From 3c7b6a7163628216c754bf564cd39e5793c36e61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Sun, 16 Feb 2025 18:35:16 +0800
Subject: [PATCH 01/12] bump: Update inputs
---
flake.lock | 41 ++++++++-------------------
flake.nix | 3 --
modules/crowdsec/default.nix | 9 ++----
pkgs/crowdsec/_sources/generated.json | 8 +++---
pkgs/crowdsec/_sources/generated.nix | 8 +++---
5 files changed, 23 insertions(+), 46 deletions(-)
diff --git a/flake.lock b/flake.lock
index 7f117e9..b2487b6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -27,11 +27,11 @@
]
},
"locked": {
- "lastModified": 1737038063,
- "narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=",
+ "lastModified": 1739634831,
+ "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=",
"owner": "nix-community",
"repo": "disko",
- "rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2",
+ "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142",
"type": "github"
},
"original": {
@@ -190,29 +190,13 @@
"type": "github"
}
},
- "nixpkgs-crowdsec": {
- "locked": {
- "lastModified": 1738085579,
- "narHash": "sha256-7mLjMrOiiIi0vI7BJwbEipYQzwA7JF/NWHP+LM4q5S8=",
- "owner": "tlater",
- "repo": "nixpkgs",
- "rev": "426a7afc9a6ecfdac544bda4022acef31e36df34",
- "type": "github"
- },
- "original": {
- "owner": "tlater",
- "ref": "tlater/fix-crowdsec",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1737192615,
- "narHash": "sha256-jtucJjcdryEZQw1g0RThPSPxCdWNHF42sLp8pmMMGDs=",
+ "lastModified": 1739611738,
+ "narHash": "sha256-3bnOIZz8KXtzcaXGuH9Eriv0HiQyr1EIfcye+VHLQZE=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "09c71b16e6efc9e90edae7eb8b63348702ff9a85",
+ "rev": "31ff66eb77d02e9ac34b7256a02edb1c43fb9998",
"type": "github"
},
"original": {
@@ -224,11 +208,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1737171713,
- "narHash": "sha256-9mWmMXCto7e8U9hM8ZFozElv4dgOMTe308SSc7rEEFs=",
+ "lastModified": 1739578539,
+ "narHash": "sha256-jGiez5BtGGJUB/LXzRa+4AQurMO9acc1B69kBfgQhJc=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "8773174492fc61571b578f34a59953baba46471a",
+ "rev": "30d4471a8a2a13b716530d3aad60b9846ea5ff83",
"type": "github"
},
"original": {
@@ -326,7 +310,6 @@
"disko": "disko",
"foundryvtt": "foundryvtt",
"nixpkgs": "nixpkgs_2",
- "nixpkgs-crowdsec": "nixpkgs-crowdsec",
"nixpkgs-unstable": "nixpkgs-unstable",
"sonnenshift": "sonnenshift",
"sops-nix": "sops-nix",
@@ -401,11 +384,11 @@
]
},
"locked": {
- "lastModified": 1737107480,
- "narHash": "sha256-GXUE9+FgxoZU8v0p6ilBJ8NH7k8nKmZjp/7dmMrCv3o=",
+ "lastModified": 1739262228,
+ "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "4c4fb93f18b9072c6fa1986221f9a3d7bf1fe4b6",
+ "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 3d04d7c..b31d108 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,8 +26,6 @@
url = "git+ssh://git@github.com/sonnenshift/battery-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
-
- nixpkgs-crowdsec.url = "github:tlater/nixpkgs/tlater/fix-crowdsec";
};
outputs =
@@ -106,7 +104,6 @@
in
{
default = vm.config.system.build.vm;
- crowdsec = pkgs.callPackage "${inputs.nixpkgs-crowdsec}/pkgs/by-name/cr/crowdsec/package.nix" { };
crowdsec-hub = localPkgs.crowdsec.hub;
crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer;
};
diff --git a/modules/crowdsec/default.nix b/modules/crowdsec/default.nix
index 0d0ff1c..c0003a5 100644
--- a/modules/crowdsec/default.nix
+++ b/modules/crowdsec/default.nix
@@ -1,5 +1,4 @@
{
- flake-inputs,
pkgs,
lib,
config,
@@ -9,8 +8,6 @@ let
cfg = config.security.crowdsec;
settingsFormat = pkgs.formats.yaml { };
- crowdsec = flake-inputs.self.packages.${pkgs.system}.crowdsec;
-
hub = pkgs.fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
@@ -19,14 +16,14 @@ let
};
cscli = pkgs.writeShellScriptBin "cscli" ''
- export PATH="$PATH:${crowdsec}/bin/"
+ export PATH="$PATH:${cfg.package}/bin/"
sudo=exec
if [ "$USER" != "crowdsec" ]; then
sudo='exec /run/wrappers/bin/sudo -u crowdsec'
fi
- $sudo ${crowdsec}/bin/cscli "$@"
+ $sudo ${cfg.package}/bin/cscli "$@"
'';
acquisitions = ''
@@ -53,7 +50,7 @@ in
package = lib.mkOption {
type = package;
- default = crowdsec;
+ default = pkgs.crowdsec;
};
stateDirectory = lib.mkOption {
diff --git a/pkgs/crowdsec/_sources/generated.json b/pkgs/crowdsec/_sources/generated.json
index 8485779..634bc18 100644
--- a/pkgs/crowdsec/_sources/generated.json
+++ b/pkgs/crowdsec/_sources/generated.json
@@ -21,7 +21,7 @@
},
"crowdsec-hub": {
"cargoLocks": null,
- "date": "2025-01-30",
+ "date": "2025-02-16",
"extract": null,
"name": "crowdsec-hub",
"passthru": null,
@@ -33,10 +33,10 @@
"name": null,
"owner": "crowdsecurity",
"repo": "hub",
- "rev": "8f102f5ac79af59d3024ca2771b65ec87411ac02",
- "sha256": "sha256-8K1HkBg0++Au1dr2KMrl9b2ruqXdo+vqWngOCwL11Mo=",
+ "rev": "f7d7f476f88a4af05e1cfb3994536990adecfb57",
+ "sha256": "sha256-m78uipryHDKixJzrF4K59ioAJ3WJN1JlXEC0DNVMCJ8=",
"type": "github"
},
- "version": "8f102f5ac79af59d3024ca2771b65ec87411ac02"
+ "version": "f7d7f476f88a4af05e1cfb3994536990adecfb57"
}
}
\ No newline at end of file
diff --git a/pkgs/crowdsec/_sources/generated.nix b/pkgs/crowdsec/_sources/generated.nix
index 6f845ec..7ef44e6 100644
--- a/pkgs/crowdsec/_sources/generated.nix
+++ b/pkgs/crowdsec/_sources/generated.nix
@@ -14,14 +14,14 @@
};
crowdsec-hub = {
pname = "crowdsec-hub";
- version = "8f102f5ac79af59d3024ca2771b65ec87411ac02";
+ version = "f7d7f476f88a4af05e1cfb3994536990adecfb57";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
- rev = "8f102f5ac79af59d3024ca2771b65ec87411ac02";
+ rev = "f7d7f476f88a4af05e1cfb3994536990adecfb57";
fetchSubmodules = false;
- sha256 = "sha256-8K1HkBg0++Au1dr2KMrl9b2ruqXdo+vqWngOCwL11Mo=";
+ sha256 = "sha256-m78uipryHDKixJzrF4K59ioAJ3WJN1JlXEC0DNVMCJ8=";
};
- date = "2025-01-30";
+ date = "2025-02-16";
};
}
From 586ab969a4bed26a3df9b1861deb4194234af40b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 21 Feb 2025 04:09:35 +0800
Subject: [PATCH 02/12] feat(battery-manager): Switch to rust version
---
configuration/services/battery-manager.nix | 6 +-
configuration/sops.nix | 11 +-
flake.lock | 846 +++++++++++++++++++--
flake.nix | 2 +-
4 files changed, 799 insertions(+), 66 deletions(-)
diff --git a/configuration/services/battery-manager.nix b/configuration/services/battery-manager.nix
index a16cca1..9da7e32 100644
--- a/configuration/services/battery-manager.nix
+++ b/configuration/services/battery-manager.nix
@@ -4,9 +4,13 @@
services.batteryManager = {
enable = true;
- battery = "3ca39300-c523-4315-b9a3-d030f85a9373";
emailFile = "${config.sops.secrets."battery-manager/email".path}";
passwordFile = "${config.sops.secrets."battery-manager/password".path}";
+
+ settings = {
+ battery_id = "3ca39300-c523-4315-b9a3-d030f85a9373";
+ log_level = "DEBUG";
+ };
};
}
diff --git a/configuration/sops.nix b/configuration/sops.nix
index 3a1c3d8..0337438 100644
--- a/configuration/sops.nix
+++ b/configuration/sops.nix
@@ -1,18 +1,11 @@
-{ config, lib, ... }:
{
sops = {
defaultSopsFile = ../keys/production.yaml;
secrets = {
- "battery-manager/email" = lib.mkIf config.services.batteryManager.enable {
- owner = "battery-manager";
- group = "battery-manager";
- };
+ "battery-manager/email" = { };
- "battery-manager/password" = lib.mkIf config.services.batteryManager.enable {
- owner = "battery-manager";
- group = "battery-manager";
- };
+ "battery-manager/password" = { };
# Gitea
"forgejo/metrics-token" = {
diff --git a/flake.lock b/flake.lock
index b2487b6..276b8b2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,206 @@
{
"nodes": {
+ "cachix": {
+ "inputs": {
+ "devenv": [
+ "sonnenshift",
+ "crate2nix"
+ ],
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix"
+ ],
+ "nixpkgs": "nixpkgs_3",
+ "pre-commit-hooks": [
+ "sonnenshift",
+ "crate2nix"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709700175,
+ "narHash": "sha256-A0/6ZjLmT9qdYzKHmevnEIC7G+GiZ4UCr8v0poRPzds=",
+ "owner": "cachix",
+ "repo": "cachix",
+ "rev": "be97b37989f11b724197b5f4c7ffd78f12c8c4bf",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "ref": "latest",
+ "repo": "cachix",
+ "type": "github"
+ }
+ },
+ "cachix_2": {
+ "inputs": {
+ "devenv": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable"
+ ],
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable"
+ ],
+ "nixpkgs": "nixpkgs_4",
+ "pre-commit-hooks": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable"
+ ]
+ },
+ "locked": {
