diff --git a/.dir-locals.el b/.dir-locals.el deleted file mode 100644 index af235d5..0000000 --- a/.dir-locals.el +++ /dev/null @@ -1,7 +0,0 @@ -((rust-mode - . ((eglot-workspace-configuration - . (:rust-analyzer - (:cargo (:features "all") - :check (:command "clippy") - :rustfmt (:overrideCommand ["leptosfmt" "--stdin" "--rustfmt"]) - :linkedProjects ["./pkgs/packages/webserver/Cargo.toml"])))))) diff --git a/checks/default.nix b/checks/default.nix index 03e5b6b..f3db4ce 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -1,82 +1,61 @@ -{ self, ... }: { - perSystem = + self, + nixpkgs, + deploy-rs, + system, + ... +}: +let + pkgs = nixpkgs.legacyPackages.${system}; + + statix' = pkgs.statix.overrideAttrs (old: { + patches = old.patches ++ [ + (pkgs.fetchpatch { + url = "https://github.com/oppiliappan/statix/commit/925dec39bb705acbbe77178b4d658fe1b752abbb.patch"; + hash = "sha256-0wacO6wuYJ4ufN9PGucRVJucFdFFNF+NoHYIrLXsCWs="; + }) + ]; + }); + + runNuCheck = { - inputs', - lib, - pkgs, - ... + name, + packages, + check, }: - let - mkLint = - { - name, - fileset, - checkInputs ? [ ], - script, - }: - pkgs.stdenvNoCC.mkDerivation { - inherit name; + pkgs.stdenvNoCC.mkDerivation { + inherit name; - src = lib.fileset.toSource { - root = ../.; - fileset = lib.fileset.difference fileset ( - lib.fileset.fileFilter ( - file: file.type != "regular" || file.name == "hardware-configuration.nix" - ) ../. - ); - }; + src = nixpkgs.lib.cleanSourceWith { + src = self; + filter = nixpkgs.lib.cleanSourceFilter; + }; - checkInputs = [ pkgs.nushell ] ++ checkInputs; + dontPatch = true; + dontConfigure = true; + dontBuild = true; + dontInstall = true; + dontFixup = true; + doCheck = true; - checkPhase = '' - nu -c '${script}' | tee $out - ''; + checkInputs = nixpkgs.lib.singleton pkgs.nushell ++ packages; - dontPatch = true; - dontConfigure = true; - dontBuild = true; - dontInstall = true; - dontFixup = true; - doCheck = true; - }; - in - { - checks = { - nix = mkLint { - name = "nix-lints"; - fileset = lib.fileset.fileFilter (file: file.hasExt "nix") ../.; - - checkInputs = lib.attrValues { - inherit (pkgs) deadnix nixfmt-rfc-style; - - statix = pkgs.statix.overrideAttrs (old: { - patches = old.patches ++ [ - (pkgs.fetchpatch { - url = "https://github.com/oppiliappan/statix/commit/925dec39bb705acbbe77178b4d658fe1b752abbb.patch"; - hash = "sha256-0wacO6wuYJ4ufN9PGucRVJucFdFFNF+NoHYIrLXsCWs="; - }) - ]; - }); - }; - - script = /* bash */ '' - statix check **/*.nix - deadnix --fail **/*.nix - nixfmt --check --strict **/*.nix - ''; - }; - - lockfile = mkLint { - name = "nix-lockfile"; - fileset = ../flake.lock; - checkInputs = lib.attrValues { inherit (inputs'.flint.packages) flint; }; - - script = /* bash */ '' - flint --fail-if-multiple-versions - ''; - }; - } - // self.nixosConfigurations.hetzner-1.config.serviceTests; + checkPhase = '' + nu ${check} + ''; }; -} +in +nixpkgs.lib.recursiveUpdate { + lints = runNuCheck { + name = "lints"; + + packages = [ + pkgs.deadnix + pkgs.nixfmt-rfc-style + pkgs.shellcheck + statix' + ]; + + check = ./lints.nu; + }; +} (deploy-rs.lib.${system}.deployChecks self.deploy) diff --git a/configuration/default.nix b/configuration/default.nix index ef68727..041c885 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -1,6 +1,5 @@ { - pkgs, - lib, + config, modulesPath, flake-inputs, ... @@ -9,13 +8,32 @@ imports = [ flake-inputs.disko.nixosModules.disko flake-inputs.sops-nix.nixosModules.sops - "${modulesPath}/profiles/minimal.nix" + flake-inputs.tlaternet-webserver.nixosModules.default - ../modules - ./nginx - ./services + "${modulesPath}/profiles/minimal.nix" + (import ../modules) + + ./services/auth + ./services/backups.nix + ./services/battery-manager.nix + ./services/conduit + ./services/crowdsec.nix + ./services/foundryvtt.nix + ./services/gitea.nix + ./services/immich.nix + ./services/metrics + ./services/minecraft.nix + ./services/nextcloud.nix + ./services/webserver.nix + ./services/wireguard.nix + # ./services/starbound.nix -- Not currently used + ./services/postgres.nix + ./nginx.nix + ./sops.nix ]; + nixpkgs.overlays = [ (_: prev: { local = import ../pkgs { pkgs = prev; }; }) ]; + nix = { extraOptions = '' experimental-features = nix-command flakes @@ -25,9 +43,49 @@ settings.trusted-users = [ "@wheel" ]; }; + # Optimization for minecraft servers, see: + # https://bugs.mojang.com/browse/MC-183518 + boot.kernelParams = [ + "highres=off" + "nohz=off" + ]; + networking = { usePredictableInterfaceNames = false; useDHCP = false; + + firewall = { + allowedTCPPorts = [ + # http + 80 + 443 + # ssh + 2222 + # matrix + 8448 + # starbound + 21025 + + config.services.coturn.listening-port + config.services.coturn.tls-listening-port + config.services.coturn.alt-listening-port + config.services.coturn.alt-tls-listening-port + ]; + + allowedUDPPorts = [ + config.services.coturn.listening-port + config.services.coturn.tls-listening-port + config.services.coturn.alt-listening-port + config.services.coturn.alt-tls-listening-port + ]; + + allowedUDPPortRanges = [ + { + from = config.services.coturn.min-port; + to = config.services.coturn.max-port; + } + ]; + }; }; systemd.network.enable = true; @@ -54,19 +112,6 @@ }; logrotate.enable = true; - - postgresql = { - package = pkgs.postgresql_14; - enable = true; - - # Only enable connections via the unix socket, and check with the - # OS to make sure the user matches the database name. - # - # See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html - authentication = '' - local sameuser all peer - ''; - }; }; security = { @@ -80,10 +125,9 @@ services.sudo.rssh = true; }; }; - sops.defaultSopsFile = ../keys/production.yaml; # Remove some unneeded packages - environment.defaultPackages = lib.mkForce [ ]; + environment.defaultPackages = [ ]; system.stateVersion = "20.09"; } diff --git a/configuration/hardware-specific/hetzner/default.nix b/configuration/hardware-specific/hetzner/default.nix index 3b60011..4d0408c 100644 --- a/configuration/hardware-specific/hetzner/default.nix +++ b/configuration/hardware-specific/hetzner/default.nix @@ -2,7 +2,6 @@ imports = [ ./hardware-configuration.nix ./disko.nix - ./vm.nix ]; # Intel's special encrypted memory<->CPU feature. Hetzner's BIOS diff --git a/configuration/hardware-specific/hetzner/disko.nix b/configuration/hardware-specific/hetzner/disko.nix index 6b769d2..7e1acd7 100644 --- a/configuration/hardware-specific/hetzner/disko.nix +++ b/configuration/hardware-specific/hetzner/disko.nix @@ -80,7 +80,7 @@ inherit mountOptions; mountpoint = "/var"; }; - "/volume/var/lib/private/continuwuity" = { + "/volume/var/lib/private/matrix-conduit" = { mountOptions = [ # Explicitly don't compress here, since # conduwuit's database does compression by @@ -89,7 +89,7 @@ # if btrfs compresses it) "noatime" ]; - mountpoint = "/var/lib/private/continuwuity"; + mountpoint = "/var/lib/private/matrix-conduit"; }; "/volume/nix-store" = { inherit mountOptions; diff --git a/configuration/hardware-specific/hetzner/vm.nix b/configuration/hardware-specific/hetzner/vm.nix deleted file mode 100644 index 7ecf8f8..0000000 --- a/configuration/hardware-specific/hetzner/vm.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ lib, ... }: -{ - virtualisation.vmVariant = { - users.users.tlater.password = "insecure"; - - # Disable graphical tty so -curses works - boot.kernelParams = [ "nomodeset" ]; - - networking.hostName = lib.mkForce "testvm"; - - services = { - # Sets the base domain for nginx to a local domain so that we can - # easily test locally with the VM. - nginx.domain = lib.mkForce "dev.local"; - - # Don't run this - batteryManager.enable = lib.mkForce false; - btrfs.autoScrub.enable = lib.mkForce false; - - openssh.hostKeys = lib.mkForce [ - { - type = "rsa"; - bits = 4096; - path = "/etc/staging.key"; - } - ]; - }; - - # Use the staging secrets - sops.defaultSopsFile = lib.mkOverride 99 ../../../keys/staging.yaml; - - systemd.network.networks."10-eth0" = { - matchConfig.Name = "eth0"; - gateway = [ "192.168.9.1" ]; - networkConfig = { - Address = "192.168.9.2/24"; - }; - }; - - # Both so we have a predictable key for the staging env, as well as - # to have a static key for decrypting the sops secrets for the - # staging env. - environment.etc."staging.key" = { - mode = "0400"; - source = ../../../keys/hosts/staging.key; - }; - - # Pretend the acme renew succeeds. - # - # TODO(tlater): Set up pebble to retrieve certs "properly" - # instead - systemd.services."acme-order-renew-tlater.net".script = '' - touch out/acme-success - ''; - - virtualisation = { - memorySize = 3941; - cores = 2; - graphics = false; - diskSize = 1024 * 20; - - qemu = { - networkingOptions = lib.mkForce [ - "-device virtio-net,netdev=n1" - "-netdev bridge,id=n1,br=br0,helper=$(which qemu-bridge-helper)" - ]; - }; - }; - }; -} diff --git a/configuration/hardware-specific/vm.nix b/configuration/hardware-specific/vm.nix new file mode 100644 index 0000000..71870fb --- /dev/null +++ b/configuration/hardware-specific/vm.nix @@ -0,0 +1,60 @@ +{ lib, ... }: +{ + users.users.tlater.password = "insecure"; + + # Disable graphical tty so -curses works + boot.kernelParams = [ "nomodeset" ]; + + networking.hostName = "testvm"; + + services = { + # Sets the base domain for nginx to a local domain so that we can + # easily test locally with the VM. + nginx.domain = "dev.local"; + + # Don't run this + batteryManager.enable = lib.mkForce false; + + openssh.hostKeys = lib.mkForce [ + { + type = "rsa"; + bits = 4096; + path = "/etc/staging.key"; + } + ]; + }; + + # Use the staging secrets + sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml; + + systemd.network.networks."10-eth0" = { + matchConfig.Name = "eth0"; + gateway = [ "192.168.9.1" ]; + networkConfig = { + Address = "192.168.9.2/24"; + }; + }; + + # Both so we have a predictable key for the staging env, as well as + # to have a static key for decrypting the sops secrets for the + # staging env. + environment.etc."staging.key" = { + mode = "0400"; + source = ../../keys/hosts/staging.key; + }; + + virtualisation.vmVariant = { + virtualisation = { + memorySize = 3941; + cores = 2; + graphics = false; + }; + + virtualisation.qemu = { + networkingOptions = lib.mkForce [ + "-device virtio-net,netdev=n1" + "-netdev bridge,id=n1,br=br0,helper=$(which qemu-bridge-helper)" + ]; + }; + }; +} diff --git a/configuration/nginx.nix b/configuration/nginx.nix new file mode 100644 index 0000000..935b5ac --- /dev/null +++ b/configuration/nginx.nix @@ -0,0 +1,77 @@ +{ config, lib, ... }: +{ + services = { + nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + clientMaxBodySize = "10G"; + + statusPage = true; # For metrics, should be accessible only from localhost + + commonHttpConfig = '' + log_format upstream_time '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" ' + 'rt=$request_time uct="$upstream_connect_time" ' + 'uht="$upstream_header_time" urt="$upstream_response_time"'; + ''; + }; + + logrotate.settings = { + # Override the default, just keep fewer logs + nginx.rotate = 6; + } + // lib.mapAttrs' ( + virtualHost: _: + lib.nameValuePair "/var/log/nginx/${virtualHost}/access.log" { + frequency = "daily"; + rotate = 2; + compress = true; + delaycompress = true; + su = "${config.services.nginx.user} ${config.services.nginx.group}"; + postrotate = "[ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid`"; + } + ) config.services.nginx.virtualHosts; + + backups.acme = { + user = "acme"; + paths = lib.mapAttrsToList ( + virtualHost: _: "/var/lib/acme/${virtualHost}" + ) config.services.nginx.virtualHosts; + }; + }; + + systemd.tmpfiles.rules = lib.mapAttrsToList ( + virtualHost: _: + # + "d /var/log/nginx/${virtualHost} 0750 ${config.services.nginx.user} ${config.services.nginx.group}" + ) config.services.nginx.virtualHosts; + + security.acme = { + defaults.email = "tm@tlater.net"; + acceptTerms = true; + + certs."tlater.net" = { + extraDomainNames = [ + "*.tlater.net" + "tlater.com" + "*.tlater.com" + ]; + dnsProvider = "porkbun"; + group = "ssl-cert"; + credentialFiles = { + PORKBUN_API_KEY_FILE = config.sops.secrets."porkbun/api-key".path; + PORKBUN_SECRET_API_KEY_FILE = config.sops.secrets."porkbun/secret-api-key".path; + }; + }; + }; + + users.groups.ssl-cert = { }; + + systemd.services.nginx.serviceConfig.SupplementaryGroups = [ + config.security.acme.certs."tlater.net".group + ]; +} diff --git a/configuration/nginx/default.nix b/configuration/nginx/default.nix deleted file mode 100644 index dab0259..0000000 --- a/configuration/nginx/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ lib, ... }: -{ - imports = [ - ./logging.nix - ./ssl.nix - ]; - - options.services.nginx.domain = lib.mkOption { - type = lib.types.str; - description = "The base domain name to append to virtual domain names"; - }; - - config.services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - clientMaxBodySize = "10G"; - statusPage = true; # For metrics, should be accessible only from localhost - }; -} diff --git a/configuration/nginx/logging.nix b/configuration/nginx/logging.nix deleted file mode 100644 index e41bfae..0000000 --- a/configuration/nginx/logging.nix +++ /dev/null @@ -1,140 +0,0 @@ -{ - flake-inputs, - pkgs, - config, - lib, - ... -}: -let - hostNames = lib.attrNames config.services.nginx.virtualHosts; - logPath = name: "/var/log/nginx/${name}/access.log"; - logFormat = lib.concatStringsSep " " [ - "$remote_addr - $remote_user [$time_local]" - ''"$request" $status $body_bytes_sent'' - ''"$http_referer" "$http_user_agent"'' - ''rt=$request_time uct="$upstream_connect_time"'' - ''uht="$upstream_header_time" urt="$upstream_response_time"'' - ]; -in -{ - # Extend the default configuration for nginx virtual hosts; we'd - # like to create log files for each of them, so that the prometheus - # nginxlog exporter can process per-host logs. - options.services.nginx.virtualHosts = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule ( - { name, ... }: - { - config.extraConfig = '' - access_log ${logPath name} upstream_time; - ''; - } - ) - ); - }; - - config = { - # Create directories for host-specific logs with systemd tmpfiles - systemd.tmpfiles.settings."10-nginx-logs" = lib.listToAttrs ( - map ( - name: - lib.nameValuePair "/var/log/nginx/${name}" { - d = { - inherit (config.services.nginx) user group; - mode = "0750"; - }; - } - ) hostNames - ); - - services = { - # Set the nginx-wide log format - nginx.commonHttpConfig = '' - log_format upstream_time '${logFormat}'; - ''; - - # Set up nginxlog to read the file and log format defined above - # for each virtual host - prometheus.exporters.nginxlog = { - enable = true; - listenAddress = "127.0.0.1"; - group = "nginx"; - - settings.namespaces = map (name: { - inherit name; - metrics_override.prefix = "nginxlog"; - namespace_label = "vhost"; - format = logFormat; - source.files = [ (logPath name) ]; - }) hostNames; - }; - - logrotate.settings = { - # Override the nginx module default, just keep fewer logs - nginx.rotate = 6; - - # Configure logrotate for host-specific logs - nginxVirtualHosts = { - files = map logPath hostNames; - - frequency = "daily"; - rotate = 2; - compress = true; - delaycompress = true; - su = "${config.services.nginx.user} ${config.services.nginx.group}"; - postrotate = "[ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid`"; - }; - }; - }; - - serviceTests = - let - testHostConfig = - { config, ... }: - { - imports = [ - ./. - ../../modules/serviceTests/mocks.nix - ]; - - networking.firewall.allowedTCPPorts = [ 80 ]; - - services.nginx = { - domain = "testHost"; - virtualHosts."${config.services.nginx.domain}".locations."/".return = "200 ok"; - }; - }; - in - { - nginxMetricsWork = pkgs.testers.runNixOSTest { - name = "nginx-metrics-work"; - node.specialArgs = { inherit flake-inputs; }; - - nodes = { - testHost = testHostConfig; - - client = - { pkgs, ... }: - { - environment.systemPackages = [ pkgs.curl ]; - }; - }; - - testScript = '' - import time - - start_all() - - testHost.wait_for_unit("nginx.service") - client.succeed("curl --max-time 10 http://testHost") - - # Wait a bit for the prometheus exporter to scrape our logs - time.sleep(5) - - res = testHost.succeed("curl localhost:${builtins.toString config.services.prometheus.exporters.nginxlog.port}/metrics") - assert 'nginxlog_http_response_count_total{method="GET",status="200",vhost="testHost"} 1' in res, res - ''; - }; - }; - }; -} diff --git a/configuration/nginx/ssl.nix b/configuration/nginx/ssl.nix deleted file mode 100644 index f3fac13..0000000 --- a/configuration/nginx/ssl.nix +++ /dev/null @@ -1,135 +0,0 @@ -{ - flake-inputs, - pkgs, - config, - lib, - ... -}: -{ - options = { - # Add a custom per-host option to enable HSTS - services.nginx.virtualHosts = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule ( - { config, ... }: - { - options.enableHSTS = lib.mkEnableOption "HSTS"; - config.extraConfig = lib.mkIf config.enableHSTS '' - add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; - ''; - } - ) - ); - }; - }; - - config = { - # Certificate settings - security.acme = { - defaults.email = "tm@tlater.net"; - acceptTerms = true; - - certs."tlater.net" = { - extraDomainNames = [ - "*.tlater.net" - "tlater.com" - "*.tlater.com" - ]; - dnsProvider = "porkbun"; - group = config.users.groups.ssl-cert.name; - credentialFiles = { - PORKBUN_API_KEY_FILE = config.sops.secrets."porkbun/api-key".path; - PORKBUN_SECRET_API_KEY_FILE = config.sops.secrets."porkbun/secret-api-key".path; - }; - }; - }; - users.groups.ssl-cert = { }; - - # Back up the SSL certificate, just in case - services.backups.acme = { - user = "acme"; - paths = [ "/var/lib/acme/tlater.net" ]; - }; - - systemd.services.nginx.serviceConfig.SupplementaryGroups = [ - config.security.acme.certs."tlater.net".group - ]; - - sops.secrets = { - "porkbun/api-key".owner = "acme"; - "porkbun/secret-api-key".owner = "acme"; - }; - - serviceTests = - let - testHostConfig = - { config, ... }: - { - imports = [ - ./. - ../../modules/serviceTests/mocks.nix - ]; - - networking.firewall.allowedTCPPorts = [ 443 ]; - - security.acme.certs."tlater.net".extraDomainNames = [ config.services.nginx.domain ]; - - # Pretend the acme renew succeeds. - # - # TODO(tlater): Set up pebble to retrieve certs "properly" - # instead - systemd.services."acme-order-renew-tlater.net".script = '' - touch out/acme-success - ''; - - services.nginx = { - domain = "testHost.test"; - - virtualHosts."${config.services.nginx.domain}.local" = { - useACMEHost = "tlater.net"; - onlySSL = true; - enableHSTS = true; - locations."/".return = "200 ok"; - }; - }; - }; - in - { - testNginxSSL = pkgs.testers.runNixOSTest { - name = "test-nginx-ssl"; - - node.specialArgs = { inherit flake-inputs; }; - nodes = { - testHost = testHostConfig; - - client = - { pkgs, ... }: - { - environment.systemPackages = [ pkgs.curl ]; - networking.hosts."192.168.1.2" = [ "testHost.test" ]; - }; - }; - - testScript = '' - start_all() - - testHost.wait_for_unit("nginx.service") - testHost.copy_from_vm("/var/lib/acme/tlater.net/", "certs") - client.copy_from_host(f"{testHost.out_dir}/certs", "/certs") - - res = client.succeed(" ".join([ - "curl", - "--show-error", - "--silent", - "--dump-header -", - "--cacert /certs/tlater.net/fullchain.pem", - "https://testHost.test", - "-o /dev/null" - ])) - - assert "strict-transport-security: max-age=15552000; includeSubDomains" in res - ''; - }; - }; - }; -} diff --git a/configuration/services/auth/authelia.nix b/configuration/services/auth/authelia.nix new file mode 100644 index 0000000..f05e3f0 --- /dev/null +++ b/configuration/services/auth/authelia.nix @@ -0,0 +1,87 @@ +{ config, ... }: +let + instanceName = config.services.authelia.instances.main.name; +in +{ + services.authelia.instances.main = { + enable = true; + + settings = { + theme = "auto"; + default_2fa_method = "totp"; + + authentication_backend = { + password_reset.disable = true; + password_change.disable = true; + + file = { + inherit (config.sops.secrets."authelia/users") path; + + search = { + email = true; + case_insensitive = false; + }; + }; + }; + + storage.postgres = { + address = "unix:///run/postgresql"; + database = "authelia"; + username = "authelia"; + }; + + session.cookies = [ + { + domain = config.services.nginx.domain; + authelia_url = "https://auth.${config.services.nginx.domain}"; + } + ]; + + notifier.filesystem.filename = ''{{ env "RUNTIME_DIRECTORY" }}/authelia-notifications''; + + access_control = { + + }; + + server = { + # Maybe a systemd socket can be used for this in the future, + # see: + # https://github.com/systemd/systemd/issues/23067#issuecomment-1212232155 + address = "unix://${config.systemd.sockets."authelia-${instanceName}".socketConfig.ListenStream}"; + }; + }; + + secrets = { + jwtSecretFile = config.sops.secrets."authelia/jwt".path; + storageEncryptionKeyFile = config.sops.secrets."authelia/storage".path; + }; + }; + + systemd.sockets."authelia-${instanceName}" = { + socketConfig = { + Accept = false; + ListenStream = "/var/run/authelia.sock"; + SocketGroup = "authelia"; + SocketMode = "0660"; + }; + }; + + systemd.services."authelia-${instanceName}" = { + requires = [ "authelia-${instanceName}.socket" ]; + + serviceConfig = { + RuntimeDirectory = "authelia-${instanceName}"; + SupplementaryGroups = [ "authelia" ]; + }; + }; + + # TODO: Need to map these to systemd creds to pass them into the + # service because user permissions + sops.secrets = { + "authelia/users" = { }; + "authelia/jwt" = { }; + "authelia/storage" = { }; + }; + + users.groups.authelia = { }; +} diff --git a/configuration/services/auth/default.nix b/configuration/services/auth/default.nix new file mode 100644 index 0000000..4b9c671 --- /dev/null +++ b/configuration/services/auth/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./authelia.nix + ]; +} diff --git a/configuration/services/backups.nix b/configuration/services/backups.nix index 0ae8abf..688f5f9 100644 --- a/configuration/services/backups.nix +++ b/configuration/services/backups.nix @@ -265,18 +265,5 @@ in }; groups.backup = { }; }; - - sops.secrets = { - "restic/storagebox-backups" = { - owner = "root"; - group = "backup"; - mode = "0440"; - }; - "restic/storagebox-ssh-key" = { - owner = "backup"; - group = "backup"; - mode = "0040"; - }; - }; }; } diff --git a/configuration/services/battery-manager.nix b/configuration/services/battery-manager.nix index 0c58c7b..9da7e32 100644 --- a/configuration/services/battery-manager.nix +++ b/configuration/services/battery-manager.nix @@ -13,9 +13,4 @@ log_level = "DEBUG"; }; }; - - sops.secrets = { - "battery-manager/email" = { }; - "battery-manager/password" = { }; - }; } diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix index e1a5f60..4ba5271 100644 --- a/configuration/services/conduit/default.nix +++ b/configuration/services/conduit/default.nix @@ -7,52 +7,25 @@ let inherit (lib.strings) concatMapStringsSep; - cfg = config.services.matrix-continuwuity; + cfg = config.services.matrix-conduit; domain = "matrix.${config.services.nginx.domain}"; turn-realm = "turn.${config.services.nginx.domain}"; in { - imports = [ ./heisenbridge.nix ]; - - networking.firewall = { - allowedTCPPorts = [ - # These are for "normal" clients - 80 - 443 - - # Federation happens on 8448 - 8448 - - config.services.coturn.listening-port - config.services.coturn.tls-listening-port - config.services.coturn.alt-listening-port - config.services.coturn.alt-tls-listening-port - ]; - - allowedUDPPorts = [ - config.services.coturn.listening-port - config.services.coturn.tls-listening-port - config.services.coturn.alt-listening-port - config.services.coturn.alt-tls-listening-port - ]; - - allowedUDPPortRanges = [ - { - from = config.services.coturn.min-port; - to = config.services.coturn.max-port; - } - ]; - }; + imports = [ + ./heisenbridge.nix + ./matrix-hookshot.nix + ]; services = { - matrix-continuwuity = { + matrix-conduit = { enable = true; package = pkgs.matrix-continuwuity; settings.global = { - address = [ "127.0.0.1" ]; + address = "127.0.0.1"; server_name = domain; new_user_displayname_suffix = "🦆"; - turn_secret_file = "/run/credentials/continuwuity.service/turn-secret"; + allow_check_for_updates = true; # Set up delegation: https://docs.conduit.rs/delegation.html#automatic-recommended # This is primarily to make sliding sync work @@ -173,39 +146,37 @@ in locations = { "/_matrix" = { - proxyPass = "http://${lib.head cfg.settings.global.address}:${toString cfg.settings.global.port}"; + proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}"; # Recommended by conduit extraConfig = '' proxy_buffering off; ''; }; "/.well-known/matrix" = { - proxyPass = "http://${lib.head cfg.settings.global.address}:${toString cfg.settings.global.port}"; + proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}"; }; }; }; backups.conduit = { user = "root"; - paths = [ "/var/lib/private/matrix-continuwuity/" ]; + paths = [ "/var/lib/private/matrix-conduit/" ]; # Other services store their data in conduit, so no other services # need to be shut down currently. - pauseServices = [ "continuwuity.service" ]; + pauseServices = [ "conduit.service" ]; }; }; - systemd.services.continuwuity.serviceConfig.LoadCredential = "turn-secret:${ - config.sops.secrets."turn/env".path - }"; + systemd.services.conduit.serviceConfig = { + ExecStart = lib.mkForce "${config.services.matrix-conduit.package}/bin/conduwuit"; + # Pass in the TURN secret via EnvironmentFile, not supported by + # upstream module currently. + # + # See also https://gitlab.com/famedly/conduit/-/issues/314 + EnvironmentFile = config.sops.secrets."turn/env".path; + }; systemd.services.coturn.serviceConfig.SupplementaryGroups = [ config.security.acme.certs."tlater.net".group ]; - - sops.secrets = { - "turn/env" = { }; - "turn/secret" = { - owner = "turnserver"; - }; - }; } diff --git a/configuration/services/conduit/heisenbridge.nix b/configuration/services/conduit/heisenbridge.nix index 0fe6bc5..f0f7e49 100644 --- a/configuration/services/conduit/heisenbridge.nix +++ b/configuration/services/conduit/heisenbridge.nix @@ -5,7 +5,7 @@ ... }: let - conduitCfg = config.services.matrix-continuwuity; + conduitCfg = config.services.matrix-conduit; matrixLib = pkgs.callPackage ./lib.nix { }; in { @@ -36,7 +36,7 @@ in { description = "Matrix<->IRC bridge"; wantedBy = [ "multi-user.target" ]; - after = [ "continuwuity.service" ]; + after = [ "conduit.service" ]; serviceConfig = { Type = "exec"; @@ -75,10 +75,4 @@ in # AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; }; }; - - sops.secrets = { - # Accessed via systemd cred through /run/secrets/heisebridge - "heisenbridge/as-token" = { }; - "heisenbridge/hs-token" = { }; - }; } diff --git a/configuration/services/conduit/matrix-hookshot.nix b/configuration/services/conduit/matrix-hookshot.nix new file mode 100644 index 0000000..6b788b2 --- /dev/null +++ b/configuration/services/conduit/matrix-hookshot.nix @@ -0,0 +1,166 @@ +{ + pkgs, + lib, + config, + ... +}: +let + matrixLib = pkgs.callPackage ./lib.nix { }; + + cfg = config.services.matrix-hookshot; + conduitCfg = config.services.matrix-conduit; + + domain = conduitCfg.settings.global.server_name; + + registration = matrixLib.writeRegistrationScript { + id = "matrix-hookshot"; + url = "http://127.0.0.1:9993"; + sender_localpart = "hookshot"; + + namespaces = { + aliases = [ ]; + rooms = [ ]; + users = [ + { + regex = "@${cfg.settings.generic.userIdPrefix}.