From 823caecc59d5eadf8cd8eee12895a292174684b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Sat, 29 Nov 2025 23:32:50 +0800 Subject: [PATCH 1/7] feat(vm): Fix shutdown --- configuration/hardware-specific/vm.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configuration/hardware-specific/vm.nix b/configuration/hardware-specific/vm.nix index aa360aa..7696439 100644 --- a/configuration/hardware-specific/vm.nix +++ b/configuration/hardware-specific/vm.nix @@ -7,6 +7,8 @@ networking.hostName = "testvm"; + systemd.services.matrix-hookshot.enable = lib.mkForce false; + services = { # Sets the base domain for nginx to a local domain so that we can # easily test locally with the VM. From 17ff62f0b9e9429710eabd19ab9a5a12ee4f19ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Sat, 29 Nov 2025 23:42:26 +0800 Subject: [PATCH 2/7] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/af087d076d3860760b3323f6b583f4d828c1ac17' (2025-11-04) → 'github:nix-community/disko/2055a08fd0e2fd41318279a5355eb8a161accf26' (2025-11-28) • Updated input 'nixpkgs': 'https://releases.nixos.org/nixos/25.05/nixos-25.05.813095.1c8ba8d3f763/nixexprs.tar.xz?lastModified=1763948260&narHash=sha256-zZk7fn2ARAqmLwaYTpxBJmj81KIdz11NiWt7ydHHD/M%3D&rev=1c8ba8d3f7634acac4a2094eef7c32ad9106532c' (2025-11-24) → 'https://releases.nixos.org/nixos/25.05/nixos-25.05.813221.9a7b80b6f82a/nixexprs.tar.xz?lastModified=1764316264&narHash=sha256-UcoE0ISg9Nnzx/2n7VvQl3fRsLg%2BDcVa/ZGf/DZNHbs%3D&rev=9a7b80b6f82a71ea04270d7ba11b48855681c4b0' (2025-11-28) • Updated input 'nixpkgs-unstable': 'https://releases.nixos.org/nixos/unstable/nixos-25.11pre900642.050e09e09111/nixexprs.tar.xz?lastModified=1763835633&narHash=sha256-nzRnw0UkYQpDm0o20AKvG/5oHCXy5qEGOsFAVhB5NmA%3D&rev=050e09e091117c3d7328c7b2b7b577492c43c134' (2025-11-22) → 'https://releases.nixos.org/nixos/unstable/nixos-26.05pre903292.2fad6eac6077/nixexprs.tar.xz?lastModified=1764242076&narHash=sha256-6/1EG2fiKvLoUJ8FD7ymRx87e4zcfJTzAdUYgo4CDLA%3D&rev=2fad6eac6077f03fe109c4d4eb171cf96791faa4' (2025-11-27) • Updated input 'sops-nix': 'github:Mic92/sops-nix/877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b' (2025-11-20) → 'github:Mic92/sops-nix/c482a1c1bbe030be6688ed7dc84f7213f304f1ec' (2025-11-24) --- flake.lock | 30 +++++++++++++++--------------- flake.nix | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 3c65247..3773e8f 100644 --- a/flake.lock +++ b/flake.lock @@ -123,11 +123,11 @@ ] }, "locked": { - "lastModified": 1762276996, - "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", + "lastModified": 1764350888, + "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=", "owner": "nix-community", "repo": "disko", - "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", + "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26", "type": "github" }, "original": { @@ -255,24 +255,24 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763509821, - "narHash": "sha256-ibZr0ONEUA1W2WAdTzgm9/6jBE+tM20j1YW2FK4RZ/k=", - "rev": "659aa6fa27619d04de231b4cc0c938905dfa01e9", + "lastModified": 1764316264, + "narHash": "sha256-UcoE0ISg9Nnzx/2n7VvQl3fRsLg+DcVa/ZGf/DZNHbs=", + "rev": "9a7b80b6f82a71ea04270d7ba11b48855681c4b0", "type": "tarball", - "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.812929.659aa6fa2761/nixexprs.tar.xz?lastModified=1763509821&rev=659aa6fa27619d04de231b4cc0c938905dfa01e9" + "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.813221.9a7b80b6f82a/nixexprs.tar.xz?lastModified=1764316264&rev=9a7b80b6f82a71ea04270d7ba11b48855681c4b0" }, "original": { "type": "tarball", - "url": "https://channels.nixos.org/nixos-25.05-small/nixexprs.tar.xz" + "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1763835633, - "narHash": "sha256-nzRnw0UkYQpDm0o20AKvG/5oHCXy5qEGOsFAVhB5NmA=", - "rev": "050e09e091117c3d7328c7b2b7b577492c43c134", + "lastModified": 1764242076, + "narHash": "sha256-6/1EG2fiKvLoUJ8FD7ymRx87e4zcfJTzAdUYgo4CDLA=", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "tarball", - "url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre900642.050e09e09111/nixexprs.tar.xz?lastModified=1763835633&rev=050e09e091117c3d7328c7b2b7b577492c43c134" + "url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre903292.2fad6eac6077/nixexprs.tar.xz?lastModified=1764242076&rev=2fad6eac6077f03fe109c4d4eb171cf96791faa4" }, "original": { "type": "tarball", @@ -358,11 +358,11 @@ ] }, "locked": { - "lastModified": 1763607916, - "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", + "lastModified": 1764021963, + "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", + "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 951eef5..1913900 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "tlater.net host configuration"; inputs = { - nixpkgs.url = "https://channels.nixos.org/nixos-25.05-small/nixexprs.tar.xz"; + nixpkgs.url = "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz"; nixpkgs-unstable.url = "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"; ## Nix/OS utilities From d482b7ab3ad48b685cedd3e13aa6bfacc5448251 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Sat, 29 Nov 2025 23:30:23 +0800 Subject: [PATCH 3/7] WIP: feat(webserver): Reimplement