From 2ca15ddaadd4f1823aed02ba931b5f4d471a052a Mon Sep 17 00:00:00 2001 From: emily Date: Fri, 8 Nov 2024 14:49:21 +0100 Subject: [PATCH 1/9] restic,florp: add backup --- .sops.yaml | 6 ++ config/hosts/florp/configuration.nix | 11 +++- config/hosts/lain/iso.nix | 1 + config/services/akkoma/default.nix | 10 +-- modules/restic/default.nix | 65 +++++++++++++++++++ .../zh3485.rsync.net/ssh_host_ed25519_key.pub | 1 + pkgs/update-nixfiles/update-nixfiles.sh | 5 +- secrets/restic/zh3485s1.yaml | 35 ++++++++++ 8 files changed, 126 insertions(+), 8 deletions(-) create mode 100644 modules/restic/default.nix create mode 100644 modules/restic/zh3485.rsync.net/ssh_host_ed25519_key.pub create mode 100644 secrets/restic/zh3485s1.yaml diff --git a/.sops.yaml b/.sops.yaml index fc9da64..bc78ba5 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -59,3 +59,9 @@ creation_rules: - *emily age: - *florp + - path_regex: secrets/restic/zh3485s1.yaml + key_groups: + - pgp: + - *emily + age: + - *florp diff --git a/config/hosts/florp/configuration.nix b/config/hosts/florp/configuration.nix index 4a7e62f..365cfd5 100644 --- a/config/hosts/florp/configuration.nix +++ b/config/hosts/florp/configuration.nix @@ -12,6 +12,15 @@ domain = lib.mkForce "social"; }; kyouma.nginx.defaultForbidden = "florp.social"; + + kyouma.restic = { + enable = true; + remoteUser = "zh3485s1"; + paths = [ + "/var/lib/akkoma" + "/var/lib/postgresql" + ]; + }; systemd.network.networks."98-eth-default" = { address = [ "2a0f:be01:0:100::171/128" @@ -19,7 +28,7 @@ }; services.postgresql.settings = { - max_connections = 30; + max_connections = 128; shared_buffers = "4GB"; effective_cache_size = "12GB"; maintenance_work_mem = "1GB"; diff --git a/config/hosts/lain/iso.nix b/config/hosts/lain/iso.nix index 69bfdbf..ac836a1 100644 --- a/config/hosts/lain/iso.nix +++ b/config/hosts/lain/iso.nix @@ -1,5 +1,6 @@ { lib, inputs, ... }: { imports = [ + inputs.sops-nix.nixosModules.sops "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ./configuration.nix ]; diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix index 4baebfe..b340fc2 100644 --- a/config/services/akkoma/default.nix +++ b/config/services/akkoma/default.nix @@ -101,7 +101,6 @@ "solitary.social" "donotsta.re" "chaos.social" - "girldick.gay" ]; }; @@ -242,11 +241,12 @@ services.nginx = { clientMaxBodySize = "256m"; commonHttpConfig = '' - proxy_cache_path /var/cache/nginx/akkoma-media-cache - levels= keys_zone=akkoma_media_cache:32m max_size=32g - inactive=1y use_temp_path=off; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/err.log warn; - access_log off; + proxy_cache_path /var/cache/nginx/akkoma-media-cache + levels= keys_zone=akkoma_media_cache:32m max_size=64g + inactive=1y use_temp_path=off; ''; }; kyouma.nginx.virtualHosts = let diff --git a/modules/restic/default.nix b/modules/restic/default.nix new file mode 100644 index 0000000..226001f --- /dev/null +++ b/modules/restic/default.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: let + cfg = config.kyouma.restic; +in { + options.kyouma.restic = let + inherit (lib) mkOption types; + in { + enable = lib.mkEnableOption "Enable restic backup"; + paths = mkOption { + description = "paths to backup"; + type = with types; listOf path; + default = []; + }; + pruneOpts = mkOption { + description = "paths to backup"; + type = with types; listOf str; + default = [ + "--keep-hourly 24" + "--keep-daily 14" + "--keep-weekly 8" + "--keep-monthly 12" + ]; + }; + remote = mkOption { + description = "restic remote to use"; + type = types.nonEmptyStr; + default = "zh3485.rsync.net"; + }; + remoteUser = mkOption { + description = "remote ssh user"; + type = types.nonEmptyStr; + default = ""; + }; + user = mkOption { + description = "user who runs the backup job"; + type = types.nonEmptyStr; + default = "root"; + }; + repo = mkOption { + description = "restic repo"; + type = types.nonEmptyStr; + default = "${config.networking.hostName}-backup"; + }; + }; + config = lib.mkIf cfg.enable { + sops.secrets."restic/${cfg.remoteUser}/password" = { + sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml; + }; + sops.secrets."restic/${cfg.remoteUser}/id_ed25519" = { + sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml; + }; + + services.restic.backups."${config.networking.hostName}-${cfg.remote}" = { + inherit (cfg) paths user pruneOpts; + initialize = true; + repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}"; + passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path; + extraOptions = let + knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub); + sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path; + in [ + "sftp.command='ssh ${cfg.remoteUser}@${cfg.remote} -i ${sshKey} -o UserKnownHostsFile=${knownHost} -s sftp'" + ]; + }; + }; +} diff --git a/modules/restic/zh3485.rsync.net/ssh_host_ed25519_key.pub b/modules/restic/zh3485.rsync.net/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..a4fe26e --- /dev/null +++ b/modules/restic/zh3485.rsync.net/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +zh3485.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd diff --git a/pkgs/update-nixfiles/update-nixfiles.sh b/pkgs/update-nixfiles/update-nixfiles.sh index f2c8169..1bec09d 100644 --- a/pkgs/update-nixfiles/update-nixfiles.sh +++ b/pkgs/update-nixfiles/update-nixfiles.sh @@ -6,7 +6,6 @@ BRANCH="update-inputs-$(date +%Y-%m-%d-%H-%M)" HYDRA_URL="https://hydra.kyouma.net" JOBSET_URL="${HYDRA_URL}/jobset/nixfiles/update-inputs" ROOT="$(mktemp -d)" -START_TIME="$(date +%s)" gitin () { git -C "${ROOT}/nixfiles" "$@" @@ -24,6 +23,8 @@ merge_theirs () { test_build () { local last_error local build_jobs + local start_time + start_time="$(date +%s)" build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")" for build in ${build_jobs}; do @@ -44,7 +45,7 @@ test_build () { done last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")" - [[ $last_error -gt $START_TIME ]] && + [[ $last_error -gt $start_time ]] && echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="@${last_error}")" && exit 1 } diff --git a/secrets/restic/zh3485s1.yaml b/secrets/restic/zh3485s1.yaml new file mode 100644 index 0000000..7ec39ce --- /dev/null +++ b/secrets/restic/zh3485s1.yaml @@ -0,0 +1,35 @@ +restic: + zh3485s1: + password: ENC[AES256_GCM,data:lDDSSqUH3pewpMA+6SNwGwRz95MBjeaD6I3RWUQNBFXsw/W9RoIY85AcRXxCl7CW,iv:NFF6uCs2FolMe9cgPkoAFmbWdXG2SuVRtoOyQXouEAU=,tag:UeC49xFwFkMh0Wi8p9reFw==,type:str] + id_ed25519: ENC[AES256_GCM,data:fe2CAKWSrEOvEPZgGhbigw+DEnDUGtTXEj7nuGaH5enMGDvd7QtRlDYLkM+g9zKrRJ46e2nM6btUZVqqx4rJiUbjJ5B/cBzb259CTxKGgHeMj/cYXPypamIEKFwUrloxzrgxH5JIOoUvj9Ny1P1UPIB//B5Z1Uunqmdqd2XoiAtDwZ/hvyuOfdFyUkKmOnCdF4pheMRXZ6Z51N4f09OIwuZ/xC4LQYAVB2lyycOgrvefPA5YYabMd23yEXn6v/BiP1TWbSInTHvz6Rii2WYqYO3ORCfi1pvWe15kSrTsT9zYRzLvZi5TD+4FMhLmIttZB2OXK7X+h6cHtej7X+v6HKhMKHNJhukRUP7DpcZ0+ArBEdw2j+H7C4q8NdR9rk4we7WpdQlY7tGpJvEzSis+P/Jph/tkzx6xXpKiOeOAXgQUS41qcAy7gmZj7CdsulerUHcfDy4a0y1OEuDmoYW420cGGYOCB9BlvYQbaDhyv5AMSL8sMZfm7mX5qXliE7ZQc20ggKoY2MKH6RjnT8pQhMBWo/NW13PPBDIL,iv:1+aopW183ir5XHMKcDons24A/E61mLuyJGrQTRpPXdE=,tag:s1w+HZdktM0H9FUrz097Cw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeWpKYktzVE1tMkpGU1c5 + akZZdlBkeFQyUmUrOHZxTGE2V1FUVmV3cG5VCmZvTG1JTS9SUTk1aVl6TnBPQ1Fh + clRDTmQzQUJxWlYyV2dmVXNyTDJ2K0kKLS0tIHA3S0dsQzRxRWF4RFdSSzh1aXI5 + ZFQvWFhZTndubkxaRVh3YXl0V25ZcUEK0/wV9i01kRkphrseSBqAL9f8tUlUtJDO + PUZL2Em/QjNEnXJaxxR612ONA94ptK9bsqzRJV5RtGqDwd+oAnr13Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-08T13:41:02Z" + mac: ENC[AES256_GCM,data:tMatUcv/jbvQ1URp6DrUyuiB9+rgCCdOxEVcM0NBiV5P9DGWE1hWytky4yPE9nFUOWLI7m4nTSEXHuT4yT3LkBd1Ndzhm5wQ0NEAVnZ6Sj7YOQI5CS1q95sviJBv57PBkaajHDNeSJX2hEQeR4qJFUR4fu0hIwadyzeunP/kfKE=,iv:gXRAg4cN43ocQMZm0lL8AnrbDtK+TKGchWpd/TYhnjA=,tag:+HqYuDWjoTdv+CWrJmuwxA==,type:str] + pgp: + - created_at: "2024-11-08T13:31:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4D1GtNSlou/HkSAQdALVqRZ2qzjR86mEE/MHAR5H3gmIukchY/NSvGg1Ggfmsw + uZhnl5puGOO579ItHXbk+BYwBS2koL7jyhnX8E9zmM3d3SZHwzx0mk79fr2jLFj6 + 0l4BLrhhcpUtzfje4/SeTgWFRIA68ON/PUTmW2Lgclh9OpQfbbousFS/JMvvdHaT + /3uJEww5MKMPlqWqK7w7z6iwIITRKH0vzQoIZ3hVcDKtKOJrJ/1bWcJorFsazxvT + =KZPf + -----END PGP MESSAGE----- + fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5 + unencrypted_suffix: _unencrypted + version: 3.9.1 From d6328117b88307defb72f8a82aca6a7a3800d1e1 Mon Sep 17 00:00:00 2001 From: emily Date: Sat, 9 Nov 2024 20:20:55 +0100 Subject: [PATCH 2/9] florp: add about page --- config/services/akkoma/default.nix | 11 ++++------ flake.lock | 29 +++++++++++++++++++++---- flake.nix | 4 ++++ pkgs/update-nixfiles/update-nixfiles.sh | 4 +--- 4 files changed, 34 insertions(+), 14 deletions(-) diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix index b340fc2..43299cc 100644 --- a/config/services/akkoma/default.nix +++ b/config/services/akkoma/default.nix @@ -26,13 +26,10 @@ extraStatic."static/themes/elly-mod.json" = pkgs.writeText "elly-mod.json" (builtins.readFile ./elly-mod.json); - extraStatic."static/terms-of-service.html" = pkgs.writeText "terms-of-service.html" '' -

Likes are now florps. The timeline goes sideways.

- ''; - - extraStatic."images/sylvia-ritter-15012323.avif" = inputs.florp-branding.packages.${config.nixpkgs.hostPlatform.system}.wallpaper; - - extraStatic."favicon.png" = inputs.florp-branding.packages.${config.nixpkgs.hostPlatform.system}.favicon; + extraStatic."static/terms-of-service.html" = inputs.florp-about.packages.${pkgs.system}.default; + extraStatic."images/sylvia-ritter-15012323.avif" = inputs.florp-branding.packages.${pkgs.system}.wallpaper; + extraStatic."images/florp_banner.avif" = inputs.florp-branding.packages.${pkgs.system}.banner; + extraStatic."favicon.png" = inputs.florp-branding.packages.${pkgs.system}.favicon; frontends = { primary = { diff --git a/flake.lock b/flake.lock index faec4a2..7ff8472 100644 --- a/flake.lock +++ b/flake.lock @@ -430,6 +430,26 @@ "type": "github" } }, + "florp-about": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731180923, + "narHash": "sha256-DU0gHg/TgpoYBBvpiRIbRGVwLma5xfqxn6gHdIsAqko=", + "ref": "refs/heads/main", + "rev": "35e71f8654bc7df450f24003353fccf45ceb5678", + "revCount": 2, + "type": "git", + "url": "https://woof.rip/florp/about.git" + }, + "original": { + "type": "git", + "url": "https://woof.rip/florp/about.git" + } + }, "florp-branding": { "inputs": { "nixpkgs": [ @@ -437,11 +457,11 @@ ] }, "locked": { - "lastModified": 1730825511, - "narHash": "sha256-Ywc4Y+4VobocyxcVhHlJ5Q5h1fOdsJNlAlWlrkqC8U0=", + "lastModified": 