misskey, update postgres, buildbox initial work

2022-11-23 15:58:12 +00:00 · 2022-11-23 15:58:12 +00:00 · 78fb68b0c2
parent e71fb152db
commit 78fb68b0c2
29 changed files with 245 additions and 51 deletions
--- a/flake.lock
+++ b/flake.lock
@ -4,7 +4,7 @@
      "inputs": {
        "flake-compat": "flake-compat",
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs-fixed"
        ],
        "utils": "utils"
      },
@ -70,14 +70,52 @@
        "type": "github"
      }
    },
-    "gitlab_artifacts_sync": {
+    "flake-compat_4": {
      "flake": false,
      "locked": {
        "lastModified": 1650374568,
        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "gitlab_archiver": {
      "inputs": {
        "flake-compat": "flake-compat_2",
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs-fixed"
        ],
        "utils": "utils_2"
      },
      "locked": {
        "lastModified": 1661345778,
        "narHash": "sha256-uk42PBp5Xg25ebuoJkJ0oPHS+wvl+Rq6v2Dtq6cCoa4=",
        "owner": "ChaotiCryptidz",
        "repo": "gitlab_archiver",
        "rev": "99c3f50194acaed587d28cad9bab377bbd9ae3d1",
        "type": "gitlab"
      },
      "original": {
        "owner": "ChaotiCryptidz",
        "repo": "gitlab_archiver",
        "type": "gitlab"
      }
    },
    "gitlab_artifacts_sync": {
      "inputs": {
        "flake-compat": "flake-compat_3",
        "nixpkgs": [
          "nixpkgs-fixed"
        ],
        "utils": "utils_3"
      },
      "locked": {
        "lastModified": 1661347022,
        "narHash": "sha256-XJZnwi3bKI1tcmAIVHBHzniQjUW3uLHvsSMZwjukmc8=",
@ -97,14 +135,14 @@
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
-        "utils": "utils_3"
+        "utils": "utils_4"
      },
      "locked": {
-        "lastModified": 1668900402,
+        "lastModified": 1669071065,
-        "narHash": "sha256-IhVlueHoQNoN0SOHZIceKU3LyEL00g2ei0aUlaNypbQ=",
+        "narHash": "sha256-KBpgj3JkvlPsJ3duOZqFJe6tgr+wc75t8sFmgRbBSbw=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "c0f9cbcf93ca22e4f0ca66843be61a4bdf6f0a44",
+        "rev": "f7641a3ff398ccce952e19a199d775934e518c1d",
        "type": "github"
      },
      "original": {
@ -115,11 +153,11 @@
    },
    "musicutil": {
      "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs-fixed"
        ],
-        "utils": "utils_4"
+        "utils": "utils_5"
      },
      "locked": {
        "lastModified": 1666470518,
@ -135,13 +173,29 @@
        "type": "gitlab"
      }
    },
-    "nixpkgs-unstable": {
+    "nixpkgs-fixed": {
      "locked": {
-        "lastModified": 1668765800,
+        "lastModified": 1669052418,
-        "narHash": "sha256-rC40+/W6Hio7b/RsY8SvQPKNx4WqNcTgfYv8cUMAvJk=",
+        "narHash": "sha256-M1I4BKXBQm2gey1tScemEh5TpHHE3gKptL7BpWUvL8s=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739",
+        "rev": "20fc948445a6c22d4e8d5178e9a6bc6e1f5417c8",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "20fc948445a6c22d4e8d5178e9a6bc6e1f5417c8",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1669052418,
        "narHash": "sha256-M1I4BKXBQm2gey1tScemEh5TpHHE3gKptL7BpWUvL8s=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "20fc948445a6c22d4e8d5178e9a6bc6e1f5417c8",
        "type": "github"
      },
      "original": {
@ -153,11 +207,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1668947373,
