Compare commits
1 commit
main
...
update-inp
| Author | SHA1 | Date | |
|---|---|---|---|
|
5b3bfb5fef |
55 changed files with 719 additions and 2884 deletions
26
.sops.yaml
26
.sops.yaml
|
|
@ -3,8 +3,6 @@ keys:
|
|||
- &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
|
||||
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
|
||||
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
|
||||
- &florp age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
|
||||
- &crime age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
|
||||
creation_rules:
|
||||
- path_regex: secrets/services/dns-knot.yaml
|
||||
key_groups:
|
||||
|
|
@ -48,27 +46,3 @@ creation_rules:
|
|||
- *emily
|
||||
age:
|
||||
- *girldick
|
||||
- path_regex: secrets/hosts/seras.yaml
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *emily
|
||||
age:
|
||||
- *seras
|
||||
- path_regex: secrets/services/akkoma.yaml
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *emily
|
||||
age:
|
||||
- *florp
|
||||
- path_regex: secrets/restic/zh3485s1.yaml
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *emily
|
||||
age:
|
||||
- *florp
|
||||
- path_regex: secrets/restic/zh3485s2.yaml
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *emily
|
||||
age:
|
||||
- *crime
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
{ config, inputs, lib, pkgs, ... }: let
|
||||
inherit (lib) mkDefault;
|
||||
in {
|
||||
{ config, inputs, lib, pkgs, ... }:
|
||||
|
||||
with lib; {
|
||||
imports = [
|
||||
./kernel.nix
|
||||
./networking.nix
|
||||
./openssh.nix
|
||||
./users.nix
|
||||
./users
|
||||
../../modules
|
||||
inputs.lix-module.nixosModules.default
|
||||
];
|
||||
|
|
@ -23,7 +23,6 @@ in {
|
|||
man-pages-posix
|
||||
unzip
|
||||
zip
|
||||
fd
|
||||
figlet
|
||||
];
|
||||
programs = {
|
||||
|
|
@ -55,7 +54,6 @@ in {
|
|||
'';
|
||||
users.motdFile = "/var/lib/deployment/motd";
|
||||
|
||||
nix.package = pkgs.lix.override { enableGC = true; };
|
||||
nix.gc.automatic = true;
|
||||
nix.gc.options = "--delete-older-than 7d";
|
||||
nix.optimise.automatic = true;
|
||||
|
|
@ -106,6 +104,6 @@ in {
|
|||
|
||||
services.fprintd.enable = config.kyouma.machine-type.graphical;
|
||||
|
||||
system.stateVersion = mkDefault "23.11";
|
||||
system.stateVersion = "23.11";
|
||||
time.timeZone = mkDefault "CET";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ in {
|
|||
];
|
||||
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
PermitRootLogin = "prohibit-password";
|
||||
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
{ ... }: {
|
||||
imports = [
|
||||
../users/emily
|
||||
./emily
|
||||
];
|
||||
}
|
||||
|
|
@ -37,9 +37,6 @@
|
|||
pavucontrol
|
||||
signal-desktop
|
||||
element-desktop
|
||||
firefox
|
||||
# currently broken
|
||||
#inputs.firefox.packages.${pkgs.system}.firefox
|
||||
|
||||
nixfmt-classic
|
||||
wl-clipboard
|
||||
|
|
@ -65,7 +62,7 @@
|
|||
|
||||
programs.eza = {
|
||||
enable = true;
|
||||
icons = "auto";
|
||||
icons = true;
|
||||
git = true;
|
||||
extraOptions = [
|
||||
"--color-scale=all"
|
||||
|
|
@ -52,7 +52,7 @@
|
|||
|
||||
programs.eza = {
|
||||
enable = true;
|
||||
icons = "auto";
|
||||
icons = true;
|
||||
git = true;
|
||||
extraOptions = [
|
||||
"--color-scale=all"
|
||||
|
|
|
|||
|
|
@ -1,31 +1,31 @@
|
|||
{ inputs, ... }: {
|
||||
{ ... }: {
|
||||
imports = [
|
||||
../../common
|
||||
../../users/lucy
|
||||
../../profiles/headless.nix
|
||||
../../profiles/kartoffel.nix
|
||||
../../profiles/lxc.nix
|
||||
../../services/arrs
|
||||
../../services/jellyfin.nix
|
||||
../../services/nginx.nix
|
||||
inputs.oth.nixosModules.default
|
||||
./nginx.nix
|
||||
];
|
||||
networking.hostName = "crime";
|
||||
networking = {
|
||||
hostName = "crime";
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
firewall.allowedUDPPorts = [ 443 ];
|
||||
};
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
address = [
|
||||
"2a0f:be01:0:100::b00b:a/128"
|
||||
"2a0f:be01:0:100::1337/128"
|
||||
"2a0f:be01:0:100::1338/128"
|
||||
];
|
||||
};
|
||||
kyouma.nginx.defaultForbidden = "fentanyl.trade";
|
||||
kyouma.restic = {
|
||||
enable = true;
|
||||
remoteUser = "zh3485s2";
|
||||
paths = [
|
||||
"/var/lib/jellyfin"
|
||||
"/var/lib/radarr"
|
||||
"/var/lib/sonarr"
|
||||
"/var/lib/private/prowlarr"
|
||||
"/home"
|
||||
];
|
||||
|
||||
security.acme.certs = {
|
||||
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
|
||||
"crime.kyouma.net" = {};
|
||||
};
|
||||
|
||||
services.jellyfin.enable = true;
|
||||
services.sonarr.enable = true;
|
||||
services.radarr.enable = true;
|
||||
services.prowlarr.enable = true;
|
||||
}
|
||||
|
|
|
|||
114
config/hosts/crime/nginx.nix
Normal file
114
config/hosts/crime/nginx.nix
Normal file
|
|
@ -0,0 +1,114 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
landingPage = pkgs.writeTextDir "index.html" ''
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>crime.kyouma.net</title>
|
||||
<style>
|
||||
body {
|
||||
width: 35em;
|
||||
margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome to crime.kyouma.net!</h1>
|
||||
<p>If you see this page, the nginx web server is successfully installed and
|
||||
working. Further configuration is required.</p>
|
||||
|
||||
<p>Sonarr
|
||||
<a href="https://crime.kyouma.net/sonarr">crime.kyouma.net/sonarr</a><br/>
|
||||
Radarr
|
||||
<a href="https://crime.kyouma.net/radarr">crime.kyouma.net/radarr</a><br/>
|
||||
Prowlarr
|
||||
<a href="https://crime.kyouma.net/prowlarr">crime.kyouma.net/prowlarr</a></p>
|
||||
|
||||
<p><em>Thank you for using nginx.</em></p>
|
||||
</body>
|
||||
</html>
|
||||
'';
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security $hsts_header;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header Referrer-Policy "same-origin" always;
|
||||
'';
|
||||
proxyConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
'';
|
||||
jellyAddr = "[::1]";
|
||||
jellyWeb = {
|
||||
forceSSL = true;
|
||||
#http3 = true;
|
||||
#quic = true;
|
||||
inherit extraConfig;
|
||||
|
||||
locations = {
|
||||
"= /".return = "302 https://$host/web/";
|
||||
"/" = {
|
||||
proxyPass = "http://${jellyAddr}:8096";
|
||||
extraConfig = ''
|
||||
${proxyConfig}
|
||||
proxy_buffering on;
|
||||
'';
|
||||
};
|
||||
"= /web/" = {
|
||||
proxyPass = "http://${jellyAddr}:8096/web/index.html";
|
||||
extraConfig = proxyConfig;
|
||||
};
|
||||
"/socket" = {
|
||||
proxyPass = "http://${jellyAddr}:8096";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = proxyConfig;
|
||||
};
|
||||
};
|
||||
};
|
||||
in {
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"fentanyl.trade" = jellyWeb // {
|
||||
enableACME = true;
|
||||
};
|
||||
"frotti.ng" = jellyWeb // {
|
||||
useACMEHost = "fentanyl.trade";
|
||||
};
|
||||
};
|
||||
};
|
||||
kyouma.nginx.virtualHosts = {
|
||||
"watch.kyouma.net" = { redirectTo = "fentanyl.trade"; };
|
||||
"redirect" = {
|
||||
default = true;
|
||||
reuseport = true;
|
||||
useACMEHost = "fentanyl.trade";
|
||||
extraConfig = ''
|
||||
return 403;
|
||||
'';
|
||||
};
|
||||
"crime.kyouma.net" = {
|
||||
listenAddresses = [ "[2a0f:be01:0:100::1338]" ];
|
||||
locations = {
|
||||
"/".root = landingPage;
|
||||
"/sonarr/" = {
|
||||
proxyPass = "http://127.0.0.1:8989";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
"/radarr/" = {
|
||||
proxyPass = "http://127.0.0.1:7878";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
"/prowlarr/" = {
|
||||
proxyPass = "http://127.0.0.1:9696";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -7,7 +7,6 @@
|
|||
../../services/nginx.nix
|
||||
../../services/uptime-kuma.nix
|
||||
../../services/vaultwarden.nix
|
||||
../../services/librespeed.nix
|
||||
./disko.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
|
@ -17,8 +16,10 @@
|
|||
kyouma.machine-type.physical = true;
|
||||
kyouma.nginx.defaultForbidden = "uptime.kyouma.net";
|
||||
|
||||
networking.hostName = "emilia";
|
||||
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
hostName = "emilia";
|
||||
};
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
matchConfig.MACAddress = "04:d4:c4:39:73:f6";
|
||||
addresses = [
|
||||
|
|
|
|||
|
|
@ -62,7 +62,6 @@
|
|||
};
|
||||
};
|
||||
root = {
|
||||
type = "8300";
|
||||
size = "100%";
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,68 +0,0 @@
|
|||
{ lib, config, pkgs, ... }: {
|
||||
imports = [
|
||||
../../common
|
||||
../../profiles/headless.nix
|
||||
../../profiles/kartoffel.nix
|
||||
../../profiles/lxc.nix
|
||||
../../services/akkoma
|
||||
../../services/nginx.nix
|
||||
];
|
||||
networking = {
|
||||
hostName = "florp";
|
||||
domain = lib.mkForce "social";
|
||||
};
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
address = [
|
||||
"2a0f:be01:0:100::171/128"
|
||||
];
|
||||
};
|
||||
|
||||
kyouma.nginx.defaultForbidden = "florp.social";
|
||||
kyouma.restic = let
|
||||
pgBackup = "/var/cache/postgresql.sql";
|
||||
in {
|
||||
enable = true;
|
||||
remoteUser = "zh3485s1";
|
||||
timerConfig = {
|
||||
OnCalendar = "hourly";
|
||||
Persistent = true;
|
||||
};
|
||||
paths = [
|
||||
"/var/lib/akkoma"
|
||||
"/var/lib/secrets"
|
||||
pgBackup
|
||||
];
|
||||
|
||||
backupPrepareCommand = ''
|
||||
umask 0077
|
||||
rm -f -- ${pgBackup}
|
||||
${pkgs.su}/bin/su -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \
|
||||
${config.services.postgresql.superUser} >${pgBackup}
|
||||
'';
|
||||
|
||||
backupCleanupCommand = ''
|
||||
rm -f -- ${pgBackup}
|
||||
'';
|
||||
};
|
||||
|
||||
services.postgresql.settings = {
|
||||
max_connections = 128;
|
||||
shared_buffers = "4GB";
|
||||
effective_cache_size = "12GB";
|
||||
maintenance_work_mem = "1GB";
|
||||
checkpoint_completion_target = 0.9;
|
||||
wal_buffers = "16MB";
|
||||
default_statistics_target = 100;
|
||||
random_page_cost = 1.1;
|
||||
effective_io_concurrency = 200;
|
||||
work_mem = "34952kB";
|
||||
huge_pages = "try";
|
||||
min_wal_size = "2GB";
|
||||
max_wal_size = "8GB";
|
||||
max_worker_processes = 16;
|
||||
max_parallel_workers_per_gather = 4;
|
||||
max_parallel_workers = 16;
|
||||
max_parallel_maintenance_workers = 4;
|
||||
};
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
|
@ -11,6 +11,7 @@
|
|||
domain = lib.mkForce "girldick.gay";
|
||||
hostName = "staging";
|
||||
nftables.enable = lib.mkForce false;
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
address = [
|
||||
|
|
|
|||
|
|
@ -18,11 +18,6 @@
|
|||
|
||||
nix.sshServe.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOWlYhnummuWZbq3+d0x5A67YvlPvtl7/1Dk4RtNlzf christina@cafkafk.com"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu"
|
||||
];
|
||||
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
{ lib, inputs, ... }: {
|
||||
imports = [
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
|
||||
./configuration.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
{ pkgs, ... }: {
|
||||
{ ... }: {
|
||||
imports = [
|
||||
../../common
|
||||
../../users/nil
|
||||
../../profiles/builder.nix
|
||||
../../profiles/headless.nix
|
||||
../../profiles/kartoffel.nix
|
||||
|
|
@ -9,36 +8,20 @@
|
|||
../../services/nginx.nix
|
||||
../../services/hydra
|
||||
../../services/update-nixfiles.nix
|
||||
../../services/librespeed.nix
|
||||
];
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
|
||||
networking.hostName = "seras";
|
||||
networking = {
|
||||
hostName = "seras";
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
address = [
|
||||
"2a0f:be01:0:100::169/128"
|
||||
];
|
||||
};
|
||||
|
||||
services.postgresql.settings = {
|
||||
max_connections = 200;
|
||||
shared_buffers = "24GB";
|
||||
effective_cache_size = "72GB";
|
||||
maintenance_work_mem = "2GB";
|
||||
checkpoint_completion_target = 0.9;
|
||||
wal_buffers = "16MB";
|
||||
default_statistics_target = 100;
|
||||
random_page_cost = 1.1;
|
||||
effective_io_concurrency = 200;
|
||||
work_mem = "31457kB";
|
||||
huge_pages = "try";
|
||||
min_wal_size = "1GB";
|
||||
max_wal_size = "4GB";
|
||||
max_worker_processes = 32;
|
||||
max_parallel_workers_per_gather = 4;
|
||||
max_parallel_workers = 32;
|
||||
max_parallel_maintenance_workers = 4;
|
||||
};
|
||||
|
||||
kyouma.ooklaserver = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
|
|
|
|||
|
|
@ -11,7 +11,8 @@
|
|||
networking = {
|
||||
hostName = "web-dus";
|
||||
nftables.enable = lib.mkForce false;
|
||||
firewall.allowedTCPPorts = [ 11019 ];
|
||||
firewall.allowedTCPPorts = [ 80 443 11019 ];
|
||||
firewall.allowedUDPPorts = [ 443 ];
|
||||
};
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
address = [
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
{ lib, pkgs, ... }: {
|
||||
kyouma.deployment.auto-upgrade.cache = "daemon";
|
||||
nix.gc.options = lib.mkForce "--delete-older-than 30d";
|
||||
nix.settings = {
|
||||
trusted-users = [ "nix-ssh" ];
|
||||
#system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ lib.optionals pkgs.hostPlatform.isx86_64 [ "gccarch-x86-64-v3" ];
|
||||
|
|
@ -7,7 +8,7 @@
|
|||
nix.extraOptions = ''
|
||||
min-free = ${builtins.toString (16384 * 1024 * 1024)}
|
||||
max-free = ${builtins.toString (32768 * 1024 * 1024)}
|
||||
max-substitution-jobs = 30
|
||||
max-substitution-jobs = 20
|
||||
max-silent-time = 14400
|
||||
'';