1731182323, + "narHash": "sha256-Ecw7fOxv3hp1iLWBqlYW9TTNi0LTtiu92gtqfdn5v20=", "ref": "refs/heads/main", - "rev": "81bde12357d59215e7d67c7f55c2eb3d54c47689", - "revCount": 2, + "rev": "8aaf8c85b902eaaabfdeadd5502019b2816991b9", + "revCount": 3, "type": "git", "url": "https://woof.rip/florp/branding.git" }, @@ -1016,6 +1036,7 @@ "dns": "dns", "fernglas": "fernglas", "flake-utils": "flake-utils", + "florp-about": "florp-about", "florp-branding": "florp-branding", "home-manager": "home-manager", "hydra": "hydra", diff --git a/flake.nix b/flake.nix index f92ed80..63d1431 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,10 @@ url = "git+https://woof.rip/florp/branding.git"; inputs.nixpkgs.follows = "nixpkgs"; }; + florp-about = { + url = "git+https://woof.rip/florp/about.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/pkgs/update-nixfiles/update-nixfiles.sh b/pkgs/update-nixfiles/update-nixfiles.sh index 1bec09d..bac780a 100644 --- a/pkgs/update-nixfiles/update-nixfiles.sh +++ b/pkgs/update-nixfiles/update-nixfiles.sh @@ -23,8 +23,6 @@ merge_theirs () { test_build () { local last_error local build_jobs - local start_time - start_time="$(date +%s)" build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")" for build in ${build_jobs}; do @@ -45,7 +43,7 @@ test_build () { done last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")" - [[ $last_error -gt $start_time ]] && + [[ $last_error -gt $(date +%s) ]] && echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="@${last_error}")" && exit 1 } From d1091ec8bac48415cb7e78b812ac0ab447f8c8a6 Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sat, 9 Nov 2024 21:43:27 +0100 Subject: [PATCH 3/9] Adjust and amend defederation reason wording --- config/services/akkoma/default.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix index 43299cc..4e8eba8 100644 --- a/config/services/akkoma/default.nix +++ b/config/services/akkoma/default.nix @@ -151,27 +151,27 @@ ":mrf_simple" = { reject = mapAttrsToListOfTuple { - "bae.st" = "transphobia / queerphobia"; - "brighteon.social" = "transphobia, pro trump"; - "detroitriotcity.com" = "transphobia / queerphobia"; + "bae.st" = "transphobia, queerphobia"; + "brighteon.social" = "transphobia, right‐wing extremism"; + "detroitriotcity.com" = "transphobia, queerphobia"; "freeatlantis.com" = "harassment"; "freespeechextremist.com" = "N/A"; "gab.com" = "N/A"; "gleasonator.com" = "transphobia"; "kitsunemimi.club" = "transphobia"; - "kiwifarms.*" = "N/A"; - "poa.st" = "queerphobia / racism / nazis"; + "kiwifarms.*" = "harassment"; + "poa.st" = "queerphobia, racism, right‐wing extremism"; "seal.cafe" = "transphobia"; "social.quodverum.com" = "N/A"; "spinster.xyz" = "transphobia"; "truthsocial.co.in" = "N/A"; "varishangout.net" = "transphobia"; "activitypub-troll.cf" = "N/A"; - "misskey-forkbomb.cf" = "N/A"; + "misskey-forkbomb.cf" = "security"; "repl.co" = "N/A"; - "rape.pet" = "CP"; - "childlove.space" = "CP"; - "pedo.school" = "CP"; + "rape.pet" = "CSAM"; + "childlove.space" = "CSAM"; + "pedo.school" = "CSAM"; "loli.church" = "transphobia"; "usasa.ky" = "spam"; "tickler.cc" = "spam"; From 695892638a4624d34f4efce3e27bbed10e47407e Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sat, 9 Nov 2024 21:51:15 +0100 Subject: [PATCH 4/9] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'florp-about': 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=35e71f8654bc7df450f24003353fccf45ceb5678' (2024-11-09) → 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=1d3098ad7775426c092a5bd13498d98a8b02b116' (2024-11-09) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 