matrix, more updates
This commit is contained in:
parent
847b009d6c
commit
dff2b84dde
|
@ -207,11 +207,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1671533103,
|
"lastModified": 1671541304,
|
||||||
"narHash": "sha256-AtYVnkWVYMyTTXNOI+6x66EMpm+SvnYscd5QQBIZ3ak=",
|
"narHash": "sha256-YDlK8nZpOk7YmOgs8LH6vnreXUx0p0GPxZXi6r6mJW4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "d67c890fc1096b9c8706c1c46f8e3fec06add355",
|
"rev": "7c843785562856dfcc78dde7d7141d89a0309402",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -15,6 +15,11 @@
|
||||||
hostname = "192.168.100.11";
|
hostname = "192.168.100.11";
|
||||||
proxyJump = "hetzner-vm";
|
proxyJump = "hetzner-vm";
|
||||||
};
|
};
|
||||||
|
"matrix" = {
|
||||||
|
user = "root";
|
||||||
|
hostname = "192.168.100.12";
|
||||||
|
proxyJump = "hetzner-vm";
|
||||||
|
};
|
||||||
"blahaj" = {
|
"blahaj" = {
|
||||||
user = "chaos";
|
user = "chaos";
|
||||||
hostname = "blahaj.sapphicco.de";
|
hostname = "blahaj.sapphicco.de";
|
||||||
|
|
|
@ -0,0 +1,211 @@
|
||||||
|
{
|
||||||
|
tree,
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
hostIP = "192.168.100.10";
|
||||||
|
containerIP = "192.168.100.12";
|
||||||
|
|
||||||
|
# Using secrets from Host
|
||||||
|
secrets = config.services.secrets.secrets;
|
||||||
|
in {
|
||||||
|
containers.matrix = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = hostIP;
|
||||||
|
localAddress = containerIP;
|
||||||
|
bindMounts = {
|
||||||
|
"${secrets.matrix_restic_password.path}" = {
|
||||||
|
hostPath = "${secrets.matrix_restic_password.path}";
|
||||||
|
};
|
||||||
|
"${secrets.matrix_restic_env.path}" = {
|
||||||
|
hostPath = "${secrets.matrix_restic_env.path}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
_module.args = {
|
||||||
|
inherit inputs;
|
||||||
|
inherit tree;
|
||||||
|
host_secrets = secrets;
|
||||||
|
};
|
||||||
|
|
||||||
|
imports = with tree;
|
||||||
|
[
|
||||||
|
profiles.base
|
||||||
|
inputs.home-manager-unstable.nixosModules.home-manager
|
||||||
|
|
||||||
|
profiles.sshd
|
||||||
|
|
||||||
|
modules.nixos.secrets
|
||||||
|
|
||||||
|
users.root
|
||||||
|
]
|
||||||
|
++ (with hosts.hetzner-vm.containers.matrix; [
|
||||||
|
profiles.matrix
|
||||||
|
profiles.restic
|
||||||
|
]);
|
||||||
|
|
||||||
|
# For Shared Secrets
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${config.services.secrets.secretsDir} - root root"
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
enable = true;
|
||||||
|
allowedTCPPorts = [22 6167];
|
||||||
|
};
|
||||||
|
|
||||||
|
home-manager.users.root = {
|
||||||
|
imports = with tree; [home.base home.dev.small];
|
||||||
|
home.packages = with pkgs; [vault];
|
||||||
|
home.stateVersion = "22.05";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Manually configure nameserver. Using resolved inside the container seems to fail
|
||||||
|
# currently
|
||||||
|
environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
|
||||||
|
system.stateVersion = "22.05";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"matrix.owo.monster" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 80;
|
||||||
|
ssl = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 443;
|
||||||
|
ssl = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8448;
|
||||||
|
ssl = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
merge_slashes off;
|
||||||
|
'';
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
root = pkgs.element-web;
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."=/config.matrix.owo.monster.json" = {
|
||||||
|
alias = let
|
||||||
|
config = {
|
||||||
|
default_server_config = {
|
||||||
|
"m.homeserver" = {
|
||||||
|
"base_url" = "https://matrix.owo.monster";
|
||||||
|
};
|
||||||
|
"m.identity_server" = {
|
||||||
|
"base_url" = "https://vector.im";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
brand = "Element";
|
||||||
|
bug_report_endpoint_url = "";
|
||||||
|
default_country_code = "GB";
|
||||||
|
default_federate = true;
|
||||||
|
default_theme = "dark";
|
||||||
|
disable_3pid_login = false;
|
||||||
|
disable_custom_urls = false;
|
||||||
|
disable_guests = false;
|
||||||
|
disable_login_language_selector = false;
|
||||||
|
jitsi.preferred_domain = "";
|
||||||
|
element_call = {
|
||||||
|
brand = "Element Call";
|
||||||
|
participant_limit = 8;
|
||||||
|
url = "";
|
||||||
|
};
|
||||||
|
enable_presence_by_hs_url = {
|
||||||
|
"https://matrix-client.matrix.org" = false;
|
||||||
|
"https://matrix.org" = false;
|
||||||
|
};
|
||||||
|
features = {};
|
||||||
|
integrations_rest_url = "https://scalar.vector.im/api";
|
||||||
|
integrations_ui_url = "https://scalar.vector.im/";
|
||||||
|
integrations_widgets_urls = ["https://scalar.vector.im/_matrix/integrations/v1" "https://scalar.vector.im/api" "https://scalar-staging.vector.im/_matrix/integrations/v1" "https://scalar-staging.vector.im/api" "https://scalar-staging.riot.im/scalar/api"];
|
||||||
|
map_style_url = "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx";
|
||||||
|
room_directory = {servers = ["matrix.org"];};
|
||||||
|
setting_defaults = {breadcrumbs = true;};
|
||||||
|
show_labs_settings = false;
|
