updates & move piped packages&module to its own flake

flake.lock

@@ -13,11 +13,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1686747123,
-        "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
+        "lastModified": 1694158470,
+        "narHash": "sha256-yWx9eBDHt6WR3gr65+J85KreHdMypty/P6yM35tIYYM=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
+        "rev": "d0cfc042eba92eb206611c9e8784d41a2c053bab",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1693523992,
-        "narHash": "sha256-I2wtOLO6k1oAYx6V7qZZjELvPpk0ynY+dHFhyt8BieE=",
+        "lastModified": 1694166985,
+        "narHash": "sha256-8tVqDfKfZ4vbOV5i+E2xWhiNAQVJhaI6shx3e0925S8=",
         "owner": "ChaotiCryptidz",
         "repo": "gitlab_archiver",
-        "rev": "12fc4d1be08870134c58c4dec7e6ac1605d83c12",
+        "rev": "4aac975a7cc375084c7f9eb4bc60a1c0948c1c28",
         "type": "gitlab"
       },
       "original": {
@@ -99,11 +99,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1693524103,
-        "narHash": "sha256-FjrSp0Nr/4t/z1ABX90S1EHEPqmNWhx5/RGodX5TBMA=",
+        "lastModified": 1694166776,
+        "narHash": "sha256-wMTnkW98Fx/BpRpSABf9b0PlruVnzd4m3zEQaopE2+o=",
         "owner": "ChaotiCryptidz",
         "repo": "gitlab_artifacts_sync",
-        "rev": "affa1e00a30ce3f5880a8bfd4e2ae30bda4a93a8",
+        "rev": "09a5988927a3493585357f5d61abdce3a9e4da17",
         "type": "gitlab"
       },
       "original": {
@@ -119,11 +119,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1693399033,
-        "narHash": "sha256-yXhiMo8MnE86sGtPIHAKaLHhmhe8v9tqGGotlUgKJvY=",
+        "lastModified": 1694134858,
+        "narHash": "sha256-fG/ESauOGmiojKlpJG8gB62dJa5Wd+ZIuiDMKK/HD3g=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f5c15668f9842dd4d5430787d6aa8a28a07f7c10",
+        "rev": "19c6a4081b14443420358262f8416149bd79561a",
         "type": "github"
       },
       "original": {
@@ -145,11 +145,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1693522376,
-        "narHash": "sha256-xufWyWSV7k31C3xm5cClyKczPG9w+2VGFgejSf7qTIo=",
+        "lastModified": 1694166910,
+        "narHash": "sha256-6Vxz6H4H3bfl1PUCeHTmIKg96PHwJEzkE7XRN09y5nM=",
         "owner": "ChaotiCryptidz",
         "repo": "musicutil",
-        "rev": "190f47d6efeb4b1b884ef437f0dbdd801c4e50dd",
+        "rev": "7580e1fd0164e414a11e03c1037b37722160df25",
         "type": "gitlab"
       },
       "original": {
@@ -160,11 +160,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1693377291,
-        "narHash": "sha256-vYGY9bnqEeIncNarDZYhm6KdLKgXMS+HA2mTRaWEc80=",
+        "lastModified": 1693985761,
+        "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "e7f38be3775bab9659575f192ece011c033655f0",
+        "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
         "type": "github"
       },
       "original": {
@@ -176,11 +176,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1693508393,
-        "narHash": "sha256-FagQkHWoo91Lm0oT2wMPHqVIg6/RGeJg5M/sL2glg90=",
+        "lastModified": 1694166358,
+        "narHash": "sha256-ePuCkwXgEIb7BbpjiEDQ49UVJDaT3G40qytcOOhiC3U=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "2193de091ecd925af783069b8393a80cd6cc8a29",
+        "rev": "fb92b60e2b104df0f963e146399f5303770dee01",
         "type": "github"
       },
       "original": {
@@ -189,6 +189,32 @@
         "type": "github"
       }
     },
+    "piped-flake": {
+      "inputs": {
+        "flake-compat": [
+          "flake-compat"
+        ],
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ],
+        "utils": [
+          "flake-utils"
+        ]
+      },
+      "locked": {
+        "lastModified": 1694170901,
+        "narHash": "sha256-l8dxhEVgnJQafO0FNyaxYFYDTRJ6VgLZgeE7dR7iNh4=",
+        "owner": "ChaotiCryptidz",
+        "repo": "piped-flake",
+        "rev": "e42f4c212b0ac1d52bae108d53d37cf1d26908dd",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "ChaotiCryptidz",
+        "repo": "piped-flake",
+        "type": "gitlab"
+      }
+    },
     "root": {
       "inputs": {
         "deploy-rs": "deploy-rs",
@@ -200,6 +226,7 @@
         "musicutil": "musicutil",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nur": "nur",
+        "piped-flake": "piped-flake",
         "tree-input": "tree-input"
       }
     },

