chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

remove piped; update flake

Browse source
This commit is contained in:
chaos 2023-11-27 15:14:59 +00:00
parent af686d8240
commit d15de2f221
No known key found for this signature in database
17 changed files with 53 additions and 389 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

111
flake.lock
View file

@ -39,19 +39,17 @@
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs": "nixpkgs",
"utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1699701798,
"narHash": "sha256-goytj9Wm1onHgdr8UoUnQ0pLwCDSsyUqonE3sbu2nUw=",
"lastModified": 1701095034,
"narHash": "sha256-up8JguDsMgvf3umpcH6P9iD/R6TqCrcB3rhlsOTLKYU=",
"ref": "refs/heads/hungy",
"rev": "d6466a95059de3df3d5947a49d73833e9992c28f",
"revCount": 55,
"rev": "1cca07d244e18ea1c1c0d48016fa3e4b581bf224",
"revCount": 57,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/food-site"
},
@ -67,11 +65,11 @@
]
},
"locked": {
"lastModified": 1699663185,
"narHash": "sha256-hI3CZPINBWstkMN+ptyzWibw5eRtFCiEvO7zR61bGBs=",
"lastModified": 1701071203,
"narHash": "sha256-lQywA7QU/vzTdZ1apI0PfgCWNyQobXUYghVrR5zuIeM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "691cbcc03af6ad1b5384c0e0e0b5f2298f58c5ce",
"rev": "db1878f013b52ba5e4034db7c1b63e8d04173a86",
"type": "github"
},
"original": {
@ -85,17 +83,17 @@
"flake-compat": [
"flake-compat"
],
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1699704512,
"narHash": "sha256-kAyPmOuU3zXH9j3Yl0lPaC/DNJULXh1dlONuB6SivAw=",
"lastModified": 1701094124,
"narHash": "sha256-4nZrZe/rzxmp+H2JrfLWVkwNGzvx0nVVWcfcF1AEb9I=",
"ref": "refs/heads/main",
"rev": "9f48d9eab50549f5191ca5c8fc91dd311dcaf364",
"revCount": 109,
"rev": "8f935b84929eb6ea4577b015b9b4ef4e86ee69ce",
"revCount": 116,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/musicutil"
},
@ -117,11 +115,11 @@
]
},
"locked": {
"lastModified": 1699549513,
"narHash": "sha256-cfsghOs6Cr61wFsxkWonK8AwPwHaRGZ6QkbasUgygh4=",
"lastModified": 1700665566,
"narHash": "sha256-+AU2AdpA2eHlVwH3LL1qCWCTJyOJwCw/7pwampP3Jy8=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "0e4c17efebff955471f169fffbb7e8cd62ada498",
"rev": "a9287f7191467138d6203ea44b3a0b9c745cb145",
"type": "github"
},
"original": {
@ -132,11 +130,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1699099776,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"type": "github"
},
"original": {
@ -148,11 +146,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1699099776,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"type": "github"
},
"original": {
@ -164,11 +162,27 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1699099776,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"type": "github"
},
"original": {
@ -180,11 +194,11 @@
},
"nur": {
"locked": {
"lastModified": 1699696572,
"narHash": "sha256-hnHyp2T4pkuj5xdkj/ZZme/ppmNJff47BcPRxwcJP00=",
"lastModified": 1701085559,
"narHash": "sha256-BHT8Zxl/4iQ4NQ8N+fvJhi+LoblGNUz8p+axv40RDjY=",
"owner": "nix-community",
"repo": "NUR",
"rev": "2999af35ec973a0001ca92bb56b037ae18869f22",
"rev": "5b543aa25fdc06ae3f60c45acc050bd0876541bc",
"type": "github"
},
"original": {
@ -193,32 +207,6 @@
"type": "github"
}
},
"piped-flake": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1697479170,
"narHash": "sha256-TF5LZDLY/WMDcQ/kexL3+fZ9lw9p9h16htloC1CcQLA=",
"ref": "refs/heads/main",
"rev": "d2344c2b4ae8216c286d762f367a49fe3fc8b306",
"revCount": 23,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/piped-flake"
},
"original": {
"type": "git",
"url": "https://forgejo.owo.monster/chaos/piped-flake"
}
},
"root": {
"inputs": {
"flake-compat": "flake-compat",
@ -229,7 +217,6 @@
"nixos-wsl": "nixos-wsl",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"piped-flake": "piped-flake",
"tree-input": "tree-input",
"vaultui": "vaultui"
}
@ -290,17 +277,17 @@
"flake-compat": [
"flake-compat"
],
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1699703627,
"narHash": "sha256-DEzQZFUFJWmpqHKHDAynd7onl1EwEow7VIUhRInQ80M=",
"lastModified": 1701095009,
"narHash": "sha256-hV9R/ZCXL9cZ78TZSkO6TUfuwx/E2K13k2kcoGDgGBc=",
"ref": "refs/heads/main",
"rev": "e392ef0e0393b282c9250726238c4839d4cdb792",
"revCount": 461,
"rev": "6b0eada62567711299750ae2b708ae30318c8ff9",
"revCount": 462,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/VaultUI"
},

