remove piped; update flake

2023-11-27 15:14:59 +00:00 · 2023-11-27 15:14:59 +00:00 · d15de2f221
parent af686d8240
commit d15de2f221
17 changed files with 53 additions and 389 deletions
--- a/flake.lock
+++ b/flake.lock
@ -39,19 +39,17 @@
        "flake-compat": [
          "flake-compat"
        ],
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs",
          "nixpkgs-unstable"
        ],
        "utils": [
          "flake-utils"
        ]
      },
      "locked": {
-        "lastModified": 1699701798,
+        "lastModified": 1701095034,
-        "narHash": "sha256-goytj9Wm1onHgdr8UoUnQ0pLwCDSsyUqonE3sbu2nUw=",
+        "narHash": "sha256-up8JguDsMgvf3umpcH6P9iD/R6TqCrcB3rhlsOTLKYU=",
        "ref": "refs/heads/hungy",
-        "rev": "d6466a95059de3df3d5947a49d73833e9992c28f",
+        "rev": "1cca07d244e18ea1c1c0d48016fa3e4b581bf224",
-        "revCount": 55,
+        "revCount": 57,
        "type": "git",
        "url": "https://forgejo.owo.monster/chaos/food-site"
      },
@ -67,11 +65,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1699663185,
+        "lastModified": 1701071203,
-        "narHash": "sha256-hI3CZPINBWstkMN+ptyzWibw5eRtFCiEvO7zR61bGBs=",
+        "narHash": "sha256-lQywA7QU/vzTdZ1apI0PfgCWNyQobXUYghVrR5zuIeM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "691cbcc03af6ad1b5384c0e0e0b5f2298f58c5ce",
+        "rev": "db1878f013b52ba5e4034db7c1b63e8d04173a86",
        "type": "github"
      },
      "original": {
@ -85,17 +83,17 @@
        "flake-compat": [
          "flake-compat"
        ],
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "utils": [
          "flake-utils"
        ]
      },
      "locked": {
-        "lastModified": 1699704512,
+        "lastModified": 1701094124,
-        "narHash": "sha256-kAyPmOuU3zXH9j3Yl0lPaC/DNJULXh1dlONuB6SivAw=",
+        "narHash": "sha256-4nZrZe/rzxmp+H2JrfLWVkwNGzvx0nVVWcfcF1AEb9I=",
        "ref": "refs/heads/main",
-        "rev": "9f48d9eab50549f5191ca5c8fc91dd311dcaf364",
+        "rev": "8f935b84929eb6ea4577b015b9b4ef4e86ee69ce",
-        "revCount": 109,
+        "revCount": 116,
        "type": "git",
        "url": "https://forgejo.owo.monster/chaos/musicutil"
      },
@ -117,11 +115,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1699549513,
+        "lastModified": 1700665566,
-        "narHash": "sha256-cfsghOs6Cr61wFsxkWonK8AwPwHaRGZ6QkbasUgygh4=",
+        "narHash": "sha256-+AU2AdpA2eHlVwH3LL1qCWCTJyOJwCw/7pwampP3Jy8=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "0e4c17efebff955471f169fffbb7e8cd62ada498",
+        "rev": "a9287f7191467138d6203ea44b3a0b9c745cb145",
        "type": "github"
      },
      "original": {
@ -132,11 +130,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1699099776,
+        "lastModified": 1700794826,
-        "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
+        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
+        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
        "type": "github"
      },
      "original": {
@ -148,11 +146,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1699099776,
+        "lastModified": 1700794826,
-        "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
+        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
+        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
        "type": "github"
      },
      "original": {
@ -164,11 +162,27 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1699099776,
+        "lastModified": 1700794826,
