From 700e4249d3b5d0074447cd0883a61dc6897c9c0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Sat, 5 Aug 2023 16:38:39 +0100 Subject: [PATCH 1/3] update --- config/nix.nix | 58 ------------------------------ config/services/akkoma/default.nix | 2 +- flake.lock | 50 +++++++++++++------------- 3 files changed, 26 insertions(+), 84 deletions(-) diff --git a/config/nix.nix b/config/nix.nix index bfd1efe7..0f4983d2 100644 --- a/config/nix.nix +++ b/config/nix.nix @@ -40,40 +40,6 @@ }; buildMachines = with lib; mkMerge [ - (mkIf (config.networking.hostName != "nas") [ - { - hostName = "build-nas"; - systems = [ - "armv7l-linux" - "powerpc-linux" - "powerpc64-linux" - "powerpc64le-linux" - "wasm32-wasi" - "x86_64-linux" - "i686-linux" - ]; - maxJobs = 12; - speedFactor = 1; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver1" "gccarch-skylake" "ca-derivations"]; - } - ]) - (mkIf (config.networking.hostName != "nutty-noon") [ - { - hostName = "build-pc"; - systems = [ - "armv7l-linux" - "powerpc-linux" - "powerpc64-linux" - "powerpc64le-linux" - "wasm32-wasi" - "x86_64-linux" - "i686-linux" - ]; - maxJobs = 16; - speedFactor = 2; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"]; - } - ]) (mkIf (config.networking.hostName != "instance-20221213-1915") [ { hostName = "build-aarch64"; @@ -85,30 +51,6 @@ supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"]; } ]) - (mkIf (config.networking.hostName != "vf2") [ - { - hostName = "build-riscv64"; - systems = [ - "riscv32-linux" - "riscv64-linux" - ]; - maxJobs = 4; - speedFactor = 1; - supportedFeatures = [ - "nixos-test" - "benchmark" - "gccarch-rv64gc_zba_zbb" - "gccarch-rv64gc_zba" - "gccarch-rv64gc_zbb" - "gccarch-rv64gc" - "gccarch-rv32gc_zba_zbb" - "gccarch-rv32gc_zba" - "gccarch-rv32gc_zbb" - "gccarch-rv32gc" - "ca-derivations" - ]; - } - ]) ]; distributedBuilds = true; }; diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix index 62c423b6..c1fdd9b3 100644 --- a/config/services/akkoma/default.nix +++ b/config/services/akkoma/default.nix @@ -31,7 +31,7 @@ name = "akkoma-static"; src = pkgs.emptyDirectory; nativeBuildInputs = with pkgs; [xorg.lndir]; - akkoma_fe = pkgs.pleroma-fe; + akkoma_fe = pkgs.akkoma-fe; akkoma_admin_fe = pkgs.admin-fe; inherit fedibird_fe; tos = ./terms-of-service.html; diff --git a/flake.lock b/flake.lock index 72dc4f49..ce85675b 100644 --- a/flake.lock +++ b/flake.lock @@ -169,11 +169,11 @@ ] }, "locked": { - "lastModified": 1688145001, - "narHash": "sha256-jQrLJfqidtu4g4BauAO711jMhWW6H/qsUv6uE4nsBBs=", + "lastModified": 1691307631, + "narHash": "sha256-XC8ZCDsxO4yojGSvW63+M0P/bOUar8YSUSb8lgT9sss=", "owner": "DarkKirb", "repo": "chir.rs", - "rev": "649ae1226aba98742b08ba3292caf173c3323fdc", + "rev": "2660c086545c3f1b0d66c9059c21baf00a376700", "type": "github" }, "original": { @@ -842,11 +842,11 @@ ] }, "locked": { - "lastModified": 1690910850, - "narHash": "sha256-diLPKIDpR9zubqGl0wPFKMNPV9QpT/eNkqUN2dSt19o=", + "lastModified": 