flake.nix

@@ -42,6 +42,11 @@
     gitlab_artifacts_sync.inputs.nixpkgs.follows = "nixpkgs-unstable";
     gitlab_artifacts_sync.inputs.utils.follows = "flake-utils";
     gitlab_artifacts_sync.inputs.flake-compat.follows = "flake-compat";
+
+    piped-flake.url = "gitlab:ChaotiCryptidz/piped-flake";
+    piped-flake.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    piped-flake.inputs.utils.follows = "flake-utils";
+    piped-flake.inputs.flake-compat.follows = "flake-compat";
   };
 
   outputs = {...} @ inputs: import ./outputs.nix inputs;

hosts/hetzner-vm/containers/piped/modules/piped/backend.nix

@@ -1,138 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cfg = config.services.piped;
-
-  backend_config =
-    {
-      PORT = cfg.internalBackendPort;
-      HTTP_WORKERS = cfg.httpWorkers;
-      PROXY_PART = "https://${cfg.proxyDomain}";
-      API_URL = "https://${cfg.backendDomain}";
-      FRONTEND_URL = "https://${cfg.frontendDomain}";
-      DISABLE_REGISTRATION = cfg.disableRegistrations;
-      COMPROMISED_PASSWORD_CHECK = cfg.enableCompromisedPasswordCheck;
-      FEED_RETENTION = cfg.feedRetentionDays;
-      SUBSCRIPTIONS_EXPIRY = cfg.subscriptionRetentionDays;
-      SPONSORBLOCK_SERVERS = concatStringsSep "," cfg.sponsorblockServers;
-      DISABLE_RYD = cfg.disableRYD;
-      DISABLE_LBRY = cfg.disableLBRYStreams;
-      RYD_PROXY_URL = cfg.rydAPIURL;
-      SENTRY_DSN = cfg.sentryDSN;
-      "hibernate.connection.url" = "jdbc:postgresql://${cfg.postgresHost}:${toString cfg.postgresPort}/${cfg.postgresDB}";
-      "hibernate.connection.driver_class" = "org.postgresql.Driver";
-      "hibernate.dialect" = "org.hibernate.dialect.PostgreSQLDialect";
-      "hibernate.connection.username" = "${cfg.postgresUsername}";
-      "hibernate.connection.password" =
-        if cfg.postgresPasswordFile == null
-        then cfg.postgresPassword
-        else "POSTGRES_PASSWORD";
-    }
-    // (optionalAttrs cfg.enableCaptcha {
-      CAPTCHA_API_URL = cfg.captchaAPIURL;
-      # This is substituted in the PreStart of piped-backend.service
-      CAPTCHA_API_KEY =
-        if cfg.captchaAPIKeyFile != ""
-        then "CAPTCHA_API_KEY_FILE"
-        else cfg.captchaAPIKey;
-    })
-    // (optionalAttrs cfg.enableFederation {
-      MATRIX_SERVER = cfg.matrixServerAddr;
-      # also substituted
-      MATRIX_TOKEN =
-        if cfg.matrixTokenFile != ""
-        then "MATRIX_TOKEN_FILE"
-        else cfg.matrixToken;
-    });
-
-  cfgToString = v:
-    if builtins.isBool v
-    then boolToString v
-    else toString v;
-  backend_config_file =
-    pkgs.writeText "config.properties"
-    (concatStringsSep "\n"
-      (mapAttrsToList (n: v: "${n}:${cfgToString v}") backend_config));
-in {
-  config = lib.mkIf (cfg.enable && !cfg.disableBackend) {