+ "lastModified": 1716549461,
+ "narHash": "sha256-lHy5kgx6J8uD+16SO47dPrbob98sh+W1tf4ceSqPVK4=",
+ "owner": "cachix",
+ "repo": "cachix",
+ "rev": "e2bb269fb8c0828d5d4d2d7b8d09ea85abcacbd4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "ref": "latest",
+ "repo": "cachix",
+ "type": "github"
+ }
+ },
+ "cachix_3": {
+ "inputs": {
+ "devenv": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable"
+ ],
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable"
+ ],
+ "nixpkgs": "nixpkgs_5",
+ "pre-commit-hooks": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable"
+ ]
+ },
+ "locked": {
+ "lastModified": 1716549461,
+ "narHash": "sha256-lHy5kgx6J8uD+16SO47dPrbob98sh+W1tf4ceSqPVK4=",
+ "owner": "cachix",
+ "repo": "cachix",
+ "rev": "e2bb269fb8c0828d5d4d2d7b8d09ea85abcacbd4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "ref": "latest",
+ "repo": "cachix",
+ "type": "github"
+ }
+ },
+ "crate2nix": {
+ "inputs": {
+ "cachix": "cachix",
+ "crate2nix_stable": "crate2nix_stable",
+ "devshell": "devshell_3",
+ "flake-compat": "flake-compat_4",
+ "flake-parts": "flake-parts_3",
+ "nix-test-runner": "nix-test-runner_3",
+ "nixpkgs": [
+ "sonnenshift",
+ "nixpkgs"
+ ],
+ "pre-commit-hooks": "pre-commit-hooks_3"
+ },
+ "locked": {
+ "lastModified": 1739473963,
+ "narHash": "sha256-ItAhpjNUzEWd/cgZVyW/jvoGbCec4TK29e1Mnmn1oJE=",
+ "owner": "nix-community",
+ "repo": "crate2nix",
+ "rev": "be31feae9a82c225c0fd1bdf978565dc452a483a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "crate2nix",
+ "type": "github"
+ }
+ },
+ "crate2nix_stable": {
+ "inputs": {
+ "cachix": "cachix_2",
+ "crate2nix_stable": "crate2nix_stable_2",
+ "devshell": "devshell_2",
+ "flake-compat": "flake-compat_3",
+ "flake-parts": "flake-parts_2",
+ "nix-test-runner": "nix-test-runner_2",
+ "nixpkgs": "nixpkgs_7",
+ "pre-commit-hooks": "pre-commit-hooks_2"
+ },
+ "locked": {
+ "lastModified": 1719760004,
+ "narHash": "sha256-esWhRnt7FhiYq0CcIxw9pvH+ybOQmWBfHYMtleaMhBE=",
+ "owner": "nix-community",
+ "repo": "crate2nix",
+ "rev": "1dee214bb20855fa3e1e7bb98d28922ddaff8c57",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "0.14.1",
+ "repo": "crate2nix",
+ "type": "github"
+ }
+ },
+ "crate2nix_stable_2": {
+ "inputs": {
+ "cachix": "cachix_3",
+ "crate2nix_stable": "crate2nix_stable_3",
+ "devshell": "devshell",
+ "flake-compat": "flake-compat_2",
+ "flake-parts": "flake-parts",
+ "nix-test-runner": "nix-test-runner",
+ "nixpkgs": "nixpkgs_6",
+ "pre-commit-hooks": "pre-commit-hooks"
+ },
+ "locked": {
+ "lastModified": 1712821484,
+ "narHash": "sha256-rGT3CW64cJS9nlnWPFWSc1iEa3dNZecVVuPVGzcsHe8=",
+ "owner": "nix-community",
+ "repo": "crate2nix",
+ "rev": "42883afcad3823fa5811e967fb7bff54bc3c9d6d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "0.14.0",
+ "repo": "crate2nix",
+ "type": "github"
+ }
+ },
+ "crate2nix_stable_3": {
+ "inputs": {
+ "flake-utils": "flake-utils"
+ },
+ "locked": {
+ "lastModified": 1702842982,
+ "narHash": "sha256-A9AowkHIjsy1a4LuiPiVP88FMxyCWK41flZEZOUuwQM=",
+ "owner": "nix-community",
+ "repo": "crate2nix",
+ "rev": "75ac2973affa6b9b4f661a7b592cba6e4f51d426",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "0.12.0",
+ "repo": "crate2nix",
+ "type": "github"
+ }
+ },
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
@@ -20,6 +221,78 @@
"type": "github"
}
},
+ "devshell": {
+ "inputs": {
+ "flake-utils": "flake-utils_2",
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1717408969,
+ "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_2": {
+ "inputs": {
+ "flake-utils": "flake-utils_3",
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1717408969,
+ "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "devshell_3": {
+ "inputs": {
+ "flake-utils": "flake-utils_4",
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1711099426,
+ "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
"disko": {
"inputs": {
"nixpkgs": [
@@ -42,7 +315,7 @@
},
"dream2nix": {
"inputs": {
- "nixpkgs": "nixpkgs_3",
+ "nixpkgs": "nixpkgs_8",
"purescript-overlay": "purescript-overlay",
"pyproject-nix": "pyproject-nix"
},
@@ -99,6 +372,48 @@
}
},
"flake-compat_2": {
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_3": {
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_4": {
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@@ -114,16 +429,157 @@
"type": "github"
}
},
+ "flake-parts": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1719745305,
+ "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-parts_2": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1719745305,
+ "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-parts_3": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "sonnenshift",
+ "crate2nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1712014858,
+ "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
- "lastModified": 1726560853,
- "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+ "lastModified": 1694529238,
+ "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+ "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_2": {
+ "inputs": {
+ "systems": "systems_3"
+ },
+ "locked": {
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_3": {
+ "inputs": {
+ "systems": "systems_4"
+ },
+ "locked": {
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_4": {
+ "inputs": {
+ "systems": "systems_5"
+ },
+ "locked": {
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_5": {
+ "inputs": {
+ "systems": "systems_6"
+ },
+ "locked": {
+ "lastModified": 1710146030,
+ "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@@ -152,25 +608,123 @@
"type": "github"
}
},
- "nix-github-actions": {
+ "gitignore": {
"inputs": {
"nixpkgs": [
"sonnenshift",
- "poetry2nixi",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
- "lastModified": 1729742964,
- "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
- "owner": "nix-community",
- "repo": "nix-github-actions",
- "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
- "owner": "nix-community",
- "repo": "nix-github-actions",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "gitignore_2": {
+ "inputs": {
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "pre-commit-hooks",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "gitignore_3": {
+ "inputs": {
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "pre-commit-hooks",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "nix-test-runner": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1588761593,
+ "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=",
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
+ "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
+ "type": "github"
+ }
+ },
+ "nix-test-runner_2": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1588761593,
+ "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=",
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
+ "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
+ "type": "github"
+ }
+ },
+ "nix-test-runner_3": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1588761593,
+ "narHash": "sha256-FKJykltAN/g3eIceJl4SfDnnyuH2jHImhMrXS2KvGIs=",
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
+ "rev": "c45d45b11ecef3eb9d834c3b6304c05c49b06ca2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "stoeffel",
+ "repo": "nix-test-runner",
"type": "github"
}
},
@@ -223,6 +777,80 @@
}
},
"nixpkgs_3": {
+ "locked": {
+ "lastModified": 1700612854,
+ "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_4": {
+ "locked": {
+ "lastModified": 1715534503,
+ "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_5": {
+ "locked": {
+ "lastModified": 1715534503,
+ "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_6": {
+ "locked": {
+ "lastModified": 1719506693,
+ "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
+ "path": "/nix/store/4p0avw1s3vf27hspgqsrqs37gxk4i83i-source",
+ "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a",
+ "type": "path"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_7": {
+ "locked": {
+ "lastModified": 1719506693,
+ "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
+ "path": "/nix/store/4p0avw1s3vf27hspgqsrqs37gxk4i83i-source",
+ "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a",
+ "type": "path"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_8": {
"locked": {
"lastModified": 1729850857,
"narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=",