7
flake.nix
View file

@ -36,13 +36,8 @@
musicutil.inputs.utils.follows = "flake-utils";
musicutil.inputs.flake-compat.follows = "flake-compat";
piped-flake.url = "git+https://forgejo.owo.monster/chaos/piped-flake";
piped-flake.inputs.nixpkgs.follows = "nixpkgs-unstable";
piped-flake.inputs.utils.follows = "flake-utils";
piped-flake.inputs.flake-compat.follows = "flake-compat";
food-site.url = "git+https://forgejo.owo.monster/chaos/food-site";
food-site.inputs.nixpkgs.follows = "nixpkgs-unstable";
#food-site.inputs.nixpkgs.follows = "nixpkgs-unstable";
food-site.inputs.utils.follows = "flake-utils";
food-site.inputs.flake-compat.follows = "flake-compat";
};

70
hosts/hetzner-arm/containers/piped-fi/default.nix
View file

@ -1,70 +0,0 @@
{
self,
hostPath,
tree,
inputs,
config,
pkgs,
...
}: let
pipedName = "piped-fi";
containerName = pipedName;
containerAddresses = import "${hostPath}/data/containerAddresses.nix";
hostIP = containerAddresses.host;
containerIP = containerAddresses.containers.${containerName};
pipedSocketForComponent = (
component: "/var/lib/nixos-containers/${containerName}/var/sockets/piped-${component}.sock"
);
in {
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostAddress = hostIP;
localAddress = containerIP;
specialArgs = {
inherit inputs;
inherit tree;
inherit self;
inherit hostPath;
};
config = {...}: {
nixpkgs.pkgs = pkgs;
imports = with tree; [
presets.nixos.containerBase
presets.nixos.pipedNode
];
home-manager.users.root.home.stateVersion = "23.05";
system.stateVersion = "23.05";
};
};
services.nginx.virtualHosts."${pipedName}.owo.monster" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://unix:${pipedSocketForComponent "frontend"}";
};
};
services.nginx.virtualHosts."backend.${pipedName}.owo.monster" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://unix:${pipedSocketForComponent "backend"}";
};
};
services.nginx.virtualHosts."proxy.${pipedName}.owo.monster" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://unix:${pipedSocketForComponent "proxy"}";
};
};
}

8
hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix
View file

@ -12,15 +12,10 @@ in {
enable = true;
enableTCPIP = true;
ensureDatabases = [
"piped"
"gotosocial"
"quassel"
];
ensureUsers = [
{
name = "piped";
ensurePermissions."DATABASE piped" = "ALL PRIVILEGES";
}
{
name = "gotosocial";
ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES";
@ -33,9 +28,6 @@ in {
# If the host is a local container then use the container's IP
# otherwise use the host's IP
authentication = ''
host piped piped ${localContainersAddresses.containers."piped-fi"}/32 trust
host piped piped ${wireguardHosts."raspberry".ip}/32 trust
host gotosocial gotosocial ${localContainersAddresses.containers."social"}/32 trust
host quassel quassel ${localContainersAddresses.containers."quassel"}/32 trust
'';

2
hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
View file

@ -7,7 +7,6 @@
backupPrepareCommand = "${
(pkgs.writeShellScriptBin "backupPrepareCommand" ''
systemctl start remotePostgreSQLBackup-piped --wait
systemctl start remotePostgreSQLBackup-gotosocial --wait
systemctl start remotePostgreSQLBackup-quassel --wait
'')
@ -51,7 +50,6 @@ in {
enable = true;
backupUser = "postgres";
databases = [
"piped"
"gotosocial"
"quassel"
];