||||||
|
uisi_autorageshake_app = "element-auto-uisi";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
pkgs.writeText "config.matrix.owo.monster.json" (builtins.toJSON config);
|
||||||
|
extraConfig = ''
|
||||||
|
default_type application/json;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."/_matrix/" = {
|
||||||
|
proxyPass = "http://backend_conduit$request_uri";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_buffering off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."=/.well-known/matrix/server" = {
|
||||||
|
alias = let
|
||||||
|
config = {
|
||||||
|
"m.server" = "matrix.owo.monster";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
pkgs.writeText "well-known-matrix-server" (builtins.toJSON config);
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
default_type application/json;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."=/.well-known/matrix/client" = {
|
||||||
|
alias = let
|
||||||
|
config = {
|
||||||
|
"m.homeserver" = {
|
||||||
|
"base_url" = "https://matrix.owo.monster";
|
||||||
|
};
|
||||||
|
"m.identity_server" = {
|
||||||
|
"base_url" = "https://vector.im";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
pkgs.writeText "well-known-matrix-client" (builtins.toJSON config);
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
default_type application/json;
|
||||||
|
add_header Access-Control-Allow-Origin "*";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
upstreams = {
|
||||||
|
"backend_conduit" = {
|
||||||
|
servers = {
|
||||||
|
"${containerIP}:${toString 6167}" = {};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [80 443 8448];
|
||||||
|
networking.firewall.allowedUDPPorts = [80 443 8448];
|
||||||
|
}
|
14
hosts/hetzner-vm/containers/matrix/profiles/matrix.nix
Normal file
14
hosts/hetzner-vm/containers/matrix/profiles/matrix.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
inputs,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
services.matrix-conduit = {
|
||||||
|
enable = true;
|
||||||
|
settings.global = {
|
||||||
|
address = "0.0.0.0";
|
||||||
|
allow_registration = true;
|
||||||
|
server_name = "matrix.owo.monster";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
17
hosts/hetzner-vm/containers/matrix/profiles/restic.nix
Normal file
17
hosts/hetzner-vm/containers/matrix/profiles/restic.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
host_secrets,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
secrets = host_secrets;
|
||||||
|
in {
|
||||||
|
environment.systemPackages = [
|
||||||
|
(pkgs.writeShellScriptBin "restic-matrix" ''
|
||||||
|
env \
|
||||||
|
RESTIC_PASSWORD_FILE=${secrets.matrix_restic_password.path} \
|
||||||
|
$(cat ${secrets.matrix_restic_env.path}) \
|
||||||
|
${pkgs.restic}/bin/restic $@
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
}
|
|
@ -6,7 +6,8 @@
|
||||||
rclone_serve_restic_hvm = 4245;
|
rclone_serve_restic_hvm = 4245;
|
||||||
rclone_serve_restic_music = 4246;
|
rclone_serve_restic_music = 4246;
|
||||||
rclone_serve_restic_vault = 4247;
|
rclone_serve_restic_vault = 4247;
|
||||||
|
rclone_serve_restic_matrix = 4248;
|
||||||
|
|
||||||
rclone_serve_http_music = 4248;
|
rclone_serve_http_music = 4249;
|
||||||
rclone_serve_http_public = 4249;
|
rclone_serve_http_public = 4250;
|
||||||
}
|
}
|
||||||
|
|
|
@ -110,6 +110,17 @@ in {
|
||||||
];
|
];
|
||||||
inherit serviceConfig;
|
inherit serviceConfig;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
user = "storage";
|
||||||
|
remote = "StorageBox:Backups/Restic/Matrix";
|
||||||
|
type = "restic";
|
||||||
|
extraArgs = [
|
||||||
|
"--addr=0.0.0.0:${toString ports.rclone_serve_restic_matrix}"
|
||||||
|
"--htpasswd=${secrets.restic_matrix_htpasswd.path}"
|
||||||
|
"--baseurl=/Matrix/"
|
||||||
|
];
|
||||||
|
inherit serviceConfig;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,6 +71,15 @@
|
||||||
htpasswd -bc "$secretFile" "$username" "$password" 2>/dev/null
|
htpasswd -bc "$secretFile" "$username" "$password" 2>/dev/null
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
restic_matrix_htpasswd = {
|
||||||
|
user = "storage";
|
||||||
|
group = "storage";
|
||||||
|
fetchScript = ''
|
||||||
|
username=$(simple_get "/api-keys/storage/restic/Matrix" .username)
|
||||||
|
password=$(simple_get "/api-keys/storage/restic/Matrix" .password)
|
||||||
|
htpasswd -bc "$secretFile" "$username" "$password" 2>/dev/null
|
||||||
|
'';
|
||||||
|
};
|
||||||
webdav_main_htpasswd = {
|
webdav_main_htpasswd = {
|
||||||
user = "storage";
|
user = "storage";
|
||||||
group = "storage";
|
group = "storage";
|
||||||
|
|
|
@ -8,12 +8,6 @@
|
||||||
containerIP = "192.168.100.11";
|
containerIP = "192.168.100.11";
|
||||||
ports = import ./data/ports.nix {};
|
ports = import ./data/ports.nix {};
|
||||||
in {
|
in {
|
||||||
networking.nat = {
|
|
||||||
enable = true;
|
|
||||||
internalInterfaces = ["ve-+"];
|
|
||||||
externalInterface = "eth0";
|
|
||||||
};
|
|
||||||
|
|
||||||
containers.storage = {
|
containers.storage = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
|
@ -100,6 +94,7 @@ in {
|
||||||
"/HetznerVM/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_hvm}";
|
