tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 10 Pull requests Activity

Compare commits

base: tlaternet:b7feffc52f25f75af8b20c7c0212475df028e983
Branches Tags
tlaternet:master
tlaternet:tlater/authelia-attempt-3
tlaternet:tlater/coturn-disable
tlaternet:tlater/authelia-2
tlaternet:tlater/crowdsec-whitelists
tlaternet:tlater/authelia
..
compare: tlaternet:7a2b862235db7964138dae2f31494742a09ed5f8
Branches Tags
tlaternet:tlater/authelia-attempt-3
tlaternet:master
tlaternet:tlater/coturn-disable
tlaternet:tlater/authelia-2
tlaternet:tlater/crowdsec-whitelists
tlaternet:tlater/authelia

No commits in common. "b7feffc52f25f75af8b20c7c0212475df028e983" and "7a2b862235db7964138dae2f31494742a09ed5f8" have entirely different histories.
b7feffc52f ... 7a2b862235

13 changed files with 197 additions and 246 deletions
Download patch file Download diff file Expand all files Collapse all files

9
configuration/default.nix
View file

@ -35,11 +35,11 @@
''; '';
# Enable remote builds from tlater # Enable remote builds from tlater
settings.trusted-users = ["@wheel"]; trustedUsers = ["@wheel"];
}; };
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) ["steam-original" "steam-runtime" "steam-run" "steamcmd"]; builtins.elem (lib.getName pkg) ["steam-original" "steam-runtime" "steamcmd"];
# Optimization for minecraft servers, see: # Optimization for minecraft servers, see:
# https://bugs.mojang.com/browse/MC-183518 # https://bugs.mojang.com/browse/MC-183518
@ -63,8 +63,6 @@
8448 8448
# starbound # starbound
21025 21025
# Minecraft
25565
config.services.coturn.listening-port config.services.coturn.listening-port
config.services.coturn.tls-listening-port config.services.coturn.tls-listening-port
@ -73,9 +71,6 @@
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
# More minecraft
25565
config.services.coturn.listening-port config.services.coturn.listening-port
config.services.coturn.tls-listening-port config.services.coturn.tls-listening-port
config.services.coturn.alt-listening-port config.services.coturn.alt-listening-port

12
configuration/hardware-specific/linode/hardware-configuration.nix
View file

@ -8,7 +8,7 @@
[ (modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; boot.initrd.availableKernelModules = [ "virtio_pci" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -27,13 +27,5 @@
[ { device = "/dev/disk/by-uuid/45c8ad29-3861-4e68-a566-47e6d9269dca"; } [ { device = "/dev/disk/by-uuid/45c8ad29-3861-4e68-a566-47e6d9269dca"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking nix.maxJobs = lib.mkDefault 2;
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

9
configuration/services/gitea.nix
View file

@ -8,15 +8,12 @@ in {
httpAddress = "127.0.0.1"; httpAddress = "127.0.0.1";
database.type = "postgres"; database.type = "postgres";
ssh.clonePort = 2222;
rootUrl = "https://${domain}/"; rootUrl = "https://${domain}/";
cookieSecure = true;
appName = "Gitea: Git with a cup of tea"; appName = "Gitea: Git with a cup of tea";
disableRegistration = true;
settings = {
server.SSH_PORT = 2222;
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
};
}; };
# Set up SSL # Set up SSL

10
configuration/services/nextcloud.nix
View file

@ -3,14 +3,14 @@
config, config,
... ...
}: let }: let
nextcloud = pkgs.nextcloud25; inherit (pkgs) fetchNextcloudApp;
nextcloud = pkgs.nextcloud24;
hostName = "nextcloud.${config.services.nginx.domain}"; hostName = "nextcloud.${config.services.nginx.domain}";
in { in {
services.nextcloud = { services.nextcloud = {
inherit hostName; inherit hostName;
package = nextcloud; package = nextcloud;
enableBrokenCiphersForSSE = false;
enable = true; enable = true;
maxUploadSize = "2G"; maxUploadSize = "2G";
https = true; https = true;
@ -28,6 +28,12 @@ in {
}; };
extraApps = { extraApps = {
# TODO(tlater): Seems like this won't work anymore from
# Nextcloud 25 onwards.
#
# Adopt whatever upstream does with this:
# https://github.com/nextcloud/server/issues/4917
inherit (pkgs.local) apporder;
inherit (pkgs.local) bookmarks calendar contacts cookbook news notes; inherit (pkgs.local) bookmarks calendar contacts cookbook news notes;
}; };