*:${domain}"; + exclusive = true; + } + ]; + }; + + # Encryption support + # TODO(tlater): Enable when + # https://github.com/matrix-org/matrix-hookshot/issues/1060 is + # fixed + # extraSettings = { + # "de.sorunome.msc2409.push_ephemeral" = true; + # push_ephemeral = true; + # "org.matrix.msc3202" = true; + # }; + + runtimeRegistration = "${cfg.registrationFile}"; + }; +in +{ + # users = { + # users.matrix-hookshot = { + # home = "/run/matrix-hookshot"; + # group = "matrix-hookshot"; + # isSystemUser = true; + # }; + + # groups.matrix-hookshot = { }; + # }; + + systemd.services.matrix-hookshot = { + serviceConfig = { + Type = lib.mkForce "exec"; + + LoadCredential = "matrix-hookshot:/run/secrets/matrix-hookshot"; + inherit (registration) ExecStartPre; + + # Some library in matrix-hookshot wants a home directory + Environment = [ "HOME=/run/matrix-hookshot" ]; + + # User = "matrix-hookshot"; + DynamicUser = true; + StateDirectory = "matrix-hookshot"; + RuntimeDirectory = "matrix-hookshot"; + RuntimeDirectoryMode = "0700"; + + RestrictNamespaces = true; + PrivateUsers = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ + # "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; + LockPersonality = true; + RestrictRealtime = true; + ProtectProc = "invisible"; + ProcSubset = "pid"; + UMask = 77; + }; + }; + + # services.redis.servers.matrix-hookshot = { + # enable = true; + # user = "matrix-hookshot"; + # }; + + services.matrix-hookshot = { + enable = true; + + serviceDependencies = [ "conduit.service" ]; + + registrationFile = "/run/matrix-hookshot/registration.yaml"; + + settings = { + bridge = { + inherit domain; + url = "http://localhost:${toString conduitCfg.settings.global.port}"; + mediaUrl = conduitCfg.settings.global.well_known.client; + port = 9993; + bindAddress = "127.0.0.1"; + }; + + bot.displayname = "Hookshot"; + + # cache.redisUri = "redis://${config.services.redis.servers.matrix-hookshot.unixSocket}"; + + generic = { + enabled = true; + outbound = false; + # Only allow webhooks from localhost for the moment + urlPrefix = "http://127.0.0.1:9000/webhook"; + userIdPrefix = "_webhooks_"; + allowJsTransformationFunctions = true; + }; + + # TODO(tlater): Enable when + # https://github.com/matrix-org/matrix-hookshot/issues/1060 is + # fixed + # encryption.storagePath = "/var/lib/matrix-hookshot/cryptostore"; + + permissions = [ + { + actor = "matrix.tlater.net"; + services = [ + { + service = "*"; + level = "notifications"; + } + ]; + } + { + actor = "@tlater:matrix.tlater.net"; + services = [ + { + service = "*"; + level = "admin"; + } + ]; + } + ]; + + listeners = [ + { + port = 9000; + resources = [ "webhooks" ]; + } + { + port = 9001; + resources = [ "metrics" ]; + } + ]; + + metrics.enabled = true; + }; + }; +} diff --git a/configuration/services/configs/starbound.json b/configuration/services/configs/starbound.json new file mode 100644 index 0000000..d995fdf --- /dev/null +++ b/configuration/services/configs/starbound.json @@ -0,0 +1,50 @@ +{ + "allowAdminCommands" : true, + "allowAdminCommandsFromAnyone" : false, + "allowAnonymousConnections" : true, + "allowAssetsMismatch" : true, + "anonymousConnectionsAreAdmin" : false, + "bannedIPs" : [], + "bannedUuids" : [], + "checkAssetsDigest" : false, + "clearPlayerFiles" : false, + "clearUniverseFiles" : false, + "clientIPJoinable" : false, + "clientP2PJoinable" : true, + "configurationVersion" : { + "basic" : 2, + "server" : 4 + }, + "crafting" : { + "filterHaveMaterials" : false + }, + "gameServerBind" : "::", + "gameServerPort" : 21025, + "interactiveHighlight" : true, + "inventory" : { + "pickupToActionBar" : true + }, + "maxPlayers" : 8, + "maxTeamSize" : 4, + "monochromeLighting" : false, + "playerBackupFileCount" : 3, + "queryServerBind" : "::", + "queryServerPort" : 21025, + "rconServerBind" : "::", + "rconServerPassword" : "", + "rconServerPort" : 21026, + "rconServerTimeout" : 1000, + "runQueryServer" : false, + "runRconServer" : false, + "safeScripts" : true, + "scriptInstructionLimit" : 10000000, + "scriptInstructionMeasureInterval" : 10000, + "scriptProfilingEnabled" : false, + "scriptRecursionLimit" : 100, + "serverFidelity" : "automatic", + "serverName" : "tlater.net", + "serverOverrideAssetsDigest" : null, + "serverUsers" : { + }, + "tutorialMessages" : true +} diff --git a/configuration/services/crowdsec.nix b/configuration/services/crowdsec.nix index 99eaa11..174115b 100644 --- a/configuration/services/crowdsec.nix +++ b/configuration/services/crowdsec.nix @@ -1,80 +1,45 @@ -{ config, lib, ... }: { - services = { - crowdsec = { - enable = true; - autoUpdateService = true; + pkgs, + config, + lib, + ... +}: +{ + security.crowdsec = { + enable = true; - settings = { - general.api.server = { - enable = true; - online_client.sharing = false; - }; + parserWhitelist = [ "10.45.249.2" ]; - lapi.credentialsFile = "/var/lib/crowdsec/state/local_credentials.yaml"; - }; + extraGroups = [ + "systemd-journal" + "nginx" + ]; - hub = { - collections = [ - "crowdsecurity/base-http-scenarios" - "crowdsecurity/http-cve" - "crowdsecurity/linux" - "crowdsecurity/nextcloud" - "crowdsecurity/nginx" - "crowdsecurity/sshd" - ]; - }; + acquisitions = [ + { + source = "journalctl"; + labels.type = "syslog"; + journalctl_filter = [ "SYSLOG_IDENTIFIER=Nextcloud" ]; + } - localConfig = { - acquisitions = [ - { - labels.type = "syslog"; - journalctl_filter = [ - "SYSLOG_IDENTIFIER=Nextcloud" - "SYSLOG_IDENTIFIER=sshd-session" - ]; - source = "journalctl"; - } + { + source = "journalctl"; + labels.type = "syslog"; + journalctl_filter = [ "SYSLOG_IDENTIFIER=sshd-session" ]; + } - { - labels.type = "nginx"; - filenames = [ - "/var/log/nginx/*.log" - ] - ++ lib.mapAttrsToList ( - vHost: _: "/var/log/nginx/${vHost}/access.log" - ) config.services.nginx.virtualHosts; - } - ]; + { + labels.type = "nginx"; + filenames = [ + "/var/log/nginx/*.log" + ] + ++ lib.mapAttrsToList ( + vHost: _: "/var/log/nginx/${vHost}/access.log" + ) config.services.nginx.virtualHosts; + } + ]; - parsers.s02Enrich = [ - { - name = "nixos/parser-whitelist"; - description = "Parser whitelist generated by the crowdsec NixOS module"; - whitelist = { - reason = "Filtered by NixOS whitelist"; - ip = [ "10.45.249.2" ]; - }; - } - ]; - - postOverflows.s01Whitelist = [ - { - description = "custom matrix whitelist"; - name = "tetsumaki/matrix"; - whitelist = { - reason = "whitelist false positive for matrix"; - expression = [ - "evt.Overflow.Alert.Events[0].GetMeta('target_fqdn') == '${config.services.matrix-continuwuity.settings.global.server_name}'" - "evt.Overflow.Alert.GetScenario() in ['crowdsecurity/http-probing', 'crowdsecurity/http-crawl-non_statics']" - ]; - }; - } - ]; - }; - }; - - crowdsec-firewall-bouncer = { + remediationComponents.firewallBouncer = { enable = true; settings.prometheus = { enabled = true; @@ -82,23 +47,37 @@ listen_port = "60601"; }; }; - - victoriametrics.scrapeConfigs = { - crowdsec.targets = - let - cfg = config.services.crowdsec.settings.general; - address = cfg.prometheus.listen_addr; - port = cfg.prometheus.listen_port; - in - [ "${address}:${toString port}" ]; - - csFirewallBouncer.targets = - let - cfg = config.services.crowdsec-firewall-bouncer.settings; - address = cfg.prometheus.listen_addr; - port = cfg.prometheus.listen_port; - in - [ "${address}:${toString port}" ]; - }; }; + + # Add whitelists for matrix + systemd.tmpfiles.settings."10-matrix" = + let + stateDir = config.security.crowdsec.stateDirectory; + in + { + "${stateDir}/config/postoverflows".d = { + user = "crowdsec"; + group = "crowdsec"; + mode = "0700"; + }; + + "${stateDir}/config/postoverflows/s01-whitelist".d = { + user = "crowdsec"; + group = "crowdsec"; + mode = "0700"; + }; + + "${stateDir}/config/postoverflows/s01-whitelist/matrix-whitelist.yaml"."L+".argument = + ((pkgs.formats.yaml { }).generate "crowdsec-matrix-whitelist.yaml" { + name = "tetsumaki/matrix"; + description = "custom matrix whitelist"; + whitelist = { + reason = "whitelist false positive for matrix"; + expression = [ + "evt.Overflow.Alert.Events[0].GetMeta('target_fqdn') == '${config.services.matrix-conduit.settings.global.server_name}'" + "evt.Overflow.Alert.GetScenario() in ['crowdsecurity/http-probing', 'crowdsecurity/http-crawl-non_statics']" + ]; + }; + }).outPath; + }; } diff --git a/configuration/services/default.nix b/configuration/services/default.nix deleted file mode 100644 index bee8f44..0000000 --- a/configuration/services/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - imports = [ - ./backups.nix - ./battery-manager.nix - ./conduit - ./crowdsec.nix - ./foundryvtt.nix - ./gitea.nix - ./immich.nix - ./metrics - ./ntfy-sh - ./minecraft.nix - ./nextcloud.nix - ./webserver.nix - ./wireguard.nix - ]; -} diff --git a/configuration/services/foundryvtt.nix b/configuration/services/foundryvtt.nix index d7b9d02..6c475a3 100644 --- a/configuration/services/foundryvtt.nix +++ b/configuration/services/foundryvtt.nix @@ -11,11 +11,6 @@ in { imports = [ flake-inputs.foundryvtt.nixosModules.foundryvtt ]; - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - services = { foundryvtt = { enable = true; @@ -23,7 +18,7 @@ in minifyStaticFiles = true; proxySSL = true; proxyPort = 443; - package = flake-inputs.foundryvtt.packages.${pkgs.stdenv.hostPlatform.system}.foundryvtt_13; + package = flake-inputs.foundryvtt.packages.${pkgs.system}.foundryvtt_13; }; nginx.virtualHosts."${domain}" = diff --git a/configuration/services/gitea.nix b/configuration/services/gitea.nix index b4dd719..613d30c 100644 --- a/configuration/services/gitea.nix +++ b/configuration/services/gitea.nix @@ -8,11 +8,6 @@ let domain = "gitea.${config.services.nginx.domain}"; in { - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - services = { forgejo = { enable = true; diff --git a/configuration/services/immich.nix b/configuration/services/immich.nix index 1255490..516ea3e 100644 --- a/configuration/services/immich.nix +++ b/configuration/services/immich.nix @@ -8,19 +8,11 @@ let hostName = "immich.${config.services.nginx.domain}"; in { - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - services = { immich = { enable = true; settings.server.externalDomain = "https://${hostName}"; - # We're using vectorchord now - database.enableVectors = false; - environment.IMMICH_TELEMETRY_INCLUDE = "all"; }; diff --git a/configuration/services/metrics/exporters.nix b/configuration/services/metrics/exporters.nix index ea57c9b..52c2a46 100644 --- a/configuration/services/metrics/exporters.nix +++ b/configuration/services/metrics/exporters.nix @@ -1,4 +1,9 @@ -{ pkgs, ... }: +{ + config, + pkgs, + lib, + ... +}: let yaml = pkgs.formats.yaml { }; in @@ -63,6 +68,28 @@ in enable = true; listenAddress = "127.0.0.1"; }; + + nginxlog = { + enable = true; + listenAddress = "127.0.0.1"; + group = "nginx"; + + settings.namespaces = lib.mapAttrsToList (name: _: { + inherit name; + metrics_override.prefix = "nginxlog"; + namespace_label = "vhost"; + + format = lib.concatStringsSep " " [ + "$remote_addr - $remote_user [$time_local]" + ''"$request" $status $body_bytes_sent'' + ''"$http_referer" "$http_user_agent"'' + ''rt=$request_time uct="$upstream_connect_time"'' + ''uht="$upstream_header_time" urt="$upstream_response_time"'' + ]; + + source.files = [ "/var/log/nginx/${name}/access.log" ]; + }) config.services.nginx.virtualHosts; + }; }; # TODO(tlater): diff --git a/configuration/services/metrics/grafana.nix b/configuration/services/metrics/grafana.nix index 3b757df..b30806c 100644 --- a/configuration/services/metrics/grafana.nix +++ b/configuration/services/metrics/grafana.nix @@ -3,110 +3,68 @@ let domain = "metrics.${config.services.nginx.domain}"; in { - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - services = { - grafana = { - enable = true; - settings = { - server = { - http_port = 3001; # Default overlaps with gitea - root_url = "https://metrics.tlater.net"; - }; - - security = { - admin_user = "tlater"; - admin_password = "$__file{${config.sops.secrets."grafana/adminPassword".path}}"; - secret_key = "$__file{${config.sops.secrets."grafana/secretKey".path}}"; - cookie_secure = true; - cookie_samesite = "strict"; - content_security_policy = true; - }; - - database = { - user = "grafana"; - name = "grafana"; - type = "postgres"; - host = "/run/postgresql"; - }; + services.grafana = { + enable = true; + settings = { + server = { + http_port = 3001; # Default overlaps with gitea + root_url = "https://metrics.tlater.net"; }; - declarativePlugins = [ - pkgs.grafanaPlugins.victoriametrics-metrics-datasource - pkgs.grafanaPlugins.victoriametrics-logs-datasource - ]; + security = { + admin_user = "tlater"; + admin_password = "$__file{${config.sops.secrets."grafana/adminPassword".path}}"; + secret_key = "$__file{${config.sops.secrets."grafana/secretKey".path}}"; + cookie_secure = true; + cookie_samesite = "strict"; + content_security_policy = true; + }; - provision = { - enable = true; - - datasources.settings.datasources = [ - { - name = "Victoriametrics - tlater.net"; - url = "http://localhost:8428"; - type = "victoriametrics-metrics-datasource"; - access = "proxy"; - isDefault = true; - } - - { - name = "Victorialogs - tlater.net"; - url = "http://${config.services.victorialogs.bindAddress}"; - type = "victoriametrics-logs-datasource"; - access = "proxy"; - } - ]; - - alerting.contactPoints.settings.contactPoints = [ - { - name = "ntfy"; - receivers = [ - { - uid = "ntfy"; - type = "webhook"; - settings.url = "http://${config.services.ntfy-sh.settings.listen-http}/local-alerts?template=grafana"; - } - ]; - } - ]; + database = { + user = "grafana"; + name = "grafana"; + type = "postgres"; + host = "/run/postgresql"; }; }; - postgresql = { - ensureUsers = [ + declarativePlugins = [ + pkgs.grafanaPlugins.victoriametrics-metrics-datasource + pkgs.grafanaPlugins.victoriametrics-logs-datasource + ]; + + provision = { + enable = true; + + datasources.settings.datasources = [ { - name = "grafana"; - ensureDBOwnership = true; + name = "Victoriametrics - tlater.net"; + url = "http://localhost:8428"; + type = "victoriametrics-metrics-datasource"; + access = "proxy"; + isDefault = true; + } + + { + name = "Victorialogs - tlater.net"; + url = "http://${config.services.victorialogs.bindAddress}"; + type = "victoriametrics-logs-datasource"; + access = "proxy"; } ]; - - ensureDatabases = [ "grafana" ]; - }; - - nginx.virtualHosts."${domain}" = { - forceSSL = true; - useACMEHost = "tlater.net"; - enableHSTS = true; - locations = { - "/".proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; - "/api/live" = { - proxyWebsockets = true; - proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; - }; - }; }; }; - sops.secrets = { - "grafana/adminPassword" = { - owner = "grafana"; - group = "grafana"; - }; - "grafana/secretKey" = { - owner = "grafana"; - group = "grafana"; + services.nginx.virtualHosts."${domain}" = { + forceSSL = true; + useACMEHost = "tlater.net"; + enableHSTS = true; + locations = { + "/".proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; + "/api/live" = { + proxyWebsockets = true; + proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; + }; }; }; } diff --git a/configuration/services/metrics/victoriametrics.nix b/configuration/services/metrics/victoriametrics.nix index 3befec0..f37b8b0 100644 --- a/configuration/services/metrics/victoriametrics.nix +++ b/configuration/services/metrics/victoriametrics.nix @@ -4,7 +4,7 @@ let blackbox_port = config.services.prometheus.exporters.blackbox.port; in { - services.victoriametrics = { + config.services.victoriametrics = { enable = true; extraOptions = [ "-storage.minFreeDiskSpaceBytes=5GB" ]; @@ -68,18 +68,32 @@ in coturn.targets = [ "127.0.0.1:9641" ]; + crowdsec.targets = + let + address = config.security.crowdsec.settings.prometheus.listen_addr; + port = config.security.crowdsec.settings.prometheus.listen_port; + in + [ "${address}:${toString port}" ]; + + csFirewallBouncer.targets = + let + address = + config.security.crowdsec.remediationComponents.firewallBouncer.settings.prometheus.listen_addr; + port = + config.security.crowdsec.remediationComponents.firewallBouncer.settings.prometheus.listen_port; + in + [ "${address}:${toString port}" ]; + immich.targets = [ "127.0.0.1:8081" "127.0.0.1:8082" ]; + # Configured in the hookshot listeners, but it's hard to filter + # the correct values out of that config. + matrixHookshot.targets = [ "127.0.0.1:9001" ]; + victorialogs.targets = [ config.services.victorialogs.bindAddress ]; }; }; - - sops.secrets."forgejo/metrics-token" = { - owner = "forgejo"; - group = "metrics"; - mode = "0440"; - }; } diff --git a/configuration/services/nextcloud.nix b/configuration/services/nextcloud.nix index 6628d07..4af77a9 100644 --- a/configuration/services/nextcloud.nix +++ b/configuration/services/nextcloud.nix @@ -5,15 +5,10 @@ ... }: let - nextcloud = pkgs.nextcloud32; + nextcloud = pkgs.nextcloud31; hostName = "nextcloud.${config.services.nginx.domain}"; in { - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - services = { nextcloud = { inherit hostName; @@ -103,22 +98,6 @@ in }; }; - services.postgresql = { - ensureUsers = [ - { - name = "nextcloud"; - ensureDBOwnership = true; - } - ]; - - ensureDatabases = [ "nextcloud" ]; - }; - # Ensure that this service doesn't start before postgres is ready - systemd.services.nextcloud-setup.after = [ "postgresql.target" ]; - - sops.secrets."nextcloud/tlater" = { - owner = "nextcloud"; - group = "nextcloud"; - }; + systemd.services.nextcloud-setup.after = [ "postgresql.service" ]; } diff --git a/configuration/services/ntfy-sh/default.nix b/configuration/services/ntfy-sh/default.nix deleted file mode 100644 index 9cca567..0000000 --- a/configuration/services/ntfy-sh/default.nix +++ /dev/null @@ -1,188 +0,0 @@ -{ - pkgs, - config, - flake-inputs, - ... -}: -let - domain = "ntfy.${config.services.nginx.domain}"; -in -{ - imports = [ ./downstream-module.nix ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - services.ntfy-sh = { - enable = true; - - environmentFile = config.sops.secrets."ntfy/users".path; - - settings = { - base-url = "https://${domain}"; - listen-http = "127.0.0.1:2586"; - behind-proxy = true; - - # Paths - attachment-cache-dir = "/var/lib/ntfy-sh/attachments"; - cache-file = "/var/lib/ntfy-sh/cache-file.db"; - auth-file = "/var/lib/ntfy-sh/user.db"; - auth-default-access = "deny-all"; - auth-access = [ "*:local-*:wo" ]; - - # Don't want to host the front-end - web-root = "disable"; - }; - }; - - services.nginx.virtualHosts."ntfy.${config.services.nginx.domain}" = { - forceSSL = true; - useACMEHost = "tlater.net"; - enableHSTS = true; - - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://${config.services.ntfy-sh.settings.listen-http}"; - extraConfig = '' - client_max_body_size 0; # Stream request body to backend - ''; - }; - - # Don't allow writing to topics with the local prefix, *including* - # webhook writes, since they are set to write-only access from - # anyone. - locations."/local" = { - proxyWebsockets = true; - proxyPass = "http://${config.services.ntfy-sh.settings.listen-http}"; - extraConfig = '' - client_max_body_size 0; # Stream request body to backend - - limit_except GET OPTIONS { - deny all; - } - - location ~ /trigger$ { - deny all; - } - ''; - }; - }; - - sops.secrets."ntfy/users" = { }; - - serviceTests = { - testNtfyConfig = pkgs.testers.runNixOSTest { - name = "test-ntfy-config"; - - node.specialArgs = { inherit flake-inputs; }; - nodes = { - testHost = - { lib, ... }: - { - imports = [ - ./. - ../../nginx - ../../../modules/serviceTests/mocks.nix - ]; - - services.nginx.domain = "testHost"; - - # Don't care for testing SSL here - services.nginx.virtualHosts."ntfy.testHost" = { - forceSSL = lib.mkForce false; - enableHSTS = lib.mkForce false; - }; - }; - - client = - { pkgs, ... }: - { - environment.systemPackages = [ pkgs.curl ]; - networking.hosts."192.168.1.2" = [ "ntfy.testHost" ]; - }; - }; - - testScript = '' - import json - import time - from contextlib import contextmanager - - def read_client_messages(): - client.wait_for_unit("messages.service") - messages = [json.loads(line) for line in client.succeed("cat messages").split()] - client.succeed("systemctl stop messages.service") - client.succeed("rm messages") - - print(messages) - - return messages - - @contextmanager - def client_subscribe(topic: str, timeout: int = 2): - systemd_invocation = [ - "systemd-run", - "--unit messages", - "--property=Type=oneshot", - "--property=SuccessExitStatus=28", - "--remain-after-exit", - "--setenv=PATH=$PATH", - "--same-dir", - "--no-block", - "/bin/sh -c" - ] - - curl = [ - "curl", - "--silent", - "--show-error", - f"--max-time {2 + timeout}", - "-u tlater:insecure", - f"http://ntfy.testHost/{topic}/json", - "-o messages" - ] - - client.succeed(f'{" ".join(systemd_invocation)} "{" ".join(curl)}"') - - # Give some slack so the host doesn't send messages before - # we're listening - time.sleep(2) - - yield - - - start_all() - testHost.wait_for_unit("ntfy-sh.service") - client.wait_until_succeeds("curl http://ntfy.testHost") - - with subtest("subscribing and writing to local topics works"): - with client_subscribe("local-test"): - testHost.succeed("curl --fail --silent --show-error --data test http://127.0.0.1:2586/local-test") - - messages = read_client_messages() - t.assertEqual(len(messages), 2) - t.assertEqual(messages[1].get("message"), "test") - - with subtest("writing to non-local topics without auth fails"): - testHost.fail("curl --fail --silent --show-error --data test http://127.0.0.1:2586/test") - - with subtest("writing to *any* topics from outside localhost fails"): - client.fail("curl --fail --silent --show-error --data test http://ntfy.testHost/test") - client.fail("curl --fail --silent --show-error --data test http://ntfy.testHost/local-test") - # GET requests work by default because websocket shenanigans - client.fail("curl --fail --silent --show-error http://ntfy.testHost/local-test/trigger?message=test") - - with subtest("authenticated messaging works from outside localhost"): - with client_subscribe("test", 10): - client.succeed("curl -u tlater:insecure --fail --silent --show-error --data test http://ntfy.testHost/test") - client.succeed("curl -u tlater:insecure --fail --silent --show-error http://ntfy.testHost/test/trigger?message=test2") - - messages = read_client_messages() - t.assertEqual(len(messages), 3) - t.assertEqual(messages[1].get("message"), "test") - t.assertEqual(messages[2].get("message"), "test2") - ''; - }; - }; -} diff --git a/configuration/services/ntfy-sh/downstream-module.nix b/configuration/services/ntfy-sh/downstream-module.nix deleted file mode 100644 index c3a9634..0000000 --- a/configuration/services/ntfy-sh/downstream-module.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -let - cfg = config.services.ntfy-sh; - settingsFormat = pkgs.formats.yaml { }; - configFile = settingsFormat.generate "server.yml" cfg.settings; -in -{ - # We don't use the upstream module because it's stupid; the author - # doesn't seem to understand `DynamicUser` (or at least be unaware of - # systemd credentials). - disabledModules = [ "services/misc/ntfy-sh.nix" ]; - - options.services.ntfy-sh = { - enable = lib.mkEnableOption "[ntfy-sh](https://ntfy.sh), a push notification service"; - package = lib.mkPackageOption pkgs "ntfy-sh" { }; - environmentFile = lib.mkOption { - type = lib.types.nullOr lib.types.path; - default = null; - description = '' - Environment file; intended to be used for user provisioning. - ''; - }; - - settings = lib.mkOption { - inherit (settingsFormat) type; - default = { }; - description = '' - Configuration for ntfy.sh, supported values are [here](https://ntfy.sh/docs/config/#config-options). - ''; - }; - }; - - config.systemd.services.ntfy-sh = { - description = "Push notifications server"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - Type = "exec"; - ExecReload = "kill --signal HUP $MAINPID"; - ExecStart = "${lib.getExe' cfg.package "ntfy"} serve -c ${configFile}"; - - EnvironmentFile = cfg.environmentFile; - - StateDirectory = "ntfy-sh"; - - DynamicUser = true; - PrivateTmp = true; - NoNewPrivileges = true; - ProtectSystem = "full"; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - PrivateDevices = true; - RestrictSUIDSGID = true; - RestrictNamespaces = true; - RestrictRealtime = true; - MemoryDenyWriteExecute = true; - # Upstream Recommandation - LimitNOFILE = 20500; - }; - }; -} diff --git a/configuration/services/postgres.nix b/configuration/services/postgres.nix new file mode 100644 index 0000000..ddb2c82 --- /dev/null +++ b/configuration/services/postgres.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: +{ + services.postgresql = { + package = pkgs.postgresql_14; + enable = true; + + # Only enable connections via the unix socket, and check with the + # OS to make sure the user matches the database name. + # + # See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html + authentication = '' + local sameuser all peer + ''; + + # Note: The following options with ensure.