Compare commits

...

4 commits

Author SHA1 Message Date
Update Bot
c1a4a822b3
Update from update-inputs-2024-11-09-04-20 2024-11-09 04:20:12 +01:00
Update Bot
60cfe99039
flake.lock: Update
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/48c8b395bfbc6b76c7eae74df6c74351255a095c' (2024-10-30)
  → 'github:zhaofengli/attic/d0b66cf897e4d55f03d341562c9821dc4e566e54' (2024-11-06)
• Updated input 'disko':
    'github:nix-community/disko/380847d94ff0fedee8b50ee4baddb162c06678df' (2024-11-03)
  → 'github:nix-community/disko/5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f' (2024-11-08)
• Updated input 'home-manager':
    'github:nix-community/home-manager/8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661' (2024-11-03)
  → 'github:nix-community/home-manager/2f607e07f3ac7e53541120536708e824acccfaa8' (2024-11-05)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/f6e0cd5c47d150c4718199084e5764f968f1b560' (2024-11-02)
  → 'github:nixos/nixos-hardware/e1cc1f6483393634aee94514186d21a4871e78d7' (2024-11-06)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d' (2024-11-02)
  → 'github:nixos/nixpkgs/4aa36568d413aca0ea84a1684d2d46f55dbabad7' (2024-11-05)
• Updated input 'nixvim':
    'github:nix-community/nixvim/6f210158b03b01a1fd44bf3968165e6da80635ce' (2024-11-02)
  → 'github:nix-community/nixvim/aabbd60633947baba11db44df84f402edc241440' (2024-11-07)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/af8a16fe5c264f5e9e18bcee2859b40a656876cf' (2024-10-30)
  → 'github:cachix/git-hooks.nix/d70155fdc00df4628446352fc58adc640cd705c2' (2024-11-05)
• Updated input 'nixvim/nix-darwin':
    'github:lnl7/nix-darwin/683d0c4cd1102dcccfa3f835565378c7f3cbe05e' (2024-11-01)
  → 'github:lnl7/nix-darwin/0e3f3f017c14467085f15d42343a3aaaacd89bcb' (2024-11-05)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/9e22bd742480916ff5d0ab20ca2522eaa3fa061e' (2024-11-02)
  → 'github:NuschtOS/search/aa5214c81b904a19f7a54f7a8f288f7902586eee' (2024-11-04)
• Updated input 'nixvim/nuschtosSearch/ixx':
    'github:NuschtOS/ixx/65c207c92befec93e22086da9456d3906a4e999c' (2024-10-21)
  → 'github:NuschtOS/ixx/9fd01aad037f345350eab2cd45e1946cc66da4eb' (2024-10-26)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/e9b5eef9b51cdf966c76143e13a9476725b2f760' (2024-11-03)
  → 'github:Mic92/sops-nix/60e1bce1999f126e3b16ef45f89f72f0c3f8d16f' (2024-11-08)
• Updated input 'stylix':
    'github:danth/stylix/04afcfc0684d9bbb24bb1dc77afda7c1843ec93b' (2024-10-26)
  → 'github:danth/stylix/6863412636c8f2cb3b7360f747fbd020fbfddf68' (2024-11-08)
• Updated input 'stylix/tinted-foot':
    'github:tinted-theming/tinted-foot/eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce' (2023-10-08)
  → 'github:tinted-theming/tinted-foot/fd1b924b6c45c3e4465e8a849e67ea82933fcbe4' (2024-09-21)
2024-11-09 04:20:11 +01:00
301a211624
restic,florp: add backup 2024-11-08 18:54:35 +01:00
2388e80dd9
florp.social: add dedicated host 2024-11-08 13:51:19 +01:00
10 changed files with 149 additions and 20 deletions

View file

@ -59,3 +59,9 @@ creation_rules:
- *emily
age:
- *florp
- path_regex: secrets/restic/zh3485s1.yaml
key_groups:
- pgp:
- *emily
age:
- *florp

View file

@ -12,6 +12,15 @@
domain = lib.mkForce "social";
};
kyouma.nginx.defaultForbidden = "florp.social";
kyouma.restic = {
enable = true;
remoteUser = "zh3485s1";
paths = [
"/var/lib/akkoma"
"/var/lib/postgresql"
];
};
systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::171/128"
@ -19,7 +28,7 @@
};
services.postgresql.settings = {
max_connections = 30;
max_connections = 128;
shared_buffers = "4GB";
effective_cache_size = "12GB";
maintenance_work_mem = "1GB";

View file

@ -1,5 +1,6 @@
{ lib, inputs, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./configuration.nix
];