1691225770, + "narHash": "sha256-O5slH8nW8msTAqVAS5rkvdHSkjmrO+JauuSDzZCmv2M=", "owner": "nix-community", "repo": "home-manager", - "rev": "8c731978f0916b9a904d67a0e53744ceff47882c", + "rev": "0a014a729cdd54d9919ff36b714d047909d7a4c8", "type": "github" }, "original": { @@ -879,11 +879,11 @@ "hosts-list": { "flake": false, "locked": { - "lastModified": 1690922836, - "narHash": "sha256-+RVOzOqw/09okCQop9l5x5dYq+UpweyvqEUo/NS/oxo=", + "lastModified": 1691281799, + "narHash": "sha256-VtrnU7JLW6sri0FHgRVDUmtxwCplYN1aPmP6hgV+Hoc=", "owner": "StevenBlack", "repo": "hosts", - "rev": "439665cb9aecf57416afdf5c8b01ef3762a0326a", + "rev": "86956052240f198dad3d3a9b74b9c3a4e0f71340", "type": "github" }, "original": { @@ -1163,11 +1163,11 @@ ] }, "locked": { - "lastModified": 1690965637, - "narHash": "sha256-Xnj+lrHlq0GThMXclLjF75UQKOPNYEwCJrovY9FbLVw=", + "lastModified": 1691311850, + "narHash": "sha256-o3sH1tqo/qDG8U0/2V2aYwwL0njluRzqJGvLlsI+HIQ=", "ref": "main", - "rev": "a83cd9cf995c5908ad624b2a66cb46c779f6f6b1", - "revCount": 972, + "rev": "a07d703ffd3ec1a6f0061cb0abc9e2fdadba5589", + "revCount": 976, "type": "git", "url": "https://git.chir.rs/darkkirb/nix-packages.git" }, @@ -1292,11 +1292,11 @@ }, "nixos-hardware_2": { "locked": { - "lastModified": 1690957133, - "narHash": "sha256-0Y4CiOIszhHDDXHFmvHUpmhUotKOIn0m3jpMlm6zUTE=", + "lastModified": 1691305349, + "narHash": "sha256-0Pig7jnmuRH3c5dOTVTOvTLwo2CRzYTyvJRQ82HWRSo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "24f9162b26f0debd163f6d94752aa2acb9db395a", + "rev": "5426a95071d0b9782b3209b3995cde1f5689616e", "type": "github" }, "original": { @@ -1418,11 +1418,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1690965391, - "narHash": "sha256-ttki7YeMVKycRF3BlBeIhhc+8DpquTj7NO4vXKU9CzU=", + "lastModified": 1691311929, + "narHash": "sha256-Nj0aStA+zzENk+epxUMyymbmcX7wizMHc3oCfx8n0bY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3475fdeeea0ac11aa0210328ef2c5e53e5dcfd2f", + "rev": "4d590fb4e09fc8d0fa8417203b948addb36bb660", "type": "github" }, "original": { @@ -1448,11 +1448,11 @@ }, "nur_2": { "locked": { - "lastModified": 1690960973, - "narHash": "sha256-8uBIS3fFCKHccV6iyAzg1cNdWydtE4NLADH62F9Z4Oo=", + "lastModified": 1691311438, + "narHash": "sha256-7ADj2e5jmp01vAY9fCR8w1h8ppoYghzsOjbgN7xW6e0=", "owner": "nix-community", "repo": "NUR", - "rev": "4d77f55fc328f46db035ed01dbdad8319954fd73", + "rev": "d8db2ba5c97665fe7ccbb8e307155b77b0c9e72f", "type": "github" }, "original": { @@ -1522,11 +1522,11 @@ ] }, "locked": { - "lastModified": 1690942540, - "narHash": "sha256-eafSSO3Y+/TFuy+CHKyolYfGvC33IAWNx4W2NA7LfZM=", + "lastModified": 1691287991, + "narHash": "sha256-jAfKjfK1X73Zg/utl2pDdD5nBY53zLSLeTFWQLZM7jo=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "aa3994f054038262df55122dfa552b9eab71a994", + "rev": "5cf31bca06641e115b9217e682d85d4d23486e61", "type": "github" }, "original": { From c6470ae0da549572a3d68e2f4b84df33a330715f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Sat, 5 Aug 2023 16:42:22 +0100 Subject: [PATCH 2/3] Revert "move attic push to hydra runcommand hook" This reverts