* are set-only; i.e., + # when permissions/users/databases are removed from these lists, + # that operation needs to be performed manually on the system as + # well. + ensureUsers = [ + { + name = "authelia"; + ensureDBOwnership = true; + } + { + name = "grafana"; + ensureDBOwnership = true; + } + { + name = "nextcloud"; + ensureDBOwnership = true; + } + ]; + + ensureDatabases = [ + "authelia" + "grafana" + "nextcloud" + ]; + }; +} diff --git a/configuration/services/starbound.nix b/configuration/services/starbound.nix new file mode 100644 index 0000000..f5b23c3 --- /dev/null +++ b/configuration/services/starbound.nix @@ -0,0 +1,117 @@ +{ pkgs, lib, ... }: +let + inherit (lib) concatStringsSep; +in +{ + # Sadly, steam-run requires some X libs + environment.noXlibs = false; + + systemd.services.starbound = { + description = "Starbound"; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.local.starbound}/bin/launch-starbound ${./configs/starbound.json}"; + + Type = "simple"; + + # Credential loading for steam auth (if necessary; prefer + # anonymous login wherever possible). + LoadCredential = "steam:/run/secrets/steam/tlater"; + + # Security settings + DynamicUser = true; + + # This is where the StateDirectory ends up + WorkingDirectory = "/var/lib/starbound"; + # Creates /var/lib/starbound (or rather, a symlink there to + # /var/lib/private/starbound), and sets it up to be writeable to + # by the dynamic user. + StateDirectory = "starbound"; + + # Note some settings below are basically tautologous with + # `NoNewPrivileges`, but they all work slightly differently so + # add additional layers in case of bugs. + + ## THESE SETTINGS ARE A GOOD IDEA BUT THE STEAM CLIENT IS + ## REALLY, REALLY BAD, AND FOR SOME REASON I NEED TO USE IT TO + ## DOWNLOAD GAME SERVERS AS WELL: + ## + # To guarantee the above (only permits 64-bit syscalls, 32-bit + # syscalls can circumvent the above restrictions). + # + # Obviously, if running a 32 bit game server, change this. + # SystemCallArchitectures = "native"; + # Game servers shouldn't need to create new namespaces ever. + # + # TODO: Since steam uses namespaces for things *entirely + # unrelated* to installing game servers, we need to allow + # namespace access. Ideally I'd instead do this in an + # ExecStartPre, but alas, this isn't possible because of + # https://github.com/systemd/systemd/issues/19604. + # + # RestrictNamespaces = true; + + # Don't need to let the game server see other user accounts + PrivateUsers = true; + # *Probably* not harmful for game servers, which probably don't update dynamically + ProtectHostname = true; + # Yeah, if a game server tries to edit the hardware clock something's fishy + ProtectClock = true; + # Don't let game servers modify kernel settings, duh + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + # Game servers shouldn't use cgroups themselves either + ProtectControlGroups = true; + # Most game servers will never need other socket types + RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; + # Also a no-brainer, no game server should ever need this + LockPersonality = true; + # Some game servers will probably try to set this, but they + # don't need it. It's only required for audio processing and + # such, which the server end doesn't need to do. + RestrictRealtime = true; + # Don't allow a variety of syscalls that gameservers have no + # business using anyway + SystemCallFilter = + "~" + + (concatStringsSep " " [ + "@clock" + "@cpu-emulation" + "@debug" + "@keyring" + "@memlock" + "@module" + # "@mount" TODO: Consider adding when steamcmd is run in ExecStartPre + "@obsolete" + "@raw-io" + "@reboot" + # "@resources" TODO: Ditto + "@setuid" + "@swap" + ]); + # Normally only "read-only", but steamcmd will puke if there is + # no home directory to write to (though the nix package will + # implicitly symlink to the path that we set in its override, so + # no actual files are created, besides a symlink). + ProtectHome = "tmpfs"; + + # Implied by DynamicUser anyway, but it doesn't hurt to add + # these explicitly, at least for reference. + RemoveIPC = true; + PrivateTmp = true; + PrivateDevices = true; + NoNewPrivileges = true; + RestrictSUIDSGID = true; + ProtectSystem = "strict"; + # ProtectHome = "read-only"; # See further up + }; + }; + + services.backups.starbound = { + user = "root"; + paths = [ "/var/lib/private/starbound/storage/universe/" ]; + pauseServices = [ "starbound.service" ]; + }; +} diff --git a/configuration/services/webserver.nix b/configuration/services/webserver.nix index ffe7480..864f6c0 100644 --- a/configuration/services/webserver.nix +++ b/configuration/services/webserver.nix @@ -1,79 +1,28 @@ -{ - pkgs, - config, - lib, - flake-inputs, - ... -}: +{ config, ... }: let inherit (config.services.nginx) domain; in { - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - systemd.services.tlaternet-webserver = { - description = "tlater.net webserver"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - script = '' - ${lib.getExe flake-inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.webserver} - ''; - - environment = { - TLATERNET_NTFY_INSTANCE = "http://${config.services.ntfy-sh.settings.listen-http}"; - LEPTOS_SITE_ADDR = "127.0.0.1:8000"; - }; - - serviceConfig = { - Type = "exec"; - LoadCredential = "ntfy-topic:/run/secrets/tlaternet/ntfy-topic"; - - DynamicUser = true; - ProtectHome = true; # Override the default (read-only) - PrivateDevices = true; - PrivateIPC = true; - PrivateUsers = true; - ProtectHostname = true; - ProtectClock = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - RestrictAddressFamilies = [ - "AF_UNIX" - "AF_INET" - "AF_INET6" - ]; - RestrictNamespaces = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged @resources @setuid @keyring" - ]; + services.tlaternet-webserver = { + enable = true; + listen = { + addr = "127.0.0.1"; + port = 8000; }; }; # Set up SSL - services.nginx.virtualHosts."${domain}" = { - serverAliases = [ "www.${domain}" ]; + services.nginx.virtualHosts."${domain}" = + let + inherit (config.services.tlaternet-webserver.listen) addr port; + in + { + serverAliases = [ "www.${domain}" ]; - forceSSL = true; - useACMEHost = "tlater.net"; - enableHSTS = true; + forceSSL = true; + useACMEHost = "tlater.net"; + enableHSTS = true; - locations."/".proxyPass = - "http://${config.systemd.services.tlaternet-webserver.environment.LEPTOS_SITE_ADDR}"; - }; - - sops.secrets = { - "tlaternet/ntfy-topic" = { }; - }; + locations."/".proxyPass = "http://${addr}:${toString port}"; + }; } diff --git a/configuration/services/wireguard.nix b/configuration/services/wireguard.nix index d4ab090..a6b7763 100644 --- a/configuration/services/wireguard.nix +++ b/configuration/services/wireguard.nix @@ -62,10 +62,4 @@ }; }; }; - - sops.secrets."wireguard/server-key" = { - owner = "root"; - group = "systemd-network"; - mode = "0440"; - }; } diff --git a/configuration/sops.nix b/configuration/sops.nix new file mode 100644 index 0000000..0337438 --- /dev/null +++ b/configuration/sops.nix @@ -0,0 +1,89 @@ +{ + sops = { + defaultSopsFile = ../keys/production.yaml; + + secrets = { + "battery-manager/email" = { }; + + "battery-manager/password" = { }; + + # Gitea + "forgejo/metrics-token" = { + owner = "forgejo"; + group = "metrics"; + mode = "0440"; + }; + + # Grafana + "grafana/adminPassword" = { + owner = "grafana"; + group = "grafana"; + }; + "grafana/secretKey" = { + owner = "grafana"; + group = "grafana"; + }; + + # Heisenbridge + "heisenbridge/as-token" = { }; + "heisenbridge/hs-token" = { }; + + # Matrix-hookshot + "matrix-hookshot/as-token" = { }; + "matrix-hookshot/hs-token" = { }; + + # Nextcloud + "nextcloud/tlater" = { + owner = "nextcloud"; + group = "nextcloud"; + }; + + # Porkbub/ACME + "porkbun/api-key" = { + owner = "acme"; + }; + "porkbun/secret-api-key" = { + owner = "acme"; + }; + + # Restic + "restic/local-backups" = { + owner = "root"; + group = "backup"; + mode = "0440"; + }; + "restic/storagebox-backups" = { + owner = "root"; + group = "backup"; + mode = "0440"; + }; + "restic/storagebox-ssh-key" = { + owner = "backup"; + group = "backup"; + mode = "0040"; + }; + + # Steam + "steam/tlater" = { }; + + # Turn + "turn/env" = { }; + "turn/secret" = { + owner = "turnserver"; + }; + "turn/ssl-key" = { + owner = "turnserver"; + }; + "turn/ssl-cert" = { + owner = "turnserver"; + }; + + # Wireguard + "wireguard/server-key" = { + owner = "root"; + group = "systemd-network"; + mode = "0440"; + }; + }; + }; +} diff --git a/dev-utils.nix b/dev-utils.nix deleted file mode 100644 index bfa0d17..0000000 --- a/dev-utils.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ self, ... }: -{ - # Systems on which to make dev utilities runnable; anything - # NixOS-related encodes its own system. - systems = [ "x86_64-linux" ]; - - perSystem = - { - inputs', - self', - pkgs, - lib, - ... - }: - { - apps = { - default = self'.apps.runVm; - - runVm = { - type = "app"; - program = lib.getExe self.nixosConfigurations.hetzner-1.config.system.build.vm; - meta.description = "Run the test VM"; - }; - }; - - devShells = { - default = pkgs.mkShell { - sopsPGPKeyDirs = [ - "./keys/hosts/" - "./keys/users/" - ]; - - packages = lib.attrValues { - inherit (inputs'.sops-nix.packages) sops-import-keys-hook sops-init-gpg-key; - inherit (pkgs) deploy-rs; - }; - }; - - minecraft = pkgs.mkShell { packages = lib.attrValues { inherit (pkgs) packwiz; }; }; - webserver = self'.packages.webserver.devShell; - }; - }; -} diff --git a/flake.lock b/flake.lock index 3094d19..a62c357 100644 --- a/flake.lock +++ b/flake.lock @@ -10,10 +10,7 @@ "sonnenshift", "crate2nix" ], - "nixpkgs": [ - "sonnenshift", - "nixpkgs" - ], + "nixpkgs": "nixpkgs_3", "pre-commit-hooks": [ "sonnenshift", "crate2nix" @@ -34,27 +31,90 @@ "type": "github" } }, + "cachix_2": { + "inputs": { + "devenv": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable" + ], + "flake-compat": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable" + ], + "nixpkgs": "nixpkgs_4", + "pre-commit-hooks": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable" + ] + }, + "locked": { + "lastModified": 1716549461, + "narHash": "sha256-lHy5kgx6J8uD+16SO47dPrbob98sh+W1tf4ceSqPVK4=", + "owner": "cachix", + "repo": "cachix", + "rev": "e2bb269fb8c0828d5d4d2d7b8d09ea85abcacbd4", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "cachix_3": { + "inputs": { + "devenv": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "crate2nix_stable" + ], + "flake-compat": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "crate2nix_stable" + ], + "nixpkgs": "nixpkgs_5", + "pre-commit-hooks": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "crate2nix_stable" + ] + }, + "locked": { + "lastModified": 1716549461, + "narHash": "sha256-lHy5kgx6J8uD+16SO47dPrbob98sh+W1tf4ceSqPVK4=", + "owner": "cachix", + "repo": "cachix", + "rev": "e2bb269fb8c0828d5d4d2d7b8d09ea85abcacbd4", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, "crate2nix": { "inputs": { "cachix": "cachix", - "crate2nix_stable": [ - "sonnenshift", - "crate2nix" - ], - "devshell": "devshell", - "flake-compat": [ - "deploy-rs", - "flake-compat" - ], - "flake-parts": [ - "flake-parts" - ], - "nix-test-runner": "nix-test-runner", + "crate2nix_stable": "crate2nix_stable", + "devshell": "devshell_3", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_3", + "nix-test-runner": "nix-test-runner_3", "nixpkgs": [ "sonnenshift", "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks" + "pre-commit-hooks": "pre-commit-hooks_3" }, "locked": { "lastModified": 1739473963, @@ -70,20 +130,89 @@ "type": "github" } }, + "crate2nix_stable": { + "inputs": { + "cachix": "cachix_2", + "crate2nix_stable": "crate2nix_stable_2", + "devshell": "devshell_2", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_2", + "nix-test-runner": "nix-test-runner_2", + "nixpkgs": "nixpkgs_7", + "pre-commit-hooks": "pre-commit-hooks_2" + }, + "locked": { + "lastModified": 1719760004, + "narHash": "sha256-esWhRnt7FhiYq0CcIxw9pvH+ybOQmWBfHYMtleaMhBE=", + "owner": "nix-community", + "repo": "crate2nix", + "rev": "1dee214bb20855fa3e1e7bb98d28922ddaff8c57", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "0.14.1", + "repo": "crate2nix", + "type": "github" + } + }, + "crate2nix_stable_2": { + "inputs": { + "cachix": "cachix_3", + "crate2nix_stable": "crate2nix_stable_3", + "devshell": "devshell", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "nix-test-runner": "nix-test-runner", + "nixpkgs": "nixpkgs_6", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1712821484, + "narHash": "sha256-rGT3CW64cJS9nlnWPFWSc1iEa3dNZecVVuPVGzcsHe8=", + "owner": "nix-community", + "repo": "crate2nix", + "rev": "42883afcad3823fa5811e967fb7bff54bc3c9d6d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "0.14.0", + "repo": "crate2nix", + "type": "github" + } + }, + "crate2nix_stable_3": { + "inputs": { + "flake-utils": "flake-utils" + }, + "locked": { + "lastModified": 1702842982, + "narHash": "sha256-A9AowkHIjsy1a4LuiPiVP88FMxyCWK41flZEZOUuwQM=", + "owner": "nix-community", + "repo": "crate2nix", + "rev": "75ac2973affa6b9b4f661a7b592cba6e4f51d426", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "0.12.0", + "repo": "crate2nix", + "type": "github" + } + }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "utils": "utils" }, "locked": { - "lastModified": 1770019181, - "narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=", + "lastModified": 1756719547, + "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", "owner": "serokell", "repo": "deploy-rs", - "rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171", + "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", "type": "github" }, "original": { @@ -94,10 +223,56 @@ }, "devshell": { "inputs": { - "flake-utils": [ - "deploy-rs", - "utils" - ], + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "crate2nix_stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", + "owner": "numtide", + "repo": "devshell", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_2": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", + "owner": "numtide", + "repo": "devshell", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_3": { + "inputs": { + "flake-utils": "flake-utils_4", "nixpkgs": [ "sonnenshift", "crate2nix", @@ -125,11 +300,11 @@ ] }, "locked": { - "lastModified": 1771355198, - "narHash": "sha256-89m5VKxIs8QNiIvLsxHu5NpyhDsoXTtoN801IAurnW4=", + "lastModified": 1760701190, + "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", "owner": "nix-community", "repo": "disko", - "rev": "92fceb111901a6f13e81199be4fab95fce86a5c9", + "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", "type": "github" }, "original": { @@ -138,6 +313,48 @@ "type": "github" } }, + "dream2nix": { + "inputs": { + "nixpkgs": "nixpkgs_8", + "purescript-overlay": "purescript-overlay", + "pyproject-nix": "pyproject-nix" + }, + "locked": { + "lastModified": 1735160684, + "narHash": "sha256-n5CwhmqKxifuD4Sq4WuRP/h5LO6f23cGnSAuJemnd/4=", + "owner": "nix-community", + "repo": "dream2nix", + "rev": "8ce6284ff58208ed8961681276f82c2f8f978ef4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dream2nix", + "type": "github" + } + }, + "fenix": { + "inputs": { + "nixpkgs": [ + "tlaternet-webserver", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1737181903, + "narHash": "sha256-lvp77MhGzSN+ICd0MugppCjQR6cmlM2iAC5cjy2ZsaA=", + "owner": "nix-community", + "repo": "fenix", + "rev": "ac79bb490b8c1af4bbc587b84c76f9527d6b14f7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -154,16 +371,80 @@ "type": "github" } }, + "flake-compat_2": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_3": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_4": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "crate2nix_stable", + "nixpkgs" + ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1719745305, + "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9", "type": "github" }, "original": { @@ -172,23 +453,138 @@ "type": "github" } }, - "flint": { + "flake-parts_2": { "inputs": { - "nixpkgs": [ + "nixpkgs-lib": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", "nixpkgs" ] }, "locked": { - "lastModified": 1767431140, - "narHash": "sha256-ug37Jt6r8LP3161suTh6IW+fkx0a7kiSAhAPsVcPrkA=", - "owner": "NotAShelf", - "repo": "flint", - "rev": "7832a5b5f5ef1243818f8f5e357ad1ee2d35d2b7", + "lastModified": 1719745305, + "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9", "type": "github" }, "original": { - "owner": "NotAShelf", - "repo": "flint", + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "sonnenshift", + "crate2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", "type": "github" } }, @@ -199,11 +595,11 @@ ] }, "locked": { - "lastModified": 1767491610, - "narHash": "sha256-/Nldo9ILD7T5aQKuyeUccNPXjhNBrovGXEoi5k7m9Bo=", + "lastModified": 1757786467, + "narHash": "sha256-gx3THVUlpycVrUFC9vGhAtYRLI7dJtHyo67Zdq5Hadc=", "owner": "reckenrode", "repo": "nix-foundryvtt", - "rev": "35e789ba383fbfaa9039005b9b24669c5be6b8ab", + "rev": "1bbc26a28d320fb336d94e9f3cc6b92c035fab20", "type": "github" }, "original": { @@ -213,6 +609,55 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "crate2nix_stable", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_3": { "inputs": { "nixpkgs": [ "sonnenshift", @@ -251,31 +696,157 @@ "type": "github" } }, - "nixpkgs": { + "nix-test-runner_2": { + "flake": false, "locked": { - "lastModified": 1771208521, - "narHash": "sha256-G2qGwj2t77kM0hZatRrTp2+50obn4ssSXoLCrJKZtgQ=", - "rev": "fa56d7d6de78f5a7f997b0ea2bc6efd5868ad9e8", - "type": "tarball", - "url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.6074.fa56d7d6de78/nixexprs.tar.xz" - }, - "original": { - "type": "tarball", - "url": "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz" - } - }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", + "lastModified": 1588761593, + "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=", + "owner": "stoeffel", + "repo": "nix-test-runner", + "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", + "owner": "stoeffel", + "repo": "nix-test-runner", + "type": "github" + } + }, + "nix-test-runner_3": { + "flake": false, + "locked": { + "lastModified": 1588761593, + "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=", + "owner": "stoeffel", + "repo": "nix-test-runner", + "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2", + "type": "github" + }, + "original": { + "owner": "stoeffel", + "repo": "nix-test-runner", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1743014863, + "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1760782625, + "narHash": "sha256-qeSmHF66cMiHObiBhm8IngmqDBEcqNdBSSoAjuE6tTw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f2ee78c4eb601be36a277e1779a7a87655419dad", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1700612854, + "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1715534503, + "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1715534503, + "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1719506693, + "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=", + "path": "/nix/store/4p0avw1s3vf27hspgqsrqs37gxk4i83i-source", + "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1719506693, + "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=", + "path": "/nix/store/4p0avw1s3vf27hspgqsrqs37gxk4i83i-source", + "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1729850857, + "narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "41dea55321e5a999b17033296ac05fe8a8b5a257", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", "type": "github" } }, @@ -284,15 +855,85 @@ "flake-compat": [ "sonnenshift", "crate2nix", + "crate2nix_stable", + "crate2nix_stable", "flake-compat" ], - "flake-utils": [ + "gitignore": "gitignore", + "nixpkgs": [ "sonnenshift", "crate2nix", - "devshell", - "flake-utils" + "crate2nix_stable", + "crate2nix_stable", + "nixpkgs" ], - "gitignore": "gitignore", + "nixpkgs-stable": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "crate2nix_stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719259945, + "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_2": { + "inputs": { + "flake-compat": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "flake-compat" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "nixpkgs" + ], + "nixpkgs-stable": [ + "sonnenshift", + "crate2nix", + "crate2nix_stable", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719259945, + "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_3": { + "inputs": { + "flake-compat": [ + "sonnenshift", + "crate2nix", + "flake-compat" + ], + "flake-utils": "flake-utils_5", + "gitignore": "gitignore_3", "nixpkgs": [ "sonnenshift", "crate2nix", @@ -318,16 +959,96 @@ "type": "github" } }, + "purescript-overlay": { + "inputs": { + "flake-compat": "flake-compat_5", + "nixpkgs": [ + "tlaternet-webserver", + "dream2nix", + "nixpkgs" + ], + "slimlock": "slimlock" + }, + "locked": { + "lastModified": 1728546539, + "narHash": "sha256-Sws7w0tlnjD+Bjck1nv29NjC5DbL6nH5auL9Ex9Iz2A=", + "owner": "thomashoneyman", + "repo": "purescript-overlay", + "rev": "4ad4c15d07bd899d7346b331f377606631eb0ee4", + "type": "github" + }, + "original": { + "owner": "thomashoneyman", + "repo": "purescript-overlay", + "type": "github" + } + }, + "pyproject-nix": { + "flake": false, + "locked": { + "lastModified": 1702448246, + "narHash": "sha256-hFg5s/hoJFv7tDpiGvEvXP0UfFvFEDgTdyHIjDVHu1I=", + "owner": "davhau", + "repo": "pyproject.nix", + "rev": "5a06a2697b228c04dd2f35659b4b659ca74f7aeb", + "type": "github" + }, + "original": { + "owner": "davhau", + "ref": "dream2nix", + "repo": "pyproject.nix", + "type": "github" + } + }, "root": { "inputs": { "deploy-rs": "deploy-rs", "disko": "disko", - "flake-parts": "flake-parts", - "flint": "flint", "foundryvtt": "foundryvtt", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "sonnenshift": "sonnenshift", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "tlaternet-webserver": "tlaternet-webserver" + } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1737140097, + "narHash": "sha256-m4SN8DeKzsP10EQFS7+2zgGfCrMhTfTt1H0QRNesD08=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "f61bfa4d7feb84d07538d361fe77d34a29e3b375", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "slimlock": { + "inputs": { + "nixpkgs": [ + "tlaternet-webserver", + "dream2nix", + "purescript-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688756706, + "narHash": "sha256-xzkkMv3neJJJ89zo3o2ojp7nFeaZc2G0fYwNXNJRFlo=", + "owner": "thomashoneyman", + "repo": "slimlock", + "rev": "cf72723f59e2340d24881fd7bf61cb113b4c407c", + "type": "github" + }, + "original": { + "owner": "thomashoneyman", + "repo": "slimlock", + "type": "github" } }, "sonnenshift": { @@ -338,11 +1059,11 @@ ] }, "locked": { - "lastModified": 1764578400, - "narHash": "sha256-8V0SpIcYyjpP+nAHfYJDof7CofLTwVVDo5QLZ0epjOQ=", + "lastModified": 1748144928, + "narHash": "sha256-OPdi6AjrWWwZlukNwDHDWAf1CCFkHsf8JbA3rJoibXM=", "ref": "refs/heads/main", - "rev": "bf17617899692c9c2bfebfce87320a4174e6dc28", - "revCount": 27, + "rev": "429036aa8630d2325f8a9f067cc041d628279a8e", + "revCount": 24, "type": "git", "url": "ssh://git@github.com/sonnenshift/battery-manager" }, @@ -358,11 +1079,11 @@ ] }, "locked": { - "lastModified": 1771166946, - "narHash": "sha256-UFc4lfGBr+wJmwgDGJDn1cVD6DTr0/8TdronNUiyXlU=", + "lastModified": 1760393368, + "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2d0cf89b4404529778bc82de7e42b5754e0fe4fa", + "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", "type": "github" }, "original": { @@ -386,6 +1107,103 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tlaternet-webserver": { + "inputs": { + "dream2nix": "dream2nix", + "fenix": "fenix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737271785, + "narHash": "sha256-yVdaaawYK1/q9V5btfGpxVCQBdyQx1WcFHYO0yX5bP8=", + "ref": "refs/heads/master", + "rev": "5d3d84836101ec9b9867a5f754c9ee1b9d4dc538", + "revCount": 76, + "type": "git", + "url": "https://gitea.tlater.net/tlaternet/tlaternet.git" + }, + "original": { + "type": "git", + "url": "https://gitea.tlater.net/tlaternet/tlaternet.git" + } + }, "utils": { "inputs": { "systems": "systems" diff --git a/flake.nix b/flake.nix index 8680b59..76d612f 100644 --- a/flake.nix +++ b/flake.nix @@ -1,34 +1,21 @@ { + description = "tlater.net host configuration"; + inputs = { - nixpkgs.url = "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz"; - flake-parts.url = "github:hercules-ci/flake-parts"; - - ## Nix/OS utilities - + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05-small"; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; - - deploy-rs = { - url = "github:serokell/deploy-rs"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - + deploy-rs.url = "github:serokell/deploy-rs"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - - ## Programs - - flint = { - url = "github:NotAShelf/flint"; + tlaternet-webserver = { + url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git"; inputs.nixpkgs.follows = "nixpkgs"; }; - - ## Services - foundryvtt = { url = "github:reckenrode/nix-foundryvtt"; inputs.nixpkgs.follows = "nixpkgs"; @@ -36,54 +23,118 @@ sonnenshift = { url = "git+ssh://git@github.com/sonnenshift/battery-manager"; - inputs = { - nixpkgs.follows = "nixpkgs"; - crate2nix.inputs = { - flake-compat.follows = "deploy-rs/flake-compat"; - devshell.inputs.flake-utils.follows = "deploy-rs/utils"; - flake-parts.follows = "flake-parts"; - }; - }; + inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = - { flake-parts, ... }@inputs: - flake-parts.lib.mkFlake { inherit inputs; } ( - { self, ... }@args: - { - imports = [ - (flake-parts.lib.importApply ./flakeModules/deploy-rs.nix args) - ./checks - ./dev-utils.nix - ./pkgs - ]; + { + self, + nixpkgs, + sops-nix, + deploy-rs, + ... + }@inputs: + let + system = "x86_64-linux"; - flake.nixosConfigurations.hetzner-1 = inputs.nixpkgs.lib.nixosSystem { + vm = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs.flake-inputs = inputs; + + modules = [ + ./configuration + ./configuration/hardware-specific/vm.nix + ]; + }; + in + { + ################## + # Configurations # + ################## + nixosConfigurations = { + # The actual system definition + hetzner-1 = nixpkgs.lib.nixosSystem { + inherit system; specialArgs.flake-inputs = inputs; + modules = [ ./configuration ./configuration/hardware-specific/hetzner ]; }; + }; - deploy.nodes.hetzner-1 = { + ############################ + # Deployment configuration # + ############################ + deploy.nodes = { + hetzner-1 = { hostname = "116.202.158.55"; profiles.system = { user = "root"; - activation = "nixos"; - closure = self.nixosConfigurations.hetzner-1; + path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.hetzner-1; + }; - sshUser = "tlater"; - sshOpts = [ - "-p" - "2222" - "-o" - "ForwardAgent=yes" - ]; + sshUser = "tlater"; + sshOpts = [ + "-p" + "2222" + "-o" + "ForwardAgent=yes" + ]; + }; + }; + + ######### + # Tests # + ######### + checks.${system} = import ./checks (inputs // { inherit system; }); + + ########################### + # Garbage collection root # + ########################### + + packages.${system} = { + default = vm.config.system.build.vm; + } + // import ./pkgs { pkgs = nixpkgs.legacyPackages.${system}; }; + + ################### + # Utility scripts # + ################### + apps.${system} = { + default = self.apps.${system}.run-vm; + + run-vm = { + type = "app"; + program = + (nixpkgs.legacyPackages.${system}.writeShellScript "" '' + ${vm.config.system.build.vm.outPath}/bin/run-testvm-vm + '').outPath; + }; + }; + + ########################### + # Development environment # + ########################### + devShells.${system} = { + default = nixpkgs.legacyPackages.${system}.mkShell { + sopsPGPKeyDirs = [ + "./keys/hosts/" + "./keys/users/" + ]; + + packages = nixpkgs.lib.attrValues { + inherit (sops-nix.packages.${system}) sops-import-keys-hook sops-init-gpg-key; + inherit (deploy-rs.packages.${system}) default; }; }; - } - ); + + minecraft = nixpkgs.legacyPackages.${system}.mkShell { + packages = nixpkgs.lib.attrValues { inherit (nixpkgs.legacyPackages.${system}) packwiz; }; + }; + }; + }; } diff --git a/flakeModules/deploy-rs.nix b/flakeModules/deploy-rs.nix deleted file mode 100644 index abee5a8..0000000 --- a/flakeModules/deploy-rs.nix +++ /dev/null @@ -1,136 +0,0 @@ -{ lib, ... }@exportingFlake: -let - inherit (lib) mkOption types; - - deploy-rs-for-system = - system: - (import exportingFlake.inputs.nixpkgs { - inherit system; - overlays = [ - exportingFlake.inputs.deploy-rs.overlays.default - (_final: prev: { - deploy-rs = { - inherit (exportingFlake.inputs.nixpkgs.legacyPackages.${system}) deploy-rs; - inherit (prev.deploy-rs) lib; - }; - }) - ]; - }).deploy-rs; -in -{ config, ... }: -let - cfg = config.deploy; -in -{ - options.deploy = - let - genericOptions = - let - mkGenericOption = - type: - mkOption { - type = types.nullOr type; - default = null; - }; - in - { - options = { - sshUser = mkGenericOption types.str; - user = mkGenericOption types.str; - sshOpts = mkGenericOption (types.listOf types.str); - fastConnection = mkGenericOption types.bool; - autoRollback = mkGenericOption types.bool; - magicRollback = mkGenericOption types.bool; - confirmTimeout = mkGenericOption types.int; - activationTimeout = mkGenericOption types.int; - tempPath = mkGenericOption types.str; - interactiveSudo = mkGenericOption types.bool; - }; - }; - - profileModule = - { config, ... }: - { - imports = [ genericOptions ]; - - options = { - activation = mkOption { - type = types.oneOf [ - (types.enum [ - "nixos" - "home-manager" - "darwin" - "noop" - ]) - ]; - }; - - closure = mkOption { type = types.raw; }; - - profilePath = mkOption { - type = types.nullOr types.str; - default = null; - }; - - path = mkOption { - type = types.raw; - internal = true; - }; - }; - - config = - let - inherit (config.closure.config.nixpkgs.hostPlatform) system; - deploy-rs = deploy-rs-for-system system; - in - lib.mkMerge [ - (lib.mkIf (lib.elem config.activation [ - "nixos" - "home-manager" - "darwin" - "noop" - ]) { path = deploy-rs.lib.activate.