This commit is contained in:
Charlotte 🦝 Delenk 2023-04-23 18:35:42 +01:00
parent 38bae92081
commit 55a219670b
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
4 changed files with 108 additions and 108 deletions

View file

@ -4,7 +4,7 @@
...
}: {
services.nextcloud = {
appstoreEnable = true;
appstoreEnable = true;
caching.redis = true;
config = {
adminpassFile = config.sops.secrets."services/nextcloud/adminpass".path;

View file

@ -69,7 +69,7 @@ rec {
inputs.attic.follows = "attic";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
# inputs.hydra.follows = "hydra";
# inputs.hydra.follows = "hydra";
};
nixos-config-for-netboot.url = "github:DarkKirb/nixos-config/c9c3d16b23042a25f504a6d71e7075318f1137f8";
nixos-hardware.url = "github:NixOS/nixos-hardware";

View file

@ -58,57 +58,58 @@ in {
lfsJwtSecret = "${cfg.customDir}/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET
internalToken = "${cfg.customDir}/conf/internal_token";
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
in lib.mkForce ''
# copy custom configuration and generate random secrets if needed
${optionalString (!cfg.useWizard) ''
function gitea_setup {
cp -f '${configFile}' '${runConfig}'
if [ ! -s '${secretKey}' ]; then
${exe} generate secret SECRET_KEY > '${secretKey}'
fi
# Migrate LFS_JWT_SECRET filename
if [[ -s '${oldLfsJwtSecret}' && ! -s '${lfsJwtSecret}' ]]; then
mv '${oldLfsJwtSecret}' '${lfsJwtSecret}'
fi
if [ ! -s '${oauth2JwtSecret}' ]; then
${exe} generate secret JWT_SECRET > '${oauth2JwtSecret}'
fi
${lib.optionalString cfg.lfs.enable ''
if [ ! -s '${lfsJwtSecret}' ]; then
${exe} generate secret LFS_JWT_SECRET > '${lfsJwtSecret}'
fi
in
lib.mkForce ''
# copy custom configuration and generate random secrets if needed
${optionalString (!cfg.useWizard) ''
function gitea_setup {
cp -f '${configFile}' '${runConfig}'
if [ ! -s '${secretKey}' ]; then
${exe} generate secret SECRET_KEY > '${secretKey}'
fi
# Migrate LFS_JWT_SECRET filename
if [[ -s '${oldLfsJwtSecret}' && ! -s '${lfsJwtSecret}' ]]; then
mv '${oldLfsJwtSecret}' '${lfsJwtSecret}'
fi
if [ ! -s '${oauth2JwtSecret}' ]; then
${exe} generate secret JWT_SECRET > '${oauth2JwtSecret}'
fi
${lib.optionalString cfg.lfs.enable ''
if [ ! -s '${lfsJwtSecret}' ]; then
${exe} generate secret LFS_JWT_SECRET > '${lfsJwtSecret}'
fi
''}
if [ ! -s '${internalToken}' ]; then
${exe} generate secret INTERNAL_TOKEN > '${internalToken}'
fi
chmod u+w '${runConfig}'
${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}'
${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}'
${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}'
${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}'
${lib.optionalString cfg.lfs.enable ''
${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}'
''}
${lib.optionalString (cfg.mailerPasswordFile != null) ''
${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}'
''}
${lib.optionalString (cfg.storageSecretFile != null) ''
${replaceSecretBin} '#storageSecret#' '${cfg.storageSecretFile}' '${runConfig}'
''}
chmod u-w '${runConfig}'
}
(umask 027; gitea_setup)
''}
if [ ! -s '${internalToken}' ]; then
${exe} generate secret INTERNAL_TOKEN > '${internalToken}'
fi
chmod u+w '${runConfig}'
${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}'
${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}'
${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}'
${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}'
${lib.optionalString cfg.lfs.enable ''
${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}'
''}
${lib.optionalString (cfg.mailerPasswordFile != null) ''
${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}'
''}
${lib.optionalString (cfg.storageSecretFile != null) ''
${replaceSecretBin} '#storageSecret#' '${cfg.storageSecretFile}' '${runConfig}'
''}
chmod u-w '${runConfig}'
}
(umask 027; gitea_setup)
''}
# run migrations/init the database
${exe} migrate
# update all hooks' binary paths
${exe} admin regenerate hooks
# update command option in authorized_keys
if [ -r ${cfg.stateDir}/.ssh/authorized_keys ]
then
${exe} admin regenerate keys
fi
'';
# run migrations/init the database
${exe} migrate
# update all hooks' binary paths
${exe} admin regenerate hooks
# update command option in authorized_keys
if [ -r ${cfg.stateDir}/.ssh/authorized_keys ]
then
${exe} admin regenerate keys
fi
'';
};
};
}

