diff --git a/flake.lock b/flake.lock index 9730ffe..410833d 100644 --- a/flake.lock +++ b/flake.lock @@ -39,19 +39,17 @@ "flake-compat": [ "flake-compat" ], - "nixpkgs": [ - "nixpkgs-unstable" - ], + "nixpkgs": "nixpkgs", "utils": [ "flake-utils" ] }, "locked": { - "lastModified": 1699701798, - "narHash": "sha256-goytj9Wm1onHgdr8UoUnQ0pLwCDSsyUqonE3sbu2nUw=", + "lastModified": 1701095034, + "narHash": "sha256-up8JguDsMgvf3umpcH6P9iD/R6TqCrcB3rhlsOTLKYU=", "ref": "refs/heads/hungy", - "rev": "d6466a95059de3df3d5947a49d73833e9992c28f", - "revCount": 55, + "rev": "1cca07d244e18ea1c1c0d48016fa3e4b581bf224", + "revCount": 57, "type": "git", "url": "https://forgejo.owo.monster/chaos/food-site" }, @@ -67,11 +65,11 @@ ] }, "locked": { - "lastModified": 1699663185, - "narHash": "sha256-hI3CZPINBWstkMN+ptyzWibw5eRtFCiEvO7zR61bGBs=", + "lastModified": 1701071203, + "narHash": "sha256-lQywA7QU/vzTdZ1apI0PfgCWNyQobXUYghVrR5zuIeM=", "owner": "nix-community", "repo": "home-manager", - "rev": "691cbcc03af6ad1b5384c0e0e0b5f2298f58c5ce", + "rev": "db1878f013b52ba5e4034db7c1b63e8d04173a86", "type": "github" }, "original": { @@ -85,17 +83,17 @@ "flake-compat": [ "flake-compat" ], - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "utils": [ "flake-utils" ] }, "locked": { - "lastModified": 1699704512, - "narHash": "sha256-kAyPmOuU3zXH9j3Yl0lPaC/DNJULXh1dlONuB6SivAw=", + "lastModified": 1701094124, + "narHash": "sha256-4nZrZe/rzxmp+H2JrfLWVkwNGzvx0nVVWcfcF1AEb9I=", "ref": "refs/heads/main", - "rev": "9f48d9eab50549f5191ca5c8fc91dd311dcaf364", - "revCount": 109, + "rev": "8f935b84929eb6ea4577b015b9b4ef4e86ee69ce", + "revCount": 116, "type": "git", "url": "https://forgejo.owo.monster/chaos/musicutil" }, @@ -117,11 +115,11 @@ ] }, "locked": { - "lastModified": 1699549513, - "narHash": "sha256-cfsghOs6Cr61wFsxkWonK8AwPwHaRGZ6QkbasUgygh4=", + "lastModified": 1700665566, + "narHash": "sha256-+AU2AdpA2eHlVwH3LL1qCWCTJyOJwCw/7pwampP3Jy8=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "0e4c17efebff955471f169fffbb7e8cd62ada498", + "rev": "a9287f7191467138d6203ea44b3a0b9c745cb145", "type": "github" }, "original": { @@ -132,11 +130,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1699099776, - "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=", + "lastModified": 1700794826, + "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb", + "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", "type": "github" }, "original": { @@ -148,11 +146,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1699099776, - "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=", + "lastModified": 1700794826, + "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb", + "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", "type": "github" }, "original": { @@ -164,11 +162,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1699099776, - "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=", + "lastModified": 1700794826, + "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb", + "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1700794826, + "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", "type": "github" }, "original": { @@ -180,11 +194,11 @@ }, "nur": { "locked": { - "lastModified": 1699696572, - "narHash": "sha256-hnHyp2T4pkuj5xdkj/ZZme/ppmNJff47BcPRxwcJP00=", + "lastModified": 1701085559, + "narHash": "sha256-BHT8Zxl/4iQ4NQ8N+fvJhi+LoblGNUz8p+axv40RDjY=", "owner": "nix-community", "repo": "NUR", - "rev": "2999af35ec973a0001ca92bb56b037ae18869f22", + "rev": "5b543aa25fdc06ae3f60c45acc050bd0876541bc", "type": "github" }, "original": { @@ -193,32 +207,6 @@ "type": "github" } }, - "piped-flake": { - "inputs": { - "flake-compat": [ - "flake-compat" - ], - "nixpkgs": [ - "nixpkgs-unstable" - ], - "utils": [ - "flake-utils" - ] - }, - "locked": { - "lastModified": 1697479170, - "narHash": "sha256-TF5LZDLY/WMDcQ/kexL3+fZ9lw9p9h16htloC1CcQLA=", - "ref": "refs/heads/main", - "rev": "d2344c2b4ae8216c286d762f367a49fe3fc8b306", - "revCount": 23, - "type": "git", - "url": "https://forgejo.owo.monster/chaos/piped-flake" - }, - "original": { - "type": "git", - "url": "https://forgejo.owo.monster/chaos/piped-flake" - } - }, "root": { "inputs": { "flake-compat": "flake-compat", @@ -229,7 +217,6 @@ "nixos-wsl": "nixos-wsl", "nixpkgs-unstable": "nixpkgs-unstable", "nur": "nur", - "piped-flake": "piped-flake", "tree-input": "tree-input", "vaultui": "vaultui" } @@ -290,17 +277,17 @@ "flake-compat": [ "flake-compat" ], - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "utils": [ "flake-utils" ] }, "locked": { - "lastModified": 1699703627, - "narHash": "sha256-DEzQZFUFJWmpqHKHDAynd7onl1EwEow7VIUhRInQ80M=", + "lastModified": 1701095009, + "narHash": "sha256-hV9R/ZCXL9cZ78TZSkO6TUfuwx/E2K13k2kcoGDgGBc=", "ref": "refs/heads/main", - "rev": "e392ef0e0393b282c9250726238c4839d4cdb792", - "revCount": 461, + "rev": "6b0eada62567711299750ae2b708ae30318c8ff9", + "revCount": 462, "type": "git", "url": "https://forgejo.owo.monster/chaos/VaultUI" }, diff --git a/flake.nix b/flake.nix index 36effdb..afa517f 100644 --- a/flake.nix +++ b/flake.nix @@ -36,13 +36,8 @@ musicutil.inputs.utils.follows = "flake-utils"; musicutil.inputs.flake-compat.follows = "flake-compat"; - piped-flake.url = "git+https://forgejo.owo.monster/chaos/piped-flake"; - piped-flake.inputs.nixpkgs.follows = "nixpkgs-unstable"; - piped-flake.inputs.utils.follows = "flake-utils"; - piped-flake.inputs.flake-compat.follows = "flake-compat"; - food-site.url = "git+https://forgejo.owo.monster/chaos/food-site"; - food-site.inputs.nixpkgs.follows = "nixpkgs-unstable"; + #food-site.inputs.nixpkgs.follows = "nixpkgs-unstable"; food-site.inputs.utils.follows = "flake-utils"; food-site.inputs.flake-compat.follows = "flake-compat"; }; diff --git a/hosts/hetzner-arm/containers/piped-fi/default.nix b/hosts/hetzner-arm/containers/piped-fi/default.nix deleted file mode 100644 index 3f5cd7b..0000000 --- a/hosts/hetzner-arm/containers/piped-fi/default.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ - self, - hostPath, - tree, - inputs, - config, - pkgs, - ... -}: let - pipedName = "piped-fi"; - containerName = pipedName; - - containerAddresses = import "${hostPath}/data/containerAddresses.nix"; - hostIP = containerAddresses.host; - containerIP = containerAddresses.containers.${containerName}; - - pipedSocketForComponent = ( - component: "/var/lib/nixos-containers/${containerName}/var/sockets/piped-${component}.sock" - ); -in { - containers.${containerName} = { - autoStart = true; - privateNetwork = true; - hostAddress = hostIP; - localAddress = containerIP; - - specialArgs = { - inherit inputs; - inherit tree; - inherit self; - inherit hostPath; - }; - - config = {...}: { - nixpkgs.pkgs = pkgs; - - imports = with tree; [ - presets.nixos.containerBase - presets.nixos.pipedNode - ]; - - home-manager.users.root.home.stateVersion = "23.05"; - system.stateVersion = "23.05"; - }; - }; - - services.nginx.virtualHosts."${pipedName}.owo.monster" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://unix:${pipedSocketForComponent "frontend"}"; - }; - }; - - services.nginx.virtualHosts."backend.