${config.activation} config.closure; }) - ]; - }; - - nodeModule = { - imports = [ genericOptions ]; - - options = { - hostname = mkOption { type = types.str; }; - - profilesOrder = mkOption { - type = types.listOf types.str; - default = [ ]; - }; - - profiles = mkOption { - type = types.attrsOf (types.submoduleWith { modules = [ profileModule ]; }); - - apply = lib.mapAttrs ( - _: profile: - lib.filterAttrs ( - name: val: - !(lib.elem name [ - "activation" - "closure" - ]) - && val != null - ) profile - ); - - default = { }; - }; - }; - }; - in - { - nodes = mkOption { - default = { }; - type = types.attrsOf (types.submoduleWith { modules = [ nodeModule ]; }); - apply = lib.mapAttrs (_: node: lib.filterAttrs (_: val: val != null) node); - }; - }; - - config = lib.mkIf (cfg.nodes != { }) { flake.deploy.nodes = cfg.nodes; }; -} diff --git a/keys/production.yaml b/keys/production.yaml index 6a60c40..a5a4674 100644 --- a/keys/production.yaml +++ b/keys/production.yaml @@ -1,13 +1,9 @@ -tlaternet: - ntfy-topic: ENC[AES256_GCM,data:1mlcrb4uOkwyB5pwTbIv,iv:Ba6k9HV4ze9cftbSE8ns2+j2ebi4cqmHa5UwM1YR6W8=,tag:Ksf840uCOQdoVasORjUdcQ==,type:str] -ntfy: - users: ENC[AES256_GCM,data:7vZx2jIXsEMT0LhPKis7oiaq8YGgGnW3M6L9Aq0qlaNzpF31sAAZHMYPMJDG0Z09gvQ60kRVxgggHYx8TlaD/ZxLhFVfKgUcQaiRRxyAFIKFVqVNRQaiykQcFzw=,iv:HefHN4rkVKg43Ery0QW2Mg74tIwsM0OvsluXFIWVCVM=,tag:WM8uW4bV9nHuwWYaH+mmUw==,type:str] porkbun: api-key: ENC[AES256_GCM,data:p3lqvGc8m2U/12rBPjoNR7hxQyD52CyEen/V8q59k5CSJZSqzZS8M5vEXFBsUMjz2lrmKM4pgtz4wa2fWK6Ty4LJCaI=,iv:OQC3FpwTtPmqHvDbA41mWF7LGYwC/jD2ZMBsE8ktNOg=,tag:kq5hUR7TBgczuGcXpsdu2A==,type:str] secret-api-key: ENC[AES256_GCM,data:zV5PTKf45Zab8uW8mbuXmPNzciq6tV9OF0wUND7YnRk/DjZneYWItAsNBVoM+iHA+XsUPDoeKo6hoJiGkH/cCQ8WvuM=,iv:yr1M5DlgI8k6BgzNz3HRnqspHOrQuf2PmoZS1HGp0v8=,tag:JkNNziMMfKFZV2hnx5lXRg==,type:str] battery-manager: email: ENC[AES256_GCM,data:rYLUACXR/n+bLBmZ,iv:sUBEkh2+7qGjHZ5R23e/hoCiyTA7GTL4bJvXmxjZ5Sw=,tag:fdPMllaQQfRgX0WZKIre4g==,type:str] - password: ENC[AES256_GCM,data:h12XeBosdVAJ9QwEYSyC,iv:m6A6EhL9BF4+c7P++A7qH2gXtRnxzAk3nCUvPH8E7e0=,tag:krZyGPuCSDLNTj+QQxN8vg==,type:str] + password: ENC[AES256_GCM,data:7cokZa6Q6ahSeiFPz+cV,iv:vz405P0IcG9FsAQXlY7mi78GuushQUKJm2irG6buGzc=,tag:JLHG2jTkJDGbinAq9dXRsQ==,type:str] forgejo: metrics-token: ENC[AES256_GCM,data:WVbD5JloJlHNjeEwe1uEd4Haj6L3ilj1Pnux6yrelUQP18ZPAh90aDO1OIZHaPJR7tTeyATr8BIzZL1zkNhCuA==,iv:eTYXN3hymIN3bTX1YxNGkAYE0KVDbdz2ds8UQAHlALE=,tag:A61loGdu0pfsiez96u2Qsg==,type:str] grafana: @@ -20,17 +16,24 @@ steam: heisenbridge: as-token: ENC[AES256_GCM,data:+2yo6T18j34622H8ZWblAFB2phLw1q0k0vUQEZ5sFj7dQaRnkEiAMi0R3p17Zq0pOtGEC0RRZuPLYkcZ1oKP0w==,iv:lGwrQYp//FufpmJocrLIVyy9RK7lEEVcpAi0wmkjr34=,tag:yV06UbhAYJQz36O2XdhY+A==,type:str] hs-token: ENC[AES256_GCM,data:u52WpkQFd/J7JFoE/rfNluebyZQLOokvkVdL7+AEAvrhJhrkJli1ztkD79lbC+6tGUH4tT3T+nX9wvGKnrRUQg==,iv:as+9fVuvMg2IoE2WIKD9mHi+znhNcWRh5Zq+yr0xcDQ=,tag:mZ7fh7U0MfgI8hyq/28Bcg==,type:str] +matrix-hookshot: + as-token: ENC[AES256_GCM,data:nXTanPhDyDF7R3AllLqpM5dzljBrHwlh1KJnTGIi5PhbDY2lPj4+uXkMEwvm1u+hQjPyM7vKZPfK+0/dms6Y7A==,iv:fSakJN+yai0gfOJKFxxaxgyUtk0pNmIeqVgrdq92/24=,tag:Qc7+SUnm5/Nq5+QIScR9kQ==,type:str] + hs-token: ENC[AES256_GCM,data:Bwyj0JTTN0NNnwOs1zA8CqbtZSNcvlINeT7QVc2eJiHda92J6vQk7bSxy6KuqCN9DxlUsK13ggYjNORY2vic5w==,iv:Npnp8arYQ3Yb6CXrnKgE03hD7ZjGINPa/DwFI8D+5tA=,tag:FqNE6yI0nF4puEUw9MGAjQ==,type:str] wireguard: server-key: ENC[AES256_GCM,data:mXb7ZznJHf5CgV8rI4uzPBATMRbmd7LimgtCkQM9kAjbIaGwUBqJZBN3fXs=,iv:3Po1Orinzov9rnEm9cLzgJY1PeD+5Jl9115MriABHh8=,tag:E/2CjDO1JCvJzxCnqKcNyw==,type:str] restic: + local-backups: ENC[AES256_GCM,data:NLNVlR9G9bLSZOkMoPvkbBbAZlKkmiUbdWHOFDnaefuy9wNLH53ctOIyS0rSsQLaJCSBTpgPSWIIXUSuzoK/eA==,iv:DzuujmyJJP4GiE5z7KOOGUEzUgOwmtf/7UYhwkyLe9g=,tag:cElFhpVC7S6HYlB6UyN7PQ==,type:str] storagebox-backups: ENC[AES256_GCM,data:UyT8jCkKlfYJXjWLI9MbYfeVhY5d89N3aj1Olj54/aBOP3gwcrx6gU56Pwa1xKZ3lR13AVs/b4wF9sbvP7Kqqg==,iv:0HM+DgH4iCiWpjRvAYCFQGEy4xIBQwAM+PkkzOsizw0=,tag:jbrqo1In2O4jVM5e7fjOzg==,type:str] storagebox-ssh-key: ENC[AES256_GCM,data:7aYlKX7I8Bsur3nm4nV9eSW3lmIxBCeCUMbPX3qgcotPbyPYaUqD3MOCnFRepajYkFXAgMX4jknqLfoO9xYc4bavDFjOY8Ww/KmLay7ces6tDnkK6tTRxcNRPUBqEzaFiPNsZc2UwHnmHOF0rKvQusvhCOplYao3xxz5McTHC7IEriUApSNudWCg3qGbyAmxkGEw7tRfh6IiUXEOFeaXDZd78dWZlWIIeospmA1hcVhkLGrjMmoikt/YANHUpWPbd+B9E6x+s2eIzFdvztRjarBluWPZuX981b+hcOm1/+HY/tJ/jzgyVbX1rjmdgZ9jZqdKO/vkOkijHWXlwpQ0QJ2s8p5MURPGRsC7W5jfmGbVKrubxfQC2mSJRJgBaj1wX3yI4GbfCXNdbpseAMy7t8OmN/iMN57lGnD3uX8CWWD327PIWp3SgwMDIZtJRlMBu3vMUrBdNnrrlYoLgf821tX7JWW6L5g1EK/bcBZqZZ/6rE+Q9fLiJHTsj2lyTzQZRLKsn0YePlcIMOWHO2CG/aWrfycdSKKjaKGG,iv:OVnEIMFB4h/EQ8zV3XOpVXLDrV5t4roNYDFQz99m4sQ=,tag:mKWF12uD1TLla/MoJs2zNg==,type:str] turn: env: ENC[AES256_GCM,data:kt5nhVo9pb/ZbPUEcqSYXxN9YMgQKnFb5VRfFFS/qoIaJ73uD2fuJKqcxAyVRrdLqnSAWSQBgTgunBzdP7xqLAK2qt8DYAQWHkIe9uxFbSXZpdmw,iv:9lq6SFwTFN4GGm6gPiJpUMasMdnHVF6XLGYrsyG3kjU=,tag:428Qf9DOiiHt/Wjb188b8g==,type:str] secret: ENC[AES256_GCM,data:si7ee6Xfhdgdyzbp6aQpF7pz3TmTBb7iQ82lRPVXNDg9JfHI+lbmgAsSnRLX5qMCA6P9R045sSMosqidL8QwRg==,iv:SrhpZKK8D45yxCEfDb9P3TwtA14+qEI+wcRqcN/a6pw=,tag:PiwV+mOL9xHJgJft6sc61g==,type:str] + ssl-key: ENC[AES256_GCM,data:CHFH8XTcyAkIDwclwUpAyDkvP0awoW7mtZ2PgR81DyQZrKIAjuhox7x+8Gl9vfjdug2WLISycwoCJ2w+Y6Qpuk+XgXOmZeBU4UyMX5sfwGYAt0fjyQPix3Xni3cfDPQ3bJ9Ez0Nn6pxmKvSUY2nCOPJe8gK5+kaMt3d2SWS1bteH/rOUXSx3hczdQ54M8kScTUHceG7G65rfrmpTIVS1GNRYm7N8F8uXToP3qdTJBF03qSfdbAvWw5RhkNQoF35Hc8HT2W5hYmUb6ceuo4b3tCyTVDGzNtqn760+VSqXcJ5acc4O22cH/TqeF7VSS7akUqZzYot92riqSL0lHbET6VlXuYdidNIgW5uoUgtJLj9KRkYljOHkP1H90acWTW0+T3jS9cesVBVDWCHaYt2rFKwQgViNvgU27f1u9PT4wGKyqQMnLE5iLdmUT4qAwNw8ErXnpIOlXDizZ0sYXtNEmlNGdOk3jrjW3C1TGBw77PmWzHHRBrRNMO/6s3QWuRgTdQixF/UzTvyRf5yjt7Cev8fDm16FL8c+2uduDTkxTKwEVrt6U1wsJMqS52u7jAj5xtpmWSGJRqxc/bu9l+fcRDrZt1EaktxKCc3zSFp8Mv+LwMdj6dXcYoFQZmh5N2rySmxdCeHT+Me8htReesVxDPG5/pIZJ7n5DYK60V84KnDaqiw0DM0XEY6Y9UJ0Vx6qvk8lVouQaPbxEnfwc3775jVojEA/nCBd7LiyRfUEILtSgm+IjhIvVjDr3qzzKo7Ao66trEN6Sb7UtYo11rUyGfKqOwAZTsb/bXk6pYWo/qhzwx9EfxCrrMt06mXjN7JGzIZeBlV0azHEw1jt/CJ2lPFSUuTWIjjtTfZzpx6jYBJmTN9rAMbKHMknO3hEKWwpzYG/w7TLO2JKkXrOdT58IdvfxOKwaQ/kJRycYvuWcF8NqdcRhbZvrVaKHRWhWldhWkOj5a+G0DnFsgak6D1FOvDx0doN8hibFemn1MfLzk6/UJ5AxAbPCRSaEumkMZ6n/Xx5M+C7TswWrYVkrIeRxSU6+B24ZmLeVvfvNq6jfBBgk3MBXHU6bwr/nsfcQ0wlJwYCc/YVP02d/oAhN/MobUSKY+bG+ZirmyRb3MZ5C5ZjLY60wcSSWpty7jPzMUu0AoJVs6CA04frw9FqmW+Y0f3apFfaPI8OSOqT8UUURORjWK0j35v9nrpoDGTqLdq1d0oVQW3vxQqE6gmyPv4/ZqPgdUZhZ6BYiDc9L79c4misxmxsy6pZBxwb0vY34PyCwpamTWZC8u7JxRoXYu1l/UTdz9Oj2z1smaouy7yNKMK/BitF4uv3sKi0lWOpE6oTtqNtEoC265RUot3CGjaI3aZnwgku8jztvSn0JVwQYZyWZx7eFRh1acNIt3zRP8Pc4SL+XCm8RSufH2+j1kF0rbhCGTngDaLWdz/1FIWTizj3sjLnMEQYYw02QE1W+b9TJAMmgdh6LFhjrIFXtQFQtNSgH6edh8nreFWnpDvI8nyT9w/cCfJhDZhEvOYIDOVlc0mPH2k0yNfpA4x0DOvBNZJx9Gu0CcyOLRZGlyAwlDTIqBYLLV7bqwTsOdfOYBE581T2r+o9w/tgRF4EORM29U1KjGjSl2/XBXQVZHbRnXBM5l7kypyJfHD7X5DUp2hkuSdmHgBI5psnZXSjHh95Nn5YjFAAPDapqdIJO2AJhXkaY57mSUFjLrI9DRFU8pcqeY33si4i1QOqsRdkfh72+vCwsj4gFteV0Sh6N2Tp92+NkY0to3hk6Za9O6ESzqCiokcf9DaCyWv4ELd6Wed2DVVfrPXLABF5hnfzYw/tvtpXMFOOofKyOYY4KT5FRVUGlsst/x0F9wr2hYJ1qwTIRpp9wEWjiecO+wBeuNbLHv727pMCPcLX7YEoa/fcQuesuEAXQDKFTVJmBAHk1J5GpOu0R5F6qXAxsR9MFDRMHo2en4jkTAWgWFa7n6UqRlTTu5lj9RtFgQekayC71GyTEqvBY2tdLfHYoNsKKVBand7fmpwGDG2kivEUMNDitT2AG2F2GxbM+zbLewu3WwlXCzyEYpPq34+WK+C+QZuY+b4bOVnNTl1aiyMTIauomDTdvUbGAlnoIeukc65O1nvlI5uEQwgcxA/nFGYPdiXJKlgW0rZPaJX+7xZUlosP9fYR+1purREYHJBFPGs7Qx3Fq/RuPEcA2S9+CynhXm3TRRLOfzKYXeny/qdpJw==,iv:lpQ/utPri3QEIvB8V5MzHmgyeyGmlVGbkbNKKrb10lM=,tag:eWFSV+nRqDfYERXTXT8eAQ==,type:str] + #ENC[AES256_GCM,data:DkvLWzxK8Xp/TXnJNZ15Wa+ojB7qGxh44zvwdm50ENgTPaqIl2468q+HeOUIUE7OiXCQWj2PVg==,iv:J9EkotYGBY1FZo62wieUSFaTCn1NnBb6aOKnUOCELS8=,tag:vmxNYyjCYfi6n9nBZ8DwPg==,type:comment] + ssl-cert: ENC[AES256_GCM,data:frN9jDBZA2gyrCASsw6T5f5ld0CH+2m1YQOPWh53UfQnr9RxQUhvBYvwMtNJ2+DaT7GHTxZDC7Ft48DkrCKOawt3Z9BKkukYz3Wy9ozDUQ6dB4Hil4O76TQ+Lb3Yn5rKrJWIyR/QUwnv/HdpjxbrHMYw6Uc04uLj4djE+l5e2Iof3gYX64TDaB0ZQkvSAGWO92a3K2cwOKORNltR6KlJ9VzWixHBX8INJaGlPAnHMQkwu9ppkz8waYiIC9sWqwlMep8gN9mvPpq7fxMOvb8az3CkTmLTgXlDx5wxIx56uHlHkNlYKMvz3/HV8PAAIrMod6DCESeDIIP/g004rQRVpxMP5+G9uWklNFDcSpVIzHvl1GLqw05FCQGk93Tj+NmPt7dJiZssPz4dtthXEHg7/phOQJykJkyNVHcfIheqJHK1EQ3WztDJR9hGHUVepnRKo4VseVu6wIeOPa4En9OQ850+AfiekWcivfH9QMW2H3hsknC6Z2+Nb6X6AQBX9GPYwSjmioSbMSOIJpbvTxiM5K9AP25o13NHRH1xwydOqpTPxk0tf47o7PUyJ5gM/0zK60IwRVjRHb4974bpX10K3zLDgin9/WfjetsCm5o7QSs0JfzhTwxZeIC14ZrVwutdR9/KevK+305F7wpQO2jI3WHxniJsc+ov2JbESlj+2VR5+c/zC6yH20cBAOWnM3hblkbsVhXWG/LJtUKR58PGAYAMjrz4xwwvwUhEyEsw55kM0pzggkUJMrYDhQwf2FUsOl06b0qfUf63E7V1nI0jEEfEserO7geSWWf5t0ZQoiCzPxzX/ILd5dqtuzHiaMRonD/gZ/fUWkr1pWuZzi3agRVJSpEglZHwZuPd0L8jFaIyyF4StPiBkt1Ez+OAVS1vKJAQCzQYiFduJtBlExayioyV6iMjlOdcIlneWcgcAvmBAkjkBI2GlDS1Dtaev89tLJUcFQXxKMYIPjoFMNgINxN2ShSAukd9SnsGKCstDa8iwNJ88Ue0YGBTYLPnUnaBW3TJEdQyFF7SwL2/4FHIbX7thlr9vWC4pPthArmQCUDR8iYldSSI96eNoS1YI6qFEuRwUEh08yuDyHMHIFAHO9IAWWc5vza+BXsMcOt/NTuwhUAVWx3NC+TxAwGQJfXqHtsqZpCRZtdtWtacH/eBCPlhb0GZ5wQvIfxNi/okqGfk26d357jxNBgzJEAo9N9KdF4Wys5FzY78lQTF9pZEm8/Vzmodc1b4DZWYFeX9cCFtlEnqDPvknXSn64W/Yg2vO1siZk/HgY8BMHviiI008UMxpzMNiV9X+7csTjbCrf1GDjv8QmZwTUKLJbDgX4++HGM9TK/+wy4sPSic4Y0E+9+Z1QSFaXCogjUUCBwuI8+YnvRwzrK7HXJG7NzW7FM1FSkYjotv6zEQJ1xOQJvxwSa8c15GQ1tdq0ZhXEAxaUjABjFdUKKsOJp/SwQZScEAXbznWeAPa12CevFrDkVv/JZCr55bg+PCbxXwblxq8dVoHzkxPbRiG2fS9ue8rlp8lL2IubrpPaKAYxlL+sK1uOSxfa2cGF91vzNIb+a9mxplsPnXzxODfS+KVqEHLXY81bjIytq5ex3Fow3+0B9BSNRQygayPqyEPHiLzbabWOv58oKlgbCGBLBtPN6CGyH/i6GwqvGf1de9lYsoYRYwdYJN/PZvfgzcIW97eirlXB1hdSxAKlicjejrqyZP8gGupTi/htm9jB+TzYTcsAUt29djdEIdgGgAb1/zHET1em1DSR1v5qmyiMG/YmwyE6dAoyPhiGrAOPwTgJUahNB+Ok7bbOp5ZAM5/uhFumF+5LsNWAZc50vuo1bbYxpP5RXxK7+eF1xZ+Jj5JgFuZ2tn0gZlLBNjHPMVLEUn3XbsaVgBplBuE04GpMRAk5Hia5CLJqB+x+KHDUrG2e1WeZttv2KLm+WaPdogF+n6CO684Om1JMga3pRF1EvHvUFVmKYtIn/Iwhh8fbfTrZmN02K+RH5ZVnCrfn4uFjOJ5FMuYCvEV6Bwbd5a5nDCY0MhYv6jzg5P+C00ZUXwE2e4Pa+vVy9t4IXatdWSfxVG6hKBu9EeJYEQ2/zcZmjV8sBXcHXczDlo3CD4lqQD4cCN42+Px9hKP9FfvOTgWSBpXOQsns0D2A+wXYdcN4DpCVVQ4Y/ESjwVzfUn3jwsirowYl2XOIeidS6wrQ2KvG3WxfPq2cFNflpe4jDx1fFuY2/r35XpYS5nf4Lderldef1dYhYOb9eN45U8NX6Nn8Vwmewd52fC600upp2R7LoSTfIZQbzK8/rU84pIClvs+UzpzByZqTrrDhwkvJlbMeZVekwBJj83gdzHHrHRjPnapsLBmQ4DnRNHeabr3i7q87aFFYntREeQdqx0/HSocT4bRNYbQXydKus2Q5/cZAL3ptXTTrJpM5Sjf6JTxuN8tPCJ024KGxzvQo1Q2NkMIPR6JhAHhfK4UerhRtwVDTusoEpM6I6izJ1l68b5KULAIujSOGxZCU43Zuggn6ECLIaFo+qe1AA9cnLApoXH4IQu19xXchETsyPqkJJnnXbTFssSkeuCrvdAwyxqUmAwbIIN8tlw+Kf2+CisUB2APqhy79S0Z/2ehJyq2jfHf6zw4ZI+syU8diA3OJQzVJj5dhcTCwEkvdgb692QGk4FWmpoUTRl5FhwfAyNBrQqvDDB1MIP61tWlahBpPLeLbYTlSzrnFPyThtwd+IEZt1mZze7OghuKLqa1hOxb7aFVjwuHYWLoNXbJ8lqdrlM/wNRuZemhwhH7p8bob2x6a+cZ+DEHnVNMCHv9vgks2k2ng6FRB2wsC9pMIU4nU/aMhC+B643RIqvGUkgqyeQcpgAdqDuovLwt4wWYWZAuTbwFm8rL+fzwwyb6a24FrHAfIbcPbZWtSoQl3mOiQi6NogqDUslEYoVwnAL5v/WRjSTO+Bg6AfOA9JeR1OUqTXW1k1w5zngN1aP6CxsHu1wuhgUiWCTwomA5eg989GgRXc85neP97+Gx+jij5QbOyOqh/45VtPeT7sMWCyJW9gDRkNKdT9DuTtySWvic02+Yf79xq6cv5JafuAgl6JGyTOqqmqDuhLDJ/62KQ4Tn0VHGWIKqOoitt31nouueZHnbKMJ9QsJO0Mucsch05MBdPVqwOgrIIYOpqS0/jZnonOh+O/tL0SeOLb2yc04T+TbeCVAlod7r9J9YjRjUq0+GN5ZkQ/jwW1JiwXYnr+qFy5sWoDZIpCXp7kQBOb9CYiXVXCdq/3x5hemj1fJ7Rsn/xopJZXTqych/o9Nydg89lJJwzaNVOA+Uru9UBBejb4+SIn17X2VDb78r93Fqu8dsBEnDMJsqPTz9sJAQTjJauX7Ty+JmDioio0oopJAqORea5pJFfPnaGkseIKUoRD0VmxWKBnGA0baiQgbA5j8CcoIZujZa7hIcyDinYUpQcdPeZto9UGF8qxH2++dL+lblFuO72UKEtq0UHqDF9ByhmtLDZuY5V34UeIQCa+63etBBg2T4+M5Ev99zhcjEh4ILhoRJ+TtzO9qk0n3edvnThT67igBsCTttsgKfINN3TNDqzrvQK+BscSq2WUKMBq3ySe2JWsk6Nw+XNoadjEWO8r8Xm0jP9R+aRoVbsmeYVOjr/uJ4DgXkR9LijIiAKHMeOuBlTNbEWEUVM89mLCvHO7w/+Pt9Z30DhHM0dCCB967rRrMCP+xUCBtpjM0b5dA1AAEp8v3EJtL14JGqvtd4PhKOlTDumVLTj2jz7rHwQj5ZUxa7aFKkvVWBDywGcwUB2jj5CtKdGtFNPYguivVIjBY7dkPDY+rFi7UwhpDKEqUu6F56P1Bbl/YrV7fejDLAZaM///sYd2pJmYb0J9Fm9f8DP1AGLvLWrX8l/Ewp+hFDXo0xDi7zfowpjjnCa4AQZ7ZT2WCGWixypojetpyo+VPbocuFTvlYQIb0VK9vn9cLgDOrSKsyb1q2vJ1t1T1LOJKcbvT+d4GUMlIgbmhqZKEHuIYu3UHShh7R2WcSuB4IXQYEKJlwm8seVVeLu8Yub8DNIgO8BcKas2dnaI6hIEELuS/lZ3uonPX1rGv4QOWA83E6fNHMEM1jLclkknho07NkIx90yjm6A+S6kDaxIVmtS7AuLYyqgsabYMwz2ruiH+HU2hoGQ4qWCywGti0zNrvTXjf4AOdvb+TD2BONVuWIWRZbQoq8hdiI2sOkk0jaFNqM4u5XA1qL/GG8s/ldvoWvkNygIQmTjLZt8gDq9QacZe7VN1JXQ71+cy2Kak3EawyGlzeP2UtAkOSoGlTzzN0rDVUY/kTJtTVOsGQv5A2ENS3O/uduy0d8zFv589h/fSOxnBsYy7X1Yn9r3fu7pN44WP+vUvoGGp9Rty735TqL4uf2bSbELBT60ukh+OQKQiSKC5fw9fpc7adGM46veLRuhdN9Wu8GpCbgcSmJ3YFXdLy2GGH7Y+w/9ZV6+q57FvobuegwJ1iKwxP9PJejLooElW1AIP7LuDfOz/KwfkrGcEhE5f3AdAB5StqoQhULwy7H/UnPrt6+cAFX8d+MLWOcBr9KxICE4VhZWg44JDVaoZU5P0KADb+e7oOMM9LsgcMEFFvtvQ7ULSHYGwy3Lo4rPGhAwsPP5XwPOBBdj9nd9SrfNWcBb+TsYPbGObfh7+BgjKShIy3r1E9wzkD2cQA1Lj6/fgK/zuIrXQiaQEY0YjjCYEBbCNpun/6tYgPN0bcZS2vzZEaiOQvUdvKO0Be+RGX27Sl+iPd7snNia4aZK59B0EaGGdLq/TOncNOjotEDRnPBrkq7De20kfGCp2L/zMf5L/y4VESCwnMqPdSFk/BTuySp9R53xbj+07KKcAy4kj9czHNE2F0ng/YgvjJqaYcz/xQMCZGZ2P+O91TCuV9MVNHjsJMuGYBadoPUT20RW5mCdqItZYe8MZyzhO9ryTUWJsNWEYRlNHREpoEYPHz00BPeiU9JYLInU2pVgsQuuv4MMMAWJ4j3MbGLyZGSnZ7Ln7vCOUBC4jIDleaLfz1keJJ/GZE5RNU0aM/6qFnaL6/QN66/pa/NGi7iNAzHArgckp/8qbnpM2gbsu43FypDwR9eHroMxkEY3F6qP7xZN1t72DkQVaoZc+91+d8TB3VSfxjtIOFLJZs6hr9+L9bLQ9P6803BPwhjqS/HrMybM3b7aJ5pL1QE9vIe3RO/FUMH8I+OXzZRJZUGLoyekj1gaffPgibU+m5WiGeh1y668wF7hTaz8CdZPS/0ADEXv0FWnnCsg6o2PfUxZvv9gHPJPWBEg2KSsBFE/kyaNWyvC2T0PWh8/RbiCyK4AhXXi/xFO/jFcoj8Fy1pAl5fRAN/dFdyLjuvwNSGbrYFl0ivkTpNhjmnxx92iJHcegkvP4bCKOfnMqcd62i/qdLIi7fCSRNZal+namZ0oloseiLt9vCAjj7J2nbexVVK+BxzszlhS+EFX8RLwekhZodPgXCbSEuOoRNm1Vdphn+40G1lCmbPAPb//onX2kaeloqQ+PTOY1YBbVbw1FTcw7mGH0lK7R3TN57hMZFJBqHyIPiZiOWSFoscktQ4fhJV5Wx1+MGfc0vmFEDoGS7srUGGJJjXtdCvnjINhD+khIWApVKGqJt84Z83Eh2MGxtyl5uymQl3vWbZe7h04ai2sAOA7+Cmjtg6AiYEDRF7pS46f/OFbTrDNumb7O2sF8W5oIMlNfSu79/EkNpVrtwjFrMFFAyNwsilW/GNr02eIzRy3yS6lek3NOvZ0yT37HCUNOvjJqzqTUAFg6hqUgVyjp41UBN1rLR7GZQl2gyhjNWCqeSb0lgL3btkMIzwokoOJlMO1KBX7UwXm3t0tKvNXPDlAXepvk8B7uH2ON9hhAbNfTdNkR84RjQ1sZ7g5QO62kKF4cFfxFK7DDSmpW732fvCKxFowDi2GGSn6E8Ay5uO2kPdXmwsX9EdwjjXEpsFxYWTOAtyjJIRGfpvMsroskNd8CaQT6yaG2pR/1ZE4pLiIICpMax8dHbukpK7WWE9cDvFz96BC1dsx14vbUfwkm0sKcSaWllVn5Elw9EP8FTVcEr/NejFQbYh5auG2JrpheCKuk+YvM8QvpC2vPASnG6ww7W1oiZFtqGZBo8I5kh7DYadOeE3sRXxLr0YDNusReEiWP3eWskoSMCBX7xSVtg9hfdzSDd3Y7EeiI/vEx8nllOSI0lVVu01CQAnVK1z7EtUEe7bFRY/bIinm/rPA184220rHlatQaNVo8MOmo4fK/SMJOPHNj8xoy7dA==,iv:JvoC84+dJ+sKdDDNvzIRWJUKHftgW4hhT6fiJQXR4rs=,tag:wrFQF7ZqG0us3E98i/gkyA==,type:str] sops: - lastmodified: "2025-12-01T11:39:17Z" - mac: ENC[AES256_GCM,data:TwhGOW/V9/IoBifzh1MSwy/ff7ONTnxEmwERD8Yl2E27WG/6dTVz0/nIlZ8KsEKLC6vB2m+sJT+14Q9KCj4Cn/bWV1PmhytktGPxLQpgF55+pZlSK1aLUPLq0hwE93b4MAeOvzoOXtCQguh1dsB2RkinabFoMeZ2xJ7Kc+jHlfA=,iv:Ri8aEA4tssGDv2UuKeza8vs94IovM9GARLIEapb9Ya0=,tag:MDgAffj7ndmMwpw7mBXNRg==,type:str] + lastmodified: "2025-02-07T19:44:49Z" + mac: ENC[AES256_GCM,data:+0hpd/E7GxK/27f2Itf0hDV+3Ga4gHb8xxLutJ32HLBWLZ5Y+dN03xgkz8jBTiM+BeHwS4gz70Cs9X3zLMHbosWVuIV9DLuRaHRq/IU9KiADwqmCySZALqCf3+T5QKZr3Qs4AZJHwaAXkRX9HbnRFriIAFDJW/BGdIHdoROquxY=,iv:TeXI8LGqHVa5wo61sGdNbZ2nJvSlPdgn9R3Lq5qUggU=,tag:TFort5wxVTdi9LMlMeT/DQ==,type:str] pgp: - created_at: "2025-10-03T21:38:48Z" enc: |- @@ -84,4 +87,4 @@ sops: -----END PGP MESSAGE----- fp: 0af7641adb8aa843136cf6d047f71da3e5ad79f9 unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.9.2 diff --git a/keys/staging.yaml b/keys/staging.yaml index b5c8533..caa5707 100644 --- a/keys/staging.yaml +++ b/keys/staging.yaml @@ -1,8 +1,7 @@ -tlaternet: - ntfy-topic: ENC[AES256_GCM,data:BSNLP9hLQKufDf3STknQ,iv:4WeYARwDEg84fh8qMa4szssQeK2orBl72oiIRywXCi8=,tag:GtS7YAlQiuGAWaUn+JxaYg==,type:str] -ntfy: - #ENC[AES256_GCM,data:B5sUuCWTheo/Lz5kAN5/8NeiT7ohQ6IRYjD7k/c0,iv:E85yGjNcd9RGOgBKFPxRB6LqdqISNcjlvp/pqpR7VPg=,tag:1NrwtWyoVp4qDWiqAt/few==,type:comment] - users: ENC[AES256_GCM,data:zW02xRlLvqJ0/rLJMX9/LSW7CQ26nIyifOLYba4AkstQcrVMOIV1Je4QwaKoy2TPhDcVcjLg6Ce2/0qxpO7Q3rqoXqACbPAUwcxzn14KOt7tEb3IE2S//0Y/law=,iv:sV5Dvplr6A5ivrI/+Cyl6mC+Zxo8NORxfuhEZ/75JbU=,tag:NzqxoN3Hr0YO2CXiVdEo+A==,type:str] +authelia: + users: "" + jwt: ENC[AES256_GCM,data:oKA1B7zZAzTZL4nBdHvPENVx7M2BgbMBmNtetri0qCVB7qNFIgbnwVCJFiDvjKxxNdedqUKBZZL5QJbTlPNRxCVdFgBBMFiib3khxMP8kzqff2MgJZxumonlJt5Jmh8tVxwLRJwE/2fp/N9w2hRs0vhfmMyAA4y7RZv3R9/eaKM=,iv:2iTAwP6dipPBMskyygnBJHJ53E0nmHYcGyWDrODEs1Q=,tag:koSEZtQQzOzpbQBgUP5ZHw==,type:str] + storage: ENC[AES256_GCM,data:bO+bHu6jRvfbLU6xIDaE2JwXpNnMK916Upv43ycg9fCb+U5hqQfqBBwC2xVEVXtCBRq1VER+gc8rs8/XDT9vZkvMUqAHj4RqXHyzX0UjwsvccBJSLfoLUiT6obk3oVLo5CY7R2TukPuyFXPbMUOrBk9gnbk7z4IWzcwNnuOKBT4=,iv:RmKIS/cgZ0tUQDFF2yfaJnfTvPaeadjG0LPXKIzYFrA=,tag:XmqDhDf3Ja1BsyrYmzTKDg==,type:str] porkbun: api-key: ENC[AES256_GCM,data:A5J1sqwq6hs=,iv:77Mar3IX7mq7z7x6s9sSeGNVYc1Wv78HptJElEC7z3Q=,tag:eM/EF9TxKu+zcbJ1SYXiuA==,type:str] secret-api-key: ENC[AES256_GCM,data:8Xv+jWYaWMI=,iv:li4tdY0pch5lksftMmfMVS729caAwfaacoztaQ49az0=,tag:KhfElBGzVH4ByFPfuQsdhw==,type:str] @@ -21,17 +20,24 @@ steam: heisenbridge: as-token: ENC[AES256_GCM,data:tXbOeo7nv8I=,iv:wJAKcOXX9nGIw4n38ThOoj29u7dUWhsxSQG/p79JlEw=,tag:rTVaGS2UuWcea1uBa8YX2g==,type:str] hs-token: ENC[AES256_GCM,data:VBwvwomv0Xg=,iv:q6INtJ+rg+QiXj8uBdBzQYQZUBBXp+9odxDHwvu8Jxc=,tag:XKhm8nxygAkKaiVPJ2Fcdg==,type:str] +matrix-hookshot: + as-token: ENC[AES256_GCM,data:uSUOo4f2KqA=,iv:Xb9G8Ecv6m59m51kDw2bOfq3SMJt4g9/6/EdH74R+KM=,tag:K9MSfO2c2Y4rlf0eYrmTnw==,type:str] + hs-token: ENC[AES256_GCM,data:0KsyA06InL4=,iv:zAR0Y1fk8SyodcSLBHlQ8I+BAmttz9Hkd8Q3OREFqs4=,tag:t1Et8N/3seq95DeGoUd7Sw==,type:str] wireguard: server-key: ENC[AES256_GCM,data:FvY897XdKoa/mckE8JQLCkklsnYD6Wz1wpsu5t3uhEnW3iarnDQxF9msuYU=,iv:jqGXfekM+Vs+J9b5nlZ5Skd1ZKHajoUo2Dc4tMYPm1w=,tag:EehikjI/FCU8wqtpvJRamQ==,type:str] restic: + local-backups: ENC[AES256_GCM,data:3QjEv03t7wE=,iv:y/6Lv4eUbZZfGPwUONykz8VNL62cAJuWaJy9yk3aAmk=,tag:wMlGsepuG9JjwtUKGWSibw==,type:str] storagebox-backups: ENC[AES256_GCM,data:NEHk57B3YtI=,iv:0/qnqMVK0662sgfDQoLxcW7L09SKF8E5liCnjaQ2+2k=,tag:RU0BPwGgvI9bgOPr8VItmA==,type:str] storagebox-ssh-key: ENC[AES256_GCM,data:65+kbJPO90y+rRh3Q5cqLDtQa3VFfbaDPPo1nJLqxgAB7Wm3J7K4qUYAKPcYnkWV4/xFz63R2uCNaq5xv+vuZA==,iv:O7AeE/ujp5p1P7nff7PpghQfN2tQUYBSWL+EHRbE5yA=,tag:Pu/+bEAQuqwmD1Rc//t0cA==,type:str] turn: env: ENC[AES256_GCM,data:xjIz/AY109lyiL5N01p5T3HcYco/rM5CJSRTtg==,iv:16bW6OpyOK/QL0QPGQp/Baa9xyT8E3ZsYkwqmjuofk0=,tag:J5re3uKxIykw3YunvQWBgg==,type:str] secret: ENC[AES256_GCM,data:eQ7dAocoZtg=,iv:fgzjTPv30WqTKlLy+yMn5MsKQgjhPnwlGFFwYEg3gWs=,tag:1ze33U1NBkgMX/9SiaBNQg==,type:str] + ssl-key: ENC[AES256_GCM,data:RYfwHjBvwFXgXxXIEuWUzaycTdrCvmPivsNvvUIwDRynS5G2Dl6RCVp1w9zuLvoNun5ncUPGGuLMmVqN2wkJlw==,iv:UKI3bVTY7iTDNvp5UqrZ3QlQkMZ5p2bjgODEc6DCBfQ=,tag:sz7VTyRWyZxAsP4nE48DnA==,type:str] + #ENC[AES256_GCM,data:bxhKzU5Tzezl749CDu8e8kxa7ahGuZFaPa9K3kxuD+4sg5Hi3apgDlC0n8oK0DeiK4Ks7+9Cyw==,iv:T/zVJUpNAv1rR0a9+6SDTG08ws2A1hFBs5Ia3TpT0uk=,tag:uGXb1VryM+lIJ8r0I5durA==,type:comment] + ssl-cert: ENC[AES256_GCM,data:xHUr14CjKslgbGh/n5jYSOuCw9JRxS6YXE4fxS+aJzFcNeSeGNqoipPeuJupZGBnQP/FCqohiHY=,iv:/OEsVqRshGL9NIvntMC42EPZSNL0u6EfhtUBqgV7qog=,tag:4pxtNjuvy/ibm6nDtKdSkw==,type:str] sops: - lastmodified: "2025-12-01T11:39:26Z" - mac: ENC[AES256_GCM,data:11VQAYk8Am0k8OO6BtU17qpuEhcJ8ylRhJWQNHVAsmi5BCFjD1zU3NkWhtSstPrBcqHMenG+9XuEzpNnbccHI2ru0qlILsQvNj5OKo96FnvYtzApYlApoAzOetCx08Lfxa4RGLN/XCUSuccjBIU2PZRWEK+z+Cm1wHUFeqc1xPc=,iv:6y9j55Cld+GoOVGWAqsEgURRna6dHA2mGZwHVA+ZOE8=,tag:bSZi3nYmYrn3nFT2+RBPUQ==,type:str] + lastmodified: "2025-10-20T20:04:21Z" + mac: ENC[AES256_GCM,data:kRrmVm3PQooRA/MoHgDb9EaRnoKY9CJxAflus9Po8NBmyQxV6Ehjf8DlI6yf7ZpPlhV+VHZJamyPD+hsHp1hSr8krvr0o52ZQdKn4MJQzSQXa4K9i3i0+glj7cNGs2SzTJnKwN9lxBywZpbVDlkXmvRQYLE9tWPWoSBdurOibjw=,iv:2iBQ1cYT85mCc7jf2GTEOjNiHBlR/F76Dvjl/k5dyLA=,tag:Z7dY2i0KWmmoVp7VJjq1Sw==,type:str] pgp: - created_at: "2025-10-03T21:38:26Z" enc: |- diff --git a/modules/crowdsec/default.nix b/modules/crowdsec/default.nix new file mode 100644 index 0000000..44e6bc5 --- /dev/null +++ b/modules/crowdsec/default.nix @@ -0,0 +1,383 @@ +{ + pkgs, + lib, + config, + ... +}: +let + cfg = config.security.crowdsec; + settingsFormat = pkgs.formats.yaml { }; + + hub = pkgs.fetchFromGitHub { + owner = "crowdsecurity"; + repo = "hub"; + rev = "7a3b4753f4577257c0cbeb8f8f90c7f17d2ae008"; + hash = "sha256-HB4jHyhiO8gjBkLmpo6bDbwhfm5m5nAtNlKhDkZjt2I="; + }; + + cscli = pkgs.writeShellScriptBin "cscli" '' + export PATH="$PATH:${cfg.package}/bin/" + + sudo=exec + if [ "$USER" != "crowdsec" ]; then + sudo='exec /run/wrappers/bin/sudo -u crowdsec' + fi + + $sudo ${cfg.package}/bin/cscli "$@" + ''; + + acquisitions = '' + --- + ${lib.concatMapStringsSep "\n---\n" builtins.toJSON cfg.acquisitions} + --- + ''; +in +{ + imports = [ ./remediations ]; + + options.security.crowdsec = + let + inherit (lib.types) + nullOr + listOf + package + path + str + ; + in + { + enable = lib.mkEnableOption "crowdsec"; + + package = lib.mkOption { + type = package; + default = pkgs.crowdsec; + }; + + stateDirectory = lib.mkOption { + type = path; + readOnly = true; + + description = '' + The state directory of the crowdsec instance. Cannot be + changed, but is exposed for downstream use. + ''; + }; + + settings = lib.mkOption { + inherit (settingsFormat) type; + default = { }; + + description = '' + The crowdsec configuration. Refer to + + for details on supported values. + ''; + }; + + parserWhitelist = lib.mkOption { + type = listOf str; + default = [ ]; + description = '' + Set of IP addresses to add to a parser-based whitelist. + + Addresses can be specified either as plain IP addresses or + in CIDR notation. + ''; + }; + + acquisitions = lib.mkOption { + type = listOf settingsFormat.type; + default = [ ]; + description = '' + Log acquisitions. + ''; + }; + + extraGroups = lib.mkOption { + type = listOf str; + default = [ ]; + description = '' + Additional groups to make the service part of. + + Required to permit reading from various log sources. + ''; + }; + + hubConfigurations = { + collections = lib.mkOption { + type = listOf str; + description = '' + List of pre-made crowdsec collections to install. + ''; + }; + + scenarios = lib.mkOption { + type = listOf str; + description = '' + List of pre-made crowdsec scenarios to install. + ''; + }; + + parsers = lib.mkOption { + type = listOf str; + description = '' + List of pre-made crowdsec parsers to install. + ''; + }; + + postoverflows = lib.mkOption { + type = listOf str; + description = '' + List of pre-made crowdsec postoverflows to install. + ''; + }; + + appsecConfigs = lib.mkOption { + type = listOf str; + description = '' + List of pre-made crowdsec appsec configurations to install. + ''; + }; + + appsecRules = lib.mkOption { + type = listOf str; + description = '' + List of pre-made crowdsec appsec rules to install. + ''; + }; + }; + + centralApiCredentials = lib.mkOption { + type = nullOr path; + default = null; + + description = '' + The API key to access crowdsec's central API - this is + required to access any of the shared blocklists. + + Use of this feature is optional, entering no API key (the + default) turns all sharing or receiving of blocked IPs off. + + Note that adding the API key by itself does not enable + sharing of blocked IPs with the central API. This limits the + types of blocklists this instance can access. + + To also turn sharing blocked IPs on, set + `api.server.online_client.sharing = true;`. + ''; + }; + + ctiApiKey = lib.mkOption { + type = nullOr path; + default = null; + + description = '' + The API key for crowdsec's CTI offering. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + # Set up default settings; anything that *shouldn't* be changed is + # set to the default priority so that users need to use + # `lib.mkForce`. + security.crowdsec = { + stateDirectory = "/var/lib/crowdsec"; + + settings = { + common = { + daemonize = true; + # The default logs to files, which isn't the preferred way + # on NixOS + log_media = "stdout"; + }; + + config_paths = { + config_dir = "${cfg.stateDirectory}/config/"; + data_dir = "${cfg.stateDirectory}/data/"; + # This "config" file is intended to be written to using the + # cscli tool, so you can temporarily make it so rules don't + # do anything but log what they *would* do for + # experimentation. + simulation_path = "${cfg.stateDirectory}/config/simulation.yaml"; + + pattern_dir = lib.mkDefault "${cfg.package}/share/crowdsec/config/patterns"; + + hub_dir = hub; + index_path = "${hub}/.index.json"; + + # Integrations aren't supported for now + notification_dir = lib.mkDefault "/var/empty/"; + plugin_dir = lib.mkDefault "/var/empty/"; + }; + + crowdsec_service.acquisition_path = + # Using an if/else here because `mkMerge` does not work in + # YAML-type options + if cfg.acquisitions == [ ] then + "${cfg.package}/share/crowdsec/config/acquis.yaml" + else + pkgs.writeText "acquis.yaml" acquisitions; + + cscli = { + prometheus_uri = lib.mkDefault "127.0.0.1:6060"; + }; + + db_config = { + type = lib.mkDefault "sqlite"; + db_path = lib.mkDefault "${cfg.stateDirectory}/data/crowdsec.db"; + use_wal = lib.mkDefault true; + flush = { + max_items = lib.mkDefault 5000; + max_age = lib.mkDefault "7d"; + }; + }; + + api = { + cti = { + enabled = cfg.ctiApiKey != null; + key = cfg.ctiApiKey; + }; + client.credentials_path = "${cfg.stateDirectory}/local_credentials.yaml"; + server = { + listen_uri = lib.mkDefault "127.0.0.1:8080"; + profiles_path = lib.mkDefault "${cfg.package}/share/crowdsec/config/profiles.yaml"; + console_path = lib.mkDefault "${cfg.package}/share/crowdsec/config/console.yaml"; + + online_client = { + # By default, we don't let crowdsec phone home, since + # this is usually within NixOS users' concerns. + sharing = lib.mkDefault false; + credentials_path = cfg.centralApiCredentials; + }; + }; + }; + + # We enable prometheus by default, since cscli relies on it + # for metrics + prometheus = { + enabled = lib.mkDefault true; + level = lib.mkDefault "full"; + listen_addr = lib.mkDefault "127.0.0.1"; + listen_port = lib.mkDefault 6060; + }; + }; + }; + + systemd.packages = [ cfg.package ]; + + environment = { + systemPackages = [ + # To add completions; sadly need to hand-roll this since + # neither `symlinkJoin` nor `buildEnv` have collision + # handling. + (pkgs.runCommandNoCCLocal "cscli" { } '' + mkdir -p $out + ln -s ${cscli}/bin $out/bin + ln -s ${cfg.package}/share $out/share + '') + ]; + + etc."crowdsec/config.yaml".source = settingsFormat.generate "crowdsec-settings.yaml" cfg.settings; + }; + + systemd = { + tmpfiles.settings."10-crowdsec" = { + "${cfg.stateDirectory}".d = { + user = "crowdsec"; + group = "crowdsec"; + mode = "0700"; + }; + + # This must be created for the setup service to work + "${cfg.stateDirectory}/config".d = { + user = "crowdsec"; + group = "crowdsec"; + mode = "0700"; + }; + + "${cfg.stateDirectory}/config/parsers".d = lib.mkIf (cfg.parserWhitelist != [ ]) { + user = "crowdsec"; + group = "crowdsec"; + mode = "0700"; + }; + + "${cfg.stateDirectory}/config/parsers/s02-enrich".d = lib.mkIf (cfg.parserWhitelist != [ ]) { + user = "crowdsec"; + group = "crowdsec"; + mode = "0700"; + }; + + "${cfg.stateDirectory}/config/parsers/s02-enrich/nixos-whitelist.yaml" = + lib.mkIf (cfg.parserWhitelist != [ ]) + { + "L+".argument = + (settingsFormat.generate "crowdsec-nixos-whitelist.yaml" { + name = "nixos/parser-whitelist"; + description = "Parser whitelist generated by the crowdsec NixOS module"; + whitelist = { + reason = "Filtered by NixOS whitelist"; + ip = lib.lists.filter (ip: !