7ff8472..cca7698 100644 --- a/flake.lock +++ b/flake.lock @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1731180923, - "narHash": "sha256-DU0gHg/TgpoYBBvpiRIbRGVwLma5xfqxn6gHdIsAqko=", + "lastModified": 1731185407, + "narHash": "sha256-4LdV+ZK7slyONezfW3aZmBuTt4lnxBTmREemBW7VBtk=", "ref": "refs/heads/main", - "rev": "35e71f8654bc7df450f24003353fccf45ceb5678", - "revCount": 2, + "rev": "1d3098ad7775426c092a5bd13498d98a8b02b116", + "revCount": 6, "type": "git", "url": "https://woof.rip/florp/about.git" }, From 24819a7f566541ddf923b9fb0b5e7c89463d2857 Mon Sep 17 00:00:00 2001 From: emily Date: Sat, 9 Nov 2024 22:05:02 +0100 Subject: [PATCH 5/9] restic: add timer option --- config/hosts/florp/configuration.nix | 5 +++++ config/services/akkoma/default.nix | 5 ++--- modules/restic/default.nix | 12 ++++++++++-- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/config/hosts/florp/configuration.nix b/config/hosts/florp/configuration.nix index 365cfd5..c258a57 100644 --- a/config/hosts/florp/configuration.nix +++ b/config/hosts/florp/configuration.nix @@ -16,9 +16,14 @@ kyouma.restic = { enable = true; remoteUser = "zh3485s1"; + timerConfig = { + OnCalendar = "hourly"; + Persistent = true; + }; paths = [ "/var/lib/akkoma" "/var/lib/postgresql" + "/var/lib/secrets" ]; }; systemd.network.networks."98-eth-default" = { diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix index 4e8eba8..7f7b4fa 100644 --- a/config/services/akkoma/default.nix +++ b/config/services/akkoma/default.nix @@ -238,11 +238,10 @@ services.nginx = { clientMaxBodySize = "256m"; commonHttpConfig = '' - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/err.log warn; + access_log off; proxy_cache_path /var/cache/nginx/akkoma-media-cache - levels= keys_zone=akkoma_media_cache:32m max_size=64g + levels= keys_zone=akkoma_media_cache:64m max_size=64g inactive=1y use_temp_path=off; ''; }; diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 226001f..2661253 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: let +{ config, lib, pkgs, utils, ... }: let cfg = config.kyouma.restic; in { options.kyouma.restic = let @@ -40,6 +40,14 @@ in { type = types.nonEmptyStr; default = "${config.networking.hostName}-backup"; }; + timerConfig = mkOption { + description = "timer config"; + type = with types; nullOr (attrsOf utils.systemdUtils.unitOptions.unitOption); + default = { + OnCalendar = "daily"; + Persistent = true; + }; + }; }; config = lib.mkIf cfg.enable { sops.secrets."restic/${cfg.remoteUser}/password" = { @@ -50,7 +58,7 @@ in { }; services.restic.backups."${config.networking.hostName}-${cfg.remote}" = { - inherit (cfg) paths user pruneOpts; + inherit (cfg) paths user pruneOpts timerConfig; initialize = true; repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}"; passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path; From 29b7574b8605f048ada17ac129106213a75cce2f Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sat, 9 Nov 2024 22:43:58 +0100 Subject: [PATCH 6/9] akkoma: Limit banner image width --- config/services/akkoma/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix index 7f7b4fa..ff1a6f4 100644 --- a/config/services/akkoma/default.nix +++ b/config/services/akkoma/default.nix @@ -26,6 +26,10 @@ extraStatic."static/themes/elly-mod.json" = pkgs.writeText "elly-mod.json" (builtins.readFile ./elly-mod.json); + extraStatic."static/custom.css" = pkgs.writeText "custom.css" '' + .tos-content img { max-width: 100%; } + ''; + extraStatic."static/terms-of-service.html" = inputs.florp-about.packages.