-    systemd.tmpfiles.rules = ["d /run/piped-backend - piped piped"];
-
-    systemd.services.piped-backend = {
-      wantedBy = ["multi-user.target"];
-      serviceConfig = {
-        WorkingDirectory = "/run/piped-backend";
-        ExecStartPre = let
-          confFile = "/run/piped-backend/config.properties";
-        in "${pkgs.writeShellScript "piped-backend-init" ''
-          [ -f "${confFile}" ] && rm ${confFile}
-          cp ${backend_config_file} ${confFile}
-          chmod 660 ${confFile}
-          ${optionalString (cfg.enableCaptcha && cfg.captchaAPIKeyFile != "") ''
-            sed -i "s/CAPTCHA_API_KEY_FILE/$(cat ${cfg.captchaAPIKeyFile} | sed "s#/#\\\/#")/" ${confFile}
-          ''}
-          ${optionalString
-            (cfg.enableFederation && cfg.matrixTokenFile != "") ''
-              sed -i "s/MATRIX_TOKEN_FILE/$(cat ${cfg.matrixTokenFile} | sed "s#/#\\\/#")/" ${confFile}
-            ''}
-          ${optionalString
-            (cfg.postgresPasswordFile != null) ''
-              sed -i "s/POSTGRES_PASSWORD/$(cat ${cfg.postgresPasswordFile} | sed "s#/#\\\/#")/" ${confFile}
-            ''}
-        ''}";
-        ExecStart = "${pkgs.piped-backend}/bin/piped-backend";
-
-        RestartSec = "5s";
-        User = "piped";
-
-        CapabilityBoundingSet = "";
-        PrivateDevices = true;
-        PrivateUsers = true;
-        ProtectHome = true;
-        ProtectKernelLogs = true;
-        ProtectProc = "invisible";
-        RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"];
-        RestrictNamespaces = true;
-        SystemCallArchitectures = "native";
-        SystemCallFilter = ["@system-service" "~@privileged" "~@resources"];
-      };
-    };
-
-    systemd.services.piped-password = lib.mkIf (!cfg.disablePostgres) {
-      serviceConfig.Type = "oneshot";
-      wantedBy = ["piped-backend.service"];
-      wants = ["postgresql.service"];
-      after = ["postgresql.service"];
-      script = ''
-        ${pkgs.postgresql}/bin/psql -c "ALTER USER piped WITH PASSWORD '${
-          if cfg.postgresPasswordFile != null
-          then "$(cat ${cfg.postgresPasswordFile} | sed \"s#'#\\\'#\")"
-          else cfg.postgresPassword
-        }';"
-      '';
-      serviceConfig.User = "postgres";
-    };
-
-    services.postgresql = lib.mkIf (!cfg.disablePostgres) {
-      enable = true;
-      ensureUsers = [
-        {
-          name = "piped";
-          ensurePermissions."DATABASE piped" = "ALL PRIVILEGES";
-        }
-      ];
-      ensureDatabases = ["piped"];
-    };
-
-    services.nginx.virtualHosts."${cfg.backendDomain}" = lib.mkIf (!cfg.disableNginx) {
-      forceSSL = cfg.nginxForceSSL;
-      enableACME = cfg.nginxEnableACME;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString cfg.internalBackendPort}";
-      };
-    };
-  };
-}