206
flake.lock generated
View file

@ -24,31 +24,14 @@
"type": "github" "type": "github"
} }
}, },
"all-cabal-json": {
"flake": false,
"locked": {
"lastModified": 1665552503,
"narHash": "sha256-r14RmRSwzv5c+bWKUDaze6pXM7nOsiz1H8nvFHJvufc=",
"owner": "nix-community",
"repo": "all-cabal-json",
"rev": "d7c0434eebffb305071404edcf9d5cd99703878e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "hackage",
"repo": "all-cabal-json",
"type": "github"
}
},
"crane": { "crane": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1670900067, "lastModified": 1661875961,
"narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=", "narHash": "sha256-f1h/2c6Teeu1ofAHWzrS8TwBPcnN+EEu+z1sRVmMQTk=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b", "rev": "d9f394e4e20e97c2a60c3ad82c2b6ef99be19e24",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -64,11 +47,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1672327199, "lastModified": 1659725433,
"narHash": "sha256-pFlngSHXKBhAmbaKZ4FYtu57LLunG+vWdL7a5vw1RvQ=", "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "a5619f5660a00f58c2b7c16d89058e92327ac9b8", "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -80,11 +63,11 @@
"devshell": { "devshell": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1663445644, "lastModified": 1653917170,
"narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=", "narHash": "sha256-FyxOnEE/V4PNEcMU62ikY4FfYPo349MOhMM97HS0XEo=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66", "rev": "fc7a3e3adde9bbcab68af6d1e3c6eb738e296a92",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -96,25 +79,21 @@
"dream2nix": { "dream2nix": {
"inputs": { "inputs": {
"alejandra": "alejandra", "alejandra": "alejandra",
"all-cabal-json": "all-cabal-json",
"crane": "crane", "crane": "crane",
"devshell": "devshell", "devshell": "devshell",
"flake-parts": "flake-parts",
"flake-utils-pre-commit": "flake-utils-pre-commit", "flake-utils-pre-commit": "flake-utils-pre-commit",
"ghc-utils": "ghc-utils",
"gomod2nix": "gomod2nix", "gomod2nix": "gomod2nix",
"mach-nix": "mach-nix", "mach-nix": "mach-nix",
"nix-pypi-fetcher": "nix-pypi-fetcher",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"poetry2nix": "poetry2nix", "poetry2nix": "poetry2nix",
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1672661134, "lastModified": 1663323895,
"narHash": "sha256-WqBUyKeiv+jI11ug+qP0OnZ4nngK6eBRVTGHgdzEGvc=", "narHash": "sha256-ZmI9C8HNVz2w3OnB79WR/LIgVEY8tDnR8tEPi3hMiJk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "dream2nix", "repo": "dream2nix",
"rev": "9f6911c78dcb0832f7fcc955e847db1a5a9ce29a", "rev": "25be741ec92c77b8308ca6a7ab89593fe37b6542",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -156,11 +135,11 @@
"rust-analyzer-src": "rust-analyzer-src_2" "rust-analyzer-src": "rust-analyzer-src_2"
}, },
"locked": { "locked": {
"lastModified": 1672813381, "lastModified": 1663396212,
"narHash": "sha256-PKt6orRiFO19KFKnOhzK26hbFLtimlRNE2dGwrTEhII=", "narHash": "sha256-dlK10QPTDYNpJ/vl2QPKOTrqEbQwAR/v2f4+xsetTkw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "eb6583fcd626051c4d284f2fb51cd2659a43e7f6", "rev": "263cd7f991c07a9592a6e825bfc37b23b00eb244",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -172,11 +151,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1668681692, "lastModified": 1648199409,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1", "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -188,11 +167,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1668681692, "lastModified": 1650374568,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1", "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -201,31 +180,13 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1668450977,
"narHash": "sha256-cfLhMhnvXn6x1vPm+Jow3RiFAUSCw/l1utktCw5rVA4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "d591857e9d7dd9ddbfba0ea02b43b927c3c0f1fa",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667077288,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -265,22 +226,6 @@
"type": "github" "type": "github"
} }
}, },
"ghc-utils": {
"flake": false,
"locked": {
"lastModified": 1662774800,
"narHash": "sha256-1Rd2eohGUw/s1tfvkepeYpg8kCEXiIot0RijapUjAkE=",
"ref": "refs/heads/master",
"rev": "bb3a2d3dc52ff0253fb9c2812bd7aa2da03e0fea",
"revCount": 1072,
"type": "git",
"url": "https://gitlab.haskell.org/bgamari/ghc-utils"
},
"original": {
"type": "git",
"url": "https://gitlab.haskell.org/bgamari/ghc-utils"
}
},
"gomod2nix": { "gomod2nix": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -312,29 +257,13 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nix-pypi-fetcher": {
"flake": false,
"locked": {
"lastModified": 1669065297,
"narHash": "sha256-UStjXjNIuIm7SzMOWvuYWIHBkPUKQ8Id63BMJjnIDoA=",
"owner": "DavHau",
"repo": "nix-pypi-fetcher",
"rev": "a9885ac6a091576b5195d547ac743d45a2a615ac",
"type": "github"
},
"original": {
"owner": "DavHau",
"repo": "nix-pypi-fetcher",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1671417167, "lastModified": 1648219316,
"narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=", "narHash": "sha256-Ctij+dOi0ZZIfX5eMhgwugfvB+WZSrvVNAyAuANOsnQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7", "rev": "30d3d79b7d3607d56546dd2a6b49e156ba0ec634",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -344,63 +273,61 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-22_05": {
"locked": { "locked": {
"dir": "lib", "lastModified": 1667091951,
"lastModified": 1665349835, "narHash": "sha256-62sz0fn06Nq8OaeBYrYSR3Y6hUcp8/PC4dJ7HeGaOhU=",
"narHash": "sha256-UK4urM3iN80UXQ7EaOappDzcisYIuEURFRoGQ/yPkug=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "34c5293a71ffdb2fe054eb5288adc1882c1eb0b1", "rev": "6440d13df2327d2db13d3b17e419784020b71d22",
"type": "github" "type": "github"
}, },
"original": { "original": {
"dir": "lib",
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "release-22.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1673100377, "lastModified": 1667610399,
"narHash": "sha256-mT76pTd0YFxT6CwtPhDgHJhuIgLY+ZLSMiQpBufwMG4=", "narHash": "sha256-XZd0f4ZWAY0QOoUSdiNWj/eFiKb4B9CJPtl9uO9SYY4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f11a2df77cb945c115ae2a65f53f38121597d73", "rev": "1dd8696f96db47156e1424a49578fe7dd4ce99a4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "release-22.11", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1673345971, "lastModified": 1667564121,
"narHash": "sha256-4DfFcKLRfVUTyuGrGNNmw37IeIZSoku9tgTVmu/iD98=", "narHash": "sha256-DlR65WyEW78cBmnOhxDzfvNQ9euJEGctSl77olqEaLg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "54644f409ab471e87014bb305eac8c50190bcf48", "rev": "1404483f4531560aad73bdebae4096881c910ac0",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-22.11", "ref": "nixos-22.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1665580254, "lastModified": 1657638268,
"narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=", "narHash": "sha256-blBNtQSslAFkg0Gym9fWNJk+bPxGSZib4SOcPrmTPi4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f634d427b0224a5f531ea5aa10c3960ba6ec5f0f", "rev": "d80993b5f885515254746ba6d1917276ee386149",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -418,11 +345,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1672979485, "lastModified": 1667620329,
"narHash": "sha256-LrY0K1yya3nvRlGDc98wm68ozVj7E6a1EXXEr7eHp8E=", "narHash": "sha256-v1Zk7rtEbAGpevBGPZvZBKpwbmw4I+uVwxvd+pBlp3o=",
"owner": "berberman", "owner": "berberman",
"repo": "nvfetcher", "repo": "nvfetcher",
"rev": "0a9ac5fd07b52467d81163b1f8c94c12e5c9aff9", "rev": "294826951113dcd3aa9abbcacfb1aa5b95a19116",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -434,16 +361,16 @@
"poetry2nix": { "poetry2nix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1666918719, "lastModified": 1632969109,
"narHash": "sha256-BkK42fjAku+2WgCOv2/1NrPa754eQPV7gPBmoKQBWlc=", "narHash": "sha256-jPDclkkiAy5m2gGLBlKgH+lQtbF7tL4XxBrbSzw+Ioc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "poetry2nix", "repo": "poetry2nix",
"rev": "289efb187123656a116b915206e66852f038720e", "rev": "aee8f04296c39d88155e05d25cfc59dfdd41cc77",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "1.36.0", "ref": "1.21.0",
"repo": "poetry2nix", "repo": "poetry2nix",
"type": "github" "type": "github"
} }
@ -479,6 +406,7 @@
"inputs": { "inputs": {
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"nvfetcher": "nvfetcher", "nvfetcher": "nvfetcher",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"tlaternet-webserver": "tlaternet-webserver" "tlaternet-webserver": "tlaternet-webserver"
@ -504,11 +432,11 @@
"rust-analyzer-src_2": { "rust-analyzer-src_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1672757238, "lastModified": 1662896065,
"narHash": "sha256-BK1njXsjprMT0f+1aQYmZ/ueN9D3Y3wrz9gw4UvieRQ=", "narHash": "sha256-1LkSsXzI1JTAmP/GMTz4fTJd8y/tw8R79l96q+h7mu8=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "a97c71f92d574cb5104e3e1246eb9038d1a214a2", "rev": "2e9f1204ca01c3e20898d4a67c8b84899d394a88",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -523,14 +451,14 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-22_05": "nixpkgs-22_05"
}, },
"locked": { "locked": {
"lastModified": 1673147300, "lastModified": 1667427533,
"narHash": "sha256-gR9OEfTzWfL6vG0qkbn1TlBAOlg4LuW8xK/u0V41Ihc=", "narHash": "sha256-MsgTnQEi1g7f8anlW5klHW2pJgam4CLbJaYyBw2ed58=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "2253120d2a6147e57bafb5c689e086221df8032f", "rev": "486b4455da16272c1ed31bc82adcdbe7af829465",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -548,11 +476,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1672884793, "lastModified": 1665746303,
"narHash": "sha256-biUbdKq8OaRQm25poaRJalrRq+M+/TrNr7J6rI65lNI=", "narHash": "sha256-lDVy7aBsAaO5TyeoZS4wL6qcBNuU1bQCcHPJxiEKtao=",
"ref": "refs/heads/master", "ref": "master",
"rev": "b2894e4fefbdc1c9964ab47c931497a417562d8a", "rev": "5d037f9122e68aaa5db62d04810bf0c5e1e4325e",
"revCount": 53, "revCount": 49,
"type": "git", "type": "git",
"url": "https://gitea.tlater.net/tlaternet/tlaternet.git" "url": "https://gitea.tlater.net/tlaternet/tlaternet.git"
}, },
@ -563,11 +491,11 @@
}, },
"utils": { "utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1648297722,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
"type": "github" "type": "github"
}, },
"original": { "original": {