|
||||
nix.sshServe = {
|
||||
|
|
|
|||
|
|
@ -1,342 +0,0 @@
|
|||
{ config, inputs, lib, pkgs, ... }: {
|
||||
imports = [
|
||||
inputs.florp-moderation.nixosModules.default
|
||||
# Moderated instances. See https://woof.rip/florp/moderation for more information.
|
||||
inputs.florp-moderation.nixosModules.florp
|
||||
];
|
||||
sops.secrets."services/akkoma/mailerPassword" = {
|
||||
sopsFile = ../../../secrets/services/akkoma.yaml;
|
||||
};
|
||||
sops.secrets."services/akkoma/deepl" = {
|
||||
sopsFile = ../../../secrets/services/akkoma.yaml;
|
||||
};
|
||||
|
||||
services.akkoma = {
|
||||
enable = true;
|
||||
extraPackages = let
|
||||
imagemagick = pkgs.imagemagick.override {
|
||||
libheif = pkgs.libheif.overrideAttrs (prevAttrs: {
|
||||
buildInputs = prevAttrs.buildInputs or [ ] ++ [ pkgs.svt-av1 ];
|
||||
cmakeFlags = prevAttrs.cmakeFlags or [ ] ++ [ "-DWITH_SvtEnc=ON" ];
|
||||
});
|
||||
};
|
||||
in with pkgs; [ exiftool ffmpeg-headless imagemagick ];
|
||||
|
||||
extraStatic = let
|
||||
actualFetchzip =
|
||||
{
|
||||
url,
|
||||
hash
|
||||
}: pkgs.runCommandNoCC "${lib.last (lib.splitString "/" url)}" {
|
||||
src = pkgs.fetchurl {
|
||||
inherit url hash;
|
||||
};
|
||||
} ''
|
||||
${lib.getExe pkgs.unzip} $src -d $out
|
||||
for f in $out/*_256.png; do
|
||||
mv -- "$f" "''${f/_256}"
|
||||
done
|
||||
'';
|
||||
in {
|
||||
"emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;
|
||||
|
||||
"emoji/custom" = pkgs.runCommandNoCC "florp" {
|
||||
src = inputs.florp-branding.packages.${config.nixpkgs.hostPlatform.system}.favicon;
|
||||
} ''
|
||||
mkdir $out
|
||||
cp $src $out/florp.png
|
||||
'';
|
||||
|
||||
"emoji/neodog" = actualFetchzip {
|
||||
url = "https://git.gay/moonrabbits/neodog/raw/commit/6f9eb283b6dcbe507fde1110abab267cb2d73b70/neodog.zip";
|
||||
hash = "sha256-ISyzpRyjHf+4jKrOtHHqH0Qn7CQu5RQSLH/HL/YSdT4=";
|
||||
};
|
||||
|
||||
"emoji/neocat" = actualFetchzip {
|
||||
url = "https://volpeon.ink/emojis/neocat/neocat.zip";
|
||||
hash = "sha256-DZDuk0Djlax504flNWdpqAw+ROLOOVGj0ZvJLyouo7A=";
|
||||
};
|
||||
|
||||
"emoji/neofox" = actualFetchzip {
|
||||
url = "https://volpeon.ink/emojis/neofox/neofox.zip";
|
||||
hash = "sha256-rZUPA7ZvrO8q/lx8XK3IxJ1URLgq0PSh752eWzG+uos=";
|
||||
};
|
||||
|
||||
"emoji/blobhaj" = actualFetchzip {
|
||||
url = "https://web.archive.org/web/20240829143703/https://heatherhorns.com/wp-content/uploads/2022/12/Blobhaj-12-13-2022.zip";
|
||||
hash = "sha256-5l8ozTivCSOomPq+zDD4FWhK5mA/H2qkGs8beuDnp9s=";
|
||||
};
|
||||
|
||||
"static/styles.json" = pkgs.writeText "styles.json" (builtins.toJSON (
|
||||
builtins.fromJSON (builtins.readFile "${pkgs.akkoma-fe-domi}/static/styles.json") // {
|
||||
elly-mod = "/static/themes/elly-mod.json";
|
||||
}
|
||||
));
|
||||
|
||||
"static/themes/elly-mod.json" = pkgs.writeText "elly-mod.json" (builtins.readFile ./elly-mod.json);
|
||||
|
||||
"static/custom.css" = pkgs.writeText "custom.css" ''
|
||||
.tos-content img, .terms-of-service img {
|
||||
max-width: 100%;
|
||||
}
|
||||
'';
|
||||
|
||||
"static/terms-of-service.html" = inputs.florp-about.packages.${pkgs.system}.default;
|
||||
"images/sylvia-ritter-15012323.avif" = inputs.florp-branding.packages.${pkgs.system}.wallpaper;
|
||||
"images/florp_banner.avif" = inputs.florp-branding.packages.${pkgs.system}.banner;
|
||||
"favicon.png" = inputs.florp-branding.packages.${pkgs.system}.favicon;
|
||||
};
|
||||
|
||||
frontends = {
|
||||
primary = {
|
||||
package = pkgs.akkoma-fe-domi;
|
||||
name = "akkoma-fe";
|
||||
ref = "5f0339ce00";
|
||||
};
|
||||
admin = {
|
||||
package = pkgs.akkoma-admin-fe;
|
||||
name = "admin-fe";
|
||||
ref = "stable";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.akkoma.config = let
|
||||
inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkAtom;
|
||||
|
||||
mkMapOfPredefinedKeys = set: let
|
||||
string = value: "\"${(lib.escape [ "\\" "#" "\"" ]) value}\"";
|
||||
|
||||
toElixir = value:
|
||||
if value == null then "nil" else
|
||||
if lib.isString value then string value else
|
||||
if builtins.isBool value then lib.boolToString value else
|
||||
if lib.isInt value || lib.isFloat value then toString value else
|
||||
abort "Not a elixir value ${value}";
|
||||
|
||||
entries = attrs: lib.concatStringsSep ", " (lib.mapAttrsToList (name: value:
|
||||
"${toElixir name}: ${toElixir value}"
|
||||
) attrs);
|
||||
in mkRaw "%{${entries set}}";
|
||||
|
||||
in {
|
||||
":pleroma" = {
|
||||
":instance" = {
|
||||
name = "florp.social";
|
||||
email = "contact@florp.social";
|
||||
notify_email = "noreply@florp.social";
|
||||
description = "Likes are now florps. The timeline goes sideways.";
|
||||
instance_thumbnail = "/instance/thumbnail.avif";
|
||||
limit = 69420;
|
||||
description_limit = 69420;
|
||||
remote_limit = 131072;
|
||||
upload_limit = 256 * 1024 * 1024;
|
||||
avatar_upload_limit = 4 * 1024 * 1024;
|
||||
background_upload_limit = 8 * 1024 * 1024;
|
||||
banner_upload_limit = 8 * 1024 * 1024;
|
||||
registrations_open = true;
|
||||
registration_reason_length = 2048;
|
||||
account_approval_required = true;
|
||||
account_activation_required = true;
|
||||
federating = true;
|
||||
federation_incoming_replies_max_depth = 1024;
|
||||
federation_reachability_timeout_days = 14;
|
||||
allow_relay = true;
|
||||
max_pinned_statuses = 10;
|
||||
max_report_comment_size = 2048;
|
||||
safe_dm_mentions = true;
|
||||
remote_post_retention_days = 365;
|
||||
user_bio_length = 8192;
|
||||
user_name_length = 64;
|
||||
cleanup_attachments = true;
|
||||
local_bubble = [
|
||||
"solitary.social"
|
||||
"donotsta.re"
|
||||
"chaos.social"
|
||||
];
|
||||
};
|
||||
|
||||
":emoji".groups = {
|
||||
blobs = "/emoji/blobs.gg/*.png";
|
||||
blobhaj = "/emoji/blobhaj/512w/*.png";
|
||||
neodog = "/emoji/neodog/*.png";
|
||||
neocat = [
|
||||
"/emoji/neocat/*.png"
|
||||
"/emoji/neodog/additional_neocat/*.png"
|
||||
];
|
||||
neofox = [
|
||||
"/emoji/neofox/*.png"
|
||||
"/emoji/neodog/additional_neofox/*.png"
|
||||
];
|
||||
Custom = "/emoji/custom/*.png";
|
||||
};
|
||||
|
||||
"Pleroma.Captcha".method = mkRaw "Pleroma.Captcha.Kocaptcha";
|
||||
|
||||
"Pleroma.Web.Endpoint".url.host = "florp.social";
|
||||
|
||||
"Pleroma.Web.Metadata.Providers.Theme".theme_color = "#070F1C";
|
||||
|
||||
"Pleroma.Emails.Mailer" = {
|
||||
enabled = true;
|
||||
adapter = mkRaw "Swoosh.Adapters.SMTP";
|
||||
relay = "mail.kyouma.net";
|
||||
username = "noreply@florp.social";
|
||||
password._secret = config.sops.secrets."services/akkoma/mailerPassword".path;
|
||||
port = 465;
|
||||
ssl = true;
|
||||
auth = mkRaw ":always";
|
||||
};
|
||||
|
||||
":database".rum_enabled = true;
|
||||
|
||||
":media_proxy" = {
|
||||
enabled = true;
|
||||
base_url = "https://cache.florp.social";
|
||||
proxy_opts.redirect_on_failure = true;
|
||||
proxy_opts.max_body_length = 64 * 1024 * 1024;
|
||||
};
|
||||
|
||||
":media_preview_proxy" = {
|
||||
enabled = true;
|
||||
thumbnail_max_width = 1920;
|
||||
thumbnail_max_height = 1080;
|
||||
min_content_length = 128 * 1024;
|
||||
};
|
||||
|
||||
"Pleroma.Upload".base_url = "https://media.florp.social";
|
||||
|
||||
"Pleroma.Upload".filters = map mkRaw [
|
||||
"Pleroma.Upload.Filter.Exiftool.ReadDescription"
|
||||
"Pleroma.Upload.Filter.Exiftool.StripMetadata"
|
||||
"Pleroma.Upload.Filter.Dedupe"
|
||||
"Pleroma.Upload.Filter.AnonymizeFilename"
|
||||
];
|
||||
|
||||
":mrf".policies = map mkRaw [
|
||||
"Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy"
|
||||
];
|
||||
|
||||
":mrf_object_age".threshold = 180 * 24 * 3600;
|
||||
|
||||
":frontend_configurations" = {
|
||||
pleroma_fe = mkMapOfPredefinedKeys {
|
||||
background = "/images/sylvia-ritter-15012323.avif";
|
||||
nsfwCensorImage = "/static/blurhash-overlay.png";
|
||||
collapseMessageWithSubject = true;
|
||||
streaming = true;
|
||||
webPushNotifications = true;
|
||||
useStreamingApi = true;
|
||||
scopeCopy = true;
|
||||
subjectLineBehavior = "masto";
|
||||
alwaysShowSubjectInput = true;
|
||||
postContentType = "text/markdown";
|
||||
modalOnRepeat = true;
|
||||
minimalScopesMode = true;
|
||||
redirectRootNoLogin = "/about";
|
||||
translationLanguage = "en";
|
||||
theme = "elly-mod";
|
||||
};
|
||||
};
|
||||
|
||||
":restrict_unauthenticated" = {
|
||||
timelines = mkMapOfPredefinedKeys {
|
||||
local = false;
|
||||
federated = false;
|
||||
bubble = true;
|
||||
};
|
||||
};
|
||||
|
||||
":translator" = {
|
||||
enabled = true;
|
||||
module = mkRaw "Pleroma.Akkoma.Translators.DeepL";
|
||||
};
|
||||
|
||||
":deepl" = {
|
||||
tier = mkAtom ":free";
|
||||
api_key._secret = config.sops.secrets."services/akkoma/deepl".path;
|
||||
};
|
||||
};
|
||||
|
||||
":web_push_encryption".":vapid_details" = {
|
||||
subject = "mailto:contact@florp.social";
|
||||
};
|
||||
|
||||
":joken".":default_signer"._secret = "/var/lib/secrets/akkoma/jwt-signer";
|
||||
};
|
||||
services.postgresql.enable = true;
|
||||
services.postgresql.extraPlugins = [
|
||||
pkgs.postgresql16Packages.rum
|
||||
];
|
||||
services.nginx = {
|
||||
clientMaxBodySize = "256m";
|
||||
commonHttpConfig = ''
|
||||
access_log off;
|
||||
|
||||
proxy_cache_path /var/cache/nginx/akkoma-media-cache
|
||||
levels= keys_zone=akkoma_media_cache:64m max_size=64g
|
||||
inactive=1y use_temp_path=off;
|
||||
'';
|
||||
};
|
||||
kyouma.nginx.virtualHosts = let
|
||||
proxyCache = ''
|
||||
proxy_cache akkoma_media_cache;
|
||||
|
||||
# Cache objects in slices of 1 MiB
|
||||
slice 1m;
|
||||
proxy_cache_key $host$uri$is_args$args$slice_range;
|
||||
proxy_set_header Range $slice_range;
|
||||
|
||||
# Decouple proxy and upstream responses
|
||||
proxy_buffering on;
|
||||
proxy_cache_lock on;
|
||||
proxy_ignore_client_abort on;
|
||||
|
||||
# Default cache times for various responses
|
||||
proxy_cache_valid 200 1y;
|
||||
proxy_cache_valid 206 301 304 1h;
|
||||
|
||||
# Allow serving of stale items
|
||||
proxy_cache_use_stale error timeout invalid_header updating;
|
||||
'';
|
||||
in {
|
||||
"florp.social" = {
|
||||
serverAliases = map (x: "${x}.florp.social") [ "a" "b" "c" ];
|
||||
locations."/" = {
|
||||
proxyPass = "http://unix:/run/akkoma/socket";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."^/media(/.*)$".return = "308 https://media.florp.social$1";
|
||||
locations."^/proxy(/.*)$".return = "308 https://cache.florp.social$1";
|
||||
locations."= /api/v1/pleroma/admin/config" = {
|
||||
return = ''200 "\{\"error\":\"You must enable configurable_from_database in your config file.\"\}"'';
|
||||
extraConfig = ''
|
||||
types { } default_type "application/json; charset=utf-8";
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"media.florp.social" = {
|
||||
useACMEHost = "florp.social";
|
||||
locations."/" = {
|
||||
proxyPass = "http://unix:/run/akkoma/socket";
|
||||
extraConfig = ''
|
||||
rewrite ^(?!/media)(.*)$ /media$1;
|
||||
'' + proxyCache;
|
||||
};
|
||||
};
|
||||
|
||||
"cache.florp.social" = {
|
||||
useACMEHost = "florp.social";
|
||||
locations."/" = {
|
||||
proxyPass = "http://unix:/run/akkoma/socket";
|
||||
extraConfig = ''
|
||||
rewrite ^(?!/proxy)(.*)$ /proxy$1;
|
||||
'' + proxyCache;
|
||||
};
|
||||
};
|
||||
};
|
||||
security.acme.certs."florp.social".extraDomainNames = [
|
||||
"cache.florp.social"
|
||||
"media.florp.social"
|
||||
] ++ map (x: "${x}.florp.social") [ "a" "b" "c" ];
|
||||
}
|
||||
|
|
@ -1,529 +0,0 @@
|
|||
{
|
||||
"_pleroma_theme_version": 2,
|
||||
"name": "elly's theme (mod)",
|
||||
"theme": {
|
||||
"themeEngineVersion": 3,
|
||||
"shadows": {
|
||||
"panel": [
|
||||
{
|
||||
"color": "#000000",
|
||||
"x": "1",
|
||||
"y": "2",
|
||||
"blur": "6",
|
||||
"spread": 0,
|
||||
"alpha": 0.6
|
||||
}
|
||||
],
|
||||
"topBar": [
|
||||
{
|
||||
"x": 0,
|
||||
"y": 0,
|
||||
"blur": 4,
|
||||
"spread": 0,
|
||||
"color": "#000000",
|
||||
"alpha": 0.6
|
||||
}
|
||||
],
|
||||
"popup": [
|
||||
{
|
||||
"x": 2,
|
||||
"y": 2,
|
||||
"blur": 3,
|
||||
"spread": 0,
|
||||
"color": "#000000",
|
||||
"alpha": 0.5
|
||||
}
|
||||
],
|
||||
"avatar": [
|
||||
{
|
||||
"x": 0,
|
||||
"y": 1,
|
||||
"blur": 8,
|
||||
"spread": 0,
|
||||
"color": "#000000",
|
||||
"alpha": 0.7
|
||||
}
|
||||
],
|
||||
"avatarStatus": [],
|
||||
"panelHeader": [
|
||||
{
|
||||
"color": "#ffffff",
|
||||
"x": 0,
|
||||
"y": "40",
|
||||
"blur": "40",
|
||||
"spread": "-40",
|
||||
"inset": true,
|
||||
"alpha": "0.1"
|
||||
}
|
||||
],
|
||||
"button": [
|
||||
{
|
||||
"color": "#ffffff",
|
||||
"x": 0,
|
||||
"y": "0",
|
||||
"blur": "0",
|
||||
"spread": "1",
|
||||
"alpha": "0.15",
|
||||
"inset": true
|
||||
},
|
||||
{
|
||||
"color": "#000000",
|
||||
"x": "1",
|
||||
"y": "1",
|
||||
"blur": "1",
|
||||
"spread": 0,
|
||||
"alpha": "0.3",
|
||||
"inset": false
|
||||
}
|
||||
],
|
||||
"buttonHover": [
|
||||
{
|
||||
"color": "#318cbc",
|
||||
"x": 0,
|
||||
"y": "0",
|
||||
"blur": 0,
|
||||
"spread": "1",
|
||||
"alpha": 1,
|
||||
"inset": true
|
||||
},
|
||||
{
|
||||
"color": "#000000",
|
||||
"x": "1",
|
||||
"y": "1",
|
||||
"blur": "1",
|
||||
"spread": 0,
|
||||
"alpha": "0.3",
|
||||
"inset": false
|
||||
}
|
||||
],
|
||||
"buttonPressed": [
|
||||
{
|
||||
"color": "#bebebe",
|
||||
"x": 0,
|
||||
"y": 0,
|
||||
"blur": "0",
|
||||
"spread": "50",
|
||||
"alpha": 0.5,
|
||||
"inset": true
|
||||
},
|
||||
{
|
||||
"color": "#ffffff",
|
||||
"x": 0,
|
||||
"y": "0",
|
||||
"blur": 0,
|
||||
"spread": "1",
|
||||
"alpha": 0.2,
|
||||
"inset": true
|
||||
},
|
||||
{
|
||||
"color": "#000000",
|
||||
"x": "1",
|
||||
"y": "1",
|
||||
"blur": 0,
|
||||
"spread": 0,
|
||||
"alpha": "0.3",
|
||||
"inset": false
|
||||
}
|
||||
],
|
||||
"input": [
|
||||
{
|
||||
"color": "#FFFFFF",
|
||||
"x": 0,
|
||||
"y": "0",
|
||||
"blur": 0,
|
||||
"spread": "1",
|
||||
"alpha": "0.2",
|
||||
"inset": true
|
||||
}
|
||||
]
|
||||
},
|
||||
"colors": {
|
||||
"underlay": "#000000",
|
||||
"bg": "#070e1b",
|
||||
"fg": "#31363b",
|
||||
"cRed": "#c42d38",
|
||||
"cGreen": "#22b325",
|
||||
"cOrange": "#d7d720",
|
||||
"cBlue": "#ffffff",
|
||||
"accent": "#3daee9",
|
||||
"link": "#318cbc",
|
||||
"text": "#bebebe",
|
||||
"badgeNotification": "#024297",
|
||||
"badgeNotificationText": "#ffffff",
|
||||
"alertNeutral": "#bebebe",
|
||||
"alertNeutralText": "#ffffff",
|
||||
"alertPopupNeutral": "#bebebe",
|
||||
"alertPopupNeutralText": "#000000",
|
||||
"alertSuccess": "#22b325",
|
||||
"alertSuccessText": "#ffffff",
|
||||
"alertPopupSuccess": "#22b325",
|
||||
"alertPopupSuccessText": "#000000",
|
||||
"alertWarning": "#d7d720",
|
||||
"alertWarningText": "#ffffff",
|
||||
"alertPopupWarning": "#d7d720",
|
||||
"alertPopupWarningText": "#000000",
|
||||
"alertError": "#ff090f",
|
||||
"alertErrorText": "#bebebe",
|
||||
"alertPopupError": "#ff090f",
|
||||
"alertPopupErrorText": "#ffffff",
|
||||
"panel": "#0d1a31",
|
||||
"panelText": "#bebebe",
|
||||
"alertNeutralPanelText": "#ffffff",
|
||||
"alertSuccessPanelText": "#ffffff",
|
||||
"alertWarningPanelText": "#ffffff",
|
||||
"alertErrorPanelText": "#bebebe",
|
||||
"fgText": "#bebebe",
|
||||
"topBar": "#0d1a31",
|
||||
"topBarText": "#bebebe",
|
||||
"input": "#18223d",
|
||||
"inputTopbarText": "#bebebe",
|
||||
"inputPanelText": "#bebebe",
|
||||
"inputText": "#bebebe",
|
||||
"btn": "#18223d",
|
||||
"btnText": "#bebebe",
|
||||
"btnTopBarText": "#bebebe",
|
||||
"btnDisabled": "#0c121c",
|
||||
"btnDisabledTopBarText": "#393d45",
|
||||
"btnPanelText": "#bebebe",
|
||||
"btnDisabledPanelText": "#393d45",
|
||||
"btnDisabledText": "#393d45",
|
||||
"btnToggled": "#1b1d1f",
|
||||
"btnToggledTopBarText": "#bebebe",
|
||||
"btnToggledPanelText": "#bebebe",
|
||||
"btnToggledText": "#bebebe",
|
||||
"btnPressed": "#1b1d1f",
|
||||
"btnPressedTopBarText": "#bebebe",
|
||||
"btnPressedTopBar": "#1b1d1f",
|
||||
"btnPressedPanelText": "#bebebe",
|
||||
"btnPressedPanel": "#1b1d1f",
|
||||
"btnPressedText": "#bebebe",
|
||||
"tabActiveText": "#bebebe",
|
||||
"tabText": "#bebebe",
|
||||
"tab": "#1b1d1f",
|
||||
"fgLink": "#543fe7",
|
||||
"topBarLink": "#bebebe",
|
||||
"panelLink": "#38a5ed",
|
||||
"panelFaint": "#bebebe",
|
||||
"icon": "#63666d",
|
||||
"poll": "#1d4f6e",
|
||||
"pollText": "#bebebe",
|
||||
"border": "#363c41",
|
||||
"postCyantext": "#ffffff",
|
||||
"postGreentext": "#22b325",
|
||||
"postLink": "#3daee9",
|
||||
"lightText": "#f2f2f2",
|
||||
"popover": "#070e1b",
|
||||
"selectedMenuPopover": "#0d1930",
|
||||
"highlight": "#0d1930",
|
||||
"highlightText": "#bebebe",
|
||||
"selectedMenu": "#0d1930",
|
||||
"selectedMenuText": "#bebebe",
|
||||
"selectedMenuPopoverIcon": "#666c77",
|
||||
"highlightLink": "#3daee9",
|
||||
"selectedMenuLink": "#3daee9",
|
||||
"selectedMenuPopoverLink": "#3daee9",
|
||||
"selectedMenuPopoverText": "#bebebe",
|
||||
"faintLink": "#3daee9",
|
||||
"highlightFaintLink": "#3daee9",
|
||||
"selectedMenuFaintLink": "#3daee9",
|
||||
"selectedMenuPopoverFaintLink": "#3daee9",
|
||||
"faint": "#bebebe",
|
||||
"highlightFaintText": "#bebebe",
|
||||
"selectedMenuFaintText": "#bebebe",
|
||||
"selectedMenuPopoverFaintText": "#bebebe",
|
||||
"highlightLightText": "#f2f2f2",
|
||||
"selectedMenuLightText": "#f2f2f2",
|
||||
"selectedMenuPopoverLightText": "#f2f2f2",
|
||||
"selectedMenuIcon": "#666c77",
|
||||
"selectedPost": "#0d1930",
|
||||
"selectedPostText": "#bebebe",
|
||||
"selectedPostIcon": "#666c77",
|
||||
"selectedPostLink": "#3daee9",
|
||||
"selectedPostFaintLink": "#3daee9",