hosts/hetzner-vm/containers/piped/modules/piped/default.nix

@@ -1,265 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.services.piped;
-in {
-  options.services.piped = {
-    enable = mkEnableOption "piped";
-
-    frontendDomain = mkOption {type = types.str;};
-    backendDomain = mkOption {
-      type = types.nullOr types.str;
-      default = null;
-      description = "Set to null to use project default backend";
-    };
-    proxyDomain = mkOption {type = types.str;};
-    #rydProxyDomain = mkOption { type = types.str; };
-
-    disableNginx = mkOption {
-      type = types.bool;
-      default = false;
-    };
-
-    nginxForceSSL = mkOption {
-      type = types.bool;
-      default = false;
-    };
-    nginxEnableACME = mkOption {
-      type = types.bool;
-      default = false;
-    };
-
-    disableFrontend = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Don't host frontend";
-    };
-
-    disableBackend = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Don't host backend";
-    };
-
-    disableProxy = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Don't host proxy";
-    };
-
-    disablePostgres = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Manually configure postgres instead";
-    };
-
-    postgresHost = mkOption {
-      type = types.str;
-      default = "127.0.0.1";
-      description = "Host postgres is on";
-    };
-
-    postgresPort = mkOption {
-      type = types.number;
-      default = 5432;
-      description = "Port postgres is on";
-    };
-
-    postgresDB = mkOption {
-      type = types.str;
-      default = "piped";
-      description = "Database name for piped";
-    };
-
-    postgresUsername = mkOption {
-      type = types.str;
-      default = "piped";
-      description = "Host postgres is on";
-    };
-
-    postgresPassword = mkOption {
-      type = types.str;
-      default = "password";
-      description = "Password to use for postgres";
-    };
-
-    postgresPasswordFile = mkOption {
-      type = types.nullOr types.str;
-      default = null;
-      description = "Password file to use for postgres, loaded at runtime";
-    };
-
-    proxyIPv4Only = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Only use IPv4 querying youtube's servers for proxy";
-    };
-
-    proxyNginxExtraConfig = mkOption {
-      type = types.lines;
-      default = ''
-        proxy_buffering on;
-        proxy_buffers 1024 16k;
-        proxy_set_header X-Forwarded-For "";
-        proxy_set_header CF-Connecting-IP "";
-        proxy_hide_header "alt-svc";
-        sendfile on;
-        sendfile_max_chunk 512k;
-        tcp_nopush on;
-        aio threads=default;
-        aio_write on;
-        directio 16m;
-        proxy_hide_header Cache-Control;
-        proxy_hide_header etag;
-        proxy_http_version 1.1;
-        proxy_set_header Connection keep-alive;
-        proxy_max_temp_file_size 32m;
-        access_log off;
-      '';
-      description = "Extra config for nginx on piped-proxy";
-    };
-
-    httpWorkers = mkOption {
-      type = types.number;
-      default = 2;
-      description = "Number of workers for HTTP backend tasks";
-    };
-
-    feedRetentionDays = mkOption {
-      type = types.number;
-      default = 30;
-      description = "Days feed is stored for";
-    };
-
-    subscriptionRetentionDays = mkOption {
-      type = types.number;
-      default = 30;
-      description = "Days subscriptions are stored for unauthenticated users";
-    };
-
-    sponsorblockServers = mkOption {
-      type = types.listOf types.str;
-      default = ["https://sponsor.ajay.app" "https://sponsorblock.kavin.rocks"];
-      description = "Days subscriptions are stored for unauthenticated users";
-    };
-
-    disableRegistrations = mkOption {
-      type = types.bool;
-      default = true;
-      description = "Disable user registrations";
-    };
-
-    disableLBRYStreams = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Disable showing streams provided by LBRY Youtube Partnership";
-    };
-
-    enableCompromisedPasswordCheck = mkOption {
-      type = types.bool;
-      default = true;
-      description = "Use the haveibeenpwned API to check if user password have been compromised";
-    };
-
-    enableCaptcha = mkOption {
-      type = types.bool;
-      default = true;
-      description = "Enable captcha for registrations";
-    };
-
-    sentryDSN = mkOption {
-      type = types.str;
-      default = "";
-      description = "Public DSN for sentry error reporting";
-    };
-
-    captchaAPIURL = mkOption {
-      type = types.str;
-      default = "";
-      description = "API URL for Captcha";
-    };
-
-    # TODO: Key & KeyFile should be only one or the other used
-
-    captchaAPIKey = mkOption {
-      type = types.str;
-      default = "";
-      description = "API Key for Captcha";
-    };
-
-    captchaAPIKeyFile = mkOption {
-      type = types.str;
-      default = "";
-      description = "API Key File for Captcha";
-    };
-
-    # TODO: run this, requires a go app and Tor server for proxy
-    #enableRYDServer = mkOption {
-    #  type = types.bool;
-    #  default = true;
-    #  description = "Run a RYD Proxy Server to use";
-    #};
-
-    disableRYD = mkOption {
-      type = types.bool;
-      #default = if cfg.enableRYDServer then false else true;
-      default = false;
-      description = "Disables querying a Return YouTube Dislike server";
-    };
-
-    rydAPIURL = mkOption {
-      type = types.str;
-      #default = if cfg.enableRYDServer then cfg.rydProxyDomain else "https://ryd-proxy.kavin.rocks";
-      default = "https://ryd-proxy.kavin.rocks";
-      description = "API URL for a Return YouTube Dislike server";
-    };
-
-    # for Piped's Federation Shenanigan
-    # https://github.com/TeamPiped/piped-federation#how-to-join
-    enableFederation = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Enable federation of something";
-    };
-
-    matrixServerAddr = mkOption {
-      type = types.str;
-      default = "";
-      description = "Matrix server address for federation";
-    };
-
-    # TODO: make so only one of these options can be used
-    matrixToken = mkOption {
-      type = types.str;
-      default = "";
-      description = "Matrix access token";
-    };
-
-    matrixTokenFile = mkOption {
-      type = types.str;
-      default = "";
-      description = "Matrix access token file";
-    };
-
-    internalBackendPort = mkOption {
-      type = types.number;
-      default = 3001;
-    };
-
-    internalProxyPort = mkOption {
-      type = types.number;
-      default = 3002;
-    };
-  };
-
-  config = mkIf (cfg.enable && (!cfg.disableBackend || !cfg.disableProxy)) {
-    users.users."piped" = {
-      isSystemUser = true;
-      group = "piped";
-    };
-    users.groups.piped = {};
-  };
-}

