From 3c6afa0c66544826169432018f82ae22169c12cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 4 Apr 2025 21:06:27 +0800
Subject: [PATCH 01/17] feat(matrix): Switch to conduwuit
This fixes support for the new sliding sync API.
---
.../hardware-specific/hetzner/disko.nix | 11 +
configuration/services/conduit/default.nix | 19 +-
flake.lock | 912 +++++++++++++++---
flake.nix | 4 +
4 files changed, 807 insertions(+), 139 deletions(-)
diff --git a/configuration/hardware-specific/hetzner/disko.nix b/configuration/hardware-specific/hetzner/disko.nix
index cc15471..7e1acd7 100644
--- a/configuration/hardware-specific/hetzner/disko.nix
+++ b/configuration/hardware-specific/hetzner/disko.nix
@@ -80,6 +80,17 @@
inherit mountOptions;
mountpoint = "/var";
};
+ "/volume/var/lib/private/matrix-conduit" = {
+ mountOptions = [
+ # Explicitly don't compress here, since
+ # conduwuit's database does compression by
+ # itself, and relies on being able to read the
+ # raw file data from disk (which is impossible
+ # if btrfs compresses it)
+ "noatime"
+ ];
+ mountpoint = "/var/lib/private/matrix-conduit";
+ };
"/volume/nix-store" = {
inherit mountOptions;
mountpoint = "/nix";
diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix
index c7e4ab4..5a2b8ac 100644
--- a/configuration/services/conduit/default.nix
+++ b/configuration/services/conduit/default.nix
@@ -1,4 +1,6 @@
{
+ pkgs,
+ flake-inputs,
config,
lib,
...
@@ -18,10 +20,12 @@ in
services.matrix-conduit = {
enable = true;
+ package = flake-inputs.conduwuit.packages.${pkgs.system}.default;
settings.global = {
address = "127.0.0.1";
server_name = domain;
- database_backend = "rocksdb";
+ new_user_displayname_suffix = "🦆";
+ allow_check_for_updates = true;
# Set up delegation: https://docs.conduit.rs/delegation.html#automatic-recommended
# This is primarily to make sliding sync work
@@ -44,11 +48,14 @@ in
};
};
- # Pass in the TURN secret via EnvironmentFile, not supported by
- # upstream module currently.
- #
- # See also https://gitlab.com/famedly/conduit/-/issues/314
- systemd.services.conduit.serviceConfig.EnvironmentFile = config.sops.secrets."turn/env".path;
+ systemd.services.conduit.serviceConfig = {
+ ExecStart = lib.mkForce "${config.services.matrix-conduit.package}/bin/conduwuit";
+ # Pass in the TURN secret via EnvironmentFile, not supported by
+ # upstream module currently.
+ #
+ # See also https://gitlab.com/famedly/conduit/-/issues/314
+ EnvironmentFile = config.sops.secrets."turn/env".path;
+ };
systemd.services.coturn.serviceConfig.SupplementaryGroups = [
config.security.acme.certs."tlater.net".group
diff --git a/flake.lock b/flake.lock
index 37c3d5f..3f3fc39 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,6 +1,86 @@
{
"nodes": {
+ "attic": {
+ "inputs": {
+ "crane": "crane",
+ "flake-compat": "flake-compat",
+ "flake-parts": "flake-parts",
+ "nix-github-actions": "nix-github-actions",
+ "nixpkgs": "nixpkgs",
+ "nixpkgs-stable": "nixpkgs-stable"
+ },
+ "locked": {
+ "lastModified": 1738524606,
+ "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=",
+ "owner": "zhaofengli",
+ "repo": "attic",
+ "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "zhaofengli",
+ "ref": "main",
+ "repo": "attic",
+ "type": "github"
+ }
+ },
"cachix": {
+ "inputs": {
+ "devenv": "devenv",
+ "flake-compat": "flake-compat_2",
+ "git-hooks": "git-hooks",
+ "nixpkgs": "nixpkgs_4"
+ },
+ "locked": {
+ "lastModified": 1737621947,
+ "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=",
+ "owner": "cachix",
+ "repo": "cachix",
+ "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "ref": "master",
+ "repo": "cachix",
+ "type": "github"
+ }
+ },
+ "cachix_2": {
+ "inputs": {
+ "devenv": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "flake-compat": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "git-hooks": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "nixpkgs": "nixpkgs_2"
+ },
+ "locked": {
+ "lastModified": 1728672398,
+ "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=",
+ "owner": "cachix",
+ "repo": "cachix",
+ "rev": "aac51f698309fd0f381149214b7eee213c66ef0a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "ref": "latest",
+ "repo": "cachix",
+ "type": "github"
+ }
+ },
+ "cachix_3": {
"inputs": {
"devenv": [
"sonnenshift",
@@ -10,7 +90,7 @@
"sonnenshift",
"crate2nix"
],
- "nixpkgs": "nixpkgs_3",
+ "nixpkgs": "nixpkgs_7",
"pre-commit-hooks": [
"sonnenshift",
"crate2nix"
@@ -31,7 +111,7 @@
"type": "github"
}
},
- "cachix_2": {
+ "cachix_4": {
"inputs": {
"devenv": [
"sonnenshift",
@@ -43,7 +123,7 @@
"crate2nix",
"crate2nix_stable"
],
- "nixpkgs": "nixpkgs_4",
+ "nixpkgs": "nixpkgs_8",
"pre-commit-hooks": [
"sonnenshift",
"crate2nix",
@@ -65,7 +145,7 @@
"type": "github"
}
},
- "cachix_3": {
+ "cachix_5": {
"inputs": {
"devenv": [
"sonnenshift",
@@ -79,7 +159,7 @@
"crate2nix_stable",
"crate2nix_stable"
],
- "nixpkgs": "nixpkgs_5",
+ "nixpkgs": "nixpkgs_9",
"pre-commit-hooks": [
"sonnenshift",
"crate2nix",
@@ -102,13 +182,98 @@
"type": "github"
}
},
+ "complement": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1741891349,
+ "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=",
+ "owner": "girlbossceo",
+ "repo": "complement",
+ "rev": "e587b3df569cba411aeac7c20b6366d03c143745",
+ "type": "github"
+ },
+ "original": {
+ "owner": "girlbossceo",
+ "ref": "main",
+ "repo": "complement",
+ "type": "github"
+ }
+ },
+ "conduwuit": {
+ "inputs": {
+ "attic": "attic",
+ "cachix": "cachix",
+ "complement": "complement",
+ "crane": "crane_2",
+ "fenix": "fenix",
+ "flake-compat": "flake-compat_3",
+ "flake-utils": "flake-utils",
+ "liburing": "liburing",
+ "nix-filter": "nix-filter",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "rocksdb": "rocksdb"
+ },
+ "locked": {
+ "lastModified": 1743473828,
+ "narHash": "sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI=",
+ "owner": "girlbossceo",
+ "repo": "conduwuit",
+ "rev": "0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "girlbossceo",
+ "repo": "conduwuit",
+ "type": "github"
+ }
+ },
+ "crane": {
+ "inputs": {
+ "nixpkgs": [
+ "conduwuit",
+ "attic",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1722960479,
+ "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
+ "owner": "ipetkov",
+ "repo": "crane",
+ "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "ipetkov",
+ "repo": "crane",
+ "type": "github"
+ }
+ },
+ "crane_2": {
+ "locked": {
+ "lastModified": 1739936662,
+ "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=",
+ "owner": "ipetkov",
+ "repo": "crane",
+ "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7",
+ "type": "github"
+ },
+ "original": {
+ "owner": "ipetkov",
+ "ref": "master",
+ "repo": "crane",
+ "type": "github"
+ }
+ },
"crate2nix": {
"inputs": {
- "cachix": "cachix",
+ "cachix": "cachix_3",
"crate2nix_stable": "crate2nix_stable",
"devshell": "devshell_3",
- "flake-compat": "flake-compat_4",
- "flake-parts": "flake-parts_3",
+ "flake-compat": "flake-compat_7",
+ "flake-parts": "flake-parts_5",
"nix-test-runner": "nix-test-runner_3",
"nixpkgs": [
"sonnenshift",
@@ -132,13 +297,13 @@
},
"crate2nix_stable": {
"inputs": {
- "cachix": "cachix_2",
+ "cachix": "cachix_4",
"crate2nix_stable": "crate2nix_stable_2",
"devshell": "devshell_2",
- "flake-compat": "flake-compat_3",
- "flake-parts": "flake-parts_2",
+ "flake-compat": "flake-compat_6",
+ "flake-parts": "flake-parts_4",
"nix-test-runner": "nix-test-runner_2",
- "nixpkgs": "nixpkgs_7",
+ "nixpkgs": "nixpkgs_11",
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
@@ -158,13 +323,13 @@
},
"crate2nix_stable_2": {
"inputs": {
- "cachix": "cachix_3",
+ "cachix": "cachix_5",
"crate2nix_stable": "crate2nix_stable_3",
"devshell": "devshell",
- "flake-compat": "flake-compat_2",
- "flake-parts": "flake-parts",
+ "flake-compat": "flake-compat_5",
+ "flake-parts": "flake-parts_3",
"nix-test-runner": "nix-test-runner",
- "nixpkgs": "nixpkgs_6",
+ "nixpkgs": "nixpkgs_10",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
@@ -184,7 +349,7 @@
},
"crate2nix_stable_3": {
"inputs": {
- "flake-utils": "flake-utils"
+ "flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1702842982,
@@ -203,8 +368,8 @@
},
"deploy-rs": {
"inputs": {
- "flake-compat": "flake-compat",
- "nixpkgs": "nixpkgs",
+ "flake-compat": "flake-compat_4",
+ "nixpkgs": "nixpkgs_5",
"utils": "utils"
},
"locked": {
@@ -221,9 +386,43 @@
"type": "github"
}
},
+ "devenv": {
+ "inputs": {
+ "cachix": "cachix_2",
+ "flake-compat": [
+ "conduwuit",
+ "cachix",
+ "flake-compat"
+ ],
+ "git-hooks": [
+ "conduwuit",
+ "cachix",
+ "git-hooks"
+ ],
+ "nix": "nix",
+ "nixpkgs": [
+ "conduwuit",
+ "cachix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1733323168,
+ "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=",
+ "owner": "cachix",
+ "repo": "devenv",
+ "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "devenv",
+ "type": "github"
+ }
+ },
"devshell": {
"inputs": {
- "flake-utils": "flake-utils_2",
+ "flake-utils": "flake-utils_3",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -248,7 +447,7 @@
},
"devshell_2": {
"inputs": {
- "flake-utils": "flake-utils_3",
+ "flake-utils": "flake-utils_4",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -272,7 +471,7 @@
},
"devshell_3": {
"inputs": {
- "flake-utils": "flake-utils_4",
+ "flake-utils": "flake-utils_5",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -315,7 +514,7 @@
},
"dream2nix": {
"inputs": {
- "nixpkgs": "nixpkgs_8",
+ "nixpkgs": "nixpkgs_12",
"purescript-overlay": "purescript-overlay",
"pyproject-nix": "pyproject-nix"
},
@@ -336,11 +535,34 @@
"fenix": {
"inputs": {
"nixpkgs": [
- "tlaternet-webserver",
+ "conduwuit",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
+ "locked": {
+ "lastModified": 1740724364,
+ "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=",
+ "owner": "nix-community",
+ "repo": "fenix",
+ "rev": "edf7d9e431cda8782e729253835f178a356d3aab",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "main",
+ "repo": "fenix",
+ "type": "github"
+ }
+ },
+ "fenix_2": {
+ "inputs": {
+ "nixpkgs": [
+ "tlaternet-webserver",
+ "nixpkgs"
+ ],
+ "rust-analyzer-src": "rust-analyzer-src_2"
+ },
"locked": {
"lastModified": 1737181903,
"narHash": "sha256-lvp77MhGzSN+ICd0MugppCjQR6cmlM2iAC5cjy2ZsaA=",
@@ -372,34 +594,55 @@
}
},
"flake-compat_2": {
+ "flake": false,
"locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
- "revCount": 57,
- "type": "tarball",
- "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ "lastModified": 1733328505,
+ "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+ "type": "github"
},
"original": {
- "type": "tarball",
- "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
}
},
"flake-compat_3": {
+ "flake": false,
"locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
- "revCount": 57,
- "type": "tarball",
- "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ "lastModified": 1733328505,
+ "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+ "type": "github"
},
"original": {
- "type": "tarball",
- "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ "owner": "edolstra",
+ "ref": "master",
+ "repo": "flake-compat",
+ "type": "github"
}
},
"flake-compat_4": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_5": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@@ -413,7 +656,35 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
- "flake-compat_5": {
+ "flake-compat_6": {
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_7": {
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_8": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@@ -430,6 +701,52 @@
}
},
"flake-parts": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "conduwuit",
+ "attic",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1722555600,
+ "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-parts_2": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "conduwuit",
+ "cachix",
+ "devenv",
+ "nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1712014858,
+ "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"sonnenshift",
@@ -453,7 +770,7 @@
"type": "github"
}
},
- "flake-parts_2": {
+ "flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"sonnenshift",
@@ -476,7 +793,7 @@
"type": "github"
}
},
- "flake-parts_3": {
+ "flake-parts_5": {
"inputs": {
"nixpkgs-lib": [
"sonnenshift",
@@ -500,18 +817,19 @@
},
"flake-utils": {
"inputs": {
- "systems": "systems_2"
+ "systems": "systems"
},
"locked": {
- "lastModified": 1694529238,
- "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
+ "ref": "main",
"repo": "flake-utils",
"type": "github"
}
@@ -521,11 +839,11 @@
"systems": "systems_3"
},
"locked": {
- "lastModified": 1701680307,
- "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "lastModified": 1694529238,
+ "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@@ -574,6 +892,24 @@
"inputs": {
"systems": "systems_6"
},
+ "locked": {
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_6": {
+ "inputs": {
+ "systems": "systems_7"
+ },
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@@ -608,14 +944,41 @@
"type": "github"
}
},
+ "git-hooks": {
+ "inputs": {
+ "flake-compat": [
+ "conduwuit",
+ "cachix",
+ "flake-compat"
+ ],
+ "gitignore": "gitignore",
+ "nixpkgs": [
+ "conduwuit",
+ "cachix",
+ "nixpkgs"
+ ],
+ "nixpkgs-stable": "nixpkgs-stable_2"
+ },
+ "locked": {
+ "lastModified": 1733318908,
+ "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
+ "owner": "cachix",
+ "repo": "git-hooks.nix",
+ "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "git-hooks.nix",
+ "type": "github"
+ }
+ },
"gitignore": {
"inputs": {
"nixpkgs": [
- "sonnenshift",
- "crate2nix",
- "crate2nix_stable",
- "crate2nix_stable",
- "pre-commit-hooks",
+ "conduwuit",
+ "cachix",
+ "git-hooks",
"nixpkgs"
]
},
@@ -639,6 +1002,7 @@
"sonnenshift",
"crate2nix",
"crate2nix_stable",
+ "crate2nix_stable",
"pre-commit-hooks",
"nixpkgs"
]
@@ -662,6 +1026,7 @@
"nixpkgs": [
"sonnenshift",
"crate2nix",
+ "crate2nix_stable",
"pre-commit-hooks",
"nixpkgs"
]
@@ -680,6 +1045,141 @@
"type": "github"
}
},
+ "gitignore_4": {
+ "inputs": {
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "pre-commit-hooks",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "libgit2": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1697646580,
+ "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
+ "owner": "libgit2",
+ "repo": "libgit2",
+ "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "libgit2",
+ "repo": "libgit2",
+ "type": "github"
+ }
+ },
+ "liburing": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1740613216,
+ "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=",
+ "owner": "axboe",
+ "repo": "liburing",
+ "rev": "e1003e496e66f9b0ae06674869795edf772d5500",