19
flake.nix
View file

@ -2,7 +2,8 @@
description = "tlater.net host configuration"; description = "tlater.net host configuration";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
@ -21,6 +22,7 @@
outputs = { outputs = {
self, self,
nixpkgs, nixpkgs,
nixpkgs-unstable,
sops-nix, sops-nix,
nvfetcher, nvfetcher,
deploy-rs, deploy-rs,
@ -64,7 +66,7 @@
# Helper functions # # Helper functions #
#################### ####################
lib = import ./lib { lib = import ./lib {
inherit nixpkgs sops-nix tlaternet-webserver; inherit nixpkgs nixpkgs-unstable sops-nix tlaternet-webserver;
lib = nixpkgs.lib; lib = nixpkgs.lib;
}; };
@ -73,14 +75,15 @@
################### ###################
packages.${system} = let packages.${system} = let
inherit (nixpkgs.legacyPackages.${system}) writeShellScript; inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
in {
default = self.packages.${system}.run-vm;
run-vm = let
vm = self.lib.makeNixosSystem { vm = self.lib.makeNixosSystem {
inherit system; inherit system;
extraModules = [(import ./configuration/hardware-specific/vm.nix)]; extraModules = [(import ./configuration/hardware-specific/vm.nix)];
}; };
in {
default = vm.config.system.build.vm;
run-vm = let
qemuNetOpts = self.lib.makeQemuNetOpts { qemuNetOpts = self.lib.makeQemuNetOpts {
"2222" = "2222"; "2222" = "2222";
"3080" = "80"; "3080" = "80";
@ -96,7 +99,7 @@
''; '';
update-nextcloud-apps = let update-nextcloud-apps = let
nvfetcher-bin = "${nvfetcher.packages.${system}.default}/bin/nvfetcher"; nvfetcher-bin = "${nvfetcher.defaultPackage.${system}}/bin/nvfetcher";
in in
writeShellScript "update-nextcloud-apps" '' writeShellScript "update-nextcloud-apps" ''
cd "$(git rev-parse --show-toplevel)/pkgs" cd "$(git rev-parse --show-toplevel)/pkgs"
@ -104,7 +107,9 @@
''; '';
}; };
apps.${system} = { apps.${system} = let
inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
in {
default = { default = {
type = "app"; type = "app";
program = builtins.toString self.packages.${system}.run-vm; program = builtins.toString self.packages.${system}.run-vm;

