updates, fix storage ports (again), fix postgres backups, fingerprint broke, only set nixpkgs when not in container

2023-10-16 20:02:47 +01:00 · 2023-10-16 20:02:47 +01:00 · a8f98a5e08
parent 85e38766ce
commit a8f98a5e08
8 changed files with 88 additions and 85 deletions
--- a/flake.lock
+++ b/flake.lock
@ -3,11 +3,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1673956053,
+        "lastModified": 1696426674,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
@ -67,11 +67,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1695738267,
+        "lastModified": 1697410455,
-        "narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=",
+        "narHash": "sha256-jCs/ffIP3tUPN7HWWuae4BB8+haAw2NI02z5BQvWMGM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486",
+        "rev": "78125bc681d12364cb65524eaa887354134053d0",
        "type": "github"
      },
      "original": {
@ -119,11 +119,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1696883888,
+        "lastModified": 1697459493,
-        "narHash": "sha256-EdQMeJxDoi26YDtkNf20mNBeCj7Y5eKg+rrxkiB86z0=",
+        "narHash": "sha256-HH8ePJIVAsiDHIdS4qnKQ9o4X0KTVGA9cfHBplKqpfs=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "5da7c4fd0ab9693d83cae50de7d9430696f92568",
+        "rev": "b63b328577f1cb5839f8ecc4fd05040335d4a55a",
        "type": "github"
      },
      "original": {
@ -134,11 +134,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1695644571,
+        "lastModified": 1697059129,
-        "narHash": "sha256-asS9dCCdlt1lPq0DLwkVBbVoEKuEuz+Zi3DG7pR/RxA=",
+        "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "6500b4580c2a1f3d0f980d32d285739d8e156d92",
+        "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593",
        "type": "github"
      },
      "original": {
@ -150,11 +150,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1695844033,
+        "lastModified": 1697470606,
-        "narHash": "sha256-UX5sbK9dc/bOupgDGWer75zBjoh7eWIheyGGCjD7FIg=",
+        "narHash": "sha256-TP3UN5RktQpqDVj5mA6rb1Nu4vGTnctWkbe5sef4LEw=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "f08568d903901b7ac1017572b9af9855e935155a",
+        "rev": "cc83a858d3dbf50a934a4f74fe5508ac2fa72bc5",
        "type": "github"
      },
      "original": {
@ -176,11 +176,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1696098855,
+        "lastModified": 1697479170,
-        "narHash": "sha256-bRksfF76An44TGS703+6My+i2o4hooVPdX5qWn9aMfo=",
+        "narHash": "sha256-TF5LZDLY/WMDcQ/kexL3+fZ9lw9p9h16htloC1CcQLA=",
        "ref": "refs/heads/main",
-        "rev": "17ca4470eef819d56f2c7fdd13c3952797fb4512",
+        "rev": "d2344c2b4ae8216c286d762f367a49fe3fc8b306",
-        "revCount": 21,
+        "revCount": 23,
        "type": "git",
        "url": "https://forgejo.owo.monster/chaos/piped-flake"
      },
--- a/hosts/hetzner-arm/containers/music/default.nix
+++ b/hosts/hetzner-arm/containers/music/default.nix
@ -87,21 +87,20 @@ in {
  in {
    forceSSL = true;
    enableACME = true;
-    locations =
+    locations = mkMerge [
      mkMerge [
      {
        "/mpd/flac" = {
          proxyPass = "http://${containerIP}:${toString ports.mpd-flac}";
          inherit extraConfig;
        };
      }
-      ]
+      (mkMerge (forEach ["low" "medium" "high"] (quality: {
      ++ (mkMerge (forEach ["low" "medium" "high"] (quality: {
        "/mpd/opus-${quality}" = {
          proxyPass = "http://${containerIP}:${toString ports."mpd-opus-${quality}"}";
          inherit extraConfig;
        };
-      })));
+      })))
    ];
  };
  networking = {
--- a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
@ -7,9 +7,9 @@
  backupPrepareCommand = "${
    (pkgs.writeShellScriptBin "backupPrepareCommand" ''
-      systemctl start postgresqlBackup-piped --wait
+      systemctl start remotePostgreSQLBackup-piped --wait
-      systemctl start postgresqlBackup-gotosocial --wait
+      systemctl start remotePostgreSQLBackup-gotosocial --wait
-      systemctl start postgresqlBackup-quassel --wait
+      systemctl start remotePostgreSQLBackup-quassel --wait
    '')
  }/bin/backupPrepareCommand";
 in {
--- a/hosts/hetzner-arm/containers/storage/data/ports.nix
+++ b/hosts/hetzner-arm/containers/storage/data/ports.nix
@ -1,20 +1,24 @@
-{
+let
-  rclone_serve_webdav_main = 4200;
+  webdav = 4200;
-  rclone_serve_webdav_media = 4201;
+  restic = 4300;
-  rclone_serve_webdav_music_ro = 4202;
+  http = 4400;
-  rclone_serve_webdav_public = 4202;
+in {
-  rclone_serve_webdav_uploads = 4202;
+  webdav_main = webdav + 0;
  webdav_media = webdav + 1;
  webdav_music_ro = webdav + 2;
  webdav_public = webdav + 3;
  webdav_uploads = webdav + 4;
-  rclone_serve_restic_music = 4210;
+  restic_music = restic + 0;
-  rclone_serve_restic_vault = 4211;
+  restic_vault = restic + 1;
-  rclone_serve_restic_social = 4212;
+  restic_social = restic + 2;