music player --- pkgs/packages/webserver/Cargo.lock | 282 ++++++++++++++++++ pkgs/packages/webserver/Cargo.toml | 3 +- pkgs/packages/webserver/src/app.rs | 3 + .../webserver/src/app/music_sample.rs | 75 +++++ .../src/app/music_sample/ssr_safe.rs | 121 ++++++++ .../webserver/style/custom-bulma.scss | 7 +- 6 files changed, 485 insertions(+), 6 deletions(-) create mode 100644 pkgs/packages/webserver/src/app/music_sample.rs create mode 100644 pkgs/packages/webserver/src/app/music_sample/ssr_safe.rs diff --git a/pkgs/packages/webserver/Cargo.lock b/pkgs/packages/webserver/Cargo.lock index a6db6ec..ce1dfea 100644 --- a/pkgs/packages/webserver/Cargo.lock +++ b/pkgs/packages/webserver/Cargo.lock @@ -11,6 +11,15 @@ dependencies = [ "memchr", ] +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + [[package]] name = "any_spawner" version = "0.3.0" @@ -96,6 +105,12 @@ dependencies = [ "syn", ] +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + [[package]] name = "axum" version = "0.8.7" @@ -231,6 +246,19 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" +[[package]] +name = "chrono" +version = "0.4.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "145052bdd345b87320e369255277e3fb5152762ad123a901ef5c262dd38fe8d2" +dependencies = [ + "iana-time-zone", + "js-sys", + "num-traits", + "wasm-bindgen", + "windows-link", +] + [[package]] name = "codee" version = "0.3.4" @@ -330,6 +358,17 @@ dependencies = [ "unicode-segmentation", ] +[[package]] +name = "cookie" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747" +dependencies = [ + "percent-encoding", + "time", + "version_check", +] + [[package]] name = "core-foundation" version = "0.9.4" @@ -371,6 +410,41 @@ dependencies = [ "typenum", ] +[[package]] +name = "darling" +version = "0.20.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee" +dependencies = [ + "darling_core", + "darling_macro", +] + +[[package]] +name = "darling_core" +version = "0.20.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e" +dependencies = [ + "fnv", + "ident_case", + "proc-macro2", + "quote", + "strsim", + "syn", +] + +[[package]] +name = "darling_macro" +version = "0.20.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead" +dependencies = [ + "darling_core", + "quote", + "syn", +] + [[package]] name = "dashmap" version = "6.1.0" @@ -391,6 +465,27 @@ version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476" +[[package]] +name = "default-struct-builder" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e0df63c21a4383f94bd5388564829423f35c316aed85dc4f8427aded372c7c0d" +dependencies = [ + "darling", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "deranged" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ececcb659e7ba858fb4f10388c250a7252eb0a27373f1a72b8748afdd248e587" +dependencies = [ + "powerfmt", +] + [[package]] name = "derive-where" version = "1.6.0" @@ -701,6 +796,18 @@ dependencies = [ "web-sys", ] +[[package]] +name = "gloo-timers" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbb143cf96099802033e0d4f4963b19fd2e0b728bcf076cd9cf7f6634f092994" +dependencies = [ + "futures-channel", + "futures-core", + "js-sys", + "wasm-bindgen", +] + [[package]] name = "gloo-utils" version = "0.2.0" @@ -916,6 +1023,30 @@ dependencies = [ "windows-registry", ] +[[package]] +name = "iana-time-zone" +version = "0.1.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "33e57f83510bb73707521ebaffa789ec8caf86f9657cad665b092b581d40e9fb" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "iana-time-zone-haiku", + "js-sys", + "log", + "wasm-bindgen", + "windows-core", +] + +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" +dependencies = [ + "cc", +] + [[package]] name = "icu_collections" version = "2.1.1" @@ -997,6 +1128,12 @@ dependencies = [ "zerovec", ] +[[package]] +name = "ident_case" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" + [[package]] name = "idna" version = "1.1.0" @@ -1090,6 +1227,12 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" + [[package]] name = "leptos" version = "0.8.3" @@ -1129,6 +1272,31 @@ dependencies = [ "web-sys", ] +[[package]] +name = "leptos-use" +version = "0.16.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce2162c453100c7d6bc0b6f188ef1df582e35c2458caf6cb69fcddc87619c0db" +dependencies = [ + "cfg-if", + "chrono", + "codee", + "cookie", + "default-struct-builder", + "futures-util", + "gloo-timers", + "js-sys", + "lazy_static", + "leptos", + "paste", + "send_wrapper", + "thiserror 2.0.17", + "unic-langid", + "wasm-bindgen", + "wasm-bindgen-futures", + "web-sys", +] + [[package]] name = "leptos_axum" version = "0.8.3" @@ -1469,6 +1637,21 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "60993920e071b0c9b66f14e2b32740a4e27ffc82854dcd72035887f336a09a28" +[[package]] +name = "num-conv" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + [[package]] name = "num_cpus" version = "1.17.0" @@ -1662,6 +1845,12 @@ dependencies = [ "zerovec", ] +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + [[package]] name = "ppv-lite86" version = "0.2.21" @@ -2397,6 +2586,12 @@ version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + [[package]] name = "subtle" version = "2.6.1" @@ -2563,6 +2758,37 @@ dependencies = [ "pin-project-lite", ] +[[package]] +name = "time" +version = "0.3.