View file

@ -2,63 +2,62 @@ inputs: system: self: prev: let
inherit (inputs) nixpkgs nixpkgs-noto-variable nix-packages;
noto-variable = import nixpkgs-noto-variable {inherit system;};
in
with nixpkgs.legacyPackages.${system};
{
mosh = prev.mosh.overrideAttrs (old: {
patches = [
./mosh/ssh_path.patch
./mosh/mosh-client_path.patch
./mosh/utempter_path.patch
./mosh/bash_completion_datadir.patch
];
postPatch = ''
substituteInPlace scripts/mosh.pl \
--subst-var-by ssh "${openssh}/bin/ssh" \
--subst-var-by mosh-client "$out/bin/mosh-client"
'';
version = "2022-02-04";
src = prev.fetchFromGitHub {
owner = "mobile-shell";
repo = "mosh";
rev = "dbe419d0e069df3fedc212d456449f64d0280c76";
sha256 = "09mvk9zxclkf4wrkkfzg0p2hx1f74gpymr0a0l3pckmk6za2n3d1";
with nixpkgs.legacyPackages.${system}; {
mosh = prev.mosh.overrideAttrs (old: {
patches = [
./mosh/ssh_path.patch
./mosh/mosh-client_path.patch
./mosh/utempter_path.patch
./mosh/bash_completion_datadir.patch
];
postPatch = ''
substituteInPlace scripts/mosh.pl \
--subst-var-by ssh "${openssh}/bin/ssh" \
--subst-var-by mosh-client "$out/bin/mosh-client"
'';
version = "2022-02-04";
src = prev.fetchFromGitHub {
owner = "mobile-shell";
repo = "mosh";
rev = "dbe419d0e069df3fedc212d456449f64d0280c76";
sha256 = "09mvk9zxclkf4wrkkfzg0p2hx1f74gpymr0a0l3pckmk6za2n3d1";
};
});
inherit (noto-variable) noto-fonts-cjk;
nix = prev.nix.overrideAttrs (old: {
postPatchPhase = ''
sed 's/getBoolAttr."allowSubstitutes", true./true/' src/libstore/parsed-derivations.cc
'';
checkPhase = "true";
installCheckPhase = "true";
});
rnix-lsp = with prev;
rustPlatform.buildRustPackage {
pname = "rnix-lsp";
version = "0.3.0-alejandra";
src = fetchFromGitHub {
owner = "nix-community";
repo = "rnix-lsp";
# https://github.com/nix-community/rnix-lsp/pull/89
rev = "9189b50b34285b2a9de36a439f6c990fd283c9c7";
sha256 = "sha256-ZnUtvwkcz7QlAiqQxhI4qVUhtVR+thLhG3wQlle7oZg=";
};
});
inherit (noto-variable) noto-fonts-cjk;
nix = prev.nix.overrideAttrs (old: {
postPatchPhase = ''
sed 's/getBoolAttr."allowSubstitutes", true./true/' src/libstore/parsed-derivations.cc
'';
cargoSha256 = "sha256-VhE+DspQ0IZKf7rNkERA/gD7iMzjW4TnRSnYy1gdV0s=";
cargoBuildFlags = ["--no-default-features" "--features" "alejandra"];
checkPhase = "true";
installCheckPhase = "true";
});
rnix-lsp = with prev;
rustPlatform.buildRustPackage {
pname = "rnix-lsp";
version = "0.3.0-alejandra";
src = fetchFromGitHub {
owner = "nix-community";
repo = "rnix-lsp";
# https://github.com/nix-community/rnix-lsp/pull/89
rev = "9189b50b34285b2a9de36a439f6c990fd283c9c7";
sha256 = "sha256-ZnUtvwkcz7QlAiqQxhI4qVUhtVR+thLhG3wQlle7oZg=";
};
cargoSha256 = "sha256-VhE+DspQ0IZKf7rNkERA/gD7iMzjW4TnRSnYy1gdV0s=";
cargoBuildFlags = ["--no-default-features" "--features" "alejandra"];
checkPhase = "true";
meta = with lib; {
description = "A work-in-progress language server for Nix, with syntax checking and basic completion";
license = licenses.mit;
maintainers = with maintainers; [ma27];
};
meta = with lib; {
description = "A work-in-progress language server for Nix, with syntax checking and basic completion";
license = licenses.mit;
maintainers = with maintainers; [ma27];
};
hydra-unsstable = nix-packages.packages.${system}.hydra.overrideAttrs (super: {
doCheck = false;
checkPhase = "";
installCheckPhase = "";
});
}
};
hydra-unsstable = nix-packages.packages.${system}.hydra.overrideAttrs (super: {
doCheck = false;
checkPhase = "";
installCheckPhase = "";
});
}