"/HetznerVM/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_hvm}";
|
||||||
"/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_music}";
|
"/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_music}";
|
||||||
"/Vault/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_vault}";
|
"/Vault/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_vault}";
|
||||||
|
"/Matrix/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_matrix}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
profiles.nix-gc
|
profiles.nix-gc
|
||||||
|
|
||||||
./containers/storage/storage.nix
|
./containers/storage/storage.nix
|
||||||
|
./containers/matrix/matrix.nix
|
||||||
|
|
||||||
hosts.hetzner-vm.profiles.restic
|
hosts.hetzner-vm.profiles.restic
|
||||||
#hosts.hetzner-vm.profiles.invidious
|
#hosts.hetzner-vm.profiles.invidious
|
||||||
|
@ -27,6 +28,13 @@
|
||||||
./secrets.nix
|
./secrets.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# For Containers
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
internalInterfaces = ["ve-+"];
|
||||||
|
externalInterface = "eth0";
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [80 443];
|
networking.firewall.allowedTCPPorts = [80 443];
|
||||||
networking.firewall.allowedUDPPorts = [443];
|
networking.firewall.allowedUDPPorts = [443];
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
|
|
||||||
secrets = {
|
secrets = {
|
||||||
mpd_control_password = {
|
mpd_control_password = {
|
||||||
user = "mpd";
|
user = "root";
|
||||||
group = "mpd";
|
group = "root";
|
||||||
fetchScript = ''
|
fetchScript = ''
|
||||||
simple_get "/api-keys/mpd" .password > $secretFile
|
simple_get "/api-keys/mpd" .password > $secretFile
|
||||||
'';
|
'';
|
||||||
|
@ -63,6 +63,17 @@
|
||||||
echo "GITLAB_TOKEN=$token" > $secretFile
|
echo "GITLAB_TOKEN=$token" > $secretFile
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
matrix_restic_password = {
|
||||||
|
fetchScript = ''
|
||||||
|
simple_get "/private-public-keys/restic/Matrix" .password > $secretFile
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
matrix_restic_env = {
|
||||||
|
fetchScript = ''
|
||||||
|
RESTIC_USERNAME=$(simple_get "/api-keys/storage/restic/Matrix" .username)
|
||||||
|
RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/Matrix" .password)
|
||||||
|
echo "RESTIC_REPOSITORY=rest:https://$RESTIC_USERNAME:$RESTIC_PASSWORD@storage-restic.owo.monster/Matrix" > $secretFile '';
|
||||||
|
};
|
||||||
restic_password = {
|
restic_password = {
|
||||||
fetchScript = ''
|
fetchScript = ''
|
||||||
simple_get "/private-public-keys/restic/HetznerVM" .password > $secretFile
|
simple_get "/private-public-keys/restic/HetznerVM" .password > $secretFile
|
||||||
|
|
45
overlay/conduit/default.nix
Normal file
45
overlay/conduit/default.nix
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{
|
||||||
|
stdenv,
|
||||||
|
lib,
|
||||||
|
fetchFromGitLab,
|
||||||
|
rustPlatform,
|
||||||
|
pkg-config,
|
||||||
|
rocksdb,
|
||||||
|
}: let
|
||||||
|
meta = builtins.fromJSON (builtins.readFile ./meta.json);
|
||||||
|
|
||||||
|
rev = meta.rev;
|
||||||
|
sha256 = meta.sha256;
|
||||||
|
in
|
||||||
|
rustPlatform.buildRustPackage rec {
|
||||||
|
pname = "matrix-conduit";
|
||||||
|
version = "latest-${rev}";
|
||||||
|
|
||||||
|
src = fetchFromGitLab {
|
||||||
|
owner = "famedly";
|
||||||
|
repo = "conduit";
|
||||||
|
rev = "${rev}";
|
||||||
|
sha256 = "${sha256}";
|
||||||
|
};
|
||||||
|
|
||||||
|
cargoSha256 = "sha256-E9f7yJR2GksUHjWE4EP+iBRlhn4JG/JUVw7/L+41Nfc=";
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
rustPlatform.bindgenHook
|
||||||
|
pkg-config
|
||||||
|
];
|
||||||
|
|
||||||
|
buildInputs = [
|
||||||
|
rocksdb
|
||||||
|
];
|
||||||
|
|
||||||
|
cargoBuildFlags = ["--bin" "conduit"];
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
broken = stdenv.isDarwin;
|
||||||
|
description = "A Matrix homeserver written in Rust";
|
||||||
|
homepage = "https://conduit.rs/";
|
||||||
|
license = licenses.asl20;
|
||||||
|
maintainers = with maintainers; [pstn piegames pimeys];
|
||||||
|
};
|
||||||
|
}
|
4
overlay/conduit/meta.json
Normal file
4
overlay/conduit/meta.json
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
{
|
||||||
|
"rev": "7b987411630056204b73e61165c8a99e20a78fec",
|
||||||
|
"sha256": "sha256-xcNa18r1V+SM0J0NGDrt2xr+nFgAhutiVvTljUSeStM="
|
||||||
|
}
|
26
overlay/conduit/update.sh
Executable file
26
overlay/conduit/update.sh
Executable file
|
@ -0,0 +1,26 @@
|
||||||
|
#!/usr/bin/env nix-shell
|
||||||
|
#!nix-shell -i bash -p curl jq git moreutils nix nix-prefetch
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
cd "$(dirname "${BASH_SOURCE[0]}")"
|
||||||
|
|
||||||
|
|
||||||
|
json_get() {
|
||||||
|
jq -r "$1" < 'meta.json'
|
||||||
|
}
|
||||||
|
|
||||||
|
json_set() {
|
||||||
|
jq --arg x "$2" "$1 = \$x" < 'meta.json' | sponge 'meta.json'
|
||||||
|
}
|
||||||
|
|
||||||
|
old_rev=$(json_get '.rev')
|
||||||
|
new_rev=$(curl -L "https://gitlab.com/api/v4/projects/famedly%2Fconduit/repository/commits" 2>/dev/null | jq ".[0].id" -r)
|
||||||
|
|
||||||
|
if [ "$new_rev" = "$old_rev" ]; then
|
||||||
|
echo "conduit is up-to-date."
