misskey, update postgres, buildbox initial work

2022-11-23 15:58:12 +00:00 · 2022-11-23 15:58:12 +00:00 · 78fb68b0c2
parent e71fb152db
commit 78fb68b0c2
29 changed files with 245 additions and 51 deletions
--- a/flake.lock
+++ b/flake.lock
@ -4,7 +4,7 @@
      "inputs": {
        "flake-compat": "flake-compat",
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs-fixed"
        ],
        "utils": "utils"
      },
@ -70,14 +70,52 @@
        "type": "github"
      }
    },
-    "gitlab_artifacts_sync": {
+    "flake-compat_4": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "gitlab_archiver": {
      "inputs": {
        "flake-compat": "flake-compat_2",
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs-fixed"
        ],
        "utils": "utils_2"
      },
+      "locked": {
+        "lastModified": 1661345778,
+        "narHash": "sha256-uk42PBp5Xg25ebuoJkJ0oPHS+wvl+Rq6v2Dtq6cCoa4=",
+        "owner": "ChaotiCryptidz",
+        "repo": "gitlab_archiver",
+        "rev": "99c3f50194acaed587d28cad9bab377bbd9ae3d1",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "ChaotiCryptidz",
+        "repo": "gitlab_archiver",
+        "type": "gitlab"
+      }
+    },
+    "gitlab_artifacts_sync": {
+      "inputs": {
+        "flake-compat": "flake-compat_3",
+        "nixpkgs": [
+          "nixpkgs-fixed"
+        ],
+        "utils": "utils_3"
+      },
      "locked": {
        "lastModified": 1661347022,
        "narHash": "sha256-XJZnwi3bKI1tcmAIVHBHzniQjUW3uLHvsSMZwjukmc8=",
@ -97,14 +135,14 @@
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
-        "utils": "utils_3"
+        "utils": "utils_4"
      },
      "locked": {
-        "lastModified": 1668900402,
-        "narHash": "sha256-IhVlueHoQNoN0SOHZIceKU3LyEL00g2ei0aUlaNypbQ=",
+        "lastModified": 1669071065,
+        "narHash": "sha256-KBpgj3JkvlPsJ3duOZqFJe6tgr+wc75t8sFmgRbBSbw=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "c0f9cbcf93ca22e4f0ca66843be61a4bdf6f0a44",
+        "rev": "f7641a3ff398ccce952e19a199d775934e518c1d",
        "type": "github"
      },
      "original": {
@ -115,11 +153,11 @@
    },
    "musicutil": {
      "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs-fixed"
        ],
-        "utils": "utils_4"
+        "utils": "utils_5"
      },
      "locked": {
        "lastModified": 1666470518,
@ -135,13 +173,29 @@
        "type": "gitlab"
      }
    },
-    "nixpkgs-unstable": {
+    "nixpkgs-fixed": {
      "locked": {
-        "lastModified": 1668765800,
-        "narHash": "sha256-rC40+/W6Hio7b/RsY8SvQPKNx4WqNcTgfYv8cUMAvJk=",
+        "lastModified": 1669052418,
+        "narHash": "sha256-M1I4BKXBQm2gey1tScemEh5TpHHE3gKptL7BpWUvL8s=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739",
+        "rev": "20fc948445a6c22d4e8d5178e9a6bc6e1f5417c8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "20fc948445a6c22d4e8d5178e9a6bc6e1f5417c8",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1669052418,
+        "narHash": "sha256-M1I4BKXBQm2gey1tScemEh5TpHHE3gKptL7BpWUvL8s=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "20fc948445a6c22d4e8d5178e9a6bc6e1f5417c8",
        "type": "github"
      },
      "original": {
@ -153,11 +207,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1668947373,
-        "narHash": "sha256-w23XqGmDtMKr7qKc2D6A6Rfo+7xYtbloPtPod+BopQk=",
+        "lastModified": 1669182177,
+        "narHash": "sha256-U3Bp+pZN58lEqlk1hoTyCGUckFpZfXW2b14p1NGymyY=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "9ee49e01512c3ce211e8017f0ba592ef4695d777",
+        "rev": "6ccbe180fc646a7672cede9fa008fd30d744d0c8",
        "type": "github"
      },
      "original": {
@ -169,9 +223,11 @@
    "root": {
      "inputs": {
        "deploy-rs": "deploy-rs",
+        "gitlab_archiver": "gitlab_archiver",
        "gitlab_artifacts_sync": "gitlab_artifacts_sync",
        "home-manager-unstable": "home-manager-unstable",
        "musicutil": "musicutil",
+        "nixpkgs-fixed": "nixpkgs-fixed",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nur": "nur"
      }
@ -207,6 +263,21 @@
      }
    },
    "utils_3": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "utils_4": {
      "locked": {
        "lastModified": 1667395993,
        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -221,7 +292,7 @@
        "type": "github"
      }
    },
-    "utils_4": {
+    "utils_5": {
      "locked": {
        "lastModified": 1659877975,
        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
--- a/flake.nix
+++ b/flake.nix
@ -9,16 +9,22 @@
    #nix-darwin-unstable.url = "github:lnl7/nix-darwin/master";
    #nix-darwin-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";