@@ -238,34 +866,118 @@
"type": "github"
}
},
- "poetry2nixi": {
+ "pre-commit-hooks": {
"inputs": {
- "flake-utils": "flake-utils",
- "nix-github-actions": "nix-github-actions",
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "flake-compat"
+ ],
+ "gitignore": "gitignore",
"nixpkgs": [
"sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
"nixpkgs"
],
- "systems": "systems_3",
- "treefmt-nix": "treefmt-nix"
+ "nixpkgs-stable": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
},
"locked": {
- "lastModified": 1738741221,
- "narHash": "sha256-UiTOA89yQV5YNlO1ZAp4IqJUGWOnTyBC83netvt8rQE=",
- "owner": "nix-community",
- "repo": "poetry2nix",
- "rev": "be1fe795035d3d36359ca9135b26dcc5321b31fb",
+ "lastModified": 1719259945,
+ "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
"type": "github"
},
"original": {
- "owner": "nix-community",
- "repo": "poetry2nix",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "type": "github"
+ }
+ },
+ "pre-commit-hooks_2": {
+ "inputs": {
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "flake-compat"
+ ],
+ "gitignore": "gitignore_2",
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "nixpkgs"
+ ],
+ "nixpkgs-stable": [
+ "sonnenshift",
+ "crate2nix",
+ "crate2nix_stable",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1719259945,
+ "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "type": "github"
+ }
+ },
+ "pre-commit-hooks_3": {
+ "inputs": {
+ "flake-compat": [
+ "sonnenshift",
+ "crate2nix",
+ "flake-compat"
+ ],
+ "flake-utils": "flake-utils_5",
+ "gitignore": "gitignore_3",
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "nixpkgs"
+ ],
+ "nixpkgs-stable": [
+ "sonnenshift",
+ "crate2nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1712055707,
+ "narHash": "sha256-4XLvuSIDZJGS17xEwSrNuJLL7UjDYKGJSbK1WWX2AK8=",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "rev": "e35aed5fda3cc79f88ed7f1795021e559582093a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"purescript-overlay": {
"inputs": {
- "flake-compat": "flake-compat_2",
+ "flake-compat": "flake-compat_5",
"nixpkgs": [
"tlaternet-webserver",
"dream2nix",
@@ -358,21 +1070,22 @@
},
"sonnenshift": {
"inputs": {
+ "crate2nix": "crate2nix",
"nixpkgs": [
"nixpkgs"
- ],
- "poetry2nixi": "poetry2nixi"
+ ]
},
"locked": {
- "lastModified": 1738867540,
- "narHash": "sha256-co2Fs1VoWtTzo7IAeRtaNnyofoUWFOv/Aa/+vSorurA=",
- "ref": "refs/heads/main",
- "rev": "c6eeff42799c9d4073a241056198004d89bf87df",
- "revCount": 15,
+ "lastModified": 1740082109,
+ "narHash": "sha256-WdRNkwsIotFOSymee/yQyH46RmYtuxd1FENhvGL4KRc=",
+ "ref": "tlater/rust-rewrite",
+ "rev": "a1b48cf2ba194054e2d8816c94a84cebc4fb5de0",
+ "revCount": 23,
"type": "git",
"url": "ssh://git@github.com/sonnenshift/battery-manager"
},
"original": {
+ "ref": "tlater/rust-rewrite",
"type": "git",
"url": "ssh://git@github.com/sonnenshift/battery-manager"
}
@@ -442,6 +1155,51 @@
"type": "github"
}
},
+ "systems_4": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_5": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_6": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
"tlaternet-webserver": {
"inputs": {
"dream2nix": "dream2nix",
@@ -464,28 +1222,6 @@
"url": "https://gitea.tlater.net/tlaternet/tlaternet.git"
}
},
- "treefmt-nix": {
- "inputs": {
- "nixpkgs": [
- "sonnenshift",
- "poetry2nixi",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1730120726,
- "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
- "owner": "numtide",
- "repo": "treefmt-nix",
- "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "treefmt-nix",
- "type": "github"
- }
- },
"utils": {
"inputs": {
"systems": "systems"
diff --git a/flake.nix b/flake.nix
index b31d108..737a17f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -23,7 +23,7 @@
};
sonnenshift = {
- url = "git+ssh://git@github.com/sonnenshift/battery-manager";
+ url = "git+ssh://git@github.com/sonnenshift/battery-manager?ref=tlater/rust-rewrite";
inputs.nixpkgs.follows = "nixpkgs";
};
};
From a60cb7f60cc58e2696f171884f9130d451b3d2c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Sun, 16 Feb 2025 18:46:25 +0800
Subject: [PATCH 03/12] chore(coturn): Switch to letsencrypt certificate
Fixes #107
---
configuration/nginx.nix | 8 ++++++-
configuration/services/conduit/default.nix | 11 +++++----
configuration/services/metrics/exporters.nix | 10 ++++++++
.../services/metrics/victoriametrics.nix | 24 +++++++++++++++++++
4 files changed, 47 insertions(+), 6 deletions(-)
diff --git a/configuration/nginx.nix b/configuration/nginx.nix
index 0b72cc1..3ec3bd9 100644
--- a/configuration/nginx.nix
+++ b/configuration/nginx.nix
@@ -53,7 +53,7 @@
"*.tlater.com"
];
dnsProvider = "porkbun";
- group = "nginx";
+ group = "ssl-cert";
credentialFiles = {
PORKBUN_API_KEY_FILE = config.sops.secrets."porkbun/api-key".path;
PORKBUN_SECRET_API_KEY_FILE = config.sops.secrets."porkbun/secret-api-key".path;
@@ -61,6 +61,12 @@
};
};
+ users.groups.ssl-cert = { };
+
+ systemd.services.nginx.serviceConfig.SupplementaryGroups = [
+ config.security.acme.certs."tlater.net".group
+ ];
+
services.backups.acme = {
user = "acme";
paths = lib.mapAttrsToList (
diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix
index c3803f4..c7e4ab4 100644
--- a/configuration/services/conduit/default.nix
+++ b/configuration/services/conduit/default.nix
@@ -50,6 +50,10 @@ in
# See also https://gitlab.com/famedly/conduit/-/issues/314
systemd.services.conduit.serviceConfig.EnvironmentFile = config.sops.secrets."turn/env".path;
+ systemd.services.coturn.serviceConfig.SupplementaryGroups = [
+ config.security.acme.certs."tlater.net".group
+ ];
+
services.coturn = {
enable = true;
no-cli = true;
@@ -59,11 +63,8 @@ in
relay-ips = [ "116.202.158.55" ];
# SSL config
- #
- # TODO(tlater): Switch to letsencrypt once google fix:
- # https://github.com/vector-im/element-android/issues/1533
- pkey = config.sops.secrets."turn/ssl-key".path;
- cert = config.sops.secrets."turn/ssl-cert".path;
+ pkey = "${config.security.acme.certs."tlater.net".directory}/key.pem";
+ cert = "${config.security.acme.certs."tlater.net".directory}/fullchain.pem";
# Based on suggestions from
# https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md
diff --git a/configuration/services/metrics/exporters.nix b/configuration/services/metrics/exporters.nix
index a47a701..78ba684 100644
--- a/configuration/services/metrics/exporters.nix
+++ b/configuration/services/metrics/exporters.nix
@@ -20,6 +20,16 @@ in
timeout = "5s";
http.preferred_ip_protocol = "ip4";
};
+
+ turn_server = {
+ prober = "tcp";
+ timeout = "5s";
+ tcp = {
+ preferred_ip_protocol = "ip4";
+ source_ip_address = "116.202.158.55";
+ tls = true;
+ };
+ };
};
};
};
diff --git a/configuration/services/metrics/victoriametrics.nix b/configuration/services/metrics/victoriametrics.nix
index eca65d0..4a78d46 100644
--- a/configuration/services/metrics/victoriametrics.nix
+++ b/configuration/services/metrics/victoriametrics.nix
@@ -40,6 +40,30 @@ in
};
};
+ blackbox_turn = {
+ targets = [ "turn.tlater.net:${toString config.services.coturn.tls-listening-port}" ];
+
+ extraSettings = {
+ metrics_path = "/probe";
+ params.module = [ "turn_server" ];
+
+ relabel_configs = [
+ {
+ source_labels = [ "__address__" ];
+ target_label = "__param_target";
+ }
+ {
+ source_labels = [ "__param_target" ];
+ target_label = "instance";
+ }
+ {
+ target_label = "__address__";
+ replacement = "${blackbox_host}:${toString blackbox_port}";
+ }
+ ];
+ };
+ };
+
blackbox_exporter.targets = [ "${blackbox_host}:${toString blackbox_port}" ];
coturn.targets = [ "127.0.0.1:9641" ];
From be1d739b400a5c16c7b51c82916960b30692995c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Sun, 23 Feb 2025 01:43:13 +0800
Subject: [PATCH 04/12] bump: Update inputs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Flake lock file updates:
• Updated input 'disko':
'github:nix-community/disko/fa5746ecea1772cf59b3f34c5816ab3531478142?narHash=sha256-xFnU%2BuUl48Icas2wPQ%2BZzlL2O3n8f6J2LrzNK9f2nng%3D' (2025-02-15)
→ 'github:nix-community/disko/15dbf8cebd8e2655a883b74547108e089f051bf0?narHash=sha256-lSOXdgW/1zi/SSu7xp71v%2B55D5Egz8ACv0STkj7fhbs%3D' (2025-02-18)
• Updated input 'foundryvtt':
'github:reckenrode/nix-foundryvtt/0a72a4bf64224c6584fd1b9e9f0012dd09af979a?narHash=sha256-vM9C1gFiQGa3nTYqmTBI8MoiUfprkQdepUBbxV7ECMQ%3D' (2025-01-17)