View file

@ -11,6 +11,13 @@
extraPackages = with pkgs; [ exiftool ffmpeg-headless imagemagick ];
extraStatic."emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;
extraStatic."emoji/florp" = pkgs.runCommandNoCC "florp" {
src = inputs.florp-branding.packages.${config.nixpkgs.hostPlatform.system}.favicon;
} ''
mkdir $out
cp $src $out/florp.png
'';
extraStatic."static/styles.json" = pkgs.writeText "styles.json" (builtins.toJSON (
builtins.fromJSON (builtins.readFile "${pkgs.akkoma-fe-domi}/static/styles.json") // {
elly-mod = "/static/themes/elly-mod.json";
@ -185,6 +192,7 @@
":frontend_configurations" = {
pleroma_fe = mkMapOfPredefinedKeys {
background = "/images/sylvia-ritter-15012323.avif";
nsfwCensorImage = "/static/blurhash-overlay.png";
collapseMessageWithSubject = true;
streaming = true;
webPushNotifications = true;
@ -234,11 +242,12 @@
services.nginx = {
clientMaxBodySize = "256m";
commonHttpConfig = ''
proxy_cache_path /var/cache/nginx/akkoma-media-cache
levels= keys_zone=akkoma_media_cache:32m max_size=32g
inactive=1y use_temp_path=off;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/err.log warn;
access_log off;
proxy_cache_path /var/cache/nginx/akkoma-media-cache
levels= keys_zone=akkoma_media_cache:32m max_size=64g
inactive=1y use_temp_path=off;
'';
};
kyouma.nginx.virtualHosts = let

View file

@ -156,11 +156,11 @@
]
},
"locked": {
"lastModified": 1731026109,
"narHash": "sha256-X1/F4qNzKuhnWwO32b774nPVLnNLnJILyT61zsjk3FA=",
"lastModified": 1731060864,
"narHash": "sha256-aYE7oAYZ+gPU1mPNhM0JwLAQNgjf0/JK1BF1ln2KBgk=",
"owner": "nix-community",
"repo": "disko",
"rev": "f3f8254fccc321f4cac0d716f73203bfd5e02477",
"rev": "5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f",
"type": "github"
},
"original": {
@ -1038,11 +1038,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1731008979,
"narHash": "sha256-yN1NxvmqV8UltLkqYBWTeZNgpD/eyh/7LM58caHiEfE=",
"lastModified": 1731047660,
"narHash": "sha256-iyp51lPWEQz4c5VH9bVbAuBcFP4crETU2QJYh5V0NYA=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "fe63071416471abdab06caa234122932a7c4b980",
"rev": "60e1bce1999f126e3b16ef45f89f72f0c3f8d16f",
"type": "github"
},
"original": {
@ -1072,11 +1072,11 @@
"tinted-tmux": "tinted-tmux"
},
"locked": {
"lastModified": 1731002033,
"narHash": "sha256-uGjTjvvlGQfQ0yypVP+at0NizI2nrb6kz4wGAqzRGbY=",
"lastModified": 1731090365,
"narHash": "sha256-ti3gXhgVpIUL/7w6zDJuH+hOnyTZqxrIX/yYqALmiEI=",
"owner": "danth",
"repo": "stylix",
"rev": "f71c2effed1ce4f9fbeefe402e4e431428ffe93a",
"rev": "6863412636c8f2cb3b7360f747fbd020fbfddf68",
"type": "github"
},
"original": {
@ -1148,16 +1148,17 @@
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1696725948,
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},

View file

@ -0,0 +1,65 @@
{ config, lib, pkgs, ... }: let
cfg = config.kyouma.restic;
in {
options.kyouma.restic = let
inherit (lib) mkOption types;
in {
enable = lib.mkEnableOption "Enable restic backup";
paths = mkOption {
description = "paths to backup";
type = with types; listOf path;
default = [];
};
pruneOpts = mkOption {
description = "paths to backup";
type = with types; listOf str;
default = [
"--keep-hourly 24"
"--keep-daily 14"
"--keep-weekly 8"
"--keep-monthly 12"
];
};
remote = mkOption {
description = "restic remote to use";
type = types.nonEmptyStr;
default = "zh3485.rsync.net";
};
remoteUser = mkOption {
description = "remote ssh user";
type = types.nonEmptyStr;
default = "";
};
user = mkOption {
description = "user who runs the backup job";
type = types.nonEmptyStr;
default = "root";
};
repo = mkOption {
description = "restic repo";
type = types.nonEmptyStr;
default = "${config.networking.hostName}-backup";
};
};
config = lib.mkIf cfg.enable {
sops.secrets."restic/${cfg.remoteUser}/password" = {
sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml;
};
sops.secrets."restic/${cfg.remoteUser}/id_ed25519" = {
sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml;
};
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
inherit (cfg) paths user pruneOpts;
initialize = true;
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
extraOptions = let
knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub);
sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path;
in [
"sftp.command='ssh ${cfg.remoteUser}@${cfg.remote} -i ${sshKey} -o UserKnownHostsFile=${knownHost} -s sftp'"
];
};
};
}

View file

@ -0,0 +1 @@
zh3485.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd

View file

@ -27,7 +27,8 @@ in {
substituteInPlace src/modules/config.js \
--replace-fail "streaming: false" "streaming: true" \
--replace-fail "useStreamingApi: false" "useStreamingApi: true" \
--replace-fail "webPushNotifications: false" "webPushNotifications: true"
--replace-fail "webPushNotifications: false" "webPushNotifications: true" \
--replace-fail "postLanguage: undefined" 'postLanguage: "en"'
substituteInPlace src/i18n/en.json \
--replace-fail "meow" "florp" \