commit 15708fb6695793af60703138b1a171b64597e0c6. --- config/installer.nix | 1 + config/netboot.nix | 1 + config/nix.nix | 23 ++++++++++++++++++++- config/services/hydra.nix | 42 +++++++++++++++++++++++++++++++++++---- secrets/nas.yaml | 6 ++---- secrets/shared.yaml | 6 ++++-- 6 files changed, 68 insertions(+), 11 deletions(-) diff --git a/config/installer.nix b/config/installer.nix index 427ef675..4e951a48 100644 --- a/config/installer.nix +++ b/config/installer.nix @@ -14,4 +14,5 @@ boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"]; boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-bcachefs); networking.hostId = "8425e349"; + nix.settings.post-build-hook = lib.mkForce "true"; } diff --git a/config/netboot.nix b/config/netboot.nix index 44f26fe9..82467a2a 100644 --- a/config/netboot.nix +++ b/config/netboot.nix @@ -14,4 +14,5 @@ boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"]; boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-bcachefs); networking.hostId = "8425e349"; + nix.settings.post-build-hook = lib.mkForce "true"; } diff --git a/config/nix.nix b/config/nix.nix index 0f4983d2..1d32ef49 100644 --- a/config/nix.nix +++ b/config/nix.nix @@ -5,10 +5,30 @@ system, attic, ... -}: { +}: let + attic-client = + if system == "aarch64-linux" + then attic.packages.${system}.attic-client + else pkgs.attic-client; + post-build-hook = pkgs.writeScript "post-build-hook" '' + #!${pkgs.bash}/bin/bash + set -euf + export IFS=' ' + until ${attic-client}/bin/attic push chir-rs $OUT_PATHS; do + sleep 5 + echo "Retrying..." + done + ''; +in { imports = [ ./workarounds ]; + sops.secrets."attic/config.toml" = { + sopsFile = ../secrets/shared.yaml; + owner = "root"; + key = "attic/config.toml"; + path = "/root/.config/attic/config.toml"; + }; nixpkgs.config.allowUnfree = true; nix = { settings = { @@ -27,6 +47,7 @@ "riscv:TZX1ReuoIGt7QiSQups+92ym8nKJUSV0O2NkS4HAqH8=" "cache.ztier.link-1:3P5j2ZB9dNgFFFVkCQWT3mh0E+S3rIWtZvoql64UaXM=" ]; + post-build-hook = "${post-build-hook}"; auto-optimise-store = true; }; package = pkgs.nix; diff --git a/config/services/hydra.nix b/config/services/hydra.nix index 3a6675e5..1702ce29 100644 --- a/config/services/hydra.nix +++ b/config/services/hydra.nix @@ -80,10 +80,6 @@ in { timeout = 3600 - - job = *:*:* - command = cat $HYDRA_JSON | ${pkgs.jq}/bin/jq -r '.drvPath' | xargs ${pkgs.nix}/bin/nix-store -q -R --include-outputs >> /var/lib/hydra/queue-runner/upload-queue - max_concurrent_evals = 1 ''; giteaTokenFile = "/run/secrets/services/hydra/gitea_token"; @@ -152,6 +148,7 @@ in { chown -Rv hydra-queue-runner /var/lib/hydra/queue-runner ln -svf ${sshConfig} /var/lib/hydra/queue-runner/.ssh/config ''; +<<<<<<< HEAD sops.secrets."attic/config.toml" = { owner = "hydra-queue-runner"; key = "attic/config.toml"; @@ -186,4 +183,41 @@ in { OnUnitActiveSec = 300; }; }; +||||||| 15708fb6 (move attic push to hydra runcommand hook) + sops.secrets."attic/config.toml" = { + owner = "hydra-queue-runner"; + key = "attic/config.toml"; + path = "/var/lib/hydra/queue-runner/.config/attic/config.toml"; + }; + + systemd.services."upload-hydra-results" = { + description = "Upload hydra build results"; + serviceConfig = { + Type = "oneshot"; + User = "hydra-queue-runner"; + Group = "hydra"; + }; + script = '' + set -ex + if [ -e /var/lib/hydra/queue-runner/uploading ]; then + cat /var/lib/hydra/queue-runner/uploading | xargs ${pkgs.nix}/bin/nix-store -r | xargs ${pkgs.attic-client}/bin/attic push chir-rs + rm /var/lib/hydra/queue-runner/uploading + fi + mv /var/lib/hydra/queue-runner/upload-queue /var/lib/hydra/queue-runner/uploading + cat /var/lib/hydra/queue-runner/uploading | xargs ${pkgs.nix}/bin/nix-store -r | xargs ${pkgs.attic-client}/bin/attic push chir-rs + rm /var/lib/hydra/queue-runner/uploading + ''; + }; + systemd.timers.upload-hydra-results = { + enable = true; + description = "Upload hydra build results"; + requires = ["upload-hydra-results.service"]; + wantedBy = ["multi-user.target"]; + timerConfig = { + OnBootSec = 300; + OnUnitActiveSec = 300; + }; + }; +======= +>>>>>>> parent of 15708fb6 (move attic push to hydra runcommand hook) } diff --git a/secrets/nas.yaml b/secrets/nas.yaml index b20545c6..a7bf4183 100644 --- a/secrets/nas.yaml +++ b/secrets/nas.yaml @@ -30,8 +30,6 @@ email: password: root: ENC[AES256_GCM,data:edK/dud41KmbX6v8Mxn1vVcaCwG0x4YhGjqLTw3oAigmwixTovz+4yUDrkjTQLb3/eMClqQJnjcJsRBv4chSu+UuNorKIsPM0IX9mkTmVH2soGmdPB21HXOXmisGu33oOyhyojbvlaWlFw==,iv:GiXRuhJVPgkAAp7OYufzXtHusnSPOfAP0ztdAtn14GE=,tag:nIOus2VvzE6d+r/aJOLCBw==,type:str] darkkirb: ENC[AES256_GCM,data:vmI8B7PWeoKTwOywaGmJmD9gWb09eDcmchx241XrfNvT9QseuSElDTb3OajHornt/OFBPh7EtNi/y1BHF1+DZq0i1tmhYuJy24BLuCPH9VpCb5s5xZZCVtOC6w3qUGqIlLQHYN0Fp1Ap5A==,iv:KkcLQDJSDqeFr3gDByb66MOx8/PbpKpvM9Ym+KMB3jc=,tag:wLLOU4RhWnS+DDSOQLrLHA==,type:str] -attic: - config.toml: ENC[AES256_GCM,data:060O5ICRHpkfTIdrkrLjlJSFKh7HCcMuETkRwf8zSaPQO7NTYnX6nQjd0mYcWZvBPQF3l8cVovja19nKMQAUGTzkBxkpvfylG+UMAfxEpuwTzypyzBwLXQOZPXqdXoEKPu0ghx1nojF08CLALDMlM8J/I7KrlofmSWGO+7142EAhrf1ov5IFmfHBn1vJvfa9aSVKnYDXmMpimO8zxc876YiBiHPe9srTpAlyOu/aOiev0fRmZfWGt7X7/lBap1AcDZFvoe/8Hs0Nb1GSE4ZW9WLPBMFigGK10fCgmlk8rTkaXTNCdZ/yJ24lugganFwssET6HBS/nmDLLMjPkZ0n+6U+JdDcRtXQXq9nwFG9TpMvX9i9K1z24F1/maQ2qUS0OB/YQ/pADLJt/xYfuzfB70FHpN2YYn2Lcmup3xKvbfAL9BFJCA==,iv:3wCOLgoqKoycuitBrQCccRRYulfrhI0a5K8vARU2MM4=,tag:/Zggqm+3CCcUwyc9ubhqcA==,type:str] sops: kms: [] gcp_kms: [] @@ -47,8 +45,8 @@ sops: WnV3QWxtalIzWFdoQmpDTmJsNGdNOW8K++rFGXy0G6Gcu2gQwSP6xfXInQ/y5nh5 2oGp8sfOLFWnNI4SWL0ChP47K3C/9ysUHwQnUYPbRafZ/4X6cN40ZQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-02T17:25:38Z" - mac: ENC[AES256_GCM,data:iu4NhBQHLTuGAG70rSedcI2cwwDZpzLu18cIxO9JaVRWVanDoYTDXd9sDC7H8oBOmLnypYpXc4kOMCwsY9475W+Yi3HxHWlkcWAPWxAsJL5nIkC7Q9CwrwSCpwtsPyebsLzl299lYPjsNsLpQ6ft/GWnwAn5ISIkKV91k9hduz0=,iv:IB8YVkok7NrX2ayu2iQcwzsP/Tl+WXxjfvQ/1DkRUlk=,tag:z2tlvGWpEbXFrCmuKwUdbA==,type:str] + lastmodified: "2023-06-06T07:06:29Z" + mac: ENC[AES256_GCM,data:iuH+6PiDx+8iQlxds8/twFNaf2g2JuuBpCfQIppRxZPEWeVvWpLEaMEuFk+kKZagIrFIhl9LhyXXVqaGKDnXHmo3bOAGksWNq51PWlCODIe1gfWN6hMZHWFrZlcxv0JjyH2Zqou3udsEIc+Fkj3llGYeiNJw30M0lLhd9ORa5tA=,iv:Kdse9i3iT+Iuhxf6c7zGzgA/Jy3mDmGegQ+xcMqnXzk=,tag:ooWhhNvVbLPl+H6R9VODhw==,type:str] pgp: - created_at: "2022-04-24T10:34:20Z" enc: | diff --git a/secrets/shared.yaml b/secrets/shared.yaml index 701c25b7..3a922ad9 100644 --- a/secrets/shared.yaml +++ b/secrets/shared.yaml @@ -2,6 +2,8 @@ aws: credentials: ENC[AES256_GCM,data:/I+mc7fHdztMu9ixDz+LBq/rR7xOni9e7ODoCEStsU/VwuwnelyedeD0OAIQsLozxP1Jss972Uq9K3RfT6HzHLEMZebjyiVGGN7wpWFpdjE4ZQtFAGpTd46vSSQn4K53DDIKO/S8zpuNw52cnHPqCg==,iv:5VaIfB94Jm3/z8RB+4+kGuRco/WncJ7Uo1qS/Xi3+BE=,tag:pyoLebONcWWAKp1OliqFUw==,type:str] ssh: builder_id_ed25519: ENC[AES256_GCM,data:aRcRkZS9TXsFas1xz044OECF59bQMepukSQUMFr652MXsW99O9ANuhQ7C2i3HuXtDjrWKfgrsrWQh0R41JuLoENEEd0O0y1k+uHzjtdE0CrzqIdRFwRNUbvrJ4D8S1yEdNoQCjrznvH5pegLpn8h19BQaC755QfkKxhYHQpN0Xkt5JKgZBEYShkEyTn7EhgjRMyKQzQo47TsYBU7S4qi6a4nhjv67MuIZ2Y7R2F5n8ZyFgGjgktcm0GHKq37xvFcFEa4h+vxhzu5Dtb6VfwYqUVApL1C2zv9hhZpx5sBa2/fvEg5awm9cnfnfipFUe1ceEz9zUbZAd4fUKYDvfHC+3KX1CXGauA44nXNz2XDDn3f6DTh/DrbARx4Fi9R5Gcnm8c0OfDxHEgARYIWdjfnf1h1qhTxf9Iau+bYTc7IhlenS/6S8w56XtScVkg/VVQhXZFQy0TFIWe/Sa8k1ArTok0I5Hl31gpCq1HUVkXNO/917RVDhJt42pIEA7Lwd48QXSkmRx+46F3VKjQEC0qj/VRNhd8ZHU66IdxG,iv:6YG9KmaDnwHEe14Rx9SlkFxg+u1w7F98yN17rg3ebe4=,tag:4PbNcBDCh9yloSij/ajBqQ==,type:str] +attic: + config.toml: ENC[AES256_GCM,data:m8aFjTl2B3E+r3TsQ37M75aOu+Du1iNpIfzD597xKhX5AVrVzENiDrMdiXCFL3kCiPpuMf/Dg0M9M7Q1VMKPKBGI+Ppaet/2m20NAwQCXcWoGMVQooEdkbak+cUvnoPoo8zmSW3rzqCeaK4V0uAKyD7xynyZokEZ9tM33XJLmNSZ64qCYbCckzUYX9Y4KguzQETpFbIzuu2naXn+gcLJedN21/G1i/TKsKA1QyC6YPvY66e9BSIo9eMKUW7PhUbKUpGZ9L+geW6k1HMX7n5D6hYcaigq8bdhRmW9hRb21IQd2fMptVSidV7vVC8BLPX4rwqE1OPjzd61p1SYa2F938053YaTnjjJJzdmbSnj0b9IBdEJJSCRl9j2fGtxVULCgmjjTKMFF/d6zAIYmAm8XcfRw2Su1DPWQq1W9HSbLk8OasWRSg==,iv:ai7IqG/Bc0UC5cO7qgvY54CUC3VSApjj3sEfZhPx6KA=,tag:WoxisyaBS15fSP0q5muJ6A==,type:str] tailscale: ENC[AES256_GCM,data:OUbgLSvG3VokdF7zcZrun7KNSU0RJwLJeLDSDz4yutFJWIpgMH9vpMl4NsEXPbzNkEvi2ElmQ5Qz,iv:1NmaEp6FnzKc9Y+X66heZGqs4eg1NhAFn9RyutdTfx8=,tag:ec2iD4PHJQtbnXV3rCzoGQ==,type:str] sops: kms: [] @@ -72,8 +74,8 @@ sops: MmtjczU3TTVrUHMzN0lYclRoUXcrYXcKXl1y2wq/24VgTtYwMwIMRb+9AERFLT6M vWPCs+N4rBja2WmtmPSNNL70UF8ZAQ93dBLq2Ao65N1YRG5XE8zbNQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-06T09:11:09Z" - mac: ENC[AES256_GCM,data:XujFjvx73/z+hmk4f4tRRvwl/ML25YOZw6etr0P9lhcXlYPelIrqvVLO1vmobt8TYDzngAHdHSNNlhInw00KO73luOLcQhL/1DVMqTgeMSC11ReUhd5KOZLVXOSP0+8ADLXgbGGGY8DyPnZtr1ZWa3dDIBFPt5ZD7RzWz1qKnJ4=,iv:kYPLpSrLEu9pkWw0iwqKmH6Mm8sFjAstr06mcAWnUEU=,tag:NQjXV8sHUrjU//AQJ+4E+Q==,type:str] + lastmodified: "2023-08-05T15:42:16Z" + mac: ENC[AES256_GCM,data:XGFOI0KvU9aZmJ8HbNujE4X7BFBaC8YlB8NcVaAhtAZGSPcomEfNFVbF/zOFPPD7/5vblNVrdEt3Mxw+uwaPutva+ltx/+6Zk6uywOOcNvWVrlWV0yPXL2IwrH4gFUXt6HkZ6x2ASIBDm0qRwlAxO0lL/1ibey6V08kBlsk8lFc=,iv:7U3kgJNO69RyVnxdEn6u8Kz3QWG5G3EXuVWjZWOPWuE=,tag:I6zKBfXqwspWOqg7uRXfHA==,type:str] pgp: - created_at: "2023-03-27T16:00:59Z" enc: | From 151f31e87425bd97dca97ca4c16646e710080eba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Sun, 