${pkgs.system}.default; extraStatic."images/sylvia-ritter-15012323.avif" = inputs.florp-branding.packages.${pkgs.system}.wallpaper; extraStatic."images/florp_banner.avif" = inputs.florp-branding.packages.${pkgs.system}.banner; From aaf77b9ca9deabc8678e0b4319b202952c2cce74 Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sat, 9 Nov 2024 23:06:01 +0100 Subject: [PATCH 7/9] akkoma: Create backups from database dump --- config/hosts/florp/configuration.nix | 20 +++++++++++++++++--- modules/restic/default.nix | 13 +++++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/config/hosts/florp/configuration.nix b/config/hosts/florp/configuration.nix index c258a57..133e22d 100644 --- a/config/hosts/florp/configuration.nix +++ b/config/hosts/florp/configuration.nix @@ -1,4 +1,4 @@ -{ lib, ... }: { +{ lib, config, ... }: { imports = [ ../../common ../../profiles/headless.nix @@ -13,7 +13,9 @@ }; kyouma.nginx.defaultForbidden = "florp.social"; - kyouma.restic = { + kyouma.restic = let + pgBackup = "/var/cache/postgresql.sql"; + in { enable = true; remoteUser = "zh3485s1"; timerConfig = { @@ -22,9 +24,21 @@ }; paths = [ "/var/lib/akkoma" - "/var/lib/postgresql" "/var/lib/secrets" + pgBackup ]; + + backupPrepareCommand = '' + umask 0077 + rm -f -- ${pgBackup} + ${lib.getExe' config.services.postgresql.package "pg_dumpall"} \ + -U ${config.services.postgresql.superUser} \ + -f ${pgBackup} + ''; + + backupCleanupCommand = '' + rm -f -- ${pgBackup} + ''; }; systemd.network.networks."98-eth-default" = { address = [ diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 2661253..b1c8ca3 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -48,6 +48,19 @@ in { Persistent = true; }; }; + + # FIXME: Can these be just inherited? + backupPrepareCommand = mkOption { + description = "preparation script"; + type = with types; nullOr str; + default = null; + }; + + backupCleanupCommand = mkOption { + description = "cleanup script"; + type = with types; nullOr str; + default = null; + }; }; config = lib.mkIf cfg.enable { sops.secrets."restic/${cfg.remoteUser}/password" = { From 5219aabfc17833a799aad73d66405adab2041052 Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sat, 9 Nov 2024 23:08:55 +0100 Subject: [PATCH 8/9] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'florp-about': 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=1d3098ad7775426c092a5bd13498d98a8b02b116' (2024-11-09) → 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=1845276697adca236be3e7a983238d2a2d0d57b5' (2024-11-09) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index cca7698..e18f443 100644 --- a/flake.lock +++ b/flake.lock @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1731185407, - "narHash": "sha256-4LdV+ZK7slyONezfW3aZmBuTt4lnxBTmREemBW7VBtk=", + "lastModified": 1731187545, + "narHash": "sha256-n/BOlXvOcX5yn2mbjazfCcbojzczCdmcjQNaH7Dcdd4=", "ref": "refs/heads/main", - "rev": "1d3098ad7775426c092a5bd13498d98a8b02b116", - "revCount": 6, + "rev": "1845276697adca236be3e7a983238d2a2d0d57b5", + "revCount": 7, "type": "git", "url": "https://woof.rip/florp/about.git" }, From 9f6c211faa0eb191cbf738ed87a5a45576422ed5 Mon Sep 17 00:00:00 2001 From: Update Bot Date: Sun, 10 Nov 2024 04:20:17 +0100 Subject: [PATCH 9/9] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'attic': 'github:zhaofengli/attic/48c8b395bfbc6b76c7eae74df6c74351255a095c' (2024-10-30) → 'github:zhaofengli/attic/a02bf38a7562e4041345a136aef6e5a4eb891bbb' (2024-11-09) • Updated input 'disko': 