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
json_set '.rev' "$new_rev"
|
||||||
|
new_sha256=$(nix-prefetch fetchFromGitLab --owner famedly --repo conduit --rev "$new_rev")
|
||||||
|
json_set '.sha256' "$new_sha256"
|
|
@ -3,10 +3,6 @@ final: _prev: {
|
||||||
comic-code = final.callPackage ./comic-code {};
|
comic-code = final.callPackage ./comic-code {};
|
||||||
roc-toolkit-patched = final.callPackage ./roc-toolkit-patched {};
|
roc-toolkit-patched = final.callPackage ./roc-toolkit-patched {};
|
||||||
roc-send-pcm = final.callPackage ./roc-send-pcm {};
|
roc-send-pcm = final.callPackage ./roc-send-pcm {};
|
||||||
invidious = final.callPackage ./invidious {
|
|
||||||
lsquic = final.callPackage ./invidious/lsquic.nix {};
|
|
||||||
videojs = final.callPackage ./invidious/videojs.nix {};
|
|
||||||
};
|
|
||||||
misskey-static = final.callPackage ./misskey {};
|
misskey-static = final.callPackage ./misskey {};
|
||||||
piped-backend = final.callPackage ./piped/backend {
|
piped-backend = final.callPackage ./piped/backend {
|
||||||
jre = final.openjdk17_headless;
|
jre = final.openjdk17_headless;
|
||||||
|
@ -14,4 +10,6 @@ final: _prev: {
|
||||||
};
|
};
|
||||||
piped-frontend = final.callPackage ./piped/frontend {};
|
piped-frontend = final.callPackage ./piped/frontend {};
|
||||||
piped-proxy = final.callPackage ./piped/proxy {};
|
piped-proxy = final.callPackage ./piped/proxy {};
|
||||||
|
# currently broken
|
||||||
|
#matrix-conduit = final.callPackage ./conduit {};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,150 +0,0 @@
|
||||||
{
|
|
||||||
lib,
|
|
||||||
stdenv,
|
|
||||||
crystal,
|
|
||||||
fetchFromGitHub,
|
|
||||||
librsvg,
|
|
||||||
pkg-config,
|
|
||||||
libxml2,
|
|
||||||
openssl,
|
|
||||||
shards,
|
|
||||||
sqlite,
|
|
||||||
lsquic,
|
|
||||||
videojs,
|
|
||||||
nixosTests,
|
|
||||||
}: let
|
|
||||||
# All versions, revisions, and checksums are stored in ./versions.json.
|
|
||||||
# The update process is the following:
|
|
||||||
# * pick the latest commit
|
|
||||||
# * update .invidious.rev, .invidious.version, and .invidious.sha256
|
|
||||||
# * prefetch the videojs dependencies with scripts/fetch-player-dependencies.cr
|
|
||||||
# and update .videojs.sha256 (they are normally fetched during build
|
|
||||||
# but nix's sandboxing does not allow that)
|
|
||||||
# * if shard.lock changed
|
|
||||||
# * recreate shards.nix by running crystal2nix
|
|
||||||
# * update lsquic and boringssl if necessarry, lsquic.cr depends on
|
|
||||||
# the same version of lsquic and lsquic requires the boringssl
|
|
||||||
# commit mentioned in its README
|
|
||||||
versions = builtins.fromJSON (builtins.readFile ./versions.json);
|
|
||||||
in
|
|
||||||
crystal.buildCrystalPackage rec {
|
|
||||||
pname = "invidious";
|
|
||||||
inherit (versions.invidious) version;
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "iv-org";
|
|
||||||
repo = pname;
|
|
||||||
fetchSubmodules = true;
|
|
||||||
inherit (versions.invidious) rev sha256;
|
|
||||||
};
|
|
||||||
|
|
||||||
postPatch = let
|
|
||||||
# Replacing by the value (templates) of the variables ensures that building
|
|
||||||
# fails if upstream changes the way the metadata is formatted.
|
|
||||||
branchTemplate = ''{{ "#{`git branch | sed -n '/* /s///p'`.strip}" }}'';
|
|
||||||
commitTemplate = ''{{ "#{`git rev-list HEAD --max-count=1 --abbrev-commit`.strip}" }}'';
|
|
||||||
versionTemplate = ''
|
|
||||||
{{ "#{`git log -1 --format=%ci | awk '{print $1}' | sed s/-/./g`.strip}" }}'';
|
|
||||||
# This always uses the latest commit which invalidates the cache even if
|
|
||||||
# the assets were not changed
|
|
||||||
assetCommitTemplate = ''
|
|
||||||
{{ "#{`git rev-list HEAD --max-count=1 --abbrev-commit -- assets`.strip}" }}'';
|
|
||||||
in ''
|
|
||||||
for d in ${videojs}/*; do ln -s "$d" assets/videojs; done
|
|
||||||
|
|
||||||
# Use the version metadata from the derivation instead of using git at
|
|
||||||
# build-time
|
|
||||||
substituteInPlace src/invidious.cr \
|
|
||||||
--replace ${lib.escapeShellArg branchTemplate} '"master"' \
|
|
||||||
--replace ${lib.escapeShellArg commitTemplate} '"${
|
|
||||||
lib.substring 0 7 versions.invidious.rev
|
|
||||||
}"' \
|
|
||||||
--replace ${lib.escapeShellArg versionTemplate} '"${
|
|
||||||
lib.replaceChars ["-"] ["."] (lib.substring 9 10 version)
|
|
||||||
}"' \
|
|
||||||
--replace ${lib.escapeShellArg assetCommitTemplate} '"${
|
|
||||||
lib.substring 0 7 versions.invidious.rev
|
|
||||||
}"'
|
|
||||||
|
|
||||||
# Patch the assets and locales paths to be absolute
|
|
||||||
substituteInPlace src/invidious.cr \
|
|
||||||
--replace 'public_folder "assets"' 'public_folder "${
|
|
||||||
placeholder "out"
|
|
||||||
}/share/invidious/assets"'
|
|
||||||
substituteInPlace src/invidious/helpers/i18n.cr \
|
|
||||||
--replace 'File.read("locales/' 'File.read("${
|
|
||||||
placeholder "out"
|
|
||||||
}/share/invidious/locales/'
|
|
||||||
|
|
||||||
# Reference sql initialisation/migration scripts by absolute path
|
|
||||||
substituteInPlace src/invidious/database/base.cr \
|
|
||||||
--replace 'config/sql' '${
|
|
||||||
placeholder "out"
|
|
||||||
}/share/invidious/config/sql'
|
|
||||||
|
|
||||||
substituteInPlace src/invidious/user/captcha.cr \
|
|
||||||
--replace 'Process.run(%(rsvg-convert' 'Process.run(%(${
|
|
||||||
lib.getBin librsvg
|
|
||||||
}/bin/rsvg-convert'
|
|
||||||
'';
|
|
||||||
|
|
||||||
nativeBuildInputs = [pkg-config shards];
|
|
||||||
buildInputs = [libxml2 openssl sqlite];
|
|
||||||
|
|
||||||
format = "crystal";
|
|
||||||
shardsFile = ./shards.nix;
|
|
||||||
crystalBinaries.invidious = {
|
|
||||||
src = "src/invidious.cr";
|
|
||||||
options = [
|
|
||||||
#"--release"
|
|
||||||
"--debug"
|
|
||||||
"--progress"
|
|
||||||
"--verbose"
|
|
||||||
#"--no-debug"
|
|
||||||
"-Dskip_videojs_download"
|
|
||||||
"-Ddisable_quic"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
dontStrip = true;
|
|
||||||
|
|
||||||
postConfigure = ''