+ "type": "github"
+ },
+ "original": {
+ "owner": "axboe",
+ "ref": "master",
+ "repo": "liburing",
+ "type": "github"
+ }
+ },
+ "nix": {
+ "inputs": {
+ "flake-compat": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "flake-parts": "flake-parts_2",
+ "libgit2": "libgit2",
+ "nixpkgs": "nixpkgs_3",
+ "nixpkgs-23-11": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "nixpkgs-regression": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "pre-commit-hooks": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ]
+ },
+ "locked": {
+ "lastModified": 1727438425,
+ "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=",
+ "owner": "domenkozar",
+ "repo": "nix",
+ "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546",
+ "type": "github"
+ },
+ "original": {
+ "owner": "domenkozar",
+ "ref": "devenv-2.24",
+ "repo": "nix",
+ "type": "github"
+ }
+ },
+ "nix-filter": {
+ "locked": {
+ "lastModified": 1731533336,
+ "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
+ "owner": "numtide",
+ "repo": "nix-filter",
+ "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "ref": "main",
+ "repo": "nix-filter",
+ "type": "github"
+ }
+ },
+ "nix-github-actions": {
+ "inputs": {
+ "nixpkgs": [
+ "conduwuit",
+ "attic",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1729742964,
+ "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+ "owner": "nix-community",
+ "repo": "nix-github-actions",
+ "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "nix-github-actions",
+ "type": "github"
+ }
+ },
"nix-test-runner": {
"flake": false,
"locked": {
@@ -730,11 +1230,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1702272962,
- "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
+ "lastModified": 1726042813,
+ "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
+ "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"type": "github"
},
"original": {
@@ -744,6 +1244,38 @@
"type": "github"
}
},
+ "nixpkgs-stable": {
+ "locked": {
+ "lastModified": 1724316499,
+ "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-24.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-stable_2": {
+ "locked": {
+ "lastModified": 1730741070,
+ "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-24.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1740215764,
@@ -760,71 +1292,7 @@
"type": "github"
}
},
- "nixpkgs_2": {
- "locked": {
- "lastModified": 1740162160,
- "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9",
- "type": "github"
- },
- "original": {
- "owner": "nixos",
- "ref": "nixos-24.11-small",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_3": {
- "locked": {
- "lastModified": 1700612854,
- "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_4": {
- "locked": {
- "lastModified": 1715534503,
- "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_5": {
- "locked": {
- "lastModified": 1715534503,
- "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_6": {
+ "nixpkgs_10": {
"locked": {
"lastModified": 1719506693,
"narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
@@ -837,7 +1305,7 @@
"type": "indirect"
}
},
- "nixpkgs_7": {
+ "nixpkgs_11": {
"locked": {
"lastModified": 1719506693,
"narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
@@ -850,7 +1318,7 @@
"type": "indirect"
}
},
- "nixpkgs_8": {
+ "nixpkgs_12": {
"locked": {
"lastModified": 1729850857,
"narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=",
@@ -866,6 +1334,134 @@
"type": "github"
}
},
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1730531603,
+ "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_3": {
+ "locked": {
+ "lastModified": 1717432640,
+ "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "release-24.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_4": {
+ "locked": {
+ "lastModified": 1733212471,
+ "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_5": {
+ "locked": {
+ "lastModified": 1702272962,
+ "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_6": {
+ "locked": {
+ "lastModified": 1740162160,
+ "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-24.11-small",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_7": {
+ "locked": {
+ "lastModified": 1700612854,
+ "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_8": {
+ "locked": {
+ "lastModified": 1715534503,
+ "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_9": {
+ "locked": {
+ "lastModified": 1715534503,
+ "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"pre-commit-hooks": {
"inputs": {
"flake-compat": [
@@ -875,7 +1471,7 @@
"crate2nix_stable",
"flake-compat"
],
- "gitignore": "gitignore",
+ "gitignore": "gitignore_2",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -913,7 +1509,7 @@
"crate2nix_stable",
"flake-compat"
],
- "gitignore": "gitignore_2",
+ "gitignore": "gitignore_3",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -948,8 +1544,8 @@
"crate2nix",
"flake-compat"
],
- "flake-utils": "flake-utils_5",
- "gitignore": "gitignore_3",
+ "flake-utils": "flake-utils_6",
+ "gitignore": "gitignore_4",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -977,7 +1573,7 @@
},
"purescript-overlay": {
"inputs": {
- "flake-compat": "flake-compat_5",
+ "flake-compat": "flake-compat_8",
"nixpkgs": [
"tlaternet-webserver",
"dream2nix",
@@ -1016,12 +1612,30 @@
"type": "github"
}
},
+ "rocksdb": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1741308171,
+ "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=",
+ "owner": "girlbossceo",
+ "repo": "rocksdb",
+ "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986",
+ "type": "github"
+ },
+ "original": {
+ "owner": "girlbossceo",
+ "ref": "v9.11.1",
+ "repo": "rocksdb",
+ "type": "github"
+ }
+ },
"root": {
"inputs": {
+ "conduwuit": "conduwuit",
"deploy-rs": "deploy-rs",
"disko": "disko",
"foundryvtt": "foundryvtt",
- "nixpkgs": "nixpkgs_2",
+ "nixpkgs": "nixpkgs_6",
"nixpkgs-unstable": "nixpkgs-unstable",
"sonnenshift": "sonnenshift",
"sops-nix": "sops-nix",
@@ -1029,6 +1643,23 @@
}
},
"rust-analyzer-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1740691488,
+ "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=",
+ "owner": "rust-lang",
+ "repo": "rust-analyzer",
+ "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "rust-lang",
+ "ref": "nightly",
+ "repo": "rust-analyzer",
+ "type": "github"
+ }
+ },
+ "rust-analyzer-src_2": {
"flake": false,
"locked": {
"lastModified": 1737140097,
@@ -1199,10 +1830,25 @@
"type": "github"
}
},
+ "systems_7": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
"tlaternet-webserver": {
"inputs": {
"dream2nix": "dream2nix",
- "fenix": "fenix",
+ "fenix": "fenix_2",
"nixpkgs": [
"nixpkgs"
]
@@ -1223,7 +1869,7 @@
},
"utils": {
"inputs": {
- "systems": "systems"
+ "systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
diff --git a/flake.nix b/flake.nix
index b31d108..4f17def 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,6 +4,10 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
+ conduwuit = {
+ url = "github:girlbossceo/conduwuit";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
From ee760bfa1ba04d642b38ad589495016ccb6622ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 4 Apr 2025 21:07:15 +0800
Subject: [PATCH 02/17] feat(victoriametrics): Add missing scrape configs
---
configuration/services/conduit/matrix-hookshot.nix | 2 +-
configuration/services/metrics/victoriametrics.nix | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/configuration/services/conduit/matrix-hookshot.nix b/configuration/services/conduit/matrix-hookshot.nix
index 6f11728..c1f16dc 100644
--- a/configuration/services/conduit/matrix-hookshot.nix
+++ b/configuration/services/conduit/matrix-hookshot.nix
@@ -138,7 +138,7 @@ in
}
];
- metrics.enable = true;
+ metrics.enabled = true;
};
};
}
diff --git a/configuration/services/metrics/victoriametrics.nix b/configuration/services/metrics/victoriametrics.nix
index 4a78d46..53864d6 100644
--- a/configuration/services/metrics/victoriametrics.nix
+++ b/configuration/services/metrics/victoriametrics.nix
@@ -87,6 +87,8 @@ in
# Configured in the hookshot listeners, but it's hard to filter
# the correct values out of that config.
matrixHookshot.targets = [ "127.0.0.1:9001" ];
+
+ victorialogs.targets = [ config.services.victorialogs.bindAddress ];
};
};
}
From b396835f88cb8760a777e869b155418f51da0e74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 4 Apr 2025 21:17:00 +0800
Subject: [PATCH 03/17] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Flake lock file updates:
• Updated input 'conduwuit':
'github:girlbossceo/conduwuit/0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8' (2025-04-01)
→ 'github:girlbossceo/conduwuit/00f7745ec4ebcea5f892376c5de5db1299f71696' (2025-04-04)
• Updated input 'disko':
'github:nix-community/disko/15dbf8cebd8e2655a883b74547108e089f051bf0' (2025-02-18)
→ 'github:nix-community/disko/329d3d7e8bc63dd30c39e14e6076db590a6eabe6' (2025-04-02)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/11415c7ae8539d6292f2928317ee7a8410b28bb9' (2025-02-21)
→ 'github:nixos/nixpkgs/bdb91860de2f719b57eef819b5617762f7120c70' (2025-04-03)
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/8465e233b0668cf162c608a92e62e8d78c1ba7e4' (2025-02-22)
→ 'github:nixos/nixpkgs/a462b946265ed006720d02153882780b12a8376d' (2025-04-04)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/07af005bb7d60c7f118d9d9f5530485da5d1e975' (2025-02-11)
→ 'github:Mic92/sops-nix/cff8437c5fe8c68fc3a840a21bf1f4dc801da40d' (2025-04-04)
---
flake.lock | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/flake.lock b/flake.lock
index 3f3fc39..83911d7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -216,11 +216,11 @@
"rocksdb": "rocksdb"
},
"locked": {
- "lastModified": 1743473828,
- "narHash": "sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI=",
+ "lastModified": 1743735594,
+ "narHash": "sha256-aaP8OjY4fkpxk2JdSggx9S3Rk+P+VhuivT6aRpLxoj0=",
"owner": "girlbossceo",
"repo": "conduwuit",
- "rev": "0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8",
+ "rev": "00f7745ec4ebcea5f892376c5de5db1299f71696",
"type": "github"
},
"original": {
@@ -499,11 +499,11 @@
]
},
"locked": {
- "lastModified": 1739841949,
- "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=",
+ "lastModified": 1743598667,
+ "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=",
"owner": "nix-community",
"repo": "disko",
- "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0",
+ "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6",
"type": "github"
},
"original": {
@@ -1278,11 +1278,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1740215764,
- "narHash": "sha256-wzBbGGZ6i1VVBA/cDJaLfuuGYCUriD7fwsLgJJHRVRk=",
+ "lastModified": 1743732435,
+ "narHash": "sha256-RrWgOj3F1N6kDG0xatvZzP0p1Zq00yhcTMlaj4bWi5E=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "8465e233b0668cf162c608a92e62e8d78c1ba7e4",
+ "rev": "a462b946265ed006720d02153882780b12a8376d",
"type": "github"
},
"original": {
@@ -1400,11 +1400,11 @@
},
"nixpkgs_6": {
"locked": {
- "lastModified": 1740162160,
- "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=",
+ "lastModified": 1743703532,
+ "narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9",
+ "rev": "bdb91860de2f719b57eef819b5617762f7120c70",
"type": "github"
},
"original": {
@@ -1727,11 +1727,11 @@
]
},
"locked": {
- "lastModified": 1739262228,
- "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
+ "lastModified": 1743756170,
+ "narHash": "sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
+ "rev": "cff8437c5fe8c68fc3a840a21bf1f4dc801da40d",
"type": "github"
},
"original": {
From e37c589654c67863d32ad63ed1643b4a08f99188 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 4 Apr 2025 21:21:03 +0800
Subject: [PATCH 04/17] bump(crowdsec-hub): Update hub
---
pkgs/crowdsec/_sources/generated.json | 8 ++++----
pkgs/crowdsec/_sources/generated.nix | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/pkgs/crowdsec/_sources/generated.json b/pkgs/crowdsec/_sources/generated.json
index ac251aa..97c4e87 100644
--- a/pkgs/crowdsec/_sources/generated.json
+++ b/pkgs/crowdsec/_sources/generated.json
@@ -21,7 +21,7 @@
},
"crowdsec-hub": {
"cargoLocks": null,
- "date": "2025-02-22",
+ "date": "2025-04-04",
"extract": null,
"name": "crowdsec-hub",
"passthru": null,
@@ -33,10 +33,10 @@
"name": null,
"owner": "crowdsecurity",
"repo": "hub",
- "rev": "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df",
- "sha256": "sha256-45pUln7Qj5luY9I9BE2qhzjH7kv4IbYvNoEX3/4AVVg=",
+ "rev": "eebc5f71379ea8f4de4a26f6695e0340444c719c",
+ "sha256": "sha256-/jhsqumekdOHDbHjBP8KvAICsSNhCg5ejMT3jSRiROo=",
"type": "github"
},
- "version": "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df"
+ "version": "eebc5f71379ea8f4de4a26f6695e0340444c719c"
}
}
\ No newline at end of file
diff --git a/pkgs/crowdsec/_sources/generated.nix b/pkgs/crowdsec/_sources/generated.nix
index 9c63cc5..aca88b2 100644
--- a/pkgs/crowdsec/_sources/generated.nix
+++ b/pkgs/crowdsec/_sources/generated.nix
@@ -14,14 +14,14 @@
};
crowdsec-hub = {
pname = "crowdsec-hub";
- version = "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df";
+ version = "eebc5f71379ea8f4de4a26f6695e0340444c719c";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
- rev = "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df";
+ rev = "eebc5f71379ea8f4de4a26f6695e0340444c719c";
fetchSubmodules = false;
- sha256 = "sha256-45pUln7Qj5luY9I9BE2qhzjH7kv4IbYvNoEX3/4AVVg=";
+ sha256 = "sha256-/jhsqumekdOHDbHjBP8KvAICsSNhCg5ejMT3jSRiROo=";
};
- date = "2025-02-22";
+ date = "2025-04-04";
};
}
From 89f9196ef0405d2b82a8330a4e00f45c5a8b7e28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 4 Apr 2025 21:35:24 +0800
Subject: [PATCH 05/17] fix(victorialogs): Use new upstream module
---
.../services/metrics/victorialogs.nix | 100 +++---------------
1 file changed, 12 insertions(+), 88 deletions(-)
diff --git a/configuration/services/metrics/victorialogs.nix b/configuration/services/metrics/victorialogs.nix
index ed74c59..ae47c39 100644
--- a/configuration/services/metrics/victorialogs.nix
+++ b/configuration/services/metrics/victorialogs.nix
@@ -1,37 +1,26 @@
{
config,
- pkgs,
lib,
...
}:
let
cfg = config.services.victorialogs;
- pkg = pkgs.victoriametrics;
- dirname = "victorialogs";
in
{
- options.services.victorialogs =
- let
- inherit (lib.types) str;
- in
- {
- listenAddress = lib.mkOption {
- default = ":9428";
- type = str;
- };
-
- bindAddress = lib.mkOption {
- readOnly = true;
- type = str;
- description = ''
- Final address on which victorialogs listens.
- '';
- };
- };
+ options.services.victorialogs.bindAddress = lib.mkOption {
+ readOnly = true;
+ type = lib.types.str;
+ description = ''
+ Final address on which victorialogs listens.