|
||||
"highlightPostLink": "#3daee9",
|
||||
"selectedPostPostLink": "#3daee9",
|
||||
"selectedPostLightText": "#f2f2f2",
|
||||
"selectedPostFaintText": "#bebebe",
|
||||
"popoverText": "#bebebe",
|
||||
"popoverIcon": "#63666d",
|
||||
"popoverLink": "#3daee9",
|
||||
"postFaintLink": "#3daee9",
|
||||
"popoverPostFaintLink": "#3daee9",
|
||||
"popoverFaintLink": "#3daee9",
|
||||
"popoverFaintText": "#bebebe",
|
||||
"popoverPostLink": "#3daee9",
|
||||
"popoverLightText": "#f2f2f2",
|
||||
"highlightIcon": "#666c77",
|
||||
"highlightPostFaintLink": "#3daee9",
|
||||
"profileTint": "#070e1b",
|
||||
"profileBg": "#03070f",
|
||||
"wallpaper": "#050a13"
|
||||
},
|
||||
"opacity": {
|
||||
"underlay": 0.15,
|
||||
"bg": 0.85,
|
||||
"alert": 0.5,
|
||||
"alertPopup": 0.95,
|
||||
"panel": 0.75,
|
||||
"input": 0.9,
|
||||
"btn": 0.9,
|
||||
"faint": 0.5,
|
||||
"border": 0.55,
|
||||
"popover": 1,
|
||||
"profileTint": 0.5
|
||||
},
|
||||
"radii": {
|
||||
"btn": "3",
|
||||
"input": "4",
|
||||
"checkbox": "1",
|
||||
"panel": "3",
|
||||
"avatar": "4",
|
||||
"avatarAlt": "4",
|
||||
"tooltip": 2,
|
||||
"attachment": "3"
|
||||
},
|
||||
"fonts": {
|
||||
"interface": {
|
||||
"family": "sans-serif"
|
||||
},
|
||||
"input": {
|
||||
"family": "inherit"
|
||||
},
|
||||
"post": {
|
||||
"family": "inherit"
|
||||
},
|
||||
"postCode": {
|
||||
"family": "monospace"
|
||||
}
|
||||
}
|
||||
},
|
||||
"source": {
|
||||
"themeEngineVersion": 3,
|
||||
"fonts": {},
|
||||
"shadows": {
|
||||
"panel": [
|
||||
{
|
||||
"x": "1",
|
||||
"y": "2",
|
||||
"blur": "6",
|
||||
"spread": 0,
|
||||
"color": "#000000",
|
||||
"alpha": 0.6
|
||||
}
|
||||
],
|
||||
"button": [
|
||||
{
|
||||
"x": 0,
|
||||
"y": "0",
|
||||
"blur": "0",
|
||||
"spread": "1",
|
||||
"color": "#ffffff",
|
||||
"alpha": "0.15",
|
||||
"inset": true
|
||||
},
|
||||
{
|
||||
"x": "1",
|
||||
"y": "1",
|
||||
"blur": "1",
|
||||
"spread": 0,
|
||||
"color": "#000000",
|
||||
"alpha": "0.3",
|
||||
"inset": false
|
||||
}
|
||||
],
|
||||
"panelHeader": [
|
||||
{
|
||||
"x": 0,
|
||||
"y": "40",
|
||||
"blur": "40",
|
||||
"spread": "-40",
|
||||
"inset": true,
|
||||
"color": "#ffffff",
|
||||
"alpha": "0.1"
|
||||
}
|
||||
],
|
||||
"buttonHover": [
|
||||
{
|
||||
"x": 0,
|
||||
"y": "0",
|
||||
"blur": 0,
|
||||
"spread": "1",
|
||||
"color": "--link",
|
||||
"alpha": 1,
|
||||
"inset": true
|
||||
},
|
||||
{
|
||||
"x": "1",
|
||||
"y": "1",
|
||||
"blur": "1",
|
||||
"spread": 0,
|
||||
"color": "#000000",
|
||||
"alpha": "0.3",
|
||||
"inset": false
|
||||
}
|
||||
],
|
||||
"buttonPressed": [
|
||||
{
|
||||
"x": 0,
|
||||
"y": 0,
|
||||
"blur": "0",
|
||||
"spread": "50",
|
||||
"color": "--faint",
|
||||
"alpha": 0.5,
|
||||
"inset": true
|
||||
},
|
||||
{
|
||||
"x": 0,
|
||||
"y": "0",
|
||||
"blur": 0,
|
||||
"spread": "1",
|
||||
"color": "#ffffff",
|
||||
"alpha": 0.2,
|
||||
"inset": true
|
||||
},
|
||||
{
|
||||
"x": "1",
|
||||
"y": "1",
|
||||
"blur": 0,
|
||||
"spread": 0,
|
||||
"color": "#000000",
|
||||
"alpha": "0.3",
|
||||
"inset": false
|
||||
}
|
||||
],
|
||||
"input": [
|
||||
{
|
||||
"x": 0,
|
||||
"y": "0",
|
||||
"blur": 0,
|
||||
"spread": "1",
|
||||
"color": "#FFFFFF",
|
||||
"alpha": "0.2",
|
||||
"inset": true
|
||||
}
|
||||
]
|
||||
},
|
||||
"opacity": {
|
||||
"bg": "0.85",
|
||||
"border": "0.55",
|
||||
"panel": "0.75",
|
||||
"btn": "0.9",
|
||||
"input": "0.9"
|
||||
},
|
||||
"colors": {
|
||||
"bg": "#070e1b",
|
||||
"fg": "#31363b",
|
||||
"text": "#bebebe",
|
||||
"underlay": "#000000",
|
||||
"link": "#318cbc",
|
||||
"accent": "#3daee9",
|
||||
"faint": "#bebebe",
|
||||
"faintLink": "#3daee9",
|
||||
"postFaintLink": "#3daee9",
|
||||
"cBlue": "#ffffff",
|
||||
"cRed": "#c42d38",
|
||||
"cGreen": "#22b325",
|
||||
"cOrange": "#d7d720",
|
||||
"highlight": "#0d1930",
|
||||
"highlightLightText": "#f2f2f2",
|
||||
"highlightPostLink": "#3daee9",
|
||||
"highlightFaintText": "#bebebe",
|
||||
"highlightFaintLink": "#3daee9",
|
||||
"highlightPostFaintLink": "#3daee9",
|
||||
"highlightText": "#bebebe",
|
||||
"highlightLink": "#3daee9",
|
||||
"highlightIcon": "#666c77",
|
||||
"popover": "#070e1b",
|
||||
"popoverLightText": "#f2f2f2",
|
||||
"popoverPostLink": "#3daee9",
|
||||
"popoverFaintText": "#bebebe",
|
||||
"popoverFaintLink": "#3daee9",
|
||||
"popoverPostFaintLink": "#3daee9",
|
||||
"popoverText": "#bebebe",
|
||||
"popoverLink": "#3daee9",
|
||||
"popoverIcon": "#63666d",
|
||||
"selectedPost": "#0d1930",
|
||||
"selectedPostFaintText": "#bebebe",
|
||||
"selectedPostLightText": "#f2f2f2",
|
||||
"selectedPostPostLink": "#3daee9",
|
||||
"selectedPostFaintLink": "#3daee9",
|
||||
"selectedPostText": "#bebebe",
|
||||
"selectedPostLink": "#3daee9",
|
||||
"selectedPostIcon": "#666c77",
|
||||
"selectedMenu": "#0d1930",
|
||||
"selectedMenuLightText": "#f2f2f2",
|
||||
"selectedMenuFaintText": "#bebebe",
|
||||
"selectedMenuFaintLink": "#3daee9",
|
||||
"selectedMenuText": "#bebebe",
|
||||
"selectedMenuLink": "#3daee9",
|
||||
"selectedMenuIcon": "#666c77",
|
||||
"selectedMenuPopover": "#0d1930",
|
||||
"selectedMenuPopoverLightText": "#f2f2f2",
|
||||
"selectedMenuPopoverFaintText": "#bebebe",
|
||||
"selectedMenuPopoverFaintLink": "#3daee9",
|
||||
"selectedMenuPopoverText": "#bebebe",
|
||||
"selectedMenuPopoverLink": "#3daee9",
|
||||
"selectedMenuPopoverIcon": "#666c77",
|
||||
"lightText": "#f2f2f2",
|
||||
"postLink": "#3daee9",
|
||||
"border": "#363c41",
|
||||
"poll": "#1d4f6e",
|
||||
"pollText": "#bebebe",
|
||||
"icon": "#63666d",
|
||||
"fgText": "#bebebe",
|
||||
"fgLink": "#543fe7",
|
||||
"panel": "#0d1a31",
|
||||
"panelText": "#bebebe",
|
||||
"panelFaint": "#bebebe",
|
||||
"panelLink": "#38a5ed",
|
||||
"topBar": "#0d1a31",
|
||||
"topBarText": "#bebebe",
|
||||
"topBarLink": "#bebebe",
|
||||
"tab": "#1b1d1f",
|
||||
"tabText": "#bebebe",
|
||||
"tabActiveText": "#bebebe",
|
||||
"btn": "#18223d",
|
||||
"btnText": "#bebebe",
|
||||
"btnPanelText": "#bebebe",
|
||||
"btnTopBarText": "#bebebe",
|
||||
"btnPressed": "#1b1d1f",
|
||||
"btnPressedText": "#bebebe",
|
||||
"btnPressedPanel": "#1b1d1f",
|
||||
"btnPressedPanelText": "#bebebe",
|
||||
"btnPressedTopBar": "#1b1d1f",
|
||||
"btnPressedTopBarText": "#bebebe",
|
||||
"btnToggled": "#1b1d1f",
|
||||
"btnToggledText": "#bebebe",
|
||||
"btnToggledPanelText": "#bebebe",
|
||||
"btnToggledTopBarText": "#bebebe",
|
||||
"btnDisabled": "#0c121c",
|
||||
"btnDisabledText": "#393d45",
|
||||
"btnDisabledPanelText": "#393d45",
|
||||
"btnDisabledTopBarText": "#393d45",
|
||||
"input": "#18223d",
|
||||
"inputText": "#bebebe",
|
||||
"inputPanelText": "#bebebe",
|
||||
"inputTopbarText": "#bebebe",
|
||||
"alertError": "#ff090f",
|
||||
"alertErrorText": "#bebebe",
|
||||
"alertErrorPanelText": "#bebebe",
|
||||
"alertWarning": "#d7d720",
|
||||
"alertWarningText": "#ffffff",
|
||||
"alertWarningPanelText": "#ffffff",
|
||||
"alertNeutral": "#bebebe",
|
||||
"alertNeutralText": "#ffffff",
|
||||
"alertNeutralPanelText": "#ffffff",
|
||||
"badgeNotification": "#024297",
|
||||
"badgeNotificationText": "#ffffff"
|
||||
},
|
||||
"radii": {
|
||||
"btn": "3",
|
||||
"input": "4",
|
||||
"checkbox": "1",
|
||||
"panel": "3",
|
||||
"avatar": "4",
|
||||
"avatarAlt": "4",
|
||||
"attachment": "3"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
{ lib, pkgs, ... }: {
|
||||
|
||||
services = {
|
||||
prowlarr.enable = true;
|
||||
} // lib.genAttrs [ "sonarr" "radarr" ] (_: {
|
||||
enable = true;
|
||||
});
|
||||
systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: {
|
||||
wants = [ "mnt-mezzomix.mount" ];
|
||||
});
|
||||
|
||||
systemd.mounts = lib.singleton {
|
||||
description = "rclone mount";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" "radarr.service" "sonarr.service" ];
|
||||
|
||||
where = "/mnt/mezzomix";
|
||||
what = "mezzomix@otos.feralhosting.com:private/rtorrent/data";
|
||||
type = "fuse.sshfs";
|
||||
options = "umask=0000,idmap=user,_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,reconnect,max_conns=10,identityfile=/etc/keys/ssh_host_ed25519_key";
|
||||
};
|
||||
systemd.automounts = lib.singleton {
|
||||
name = "mnt-mezzomix.automount";
|
||||
where = "/mnt/mezzomix";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
automountConfig.TimeoutIdleSec = 0;
|
||||
};
|
||||
environment.systemPackages = [ pkgs.sshfs ];
|
||||
programs.ssh.ciphers = [ "aes256-ctr" ];
|
||||
|
||||
|
||||
kyouma.nginx.virtualHosts = {
|
||||
"crime.kyouma.net" = {
|
||||
verifyClientCert = true;
|
||||
disableHttp3 = true;
|
||||
locations = {
|
||||
"/".root = pkgs.writeTextDir "index.html" (builtins.readFile ./landingPage.html);
|
||||
"/sonarr/" = {
|
||||
proxyPass = "http://127.0.0.1:8989";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
"/radarr/" = {
|
||||
proxyPass = "http://127.0.0.1:7878";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
"/prowlarr/" = {
|
||||
proxyPass = "http://127.0.0.1:9696";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
security.acme.certs."crime.kyouma.net" = {};
|
||||
}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>crime.kyouma.net</title>
|
||||
<style>
|
||||
body {
|
||||
width: 35em;
|
||||
margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome to crime.kyouma.net!</h1>
|
||||
<p>If you see this page, the nginx web server is successfully installed and
|
||||
working. Further configuration is required.</p>
|
||||
|
||||
<p>Sonarr
|
||||
<a href="https://crime.kyouma.net/sonarr">crime.kyouma.net/sonarr</a><br/>
|
||||
Radarr
|
||||
<a href="https://crime.kyouma.net/radarr">crime.kyouma.net/radarr</a><br/>
|
||||
Prowlarr
|
||||
<a href="https://crime.kyouma.net/prowlarr">crime.kyouma.net/prowlarr</a></p>
|
||||
|
||||
<p><em>Thank you for using nginx.</em></p>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -5,7 +5,6 @@
|
|||
};
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
package = pkgs.forgejo;
|
||||
secrets.mailer.PASSWD = config.sops.secrets."services/forgejo/mailerPassword".path;
|
||||
database = {
|
||||
createDatabase = true;
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
{ config, inputs, lib, ... }: {
|
||||
imports = [
|
||||
./nix-config.nix
|
||||
inputs.hydra.nixosModules.hydra
|
||||
];
|
||||
sops.secrets."services/hydra/signKey" = {
|
||||
owner = "hydra-queue-runner";
|
||||
|
|
@ -19,7 +18,7 @@
|
|||
};
|
||||
kyouma.deployment.auto-upgrade.cache = "daemon";
|
||||
|
||||
services.hydra-dev = {
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
|
||||
hydraURL = "https://hydra.kyouma.net";
|
||||
|
|
@ -30,9 +29,9 @@
|
|||
extraConfig = ''
|
||||
server_store_uri = https://cache.kyouma.net
|
||||
binary_cache_public_uri = https://cache.kyouma.net
|
||||
evaluator_workers = 6
|
||||
evaluator_max_memory_size = 12288
|
||||
max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)}
|
||||
evaluator_workers = 8
|
||||
evaluator_max_memory_size = 16384
|
||||
max_output_size = 4294967296
|
||||
'';
|
||||
};
|
||||
services.harmonia = {
|
||||
|
|
@ -43,11 +42,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services.hydra-evaluator.serviceConfig = {
|
||||
MemoryHigh = "250G";
|
||||
MemoryMax = "254G";
|
||||
};
|
||||
|
||||
kyouma.nginx.defaultForbidden = "hydra.kyouma.net";
|
||||
kyouma.nginx.virtualHosts = {
|
||||
"hydra.kyouma.net".locations."/".proxyPass = "http://localhost:3000";
|
||||
|
|
|
|||
|
|
@ -1,14 +1,12 @@
|
|||
{ config, lib, ... }: {
|
||||
nix.buildMachines = let
|
||||
base = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
in [
|
||||
nix.buildMachines = [
|
||||
{
|
||||
hostName = "localhost";
|
||||
protocol = null;
|
||||
maxJobs = 0;
|
||||
speedFactor = 0;
|
||||
systems = [ "x86_64-linux" ];
|
||||
supportedFeatures = base;
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
}
|
||||
{
|
||||
hostName = "integra.kyouma.net";
|
||||
|
|
@ -16,30 +14,27 @@
|
|||
maxJobs = 2;
|
||||
speedFactor = 4;
|
||||
systems = [ "aarch64-linux" ];
|
||||
supportedFeatures = base;
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||
}
|
||||
{
|
||||
hostName = "schrodinger.kyouma.net";
|
||||
sshUser = "root";
|
||||
maxJobs = 0;
|
||||
speedFactor = 20;
|
||||
systems = [ "riscv64-linux" ];
|
||||
supportedFeatures = base ++ [ "gccarch-rv64imac" "gccarch-rv64imacfd" "gccarch-rv64gc" ];
|
||||
] ++ lib.forEach [ "03" "04" ] (num: {
|
||||
hostName = "build-worker-${num}.nyantec.com";
|
||||
sshUser = "nix-ssh";
|
||||
maxJobs = 4;
|
||||
speedFactor = 18;
|
||||
systems = [ "x86_64-linux" "riscv64-linux" ];
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
|
||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||
}
|
||||
] ++ lib.forEach (lib.range 0 10) (num: {
|
||||
hostName = "build-worker-${lib.fixedWidthNumber 2 num}";
|
||||
) ++ lib.forEach [ "01" "02" "05" "06" ] (num: {
|
||||
hostName = "build-worker-${num}";
|
||||
sshUser = "root";
|
||||
maxJobs = 2;
|
||||
maxJobs = 4;
|
||||
speedFactor = 20;
|
||||
systems = [ "i686-linux" "x86_64-linux" ];
|
||||
systems = [ "x86_64-linux" ];
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
|
||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||
});
|
||||
nixpkgs.config.allowUnsupportedSystem = true;
|
||||
nix.distributedBuilds = true;
|
||||
nix.gc.automatic = lib.mkForce false;
|
||||
nix.settings = {
|
||||
allowed-uris = [
|
||||
"github:"
|
||||
|
|
@ -53,29 +48,25 @@
|
|||
"build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";
|
||||
"build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
|
||||
"integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
|
||||
"schrodinger.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKo7vZ6lS1wx76YsbAdhOsGcc20YMAW52ep8SZ/FCHDp";
|
||||
"lab.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUePtVPtBK+CYosufbaGiMT4EVanti4V5t2Wg0g/Fy4";
|
||||
"localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
|
||||
"[build-worker-kyoumanet.fly.dev]:2200".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUGzlilikAUfUGKXVCoTeDvPRoWUgDDkNU5WaRUBzls";
|
||||
"[build-worker-kyoumanet.fly.dev]:2201".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL2M97UBHg9aUfjDUxzmzg1r0ga0m3/stummBVwuEAB";
|
||||
"[build-worker-kyoumanet.fly.dev]:2202".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTwVKL0P0chPM2Gz23rbT94844+w1CGJdCaZdzfjThz";
|
||||
"[build-worker-kyoumanet.fly.dev]:2203".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjy2eZGJQeAYy0+fLgW9jiS0jVY2LInY0NDMnzCvvKp";
|
||||
"[build-worker-kyoumanet.fly.dev]:2204".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN72OyD9LYy4hq0WZ7ie5RPV+G54UreEJiA/RubjGoe9";
|
||||
"[build-worker-kyoumanet.fly.dev]:2205".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNh1o1I98XrI2XmOI6Q0aHPfyLCIQwKkKOxGUUeXL9v";
|
||||
"[build-worker-kyoumanet.fly.dev]:2206".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGf0kxGgwOG9KhUhvxxTSiQC5YikrzZXKDgSpBw33qN4";
|
||||
"[build-worker-kyoumanet.fly.dev]:2207".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL9z95a6Fn/dB+iNigEYpuJdBnBwCkIZYaKHcFbGP+RY";
|
||||
"[build-worker-kyoumanet.fly.dev]:2208".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAk+FNMhTfAVqk3MfLp4QiG/i5ti53DlpnC0q+sOvU9O";
|
||||
"[build-worker-kyoumanet-cdg.fly.dev]:2209".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGlQD/3fLn/Kyb7v0RIycHRcArGi75jURj803EMpW0S";
|
||||
"[build-worker-kyoumanet-cdg.fly.dev]:2210".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQm1FSGBGdCR5f8MvBvdKM0M4yIQVnH1po7hHO5T1qz";
|
||||
};
|
||||
extraConfig = ''
|
||||
Host machine-0008.cloud-v.co
|
||||
Hostname machine.cloud-v.co
|
||||
Port 20008
|
||||
'' + lib.concatLines (lib.forEach (lib.range 0 10) (num: ''
|
||||
Host build-worker-${lib.fixedWidthNumber 2 num}
|
||||
Hostname build-worker-kyoumanet${lib.optionalString (num > 8) "-cdg"}.fly.dev
|
||||
Port 22${lib.fixedWidthNumber 2 num}
|
||||
''));
|
||||
Host build-worker-01
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2201
|
||||
Host build-worker-02
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2202
|
||||
Host build-worker-05
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2203
|
||||
Host build-worker-06
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2204
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,34 +0,0 @@
|
|||
{ lib, ... }: {
|
||||
|
||||
services.jellyfin.enable = true;
|
||||
|
||||
kyouma.nginx.virtualHosts = {
|
||||
"watch.kyouma.net".redirectTo = "fentanyl.trade";
|
||||
"fentanyl.trade" = {
|
||||
serverAliases = lib.singleton "frotti.ng";
|
||||
locations = {
|
||||
"= /".return = "302 https://$host/web/";
|
||||
"/" = {
|
||||
proxyPass = "http://[::1]:8096";
|
||||
recommendedProxySettings = true;
|
||||
extraConfig = ''
|
||||
proxy_buffering on;
|
||||
'';
|
||||
};
|
||||
"= /web/" = {
|
||||
proxyPass = "http://[::1]:8096";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
"/socket" = {
|
||||
proxyPass = "http://[::1]:8096";
|
||||
recommendedProxySettings = true;
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
security.acme.certs."fentanyl.trade".extraDomainNames = [
|
||||
"frotti.ng"
|
||||
"watch.kyouma.net"
|
||||
];
|
||||
}
|
||||
|
|
@ -1,8 +1,7 @@
|
|||
{ ... }: {
|
||||
{ pkgs, ... }: {
|
||||
services.librespeed = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
package = pkgs.librespeed-go;
|
||||
domain = "speed.kyouma.net";
|
||||
frontend.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
{ config, lib, pkgs, ... }: let
|
||||