hosts/hetzner-vm/containers/piped/modules/piped/frontend.nix

@@ -1,27 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cfg = config.services.piped;
-  frontend-package =
-    pkgs.piped-frontend.override {backendDomain = cfg.backendDomain;};
-in {
-  config = mkIf (cfg.enable && !cfg.disableFrontend && !cfg.disableNginx) {
-    # https://github.com/TeamPiped/Piped/blob/master/docker/nginx.conf
-    services.nginx.virtualHosts."${cfg.frontendDomain}" = {
-      forceSSL = cfg.nginxForceSSL;
-      enableACME = cfg.nginxEnableACME;
-      locations."/" = {
-        root = "${frontend-package}/share/piped-frontend";
-        index = "index.html index.htm";
-      };
-      # I have no idea why try_files for Single Page Apps doesn't work here
-      extraConfig = ''
-        error_page 404 =200 /index.html;
-      '';
-    };
-  };
-}

hosts/hetzner-vm/containers/piped/modules/piped/nginx.nix

@@ -1,11 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.services.piped;
-in {
-  config = lib.mkIf (cfg.enable && !cfg.disableNginx) {
-    services.nginx.enable = true;
-  };
-}

hosts/hetzner-vm/containers/piped/modules/piped/proxy.nix

@@ -1,55 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cfg = config.services.piped;
-in {
-  config = mkIf (cfg.enable && !cfg.disableProxy) {
-    systemd.services.piped-proxy = {
-      wantedBy = ["multi-user.target"];
-      environment.BIND = "0.0.0.0:${toString cfg.internalProxyPort}";
-      environment.IPV4_ONLY = mkIf cfg.proxyIPv4Only "1";
-      serviceConfig = {
-        ExecStart = "${pkgs.piped-proxy}/bin/piped-proxy";
-
-        RestartSec = "5s";
-        User = "piped";
-
-        CapabilityBoundingSet = "";
-        PrivateDevices = true;
-        PrivateUsers = true;
-        ProtectHome = true;
-        ProtectKernelLogs = true;
-        ProtectProc = "invisible";
-        RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"];
-        RestrictNamespaces = true;
-        SystemCallArchitectures = "native";
-        SystemCallFilter = ["@system-service" "~@privileged" "~@resources"];
-      };
-    };
-
-    services.nginx.virtualHosts."${cfg.proxyDomain}" = lib.mkIf (!cfg.disableNginx) {
-      forceSSL = cfg.nginxForceSSL;
-      enableACME = cfg.nginxEnableACME;
-      locations."/" = {
-        proxyPass = "http://localhost:${toString cfg.internalProxyPort}";
-        extraConfig =
-          cfg.proxyNginxExtraConfig
-          + ''
-            add_header Cache-Control "public, max-age=604800";
-          '';
-      };
-      locations."~ (/videoplayback|/api/v4/|/api/manifest/)" = {
-        proxyPass = "http://localhost:${toString cfg.internalProxyPort}";
-        extraConfig =
-          cfg.proxyNginxExtraConfig
-          + ''
-            add_header Cache-Control private always;
-          '';
-      };
-    };
-  };
-}

hosts/hetzner-vm/containers/piped/piped.nix

@@ -24,11 +24,6 @@
     component: "/var/lib/nixos-containers/${containerName}/var/sockets/piped-${component}.sock"
   );
 in {
-  imports = with tree; [
-    # needed so can get nginx defaults for proxy
-    hosts.hetzner-vm.containers.piped.modules.piped
-  ];
-
   containers.piped = {
     autoStart = true;
     privateNetwork = true;
@@ -59,14 +54,14 @@ in {
           inputs.home-manager-unstable.nixosModules.home-manager
 
           profiles.sshd
-          #profiles.nginx
+          profiles.nginx
 
           modules.nixos.secrets
+          inputs.piped-flake.nixosModules.default
 
           users.root
         ]
         ++ (with hosts.hetzner-vm.containers.piped; [
-          modules.piped
           profiles.piped
           profiles.restic
         ]);

hosts/nixos.nix

@@ -27,11 +27,14 @@
   defaultModules = [
     # NO_INLINE
     tree.profiles.base
+
     inputs.home-manager-unstable.nixosModules.home-manager
-    inputs.gitlab_artifacts_sync.nixosModule
 