+ '';
+ };
config = {
- services.victorialogs.bindAddress =
- (lib.optionalString (lib.hasPrefix ":" cfg.listenAddress) "127.0.0.1") + cfg.listenAddress;
+ services.victorialogs = {
+ enable = true;
+ bindAddress =
+ (lib.optionalString (lib.hasPrefix ":" cfg.listenAddress) "127.0.0.1") + cfg.listenAddress;
+ };
services.journald.upload = {
enable = true;
@@ -40,71 +29,6 @@ in
NetworkTimeoutSec = "20s";
};
};
-
systemd.services."systemd-journal-upload".after = [ "victorialogs.service" ];
-
- systemd.services.victorialogs = {
- description = "VictoriaLogs log database";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- startLimitBurst = 5;
-
- serviceConfig = {
- ExecStart = lib.escapeShellArgs [
- "${pkg}/bin/victoria-logs"
- "-storageDataPath=/var/lib/${dirname}"
- "-httpListenAddr=${cfg.listenAddress}"
- ];
-
- DynamicUser = true;
- RestartSec = 1;
- Restart = "on-failure";
- RuntimeDirectory = dirname;
- RuntimeDirectoryMode = "0700";
- StateDirectory = dirname;
- StateDirectoryMode = "0700";
-
- LimitNOFILE = 1048576;
-
- # Hardening
- DeviceAllow = [ "/dev/null rw" ];
- DevicePolicy = "strict";
- LockPersonality = true;
- MemoryDenyWriteExecute = true;
- NoNewPrivileges = true;
- PrivateDevices = true;
- PrivateTmp = true;
- PrivateUsers = true;
- ProtectClock = true;
- ProtectControlGroups = true;
- ProtectHome = true;
- ProtectHostname = true;
- ProtectKernelLogs = true;
- ProtectKernelModules = true;
- ProtectKernelTunables = true;
- ProtectProc = "invisible";
- ProtectSystem = "full";
- RemoveIPC = true;
- RestrictAddressFamilies = [
- "AF_INET"
- "AF_INET6"
- "AF_UNIX"
- ];
- RestrictNamespaces = true;
- RestrictRealtime = true;
- RestrictSUIDSGID = true;
- SystemCallArchitectures = "native";
- SystemCallFilter = [
- "@system-service"
- "~@privileged"
- ];
- };
-
- postStart = lib.mkBefore ''
- until ${lib.getBin pkgs.curl}/bin/curl -s -o /dev/null http://${cfg.bindAddress}/ping; do
- sleep 1;
- done
- '';
- };
};
}
From cfbc2999d75e53afe0e8e9bfed53f97086144394 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Sat, 17 May 2025 14:48:39 +0800
Subject: [PATCH 06/17] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Flake lock file updates:
• Updated input 'conduwuit':
'github:girlbossceo/conduwuit/00f7745ec4ebcea5f892376c5de5db1299f71696' (2025-04-04)
→ 'github:girlbossceo/conduwuit/d8311a5ff672fdc4729d956af5e3af8646b0670d' (2025-04-09)
• Updated input 'disko':
'github:nix-community/disko/329d3d7e8bc63dd30c39e14e6076db590a6eabe6' (2025-04-02)
→ 'github:nix-community/disko/ec7c109a4f794fce09aad87239eab7f66540b888' (2025-05-15)
• Updated input 'foundryvtt':
'github:reckenrode/nix-foundryvtt/a7fa493ba2c623cf90e83756b62285b3b58f18d2' (2025-02-16)
→ 'github:reckenrode/nix-foundryvtt/f1b401831d796dd94cf5a11b65fd169a199d4ff0' (2025-05-10)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/bdb91860de2f719b57eef819b5617762f7120c70' (2025-04-03)
→ 'github:nixos/nixpkgs/d6c9326e40bb557ebb8c040b4375590bc06413f8' (2025-05-16)
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/a462b946265ed006720d02153882780b12a8376d' (2025-04-04)
→ 'github:nixos/nixpkgs/b965e4c283060415956ccd39eee4ca34a6a56cf8' (2025-05-16)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/cff8437c5fe8c68fc3a840a21bf1f4dc801da40d' (2025-04-04)
→ 'github:Mic92/sops-nix/e93ee1d900ad264d65e9701a5c6f895683433386' (2025-05-05)
---
flake.lock | 36 ++++++++++++++++++------------------
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/flake.lock b/flake.lock
index 83911d7..80f2bc5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -216,11 +216,11 @@
"rocksdb": "rocksdb"
},
"locked": {
- "lastModified": 1743735594,
- "narHash": "sha256-aaP8OjY4fkpxk2JdSggx9S3Rk+P+VhuivT6aRpLxoj0=",
+ "lastModified": 1744169934,
+ "narHash": "sha256-5YyHmPUUrXXrczWayji9327knihVTKnmjX+vX6+p6d0=",
"owner": "girlbossceo",
"repo": "conduwuit",
- "rev": "00f7745ec4ebcea5f892376c5de5db1299f71696",
+ "rev": "d8311a5ff672fdc4729d956af5e3af8646b0670d",
"type": "github"
},
"original": {
@@ -499,11 +499,11 @@
]
},
"locked": {
- "lastModified": 1743598667,
- "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=",
+ "lastModified": 1747274630,
+ "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=",
"owner": "nix-community",
"repo": "disko",
- "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6",
+ "rev": "ec7c109a4f794fce09aad87239eab7f66540b888",
"type": "github"
},
"original": {
@@ -931,11 +931,11 @@
]
},
"locked": {
- "lastModified": 1739712626,
- "narHash": "sha256-u3m+awbdL+0BKk8IWidsWMr+R0ian3GZMUlH7623kd8=",
+ "lastModified": 1746877938,
+ "narHash": "sha256-N9J96pSPg4vbozV+ZZ++dwLnMIf2Le6ONNMO0kZCj1M=",
"owner": "reckenrode",
"repo": "nix-foundryvtt",
- "rev": "a7fa493ba2c623cf90e83756b62285b3b58f18d2",
+ "rev": "f1b401831d796dd94cf5a11b65fd169a199d4ff0",
"type": "github"
},
"original": {
@@ -1278,11 +1278,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1743732435,
- "narHash": "sha256-RrWgOj3F1N6kDG0xatvZzP0p1Zq00yhcTMlaj4bWi5E=",
+ "lastModified": 1747413287,
+ "narHash": "sha256-hOnqJr0tZBERWa29JWf9B3/8qr82mlt/UlKPvS7iYzA=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "a462b946265ed006720d02153882780b12a8376d",
+ "rev": "b965e4c283060415956ccd39eee4ca34a6a56cf8",
"type": "github"
},
"original": {
@@ -1400,11 +1400,11 @@
},
"nixpkgs_6": {
"locked": {
- "lastModified": 1743703532,
- "narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=",
+ "lastModified": 1747418223,
+ "narHash": "sha256-DkCYFm09AR2+FPKcT7lD8iIMNXqTdesVvwKpCnqKiYg=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "bdb91860de2f719b57eef819b5617762f7120c70",
+ "rev": "d6c9326e40bb557ebb8c040b4375590bc06413f8",
"type": "github"
},
"original": {
@@ -1727,11 +1727,11 @@
]
},
"locked": {
- "lastModified": 1743756170,
- "narHash": "sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU=",
+ "lastModified": 1746485181,
+ "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "cff8437c5fe8c68fc3a840a21bf1f4dc801da40d",
+ "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
"type": "github"
},
"original": {
From 1bef207356fce8770249aad33bc13ed16594ea19 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Sat, 17 May 2025 15:46:03 +0800
Subject: [PATCH 07/17] bump(crowdsec-up): Update hub
---
pkgs/crowdsec/_sources/generated.json | 8 ++++----
pkgs/crowdsec/_sources/generated.nix | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/pkgs/crowdsec/_sources/generated.json b/pkgs/crowdsec/_sources/generated.json
index 97c4e87..f3c8f01 100644
--- a/pkgs/crowdsec/_sources/generated.json
+++ b/pkgs/crowdsec/_sources/generated.json
@@ -21,7 +21,7 @@
},
"crowdsec-hub": {
"cargoLocks": null,
- "date": "2025-04-04",
+ "date": "2025-05-17",
"extract": null,
"name": "crowdsec-hub",
"passthru": null,
@@ -33,10 +33,10 @@
"name": null,
"owner": "crowdsecurity",
"repo": "hub",
- "rev": "eebc5f71379ea8f4de4a26f6695e0340444c719c",
- "sha256": "sha256-/jhsqumekdOHDbHjBP8KvAICsSNhCg5ejMT3jSRiROo=",
+ "rev": "850614b9fcd4298f559b422c5ac685a69aa2e5ff",
+ "sha256": "sha256-96MMwFN5KongQA3YJVSuk7Kanbr1gR94CCyiflmez2k=",
"type": "github"
},
- "version": "eebc5f71379ea8f4de4a26f6695e0340444c719c"
+ "version": "850614b9fcd4298f559b422c5ac685a69aa2e5ff"
}
}
\ No newline at end of file
diff --git a/pkgs/crowdsec/_sources/generated.nix b/pkgs/crowdsec/_sources/generated.nix
index aca88b2..19a7f5a 100644
--- a/pkgs/crowdsec/_sources/generated.nix
+++ b/pkgs/crowdsec/_sources/generated.nix
@@ -14,14 +14,14 @@
};
crowdsec-hub = {
pname = "crowdsec-hub";
- version = "eebc5f71379ea8f4de4a26f6695e0340444c719c";
+ version = "850614b9fcd4298f559b422c5ac685a69aa2e5ff";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
- rev = "eebc5f71379ea8f4de4a26f6695e0340444c719c";
+ rev = "850614b9fcd4298f559b422c5ac685a69aa2e5ff";
fetchSubmodules = false;
- sha256 = "sha256-/jhsqumekdOHDbHjBP8KvAICsSNhCg5ejMT3jSRiROo=";
+ sha256 = "sha256-96MMwFN5KongQA3YJVSuk7Kanbr1gR94CCyiflmez2k=";
};
- date = "2025-04-04";
+ date = "2025-05-17";
};
}
From 09b90433e6d448b84540d8a1341dc2b089bbcd21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Sat, 17 May 2025 15:46:26 +0800
Subject: [PATCH 08/17] feat(conduit): Switch from conduwuit to continuwuity
---
configuration/services/conduit/default.nix | 2 +-
flake.lock | 59 +++++++++++-----------
flake.nix | 4 +-
3 files changed, 33 insertions(+), 32 deletions(-)
diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix
index 5a2b8ac..94d401a 100644
--- a/configuration/services/conduit/default.nix
+++ b/configuration/services/conduit/default.nix
@@ -20,7 +20,7 @@ in
services.matrix-conduit = {
enable = true;
- package = flake-inputs.conduwuit.packages.${pkgs.system}.default;
+ package = flake-inputs.continuwuity.packages.${pkgs.system}.default;
settings.global = {
address = "127.0.0.1";
server_name = domain;
diff --git a/flake.lock b/flake.lock
index 80f2bc5..c17c613 100644
--- a/flake.lock
+++ b/flake.lock
@@ -49,17 +49,17 @@
"cachix_2": {
"inputs": {
"devenv": [
- "conduwuit",
+ "continuwuity",
"cachix",
"devenv"
],
"flake-compat": [
- "conduwuit",
+ "continuwuity",
"cachix",
"devenv"
],
"git-hooks": [
- "conduwuit",
+ "continuwuity",
"cachix",
"devenv"
],
@@ -199,7 +199,7 @@
"type": "github"
}
},
- "conduwuit": {
+ "continuwuity": {
"inputs": {
"attic": "attic",
"cachix": "cachix",
@@ -216,23 +216,24 @@
"rocksdb": "rocksdb"
},
"locked": {
- "lastModified": 1744169934,
- "narHash": "sha256-5YyHmPUUrXXrczWayji9327knihVTKnmjX+vX6+p6d0=",
- "owner": "girlbossceo",
- "repo": "conduwuit",
- "rev": "d8311a5ff672fdc4729d956af5e3af8646b0670d",
- "type": "github"
+ "lastModified": 1745186840,
+ "narHash": "sha256-Oq2scBu3Ewao828BT1QGffqIqF5WoH9HMXEXKg1YU0o=",
+ "ref": "refs/tags/v0.5.0-rc.5",
+ "rev": "0a0f327ae034f5c44b12a3154cc1143aff10291c",
+ "revCount": 5147,
+ "type": "git",
+ "url": "https://forgejo.ellis.link/continuwuation/continuwuity.git"
},
"original": {
- "owner": "girlbossceo",
- "repo": "conduwuit",
- "type": "github"
+ "ref": "refs/tags/v0.5.0-rc.5",
+ "type": "git",
+ "url": "https://forgejo.ellis.link/continuwuation/continuwuity.git"
}
},
"crane": {
"inputs": {
"nixpkgs": [
- "conduwuit",
+ "continuwuity",
"attic",
"nixpkgs"
]
@@ -390,18 +391,18 @@
"inputs": {
"cachix": "cachix_2",
"flake-compat": [
- "conduwuit",
+ "continuwuity",
"cachix",
"flake-compat"
],
"git-hooks": [
- "conduwuit",
+ "continuwuity",
"cachix",
"git-hooks"
],
"nix": "nix",
"nixpkgs": [
- "conduwuit",
+ "continuwuity",
"cachix",
"nixpkgs"
]
@@ -535,7 +536,7 @@
"fenix": {
"inputs": {
"nixpkgs": [
- "conduwuit",
+ "continuwuity",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
@@ -703,7 +704,7 @@
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
- "conduwuit",
+ "continuwuity",
"attic",
"nixpkgs"
]
@@ -725,7 +726,7 @@
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
- "conduwuit",
+ "continuwuity",
"cachix",
"devenv",
"nix",
@@ -947,13 +948,13 @@
"git-hooks": {
"inputs": {
"flake-compat": [
- "conduwuit",
+ "continuwuity",
"cachix",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
- "conduwuit",
+ "continuwuity",
"cachix",
"nixpkgs"
],
@@ -976,7 +977,7 @@
"gitignore": {
"inputs": {
"nixpkgs": [
- "conduwuit",
+ "continuwuity",
"cachix",
"git-hooks",
"nixpkgs"
@@ -1104,7 +1105,7 @@
"nix": {
"inputs": {
"flake-compat": [
- "conduwuit",
+ "continuwuity",
"cachix",
"devenv"
],
@@ -1112,17 +1113,17 @@
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-23-11": [
- "conduwuit",
+ "continuwuity",
"cachix",
"devenv"
],
"nixpkgs-regression": [
- "conduwuit",
+ "continuwuity",
"cachix",
"devenv"
],
"pre-commit-hooks": [
- "conduwuit",
+ "continuwuity",
"cachix",
"devenv"
]
@@ -1161,7 +1162,7 @@
"nix-github-actions": {
"inputs": {
"nixpkgs": [
- "conduwuit",
+ "continuwuity",
"attic",
"nixpkgs"
]
@@ -1631,7 +1632,7 @@
},
"root": {
"inputs": {
- "conduwuit": "conduwuit",
+ "continuwuity": "continuwuity",
"deploy-rs": "deploy-rs",
"disko": "disko",
"foundryvtt": "foundryvtt",
diff --git a/flake.nix b/flake.nix
index 4f17def..bdb60ed 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,8 +4,8 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
- conduwuit = {
- url = "github:girlbossceo/conduwuit";
+ continuwuity = {
+ url = "git+https://forgejo.ellis.link/continuwuation/continuwuity.git?ref=refs/tags/v0.5.0-rc.5";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
From fc991a0b07c2c1821bafd34fc0ffaff2b0bcc29f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Tue, 20 May 2025 01:06:44 +0800
Subject: [PATCH 09/17] fix(metrics-exporters): Fix dbus socket access for
DynamicUsers
This broke the systemd exporter, I don't fully know what caused the
breakage, though.
See
https://discourse.nixos.org/t/systemd-exporter-couldnt-get-dbus-connection-read-unix-run-dbus-system-bus-socket-recvmsg-connection-reset-by-peer/
---
configuration/services/metrics/exporters.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/configuration/services/metrics/exporters.nix b/configuration/services/metrics/exporters.nix
index 78ba684..80a3480 100644
--- a/configuration/services/metrics/exporters.nix
+++ b/configuration/services/metrics/exporters.nix
@@ -97,4 +97,6 @@ in
# - postgres (?)
# - ssl_exporter (?)
};
+
+ services.dbus.implementation = "broker";
}
From 5c6b697e55e95e13f009cbcc4dcef4d070e83aee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Tue, 20 May 2025 20:37:05 +0800
Subject: [PATCH 10/17] feat(checks): Add linters
---
checks/default.nix | 52 ++++++++++++++++++++++++++++++++++++++++++++++
checks/lints.nu | 39 ++++++++++++++++++++++++++++++++++
flake.nix | 2 +-
3 files changed, 92 insertions(+), 1 deletion(-)
create mode 100644 checks/default.nix
create mode 100644 checks/lints.nu
diff --git a/checks/default.nix b/checks/default.nix
new file mode 100644
index 0000000..80279ba
--- /dev/null
+++ b/checks/default.nix
@@ -0,0 +1,52 @@
+{
+ self,
+ nixpkgs,
+ deploy-rs,
+ system,
+ ...