+    # update whenever
+    nixpkgs-fixed.url = "github:nixos/nixpkgs/?branch=nixos-unstable&rev=20fc948445a6c22d4e8d5178e9a6bc6e1f5417c8";
+
    nur.url = "github:nix-community/NUR";

    deploy-rs.url = "github:serokell/deploy-rs";
-    deploy-rs.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    deploy-rs.inputs.nixpkgs.follows = "nixpkgs-fixed";

    musicutil.url = "gitlab:ChaotiCryptidz/musicutil";
-    musicutil.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    musicutil.inputs.nixpkgs.follows = "nixpkgs-fixed";
+
+    gitlab_archiver.url = "gitlab:ChaotiCryptidz/gitlab_archiver";
+    gitlab_archiver.inputs.nixpkgs.follows = "nixpkgs-fixed";

    gitlab_artifacts_sync.url = "gitlab:ChaotiCryptidz/gitlab_artifacts_sync";
-    gitlab_artifacts_sync.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    gitlab_artifacts_sync.inputs.nixpkgs.follows = "nixpkgs-fixed";
  };

  outputs = { ... }@inputs: import ./outputs.nix inputs;
--- a/home/apps/obsidian.nix
+++ b/home/apps/obsidian.nix
@ -0,0 +1 @@
+{ pkgs, ... }: { home.packages = with pkgs; [ obsidian ]; }
--- a/home/backup-apps.nix
+++ b/home/backup-apps.nix
@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    gitlab_archiver
+  ];
+}
--- a/home/dev/all/extra.nix
+++ b/home/dev/all/extra.nix
@ -7,13 +7,8 @@
    tmux
    socat
    file
-    elvish
    (pkgs.busybox.override {
      enableAppletSymlinks = false;
-      extraConfig = ''
-        CONFIG_INSTALL_APPLET_DONT y
-        CONFIG_INSTALL_APPLET_SYMLINKS n
-      '';
    })
  ];
 }
--- a/home/dev/all/network.nix
+++ b/home/dev/all/network.nix
@ -7,7 +7,6 @@
    dnsutils
    rsync
    openssh
-    mosh
    nmap
  ];
 }
--- a/hosts/buildbox/buildbox.nix
+++ b/hosts/buildbox/buildbox.nix
@ -0,0 +1,25 @@
+{ modulesPath, tree, config, pkgs, lib, ... }:
+let secrets-db = (import ./secrets-db.nix { });
+in {
+  imports = with tree; [
+    users.root
+
+    profiles.base
+    profiles.sshd
+    profiles.nix-gc
+
+    ./hardware.nix
+    ./networking.nix
+  ];
+
+  home-manager.users.root = {
+    imports = with tree; [ home.base home.dev.small ];
+    home.stateVersion = "22.05";
+  };
+
+  networking.hostName = "buildbox";
+  time.timeZone = "Europe/London";
+
+  system.stateVersion = "22.05";
+}
+
--- a/hosts/buildbox/hardware.nix
+++ b/hosts/buildbox/hardware.nix
@ -0,0 +1,29 @@
+{ config, lib, pkgs, modulesPath, ... }: {
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.kernelModules = [ "kvm-amd" ];
+
+  environment.etc."mdadm.conf".text = ''
+    HOMEHOST <ignore>
+  '';
+  boot.initrd.services.swraid.mdadmConf  = config.environment.etc."mdadm.conf".text;
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/root";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "ext4";
+  };
+
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = false;
+    version = 2;
+    device = "nodev";
+    devices = [ "/dev/sda" "/dev/sdb"];
+  };
+}
--- a/hosts/buildbox/networking.nix
+++ b/hosts/buildbox/networking.nix
@ -0,0 +1,25 @@
+{ ... }: {
+  systemd.services.systemd-networkd-wait-online.enable = false;
+
+  networking = {
+    resolvconf.useLocalResolver = false;
+    networkmanager.dns = "none";
+  };
+  networking.nameservers = [ "1.1.1.1" ];
+
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  networking.enableIPv6 = true;
+  networking.usePredictableInterfaceNames = false;
+  networking.dhcpcd.enable = false;
+  systemd.network = {
+    enable = true;
+    networks.eth0 = {
+      name = "eth0";
+      address = [ "144.76.97.18" ];
+      gateway = [  "144.76.97.1" ];
+    };
+  };
+}
--- a/hosts/hetzner-vm/hetzner-vm.nix
+++ b/hosts/hetzner-vm/hetzner-vm.nix
@ -36,6 +36,6 @@
  networking.hostName = "hetzner-vm";
  time.timeZone = "Europe/London";