inherit (lib) mkDefault;
|
||||
in {
|
||||
{ config, lib, ... }: with lib; {
|
||||
kyouma.deployment.tags = [ "web" ];
|
||||
security.dhparams.enable = true;
|
||||
security.dhparams.params.nginx = {};
|
||||
|
|
@ -11,11 +9,9 @@ in {
|
|||
email = "noc@kyouma.net";
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
package = mkDefault pkgs.nginxQuic;
|
||||
#package = pkgs.nginxQuic;
|
||||
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
|
|
@ -36,7 +32,6 @@ in {
|
|||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header Referrer-Policy "same-origin" always;
|
||||
add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
|
||||
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||
'';
|
||||
eventsConfig = ''
|
||||
|
|
|
|||
|
|
@ -5,14 +5,14 @@
|
|||
};
|
||||
sops.secrets."services/vaultwarden/basicAuth" = {
|
||||
sopsFile = ../../secrets/services/vaultwarden.yaml;
|
||||
owner = "nginx";
|
||||
owner = "vaultwarden";
|
||||
};
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
|
||||
backupDir = "/var/backup/bitwarden_rs";
|
||||
config = {
|
||||
DOMAIN = "https://vault.kyouma.net";
|
||||
DOMAIN = "https://staging.vault.kyouma.net";
|
||||
DATABASE_MAX_CONNS = 15;
|
||||
WEB_VAULT_ENABLED = true;
|
||||
WEBSOCKET_ADDRESS = "::1";
|
||||
|
|
@ -33,10 +33,10 @@
|
|||
SMTP_SECURITY = "starttls";
|
||||
SMTP_PORT = 587;
|
||||
ROCKET_ADDRESS = "::1";
|
||||
ROCKET_PORT = 8222;
|
||||
ROCKET_PORT = "8222";
|
||||
};
|
||||
};
|
||||
kyouma.nginx.virtualHosts."vault.kyouma.net" = {
|
||||
kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:8222";
|
||||
proxyWebsockets = true;
|
||||
|
|
@ -46,5 +46,5 @@
|
|||
basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path;
|
||||
};
|
||||
};
|
||||
security.acme.certs."vault.kyouma.net" = {};
|
||||
security.acme.certs."staging.vault.kyouma.net" = {};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,78 +0,0 @@
|
|||
{ inputs, pkgs, ... }: {
|
||||
imports = [
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
];
|
||||
|
||||
users.users.lucy = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.fish;
|
||||
ignoreShellProgramCheck = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIId7XvwEHtC9KdGg4Bn+XE+yyBp7/dRToJX9T56mM7ln kosaki@kosaki"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZH8HwE1OxVAArRpc3+c7foYJ/WYjp4BqUyuab9yQyl emilia@emilia"
|
||||
];
|
||||
};
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.users.lucy = {
|
||||
home.stateVersion = "24.11";
|
||||
|
||||
home.packages = with pkgs; [
|
||||
whois
|
||||
htop
|
||||
restic
|
||||
fend
|
||||
];
|
||||
fonts.fontconfig.enable = true;
|
||||
|
||||
programs.bat.enable = true;
|
||||
programs.gpg.enable = true;
|
||||
programs.ripgrep.enable = true;
|
||||
|
||||
programs.tmux = {
|
||||
enable = true;
|
||||
prefix = "M-w";
|
||||
clock24 = true;
|
||||
extraConfig = ''
|
||||
# unbind keys
|
||||
unbind-key C-b
|
||||
|
||||
# new prefix
|
||||
bind-key M-w send-prefix
|
||||
|
||||
# selection via vim keys
|
||||
bind-key -r h select-pane -L
|
||||
bind-key -r j select-pane -D
|
||||
bind-key -r k select-pane -U
|
||||
bind-key -r l select-pane -R
|
||||
|
||||
# resize aswell
|
||||
bind-key -r C-h resize-pane -L 5
|
||||
bind-key -r C-j resize-pane -D 5
|
||||
bind-key -r C-k resize-pane -U 5
|
||||
bind-key -r C-l resize-pane -R 5
|
||||
|
||||
bind-key g split-window
|
||||
bind-key v split-window -h
|
||||
'';
|
||||
};
|
||||
|
||||
programs.eza = {
|
||||
enable = true;
|
||||
icons = "auto";
|
||||
git = true;
|
||||
extraOptions = [
|
||||
"--color-scale=all"
|
||||
"--color-scale-mode=gradient"
|
||||
"--group-directories-first"
|
||||
];
|
||||
};
|
||||
programs.fish = {
|
||||
enable = true;
|
||||
interactiveShellInit = ''
|
||||
set -U fish_greeting
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,49 +0,0 @@
|
|||
{ inputs, pkgs, ... }: {
|
||||
imports = [
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
];
|
||||
|
||||
users.users.nil = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.fish;
|
||||
ignoreShellProgramCheck = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICczPHRwY9MAwDGlcB0QgMOJjcpLJhVU3covrW9RBS62AAAABHNzaDo="
|
||||
];
|
||||
};
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.users.nil = {
|
||||
home.stateVersion = "24.11";
|
||||
|
||||
home.packages = with pkgs; [
|
||||
whois
|
||||
htop
|
||||
restic
|
||||
fend
|
||||
];
|
||||
fonts.fontconfig.enable = true;
|
||||
|
||||
programs.bat.enable = true;
|
||||
programs.gpg.enable = true;
|
||||
programs.ripgrep.enable = true;
|
||||
|
||||
programs.eza = {
|
||||
enable = true;
|
||||
icons = "auto";
|
||||
git = true;
|
||||
extraOptions = [
|
||||
"--color-scale=all"
|
||||
"--color-scale-mode=gradient"
|
||||
"--group-directories-first"
|
||||
];
|
||||
};
|
||||
programs.fish = {
|
||||
enable = true;
|
||||
interactiveShellInit = ''
|
||||
set -U fish_greeting
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
463
flake.lock
463
flake.lock
|
|
@ -5,18 +5,17 @@
|
|||
"crane": "crane",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-parts": "flake-parts",
|
||||
"nix-github-actions": "nix-github-actions",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731270564,
|
||||
"narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=",
|
||||
"lastModified": 1726069220,
|
||||
"narHash": "sha256-dAUWlC8uMJX9iovycfvJcg5nm3PzqJIRAOwN4z322zM=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"rev": "47752427561f1c34debb16728a210d378f0ece36",
|
||||
"rev": "416687e59c4f0b32742423458cab2c5ff8fe748a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -136,11 +135,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728330715,
|
||||
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
|
||||
"lastModified": 1722113426,
|
||||
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
|
||||
"owner": "numtide",
|
||||
"repo": "devshell",
|
||||
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
|
||||
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -156,11 +155,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731549112,
|
||||
"narHash": "sha256-c9I3i1CwZ10SoM5npQQVnfwgvB86jAS3lT4ZqkRoSOI=",
|
||||
"lastModified": 1727531434,
|
||||
"narHash": "sha256-b+GBgCWd2N6pkiTkRZaMFOPztPO4IVTaclYPrQl2uLk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "5fd852c4155a689098095406500d0ae3d04654a8",
|
||||
"rev": "b709e1cc33fcde71c7db43850a55ebe6449d0959",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -214,27 +213,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"firefox": {
|
||||
"inputs": {
|
||||
"neoidiosyn": "neoidiosyn",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731867603,
|
||||
"narHash": "sha256-07612Ws2V4iFQAGLEoZVIefA3rM9JP3B/qo/z4tu1Kg=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "022ec0becb1ca7b96ddb9bdd046617075357c2cb",
|
||||
"revCount": 3,
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/mikael/firefox.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/mikael/firefox.git"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
|
@ -348,11 +326,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1730504689,
|
||||
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
|
||||
"lastModified": 1726153070,
|
||||
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
|
||||
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -383,24 +361,6 @@
|
|||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
|
|
@ -415,9 +375,9 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726560853,
|
||||
|
|
@ -433,7 +393,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_5": {
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": [
|
||||
"stylix",
|
||||
|
|
@ -469,81 +429,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flakey-profile_2": {
|
||||
"locked": {
|
||||
"lastModified": 1712898590,
|
||||
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
|
||||
"owner": "lf-",
|
||||
"repo": "flakey-profile",
|
||||
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lf-",
|
||||
"repo": "flakey-profile",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"florp-about": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731582952,
|
||||
"narHash": "sha256-hnvqHeekGal+hml6BQB254LsJn+Vk5QNKzkIu8rH/xs=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "f283dba73f777746e1675126f8fa4c5b1fd06152",
|
||||
"revCount": 10,
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/florp/about.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/florp/about.git"
|
||||
}
|
||||
},
|
||||
"florp-branding": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731182323,
|
||||
"narHash": "sha256-Ecw7fOxv3hp1iLWBqlYW9TTNi0LTtiu92gtqfdn5v20=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "8aaf8c85b902eaaabfdeadd5502019b2816991b9",
|
||||
"revCount": 3,
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/florp/branding.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/florp/branding.git"
|
||||
}
|
||||
},
|
||||
"florp-moderation": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731611636,
|
||||
"narHash": "sha256-Do8vpR8JTpkPr9vxf1aRzhb4/cUBjg5twPyGDyezxJw=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "32e1061cb2ef3cd0eab0bd99f062a2776a73d459",
|
||||
"revCount": 7,
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/florp/moderation.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/florp/moderation.git"
|
||||
}
|
||||
},
|
||||
"fromYaml": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
|
@ -577,11 +462,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731363552,
|
||||
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
|
||||
"lastModified": 1727514110,
|
||||
"narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=",
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
|
||||
"rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -636,11 +521,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731604581,
|
||||
"narHash": "sha256-Qq2YZZaDTB3FZLWU/Hgh1uuWlUBl3cMLGB99bm7rFUM=",
|
||||
"lastModified": 1727383923,
|
||||
"narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "1d0862ee2d7c6f6cd720d6f32213fa425004be10",
|
||||
"rev": "ffe2d07e771580a005e675108212597e5b367d2d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -658,47 +543,37 @@
|
|||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728215710,
|
||||
"narHash": "sha256-TRxR6zELQoUDPhLkmBU8QjgskNyVcblKgQIxhuOyNRc=",
|
||||
"ref": "main",
|
||||
"rev": "799441dcf6d595efb0def686ca0815aef398627b",
|
||||
"revCount": 4217,
|
||||
"lastModified": 1724696781,
|
||||
"narHash": "sha256-oDLfi7PdElAdhGK8i+mQ4OOn6Hu3vzHiYnuFcHoJ0IU=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "ab6d81fad404af05dfeae7f74d1783a2f7367826",
|
||||
"revCount": 4205,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/hydra"
|
||||
"url": "https://git.lix.systems/snaakey/hydra.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"rev": "799441dcf6d595efb0def686ca0815aef398627b",
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/hydra"
|
||||
"url": "https://git.lix.systems/snaakey/hydra.git"
|
||||
}
|
||||
},
|
||||
"ixx": {
|
||||
"iceshrimp": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"nixvim",
|
||||
"nuschtosSearch",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixvim",
|
||||
"nuschtosSearch",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729958008,
|
||||
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
|
||||
"owner": "NuschtOS",
|
||||
"repo": "ixx",
|
||||
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
|
||||
"type": "github"
|
||||
"lastModified": 1718289195,
|
||||
"narHash": "sha256-xmkExjsTztXW4/AYb3d3Er6Wwg4r7AVwq7rv9E93+Ec=",
|
||||
"ref": "refs/heads/dev",
|
||||
"rev": "746c6319d3425ccfacc906535c67951e161996d9",
|
||||
"revCount": 47,
|
||||
"type": "git",
|
||||
"url": "https://iceshrimp.dev/iceshrimp/packaging"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NuschtOS",
|
||||
"ref": "v0.0.6",
|
||||
"repo": "ixx",
|
||||
"type": "github"
|
||||
"type": "git",
|
||||
"url": "https://iceshrimp.dev/iceshrimp/packaging"
|
||||
}
|
||||
},
|
||||
"kyouma-www": {
|
||||
|
|
@ -725,68 +600,6 @@
|
|||
}
|
||||
},
|
||||
"lix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1731683711,
|
||||
"narHash": "sha256-bq21I1EjXJa/s5Rra9J9ot2NkPCnI0F5uNPurwYLdpE=",
|
||||
"rev": "c859d03013712b349d82ee6223948d6d03e63a8d",
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/c859d03013712b349d82ee6223948d6d03e63a8d.tar.gz?rev=c859d03013712b349d82ee6223948d6d03e63a8d"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"
|
||||
}
|
||||
},
|
||||
"lix-module": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"flakey-profile": "flakey-profile",
|
||||
"lix": [
|
||||
"firefox",
|
||||
"neoidiosyn",
|
||||
"lix"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"firefox",
|
||||
"neoidiosyn",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731185731,
|
||||
"narHash": "sha256-RNaIu43b9PoXEhW4OqXUNZKY/jezQyCYWwdv1M0VjsA=",
|
||||
"rev": "691193879d96bdfd1e6ab5ebcca2fadc7604cf34",
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/691193879d96bdfd1e6ab5ebcca2fadc7604cf34.tar.gz?rev=691193879d96bdfd1e6ab5ebcca2fadc7604cf34"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"
|
||||
}
|
||||
},
|
||||
"lix-module_2": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_3",
|
||||
"flakey-profile": "flakey-profile_2",
|
||||
"lix": "lix_3",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1723510904,
|
||||
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
|
||||
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
|
||||
}
|
||||
},
|
||||
"lix_2": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_2",
|
||||
"nix2container": "nix2container",
|
||||
|
|
@ -806,7 +619,28 @@
|
|||
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
|
||||
}
|
||||
},
|
||||
"lix_3": {
|
||||
"lix-module": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"flakey-profile": "flakey-profile",
|
||||
"lix": "lix_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1723510904,
|
||||
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
|
||||
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
|
||||
}
|
||||
},
|
||||
"lix_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1723503926,
|
||||
|
|
@ -820,29 +654,6 @@
|
|||
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
|
||||
}
|
||||
},
|
||||
"neoidiosyn": {
|
||||
"inputs": {
|
||||
"lix": "lix",
|
||||
"lix-module": "lix-module",
|
||||
"nixpkgs": [
|
||||
"firefox",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731867586,
|
||||
"narHash": "sha256-6anSWv1Vw83RKMAFMHOCv/9pp23ExzscEKFAe+GbAmU=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "86605e5489fb5045f4dee48de2a69082e17c033b",
|
||||
"revCount": 1,
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/mikael/neoidiosyn.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/mikael/neoidiosyn.git"
|
||||
}
|
||||
},
|
||||
"nix-darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
|
@ -851,11 +662,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731454423,
|
||||
"narHash": "sha256-TtwvgFxUa0wyptLhQbKaixgNW1UXf3+TDqfX3Kp63oM=",
|
||||
"lastModified": 1727507295,
|
||||
"narHash": "sha256-I/FrX1peu4URoj5T5odfuKR2rm4GjYJJpCGF9c0/lDA=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "6c71c49e2448e51ad830ed211024e6d0edc50116",
|
||||
"rev": "f2e1c4aa29fc211947c3a7113cba1dd707433b70",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -871,7 +682,7 @@
|
|||
"hydra",
|
||||
"lix"
|
||||
],
|
||||
"nix-github-actions": "nix-github-actions_2",
|
||||
"nix-github-actions": "nix-github-actions",
|
||||
"nixpkgs": [
|
||||
"hydra",
|
||||
"nixpkgs"
|
||||
|
|
@ -893,27 +704,6 @@
|
|||
}
|
||||
},
|
||||
"nix-github-actions": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"attic",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729742964,
|
||||
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-github-actions",
|
||||
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-github-actions",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-github-actions_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"hydra",
|
||||
|
|
@ -953,11 +743,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1731403644,
|
||||
"narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=",
|
||||
"lastModified": 1727540359,
|
||||
"narHash": "sha256-U+225h1kJZpWb23+RaX1sBkqC4fA7aa7eBbgiQ5HcO4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "f6581f1c3b137086e42a08a906bdada63045f991",
|
||||
"rev": "fb08bde00c20252b892a3e57fb094eb62b65ba61",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -1036,11 +826,11 @@
|
|||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1730602179,
|
||||
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
|
||||
"lastModified": 1725762081,
|
||||
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
|
||||
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -1052,11 +842,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1725001927,
|
||||
"narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=",
|
||||
"lastModified": 1723688146,
|
||||
"narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "6e99f2a27d600612004fbd2c3282d614bfee6421",
|
||||
"rev": "c3d4ac725177c030b1e289015989da2ad9d56af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -1084,11 +874,11 @@
|
|||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1731319897,
|
||||
"narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=",
|
||||
"lastModified": 1727348695,
|
||||
"narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "dc460ec76cbff0e66e269457d7b728432263166c",
|
||||
"rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -1115,11 +905,11 @@
|
|||
"treefmt-nix": "treefmt-nix_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731707185,
|
||||
"narHash": "sha256-IfA3x0eL4Be/7hvdvGSnT8fgiXz7GL3PtjGw3BH68gM=",
|
||||
"lastModified": 1727557953,
|
||||
"narHash": "sha256-xe8JQaNOPTyzWsSlLu2yC6qw4SjOMHrXk4Iq+pIgLhM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixvim",
|
||||
"rev": "be455f7f2714ce3479ae5bb662a03bd450f45793",
|
||||
"rev": "2c4e4681db658deeceb2f781136d7ba1d0009521",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -1130,19 +920,18 @@
|
|||
},
|
||||
"nuschtosSearch": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_4",
|
||||
"ixx": "ixx",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": [
|
||||
"nixvim",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731347683,
|
||||
"narHash": "sha256-BcSWCEUBShuB32LPif+EG0XGXyUi2jyjCSpGE1rbOws=",
|
||||
"lastModified": 1727452028,
|
||||
"narHash": "sha256-ehl/A4HQFRyqj1Fk7cl+dgSf/2Fb1jLwWJtZaMU6RfU=",
|
||||
"owner": "NuschtOS",
|
||||
"repo": "search",
|
||||
"rev": "135d202e032be70c93b6d7d53592ef4799d6efde",
|
||||
"rev": "9f7426e532ef8dfc839c4a3fcc567b13a20a70d3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -1151,29 +940,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"oth": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732215904,
|
||||
"narHash": "sha256-bXXoyQcVMULYOj1KlzbquUyMTyByzmLatIgm0ra/7sk=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "847cc8493f7f44bd5ada0283d6b96457f4ee5a9b",
|
||||
"revCount": 1,
|
||||
"type": "git",
|
||||
"url": "ssh://forgejo@woof.rip/emily/oth.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "ssh://forgejo@woof.rip/emily/oth.git"
|
||||
}
|
||||
},
|
||||
"pre-commit-hooks": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
|
@ -1196,21 +962,17 @@
|
|||
"disko": "disko",
|
||||
"dns": "dns",
|
||||
"fernglas": "fernglas",
|
||||
"firefox": "firefox",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"florp-about": "florp-about",
|
||||
"florp-branding": "florp-branding",
|
||||
"florp-moderation": "florp-moderation",
|
||||
"flake-utils": "flake-utils",
|
||||
"home-manager": "home-manager",
|
||||
"hydra": "hydra",
|
||||
"iceshrimp": "iceshrimp",
|
||||
"kyouma-www": "kyouma-www",
|
||||
"lix": "lix_2",
|
||||
"lix-module": "lix-module_2",
|
||||
"lix": "lix",
|
||||
"lix-module": "lix-module",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixos-needsreboot": "nixos-needsreboot",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nixvim": "nixvim",
|
||||
"oth": "oth",
|
||||
"sops-nix": "sops-nix",
|
||||
"stylix": "stylix"
|
||||
}
|
||||
|
|
@ -1223,11 +985,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731364708,
|
||||
"narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=",
|
||||
"lastModified": 1727423009,
|
||||
"narHash": "sha256-+4B/dQm2EnORIk0k2wV3aHGaE0WXTBjColXjj7qWh10=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "4c91d52db103e757fc25b58998b0576ae702d659",
|
||||
"rev": "127a96f49ddc377be6ba76964411bab11ae27803",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -1243,7 +1005,7 @@
|
|||
"base16-helix": "base16-helix",
|
||||
"base16-vim": "base16-vim",
|
||||
"flake-compat": "flake-compat_4",
|
||||
"flake-utils": "flake-utils_5",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"gnome-shell": "gnome-shell",
|
||||
"home-manager": [
|
||||
"home-manager"
|
||||
|
|
@ -1251,17 +1013,17 @@
|
|||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"systems": "systems_5",
|
||||
"systems": "systems_4",
|
||||
"tinted-foot": "tinted-foot",
|
||||
"tinted-kitty": "tinted-kitty",
|
||||
"tinted-tmux": "tinted-tmux"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731657386,
|
||||
"narHash": "sha256-Mm/JL8tFUS1SOmmZDPcswExUxzw0VpHcEyZI1h58CGA=",
|
||||
"lastModified": 1727545964,
|
||||
"narHash": "sha256-x9871msLvyZbMNWmVgJWPC2yiSdwZ1K5+UZrQgrdMFM=",
|
||||
"owner": "danth",
|
||||
"repo": "stylix",
|
||||
"rev": "5ab1207b2fdeb5a022f2dd7cccf6be760f1b150f",
|
||||
"rev": "1e9ec16a3739f275ec771434c2ad8cff9a54c42e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -1330,52 +1092,35 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_5": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tinted-foot": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1726913040,
|
||||
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
|
||||
"lastModified": 1696725948,
|
||||
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-foot",
|
||||
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
|
||||
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-foot",
|
||||
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tinted-kitty": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1716423189,
|
||||
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
|
||||
"lastModified": 1665001328,
|
||||
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-kitty",
|
||||
"rev": "eb39e141db14baef052893285df9f266df041ff8",
|
||||
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-kitty",
|
||||
"rev": "eb39e141db14baef052893285df9f266df041ff8",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
|
|
@ -1425,11 +1170,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1730321837,
|
||||
"narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
|
||||
"lastModified": 1727431250,
|
||||
"narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
|
||||
"rev": "879b29ae9a0378904fbbefe0dadaed43c8905754",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
27
flake.nix
27
flake.nix
|
|
@ -21,30 +21,18 @@
|
|||
url = "github:wobcom/fernglas";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
firefox = {
|
||||
url = "git+https://woof.rip/mikael/firefox.git";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
florp-about = {
|
||||
url = "git+https://woof.rip/florp/about.git";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
florp-branding = {
|
||||
url = "git+https://woof.rip/florp/branding.git";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
florp-moderation = {
|
||||
url = "git+https://woof.rip/florp/moderation.git";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
hydra = {
|
||||
url = "git+https://git.lix.systems/lix-project/hydra?ref=main&rev=799441dcf6d595efb0def686ca0815aef398627b";
|
||||
url = "git+https://git.lix.systems/snaakey/hydra.git";
|
||||
inputs.lix.follows = "lix";
|
||||
};
|
||||
iceshrimp = {
|
||||
url = "git+https://iceshrimp.dev/iceshrimp/packaging";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
kyouma-www = {
|
||||
url = "git+https://woof.rip/emily/kyouma-net.git";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
@ -64,11 +52,6 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.home-manager.follows = "home-manager";
|
||||
};
|
||||
oth = {
|
||||
url = "git+ssh://forgejo@woof.rip/emily/oth.git";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
|
|||
77
fly.toml
Normal file
77
fly.toml
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
app = 'build-worker-kyoumanet'
|
||||
primary_region = 'ams'
|
||||
|
||||
[build]
|
||||
image = 'registry.fly.io/build-worker-kyoumanet:latest'
|
||||
|
||||
[processes]
|
||||
bw-01 = '/entrypoint.sh'
|
||||
bw-02 = '/entrypoint.sh'
|
||||
bw-03 = '/entrypoint.sh'
|
||||
bw-04 = '/entrypoint.sh'
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw01'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '128GB'
|
||||
processes = ['bw-01']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw02'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '128GB'
|
||||
processes = ['bw-02']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw03'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '128GB'
|
||||
processes = ['bw-03']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw04'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '128GB'
|
||||
processes = ['bw-04']
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-01']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2201
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-02']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2202
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-03']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2203
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-04']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2204
|
||||
|
||||
[[restart]]
|
||||
policy = 'never'
|
||||
|
||||
[[vm]]
|
||||
size = 'performance-16x'
|
||||
|
|
@ -1,5 +1,11 @@
|
|||
{ lib, ... }: let
|
||||
mapModules = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ./.));
|
||||
in {
|
||||
imports = builtins.map (dir: ./${dir}) mapModules;
|
||||
{ ... }: {
|
||||
imports = [
|
||||
./deployment
|
||||
./graphical
|
||||
./librespeed
|
||||
./machine-type
|
||||
./nginx
|
||||
./ooklaserver
|
||||
./update-nixfiles
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ in {
|
|||
style.package = with pkgs; [
|
||||
libsForQt5.qtstyleplugin-kvantum
|
||||
qt6Packages.qtstyleplugin-kvantum
|
||||
(catppuccin-kvantum.override { accent = "mauve"; variant = "macchiato"; })
|
||||
(catppuccin-kvantum.override { accent = "Mauve"; variant = "Macchiato"; })
|
||||
];
|
||||
};
|
||||
gtk.iconTheme.name = "Adwaita";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, inputs, lib, pkgs, ... }: {
|
||||
{ config, lib, pkgs, ... }: {
|
||||
config.home-manager.users.emily = lib.mkIf (config.kyouma.graphical.compositor == "hyprland") {
|
||||
wayland.windowManager.hyprland = {
|
||||
enable = true;
|
||||
|
|
@ -9,8 +9,6 @@
|
|||
notifysend = "${pkgs.libnotify}/bin/notify-send";
|
||||
dolphin = "${pkgs.libsForQt5.dolphin}/bin/dolphin";
|
||||
firefox = "${pkgs.firefox}/bin/firefox";
|
||||
# currently broken
|
||||
#firefox = "${inputs.firefox.packages.${pkgs.system}.firefox}/bin/firefox";
|
||||
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
|
||||
screenshot = "~/.local/bin/hypr/screenshot.sh";
|
||||
rofi = "${pkgs.rofi-wayland}/bin/rofi";
|
||||
|
|
|
|||
|
|
@ -161,8 +161,8 @@
|
|||
};
|
||||
servers = {
|
||||
bashls.enable = true;
|
||||
lua_ls.enable = true;
|
||||
nil_ls = {
|
||||
lua-ls.enable = true;
|
||||
nil-ls = {
|
||||
enable = true;
|
||||
settings.formatting.command = [ "nixfmt" "-w" "140" ];
|
||||
};
|
||||
|
|
@ -175,8 +175,8 @@
|
|||
options.enable = true;
|
||||
};
|
||||
};
|
||||
ruff_lsp.enable = true;
|
||||
rust_analyzer = {
|
||||
ruff-lsp.enable = true;
|
||||
rust-analyzer = {
|
||||
enable = true;
|
||||
installRustc = true;
|
||||
installCargo = true;
|
||||
|
|
@ -187,6 +187,7 @@
|
|||
enable = true;
|
||||
sources.diagnostics = {
|
||||
pylint.enable = true;
|
||||
statix.enable = true;
|
||||
};
|
||||
sources.formatting = {
|
||||
nixfmt.enable = true;
|
||||
|
|
@ -211,7 +212,6 @@
|
|||
plugins.luasnip.enable = true;
|
||||
plugins.nvim-autopairs.enable = true;
|
||||
plugins.rainbow-delimiters.enable = true;
|
||||
plugins.web-devicons.enable = true;
|
||||
# Broken
|
||||
plugins.rustaceanvim.enable = false;
|
||||
plugins.treesitter-context.enable = true;
|
||||
|
|
|
|||
|
|
@ -1,136 +1,57 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.librespeed;
|
||||
in
|
||||
{
|
||||
options.services.librespeed =
|
||||
let
|
||||
in {
|
||||
options.services.librespeed = let
|
||||
inherit (lib) mkOption types;
|
||||
in
|
||||
{
|
||||
in {
|
||||
enable = lib.mkEnableOption "LibreSpeed server";
|
||||
package = lib.mkPackageOption pkgs "librespeed-rust" { };
|
||||
package = lib.mkPackageOption pkgs "librespeed-rust" {};
|
||||
configureNginx = mkOption {
|
||||
description = "Configure nginx as a reverse proxy for LibreSpeed.";
|
||||
default = if (cfg.domain != null) then true else false;
|
||||
type = types.bool;
|
||||
};
|
||||
contactEmail = mkOption {
|
||||
description = "Email address listed in the privacy policy.";
|
||||
default = if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
|
||||
type = types.str;
|
||||
};
|
||||
domain = mkOption {
|
||||
description = ''
|
||||
If not `null`, this will add an entry to `services.librespeed.servers` and
|
||||
configure librespeed to use TLS.
|
||||
configure an nginx reverse proxy at the specified FQDN, unless explicitly disabled.
|
||||
'';
|
||||
default = null;
|
||||
type = with types; nullOr nonEmptyStr;
|
||||
};
|
||||
downloadIPDB = mkOption {
|
||||
description = ''
|
||||
Whether to download the IP info database before starting librespeed.
|
||||
Disable this if you want to use the Go implementation.
|
||||
'';
|
||||
default = !(cfg.secrets ? "ipinfo_api_key");
|
||||
defaultText = lib.literalExpression ''!(cfg.secrets ? "ipinfo_api_key")'';
|
||||
type = types.bool;
|
||||
};
|
||||
openFirewall = mkOption {
|
||||
description = ''
|
||||
Whether to open the firewall for the specified port.
|
||||
This is only necessary if no reverse proxy is used.
|
||||
'';
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
secrets = mkOption {
|
||||
description = ''
|
||||
Attribute set of filesystem paths.
|
||||
The contents of the specified paths will be read at service start time and merged with the attributes provided in `settings`.
|
||||
'';
|
||||
default = { };
|
||||
type = with types; nullOr (attrsOf path);
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
LibreSpeed configuration written as Nix expression.
|
||||
All values set to `null` will be excluded from the evaluated config.
|
||||
This is useful if you want to omit certain defaults when using a different LibreSpeed implementation.
|
||||
|
||||
See [github.com/librespeed][librespeed] for configuration help.
|
||||
|
||||
[librespeed]: https://github.com/librespeed/speedtest-rust
|
||||
'';
|
||||
default = { };
|
||||
type =
|
||||
with types;
|
||||
nullOr (
|
||||
attrsOf (oneOf [
|
||||
(nullOr bool)
|
||||
int
|
||||
str
|
||||
package
|
||||
])
|
||||
);
|
||||
};
|
||||
frontend = {
|
||||
enable = lib.mkEnableOption ''
|
||||
Enables the LibreSpeed frontend and adds a nginx virtual host if
|
||||
not explicetly disabled and `services.librespeed.domain` is not `null`.
|
||||
'';
|
||||
contactEmail = mkOption {
|
||||
description = "Email address listed in the privacy policy.";
|
||||
default =
|
||||
if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
|
||||
defaultText = lib.literalExpression ''
|
||||
if (config.services.librespeed.domain != null) then
|
||||
"webmaster@''${config.services.librespeed.domain}"
|
||||
else
|
||||
"webmaster@''${config.networking.fqdn}";
|
||||
'';
|
||||
type = types.str;
|
||||
};
|
||||
pageTitle = mkOption {
|
||||
description = "Title of the webpage.";
|
||||
default = "LibreSpeed";
|
||||
type = types.str;
|
||||
};
|
||||
useNginx = mkOption {
|
||||
secrets = mkOption {
|
||||
description = ''
|
||||
Configure nginx for the LibreSpeed frontend.
|
||||
This will only create a virtual host for the frontend and won't proxy all requests because
|
||||
the reported upload and download speeds are inaccurate if proxied.
|
||||
Attribute set of filesystem paths.
|
||||
The contents of the specified paths will be read at service start time and merged with the attributes provided in `settings`.
|
||||
'';
|
||||
default = cfg.domain != null;
|
||||
defaultText = lib.literalExpression "config.services.librespeed.domain != null";
|
||||
type = types.bool;
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Override default settings of the speedtest web client.
|
||||
See [speedtest_worker.js][link] for a list of possible values.
|
||||
|
||||
[link]: https://github.com/librespeed/speedtest/blob/master/speedtest_worker.js#L39
|
||||
'';
|
||||
default = {
|
||||
telemetry_level = "basic";
|
||||
};
|
||||
type =
|
||||
with types;
|
||||
nullOr (
|
||||
attrsOf (oneOf [
|
||||
bool
|
||||
int
|
||||
str
|
||||
float
|
||||
])
|
||||
);
|
||||
default = {};
|
||||
type = with types; nullOr (attrsOf path);
|
||||
};
|
||||
servers = mkOption {
|
||||
description = "LibreSpeed servers that should apper in the server list.";
|
||||
type = types.listOf (
|
||||
types.submodule {
|
||||
options =
|
||||
let
|
||||
type = types.listOf (types.submodule {
|
||||
options = let
|
||||
inherit (types) nonEmptyStr;
|
||||
in
|
||||
{
|
||||
in {
|
||||
name = mkOption {
|
||||
description = "Name shown in the server list.";
|
||||
type = nonEmptyStr;
|
||||
|
|
@ -172,176 +93,148 @@ in
|
|||
type = nonEmptyStr;
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
});
|
||||
};
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable (
|
||||
let
|
||||
librespeedAssets =
|
||||
pkgs.runCommand "librespeed-assets"
|
||||
(
|
||||
let
|
||||
mapValue =
|
||||
arg:
|
||||
if (lib.isBool arg) then
|
||||
lib.boolToString arg
|
||||
else if ((lib.isInt arg) || (lib.isFloat arg)) then
|
||||
toString arg
|
||||
else
|
||||
"\"${lib.escape [ "\"" ] (toString arg)}\"";
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
LibreSpeed configuration written as Nix expression.
|
||||
All values set to `null` will be excluded from the evaluated config.
|
||||
This is useful if you want to omit certain defaults when using a different LibreSpeed implementation.
|
||||
|
||||
mapSettings = lib.pipe cfg.frontend.settings [
|
||||
(lib.mapAttrs (name: val: " s.setParameter(\"${lib.escape [ "\"" ] name}\",${mapValue val});"))
|
||||
(lib.attrValues)
|
||||
(lib.concatLines)
|
||||
];
|
||||
in
|
||||
See [github.com/librespeed][librespeed] for configuration help.