-        "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
+        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
+        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1700794826,
        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
        "type": "github"
      },
      "original": {
@ -180,11 +194,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1699696572,
+        "lastModified": 1701085559,
-        "narHash": "sha256-hnHyp2T4pkuj5xdkj/ZZme/ppmNJff47BcPRxwcJP00=",
+        "narHash": "sha256-BHT8Zxl/4iQ4NQ8N+fvJhi+LoblGNUz8p+axv40RDjY=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "2999af35ec973a0001ca92bb56b037ae18869f22",
+        "rev": "5b543aa25fdc06ae3f60c45acc050bd0876541bc",
        "type": "github"
      },
      "original": {
@ -193,32 +207,6 @@
        "type": "github"
      }
    },
    "piped-flake": {
      "inputs": {
        "flake-compat": [
          "flake-compat"
        ],
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
        "utils": [
          "flake-utils"
        ]
      },
      "locked": {
        "lastModified": 1697479170,
        "narHash": "sha256-TF5LZDLY/WMDcQ/kexL3+fZ9lw9p9h16htloC1CcQLA=",
        "ref": "refs/heads/main",
        "rev": "d2344c2b4ae8216c286d762f367a49fe3fc8b306",
        "revCount": 23,
        "type": "git",
        "url": "https://forgejo.owo.monster/chaos/piped-flake"
      },
      "original": {
        "type": "git",
        "url": "https://forgejo.owo.monster/chaos/piped-flake"
      }
    },
    "root": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -229,7 +217,6 @@
        "nixos-wsl": "nixos-wsl",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nur": "nur",
        "piped-flake": "piped-flake",
        "tree-input": "tree-input",
        "vaultui": "vaultui"
      }
@ -290,17 +277,17 @@
        "flake-compat": [
          "flake-compat"
        ],
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
        "utils": [
          "flake-utils"
        ]
      },
      "locked": {
-        "lastModified": 1699703627,
+        "lastModified": 1701095009,
-        "narHash": "sha256-DEzQZFUFJWmpqHKHDAynd7onl1EwEow7VIUhRInQ80M=",
+        "narHash": "sha256-hV9R/ZCXL9cZ78TZSkO6TUfuwx/E2K13k2kcoGDgGBc=",
        "ref": "refs/heads/main",
-        "rev": "e392ef0e0393b282c9250726238c4839d4cdb792",
+        "rev": "6b0eada62567711299750ae2b708ae30318c8ff9",
-        "revCount": 461,
+        "revCount": 462,
        "type": "git",
        "url": "https://forgejo.owo.monster/chaos/VaultUI"
      },
--- a/flake.nix
+++ b/flake.nix
@ -36,13 +36,8 @@
    musicutil.inputs.utils.follows = "flake-utils";
    musicutil.inputs.flake-compat.follows = "flake-compat";
    piped-flake.url = "git+https://forgejo.owo.monster/chaos/piped-flake";
    piped-flake.inputs.nixpkgs.follows = "nixpkgs-unstable";
    piped-flake.inputs.utils.follows = "flake-utils";
    piped-flake.inputs.flake-compat.follows = "flake-compat";
    food-site.url = "git+https://forgejo.owo.monster/chaos/food-site";
-    food-site.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    #food-site.inputs.nixpkgs.follows = "nixpkgs-unstable";
    food-site.inputs.utils.follows = "flake-utils";
    food-site.inputs.flake-compat.follows = "flake-compat";
  };
--- a/hosts/hetzner-arm/containers/piped-fi/default.nix
+++ b/hosts/hetzner-arm/containers/piped-fi/default.nix
@ -1,70 +0,0 @@
 {
  self,
  hostPath,
  tree,
  inputs,
  config,
  pkgs,
  ...