'github:nix-community/disko/380847d94ff0fedee8b50ee4baddb162c06678df' (2024-11-03) → 'github:nix-community/disko/5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f' (2024-11-08) • Updated input 'home-manager': 'github:nix-community/home-manager/8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661' (2024-11-03) → 'github:nix-community/home-manager/2f607e07f3ac7e53541120536708e824acccfaa8' (2024-11-05) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/f6e0cd5c47d150c4718199084e5764f968f1b560' (2024-11-02) → 'github:nixos/nixos-hardware/e1cc1f6483393634aee94514186d21a4871e78d7' (2024-11-06) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d' (2024-11-02) → 'github:nixos/nixpkgs/4aa36568d413aca0ea84a1684d2d46f55dbabad7' (2024-11-05) • Updated input 'nixvim': 'github:nix-community/nixvim/6f210158b03b01a1fd44bf3968165e6da80635ce' (2024-11-02) → 'github:nix-community/nixvim/31364af1990067d5529846a2ebf17a42c5ab22ff' (2024-11-09) • Updated input 'nixvim/git-hooks': 'github:cachix/git-hooks.nix/af8a16fe5c264f5e9e18bcee2859b40a656876cf' (2024-10-30) → 'github:cachix/git-hooks.nix/d70155fdc00df4628446352fc58adc640cd705c2' (2024-11-05) • Updated input 'nixvim/nix-darwin': 'github:lnl7/nix-darwin/683d0c4cd1102dcccfa3f835565378c7f3cbe05e' (2024-11-01) → 'github:lnl7/nix-darwin/5c74ab862c8070cbf6400128a1b56abb213656da' (2024-11-09) • Updated input 'nixvim/nuschtosSearch': 'github:NuschtOS/search/9e22bd742480916ff5d0ab20ca2522eaa3fa061e' (2024-11-02) → 'github:NuschtOS/search/ef493352f9e1f051e01a55c062731503a6b36b4e' (2024-11-08) • Updated input 'nixvim/nuschtosSearch/ixx': 'github:NuschtOS/ixx/65c207c92befec93e22086da9456d3906a4e999c' (2024-10-21) → 'github:NuschtOS/ixx/9fd01aad037f345350eab2cd45e1946cc66da4eb' (2024-10-26) • Updated input 'sops-nix': 'github:Mic92/sops-nix/e9b5eef9b51cdf966c76143e13a9476725b2f760' (2024-11-03) → 'github:Mic92/sops-nix/60e1bce1999f126e3b16ef45f89f72f0c3f8d16f' (2024-11-08) • Updated input 'stylix': 'github:danth/stylix/04afcfc0684d9bbb24bb1dc77afda7c1843ec93b' (2024-10-26) → 'github:danth/stylix/6863412636c8f2cb3b7360f747fbd020fbfddf68' (2024-11-08) • Updated input 'stylix/tinted-foot': 'github:tinted-theming/tinted-foot/eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce' (2023-10-08) → 'github:tinted-theming/tinted-foot/fd1b924b6c45c3e4465e8a849e67ea82933fcbe4' (2024-09-21) --- flake.lock | 81 +++++++++++++++++++++++++++--------------------------- 1 file changed, 41 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index e18f443..1a53769 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1730257295, - "narHash": "sha256-OQl+aAsKiyygvpzck1u0sZf/R4T9zM903CgNDFmmzA8=", + "lastModified": 1731193172, + "narHash": "sha256-Ykz7q58tF0wLTOjCxQMe5+jdAPPQ1dC8k39y9I/5k+I=", "owner": "zhaofengli", "repo": "attic", - "rev": "48c8b395bfbc6b76c7eae74df6c74351255a095c", + "rev": "a02bf38a7562e4041345a136aef6e5a4eb891bbb", "type": "github" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1730675461, - "narHash": "sha256-Mhqz3p/HEiI/zxBJWO57LYQf6gGlJB0tci6fiVXLjd8=", + "lastModified": 1731060864, + "narHash": "sha256-aYE7oAYZ+gPU1mPNhM0JwLAQNgjf0/JK1BF1ln2KBgk=", "owner": "nix-community", "repo": "disko", - "rev": "380847d94ff0fedee8b50ee4baddb162c06678df", + "rev": "5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1730302582, - "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=", + "lastModified": 