7
hosts/hetzner-arm/data/containerAddresses.nix
View file

@ -7,9 +7,8 @@
quassel = "10.0.1.5";
forgejo = "10.0.1.6";
postgresql = "10.0.1.7";
piped-fi = "10.0.1.8";
caldav = "10.0.1.9";
owncast = "10.0.1.10";
jellyfin = "10.0.1.11";
caldav = "10.0.1.8";
owncast = "10.0.1.9";
jellyfin = "10.0.1.10";
};
}

1
hosts/hetzner-arm/hetzner-arm.nix
View file

@ -25,7 +25,6 @@ in {
"music"
"quassel"
"postgresql"
"piped-fi"
"mail"
"forgejo"
"caldav"

1
hosts/nixos.nix
View file

@ -32,7 +32,6 @@
inputs.nixos-wsl.nixosModules.default
inputs.vaultui.nixosModules.default
inputs.piped-flake.nixosModules.default
tree.modules.nixos.rcloneServe
tree.modules.nixos.rcloneSync

69
hosts/raspberry/containers/piped-uk/default.nix
View file

@ -1,69 +0,0 @@
{
self,
hostPath,
tree,
inputs,
config,
pkgs,
lib,
...
}: let
inherit (lib.modules) mkForce;
pipedName = "piped-uk";
containerName = pipedName;
pipedSocketForComponent = (
component: "/var/lib/nixos-containers/${containerName}/var/sockets/piped-${component}.sock"
);
in {
containers.${containerName} = {
autoStart = true;
privateNetwork = false;
specialArgs = {
inherit inputs;
inherit tree;
inherit self;
inherit hostPath;
};
config = {...}: {
nixpkgs.pkgs = pkgs;
imports = with tree; [
presets.nixos.containerBase
presets.nixos.pipedNode
];
networking.firewall.enable = mkForce false;
home-manager.users.root.home.stateVersion = "23.05";
system.stateVersion = "23.05";
};
};
services.nginx.virtualHosts."${pipedName}.owo.monster" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://unix:${pipedSocketForComponent "frontend"}";
};
};
services.nginx.virtualHosts."backend.${pipedName}.owo.monster" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://unix:${pipedSocketForComponent "backend"}";
};
};
services.nginx.virtualHosts."proxy.${pipedName}.owo.monster" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://unix:${pipedSocketForComponent "proxy"}";
};
};
}

2
hosts/raspberry/raspberry.nix
View file

@ -8,8 +8,6 @@
profiles.chaosInternalWireGuard
./containers/piped-uk/default.nix
./secrets.nix
./boot.nix
]

8
outputs.nix
View file

@ -22,9 +22,6 @@ in
config.allowUnfree = true;
overlays = [
(import ./overlay)
(import ./overlay/piped-overlay.nix {
inherit (inputs) piped-flake;
})
];
};
in
@ -57,7 +54,6 @@ in
inherit (pkgs) comic-code comic-sans;
inherit (pkgs) mk-enc-usb mk-encrypted-drive mk-raspberry-ext-drive;
inherit (pkgs) gotosocial mpd-headless owncast;
inherit (pkgs) piped-backend piped-frontend piped-proxy;
inherit (pkgs) kitty-terminfo;
};
}
@ -162,10 +158,6 @@ in
hasHostSecrets = doesHaveHostSecrets "vault";
sshAddress = "vault.servers.genderfucked.monster";
};
#"raspberry" = {
# containers = ["piped-uk"];
# sshAddress = "raspberry.servers.genderfucked.monster";
#};
"lappy-t495" = configForMachine "lappy-t495";
};

27
overlay/piped-overlay.nix
View file

@ -1,27 +0,0 @@
{piped-flake}: (prev: final: let
system = final.system;
piped-flake-pkgs = piped-flake.packages.${system};
in {
inherit (piped-flake-pkgs) piped-frontend;
inherit (piped-flake-pkgs) piped-proxy piped-proxy-openssl;
inherit (piped-flake-pkgs) piped-proxy-full piped-proxy-full-openssl;
inherit (piped-flake-pkgs) piped-proxy-minimal piped-proxy-minimal-openssl;
# Won't build due to this; added a native-arm64 to all builders on arm64
# https://github.com/NixOS/nixpkgs/issues/255780
piped-backend =
(piped-flake-pkgs.piped-backend.override (prev: {
piped-backend-deps = prev.piped-backend-deps.overrideAttrs {
requiredSystemFeatures =
if system == "aarch64-linux"
then ["native-arm64"]
else [];
};
}))
.overrideAttrs {
requiredSystemFeatures =
if system == "aarch64-linux"
then ["native-arm64"]
else [];
};
})