7
keys/staging.yaml
View file

@ -5,17 +5,14 @@ steam:
turn: turn:
env: ENC[AES256_GCM,data:xjIz/AY109lyiL5N01p5T3HcYco/rM5CJSRTtg==,iv:16bW6OpyOK/QL0QPGQp/Baa9xyT8E3ZsYkwqmjuofk0=,tag:J5re3uKxIykw3YunvQWBgg==,type:str] env: ENC[AES256_GCM,data:xjIz/AY109lyiL5N01p5T3HcYco/rM5CJSRTtg==,iv:16bW6OpyOK/QL0QPGQp/Baa9xyT8E3ZsYkwqmjuofk0=,tag:J5re3uKxIykw3YunvQWBgg==,type:str]
secret: ENC[AES256_GCM,data:eQ7dAocoZtg=,iv:fgzjTPv30WqTKlLy+yMn5MsKQgjhPnwlGFFwYEg3gWs=,tag:1ze33U1NBkgMX/9SiaBNQg==,type:str] secret: ENC[AES256_GCM,data:eQ7dAocoZtg=,iv:fgzjTPv30WqTKlLy+yMn5MsKQgjhPnwlGFFwYEg3gWs=,tag:1ze33U1NBkgMX/9SiaBNQg==,type:str]
ssl-key: ENC[AES256_GCM,data:RYfwHjBvwFXgXxXIEuWUzaycTdrCvmPivsNvvUIwDRynS5G2Dl6RCVp1w9zuLvoNun5ncUPGGuLMmVqN2wkJlw==,iv:UKI3bVTY7iTDNvp5UqrZ3QlQkMZ5p2bjgODEc6DCBfQ=,tag:sz7VTyRWyZxAsP4nE48DnA==,type:str]
#ENC[AES256_GCM,data:bxhKzU5Tzezl749CDu8e8kxa7ahGuZFaPa9K3kxuD+4sg5Hi3apgDlC0n8oK0DeiK4Ks7+9Cyw==,iv:T/zVJUpNAv1rR0a9+6SDTG08ws2A1hFBs5Ia3TpT0uk=,tag:uGXb1VryM+lIJ8r0I5durA==,type:comment]
ssl-cert: ENC[AES256_GCM,data:xHUr14CjKslgbGh/n5jYSOuCw9JRxS6YXE4fxS+aJzFcNeSeGNqoipPeuJupZGBnQP/FCqohiHY=,iv:/OEsVqRshGL9NIvntMC42EPZSNL0u6EfhtUBqgV7qog=,tag:4pxtNjuvy/ibm6nDtKdSkw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2023-01-11T01:49:31Z" lastmodified: "2022-10-28T22:54:01Z"
mac: ENC[AES256_GCM,data:5IcHdNQ/mh6Jz60dlpgqbBtVGKYml4EOs7YXsBcejgAoPzZqEK+xb3f9+rq2G6sCcMXzROHJsdQUfp1wMgfp8DwVm4H+XO+SQh/E1kFuWO8G/IpXOT4P9RQC+wHxrVuxHd8pwl9CLv6uuMnO+FNg9TeWB2GAVxIBsY8JHwGN/BA=,iv:/Yqfij58LGNooyyhmr8aWCpknd4dN+b4iSvokVoDGls=,tag:XHm8Qcg75B1+pTOcgZubIQ==,type:str] mac: ENC[AES256_GCM,data:1nsv+Dl7lzRZNNb9kSuqFrXrcncIklw/A2uwd/yQQ546Rm/4gzpBZqCi6cv5VBCdc1iNuBcAM74DnZHMDmeWAiW0WfACPJMQjCes21P6IUsP2gu+bV2f9qqqnP2a5voxzFHp1aclklzMiiZJBEB1Y3UNz0ZG7A43hsOAE0/fJ9o=,iv:kY10PF5ErkKHXx8m0OyX2eU6kcFQsrsP3V2scVBMsuA=,tag:Uth0XfP2c0LBJQ7+7Uc0BQ==,type:str]
pgp: pgp:
- created_at: "2022-10-12T16:48:23Z" - created_at: "2022-10-12T16:48:23Z"
enc: | enc: |

10
lib/default.nix
View file

@ -1,6 +1,7 @@
{ {
lib, lib,
nixpkgs, nixpkgs,
nixpkgs-unstable,
sops-nix, sops-nix,
tlaternet-webserver, tlaternet-webserver,
}: let }: let
@ -24,6 +25,15 @@ in {
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
tlaternet-webserver.nixosModules.default tlaternet-webserver.nixosModules.default
(import ../configuration) (import ../configuration)
{
nixpkgs.overlays = [
(self: super: {
matrix-conduit = nixpkgs-unstable.legacyPackages.${system}.matrix-conduit.override {
inherit (self) stdenv lib fetchFromGitLab rustPlatform pkg-config rocksdb;
};
})
];
}
] ]
++ extraModules; ++ extraModules;
}; };