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e7d9e3bb61134e77bde20dd4825b97c010155709965fedf0f49bb138e52a9d" +dependencies = [ + "deranged", + "itoa", + "num-conv", + "powerfmt", + "serde", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40868e7c1d2f0b8d73e4a8c7f0ff63af4f6d19be117e90bd73eb1d62cf831c6b" + +[[package]] +name = "time-macros" +version = "0.2.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30cfb0125f12d9c277f35663a0a33f8c30190f4e4574868a330595412d34ebf3" +dependencies = [ + "num-conv", + "time-core", +] + [[package]] name = "tinystr" version = "0.8.2" @@ -2570,6 +2796,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42d3e9c45c09de15d06dd8acf5f4e0e399e85927b7f00711024eb7ae10fa4869" dependencies = [ "displaydoc", + "serde_core", "zerovec", ] @@ -2596,6 +2823,7 @@ dependencies = [ "console_error_panic_hook", "figment", "leptos", + "leptos-use", "leptos_axum", "leptos_meta", "leptos_router", @@ -2886,6 +3114,24 @@ dependencies = [ "version_check", ] +[[package]] +name = "unic-langid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a28ba52c9b05311f4f6e62d5d9d46f094bd6e84cb8df7b3ef952748d752a7d05" +dependencies = [ + "unic-langid-impl", +] + +[[package]] +name = "unic-langid-impl" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dce1bf08044d4b7a94028c93786f8566047edc11110595914de93362559bc658" +dependencies = [ + "tinystr", +] + [[package]] name = "unicase" version = "2.8.1" @@ -3125,6 +3371,41 @@ dependencies = [ "windows-sys 0.61.2", ] +[[package]] +name = "windows-core" +version = "0.62.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-link", + "windows-result", + "windows-strings", +] + +[[package]] +name = "windows-implement" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-interface" +version = "0.59.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "windows-link" version = "0.2.1" @@ -3436,6 +3717,7 @@ version = "0.11.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c28719294829477f525be0186d13efa9a3c602f7ec202ca9e353d310fb9a002" dependencies = [ + "serde", "yoke", "zerofrom", "zerovec-derive", diff --git a/pkgs/packages/webserver/Cargo.toml b/pkgs/packages/webserver/Cargo.toml index 6b53991..0b70aad 100644 --- a/pkgs/packages/webserver/Cargo.toml +++ b/pkgs/packages/webserver/Cargo.toml @@ -11,6 +11,7 @@ axum = { version = "0.8.7", features = ["macros"], optional = true } console_error_panic_hook = { version = "0.1.7", optional = true } figment = { version = "0.10.19", features = ["toml", "env"] } leptos = "0.8.3" +leptos-use = "0.16.3" leptos_axum = { version = "0.8.3", optional = true } leptos_meta = "0.8.3" leptos_router = "0.8.3" @@ -21,7 +22,7 @@ thiserror = "2.0.17" tokio = { version = "1.48.0", features = ["rt-multi-thread"], optional = true } url = "2.5.7" wasm-bindgen = { version = "=0.2.100", optional = true } -web-sys = "^0.3.77" +web-sys = { version = "^0.3.77", features = ["AnalyserNode", "AudioContext", "AudioDestinationNode", "GainNode", "HtmlMediaElement", "MediaElementAudioSourceNode"] } [features] hydrate = [ diff --git a/pkgs/packages/webserver/src/app.rs b/pkgs/packages/webserver/src/app.rs index 913c640..d8e02ba 100644 --- a/pkgs/packages/webserver/src/app.rs +++ b/pkgs/packages/webserver/src/app.rs @@ -7,10 +7,12 @@ use leptos_router::{ mod homepage; mod mail; +mod music_sample; use crate::components::Navbar; use homepage::HomePage; use mail::Mail; +use music_sample::MusicSample; pub fn shell(options: LeptosOptions) -> impl IntoView { view! { @@ -49,6 +51,7 @@ pub fn App() -> impl IntoView { + diff --git a/pkgs/packages/webserver/src/app/music_sample.rs b/pkgs/packages/webserver/src/app/music_sample.rs new file mode 100644 index 0000000..f9fc1cb --- /dev/null +++ b/pkgs/packages/webserver/src/app/music_sample.rs @@ -0,0 +1,75 @@ +#![allow(dead_code, unused_variables)] +use leptos::{logging, prelude::*}; +use leptos_meta::{Meta, Title}; +use leptos_use::use_event_listener; +use ssr_safe::{MediaPlayer, MediaPlayerError}; + +mod ssr_safe; + +#[component] +fn Controls() -> impl IntoView { + let player: LocalResource> = expect_context(); + + Effect::new(move || { + let audio_element = if let Some(Ok(p)) = player.get() { + Some(p.audio_element()) + } else { + None + }; + + use_event_listener(audio_element, ssr_safe::media_events::error, |ev| { + logging::error!("{:?}", ev); + }); + }); + + view! { +
+ + + +
+
+ // The play/pause/etc button +
+ +
+
+ + // The title display +
+ {move || { + Ok::<_, MediaPlayerError>(player.get().transpose()?.map(|p| p.get_title())) + }} +
+ + // The artist display +
+
Artist
+
+
+ + + +