+}:
+let
+ pkgs = nixpkgs.legacyPackages.${system};
+
+ runNuCheck =
+ {
+ name,
+ packages,
+ check,
+ }:
+ pkgs.stdenvNoCC.mkDerivation {
+ inherit name;
+
+ src = nixpkgs.lib.cleanSourceWith {
+ src = self;
+ filter = nixpkgs.lib.cleanSourceFilter;
+ };
+
+ dontPatch = true;
+ dontConfigure = true;
+ dontBuild = true;
+ dontInstall = true;
+ dontFixup = true;
+ doCheck = true;
+
+ checkInputs = nixpkgs.lib.singleton pkgs.nushell ++ packages;
+
+ checkPhase = ''
+ nu ${check}
+ '';
+ };
+in
+nixpkgs.lib.recursiveUpdate {
+ lints = runNuCheck {
+ name = "lints";
+
+ packages = [
+ pkgs.deadnix
+ pkgs.nixfmt-rfc-style
+ pkgs.shellcheck
+ pkgs.statix
+ ];
+
+ check = ./lints.nu;
+ };
+} (deploy-rs.lib.${system}.deployChecks self.deploy)
diff --git a/checks/lints.nu b/checks/lints.nu
new file mode 100644
index 0000000..ffc2047
--- /dev/null
+++ b/checks/lints.nu
@@ -0,0 +1,39 @@
+#!/usr/bin/env nu
+
+let shell_files = ls **/*.sh | get name
+let nix_files = ls **/*.nix | where name !~ "hardware-configuration.nix|_sources" | get name
+
+let linters = [
+ ([shellcheck] ++ $shell_files)
+ ([nixfmt --check --strict] ++ $nix_files)
+ ([deadnix --fail] ++ $nix_files)
+ ([statix check] ++ $nix_files)
+]
+
+mkdir $env.out
+
+def run-linter [linterArgs: list<string>] {
+ print $'Running ($linterArgs.0)...'
+
+ let exit_code = try {
+ ^$linterArgs.0 ...($linterArgs | skip 1)
+ $env.LAST_EXIT_CODE
+ } catch {|e| $e.exit_code}
+
+ [$linterArgs.0, $exit_code]
+}
+
+let results = $linters | each {|linter| run-linter $linter}
+
+print 'Linter results:'
+
+let success = $results | each {|result|
+ match $result.1 {
+ 0 => {print $'(ansi green)($result.0)(ansi reset)'}
+ _ => {print $'(ansi red)($result.0)(ansi reset)'}
+ }
+
+ $result.1
+} | math sum
+
+exit $success
diff --git a/flake.nix b/flake.nix
index bdb60ed..6747c24 100644
--- a/flake.nix
+++ b/flake.nix
@@ -96,7 +96,7 @@
#########
# Tests #
#########
- checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+ checks.${system} = import ./checks (inputs // { inherit system; });
###########################
# Garbage collection root #
From 63b3cbe00be80ccb4b221aad64eb657ae5c96d70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Tue, 20 May 2025 20:38:43 +0800
Subject: [PATCH 11/17] style(treewide): Apply linter suggestions
---
checks/default.nix | 11 +-
configuration/default.nix | 10 +-
configuration/hardware-specific/vm.nix | 35 +--
configuration/nginx.nix | 78 ++---
configuration/services/backups.nix | 4 +-
configuration/services/conduit/default.nix | 286 +++++++++---------
.../services/conduit/matrix-hookshot.nix | 12 +-
configuration/services/crowdsec.nix | 16 +-
configuration/services/foundryvtt.nix | 58 ++--
configuration/services/gitea.nix | 114 +++----
configuration/services/metrics/exporters.nix | 2 +-
configuration/services/metrics/options.nix | 68 +++--
.../services/metrics/victorialogs.nix | 6 +-
configuration/services/nextcloud.nix | 152 +++++-----
configuration/services/webserver.nix | 2 +-
flake.nix | 2 -
modules/crowdsec/default.nix | 4 +-
.../remediations/cs-firewall-bouncer.nix | 11 +-
modules/crowdsec/remediations/default.nix | 6 +-
pkgs/crowdsec/hub.nix | 5 +-
20 files changed, 432 insertions(+), 450 deletions(-)
diff --git a/checks/default.nix b/checks/default.nix
index 80279ba..f3db4ce 100644
--- a/checks/default.nix
+++ b/checks/default.nix
@@ -8,6 +8,15 @@
let
pkgs = nixpkgs.legacyPackages.${system};
+ statix' = pkgs.statix.overrideAttrs (old: {
+ patches = old.patches ++ [
+ (pkgs.fetchpatch {
+ url = "https://github.com/oppiliappan/statix/commit/925dec39bb705acbbe77178b4d658fe1b752abbb.patch";
+ hash = "sha256-0wacO6wuYJ4ufN9PGucRVJucFdFFNF+NoHYIrLXsCWs=";
+ })
+ ];
+ });
+
runNuCheck =
{
name,
@@ -44,7 +53,7 @@ nixpkgs.lib.recursiveUpdate {
pkgs.deadnix
pkgs.nixfmt-rfc-style
pkgs.shellcheck
- pkgs.statix
+ statix'
];
check = ./lints.nu;
diff --git a/configuration/default.nix b/configuration/default.nix
index 239f9f6..544e20c 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -1,7 +1,5 @@
{
config,
- pkgs,
- lib,
modulesPath,
flake-inputs,
...
@@ -31,13 +29,7 @@
./sops.nix
];
- nixpkgs.overlays = [
- (final: prev: {
- local = import ../pkgs {
- pkgs = prev;
- };
- })
- ];
+ nixpkgs.overlays = [ (_: prev: { local = import ../pkgs { pkgs = prev; }; }) ];
nix = {
extraOptions = ''
diff --git a/configuration/hardware-specific/vm.nix b/configuration/hardware-specific/vm.nix
index db563fe..71870fb 100644
--- a/configuration/hardware-specific/vm.nix
+++ b/configuration/hardware-specific/vm.nix
@@ -6,26 +6,35 @@
boot.kernelParams = [ "nomodeset" ];
networking.hostName = "testvm";
- # Sets the base domain for nginx to a local domain so that we can
- # easily test locally with the VM.
- services.nginx.domain = "dev.local";
+
+ services = {
+ # Sets the base domain for nginx to a local domain so that we can
+ # easily test locally with the VM.
+ nginx.domain = "dev.local";
+
+ # Don't run this
+ batteryManager.enable = lib.mkForce false;
+
+ openssh.hostKeys = lib.mkForce [
+ {
+ type = "rsa";
+ bits = 4096;
+ path = "/etc/staging.key";
+ }
+ ];
+ };
# Use the staging secrets
sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml;
systemd.network.networks."10-eth0" = {
matchConfig.Name = "eth0";
- gateway = [
- "192.168.9.1"
- ];
+ gateway = [ "192.168.9.1" ];
networkConfig = {
Address = "192.168.9.2/24";
};
};
- # Don't run this
- services.batteryManager.enable = lib.mkForce false;
-
# Both so we have a predictable key for the staging env, as well as
# to have a static key for decrypting the sops secrets for the
# staging env.
@@ -34,14 +43,6 @@
source = ../../keys/hosts/staging.key;
};
- services.openssh.hostKeys = lib.mkForce [
- {
- type = "rsa";
- bits = 4096;
- path = "/etc/staging.key";
- }
- ];
-
virtualisation.vmVariant = {
virtualisation = {
memorySize = 3941;
diff --git a/configuration/nginx.nix b/configuration/nginx.nix
index 3ec3bd9..3abef7f 100644
--- a/configuration/nginx.nix
+++ b/configuration/nginx.nix
@@ -1,40 +1,49 @@
{ config, lib, ... }:
{
- services.nginx = {
- enable = true;
- recommendedTlsSettings = true;
- recommendedOptimisation = true;
- recommendedGzipSettings = true;
- recommendedProxySettings = true;
- clientMaxBodySize = "10G";
+ services = {
+ nginx = {
+ enable = true;
+ recommendedTlsSettings = true;
+ recommendedOptimisation = true;
+ recommendedGzipSettings = true;
+ recommendedProxySettings = true;
+ clientMaxBodySize = "10G";
- statusPage = true; # For metrics, should be accessible only from localhost
+ statusPage = true; # For metrics, should be accessible only from localhost
- commonHttpConfig = ''
- log_format upstream_time '$remote_addr - $remote_user [$time_local] '
- '"$request" $status $body_bytes_sent '
- '"$http_referer" "$http_user_agent" '
- 'rt=$request_time uct="$upstream_connect_time" '
- 'uht="$upstream_header_time" urt="$upstream_response_time"';
- '';
- };
+ commonHttpConfig = ''
+ log_format upstream_time '$remote_addr - $remote_user [$time_local] '
+ '"$request" $status $body_bytes_sent '
+ '"$http_referer" "$http_user_agent" '
+ 'rt=$request_time uct="$upstream_connect_time" '
+ 'uht="$upstream_header_time" urt="$upstream_response_time"';
+ '';
+ };
- services.logrotate.settings =
- {
- # Override the default, just keep fewer logs
- nginx.rotate = 6;
- }
- // lib.mapAttrs' (
- virtualHost: _:
- lib.nameValuePair "/var/log/nginx/${virtualHost}/access.log" {
- frequency = "daily";
- rotate = 2;
- compress = true;
- delaycompress = true;
- su = "${config.services.nginx.user} ${config.services.nginx.group}";
- postrotate = "[ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid`";
+ logrotate.settings =
+ {
+ # Override the default, just keep fewer logs
+ nginx.rotate = 6;
}
- ) config.services.nginx.virtualHosts;
+ // lib.mapAttrs' (
+ virtualHost: _:
+ lib.nameValuePair "/var/log/nginx/${virtualHost}/access.log" {
+ frequency = "daily";
+ rotate = 2;
+ compress = true;
+ delaycompress = true;
+ su = "${config.services.nginx.user} ${config.services.nginx.group}";
+ postrotate = "[ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid`";
+ }
+ ) config.services.nginx.virtualHosts;
+
+ backups.acme = {
+ user = "acme";
+ paths = lib.mapAttrsToList (
+ virtualHost: _: "/var/lib/acme/${virtualHost}"
+ ) config.services.nginx.virtualHosts;
+ };
+ };
systemd.tmpfiles.rules = lib.mapAttrsToList (
virtualHost: _:
@@ -66,11 +75,4 @@
systemd.services.nginx.serviceConfig.SupplementaryGroups = [
config.security.acme.certs."tlater.net".group
];
-
- services.backups.acme = {
- user = "acme";
- paths = lib.mapAttrsToList (
- virtualHost: _: "/var/lib/acme/${virtualHost}"
- ) config.services.nginx.virtualHosts;
- };
}
diff --git a/configuration/services/backups.nix b/configuration/services/backups.nix
index 81e3554..baa61e3 100644
--- a/configuration/services/backups.nix
+++ b/configuration/services/backups.nix
@@ -57,7 +57,7 @@ in
'';
type = types.attrsOf (
types.submodule (
- { config, name, ... }:
+ { name, ... }:
{
options = {
user = lib.mkOption {
@@ -246,7 +246,7 @@ in
};
}
// lib.mapAttrs' (
- name: backup:
+ name: _:
lib.nameValuePair "backup-${name}" {
wantedBy = [ "timers.target" ];
timerConfig = {
diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix
index 94d401a..58abc49 100644
--- a/configuration/services/conduit/default.nix
+++ b/configuration/services/conduit/default.nix
@@ -18,33 +18,153 @@ in
./matrix-hookshot.nix
];
- services.matrix-conduit = {
- enable = true;
- package = flake-inputs.continuwuity.packages.${pkgs.system}.default;
- settings.global = {
- address = "127.0.0.1";
- server_name = domain;
- new_user_displayname_suffix = "🦆";
- allow_check_for_updates = true;
+ services = {
+ matrix-conduit = {
+ enable = true;
+ package = flake-inputs.continuwuity.packages.${pkgs.system}.default;
+ settings.global = {
+ address = "127.0.0.1";
+ server_name = domain;
+ new_user_displayname_suffix = "🦆";
+ allow_check_for_updates = true;
- # Set up delegation: https://docs.conduit.rs/delegation.html#automatic-recommended
- # This is primarily to make sliding sync work
- well_known = {
- client = "https://${domain}";
- server = "${domain}:443";
+ # Set up delegation: https://docs.conduit.rs/delegation.html#automatic-recommended
+ # This is primarily to make sliding sync work
+ well_known = {
+ client = "https://${domain}";
+ server = "${domain}:443";
+ };
+
+ turn_uris =
+ let
+ address = "${config.services.coturn.realm}:${toString config.services.coturn.listening-port}";
+ tls-address = "${config.services.coturn.realm}:${toString config.services.coturn.tls-listening-port}";
+ in
+ [
+ "turn:${address}?transport=udp"
+ "turn:${address}?transport=tcp"
+ "turns:${tls-address}?transport=udp"
+ "turns:${tls-address}?transport=tcp"
+ ];
};
+ };
- turn_uris =
- let
- address = "${config.services.coturn.realm}:${toString config.services.coturn.listening-port}";
- tls-address = "${config.services.coturn.realm}:${toString config.services.coturn.tls-listening-port}";
- in
- [
- "turn:${address}?transport=udp"
- "turn:${address}?transport=tcp"
- "turns:${tls-address}?transport=udp"
- "turns:${tls-address}?transport=tcp"
- ];
+ coturn = {
+ enable = true;
+ no-cli = true;
+ use-auth-secret = true;
+ static-auth-secret-file = config.sops.secrets."turn/secret".path;
+ realm = turn-realm;
+ relay-ips = [ "116.202.158.55" ];
+
+ # SSL config
+ pkey = "${config.security.acme.certs."tlater.net".directory}/key.pem";
+ cert = "${config.security.acme.certs."tlater.net".directory}/fullchain.pem";
+
+ # Based on suggestions from
+ # https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md
+ # and
+ # https://www.foxypossibilities.com/2018/05/19/setting-up-a-turn-sever-for-matrix-on-nixos/
+ no-tcp-relay = true;
+ secure-stun = true;
+ extraConfig = ''
+ # Deny various local IP ranges, see
+ # https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
+ no-multicast-peers
+ denied-peer-ip=0.0.0.0-0.255.255.255
+ denied-peer-ip=10.0.0.0-10.255.255.255
+ denied-peer-ip=100.64.0.0-100.127.255.255
+ denied-peer-ip=127.0.0.0-127.255.255.255
+ denied-peer-ip=169.254.0.0-169.254.255.255
+ denied-peer-ip=172.16.0.0-172.31.255.255
+ denied-peer-ip=192.0.0.0-192.0.0.255
+ denied-peer-ip=192.0.2.0-192.0.2.255
+ denied-peer-ip=192.88.99.0-192.88.99.255
+ denied-peer-ip=192.168.0.0-192.168.255.255
+ denied-peer-ip=198.18.0.0-198.19.255.255
+ denied-peer-ip=198.51.100.0-198.51.100.255
+ denied-peer-ip=203.0.113.0-203.0.113.255
+ denied-peer-ip=240.0.0.0-255.255.255.255 denied-peer-ip=::1
+ denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
+ denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
+ denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
+ denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
+ denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+ denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+ denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+
+ # *Allow* any IP addresses that we explicitly set as relay IPs
+ ${concatMapStringsSep "\n" (ip: "allowed-peer-ip=${ip}") config.services.coturn.relay-ips}
+
+ # Various other security settings
+ no-tlsv1
+ no-tlsv1_1
+
+ # Monitoring
+ prometheus
+ '';
+ };
+
+ nginx.virtualHosts."${domain}" = {
+ useACMEHost = "tlater.net";
+
+ listen = [
+ {
+ addr = "0.0.0.0";
+ port = 80;
+ }
+ {
+ addr = "[::0]";
+ port = 80;
+ }
+ {
+ addr = "0.0.0.0";
+ port = 443;
+ ssl = true;
+ }
+ {
+ addr = "[::0]";
+ port = 443;
+ ssl = true;
+ }
+ {
+ addr = "0.0.0.0";
+ port = 8448;
+ ssl = true;
+ }
+ {
+ addr = "[::0]";
+ port = 8448;
+ ssl = true;
+ }
+ ];
+
+ forceSSL = true;
+ enableHSTS = true;
+ extraConfig = ''
+ merge_slashes off;
+ '';
+
+ locations = {
+ "/_matrix" = {
+ proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
+ # Recommended by conduit
+ extraConfig = ''
+ proxy_buffering off;
+ '';
+ };
+ "/.well-known/matrix" = {
+ proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
+ };
+ };
+ };
+
+ backups.conduit = {
+ user = "root";
+ paths = [ "/var/lib/private/matrix-conduit/" ];
+ # Other services store their data in conduit, so no other services
+ # need to be shut down currently.