1
presets/nixos/containerBase.nix
View file

@ -17,7 +17,6 @@
# Default modules which are usually included in nixos.nix
inputs.home-manager-unstable.nixosModules.home-manager
inputs.vaultui.nixosModules.default
inputs.piped-flake.nixosModules.default
];
home-manager.users.root = {

122
presets/nixos/pipedNode.nix
View file

@ -1,122 +0,0 @@
{
self,
config,
tree,
pkgs,
...
}: let
inherit (builtins) attrNames elem;
hostName = config.networking.hostName;
hetznerARMContainerAddresses = import "${self}/hosts/hetzner-arm/data/containerAddresses.nix";
defaultPorts = {
internalPipedBackend = 3012;
internalPipedProxy = 3013;
internalNginxPort = 8199;
};
hostConfigs = {
"piped-fi" = {
baseDomain = "piped-fi.owo.monster";
ports = defaultPorts;
};
"piped-uk" = {
baseDomain = "piped-uk.owo.monster";
ports = defaultPorts;
};
};
hostConfig =
if elem hostName (attrNames hostConfigs)
then hostConfigs.${hostName}
else throw "host isn't configured for piped node";
inherit (hostConfig) baseDomain ports;
in {
imports = with tree; [
profiles.nginx
];
services.piped = {
enable = true;
frontend = {
domain = "${baseDomain}";
nginx = {
forceSSL = false;
enableACME = false;
};
};
backend = {
domain = "backend.${baseDomain}";
internalPort = ports.internalPipedBackend;
nginx = {
forceSSL = false;
enableACME = false;
};
settings = {
disableRegistrations = true;
};
database = {
disablePostgresDB = true;
name = "piped";
username = "piped";
usePassword = false;
host = hetznerARMContainerAddresses.containers.postgresql;
};
};
proxy = {
domain = "proxy.${baseDomain}";
internalPort = ports.internalPipedProxy;
package = pkgs.piped-proxy-minimal-openssl;
nginx = {
forceSSL = false;
enableACME = false;
};
};
};
systemd.tmpfiles.rules = [
"d /var/sockets - nginx nginx"
];
systemd.services.nginx = {
serviceConfig.ReadWritePaths = [
"/var/sockets"
];
};
services.nginx.virtualHosts = let
componentPath = component: "/var/sockets/piped-${component}.sock";
listen = [
{
addr = "127.0.0.1";
port = ports.internalNginxPort;
}
];
in {
"${baseDomain}" = {
inherit listen;
extraConfig = "listen unix:${componentPath "frontend"};";
};
"backend.${baseDomain}" = {
inherit listen;
extraConfig = "listen unix:${componentPath "backend"};";
};
"proxy.${baseDomain}" = {
inherit listen;
extraConfig = "listen unix:${componentPath "proxy"};";
};
};
}

3
profiles/base/nix.nix
View file

@ -27,9 +27,6 @@ in {
};
overlays = [
(import ../../overlay)
(import ../../overlay/piped-overlay.nix {
inherit (inputs) piped-flake;
})
];
};
environment.etc."nixpkgs-commit".text = inputs.nixpkgs-unstable.rev;

1
scripts/buildPipedBackendAArch64.sh
View file

@ -1 +0,0 @@
nix build --system aarch64-linux .#piped-backend --builders "ssh://root@raspberry.servers.genderfucked.monster?ssh-key=/usb/ssh-keys/chaos.priv aarch64-linux - 2 2 nixos-test,benchmark,big-parallel,kvm - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUJhZlp5bitQcUtBclVYZ1VNdCszaDQvRU5kbWVUNWx3YXBPUm5lZXZ2eVIgcm9vdEByYXNwYmVycnkK#" --max-jobs 0 --builders-use-substitutes

2
scripts/update.sh
View file

@ -4,6 +4,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
REPO_ROOT="${SCRIPT_DIR}/.."
cd $REPO_ROOT
# TODO
#./overlay/piped/update.sh
nix flake update