+ } +} + +#[component] +pub fn MusicSample() -> impl IntoView { + let player = LocalResource::new(MediaPlayer::new); + provide_context(player); + + view! { + + + + <section class="hero is-fullheight-with-navbar"> + <div class="hero-body p-0">Body</div> + <div class="hero-foot"> + <Controls /> + </div> + </section> + } +} diff --git a/pkgs/packages/webserver/src/app/music_sample/ssr_safe.rs b/pkgs/packages/webserver/src/app/music_sample/ssr_safe.rs new file mode 100644 index 0000000..13d2269 --- /dev/null +++ b/pkgs/packages/webserver/src/app/music_sample/ssr_safe.rs @@ -0,0 +1,121 @@ +use leptos::{ev::EventDescriptor, logging}; +use leptos_use::use_event_listener; +use web_sys::EventTarget; + +pub const DEFAULT_MP3: &str = "/Mseq_-_Journey.mp3a"; + +#[derive(Clone)] +pub struct MediaPlayer { + context: web_sys::AudioContext, + audio_element: web_sys::HtmlAudioElement, +} + +impl MediaPlayer { + pub async fn new() -> Result<Self, MediaPlayerError> { + let context = web_sys::AudioContext::new()?; + let audio_element = web_sys::HtmlAudioElement::new_with_src(DEFAULT_MP3)?; + let source_node = context.create_media_element_source(&audio_element)?; + let gain_node = context.create_gain()?; + let analyser_node = context.create_analyser()?; + analyser_node.set_fft_size(2048); + analyser_node.set_smoothing_time_constant(0.8); + + source_node.connect_with_audio_node(&analyser_node)?; + source_node.connect_with_audio_node(&gain_node)?; + gain_node.connect_with_audio_node(&context.destination())?; + + Ok(Self { + context, + audio_element, + }) + } + + pub fn set_title(&self, title: &str) { + self.audio_element.set_src(title); + } + + pub fn get_title(&self) -> String { + // Hardcoded for now, eventually I'll make this a proper + // player again... + "Journey".to_owned() + } + + pub fn context(&self) -> EventTarget { + self.context.clone().into() + } + + pub fn audio_element(&self) -> EventTarget { + self.audio_element.clone().into() + } + + pub fn use_media_event<Ev, F>(&self, event: Ev, handler: F) -> impl Fn() + Clone + Send + Sync + use<Ev, F> + where + F: FnMut(<Ev as EventDescriptor>::EventType) + 'static, + Ev: EventDescriptor + 'static, + { + use_event_listener(self.audio_element.clone(), event, handler) + } + + pub fn use_statechange<F>(&self, handler: F) -> impl Fn() + Clone + Send + Sync + where + F: FnMut(<media_events::statechange as EventDescriptor>::EventType) + 'static, + { + use_event_listener(self.context.clone(), media_events::statechange, handler) + } +} + +#[derive(thiserror::Error, Debug, Clone)] +pub enum MediaPlayerError { + #[error("todo")] + Todo, +} + +impl From<web_sys::wasm_bindgen::JsValue> for MediaPlayerError { + fn from(value: web_sys::wasm_bindgen::JsValue) -> Self { + logging::error!("Some kind of error"); + Self::Todo {} + } +} + +pub mod media_events { + use leptos::ev::EventDescriptor; + use std::borrow::Cow; + + #[derive(Copy, Clone, Debug)] + #[allow(non_camel_case_types)] + pub struct error; + + impl EventDescriptor for error { + type EventType = web_sys::Event; + const BUBBLES: bool = false; + + #[inline(always)] + fn name(&self) -> Cow<'static, str> { + "error".into() + } + + #[inline(always)] + fn event_delegation_key(&self) -> Cow<'static, str> { + "$$$error".into() + } + } + + #[derive(Copy, Clone, Debug)] + #[allow(non_camel_case_types)] + pub struct statechange; + + impl EventDescriptor for statechange { + type EventType = web_sys::Event; + const BUBBLES: bool = false; + + #[inline(always)] + fn name(&self) -> Cow<'static, str> { + "statechange".into() + } + + #[inline(always)] + fn event_delegation_key(&self) -> Cow<'static, str> { + "$$$statechange".into() + } + } +} diff --git a/pkgs/packages/webserver/style/custom-bulma.scss b/pkgs/packages/webserver/style/custom-bulma.scss index 0f15681..455d381 100644 --- a/pkgs/packages/webserver/style/custom-bulma.scss +++ b/pkgs/packages/webserver/style/custom-bulma.scss @@ -46,11 +46,8 @@ iv.$family-monospace: "Hack", iv.$family-monospace; @forward "bulma/sass/grid/columns"; -@forward "bulma/sass/helpers/typography"; -@forward "bulma/sass/helpers/color"; - -@forward "bulma/sass/layout/container"; -@forward "bulma/sass/layout/section"; +@forward "bulma/sass/helpers"; +@forward "bulma/sass/layout"; @forward "bulma/sass/components/navbar" with ( $navbar-burger-color: iv.$grey-light, From 642dad3afa2536c9c42e7e96a10da5e815f6f2bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net> Date: Mon, 1 Dec 2025 16:22:00 +0800 Subject: [PATCH 4/7] update(treewide): Update to NixOS 25.11 --- configuration/hardware-specific/vm.nix | 8 +++++ configuration/nginx/ssl.nix | 34 +++++++++---------- configuration/services/foundryvtt.nix | 2 +- configuration/services/nextcloud.nix | 4 +-- configuration/services/ntfy-sh/default.nix | 1 - configuration/services/starbound.nix | 2 +- configuration/services/webserver.nix | 2 +- flake.lock | 32 +++++------------ flake.nix | 8 ++--- modules/crowdsec/default.nix | 2 +- .../remediations/cs-firewall-bouncer.nix | 2 +- pkgs/default.nix | 7 ++-- 12 files changed, 44 insertions(+), 60 deletions(-) diff --git a/configuration/hardware-specific/vm.nix b/configuration/hardware-specific/vm.nix index aa360aa..70c1b58 100644 --- a/configuration/hardware-specific/vm.nix +++ b/configuration/hardware-specific/vm.nix @@ -43,6 +43,14 @@ source = ../../keys/hosts/staging.key; }; + # Pretend the acme renew succeeds. + # + # TODO(tlater): Set up pebble to retrieve certs "properly" + # instead + systemd.services."acme-order-renew-tlater.net".script = '' + touch out/acme-success + ''; + virtualisation.vmVariant = { virtualisation = { memorySize = 3941; diff --git a/configuration/nginx/ssl.nix b/configuration/nginx/ssl.nix