     inputs.nur.nixosModules.nur
 
+    inputs.gitlab_artifacts_sync.nixosModules.default
+    inputs.piped-flake.nixosModules.default
+
     tree.modules.nixos.rclone-serve
     tree.modules.nixos.rclone-sync
     tree.modules.nixos.secrets

outputs.nix

@@ -56,7 +56,6 @@ in
 
     packages = {
       inherit (pkgs) comic-code comic-sans;
-      inherit (pkgs) piped-frontend piped-backend piped-proxy;
       inherit (pkgs) mk-enc-usb mk-normal-enc-ssd mk-dual-enc-ssd;
       inherit (pkgs) gotosocial;
     };

overlay/default.nix

@@ -7,13 +7,6 @@ final: prev: {
   roc-toolkit-patched = final.callPackage ./roc-toolkit-patched {};
   roc-send-pcm = final.callPackage ./roc-send-pcm {};
 
-  piped-backend = final.callPackage ./piped/backend {
-    jre = final.openjdk19_headless;
-    jdk = final.openjdk19;
-  };
-  piped-frontend = final.callPackage ./piped/frontend {};
-  piped-proxy = final.callPackage ./piped/proxy {};
-
   mk-enc-usb = final.callPackage ../extras/mk-enc-usb.nix {};
   mk-normal-enc-ssd = final.callPackage ../extras/mk-normal-enc-ssd.nix {};
   mk-dual-enc-ssd = final.callPackage ../extras/mk-dual-enc-ssd.nix {};

overlay/piped/backend/default.nix

@@ -1,84 +0,0 @@
-{
-  stdenv,
-  runtimeShell,
-  fetchFromGitHub,
-  jdk,
-  jre,
-  gradle,
-  perl,
-  writeText,
-  callPackage,
-}: let
-  meta = builtins.fromJSON (builtins.readFile ../meta.json);
-
-  deps =
-    callPackage ./deps.nix {inherit stdenv fetchFromGitHub jdk gradle perl;};
-
-  gradleInit = writeText "init.gradle" ''
-    logger.lifecycle 'Replacing Maven repositories with ${deps}...'
-    gradle.projectsLoaded {
-      rootProject.allprojects {
-        buildscript {
-          repositories {
-            clear()
-            maven { url '${deps}' }
-          }
-        }
-        repositories {
-          clear()
-          maven { url '${deps}' }
-        }
-      }
-    }
-    settingsEvaluated { settings ->
-      settings.pluginManagement {
-        repositories {
-          maven { url '${deps}' }
-        }
-      }
-    }
-  '';
-in
-  stdenv.mkDerivation rec {
-    pname = "piped-backend";
-    version = "latest-${meta.backend.rev}";
-
-    src = fetchFromGitHub {
-      owner = "TeamPiped";
-      repo = "Piped-Backend";
-      rev = "${meta.backend.rev}";
-      sha256 = "${meta.backend.sha256}";
-    };
-
-    nativeBuildInputs = [gradle jdk];
-
-    buildPhase = ''
-      runHook preBuild
-
-      export JAVA_HOME=${jdk}
-      export GRADLE_USER_HOME=$(mktemp -d)
-
-      gradle -P org.gradle.java.installations.fromEnv=JAVA_HOME --offline --init-script ${gradleInit} shadowJar
-
-      runHook postBuild
-    '';
-
-    installPhase = ''
-      runHook preInstall
-
-      ls -R build
-
-      mkdir -p "$out/share/piped-backend"
-      cp build/libs/piped-1.0-all.jar "$out/share/piped-backend"
-
-      mkdir -p "$out/bin"
-      cat  <<EOF >$out/bin/piped-backend
-      #!${runtimeShell}
-      export JAVA_HOME=${jre}
-      exec ${jre}/bin/java -jar "$out/share/piped-backend/piped-1.0-all.jar" "\$@"
-      EOF
-      chmod a+x "$out/bin/piped-backend"
-
-      runHook postInstall
-    '';
-  }