+        "lastModified": 1669182177,
-        "narHash": "sha256-w23XqGmDtMKr7qKc2D6A6Rfo+7xYtbloPtPod+BopQk=",
+        "narHash": "sha256-U3Bp+pZN58lEqlk1hoTyCGUckFpZfXW2b14p1NGymyY=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "9ee49e01512c3ce211e8017f0ba592ef4695d777",
+        "rev": "6ccbe180fc646a7672cede9fa008fd30d744d0c8",
        "type": "github"
      },
      "original": {
@ -169,9 +223,11 @@
    "root": {
      "inputs": {
        "deploy-rs": "deploy-rs",
        "gitlab_archiver": "gitlab_archiver",
        "gitlab_artifacts_sync": "gitlab_artifacts_sync",
        "home-manager-unstable": "home-manager-unstable",
        "musicutil": "musicutil",
        "nixpkgs-fixed": "nixpkgs-fixed",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nur": "nur"
      }
@ -207,6 +263,21 @@
      }
    },
    "utils_3": {
      "locked": {
        "lastModified": 1659877975,
        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "utils_4": {
      "locked": {
        "lastModified": 1667395993,
        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -221,7 +292,7 @@
        "type": "github"
      }
    },
-    "utils_4": {
+    "utils_5": {
      "locked": {
        "lastModified": 1659877975,
        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
--- a/flake.nix
+++ b/flake.nix
@ -9,16 +9,22 @@
    #nix-darwin-unstable.url = "github:lnl7/nix-darwin/master";
    #nix-darwin-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
    # update whenever
    nixpkgs-fixed.url = "github:nixos/nixpkgs/?branch=nixos-unstable&rev=20fc948445a6c22d4e8d5178e9a6bc6e1f5417c8";
    nur.url = "github:nix-community/NUR";
    deploy-rs.url = "github:serokell/deploy-rs";
-    deploy-rs.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    deploy-rs.inputs.nixpkgs.follows = "nixpkgs-fixed";
    musicutil.url = "gitlab:ChaotiCryptidz/musicutil";
-    musicutil.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    musicutil.inputs.nixpkgs.follows = "nixpkgs-fixed";
    gitlab_archiver.url = "gitlab:ChaotiCryptidz/gitlab_archiver";
    gitlab_archiver.inputs.nixpkgs.follows = "nixpkgs-fixed";
    gitlab_artifacts_sync.url = "gitlab:ChaotiCryptidz/gitlab_artifacts_sync";
-    gitlab_artifacts_sync.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    gitlab_artifacts_sync.inputs.nixpkgs.follows = "nixpkgs-fixed";
  };
  outputs = { ... }@inputs: import ./outputs.nix inputs;
--- a/home/apps/obsidian.nix
+++ b/home/apps/obsidian.nix
@ -0,0 +1 @@
 { pkgs, ... }: { home.packages = with pkgs; [ obsidian ]; }
--- a/home/backup-apps.nix
+++ b/home/backup-apps.nix
@ -0,0 +1,5 @@
 {pkgs, ...}: {
  home.packages = with pkgs; [
    gitlab_archiver
  ];
 }
--- a/home/dev/all/extra.nix
+++ b/home/dev/all/extra.nix
@ -7,13 +7,8 @@
    tmux
    socat
    file
    elvish
    (pkgs.busybox.override {
      enableAppletSymlinks = false;
      extraConfig = ''
        CONFIG_INSTALL_APPLET_DONT y
        CONFIG_INSTALL_APPLET_SYMLINKS n
      '';
    })
  ];
 }
--- a/home/dev/all/network.nix
+++ b/home/dev/all/network.nix
@ -7,7 +7,6 @@
    dnsutils
    rsync
    openssh
    mosh
    nmap
  ];
 }
--- a/hosts/buildbox/buildbox.nix
+++ b/hosts/buildbox/buildbox.nix
@ -0,0 +1,25 @@
 { modulesPath, tree, config, pkgs, lib, ... }:
 let secrets-db = (import ./secrets-db.nix { });