+ pauseServices = [ "conduit.service" ];
};
};
@@ -60,122 +180,4 @@ in
systemd.services.coturn.serviceConfig.SupplementaryGroups = [
config.security.acme.certs."tlater.net".group
];
-
- services.coturn = {
- enable = true;
- no-cli = true;
- use-auth-secret = true;
- static-auth-secret-file = config.sops.secrets."turn/secret".path;
- realm = turn-realm;
- relay-ips = [ "116.202.158.55" ];
-
- # SSL config
- pkey = "${config.security.acme.certs."tlater.net".directory}/key.pem";
- cert = "${config.security.acme.certs."tlater.net".directory}/fullchain.pem";
-
- # Based on suggestions from
- # https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md
- # and
- # https://www.foxypossibilities.com/2018/05/19/setting-up-a-turn-sever-for-matrix-on-nixos/
- no-tcp-relay = true;
- secure-stun = true;
- extraConfig = ''
- # Deny various local IP ranges, see
- # https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
- no-multicast-peers
- denied-peer-ip=0.0.0.0-0.255.255.255
- denied-peer-ip=10.0.0.0-10.255.255.255
- denied-peer-ip=100.64.0.0-100.127.255.255
- denied-peer-ip=127.0.0.0-127.255.255.255
- denied-peer-ip=169.254.0.0-169.254.255.255
- denied-peer-ip=172.16.0.0-172.31.255.255
- denied-peer-ip=192.0.0.0-192.0.0.255
- denied-peer-ip=192.0.2.0-192.0.2.255
- denied-peer-ip=192.88.99.0-192.88.99.255
- denied-peer-ip=192.168.0.0-192.168.255.255
- denied-peer-ip=198.18.0.0-198.19.255.255
- denied-peer-ip=198.51.100.0-198.51.100.255
- denied-peer-ip=203.0.113.0-203.0.113.255
- denied-peer-ip=240.0.0.0-255.255.255.255 denied-peer-ip=::1
- denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
- denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
- denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
- denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
- denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
-
- # *Allow* any IP addresses that we explicitly set as relay IPs
- ${concatMapStringsSep "\n" (ip: "allowed-peer-ip=${ip}") config.services.coturn.relay-ips}
-
- # Various other security settings
- no-tlsv1
- no-tlsv1_1
-
- # Monitoring
- prometheus
- '';
- };
-
- services.nginx.virtualHosts."${domain}" = {
- useACMEHost = "tlater.net";
-
- listen = [
- {
- addr = "0.0.0.0";
- port = 80;
- }
- {
- addr = "[::0]";
- port = 80;
- }
- {
- addr = "0.0.0.0";
- port = 443;
- ssl = true;
- }
- {
- addr = "[::0]";
- port = 443;
- ssl = true;
- }
- {
- addr = "0.0.0.0";
- port = 8448;
- ssl = true;
- }
- {
- addr = "[::0]";
- port = 8448;
- ssl = true;
- }
- ];
-
- forceSSL = true;
- enableHSTS = true;
- extraConfig = ''
- merge_slashes off;
- '';
-
- locations = {
- "/_matrix" = {
- proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
- # Recommended by conduit
- extraConfig = ''
- proxy_buffering off;
- '';
- };
- "/.well-known/matrix" = {
- proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
- };
- };
- };
-
- services.backups.conduit = {
- user = "root";
- paths = [ "/var/lib/private/matrix-conduit/" ];
- # Other services store their data in conduit, so no other services
- # need to be shut down currently.
- pauseServices = [ "conduit.service" ];
- };
}
diff --git a/configuration/services/conduit/matrix-hookshot.nix b/configuration/services/conduit/matrix-hookshot.nix
index c1f16dc..6846d99 100644
--- a/configuration/services/conduit/matrix-hookshot.nix
+++ b/configuration/services/conduit/matrix-hookshot.nix
@@ -74,9 +74,7 @@ in
services.matrix-hookshot = {
enable = true;
- serviceDependencies = [
- "conduit.service"
- ];
+ serviceDependencies = [ "conduit.service" ];
registrationFile = "/run/matrix-hookshot/registration.yaml";
@@ -126,15 +124,11 @@ in
listeners = [
{
port = 9000;
- resources = [
- "webhooks"
- ];
+ resources = [ "webhooks" ];
}
{
port = 9001;
- resources = [
- "metrics"
- ];
+ resources = [ "metrics" ];
}
];
diff --git a/configuration/services/crowdsec.nix b/configuration/services/crowdsec.nix
index 6e0f367..b736047 100644
--- a/configuration/services/crowdsec.nix
+++ b/configuration/services/crowdsec.nix
@@ -8,9 +8,7 @@
security.crowdsec = {
enable = true;
- parserWhitelist = [
- "10.45.249.2"
- ];
+ parserWhitelist = [ "10.45.249.2" ];
extraGroups = [
"systemd-journal"
@@ -21,25 +19,19 @@
{
source = "journalctl";
labels.type = "syslog";
- journalctl_filter = [
- "SYSLOG_IDENTIFIER=Nextcloud"
- ];
+ journalctl_filter = [ "SYSLOG_IDENTIFIER=Nextcloud" ];
}
{
source = "journalctl";
labels.type = "syslog";
- journalctl_filter = [
- "SYSLOG_IDENTIFIER=sshd-session"
- ];
+ journalctl_filter = [ "SYSLOG_IDENTIFIER=sshd-session" ];
}
{
labels.type = "nginx";
filenames =
- [
- "/var/log/nginx/*.log"
- ]
+ [ "/var/log/nginx/*.log" ]
++ lib.mapAttrsToList (
vHost: _: "/var/log/nginx/${vHost}/access.log"
) config.services.nginx.virtualHosts;
diff --git a/configuration/services/foundryvtt.nix b/configuration/services/foundryvtt.nix
index 614b818..f25bbcd 100644
--- a/configuration/services/foundryvtt.nix
+++ b/configuration/services/foundryvtt.nix
@@ -11,37 +11,39 @@ in
{
imports = [ flake-inputs.foundryvtt.nixosModules.foundryvtt ];
- services.foundryvtt = {
- enable = true;
- hostName = domain;
- minifyStaticFiles = true;
- proxySSL = true;
- proxyPort = 443;
- package = flake-inputs.foundryvtt.packages.${pkgs.system}.foundryvtt_11;
+ services = {
+ foundryvtt = {
+ enable = true;
+ hostName = domain;
+ minifyStaticFiles = true;
+ proxySSL = true;
+ proxyPort = 443;
+ package = flake-inputs.foundryvtt.packages.${pkgs.system}.foundryvtt_11;
+ };
+
+ nginx.virtualHosts."${domain}" =
+ let
+ inherit (config.services.foundryvtt) port;
+ in
+ {
+ forceSSL = true;
+ useACMEHost = "tlater.net";
+ enableHSTS = true;
+
+ locations."/" = {
+ proxyWebsockets = true;
+ proxyPass = "http://localhost:${toString port}";
+ };
+ };
+
+ backups.foundryvtt = {
+ user = "foundryvtt";
+ paths = [ config.services.foundryvtt.dataDir ];
+ pauseServices = [ "foundryvtt.service" ];
+ };
};
# Want to start it manually when I need it, not have it constantly
# running
systemd.services.foundryvtt.wantedBy = lib.mkForce [ ];
-
- services.nginx.virtualHosts."${domain}" =
- let
- inherit (config.services.foundryvtt) port;
- in
- {
- forceSSL = true;
- useACMEHost = "tlater.net";
- enableHSTS = true;
-
- locations."/" = {
- proxyWebsockets = true;
- proxyPass = "http://localhost:${toString port}";
- };
- };
-
- services.backups.foundryvtt = {
- user = "foundryvtt";
- paths = [ config.services.foundryvtt.dataDir ];
- pauseServices = [ "foundryvtt.service" ];
- };
}
diff --git a/configuration/services/gitea.nix b/configuration/services/gitea.nix
index da01cde..613d30c 100644
--- a/configuration/services/gitea.nix
+++ b/configuration/services/gitea.nix
@@ -8,24 +8,68 @@ let
domain = "gitea.${config.services.nginx.domain}";
in
{
- services.forgejo = {
- enable = true;
- database.type = "postgres";
+ services = {
+ forgejo = {
+ enable = true;
+ database.type = "postgres";
- settings = {
- server = {
- DOMAIN = domain;
- HTTP_ADDR = "127.0.0.1";
- ROOT_URL = "https://${domain}/";
- SSH_PORT = 2222;
+ settings = {
+ server = {
+ DOMAIN = domain;
+ HTTP_ADDR = "127.0.0.1";
+ ROOT_URL = "https://${domain}/";
+ SSH_PORT = 2222;
+ };
+
+ metrics = {
+ ENABLED = true;
+ TOKEN = "#metricstoken#";
+ };
+ service.DISABLE_REGISTRATION = true;
+ session.COOKIE_SECURE = true;
+ };
+ };
+
+ # Set up SSL
+ nginx.virtualHosts."${domain}" =
+ let
+ httpAddress = config.services.forgejo.settings.server.HTTP_ADDR;
+ httpPort = config.services.forgejo.settings.server.HTTP_PORT;
+ in
+ {
+ forceSSL = true;
+ useACMEHost = "tlater.net";
+ enableHSTS = true;
+
+ locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}";
+ locations."/metrics" = {
+ extraConfig = ''
+ access_log off;
+ allow 127.0.0.1;
+ ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
+ deny all;
+ '';
+ };
};
- metrics = {
- ENABLED = true;
- TOKEN = "#metricstoken#";
+ backups.forgejo = {
+ user = "forgejo";
+ paths = [
+ "/var/lib/forgejo/forgejo-db.sql"
+ "/var/lib/forgejo/repositories/"
+ "/var/lib/forgejo/data/"
+ "/var/lib/forgejo/custom/"
+ # Conf is backed up via nix
+ ];
+ preparation = {
+ packages = [ config.services.postgresql.package ];
+ text = "pg_dump ${config.services.forgejo.database.name} --file=/var/lib/forgejo/forgejo-db.sql";
};
- service.DISABLE_REGISTRATION = true;
- session.COOKIE_SECURE = true;
+ cleanup = {
+ packages = [ pkgs.coreutils ];
+ text = "rm /var/lib/forgejo/forgejo-db.sql";
+ };
+ pauseServices = [ "forgejo.service" ];
};
};
@@ -36,46 +80,4 @@ in
runConfig = "${config.services.forgejo.customDir}/conf/app.ini";
in
[ "+${replaceSecretBin} '#metricstoken#' '${secretPath}' '${runConfig}'" ];
-
- # Set up SSL
- services.nginx.virtualHosts."${domain}" =
- let
- httpAddress = config.services.forgejo.settings.server.HTTP_ADDR;
- httpPort = config.services.forgejo.settings.server.HTTP_PORT;
- in
- {
- forceSSL = true;
- useACMEHost = "tlater.net";
- enableHSTS = true;
-
- locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}";
- locations."/metrics" = {
- extraConfig = ''
- access_log off;
- allow 127.0.0.1;
- ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
- deny all;
- '';
- };
- };
-
- services.backups.forgejo = {
- user = "forgejo";
- paths = [
- "/var/lib/forgejo/forgejo-db.sql"
- "/var/lib/forgejo/repositories/"
- "/var/lib/forgejo/data/"
- "/var/lib/forgejo/custom/"
- # Conf is backed up via nix
- ];
- preparation = {
- packages = [ config.services.postgresql.package ];
- text = "pg_dump ${config.services.forgejo.database.name} --file=/var/lib/forgejo/forgejo-db.sql";
- };
- cleanup = {
- packages = [ pkgs.coreutils ];
- text = "rm /var/lib/forgejo/forgejo-db.sql";
- };
- pauseServices = [ "forgejo.service" ];
- };
}
diff --git a/configuration/services/metrics/exporters.nix b/configuration/services/metrics/exporters.nix
index 80a3480..52c2a46 100644
--- a/configuration/services/metrics/exporters.nix
+++ b/configuration/services/metrics/exporters.nix
@@ -74,7 +74,7 @@ in
listenAddress = "127.0.0.1";
group = "nginx";
- settings.namespaces = lib.mapAttrsToList (name: virtualHost: {
+ settings.namespaces = lib.mapAttrsToList (name: _: {
inherit name;
metrics_override.prefix = "nginxlog";
namespace_label = "vhost";
diff --git a/configuration/services/metrics/options.nix b/configuration/services/metrics/options.nix
index d69ecfb..e1b0761 100644
--- a/configuration/services/metrics/options.nix
+++ b/configuration/services/metrics/options.nix
@@ -38,7 +38,7 @@ in
services.victoriametrics.scrapeConfigs = mkOption {
type = types.attrsOf (
types.submodule (
- { name, self, ... }:
+ { name, ... }:
{
options = {
job_name = mkOption {
@@ -106,35 +106,37 @@ in
# module is an intractable mess
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
- serviceConfig.Restart = mkDefault "always";
- serviceConfig.PrivateTmp = mkDefault true;
- serviceConfig.WorkingDirectory = mkDefault /tmp;
- serviceConfig.DynamicUser = mkDefault true;
- # Hardening
- serviceConfig.CapabilityBoundingSet = mkDefault [ "" ];
- serviceConfig.DeviceAllow = [ "" ];
- serviceConfig.LockPersonality = true;
- serviceConfig.MemoryDenyWriteExecute = true;
- serviceConfig.NoNewPrivileges = true;
- serviceConfig.PrivateDevices = mkDefault true;
- serviceConfig.ProtectClock = mkDefault true;
- serviceConfig.ProtectControlGroups = true;
- serviceConfig.ProtectHome = true;
- serviceConfig.ProtectHostname = true;
- serviceConfig.ProtectKernelLogs = true;
- serviceConfig.ProtectKernelModules = true;
- serviceConfig.ProtectKernelTunables = true;
- serviceConfig.ProtectSystem = mkDefault "strict";
- serviceConfig.RemoveIPC = true;
- serviceConfig.RestrictAddressFamilies = [
- "AF_INET"
- "AF_INET6"
- ];
- serviceConfig.RestrictNamespaces = true;
- serviceConfig.RestrictRealtime = true;
- serviceConfig.RestrictSUIDSGID = true;
- serviceConfig.SystemCallArchitectures = "native";
- serviceConfig.UMask = "0077";
+ serviceConfig = {
+ Restart = mkDefault "always";
+ PrivateTmp = mkDefault true;
+ WorkingDirectory = mkDefault /tmp;
+ DynamicUser = mkDefault true;
+ # Hardening
+ CapabilityBoundingSet = mkDefault [ "" ];
+ DeviceAllow = [ "" ];
+ LockPersonality = true;
+ MemoryDenyWriteExecute = true;
+ NoNewPrivileges = true;
+ PrivateDevices = mkDefault true;
+ ProtectClock = mkDefault true;
+ ProtectControlGroups = true;
+ ProtectHome = true;
+ ProtectHostname = true;
+ ProtectKernelLogs = true;
+ ProtectKernelModules = true;
+ ProtectKernelTunables = true;
+ ProtectSystem = mkDefault "strict";
+ RemoveIPC = true;
+ RestrictAddressFamilies = [
+ "AF_INET"
+ "AF_INET6"
+ ];
+ RestrictNamespaces = true;
+ RestrictRealtime = true;
+ RestrictSUIDSGID = true;
+ SystemCallArchitectures = "native";
+ UMask = "0077";
+ };
}
exporter.serviceOpts
]
@@ -144,7 +146,7 @@ in
{
vmagent-scrape-exporters =
let
- listenAddress = config.services.victoriametrics.listenAddress;
+ inherit (config.services.victoriametrics) listenAddress;
vmAddr = (lib.optionalString (lib.hasPrefix ":" listenAddress) "127.0.0.1") + listenAddress;
promscrape = yaml.generate "prometheus.yml" {
scrape_configs = lib.mapAttrsToList (
@@ -153,7 +155,7 @@ in
inherit (scrape) job_name;
static_configs =
scrape.static_configs
- ++ lib.optional (scrape.targets != [ ]) { targets = scrape.targets; };
+ ++ lib.optional (scrape.targets != [ ]) { inherit (scrape) targets; };
} scrape.extraSettings
) config.services.victoriametrics.scrapeConfigs;
};
@@ -212,7 +214,7 @@ in
services.victoriametrics.scrapeConfigs =
let
- allExporters = lib.mapAttrs (name: exporter: { inherit (exporter) listenAddress port; }) (
+ allExporters = lib.mapAttrs (_: exporter: { inherit (exporter) listenAddress port; }) (
(lib.filterAttrs (
name: exporter:
# A bunch of deprecated exporters that need to be ignored
diff --git a/configuration/services/metrics/victorialogs.nix b/configuration/services/metrics/victorialogs.nix
index ae47c39..413659a 100644
--- a/configuration/services/metrics/victorialogs.nix
+++ b/configuration/services/metrics/victorialogs.nix
@@ -1,8 +1,4 @@
-{
- config,
- lib,
- ...
