diff --git a/config/services/nextcloud.nix b/config/services/nextcloud.nix index 452a4d46..306d5c88 100644 --- a/config/services/nextcloud.nix +++ b/config/services/nextcloud.nix @@ -4,7 +4,7 @@ ... }: { services.nextcloud = { - appstoreEnable = true; + appstoreEnable = true; caching.redis = true; config = { adminpassFile = config.sops.secrets."services/nextcloud/adminpass".path; diff --git a/flake.nix b/flake.nix index 4b1e9d35..5449fdf3 100644 --- a/flake.nix +++ b/flake.nix @@ -69,7 +69,7 @@ rec { inputs.attic.follows = "attic"; inputs.flake-utils.follows = "flake-utils"; inputs.nixpkgs.follows = "nixpkgs"; -# inputs.hydra.follows = "hydra"; + # inputs.hydra.follows = "hydra"; }; nixos-config-for-netboot.url = "github:DarkKirb/nixos-config/c9c3d16b23042a25f504a6d71e7075318f1137f8"; nixos-hardware.url = "github:NixOS/nixos-hardware"; diff --git a/modules/gitea.nix b/modules/gitea.nix index 4ffbb02f..786014ad 100644 --- a/modules/gitea.nix +++ b/modules/gitea.nix @@ -58,57 +58,58 @@ in { lfsJwtSecret = "${cfg.customDir}/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET internalToken = "${cfg.customDir}/conf/internal_token"; replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret"; - in lib.mkForce '' - # copy custom configuration and generate random secrets if needed - ${optionalString (!cfg.useWizard) '' - function gitea_setup { - cp -f '${configFile}' '${runConfig}' - if [ ! -s '${secretKey}' ]; then - ${exe} generate secret SECRET_KEY > '${secretKey}' - fi - # Migrate LFS_JWT_SECRET filename - if [[ -s '${oldLfsJwtSecret}' && ! -s '${lfsJwtSecret}' ]]; then - mv '${oldLfsJwtSecret}' '${lfsJwtSecret}' - fi - if [ ! -s '${oauth2JwtSecret}' ]; then - ${exe} generate secret JWT_SECRET > '${oauth2JwtSecret}' - fi - ${lib.optionalString cfg.lfs.enable '' - if [ ! -s '${lfsJwtSecret}' ]; then - ${exe} generate secret LFS_JWT_SECRET > '${lfsJwtSecret}' - fi + in + lib.mkForce '' + # copy custom configuration and generate random secrets if needed + ${optionalString (!cfg.useWizard) '' + function gitea_setup { + cp -f '${configFile}' '${runConfig}' + if [ ! -s '${secretKey}' ]; then + ${exe} generate secret SECRET_KEY > '${secretKey}' + fi + # Migrate LFS_JWT_SECRET filename + if [[ -s '${oldLfsJwtSecret}' && ! -s '${lfsJwtSecret}' ]]; then + mv '${oldLfsJwtSecret}' '${lfsJwtSecret}' + fi + if [ ! -s '${oauth2JwtSecret}' ]; then + ${exe} generate secret JWT_SECRET > '${oauth2JwtSecret}' + fi + ${lib.optionalString cfg.lfs.enable '' + if [ ! -s '${lfsJwtSecret}' ]; then + ${exe} generate secret LFS_JWT_SECRET > '${lfsJwtSecret}' + fi + ''} + if [ ! -s '${internalToken}' ]; then + ${exe} generate secret INTERNAL_TOKEN > '${internalToken}' + fi + chmod u+w '${runConfig}' + ${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}' + ${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}' + ${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}' + ${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}' + ${lib.optionalString cfg.lfs.enable '' + ${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}' + ''} + ${lib.optionalString (cfg.mailerPasswordFile != null) '' + ${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}' + ''} + ${lib.optionalString (cfg.storageSecretFile != null) '' + ${replaceSecretBin} '#storageSecret#' '${cfg.storageSecretFile}' '${runConfig}' + ''} + chmod u-w '${runConfig}' + } + (umask 027; gitea_setup) ''} - if [ ! -s '${internalToken}' ]; then - ${exe} generate secret INTERNAL_TOKEN > '${internalToken}' - fi - chmod u+w '${runConfig}' - ${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}' - ${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}' - ${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}' - ${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}' - ${lib.optionalString cfg.lfs.enable '' - ${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}' - ''} - ${lib.optionalString (cfg.mailerPasswordFile != null) '' - ${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}' - ''} - ${lib.optionalString (cfg.storageSecretFile != null) '' - ${replaceSecretBin} '#storageSecret#' '${cfg.storageSecretFile}' '${runConfig}' - ''} - chmod u-w '${runConfig}' - } - (umask 027; gitea_setup) - ''} - # run migrations/init the database - ${exe} migrate - # update