 in {
  imports = with tree; [
    users.root
    profiles.base
    profiles.sshd
    profiles.nix-gc
    ./hardware.nix
    ./networking.nix
  ];
  home-manager.users.root = {
    imports = with tree; [ home.base home.dev.small ];
    home.stateVersion = "22.05";
  };
  networking.hostName = "buildbox";
  time.timeZone = "Europe/London";
  system.stateVersion = "22.05";
 }
--- a/hosts/buildbox/hardware.nix
+++ b/hosts/buildbox/hardware.nix
@ -0,0 +1,29 @@
 { config, lib, pkgs, modulesPath, ... }: {
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.initrd.availableKernelModules =
    [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
  boot.kernelModules = [ "kvm-amd" ];
  environment.etc."mdadm.conf".text = ''
    HOMEHOST <ignore>
  '';
  boot.initrd.services.swraid.mdadmConf  = config.environment.etc."mdadm.conf".text;
  fileSystems."/" = {
    device = "/dev/disk/by-label/root";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/boot";
    fsType = "ext4";
  };
  boot.loader.grub = {
    enable = true;
    efiSupport = false;
    version = 2;
    device = "nodev";
    devices = [ "/dev/sda" "/dev/sdb"];
  };
 }
--- a/hosts/buildbox/networking.nix
+++ b/hosts/buildbox/networking.nix
@ -0,0 +1,25 @@
 { ... }: {
  systemd.services.systemd-networkd-wait-online.enable = false;
  networking = {
    resolvconf.useLocalResolver = false;
    networkmanager.dns = "none";
  };
  networking.nameservers = [ "1.1.1.1" ];
  networking.firewall.enable = true;
  networking.firewall.allowPing = true;
  networking.firewall.allowedTCPPorts = [ 22 ];
  networking.enableIPv6 = true;
  networking.usePredictableInterfaceNames = false;
  networking.dhcpcd.enable = false;
  systemd.network = {
    enable = true;
    networks.eth0 = {
      name = "eth0";
      address = [ "144.76.97.18" ];
      gateway = [  "144.76.97.1" ];
    };
  };
 }
--- a/hosts/hetzner-vm/hetzner-vm.nix
+++ b/hosts/hetzner-vm/hetzner-vm.nix
@ -36,6 +36,6 @@
  networking.hostName = "hetzner-vm";
  time.timeZone = "Europe/London";
-  system.stateVersion = "21.11";
+  system.stateVersion = "22.05";
 }
--- a/hosts/hetzner-vm/profiles/invidious.nix
+++ b/hosts/hetzner-vm/profiles/invidious.nix
@ -3,8 +3,6 @@ let ports = (import ../ports.nix { });
 in {
  services.invidious = {
    enable = true;
    #package =
    #  inputs.nixpkgs-stable.outputs.legacyPackages.${pkgs.system}.invidious;
    port = ports.invidious;
    settings = {
      full_refresh = true;
@ -38,7 +36,7 @@ in {
  systemd.services.invidious.serviceConfig = {
    Restart = "always";
-    RuntimeMaxSec = "4800";
+    RuntimeMaxSec = "${toString (60*60*2)}";
  };
  services.nginx.virtualHosts."invidious.owo.monster" = {
--- a/hosts/hetzner-vm/profiles/mailserver.nix
+++ b/hosts/hetzner-vm/profiles/mailserver.nix
@ -23,6 +23,13 @@ in {
        ];
        sieveScript = null;
      };
      "misskey@owo.monster" = {
        name = "misskey@owo.monster";
        passwordFile = "${secrets.misskey_mail_passwd.path}";
        aliases = [];
        sieveScript = null;
      };
    };
  };
 }
--- a/hosts/hetzner-vm/profiles/misskey.nix
+++ b/hosts/hetzner-vm/profiles/misskey.nix
@ -36,6 +36,9 @@ let
      host = "127.0.0.1";
      port = ports.misskey-redis;
    };
    clusterLimit = 4;
    outgoingAddressFamily = "dual";
  };