|
|
||||||
# lib includes nix store paths which can’t be patched, so the links have to
|
|
||||||
# be dereferenced first.
|
|
||||||
cp -rL lib lib2
|
|
||||||
rm -r lib
|
|
||||||
mv lib2 lib
|
|
||||||
chmod +w -R lib
|
|
||||||
cp ${lsquic}/lib/liblsquic.a lib/lsquic/src/lsquic/ext
|
|
||||||
'';
|
|
||||||
|
|
||||||
postInstall = ''
|
|
||||||
mkdir -p $out/share/invidious/config
|
|
||||||
|
|
||||||
# Copy static parts
|
|
||||||
cp -r assets locales $out/share/invidious
|
|
||||||
cp -r config/sql $out/share/invidious/config
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Invidious tries to open config/config.yml and connect to the database, even
|
|
||||||
# when running --help. This specifies a minimal configuration in an
|
|
||||||
# environment variable. Even though the database is bogus, --help still
|
|
||||||
# works.
|
|
||||||
installCheckPhase = ''
|
|
||||||
INVIDIOUS_CONFIG="database_url: sqlite3:///dev/null" $out/bin/invidious --help
|
|
||||||
'';
|
|
||||||
|
|
||||||
passthru = {
|
|
||||||
inherit lsquic;
|
|
||||||
tests = {inherit (nixosTests) invidious;};
|
|
||||||
updateScript = ./update.sh;
|
|
||||||
};
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "An open source alternative front-end to YouTube";
|
|
||||||
homepage = "https://invidious.io/";
|
|
||||||
license = licenses.agpl3;
|
|
||||||
maintainers = with maintainers; [infinisil sbruder];
|
|
||||||
broken = stdenv.isDarwin && stdenv.isAarch64;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,130 +0,0 @@
|
||||||
{
|
|
||||||
lib,
|
|
||||||
boringssl,
|
|
||||||
stdenv,
|
|
||||||
fetchgit,
|
|
||||||
fetchFromGitHub,
|
|
||||||
fetchurl,
|
|
||||||
cmake,
|
|
||||||
zlib,
|
|
||||||
perl,
|
|
||||||
libevent,
|
|
||||||
}: let
|
|
||||||
versions = builtins.fromJSON (builtins.readFile ./versions.json);
|
|
||||||
|
|
||||||
fetchGitilesPatch = {
|
|
||||||
name,
|
|
||||||
url,
|
|
||||||
sha256,
|
|
||||||
}:
|
|
||||||
fetchurl {
|
|
||||||
url = "${url}%5E%21?format=TEXT";
|
|
||||||
inherit name sha256;
|
|
||||||
downloadToTemp = true;
|
|
||||||
postFetch = ''
|
|
||||||
base64 -d < $downloadedFile > $out
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
# lsquic requires a specific boringssl version (noted in its README)
|
|
||||||
boringssl' = boringssl.overrideAttrs ({preBuild, ...}: {
|
|
||||||
version = versions.boringssl.rev;
|
|
||||||
src = fetchgit {
|
|
||||||
url = "https://boringssl.googlesource.com/boringssl";
|
|
||||||
inherit (versions.boringssl) rev sha256;
|
|
||||||
};
|
|
||||||
|
|
||||||
patches = [
|
|
||||||
# Use /etc/ssl/certs/ca-certificates.crt instead of /etc/ssl/cert.pem
|
|
||||||
./use-etc-ssl-certs.patch
|
|
||||||
|
|
||||||
# because lsquic requires that specific boringssl version and that
|
|
||||||
# version does not yet include fixes for gcc11 build errors, they
|
|
||||||
# must be backported
|
|
||||||
(fetchGitilesPatch {
|
|
||||||
name = "fix-mismatch-between-header-and-implementation-of-bn_sqr_comba8.patch";
|
|
||||||
url = "https://boringssl.googlesource.com/boringssl/+/139adff9b27eaf0bdaac664ec4c9a7db2fe3f920";
|
|
||||||
sha256 = "05sp602dvh50v46jkzmh4sf4wqnq5bwy553596g2rhxg75bailjj";
|
|
||||||
})
|
|
||||||
(fetchGitilesPatch {
|
|
||||||
name = "use-an-unsized-helper-for-truncated-SHA-512-variants.patch";
|
|
||||||
url = "https://boringssl.googlesource.com/boringssl/+/a24ab549e6ae246b391155d7bed3790ac0e07de2";
|
|
||||||
sha256 = "0483jkpg4g64v23ln2blb74xnmzdjcn3r7w4zk7nfg8j3q5f9lxm";
|
|
||||||
})
|
|
||||||
/*
|
|
||||||
# the following patch is too complex, so we will modify the build flags
|
|
||||||
# of crypto/fipsmodule/CMakeFiles/fipsmodule.dir/bcm.c.o in preBuild
|
|
||||||
# and turn off -Werror=stringop-overflow
|
|
||||||
(fetchGitilesPatch {
|
|
||||||
name = "make-md32_common.h-single-included-and-use-an-unsized-helper-for-SHA-256.patch";
|
|
||||||
url = "https://boringssl.googlesource.com/boringssl/+/597ffef971dd980b7de5e97a0c9b7ca26eec94bc";
|
|
||||||
sha256 = "1y0bkkdf1ccd6crx326agp01q22clm4ai4p982y7r6dkmxmh52qr";
|
|
||||||
})
|
|
||||||
*/
|
|
||||||
(fetchGitilesPatch {
|
|
||||||
name = "fix-array-parameter-warnings.patch";
|
|
||||||
url = "https://boringssl.googlesource.com/boringssl/+/92c6fbfc4c44dc8462d260d836020d2b793e7804";
|
|
||||||