|
||||
|
||||
[librespeed]: https://github.com/librespeed/speedtest-rust
|
||||
'';
|
||||
default = {};
|
||||
type = with types; nullOr (attrsOf (oneOf [
|
||||
(nullOr bool)
|
||||
int
|
||||
str
|
||||
package
|
||||
]));
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.configureNginx -> cfg.domain != null;
|
||||
message = ''
|
||||
`services.librespeed.configureNginx` requires `services.librespeed.domain` to be set.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
networking.firewall = lib.mkIf (cfg.openFirewall) {
|
||||
allowedTCPPorts = [ cfg.settings.listen_port ];
|
||||
};
|
||||
services.nginx.virtualHosts = lib.mkIf cfg.configureNginx {
|
||||
${cfg.domain} = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:${toString cfg.settings.listen_port}";
|
||||
recommendedProxySettings = true;
|
||||
extraConfig = ''
|
||||
proxy_cache off;
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
'';
|
||||
};
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
extraConfig = ''
|
||||
gzip off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
security.acme.certs = lib.mkIf cfg.configureNginx {
|
||||
${cfg.domain} = {};
|
||||
};
|
||||
|
||||
services.librespeed.servers = lib.mkIf (cfg.domain != null) [
|
||||
{
|
||||
name = cfg.domain;
|
||||
server = "//${cfg.domain}${lib.optionalString (!cfg.configureNginx) ":${toString cfg.settings.listen_port}"}";
|
||||
}
|
||||
];
|
||||
services.librespeed.settings = let
|
||||
inherit (lib) mkDefault mkIf;
|
||||
|
||||
assets = pkgs.runCommand "librespeed-assets" {
|
||||
preferLocal = true;
|
||||
|
||||
serversList = ''
|
||||
function get_servers() {
|
||||
return ${builtins.toJSON cfg.frontend.servers}
|
||||
}
|
||||
function override_settings () {
|
||||
${mapSettings}
|
||||
return ${builtins.toJSON cfg.servers}
|
||||
}
|
||||
'';
|
||||
}
|
||||
)
|
||||
''
|
||||
} ''
|
||||
cp -r ${pkgs.librespeed-rust}/assets $out
|
||||
chmod 666 $out/servers_list.js
|
||||
cat >$out/servers_list.js <<<"$serversList"
|
||||
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
|
||||
--replace-fail "s.setParameter(\"telemetry_level\",\"basic\"); //enable telemetry" "override_settings();" \
|
||||
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.pageTitle)} \
|
||||
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)} \
|
||||
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)}
|
||||
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.pageTitle)} \
|
||||
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.contactEmail)} \
|
||||
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.contactEmail)}
|
||||
'';
|
||||
in
|
||||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.frontend.useNginx -> cfg.domain != null;
|
||||
message = ''
|
||||
`services.librespeed.frontend.useNginx` requires `services.librespeed.frontend.domain` to be set.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.settings.listen_port ];
|
||||
};
|
||||
services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
|
||||
${cfg.domain} = {
|
||||
locations."/".root = librespeedAssets;
|
||||
locations."= /servers.json".return = "200 '${builtins.toJSON cfg.frontend.servers}'";
|
||||
locations."/backend/".return = "301 https://$host:${toString cfg.settings.listen_port}$request_uri";
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
security.acme.certs = lib.mkIf (cfg.domain != null) {
|
||||
${cfg.domain} = {
|
||||
reloadServices = [ "librespeed.service" ];
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
};
|
||||
};
|
||||
|
||||
services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
|
||||
{
|
||||
name = cfg.domain;
|
||||
server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
|
||||
}
|
||||
];
|
||||
|
||||
services.librespeed.settings =
|
||||
let
|
||||
inherit (lib) mkDefault mkIf;
|
||||
in
|
||||
{
|
||||
assets_path =
|
||||
if (cfg.frontend.enable && !cfg.frontend.useNginx) then
|
||||
librespeedAssets
|
||||
else
|
||||
pkgs.writeTextDir "index.html" "";
|
||||
|
||||
bind_address = mkDefault "::";
|
||||
in {
|
||||
#speed_test_dir = assets;
|
||||
assets_path = assets;
|
||||
bind_address = mkDefault (if cfg.configureNginx then "::1" else "::");
|
||||
listen_port = mkDefault 8989;
|
||||
base_url = mkDefault "backend";
|
||||
worker_threads = mkDefault "auto";
|
||||
#base_url = mkDefault "backend";
|
||||
#worker_threads = mkDefault "auto";
|
||||
|
||||
database_type = mkDefault "none";
|
||||
database_file = mkDefault "/var/lib/librespeed/speedtest.sqlite";
|
||||
server_lat = 0;
|
||||
server_lng = 0;
|
||||
proxyprotocol_port = 0;
|
||||
redact_ip_addresses = false;
|
||||
|
||||
#librespeed-rust will fail to start if the following config parameters are omitted.
|
||||
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
|
||||
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
|
||||
tls_cert_file =
|
||||
if (cfg.domain != null) then
|
||||
(mkDefault "/run/credentials/librespeed.service/cert.pem")
|
||||
else
|
||||
(mkDefault "");
|
||||
tls_key_file =
|
||||
if (cfg.domain != null) then
|
||||
(mkDefault "/run/credentials/librespeed.service/key.pem")
|
||||
else
|
||||
(mkDefault "");
|
||||
#tls_key_file = mkDefault "";
|
||||
#tls_cet_file = mkDefault "";
|
||||
|
||||
enable_tls = mkDefault (cfg.domain != null);
|
||||
enable_tls = mkDefault false;
|
||||
} // rec {
|
||||
database_type = mkDefault "none";
|
||||
database_file = mkIf (database_type == "sqlite") (mkDefault "/var/lib/librespeed/speedtest.sqlite");
|
||||
};
|
||||
|
||||
systemd.services =
|
||||
let
|
||||
configFile =
|
||||
let
|
||||
mapValue =
|
||||
arg:
|
||||
if (lib.isBool arg) then
|
||||
systemd.services = let
|
||||
configFile = let
|
||||
mapValue = arg: if (lib.isBool arg) then
|
||||
lib.boolToString arg
|
||||
else if (lib.isInt arg) then
|
||||
toString arg
|
||||
else
|
||||
"\"${lib.escape [ "\"" ] (toString arg)}\"";
|
||||
else "\"${lib.escape [ "\"" ] (toString arg)}\"";
|
||||
in
|
||||
with lib;
|
||||
pipe cfg.settings [
|
||||
with lib; pipe cfg.settings [
|
||||
(filterAttrs (_: val: val != null))
|
||||
(mapAttrs (name: val: "${name}=${mapValue val}"))
|
||||
(attrValues)
|
||||
(concatLines)
|
||||
(pkgs.writeText "${cfg.package.name}-config.toml")
|
||||
];
|
||||
in
|
||||
{
|
||||
librespeed-secrets = lib.mkIf (cfg.secrets != { }) {
|
||||
in {
|
||||
librespeed-secrets = lib.mkIf (cfg.secrets != {}) {
|
||||
description = "LibreSpeed secret helper";
|
||||
|
||||
ExecStart =
|
||||
let
|
||||
ExecStart = let
|
||||
script = pkgs.writeShellApplication {
|
||||
name = "librespeed-secrets";
|
||||
runtimeInputs = [ pkgs.coreutils ];
|
||||
text =
|
||||
''
|
||||
text = ''
|
||||
cp ${configFile} ''${RUNTIME_DIRECTORY%%:*}/config.toml
|
||||
''
|
||||
+ lib.pipe cfg.secrets [
|
||||
(lib.mapAttrs (
|
||||
name: file: ''
|
||||
'' + lib.pipe cfg.secrets [
|
||||
(lib.mapAttrs (name: file: ''
|
||||
cat >>''${RUNTIME_DIRECTORY%%:*}/config.toml <<EOF
|
||||
${name}="$(<${lib.escapeShellArg file})"
|
||||
EOF
|
||||
''
|
||||
))
|
||||
''))
|
||||
(lib.concatLines lib.attrValues)
|
||||
];
|
||||
};
|
||||
in
|
||||
lib.getExe script;
|
||||
in lib.getExe script;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
|
|
@ -354,7 +247,7 @@ in
|
|||
description = "LibreSpeed server daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
requires = lib.optionals (cfg.secrets != { }) [ "librespeed-secrets.service" ];
|
||||
requires = lib.optionals (cfg.secrets != {}) [ "librespeed-secrets.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
|
|
@ -362,15 +255,8 @@ in
|
|||
|
||||
DynamicUser = true;
|
||||
|
||||
LoadCredential = lib.mkIf (cfg.domain != null) [
|
||||
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
|
||||
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
|
||||
];
|
||||
|
||||
ExecStartPre = lib.mkIf cfg.downloadIPDB "${lib.getExe cfg.package} --update-ipdb";
|
||||
ExecStart = "${lib.getExe cfg.package} -c ${
|
||||
if (cfg.secrets == { }) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"
|
||||
}";
|
||||
#ExecStartPre = lib.mkIf (!cfg.secrets ? "ipinfo_api_key") "${lib.getExe cfg.package} --update-ipdb";
|
||||
ExecStart = "${lib.getExe cfg.package} -c ${if (cfg.secrets == {}) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"}";
|
||||
WorkingDirectory = "/var/cache/librespeed";
|
||||
RuntimeDirectory = "librespeed";
|
||||
RuntimeDirectoryPreserve = true;
|
||||
|
|
@ -401,8 +287,7 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ snaki ];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
cfg = config.kyouma.nginx;
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security $hsts_header;
|
||||
add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
|
||||
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
|
@ -10,32 +9,21 @@
|
|||
add_header Referrer-Policy "same-origin" always;
|
||||
'';
|
||||
createHost = vhostName: vhostCfg: {
|
||||
extraConfig = lib.optionalString (vhostCfg ? "extraConfig") (
|
||||
vhostCfg.extraConfig + "\n" + extraConfig
|
||||
) + lib.optionalString (
|
||||
if (vhostCfg ? "verifyClientCert") then
|
||||
vhostCfg.verifyClientCert
|
||||
else false
|
||||
) ''
|
||||
ssl_client_certificate ${./kyouma_Root_CA.pem};
|
||||
ssl_verify_client on;
|
||||
ssl_verify_depth 1;
|
||||
'';
|
||||
extraConfig = (lib.optionalString (builtins.hasAttr "extraConfig" vhostCfg) vhostCfg.extraConfig) + "\n" + extraConfig;
|
||||
forceSSL = true;
|
||||
#kTLS = true;
|
||||
#http3 = true;
|
||||
#quic = true;
|
||||
} //
|
||||
lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) {
|
||||
lib.optionalAttrs (!(builtins.hasAttr "useACMEHost" vhostCfg)) {
|
||||
enableACME = true;
|
||||
} //
|
||||
lib.optionalAttrs (vhostCfg ? "redirectTo") {
|
||||
lib.optionalAttrs (builtins.hasAttr "redirectTo" vhostCfg) {
|
||||
enableACME = false;
|
||||
useACMEHost = vhostCfg.redirectTo;
|
||||
globalRedirect = vhostCfg.redirectTo;
|
||||
} //
|
||||
lib.optionalAttrs (!vhostCfg ? "disableHttp3") {
|
||||
http3 = true;
|
||||
quic = true;
|
||||
} //
|
||||
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" "verifyClientCert" "disableHttp3" ]);
|
||||
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" ]);
|
||||
|
||||
in {
|
||||
options = {
|
||||
|
|
@ -50,16 +38,12 @@ in {
|
|||
};
|
||||
config = {
|
||||
services.nginx.virtualHosts = lib.optionalAttrs (cfg.virtualHosts != null) (
|
||||
builtins.mapAttrs (createHost) cfg.virtualHosts
|
||||
) // lib.optionalAttrs (cfg.defaultForbidden != null) {
|
||||
builtins.mapAttrs (createHost) cfg.virtualHosts) //
|
||||
lib.optionalAttrs (cfg.defaultForbidden != null) {
|
||||
"redirect" = {
|
||||
quic = true;
|
||||
http3 = true;
|
||||
# reuseport has to be specified on the quic listener
|
||||
# when using worker_processes auto;
|
||||
reuseport = true;
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
reuseport = true;
|
||||
useACMEHost = cfg.defaultForbidden;
|
||||
extraConfig = ''
|
||||
return 403;
|
||||
|
|
|
|||
|
|
@ -1,192 +0,0 @@
|
|||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
47:94:9e:44:65:f4:61:f8:aa:b3:c1:7b:86:38:21:d9:88:a5:88:f0
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: CN=kyouma Root CA
|
||||
Validity
|
||||
Not Before: Jun 21 14:02:26 2024 GMT
|
||||
Not After : Jun 21 14:02:26 2044 GMT
|
||||
Subject: CN=kyouma Root CA
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (7680 bit)
|
||||
Modulus:
|
||||
00:f9:d0:a3:4b:d9:77:e3:ec:b4:46:8e:3f:1f:a4:
|
||||
39:22:60:d8:ad:e9:1e:fe:ad:17:f8:30:d6:f6:fa:
|
||||
e9:62:f7:36:25:07:e9:6c:83:91:42:0f:e2:53:f1:
|
||||
ca:70:da:26:7d:bf:bb:1d:d5:4d:5e:99:82:99:39:
|
||||
97:f3:c3:7d:f9:0d:08:e8:d4:ae:fc:45:88:98:8e:
|
||||
a3:bc:2a:bd:16:67:32:59:08:59:eb:a8:de:a6:a7:
|
||||
77:9d:f9:1a:c6:7f:76:92:3d:d7:56:74:2b:a3:5a:
|
||||
97:8f:05:ab:3b:dc:92:61:2e:7f:95:b1:5c:04:da:
|
||||
1e:2e:b9:de:7b:16:b2:85:b4:b4:5a:48:34:9a:bb:
|
||||
18:0d:0a:0a:34:91:f8:8f:f3:79:46:a6:c4:ee:aa:
|
||||
93:88:03:cf:43:a2:ba:1e:bc:65:f1:78:d8:ce:d8:
|
||||
2b:fb:db:33:d6:37:ad:d4:9d:44:38:ff:b5:0d:dc:
|
||||
08:61:2c:fb:f0:86:b2:ef:ff:a8:4f:63:28:13:49:
|
||||
f8:21:4e:cb:22:98:54:de:e7:b4:e2:b6:14:c9:c5:
|
||||
59:04:82:04:a2:39:3c:61:f5:91:99:ff:ac:6e:80:
|
||||
9a:d2:22:7d:51:fb:ad:a3:6a:4c:14:a8:e3:28:d9:
|
||||
22:ac:c8:3d:34:17:5a:40:ce:8d:3c:52:e7:e1:e9:
|
||||
d4:75:0d:3f:b8:dd:d3:d2:56:25:92:fa:75:87:81:
|
||||
fe:59:4a:82:53:d5:e7:03:39:c0:07:84:73:70:d0:
|
||||
fc:fe:3f:06:e0:f9:0f:59:22:74:05:13:65:58:5a:
|
||||
a8:1d:7b:52:4f:47:ed:be:26:57:47:49:57:d5:7f:
|
||||
34:c7:3c:0f:55:d4:17:57:8a:0e:bb:f5:3a:c7:77:
|
||||
f1:7d:06:49:a9:a8:dd:18:0e:a2:97:52:c8:49:e5:
|
||||
39:c7:31:5d:07:c3:58:ed:8e:ae:c7:7c:1b:db:8d:
|
||||
dc:a0:c3:e3:f5:c0:98:35:cf:fc:92:a0:a6:f3:0f:
|
||||
b1:18:95:c0:01:eb:1d:96:8d:02:7b:9a:dc:29:5d:
|
||||
59:f1:2a:dc:53:0e:6b:2b:6b:5d:36:03:a1:bd:e4:
|
||||
e6:b4:1f:5a:66:67:13:4a:2c:7f:56:c9:75:5c:fe:
|
||||
42:20:24:51:18:bb:ea:30:12:8f:88:d1:ad:fe:eb:
|
||||
59:92:8d:1e:be:ff:3e:6e:f2:5a:d9:8c:20:f4:35:
|
||||
ed:bc:01:47:21:d3:10:b9:5d:fe:6a:8e:e0:a3:e3:
|
||||
e5:6f:ac:8b:fc:61:d0:75:a8:a3:92:1f:2c:cc:c1:
|
||||
15:17:36:3b:05:ab:58:76:be:63:9d:30:5d:ed:7d:
|
||||
83:0c:b7:24:8f:10:a8:90:02:ee:68:81:05:cd:d9:
|
||||
4f:2e:cc:ef:97:62:d1:75:6b:82:f3:d0:34:56:d3:
|
||||
59:7e:d9:d3:7d:93:ce:1b:17:de:fd:18:4b:e6:50:
|
||||
72:77:88:60:dd:ff:5e:95:05:61:fe:d8:31:dd:34:
|
||||
1e:e1:6d:61:1e:80:73:05:3e:3b:22:c2:34:07:48:
|
||||
9b:0e:06:8d:a6:81:c4:4d:e9:4d:5d:df:e1:04:cd:
|
||||
5b:85:6e:b2:12:aa:1b:cd:bd:4e:7e:53:ea:59:49:
|
||||
af:11:70:b3:11:87:0f:af:2f:99:ce:e9:69:db:6d:
|
||||
d0:5a:14:1a:95:2f:2f:db:bf:36:62:e1:99:ff:7c:
|
||||
b8:b9:5c:4e:79:33:61:ee:db:4b:6f:40:7d:49:b2:
|
||||
6e:e1:65:9d:f6:45:fe:27:14:24:82:5d:f6:a4:38:
|
||||
01:ac:47:54:da:b6:02:c1:ad:79:71:b6:93:64:ec:
|
||||
a4:06:7b:d6:5e:1c:da:7f:40:16:47:65:47:24:2a:
|
||||
8b:77:32:49:89:c4:9f:26:d4:f9:a6:ba:e6:42:aa:
|
||||
74:fd:7e:1e:d1:75:95:5c:5c:d8:d4:bb:75:05:79:
|
||||
10:7a:df:5a:2b:69:9b:75:28:cb:b5:4e:48:3e:a3:
|
||||
aa:21:04:95:8f:62:3b:46:2f:07:d0:9e:1c:50:9b:
|
||||
3d:ba:6d:1f:c2:a0:41:7f:47:43:57:ef:92:31:47:
|
||||
4a:a2:91:65:43:5c:c1:2b:fd:26:2d:be:41:a7:98:
|
||||
7a:8f:52:89:5f:81:ff:48:7d:04:2a:b8:4d:50:91:
|
||||
f5:af:18:33:44:f2:55:5f:68:87:33:d8:e6:4f:5d:
|
||||
b9:92:ca:06:51:f3:e0:b1:5b:6f:a0:52:fe:6e:98:
|
||||
22:01:5f:c2:fb:45:59:02:67:62:6f:74:2b:79:62:
|
||||
e7:5a:13:a8:db:fd:a2:64:b1:0b:49:2f:f4:61:35:
|
||||
a0:b6:12:2c:ec:24:19:9f:0c:14:85:05:b5:e1:c1:
|
||||
9e:4e:87:a4:88:c9:79:65:1d:12:ac:89:e6:bc:ed:
|
||||
6b:58:90:fd:95:40:3f:2e:ba:ff:b8:52:5d:60:98:
|
||||
32:b9:20:38:a5:08:da:a1:fc:38:89:3c:f1:de:38:
|
||||
cf:60:d8:69:a1:4b:88:51:f7:31:b8:fc:56:dc:56:
|
||||
3a:7a:39:c5:03:23:2a:8f:fa:ab:92:7a:b6:37:da:
|
||||
c1:9f:55:e7:31:b1:c5:be:31:60:08:c2:33:30:ec:
|
||||
cf
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
7B:C0:C6:7B:04:C4:66:0C:CD:32:FF:B0:6F:E1:D9:51:FD:1C:EE:B7
|
||||
X509v3 Basic Constraints: critical
|
||||
CA:TRUE
|
||||
X509v3 Key Usage: critical
|
||||
Certificate Sign, CRL Sign
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Signature Value:
|
||||
58:b3:2d:00:8e:c2:72:5b:ed:91:8e:3c:98:66:6a:e4:61:c3:
|
||||
0f:d1:51:98:0c:64:79:3d:01:ac:8a:38:7f:af:fc:80:31:83:
|
||||
86:a8:79:b9:0f:18:6d:2e:3a:ef:0a:c0:b1:30:39:7e:a4:3d:
|
||||
ed:4e:35:3e:9e:f1:a3:29:dd:cc:01:1e:62:6b:ed:5b:77:31:
|
||||
b3:4c:91:1d:69:70:20:44:87:e0:37:17:a0:ba:c4:e5:57:c5:
|
||||
90:1a:f2:1e:0d:ac:aa:30:11:c3:da:1c:3f:3a:28:b5:6d:12:
|
||||
ac:45:b6:6c:f0:b2:b2:6e:f0:55:33:8e:29:10:ac:9e:61:ac:
|
||||
35:ec:ed:c7:e3:51:c2:86:52:10:7a:9c:f6:22:5d:65:65:18:
|
||||
62:b7:e9:6e:be:64:46:db:dc:15:45:eb:1a:42:45:83:d7:aa:
|
||||
dd:63:24:4a:ed:b9:d5:35:86:27:22:33:6a:26:4b:32:0a:15:
|
||||
75:18:19:58:e9:6b:b4:84:ac:00:a3:78:d3:9d:7d:25:3c:5e:
|
||||
51:7f:01:ca:90:d1:40:2b:d2:45:e1:4f:fb:6e:8d:2e:cc:04:
|
||||
07:34:07:91:c6:8c:4f:a5:e4:7d:dd:78:0f:b0:9d:01:9d:6e:
|
||||
89:16:6d:3a:94:dd:38:57:bc:49:c2:e1:b5:aa:54:8f:d1:8b:
|
||||
13:db:35:2f:d1:80:5e:45:fb:53:60:61:d5:c3:e1:9c:21:60:
|
||||
a3:83:34:e6:9e:bc:86:70:fe:36:8b:35:55:28:e0:f4:b0:81:
|
||||
ed:37:59:0e:7a:f6:a7:66:a1:b6:36:45:30:95:c8:80:d6:40:
|
||||
a9:12:bf:47:b1:33:09:fa:89:d4:9f:c2:57:75:6a:47:dd:87:
|
||||
3f:b3:d1:3d:13:bc:5e:82:ea:5f:3a:dc:46:35:1e:1f:83:40:
|
||||
1c:1d:5e:ba:37:18:a3:75:2f:60:a7:84:67:9b:79:17:ad:fb:
|
||||
2a:5b:d8:84:5d:f2:ff:cc:81:4c:08:e4:17:ec:b7:cf:ac:4c:
|
||||
0f:91:8a:4c:fa:91:ed:24:39:f9:04:3a:18:b0:b1:c3:57:ed:
|
||||
9b:f1:cf:ab:bf:07:f1:52:ef:57:de:0a:76:e7:e4:c4:5f:69:
|
||||
93:71:0c:d4:3f:23:12:55:8c:3d:e6:79:b3:3c:5e:86:ac:1f:
|
||||
5e:7f:ec:96:d8:da:4d:c9:40:32:ee:b5:cb:6e:86:27:49:45:
|
||||
e6:89:30:80:fa:ba:ef:21:42:92:ba:f8:a7:51:16:61:04:13:
|
||||
da:87:ac:c5:9c:c0:19:55:80:2d:4a:32:bb:30:12:0b:49:15:
|
||||