  misskeyConfigFile = builtins.toFile "default.yml"
@ -60,12 +63,14 @@ in {
    serviceConfig.Type = "oneshot";
    wantedBy = [ "misskey.service" ];
    after = [ "home-manager-misskey.service" "network.target" ];
-    path = with pkgs; [ bash git ] ++ misskeyPackages;
+    path = with pkgs; [ bash git rsync ] ++ misskeyPackages;
    reloadTriggers = [ misskeyPackage misskeyConfigFile ];
    script = ''
-      rm -rf /home/misskey/misskey || true
+      #rm -rf /home/misskey/misskey || true
-      cp -rv ${misskeyPackage} /home/misskey/misskey
+      mkdir -p /home/misskey/misskey || true
      rsync -avh ${misskeyPackage}/ /home/misskey/misskey/ --delete --exclude node_modules
      #cp -rv ${misskeyPackage} /home/misskey/misskey
      rm -rf /home/misskey/misskey/.config
      mkdir /home/misskey/misskey/.config
@ -85,6 +90,7 @@ in {
    serviceConfig.Type = "oneshot";
    wantedBy = [ "misskey.service" ];
    wants = [ "postgresql.service" ];
    after = [ "postgresql.service" ];
    script = ''
      ${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';"
    '';
--- a/hosts/hetzner-vm/profiles/restic.nix
+++ b/hosts/hetzner-vm/profiles/restic.nix
@ -53,7 +53,7 @@ in {
  services.postgresqlBackup = {
    enable = true;
-    backupAll = true;
+    backupAll = false;
    compression = "zstd";
  };
 }
--- a/hosts/hetzner-vm/secrets.nix
+++ b/hosts/hetzner-vm/secrets.nix
@ -33,6 +33,14 @@
          htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
        '';
      };
      misskey_mail_passwd = {
        user = "dovecot2";
        group = "dovecot2";
        fetchScript = ''
          password=$(simple_get "/api-keys/chaos_mail/misskey" .password)
          htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
        '';
      };
      gitlab_env = {
        user = "gitlab_artifacts_sync";
        group = "gitlab_artifacts_sync";
--- a/hosts/storage/storage.nix
+++ b/hosts/storage/storage.nix
@ -83,6 +83,6 @@ in {
  networking.hostName = "storage";
  time.timeZone = "Europe/London";
-  system.stateVersion = "21.11";
+  system.stateVersion = "22.05";
 }
--- a/hosts/tablet/profiles/wireguard.nix
+++ b/hosts/tablet/profiles/wireguard.nix
@ -5,6 +5,7 @@ in {
  networking.firewall.trustedInterfaces = [ "wg0" ];
  networking.wg-quick.interfaces = {
    wg0 = {
      autostart = false;
      address = [ "10.69.42.2/32" ];
      privateKeyFile = "${secrets.wg_priv.path}";
--- a/hosts/tablet/tablet.nix
+++ b/hosts/tablet/tablet.nix
@ -23,6 +23,7 @@
      home.base
      home.dev.all
      home.home-folders
      home.backup-apps
      home.programming.editors.vscode
      home.programming.languages.rust
@ -39,6 +40,6 @@
  networking.hostName = "tablet";
  time.timeZone = "Europe/London";
-  system.stateVersion = "21.11";
+  system.stateVersion = "22.05";
 }
--- a/hosts/vault/vault.nix
+++ b/hosts/vault/vault.nix
@ -64,6 +64,6 @@ in {
  networking.hostName = "vault";
  time.timeZone = "Europe/London";
-  system.stateVersion = "21.11";
+  system.stateVersion = "22.05";
 }
--- a/overlay/invidious/update.sh
+++ b/overlay/invidious/update.sh
@ -51,7 +51,7 @@ fi
 json_set '.invidious.version' "$new_version"
 json_set '.invidious.rev' "$new_rev"
-new_sha256=$(nix-prefetch -I 'nixpkgs=<nixpkgs>' "$pkg")
+new_sha256=$(nix-prefetch fetchFromGitHub --owner iv-org --repo invidious --rev "$new_rev")