 }: let
  pipedName = "piped-fi";
  containerName = pipedName;
  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
  hostIP = containerAddresses.host;
  containerIP = containerAddresses.containers.${containerName};
  pipedSocketForComponent = (
    component: "/var/lib/nixos-containers/${containerName}/var/sockets/piped-${component}.sock"
  );
 in {
  containers.${containerName} = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = hostIP;
    localAddress = containerIP;
    specialArgs = {
      inherit inputs;
      inherit tree;
      inherit self;
      inherit hostPath;
    };
    config = {...}: {
      nixpkgs.pkgs = pkgs;
      imports = with tree; [
        presets.nixos.containerBase
        presets.nixos.pipedNode
      ];
      home-manager.users.root.home.stateVersion = "23.05";
      system.stateVersion = "23.05";
    };
  };
  services.nginx.virtualHosts."${pipedName}.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://unix:${pipedSocketForComponent "frontend"}";
    };
  };
  services.nginx.virtualHosts."backend.${pipedName}.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://unix:${pipedSocketForComponent "backend"}";
    };
  };
  services.nginx.virtualHosts."proxy.${pipedName}.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://unix:${pipedSocketForComponent "proxy"}";
    };
  };
 }
--- a/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix
+++ b/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix
@ -12,15 +12,10 @@ in {
    enable = true;
    enableTCPIP = true;
    ensureDatabases = [
      "piped"
      "gotosocial"
      "quassel"
    ];
    ensureUsers = [
      {
        name = "piped";
        ensurePermissions."DATABASE piped" = "ALL PRIVILEGES";
      }
      {
        name = "gotosocial";
        ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES";
@ -33,9 +28,6 @@ in {
    # If the host is a local container then use the container's IP
    # otherwise use the host's IP
    authentication = ''
      host piped piped ${localContainersAddresses.containers."piped-fi"}/32 trust
      host piped piped ${wireguardHosts."raspberry".ip}/32 trust
      host gotosocial gotosocial ${localContainersAddresses.containers."social"}/32 trust
      host quassel quassel ${localContainersAddresses.containers."quassel"}/32 trust
    '';
--- a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
@ -7,7 +7,6 @@
  backupPrepareCommand = "${
    (pkgs.writeShellScriptBin "backupPrepareCommand" ''
      systemctl start remotePostgreSQLBackup-piped --wait
      systemctl start remotePostgreSQLBackup-gotosocial --wait
      systemctl start remotePostgreSQLBackup-quassel --wait
    '')
@ -51,7 +50,6 @@ in {
    enable = true;
    backupUser = "postgres";
    databases = [
      "piped"
      "gotosocial"
      "quassel"
    ];
--- a/hosts/hetzner-arm/data/containerAddresses.nix
+++ b/hosts/hetzner-arm/data/containerAddresses.nix
@ -7,9 +7,8 @@
    quassel = "10.0.1.5";
    forgejo = "10.0.1.6";
    postgresql = "10.0.1.7";
-    piped-fi = "10.0.1.8";
+    caldav = "10.0.1.8";
-    caldav = "10.0.1.9";
+    owncast = "10.0.1.9";
-    owncast = "10.0.1.10";
+    jellyfin = "10.0.1.10";
    jellyfin = "10.0.1.11";
  };
 }
--- a/hosts/hetzner-arm/hetzner-arm.nix
+++ b/hosts/hetzner-arm/hetzner-arm.nix
@ -25,7 +25,6 @@ in {
      "music"
      "quassel"
      "postgresql"
      "piped-fi"
      "mail"
      "forgejo"
      "caldav"
--- a/hosts/nixos.nix
+++ b/hosts/nixos.nix
@ -32,7 +32,6 @@
    inputs.nixos-wsl.nixosModules.default
    inputs.vaultui.nixosModules.default
    inputs.piped-flake.nixosModules.default
    tree.modules.nixos.rcloneServe
    tree.modules.nixos.rcloneSync
--- a/hosts/raspberry/containers/piped-uk/default.nix
+++ b/hosts/raspberry/containers/piped-uk/default.nix
@ -1,69 +0,0 @@
 {
  self,
  hostPath,
  tree,
  inputs,
  config,
  pkgs,
  lib,
  ...