${pipedName}.owo.monster" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://unix:${pipedSocketForComponent "backend"}"; - }; - }; - - services.nginx.virtualHosts."proxy.${pipedName}.owo.monster" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://unix:${pipedSocketForComponent "proxy"}"; - }; - }; -} diff --git a/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix b/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix index 8a7f2d5..900609a 100644 --- a/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix +++ b/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix @@ -12,15 +12,10 @@ in { enable = true; enableTCPIP = true; ensureDatabases = [ - "piped" "gotosocial" "quassel" ]; ensureUsers = [ - { - name = "piped"; - ensurePermissions."DATABASE piped" = "ALL PRIVILEGES"; - } { name = "gotosocial"; ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES"; @@ -33,9 +28,6 @@ in { # If the host is a local container then use the container's IP # otherwise use the host's IP authentication = '' - host piped piped ${localContainersAddresses.containers."piped-fi"}/32 trust - host piped piped ${wireguardHosts."raspberry".ip}/32 trust - host gotosocial gotosocial ${localContainersAddresses.containers."social"}/32 trust host quassel quassel ${localContainersAddresses.containers."quassel"}/32 trust ''; diff --git a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix index 0bb5d32..ce6ce66 100644 --- a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix @@ -7,7 +7,6 @@ backupPrepareCommand = "${ (pkgs.writeShellScriptBin "backupPrepareCommand" '' - systemctl start remotePostgreSQLBackup-piped --wait systemctl start remotePostgreSQLBackup-gotosocial --wait systemctl start remotePostgreSQLBackup-quassel --wait '') @@ -51,7 +50,6 @@ in { enable = true; backupUser = "postgres"; databases = [ - "piped" "gotosocial" "quassel" ]; diff --git a/hosts/hetzner-arm/data/containerAddresses.nix b/hosts/hetzner-arm/data/containerAddresses.nix index 19a1c12..62af287 100644 --- a/hosts/hetzner-arm/data/containerAddresses.nix +++ b/hosts/hetzner-arm/data/containerAddresses.nix @@ -7,9 +7,8 @@ quassel = "10.0.1.5"; forgejo = "10.0.1.6"; postgresql = "10.0.1.7"; - piped-fi = "10.0.1.8"; - caldav = "10.0.1.9"; - owncast = "10.0.1.10"; - jellyfin = "10.0.1.11"; + caldav = "10.0.1.8"; + owncast = "10.0.1.9"; + jellyfin = "10.0.1.10"; }; } diff --git a/hosts/hetzner-arm/hetzner-arm.nix b/hosts/hetzner-arm/hetzner-arm.nix index 8b2da7a..2abfc8d 100644 --- a/hosts/hetzner-arm/hetzner-arm.nix +++ b/hosts/hetzner-arm/hetzner-arm.nix @@ -25,7 +25,6 @@ in { "music" "quassel" "postgresql" - "piped-fi" "mail" "forgejo" "caldav" diff --git a/hosts/nixos.nix b/hosts/nixos.nix index 2a49388..9824e0f 100644 --- a/hosts/nixos.nix +++ b/hosts/nixos.nix @@ -32,7 +32,6 @@ inputs.nixos-wsl.nixosModules.default inputs.vaultui.nixosModules.default - inputs.piped-flake.nixosModules.default tree.modules.nixos.rcloneServe tree.modules.nixos.rcloneSync diff --git a/hosts/raspberry/containers/piped-uk/default.nix b/hosts/raspberry/containers/piped-uk/default.nix deleted file mode 100644 index db6213c..0000000 --- a/hosts/raspberry/containers/piped-uk/default.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - self, - hostPath, - tree, - inputs, - config, - pkgs, - lib, - ... -}: let - inherit (lib.modules) mkForce; - - pipedName = "piped-uk"; - containerName = pipedName; - - pipedSocketForComponent = ( - component: "/var/lib/nixos-containers/${containerName}/var/sockets/piped-${component}.sock" - ); -in { - containers.