sha256 = "0h4sl95i8b0dj0na4ngf50wg54raxyjxl1zzwdc810abglp10vnv";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
preBuild = ''
|
|
||||||
${preBuild}
|
|
||||||
sed -e '/^build crypto\/fipsmodule\/CMakeFiles\/fipsmodule\.dir\/bcm\.c\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=stringop-overflow/' \
|
|
||||||
-i build.ninja
|
|
||||||
'';
|
|
||||||
});
|
|
||||||
in
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
pname = "lsquic";
|
|
||||||
version = versions.lsquic.version;
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "litespeedtech";
|
|
||||||
repo = pname;
|
|
||||||
rev = "v${version}";
|
|
||||||
inherit (versions.lsquic) sha256;
|
|
||||||
fetchSubmodules = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
nativeBuildInputs = [cmake perl];
|
|
||||||
buildInputs = [boringssl' libevent zlib];
|
|
||||||
|
|
||||||
cmakeFlags = [
|
|
||||||
"-DBORINGSSL_DIR=${lib.getDev boringssl'}"
|
|
||||||
"-DBORINGSSL_LIB_crypto=${lib.getLib boringssl'}/lib/libcrypto.a"
|
|
||||||
"-DBORINGSSL_LIB_ssl=${lib.getLib boringssl'}/lib/libssl.a"
|
|
||||||
"-DZLIB_LIB=${zlib}/lib/libz.so"
|
|
||||||
];
|
|
||||||
|
|
||||||
# adapted from lsquic.cr’s Dockerfile
|
|
||||||
# (https://github.com/iv-org/lsquic.cr/blob/master/docker/Dockerfile)
|
|
||||||
installPhase = ''
|
|
||||||
runHook preInstall
|
|
||||||
|
|
||||||
mkdir combinedlib
|
|
||||||
cd combinedlib
|
|
||||||
ar -x ${lib.getLib boringssl'}/lib/libssl.a
|
|
||||||
ar -x ${lib.getLib boringssl'}/lib/libcrypto.a
|
|
||||||
ar -x ../src/liblsquic/liblsquic.a
|
|
||||||
ar rc liblsquic.a *.o
|
|
||||||
ranlib liblsquic.a
|
|
||||||
install -D liblsquic.a $out/lib/liblsquic.a
|
|
||||||
|
|
||||||
runHook postInstall
|
|
||||||
'';
|
|
||||||
|
|
||||||
passthru.boringssl = boringssl';
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "A library for QUIC and HTTP/3 (version for Invidious)";
|
|
||||||
homepage = "https://github.com/litespeedtech/lsquic";
|
|
||||||
maintainers = with maintainers; [infinisil sbruder];
|
|
||||||
license = with licenses; [
|
|
||||||
openssl
|
|
||||||
isc
|
|
||||||
mit
|
|
||||||
bsd3
|
|
||||||
]; # statically links against boringssl, so has to include its licenses
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,80 +0,0 @@
|
||||||
{
|
|
||||||
athena-negotiation = {
|
|
||||||
owner = "athena-framework";
|
|
||||||
repo = "negotiation";
|
|
||||||
rev = "v0.1.1";
|
|
||||||
sha256 = "1vkk59lqrxb0l8kyzs114i3c18zb2bdiah2xhazkk8q7x6fz4yzk";
|
|
||||||
};
|
|
||||||
backtracer = {
|
|
||||||
owner = "sija";
|
|
||||||
repo = "backtracer.cr";
|
|
||||||
rev = "v1.2.1";
|
|
||||||
sha256 = "02r1l7rn2wsljkx495s5s7j04zgn73m2kx0hkzs7620camvlwbqq";
|
|
||||||
};
|
|
||||||
db = {
|
|
||||||
owner = "crystal-lang";
|
|
||||||
repo = "crystal-db";
|
|
||||||
rev = "v0.10.1";
|
|
||||||
sha256 = "03c5h14z6h2mxnx949lihnyqjd19hcj38iasdwq9fp95h8cld376";
|
|
||||||
};
|
|
||||||
exception_page = {
|
|
||||||
owner = "crystal-loot";
|
|
||||||
repo = "exception_page";
|
|
||||||
rev = "v0.2.2";
|
|
||||||
sha256 = "1c8askb9b7621jjz5pjj6b8pdbhw3r1l3dym6swg1saspf5j3jwi";
|
|
||||||
};
|
|
||||||
kemal = {
|
|
||||||
owner = "kemalcr";
|
|
||||||
repo = "kemal";
|
|
||||||
rev = "v1.1.2";
|
|
||||||
sha256 = "1149q4qw0zrws5asqqr4snrdi67xsmisdcq58zcrbgqgsxgly9d0";
|
|
||||||
};
|
|
||||||
kilt = {
|
|
||||||
owner = "jeromegn";
|
|
||||||
repo = "kilt";
|
|
||||||
rev = "v0.6.1";
|
|
||||||
sha256 = "0dpc15y9m8c5l9zdfif6jlf7zmkrlm9w4m2igi5xa22fdjwamwfp";
|
|
||||||
};
|
|
||||||
lsquic = {
|
|
||||||
owner = "iv-org";
|
|
||||||
repo = "lsquic.cr";
|
|
||||||
rev = "v2.18.1-2";
|
|
||||||
sha256 = "0bljk0pwbjb813dfwrhgi00w2ai09k868xvak4hfzdkbmpc7id6y";
|
|
||||||
};
|
|
||||||
pg = {
|
|
||||||
owner = "will";
|
|
||||||
repo = "crystal-pg";
|
|
||||||
rev = "v0.24.0";
|
|
||||||
sha256 = "07i5bqkv5j6y6f8v5cpqdxc5wzzrvgv3ds24znv4mzv6nc84csn4";
|
|
||||||
};
|
|
||||||
protodec = {
|
|
||||||
owner = "iv-org";
|
|
||||||
repo = "protodec";
|
|
||||||
rev = "v0.1.4";
|
|
||||||
sha256 = "15azh9izxqgwpgkpicmivfdz31wkibnwy09rwhxsg0lyc4wf8xj9";
|
|
||||||
};
|
|
||||||
radix = {
|
|
||||||
owner = "luislavena";
|
|
||||||
repo = "radix";
|
|
||||||
rev = "v0.4.1";
|
|
||||||
sha256 = "1l08cydkdidq9yyil1wl240hvk41iycv04jrg6nx5mkvzw4z1bzg";
|
|
||||||
};
|
|
||||||
spectator = {
|
|
||||||
owner = "icy-arctic-fox";
|
|
||||||
repo = "spectator";