-}:
+{ config, lib, ... }:
let
cfg = config.services.victorialogs;
in
diff --git a/configuration/services/nextcloud.nix b/configuration/services/nextcloud.nix
index b5cb691..2f8fa76 100644
--- a/configuration/services/nextcloud.nix
+++ b/configuration/services/nextcloud.nix
@@ -9,93 +9,95 @@ let
hostName = "nextcloud.${config.services.nginx.domain}";
in
{
- services.nextcloud = {
- inherit hostName;
+ services = {
+ nextcloud = {
+ inherit hostName;
- package = nextcloud;
- phpPackage = lib.mkForce (
- pkgs.php.override {
- packageOverrides = final: prev: {
- extensions = prev.extensions // {
- pgsql = prev.extensions.pgsql.overrideAttrs (old: {
- configureFlags = [ "--with-pgsql=${lib.getDev config.services.postgresql.package}" ];
- });
- pdo_pgsql = prev.extensions.pdo_pgsql.overrideAttrs (old: {
- configureFlags = [ "--with-pdo-pgsql=${lib.getDev config.services.postgresql.package}" ];
- });
+ package = nextcloud;
+ phpPackage = lib.mkForce (
+ pkgs.php.override {
+ packageOverrides = _: prev: {
+ extensions = prev.extensions // {
+ pgsql = prev.extensions.pgsql.overrideAttrs (_: {
+ configureFlags = [ "--with-pgsql=${lib.getDev config.services.postgresql.package}" ];
+ });
+ pdo_pgsql = prev.extensions.pdo_pgsql.overrideAttrs (_: {
+ configureFlags = [ "--with-pdo-pgsql=${lib.getDev config.services.postgresql.package}" ];
+ });
+ };
};
- };
- }
- );
- enable = true;
- maxUploadSize = "2G";
- https = true;
+ }
+ );
+ enable = true;
+ maxUploadSize = "2G";
+ https = true;
- configureRedis = true;
+ configureRedis = true;
- config = {
- dbtype = "pgsql";
- dbhost = "/run/postgresql";
+ config = {
+ dbtype = "pgsql";
+ dbhost = "/run/postgresql";
- adminuser = "tlater";
- adminpassFile = config.sops.secrets."nextcloud/tlater".path;
+ adminuser = "tlater";
+ adminpassFile = config.sops.secrets."nextcloud/tlater".path;
+ };
+
+ settings = {
+ default_phone_region = "AT";
+ overwriteprotocol = "https";
+ };
+
+ phpOptions = {
+ "opcache.interned_strings_buffer" = "16";
+ };
+
+ extraApps = {
+ inherit (config.services.nextcloud.package.packages.apps)
+ calendar
+ contacts
+ cookbook
+ news
+ ;
+ };
};
- settings = {
- default_phone_region = "AT";
- overwriteprotocol = "https";
+ # Set up SSL
+ nginx.virtualHosts."${hostName}" = {
+ forceSSL = true;
+ useACMEHost = "tlater.net";
+ # The upstream module already adds HSTS
};
- phpOptions = {
- "opcache.interned_strings_buffer" = "16";
- };
-
- extraApps = {
- inherit (config.services.nextcloud.package.packages.apps)
- calendar
- contacts
- cookbook
- news
- ;
+ backups.nextcloud = {
+ user = "nextcloud";
+ paths = [
+ "/var/lib/nextcloud/nextcloud-db.sql"
+ "/var/lib/nextcloud/data/"
+ "/var/lib/nextcloud/config/config.php"
+ ];
+ preparation = {
+ packages = [
+ config.services.postgresql.package
+ config.services.nextcloud.occ
+ ];
+ text = ''
+ nextcloud-occ maintenance:mode --on
+ pg_dump ${config.services.nextcloud.config.dbname} --file=/var/lib/nextcloud/nextcloud-db.sql
+ '';
+ };
+ cleanup = {
+ packages = [
+ pkgs.coreutils
+ config.services.nextcloud.occ
+ ];
+ text = ''
+ rm /var/lib/nextcloud/nextcloud-db.sql
+ nextcloud-occ maintenance:mode --off
+ '';
+ };
};
};
# Ensure that this service doesn't start before postgres is ready
systemd.services.nextcloud-setup.after = [ "postgresql.service" ];
-
- # Set up SSL
- services.nginx.virtualHosts."${hostName}" = {
- forceSSL = true;
- useACMEHost = "tlater.net";
- # The upstream module already adds HSTS
- };
-
- services.backups.nextcloud = {
- user = "nextcloud";
- paths = [
- "/var/lib/nextcloud/nextcloud-db.sql"
- "/var/lib/nextcloud/data/"
- "/var/lib/nextcloud/config/config.php"
- ];
- preparation = {
- packages = [
- config.services.postgresql.package
- config.services.nextcloud.occ
- ];
- text = ''
- nextcloud-occ maintenance:mode --on
- pg_dump ${config.services.nextcloud.config.dbname} --file=/var/lib/nextcloud/nextcloud-db.sql
- '';
- };
- cleanup = {
- packages = [
- pkgs.coreutils
- config.services.nextcloud.occ
- ];
- text = ''
- rm /var/lib/nextcloud/nextcloud-db.sql
- nextcloud-occ maintenance:mode --off
- '';
- };
- };
}
diff --git a/configuration/services/webserver.nix b/configuration/services/webserver.nix
index e6b49b3..864f6c0 100644
--- a/configuration/services/webserver.nix
+++ b/configuration/services/webserver.nix
@@ -1,6 +1,6 @@
{ config, ... }:
let
- domain = config.services.nginx.domain;
+ inherit (config.services.nginx) domain;
in
{
services.tlaternet-webserver = {
diff --git a/flake.nix b/flake.nix
index 6747c24..90716e5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -121,8 +121,6 @@
run-vm = {
type = "app";
program =
- let
- in
(pkgs.writeShellScript "" ''
${vm.config.system.build.vm.outPath}/bin/run-testvm-vm
'').outPath;
diff --git a/modules/crowdsec/default.nix b/modules/crowdsec/default.nix
index c0003a5..ac93c4a 100644
--- a/modules/crowdsec/default.nix
+++ b/modules/crowdsec/default.nix
@@ -267,9 +267,7 @@ in
};
};
- systemd.packages = [
- cfg.package
- ];
+ systemd.packages = [ cfg.package ];
environment = {
systemPackages = [
diff --git a/modules/crowdsec/remediations/cs-firewall-bouncer.nix b/modules/crowdsec/remediations/cs-firewall-bouncer.nix
index aa70552..42accc6 100644
--- a/modules/crowdsec/remediations/cs-firewall-bouncer.nix
+++ b/modules/crowdsec/remediations/cs-firewall-bouncer.nix
@@ -6,10 +6,11 @@
...
}:
let
+ inherit (flake-inputs.self.packages.${pkgs.system}) crowdsec-firewall-bouncer;
+
crowdsecCfg = config.security.crowdsec;
cfg = crowdsecCfg.remediationComponents.firewallBouncer;
settingsFormat = pkgs.formats.yaml { };
- crowdsec-firewall-bouncer = flake-inputs.self.packages.${pkgs.system}.crowdsec-firewall-bouncer;
in
{
options.security.crowdsec.remediationComponents.firewallBouncer = {
@@ -31,9 +32,7 @@ in
security.crowdsec.remediationComponents.firewallBouncer.settings = {
mode = lib.mkDefault "${if config.networking.nftables.enable then "nftables" else "iptables"}";
log_mode = "stdout";
- iptables_chains = [
- "nixos-fw"
- ];
+ iptables_chains = [ "nixos-fw" ];
# Don't let users easily override this; unfortunately we need to
# set up this key through substitution at runtime.
@@ -78,9 +77,7 @@ in
requiredBy = [ "crowdsec.service" ];
path =
- lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [
- pkgs.ipset
- ]
+ lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [ pkgs.ipset ]
++ lib.optional (cfg.settings.mode == "iptables") pkgs.iptables
++ lib.optional (cfg.settings.mode == "nftables") pkgs.nftables;
};
diff --git a/modules/crowdsec/remediations/default.nix b/modules/crowdsec/remediations/default.nix
index 7df6ade..c3c0790 100644
--- a/modules/crowdsec/remediations/default.nix
+++ b/modules/crowdsec/remediations/default.nix
@@ -1,5 +1 @@
-{
- imports = [
- ./cs-firewall-bouncer.nix
- ];
-}
+{ imports = [ ./cs-firewall-bouncer.nix ]; }
diff --git a/pkgs/crowdsec/hub.nix b/pkgs/crowdsec/hub.nix
index d057ca8..1b8c9b3 100644
--- a/pkgs/crowdsec/hub.nix
+++ b/pkgs/crowdsec/hub.nix
@@ -1,4 +1 @@
-{
- sources,
-}:
-sources.crowdsec-hub.src
+{ sources }: sources.crowdsec-hub.src
From 8d0be61483178428191cf79f55705ff20cb2b8cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Tue, 20 May 2025 20:49:16 +0800
Subject: [PATCH 12/17] chore(ignore-revs): Ignore linter changes in `blame`
---
.git-blame-ignore-revs | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs
index df9d62b..40e5d59 100644
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -9,3 +9,6 @@ fd138d45e6a2cad89fead6e9f246ba282070d6b7
# Switch to alejandra formatting
046a88905ddfa7f9edc3291c310dbb985dee34f9
+
+# Apply wide linting
+63b3cbe00be80ccb4b221aad64eb657ae5c96d70
From 913944cff37a3007574525735c854d4be6dd97eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 23 May 2025 11:40:19 +0800
Subject: [PATCH 13/17] feat(immich): Add immich service
---
configuration/default.nix | 1 +
configuration/services/immich.nix | 65 +++++++++++++++++++
.../services/metrics/victoriametrics.nix | 5 ++
3 files changed, 71 insertions(+)
create mode 100644 configuration/services/immich.nix
diff --git a/configuration/default.nix b/configuration/default.nix
index 544e20c..0377e9c 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -19,6 +19,7 @@
./services/crowdsec.nix
./services/foundryvtt.nix
./services/gitea.nix
+ ./services/immich.nix
./services/metrics
./services/nextcloud.nix
./services/webserver.nix
diff --git a/configuration/services/immich.nix b/configuration/services/immich.nix
new file mode 100644
index 0000000..b74c877
--- /dev/null
+++ b/configuration/services/immich.nix
@@ -0,0 +1,65 @@
+{
+ pkgs,
+ config,
+ lib,
+ ...
+}:
+let
+ hostName = "immich.${config.services.nginx.domain}";
+in
+{
+ services.immich = {
+ enable = true;
+ settings.server.externalDomain = "https://${hostName}";
+
+ environment.IMMICH_TELEMETRY_INCLUDE = "all";
+ };
+
+ services.nginx.virtualHosts.${hostName} =
+ let
+ local = "http://${config.services.immich.host}:${toString config.services.immich.port}";
+ in
+ {
+ forceSSL = true;
+ useACMEHost = "tlater.net";
+ enableHSTS = true;
+
+ locations."/" = {
+ proxyPass = local;
+ proxyWebsockets = true;
+ };
+ locations."/metrics" = {
+ extraConfig = ''
+ access_log off;
+ allow 127.0.0.1;
+ ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
+ deny all;
+ '';
+ };
+ };
+
+ backups.immich =
+ let
+ db-dump = "${config.services.immich.mediaLocation}/immich-db.sql";
+ in
+ {
+ user = "immich";
+ paths = [ config.services.immich.mediaLocation ];
+
+ preparation = {
+ packages = [ config.services.postgresql.package ];
+ text = ''
+ pg_dump ${config.services.immich.database.name} --clean --if-exists --file=${db-dump}
+ '';
+ };
+
+ cleanup = {
+ packages = [ pkgs.coreutils ];
+ text = "rm ${db-dump}";
+ };
+ pauseServices = [
+ "immich-server.service"
+ "immich-machine-learning.service"
+ ];
+ };
+}
diff --git a/configuration/services/metrics/victoriametrics.nix b/configuration/services/metrics/victoriametrics.nix
index 53864d6..f37b8b0 100644
--- a/configuration/services/metrics/victoriametrics.nix
+++ b/configuration/services/metrics/victoriametrics.nix
@@ -84,6 +84,11 @@ in
in
[ "${address}:${toString port}" ];
+ immich.targets = [
+ "127.0.0.1:8081"
+ "127.0.0.1:8082"
+ ];
+
# Configured in the hookshot listeners, but it's hard to filter
# the correct values out of that config.
matrixHookshot.targets = [ "127.0.0.1:9001" ];
From b067bbc8c004af4780f8306c3ad7de466a9d823f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Sat, 24 May 2025 05:32:55 +0800
Subject: [PATCH 14/17] fix(immich): Set the correct backup attribute
---
configuration/services/immich.nix | 106 +++++++++++++++---------------
1 file changed, 54 insertions(+), 52 deletions(-)
diff --git a/configuration/services/immich.nix b/configuration/services/immich.nix
index b74c877..516ea3e 100644
--- a/configuration/services/immich.nix
+++ b/configuration/services/immich.nix
@@ -8,58 +8,60 @@ let
hostName = "immich.${config.services.nginx.domain}";
in
{
- services.immich = {
- enable = true;
- settings.server.externalDomain = "https://${hostName}";
+ services = {
+ immich = {
+ enable = true;
+ settings.server.externalDomain = "https://${hostName}";
- environment.IMMICH_TELEMETRY_INCLUDE = "all";
+ environment.IMMICH_TELEMETRY_INCLUDE = "all";
+ };
+
+ nginx.virtualHosts.${hostName} =
+ let
+ local = "http://${config.services.immich.host}:${toString config.services.immich.port}";
+ in
+ {
+ forceSSL = true;
+ useACMEHost = "tlater.net";
+ enableHSTS = true;
+
+ locations."/" = {
+ proxyPass = local;
+ proxyWebsockets = true;
+ };
+ locations."/metrics" = {
+ extraConfig = ''
+ access_log off;
+ allow 127.0.0.1;
+ ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
+ deny all;
+ '';
+ };
+ };
+
+ backups.immich =
+ let
+ db-dump = "${config.services.immich.mediaLocation}/immich-db.sql";
+ in
+ {
+ user = "immich";
+ paths = [ config.services.immich.mediaLocation ];
+
+ preparation = {
+ packages = [ config.services.postgresql.package ];
+ text = ''
+ pg_dump ${config.services.immich.database.name} --clean --if-exists --file=${db-dump}
+ '';
+ };
+
+ cleanup = {
+ packages = [ pkgs.coreutils ];
+ text = "rm ${db-dump}";
+ };
+ pauseServices = [
+ "immich-server.service"
+ "immich-machine-learning.service"
+ ];
+ };
};
-
- services.nginx.virtualHosts.${hostName} =
- let
- local = "http://${config.services.immich.host}:${toString config.services.immich.port}";
- in
- {
- forceSSL = true;
- useACMEHost = "tlater.net";
- enableHSTS = true;
-
- locations."/" = {
- proxyPass = local;
- proxyWebsockets = true;
- };
- locations."/metrics" = {
- extraConfig = ''
- access_log off;
- allow 127.0.0.1;
- ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
- deny all;
- '';
- };
- };
-
- backups.immich =
- let
- db-dump = "${config.services.immich.mediaLocation}/immich-db.sql";
- in
- {
- user = "immich";
- paths = [ config.services.immich.mediaLocation ];
-
- preparation = {
- packages = [ config.services.postgresql.package ];
- text = ''
- pg_dump ${config.services.immich.database.name} --clean --if-exists --file=${db-dump}
- '';
- };
-
- cleanup = {
- packages = [ pkgs.coreutils ];
- text = "rm ${db-dump}";
- };
- pauseServices = [
- "immich-server.service"
- "immich-machine-learning.service"
- ];
- };
}
From fc6be0c4c27dd00283bacb7c5cd3bcf1d5bab09c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Sat, 24 May 2025 22:53:33 +0800
Subject: [PATCH 15/17] chore(treewide): Upgrade to NixOS 25.05
---
configuration/services/conduit/default.nix | 3 +-
.../services/conduit/matrix-hookshot.nix | 42 +++++++++++++++----
configuration/services/metrics/grafana.nix | 9 +---
configuration/services/nextcloud.nix | 6 +--
flake.nix | 7 +---
modules/crowdsec/default.nix | 5 +--
6 files changed, 43 insertions(+), 29 deletions(-)
diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix
index 58abc49..4ba5271 100644
--- a/configuration/services/conduit/default.nix
+++ b/configuration/services/conduit/default.nix
@@ -1,6 +1,5 @@
{
pkgs,
- flake-inputs,
config,
lib,
...