-  system.stateVersion = "21.11";
+  system.stateVersion = "22.05";
 }

--- a/hosts/hetzner-vm/profiles/invidious.nix
+++ b/hosts/hetzner-vm/profiles/invidious.nix
@ -3,8 +3,6 @@ let ports = (import ../ports.nix { });
 in {
  services.invidious = {
    enable = true;
-    #package =
-    #  inputs.nixpkgs-stable.outputs.legacyPackages.${pkgs.system}.invidious;
    port = ports.invidious;
    settings = {
      full_refresh = true;
@ -38,7 +36,7 @@ in {

  systemd.services.invidious.serviceConfig = {
    Restart = "always";
-    RuntimeMaxSec = "4800";
+    RuntimeMaxSec = "${toString (60*60*2)}";
  };

  services.nginx.virtualHosts."invidious.owo.monster" = {
--- a/hosts/hetzner-vm/profiles/mailserver.nix
+++ b/hosts/hetzner-vm/profiles/mailserver.nix
@ -23,6 +23,13 @@ in {
        ];
        sieveScript = null;
      };
+      "misskey@owo.monster" = {
+        name = "misskey@owo.monster";
+        passwordFile = "${secrets.misskey_mail_passwd.path}";
+        aliases = [];
+        sieveScript = null;
+      };
+
    };
  };
 }
--- a/hosts/hetzner-vm/profiles/misskey.nix
+++ b/hosts/hetzner-vm/profiles/misskey.nix
@ -36,6 +36,9 @@ let
      host = "127.0.0.1";
      port = ports.misskey-redis;
    };
+
+    clusterLimit = 4;
+    outgoingAddressFamily = "dual";
  };

  misskeyConfigFile = builtins.toFile "default.yml"
@ -60,12 +63,14 @@ in {
    serviceConfig.Type = "oneshot";
    wantedBy = [ "misskey.service" ];
    after = [ "home-manager-misskey.service" "network.target" ];
-    path = with pkgs; [ bash git ] ++ misskeyPackages;
+    path = with pkgs; [ bash git rsync ] ++ misskeyPackages;
    reloadTriggers = [ misskeyPackage misskeyConfigFile ];

    script = ''
-      rm -rf /home/misskey/misskey || true
-      cp -rv ${misskeyPackage} /home/misskey/misskey
+      #rm -rf /home/misskey/misskey || true
+      mkdir -p /home/misskey/misskey || true
+      rsync -avh ${misskeyPackage}/ /home/misskey/misskey/ --delete --exclude node_modules
+      #cp -rv ${misskeyPackage} /home/misskey/misskey