${containerName} = { - autoStart = true; - privateNetwork = false; - - specialArgs = { - inherit inputs; - inherit tree; - inherit self; - inherit hostPath; - }; - - config = {...}: { - nixpkgs.pkgs = pkgs; - - imports = with tree; [ - presets.nixos.containerBase - presets.nixos.pipedNode - ]; - - networking.firewall.enable = mkForce false; - - home-manager.users.root.home.stateVersion = "23.05"; - system.stateVersion = "23.05"; - }; - }; - - services.nginx.virtualHosts."${pipedName}.owo.monster" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://unix:${pipedSocketForComponent "frontend"}"; - }; - }; - - services.nginx.virtualHosts."backend.${pipedName}.owo.monster" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://unix:${pipedSocketForComponent "backend"}"; - }; - }; - - services.nginx.virtualHosts."proxy.${pipedName}.owo.monster" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://unix:${pipedSocketForComponent "proxy"}"; - }; - }; -} diff --git a/hosts/raspberry/raspberry.nix b/hosts/raspberry/raspberry.nix index a7c4e6c..aa1a82f 100644 --- a/hosts/raspberry/raspberry.nix +++ b/hosts/raspberry/raspberry.nix @@ -8,8 +8,6 @@ profiles.chaosInternalWireGuard - ./containers/piped-uk/default.nix - ./secrets.nix ./boot.nix ] diff --git a/outputs.nix b/outputs.nix index 67b0325..e8e718f 100644 --- a/outputs.nix +++ b/outputs.nix @@ -22,9 +22,6 @@ in config.allowUnfree = true; overlays = [ (import ./overlay) - (import ./overlay/piped-overlay.nix { - inherit (inputs) piped-flake; - }) ]; }; in @@ -57,7 +54,6 @@ in inherit (pkgs) comic-code comic-sans; inherit (pkgs) mk-enc-usb mk-encrypted-drive mk-raspberry-ext-drive; inherit (pkgs) gotosocial mpd-headless owncast; - inherit (pkgs) piped-backend piped-frontend piped-proxy; inherit (pkgs) kitty-terminfo; }; } @@ -162,10 +158,6 @@ in hasHostSecrets = doesHaveHostSecrets "vault"; sshAddress = "vault.servers.genderfucked.monster"; }; - #"raspberry" = { - # containers = ["piped-uk"]; - # sshAddress = "raspberry.servers.genderfucked.monster"; - #}; "lappy-t495" = configForMachine "lappy-t495"; }; diff --git a/overlay/piped-overlay.nix b/overlay/piped-overlay.nix deleted file mode 100644 index 2fe82a2..0000000 --- a/overlay/piped-overlay.nix +++ /dev/null @@ -1,27 +0,0 @@ -{piped-flake}: (prev: final: let - system = final.system; - piped-flake-pkgs = piped-flake.packages.${system}; -in { - inherit (piped-flake-pkgs) piped-frontend; - inherit (piped-flake-pkgs) piped-proxy piped-proxy-openssl; - inherit (piped-flake-pkgs) piped-proxy-full piped-proxy-full-openssl; - inherit (piped-flake-pkgs) piped-proxy-minimal piped-proxy-minimal-openssl; - - # Won't build due to this; added a native-arm64 to all builders on arm64 - # https://github.com/NixOS/nixpkgs/issues/255780 - piped-backend = - (piped-flake-pkgs.piped-backend.override (prev: { - piped-backend-deps = prev.piped-backend-deps.overrideAttrs { - requiredSystemFeatures = - if system == "aarch64-linux" - then ["native-arm64"] - else []; - }; - })) - .overrideAttrs { - requiredSystemFeatures = - if system == "aarch64-linux" - then ["native-arm64"] - else []; - }; -}) diff --git a/presets/nixos/containerBase.nix b/presets/nixos/containerBase.nix index e3ae0a2..05903a4 100644 --- a/presets/nixos/containerBase.nix +++ b/presets/nixos/containerBase.nix @@ -17,7 +17,6 @@ # Default modules which are usually included in nixos.nix inputs.home-manager-unstable.nixosModules.home-manager inputs.vaultui.nixosModules.default - inputs.piped-flake.nixosModules.default ]; home-manager.users.root = { diff --git a/presets/nixos/pipedNode.nix b/presets/nixos/pipedNode.nix deleted file mode 100644 index 04d918f..0000000 --- a/presets/nixos/pipedNode.