ec:1e:5b:23:d4:d2:a3:4e:c6:22:19:bc:e2:ba:23:67:88:4c:
|
||||
54:d0:bf:10:61:91:d9:eb:f7:d7:bc:89:ee:83:0d:a3:2c:81:
|
||||
a4:c2:38:58:c3:50:b7:fe:3f:f2:bc:a2:f0:52:9d:04:1f:c2:
|
||||
85:bd:d6:06:77:30:7b:90:3d:29:92:dc:41:a9:40:4b:bb:7c:
|
||||
b7:91:07:65:2b:03:af:e4:a0:18:ab:a5:76:00:bc:10:e8:21:
|
||||
41:c7:d7:53:80:41:21:67:af:fe:d1:9d:14:4c:a9:7e:16:1d:
|
||||
4b:61:a4:f4:b1:e8:88:fe:c4:f1:60:3e:6d:d5:a9:90:14:3e:
|
||||
95:5d:7d:f0:7b:1e:af:5f:80:63:a8:ce:b1:a7:a1:b2:9a:10:
|
||||
f7:d9:e7:00:fa:33:d7:61:c9:35:b1:c2:c9:60:0b:a5:1d:08:
|
||||
a8:b2:1d:56:15:b8:b9:5e:36:b3:df:6a:76:6c:5e:9d:a7:e5:
|
||||
54:dc:1a:6c:c3:34:f2:c2:c6:ee:7a:68:49:a3:41:d6:54:34:
|
||||
78:c9:2b:d2:d2:52:94:23:35:d7:c4:bf:c6:e0:21:18:4f:7a:
|
||||
7a:be:e8:ab:34:fa:f7:4d:1a:4b:3c:37:e9:5f:1c:76:b1:6d:
|
||||
96:70:f5:f5:db:b4:15:ba:2c:71:25:80:b3:98:4a:d3:1a:8d:
|
||||
0e:69:24:de:e3:0c:38:64:82:6e:54:d1:74:47:e5:e5:69:b1:
|
||||
c1:04:12:72:8a:3f:71:c0:9f:dc:db:ba:0e:e8:3d:52:4a:23:
|
||||
56:04:9b:8c:eb:4f:62:19:7f:f5:bd:1e:48:d9:7f:89:84:3c:
|
||||
8d:f5:67:21:d6:81:ee:5a:cd:fa:c2:53:60:a0:97:1e:80:a2:
|
||||
dc:96:89:e6:99:d9:9d:48:23:a0:07:9a:02:06:29:04:eb:03:
|
||||
79:06:6b:a0:41:98:d2:8f:2d:b4:e3:cb:c2:5e:78:74:a1:92:
|
||||
29:c9:7d:07:03:ca:3f:8c:f5:71:f0:c4:7d:6a:1b:ac:33:37:
|
||||
4f:03:54:44:46:b6:76:1c:55:8a:7d:7b:e5:58:4e:a9:f8:e1:
|
||||
fe:7b:f3:a2:f8:e6:3b:e0:0b:5d:47:a8:b7:aa:f8:f3:c0:65:
|
||||
b0:e4:1c:22:8f:9e:b9:d1:8f:a6:4a:a4:28:6f:6c:27:31:49:
|
||||
58:c0:4d:80:3b:e3:e2:22:aa:ec:4e:ba:a5:0d:9e:b8:17:8c:
|
||||
6b:4e:2d:37:6a:cc:f3:2d:0d:6b:34:b4:00:eb:ce:31:0e:a5:
|
||||
c4:85:cd:1e:16:0b
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIIgjCCBKqgAwIBAgIUR5SeRGX0Yfiqs8F7hjgh2YiliPAwDQYJKoZIhvcNAQEL
|
||||
BQAwGTEXMBUGA1UEAwwOa3lvdW1hIFJvb3QgQ0EwHhcNMjQwNjIxMTQwMjI2WhcN
|
||||
NDQwNjIxMTQwMjI2WjAZMRcwFQYDVQQDDA5reW91bWEgUm9vdCBDQTCCA+IwDQYJ
|
||||
KoZIhvcNAQEBBQADggPPADCCA8oCggPBAPnQo0vZd+PstEaOPx+kOSJg2K3pHv6t
|
||||
F/gw1vb66WL3NiUH6WyDkUIP4lPxynDaJn2/ux3VTV6Zgpk5l/PDffkNCOjUrvxF
|
||||
iJiOo7wqvRZnMlkIWeuo3qand535GsZ/dpI911Z0K6Nal48FqzvckmEuf5WxXATa
|
||||
Hi653nsWsoW0tFpINJq7GA0KCjSR+I/zeUamxO6qk4gDz0Oiuh68ZfF42M7YK/vb
|
||||
M9Y3rdSdRDj/tQ3cCGEs+/CGsu//qE9jKBNJ+CFOyyKYVN7ntOK2FMnFWQSCBKI5
|
||||
PGH1kZn/rG6AmtIifVH7raNqTBSo4yjZIqzIPTQXWkDOjTxS5+Hp1HUNP7jd09JW
|
||||
JZL6dYeB/llKglPV5wM5wAeEc3DQ/P4/BuD5D1kidAUTZVhaqB17Uk9H7b4mV0dJ
|
||||
V9V/NMc8D1XUF1eKDrv1Osd38X0GSamo3RgOopdSyEnlOccxXQfDWO2Orsd8G9uN
|
||||
3KDD4/XAmDXP/JKgpvMPsRiVwAHrHZaNAnua3CldWfEq3FMOaytrXTYDob3k5rQf
|
||||
WmZnE0osf1bJdVz+QiAkURi76jASj4jRrf7rWZKNHr7/Pm7yWtmMIPQ17bwBRyHT
|
||||
ELld/mqO4KPj5W+si/xh0HWoo5IfLMzBFRc2OwWrWHa+Y50wXe19gwy3JI8QqJAC
|
||||
7miBBc3ZTy7M75di0XVrgvPQNFbTWX7Z032TzhsX3v0YS+ZQcneIYN3/XpUFYf7Y
|
||||
Md00HuFtYR6AcwU+OyLCNAdImw4GjaaBxE3pTV3f4QTNW4VushKqG829Tn5T6llJ
|
||||
rxFwsxGHD68vmc7padtt0FoUGpUvL9u/NmLhmf98uLlcTnkzYe7bS29AfUmybuFl
|
||||
nfZF/icUJIJd9qQ4AaxHVNq2AsGteXG2k2TspAZ71l4c2n9AFkdlRyQqi3cySYnE
|
||||
nybU+aa65kKqdP1+HtF1lVxc2NS7dQV5EHrfWitpm3Uoy7VOSD6jqiEElY9iO0Yv
|
||||
B9CeHFCbPbptH8KgQX9HQ1fvkjFHSqKRZUNcwSv9Ji2+QaeYeo9SiV+B/0h9BCq4
|
||||
TVCR9a8YM0TyVV9ohzPY5k9duZLKBlHz4LFbb6BS/m6YIgFfwvtFWQJnYm90K3li
|
||||
51oTqNv9omSxC0kv9GE1oLYSLOwkGZ8MFIUFteHBnk6HpIjJeWUdEqyJ5rzta1iQ
|
||||
/ZVAPy66/7hSXWCYMrkgOKUI2qH8OIk88d44z2DYaaFLiFH3Mbj8VtxWOno5xQMj
|
||||
Ko/6q5J6tjfawZ9V5zGxxb4xYAjCMzDszwIDAQABo0IwQDAdBgNVHQ4EFgQUe8DG
|
||||
ewTEZgzNMv+wb+HZUf0c7rcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
|
||||
AQYwDQYJKoZIhvcNAQELBQADggPBAFizLQCOwnJb7ZGOPJhmauRhww/RUZgMZHk9
|
||||
AayKOH+v/IAxg4aoebkPGG0uOu8KwLEwOX6kPe1ONT6e8aMp3cwBHmJr7Vt3MbNM
|
||||
kR1pcCBEh+A3F6C6xOVXxZAa8h4NrKowEcPaHD86KLVtEqxFtmzwsrJu8FUzjikQ
|
||||
rJ5hrDXs7cfjUcKGUhB6nPYiXWVlGGK36W6+ZEbb3BVF6xpCRYPXqt1jJErtudU1
|
||||
hiciM2omSzIKFXUYGVjpa7SErACjeNOdfSU8XlF/AcqQ0UAr0kXhT/tujS7MBAc0
|
||||
B5HGjE+l5H3deA+wnQGdbokWbTqU3ThXvEnC4bWqVI/RixPbNS/RgF5F+1NgYdXD
|
||||
4ZwhYKODNOaevIZw/jaLNVUo4PSwge03WQ569qdmobY2RTCVyIDWQKkSv0exMwn6
|
||||
idSfwld1akfdhz+z0T0TvF6C6l863EY1Hh+DQBwdXro3GKN1L2CnhGebeRet+ypb
|
||||
2IRd8v/MgUwI5Bfst8+sTA+Rikz6ke0kOfkEOhiwscNX7Zvxz6u/B/FS71feCnbn
|
||||
5MRfaZNxDNQ/IxJVjD3mebM8XoasH15/7JbY2k3JQDLutctuhidJReaJMID6uu8h
|
||||
QpK6+KdRFmEEE9qHrMWcwBlVgC1KMrswEgtJFeweWyPU0qNOxiIZvOK6I2eITFTQ
|
||||
vxBhkdnr99e8ie6DDaMsgaTCOFjDULf+P/K8ovBSnQQfwoW91gZ3MHuQPSmS3EGp
|
||||
QEu7fLeRB2UrA6/koBirpXYAvBDoIUHH11OAQSFnr/7RnRRMqX4WHUthpPSx6Ij+
|
||||
xPFgPm3VqZAUPpVdffB7Hq9fgGOozrGnobKaEPfZ5wD6M9dhyTWxwslgC6UdCKiy
|
||||
HVYVuLleNrPfanZsXp2n5VTcGmzDNPLCxu56aEmjQdZUNHjJK9LSUpQjNdfEv8bg
|
||||
IRhPenq+6Ks0+vdNGks8N+lfHHaxbZZw9fXbtBW6LHElgLOYStMajQ5pJN7jDDhk
|
||||
gm5U0XRH5eVpscEEEnKKP3HAn9zbug7oPVJKI1YEm4zrT2IZf/W9HkjZf4mEPI31
|
||||
ZyHWge5azfrCU2Cglx6AotyWieaZ2Z1II6AHmgIGKQTrA3kGa6BBmNKPLbTjy8Je
|
||||
eHShkinJfQcDyj+M9XHwxH1qG6wzN08DVERGtnYcVYp9e+VYTqn44f5786L45jvg
|
||||
C11HqLeq+PPAZbDkHCKPnrnRj6ZKpChvbCcxSVjATYA74+IiquxOuqUNnrgXjGtO
|
||||
LTdqzPMtDWs0tADrzjEOpcSFzR4WCw==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,72 +0,0 @@
|
|||
{ config, lib, options, pkgs, ... }: let
|
||||
cfg = config.kyouma.restic;
|
||||
in {
|
||||
options.kyouma.restic = let
|
||||
inherit (lib) mkOption types;
|
||||
in {
|
||||
inherit (options.services.restic.backups.type.getSubOptions [])
|
||||
timerConfig backupPrepareCommand backupCleanupCommand;
|
||||
enable = lib.mkEnableOption "Enable restic backup";
|
||||
paths = mkOption {
|
||||
description = "paths to backup";
|
||||
type = with types; listOf path;
|
||||
default = [];
|
||||
};
|
||||
pruneOpts = mkOption {
|
||||
description = "paths to backup";
|
||||
type = with types; listOf str;
|
||||
default = [
|
||||
"--keep-hourly 24"
|
||||
"--keep-daily 14"
|
||||
"--keep-weekly 8"
|
||||
"--keep-monthly 12"
|
||||
];
|
||||
};
|
||||
remote = mkOption {
|
||||
description = "restic remote to use";
|
||||
type = types.nonEmptyStr;
|
||||
default = "zh3485.rsync.net";
|
||||
};
|
||||
remoteUser = mkOption {
|
||||
description = "remote ssh user";
|
||||
type = types.nonEmptyStr;
|
||||
default = "";
|
||||
};
|
||||
user = mkOption {
|
||||
description = "user who runs the backup job";
|
||||
type = types.nonEmptyStr;
|
||||
default = "root";
|
||||
};
|
||||
repo = mkOption {
|
||||
description = "restic repo";
|
||||
type = types.nonEmptyStr;
|
||||
default = "${config.networking.hostName}-backup";
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
sops.secrets."restic/${cfg.remoteUser}/password" = {
|
||||
sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml;
|
||||
};
|
||||
sops.secrets."restic/${cfg.remoteUser}/id_ed25519" = {
|
||||
sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml;
|
||||
};
|
||||
|
||||
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
|
||||
inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand;
|
||||
initialize = true;
|
||||
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
|
||||
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
|
||||
extraBackupArgs = [
|
||||
"--compression=max"
|
||||
"--pack-size=128"
|
||||
"--read-concurrency=8"
|
||||
];
|
||||
extraOptions = let
|
||||
knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub);
|
||||
sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path;
|
||||
in [
|
||||
"sftp.command='ssh ${cfg.remoteUser}@${cfg.remote} -i ${sshKey} -o UserKnownHostsFile=${knownHost} -s sftp'"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
zh3485.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
{
|
||||
akkoma-frontends
|
||||
}:
|
||||
|
||||
akkoma-frontends.admin-fe.overrideAttrs {
|
||||
patches = [ ./disable-options.patch ];
|
||||
}
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
diff --git a/config/prod.env.js b/config/prod.env.js
|
||||
index 7acb93a2..ea500e99 100644
|
||||
--- a/config/prod.env.js
|
||||
+++ b/config/prod.env.js
|
||||
@@ -2,6 +2,6 @@ module.exports = {
|
||||
NODE_ENV: '"production"',
|
||||
ENV_CONFIG: '"prod"',
|
||||
BASE_API: '"https://api-prod"',
|
||||
- DISABLED_FEATURES: '[""]',
|
||||
+ DISABLED_FEATURES: '["settings","media-proxy-cache","relays"]',
|
||||
ASSETS_PUBLIC_PATH: '/pleroma/admin/'
|
||||
}
|
||||
|
|
@ -1,53 +0,0 @@
|
|||
{
|
||||
akkoma-frontends,
|
||||
fetchFromGitea,
|
||||
fetchYarnDeps
|
||||
}:
|
||||
akkoma-frontends.akkoma-fe.overrideAttrs (let
|
||||
src = fetchFromGitea {
|
||||
domain = "git.sakamoto.pl";
|
||||
owner = "domi";
|
||||
repo = "akkoma-fe";
|
||||
rev = "5f0339ce005ccb12365128089edb5fd77f60841b";
|
||||
hash = "sha256-AHmJyOFmQZXmNMMsp8ONm9Itns1H/idEKl8+sxn2RSA=";
|
||||
};
|
||||
offlineCache = fetchYarnDeps {
|
||||
yarnLock = "${src}/yarn.lock";
|
||||
hash = "sha256-7WB6nmxNckMdftKds2OgD2kClvCCT/I5vmthV0jrkSs=";
|
||||
};
|
||||
in {
|
||||
version = "unstable-2024-07-20";
|
||||
pname = "akkoma-fe-domi";
|
||||
inherit src offlineCache;
|
||||
postPatch = ''
|
||||
# Build scripts assume to be used within a Git repository checkout
|
||||
substituteInPlace src/modules/instance.js \
|
||||
--replace-fail "widenTimeline: true" 'widenTimeline: "50%"'
|
||||
|
||||
substituteInPlace src/modules/config.js \
|
||||
--replace-fail "streaming: false" "streaming: true" \
|
||||
--replace-fail "useStreamingApi: false" "useStreamingApi: true" \
|
||||
--replace-fail "webPushNotifications: false" "webPushNotifications: true" \
|
||||
--replace-fail "postLanguage: undefined" 'postLanguage: "en"'
|
||||
|
||||
substituteInPlace src/i18n/en.json \
|
||||
--replace-fail "meow" "florp" \
|
||||
--replace-fail "Meow" "Florp"
|
||||
|
||||
sed -E -i '/^let commitHash =/,/;$/clet commitHash = "${builtins.substring 0 7 src.rev}";' \
|
||||
build/webpack.prod.conf.js
|
||||
'';
|
||||
|
||||
configurePhase = ''
|
||||
runHook preConfigure
|
||||
|
||||
export HOME="$(mktemp -d)"
|
||||
|
||||
yarn config --offline set yarn-offline-mirror ${offlineCache}
|
||||
fixup-yarn-lock yarn.lock
|
||||
|
||||
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
|
||||
|
||||
runHook postConfigure
|
||||
'';
|
||||
})
|
||||
|
|
@ -1,158 +0,0 @@
|
|||
app = 'build-worker-kyoumanet'
|
||||
primary_region = 'ams'
|
||||
|
||||
[build]
|
||||
image = 'registry.fly.io/build-worker-kyoumanet:latest'
|
||||
|
||||
[processes]
|
||||
bw-00 = '/entrypoint.sh'
|
||||
bw-01 = '/entrypoint.sh'
|
||||
bw-02 = '/entrypoint.sh'
|
||||
bw-03 = '/entrypoint.sh'
|
||||
bw-04 = '/entrypoint.sh'
|
||||
bw-05 = '/entrypoint.sh'
|
||||
bw-06 = '/entrypoint.sh'
|
||||
bw-07 = '/entrypoint.sh'
|
||||
bw-08 = '/entrypoint.sh'
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw00'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-00']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw01'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-01']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw02'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-02']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw03'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-03']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw04'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-04']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw05'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-05']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw06'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-06']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw07'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-07']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw08'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-08']
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-00']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2200
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-01']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2201
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-02']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2202
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-03']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2203
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-04']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2204
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-05']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2205
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-06']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2206
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-07']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2207
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-08']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2208
|
||||
|
||||
[[restart]]
|
||||
policy = 'never'
|
||||
|
||||
[[vm]]
|
||||
size = 'performance-16x'
|
||||
memory = '96GB'
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
# fly.toml app configuration file generated for build-worker-kyoumanet-cdg on 2024-11-21T00:31:54+01:00
|
||||
#
|
||||
# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
|
||||
#
|
||||
|
||||
app = 'build-worker-kyoumanet-cdg'
|
||||
primary_region = 'cdg'
|
||||
|
||||
[build]
|
||||
image = 'registry.fly.io/build-worker-kyoumanet:latest'
|
||||
|
||||
[processes]
|
||||
bw-09 = '/entrypoint.sh'
|
||||
bw-10 = '/entrypoint.sh'
|
||||
bw-11 = '/entrypoint.sh'
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw09'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-09']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw10'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-10']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw11'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-11']
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-09']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2209
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-10']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2210
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-11']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2211
|
||||
|
||||
[[restart]]
|
||||
policy = 'never'
|
||||
|
||||
[[vm]]
|
||||
size = 'performance-16x'
|
||||
memory = '96GB'
|
||||
|
|
@ -34,26 +34,17 @@ dockerTools.buildLayeredImage {
|
|||
trusted-public-keys = cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
|
||||
max-substitution-jobs = 20
|
||||
max-silent-time = 14400
|
||||
min-free = ${builtins.toString (49152 * 1024 * 1024)}
|
||||
max-free = ${builtins.toString (65536 * 1024 * 1024)}
|
||||
min-free = 17179869184
|
||||
max-free = 34359738368
|
||||
system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64 gccarch-x86-64-v2 gccarch-x86-64-v3
|
||||
EOF
|
||||
|
||||
mkdir -p /root/.ssh
|
||||
cat <<EOF > /root/.ssh/authorized_keys
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK397sBHLS66snWNPtmjUy7qZxRJh54N0RRXogKODudl nix@muon
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDTwCSWYODyvTJxwB6Rahuy0j6s/YYwtQta8bjzG/We root@ryuuko-arch
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAAl3/krXJeCcDEJXRuzOdCOrJLG7b6MRqC+a9Xux3mW vika@hydrangea
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQjTy9qqHcs5vgTz+iMAiNNMqdyGtOhEpnpJCReEFfZ vika@rafflesia
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINAgFdk78I4zssUGsAIV01zefLBpwc1W7hfTobbG80XLAAAABHNzaDo= vika@nitrokey
|
||||
EOF
|
||||
|
||||
cat <<EOF > /root/.ssh/environment
|
||||
|
|
|
|||
|
|
@ -4,8 +4,8 @@
|
|||
|
||||
dockerTools.pullImage {
|
||||
imageName = "nixos/nix";
|
||||
imageDigest = "sha256:133a1607deea14a02c2bc0850e275ed135814235a1147f68967afee261caea2b";
|
||||
sha256 = "0602a59g14l1jiqfffz14hcp982qaqczi5f0ylvv0h9pp2pqrqs5";
|
||||
imageDigest = "sha256:338ca39c0c75f10919cd0cf38647ce4543033d2bbdabab4519de5adee45445f8";
|
||||
sha256 = "0rzms97xnzlh63pjkqq3m5146lyw00mqgdldsd00c9bzk3ybr75x";
|
||||
finalImageName = "nixos/nix";
|
||||
finalImageTag = "latest";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,13 +4,12 @@
|
|||
rustPlatform,
|
||||
}:
|
||||
let
|
||||
# https://github.com/librespeed/speedtest-rust/pull/7
|
||||
version = "unstable-2024-09-28";
|
||||
version = "1.3.2";
|
||||
src = fetchFromGitHub {
|
||||
owner = "librespeed";
|
||||
repo = "speedtest-rust";
|
||||
rev = "a74f25d07da3eb665ce806e015c537264f7254c9";
|
||||
hash = "sha256-+G1DFHQONXXg/5apSBlBkRvuLT4qCJaeFnQSLWt0CD0=";
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-z3lORjjJ89o+Du4mvKGydwxHU6Ra2jU5ue5Zsl/oIfY=";
|
||||
};
|
||||
in
|
||||
rustPlatform.buildRustPackage {
|
||||
|
|
|
|||
|
|
@ -5,11 +5,4 @@ final: prev: {
|
|||
build-worker-oci = final.callPackage ./build-worker-oci/default.nix {};
|
||||
librespeed-rust = final.callPackage ./librespeed-rust/default.nix {};
|
||||
librespeed-go = final.callPackage ./librespeed-go/default.nix {};
|
||||
akkoma-fe-domi = final.callPackage ./akkoma-fe-domi/default.nix {};
|
||||
akkoma-admin-fe = final.callPackage ./akkoma-admin-fe/default.nix {};
|
||||
nginxQuic = prev.nginxQuic.override {
|
||||
withSlice = true;