(lib.hasInfix "/" ip)) cfg.parserWhitelist; + cidr = lib.lists.filter (ip: lib.hasInfix "/" ip) cfg.parserWhitelist; + }; + }).outPath; + }; + }; + + services = { + crowdsec-setup = { + # TODO(tlater): Depend on tmpfiles path for + # /var/lib/crowdsec/config + description = "Crowdsec database and config preparation"; + + script = '' + if [ ! -e '${cfg.settings.config_paths.simulation_path}' ]; then + cp '${cfg.package}/share/crowdsec/config/simulation.yaml' '${cfg.settings.config_paths.simulation_path}' + fi + + if [ ! -e '${cfg.settings.api.client.credentials_path}' ]; then + ${cfg.package}/bin/cscli machines add --auto --file '${cfg.settings.api.client.credentials_path}' + fi + ''; + + serviceConfig = { + User = "crowdsec"; + Group = "crowdsec"; + StateDirectory = "crowdsec"; + + Type = "oneshot"; + RemainAfterExit = true; + }; + }; + + # Note that the service basics are already defined upstream + crowdsec = { + enable = true; + + after = [ "crowdsec-setup.service" ]; + bindsTo = [ "crowdsec-setup.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = "crowdsec"; + Group = "crowdsec"; + SupplementaryGroups = cfg.extraGroups; + + StateDirectory = "crowdsec"; + }; + }; + }; + }; + + users = { + users.crowdsec = { + isSystemUser = true; + home = cfg.stateDirectory; + group = "crowdsec"; + }; + groups = { + crowdsec = { }; + }; + }; + }; +} diff --git a/modules/crowdsec/remediations/cs-firewall-bouncer.nix b/modules/crowdsec/remediations/cs-firewall-bouncer.nix new file mode 100644 index 0000000..42accc6 --- /dev/null +++ b/modules/crowdsec/remediations/cs-firewall-bouncer.nix @@ -0,0 +1,87 @@ +{ + flake-inputs, + pkgs, + lib, + config, + ... +}: +let + inherit (flake-inputs.self.packages.${pkgs.system}) crowdsec-firewall-bouncer; + + crowdsecCfg = config.security.crowdsec; + cfg = crowdsecCfg.remediationComponents.firewallBouncer; + settingsFormat = pkgs.formats.yaml { }; +in +{ + options.security.crowdsec.remediationComponents.firewallBouncer = { + enable = lib.mkEnableOption "cs-firewall-bouncer"; + + settings = lib.mkOption { + inherit (settingsFormat) type; + default = { }; + + description = '' + The bouncer configuration. Refer to + for details + on supported values. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + security.crowdsec.remediationComponents.firewallBouncer.settings = { + mode = lib.mkDefault "${if config.networking.nftables.enable then "nftables" else "iptables"}"; + log_mode = "stdout"; + iptables_chains = [ "nixos-fw" ]; + + # Don't let users easily override this; unfortunately we need to + # set up this key through substitution at runtime. + api_key = lib.mkForce "\${API_KEY}"; + api_url = lib.mkDefault "http://${crowdsecCfg.settings.api.server.listen_uri}"; + }; + + systemd = { + packages = [ crowdsec-firewall-bouncer ]; + + services = { + crowdsec-firewall-bouncer-setup = { + description = "Crowdsec firewall bouncer config preparation"; + script = '' + if [ ! -e '${crowdsecCfg.stateDirectory}/firewall_bouncer_credentials.yaml' ]; then + ${crowdsecCfg.package}/bin/cscli -oraw bouncers add "cs-firewall-bouncer-$(${pkgs.coreutils}/bin/date +%s)" > \ + ${crowdsecCfg.stateDirectory}/firewall_bouncer_credentials.yaml + fi + + # Stdout redirection is deliberately used to forcibly + # overwrite the file if it exists + API_KEY="$(<${crowdsecCfg.stateDirectory}/firewall_bouncer_credentials.yaml)" \ + ${lib.getExe pkgs.envsubst} \ + -i ${settingsFormat.generate "crowdsec-firewall-bouncer.yaml" cfg.settings} \ + > /var/lib/crowdsec/config/crowdsec-firewall-bouncer.yaml + ''; + + serviceConfig = { + User = "crowdsec"; + Group = "crowdsec"; + + Type = "oneshot"; + RemainAfterExit = true; + }; + }; + + crowdsec-firewall-bouncer = { + enable = true; + + after = [ "crowdsec-firewall-bouncer-setup.service" ]; + bindsTo = [ "crowdsec-firewall-bouncer-setup.service" ]; + requiredBy = [ "crowdsec.service" ]; + + path = + lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [ pkgs.ipset ] + ++ lib.optional (cfg.settings.mode == "iptables") pkgs.iptables + ++ lib.optional (cfg.settings.mode == "nftables") pkgs.nftables; + }; + }; + }; + }; +} diff --git a/modules/crowdsec/remediations/default.nix b/modules/crowdsec/remediations/default.nix new file mode 100644 index 0000000..c3c0790 --- /dev/null +++ b/modules/crowdsec/remediations/default.nix @@ -0,0 +1 @@ +{ imports = [ ./cs-firewall-bouncer.nix ]; } diff --git a/modules/default.nix b/modules/default.nix index c03a700..89f1752 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1 +1,6 @@ -{ imports = [ ./serviceTests/stub.nix ]; } +{ + imports = [ + ./crowdsec + ./nginxExtensions.nix + ]; +} diff --git a/modules/nginxExtensions.nix b/modules/nginxExtensions.nix new file mode 100644 index 0000000..bd505d3 --- /dev/null +++ b/modules/nginxExtensions.nix @@ -0,0 +1,59 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + options = { + services.nginx.domain = lib.mkOption { + type = lib.types.str; + description = "The base domain name to append to virtual domain names"; + }; + + services.nginx.virtualHosts = + let + extraVirtualHostOptions = + { name, config, ... }: + { + options = { + enableHSTS = lib.mkEnableOption "Enable HSTS"; + + addAccessLog = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Add special logging to `/var/log/nginx/''${serverName}` + ''; + }; + }; + + config = { + extraConfig = lib.concatStringsSep "\n" [ + (lib.optionalString config.enableHSTS '' + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + '') + (lib.optionalString config.addAccessLog '' + access_log /var/log/nginx/${name}/access.log upstream_time; + '') + ]; + }; + }; + in + lib.mkOption { type = lib.types.attrsOf (lib.types.submodule extraVirtualHostOptions); }; + }; + + config = { + # Don't attempt to run acme if the domain name is not tlater.net + systemd.services = + let + confirm = ''[[ "tlater.net" = ${config.services.nginx.domain} ]]''; + in + lib.mapAttrs' ( + cert: _: + lib.nameValuePair "acme-${cert}" { + serviceConfig.ExecCondition = ''${pkgs.runtimeShell} -c '${confirm}' ''; + } + ) config.security.acme.certs; + }; +} diff --git a/modules/serviceTests/mocks.nix b/modules/serviceTests/mocks.nix deleted file mode 100644 index f864253..0000000 --- a/modules/serviceTests/mocks.nix +++ /dev/null @@ -1,27 +0,0 @@ -/** - Module containing mock definitions for service test runners. -*/ -{ flake-inputs, lib, ... }: -{ - imports = [ - flake-inputs.sops-nix.nixosModules.sops - ../. - ../../configuration/services/backups.nix - ]; - - sops.defaultSopsFile = ../../keys/staging.yaml; - environment.etc."staging.key" = { - mode = "0400"; - source = ../../keys/hosts/staging.key; - }; - services.openssh = { - enable = true; - hostKeys = lib.mkForce [ - { - type = "rsa"; - bits = 4096; - path = "/etc/staging.key"; - } - ]; - }; -} diff --git a/modules/serviceTests/stub.nix b/modules/serviceTests/stub.nix deleted file mode 100644 index d4a4b78..0000000 --- a/modules/serviceTests/stub.nix +++ /dev/null @@ -1,20 +0,0 @@ -/** - Module to make writing service-specific tests easy. -*/ -{ lib, ... }: -let - inherit (lib) mkOption types; -in -{ - options = { - serviceTests = mkOption { - type = types.attrsOf types.package; - - description = '' - NixOS tests to run. - ''; - - default = { }; - }; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index 46a9b61..31335a6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,10 +1,5 @@ -{ - perSystem = - { pkgs, ... }: - { - packages = pkgs.lib.packagesFromDirectoryRecursive { - inherit (pkgs) callPackage; - directory = ./packages; - }; - }; +{ pkgs }: +pkgs.lib.packagesFromDirectoryRecursive { + inherit (pkgs) callPackage; + directory = ./packages; } diff --git a/pkgs/packages/crowdsec-firewall-bouncer.nix b/pkgs/packages/crowdsec-firewall-bouncer.nix new file mode 100644 index 0000000..41bba86 --- /dev/null +++ b/pkgs/packages/crowdsec-firewall-bouncer.nix @@ -0,0 +1,51 @@ +{ + lib, + fetchFromGitHub, + buildGoModule, + envsubst, + coreutils, + + writers, + nix-update, +}: +let + envsubstBin = lib.getExe envsubst; +in +buildGoModule (drv: { + pname = "crowdsec-firewall-bouncer"; + version = drv.src.rev; + + src = fetchFromGitHub { + owner = "crowdsecurity"; + repo = "cs-firewall-bouncer"; + rev = "0.0.34"; + sha256 = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g="; + }; + + vendorHash = "sha256-SbpclloBgd9vffC0lBduGRqPOqmzQ0J91/KeDHCh0jo="; + + postInstall = '' + mkdir -p $out/lib/systemd/system + + CFG=/var/lib/crowdsec/config BIN=$out/bin/cs-firewall-bouncer ${envsubstBin} \ + -i ./config/crowdsec-firewall-bouncer.service \ + -o $out/lib/systemd/system/crowdsec-firewall-bouncer.service + + substituteInPlace $out/lib/systemd/system/crowdsec-firewall-bouncer.service \ + --replace-fail /bin/sleep ${coreutils}/bin/sleep + ''; + + passthru.updateScript = + writers.writeNuBin "update-crowdsec-firewall-bouncer" + { + makeWrapperArgs = [ + "--prefix" + "PATH" + ":" + (lib.makeBinPath [ nix-update ]) + ]; + } + '' + nix-update --flake --format crowdsec-firewall-bouncer + ''; +}) diff --git a/pkgs/packages/crowdsec-hub.nix b/pkgs/packages/crowdsec-hub.nix new file mode 100644 index 0000000..3d0ad28 --- /dev/null +++ b/pkgs/packages/crowdsec-hub.nix @@ -0,0 +1,38 @@ +{ + lib, + fetchFromGitHub, + stdenvNoCC, + + writers, + nix-update, +}: +# Using `mkDerivation` so nix-update can pick up the version +stdenvNoCC.mkDerivation (drv: { + pname = "crowdsec-hub"; + version = drv.src.rev; + + src = fetchFromGitHub { + owner = "crowdsecurity"; + repo = "hub"; + rev = "b63d9e925cfdd70f818a6a136ea53d5c8ca96d9a"; + hash = "sha256-FMArGnR/pI/QlzsznStp8vzs/LbXooVgLdoTw+eSbec="; + }; + + installPhase = '' + cp -r $src $out + ''; + + passthru.updateScript = + writers.writeNuBin "update-crowdsec-hub" + { + makeWrapperArgs = [ + "--prefix" + "PATH" + ":" + (lib.makeBinPath [ nix-update ]) + ]; + } + '' + nix-update --flake --format --version=branch crowdsec-hub + ''; +}) diff --git a/pkgs/packages/webserver/.gitignore b/pkgs/packages/webserver/.gitignore deleted file mode 100644 index 2f7896d..0000000 --- a/pkgs/packages/webserver/.gitignore +++ /dev/null @@ -1 +0,0 @@ -target/ diff --git a/pkgs/packages/webserver/Cargo.lock b/pkgs/packages/webserver/Cargo.lock deleted file mode 100644 index 790783b..0000000 --- a/pkgs/packages/webserver/Cargo.lock +++ /dev/null @@ -1,3704 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 4 - -[[package]] -name = "aho-corasick" -version = "1.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" -dependencies = [ - "memchr", -] - -[[package]] -name = "any_spawner" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1384d3fe1eecb464229fcf6eebb72306591c56bf27b373561489458a7c73027d" -dependencies = [ - "futures", - "thiserror 2.0.18", - "tokio", - "wasm-bindgen-futures", -] - -[[package]] -name = "anyhow" -version = "1.0.101" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f0e0fee31ef5ed1ba1316088939cea399010ed7731dba877ed44aeb407a75ea" - -[[package]] -name = "async-lock" -version = "3.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f7f2596bd5b78a9fec8088ccd89180d7f9f55b94b0576823bbbdc72ee8311" -dependencies = [ - "event-listener", - "event-listener-strategy", - "pin-project-lite", -] - -[[package]] -name = "async-once-cell" -version = "0.5.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4288f83726785267c6f2ef073a3d83dc3f9b81464e9f99898240cced85fce35a" - -[[package]] -name = "async-trait" -version = "0.1.89" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "atomic" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a89cbf775b137e9b968e67227ef7f775587cde3fd31b0d8599dbd0f598a48340" -dependencies = [ - "bytemuck", -] - -[[package]] -name = "atomic-waker" -version = "1.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" - -[[package]] -name = "attribute-derive" -version = "0.10.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05832cdddc8f2650cc2cc187cc2e952b8c133a48eb055f35211f61ee81502d77" -dependencies = [ - "attribute-derive-macro", - "derive-where", - "manyhow", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "attribute-derive-macro" -version = "0.10.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a7cdbbd4bd005c5d3e2e9c885e6fa575db4f4a3572335b974d8db853b6beb61" -dependencies = [ - "collection_literals", - "interpolator", - "manyhow", - "proc-macro-utils", - "proc-macro2", - "quote", - "quote-use", - "syn", -] - -[[package]] -name = "axum" -version = "0.8.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b52af3cb4058c895d37317bb27508dccc8e5f2d39454016b297bf4a400597b8" -dependencies = [ - "axum-core", - "axum-macros", - "base64", - "bytes", - "form_urlencoded", - "futures-util", - "http", - "http-body", - "http-body-util", - "hyper", - "hyper-util", - "itoa", - "matchit", - "memchr", - "mime", - "multer", - "percent-encoding", - "pin-project-lite", - "serde_core", - "serde_json", - "serde_path_to_error", - "serde_urlencoded", - "sha1", - "sync_wrapper", - "tokio", - "tokio-tungstenite", - "tower", - "tower-layer", - "tower-service", - "tracing", -] - -[[package]] -name = "axum-core" -version = "0.5.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08c78f31d7b1291f7ee735c1c6780ccde7785daae9a9206026862dab7d8792d1" -dependencies = [ - "bytes", - "futures-core", - "http", - "http-body", - "http-body-util", - "mime", - "pin-project-lite", - "sync_wrapper", - "tower-layer", - "tower-service", - "tracing", -] - -[[package]] -name = "axum-macros" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "604fde5e028fea851ce1d8570bbdc034bec850d157f7569d10f347d06808c05c" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "base16" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d27c3610c36aee21ce8ac510e6224498de4228ad772a171ed65643a24693a5a8" - -[[package]] -name = "base64" -version = "0.22.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" - -[[package]] -name = "bitflags" -version = "2.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af" - -[[package]] -name = "block-buffer" -version = "0.10.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" -dependencies = [ - "generic-array", -] - -[[package]] -name = "bumpalo" -version = "3.19.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510" - -[[package]] -name = "bytemuck" -version = "1.25.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8efb64bd706a16a1bdde310ae86b351e4d21550d98d056f22f8a7f7a2183fec" - -[[package]] -name = "bytes" -version = "1.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" - -[[package]] -name = "camino" -version = "1.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e629a66d692cb9ff1a1c664e41771b3dcaf961985a9774c0eb0bd1b51cf60a48" - -[[package]] -name = "cc" -version = "1.2.56" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aebf35691d1bfb0ac386a69bac2fde4dd276fb618cf8bf4f5318fe285e821bb2" -dependencies = [ - "find-msvc-tools", - "shlex", -] - -[[package]] -name = "cfg-if" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" - -[[package]] -name = "cfg_aliases" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" - -[[package]] -name = "codee" -version = "0.3.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9dbbdc4b4d349732bc6690de10a9de952bd39ba6a065c586e26600b6b0b91f5" -dependencies = [ - "serde", - "serde_json", - "thiserror 2.0.18", -] - -[[package]] -name = "collection_literals" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2550f75b8cfac212855f6b1885455df8eaee8fe8e246b647d69146142e016084" - -[[package]] -name = "concurrent-queue" -version = "2.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973" -dependencies = [ - "crossbeam-utils", -] - -[[package]] -name = "config" -version = "0.15.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b30fa8254caad766fc03cb0ccae691e14bf3bd72bfff27f72802ce729551b3d6" -dependencies = [ - "convert_case 0.6.0", - "pathdiff", - "serde_core", - "toml 0.9.12+spec-1.1.0", - "winnow", -] - -[[package]] -name = "console_error_panic_hook" -version = "0.1.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a06aeb73f470f66dcdbf7223caeebb85984942f22f1adb2a088cf9668146bbbc" -dependencies = [ - "cfg-if", - "wasm-bindgen", -] - -[[package]] -name = "const-str" -version = "0.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "451d0640545a0553814b4c646eb549343561618838e9b42495f466131fe3ad49" - -[[package]] -name = "const_format" -version = "0.2.35" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7faa7469a93a566e9ccc1c73fe783b4a65c274c5ace346038dca9c39fe0030ad" -dependencies = [ - "const_format_proc_macros", -] - -[[package]] -name = "const_format_proc_macros" -version = "0.2.34" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d57c2eccfb16dbac1f4e61e206105db5820c9d26c3c472bc17c774259ef7744" -dependencies = [ - "proc-macro2", - "quote", - "unicode-xid", -] - -[[package]] -name = "const_str_slice_concat" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f67855af358fcb20fac58f9d714c94e2b228fe5694c1c9b4ead4a366343eda1b" - -[[package]] -name = "convert_case" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec182b0ca2f35d8fc196cf3404988fd8b8c739a4d270ff118a398feb0cbec1ca" -dependencies = [ - "unicode-segmentation", -] - -[[package]] -name = "convert_case" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baaaa0ecca5b51987b9423ccdc971514dd8b0bb7b4060b983d3664dad3f1f89f" -dependencies = [ - "unicode-segmentation", -] - -[[package]] -name = "convert_case" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "affbf0190ed2caf063e3def54ff444b449371d55c58e513a95ab98eca50adb49" -dependencies = [ - "unicode-segmentation", -] - -[[package]] -name = "convert_case_extras" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "589c70f0faf8aa9d17787557d5eae854d7755cac50f5c3d12c81d3d57661cebb" -dependencies = [ - "convert_case 0.11.0", -] - -[[package]] -name = "core-foundation" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" -dependencies = [ - "core-foundation-sys", - "libc", -] - -[[package]] -name = "core-foundation" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6" -dependencies = [ - "core-foundation-sys", - "libc", -] - -[[package]] -name = "core-foundation-sys" -version = "0.8.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" - -[[package]] -name = "cpufeatures" -version = "0.2.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" -dependencies = [ - "libc", -] - -[[package]] -name = "crossbeam-utils" -version = "0.8.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" - -[[package]] -name = "crypto-common" -version = "0.1.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a" -dependencies = [ - "generic-array", - "typenum", -] - -[[package]] -name = "dashmap" -version = "6.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf" -dependencies = [ - "cfg-if", - "crossbeam-utils", - "hashbrown 0.14.5", - "lock_api", - "once_cell", - "parking_lot_core", -] - -[[package]] -name = "data-encoding" -version = "2.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea" - -[[package]] -name = "derive-where" -version = "1.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef941ded77d15ca19b40374869ac6000af1c9f2a4c0f3d4c70926287e6364a8f" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "digest" -version = "0.10.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" -dependencies = [ - "block-buffer", - "crypto-common", -] - -[[package]] -name = "displaydoc" -version = "0.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "drain_filter_polyfill" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "669a445ee724c5c69b1b06fe0b63e70a1c84bc9bb7d9696cd4f4e3ec45050408" - -[[package]] -name = "either" -version = "1.15.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" - -[[package]] -name = "either_of" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "216d23e0ec69759a17f05e1c553f3a6870e5ec73420fbb07807a6f34d5d1d5a4" -dependencies = [ - "paste", - "pin-project-lite", -] - -[[package]] -name = "encoding_rs" -version = "0.8.35" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3" -dependencies = [ - "cfg-if", -] - -[[package]] -name = "equivalent" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" - -[[package]] -name = "erased" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1731451909bde27714eacba19c2566362a7f35224f52b153d3f42cf60f72472" - -[[package]] -name = "errno" -version = "0.3.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" -dependencies = [ - "libc", - "windows-sys 0.61.2", -] - -[[package]] -name = "event-listener" -version = "5.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e13b66accf52311f30a0db42147dadea9850cb48cd070028831ae5f5d4b856ab" -dependencies = [ - "concurrent-queue", - "parking", - "pin-project-lite", -] - -[[package]] -name = "event-listener-strategy" -version = "0.5.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8be9f3dfaaffdae2972880079a491a1a8bb7cbed0b8dd7a347f668b4150a3b93" -dependencies = [ - "event-listener", - "pin-project-lite", -] - -[[package]] -name = "fastrand" -version = "2.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" - -[[package]] -name = "figment" -version = "0.10.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cb01cd46b0cf372153850f4c6c272d9cbea2da513e07538405148f95bd789f3" -dependencies = [ - "atomic", - "pear", - "serde", - "toml 0.8.23", - "uncased", - "version_check", -] - -[[package]] -name = "find-msvc-tools" -version = "0.1.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" - -[[package]] -name = "fnv" -version = "1.0.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" - -[[package]] -name = "foldhash" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" - -[[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-shared" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" - -[[package]] -name = "form_urlencoded" -version = "1.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" -dependencies = [ - "percent-encoding", -] - -[[package]] -name = "futures" -version = "0.3.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b147ee9d1f6d097cef9ce628cd2ee62288d963e16fb287bd9286455b241382d" -dependencies = [ - "futures-channel", - "futures-core", - "futures-executor", - "futures-io", - "futures-sink", - "futures-task", - "futures-util", -] - -[[package]] -name = "futures-channel" -version = "0.3.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d" -dependencies = [ - "futures-core", - "futures-sink", -] - -[[package]] -name = "futures-core" -version = "0.3.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" - -[[package]] -name = "futures-executor" -version = "0.3.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d" -dependencies = [ - "futures-core", - "futures-task", - "futures-util", -] - -[[package]] -name = "futures-io" -version = "0.3.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718" - -[[package]] -name = "futures-macro" -version = "0.3.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "futures-sink" -version = "0.3.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" - -[[package]] -name = "futures-task" -version = "0.3.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" - -[[package]] -name = "futures-util" -version = "0.3.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" -dependencies = [ - "futures-channel", - "futures-core", - "futures-io", - "futures-macro", - "futures-sink", - "futures-task", - "memchr", - "pin-project-lite", - "slab", -] - -[[package]] -name = "generic-array" -version = "0.14.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" -dependencies = [ - "typenum", - "version_check", -] - -[[package]] -name = "getrandom" -version = "0.2.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" -dependencies = [ - "cfg-if", - "js-sys", - "libc", - "wasi", - "wasm-bindgen", -] - -[[package]] -name = "getrandom" -version = "0.3.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" -dependencies = [ - "cfg-if", - "js-sys", - "libc", - "r-efi", - "wasip2", - "wasm-bindgen", -] - -[[package]] -name = "getrandom" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "139ef39800118c7683f2fd3c98c1b23c09ae076556b435f8e9064ae108aaeeec" -dependencies = [ - "cfg-if", - "libc", - "r-efi", - "wasip2", - "wasip3", -] - -[[package]] -name = "gloo-net" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c06f627b1a58ca3d42b45d6104bf1e1a03799df472df00988b6ba21accc10580" -dependencies = [ - "futures-channel", - "futures-core", - "futures-sink", - "gloo-utils", - "http", - "js-sys", - "pin-project", - "serde", - "serde_json", - "thiserror 1.0.69", - "wasm-bindgen", - "wasm-bindgen-futures", - "web-sys", -] - -[[package]] -name = "gloo-utils" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b5555354113b18c547c1d3a98fbf7fb32a9ff4f6fa112ce823a21641a0ba3aa" -dependencies = [ - "js-sys", - "serde", - "serde_json", - "wasm-bindgen", - "web-sys", -] - -[[package]] -name = "guardian" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17e2ac29387b1aa07a1e448f7bb4f35b500787971e965b02842b900afa5c8f6f" - -[[package]] -name = "h2" -version = "0.4.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54" -dependencies = [ - "atomic-waker", - "bytes", - "fnv", - "futures-core", - "futures-sink", - "http", - "indexmap", - "slab", - "tokio", - "tokio-util", - "tracing", -] - -[[package]] -name = "hashbrown" -version = "0.14.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" - -[[package]] -name = "hashbrown" -version = "0.15.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" -dependencies = [ - "foldhash", -] - -[[package]] -name = "hashbrown" -version = "0.16.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" - -[[package]] -name = "heck" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" - -[[package]] -name = "html-escape" -version = "0.2.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d1ad449764d627e22bfd7cd5e8868264fc9236e07c752972b4080cd351cb476" -dependencies = [ - "utf8-width", -] - -[[package]] -name = "http" -version = "1.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a" -dependencies = [ - "bytes", - "itoa", -] - -[[package]] -name = "http-body" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" -dependencies = [ - "bytes", - "http", -] - -[[package]] -name = "http-body-util" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a" -dependencies = [ - "bytes", - "futures-core", - "http", - "http-body", - "pin-project-lite", -] - -[[package]] -name = "http-range-header" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c" - -[[package]] -name = "httparse" -version = "1.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87" - -[[package]] -name = "httpdate" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" - -[[package]] -name = "hydration_context" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8714ae4adeaa846d838f380fbd72f049197de629948f91bf045329e0cf0a283" -dependencies = [ - "futures", - "js-sys", - "once_cell", - "or_poisoned", - "pin-project-lite", - "serde", - "throw_error", - "wasm-bindgen", -] - -[[package]] -name = "hyper" -version = "1.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11" -dependencies = [ - "atomic-waker", - "bytes", - "futures-channel", - "futures-core", - "h2", - "http", - "http-body", - "httparse", - "httpdate", - "itoa", - "pin-project-lite", - "pin-utils", - "smallvec", - "tokio", - "want", -] - -[[package]] -name = "hyper-rustls" -version = "0.27.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3c93eb611681b207e1fe55d5a71ecf91572ec8a6705cdb6857f7d8d5242cf58" -dependencies = [ - "http", - "hyper", - "hyper-util", - "rustls", - "rustls-pki-types", - "tokio", - "tokio-rustls", - "tower-service", - "webpki-roots", -] - -[[package]] -name = "hyper-tls" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" -dependencies = [ - "bytes", - "http-body-util", - "hyper", - "hyper-util", - "native-tls", - "tokio", - "tokio-native-tls", - "tower-service", -] - -[[package]] -name = "hyper-util" -version = "0.1.