-  rclone_serve_restic_quassel = 4213;
+  restic_quassel = restic + 3;
-  rclone_serve_restic_postgresql = 4214;
+  restic_postgresql = restic + 4;
-  rclone_serve_restic_mail = 4215;
+  restic_mail = restic + 5;
-  rclone_serve_restic_forgejo = 4216;
+  restic_forgejo = restic + 6;
-  rclone_serve_restic_caldav = 4217;
+  restic_caldav = restic + 7;
-  rclone_serve_http_music = 4220;
+  http_music = http + 0;
-  rclone_serve_http_public = 4221;
+  http_public = http + 1;
-  rclone_serve_http_uploads_public = 4221;
+  http_uploads_public = http + 2;
 }
--- a/hosts/hetzner-arm/containers/storage/default.nix
+++ b/hosts/hetzner-arm/containers/storage/default.nix
@ -62,11 +62,11 @@ in {
    forceSSL = true;
    enableACME = true;
    locations = {
-      "/Main/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_main}";
+      "/Main/".proxyPass = "http://${containerIP}:${toString ports.webdav_main}";
-      "/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}";
+      "/Media/".proxyPass = "http://${containerIP}:${toString ports.webdav_media}";
-      "/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}";
+      "/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.webdav_music_ro}";
-      "/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_public}";
+      "/Public/".proxyPass = "http://${containerIP}:${toString ports.webdav_public}";
-      "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_uploads}";
+      "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.webdav_uploads}";
    };
    extraConfig = ''
      client_max_body_size ${clientMaxBodySize};
@ -77,9 +77,9 @@ in {
    forceSSL = true;
    enableACME = true;
    locations = {
-      "/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_music}";
+      "/Music/".proxyPass = "http://${containerIP}:${toString ports.http_music}";
-      "/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_public}";
+      "/Public/".proxyPass = "http://${containerIP}:${toString ports.http_public}";
-      "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_uploads_public}";
+      "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.http_uploads_public}";
    };
    extraConfig = ''
      client_max_body_size ${clientMaxBodySize};
@ -90,14 +90,14 @@ in {
    forceSSL = true;
    enableACME = true;
    locations = {
-      "/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_music}";
+      "/Music/".proxyPass = "http://${containerIP}:${toString ports.restic_music}";
-      "/Vault/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_vault}";
+      "/Vault/".proxyPass = "http://${containerIP}:${toString ports.restic_vault}";
-      "/Social/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_social}";
+      "/Social/".proxyPass = "http://${containerIP}:${toString ports.restic_social}";
-      "/Quassel/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_quassel}";
+      "/Quassel/".proxyPass = "http://${containerIP}:${toString ports.restic_quassel}";
-      "/PostgreSQL/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_postgresql}";
+      "/PostgreSQL/".proxyPass = "http://${containerIP}:${toString ports.restic_postgresql}";
-      "/Mail/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_mail}";
+      "/Mail/".proxyPass = "http://${containerIP}:${toString ports.restic_mail}";
-      "/Forgejo/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_forgejo}";
+      "/Forgejo/".proxyPass = "http://${containerIP}:${toString ports.restic_forgejo}";
-      "/CalDAV/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_caldav}";
+      "/CalDAV/".proxyPass = "http://${containerIP}:${toString ports.restic_caldav}";
    };
    extraConfig = ''
      client_max_body_size ${clientMaxBodySize};
--- a/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix
+++ b/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix
@ -25,7 +25,7 @@ in {
        remote = "StorageBox:";
        type = "webdav";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_main}"
+          "--addr=0.0.0.0:${toString ports.webdav_main}"
          "--htpasswd=${secrets.webdav_main_htpasswd.path}"
          "--baseurl=/Main/"
          "--cache-dir=/caches/main_webdav_serve"
@ -37,7 +37,7 @@ in {
        remote = "Media-Combine-Serve:";
        type = "webdav";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_media}"
+          "--addr=0.0.0.0:${toString ports.webdav_media}"
          "--htpasswd=${secrets.webdav_media_htpasswd.path}"
          "--baseurl=/Media/"
          "--cache-dir=/caches/media_webdav_serve"
@ -51,7 +51,7 @@ in {
        remote = "StorageBox:Music";
        type = "webdav";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_music_ro}"
+          "--addr=0.0.0.0:${toString ports.webdav_music_ro}"
          "--read-only"
          "--baseurl=/MusicRO/"
        ];
@ -61,7 +61,7 @@ in {