@@ -21,7 +20,7 @@ in
services = {
matrix-conduit = {
enable = true;
- package = flake-inputs.continuwuity.packages.${pkgs.system}.default;
+ package = pkgs.matrix-continuwuity;
settings.global = {
address = "127.0.0.1";
server_name = domain;
diff --git a/configuration/services/conduit/matrix-hookshot.nix b/configuration/services/conduit/matrix-hookshot.nix
index 6846d99..6b788b2 100644
--- a/configuration/services/conduit/matrix-hookshot.nix
+++ b/configuration/services/conduit/matrix-hookshot.nix
@@ -29,16 +29,29 @@ let
};
# Encryption support
- extraSettings = {
- "de.sorunome.msc2409.push_ephemeral" = true;
- push_ephemeral = true;
- "org.matrix.msc3202" = true;
- };
+ # TODO(tlater): Enable when
+ # https://github.com/matrix-org/matrix-hookshot/issues/1060 is
+ # fixed
+ # extraSettings = {
+ # "de.sorunome.msc2409.push_ephemeral" = true;
+ # push_ephemeral = true;
+ # "org.matrix.msc3202" = true;
+ # };
runtimeRegistration = "${cfg.registrationFile}";
};
in
{
+ # users = {
+ # users.matrix-hookshot = {
+ # home = "/run/matrix-hookshot";
+ # group = "matrix-hookshot";
+ # isSystemUser = true;
+ # };
+
+ # groups.matrix-hookshot = { };
+ # };
+
systemd.services.matrix-hookshot = {
serviceConfig = {
Type = lib.mkForce "exec";
@@ -49,6 +62,7 @@ in
# Some library in matrix-hookshot wants a home directory
Environment = [ "HOME=/run/matrix-hookshot" ];
+ # User = "matrix-hookshot";
DynamicUser = true;
StateDirectory = "matrix-hookshot";
RuntimeDirectory = "matrix-hookshot";
@@ -62,7 +76,11 @@ in
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
- RestrictAddressFamilies = [ "AF_INET AF_INET6" ];
+ RestrictAddressFamilies = [
+ # "AF_UNIX"
+ "AF_INET"
+ "AF_INET6"
+ ];
LockPersonality = true;
RestrictRealtime = true;
ProtectProc = "invisible";
@@ -71,6 +89,11 @@ in
};
};
+ # services.redis.servers.matrix-hookshot = {
+ # enable = true;
+ # user = "matrix-hookshot";
+ # };
+
services.matrix-hookshot = {
enable = true;
@@ -89,6 +112,8 @@ in
bot.displayname = "Hookshot";
+ # cache.redisUri = "redis://${config.services.redis.servers.matrix-hookshot.unixSocket}";
+
generic = {
enabled = true;
outbound = false;
@@ -98,7 +123,10 @@ in
allowJsTransformationFunctions = true;
};
- encryption.storagePath = "/var/lib/matrix-hookshot/cryptostore";
+ # TODO(tlater): Enable when
+ # https://github.com/matrix-org/matrix-hookshot/issues/1060 is
+ # fixed
+ # encryption.storagePath = "/var/lib/matrix-hookshot/cryptostore";
permissions = [
{
diff --git a/configuration/services/metrics/grafana.nix b/configuration/services/metrics/grafana.nix
index b872833..b30806c 100644
--- a/configuration/services/metrics/grafana.nix
+++ b/configuration/services/metrics/grafana.nix
@@ -1,9 +1,4 @@
-{
- pkgs,
- config,
- flake-inputs,
- ...
-}:
+{ pkgs, config, ... }:
let
domain = "metrics.${config.services.nginx.domain}";
in
@@ -35,7 +30,7 @@ in
declarativePlugins = [
pkgs.grafanaPlugins.victoriametrics-metrics-datasource
- flake-inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.grafanaPlugins.victoriametrics-logs-datasource
+ pkgs.grafanaPlugins.victoriametrics-logs-datasource
];
provision = {
diff --git a/configuration/services/nextcloud.nix b/configuration/services/nextcloud.nix
index 2f8fa76..4af77a9 100644
--- a/configuration/services/nextcloud.nix
+++ b/configuration/services/nextcloud.nix
@@ -5,7 +5,7 @@
...
}:
let
- nextcloud = pkgs.nextcloud30;
+ nextcloud = pkgs.nextcloud31;
hostName = "nextcloud.${config.services.nginx.domain}";
in
{
@@ -19,10 +19,10 @@ in
packageOverrides = _: prev: {
extensions = prev.extensions // {
pgsql = prev.extensions.pgsql.overrideAttrs (_: {
- configureFlags = [ "--with-pgsql=${lib.getDev config.services.postgresql.package}" ];
+ configureFlags = [ "--with-pgsql=${lib.getDev config.services.postgresql.package.pg_config}" ];
});
pdo_pgsql = prev.extensions.pdo_pgsql.overrideAttrs (_: {
- configureFlags = [ "--with-pdo-pgsql=${lib.getDev config.services.postgresql.package}" ];
+ configureFlags = [ "--with-pdo-pgsql=${lib.getDev config.services.postgresql.package.pg_config}" ];
});
};
};
diff --git a/flake.nix b/flake.nix
index 90716e5..da8455f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,12 +2,7 @@
description = "tlater.net host configuration";
inputs = {
- nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
- nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
- continuwuity = {
- url = "git+https://forgejo.ellis.link/continuwuation/continuwuity.git?ref=refs/tags/v0.5.0-rc.5";
- inputs.nixpkgs.follows = "nixpkgs";
- };
+ nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05-small";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
diff --git a/modules/crowdsec/default.nix b/modules/crowdsec/default.nix
index ac93c4a..44e6bc5 100644
--- a/modules/crowdsec/default.nix
+++ b/modules/crowdsec/default.nix
@@ -247,10 +247,7 @@ in
online_client = {
# By default, we don't let crowdsec phone home, since
# this is usually within NixOS users' concerns.
- #
- # TODO: Enable when this option becomes available
- # (1.6.4, current nixpkgs-unstable)
- # sharing = lib.mkDefault false;
+ sharing = lib.mkDefault false;
credentials_path = cfg.centralApiCredentials;
};
};
From f2cbeebbb5c9634e9b82a3bb672b3dbbb15739fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Sat, 24 May 2025 18:28:51 +0800
Subject: [PATCH 16/17] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Flake lock file updates:
• Updated input 'disko':
'github:nix-community/disko/ec7c109a4f794fce09aad87239eab7f66540b888' (2025-05-15)
→ 'github:nix-community/disko/df522e787fdffc4f32ed3e1fca9ed0968a384d62' (2025-05-20)
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/b965e4c283060415956ccd39eee4ca34a6a56cf8' (2025-05-16)
→ 'github:nixos/nixpkgs/c3ee76c437067f1ae09d6e530df46a3f80977992' (2025-05-24)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/e93ee1d900ad264d65e9701a5c6f895683433386' (2025-05-05)
→ 'github:Mic92/sops-nix/8d215e1c981be3aa37e47aeabd4e61bb069548fd' (2025-05-18)
---
flake.lock | 932 ++++++++---------------------------------------------
1 file changed, 134 insertions(+), 798 deletions(-)
diff --git a/flake.lock b/flake.lock
index c17c613..885b579 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,86 +1,6 @@
{
"nodes": {
- "attic": {
- "inputs": {
- "crane": "crane",
- "flake-compat": "flake-compat",
- "flake-parts": "flake-parts",
- "nix-github-actions": "nix-github-actions",
- "nixpkgs": "nixpkgs",
- "nixpkgs-stable": "nixpkgs-stable"
- },
- "locked": {
- "lastModified": 1738524606,
- "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=",
- "owner": "zhaofengli",
- "repo": "attic",
- "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e",
- "type": "github"
- },
- "original": {
- "owner": "zhaofengli",
- "ref": "main",
- "repo": "attic",
- "type": "github"
- }
- },
"cachix": {
- "inputs": {
- "devenv": "devenv",
- "flake-compat": "flake-compat_2",
- "git-hooks": "git-hooks",
- "nixpkgs": "nixpkgs_4"
- },
- "locked": {
- "lastModified": 1737621947,
- "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=",
- "owner": "cachix",
- "repo": "cachix",
- "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5",
- "type": "github"
- },
- "original": {
- "owner": "cachix",
- "ref": "master",
- "repo": "cachix",
- "type": "github"
- }
- },
- "cachix_2": {
- "inputs": {
- "devenv": [
- "continuwuity",
- "cachix",
- "devenv"
- ],
- "flake-compat": [
- "continuwuity",
- "cachix",
- "devenv"
- ],
- "git-hooks": [
- "continuwuity",
- "cachix",
- "devenv"
- ],
- "nixpkgs": "nixpkgs_2"
- },
- "locked": {
- "lastModified": 1728672398,
- "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=",
- "owner": "cachix",
- "repo": "cachix",
- "rev": "aac51f698309fd0f381149214b7eee213c66ef0a",
- "type": "github"
- },
- "original": {
- "owner": "cachix",
- "ref": "latest",
- "repo": "cachix",
- "type": "github"
- }
- },
- "cachix_3": {
"inputs": {
"devenv": [
"sonnenshift",
@@ -90,7 +10,7 @@
"sonnenshift",
"crate2nix"
],
- "nixpkgs": "nixpkgs_7",
+ "nixpkgs": "nixpkgs_3",
"pre-commit-hooks": [
"sonnenshift",
"crate2nix"
@@ -111,7 +31,7 @@
"type": "github"
}
},
- "cachix_4": {
+ "cachix_2": {
"inputs": {
"devenv": [
"sonnenshift",
@@ -123,7 +43,7 @@
"crate2nix",
"crate2nix_stable"
],
- "nixpkgs": "nixpkgs_8",
+ "nixpkgs": "nixpkgs_4",
"pre-commit-hooks": [
"sonnenshift",
"crate2nix",
@@ -145,7 +65,7 @@
"type": "github"
}
},
- "cachix_5": {
+ "cachix_3": {
"inputs": {
"devenv": [
"sonnenshift",
@@ -159,7 +79,7 @@
"crate2nix_stable",
"crate2nix_stable"
],
- "nixpkgs": "nixpkgs_9",
+ "nixpkgs": "nixpkgs_5",
"pre-commit-hooks": [
"sonnenshift",
"crate2nix",
@@ -182,99 +102,13 @@
"type": "github"
}
},
- "complement": {
- "flake": false,
- "locked": {
- "lastModified": 1741891349,
- "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=",
- "owner": "girlbossceo",
- "repo": "complement",
- "rev": "e587b3df569cba411aeac7c20b6366d03c143745",
- "type": "github"
- },
- "original": {
- "owner": "girlbossceo",
- "ref": "main",
- "repo": "complement",
- "type": "github"
- }
- },
- "continuwuity": {
- "inputs": {
- "attic": "attic",
- "cachix": "cachix",
- "complement": "complement",
- "crane": "crane_2",
- "fenix": "fenix",
- "flake-compat": "flake-compat_3",
- "flake-utils": "flake-utils",
- "liburing": "liburing",
- "nix-filter": "nix-filter",
- "nixpkgs": [
- "nixpkgs"
- ],
- "rocksdb": "rocksdb"
- },
- "locked": {
- "lastModified": 1745186840,
- "narHash": "sha256-Oq2scBu3Ewao828BT1QGffqIqF5WoH9HMXEXKg1YU0o=",
- "ref": "refs/tags/v0.5.0-rc.5",
- "rev": "0a0f327ae034f5c44b12a3154cc1143aff10291c",
- "revCount": 5147,
- "type": "git",
- "url": "https://forgejo.ellis.link/continuwuation/continuwuity.git"
- },
- "original": {
- "ref": "refs/tags/v0.5.0-rc.5",
- "type": "git",
- "url": "https://forgejo.ellis.link/continuwuation/continuwuity.git"
- }
- },
- "crane": {
- "inputs": {
- "nixpkgs": [
- "continuwuity",
- "attic",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1722960479,
- "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
- "owner": "ipetkov",
- "repo": "crane",
- "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
- "type": "github"
- },
- "original": {
- "owner": "ipetkov",
- "repo": "crane",
- "type": "github"
- }
- },
- "crane_2": {
- "locked": {
- "lastModified": 1739936662,
- "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=",
- "owner": "ipetkov",
- "repo": "crane",
- "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7",
- "type": "github"
- },
- "original": {
- "owner": "ipetkov",
- "ref": "master",
- "repo": "crane",
- "type": "github"
- }
- },
"crate2nix": {
"inputs": {
- "cachix": "cachix_3",
+ "cachix": "cachix",
"crate2nix_stable": "crate2nix_stable",
"devshell": "devshell_3",
- "flake-compat": "flake-compat_7",
- "flake-parts": "flake-parts_5",
+ "flake-compat": "flake-compat_4",
+ "flake-parts": "flake-parts_3",
"nix-test-runner": "nix-test-runner_3",
"nixpkgs": [
"sonnenshift",
@@ -298,13 +132,13 @@
},
"crate2nix_stable": {
"inputs": {
- "cachix": "cachix_4",
+ "cachix": "cachix_2",
"crate2nix_stable": "crate2nix_stable_2",
"devshell": "devshell_2",
- "flake-compat": "flake-compat_6",
- "flake-parts": "flake-parts_4",
+ "flake-compat": "flake-compat_3",
+ "flake-parts": "flake-parts_2",
"nix-test-runner": "nix-test-runner_2",
- "nixpkgs": "nixpkgs_11",
+ "nixpkgs": "nixpkgs_7",
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
@@ -324,13 +158,13 @@
},
"crate2nix_stable_2": {
"inputs": {
- "cachix": "cachix_5",
+ "cachix": "cachix_3",
"crate2nix_stable": "crate2nix_stable_3",
"devshell": "devshell",
- "flake-compat": "flake-compat_5",
- "flake-parts": "flake-parts_3",
+ "flake-compat": "flake-compat_2",
+ "flake-parts": "flake-parts",
"nix-test-runner": "nix-test-runner",
- "nixpkgs": "nixpkgs_10",
+ "nixpkgs": "nixpkgs_6",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
@@ -350,7 +184,7 @@
},
"crate2nix_stable_3": {
"inputs": {
- "flake-utils": "flake-utils_2"
+ "flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1702842982,
@@ -369,8 +203,8 @@
},
"deploy-rs": {
"inputs": {
- "flake-compat": "flake-compat_4",
- "nixpkgs": "nixpkgs_5",
+ "flake-compat": "flake-compat",
+ "nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
@@ -387,43 +221,9 @@
"type": "github"
}
},
- "devenv": {
- "inputs": {
- "cachix": "cachix_2",
- "flake-compat": [
- "continuwuity",
- "cachix",
- "flake-compat"
- ],
- "git-hooks": [
- "continuwuity",
- "cachix",
- "git-hooks"
- ],
- "nix": "nix",
- "nixpkgs": [
- "continuwuity",
- "cachix",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1733323168,
- "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=",
- "owner": "cachix",
- "repo": "devenv",
- "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064",
- "type": "github"
- },
- "original": {
- "owner": "cachix",
- "repo": "devenv",
- "type": "github"
- }
- },
"devshell": {
"inputs": {
- "flake-utils": "flake-utils_3",
+ "flake-utils": "flake-utils_2",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -448,7 +248,7 @@
},
"devshell_2": {
"inputs": {
- "flake-utils": "flake-utils_4",
+ "flake-utils": "flake-utils_3",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -472,7 +272,7 @@
},
"devshell_3": {
"inputs": {
- "flake-utils": "flake-utils_5",
+ "flake-utils": "flake-utils_4",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -500,11 +300,11 @@
]
},
"locked": {
- "lastModified": 1747274630,
- "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=",
+ "lastModified": 1747742835,
+ "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=",
"owner": "nix-community",
"repo": "disko",
- "rev": "ec7c109a4f794fce09aad87239eab7f66540b888",
+ "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62",
"type": "github"
},
"original": {
@@ -515,7 +315,7 @@
},
"dream2nix": {
"inputs": {
- "nixpkgs": "nixpkgs_12",
+ "nixpkgs": "nixpkgs_8",
"purescript-overlay": "purescript-overlay",
"pyproject-nix": "pyproject-nix"
},
@@ -534,35 +334,12 @@
}
},
"fenix": {
- "inputs": {
- "nixpkgs": [
- "continuwuity",
- "nixpkgs"
- ],
- "rust-analyzer-src": "rust-analyzer-src"
- },
- "locked": {
- "lastModified": 1740724364,
- "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=",
- "owner": "nix-community",
- "repo": "fenix",
- "rev": "edf7d9e431cda8782e729253835f178a356d3aab",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "ref": "main",
- "repo": "fenix",
- "type": "github"
- }
- },
- "fenix_2": {
"inputs": {
"nixpkgs": [
"tlaternet-webserver",
"nixpkgs"
],
- "rust-analyzer-src": "rust-analyzer-src_2"
+ "rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1737181903,
@@ -595,97 +372,48 @@
}
},
"flake-compat_2": {
- "flake": false,
"locked": {
- "lastModified": 1733328505,
- "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
- "type": "github"
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
- "flake": false,
"locked": {
- "lastModified": 1733328505,