6 Aug 2023 10:37:03 +0100 Subject: [PATCH 3/3] delete auth.chir.rs --- config/instance-20221213-1915.nix | 1 - config/nixos-8gb-fsn1-1.nix | 1 - config/services/chir-rs.nix | 31 -------- config/services/chir.rs/auth.nix | 84 ---------------------- config/services/chir.rs/default.nix | 5 -- flake.lock | 107 +++++----------------------- flake.nix | 13 ---- zones/chir.rs.nix | 3 +- 8 files changed, 17 insertions(+), 228 deletions(-) delete mode 100644 config/services/chir-rs.nix delete mode 100644 config/services/chir.rs/auth.nix delete mode 100644 config/services/chir.rs/default.nix diff --git a/config/instance-20221213-1915.nix b/config/instance-20221213-1915.nix index c4cfbb29..c43d1b85 100644 --- a/config/instance-20221213-1915.nix +++ b/config/instance-20221213-1915.nix @@ -14,7 +14,6 @@ ./wireguard/public-server.nix ./services/named-submissive.nix ./services/shitalloverme.nix - ./services/chir.rs ./users/remote-build.nix ./services/atticd.nix ./services/minecraft.nix diff --git a/config/nixos-8gb-fsn1-1.nix b/config/nixos-8gb-fsn1-1.nix index 3eed7c79..2f17ff89 100644 --- a/config/nixos-8gb-fsn1-1.nix +++ b/config/nixos-8gb-fsn1-1.nix @@ -31,7 +31,6 @@ ./services/rspamd.nix ./wireguard/public-server.nix ./services/shitalloverme.nix - ./services/chir.rs ./services/atticd.nix ./services/wordpress.nix ./services/initrd-ssh.nix diff --git a/config/services/chir-rs.nix b/config/services/chir-rs.nix deleted file mode 100644 index 0517fc28..00000000 --- a/config/services/chir-rs.nix +++ /dev/null @@ -1,31 +0,0 @@ -{pkgs, ...}: { - systemd.services.chirrs = { - enable = true; - description = "chir.rs"; - script = "${pkgs.chir-rs}/chir-rs-server"; - serviceConfig = { - WorkingDirectory = pkgs.chir-rs; - EnvironmentFile = "/run/secrets/services/chir.rs"; - }; - wantedBy = ["multi-user.target"]; - }; - services.caddy.virtualHosts."api.chir.rs" = { - useACMEHost = "chir.rs"; - logFormat = pkgs.lib.mkForce ""; - extraConfig = '' - import baseConfig - rewrite * /api.chir.rs/{path} - reverse_proxy { - to http://localhost:8621 - } - ''; - }; - services.postgresql.ensureDatabases = ["homepage"]; - services.postgresql.ensureUsers = [ - { - name = "homepage"; - ensurePermissions = {"DATABASE homepage" = "ALL PRIVILEGES";}; - } - ]; - sops.secrets."services/chir.rs" = {}; -} diff --git a/config/services/chir.rs/auth.nix b/config/services/chir.rs/auth.nix deleted file mode 100644 index 511f0fec..00000000 --- a/config/services/chir.rs/auth.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - pkgs, - system, - chir-rs, - config, - ... -}: let - d = "$"; - dhallConfig = '' - let password = ${config.sops.secrets."services/chir-rs/auth/password".path} as Text - let BaseConfig = - { Type = - { database_url : Text - , listen_addr : Text - , redis_url : Text - , asset_path : Text - } - , default.listen_addr = "[::1]:5621" - } - - in BaseConfig::{ - , database_url = "postgres://auth_chir_rs:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs" - , listen_addr = "127.0.0.1:7954" - , redis_url = "redis://:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs:53538/0" - , asset_path = "${chir-rs.packages.