      rm -rf /home/misskey/misskey/.config
      mkdir /home/misskey/misskey/.config
@ -85,6 +90,7 @@ in {
    serviceConfig.Type = "oneshot";
    wantedBy = [ "misskey.service" ];
    wants = [ "postgresql.service" ];
+    after = [ "postgresql.service" ];
    script = ''
      ${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';"
    '';
--- a/hosts/hetzner-vm/profiles/restic.nix
+++ b/hosts/hetzner-vm/profiles/restic.nix
@ -53,7 +53,7 @@ in {

  services.postgresqlBackup = {
    enable = true;
-    backupAll = true;
+    backupAll = false;
    compression = "zstd";
  };
 }
--- a/hosts/hetzner-vm/secrets.nix
+++ b/hosts/hetzner-vm/secrets.nix
@ -33,6 +33,14 @@
          htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
        '';
      };
+      misskey_mail_passwd = {
+        user = "dovecot2";
+        group = "dovecot2";
+        fetchScript = ''
+          password=$(simple_get "/api-keys/chaos_mail/misskey" .password)
+          htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
+        '';
+      };
      gitlab_env = {
        user = "gitlab_artifacts_sync";
        group = "gitlab_artifacts_sync";
--- a/hosts/storage/storage.nix
+++ b/hosts/storage/storage.nix
@ -83,6 +83,6 @@ in {
  networking.hostName = "storage";
  time.timeZone = "Europe/London";

-  system.stateVersion = "21.11";
+  system.stateVersion = "22.05";
 }

--- a/hosts/tablet/profiles/wireguard.nix
+++ b/hosts/tablet/profiles/wireguard.nix
@ -5,6 +5,7 @@ in {
  networking.firewall.trustedInterfaces = [ "wg0" ];
  networking.wg-quick.interfaces = {
    wg0 = {
+      autostart = false;
      address = [ "10.69.42.2/32" ];
      privateKeyFile = "${secrets.wg_priv.path}";

--- a/hosts/tablet/tablet.nix
+++ b/hosts/tablet/tablet.nix
@ -23,6 +23,7 @@
      home.base
      home.dev.all
      home.home-folders
+      home.backup-apps

      home.programming.editors.vscode
      home.programming.languages.rust
@ -39,6 +40,6 @@
  networking.hostName = "tablet";
  time.timeZone = "Europe/London";

-  system.stateVersion = "21.11";
+  system.stateVersion = "22.05";
 }

--- a/hosts/vault/vault.nix
+++ b/hosts/vault/vault.nix
@ -64,6 +64,6 @@ in {
  networking.hostName = "vault";
  time.timeZone = "Europe/London";

-  system.stateVersion = "21.11";
+  system.stateVersion = "22.05";
 }

--- a/overlay/invidious/update.sh
+++ b/overlay/invidious/update.sh
@ -51,7 +51,7 @@ fi

 json_set '.invidious.version' "$new_version"
 json_set '.invidious.rev' "$new_rev"
-new_sha256=$(nix-prefetch -I 'nixpkgs=<nixpkgs>' "$pkg")
+new_sha256=$(nix-prefetch fetchFromGitHub --owner iv-org --repo invidious --rev "$new_rev")
 json_set '.invidious.sha256' "$new_sha256"
 commit_msg="$pkg: $old_version -> $new_version"