- "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
- "type": "github"
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
- "owner": "edolstra",
- "ref": "master",
- "repo": "flake-compat",
- "type": "github"
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_4": {
- "flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
- "owner": "edolstra",
- "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
- "type": "github"
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_5": {
- "locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
- "revCount": 57,
- "type": "tarball",
- "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
- },
- "original": {
- "type": "tarball",
- "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
- }
- },
- "flake-compat_6": {
- "locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
- "revCount": 57,
- "type": "tarball",
- "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
- },
- "original": {
- "type": "tarball",
- "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
- }
- },
- "flake-compat_7": {
- "locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
- "revCount": 57,
- "type": "tarball",
- "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
- },
- "original": {
- "type": "tarball",
- "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
- }
- },
- "flake-compat_8": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@@ -704,17 +432,19 @@
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
- "continuwuity",
- "attic",
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
"nixpkgs"
]
},
"locked": {
- "lastModified": 1722555600,
- "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+ "lastModified": 1719745305,
+ "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+ "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
"type": "github"
},
"original": {
@@ -726,19 +456,18 @@
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
- "continuwuity",
- "cachix",
- "devenv",
- "nix",
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
"nixpkgs"
]
},
"locked": {
- "lastModified": 1712014858,
- "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+ "lastModified": 1719745305,
+ "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+ "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
"type": "github"
},
"original": {
@@ -748,53 +477,6 @@
}
},
"flake-parts_3": {
- "inputs": {
- "nixpkgs-lib": [
- "sonnenshift",
- "crate2nix",
- "crate2nix_stable",
- "crate2nix_stable",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1719745305,
- "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "type": "github"
- }
- },
- "flake-parts_4": {
- "inputs": {
- "nixpkgs-lib": [
- "sonnenshift",
- "crate2nix",
- "crate2nix_stable",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1719745305,
- "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "type": "github"
- }
- },
- "flake-parts_5": {
"inputs": {
"nixpkgs-lib": [
"sonnenshift",
@@ -818,19 +500,18 @@
},
"flake-utils": {
"inputs": {
- "systems": "systems"
+ "systems": "systems_2"
},
"locked": {
- "lastModified": 1731533236,
- "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+ "lastModified": 1694529238,
+ "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+ "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
- "ref": "main",
"repo": "flake-utils",
"type": "github"
}
@@ -840,11 +521,11 @@
"systems": "systems_3"
},
"locked": {
- "lastModified": 1694529238,
- "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@@ -893,24 +574,6 @@
"inputs": {
"systems": "systems_6"
},
- "locked": {
- "lastModified": 1701680307,
- "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_6": {
- "inputs": {
- "systems": "systems_7"
- },
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@@ -945,41 +608,14 @@
"type": "github"
}
},
- "git-hooks": {
- "inputs": {
- "flake-compat": [
- "continuwuity",
- "cachix",
- "flake-compat"
- ],
- "gitignore": "gitignore",
- "nixpkgs": [
- "continuwuity",
- "cachix",
- "nixpkgs"
- ],
- "nixpkgs-stable": "nixpkgs-stable_2"
- },
- "locked": {
- "lastModified": 1733318908,
- "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
- "owner": "cachix",
- "repo": "git-hooks.nix",
- "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
- "type": "github"
- },
- "original": {
- "owner": "cachix",
- "repo": "git-hooks.nix",
- "type": "github"
- }
- },
"gitignore": {
"inputs": {
"nixpkgs": [
- "continuwuity",
- "cachix",
- "git-hooks",
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "pre-commit-hooks",
"nixpkgs"
]
},
@@ -1003,7 +639,6 @@
"sonnenshift",
"crate2nix",
"crate2nix_stable",
- "crate2nix_stable",
"pre-commit-hooks",
"nixpkgs"
]
@@ -1027,7 +662,6 @@
"nixpkgs": [
"sonnenshift",
"crate2nix",
- "crate2nix_stable",
"pre-commit-hooks",
"nixpkgs"
]
@@ -1046,141 +680,6 @@
"type": "github"
}
},
- "gitignore_4": {
- "inputs": {
- "nixpkgs": [
- "sonnenshift",
- "crate2nix",
- "pre-commit-hooks",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1709087332,
- "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
- "owner": "hercules-ci",
- "repo": "gitignore.nix",
- "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "gitignore.nix",
- "type": "github"
- }
- },
- "libgit2": {
- "flake": false,
- "locked": {
- "lastModified": 1697646580,
- "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
- "owner": "libgit2",
- "repo": "libgit2",
- "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
- "type": "github"
- },
- "original": {
- "owner": "libgit2",
- "repo": "libgit2",
- "type": "github"
- }
- },
- "liburing": {
- "flake": false,
- "locked": {
- "lastModified": 1740613216,
- "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=",
- "owner": "axboe",
- "repo": "liburing",
- "rev": "e1003e496e66f9b0ae06674869795edf772d5500",
- "type": "github"
- },
- "original": {
- "owner": "axboe",
- "ref": "master",
- "repo": "liburing",
- "type": "github"
- }
- },
- "nix": {
- "inputs": {
- "flake-compat": [
- "continuwuity",
- "cachix",
- "devenv"
- ],
- "flake-parts": "flake-parts_2",
- "libgit2": "libgit2",
- "nixpkgs": "nixpkgs_3",
- "nixpkgs-23-11": [
- "continuwuity",
- "cachix",
- "devenv"
- ],
- "nixpkgs-regression": [
- "continuwuity",
- "cachix",
- "devenv"
- ],
- "pre-commit-hooks": [
- "continuwuity",
- "cachix",
- "devenv"
- ]
- },
- "locked": {
- "lastModified": 1727438425,
- "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=",
- "owner": "domenkozar",
- "repo": "nix",
- "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546",
- "type": "github"
- },
- "original": {
- "owner": "domenkozar",
- "ref": "devenv-2.24",
- "repo": "nix",
- "type": "github"
- }
- },
- "nix-filter": {
- "locked": {
- "lastModified": 1731533336,
- "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
- "owner": "numtide",
- "repo": "nix-filter",
- "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "ref": "main",
- "repo": "nix-filter",
- "type": "github"
- }
- },
- "nix-github-actions": {
- "inputs": {
- "nixpkgs": [
- "continuwuity",
- "attic",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1729742964,
- "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
- "owner": "nix-community",
- "repo": "nix-github-actions",
- "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "nix-github-actions",
- "type": "github"
- }
- },
"nix-test-runner": {
"flake": false,
"locked": {
@@ -1230,160 +729,6 @@
}
},
"nixpkgs": {
- "locked": {
- "lastModified": 1726042813,
- "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-stable": {
- "locked": {
- "lastModified": 1724316499,
- "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-24.05",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-stable_2": {
- "locked": {
- "lastModified": 1730741070,
- "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-24.05",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-unstable": {
- "locked": {
- "lastModified": 1747413287,
- "narHash": "sha256-hOnqJr0tZBERWa29JWf9B3/8qr82mlt/UlKPvS7iYzA=",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "b965e4c283060415956ccd39eee4ca34a6a56cf8",
- "type": "github"
- },
- "original": {
- "owner": "nixos",
- "ref": "nixos-unstable-small",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_10": {
- "locked": {
- "lastModified": 1719506693,
- "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
- "path": "/nix/store/4p0avw1s3vf27hspgqsrqs37gxk4i83i-source",
- "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a",
- "type": "path"
- },
- "original": {
- "id": "nixpkgs",
- "type": "indirect"
- }
- },
- "nixpkgs_11": {
- "locked": {
- "lastModified": 1719506693,
- "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
- "path": "/nix/store/4p0avw1s3vf27hspgqsrqs37gxk4i83i-source",
- "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a",
- "type": "path"
- },
- "original": {
- "id": "nixpkgs",
- "type": "indirect"
- }
- },
- "nixpkgs_12": {
- "locked": {
- "lastModified": 1729850857,
- "narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "41dea55321e5a999b17033296ac05fe8a8b5a257",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_2": {
- "locked": {
- "lastModified": 1730531603,
- "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_3": {
- "locked": {
- "lastModified": 1717432640,
- "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "release-24.05",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_4": {
- "locked": {
- "lastModified": 1733212471,
- "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_5": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
@@ -1399,23 +744,23 @@
"type": "github"
}
},
- "nixpkgs_6": {
+ "nixpkgs_2": {
"locked": {
- "lastModified": 1747418223,
- "narHash": "sha256-DkCYFm09AR2+FPKcT7lD8iIMNXqTdesVvwKpCnqKiYg=",
+ "lastModified": 1748085680,
+ "narHash": "sha256-XG90Q/040NiV70gAVvoYbXg1lULbiwIzfkWmwSINyGQ=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "d6c9326e40bb557ebb8c040b4375590bc06413f8",
+ "rev": "4e6eeca5ed45465087274fc9dc6bc2011254a0f3",
"type": "github"
},
"original": {
"owner": "nixos",
- "ref": "nixos-24.11-small",
+ "ref": "nixos-25.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
- "nixpkgs_7": {
+ "nixpkgs_3": {
"locked": {
"lastModified": 1700612854,
"narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
@@ -1431,7 +776,7 @@
"type": "github"
}
},
- "nixpkgs_8": {
+ "nixpkgs_4": {
"locked": {
"lastModified": 1715534503,
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
@@ -1447,7 +792,7 @@
"type": "github"
}
},
- "nixpkgs_9": {
+ "nixpkgs_5": {
"locked": {
"lastModified": 1715534503,
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
@@ -1463,6 +808,48 @@
"type": "github"
}
},
+ "nixpkgs_6": {
+ "locked": {
+ "lastModified": 1719506693,
+ "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
+ "path": "/nix/store/4p0avw1s3vf27hspgqsrqs37gxk4i83i-source",
+ "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a",
+ "type": "path"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_7": {
+ "locked": {
+ "lastModified": 1719506693,
+ "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
+ "path": "/nix/store/4p0avw1s3vf27hspgqsrqs37gxk4i83i-source",
+ "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a",
+ "type": "path"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_8": {
+ "locked": {
+ "lastModified": 1729850857,
+ "narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "41dea55321e5a999b17033296ac05fe8a8b5a257",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"pre-commit-hooks": {
"inputs": {
"flake-compat": [
@@ -1472,7 +859,7 @@
"crate2nix_stable",
"flake-compat"
],
- "gitignore": "gitignore_2",
+ "gitignore": "gitignore",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -1510,7 +897,7 @@
"crate2nix_stable",
"flake-compat"
],
- "gitignore": "gitignore_3",
+ "gitignore": "gitignore_2",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -1545,8 +932,8 @@
"crate2nix",
"flake-compat"
],
- "flake-utils": "flake-utils_6",
- "gitignore": "gitignore_4",
+ "flake-utils": "flake-utils_5",
+ "gitignore": "gitignore_3",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -1574,7 +961,7 @@
},
"purescript-overlay": {
"inputs": {
- "flake-compat": "flake-compat_8",
+ "flake-compat": "flake-compat_5",
"nixpkgs": [
"tlaternet-webserver",
"dream2nix",
@@ -1613,54 +1000,18 @@
"type": "github"
}
},
- "rocksdb": {
- "flake": false,
- "locked": {
- "lastModified": 1741308171,
- "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=",
- "owner": "girlbossceo",
- "repo": "rocksdb",
- "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986",
- "type": "github"
- },
- "original": {
- "owner": "girlbossceo",
- "ref": "v9.11.1",
- "repo": "rocksdb",
- "type": "github"
- }
- },
"root": {
"inputs": {
- "continuwuity": "continuwuity",
"deploy-rs": "deploy-rs",
"disko": "disko",
"foundryvtt": "foundryvtt",
- "nixpkgs": "nixpkgs_6",
- "nixpkgs-unstable": "nixpkgs-unstable",
+ "nixpkgs": "nixpkgs_2",
"sonnenshift": "sonnenshift",
"sops-nix": "sops-nix",
"tlaternet-webserver": "tlaternet-webserver"
}
},
"rust-analyzer-src": {
- "flake": false,
- "locked": {
- "lastModified": 1740691488,
- "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=",
- "owner": "rust-lang",
- "repo": "rust-analyzer",
- "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5",
- "type": "github"
- },
- "original": {
- "owner": "rust-lang",
- "ref": "nightly",
- "repo": "rust-analyzer",
- "type": "github"
- }
- },
- "rust-analyzer-src_2": {
"flake": false,
"locked": {
"lastModified": 1737140097,
@@ -1728,11 +1079,11 @@
]
},
"locked": {
- "lastModified": 1746485181,
- "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
+ "lastModified": 1747603214,
+ "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
+ "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
"type": "github"
},
"original": {
@@ -1831,25 +1182,10 @@
"type": "github"
}
},
- "systems_7": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
"tlaternet-webserver": {
"inputs": {
"dream2nix": "dream2nix",
- "fenix": "fenix_2",
+ "fenix": "fenix",
"nixpkgs": [
"nixpkgs"
]
@@ -1870,7 +1206,7 @@
},
"utils": {
"inputs": {
- "systems": "systems_2"
+ "systems": "systems"
},
"locked": {
"lastModified": 1701680307,
From 94ec261a94a844f33d5f98e5633f260449e7cf64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Sun, 25 May 2025 02:11:31 +0800
Subject: [PATCH 17/17] chore(foundryvtt): Upgrade to version 13
---
configuration/services/foundryvtt.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configuration/services/foundryvtt.nix b/configuration/services/foundryvtt.nix
index f25bbcd..6c475a3 100644
--- a/configuration/services/foundryvtt.nix
+++ b/configuration/services/foundryvtt.nix
@@ -18,7 +18,7 @@ in
minifyStaticFiles = true;
proxySSL = true;
proxyPort = 443;
- package = flake-inputs.foundryvtt.packages.${pkgs.system}.foundryvtt_11;
+ package = flake-inputs.foundryvtt.packages.${pkgs.system}.foundryvtt_13;
};
nginx.virtualHosts."${domain}" =