59
pkgs/_sources_nextcloud/generated.json
View file

@ -7,8 +7,9 @@
"passthru": null, "passthru": null,
"pinned": false, "pinned": false,
"src": { "src": {
"sha256": "1nx1vdwlqyy3x5vw2h2xx51hmv7gsp8mam1fj813yc3655js9m96", "name": null,
"type": "tarball", "sha256": "sha256-p3VWxTYDCO2NePq6oLM8tBVqYkvoB7itqxp7IZwGDnE=",
"type": "url",
"url": "https://github.com/juliushaertl/apporder/releases/download/v0.15.0/apporder.tar.gz" "url": "https://github.com/juliushaertl/apporder/releases/download/v0.15.0/apporder.tar.gz"
}, },
"version": "v0.15.0" "version": "v0.15.0"
@ -21,11 +22,12 @@
"passthru": null, "passthru": null,
"pinned": false, "pinned": false,
"src": { "src": {
"sha256": "0dkfjafbynkrymsq183sad7zynqr2qls0cld73nvzn3smnvdl2xx", "name": null,
"type": "tarball", "sha256": "sha256-URqtzaCx8FEZHCDP1wSBUFNs+x50jesRtWi+xOU1oXM=",
"url": "https://github.com/nextcloud/bookmarks/releases/download/v12.0.0/bookmarks-12.0.0.tar.gz" "type": "url",
"url": "https://github.com/nextcloud/bookmarks/releases/download/v11.0.4/bookmarks-11.0.4.tar.gz"
}, },
"version": "12.0.0" "version": "11.0.4"
}, },
"calendar": { "calendar": {
"cargoLocks": null, "cargoLocks": null,
@ -35,11 +37,12 @@
"passthru": null, "passthru": null,
"pinned": false, "pinned": false,
"src": { "src": {
"sha256": "06p92w2idml5g3zc0xhp25rpgkxm3d5pmxpx7dmqlqvw8r6z07an", "name": null,
"type": "tarball", "sha256": "sha256-+LRGl9h40AQdWN9SW+NqGwTafAGwV07Af8nVs3pUCm0=",
"url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.2.0/calendar-v4.2.0.tar.gz" "type": "url",
"url": "https://github.com/nextcloud-releases/calendar/releases/download/v3.5.0/calendar-v3.5.0.tar.gz"
}, },
"version": "v4.2.0" "version": "v3.5.0"
}, },
"contacts": { "contacts": {
"cargoLocks": null, "cargoLocks": null,
@ -49,11 +52,12 @@
"passthru": null, "passthru": null,
"pinned": false, "pinned": false,
"src": { "src": {
"sha256": "097a71if6kkc7nphfc8b6llqlsskjwp1vg83134hzgfscvllvaj8", "name": null,
"type": "tarball", "sha256": "sha256-GTiyZsUHBXPgQ17DHAihmt2W/ZnAjDwfgwnujkRwk6A=",
"url": "https://github.com/nextcloud-releases/contacts/releases/download/v5.0.2/contacts-v5.0.2.tar.gz" "type": "url",
"url": "https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz"
}, },
"version": "v5.0.2" "version": "v4.2.2"
}, },
"cookbook": { "cookbook": {
"cargoLocks": null, "cargoLocks": null,
@ -63,11 +67,12 @@
"passthru": null, "passthru": null,
"pinned": false, "pinned": false,
"src": { "src": {
"sha256": "1xpy060yi7pl8i91xjv2jj18yvsmjzwmv91y7i686qq8n2kc1fcg", "name": null,
"type": "tarball", "sha256": "sha256-3lCqvmaMsgrFD5PzyHIcwxxGeC+qOMTGxbOi7nPFL6I=",
"url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz" "type": "url",
"url": "https://github.com/nextcloud/cookbook/releases/download/v0.9.17/Cookbook-0.9.17.tar.gz"
}, },
"version": "0.10.1" "version": "0.9.17"
}, },
"news": { "news": {
"cargoLocks": null, "cargoLocks": null,
@ -77,11 +82,12 @@
"passthru": null, "passthru": null,
"pinned": false, "pinned": false,
"src": { "src": {
"sha256": "0pnriarr2iqci2v2hn6vpvszf4m4pkcxsd2i13bp7n1zqkg6swd7", "name": null,
"type": "tarball", "sha256": "sha256-lVF4H9v7bSw8137lfq4PsVg8e1TpcgvJVQU/UVQfSoY=",
"url": "https://github.com/nextcloud/news/releases/download/20.0.0/news.tar.gz" "type": "url",
"url": "https://github.com/nextcloud/news/releases/download/19.0.0/news.tar.gz"
}, },
"version": "20.0.0" "version": "19.0.0"
}, },
"notes": { "notes": {
"cargoLocks": null, "cargoLocks": null,
@ -91,10 +97,11 @@
"passthru": null, "passthru": null,
"pinned": false, "pinned": false,
"src": { "src": {
"sha256": "1jcgv3awr45jq3n3qv851qlpbdl2plixba0iq2s54dmhciypdckl", "name": null,
"type": "tarball", "sha256": "sha256-rd3uVkVtARX4enRAWm1ivV468lboYZnYe7/zsqaHYpk=",
"url": "https://github.com/nextcloud/notes/releases/download/v4.6.0/notes.tar.gz" "type": "url",
"url": "https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz"
}, },
"version": "v4.6.0" "version": "v4.5.1"
} }
} }