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0" -dependencies = [ - "base64", - "bytes", - "futures-channel", - "futures-util", - "http", - "http-body", - "hyper", - "ipnet", - "libc", - "percent-encoding", - "pin-project-lite", - "socket2", - "system-configuration", - "tokio", - "tower-service", - "tracing", - "windows-registry", -] - -[[package]] -name = "icu_collections" -version = "2.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c6b649701667bbe825c3b7e6388cb521c23d88644678e83c0c4d0a621a34b43" -dependencies = [ - "displaydoc", - "potential_utf", - "yoke", - "zerofrom", - "zerovec", -] - -[[package]] -name = "icu_locale_core" -version = "2.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "edba7861004dd3714265b4db54a3c390e880ab658fec5f7db895fae2046b5bb6" -dependencies = [ - "displaydoc", - "litemap", - "tinystr", - "writeable", - "zerovec", -] - -[[package]] -name = "icu_normalizer" -version = "2.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f6c8828b67bf8908d82127b2054ea1b4427ff0230ee9141c54251934ab1b599" -dependencies = [ - "icu_collections", - "icu_normalizer_data", - "icu_properties", - "icu_provider", - "smallvec", - "zerovec", -] - -[[package]] -name = "icu_normalizer_data" -version = "2.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7aedcccd01fc5fe81e6b489c15b247b8b0690feb23304303a9e560f37efc560a" - -[[package]] -name = "icu_properties" -version = "2.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec" -dependencies = [ - "icu_collections", - "icu_locale_core", - "icu_properties_data", - "icu_provider", - "zerotrie", - "zerovec", -] - -[[package]] -name = "icu_properties_data" -version = "2.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af" - -[[package]] -name = "icu_provider" -version = "2.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85962cf0ce02e1e0a629cc34e7ca3e373ce20dda4c4d7294bbd0bf1fdb59e614" -dependencies = [ - "displaydoc", - "icu_locale_core", - "writeable", - "yoke", - "zerofrom", - "zerotrie", - "zerovec", -] - -[[package]] -name = "id-arena" -version = "2.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" - -[[package]] -name = "idna" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de" -dependencies = [ - "idna_adapter", - "smallvec", - "utf8_iter", -] - -[[package]] -name = "idna_adapter" -version = "1.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344" -dependencies = [ - "icu_normalizer", - "icu_properties", -] - -[[package]] -name = "indexmap" -version = "2.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" -dependencies = [ - "equivalent", - "hashbrown 0.16.1", - "serde", - "serde_core", -] - -[[package]] -name = "inlinable_string" -version = "0.1.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8fae54786f62fb2918dcfae3d568594e50eb9b5c25bf04371af6fe7516452fb" - -[[package]] -name = "interpolator" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71dd52191aae121e8611f1e8dc3e324dd0dd1dee1e6dd91d10ee07a3cfb4d9d8" - -[[package]] -name = "inventory" -version = "0.3.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc61209c082fbeb19919bee74b176221b27223e27b65d781eb91af24eb1fb46e" -dependencies = [ - "rustversion", -] - -[[package]] -name = "ipnet" -version = "2.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130" - -[[package]] -name = "iri-string" -version = "0.7.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a" -dependencies = [ - "memchr", - "serde", -] - -[[package]] -name = "itertools" -version = "0.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b192c782037fadd9cfa75548310488aabdbf3d2da73885b31bd0abd03351285" -dependencies = [ - "either", -] - -[[package]] -name = "itoa" -version = "1.0.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" - -[[package]] -name = "js-sys" -version = "0.3.77" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f" -dependencies = [ - "once_cell", - "wasm-bindgen", -] - -[[package]] -name = "leb128fmt" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" - -[[package]] -name = "leptos" -version = "0.8.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87c98f6d751e524ff425ad9d63d53e120ed68311ffbc22bbd9c0b3c4005a421e" -dependencies = [ - "any_spawner", - "base64", - "cfg-if", - "either_of", - "futures", - "getrandom 0.3.4", - "hydration_context", - "leptos_config", - "leptos_dom", - "leptos_hot_reload", - "leptos_macro", - "leptos_server", - "oco_ref", - "or_poisoned", - "paste", - "rand", - "reactive_graph", - "rustc-hash", - "rustc_version", - "send_wrapper", - "serde", - "serde_json", - "serde_qs", - "server_fn", - "slotmap", - "tachys", - "thiserror 2.0.18", - "throw_error", - "typed-builder 0.22.0", - "typed-builder-macro 0.22.0", - "wasm-bindgen", - "wasm-bindgen-futures", - "wasm_split_helpers", - "web-sys", -] - -[[package]] -name = "leptos_axum" -version = "0.8.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0caa95760f87f3067e05025140becefdbdfd36cbc2adac4519f06e1f1edf4af" -dependencies = [ - "any_spawner", - "axum", - "dashmap", - "futures", - "hydration_context", - "leptos", - "leptos_integration_utils", - "leptos_macro", - "leptos_meta", - "leptos_router", - "parking_lot", - "server_fn", - "tachys", - "tokio", - "tower", - "tower-http", -] - -[[package]] -name = "leptos_config" -version = "0.8.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19a2ac32008dda0d657f2147cc33336f4e743e091597db10f7a99d668e92a46d" -dependencies = [ - "config", - "regex", - "serde", - "thiserror 2.0.18", - "typed-builder 0.23.2", -] - -[[package]] -name = "leptos_dom" -version = "0.8.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35742e9ed8f8aaf9e549b454c68a7ac0992536e06856365639b111f72ab07884" -dependencies = [ - "js-sys", - "or_poisoned", - "reactive_graph", - "send_wrapper", - "tachys", - "wasm-bindgen", - "web-sys", -] - -[[package]] -name = "leptos_hot_reload" -version = "0.8.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d2a0f220c8a5ef3c51199dfb9cdd702bc0eb80d52fbe70c7890adfaaae8a4b1" -dependencies = [ - "anyhow", - "camino", - "indexmap", - "or_poisoned", - "proc-macro2", - "quote", - "rstml", - "serde", - "syn", - "walkdir", -] - -[[package]] -name = "leptos_integration_utils" -version = "0.8.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13cccc9305df53757bae61bf15641bfa6a667b5f78456ace4879dfe0591ae0e8" -dependencies = [ - "futures", - "hydration_context", - "leptos", - "leptos_config", - "leptos_meta", - "leptos_router", - "reactive_graph", -] - -[[package]] -name = "leptos_macro" -version = "0.8.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712325a77f1d050bf2897061ccaf2b075930aab36954980d658f04452686c474" -dependencies = [ - "attribute-derive", - "cfg-if", - "convert_case 0.11.0", - "convert_case_extras", - "html-escape", - "itertools", - "leptos_hot_reload", - "prettyplease", - "proc-macro-error2", - "proc-macro2", - "quote", - "rstml", - "rustc_version", - "server_fn_macro", - "syn", - "uuid", -] - -[[package]] -name = "leptos_meta" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d489e38d3f541e9e43ecc2e3a815527840345a2afca629b3e23fcc1dd254578" -dependencies = [ - "futures", - "indexmap", - "leptos", - "or_poisoned", - "send_wrapper", - "wasm-bindgen", - "web-sys", -] - -[[package]] -name = "leptos_router" -version = "0.8.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b824cae28db1551b71f8c2a45eab7bb98d61407f5adcc368cfe7b671e4a71d" -dependencies = [ - "any_spawner", - "either_of", - "futures", - "gloo-net", - "js-sys", - "leptos", - "leptos_router_macro", - "or_poisoned", - "percent-encoding", - "reactive_graph", - "rustc_version", - "send_wrapper", - "tachys", - "thiserror 2.0.18", - "url", - "wasm-bindgen", - "web-sys", -] - -[[package]] -name = "leptos_router_macro" -version = "0.8.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "409c0bd99f986c3cfa1a4db2443c835bc602ded1a12784e22ecb28c3ed5a2ae2" -dependencies = [ - "proc-macro-error2", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "leptos_server" -version = "0.8.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbf1045af93050bf3388d1c138426393fc131f6d9e46a65519da884c033ed730" -dependencies = [ - "any_spawner", - "base64", - "codee", - "futures", - "hydration_context", - "or_poisoned", - "reactive_graph", - "send_wrapper", - "serde", - "serde_json", - "server_fn", - "tachys", -] - -[[package]] -name = "libc" -version = "0.2.182" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6800badb6cb2082ffd7b6a67e6125bb39f18782f793520caee8cb8846be06112" - -[[package]] -name = "linux-raw-sys" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df1d3c3b53da64cf5760482273a98e575c651a67eec7f77df96b5b642de8f039" - -[[package]] -name = "litemap" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6373607a59f0be73a39b6fe456b8192fcc3585f602af20751600e974dd455e77" - -[[package]] -name = "lock_api" -version = "0.4.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" -dependencies = [ - "scopeguard", -] - -[[package]] -name = "log" -version = "0.4.29" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" - -[[package]] -name = "lru-slab" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154" - -[[package]] -name = "manyhow" -version = "0.11.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b33efb3ca6d3b07393750d4030418d594ab1139cee518f0dc88db70fec873587" -dependencies = [ - "manyhow-macros", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "manyhow-macros" -version = "0.11.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46fce34d199b78b6e6073abf984c9cf5fd3e9330145a93ee0738a7443e371495" -dependencies = [ - "proc-macro-utils", - "proc-macro2", - "quote", -] - -[[package]] -name = "markdown_view_leptos" -version = "0.1.92" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e163223791290ed4ab63635ccd579e251264f3b1421d98591c2b0ea3908e1952" -dependencies = [ - "proc-macro2", - "pulldown-cmark", - "quote", - "reqwest", - "syn", -] - -[[package]] -name = "matchit" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3" - -[[package]] -name = "memchr" -version = "2.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" - -[[package]] -name = "mime" -version = "0.3.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" - -[[package]] -name = "mime_guess" -version = "2.0.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e" -dependencies = [ - "mime", - "unicase", -] - -[[package]] -name = "mio" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a69bcab0ad47271a0234d9422b131806bf3968021e5dc9328caf2d4cd58557fc" -dependencies = [ - "libc", - "wasi", - "windows-sys 0.61.2", -] - -[[package]] -name = "multer" -version = "3.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83e87776546dc87511aa5ee218730c92b666d7264ab6ed41f9d215af9cd5224b" -dependencies = [ - "bytes", - "encoding_rs", - "futures-util", - "http", - "httparse", - "memchr", - "mime", - "spin", - "version_check", -] - -[[package]] -name = "native-tls" -version = "0.2.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d5d26952a508f321b4d3d2e80e78fc2603eaefcdf0c30783867f19586518bdc" -dependencies = [ - "libc", - "log", - "openssl", - "openssl-probe", - "openssl-sys", - "schannel", - "security-framework", - "security-framework-sys", - "tempfile", -] - -[[package]] -name = "next_tuple" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60993920e071b0c9b66f14e2b32740a4e27ffc82854dcd72035887f336a09a28" - -[[package]] -name = "oco_ref" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed0423ff9973dea4d6bd075934fdda86ebb8c05bdf9d6b0507067d4a1226371d" -dependencies = [ - "serde", - "thiserror 2.0.18", -] - -[[package]] -name = "once_cell" -version = "1.21.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" - -[[package]] -name = "openssl" -version = "0.10.75" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08838db121398ad17ab8531ce9de97b244589089e290a384c900cb9ff7434328" -dependencies = [ - "bitflags", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "openssl-probe" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" - -[[package]] -name = "openssl-sys" -version = "0.9.111" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82cab2d520aa75e3c58898289429321eb788c3106963d0dc886ec7a5f4adc321" -dependencies = [ - "cc", - "libc", - "pkg-config", - "vcpkg", -] - -[[package]] -name = "or_poisoned" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c04f5d74368e4d0dfe06c45c8627c81bd7c317d52762d118fb9b3076f6420fd" - -[[package]] -name = "parking" -version = "2.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f38d5652c16fde515bb1ecef450ab0f6a219d619a7274976324d5e377f7dceba" - -[[package]] -name = "parking_lot" -version = "0.12.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" -dependencies = [ - "lock_api", - "parking_lot_core", -] - -[[package]] -name = "parking_lot_core" -version = "0.9.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" -dependencies = [ - "cfg-if", - "libc", - "redox_syscall", - "smallvec", - "windows-link", -] - -[[package]] -name = "paste" -version = "1.0.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" - -[[package]] -name = "pathdiff" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df94ce210e5bc13cb6651479fa48d14f601d9858cfe0467f43ae157023b938d3" - -[[package]] -name = "pear" -version = "0.2.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bdeeaa00ce488657faba8ebf44ab9361f9365a97bd39ffb8a60663f57ff4b467" -dependencies = [ - "inlinable_string", - "pear_codegen", - "yansi", -] - -[[package]] -name = "pear_codegen" -version = "0.2.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bab5b985dc082b345f812b7df84e1bef27e7207b39e448439ba8bd69c93f147" -dependencies = [ - "proc-macro2", - "proc-macro2-diagnostics", - "quote", - "syn", -] - -[[package]] -name = "percent-encoding" -version = "2.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" - -[[package]] -name = "pin-project" -version = "1.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "677f1add503faace112b9f1373e43e9e054bfdd22ff1a63c1bc485eaec6a6a8a" -dependencies = [ - "pin-project-internal", -] - -[[package]] -name = "pin-project-internal" -version = "1.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e918e4ff8c4549eb882f14b3a4bc8c8bc93de829416eacf579f1207a8fbf861" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "pin-project-lite" -version = "0.2.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b" - -[[package]] -name = "pin-utils" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" - -[[package]] -name = "pkg-config" -version = "0.3.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" - -[[package]] -name = "potential_utf" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b73949432f5e2a09657003c25bca5e19a0e9c84f8058ca374f49e0ebe605af77" -dependencies = [ - "zerovec", -] - -[[package]] -name = "ppv-lite86" -version = "0.2.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" -dependencies = [ - "zerocopy", -] - -[[package]] -name = "prettyplease" -version = "0.2.37" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" -dependencies = [ - "proc-macro2", - "syn", -] - -[[package]] -name = "proc-macro-error-attr2" -version = "2.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5" -dependencies = [ - "proc-macro2", - "quote", -] - -[[package]] -name = "proc-macro-error2" -version = "2.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802" -dependencies = [ - "proc-macro-error-attr2", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "proc-macro-utils" -version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eeaf08a13de400bc215877b5bdc088f241b12eb42f0a548d3390dc1c56bb7071" -dependencies = [ - "proc-macro2", - "quote", - "smallvec", -] - -[[package]] -name = "proc-macro2" -version = "1.0.106" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "proc-macro2-diagnostics" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "version_check", - "yansi", -] - -[[package]] -name = "pulldown-cmark" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e8bbe1a966bd2f362681a44f6edce3c2310ac21e4d5067a6e7ec396297a6ea0" -dependencies = [ - "bitflags", - "memchr", - "pulldown-cmark-escape", - "unicase", -] - -[[package]] -name = "pulldown-cmark-escape" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "007d8adb5ddab6f8e3f491ac63566a7d5002cc7ed73901f72057943fa71ae1ae" - -[[package]] -name = "quinn" -version = "0.11.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20" -dependencies = [ - "bytes", - "cfg_aliases", - "pin-project-lite", - "quinn-proto", - "quinn-udp", - "rustc-hash", - "rustls", - "socket2", - "thiserror 2.0.18", - "tokio", - "tracing", - "web-time", -] - -[[package]] -name = "quinn-proto" -version = "0.11.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1906b49b0c3bc04b5fe5d86a77925ae6524a19b816ae38ce1e426255f1d8a31" -dependencies = [ - "bytes", - "getrandom 0.3.4", - "lru-slab", - "rand", - "ring", - "rustc-hash", - "rustls", - "rustls-pki-types", - "slab", - "thiserror 2.0.18", - "tinyvec", - "tracing", - "web-time", -] - -[[package]] -name = "quinn-udp" -version = "0.5.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd" -dependencies = [ - "cfg_aliases", - "libc", - "once_cell", - "socket2", - "tracing", - "windows-sys 0.60.2", -] - -[[package]] -name = "quote" -version = "1.0.44" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "quote-use" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9619db1197b497a36178cfc736dc96b271fe918875fbf1344c436a7e93d0321e" -dependencies = [ - "quote", - "quote-use-macros", -] - -[[package]] -name = "quote-use-macros" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82ebfb7faafadc06a7ab141a6f67bcfb24cb8beb158c6fe933f2f035afa99f35" -dependencies = [ - "proc-macro-utils", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "r-efi" -version = "5.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" - -[[package]] -name = "rand" -version = "0.9.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" -dependencies = [ - "rand_chacha", - "rand_core", -] - -[[package]] -name = "rand_chacha" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" -dependencies = [ - "ppv-lite86", - "rand_core", -] - -[[package]] -name = "rand_core" -version = "0.9.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" -dependencies = [ - "getrandom 0.3.4", -] - -[[package]] -name = "reactive_graph" -version = "0.2.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35774620b3da884a07341e9e36612e1509b1eb0553ef3bb76f1547dd1b797417" -dependencies = [ - "any_spawner", - "async-lock", - "futures", - "guardian", - "hydration_context", - "indexmap", - "or_poisoned", - "paste", - "pin-project-lite", - "rustc-hash", - "rustc_version", - "send_wrapper", - "serde", - "slotmap", - "thiserror 2.0.18", - "web-sys", -] - -[[package]] -name = "reactive_stores" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35372f05664a62a3dd389503371a15b8feb3396f99f6ec000de651fddb030942" -dependencies = [ - "dashmap", - "guardian", - "itertools", - "or_poisoned", - "paste", - "reactive_graph", - "reactive_stores_macro", - "rustc-hash", - "send_wrapper", -] - -[[package]] -name = "reactive_stores_macro" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4fa40919eb2975100283b2a70e68eafce1e8bcf81f0622ff168e4c2b3f8d46bb" -dependencies = [ - "convert_case 0.8.0", - "proc-macro-error2", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "redox_syscall" -version = "0.5.18" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" -dependencies = [ - "bitflags", -] - -[[package]] -name = "regex" -version = "1.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276" -dependencies = [ - "aho-corasick", - "memchr", - "regex-automata", - "regex-syntax", -] - -[[package]] -name = "regex-automata" -version = "0.4.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" -dependencies = [ - "aho-corasick", - "memchr", - "regex-syntax", -] - -[[package]] -name = "regex-syntax" -version = "0.8.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a96887878f22d7bad8a3b6dc5b7440e0ada9a245242924394987b21cf2210a4c" - -[[package]] -name = "reqwest" -version = "0.12.28" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" -dependencies = [ - "base64", - "bytes", - "encoding_rs", - "futures-channel", - "futures-core", - "futures-util", - "h2", - "http", - "http-body", - "http-body-util", - "hyper", - "hyper-rustls", - "hyper-tls", - "hyper-util", - "js-sys", - "log", - "mime", - "native-tls", - "percent-encoding", - "pin-project-lite", - "quinn", - "rustls", - "rustls-pki-types", - "serde", - "serde_json", - "serde_urlencoded", - "sync_wrapper", - "tokio", - "tokio-native-tls", - "tokio-rustls", - "tower", - "tower-http", - "tower-service", - "url", - "wasm-bindgen", - "wasm-bindgen-futures", - "web-sys", - "webpki-roots", -] - -[[package]] -name = "ring" -version = "0.17.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" -dependencies = [ - "cc", - "cfg-if", - "getrandom 0.2.17", - "libc", - "untrusted", - "windows-sys 0.52.0", -] - -[[package]] -name = "rstml" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61cf4616de7499fc5164570d40ca4e1b24d231c6833a88bff0fe00725080fd56" -dependencies = [ - "derive-where", - "proc-macro2", - "proc-macro2-diagnostics", - "quote", - "syn", - "syn_derive", - "thiserror 2.0.18", -] - -[[package]] -name = "rustc-hash" -version = "2.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" - -[[package]] -name = "rustc_version" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" -dependencies = [ - "semver", -] - -[[package]] -name = "rustix" -version = "1.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "146c9e247ccc180c1f61615433868c99f3de3ae256a30a43b49f67c2d9171f34" -dependencies = [ - "bitflags", - "errno", - "libc", - "linux-raw-sys", - "windows-sys 0.61.2", -] - -[[package]] -name = "rustls" -version = "0.23.36" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b" -dependencies = [ - "once_cell", - "ring", - "rustls-pki-types", - "rustls-webpki", - "subtle", - "zeroize", -] - -[[package]] -name = "rustls-pki-types" -version = "1.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" -dependencies = [ - "web-time", - "zeroize", -] - -[[package]] -name = "rustls-webpki" -version = "0.103.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" -dependencies = [ - "ring", - "rustls-pki-types", - "untrusted", -] - -[[package]] -name = "rustversion" -version = "1.0.22" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" - -[[package]] -name = "ryu" -version = "1.0.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" - -[[package]] -name = "same-file" -version = "1.0.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" -dependencies = [ - "winapi-util", -] - -[[package]] -name = "schannel" -version = "0.1.28" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "891d81b926048e76efe18581bf793546b4c0eaf8448d72be8de2bbee5fd166e1" -dependencies = [ - "windows-sys 0.61.2", -] - -[[package]] -name = "scopeguard" -version = "1.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" - -[[package]] -name = "security-framework" -version = "3.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d17b898a6d6948c3a8ee4372c17cb384f90d2e6e912ef00895b14fd7ab54ec38" -dependencies = [ - "bitflags", - "core-foundation 0.10.1", - "core-foundation-sys", - "libc", - "security-framework-sys", -] - -[[package]] -name = "security-framework-sys" -version = "2.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "321c8673b092a9a42605034a9879d73cb79101ed5fd117bc9a597b89b4e9e61a" -dependencies = [ - "core-foundation-sys", - "libc", -] - -[[package]] -name = "semver" -version = "1.0.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2" - -[[package]] -name = "send_wrapper" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd0b0ec5f1c1ca621c432a25813d8d60c88abe6d3e08a3eb9cf37d97a0fe3d73" -dependencies = [ - "futures-core", -] - -[[package]] -name = "serde" -version = "1.0.228" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" -dependencies = [ - "serde_core", - "serde_derive", -] - -[[package]] -name = "serde_core" -version = "1.0.228" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" -dependencies = [ - "serde_derive", -] - -[[package]] -name = "serde_derive" -version = "1.0.228" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "serde_json" -version = "1.0.149" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" -dependencies = [ - "itoa", - "memchr", - "serde", - "serde_core", - "zmij", -] - -[[package]] -name = "serde_path_to_error" -version = "0.1.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457" -dependencies = [ - "itoa", - "serde", - "serde_core", -] - -[[package]] -name = "serde_qs" -version = "0.15.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3faaf9e727533a19351a43cc5a8de957372163c7d35cc48c90b75cdda13c352" -dependencies = [ - "percent-encoding", - "serde", - "thiserror 2.0.18", -] - -[[package]] -name = "serde_spanned" -version = "0.6.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf41e0cfaf7226dca15e8197172c295a782857fcb97fad1808a166870dee75a3" -dependencies = [ - "serde", -] - -[[package]] -name = "serde_spanned" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776" -dependencies = [ - "serde_core", -] - -[[package]] -name = "serde_urlencoded" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" -dependencies = [ - "form_urlencoded", - "itoa", - "ryu", - "serde", -] - -[[package]] -name = "server_fn" -version = "0.8.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdc30228718f62d80a376964baf990edbcb5e97688fdc71183a8ef3d44cb6c89" -dependencies = [ - "axum", - "base64", - "bytes", - "const-str", - "const_format", - "dashmap", - "futures", - "gloo-net", - "http", - "http-body-util", - "hyper", - "inventory", - "js-sys", - "pin-project-lite", - "rustc_version", - "rustversion", - "send_wrapper", - "serde", - "serde_json", - "serde_qs", - "server_fn_macro_default", - "thiserror 2.0.18", - "throw_error", - "tokio", - "tower", - "tower-layer", - "url", - "wasm-bindgen", - "wasm-bindgen-futures", - "wasm-streams", - "web-sys", - "xxhash-rust", -] - -[[package]] -name = "server_fn_macro" -version = "0.8.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14faf423aab09f8c3eb2d9785bb37f11a255cdf01857d3c6083eacc82269c191" -dependencies = [ - "const_format", - "convert_case 0.11.0", - "proc-macro2", - "quote", - "rustc_version", - "syn", - "xxhash-rust", -] - -[[package]] -name = "server_fn_macro_default" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "63eb08f80db903d3c42f64e60ebb3875e0305be502bdc064ec0a0eab42207f00" -dependencies = [ - "server_fn_macro", - "syn", -] - -[[package]] -name = "sha1" -version = "0.10.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest", -] - -[[package]] -name = "sha2" -version = "0.10.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest", -] - -[[package]] -name = "shlex" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" - -[[package]] -name = "slab" -version = "0.4.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" - -[[package]] -name = "slotmap" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bdd58c3c93c3d278ca835519292445cb4b0d4dc59ccfdf7ceadaab3f8aeb4038" -dependencies = [ - "version_check", -] - -[[package]] -name = "smallvec" -version = "1.15.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" - -[[package]] -name = "socket2" -version = "0.6.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86f4aa3ad99f2088c990dfa82d367e19cb29268ed67c574d10d0a4bfe71f07e0" -dependencies = [ - "libc", - "windows-sys 0.60.2", -] - -[[package]] -name = "spin" -version = "0.9.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" - -[[package]] -name = "stable_deref_trait" -version = "1.