1730814269, + "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf", + "rev": "d70155fdc00df4628446352fc58adc640cd705c2", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1730633670, - "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", "owner": "nix-community", "repo": "home-manager", - "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", "type": "github" }, "original": { @@ -613,16 +613,16 @@ ] }, "locked": { - "lastModified": 1729544999, - "narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=", + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", "owner": "NuschtOS", "repo": "ixx", - "rev": "65c207c92befec93e22086da9456d3906a4e999c", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", "type": "github" }, "original": { "owner": "NuschtOS", - "ref": "v0.0.5", + "ref": "v0.0.6", "repo": "ixx", "type": "github" } @@ -713,11 +713,11 @@ ] }, "locked": { - "lastModified": 1730448474, - "narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=", + "lastModified": 1731153869, + "narHash": "sha256-3Ftf9oqOypcEyyrWJ0baVkRpvQqroK/SVBFLvU3nPuc=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e", + "rev": "5c74ab862c8070cbf6400128a1b56abb213656da", "type": "github" }, "original": { @@ -815,11 +815,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730537918, - "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", + "lastModified": 1730919458, + "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", + "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", "type": "github" }, "original": { @@ -946,11 +946,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { @@ -977,11 +977,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1730569492, - "narHash": "sha256-NByr7l7JetL9kIrdCOcRqBu+lAkruYXETp1DMiDHNQs=", + "lastModified": 1731155487, + "narHash": "sha256-+D57j7BcV5O3XH9za3c3XXVLHr+F+enThAN2EeF6H/M=", "owner": "nix-community", "repo": "nixvim", - "rev": "6f210158b03b01a1fd44bf3968165e6da80635ce", + "rev": "31364af1990067d5529846a2ebf17a42c5ab22ff", "type": "github" }, "original": { @@ -1000,11 +1000,11 @@ ] }, "locked": { - "lastModified": 1730515563, - "narHash": "sha256-8lklUZRV7nwkPLF3roxzi4C2oyLydDXyAzAnDvjkOms=", + "lastModified": 1731060242, + "narHash": "sha256-43yLsOm/wxBbfYSNDWVJeVv5Ij+23X3BIjFUfsdx/6M=", "owner": "NuschtOS", "repo": "search", - "rev": "9e22bd742480916ff5d0ab20ca2522eaa3fa061e", + "rev": "ef493352f9e1f051e01a55c062731503a6b36b4e", "type": "github" }, "original": { @@ -1059,11 +1059,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1730605784, - "narHash": "sha256-1NveNAMLHbxOg0BpBMSVuZ2yW2PpDnZLbZ25wV50PMc=", + "lastModified": 1731047660, + "narHash": "sha256-iyp51lPWEQz4c5VH9bVbAuBcFP4crETU2QJYh5V0NYA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e9b5eef9b51cdf966c76143e13a9476725b2f760", + "rev": "60e1bce1999f126e3b16ef45f89f72f0c3f8d16f", "type": "github" }, "original": { @@ -1093,11 +1093,11 @@ "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1729963473, - "narHash": "sha256-uGjTjvvlGQfQ0yypVP+at0NizI2nrb6kz4wGAqzRGbY=", + "lastModified": 1731090365, + "narHash": "sha256-ti3gXhgVpIUL/7w6zDJuH+hOnyTZqxrIX/yYqALmiEI=", "owner": "danth", "repo": "stylix", - "rev": "04afcfc0684d9bbb24bb1dc77afda7c1843ec93b", + "rev": "6863412636c8f2cb3b7360f747fbd020fbfddf68", "type": "github" }, "original": { @@ -1169,16 +1169,17 @@ "tinted-foot": { "flake": false, "locked": { - "lastModified": 1696725948, - "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", "owner": "tinted-theming", "repo": "tinted-foot", - "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", "type": "github" }, "original": { "owner": "tinted-theming", "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", "type": "github" } },