→ 'github:reckenrode/nix-foundryvtt/a7fa493ba2c623cf90e83756b62285b3b58f18d2?narHash=sha256-u3m%2BawbdL%2B0BKk8IWidsWMr%2BR0ian3GZMUlH7623kd8%3D' (2025-02-16)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/30d4471a8a2a13b716530d3aad60b9846ea5ff83?narHash=sha256-jGiez5BtGGJUB/LXzRa%2B4AQurMO9acc1B69kBfgQhJc%3D' (2025-02-15)
→ 'github:nixos/nixpkgs/11415c7ae8539d6292f2928317ee7a8410b28bb9?narHash=sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM%3D' (2025-02-21)
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/31ff66eb77d02e9ac34b7256a02edb1c43fb9998?narHash=sha256-3bnOIZz8KXtzcaXGuH9Eriv0HiQyr1EIfcye%2BVHLQZE%3D' (2025-02-15)
→ 'github:nixos/nixpkgs/8465e233b0668cf162c608a92e62e8d78c1ba7e4?narHash=sha256-wzBbGGZ6i1VVBA/cDJaLfuuGYCUriD7fwsLgJJHRVRk%3D' (2025-02-22)
---
flake.lock | 27 +++++++++++++--------------
flake.nix | 2 +-
pkgs/crowdsec/_sources/generated.json | 8 ++++----
pkgs/crowdsec/_sources/generated.nix | 8 ++++----
4 files changed, 22 insertions(+), 23 deletions(-)
diff --git a/flake.lock b/flake.lock
index 276b8b2..37c3d5f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -300,11 +300,11 @@
]
},
"locked": {
- "lastModified": 1739634831,
- "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=",
+ "lastModified": 1739841949,
+ "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=",
"owner": "nix-community",
"repo": "disko",
- "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142",
+ "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0",
"type": "github"
},
"original": {
@@ -595,11 +595,11 @@
]
},
"locked": {
- "lastModified": 1737076827,
- "narHash": "sha256-vM9C1gFiQGa3nTYqmTBI8MoiUfprkQdepUBbxV7ECMQ=",
+ "lastModified": 1739712626,
+ "narHash": "sha256-u3m+awbdL+0BKk8IWidsWMr+R0ian3GZMUlH7623kd8=",
"owner": "reckenrode",
"repo": "nix-foundryvtt",
- "rev": "0a72a4bf64224c6584fd1b9e9f0012dd09af979a",
+ "rev": "a7fa493ba2c623cf90e83756b62285b3b58f18d2",
"type": "github"
},
"original": {
@@ -746,11 +746,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1739611738,
- "narHash": "sha256-3bnOIZz8KXtzcaXGuH9Eriv0HiQyr1EIfcye+VHLQZE=",
+ "lastModified": 1740215764,
+ "narHash": "sha256-wzBbGGZ6i1VVBA/cDJaLfuuGYCUriD7fwsLgJJHRVRk=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "31ff66eb77d02e9ac34b7256a02edb1c43fb9998",
+ "rev": "8465e233b0668cf162c608a92e62e8d78c1ba7e4",
"type": "github"
},
"original": {
@@ -762,11 +762,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1739578539,
- "narHash": "sha256-jGiez5BtGGJUB/LXzRa+4AQurMO9acc1B69kBfgQhJc=",
+ "lastModified": 1740162160,
+ "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "30d4471a8a2a13b716530d3aad60b9846ea5ff83",
+ "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9",
"type": "github"
},
"original": {
@@ -1078,14 +1078,13 @@
"locked": {
"lastModified": 1740082109,
"narHash": "sha256-WdRNkwsIotFOSymee/yQyH46RmYtuxd1FENhvGL4KRc=",
- "ref": "tlater/rust-rewrite",
+ "ref": "refs/heads/main",
"rev": "a1b48cf2ba194054e2d8816c94a84cebc4fb5de0",
"revCount": 23,
"type": "git",
"url": "ssh://git@github.com/sonnenshift/battery-manager"
},
"original": {
- "ref": "tlater/rust-rewrite",
"type": "git",
"url": "ssh://git@github.com/sonnenshift/battery-manager"
}
diff --git a/flake.nix b/flake.nix
index 737a17f..b31d108 100644
--- a/flake.nix
+++ b/flake.nix
@@ -23,7 +23,7 @@
};
sonnenshift = {
- url = "git+ssh://git@github.com/sonnenshift/battery-manager?ref=tlater/rust-rewrite";
+ url = "git+ssh://git@github.com/sonnenshift/battery-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
};
diff --git a/pkgs/crowdsec/_sources/generated.json b/pkgs/crowdsec/_sources/generated.json
index 634bc18..ac251aa 100644
--- a/pkgs/crowdsec/_sources/generated.json
+++ b/pkgs/crowdsec/_sources/generated.json
@@ -21,7 +21,7 @@
},
"crowdsec-hub": {
"cargoLocks": null,
- "date": "2025-02-16",
+ "date": "2025-02-22",
"extract": null,
"name": "crowdsec-hub",
"passthru": null,
@@ -33,10 +33,10 @@
"name": null,
"owner": "crowdsecurity",
"repo": "hub",
- "rev": "f7d7f476f88a4af05e1cfb3994536990adecfb57",
- "sha256": "sha256-m78uipryHDKixJzrF4K59ioAJ3WJN1JlXEC0DNVMCJ8=",
+ "rev": "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df",
+ "sha256": "sha256-45pUln7Qj5luY9I9BE2qhzjH7kv4IbYvNoEX3/4AVVg=",
"type": "github"
},
- "version": "f7d7f476f88a4af05e1cfb3994536990adecfb57"
+ "version": "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df"
}
}
\ No newline at end of file
diff --git a/pkgs/crowdsec/_sources/generated.nix b/pkgs/crowdsec/_sources/generated.nix
index 7ef44e6..9c63cc5 100644
--- a/pkgs/crowdsec/_sources/generated.nix
+++ b/pkgs/crowdsec/_sources/generated.nix
@@ -14,14 +14,14 @@
};
crowdsec-hub = {
pname = "crowdsec-hub";
- version = "f7d7f476f88a4af05e1cfb3994536990adecfb57";
+ version = "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
- rev = "f7d7f476f88a4af05e1cfb3994536990adecfb57";
+ rev = "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df";
fetchSubmodules = false;
- sha256 = "sha256-m78uipryHDKixJzrF4K59ioAJ3WJN1JlXEC0DNVMCJ8=";
+ sha256 = "sha256-45pUln7Qj5luY9I9BE2qhzjH7kv4IbYvNoEX3/4AVVg=";
};
- date = "2025-02-16";
+ date = "2025-02-22";
};
}
From e4a7fa8764f2c283e0d1d989e53d61e078ed48d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 28 Feb 2025 01:47:58 +0800
Subject: [PATCH 05/12] feat(grafana): Use the victoriametrics metrics plugin
---
configuration/services/metrics/grafana.nix | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/configuration/services/metrics/grafana.nix b/configuration/services/metrics/grafana.nix
index e597cff..d14b908 100644
--- a/configuration/services/metrics/grafana.nix
+++ b/configuration/services/metrics/grafana.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ pkgs, config, ... }:
let
domain = "metrics.${config.services.nginx.domain}";
in
@@ -28,6 +28,10 @@ in
};
};
+ declarativePlugins = [
+ pkgs.grafanaPlugins.victoriametrics-metrics-datasource
+ ];
+
provision = {
enable = true;
@@ -35,7 +39,9 @@ in
{
name = "Victoriametrics - tlater.net";
url = "http://localhost:8428";
- type = "prometheus";
+ type = "victoriametrics-metrics-datasource";
+ access = "proxy";
+ isDefault = true;
}
];
};
From a398790ef496f6cac8a485b2a3ef1d065e48d639 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 28 Feb 2025 01:43:10 +0800
Subject: [PATCH 06/12] feat(metrics): Add victorialogs
---
configuration/services/metrics/default.nix | 1 +
configuration/services/metrics/grafana.nix | 15 ++-
.../services/metrics/victorialogs.nix | 110 ++++++++++++++++++
3 files changed, 125 insertions(+), 1 deletion(-)
create mode 100644 configuration/services/metrics/victorialogs.nix
diff --git a/configuration/services/metrics/default.nix b/configuration/services/metrics/default.nix
index 84e126a..fe250fe 100644
--- a/configuration/services/metrics/default.nix
+++ b/configuration/services/metrics/default.nix
@@ -5,5 +5,6 @@
./exporters.nix
./grafana.nix
./victoriametrics.nix
+ ./victorialogs.nix
];
}
diff --git a/configuration/services/metrics/grafana.nix b/configuration/services/metrics/grafana.nix
index d14b908..b872833 100644
--- a/configuration/services/metrics/grafana.nix
+++ b/configuration/services/metrics/grafana.nix
@@ -1,4 +1,9 @@
-{ pkgs, config, ... }:
+{
+ pkgs,
+ config,
+ flake-inputs,
+ ...
+}:
let
domain = "metrics.${config.services.nginx.domain}";
in
@@ -30,6 +35,7 @@ in
declarativePlugins = [
pkgs.grafanaPlugins.victoriametrics-metrics-datasource
+ flake-inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.grafanaPlugins.victoriametrics-logs-datasource
];
provision = {
@@ -43,6 +49,13 @@ in
access = "proxy";
isDefault = true;
}
+
+ {
+ name = "Victorialogs - tlater.net";
+ url = "http://${config.services.victorialogs.bindAddress}";
+ type = "victoriametrics-logs-datasource";
+ access = "proxy";
+ }
];
};
};
diff --git a/configuration/services/metrics/victorialogs.nix b/configuration/services/metrics/victorialogs.nix
new file mode 100644
index 0000000..ed74c59
--- /dev/null
+++ b/configuration/services/metrics/victorialogs.nix
@@ -0,0 +1,110 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+let
+ cfg = config.services.victorialogs;
+ pkg = pkgs.victoriametrics;
+ dirname = "victorialogs";
+in
+{
+ options.services.victorialogs =
+ let
+ inherit (lib.types) str;
+ in
+ {
+ listenAddress = lib.mkOption {
+ default = ":9428";
+ type = str;
+ };
+
+ bindAddress = lib.mkOption {
+ readOnly = true;
+ type = str;
+ description = ''
+ Final address on which victorialogs listens.