        remote = "StorageBox:Public";
        type = "webdav";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_public}"
+          "--addr=0.0.0.0:${toString ports.webdav_public}"
          "--htpasswd=${secrets.webdav_media_htpasswd.path}"
          "--baseurl=/Public/"
        ];
@ -71,7 +71,7 @@ in {
        remote = "StorageBox:Uploads";
        type = "webdav";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_uploads}"
+          "--addr=0.0.0.0:${toString ports.webdav_uploads}"
          "--htpasswd=${secrets.webdav_uploads_htpasswd.path}"
          "--baseurl=/Uploads/"
        ];
@ -82,7 +82,7 @@ in {
        remote = "StorageBox:Music";
        type = "http";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_http_music}"
+          "--addr=0.0.0.0:${toString ports.http_music}"
          "--baseurl=/Music/"
          "--read-only"
        ];
@ -92,7 +92,7 @@ in {
        remote = "StorageBox:Public";
        type = "http";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_http_public}"
+          "--addr=0.0.0.0:${toString ports.http_public}"
          "--baseurl=/Public/"
          "--read-only"
        ];
@ -102,7 +102,7 @@ in {
        remote = "StorageBox:Uploads/Public";
        type = "http";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_http_uploads_public}"
+          "--addr=0.0.0.0:${toString ports.http_uploads_public}"
          "--baseurl=/Uploads/"
          "--read-only"
        ];
@ -112,7 +112,7 @@ in {
        remote = "StorageBox:Backups/Restic/Music";
        type = "restic";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_music}"
+          "--addr=0.0.0.0:${toString ports.restic_music}"
          "--htpasswd=${secrets.restic_music_htpasswd.path}"
          "--baseurl=/Music/"
        ];
@ -122,7 +122,7 @@ in {
        remote = "StorageBox:Backups/Restic/Vault";
        type = "restic";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_vault}"
+          "--addr=0.0.0.0:${toString ports.restic_vault}"
          "--htpasswd=${secrets.restic_vault_htpasswd.path}"
          "--baseurl=/Vault/"
        ];
@ -132,7 +132,7 @@ in {
        remote = "StorageBox:Backups/Restic/Social";
        type = "restic";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_social}"
+          "--addr=0.0.0.0:${toString ports.restic_social}"
          "--htpasswd=${secrets.restic_social_htpasswd.path}"
          "--baseurl=/Social/"
        ];
@ -142,7 +142,7 @@ in {
        remote = "StorageBox:Backups/Restic/Quassel";
        type = "restic";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_quassel}"
+          "--addr=0.0.0.0:${toString ports.restic_quassel}"
          "--htpasswd=${secrets.restic_quassel_htpasswd.path}"
          "--baseurl=/Quassel/"
        ];
@ -152,7 +152,7 @@ in {
        remote = "StorageBox:Backups/Restic/PostgreSQL";
        type = "restic";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_postgresql}"
+          "--addr=0.0.0.0:${toString ports.restic_postgresql}"
          "--htpasswd=${secrets.restic_postgresql_htpasswd.path}"
          "--baseurl=/PostgreSQL/"
        ];
@ -162,7 +162,7 @@ in {
        remote = "StorageBox:Backups/Restic/CalDAV";
        type = "restic";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_caldav}"
+          "--addr=0.0.0.0:${toString ports.restic_caldav}"
          "--htpasswd=${secrets.restic_caldav_htpasswd.path}"
          "--baseurl=/CalDAV/"
        ];
@ -172,7 +172,7 @@ in {
        remote = "StorageBox:Backups/Restic/Mail";
        type = "restic";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_mail}"
+          "--addr=0.0.0.0:${toString ports.restic_mail}"
          "--htpasswd=${secrets.restic_mail_htpasswd.path}"
          "--baseurl=/Mail/"
        ];
@ -182,7 +182,7 @@ in {
        remote = "StorageBox:Backups/Restic/Forgejo";
        type = "restic";
        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_forgejo}"
+          "--addr=0.0.0.0:${toString ports.restic_forgejo}"
          "--htpasswd=${secrets.restic_forgejo_htpasswd.path}"
          "--baseurl=/Forgejo/"
        ];
--- a/hosts/lappy-t495/lappy-t495.nix
+++ b/hosts/lappy-t495/lappy-t495.nix
@ -11,7 +11,6 @@
    profiles.cross.arm64
    profiles.remoteBuilders
    profiles.chaosInternalWireGuard
    profiles.fingerprint
    ./profiles/raspberryExtDrive.nix
--- a/profiles/base/nix.nix
+++ b/profiles/base/nix.nix
@ -6,7 +6,8 @@
  ...
 }: let
  inherit (lib.strings) optionalString versionAtLeast;
-  inherit (lib.optional);
+  inherit (lib.lists) optional;
  inherit (lib.modules) mkIf;
 in {
  nix = {
    nixPath = ["nixpkgs=${inputs.nixpkgs}"];
@ -18,7 +19,7 @@ in {
    settings.system-features = lib.optional (pkgs.system == "aarch64-linux") "native-arm64";
    settings.trusted-users = ["root" "@wheel"];
  };
-  nixpkgs = {
+  nixpkgs = mkIf (!config.boot.isContainer) {
    config = {
      allowUnfree = true;