index 56bfa78..f3fac13 100644 --- a/configuration/nginx/ssl.nix +++ b/configuration/nginx/ssl.nix @@ -51,20 +51,9 @@ paths = [ "/var/lib/acme/tlater.net" ]; }; - systemd.services = { - nginx.serviceConfig.SupplementaryGroups = [ config.security.acme.certs."tlater.net".group ]; - - # Don't attempt to retrieve a certificate if the domain name - # doesn't *actually* match the cert name - # - # TODO(tlater): Set up pebble to retrieve certs "properly" - # instead - "acme-tlater.net".serviceConfig.ExecCondition = - let - confirm = ''[[ "tlater.net" = "${config.services.nginx.domain}" ]]''; - in - ''${pkgs.runtimeShell} -c '${confirm}' ''; - }; + systemd.services.nginx.serviceConfig.SupplementaryGroups = [ + config.security.acme.certs."tlater.net".group + ]; sops.secrets = { "porkbun/api-key".owner = "acme"; @@ -85,10 +74,18 @@ security.acme.certs."tlater.net".extraDomainNames = [ config.services.nginx.domain ]; - services.nginx = { - domain = "testHost"; + # Pretend the acme renew succeeds. + # + # TODO(tlater): Set up pebble to retrieve certs "properly" + # instead + systemd.services."acme-order-renew-tlater.net".script = '' + touch out/acme-success + ''; - virtualHosts."${config.services.nginx.domain}" = { + services.nginx = { + domain = "testHost.test"; + + virtualHosts."${config.services.nginx.domain}.local" = { useACMEHost = "tlater.net"; onlySSL = true; enableHSTS = true; @@ -109,6 +106,7 @@ { pkgs, ... }: { environment.systemPackages = [ pkgs.curl ]; + networking.hosts."192.168.1.2" = [ "testHost.test" ]; }; }; @@ -125,7 +123,7 @@ "--silent", "--dump-header -", "--cacert /certs/tlater.net/fullchain.pem", - "https://testHost", + "https://testHost.test", "-o /dev/null" ])) diff --git a/configuration/services/foundryvtt.nix b/configuration/services/foundryvtt.nix index 5c8a21f..d7b9d02 100644 --- a/configuration/services/foundryvtt.nix +++ b/configuration/services/foundryvtt.nix @@ -23,7 +23,7 @@ in minifyStaticFiles = true; proxySSL = true; proxyPort = 443; - package = flake-inputs.foundryvtt.packages.${pkgs.system}.foundryvtt_13; + package = flake-inputs.foundryvtt.packages.${pkgs.stdenv.hostPlatform.system}.foundryvtt_13; }; nginx.virtualHosts."${domain}" = diff --git a/configuration/services/nextcloud.nix b/configuration/services/nextcloud.nix index 77cfa4c..30f79ed 100644 --- a/configuration/services/nextcloud.nix +++ b/configuration/services/nextcloud.nix @@ -5,7 +5,7 @@ ... }: let - nextcloud = pkgs.nextcloud31; + nextcloud = pkgs.nextcloud32; hostName = "nextcloud.${config.services.nginx.domain}"; in { @@ -104,7 +104,7 @@ in }; # Ensure that this service doesn't start before postgres is ready - systemd.services.nextcloud-setup.after = [ "postgresql.service" ]; + systemd.services.nextcloud-setup.after = [ "postgresql.target" ]; sops.secrets."nextcloud/tlater" = { owner = "nextcloud"; diff --git a/configuration/services/ntfy-sh/default.nix b/configuration/services/ntfy-sh/default.nix index aacec91..39ace90 100644 --- a/configuration/services/ntfy-sh/default.nix +++ b/configuration/services/ntfy-sh/default.nix @@ -17,7 +17,6 @@ in services.ntfy-sh = { enable = true; - package = flake-inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.ntfy-sh; environmentFile = config.sops.secrets."ntfy/users".path; diff --git a/configuration/services/starbound.nix b/configuration/services/starbound.nix index 6b97471..888fc3e 100644 --- a/configuration/services/starbound.nix +++ b/configuration/services/starbound.nix @@ -19,7 +19,7 @@ in serviceConfig = { ExecStart = "${ - flake-inputs.self.packages.${pkgs.system}.starbound + flake-inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.starbound }/bin/launch-starbound ${./configs/starbound.json}"; Type = "simple"; diff --git a/configuration/services/webserver.nix b/configuration/services/webserver.nix index e8daeaf..ffe7480 100644 --- a/configuration/services/webserver.nix +++ b/configuration/services/webserver.nix @@ -20,7 +20,7 @@ in after = [ "network.target" ]; script = '' - ${lib.getExe flake-inputs.self.packages.${pkgs.system}.webserver} + ${lib.getExe flake-inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.webserver} ''; environment = { diff --git a/flake.lock b/flake.lock index 3c65247..9ca0388 100644 --- a/flake.lock +++ b/flake.lock @@ -255,28 +255,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763509821, - "narHash": "sha256-ibZr0ONEUA1W2WAdTzgm9/6jBE+tM20j1YW2FK4RZ/k=", - "rev": "659aa6fa27619d04de231b4cc0c938905dfa01e9", + "lastModified": 1764522689, + "narHash": "sha256-GzkEBSHGkj8EyOxnxQvl9sx0x2S7JzH0hwCziF176T8=", + "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f", "type": "tarball", - "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.812929.659aa6fa2761/nixexprs.tar.xz?lastModified=1763509821&rev=659aa6fa27619d04de231b4cc0c938905dfa01e9" + "url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.650.8bb5646e0bed/nixexprs.tar.xz?lastModified=1764522689&rev=8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f" }, "original": { "type": "tarball", - "url": "https://channels.nixos.org/nixos-25.05-small/nixexprs.tar.xz" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1763835633, - "narHash": "sha256-nzRnw0UkYQpDm0o20AKvG/5oHCXy5qEGOsFAVhB5NmA=", - "rev": "050e09e091117c3d7328c7b2b7b577492c43c134", - "type": "tarball", - "url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre900642.050e09e09111/nixexprs.tar.xz?lastModified=1763835633&rev=050e09e091117c3d7328c7b2b7b577492c43c134" - }, - "original": { - "type": "tarball", - "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz" + "url": "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz" } }, "pre-commit-hooks": { @@ -325,7 +312,6 @@ "flint": "flint", "foundryvtt": "foundryvtt", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable", "sonnenshift": "sonnenshift", "sops-nix": "sops-nix" } @@ -338,11 +324,11 @@ ] }, "locked": { - "lastModified": 1763619077, - "narHash": "sha256-dlfamaoIzFEgwgtzPJuw5Tl5SqjbWcV8CsbP2hVBeuI=", + "lastModified": 1764578400, + "narHash": "sha256-8V0SpIcYyjpP+nAHfYJDof7CofLTwVVDo5QLZ0epjOQ=", "ref": "refs/heads/main", - "rev": "64a2c8a3743ea6897ecac6692fba8aebc3389fca", - "revCount": 26, + "rev": "bf17617899692c9c2bfebfce87320a4174e6dc28", + "revCount": 27, "type": "git", "url": "ssh://git@github.com/sonnenshift/battery-manager" }, diff --git a/flake.nix b/flake.nix index 951eef5..10b52ec 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,7 @@ description = "tlater.net host configuration"; inputs = { - nixpkgs.url = "https://channels.nixos.org/nixos-25.05-small/nixexprs.tar.xz"; - nixpkgs-unstable.url = "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"; + nixpkgs.url = "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz"; ## Nix/OS utilities @@ -138,10 +137,7 @@ packages.${system} = { default = vm.config.system.build.vm; } - // import ./pkgs { - pkgs = nixpkgs.legacyPackages.${system}; - flake-inputs = inputs; - }; + // import ./pkgs { pkgs = nixpkgs.legacyPackages.${system}; }; ################### # Utility scripts # diff --git a/modules/crowdsec/default.nix b/modules/crowdsec/default.nix index 44e6bc5..9cb26f9 100644 --- a/modules/crowdsec/default.nix +++ b/modules/crowdsec/default.nix @@ -271,7 +271,7 @@ in # To add completions; sadly need to hand-roll this since # neither `symlinkJoin` nor `buildEnv` have collision # handling. - (pkgs.runCommandNoCCLocal "cscli" { } '' + (pkgs.runCommandLocal "cscli" { } '' mkdir -p $out ln -s ${cscli}/bin $out/bin ln -s ${cfg.package}/share $out/share diff --git a/modules/crowdsec/remediations/cs-firewall-bouncer.nix b/modules/crowdsec/remediations/cs-firewall-bouncer.nix index 42accc6..bdc6da8 100644 --- a/modules/crowdsec/remediations/cs-firewall-bouncer.nix +++ b/modules/crowdsec/remediations/cs-firewall-bouncer.nix @@ -6,7 +6,7 @@ ... }: let - inherit (flake-inputs.self.packages.${pkgs.system}) crowdsec-firewall-bouncer; + inherit (flake-inputs.self.packages.${pkgs.stdenv.hostPlatform.system}) crowdsec-firewall-bouncer; crowdsecCfg = config.security.crowdsec; cfg = crowdsecCfg.remediationComponents.firewallBouncer; diff --git a/pkgs/default.nix b/pkgs/default.nix index 1ce8cd2..31335a6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,8 +1,5 @@ -{ pkgs, flake-inputs }: -let - inherit (flake-inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}) ast-grep; -in +{ pkgs }: pkgs.lib.packagesFromDirectoryRecursive { - callPackage = pkgs.lib.callPackageWith (pkgs // { inherit ast-grep; }); + inherit (pkgs) callPackage; directory = ./packages; } From 4b9da36a2502fc383684809ec9d5aceec746c24f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net> Date: Sun, 30 Nov 2025 15:53:28 +0800 Subject: [PATCH 5/7] feat(grafana): Use ntfy for alerts instead of matrix-hookshot --- configuration/services/conduit/default.nix | 5 +- .../services/conduit/matrix-hookshot.nix | 172 ------------------ configuration/services/metrics/grafana.nix | 13 ++ .../services/metrics/victoriametrics.nix | 4 - keys/production.yaml | 7 +- keys/staging.yaml | 7 +- 6 files changed, 18 insertions(+), 190 deletions(-) delete mode 100644 configuration/services/conduit/matrix-hookshot.nix diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix index b6f8f27..a4c91d3 100644 --- a/configuration/services/conduit/default.nix +++ b/configuration/services/conduit/default.nix @@ -12,10 +12,7 @@ let turn-realm = "turn.${config.services.nginx.domain}"; in { - imports = [ - ./heisenbridge.nix - ./matrix-hookshot.nix - ]; + imports = [ ./heisenbridge.nix ]; networking.firewall = { allowedTCPPorts = [ diff --git a/configuration/services/conduit/matrix-hookshot.nix b/configuration/services/conduit/matrix-hookshot.nix deleted file mode 100644 index c1fec82..0000000 --- a/configuration/services/conduit/matrix-hookshot.nix +++ /dev/null @@ -1,172 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -let - matrixLib = pkgs.callPackage ./lib.nix { }; - - cfg = config.services.matrix-hookshot; - conduitCfg = config.services.matrix-conduit; - - domain = conduitCfg.settings.global.server_name; - - registration = matrixLib.writeRegistrationScript { - id = "matrix-hookshot"; - url = "http://127.0.0.1:9993"; - sender_localpart = "hookshot"; - - namespaces = { - aliases = [ ]; - rooms = [ ]; - users = [ - { - regex = "@${cfg.settings.generic.userIdPrefix}.