+ '';
+ };
+ };
+
+ config = {
+ services.victorialogs.bindAddress =
+ (lib.optionalString (lib.hasPrefix ":" cfg.listenAddress) "127.0.0.1") + cfg.listenAddress;
+
+ services.journald.upload = {
+ enable = true;
+ settings.Upload = {
+ URL = "http://${cfg.bindAddress}/insert/journald";
+ NetworkTimeoutSec = "20s";
+ };
+ };
+
+ systemd.services."systemd-journal-upload".after = [ "victorialogs.service" ];
+
+ systemd.services.victorialogs = {
+ description = "VictoriaLogs log database";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ startLimitBurst = 5;
+
+ serviceConfig = {
+ ExecStart = lib.escapeShellArgs [
+ "${pkg}/bin/victoria-logs"
+ "-storageDataPath=/var/lib/${dirname}"
+ "-httpListenAddr=${cfg.listenAddress}"
+ ];
+
+ DynamicUser = true;
+ RestartSec = 1;
+ Restart = "on-failure";
+ RuntimeDirectory = dirname;
+ RuntimeDirectoryMode = "0700";
+ StateDirectory = dirname;
+ StateDirectoryMode = "0700";
+
+ LimitNOFILE = 1048576;
+
+ # Hardening
+ DeviceAllow = [ "/dev/null rw" ];
+ DevicePolicy = "strict";
+ LockPersonality = true;
+ MemoryDenyWriteExecute = true;
+ NoNewPrivileges = true;
+ PrivateDevices = true;
+ PrivateTmp = true;
+ PrivateUsers = true;
+ ProtectClock = true;
+ ProtectControlGroups = true;
+ ProtectHome = true;
+ ProtectHostname = true;
+ ProtectKernelLogs = true;
+ ProtectKernelModules = true;
+ ProtectKernelTunables = true;
+ ProtectProc = "invisible";
+ ProtectSystem = "full";
+ RemoveIPC = true;
+ RestrictAddressFamilies = [
+ "AF_INET"
+ "AF_INET6"
+ "AF_UNIX"
+ ];
+ RestrictNamespaces = true;
+ RestrictRealtime = true;
+ RestrictSUIDSGID = true;
+ SystemCallArchitectures = "native";
+ SystemCallFilter = [
+ "@system-service"
+ "~@privileged"
+ ];
+ };
+
+ postStart = lib.mkBefore ''
+ until ${lib.getBin pkgs.curl}/bin/curl -s -o /dev/null http://${cfg.bindAddress}/ping; do
+ sleep 1;
+ done
+ '';
+ };
+ };
+}
From 3c6afa0c66544826169432018f82ae22169c12cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 4 Apr 2025 21:06:27 +0800
Subject: [PATCH 07/12] feat(matrix): Switch to conduwuit
This fixes support for the new sliding sync API.
---
.../hardware-specific/hetzner/disko.nix | 11 +
configuration/services/conduit/default.nix | 19 +-
flake.lock | 912 +++++++++++++++---
flake.nix | 4 +
4 files changed, 807 insertions(+), 139 deletions(-)
diff --git a/configuration/hardware-specific/hetzner/disko.nix b/configuration/hardware-specific/hetzner/disko.nix
index cc15471..7e1acd7 100644
--- a/configuration/hardware-specific/hetzner/disko.nix
+++ b/configuration/hardware-specific/hetzner/disko.nix
@@ -80,6 +80,17 @@
inherit mountOptions;
mountpoint = "/var";
};
+ "/volume/var/lib/private/matrix-conduit" = {
+ mountOptions = [
+ # Explicitly don't compress here, since
+ # conduwuit's database does compression by
+ # itself, and relies on being able to read the
+ # raw file data from disk (which is impossible
+ # if btrfs compresses it)
+ "noatime"
+ ];
+ mountpoint = "/var/lib/private/matrix-conduit";
+ };
"/volume/nix-store" = {
inherit mountOptions;
mountpoint = "/nix";
diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix
index c7e4ab4..5a2b8ac 100644
--- a/configuration/services/conduit/default.nix
+++ b/configuration/services/conduit/default.nix
@@ -1,4 +1,6 @@
{
+ pkgs,
+ flake-inputs,
config,
lib,
...
@@ -18,10 +20,12 @@ in
services.matrix-conduit = {
enable = true;
+ package = flake-inputs.conduwuit.packages.${pkgs.system}.default;
settings.global = {
address = "127.0.0.1";
server_name = domain;
- database_backend = "rocksdb";
+ new_user_displayname_suffix = "🦆";
+ allow_check_for_updates = true;
# Set up delegation: https://docs.conduit.rs/delegation.html#automatic-recommended
# This is primarily to make sliding sync work
@@ -44,11 +48,14 @@ in
};
};
- # Pass in the TURN secret via EnvironmentFile, not supported by
- # upstream module currently.
- #
- # See also https://gitlab.com/famedly/conduit/-/issues/314
- systemd.services.conduit.serviceConfig.EnvironmentFile = config.sops.secrets."turn/env".path;
+ systemd.services.conduit.serviceConfig = {
+ ExecStart = lib.mkForce "${config.services.matrix-conduit.package}/bin/conduwuit";
+ # Pass in the TURN secret via EnvironmentFile, not supported by
+ # upstream module currently.
+ #
+ # See also https://gitlab.com/famedly/conduit/-/issues/314
+ EnvironmentFile = config.sops.secrets."turn/env".path;
+ };
systemd.services.coturn.serviceConfig.SupplementaryGroups = [
config.security.acme.certs."tlater.net".group
diff --git a/flake.lock b/flake.lock
index 37c3d5f..3f3fc39 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,6 +1,86 @@
{
"nodes": {
+ "attic": {
+ "inputs": {
+ "crane": "crane",
+ "flake-compat": "flake-compat",
+ "flake-parts": "flake-parts",
+ "nix-github-actions": "nix-github-actions",
+ "nixpkgs": "nixpkgs",
+ "nixpkgs-stable": "nixpkgs-stable"
+ },
+ "locked": {
+ "lastModified": 1738524606,
+ "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=",
+ "owner": "zhaofengli",
+ "repo": "attic",
+ "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "zhaofengli",
+ "ref": "main",
+ "repo": "attic",
+ "type": "github"
+ }
+ },
"cachix": {
+ "inputs": {
+ "devenv": "devenv",
+ "flake-compat": "flake-compat_2",
+ "git-hooks": "git-hooks",
+ "nixpkgs": "nixpkgs_4"
+ },
+ "locked": {
+ "lastModified": 1737621947,
+ "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=",
+ "owner": "cachix",
+ "repo": "cachix",
+ "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "ref": "master",
+ "repo": "cachix",
+ "type": "github"
+ }
+ },
+ "cachix_2": {
+ "inputs": {
+ "devenv": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "flake-compat": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "git-hooks": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "nixpkgs": "nixpkgs_2"
+ },
+ "locked": {
+ "lastModified": 1728672398,
+ "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=",
+ "owner": "cachix",
+ "repo": "cachix",
+ "rev": "aac51f698309fd0f381149214b7eee213c66ef0a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "ref": "latest",
+ "repo": "cachix",
+ "type": "github"
+ }
+ },
+ "cachix_3": {
"inputs": {
"devenv": [
"sonnenshift",
@@ -10,7 +90,7 @@
"sonnenshift",
"crate2nix"
],
- "nixpkgs": "nixpkgs_3",
+ "nixpkgs": "nixpkgs_7",
"pre-commit-hooks": [
"sonnenshift",
"crate2nix"
@@ -31,7 +111,7 @@
"type": "github"
}
},
- "cachix_2": {
+ "cachix_4": {
"inputs": {
"devenv": [
"sonnenshift",
@@ -43,7 +123,7 @@
"crate2nix",
"crate2nix_stable"
],
- "nixpkgs": "nixpkgs_4",
+ "nixpkgs": "nixpkgs_8",
"pre-commit-hooks": [
"sonnenshift",
"crate2nix",
@@ -65,7 +145,7 @@
"type": "github"
}
},
- "cachix_3": {
+ "cachix_5": {
"inputs": {
"devenv": [
"sonnenshift",
@@ -79,7 +159,7 @@
"crate2nix_stable",
"crate2nix_stable"
],
- "nixpkgs": "nixpkgs_5",
+ "nixpkgs": "nixpkgs_9",
"pre-commit-hooks": [
"sonnenshift",
"crate2nix",
@@ -102,13 +182,98 @@
"type": "github"
}
},
+ "complement": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1741891349,
+ "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=",
+ "owner": "girlbossceo",
+ "repo": "complement",
+ "rev": "e587b3df569cba411aeac7c20b6366d03c143745",
+ "type": "github"
+ },
+ "original": {
+ "owner": "girlbossceo",
+ "ref": "main",
+ "repo": "complement",
+ "type": "github"
+ }
+ },
+ "conduwuit": {
+ "inputs": {
+ "attic": "attic",
+ "cachix": "cachix",
+ "complement": "complement",
+ "crane": "crane_2",
+ "fenix": "fenix",
+ "flake-compat": "flake-compat_3",
+ "flake-utils": "flake-utils",
+ "liburing": "liburing",
+ "nix-filter": "nix-filter",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "rocksdb": "rocksdb"
+ },
+ "locked": {
+ "lastModified": 1743473828,
+ "narHash": "sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI=",
+ "owner": "girlbossceo",
+ "repo": "conduwuit",
+ "rev": "0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "girlbossceo",
+ "repo": "conduwuit",
+ "type": "github"
+ }
+ },
+ "crane": {
+ "inputs": {
+ "nixpkgs": [
+ "conduwuit",
+ "attic",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1722960479,
+ "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
+ "owner": "ipetkov",
+ "repo": "crane",
+ "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "ipetkov",