 json_set '.invidious.sha256' "$new_sha256"
 commit_msg="$pkg: $old_version -> $new_version"
--- a/overlay/invidious/versions.json
+++ b/overlay/invidious/versions.json
@ -4,9 +4,9 @@
    "sha256": "sha256-EU6T9yQCdOLx98Io8o01rEsgxDFF/Xoy42LgPopD2/A="
  },
  "invidious": {
-    "rev": "516efd2df3f7d242c2d1df416053b4991a554116",
+    "rev": "5160d8bae39dc5cc5d51abee90571a03c08d0f2b",
    "sha256": "sha256-0Cb1Qsn6vnrzd4pZm1GZxlVQNn5dYKUR/xWMCG37GSk=",
-    "version": "unstable-2022-11-17"
+    "version": "unstable-2022-11-22"
  },
  "lsquic": {
    "sha256": "sha256-hG8cUvhbCNeMOsKkaJlgGpzUrIx47E/WhmPIdI5F3qM=",
--- a/overlay/misskey/copy-link-non-monospace.patch
+++ b/overlay/misskey/copy-link-non-monospace.patch
@ -0,0 +1,13 @@
 diff --git a/packages/client/src/scripts/copy-to-clipboard.ts b/packages/client/src/scripts/copy-to-clipboard.ts
 index ab13cab..3a7cb2b 100644
 --- a/packages/client/src/scripts/copy-to-clipboard.ts
 +++ b/packages/client/src/scripts/copy-to-clipboard.ts
@@ -5,7 +5,7 @@ export default val => {
 	// 空div 生成
 	const tmp = document.createElement('div');
 	// 選択用のタグ生成
 -	const pre = document.createElement('pre');
 +	const pre = document.createElement('p');
 	// 親要素のCSSで user-select: none だとコピーできないので書き換える
 	pre.style.webkitUserSelect = 'auto';
--- a/overlay/misskey/default.nix
+++ b/overlay/misskey/default.nix
@ -15,6 +15,9 @@ in stdenv.mkDerivation {
  pname = "misskey";
  inherit version src;
  # some of my own personal patches
  patches = [ ./copy-link-non-monospace.patch ];
  installPhase = ''
    cp -r $src $out
  '';
--- a/presets/nixos/desktop.nix
+++ b/presets/nixos/desktop.nix
@ -23,6 +23,7 @@
      home.apps.telegram
      home.apps.quassel
      home.apps.obsidian
      home.apps.strawberry
      home.apps.nicotine-plus
      home.apps.musicutil
--- a/profiles/base/nix.nix
+++ b/profiles/base/nix.nix
@ -13,6 +13,7 @@
      (import ../../overlay)
      inputs.musicutil.overlay
      inputs.gitlab_artifacts_sync.overlay
      inputs.gitlab_archiver.overlay
      inputs.deploy-rs.overlay
    ];
  };
--- a/profiles/sshd/sshd.nix
+++ b/profiles/sshd/sshd.nix
@ -10,5 +10,4 @@
      LogLevel VERBOSE
    '';
  };
  programs.mosh.enable = true;
 }
--- a/scripts/deploy-all.sh
+++ b/scripts/deploy-all.sh
@ -6,6 +6,9 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 REPO_ROOT="${SCRIPT_DIR}/.."
 cd $REPO_ROOT
-deploy -s ".#hetzner-vm"
+HOSTNAME=$(hostname)
-deploy -s ".#vault"
+
-deploy -s ".#storage"
+./scripts/rebuild.sh $@
 [ "${HOSTNAME}" != "hetzner-vm" ] && deploy -s ".#hetzner-vm" -- $@
 [ "${HOSTNAME}" != "vault" ] deploy -s ".#vault" -- $@
 [ "${HOSTNAME}" != "storage" ] && deploy -s ".#storage" -- $@
--- a/scripts/rebuild.sh
+++ b/scripts/rebuild.sh
@ -10,9 +10,5 @@ sudo ${BASH_SOURCE[0]} $@
 exit
 fi
 FIRST_ARG="${1:-switch}"
 shift
 sudo cpupower frequency-set -g performance
-nixos-rebuild --flake "${REPO_ROOT}#$(hostname)" ${FIRST_ARG} $@
+nixos-rebuild --flake "${REPO_ROOT}#$(hostname)" switch $@
--- a/scripts/update.sh
+++ b/scripts/update.sh
@ -3,6 +3,7 @@
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 REPO_ROOT="${SCRIPT_DIR}/.."
 cd $REPO_ROOT
 ./overlay/invidious/update.sh
 ./overlay/misskey/update.sh
-nix flake update
+nix flake update
		`@ -0,0 +1 @@`
							`{ pkgs, ... }: { home.packages = with pkgs; [ obsidian ]; }`