*:${domain}"; - exclusive = true; - } - ]; - }; - - # Encryption support - # TODO(tlater): Enable when - # https://github.com/matrix-org/matrix-hookshot/issues/1060 is - # fixed - # extraSettings = { - # "de.sorunome.msc2409.push_ephemeral" = true; - # push_ephemeral = true; - # "org.matrix.msc3202" = true; - # }; - - runtimeRegistration = "${cfg.registrationFile}"; - }; -in -{ - # users = { - # users.matrix-hookshot = { - # home = "/run/matrix-hookshot"; - # group = "matrix-hookshot"; - # isSystemUser = true; - # }; - - # groups.matrix-hookshot = { }; - # }; - - systemd.services.matrix-hookshot = { - serviceConfig = { - Type = lib.mkForce "exec"; - - LoadCredential = "matrix-hookshot:/run/secrets/matrix-hookshot"; - inherit (registration) ExecStartPre; - - # Some library in matrix-hookshot wants a home directory - Environment = [ "HOME=/run/matrix-hookshot" ]; - - # User = "matrix-hookshot"; - DynamicUser = true; - StateDirectory = "matrix-hookshot"; - RuntimeDirectory = "matrix-hookshot"; - RuntimeDirectoryMode = "0700"; - - RestrictNamespaces = true; - PrivateUsers = true; - ProtectHostname = true; - ProtectClock = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - RestrictAddressFamilies = [ - # "AF_UNIX" - "AF_INET" - "AF_INET6" - ]; - LockPersonality = true; - RestrictRealtime = true; - ProtectProc = "invisible"; - ProcSubset = "pid"; - UMask = 77; - }; - }; - - # services.redis.servers.matrix-hookshot = { - # enable = true; - # user = "matrix-hookshot"; - # }; - - services.matrix-hookshot = { - enable = true; - - serviceDependencies = [ "conduit.service" ]; - - registrationFile = "/run/matrix-hookshot/registration.yaml"; - - settings = { - bridge = { - inherit domain; - url = "http://localhost:${toString conduitCfg.settings.global.port}"; - mediaUrl = conduitCfg.settings.global.well_known.client; - port = 9993; - bindAddress = "127.0.0.1"; - }; - - bot.displayname = "Hookshot"; - - # cache.redisUri = "redis://${config.services.redis.servers.matrix-hookshot.unixSocket}"; - - generic = { - enabled = true; - outbound = false; - # Only allow webhooks from localhost for the moment - urlPrefix = "http://127.0.0.1:9000/webhook"; - userIdPrefix = "_webhooks_"; - allowJsTransformationFunctions = true; - }; - - # TODO(tlater): Enable when - # https://github.com/matrix-org/matrix-hookshot/issues/1060 is - # fixed - # encryption.storagePath = "/var/lib/matrix-hookshot/cryptostore"; - - permissions = [ - { - actor = "matrix.tlater.net"; - services = [ - { - service = "*"; - level = "notifications"; - } - ]; - } - { - actor = "@tlater:matrix.tlater.net"; - services = [ - { - service = "*"; - level = "admin"; - } - ]; - } - ]; - - listeners = [ - { - port = 9000; - resources = [ "webhooks" ]; - } - { - port = 9001; - resources = [ "metrics" ]; - } - ]; - - metrics.enabled = true; - }; - }; - - sops.secrets = { - # Accessed via systemd cred through /run/secrets/matrix-hookshot - "matrix-hookshot/as-token" = { }; - "matrix-hookshot/hs-token" = { }; - }; -} diff --git a/configuration/services/metrics/grafana.nix b/configuration/services/metrics/grafana.nix index 765a364..078f27c 100644 --- a/configuration/services/metrics/grafana.nix +++ b/configuration/services/metrics/grafana.nix @@ -57,6 +57,19 @@ in access = "proxy"; } ]; + + alerting.contactPoints.settings.contactPoints = [ + { + name = "ntfy"; + receivers = [ + { + uid = "ntfy"; + type = "webhook"; + settings.url = "http://${config.services.ntfy-sh.settings.listen-http}/local-alerts?template=grafana"; + } + ]; + } + ]; }; }; diff --git a/configuration/services/metrics/victoriametrics.nix b/configuration/services/metrics/victoriametrics.nix index 96e09e5..71741b5 100644 --- a/configuration/services/metrics/victoriametrics.nix +++ b/configuration/services/metrics/victoriametrics.nix @@ -89,10 +89,6 @@ in "127.0.0.1:8082" ]; - # Configured in the hookshot listeners, but it's hard to filter - # the correct values out of that config. - matrixHookshot.targets = [ "127.0.0.1:9001" ]; - victorialogs.targets = [ config.services.victorialogs.bindAddress ]; }; }; diff --git a/keys/production.yaml b/keys/production.yaml index ccbee64..6a60c40 100644 --- a/keys/production.yaml +++ b/keys/production.yaml @@ -20,9 +20,6 @@ steam: heisenbridge: as-token: ENC[AES256_GCM,data:+2yo6T18j34622H8ZWblAFB2phLw1q0k0vUQEZ5sFj7dQaRnkEiAMi0R3p17Zq0pOtGEC0RRZuPLYkcZ1oKP0w==,iv:lGwrQYp//FufpmJocrLIVyy9RK7lEEVcpAi0wmkjr34=,tag:yV06UbhAYJQz36O2XdhY+A==,type:str] hs-token: ENC[AES256_GCM,data:u52WpkQFd/J7JFoE/rfNluebyZQLOokvkVdL7+AEAvrhJhrkJli1ztkD79lbC+6tGUH4tT3T+nX9wvGKnrRUQg==,iv:as+9fVuvMg2IoE2WIKD9mHi+znhNcWRh5Zq+yr0xcDQ=,tag:mZ7fh7U0MfgI8hyq/28Bcg==,type:str] -matrix-hookshot: - as-token: ENC[AES256_GCM,data:nXTanPhDyDF7R3AllLqpM5dzljBrHwlh1KJnTGIi5PhbDY2lPj4+uXkMEwvm1u+hQjPyM7vKZPfK+0/dms6Y7A==,iv:fSakJN+yai0gfOJKFxxaxgyUtk0pNmIeqVgrdq92/24=,tag:Qc7+SUnm5/Nq5+QIScR9kQ==,type:str] - hs-token: ENC[AES256_GCM,data:Bwyj0JTTN0NNnwOs1zA8CqbtZSNcvlINeT7QVc2eJiHda92J6vQk7bSxy6KuqCN9DxlUsK13ggYjNORY2vic5w==,iv:Npnp8arYQ3Yb6CXrnKgE03hD7ZjGINPa/DwFI8D+5tA=,tag:FqNE6yI0nF4puEUw9MGAjQ==,type:str] wireguard: server-key: ENC[AES256_GCM,data:mXb7ZznJHf5CgV8rI4uzPBATMRbmd7LimgtCkQM9kAjbIaGwUBqJZBN3fXs=,iv:3Po1Orinzov9rnEm9cLzgJY1PeD+5Jl9115MriABHh8=,tag:E/2CjDO1JCvJzxCnqKcNyw==,type:str] restic: @@ -32,8 +29,8 @@ turn: env: ENC[AES256_GCM,data:kt5nhVo9pb/ZbPUEcqSYXxN9YMgQKnFb5VRfFFS/qoIaJ73uD2fuJKqcxAyVRrdLqnSAWSQBgTgunBzdP7xqLAK2qt8DYAQWHkIe9uxFbSXZpdmw,iv:9lq6SFwTFN4GGm6gPiJpUMasMdnHVF6XLGYrsyG3kjU=,tag:428Qf9DOiiHt/Wjb188b8g==,type:str] secret: ENC[AES256_GCM,data:si7ee6Xfhdgdyzbp6aQpF7pz3TmTBb7iQ82lRPVXNDg9JfHI+lbmgAsSnRLX5qMCA6P9R045sSMosqidL8QwRg==,iv:SrhpZKK8D45yxCEfDb9P3TwtA14+qEI+wcRqcN/a6pw=,tag:PiwV+mOL9xHJgJft6sc61g==,type:str] sops: - lastmodified: "2025-11-29T14:52:24Z" - mac: ENC[AES256_GCM,data:RC18s48jxRFQMtbmu74P7G4uhm2yHk9TB0wN7z4g8SNE3nfkYMvHAJqPr3A3dO+T33zkTFcSRm7fhWItUahTCW3fO10u6kDvWbnyjlSuAy86Tkz2iqeW4iSOzKswDptAgb/B+juAHhEMxDnkG5vpPlIcD0SVP89NlflXftogOqw=,iv:2vN2TJvzePzBJfUeBxvGXwGmRsB5sopqyWm9uUv/rzA=,tag:C6UOWrUxVsRMFncL1y1eTQ==,type:str] + lastmodified: "2025-12-01T11:39:17Z" + mac: ENC[AES256_GCM,data:TwhGOW/V9/IoBifzh1MSwy/ff7ONTnxEmwERD8Yl2E27WG/6dTVz0/nIlZ8KsEKLC6vB2m+sJT+14Q9KCj4Cn/bWV1PmhytktGPxLQpgF55+pZlSK1aLUPLq0hwE93b4MAeOvzoOXtCQguh1dsB2RkinabFoMeZ2xJ7Kc+jHlfA=,iv:Ri8aEA4tssGDv2UuKeza8vs94IovM9GARLIEapb9Ya0=,tag:MDgAffj7ndmMwpw7mBXNRg==,type:str] pgp: - created_at: "2025-10-03T21:38:48Z" enc: |- diff --git a/keys/staging.yaml b/keys/staging.yaml index 20ee3db..b5c8533 100644 --- a/keys/staging.yaml +++ b/keys/staging.yaml @@ -21,9 +21,6 @@ steam: heisenbridge: as-token: ENC[AES256_GCM,data:tXbOeo7nv8I=,iv:wJAKcOXX9nGIw4n38ThOoj29u7dUWhsxSQG/p79JlEw=,tag:rTVaGS2UuWcea1uBa8YX2g==,type:str] hs-token: ENC[AES256_GCM,data:VBwvwomv0Xg=,iv:q6INtJ+rg+QiXj8uBdBzQYQZUBBXp+9odxDHwvu8Jxc=,tag:XKhm8nxygAkKaiVPJ2Fcdg==,type:str] -matrix-hookshot: - as-token: ENC[AES256_GCM,data:uSUOo4f2KqA=,iv:Xb9G8Ecv6m59m51kDw2bOfq3SMJt4g9/6/EdH74R+KM=,tag:K9MSfO2c2Y4rlf0eYrmTnw==,type:str] - hs-token: ENC[AES256_GCM,data:0KsyA06InL4=,iv:zAR0Y1fk8SyodcSLBHlQ8I+BAmttz9Hkd8Q3OREFqs4=,tag:t1Et8N/3seq95DeGoUd7Sw==,type:str] wireguard: server-key: ENC[AES256_GCM,data:FvY897XdKoa/mckE8JQLCkklsnYD6Wz1wpsu5t3uhEnW3iarnDQxF9msuYU=,iv:jqGXfekM+Vs+J9b5nlZ5Skd1ZKHajoUo2Dc4tMYPm1w=,tag:EehikjI/FCU8wqtpvJRamQ==,type:str] restic: @@ -33,8 +30,8 @@ turn: env: ENC[AES256_GCM,data:xjIz/AY109lyiL5N01p5T3HcYco/rM5CJSRTtg==,iv:16bW6OpyOK/QL0QPGQp/Baa9xyT8E3ZsYkwqmjuofk0=,tag:J5re3uKxIykw3YunvQWBgg==,type:str] secret: ENC[AES256_GCM,data:eQ7dAocoZtg=,iv:fgzjTPv30WqTKlLy+yMn5MsKQgjhPnwlGFFwYEg3gWs=,tag:1ze33U1NBkgMX/9SiaBNQg==,type:str] sops: - lastmodified: "2025-11-29T11:54:33Z" - mac: ENC[AES256_GCM,data:SaTvwxfARVou/ZjrWfdC8J6je8l89Zuumdz7PkmY2Tl2CQVxZmEt4AyV4bWiCtWhJmfH1Qa8m4Q+DyqimjapgYT5cUB1yxlknp233bB/+5C5k3KozU2hmh80KYgR496FtQvI74p0qw/lw00CGCR3WHNcIc0dbTiDzC90HlOpafg=,iv:vxMCAjpgyWvxk18LalmFhwOb5b2ThCDq1KTaX2OPvpM=,tag:QMA+tC4hs/FBnuVDye38Vg==,type:str] + lastmodified: "2025-12-01T11:39:26Z" + mac: ENC[AES256_GCM,data:11VQAYk8Am0k8OO6BtU17qpuEhcJ8ylRhJWQNHVAsmi5BCFjD1zU3NkWhtSstPrBcqHMenG+9XuEzpNnbccHI2ru0qlILsQvNj5OKo96FnvYtzApYlApoAzOetCx08Lfxa4RGLN/XCUSuccjBIU2PZRWEK+z+Cm1wHUFeqc1xPc=,iv:6y9j55Cld+GoOVGWAqsEgURRna6dHA2mGZwHVA+ZOE8=,tag:bSZi3nYmYrn3nFT2+RBPUQ==,type:str] pgp: - created_at: "2025-10-03T21:38:26Z" enc: |- From 4d773ef9e23e65c36899d35dc5fb82c0e3e534fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net> Date: Mon, 1 Dec 2025 20:06:01 +0800 Subject: [PATCH 6/7] feat(immich): Migrate to vectorchord --- configuration/services/immich.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configuration/services/immich.nix b/configuration/services/immich.nix index 39673d0..1255490 100644 --- a/configuration/services/immich.nix +++ b/configuration/services/immich.nix @@ -18,6 +18,9 @@ in enable = true; settings.server.externalDomain = "https://${hostName}"; + # We're using vectorchord now + database.enableVectors = false; + environment.IMMICH_TELEMETRY_INCLUDE = "all"; }; From 35c74ed36980f7f5becd78a6395680795c574276 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net> Date: Mon, 1 Dec 2025 20:08:07 +0800 Subject: [PATCH 7/7] bump(flake.lock): Update other inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 9ca0388..d5305b0 100644 --- a/flake.lock +++ b/flake.lock @@ -123,11 +123,11 @@ ] }, "locked": { - "lastModified": 1762276996, - "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", + "lastModified": 1764350888, + "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=", "owner": "nix-community", "repo": "disko", - "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", + "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1761916399, - "narHash": "sha256-wLZ8km5ftKlIDdHJrFiDQivXc5b+7DRxmBp2347H5g8=", + "lastModified": 1764578815, + "narHash": "sha256-WZ8+pH/cLjv3geonV3VFwtfa8IuTkPHb60a1ACQpOmc=", "owner": "reckenrode", "repo": "nix-foundryvtt", - "rev": "8cceb7af3dfbe465b5108db5c098b097edf85790", + "rev": "1b875fb942c4ef926fd7aade7db327be363f7179", "type": "github" }, "original": { @@ -344,11 +344,11 @@ ] }, "locked": { - "lastModified": 1763607916, - "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", + "lastModified": 1764483358, + "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", + "rev": "5aca6ff67264321d47856a2ed183729271107c9c", "type": "github" }, "original": {