+ "repo": "crane",
+ "type": "github"
+ }
+ },
+ "crane_2": {
+ "locked": {
+ "lastModified": 1739936662,
+ "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=",
+ "owner": "ipetkov",
+ "repo": "crane",
+ "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7",
+ "type": "github"
+ },
+ "original": {
+ "owner": "ipetkov",
+ "ref": "master",
+ "repo": "crane",
+ "type": "github"
+ }
+ },
"crate2nix": {
"inputs": {
- "cachix": "cachix",
+ "cachix": "cachix_3",
"crate2nix_stable": "crate2nix_stable",
"devshell": "devshell_3",
- "flake-compat": "flake-compat_4",
- "flake-parts": "flake-parts_3",
+ "flake-compat": "flake-compat_7",
+ "flake-parts": "flake-parts_5",
"nix-test-runner": "nix-test-runner_3",
"nixpkgs": [
"sonnenshift",
@@ -132,13 +297,13 @@
},
"crate2nix_stable": {
"inputs": {
- "cachix": "cachix_2",
+ "cachix": "cachix_4",
"crate2nix_stable": "crate2nix_stable_2",
"devshell": "devshell_2",
- "flake-compat": "flake-compat_3",
- "flake-parts": "flake-parts_2",
+ "flake-compat": "flake-compat_6",
+ "flake-parts": "flake-parts_4",
"nix-test-runner": "nix-test-runner_2",
- "nixpkgs": "nixpkgs_7",
+ "nixpkgs": "nixpkgs_11",
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
@@ -158,13 +323,13 @@
},
"crate2nix_stable_2": {
"inputs": {
- "cachix": "cachix_3",
+ "cachix": "cachix_5",
"crate2nix_stable": "crate2nix_stable_3",
"devshell": "devshell",
- "flake-compat": "flake-compat_2",
- "flake-parts": "flake-parts",
+ "flake-compat": "flake-compat_5",
+ "flake-parts": "flake-parts_3",
"nix-test-runner": "nix-test-runner",
- "nixpkgs": "nixpkgs_6",
+ "nixpkgs": "nixpkgs_10",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
@@ -184,7 +349,7 @@
},
"crate2nix_stable_3": {
"inputs": {
- "flake-utils": "flake-utils"
+ "flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1702842982,
@@ -203,8 +368,8 @@
},
"deploy-rs": {
"inputs": {
- "flake-compat": "flake-compat",
- "nixpkgs": "nixpkgs",
+ "flake-compat": "flake-compat_4",
+ "nixpkgs": "nixpkgs_5",
"utils": "utils"
},
"locked": {
@@ -221,9 +386,43 @@
"type": "github"
}
},
+ "devenv": {
+ "inputs": {
+ "cachix": "cachix_2",
+ "flake-compat": [
+ "conduwuit",
+ "cachix",
+ "flake-compat"
+ ],
+ "git-hooks": [
+ "conduwuit",
+ "cachix",
+ "git-hooks"
+ ],
+ "nix": "nix",
+ "nixpkgs": [
+ "conduwuit",
+ "cachix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1733323168,
+ "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=",
+ "owner": "cachix",
+ "repo": "devenv",
+ "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "devenv",
+ "type": "github"
+ }
+ },
"devshell": {
"inputs": {
- "flake-utils": "flake-utils_2",
+ "flake-utils": "flake-utils_3",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -248,7 +447,7 @@
},
"devshell_2": {
"inputs": {
- "flake-utils": "flake-utils_3",
+ "flake-utils": "flake-utils_4",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -272,7 +471,7 @@
},
"devshell_3": {
"inputs": {
- "flake-utils": "flake-utils_4",
+ "flake-utils": "flake-utils_5",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -315,7 +514,7 @@
},
"dream2nix": {
"inputs": {
- "nixpkgs": "nixpkgs_8",
+ "nixpkgs": "nixpkgs_12",
"purescript-overlay": "purescript-overlay",
"pyproject-nix": "pyproject-nix"
},
@@ -336,11 +535,34 @@
"fenix": {
"inputs": {
"nixpkgs": [
- "tlaternet-webserver",
+ "conduwuit",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
+ "locked": {
+ "lastModified": 1740724364,
+ "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=",
+ "owner": "nix-community",
+ "repo": "fenix",
+ "rev": "edf7d9e431cda8782e729253835f178a356d3aab",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "main",
+ "repo": "fenix",
+ "type": "github"
+ }
+ },
+ "fenix_2": {
+ "inputs": {
+ "nixpkgs": [
+ "tlaternet-webserver",
+ "nixpkgs"
+ ],
+ "rust-analyzer-src": "rust-analyzer-src_2"
+ },
"locked": {
"lastModified": 1737181903,
"narHash": "sha256-lvp77MhGzSN+ICd0MugppCjQR6cmlM2iAC5cjy2ZsaA=",
@@ -372,34 +594,55 @@
}
},
"flake-compat_2": {
+ "flake": false,
"locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
- "revCount": 57,
- "type": "tarball",
- "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ "lastModified": 1733328505,
+ "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+ "type": "github"
},
"original": {
- "type": "tarball",
- "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
}
},
"flake-compat_3": {
+ "flake": false,
"locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
- "revCount": 57,
- "type": "tarball",
- "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ "lastModified": 1733328505,
+ "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+ "type": "github"
},
"original": {
- "type": "tarball",
- "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ "owner": "edolstra",
+ "ref": "master",
+ "repo": "flake-compat",
+ "type": "github"
}
},
"flake-compat_4": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_5": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@@ -413,7 +656,35 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
- "flake-compat_5": {
+ "flake-compat_6": {
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_7": {
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "revCount": 57,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+ }
+ },
+ "flake-compat_8": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@@ -430,6 +701,52 @@
}
},
"flake-parts": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "conduwuit",
+ "attic",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1722555600,
+ "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-parts_2": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "conduwuit",
+ "cachix",
+ "devenv",
+ "nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1712014858,
+ "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"sonnenshift",
@@ -453,7 +770,7 @@
"type": "github"
}
},
- "flake-parts_2": {
+ "flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"sonnenshift",
@@ -476,7 +793,7 @@
"type": "github"
}
},
- "flake-parts_3": {
+ "flake-parts_5": {
"inputs": {
"nixpkgs-lib": [
"sonnenshift",
@@ -500,18 +817,19 @@
},
"flake-utils": {
"inputs": {
- "systems": "systems_2"
+ "systems": "systems"
},
"locked": {
- "lastModified": 1694529238,
- "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
+ "ref": "main",
"repo": "flake-utils",
"type": "github"
}
@@ -521,11 +839,11 @@
"systems": "systems_3"
},
"locked": {
- "lastModified": 1701680307,
- "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "lastModified": 1694529238,
+ "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@@ -574,6 +892,24 @@
"inputs": {
"systems": "systems_6"
},
+ "locked": {
+ "lastModified": 1701680307,
+ "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_6": {
+ "inputs": {
+ "systems": "systems_7"
+ },
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@@ -608,14 +944,41 @@
"type": "github"
}
},
+ "git-hooks": {
+ "inputs": {
+ "flake-compat": [
+ "conduwuit",
+ "cachix",
+ "flake-compat"
+ ],
+ "gitignore": "gitignore",
+ "nixpkgs": [
+ "conduwuit",
+ "cachix",
+ "nixpkgs"
+ ],
+ "nixpkgs-stable": "nixpkgs-stable_2"
+ },
+ "locked": {
+ "lastModified": 1733318908,
+ "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
+ "owner": "cachix",
+ "repo": "git-hooks.nix",
+ "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "git-hooks.nix",
+ "type": "github"
+ }
+ },
"gitignore": {
"inputs": {
"nixpkgs": [
- "sonnenshift",
- "crate2nix",
- "crate2nix_stable",
- "crate2nix_stable",
- "pre-commit-hooks",
+ "conduwuit",
+ "cachix",
+ "git-hooks",
"nixpkgs"
]
},
@@ -639,6 +1002,7 @@
"sonnenshift",
"crate2nix",
"crate2nix_stable",
+ "crate2nix_stable",
"pre-commit-hooks",
"nixpkgs"
]
@@ -662,6 +1026,7 @@
"nixpkgs": [
"sonnenshift",
"crate2nix",
+ "crate2nix_stable",
"pre-commit-hooks",
"nixpkgs"
]
@@ -680,6 +1045,141 @@
"type": "github"
}
},
+ "gitignore_4": {
+ "inputs": {
+ "nixpkgs": [
+ "sonnenshift",
+ "crate2nix",
+ "pre-commit-hooks",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "libgit2": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1697646580,
+ "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
+ "owner": "libgit2",
+ "repo": "libgit2",