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" - -[[package]] -name = "subtle" -version = "2.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" - -[[package]] -name = "syn" -version = "2.0.116" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3df424c70518695237746f84cede799c9c58fcb37450d7b23716568cc8bc69cb" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "syn_derive" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdb066a04799e45f5d582e8fc6ec8e6d6896040d00898eb4e6a835196815b219" -dependencies = [ - "proc-macro-error2", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "sync_wrapper" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263" -dependencies = [ - "futures-core", -] - -[[package]] -name = "synstructure" -version = "0.13.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "system-configuration" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a13f3d0daba03132c0aa9767f98351b3488edc2c100cda2d2ec2b04f3d8d3c8b" -dependencies = [ - "bitflags", - "core-foundation 0.9.4", - "system-configuration-sys", -] - -[[package]] -name = "system-configuration-sys" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e1d1b10ced5ca923a1fcb8d03e96b8d3268065d724548c0211415ff6ac6bac4" -dependencies = [ - "core-foundation-sys", - "libc", -] - -[[package]] -name = "tachys" -version = "0.2.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14691ce610071757bd17bd8d572065192c9c93f9f169125390aaea345a4c56b9" -dependencies = [ - "any_spawner", - "async-trait", - "const_str_slice_concat", - "drain_filter_polyfill", - "either_of", - "erased", - "futures", - "html-escape", - "indexmap", - "itertools", - "js-sys", - "next_tuple", - "oco_ref", - "or_poisoned", - "paste", - "reactive_graph", - "reactive_stores", - "rustc-hash", - "rustc_version", - "send_wrapper", - "slotmap", - "throw_error", - "wasm-bindgen", - "web-sys", -] - -[[package]] -name = "tempfile" -version = "3.25.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0136791f7c95b1f6dd99f9cc786b91bb81c3800b639b3478e561ddb7be95e5f1" -dependencies = [ - "fastrand", - "getrandom 0.4.1", - "once_cell", - "rustix", - "windows-sys 0.61.2", -] - -[[package]] -name = "thiserror" -version = "1.0.69" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" -dependencies = [ - "thiserror-impl 1.0.69", -] - -[[package]] -name = "thiserror" -version = "2.0.18" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" -dependencies = [ - "thiserror-impl 2.0.18", -] - -[[package]] -name = "thiserror-impl" -version = "1.0.69" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "thiserror-impl" -version = "2.0.18" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "throw_error" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc0ed6038fcbc0795aca7c92963ddda636573b956679204e044492d2b13c8f64" -dependencies = [ - "pin-project-lite", -] - -[[package]] -name = "tinystr" -version = "0.8.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42d3e9c45c09de15d06dd8acf5f4e0e399e85927b7f00711024eb7ae10fa4869" -dependencies = [ - "displaydoc", - "zerovec", -] - -[[package]] -name = "tinyvec" -version = "1.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa5fdc3bce6191a1dbc8c02d5c8bffcf557bafa17c124c5264a458f1b0613fa" -dependencies = [ - "tinyvec_macros", -] - -[[package]] -name = "tinyvec_macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" - -[[package]] -name = "tlaternet-webserver" -version = "0.2.0" -dependencies = [ - "axum", - "console_error_panic_hook", - "figment", - "leptos", - "leptos_axum", - "leptos_meta", - "leptos_router", - "markdown_view_leptos", - "reqwest", - "serde", - "thiserror 2.0.18", - "tokio", - "url", - "wasm-bindgen", - "web-sys", -] - -[[package]] -name = "tokio" -version = "1.49.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72a2903cd7736441aac9df9d7688bd0ce48edccaadf181c3b90be801e81d3d86" -dependencies = [ - "bytes", - "libc", - "mio", - "pin-project-lite", - "socket2", - "tokio-macros", - "windows-sys 0.61.2", -] - -[[package]] -name = "tokio-macros" -version = "2.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "tokio-native-tls" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" -dependencies = [ - "native-tls", - "tokio", -] - -[[package]] -name = "tokio-rustls" -version = "0.26.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61" -dependencies = [ - "rustls", - "tokio", -] - -[[package]] -name = "tokio-tungstenite" -version = "0.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d25a406cddcc431a75d3d9afc6a7c0f7428d4891dd973e4d54c56b46127bf857" -dependencies = [ - "futures-util", - "log", - "tokio", - "tungstenite", -] - -[[package]] -name = "tokio-util" -version = "0.7.18" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" -dependencies = [ - "bytes", - "futures-core", - "futures-sink", - "pin-project-lite", - "tokio", -] - -[[package]] -name = "toml" -version = "0.8.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc1beb996b9d83529a9e75c17a1686767d148d70663143c7854d8b4a09ced362" -dependencies = [ - "serde", - "serde_spanned 0.6.9", - "toml_datetime 0.6.11", - "toml_edit", -] - -[[package]] -name = "toml" -version = "0.9.12+spec-1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf92845e79fc2e2def6a5d828f0801e29a2f8acc037becc5ab08595c7d5e9863" -dependencies = [ - "serde_core", - "serde_spanned 1.0.4", - "toml_datetime 0.7.5+spec-1.1.0", - "toml_parser", - "winnow", -] - -[[package]] -name = "toml_datetime" -version = "0.6.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22cddaf88f4fbc13c51aebbf5f8eceb5c7c5a9da2ac40a13519eb5b0a0e8f11c" -dependencies = [ - "serde", -] - -[[package]] -name = "toml_datetime" -version = "0.7.5+spec-1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347" -dependencies = [ - "serde_core", -] - -[[package]] -name = "toml_edit" -version = "0.22.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" -dependencies = [ - "indexmap", - "serde", - "serde_spanned 0.6.9", - "toml_datetime 0.6.11", - "toml_write", - "winnow", -] - -[[package]] -name = "toml_parser" -version = "1.0.9+spec-1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "702d4415e08923e7e1ef96cd5727c0dfed80b4d2fa25db9647fe5eb6f7c5a4c4" -dependencies = [ - "winnow", -] - -[[package]] -name = "toml_write" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801" - -[[package]] -name = "tower" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" -dependencies = [ - "futures-core", - "futures-util", - "pin-project-lite", - "sync_wrapper", - "tokio", - "tower-layer", - "tower-service", - "tracing", -] - -[[package]] -name = "tower-http" -version = "0.6.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" -dependencies = [ - "bitflags", - "bytes", - "futures-core", - "futures-util", - "http", - "http-body", - "http-body-util", - "http-range-header", - "httpdate", - "iri-string", - "mime", - "mime_guess", - "percent-encoding", - "pin-project-lite", - "tokio", - "tokio-util", - "tower", - "tower-layer", - "tower-service", - "tracing", -] - -[[package]] -name = "tower-layer" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" - -[[package]] -name = "tower-service" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" - -[[package]] -name = "tracing" -version = "0.1.44" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" -dependencies = [ - "log", - "pin-project-lite", - "tracing-core", -] - -[[package]] -name = "tracing-core" -version = "0.1.36" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" -dependencies = [ - "once_cell", -] - -[[package]] -name = "try-lock" -version = "0.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" - -[[package]] -name = "tungstenite" -version = "0.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8628dcc84e5a09eb3d8423d6cb682965dea9133204e8fb3efee74c2a0c259442" -dependencies = [ - "bytes", - "data-encoding", - "http", - "httparse", - "log", - "rand", - "sha1", - "thiserror 2.0.18", - "utf-8", -] - -[[package]] -name = "typed-builder" -version = "0.22.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "398a3a3c918c96de527dc11e6e846cd549d4508030b8a33e1da12789c856b81a" -dependencies = [ - "typed-builder-macro 0.22.0", -] - -[[package]] -name = "typed-builder" -version = "0.23.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31aa81521b70f94402501d848ccc0ecaa8f93c8eb6999eb9747e72287757ffda" -dependencies = [ - "typed-builder-macro 0.23.2", -] - -[[package]] -name = "typed-builder-macro" -version = "0.22.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e48cea23f68d1f78eb7bc092881b6bb88d3d6b5b7e6234f6f9c911da1ffb221" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "typed-builder-macro" -version = "0.23.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "076a02dc54dd46795c2e9c8282ed40bcfb1e22747e955de9389a1de28190fb26" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "typenum" -version = "1.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" - -[[package]] -name = "uncased" -version = "0.9.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1b88fcfe09e89d3866a5c11019378088af2d24c3fbd4f0543f96b479ec90697" -dependencies = [ - "version_check", -] - -[[package]] -name = "unicase" -version = "2.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbc4bc3a9f746d862c45cb89d705aa10f187bb96c76001afab07a0d35ce60142" - -[[package]] -name = "unicode-ident" -version = "1.0.24" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" - -[[package]] -name = "unicode-segmentation" -version = "1.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493" - -[[package]] -name = "unicode-xid" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" - -[[package]] -name = "untrusted" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" - -[[package]] -name = "url" -version = "2.5.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" -dependencies = [ - "form_urlencoded", - "idna", - "percent-encoding", - "serde", - "serde_derive", -] - -[[package]] -name = "utf-8" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9" - -[[package]] -name = "utf8-width" -version = "0.1.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1292c0d970b54115d14f2492fe0170adf21d68a1de108eebc51c1df4f346a091" - -[[package]] -name = "utf8_iter" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" - -[[package]] -name = "uuid" -version = "1.21.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b672338555252d43fd2240c714dc444b8c6fb0a5c5335e65a07bba7742735ddb" -dependencies = [ - "getrandom 0.4.1", - "js-sys", - "wasm-bindgen", -] - -[[package]] -name = "vcpkg" -version = "0.2.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" - -[[package]] -name = "version_check" -version = "0.9.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" - -[[package]] -name = "walkdir" -version = "2.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" -dependencies = [ - "same-file", - "winapi-util", -] - -[[package]] -name = "want" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" -dependencies = [ - "try-lock", -] - -[[package]] -name = "wasi" -version = "0.11.1+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" - -[[package]] -name = "wasip2" -version = "1.0.2+wasi-0.2.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" -dependencies = [ - "wit-bindgen", -] - -[[package]] -name = "wasip3" -version = "0.4.0+wasi-0.3.0-rc-2026-01-06" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" -dependencies = [ - "wit-bindgen", -] - -[[package]] -name = "wasm-bindgen" -version = "0.2.100" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5" -dependencies = [ - "cfg-if", - "once_cell", - "rustversion", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.100" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6" -dependencies = [ - "bumpalo", - "log", - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-futures" -version = "0.4.50" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "555d470ec0bc3bb57890405e5d4322cc9ea83cebb085523ced7be4144dac1e61" -dependencies = [ - "cfg-if", - "js-sys", - "once_cell", - "wasm-bindgen", - "web-sys", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.100" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.100" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.100" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "wasm-encoder" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" -dependencies = [ - "leb128fmt", - "wasmparser", -] - -[[package]] -name = "wasm-metadata" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" -dependencies = [ - "anyhow", - "indexmap", - "wasm-encoder", - "wasmparser", -] - -[[package]] -name = "wasm-streams" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15053d8d85c7eccdbefef60f06769760a563c7f0a9d6902a13d35c7800b0ad65" -dependencies = [ - "futures-util", - "js-sys", - "wasm-bindgen", - "wasm-bindgen-futures", - "web-sys", -] - -[[package]] -name = "wasm_split_helpers" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a114b3073258dd5de3d812cdd048cca6842342755e828a14dbf15f843f2d1b84" -dependencies = [ - "async-once-cell", - "wasm_split_macros", -] - -[[package]] -name = "wasm_split_macros" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56481f8ed1a9f9ae97ea7b08a5e2b12e8adf9a7818a6ba952b918e09c7be8bf0" -dependencies = [ - "base16", - "quote", - "sha2", - "syn", -] - -[[package]] -name = "wasmparser" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" -dependencies = [ - "bitflags", - "hashbrown 0.15.5", - "indexmap", - "semver", -] - -[[package]] -name = "web-sys" -version = "0.3.77" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33b6dd2ef9186f1f2072e409e99cd22a975331a6b3591b12c764e0e55c60d5d2" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - -[[package]] -name = "web-time" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - -[[package]] -name = "webpki-roots" -version = "1.0.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22cfaf3c063993ff62e73cb4311efde4db1efb31ab78a3e5c457939ad5cc0bed" -dependencies = [ - "rustls-pki-types", -] - -[[package]] -name = "winapi-util" -version = "0.1.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" -dependencies = [ - "windows-sys 0.61.2", -] - -[[package]] -name = "windows-link" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" - -[[package]] -name = "windows-registry" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02752bf7fbdcce7f2a27a742f798510f3e5ad88dbe84871e5168e2120c3d5720" -dependencies = [ - "windows-link", - "windows-result", - "windows-strings", -] - -[[package]] -name = "windows-result" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5" -dependencies = [ - "windows-link", -] - -[[package]] -name = "windows-strings" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091" -dependencies = [ - "windows-link", -] - -[[package]] -name = "windows-sys" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" -dependencies = [ - "windows-targets 0.52.6", -] - -[[package]] -name = "windows-sys" -version = "0.60.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb" -dependencies = [ - "windows-targets 0.53.5", -] - -[[package]] -name = "windows-sys" -version = "0.61.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" -dependencies = [ - "windows-link", -] - -[[package]] -name = "windows-targets" -version = "0.52.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" -dependencies = [ - "windows_aarch64_gnullvm 0.52.6", - "windows_aarch64_msvc 0.52.6", - "windows_i686_gnu 0.52.6", - "windows_i686_gnullvm 0.52.6", - "windows_i686_msvc 0.52.6", - "windows_x86_64_gnu 0.52.6", - "windows_x86_64_gnullvm 0.52.6", - "windows_x86_64_msvc 0.52.6", -] - -[[package]] -name = "windows-targets" -version = "0.53.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3" -dependencies = [ - "windows-link", - "windows_aarch64_gnullvm 0.53.1", - "windows_aarch64_msvc 0.53.1", - "windows_i686_gnu 0.53.1", - "windows_i686_gnullvm 0.53.1", - "windows_i686_msvc 0.53.1", - "windows_x86_64_gnu 0.53.1", - "windows_x86_64_gnullvm 0.53.1", - "windows_x86_64_msvc 0.53.1", -] - -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.52.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" - -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.53.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53" - -[[package]] -name = "windows_aarch64_msvc" -version = "0.52.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" - -[[package]] -name = "windows_aarch64_msvc" -version = "0.53.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006" - -[[package]] -name = "windows_i686_gnu" -version = "0.52.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" - -[[package]] -name = "windows_i686_gnu" -version = "0.53.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3" - -[[package]] -name = "windows_i686_gnullvm" -version = "0.52.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" - -[[package]] -name = "windows_i686_gnullvm" -version = "0.53.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c" - -[[package]] -name = "windows_i686_msvc" -version = "0.52.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" - -[[package]] -name = "windows_i686_msvc" -version = "0.53.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2" - -[[package]] -name = "windows_x86_64_gnu" -version = "0.52.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" - -[[package]] -name = "windows_x86_64_gnu" -version = "0.53.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499" - -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.52.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" - -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.53.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1" - -[[package]] -name = "windows_x86_64_msvc" -version = "0.52.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" - -[[package]] -name = "windows_x86_64_msvc" -version = "0.53.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650" - -[[package]] -name = "winnow" -version = "0.7.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a5364e9d77fcdeeaa6062ced926ee3381faa2ee02d3eb83a5c27a8825540829" -dependencies = [ - "memchr", -] - -[[package]] -name = "wit-bindgen" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" -dependencies = [ - "wit-bindgen-rust-macro", -] - -[[package]] -name = "wit-bindgen-core" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" -dependencies = [ - "anyhow", - "heck", - "wit-parser", -] - -[[package]] -name = "wit-bindgen-rust" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" -dependencies = [ - "anyhow", - "heck", - "indexmap", - "prettyplease", - "syn", - "wasm-metadata", - "wit-bindgen-core", - "wit-component", -] - -[[package]] -name = "wit-bindgen-rust-macro" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" -dependencies = [ - "anyhow", - "prettyplease", - "proc-macro2", - "quote", - "syn", - "wit-bindgen-core", - "wit-bindgen-rust", -] - -[[package]] -name = "wit-component" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" -dependencies = [ - "anyhow", - "bitflags", - "indexmap", - "log", - "serde", - "serde_derive", - "serde_json", - "wasm-encoder", - "wasm-metadata", - "wasmparser", - "wit-parser", -] - -[[package]] -name = "wit-parser" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" -dependencies = [ - "anyhow", - "id-arena", - "indexmap", - "log", - "semver", - "serde", - "serde_derive", - "serde_json", - "unicode-xid", - "wasmparser", -] - -[[package]] -name = "writeable" -version = "0.6.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9edde0db4769d2dc68579893f2306b26c6ecfbe0ef499b013d731b7b9247e0b9" - -[[package]] -name = "xxhash-rust" -version = "0.8.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdd20c5420375476fbd4394763288da7eb0cc0b8c11deed431a91562af7335d3" - -[[package]] -name = "yansi" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cfe53a6657fd280eaa890a3bc59152892ffa3e30101319d168b781ed6529b049" - -[[package]] -name = "yoke" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72d6e5c6afb84d73944e5cedb052c4680d5657337201555f9f2a16b7406d4954" -dependencies = [ - "stable_deref_trait", - "yoke-derive", - "zerofrom", -] - -[[package]] -name = "yoke-derive" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "synstructure", -] - -[[package]] -name = "zerocopy" -version = "0.8.39" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db6d35d663eadb6c932438e763b262fe1a70987f9ae936e60158176d710cae4a" -dependencies = [ - "zerocopy-derive", -] - -[[package]] -name = "zerocopy-derive" -version = "0.8.39" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4122cd3169e94605190e77839c9a40d40ed048d305bfdc146e7df40ab0f3e517" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "zerofrom" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50cc42e0333e05660c3587f3bf9d0478688e15d870fab3346451ce7f8c9fbea5" -dependencies = [ - "zerofrom-derive", -] - -[[package]] -name = "zerofrom-derive" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "synstructure", -] - -[[package]] -name = "zeroize" -version = "1.8.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" - -[[package]] -name = "zerotrie" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a59c17a5562d507e4b54960e8569ebee33bee890c70aa3fe7b97e85a9fd7851" -dependencies = [ - "displaydoc", - "yoke", - "zerofrom", -] - -[[package]] -name = "zerovec" -version = "0.11.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c28719294829477f525be0186d13efa9a3c602f7ec202ca9e353d310fb9a002" -dependencies = [ - "yoke", - "zerofrom", - "zerovec-derive", -] - -[[package]] -name = "zerovec-derive" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "zmij" -version = "1.0.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/pkgs/packages/webserver/Cargo.toml b/pkgs/packages/webserver/Cargo.toml deleted file mode 100644 index 107cf18..0000000 --- a/pkgs/packages/webserver/Cargo.toml +++ /dev/null @@ -1,68 +0,0 @@ -[package] -name = "tlaternet-webserver" -version = "0.2.0" -edition = "2024" - -[lib] -crate-type = ["cdylib", "rlib"] - -[dependencies] -axum = { version = "0.8.7", features = ["macros"], optional = true } -console_error_panic_hook = { version = "0.1.7", optional = true } -figment = { version = "0.10.19", features = ["toml", "env"] } -leptos = "0.8.3" -leptos_axum = { version = "0.8.3", optional = true } -leptos_meta = "0.8.3" -leptos_router = "0.8.3" -markdown_view_leptos = "0.1.3" -reqwest = "0.12.24" -serde = { version = "1.0.228", features = ["derive"] } -thiserror = "2.0.17" -tokio = { version = "1.48.0", features = ["rt-multi-thread"], optional = true } -url = { version = "2.5.7", features = ["serde"] } -wasm-bindgen = { version = "=0.2.100", optional = true } -web-sys = "^0.3.77" - -[features] -hydrate = [ - "leptos/hydrate", - "dep:console_error_panic_hook", - "dep:wasm-bindgen", -] -ssr = [ - "dep:axum", - "dep:tokio", - "dep:leptos_axum", - "leptos/ssr", - "leptos_meta/ssr", - "leptos_router/ssr", -] - -[profile.wasm-release] -inherits = "release" -opt-level = 'z' -lto = true -codegen-units = 1 -panic = "abort" - -[package.metadata.leptos] -output-name = "tlaternet-webserver" -site-root = "target/site" -site-pkg-dir = "pkg" -style-file = "style/main.scss" -site-addr = "127.0.0.1:3000" -reload-port = 3001 -browserquery = "defaults" -env = "DEV" -bin-features = ["ssr"] -bin-default-features = false -lib-features = ["hydrate"] -lib-default-features = false -lib-profile-release = "wasm-release" -watch-additional-files = ["config.toml"] - -# [Optional] Command to use when running end2end tests. It will run in the end2end dir. -# [Windows] for non-WSL use "npx.cmd playwright test" -# This binary name can be checked in Powershell with Get-Command npx -end2end-cmd = "npx playwright test" -end2end-dir = "end2end" diff --git a/pkgs/packages/webserver/config.toml b/pkgs/packages/webserver/config.toml deleted file mode 100644 index b346745..0000000 --- a/pkgs/packages/webserver/config.toml +++ /dev/null @@ -1,3 +0,0 @@ -# Can be specified with systemd creds instead -credentials_directory = "dev-creds" -ntfy_instance = "https://ntfy.sh" diff --git a/pkgs/packages/webserver/leptosfmt.toml b/pkgs/packages/webserver/leptosfmt.toml deleted file mode 100644 index f6350a7..0000000 --- a/pkgs/packages/webserver/leptosfmt.toml +++ /dev/null @@ -1,5 +0,0 @@ -max_width = 100 -tab_spaces = 2 -attr_value_brace_style = "WhenRequired" -macro_names = [ "leptos::view", "view" ] -closing_tag_style = "SelfClosing" diff --git a/pkgs/packages/webserver/package.nix b/pkgs/packages/webserver/package.nix deleted file mode 100644 index 9deeb2b..0000000 --- a/pkgs/packages/webserver/package.nix +++ /dev/null @@ -1,300 +0,0 @@ -{ - lib, - stdenvNoCC, - fetchFromGitHub, - fetchurl, - symlinkJoin, - makeBinaryWrapper, - - pkg-config, - openssl, - cargo-leptos, - dart-sass, - rustPlatform, - wasm-bindgen-cli_0_2_100, - binaryen, - inkscape, - - mkShell, - clangStdenv, - rust-analyzer, - rustc, - rustfmt, - leptosfmt, - cargo, - clippy, - - writers, - ast-grep, - nix-prefetch-github, -}: -let - cargoMetadata = lib.pipe ./Cargo.toml [ - builtins.readFile - builtins.fromTOML - ]; - - sass-dependencies = { - bulma = stdenvNoCC.mkDerivation (drv: { - pname = "bulma"; - version = "1.0.4"; - - src = fetchFromGitHub { - owner = "jgthms"; - repo = "bulma"; - rev = drv.version; - hash = "sha256-hlejqBI6ayzhm15IymrzhTevkl3xffMfdTasZ2CmAas="; - }; - - installPhase = '' - mkdir -p $out/node_modules/bulma/ - cp -r ./sass $out/node_modules/bulma/ - ''; - }); - - fontsource-scss = stdenvNoCC.mkDerivation { - pname = "fontsource-scss"; - version = "0.2.2"; - - src = fetchurl { - url = "https://registry.npmjs.org/@fontsource-utils/scss/-/scss-0.2.2.tgz"; - hash = "sha256-2BkCBhh01kZfMHhjHMMLDtUeesi7Uy7eMoeM1BAqX38="; - }; - - installPhase = '' - mkdir -p $out/node_modules/@fontsource-utils/scss/ - cp -r . $out/node_modules/@fontsource-utils/scss/ - ''; - }; - - fontsource-nunito = stdenvNoCC.mkDerivation { - pname = "fontsource-nunito"; - version = "5.2.7"; - - src = fetchurl { - url = "https://registry.npmjs.org/@fontsource-variable/nunito/-/nunito-5.2.7.tgz"; - hash = "sha256-xSt1sDpVL/hVYzffKTgN/t7uLI3JadDWtTfWow2jiPM="; - }; - - outputs = [ - "out" - "assets" - ]; - - installPhase = '' - mkdir -p $out/node_modules/@fontsource-variable/nunito/ - cp -r . $out/node_modules/@fontsource-variable/nunito/ - - mkdir -p $assets/@fontsource-variable/ - cp -r files/ $assets/@fontsource-variable/nunito - ''; - }; - - fontsource-arimo = stdenvNoCC.mkDerivation { - pname = "fontsource-nunito"; - version = "5.2.8"; - - src = fetchurl { - url = "https://registry.npmjs.org/@fontsource-variable/arimo/-/arimo-5.2.8.tgz"; - hash = "sha256-jD1IGqy02j4bqMRAwbCgiIz/h97WPrTSd3eZ09nptHA="; - }; - - outputs = [ - "out" - "assets" - ]; - - installPhase = '' - mkdir -p $out/node_modules/@fontsource-variable/arimo/ - cp -r . $out/node_modules/@fontsource-variable/arimo/ - - mkdir -p $assets/@fontsource-variable/ - cp -r files/ $assets/@fontsource-variable/arimo - ''; - }; - }; - - other-dependencies = { - hack-font = stdenvNoCC.mkDerivation (drv: { - pname = "hack-font"; - version = "3.003"; - - src = fetchFromGitHub { - owner = "source-foundry"; - repo = "Hack"; - rev = "v${drv.version}"; - hash = "sha256-qGDtBvKecdfsleUBfXFezllz9Op679a030Qcj/oBs1o="; - }; - - dontBuild = true; - - installPhase = '' - mkdir -p $out - cp -r build/web/fonts $out/hack-font/ - ''; - }); - }; - - icons = stdenvNoCC.mkDerivation { - pname = "tlaternet-icons"; - version = "1.0"; - - src = ./public/icon.svg; - - dontUnpack = true; - - nativeBuildInputs = [ inkscape ]; - - buildPhase = '' - inkscape -w 48 -h 48 $src --export-filename=favicon-48.png - ''; - - installPhase = '' - mkdir -p $out - cp $src $out/icon.svg - cp favicon-48.png $out/ - ''; - }; - - assets = symlinkJoin { - name = "assets-${cargoMetadata.package.name}"; - paths = [ - sass-dependencies.fontsource-arimo.assets - sass-dependencies.fontsource-nunito.assets - other-dependencies.hack-font - icons - ]; - }; - - # Hack to allow importing sass *without* resorting to using `npm` - # and dealing with the insanity that is `package.json` files. - # - # dart-sass *in theory* supports completely arbitrary logic for - # package importing via the `pkg:` url prefix, but unfortunately - # currently the only implementation of it that is available in the - # upstream binary *requires* using a `node_modules` file in the - # repository root. See here: - # https://sass-lang.com/documentation/at-rules/use/#node-js-package-importer - # - # This wouldn't be so bad if it supported an environment variable or - # command line arg to specify what the repo root should be, but it - # doesn't; so instead we use the load-path to specify a package - # import root. - # - # As a consequence, we cannot use the `pkg:` prefix, so package - # imports are indistinguishable from relative path imports. This - # isn't the end of the world, but: - # - # TODO(tlater): See if we can talk to upstream about an - # implementation better suited for use with nix, perhaps in - # dart-sass (add an env variable?) or in cargo-leptos (add a config - # option that can also be set with an env variable, and use the sass - # protocol instead of the raw exe?). - dart-sass-with-packages = - let - packages = symlinkJoin { - name = "sass-packages"; - paths = lib.attrValues sass-dependencies; - stripPrefix = "/node_modules"; - }; - in - symlinkJoin { - inherit (dart-sass) version; - pname = "dart-sass-with-packages"; - - paths = [ dart-sass ]; - nativeBuildInputs = [ makeBinaryWrapper ]; - - postBuild = '' - wrapProgram $out/bin/sass \ - --add-flag --load-path=${packages} - ''; - }; -in -rustPlatform.buildRustPackage (drv: { - inherit (cargoMetadata.package) version; - pname = cargoMetadata.package.name; - cargoLock.lockFile = drv.src + /Cargo.lock; - - src = lib.fileset.toSource { - root = ./.; - fileset = lib.fileset.fromSource (lib.sources.cleanSource ./.); - }; - - nativeBuildInputs = [ - cargo-leptos - rustc.llvmPackages.lld - dart-sass-with-packages - makeBinaryWrapper - pkg-config - wasm-bindgen-cli_0_2_100 - binaryen - ]; - - buildInputs = [ openssl ]; - - LEPTOS_ASSETS_DIR = assets.outPath; - - buildPhase = '' - runHook preBuild - - # dart-sass and wasm-pack want a home directory to put cache files - export HOME=$(mktemp -d) - cargo leptos build --release - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/bin $out/share - cp target/release/tlaternet-webserver $out/bin - cp -r target/site $out/share - wrapProgram $out/bin/tlaternet-webserver \ - --set LEPTOS_SITE_ROOT $out/share/site \ - --set LEPTOS_ASSETS_DIR ${assets.outPath} - - runHook postInstall - ''; - - meta.mainProgram = "tlaternet-webserver"; - - passthru = { - dependencies = sass-dependencies; - - devShell = mkShell.override { stdenv = clangStdenv; } { - packages = [ - pkg-config - openssl - cargo-leptos - dart-sass-with-packages - # lld is exposed as ld by the clangStdenv, adding it - # explicitly with bintools makes it work - rustc.llvmPackages.lld - - rust-analyzer - rustc - rustfmt - leptosfmt - cargo - clippy - ]; - - LEPTOS_ASSETS_DIR = assets.outPath; - }; - - updateScript = writers.writeNuBin "update-${cargoMetadata.package.name}" { - makeWrapperArgs = [ - "--prefix" - "PATH" - ":" - (lib.makeBinPath [ - ast-grep - nix-prefetch-github - cargo - ]) - ]; - } ./update.nu; - }; -}) diff --git a/pkgs/packages/webserver/public/icon.svg b/pkgs/packages/webserver/public/icon.svg deleted file mode 100644 index 84ef6b3..0000000 --- a/pkgs/packages/webserver/public/icon.svg +++ /dev/null @@ -1,78 +0,0 @@ - - - - - - image/svg+xml - - - - - - - - - - - - - - diff --git a/pkgs/packages/webserver/src/app.rs b/pkgs/packages/webserver/src/app.rs deleted file mode 100644 index 913c640..0000000 --- a/pkgs/packages/webserver/src/app.rs +++ /dev/null @@ -1,56 +0,0 @@ -use leptos::prelude::*; -use leptos_meta::{provide_meta_context, MetaTags, Stylesheet}; -use leptos_router::{ - components::{Route, Router, Routes}, - StaticSegment, -}; - -mod homepage; -mod mail; - -use crate::components::Navbar; -use homepage::HomePage; -use mail::Mail; - -pub fn shell(options: LeptosOptions) -> impl IntoView { - view! { - - - - - - - - - - - - - - - - - - } -} - -#[component] -pub fn App() -> impl IntoView { - provide_meta_context(); - - view! { - - - - - // content for this welcome page - -
- - - - -
- - } -} diff --git a/pkgs/packages/webserver/src/app/homepage.rs b/pkgs/packages/webserver/src/app/homepage.rs deleted file mode 100644 index d12ec59..0000000 --- a/pkgs/packages/webserver/src/app/homepage.rs +++ /dev/null @@ -1,70 +0,0 @@ -use leptos::prelude::*; -use leptos_meta::{Meta, Title}; -use markdown_view_leptos::markdown_view; - -#[component] -pub fn HomePage() -> impl IntoView { - view! { - - - - <section class="section"> - <div class="container"> - <h1 class="title has-text-weight-normal is-family-monospace"> - "$ "<span id="typed-welcome" /> - </h1> - - <hr /> - - <div class="columns"> - <div class="column content"> - {markdown_view!( - r#" -### About Me - -Looks like you found my website. I suppose introductions are in order. - -My name's Tristan, I'm an avid Dutch-South African software -engineer. You probably either met me at an open source conference, a -hackathon, a badminton session or at a roleplaying table. -"# - )} - </div> - <div class="column content"> - {markdown_view!( - r#"### My Work - -I'm interested in a variety of things in the open source -world. Perhaps thanks to my pursuit of the perfect Linux desktop, this -has revolved a lot around reproducible build and deployment systems -for the last few years, initially starting with -[BuildStream](https://buildstream.build/) back in ~2017. I gave a -couple of talks on it at build meetups in the UK in subsequent years, -though sadly most evidence of that appears to have disappeared. - -Since then this has culminated in a strong fondness for -[NixOS](https://nixos.org/) and Nix, as its active community makes -private use cases much more feasible. As such, I have a vested -interest in making this community as large as possible - I post a lot -on the NixOS [discourse](https://discourse.nixos.org/) trying to help -newcomers out where I can. - -I also just enjoy Programming, my core languages for personal work are -currently probably Rust and Python, although I have a very varied -background. This is in part due to my former work as a consultant, -which required new languages every few months. I have experience from -JavaScript over Elm to Kotlin, but eventually I hope I might only need -to write Rust ;) - -If you're interested in seeing these things for yourself, visit my -[Gitlab](https://gitlab.com/tlater) and -[GitHub](https://github.com/tlater) pages. -"# - )} - - </div> - </div> - </div> - </section> - } -} diff --git a/pkgs/packages/webserver/src/app/mail.rs b/pkgs/packages/webserver/src/app/mail.rs deleted file mode 100644 index b2b3159..0000000 --- a/pkgs/packages/webserver/src/app/mail.rs +++ /dev/null @@ -1,217 +0,0 @@ -use leptos::{html::Form, logging}; -use leptos_meta::{Meta, Title}; -use leptos::{prelude::*, server_fn::codec::JsonEncoding}; -use markdown_view_leptos::markdown_view; -use serde::{Deserialize, Serialize}; -use thiserror::Error; - -#[server] -async fn submit_mail(mail: String, subject: String, message: String) -> Result<String, MailError> { - use crate::AppState; - const NTFY_TOPIC_CREDENTIAL_NAME: &str = "ntfy-topic"; - - let mail = format!("From: {}\nSubject: {}\n{}", mail, subject, message); - logging::log!("{}", mail); - - let state = use_context::<AppState>().unwrap(); - let ntfy_topic = std::fs::read_to_string( - state - .config - .credentials_directory - .join(NTFY_TOPIC_CREDENTIAL_NAME), - )?; - let ntfy_url = state.config.ntfy_instance.join(ntfy_topic.trim())?; - - state - .http_client - .post(ntfy_url) - .body(mail) - .send() - .await - .map_err(|err| err.without_url())? - .error_for_status() - .map_err(|err| err.without_url())?; - - leptos_axum::redirect("/mail"); - Ok("Mail successfully sent!".to_owned()) -} - -#[component] -fn MailForm() -> impl IntoView { - let form: NodeRef<Form> = NodeRef::new(); - let submit_mail = ServerAction::<SubmitMail>::new(); - let pending = submit_mail.pending(); - let flash_message = submit_mail.value(); - - Effect::new(move || - if flash_message.get().is_some_and(|m| m.is_ok()) { - if let Some(form) = form.get() { - form.reset(); - } else { - logging::warn!("Failed to reset form"); - } - } - ); - - view! { - <Show when=move || { flash_message.get().is_some() }> - <div - class="notification is-light" - class=("is-success", move || flash_message.get().is_some_and(|m| m.is_ok())) - class=("is-danger", move || flash_message.get().is_some_and(|m| m.is_err())) - > - <button - class="delete" - aria-label="Close" - on:click=move |_| { - *flash_message.write() = None; - } - /> - <span role="alert"> - {move || match flash_message.get() { - None => "".to_owned(), - Some(Ok(message)) => message, - Some(Err(error)) => format!("{}", error), - }} - </span> - </div> - </Show> - - <ActionForm node_ref=form action=submit_mail> - <fieldset disabled=move || pending.get()> - <div class="field"> - <label class="label" for="mail"> - Email address - </label> - <div class="control"> - <input - id="mail" - class="input" - type="email" - placeholder="Your address" - name="mail" - required - /> - </div> - </div> - - <div class="field"> - <label class="label" for="subject"> - Subject - </label> - <div class="control"> - <input - id="subject" - class="input" - type="text" - placeholder="E.g. There's a typo on your home page!" - name="subject" - autocomplete="off" - required - /> - </div> - </div> - - <div class="field"> - <label class="label" for="message"> - Message - </label> - <textarea - id="message" - class="textarea" - type="text" - rows="6" - name="message" - autocomplete="off" - required - /> - </div> - - <div class="control"> - <div class="field"> - <button - type="submit" - class="button is-link" - class=("is-loading", move || pending.get()) - > - Send - </button> - </div> - </div> - </fieldset> - </ActionForm> - } -} - -#[component] -pub fn Mail() -> impl IntoView { - view! { - <Meta name="description" content="tlater.net mail submission" /> - <Title text="Mail submission" /> - - <section class="section"> - <div class="container"> - <h1 class="title has-text-weight-normal">Contact Me</h1> - - <div class="columns"> - <div class="column"> - <MailForm /> - </div> - - <div class="column content"> - {markdown_view!( - r#" -Any messages you enter here are directly forwarded to me. I aim to -respond within a day. - -Don't be upset about the form, I want to avoid the spam publishing -your email address brings with it... And minimize the amount of mail -that doesn't reach me, this form is an exception in all my spam -filters, you see ;) -"# - )} - </div> - </div> - </div> - </section> - } -} - -#[derive(Error, Debug, Clone, Serialize, Deserialize)] -pub enum MailError { - #[error("This form appears to currently be broken :(")] - Permanent, - #[error("Mail service appears to be down; please try again later")] - Temporary, - #[error("Server error: {0}")] - ServerFnError(ServerFnErrorErr), -} - -impl From<url::ParseError> for MailError { - fn from(error: url::ParseError) -> Self { - logging::error!("Invalid ntfy URL: {error}"); - Self::Permanent - } -} - -impl From<std::io::Error> for MailError { - fn from(error: std::io::Error) -> Self { - logging::error!("Couldn't read ntfy topic secret: {error}"); - Self::Permanent - } -} - -impl From<reqwest::Error> for MailError { - fn from(error: reqwest::Error) -> Self { - logging::error!("Failed to connect to ntfy: {error}"); - Self::Temporary - } -} - -impl FromServerFnError for MailError { - type Encoder = JsonEncoding; - - fn from_server_fn_error(value: ServerFnErrorErr) -> Self { - Self::ServerFnError(value) - } -} diff --git a/pkgs/packages/webserver/src/components.rs b/pkgs/packages/webserver/src/components.rs deleted file mode 100644 index 23457ab..0000000 --- a/pkgs/packages/webserver/src/components.rs +++ /dev/null @@ -1,45 +0,0 @@ -use leptos::prelude::*; - -#[component] -pub fn Navbar() -> impl IntoView { - let (active, set_active) = signal(false); - - view! { - <nav class="navbar" role="navigation" aria-label="main navigation"> - <div class="navbar-brand"> - <a class="navbar-item has-text-primary is-uppercase" href="/"> - tlater - </a> - - <a - role="button" - on:click=move |_| { set_active.update(|active: &mut bool| *active = !*active) } - class="navbar-burger" - class=("is-active", move || active.get()) - aria-label="menu" - aria-controls="main-navigation" - aria-expanded=move || if active.get() { "true" } else { "false" } - > - <span aria-hidden="true" /> - <span aria-hidden="true" /> - <span aria-hidden="true" /> - <span aria-hidden="true" /> - </a> - </div> - - <div id="main-navigation" class="navbar-menu" class=("is-active", move || active.get())> - <div class="navbar-start"> - <a class="navbar-item" href="/mail"> - "E-Mail" - </a> - <a class="navbar-item" href="https://www.gitlab.com/tlater"> - GitLab - </a> - <a class="navbar-item" href="https://www.github.com/TLATER"> - GitHub - </a> - </div> - </div> - </nav> - } -} diff --git a/pkgs/packages/webserver/src/lib.rs b/pkgs/packages/webserver/src/lib.rs deleted file mode 100644 index 5ae288d..0000000 --- a/pkgs/packages/webserver/src/lib.rs +++ /dev/null @@ -1,73 +0,0 @@ -pub mod app; -mod components; - -#[cfg(feature = "hydrate")] -#[wasm_bindgen::prelude::wasm_bindgen] -pub fn hydrate() { - use crate::app::*; - console_error_panic_hook::set_once(); - leptos::mount::hydrate_body(App); -} - -#[cfg(feature = "ssr")] -pub use appstate::{AppState, Config}; - -#[cfg(feature = "ssr")] -mod appstate { - use axum::extract::FromRef; - use figment::{providers::Format, Figment}; - use leptos::config::LeptosOptions; - use reqwest::Client; - use serde::Deserialize; - use std::path::PathBuf; - use url::Url; - - #[derive(Deserialize, Debug, Clone)] - pub struct Config { - pub credentials_directory: PathBuf, - pub ntfy_instance: Url, - } - - impl Config { - pub fn parse() -> Self { - let config_path = std::env::var_os("TLATERNET_CONFIG") - .map(PathBuf::from) - .or_else(|| { - std::env::current_dir() - .map(|dir| dir.join("config.toml")) - .ok() - }); - - let config: Result<Config, figment::Error> = if let Some(config_path) = config_path { - Figment::new().merge(figment::providers::Toml::file(config_path)) - } else { - Figment::new() - } - .merge(figment::providers::Env::raw().only(&["CREDENTIALS_DIRECTORY"])) - .merge(figment::providers::Env::prefixed("TLATERNET_")) - .extract(); - - match config { - Ok(config) => { - if !config.credentials_directory.join("ntfy-topic").exists() { - leptos::logging::error!("Failed to find ntfy-topic credential"); - std::process::exit(1); - } - - config - } - Err(error) => { - leptos::logging::error!("Failed to parse configuration: {:?}", error); - std::process::exit(1); - } - } - } - } - - #[derive(FromRef, Debug, Clone)] - pub struct AppState { - pub config: Config, - pub http_client: Client, - pub leptos_options: LeptosOptions, - } -} diff --git a/pkgs/packages/webserver/src/main.rs b/pkgs/packages/webserver/src/main.rs deleted file mode 100644 index a5aac95..0000000 --- a/pkgs/packages/webserver/src/main.rs +++ /dev/null @@ -1,54 +0,0 @@ -#[cfg(feature = "ssr")] -#[tokio::main] -async fn main() { - use axum::Router; - use leptos::logging::log; - use leptos::prelude::*; - use leptos_axum::{LeptosRoutes, generate_route_list}; - use tlaternet_webserver::app::*; - use tlaternet_webserver::{AppState, Config}; - - let config = Config::parse(); - - let (addr, leptos_options) = { - let conf = get_configuration(None).unwrap(); - let addr = conf.leptos_options.site_addr; - let leptos_options = conf.leptos_options; - (addr, leptos_options) - }; - - // Generate the list of routes in your Leptos App - let routes = generate_route_list(App); - let http_client = reqwest::Client::new(); - - let state = AppState { - config, - http_client, - leptos_options, - }; - - let app = Router::new() - .leptos_routes(&state, routes, { - let leptos_options = state.leptos_options.clone(); - move || shell(leptos_options.clone()) - }) - .fallback::<_, (_, _, axum::extract::State<AppState>, _)>( - leptos_axum::file_and_error_handler(shell), - ) - .with_state(state); - - // run our app with hyper - // `axum::Server` is a re-export of `hyper::Server` - log!("listening on http://{}", &addr); - let listener = tokio::net::TcpListener::bind(&addr).await.unwrap(); - axum::serve(listener, app.into_make_service()) - .await - .unwrap(); -} - -#[cfg(not(feature = "ssr"))] -pub fn main() { - // no client-side main function - // unless we want this to work with e.g., Trunk for pure client-side testing - // see lib.rs for hydration function instead -} diff --git a/pkgs/packages/webserver/style/custom-bulma.scss b/pkgs/packages/webserver/style/custom-bulma.scss deleted file mode 100644 index 0f15681..0000000 --- a/pkgs/packages/webserver/style/custom-bulma.scss +++ /dev/null @@ -1,57 +0,0 @@ -@use "bulma/sass/utilities/initial-variables" as iv with ( - $black: #0f0f0f, - $grey-darker: #11151c, - $grey-light: #dddddd, - $white: #ffffff, - - $orange: #d26937, - $yellow: #b58900, - $green: #2aa889, - $cyan: #99d1ce, - $blue: #195466, - $red: #dc322f, -); - -iv.$family-sans-serif: "Nunito", iv.$family-sans-serif; -iv.$family-monospace: "Hack", iv.$family-monospace; - -@forward "bulma/sass/utilities/functions"; -@use "bulma/sass/utilities/derived-variables" with ( - $link: iv.$cyan, - $primary: iv.$cyan, -); -@forward "bulma/sass/utilities/controls"; - -@forward "bulma/sass/form"; - -@forward "bulma/sass/base" with ( - $body-background-color: iv.$black, - $body-color: iv.$grey-light, - - $hr-background-color: iv.$grey-light, - $hr-height: 1px, -); -@forward "bulma/sass/themes"; - -@forward "bulma/sass/elements/button"; -@use "bulma/sass/elements/content" with ( - $content-heading-weight: iv.$weight-semibold, -); -@use "bulma/sass/elements/notification"; -@use "bulma/sass/elements/delete"; - -@use "bulma/sass/elements/title" with ( - $title-color: iv.$cyan, -); - -@forward "bulma/sass/grid/columns"; - -@forward "bulma/sass/helpers/typography"; -@forward "bulma/sass/helpers/color"; - -@forward "bulma/sass/layout/container"; -@forward "bulma/sass/layout/section"; - -@forward "bulma/sass/components/navbar" with ( - $navbar-burger-color: iv.$grey-light, -); diff --git a/pkgs/packages/webserver/style/fonts.scss b/pkgs/packages/webserver/style/fonts.scss deleted file mode 100644 index 5071ee0..0000000 --- a/pkgs/packages/webserver/style/fonts.scss +++ /dev/null @@ -1,48 +0,0 @@ -@use "@fontsource-utils/scss/src/mixins" as fontsource with ( - $display: auto -); -@use "@fontsource-variable/arimo/scss/metadata.scss" as arimo; -@use "@fontsource-variable/nunito/scss/metadata.scss" as nunito; - -@include fontsource.faces( - $metadata: nunito.$metadata, - $weights: ( - 300, - 400, - 500, - 600, - 700, - ), - $subsets: latin, - $styles: ( - normal, - italic, - ), - $family: "Nunito", - $directory: "/@fontsource-variable/nunito" -); - -@include fontsource.faces( - $metadata: arimo.$metadata, - $weights: 400, - $subsets: latin, - $styles: normal, - $family: "Arimo", - $directory: "/@fontsource-variable/arimo" -); - -// Hack *does* come with its own CSS, but it's broken and hasn't seen -// a release since https://github.com/source-foundry/Hack/issues/467 -// was resolved. - -$variants: regular normal 400, bold normal 700, italic italic 400, bolditalic italic 700; - -@each $name, $style, $weights in $variants { - @font-face { - font-family: "Hack"; - font-style: $style; - font-display: auto; - font-weight: $weights; - src: url("/hack-font/hack-#{$name}-subset.woff2") format("woff2-variations"); - } -} diff --git a/pkgs/packages/webserver/style/main.scss b/pkgs/packages/webserver/style/main.scss deleted file mode 100644 index 2c06900..0000000 --- a/pkgs/packages/webserver/style/main.scss +++ /dev/null @@ -1,7 +0,0 @@ -@use "fonts"; -@use "custom-bulma"; -@use "typed"; - -#typed-welcome { - @include typed.typed-text(typed-welcome, "Welcome to tlater.net!", 1.2s); -} diff --git a/pkgs/packages/webserver/style/typed.scss b/pkgs/packages/webserver/style/typed.scss deleted file mode 100644 index 3be437f..0000000 --- a/pkgs/packages/webserver/style/typed.scss +++ /dev/null @@ -1,149 +0,0 @@ -@use "sass:math"; -@use "sass:list"; - -@mixin test { - margin: 0; -} - -@mixin typed-text($id, $text, $duration) { - &::before { - @include typed($id, $text, $duration); - } - - &::after { - @include cursor($id, 6s); - } -} - -/// Animate a blinking cursor. -@mixin cursor($id, $duration) { - $name: cursor-#{$id}; - // The number of times we need to blink is = the number of full - // seconds (500ms * 2) that fit in the total duration, rounded up, - // and doubled. - $iterations: math.ceil(math.div($duration, 1s)) * 2; - - animation: $name ease-in-out 500ms $iterations alternate; - content: " "; - - @keyframes #{$name} { - from { - content: " "; - } - - to { - content: "█"; - } - } -} - -/// Animate a piece of text as if it was being typed by a human. -@mixin typed($id, $text, $duration) { - word-break: break-all; - - // We don't want a linearly typed set of text, which makes this - // significantly more complex. - // - // CSS animations normally do not permit per-frame changes in - // duration (since the total animation time is fixed). This means we - // need to create multiple animations, and delay them so that they - // happen in the time sequence we want. - // - // We generate the raw values with _generate-animations, and then - // split up the result into the animation API. - $frames: str-length($text); - $animations: _generate-animations($id, $frames, 1.2s); - - animation-name: _unzip($animations, 1); - animation-delay: _unzip($animations, 3); - animation-fill-mode: forwards; - content: ""; - - // We need to type each character in separate animations, see above - // comment. - @each $name, $character in $animations { - @keyframes #{$name} { - from { - content: str-slice($text, 0, $character); - } - - to { - content: str-slice($text, 0, $character + 1); - } - } - } -} - -/// Unzip a nested set of lists, taking the nth value of each sublist. -@function _unzip($lists, $i) { - $out: (); - $sep: comma; - @each $sublist in $lists { - $out: list.append($out, list.nth($sublist, $i), $sep); - } - @return $out; -} - -/// Compute the sum of all numbers in a list. -@function _sum($list) { - $out: 0; - @each $val in $list { - $out: $out + $val; - } - @return $out; -} - -/// Produce a list from a shorter list by repeating it up until size -/// $length. -@function _round-robin($base, $length) { - $out: (); - $sep: list.separator($out); - @for $i from 0 through $length { - $out: list.append($out, list.nth($base, $i % list.length($base) + 1)); - } - @return $out; -} - -/// Generate the actual animation values. -/// -/// This generates a nested list as: -/// -/// (keyframe-name, index, start time) -/// -/// The duration of each frame is taken from the internal $delays in a -/// round robin fashion, to give some amount of human-like variance to -/// the duration of each frame. -/// -/// Start time is set to the time at which the frame should start to -/// achieve the desired frame-by-frame duration. -@function _generate-animations($id, $number, $total_duration) { - $out: (); - $sep: list.separator($out); - - // A set of "human-like" delays for each typed character. In - // practice, my typing seems to be about 20-70ms, but it looks a bit - // nicer to increase all typing by 20ms to make the effect more - // noticeable. - // - // Numbers generated once with a random number generator, rather - // than using `math.random()`, since they end up in CSS verbatim, - // and the build would be non-reproducible if we didn't do it this - // way. Using `math.random() wouldn't change this dynamically each - // time the page loads anyway, so we don't really lose anything by - // pre-generating these numbers. - $delays: 69ms, 83ms, 49ms, 48ms, 52ms, 59ms, 40ms, 71ms, 80ms, 67ms; - - @for $animation from 0 through $number { - $out: list.append( - $out, - ( - type-#{$id}-#{$animation}, - $animation, - _sum(_round_robin($delays, $animation)) - ), - $sep - ); - } - - @return $out; -} diff --git a/pkgs/packages/webserver/update.nu b/pkgs/packages/webserver/update.nu deleted file mode 100644 index 3e6e6b7..0000000 --- a/pkgs/packages/webserver/update.nu +++ /dev/null @@ -1,88 +0,0 @@ -const self = "pkgs/packages/webserver/package.nix" -let tmpdir = mktemp -d webserver-update.XXXXXXXXXX - -let dependencies = { - fontsource-scss: (prefetch-npm @fontsource-utils/scss) - fontsource-arimo: (prefetch-npm @fontsource-variable/arimo) - fontsource-nunito: (prefetch-npm @fontsource-variable/nunito) - - bulma: (prefetch-github jgthms bulma) - hack-font: (prefetch-github source-foundry Hack) -} - -cd (git rev-parse --show-toplevel) - -$dependencies | items {|name, metadata| $metadata | update-dependency $name } - -rm -r $tmpdir - -cd (dirname $self) -cargo update - -def prefetch-npm [package: string] { - let metadata = http get $'https://registry.npmjs.org/($package)' - let version = $metadata.dist-tags.latest - let url = ($metadata.versions | get $version).dist.tarball - let tarball = ($tmpdir | path join "package.tgz") - - http get $url | save -f $tarball - - let hash = nix hash file $tarball - - { - url: $url - version: $version - hash: $hash - } -} - -def prefetch-github [owner: string, repo: string] { - let metadata = http get $'https://api.github.com/repos/($owner)/($repo)/releases/latest' - let prefetch = nix-prefetch-github --rev $metadata.tag_name --json $owner $repo | from json - $prefetch | select hash | insert version ($metadata.name | str trim --left --char v) -} - -def update-dependency [dependency_name: string] { - const replace_attribute_template = " - id: update-attribute - language: nix - utils: - is-attribute: - kind: string_fragment - inside: - kind: binding - stopBy: end - has: - field: attrpath - regex: '{attribute}' - - rule: - matches: is-attribute - not: - regex: '{replacement}' - inside: - kind: binding - stopBy: end - has: - field: attrpath - regex: '{dependency_name}' - - fix: '{replacement}'" - - let template_data = ( - $in | if ($in has url) { - [{attribute: url replacement: $in.url}] - } else { [] } - ) ++ [ - {attribute: version replacement: $in.version} - {attribute: hash replacement: $in.hash} - ]; - - let ast_grep_rule = ( - $template_data - | each { $in | insert dependency_name $dependency_name | format pattern $replace_attribute_template } - | str join "\n---\n" - ) - - ast-grep scan --update-all --inline-rules $ast_grep_rule $self -} diff --git a/pkgs/update.nu b/pkgs/update.nu index 7ae7d26..0ed1bc1 100644 --- a/pkgs/update.nu +++ b/pkgs/update.nu @@ -5,7 +5,7 @@ let packages_with_updatescript = ( | from json | $in.packages.x86_64-linux | columns - | where {|p| nix eval $'.#($p)' --apply 'builtins.hasAttr "updateScript"' | $in == 'true' } + | filter {|p| nix eval $'.#($p)' --apply 'builtins.hasAttr "updateScript"' | $in == 'true' } ) for $package in $packages_with_updatescript {