|
||||
# Use zlib because zlib-ng uses larger buffers then nginx preallocates.
|
||||
zlib = final.zlib;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,35 +22,19 @@ merge_theirs () {
|
|||
|
||||
test_build () {
|
||||
local build_jobs
|
||||
|
||||
build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")"
|
||||
for build in ${build_jobs}; do
|
||||
local build_status
|
||||
|
||||
while true; do
|
||||
local build_finished
|
||||
build_finished="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".finished")"
|
||||
[[ ${build_finished} == 1 ]] && break
|
||||
sleep 5
|
||||
done
|
||||
|
||||
build_status="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".buildstatus")"
|
||||
[[ $build_status != 0 ]] &&
|
||||
echo "Build ${build} failed" &&
|
||||
exit 1
|
||||
[[ $build_status != 0 ]] && echo "Build ${build} failed" && exit 1
|
||||
echo "Build ${build} was successful"
|
||||
done
|
||||
|
||||
# Idk why this is broken someone should fix me
|
||||
# local last_error
|
||||
# local now
|
||||
#
|
||||
# last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")"
|
||||
# now="$(date +%s)"
|
||||
#
|
||||
# [[ $last_error -gt $now ]] &&
|
||||
# echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="@${last_error}")" &&
|
||||
# exit 1
|
||||
}
|
||||
|
||||
wait_for_hydra () {
|
||||
|
|
@ -58,18 +42,16 @@ wait_for_hydra () {
|
|||
local hydra_rev
|
||||
local counter
|
||||
counter=0
|
||||
git_rev="$(git -C "${1}/nixfiles" rev-parse update-inputs)"
|
||||
while [[ $counter -lt 180 ]]; do
|
||||
counter=$((counter +1))
|
||||
hydra_rev="$(curl -s -L -H "Accept: application/json" "${2}/evals" | jq -r '.evals | max_by(.id) | .flake' | sed -E "s/.+&rev=(.*)/\1/g")"
|
||||
git_rev="$(git -C "${ROOT}/nixfiles" rev-parse update-inputs)"
|
||||
while true; do
|
||||
hydra_rev="$(curl -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")"
|
||||
if [[ "${git_rev}" == "${hydra_rev}" ]]; then
|
||||
echo "Hydra got new commit"
|
||||
break
|
||||
fi
|
||||
sleep 5
|
||||
sleep 30
|
||||
done
|
||||
|
||||
if [[ $counter -ge 180 ]]; then
|
||||
if [[ $counter -ge 30 ]]; then
|
||||
echo "Hydra no workey"
|
||||
exit 1
|
||||
fi
|
||||
|
|
@ -105,7 +87,7 @@ gitin push origin update-inputs
|
|||
|
||||
echo "Waiting for hydra to get new commit"
|
||||
export -f wait_for_hydra
|
||||
timeout 4h bash -c "wait_for_hydra ${ROOT} ${JOBSET_URL}"
|
||||
timeout 4h bash -c wait_for_hydra
|
||||
|
||||
echo "Testing if all build jobs completed successfully"
|
||||
test_build
|
||||
|
|
|
|||
|
|
@ -1,35 +0,0 @@
|
|||
restic:
|
||||
zh3485s1:
|
||||
password: ENC[AES256_GCM,data:lDDSSqUH3pewpMA+6SNwGwRz95MBjeaD6I3RWUQNBFXsw/W9RoIY85AcRXxCl7CW,iv:NFF6uCs2FolMe9cgPkoAFmbWdXG2SuVRtoOyQXouEAU=,tag:UeC49xFwFkMh0Wi8p9reFw==,type:str]
|
||||
id_ed25519: ENC[AES256_GCM,data:fe2CAKWSrEOvEPZgGhbigw+DEnDUGtTXEj7nuGaH5enMGDvd7QtRlDYLkM+g9zKrRJ46e2nM6btUZVqqx4rJiUbjJ5B/cBzb259CTxKGgHeMj/cYXPypamIEKFwUrloxzrgxH5JIOoUvj9Ny1P1UPIB//B5Z1Uunqmdqd2XoiAtDwZ/hvyuOfdFyUkKmOnCdF4pheMRXZ6Z51N4f09OIwuZ/xC4LQYAVB2lyycOgrvefPA5YYabMd23yEXn6v/BiP1TWbSInTHvz6Rii2WYqYO3ORCfi1pvWe15kSrTsT9zYRzLvZi5TD+4FMhLmIttZB2OXK7X+h6cHtej7X+v6HKhMKHNJhukRUP7DpcZ0+ArBEdw2j+H7C4q8NdR9rk4we7WpdQlY7tGpJvEzSis+P/Jph/tkzx6xXpKiOeOAXgQUS41qcAy7gmZj7CdsulerUHcfDy4a0y1OEuDmoYW420cGGYOCB9BlvYQbaDhyv5AMSL8sMZfm7mX5qXliE7ZQc20ggKoY2MKH6RjnT8pQhMBWo/NW13PPBDIL,iv:1+aopW183ir5XHMKcDons24A/E61mLuyJGrQTRpPXdE=,tag:s1w+HZdktM0H9FUrz097Cw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeWpKYktzVE1tMkpGU1c5
|
||||
akZZdlBkeFQyUmUrOHZxTGE2V1FUVmV3cG5VCmZvTG1JTS9SUTk1aVl6TnBPQ1Fh
|
||||
clRDTmQzQUJxWlYyV2dmVXNyTDJ2K0kKLS0tIHA3S0dsQzRxRWF4RFdSSzh1aXI5
|
||||
ZFQvWFhZTndubkxaRVh3YXl0V25ZcUEK0/wV9i01kRkphrseSBqAL9f8tUlUtJDO
|
||||
PUZL2Em/QjNEnXJaxxR612ONA94ptK9bsqzRJV5RtGqDwd+oAnr13Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-08T13:41:02Z"
|
||||
mac: ENC[AES256_GCM,data:tMatUcv/jbvQ1URp6DrUyuiB9+rgCCdOxEVcM0NBiV5P9DGWE1hWytky4yPE9nFUOWLI7m4nTSEXHuT4yT3LkBd1Ndzhm5wQ0NEAVnZ6Sj7YOQI5CS1q95sviJBv57PBkaajHDNeSJX2hEQeR4qJFUR4fu0hIwadyzeunP/kfKE=,iv:gXRAg4cN43ocQMZm0lL8AnrbDtK+TKGchWpd/TYhnjA=,tag:+HqYuDWjoTdv+CWrJmuwxA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-11-08T13:31:55Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4D1GtNSlou/HkSAQdALVqRZ2qzjR86mEE/MHAR5H3gmIukchY/NSvGg1Ggfmsw
|
||||
uZhnl5puGOO579ItHXbk+BYwBS2koL7jyhnX8E9zmM3d3SZHwzx0mk79fr2jLFj6
|
||||
0l4BLrhhcpUtzfje4/SeTgWFRIA68ON/PUTmW2Lgclh9OpQfbbousFS/JMvvdHaT
|
||||
/3uJEww5MKMPlqWqK7w7z6iwIITRKH0vzQoIZ3hVcDKtKOJrJ/1bWcJorFsazxvT
|
||||
=KZPf
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
restic:
|
||||
zh3485s2:
|
||||
password: ENC[AES256_GCM,data:GAesjt8CMFKuZk30vJTS7kH0cSg/p6NQCOU9udcVbVCurnUdqjKqZp97KnCcmA/A,iv:bf7trphHgzFzI3Pza8dDOgmKcHsBURsXEHtw0KpGQ7s=,tag:zE1WXaptcqBQMqgk+6SRqQ==,type:str]
|
||||
id_ed25519: ENC[AES256_GCM,data:hRViIdnq9VNjjqD/X6tERHsCAuxF723bh+oES/Va5KVBJdsEK2LYXWxRQV6/dpYGnmSBNJ2q4eJS0iz2kjfNUTXg1DQZ0uuxSDbhOcKQ+ksE99VrU3Go7196gXQ+rsCuRht6vzgGzIoTcMVDlA+lvJ2EAB0o7EhK4qcKI0pRHziy4/i0JgLJKc2Xw7WwAZajyUToRrroi+oh3LRJiN0+L3B13RWNBDMxfVgSH5KERhPjU40VteKNyXg9YnZxiqRMTmDmpAu/fogXwIDgnfRuWBoDgPsHeSWVN/0IpfEegoXnmdYUGk9vKQmXNJ5z7vj6oIaz8Zuk9PfPaKZHrsUGkPZqBJydvfcUpH74+sn3idDJdQ92mYIn6rorabt6QtN9bbtULmtOU/R7wvZkRSn3SmvR6uo/xShs1pkwGa1oidn8atfoMMYnR973wvuGlDZwFGy0ZJD+Mc108U7o0U153/MervsxxZ3eIpzgmRol+TjoSJINQoPNPHsj6nx65MNfJd+AFw35h5jKUag4xKaPXS5ew/wDCqZ1PFYG,iv:P8VtAFoL0CcO7m7S60JardB95MUWYiABDOUZhLhXEzo=,tag:fLniekA0lMx6wW3u4NZPKQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUnFUQlhzYTdyblNOWUt3
|
||||
V0daclVOZ0hlSmlJTHlKRDd5eThVSzVOVWh3CkpiaGNJd0hCMlk3MVdsdnY0TVJM
|
||||
MEtKUXFnSlAwQ0kzd1M0eVA1WG1Bb2sKLS0tIFAvVklzZldkOFpCNHV4YnQ2SDA3
|
||||
OW5TcVlqV0p4RThBRGlyaHkreEFMY28KPdgR9WCByJaLZcNophcfW7+7NU9MuI3E
|
||||
bfWEFgqZLTdAg8y7s/M6ZAyjciflclxVnY8mTIhnERD+ZHHi++z1XA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-13T12:51:05Z"
|
||||
mac: ENC[AES256_GCM,data:t/gg9SqDfrU+eKU9yw2R7ahLQY6pTgsRVFNk7K+zxTBiqUG2Rx0wm0bclkrkSKeHAVSJkc8OOWJvvRCMxaE980mknPM6721xNDV90Pt0ZsJvFXdOYKIaPQHC29klJKO60lsMsuup3BiF94O8+wIavLvYuc3jKFcaA4b9xAPRveM=,iv:TJhR1NzPVYIysghFAbjWB5lBpMhhkvwJdszkWGSLDPI=,tag:TCnewzN2qwFyG4Xio2JatQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-11-13T12:49:09Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4D1GtNSlou/HkSAQdArN4L/MZSZoKwk/RKgA56OQMyt7IhW15qa7+Utie4/TQw
|
||||
0xKauGLJEMp7cnpmEvpBW8sy3hZRj1K4vLv2NKHzoXBuWGBer1Hf+CDZJ71ta6J9
|
||||
0l4B9f4L9AIRHO3ncb4IPyVprr+sFyhVJJAI7bo9mbFUqH0yfM5EmFiXWg5d9zO6
|
||||
NfXbbfpW4ISEXFa//SuVl3h/HHxwDd83qA13OnhrlCjjwPfdA32kKM3CS/81JHNd
|
||||
=4L7O
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
services:
|
||||
akkoma:
|
||||
mailerPassword: ENC[AES256_GCM,data:kNep5V0HVr17bEIY2/AbwRUPqkfHKf9xnOnYi5sMJ+STWjVrQf+AzdueJTAf9Nym,iv:Usmu0uM5ev60Ui8h9zLUcDDJIHNSxAFtMq5LyLwmAsA=,tag:fNIhB8LGJwWO3zzQWgm68A==,type:str]
|
||||
deepl: ENC[AES256_GCM,data:JVJkCm6UFUlownU/oRTmZ5o85mPv935Hj56JcXCt3PwNmx1kQbyj,iv:UzvGgVter1/9U8g/HQ2FfWNviD0KgWRLnW9fzgfGDag=,tag:q65bd26xFQ6Av71hy8u2fA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1NGRYOHFVSXBNdjlpVDhF
|
||||
V0g2ZkRiZnR6UElvWEZKUWxHSjZySlJadHlvCmpBdzBPRklkOVltZWwzNlNrc0pC
|
||||
bG9kU3phNmFKNGkwek94Y2hZcjZCNW8KLS0tIFFqM0VTQXRuODAva0Rkc2xvWFB4
|
||||
VTQ3RExKY093VG8vOThCczRzY2tpY2cKJOv0yVl9Zody0mjtytyjCXpe5V3NsReA
|
||||
/Dqr6V9Hjuf3u0fjMHAjE6hDPGVH5t5NYLkNDeaGHNTaAd5dnhfprg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-31T16:57:58Z"
|
||||
mac: ENC[AES256_GCM,data:VJpsLBdnle6bP6ALxLS2eTOEbiHJbNc5D+pvsoJulI9VODtBk0p1VvJv9ilToxh4oiwctMmCKSO4R9NyuZUqoqwwlYtW6tFDITBA2eg/iu/uQjcuuKLC+fFGdtnTpZcShUyMds3qi8Z8Iegk2sSMLk5QXCE2QhMUQ50VN4TXF2c=,iv:rOF34iqckOJMAVm+3RDSdlrJh4hgnyiTut3SM1e0w0E=,tag:cMjMkKkN8UFWGQqQfWBUnA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-11-04T20:52:58Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4D1GtNSlou/HkSAQdApk/nEYcccQBCzFwC+hZbMio0s37LJuK6ceSLW786Sjsw
|
||||
90ggzfOg63e92cyqYxvbKqtCgVHHU/9RmKdsSZM+rFcR3XpzWw0ke10WjZNW0lU5
|
||||
0l4BuP1sPvP7Z+kxWlITnYl4SPKxVhSmYtAdGbceiGUo36jtpi9vkziuPmyrGttM
|
||||
t1PNZ9gjGVyNw96rRg9bgXCSvJo2FfMx8GeArj1yuO3+bkkbDm7mFrbF6fMQN3JE
|
||||
=Q9iO
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
Loading…
Reference in a new issue