+ "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "libgit2",
+ "repo": "libgit2",
+ "type": "github"
+ }
+ },
+ "liburing": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1740613216,
+ "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=",
+ "owner": "axboe",
+ "repo": "liburing",
+ "rev": "e1003e496e66f9b0ae06674869795edf772d5500",
+ "type": "github"
+ },
+ "original": {
+ "owner": "axboe",
+ "ref": "master",
+ "repo": "liburing",
+ "type": "github"
+ }
+ },
+ "nix": {
+ "inputs": {
+ "flake-compat": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "flake-parts": "flake-parts_2",
+ "libgit2": "libgit2",
+ "nixpkgs": "nixpkgs_3",
+ "nixpkgs-23-11": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "nixpkgs-regression": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ],
+ "pre-commit-hooks": [
+ "conduwuit",
+ "cachix",
+ "devenv"
+ ]
+ },
+ "locked": {
+ "lastModified": 1727438425,
+ "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=",
+ "owner": "domenkozar",
+ "repo": "nix",
+ "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546",
+ "type": "github"
+ },
+ "original": {
+ "owner": "domenkozar",
+ "ref": "devenv-2.24",
+ "repo": "nix",
+ "type": "github"
+ }
+ },
+ "nix-filter": {
+ "locked": {
+ "lastModified": 1731533336,
+ "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
+ "owner": "numtide",
+ "repo": "nix-filter",
+ "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "ref": "main",
+ "repo": "nix-filter",
+ "type": "github"
+ }
+ },
+ "nix-github-actions": {
+ "inputs": {
+ "nixpkgs": [
+ "conduwuit",
+ "attic",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1729742964,
+ "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+ "owner": "nix-community",
+ "repo": "nix-github-actions",
+ "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "nix-github-actions",
+ "type": "github"
+ }
+ },
"nix-test-runner": {
"flake": false,
"locked": {
@@ -730,11 +1230,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1702272962,
- "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
+ "lastModified": 1726042813,
+ "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
+ "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"type": "github"
},
"original": {
@@ -744,6 +1244,38 @@
"type": "github"
}
},
+ "nixpkgs-stable": {
+ "locked": {
+ "lastModified": 1724316499,
+ "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-24.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-stable_2": {
+ "locked": {
+ "lastModified": 1730741070,
+ "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-24.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1740215764,
@@ -760,71 +1292,7 @@
"type": "github"
}
},
- "nixpkgs_2": {
- "locked": {
- "lastModified": 1740162160,
- "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9",
- "type": "github"
- },
- "original": {
- "owner": "nixos",
- "ref": "nixos-24.11-small",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_3": {
- "locked": {
- "lastModified": 1700612854,
- "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_4": {
- "locked": {
- "lastModified": 1715534503,
- "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_5": {
- "locked": {
- "lastModified": 1715534503,
- "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_6": {
+ "nixpkgs_10": {
"locked": {
"lastModified": 1719506693,
"narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
@@ -837,7 +1305,7 @@
"type": "indirect"
}
},
- "nixpkgs_7": {
+ "nixpkgs_11": {
"locked": {
"lastModified": 1719506693,
"narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
@@ -850,7 +1318,7 @@
"type": "indirect"
}
},
- "nixpkgs_8": {
+ "nixpkgs_12": {
"locked": {
"lastModified": 1729850857,
"narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=",
@@ -866,6 +1334,134 @@
"type": "github"
}
},
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1730531603,
+ "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_3": {
+ "locked": {
+ "lastModified": 1717432640,
+ "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "release-24.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_4": {
+ "locked": {
+ "lastModified": 1733212471,
+ "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_5": {
+ "locked": {
+ "lastModified": 1702272962,
+ "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_6": {
+ "locked": {
+ "lastModified": 1740162160,
+ "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-24.11-small",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_7": {
+ "locked": {
+ "lastModified": 1700612854,
+ "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_8": {
+ "locked": {
+ "lastModified": 1715534503,
+ "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_9": {
+ "locked": {
+ "lastModified": 1715534503,
+ "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"pre-commit-hooks": {
"inputs": {
"flake-compat": [
@@ -875,7 +1471,7 @@
"crate2nix_stable",
"flake-compat"
],
- "gitignore": "gitignore",
+ "gitignore": "gitignore_2",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -913,7 +1509,7 @@
"crate2nix_stable",
"flake-compat"
],
- "gitignore": "gitignore_2",
+ "gitignore": "gitignore_3",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -948,8 +1544,8 @@
"crate2nix",
"flake-compat"
],
- "flake-utils": "flake-utils_5",
- "gitignore": "gitignore_3",
+ "flake-utils": "flake-utils_6",
+ "gitignore": "gitignore_4",
"nixpkgs": [
"sonnenshift",
"crate2nix",
@@ -977,7 +1573,7 @@
},
"purescript-overlay": {
"inputs": {
- "flake-compat": "flake-compat_5",
+ "flake-compat": "flake-compat_8",
"nixpkgs": [
"tlaternet-webserver",
"dream2nix",
@@ -1016,12 +1612,30 @@
"type": "github"
}
},
+ "rocksdb": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1741308171,
+ "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=",
+ "owner": "girlbossceo",
+ "repo": "rocksdb",
+ "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986",
+ "type": "github"
+ },
+ "original": {
+ "owner": "girlbossceo",
+ "ref": "v9.11.1",
+ "repo": "rocksdb",
+ "type": "github"
+ }
+ },
"root": {
"inputs": {
+ "conduwuit": "conduwuit",
"deploy-rs": "deploy-rs",
"disko": "disko",
"foundryvtt": "foundryvtt",
- "nixpkgs": "nixpkgs_2",
+ "nixpkgs": "nixpkgs_6",
"nixpkgs-unstable": "nixpkgs-unstable",
"sonnenshift": "sonnenshift",
"sops-nix": "sops-nix",
@@ -1029,6 +1643,23 @@
}
},
"rust-analyzer-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1740691488,
+ "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=",
+ "owner": "rust-lang",
+ "repo": "rust-analyzer",
+ "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "rust-lang",
+ "ref": "nightly",
+ "repo": "rust-analyzer",
+ "type": "github"
+ }
+ },
+ "rust-analyzer-src_2": {
"flake": false,
"locked": {
"lastModified": 1737140097,
@@ -1199,10 +1830,25 @@
"type": "github"
}
},
+ "systems_7": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
"tlaternet-webserver": {
"inputs": {
"dream2nix": "dream2nix",
- "fenix": "fenix",
+ "fenix": "fenix_2",
"nixpkgs": [
"nixpkgs"
]
@@ -1223,7 +1869,7 @@
},
"utils": {
"inputs": {
- "systems": "systems"
+ "systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
diff --git a/flake.nix b/flake.nix
index b31d108..4f17def 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,6 +4,10 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
+ conduwuit = {
+ url = "github:girlbossceo/conduwuit";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
From ee760bfa1ba04d642b38ad589495016ccb6622ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 4 Apr 2025 21:07:15 +0800
Subject: [PATCH 08/12] feat(victoriametrics): Add missing scrape configs
---
configuration/services/conduit/matrix-hookshot.nix | 2 +-
configuration/services/metrics/victoriametrics.nix | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/configuration/services/conduit/matrix-hookshot.nix b/configuration/services/conduit/matrix-hookshot.nix
index 6f11728..c1f16dc 100644
--- a/configuration/services/conduit/matrix-hookshot.nix
+++ b/configuration/services/conduit/matrix-hookshot.nix
@@ -138,7 +138,7 @@ in
}
];
- metrics.enable = true;
+ metrics.enabled = true;
};
};
}
diff --git a/configuration/services/metrics/victoriametrics.nix b/configuration/services/metrics/victoriametrics.nix