|
|
||||||
rev = "v0.10.4";
|
|
||||||
sha256 = "0rcxq2nbslvwrd8m9ajw6dzaw3hagxmkdy9s8p34cgnr4c9dijdq";
|
|
||||||
};
|
|
||||||
sqlite3 = {
|
|
||||||
owner = "crystal-lang";
|
|
||||||
repo = "crystal-sqlite3";
|
|
||||||
rev = "v0.18.0";
|
|
||||||
sha256 = "03nnvpchhq9f9ywsm3pk2rrj4a3figw7xs96zdziwgr5znkz6x93";
|
|
||||||
};
|
|
||||||
ameba = {
|
|
||||||
owner = "crystal-ameba";
|
|
||||||
repo = "ameba";
|
|
||||||
rev = "v0.14.3";
|
|
||||||
sha256 = "1cfr95xi6hsyxw1wlrh571hc775xhwmssk3k14i8b7dgbwfmm5x1";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,94 +0,0 @@
|
||||||
#!/usr/bin/env nix-shell
|
|
||||||
#!nix-shell -i bash -p curl crystal crystal2nix jq git moreutils nix nix-prefetch pkg-config
|
|
||||||
git_url='https://github.com/iv-org/invidious.git'
|
|
||||||
git_branch='master'
|
|
||||||
git_dir='/var/tmp/invidious.git'
|
|
||||||
pkg='invidious'
|
|
||||||
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
cd "$(dirname "${BASH_SOURCE[0]}")"
|
|
||||||
|
|
||||||
info() {
|
|
||||||
if [ -t 2 ]; then
|
|
||||||
set -- '\033[32m%s\033[39m\n' "$@"
|
|
||||||
else
|
|
||||||
set -- '%s\n' "$@"
|
|
||||||
fi
|
|
||||||
printf "$@" >&2
|
|
||||||
}
|
|
||||||
|
|
||||||
json_get() {
|
|
||||||
jq -r "$1" < 'versions.json'
|
|
||||||
}
|
|
||||||
|
|
||||||
json_set() {
|
|
||||||
jq --arg x "$2" "$1 = \$x" < 'versions.json' | sponge 'versions.json'
|
|
||||||
}
|
|
||||||
|
|
||||||
old_rev=$(json_get '.invidious.rev')
|
|
||||||
old_version=$(json_get '.invidious.version')
|
|
||||||
today=$(LANG=C date -u +'%Y-%m-%d')
|
|
||||||
|
|
||||||
info "fetching $git_url..."
|
|
||||||
if [ ! -d "$git_dir" ]; then
|
|
||||||
git init --initial-branch="$git_branch" "$git_dir" 2>/dev/null
|
|
||||||
git -C "$git_dir" remote add origin "$git_url" 2>/dev/null
|
|
||||||
fi
|
|
||||||
git -C "$git_dir" fetch origin "$git_branch" 2>/dev/null
|
|
||||||
|
|
||||||
# use latest commit before today, we should not call the version *today*
|
|
||||||
# because there might still be commits coming
|
|
||||||
# use the day of the latest commit we picked as version
|
|
||||||
new_rev=$(git -C "$git_dir" log -n 1 --format='format:%H' --before="${today}T00:00:00Z" "origin/$git_branch")
|
|
||||||
new_version="unstable-$(TZ=UTC git -C "$git_dir" log -n 1 --date='format-local:%Y-%m-%d' --format='%cd' "$new_rev")"
|
|
||||||
info "latest commit before $today: $new_rev"
|
|
||||||
|
|
||||||
if [ "$new_rev" = "$old_rev" ]; then
|
|
||||||
info "$pkg is up-to-date."
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
|
|
||||||
json_set '.invidious.version' "$new_version"
|
|
||||||
json_set '.invidious.rev' "$new_rev"
|
|
||||||
new_sha256=$(nix-prefetch fetchFromGitHub --owner iv-org --repo invidious --rev "$new_rev")
|
|
||||||
json_set '.invidious.sha256' "$new_sha256"
|
|
||||||
commit_msg="$pkg: $old_version -> $new_version"
|
|
||||||
|
|
||||||
# fetch video.js dependencies
|
|
||||||
info "Running scripts/fetch-player-dependencies.cr..."
|
|
||||||
git -C "$git_dir" reset --hard "$new_rev"
|
|
||||||
(cd "$git_dir" && crystal run scripts/fetch-player-dependencies.cr -- --minified)
|
|
||||||
rm -f "$git_dir/assets/videojs/.gitignore"
|
|
||||||
videojs_new_sha256=$(nix-hash --type sha256 --base32 "$git_dir/assets/videojs")
|
|
||||||
json_set '.videojs.sha256' "$videojs_new_sha256"
|
|
||||||
|
|
||||||
if git -C "$git_dir" diff-tree --quiet "${old_rev}..${new_rev}" -- 'shard.lock'; then
|
|
||||||
info "shard.lock did not change since $old_rev."
|
|
||||||
else
|
|
||||||
info "Updating shards.nix..."
|
|
||||||
crystal2nix -- "$git_dir/shard.lock" # argv's index seems broken
|
|
||||||
|
|
||||||
lsquic_old_version=$(json_get '.lsquic.version')
|
|
||||||
# lsquic.cr's version tracks lsquic's, so lsquic must be updated to the
|
|
||||||
# version in the shards file
|
|
||||||
lsquic_new_version=$(nix eval --raw -f 'shards.nix' lsquic.rev \
|
|
||||||
| sed -e 's/^v//' -e 's/-[0-9]*$//')
|
|
||||||
if [ "$lsquic_old_version" != "$lsquic_new_version" ]; then
|
|
||||||
info "Updating lsquic to $lsquic_new_version..."
|
|
||||||
json_set '.lsquic.version' "$lsquic_new_version"
|
|
||||||
lsquic_new_sha256=$(nix-prefetch -I 'nixpkgs=<nixpkgs>' "${pkg}.lsquic")
|
|
||||||
json_set '.lsquic.sha256' "$lsquic_new_sha256"
|
|
||||||
|
|
||||||
info "Updating boringssl..."