--- a/overlay/invidious/versions.json
+++ b/overlay/invidious/versions.json
@ -4,9 +4,9 @@
    "sha256": "sha256-EU6T9yQCdOLx98Io8o01rEsgxDFF/Xoy42LgPopD2/A="
  },
  "invidious": {
-    "rev": "516efd2df3f7d242c2d1df416053b4991a554116",
+    "rev": "5160d8bae39dc5cc5d51abee90571a03c08d0f2b",
    "sha256": "sha256-0Cb1Qsn6vnrzd4pZm1GZxlVQNn5dYKUR/xWMCG37GSk=",
-    "version": "unstable-2022-11-17"
+    "version": "unstable-2022-11-22"
  },
  "lsquic": {
    "sha256": "sha256-hG8cUvhbCNeMOsKkaJlgGpzUrIx47E/WhmPIdI5F3qM=",
--- a/overlay/misskey/copy-link-non-monospace.patch
+++ b/overlay/misskey/copy-link-non-monospace.patch
@ -0,0 +1,13 @@
+diff --git a/packages/client/src/scripts/copy-to-clipboard.ts b/packages/client/src/scripts/copy-to-clipboard.ts
+index ab13cab..3a7cb2b 100644
+--- a/packages/client/src/scripts/copy-to-clipboard.ts
+++ b/packages/client/src/scripts/copy-to-clipboard.ts
+@@ -5,7 +5,7 @@ export default val => {
+ 	// 空div 生成
+ 	const tmp = document.createElement('div');
+ 	// 選択用のタグ生成
+-	const pre = document.createElement('pre');
+	const pre = document.createElement('p');
+ 
+ 	// 親要素のCSSで user-select: none だとコピーできないので書き換える
+ 	pre.style.webkitUserSelect = 'auto';
--- a/overlay/misskey/default.nix
+++ b/overlay/misskey/default.nix
@ -15,6 +15,9 @@ in stdenv.mkDerivation {
  pname = "misskey";
  inherit version src;

+  # some of my own personal patches
+  patches = [ ./copy-link-non-monospace.patch ];
+
  installPhase = ''
    cp -r $src $out
  '';
--- a/presets/nixos/desktop.nix
+++ b/presets/nixos/desktop.nix
@ -23,6 +23,7 @@
      home.apps.telegram
      home.apps.quassel

+      home.apps.obsidian
      home.apps.strawberry
      home.apps.nicotine-plus
      home.apps.musicutil
--- a/profiles/base/nix.nix
+++ b/profiles/base/nix.nix
@ -13,6 +13,7 @@
      (import ../../overlay)
      inputs.musicutil.overlay
      inputs.gitlab_artifacts_sync.overlay
+      inputs.gitlab_archiver.overlay
      inputs.deploy-rs.overlay
    ];
  };
--- a/profiles/sshd/sshd.nix
+++ b/profiles/sshd/sshd.nix
@ -10,5 +10,4 @@
      LogLevel VERBOSE
    '';
  };
-  programs.mosh.enable = true;
 }
--- a/scripts/deploy-all.sh
+++ b/scripts/deploy-all.sh
@ -6,6 +6,9 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 REPO_ROOT="${SCRIPT_DIR}/.."
 cd $REPO_ROOT

-deploy -s ".#hetzner-vm"
-deploy -s ".#vault"
-deploy -s ".#storage"
+HOSTNAME=$(hostname)
+
+./scripts/rebuild.sh $@
+[ "${HOSTNAME}" != "hetzner-vm" ] && deploy -s ".#hetzner-vm" -- $@
+[ "${HOSTNAME}" != "vault" ] deploy -s ".#vault" -- $@
+[ "${HOSTNAME}" != "storage" ] && deploy -s ".#storage" -- $@
--- a/scripts/rebuild.sh
+++ b/scripts/rebuild.sh
@ -10,9 +10,5 @@ sudo ${BASH_SOURCE[0]} $@
 exit
 fi

-FIRST_ARG="${1:-switch}"
-
-shift
-
 sudo cpupower frequency-set -g performance
-nixos-rebuild --flake "${REPO_ROOT}#$(hostname)" ${FIRST_ARG} $@
+nixos-rebuild --flake "${REPO_ROOT}#$(hostname)" switch $@
--- a/scripts/update.sh
+++ b/scripts/update.sh
@ -3,6 +3,7 @@
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 REPO_ROOT="${SCRIPT_DIR}/.."
 cd $REPO_ROOT
+
 ./overlay/invidious/update.sh
 ./overlay/misskey/update.sh
-nix flake update
+nix flake update
				`@ -0,0 +1 @@`
				`{ pkgs, ... }: { home.packages = with pkgs; [ obsidian ]; }`