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ - self, - config, - tree, - pkgs, - ... -}: let - inherit (builtins) attrNames elem; - - hostName = config.networking.hostName; - - hetznerARMContainerAddresses = import "${self}/hosts/hetzner-arm/data/containerAddresses.nix"; - - defaultPorts = { - internalPipedBackend = 3012; - internalPipedProxy = 3013; - - internalNginxPort = 8199; - }; - - hostConfigs = { - "piped-fi" = { - baseDomain = "piped-fi.owo.monster"; - ports = defaultPorts; - }; - "piped-uk" = { - baseDomain = "piped-uk.owo.monster"; - ports = defaultPorts; - }; - }; - - hostConfig = - if elem hostName (attrNames hostConfigs) - then hostConfigs.${hostName} - else throw "host isn't configured for piped node"; - - inherit (hostConfig) baseDomain ports; -in { - imports = with tree; [ - profiles.nginx - ]; - - services.piped = { - enable = true; - - frontend = { - domain = "${baseDomain}"; - - nginx = { - forceSSL = false; - enableACME = false; - }; - }; - - backend = { - domain = "backend.${baseDomain}"; - internalPort = ports.internalPipedBackend; - - nginx = { - forceSSL = false; - enableACME = false; - }; - - settings = { - disableRegistrations = true; - }; - - database = { - disablePostgresDB = true; - name = "piped"; - username = "piped"; - usePassword = false; - host = hetznerARMContainerAddresses.containers.postgresql; - }; - }; - - proxy = { - domain = "proxy.${baseDomain}"; - internalPort = ports.internalPipedProxy; - package = pkgs.piped-proxy-minimal-openssl; - nginx = { - forceSSL = false; - enableACME = false; - }; - }; - }; - - systemd.tmpfiles.rules = [ - "d /var/sockets - nginx nginx" - ]; - - systemd.services.nginx = { - serviceConfig.ReadWritePaths = [ - "/var/sockets" - ]; - }; - - services.nginx.virtualHosts = let - componentPath = component: "/var/sockets/piped-${component}.sock"; - listen = [ - { - addr = "127.0.0.1"; - port = ports.internalNginxPort; - } - ]; - in { - "${baseDomain}" = { - inherit listen; - extraConfig = "listen unix:${componentPath "frontend"};"; - }; - - "backend.${baseDomain}" = { - inherit listen; - extraConfig = "listen unix:${componentPath "backend"};"; - }; - - "proxy.${baseDomain}" = { - inherit listen; - extraConfig = "listen unix:${componentPath "proxy"};"; - }; - }; -} diff --git a/profiles/base/nix.nix b/profiles/base/nix.nix index 58cd6c0..44d7cd0 100644 --- a/profiles/base/nix.nix +++ b/profiles/base/nix.nix @@ -27,9 +27,6 @@ in { }; overlays = [ (import ../../overlay) - (import ../../overlay/piped-overlay.nix { - inherit (inputs) piped-flake; - }) ]; }; environment.etc."nixpkgs-commit".text = inputs.nixpkgs-unstable.rev; diff --git a/scripts/buildPipedBackendAArch64.sh b/scripts/buildPipedBackendAArch64.sh deleted file mode 100755 index 8320d0e..0000000 --- a/scripts/buildPipedBackendAArch64.sh +++ /dev/null @@ -1 +0,0 @@ -nix build --system aarch64-linux .#piped-backend --builders "ssh://root@raspberry.servers.genderfucked.monster?ssh-key=/usb/ssh-keys/chaos.priv aarch64-linux - 2 2 nixos-test,benchmark,big-parallel,kvm - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUJhZlp5bitQcUtBclVYZ1VNdCszaDQvRU5kbWVUNWx3YXBPUm5lZXZ2eVIgcm9vdEByYXNwYmVycnkK#" --max-jobs 0 --builders-use-substitutes \ No newline at end of file diff --git a/scripts/update.sh b/scripts/update.sh index 6b287ec..346926b 100755 --- a/scripts/update.sh +++ b/scripts/update.sh @@ -4,6 +4,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) REPO_ROOT="${SCRIPT_DIR}/.." cd $REPO_ROOT -# TODO -#./overlay/piped/update.sh nix flake update