|
|
||||||
# lsquic specifies the boringssl commit it requires in its README
|
|
||||||
boringssl_new_rev=$(curl -LSsf "https://github.com/litespeedtech/lsquic/raw/v${lsquic_new_version}/README.md" \
|
|
||||||
| grep -Pom1 '(?<=^git checkout ).*')
|
|
||||||
json_set '.boringssl.rev' "$boringssl_new_rev"
|
|
||||||
boringssl_new_sha256=$(nix-prefetch -I 'nixpkgs=<nixpkgs>' "${pkg}.lsquic.boringssl")
|
|
||||||
json_set '.boringssl.sha256' "$boringssl_new_sha256"
|
|
||||||
commit_msg="$commit_msg
|
|
||||||
|
|
||||||
lsquic: $lsquic_old_version -> $lsquic_new_version"
|
|
||||||
fi
|
|
||||||
fi
|
|
|
@ -1,13 +0,0 @@
|
||||||
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
|
|
||||||
index d2bc3e5c1..329580075 100644
|
|
||||||
--- a/crypto/x509/x509_def.c
|
|
||||||
+++ b/crypto/x509/x509_def.c
|
|
||||||
@@ -67,7 +67,7 @@
|
|
||||||
|
|
||||||
#define X509_CERT_AREA OPENSSLDIR
|
|
||||||
#define X509_CERT_DIR OPENSSLDIR "/certs"
|
|
||||||
-#define X509_CERT_FILE OPENSSLDIR "/cert.pem"
|
|
||||||
+#define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt"
|
|
||||||
#define X509_PRIVATE_DIR OPENSSLDIR "/private"
|
|
||||||
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
|
|
||||||
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
|
|
|
@ -1,18 +0,0 @@
|
||||||
{
|
|
||||||
"boringssl": {
|
|
||||||
"rev": "251b5169fd44345f455438312ec4e18ae07fd58c",
|
|
||||||
"sha256": "sha256-EU6T9yQCdOLx98Io8o01rEsgxDFF/Xoy42LgPopD2/A="
|
|
||||||
},
|
|
||||||
"invidious": {
|
|
||||||
"rev": "5160d8bae39dc5cc5d51abee90571a03c08d0f2b",
|
|
||||||
"sha256": "sha256-0Cb1Qsn6vnrzd4pZm1GZxlVQNn5dYKUR/xWMCG37GSk=",
|
|
||||||
"version": "unstable-2022-11-22"
|
|
||||||
},
|
|
||||||
"lsquic": {
|
|
||||||
"sha256": "sha256-hG8cUvhbCNeMOsKkaJlgGpzUrIx47E/WhmPIdI5F3qM=",
|
|
||||||
"version": "2.18.1"
|
|
||||||
},
|
|
||||||
"videojs": {
|
|
||||||
"sha256": "0m09pc9acpzhfwwvc9dayl60nn28skmmglgvmlp48dlkqgfbgc27"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,23 +0,0 @@
|
||||||
{
|
|
||||||
stdenvNoCC,
|
|
||||||
cacert,
|
|
||||||
crystal,
|
|
||||||
openssl,
|
|
||||||
pkg-config,
|
|
||||||
invidious,
|
|
||||||
}: let
|
|
||||||
versions = builtins.fromJSON (builtins.readFile ./versions.json);
|
|
||||||
in
|
|
||||||
stdenvNoCC.mkDerivation {
|
|
||||||
name = "videojs";
|
|
||||||
|
|
||||||
inherit (invidious) src;
|
|
||||||
|
|
||||||
builder = ./videojs.sh;
|
|
||||||
|
|
||||||
nativeBuildInputs = [cacert crystal openssl pkg-config];
|
|
||||||
|
|
||||||
outputHashAlgo = "sha256";
|
|
||||||
outputHashMode = "recursive";
|
|
||||||
outputHash = versions.videojs.sha256;
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
source $stdenv/setup
|
|
||||||
|
|
||||||
unpackPhase
|
|
||||||
cd source
|
|
||||||
# this helper downloads the videojs files and checks their checksums
|
|
||||||
# against videojs-dependencies.yml so it should be pure
|
|
||||||
crystal run scripts/fetch-player-dependencies.cr -- --minified
|
|
||||||
rm -f assets/videojs/.gitignore
|
|
||||||
mv assets/videojs "$out"
|
|
|
@ -36,5 +36,5 @@ in
|
||||||
|
|
||||||
outputHashAlgo = "sha256";
|
outputHashAlgo = "sha256";
|
||||||
outputHashMode = "recursive";
|
outputHashMode = "recursive";
|
||||||
outputHash = "sha256-WHm6x8xiVpxg+WYjXPcTTr02CoQVi0q4Us3KO8saTSE=";
|
outputHash = "sha256-tWqnFIb+SvnG7ZH7BNRXCR6RaTGRG/1pXBM1UVr/TOA=";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,10 @@
|
||||||
{ fetchurl, fetchgit, linkFarm, runCommand, gnutar }: rec {
|
{
|
||||||
|
fetchurl,
|
||||||
|
fetchgit,
|
||||||
|
linkFarm,
|
||||||
|
runCommand,
|
||||||
|
gnutar,
|
||||||
|
}: rec {
|
||||||
offline_cache = linkFarm "offline" packages;
|
offline_cache = linkFarm "offline" packages;
|
||||||
packages = [
|
packages = [
|
||||||
{
|
{
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
"hosts/hetzner-vm/modules/mailserver".functor.enable = true;
|
"hosts/hetzner-vm/modules/mailserver".functor.enable = true;
|
||||||
"hosts/hetzner-vm/modules/piped".functor.enable = true;
|
"hosts/hetzner-vm/modules/piped".functor.enable = true;
|
||||||
"hosts/hetzner-vm/containers/storage/profiles".functor.enable = true;
|
"hosts/hetzner-vm/containers/storage/profiles".functor.enable = true;
|
||||||
|
"hosts/hetzner-vm/containers/matrix/profiles".functor.enable = true;
|
||||||
|
|
||||||
# Profiles
|
# Profiles
|
||||||
"profiles/*".functor.enable = true;
|
"profiles/*".functor.enable = true;
|
||||||
|
|
Loading…
Reference in a new issue