overlay/piped/backend/deps.nix

@@ -1,60 +0,0 @@
-{
-  lib,
-  stdenv,
-  fetchFromGitHub,
-  fetchurl,
-  gradle,
-  jdk,
-  perl,
-}: let
-  meta = builtins.fromJSON (builtins.readFile ../meta.json);
-
-  extraDeps = [
-    {
-      filename = "okio-3.2.0.jar";
-      path = "com/squareup/okio/okio/3.2.0";
-      url = "https://repo1.maven.org/maven2/com/squareup/okio/okio/3.2.0/okio-3.2.0.jar";
-      sha256 = "sha256-3KkyyyAptsniZ3D4fbCLFNSB/+gTGlnzaaI4XBG+Ti0=";
-    }
-  ];
-in
-  stdenv.mkDerivation {
-    pname = "piped-backend-deps";
-    version = "latest-${meta.backend.rev}";
-
-    src = fetchFromGitHub {
-      owner = "TeamPiped";
-      repo = "Piped-Backend";
-      rev = "${meta.backend.rev}";
-      sha256 = "${meta.backend.sha256}";
-    };
-
-    nativeBuildInputs = [gradle jdk perl];
-
-    buildPhase = ''
-      export JAVA_HOME=${jdk}
-      export GRADLE_USER_HOME=$(mktemp -d);
-      gradle -P org.gradle.java.installations.fromEnv=JAVA_HOME --no-daemon assemble shadowJar
-    '';
-
-    # perl code mavenizes paths (com.squareup.okio/okio/1.13.0/a9283170b7305c8d92d25aff02a6ab7e45d06cbe/okio-1.13.0.jar -> com/squareup/okio/okio/1.13.0/okio-1.13.0.jar)
-    installPhase =
-      ''
-        find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \
-          | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \
-          | sh
-      ''
-      + lib.concatStringsSep "\n" (lib.forEach extraDeps (dep: ''
-        mkdir -p $out/${dep.path}
-        cp ${fetchurl {
-          url = dep.url;
-          sha256 = dep.sha256;
-        }} $out/${dep.path}/${dep.filename}
-      ''));
-
-    dontStrip = true;
-
-    outputHashAlgo = "sha256";
-    outputHashMode = "recursive";
-    outputHash = "${meta.backend.deps-sha256}";
-  }

overlay/piped/frontend/default.nix

@@ -1,53 +0,0 @@
-{
-  mkYarnPackage,
-  rsync,
-  fetchFromGitHub,
-  # Backend domain override, if unset then use project default
-  backendDomain ? null,
-}: let
-  meta = builtins.fromJSON (builtins.readFile ../meta.json);
-  rev = meta.frontend.rev;
-in
-  mkYarnPackage rec {
-    pname = "piped-frontend";
-    version = "latest-${rev}";
-    src = fetchFromGitHub {
-      owner = "TeamPiped";
-      repo = "Piped";
-      inherit rev;
-      sha256 = "${meta.frontend.sha256}";
-    };
-
-    packageJSON = "${src}/package.json";
-    yarnLock = ./yarn.lock;
-    yarnNix = ./yarn.nix;
-
-    patchPhase = ''
-      ${
-        if backendDomain != null
-        then ''
-          sed -i "s#pipedapi.kavin.rocks#${backendDomain}#g" src/main.js
-          sed -i "s#pipedapi.kavin.rocks#${backendDomain}#g" src/components/PreferencesPage.vue
-        ''
-        else ""
-      }
-    '';
-
-    buildPhase = ''
-      runHook preBuild
-      cp ${./yarn.lock} yarn.lock
-      yarn --offline build
-      runHook postBuild
-    '';
-
-    installPhase = ''
-      runHook preInstall
-
-      mkdir -p "$out/share/piped-frontend"
-      ${rsync}/bin/rsync --recursive deps/piped/dist/ "$out/share/piped-frontend"
-
-      runHook postInstall
-    '';
-
-    doDist = false;
-  }

overlay/piped/meta.json

@@ -1,15 +0,0 @@
-{
-  "frontend": {
-    "rev": "8bba3779df2e81bcc6b7fb37ac37eb60f64b90c1",
-    "sha256": "sha256-ijuVaD788K+zxEpuMp6mg7q45+qaPZC3NInD05M8+tw="
-  },
-  "backend": {
-    "rev": "3b1bef532b6548bdbdc34a570954af51db475a35",
-    "sha256": "sha256-/XkXsSsWyqIuLPKaftD55ms9YtWbjyqnofg+ZaSA3dQ=",
-    "deps-sha256": "sha256-CS6gu7U8loktSh5xLq98vnBFWHuuv9sLYmgAZtrdP4Y="
-  },
-  "proxy": {
-    "rev": "b6bde9e31a312ff74ad70dc6c56b414a3570833b",
-    "sha256": "sha256-qHpi0h5gW2V4c+46rIPiOoGFaiy7eojAwQj3vHs3vMY="
-  }
-}

