owner": "kittywitch",
        "repo": "tree",
-        "rev": "501675588cb663a9bd18056002de697f4e91b667",
+        "rev": "638ad6549febe360b0120375cae2bc3bb3b477f3",
        "type": "github"
      },
      "original": {
--- a/hosts/hetzner-vm/modules/piped/proxy.nix
+++ b/hosts/hetzner-vm/modules/piped/proxy.nix
@ -33,7 +33,6 @@ in {
      environment.BIND = "0.0.0.0:${toString cfg.internalProxyPort}";
      environment.IPV4_ONLY = mkIf cfg.proxyIPv4Only "1";
      serviceConfig = {
-        WorkingDirectory = "/run/piped-proxy";
        ExecStart = "${pkgs.piped-proxy}/bin/piped-proxy";

        RestartSec = "5s";
--- a/hosts/tablet/tablet.nix
+++ b/hosts/tablet/tablet.nix
@ -1,4 +1,8 @@
-{tree, pkgs, ...}: {
+{
+  tree,
+  pkgs,
+  ...
+}: {
  imports = with tree; [
    users.root
    users.chaos
@ -19,8 +23,7 @@
    ./profiles/misskey-dev.nix
  ];

-  services.teamviewer.enable = true;
-  environment.systemPackages = with pkgs; [ teamviewer ];
+  environment.systemPackages = with pkgs; [teamviewer];

  home-manager.users.root = {
    imports = with tree; [home.base];
@ -45,14 +48,11 @@

  nix.buildMachines = [
    {
-      hostName = "buildbox.servers.genderfucked.monster";
+      hostName = "hetzner-vm.servers.genderfucked.monster";
      system = "x86_64-linux";
-      # if the builder supports building for multiple architectures,
-      # replace the previous line by, e.g.,
-      # systems = ["x86_64-linux" "aarch64-linux"];
      sshUser = "root";
      sshKey = "/usb/ssh-keys/chaos.priv";
-      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpXZGI5SVl3dFBSRm9rK2JTWUpmSnlRTlJSSithVEtIT3VOTkNLY2FMUHggcm9vdEBuaXhvcwo=";
+      publicHostKey = "AAAAC3NzaC1lZDI1NTE5AAAAIMIt2ABqwHhMjz9r6atv4XuX58xEWeStkmXUwvMVGv4w";
      maxJobs = 16;
      speedFactor = 4;
      supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
@ -62,41 +62,6 @@
  nix.distributedBuilds = true; # true;
  nix.extraOptions = "builders-use-substitutes = true";

-  #services.telegraf = {
-  #  enable = true;
-  #  extraConfig = {
-  #    inputs.mem = { };
-  #    inputs.systemd_units = { pattern = ""; };
-  #    outputs.websocket = {
-  #      url = "ws://127.0.0.1:9002/test";
-  #      use_text_frames = true;
-  #      data_format = "json";
-  #    };
-  #    outputs.file = {
-  #      files = [ "/tmp/telegraf-output" ];
-  #      data_format = "json";
-  #      flush_interval = "1s";
-  #      flush_jitter = "1s";
-  #      metric_batch_size = 10;
-  #    };
-  #  };
-  #};
-
-  #services.datadog-agent = {
-  #  enable = true;
-  #  apiKeyFile = "/tmp/key";
-  #  site = "datadoghq.eu";
-  #  checks = {
-  #    systemd = {
-  #      init_config = null;
-  #      instances = [{ unit_names = [ "postgresql.service" "none.service" ]; }];
-  #    };
-  #  };
-  #};
-  #systemd.services.datadog-agent.environment = {
-  #  ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH = "go1.19";
-  #};
-
  networking.hostName = "tablet";
  time.timeZone = "Europe/London";

