diff --git a/config/hosts/florp/configuration.nix b/config/hosts/florp/configuration.nix index 365cfd5..133e22d 100644 --- a/config/hosts/florp/configuration.nix +++ b/config/hosts/florp/configuration.nix @@ -1,4 +1,4 @@ -{ lib, ... }: { +{ lib, config, ... }: { imports = [ ../../common ../../profiles/headless.nix @@ -13,13 +13,32 @@ }; kyouma.nginx.defaultForbidden = "florp.social"; - kyouma.restic = { + kyouma.restic = let + pgBackup = "/var/cache/postgresql.sql"; + in { enable = true; remoteUser = "zh3485s1"; + timerConfig = { + OnCalendar = "hourly"; + Persistent = true; + }; paths = [ "/var/lib/akkoma" - "/var/lib/postgresql" + "/var/lib/secrets" + pgBackup ]; + + backupPrepareCommand = '' + umask 0077 + rm -f -- ${pgBackup} + ${lib.getExe' config.services.postgresql.package "pg_dumpall"} \ + -U ${config.services.postgresql.superUser} \ + -f ${pgBackup} + ''; + + backupCleanupCommand = '' + rm -f -- ${pgBackup} + ''; }; systemd.network.networks."98-eth-default" = { address = [ diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix index daceede..ff1a6f4 100644 --- a/config/services/akkoma/default.nix +++ b/config/services/akkoma/default.nix @@ -26,13 +26,14 @@ extraStatic."static/themes/elly-mod.json" = pkgs.writeText "elly-mod.json" (builtins.readFile ./elly-mod.json); - extraStatic."static/terms-of-service.html" = pkgs.writeText "terms-of-service.html" '' -

Likes are now florps. The timeline goes sideways.

+ extraStatic."static/custom.css" = pkgs.writeText "custom.css" '' + .tos-content img { max-width: 100%; } ''; - extraStatic."images/sylvia-ritter-15012323.avif" = inputs.florp-branding.packages.${config.nixpkgs.hostPlatform.system}.wallpaper; - - extraStatic."favicon.png" = inputs.florp-branding.packages.${config.nixpkgs.hostPlatform.system}.favicon; + extraStatic."static/terms-of-service.html" = inputs.florp-about.packages.${pkgs.system}.default; + extraStatic."images/sylvia-ritter-15012323.avif" = inputs.florp-branding.packages.${pkgs.system}.wallpaper; + extraStatic."images/florp_banner.avif" = inputs.florp-branding.packages.${pkgs.system}.banner; + extraStatic."favicon.png" = inputs.florp-branding.packages.${pkgs.system}.favicon; frontends = { primary = { @@ -101,7 +102,6 @@ "solitary.social" "donotsta.re" "chaos.social" - "girldick.gay" ]; }; @@ -155,27 +155,27 @@ ":mrf_simple" = { reject = mapAttrsToListOfTuple { - "bae.st" = "transphobia / queerphobia"; - "brighteon.social" = "transphobia, pro trump"; - "detroitriotcity.com" = "transphobia / queerphobia"; + "bae.st" = "transphobia, queerphobia"; + "brighteon.social" = "transphobia, right‐wing extremism"; + "detroitriotcity.com" = "transphobia, queerphobia"; "freeatlantis.com" = "harassment"; "freespeechextremist.com" = "N/A"; "gab.com" = "N/A"; "gleasonator.com" = "transphobia"; "kitsunemimi.club" = "transphobia"; - "kiwifarms.*" = "N/A"; - "poa.st" = "queerphobia / racism / nazis"; + "kiwifarms.*" = "harassment"; + "poa.st" = "queerphobia, racism, right‐wing extremism"; "seal.cafe" = "transphobia"; "social.quodverum.com" = "N/A"; "spinster.xyz" = "transphobia"; "truthsocial.co.in" = "N/A"; "varishangout.net" = "transphobia"; "activitypub-troll.cf" = "N/A"; - "misskey-forkbomb.cf" = "N/A"; + "misskey-forkbomb.cf" = "security"; "repl.co" = "N/A"; - "rape.pet" = "CP"; - "childlove.space" = "CP"; - "pedo.school" = "CP"; + "rape.pet" = "CSAM"; + "childlove.space" = "CSAM"; + "pedo.school" = "CSAM"; "loli.church" = "transphobia"; "usasa.ky" = "spam"; "tickler.cc" = "spam"; @@ -242,11 +242,10 @@ services.nginx = { clientMaxBodySize = "256m"; commonHttpConfig = '' - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/err.log warn; + access_log off; proxy_cache_path /var/cache/nginx/akkoma-media-cache - levels= keys_zone=akkoma_media_cache:32m max_size=64g + levels= keys_zone=akkoma_media_cache:64m max_size=64g inactive=1y use_temp_path=off; ''; }; diff --git a/flake.lock b/flake.lock index 24f0129..1a53769 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1730906442, - "narHash": "sha256-tBuyb8jWBSHHgcIrOfiyQJZGY1IviMzH2V74t7gWfgI=", + "lastModified": 1731193172, + "narHash": "sha256-Ykz7q58tF0wLTOjCxQMe5+jdAPPQ1dC8k39y9I/5k+I=", "owner": "zhaofengli", "repo": "attic", - "rev": "d0b66cf897e4d55f03d341562c9821dc4e566e54", + "rev": "a02bf38a7562e4041345a136aef6e5a4eb891bbb", "type": "github" }, "original": { @@ -430,6 +430,26 @@ "type": "github" } }, + "florp-about": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731187545, + "narHash": "sha256-n/BOlXvOcX5yn2mbjazfCcbojzczCdmcjQNaH7Dcdd4=", + "ref": "refs/heads/main", + "rev": "1845276697adca236be3e7a983238d2a2d0d57b5", + "revCount": 7, + "type": "git", + "url": "https://woof.rip/florp/about.git" + }, + "original": { + "type": "git", + "url": "https://woof.rip/florp/about.git" + } + }, "florp-branding": { "inputs": { "nixpkgs": [ @@ -437,11 +457,11 @@ ] }, "locked": { - "lastModified": 1730825511, - "narHash": "sha256-Ywc4Y+4VobocyxcVhHlJ5Q5h1fOdsJNlAlWlrkqC8U0=", + "lastModified": 1731182323, + "narHash": "sha256-Ecw7fOxv3hp1iLWBqlYW9TTNi0LTtiu92gtqfdn5v20=", "ref": "refs/heads/main", - "rev": "81bde12357d59215e7d67c7f55c2eb3d54c47689", - "revCount": 2, + "rev": "8aaf8c85b902eaaabfdeadd5502019b2816991b9", + "revCount": 3, "type": "git", "url": "https://woof.rip/florp/branding.git" }, @@ -693,11 +713,11 @@ ] }, "locked": { - "lastModified": 1730779758, - "narHash": "sha256-5WI9AnsBwhLzVRnQm3Qn9oAbROnuLDQTpaXeyZCK8qw=", + "lastModified": 1731153869, + "narHash": "sha256-3Ftf9oqOypcEyyrWJ0baVkRpvQqroK/SVBFLvU3nPuc=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "0e3f3f017c14467085f15d42343a3aaaacd89bcb", + "rev": "5c74ab862c8070cbf6400128a1b56abb213656da", "type": "github" }, "original": { @@ -957,11 +977,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1731009822, - "narHash": "sha256-VwGfFYHjizs7yQwh8JRlDUVkHLPc34jdqkQ2vyv6ddY=", + "lastModified": 1731155487, + "narHash": "sha256-+D57j7BcV5O3XH9za3c3XXVLHr+F+enThAN2EeF6H/M=", "owner": "nix-community", "repo": "nixvim", - "rev": "aabbd60633947baba11db44df84f402edc241440", + "rev": "31364af1990067d5529846a2ebf17a42c5ab22ff", "type": "github" }, "original": { @@ -980,11 +1000,11 @@ ] }, "locked": { - "lastModified": 1730760712, - "narHash": "sha256-F4H98tjNgySlSLItuOqHYo9LF85rFoS/Vr0uOrq7BM4=", + "lastModified": 1731060242, + "narHash": "sha256-43yLsOm/wxBbfYSNDWVJeVv5Ij+23X3BIjFUfsdx/6M=", "owner": "NuschtOS", "repo": "search", - "rev": "aa5214c81b904a19f7a54f7a8f288f7902586eee", + "rev": "ef493352f9e1f051e01a55c062731503a6b36b4e", "type": "github" }, "original": { @@ -1016,6 +1036,7 @@ "dns": "dns", "fernglas": "fernglas", "flake-utils": "flake-utils", + "florp-about": "florp-about", "florp-branding": "florp-branding", "home-manager": "home-manager", "hydra": "hydra", diff --git a/flake.nix b/flake.nix index f92ed80..63d1431 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,10 @@ url = "git+https://woof.rip/florp/branding.git"; inputs.nixpkgs.follows = "nixpkgs"; }; + florp-about = { + url = "git+https://woof.rip/florp/about.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 226001f..b1c8ca3 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: let +{ config, lib, pkgs, utils, ... }: let cfg = config.kyouma.restic; in { options.kyouma.restic = let @@ -40,6 +40,27 @@ in { type = types.nonEmptyStr; default = "${config.networking.hostName}-backup"; }; + timerConfig = mkOption { + description = "timer config"; + type = with types; nullOr (attrsOf utils.systemdUtils.unitOptions.unitOption); + default = { + OnCalendar = "daily"; + Persistent = true; + }; + }; + + # FIXME: Can these be just inherited? + backupPrepareCommand = mkOption { + description = "preparation script"; + type = with types; nullOr str; + default = null; + }; + + backupCleanupCommand = mkOption { + description = "cleanup script"; + type = with types; nullOr str; + default = null; + }; }; config = lib.mkIf cfg.enable { sops.secrets."restic/${cfg.remoteUser}/password" = { @@ -50,7 +71,7 @@ in { }; services.restic.backups."${config.networking.hostName}-${cfg.remote}" = { - inherit (cfg) paths user pruneOpts; + inherit (cfg) paths user pruneOpts timerConfig; initialize = true; repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}"; passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path; diff --git a/pkgs/update-nixfiles/update-nixfiles.sh b/pkgs/update-nixfiles/update-nixfiles.sh index 1bec09d..bac780a 100644 --- a/pkgs/update-nixfiles/update-nixfiles.sh +++ b/pkgs/update-nixfiles/update-nixfiles.sh @@ -23,8 +23,6 @@ merge_theirs () { test_build () { local last_error local build_jobs - local start_time - start_time="$(date +%s)" build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")" for build in ${build_jobs}; do @@ -45,7 +43,7 @@ test_build () { done last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")" - [[ $last_error -gt $start_time ]] && + [[ $last_error -gt $(date +%s) ]] && echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="@${last_error}")" && exit 1 }