52
pkgs/_sources_nextcloud/generated.nix
View file

@ -4,57 +4,57 @@
apporder = { apporder = {
pname = "apporder"; pname = "apporder";
version = "v0.15.0"; version = "v0.15.0";
src = fetchTarball { src = fetchurl {
url = "https://github.com/juliushaertl/apporder/releases/download/v0.15.0/apporder.tar.gz"; url = "https://github.com/juliushaertl/apporder/releases/download/v0.15.0/apporder.tar.gz";
sha256 = "1nx1vdwlqyy3x5vw2h2xx51hmv7gsp8mam1fj813yc3655js9m96"; sha256 = "sha256-p3VWxTYDCO2NePq6oLM8tBVqYkvoB7itqxp7IZwGDnE=";
}; };
}; };
bookmarks = { bookmarks = {
pname = "bookmarks"; pname = "bookmarks";
version = "12.0.0"; version = "11.0.4";
src = fetchTarball { src = fetchurl {
url = "https://github.com/nextcloud/bookmarks/releases/download/v12.0.0/bookmarks-12.0.0.tar.gz"; url = "https://github.com/nextcloud/bookmarks/releases/download/v11.0.4/bookmarks-11.0.4.tar.gz";
sha256 = "0dkfjafbynkrymsq183sad7zynqr2qls0cld73nvzn3smnvdl2xx"; sha256 = "sha256-URqtzaCx8FEZHCDP1wSBUFNs+x50jesRtWi+xOU1oXM=";
}; };
}; };
calendar = { calendar = {
pname = "calendar"; pname = "calendar";
version = "v4.2.0"; version = "v3.5.0";
src = fetchTarball { src = fetchurl {
url = "https://github.com/nextcloud-releases/calendar/releases/download/v4.2.0/calendar-v4.2.0.tar.gz"; url = "https://github.com/nextcloud-releases/calendar/releases/download/v3.5.0/calendar-v3.5.0.tar.gz";
sha256 = "06p92w2idml5g3zc0xhp25rpgkxm3d5pmxpx7dmqlqvw8r6z07an"; sha256 = "sha256-+LRGl9h40AQdWN9SW+NqGwTafAGwV07Af8nVs3pUCm0=";
}; };
}; };
contacts = { contacts = {
pname = "contacts"; pname = "contacts";
version = "v5.0.2"; version = "v4.2.2";
src = fetchTarball { src = fetchurl {
url = "https://github.com/nextcloud-releases/contacts/releases/download/v5.0.2/contacts-v5.0.2.tar.gz"; url = "https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz";
sha256 = "097a71if6kkc7nphfc8b6llqlsskjwp1vg83134hzgfscvllvaj8"; sha256 = "sha256-GTiyZsUHBXPgQ17DHAihmt2W/ZnAjDwfgwnujkRwk6A=";
}; };
}; };
cookbook = { cookbook = {
pname = "cookbook"; pname = "cookbook";
version = "0.10.1"; version = "0.9.17";
src = fetchTarball { src = fetchurl {
url = "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz"; url = "https://github.com/nextcloud/cookbook/releases/download/v0.9.17/Cookbook-0.9.17.tar.gz";
sha256 = "1xpy060yi7pl8i91xjv2jj18yvsmjzwmv91y7i686qq8n2kc1fcg"; sha256 = "sha256-3lCqvmaMsgrFD5PzyHIcwxxGeC+qOMTGxbOi7nPFL6I=";
}; };
}; };
news = { news = {
pname = "news"; pname = "news";
version = "20.0.0"; version = "19.0.0";
src = fetchTarball { src = fetchurl {
url = "https://github.com/nextcloud/news/releases/download/20.0.0/news.tar.gz"; url = "https://github.com/nextcloud/news/releases/download/19.0.0/news.tar.gz";
sha256 = "0pnriarr2iqci2v2hn6vpvszf4m4pkcxsd2i13bp7n1zqkg6swd7"; sha256 = "sha256-lVF4H9v7bSw8137lfq4PsVg8e1TpcgvJVQU/UVQfSoY=";
}; };
}; };
notes = { notes = {
pname = "notes"; pname = "notes";
version = "v4.6.0"; version = "v4.5.1";
src = fetchTarball { src = fetchurl {
url = "https://github.com/nextcloud/notes/releases/download/v4.6.0/notes.tar.gz"; url = "https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz";
sha256 = "1jcgv3awr45jq3n3qv851qlpbdl2plixba0iq2s54dmhciypdckl"; sha256 = "sha256-rd3uVkVtARX4enRAWm1ivV468lboYZnYe7/zsqaHYpk=";
}; };
}; };
} }