View file

@ -6,7 +6,6 @@ BRANCH="update-inputs-$(date +%Y-%m-%d-%H-%M)"
HYDRA_URL="https://hydra.kyouma.net"
JOBSET_URL="${HYDRA_URL}/jobset/nixfiles/update-inputs"
ROOT="$(mktemp -d)"
START_TIME="$(date +%s)"
gitin () {
git -C "${ROOT}/nixfiles" "$@"
@ -24,6 +23,8 @@ merge_theirs () {
test_build () {
local last_error
local build_jobs
local start_time
start_time="$(date +%s)"
build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")"
for build in ${build_jobs}; do
@ -44,7 +45,7 @@ test_build () {
done
last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")"
[[ $last_error -gt $START_TIME ]] &&
[[ $last_error -gt $start_time ]] &&
echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="@${last_error}")" &&
exit 1
}

View file

@ -0,0 +1,35 @@
restic:
zh3485s1:
password: ENC[AES256_GCM,data:lDDSSqUH3pewpMA+6SNwGwRz95MBjeaD6I3RWUQNBFXsw/W9RoIY85AcRXxCl7CW,iv:NFF6uCs2FolMe9cgPkoAFmbWdXG2SuVRtoOyQXouEAU=,tag:UeC49xFwFkMh0Wi8p9reFw==,type:str]
id_ed25519: ENC[AES256_GCM,data:fe2CAKWSrEOvEPZgGhbigw+DEnDUGtTXEj7nuGaH5enMGDvd7QtRlDYLkM+g9zKrRJ46e2nM6btUZVqqx4rJiUbjJ5B/cBzb259CTxKGgHeMj/cYXPypamIEKFwUrloxzrgxH5JIOoUvj9Ny1P1UPIB//B5Z1Uunqmdqd2XoiAtDwZ/hvyuOfdFyUkKmOnCdF4pheMRXZ6Z51N4f09OIwuZ/xC4LQYAVB2lyycOgrvefPA5YYabMd23yEXn6v/BiP1TWbSInTHvz6Rii2WYqYO3ORCfi1pvWe15kSrTsT9zYRzLvZi5TD+4FMhLmIttZB2OXK7X+h6cHtej7X+v6HKhMKHNJhukRUP7DpcZ0+ArBEdw2j+H7C4q8NdR9rk4we7WpdQlY7tGpJvEzSis+P/Jph/tkzx6xXpKiOeOAXgQUS41qcAy7gmZj7CdsulerUHcfDy4a0y1OEuDmoYW420cGGYOCB9BlvYQbaDhyv5AMSL8sMZfm7mX5qXliE7ZQc20ggKoY2MKH6RjnT8pQhMBWo/NW13PPBDIL,iv:1+aopW183ir5XHMKcDons24A/E61mLuyJGrQTRpPXdE=,tag:s1w+HZdktM0H9FUrz097Cw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeWpKYktzVE1tMkpGU1c5
akZZdlBkeFQyUmUrOHZxTGE2V1FUVmV3cG5VCmZvTG1JTS9SUTk1aVl6TnBPQ1Fh
clRDTmQzQUJxWlYyV2dmVXNyTDJ2K0kKLS0tIHA3S0dsQzRxRWF4RFdSSzh1aXI5
ZFQvWFhZTndubkxaRVh3YXl0V25ZcUEK0/wV9i01kRkphrseSBqAL9f8tUlUtJDO
PUZL2Em/QjNEnXJaxxR612ONA94ptK9bsqzRJV5RtGqDwd+oAnr13Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-08T13:41:02Z"
mac: ENC[AES256_GCM,data:tMatUcv/jbvQ1URp6DrUyuiB9+rgCCdOxEVcM0NBiV5P9DGWE1hWytky4yPE9nFUOWLI7m4nTSEXHuT4yT3LkBd1Ndzhm5wQ0NEAVnZ6Sj7YOQI5CS1q95sviJBv57PBkaajHDNeSJX2hEQeR4qJFUR4fu0hIwadyzeunP/kfKE=,iv:gXRAg4cN43ocQMZm0lL8AnrbDtK+TKGchWpd/TYhnjA=,tag:+HqYuDWjoTdv+CWrJmuwxA==,type:str]
pgp:
- created_at: "2024-11-08T13:31:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdALVqRZ2qzjR86mEE/MHAR5H3gmIukchY/NSvGg1Ggfmsw
uZhnl5puGOO579ItHXbk+BYwBS2koL7jyhnX8E9zmM3d3SZHwzx0mk79fr2jLFj6
0l4BLrhhcpUtzfje4/SeTgWFRIA68ON/PUTmW2Lgclh9OpQfbbousFS/JMvvdHaT
/3uJEww5MKMPlqWqK7w7z6iwIITRKH0vzQoIZ3hVcDKtKOJrJ/1bWcJorFsazxvT
=KZPf
-----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted
version: 3.9.1