 }: let
  inherit (lib.modules) mkForce;
  pipedName = "piped-uk";
  containerName = pipedName;
  pipedSocketForComponent = (
    component: "/var/lib/nixos-containers/${containerName}/var/sockets/piped-${component}.sock"
  );
 in {
  containers.${containerName} = {
    autoStart = true;
    privateNetwork = false;
    specialArgs = {
      inherit inputs;
      inherit tree;
      inherit self;
      inherit hostPath;
    };
    config = {...}: {
      nixpkgs.pkgs = pkgs;
      imports = with tree; [
        presets.nixos.containerBase
        presets.nixos.pipedNode
      ];
      networking.firewall.enable = mkForce false;
      home-manager.users.root.home.stateVersion = "23.05";
      system.stateVersion = "23.05";
    };
  };
  services.nginx.virtualHosts."${pipedName}.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://unix:${pipedSocketForComponent "frontend"}";
    };
  };
  services.nginx.virtualHosts."backend.${pipedName}.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://unix:${pipedSocketForComponent "backend"}";
    };
  };
  services.nginx.virtualHosts."proxy.${pipedName}.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://unix:${pipedSocketForComponent "proxy"}";
    };
  };
 }
--- a/hosts/raspberry/raspberry.nix
+++ b/hosts/raspberry/raspberry.nix
@ -8,8 +8,6 @@
      profiles.chaosInternalWireGuard
      ./containers/piped-uk/default.nix
      ./secrets.nix
      ./boot.nix
    ]
--- a/outputs.nix
+++ b/outputs.nix
@ -22,9 +22,6 @@ in
        config.allowUnfree = true;
        overlays = [
          (import ./overlay)
          (import ./overlay/piped-overlay.nix {
            inherit (inputs) piped-flake;
          })
        ];
      };
    in
@ -57,7 +54,6 @@ in
            inherit (pkgs) comic-code comic-sans;
            inherit (pkgs) mk-enc-usb mk-encrypted-drive mk-raspberry-ext-drive;
            inherit (pkgs) gotosocial mpd-headless owncast;
            inherit (pkgs) piped-backend piped-frontend piped-proxy;
            inherit (pkgs) kitty-terminfo;
          };
        }
@ -162,10 +158,6 @@ in
                hasHostSecrets = doesHaveHostSecrets "vault";
                sshAddress = "vault.servers.genderfucked.monster";
              };
            #"raspberry" = {
            #  containers = ["piped-uk"];
            #  sshAddress = "raspberry.servers.genderfucked.monster";
            #};
            "lappy-t495" = configForMachine "lappy-t495";
          };
--- a/overlay/piped-overlay.nix
+++ b/overlay/piped-overlay.nix
@ -1,27 +0,0 @@
 {piped-flake}: (prev: final: let
  system = final.system;
  piped-flake-pkgs = piped-flake.packages.${system};
 in {
  inherit (piped-flake-pkgs) piped-frontend;
  inherit (piped-flake-pkgs) piped-proxy piped-proxy-openssl;
  inherit (piped-flake-pkgs) piped-proxy-full piped-proxy-full-openssl;
  inherit (piped-flake-pkgs) piped-proxy-minimal piped-proxy-minimal-openssl;
  # Won't build due to this; added a native-arm64 to all builders on arm64
  # https://github.com/NixOS/nixpkgs/issues/255780
  piped-backend =
    (piped-flake-pkgs.piped-backend.override (prev: {
      piped-backend-deps = prev.piped-backend-deps.overrideAttrs {
        requiredSystemFeatures =
          if system == "aarch64-linux"
          then ["native-arm64"]
          else [];
      };
    }))
    .overrideAttrs {
      requiredSystemFeatures =
        if system == "aarch64-linux"
        then ["native-arm64"]
        else [];
    };
 })
--- a/presets/nixos/containerBase.nix
+++ b/presets/nixos/containerBase.nix
@ -17,7 +17,6 @@
      # Default modules which are usually included in nixos.nix
      inputs.home-manager-unstable.nixosModules.home-manager
      inputs.vaultui.nixosModules.default
      inputs.piped-flake.nixosModules.default
    ];
  home-manager.users.root = {
--- a/presets/nixos/pipedNode.nix
+++ b/presets/nixos/pipedNode.nix
@ -1,122 +0,0 @@
 {
  self,
  config,
  tree,
  pkgs,
  ...