4
pkgs/default.nix
View file

@ -2,7 +2,7 @@
pkgs, pkgs,
lib, lib,
}: let }: let
inherit (builtins) fromJSON mapAttrs readFile; inherit (builtins) listToAttrs mapAttrs;
inherit (pkgs) callPackage; inherit (pkgs) callPackage;
in in
{ {
@ -12,7 +12,7 @@ in
# Add nextcloud apps # Add nextcloud apps
let let
mkNextcloudApp = pkgs.callPackage ./mkNextcloudApp.nix {}; mkNextcloudApp = pkgs.callPackage ./mkNextcloudApp.nix {};
sources = fromJSON (readFile ./_sources_nextcloud/generated.json); sources = pkgs.callPackage ./_sources_nextcloud/generated.nix {};
in in
mapAttrs (_: source: mkNextcloudApp source) sources mapAttrs (_: source: mkNextcloudApp source) sources
) )

13
pkgs/mkNextcloudApp.nix
View file

@ -1,8 +1,13 @@
{ {
fetchNextcloudApp, fetchNextcloudApp,
lib, lib,
}: source: }: let
fetchNextcloudApp { inherit (lib) removePrefix;
in
source:
fetchNextcloudApp {
name = source.pname;
version = removePrefix "v" source.version;
url = source.src.url; url = source.src.url;
sha256 = source.src.sha256; sha256 = source.src.outputHash;
} }

27
pkgs/nextcloud-apps.toml
View file

@ -1,26 +1,35 @@
[apporder]
src.github = "juliushaertl/apporder"
fetch.url = "https://github.com/juliushaertl/apporder/releases/download/$ver/apporder.tar.gz"
[bookmarks] [bookmarks]
src.github = "nextcloud/bookmarks" src.github = "nextcloud/bookmarks"
src.prefix = "v" src.prefix = "v"
fetch.tarball = "https://github.com/nextcloud/bookmarks/releases/download/v$ver/bookmarks-$ver.tar.gz" fetch.url = "https://github.com/nextcloud/bookmarks/releases/download/v$ver/bookmarks-$ver.tar.gz"
[calendar] [calendar]
src.github = "nextcloud-releases/calendar" src.manual = "v3.5.0" # Pinned until we update to nextcloud 25
fetch.tarball = "https://github.com/nextcloud-releases/calendar/releases/download/$ver/calendar-$ver.tar.gz" # src.github = "nextcloud-releases/calendar"
fetch.url = "https://github.com/nextcloud-releases/calendar/releases/download/$ver/calendar-$ver.tar.gz"
[contacts] [contacts]
src.github = "nextcloud-releases/contacts" src.manual = "v4.2.2" # Pinned until we update to nextcloud 25
fetch.tarball = "https://github.com/nextcloud-releases/contacts/releases/download/$ver/contacts-$ver.tar.gz" # src.github = "nextcloud-releases/contacts"
fetch.url = "https://github.com/nextcloud-releases/contacts/releases/download/$ver/contacts-$ver.tar.gz"
[cookbook] [cookbook]
src.github_tag = "nextcloud/cookbook" src.github_tag = "nextcloud/cookbook"
src.prefix = "v" src.prefix = "v"
src.exclude_regex = 'v\d+\.\d+\.\d+-rc\d+' src.exclude_regex = 'v\d+\.\d+\.\d+-rc\d+'
fetch.tarball = "https://github.com/nextcloud/cookbook/releases/download/v$ver/Cookbook-$ver.tar.gz" fetch.url = "https://github.com/nextcloud/cookbook/releases/download/v$ver/Cookbook-$ver.tar.gz"
[news] [news]
src.github = "nextcloud/news" src.github = "nextcloud/news"
fetch.tarball = "https://github.com/nextcloud/news/releases/download/$ver/news.tar.gz" # Sadly, the news app vendors things, and those are only included in
# their tarball.
fetch.url = "https://github.com/nextcloud/news/releases/download/$ver/news.tar.gz"
[notes] [notes]
src.github = "nextcloud/notes" src.manual = "v4.5.1" # Pinned until we update to nextcloud 25
fetch.tarball = "https://github.com/nextcloud/notes/releases/download/$ver/notes.tar.gz" # src.github = "nextcloud/notes"
fetch.url = "https://github.com/nextcloud/notes/releases/download/$ver/notes.tar.gz"