overlay/piped/proxy/default.nix

@@ -1,20 +0,0 @@
-{
-  rustPlatform,
-  fetchFromGitHub,
-}: let
-  meta = builtins.fromJSON (builtins.readFile ../meta.json);
-  rev = meta.proxy.rev;
-in
-  rustPlatform.buildRustPackage rec {
-    pname = "piped-proxy";
-    version = "latest-${rev}";
-    src = fetchFromGitHub {
-      owner = "TeamPiped";
-      repo = "piped-proxy";
-      inherit rev;
-      sha256 = "${meta.proxy.sha256}";
-    };
-
-    cargoLock = {lockFile = "${src}/Cargo.lock";};
-    doCheck = false;
-  }

overlay/piped/update.sh

@@ -1,63 +0,0 @@
-#!/usr/bin/env nix-shell
-#!nix-shell -i bash -p curl jq git moreutils nodejs_20 yarn2nix yarn nix
-set -euo pipefail
-
-BASE_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-cd "${BASE_DIR}"
-
-json_get() {
-    jq -r "$1" < 'meta.json'
-}
-
-json_set() {
-    jq --arg x "$2" "$1 = \$x" < 'meta.json' | sponge 'meta.json'
-}
-
-# Frontend
-old_frontend_rev=$(json_get '.frontend.rev')
-new_frontend_rev=$(curl -L "https://api.github.com/repos/TeamPiped/Piped/commits" 2>/dev/null | jq ".[0].sha" -r)
-if [ "$new_frontend_rev" != "$old_frontend_rev" ] || [ "${FORCE_UPDATE-}" != "" ]; then
-    echo "Frontend is out of date. Updating..."
-    json_set '.frontend.rev' "$new_frontend_rev"
-    json_set '.frontend.sha256' ""
-
-    TMP=$(mktemp -d)
-    pushd "$TMP"
-        git clone https://github.com/TeamPiped/Piped
-        pushd Piped
-            git reset --hard "$new_frontend_rev"
-            #yarn install --no-lockfile
-            yarn install --mode update-lockfile
-            nix run "github:NixOS/nixpkgs/nixos-unstable#yarn2nix" > "${BASE_DIR}/frontend/yarn.nix"
-            cp yarn.lock "${BASE_DIR}/frontend/yarn.lock"
-        popd
-    popd
-    rm -rf "$TMP"
-fi
-
-# Backend
-old_backend_rev=$(json_get '.backend.rev')
-new_backend_rev=$(curl -L "https://api.github.com/repos/TeamPiped/Piped-Backend/commits" 2>/dev/null | jq ".[0].sha" -r)
-if [ "$new_backend_rev" != "$old_backend_rev" ] || [ "${FORCE_UPDATE-}" != "" ]; then
-    echo "Backend is out of date. Updating..."
-    json_set '.backend.rev' "$new_backend_rev"
-    json_set '.backend.sha256' ""
-    json_set '.backend."deps-sha256"' ""
-fi
-
-# Proxy
-old_proxy_rev=$(json_get '.proxy.rev')
-new_proxy_rev=$(curl -L "https://api.github.com/repos/TeamPiped/piped-proxy/commits" 2>/dev/null | jq ".[0].sha" -r)
-if [ "$new_proxy_rev" != "$old_proxy_rev" ] || [ "${FORCE_UPDATE-}" != "" ]; then
-    echo "Proxy is out of date. Updating..."
-    json_set '.proxy.rev' "$new_proxy_rev"
-    json_set '.proxy.sha256' ""
-fi
-
-# gotta manually update shasums using output from these 
-echo "building frontend"
-nix build .#piped-frontend || true
-
-echo "building backend"
-nix build .#piped-backend || true
-

profiles/base/nix.nix

@@ -24,9 +24,11 @@ in {
     };
     overlays = [
       (import ../../overlay)
-      inputs.musicutil.overlay
-      inputs.gitlab_artifacts_sync.overlay
-      inputs.gitlab_archiver.overlay
+      inputs.musicutil.overlays.default
+      inputs.gitlab_artifacts_sync.overlays.default
+      inputs.gitlab_archiver.overlays.default
+      inputs.piped-flake.overlays.default
+
       inputs.deploy-rs.overlay
     ];
   };

treeConfig.nix

@@ -13,7 +13,6 @@
 
     # Extra modules/home/profiles/containers
     "hosts/hetzner-vm/modules/mailserver".functor.enable = true;
-    "hosts/hetzner-vm/modules/piped".functor.enable = true;
     "hosts/hetzner-vm/containers/storage/profiles".functor.enable = true;
     "hosts/hetzner-vm/containers/social/profiles".functor.enable = true;
     "hosts/hetzner-vm/containers/quassel/profiles".functor.enable = true;