 }: let
  inherit (builtins) attrNames elem;
  hostName = config.networking.hostName;
  hetznerARMContainerAddresses = import "${self}/hosts/hetzner-arm/data/containerAddresses.nix";
  defaultPorts = {
    internalPipedBackend = 3012;
    internalPipedProxy = 3013;
    internalNginxPort = 8199;
  };
  hostConfigs = {
    "piped-fi" = {
      baseDomain = "piped-fi.owo.monster";
      ports = defaultPorts;
    };
    "piped-uk" = {
      baseDomain = "piped-uk.owo.monster";
      ports = defaultPorts;
    };
  };
  hostConfig =
    if elem hostName (attrNames hostConfigs)
    then hostConfigs.${hostName}
    else throw "host isn't configured for piped node";
  inherit (hostConfig) baseDomain ports;
 in {
  imports = with tree; [
    profiles.nginx
  ];
  services.piped = {
    enable = true;
    frontend = {
      domain = "${baseDomain}";
      nginx = {
        forceSSL = false;
        enableACME = false;
      };
    };
    backend = {
      domain = "backend.${baseDomain}";
      internalPort = ports.internalPipedBackend;
      nginx = {
        forceSSL = false;
        enableACME = false;
      };
      settings = {
        disableRegistrations = true;
      };
      database = {
        disablePostgresDB = true;
        name = "piped";
        username = "piped";
        usePassword = false;
        host = hetznerARMContainerAddresses.containers.postgresql;
      };
    };
    proxy = {
      domain = "proxy.${baseDomain}";
      internalPort = ports.internalPipedProxy;
      package = pkgs.piped-proxy-minimal-openssl;
      nginx = {
        forceSSL = false;
        enableACME = false;
      };
    };
  };
  systemd.tmpfiles.rules = [
    "d /var/sockets - nginx nginx"
  ];
  systemd.services.nginx = {
    serviceConfig.ReadWritePaths = [
      "/var/sockets"
    ];
  };
  services.nginx.virtualHosts = let
    componentPath = component: "/var/sockets/piped-${component}.sock";
    listen = [
      {
        addr = "127.0.0.1";
        port = ports.internalNginxPort;
      }
    ];
  in {
    "${baseDomain}" = {
      inherit listen;
      extraConfig = "listen unix:${componentPath "frontend"};";
    };
    "backend.${baseDomain}" = {
      inherit listen;
      extraConfig = "listen unix:${componentPath "backend"};";
    };
    "proxy.${baseDomain}" = {
      inherit listen;
      extraConfig = "listen unix:${componentPath "proxy"};";
    };
  };
 }
--- a/profiles/base/nix.nix
+++ b/profiles/base/nix.nix
@ -27,9 +27,6 @@ in {
    };
    overlays = [
      (import ../../overlay)
      (import ../../overlay/piped-overlay.nix {
        inherit (inputs) piped-flake;
      })
    ];
  };
  environment.etc."nixpkgs-commit".text = inputs.nixpkgs-unstable.rev;
--- a/scripts/buildPipedBackendAArch64.sh
+++ b/scripts/buildPipedBackendAArch64.sh
@ -1 +0,0 @@
 nix build --system aarch64-linux .#piped-backend --builders "ssh://root@raspberry.servers.genderfucked.monster?ssh-key=/usb/ssh-keys/chaos.priv aarch64-linux - 2 2 nixos-test,benchmark,big-parallel,kvm - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUJhZlp5bitQcUtBclVYZ1VNdCszaDQvRU5kbWVUNWx3YXBPUm5lZXZ2eVIgcm9vdEByYXNwYmVycnkK#" --max-jobs 0 --builders-use-substitutes
--- a/scripts/update.sh
+++ b/scripts/update.sh
@ -4,6 +4,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 REPO_ROOT="${SCRIPT_DIR}/.."
 cd $REPO_ROOT
 # TODO
 #./overlay/piped/update.sh
 nix flake update
		`@ -1 +0,0 @@`
			`nix build --system aarch64-linux .#piped-backend --builders "ssh://root@raspberry.servers.genderfucked.monster?ssh-key=/usb/ssh-keys/chaos.priv aarch64-linux - 2 2 nixos-test,benchmark,big-parallel,kvm - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUJhZlp5bitQcUtBclVYZ1VNdCszaDQvRU5kbWVUNWx3YXBPUm5lZXZ2eVIgcm9vdEByYXNwYmVycnkK#" --max-jobs 0 --builders-use-substitutes`