all hooks' binary paths - ${exe} admin regenerate hooks - # update command option in authorized_keys - if [ -r ${cfg.stateDir}/.ssh/authorized_keys ] - then - ${exe} admin regenerate keys - fi - ''; + # run migrations/init the database + ${exe} migrate + # update all hooks' binary paths + ${exe} admin regenerate hooks + # update command option in authorized_keys + if [ -r ${cfg.stateDir}/.ssh/authorized_keys ] + then + ${exe} admin regenerate keys + fi + ''; }; }; } diff --git a/overlays/default.nix b/overlays/default.nix index 95f468df..dc3c4373 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -2,63 +2,62 @@ inputs: system: self: prev: let inherit (inputs) nixpkgs nixpkgs-noto-variable nix-packages; noto-variable = import nixpkgs-noto-variable {inherit system;}; in - with nixpkgs.legacyPackages.${system}; - { - mosh = prev.mosh.overrideAttrs (old: { - patches = [ - ./mosh/ssh_path.patch - ./mosh/mosh-client_path.patch - ./mosh/utempter_path.patch - ./mosh/bash_completion_datadir.patch - ]; - postPatch = '' - substituteInPlace scripts/mosh.pl \ - --subst-var-by ssh "${openssh}/bin/ssh" \ - --subst-var-by mosh-client "$out/bin/mosh-client" - ''; - version = "2022-02-04"; - src = prev.fetchFromGitHub { - owner = "mobile-shell"; - repo = "mosh"; - rev = "dbe419d0e069df3fedc212d456449f64d0280c76"; - sha256 = "09mvk9zxclkf4wrkkfzg0p2hx1f74gpymr0a0l3pckmk6za2n3d1"; + with nixpkgs.legacyPackages.${system}; { + mosh = prev.mosh.overrideAttrs (old: { + patches = [ + ./mosh/ssh_path.patch + ./mosh/mosh-client_path.patch + ./mosh/utempter_path.patch + ./mosh/bash_completion_datadir.patch + ]; + postPatch = '' + substituteInPlace scripts/mosh.pl \ + --subst-var-by ssh "${openssh}/bin/ssh" \ + --subst-var-by mosh-client "$out/bin/mosh-client" + ''; + version = "2022-02-04"; + src = prev.fetchFromGitHub { + owner = "mobile-shell"; + repo = "mosh"; + rev = "dbe419d0e069df3fedc212d456449f64d0280c76"; + sha256 = "09mvk9zxclkf4wrkkfzg0p2hx1f74gpymr0a0l3pckmk6za2n3d1"; + }; + }); + inherit (noto-variable) noto-fonts-cjk; + nix = prev.nix.overrideAttrs (old: { + postPatchPhase = '' + sed 's/getBoolAttr."allowSubstitutes", true./true/' src/libstore/parsed-derivations.cc + ''; + checkPhase = "true"; + installCheckPhase = "true"; + }); + rnix-lsp = with prev; + rustPlatform.buildRustPackage { + pname = "rnix-lsp"; + version = "0.3.0-alejandra"; + + src = fetchFromGitHub { + owner = "nix-community"; + repo = "rnix-lsp"; + # https://github.com/nix-community/rnix-lsp/pull/89 + rev = "9189b50b34285b2a9de36a439f6c990fd283c9c7"; + sha256 = "sha256-ZnUtvwkcz7QlAiqQxhI4qVUhtVR+thLhG3wQlle7oZg="; }; - }); - inherit (noto-variable) noto-fonts-cjk; - nix = prev.nix.overrideAttrs (old: { - postPatchPhase = '' - sed 's/getBoolAttr."allowSubstitutes", true./true/' src/libstore/parsed-derivations.cc - ''; + + cargoSha256 = "sha256-VhE+DspQ0IZKf7rNkERA/gD7iMzjW4TnRSnYy1gdV0s="; + cargoBuildFlags = ["--no-default-features" "--features" "alejandra"]; + checkPhase = "true"; - installCheckPhase = "true"; - }); - rnix-lsp = with prev; - rustPlatform.buildRustPackage { - pname = "rnix-lsp"; - version = "0.3.0-alejandra"; - src = fetchFromGitHub { - owner = "nix-community"; - repo = "rnix-lsp"; - # https://github.com/nix-community/rnix-lsp/pull/89 - rev = "9189b50b34285b2a9de36a439f6c990fd283c9c7"; - sha256 = "sha256-ZnUtvwkcz7QlAiqQxhI4qVUhtVR+thLhG3wQlle7oZg="; - }; - - cargoSha256 = "sha256-VhE+DspQ0IZKf7rNkERA/gD7iMzjW4TnRSnYy1gdV0s="; - cargoBuildFlags = ["--no-default-features" "--features" "alejandra"]; - - checkPhase = "true"; - - meta = with lib; { - description = "A work-in-progress language server for Nix, with syntax checking and basic completion"; - license = licenses.mit; - maintainers = with maintainers; [ma27]; - }; + meta = with lib; { + description = "A work-in-progress language server for Nix, with syntax checking and basic completion"; + license = licenses.mit; + maintainers = with maintainers; [ma27]; }; - hydra-unsstable = nix-packages.packages.${system}.hydra.overrideAttrs (super: { - doCheck = false; - checkPhase = ""; - installCheckPhase = ""; - }); - } + }; + hydra-unsstable = nix-packages.packages.${system}.hydra.overrideAttrs (super: { + doCheck = false; + checkPhase = ""; + installCheckPhase = ""; + }); + }