${system}.chir-rs-auth-web}" - } - ''; -in { - systemd.services.auth-chir-rs = { - description = "auth.chir.rs"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - script = '' - export CONFIG_FILE=${pkgs.writeText "config.dhall" dhallConfig} - export RUST_LOG=info - exec ${chir-rs.packages.${system}.chir-rs-auth}/bin/chir-rs-auth - ''; - serviceConfig = { - Type = "simple"; - User = "auth-chir-rs"; - Group = "auth-chir-rs"; - Restart = "always"; - }; - }; - sops.secrets."services/chir-rs/auth/password".owner = "auth-chir-rs"; - users.users.auth-chir-rs = { - description = "auth.chir.rs"; - home = "/var/empty"; - useDefaultShell = true; - group = "auth-chir-rs"; - isSystemUser = true; - }; - users.groups.auth-chir-rs = {}; - services.postgresql.ensureDatabases = [ - "auth_chir_rs" - ]; - services.postgresql.ensureUsers = [ - { - name = "auth_chir_rs"; - ensurePermissions = { - "DATABASE auth_chir_rs" = "ALL PRIVILEGES"; - }; - } - ]; - services.redis.servers."auth_chir_rs" = { - enable = config.networking.hostName == "nixos-8gb-fsn1-1"; - port = 53538; - save = []; - requirePassFile = config.sops.secrets."services/chir-rs/auth/password".path; - bind = null; - }; - networking.firewall.interfaces."wg0".allowedTCPPorts = [53538]; - services.caddy.virtualHosts."auth.chir.rs" = { - useACMEHost = "chir.rs"; - logFormat = pkgs.lib.mkForce ""; - extraConfig = '' - import baseConfig - - reverse_proxy http://127.0.0.1:7954 { - trusted_proxies private_ranges - } - ''; - }; -} diff --git a/config/services/chir.rs/default.nix b/config/services/chir.rs/default.nix deleted file mode 100644 index 12f5c325..00000000 --- a/config/services/chir.rs/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./auth.nix - ]; -} diff --git a/flake.lock b/flake.lock index ce85675b..15b16ec6 100644 --- a/flake.lock +++ b/flake.lock @@ -36,7 +36,7 @@ "nixos-config-for-netboot", "crane" ], - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_4", "flake-utils": [ "nixos-config-for-netboot", "flake-utils" @@ -66,35 +66,7 @@ }, "cargo2nix": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1678094756, - "narHash": "sha256-FoVmeU9ITOhKO/wQt76JMZsIDxfNmzgkqHud6hrHB18=", - "owner": "DarkKirb", - "repo": "cargo2nix", - "rev": "a2c22af726db8fca367865d6631b3f321eadc647", - "type": "github" - }, - "original": { - "owner": "DarkKirb", - "ref": "release-0.11.0", - "repo": "cargo2nix", - "type": "github" - } - }, - "cargo2nix_2": { - "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_5", "flake-utils": [ "nixos-config-for-netboot", "flake-utils" @@ -154,35 +126,6 @@ } }, "chir-rs": { - "inputs": { - "cargo2nix": [ - "cargo2nix" - ], - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1691307631, - "narHash": "sha256-XC8ZCDsxO4yojGSvW63+M0P/bOUar8YSUSb8lgT9sss=", - "owner": "DarkKirb", - "repo": "chir.rs", - "rev": "2660c086545c3f1b0d66c9059c21baf00a376700", - "type": "github" - }, - "original": { - "owner": "DarkKirb", - "repo": "chir.rs", - "type": "github" - } - }, - "chir-rs_2": { "inputs": { "cargo2nix": [ "nixos-config-for-netboot", @@ -272,7 +215,7 @@ }, "crane": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "flake-utils": [ "flake-utils" ], @@ -299,7 +242,7 @@ }, "crane_2": { "inputs": { - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_6", "flake-utils": [ "nixos-config-for-netboot", "flake-utils" @@ -543,11 +486,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -559,11 +502,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -589,22 +532,6 @@ } }, "flake-compat_5": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_6": { "flake": false, "locked": { "lastModified": 1650374568, @@ -620,7 +547,7 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1668681692, @@ -636,7 +563,7 @@ "type": "github" } }, - "flake-compat_8": { + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1673956053, @@ -1151,7 +1078,7 @@ "attic": [ "attic" ], - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "flake-utils": [ "flake-utils" ], @@ -1183,7 +1110,7 @@ "nixos-config-for-netboot", "attic" ], - "flake-compat": "flake-compat_8", + "flake-compat": "flake-compat_7", "flake-utils": [ "nixos-config-for-netboot", "flake-utils" @@ -1235,8 +1162,8 @@ "nixos-config-for-netboot": { "inputs": { "attic": "attic_2", - "cargo2nix": "cargo2nix_2", - "chir-rs": "chir-rs_2", + "cargo2nix": "cargo2nix", + "chir-rs": "chir-rs", "colorpickle": "colorpickle_2", "crane": "crane_2", "dns": "dns_2", @@ -1464,8 +1391,6 @@ "root": { "inputs": { "attic": "attic", - "cargo2nix": "cargo2nix", - "chir-rs": "chir-rs", "colorpickle": "colorpickle", "crane": "crane", "dns": "dns", diff --git a/flake.nix b/flake.nix index e2aaa382..4d956231 100644 --- a/flake.nix +++ b/flake.nix @@ -11,19 +11,6 @@ rec { inputs.nixpkgs.follows = "nixpkgs-for-crane"; inputs.nixpkgs-stable.follows = "nixpkgs-for-crane"; }; - cargo2nix = { - url = "github:DarkKirb/cargo2nix/release-0.11.0"; - inputs.flake-utils.follows = "flake-utils"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.rust-overlay.follows = "rust-overlay"; - }; - chir-rs = { - url = "github:DarkKirb/chir.rs"; - inputs.cargo2nix.follows = "cargo2nix"; - inputs.flake-utils.follows = "flake-utils"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.rust-overlay.follows = "rust-overlay"; - }; colorpickle = { url = "github:AgathaSorceress/colorpickle"; inputs.naersk.follows = "naersk"; diff --git a/zones/chir.rs.nix b/zones/chir.rs.nix index e2a6e34d..850ce3a4 100644 --- a/zones/chir.rs.nix +++ b/zones/chir.rs.nix @@ -144,7 +144,7 @@ with dns.lib.combinators; let SOA = { nameServer = "ns1.chir.rs."; adminEmail = "lotte@chir.rs"; - serial = 35; + serial = 36; }; NS = [ "ns1.chir.rs." @@ -239,7 +239,6 @@ with dns.lib.combinators; let akko = createZone {}; peertube = createZone {}; mediaproxy.CNAME = ["mediaproxy-chir-rs.b-cdn.net."]; - auth = createFullZone {}; attic = createFullZone {}; cloud = createZone oracleBase; lotte = createZone {};