--- a/overlay/piped/frontend/yarn.nix
+++ b/overlay/piped/frontend/yarn.nix
@ -946,11 +946,11 @@
      };
    }
    {
-      name = "_iconify_json___json_2.2.6.tgz";
+      name = "_iconify_json___json_2.2.11.tgz";
      path = fetchurl {
-        name = "_iconify_json___json_2.2.6.tgz";
-        url  = "https://registry.yarnpkg.com/@iconify/json/-/json-2.2.6.tgz";
-        sha512 = "fRP5PwXvX0PAGne1/xHvd6zVYiHq9dQzdvhhxamwJuNjoIVRWNNP5y465NkxybzEX94kn2JnoULkA9kbZkXoqA==";
+        name = "_iconify_json___json_2.2.11.tgz";
+        url  = "https://registry.yarnpkg.com/@iconify/json/-/json-2.2.11.tgz";
+        sha512 = "LlFrpRAOFq4zW7tbw3GZPB3GRjtwpXQJIb7bHyFjAQb43FdkOWM01A5tB1WpXDYBq1C4FMIbGusCbrSHlX9jHQ==";
      };
    }
    {
@ -2346,11 +2346,11 @@
      };
    }
    {
-      name = "eslint___eslint_8.31.0.tgz";
+      name = "eslint___eslint_8.32.0.tgz";
      path = fetchurl {
-        name = "eslint___eslint_8.31.0.tgz";
-        url  = "https://registry.yarnpkg.com/eslint/-/eslint-8.31.0.tgz";
-        sha512 = "0tQQEVdmPZ1UtUKXjX7EMm9BlgJ08G90IhWh0PKDCb3ZLsgAOHI8fYSIzYVZej92zsgq+ft0FGsxhJ3xo2tbuA==";
+        name = "eslint___eslint_8.32.0.tgz";
+        url  = "https://registry.yarnpkg.com/eslint/-/eslint-8.32.0.tgz";
+        sha512 = "nETVXpnthqKPFyuY2FNjz/bEd6nbosRgKbkgS/y1C7LJop96gYHWpiguLecMHQ2XCPxn77DS0P+68WzG6vkZSQ==";
      };
    }
    {
--- a/overlay/piped/meta.json
+++ b/overlay/piped/meta.json
@ -1,14 +1,14 @@
 {
  "frontend": {
-    "rev": "2436b735c8efb598b537f4be16f863937c1c9276",
-    "sha256": "sha256-xZ3Kp0YW/z+ndq3Nl76OmxfKANdq7WVo9C7lSHThiUo="
+    "rev": "1a759d4d59f87e9cd69d74a90b8d4ecea8cb38f0",
+    "sha256": "sha256-VtBfBIc7TOAUh0axPgxprdyh9g+TU75fNSnb1rM5Yw4="
  },
  "backend": {
    "rev": "939b0bbaa8f9a3529e1ebaedfdf0b9e7546fdeff",
    "sha256": "sha256-hd2inw0WpdDeJATLLQNlp9/PXkrSRXjBh5RgKo1UIGc="
  },
  "proxy": {
-    "rev": "7419f8a453cb6cb3836c25925b68288f343a8301",
-    "sha256": "sha256-wJJ/lQQLA8roK+S7jBYnUVHbXdQf1GlS3CDKDp0LrP8="
+    "rev": "5260c00b2ff70897dbebdfba90053d51c84b4c4f",
+    "sha256": "sha256-kq2131zj3J3dnamiaeP+nySmQOCqHBI8hq4lkW/7sW4="
  }
 }
--- a/profiles/sshd/sshd.nix
+++ b/profiles/sshd/sshd.nix
@ -1,13 +1,13 @@
 {lib, ...}: {
  services.openssh = {
    enable = true;
-    passwordAuthentication = false;
-    kbdInteractiveAuthentication = lib.mkDefault false;
-    permitRootLogin = "prohibit-password";
+    settings = {
+      PermitRootLogin = "prohibit-password";
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = lib.mkDefault false;
+      StreamLocalBindUnlink = true;
+      LogLevel = "VERBOSE";
+    };
    kexAlgorithms = ["curve25519-sha256@libssh.org"];
-    extraConfig = ''
-      StreamLocalBindUnlink yes
-      LogLevel VERBOSE
-    '';
  };
 }