index 4a78d46..53864d6 100644
--- a/configuration/services/metrics/victoriametrics.nix
+++ b/configuration/services/metrics/victoriametrics.nix
@@ -87,6 +87,8 @@ in
# Configured in the hookshot listeners, but it's hard to filter
# the correct values out of that config.
matrixHookshot.targets = [ "127.0.0.1:9001" ];
+
+ victorialogs.targets = [ config.services.victorialogs.bindAddress ];
};
};
}
From b396835f88cb8760a777e869b155418f51da0e74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 4 Apr 2025 21:17:00 +0800
Subject: [PATCH 09/12] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Flake lock file updates:
• Updated input 'conduwuit':
'github:girlbossceo/conduwuit/0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8' (2025-04-01)
→ 'github:girlbossceo/conduwuit/00f7745ec4ebcea5f892376c5de5db1299f71696' (2025-04-04)
• Updated input 'disko':
'github:nix-community/disko/15dbf8cebd8e2655a883b74547108e089f051bf0' (2025-02-18)
→ 'github:nix-community/disko/329d3d7e8bc63dd30c39e14e6076db590a6eabe6' (2025-04-02)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/11415c7ae8539d6292f2928317ee7a8410b28bb9' (2025-02-21)
→ 'github:nixos/nixpkgs/bdb91860de2f719b57eef819b5617762f7120c70' (2025-04-03)
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/8465e233b0668cf162c608a92e62e8d78c1ba7e4' (2025-02-22)
→ 'github:nixos/nixpkgs/a462b946265ed006720d02153882780b12a8376d' (2025-04-04)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/07af005bb7d60c7f118d9d9f5530485da5d1e975' (2025-02-11)
→ 'github:Mic92/sops-nix/cff8437c5fe8c68fc3a840a21bf1f4dc801da40d' (2025-04-04)
---
flake.lock | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/flake.lock b/flake.lock
index 3f3fc39..83911d7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -216,11 +216,11 @@
"rocksdb": "rocksdb"
},
"locked": {
- "lastModified": 1743473828,
- "narHash": "sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI=",
+ "lastModified": 1743735594,
+ "narHash": "sha256-aaP8OjY4fkpxk2JdSggx9S3Rk+P+VhuivT6aRpLxoj0=",
"owner": "girlbossceo",
"repo": "conduwuit",
- "rev": "0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8",
+ "rev": "00f7745ec4ebcea5f892376c5de5db1299f71696",
"type": "github"
},
"original": {
@@ -499,11 +499,11 @@
]
},
"locked": {
- "lastModified": 1739841949,
- "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=",
+ "lastModified": 1743598667,
+ "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=",
"owner": "nix-community",
"repo": "disko",
- "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0",
+ "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6",
"type": "github"
},
"original": {
@@ -1278,11 +1278,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1740215764,
- "narHash": "sha256-wzBbGGZ6i1VVBA/cDJaLfuuGYCUriD7fwsLgJJHRVRk=",
+ "lastModified": 1743732435,
+ "narHash": "sha256-RrWgOj3F1N6kDG0xatvZzP0p1Zq00yhcTMlaj4bWi5E=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "8465e233b0668cf162c608a92e62e8d78c1ba7e4",
+ "rev": "a462b946265ed006720d02153882780b12a8376d",
"type": "github"
},
"original": {
@@ -1400,11 +1400,11 @@
},
"nixpkgs_6": {
"locked": {
- "lastModified": 1740162160,
- "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=",
+ "lastModified": 1743703532,
+ "narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9",
+ "rev": "bdb91860de2f719b57eef819b5617762f7120c70",
"type": "github"
},
"original": {
@@ -1727,11 +1727,11 @@
]
},
"locked": {
- "lastModified": 1739262228,
- "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
+ "lastModified": 1743756170,
+ "narHash": "sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
+ "rev": "cff8437c5fe8c68fc3a840a21bf1f4dc801da40d",
"type": "github"
},
"original": {
From e37c589654c67863d32ad63ed1643b4a08f99188 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 4 Apr 2025 21:21:03 +0800
Subject: [PATCH 10/12] bump(crowdsec-hub): Update hub
---
pkgs/crowdsec/_sources/generated.json | 8 ++++----
pkgs/crowdsec/_sources/generated.nix | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/pkgs/crowdsec/_sources/generated.json b/pkgs/crowdsec/_sources/generated.json
index ac251aa..97c4e87 100644
--- a/pkgs/crowdsec/_sources/generated.json
+++ b/pkgs/crowdsec/_sources/generated.json
@@ -21,7 +21,7 @@
},
"crowdsec-hub": {
"cargoLocks": null,
- "date": "2025-02-22",
+ "date": "2025-04-04",
"extract": null,
"name": "crowdsec-hub",
"passthru": null,
@@ -33,10 +33,10 @@
"name": null,
"owner": "crowdsecurity",
"repo": "hub",
- "rev": "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df",
- "sha256": "sha256-45pUln7Qj5luY9I9BE2qhzjH7kv4IbYvNoEX3/4AVVg=",
+ "rev": "eebc5f71379ea8f4de4a26f6695e0340444c719c",
+ "sha256": "sha256-/jhsqumekdOHDbHjBP8KvAICsSNhCg5ejMT3jSRiROo=",
"type": "github"
},
- "version": "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df"
+ "version": "eebc5f71379ea8f4de4a26f6695e0340444c719c"
}
}
\ No newline at end of file
diff --git a/pkgs/crowdsec/_sources/generated.nix b/pkgs/crowdsec/_sources/generated.nix
index 9c63cc5..aca88b2 100644
--- a/pkgs/crowdsec/_sources/generated.nix
+++ b/pkgs/crowdsec/_sources/generated.nix
@@ -14,14 +14,14 @@
};
crowdsec-hub = {
pname = "crowdsec-hub";
- version = "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df";
+ version = "eebc5f71379ea8f4de4a26f6695e0340444c719c";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
- rev = "f9883cd6c7d1913c13e4a3a69d9a0b887a7d57df";
+ rev = "eebc5f71379ea8f4de4a26f6695e0340444c719c";
fetchSubmodules = false;
- sha256 = "sha256-45pUln7Qj5luY9I9BE2qhzjH7kv4IbYvNoEX3/4AVVg=";
+ sha256 = "sha256-/jhsqumekdOHDbHjBP8KvAICsSNhCg5ejMT3jSRiROo=";
};
- date = "2025-02-22";
+ date = "2025-04-04";
};
}
From 89f9196ef0405d2b82a8330a4e00f45c5a8b7e28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 4 Apr 2025 21:35:24 +0800
Subject: [PATCH 11/12] fix(victorialogs): Use new upstream module
---
.../services/metrics/victorialogs.nix | 100 +++---------------
1 file changed, 12 insertions(+), 88 deletions(-)
diff --git a/configuration/services/metrics/victorialogs.nix b/configuration/services/metrics/victorialogs.nix
index ed74c59..ae47c39 100644
--- a/configuration/services/metrics/victorialogs.nix
+++ b/configuration/services/metrics/victorialogs.nix
@@ -1,37 +1,26 @@
{
config,
- pkgs,
lib,
...
}:
let
cfg = config.services.victorialogs;
- pkg = pkgs.victoriametrics;
- dirname = "victorialogs";
in
{
- options.services.victorialogs =
- let
- inherit (lib.types) str;
- in
- {
- listenAddress = lib.mkOption {
- default = ":9428";
- type = str;
- };
-
- bindAddress = lib.mkOption {
- readOnly = true;
- type = str;
- description = ''
- Final address on which victorialogs listens.
- '';
- };
- };
+ options.services.victorialogs.bindAddress = lib.mkOption {
+ readOnly = true;
+ type = lib.types.str;
+ description = ''
+ Final address on which victorialogs listens.
+ '';
+ };
config = {
- services.victorialogs.bindAddress =
- (lib.optionalString (lib.hasPrefix ":" cfg.listenAddress) "127.0.0.1") + cfg.listenAddress;
+ services.victorialogs = {
+ enable = true;
+ bindAddress =
+ (lib.optionalString (lib.hasPrefix ":" cfg.listenAddress) "127.0.0.1") + cfg.listenAddress;
+ };
services.journald.upload = {
enable = true;
@@ -40,71 +29,6 @@ in
NetworkTimeoutSec = "20s";
};
};
-
systemd.services."systemd-journal-upload".after = [ "victorialogs.service" ];
-
- systemd.services.victorialogs = {
- description = "VictoriaLogs log database";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- startLimitBurst = 5;
-
- serviceConfig = {
- ExecStart = lib.escapeShellArgs [
- "${pkg}/bin/victoria-logs"
- "-storageDataPath=/var/lib/${dirname}"
- "-httpListenAddr=${cfg.listenAddress}"
- ];
-
- DynamicUser = true;
- RestartSec = 1;
- Restart = "on-failure";
- RuntimeDirectory = dirname;
- RuntimeDirectoryMode = "0700";
- StateDirectory = dirname;
- StateDirectoryMode = "0700";
-
- LimitNOFILE = 1048576;
-
- # Hardening
- DeviceAllow = [ "/dev/null rw" ];
- DevicePolicy = "strict";
- LockPersonality = true;
- MemoryDenyWriteExecute = true;
- NoNewPrivileges = true;
- PrivateDevices = true;
- PrivateTmp = true;
- PrivateUsers = true;
- ProtectClock = true;
- ProtectControlGroups = true;
- ProtectHome = true;
- ProtectHostname = true;
- ProtectKernelLogs = true;
- ProtectKernelModules = true;
- ProtectKernelTunables = true;
- ProtectProc = "invisible";
- ProtectSystem = "full";
- RemoveIPC = true;
- RestrictAddressFamilies = [
- "AF_INET"
- "AF_INET6"
- "AF_UNIX"
- ];
- RestrictNamespaces = true;
- RestrictRealtime = true;
- RestrictSUIDSGID = true;
- SystemCallArchitectures = "native";
- SystemCallFilter = [
- "@system-service"
- "~@privileged"
- ];
- };
-
- postStart = lib.mkBefore ''
- until ${lib.getBin pkgs.curl}/bin/curl -s -o /dev/null http://${cfg.bindAddress}/ping; do
- sleep 1;
- done
- '';
- };
};
}
From 956c5bd258c58121ac44a454740cdfb3cec78646 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Thu, 7 Nov 2024 20:26:43 +0100
Subject: [PATCH 12/12] WIP: feat: Add minecraft server
---
configuration/default.nix | 6 +-
configuration/services/minecraft.nix | 83 ++++++++++++++++++++++++++++
2 files changed, 84 insertions(+), 5 deletions(-)
create mode 100644 configuration/services/minecraft.nix
diff --git a/configuration/default.nix b/configuration/default.nix
index 239f9f6..f874733 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -22,6 +22,7 @@
./services/foundryvtt.nix
./services/gitea.nix
./services/metrics
+ ./services/minecraft.nix
./services/nextcloud.nix
./services/webserver.nix
./services/wireguard.nix
@@ -70,8 +71,6 @@
8448
# starbound
21025
- # Minecraft
- 25565
config.services.coturn.listening-port
config.services.coturn.tls-listening-port
@@ -80,9 +79,6 @@
];
allowedUDPPorts = [
- # More minecraft
- 25565
-
config.services.coturn.listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-listening-port
diff --git a/configuration/services/minecraft.nix b/configuration/services/minecraft.nix
new file mode 100644
index 0000000..0477f44
--- /dev/null
+++ b/configuration/services/minecraft.nix
@@ -0,0 +1,83 @@
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+{
+ services.minecraft-server = {
+ enable = true;
+ eula = true;
+ # jvmOpts are set using a file for forge
+ # jvmOpts = "-Xmx8G -Xms8G";
+ openFirewall = true;
+
+ declarative = true;
+
+ whitelist = {
+ tlater = "140d177a-966f-41b8-a4c0-e305babd291b";
+ romino25 = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
+ lasi25 = "0ab6e3d1-544a-47e7-8538-2e6c248e49a4";
+ };
+
+ serverProperties = {
+ allow-flight = true;
+ difficulty = "hard";
+ motd = "tlater.net";
+ spawn-protection = 1;
+ white-list = true;
+ enable-query = true;
+ enable-status = true;
+
+ # Allows the server to write chunks without hogging the main
+ # thread...
+ sync-chunk-writes = false;
+ # Disables chat reporting, because we don't need any of that
+ # drama on a lil' friends-only server.
+ enforce-secure-profile = false;
+ };
+
+ package = pkgs.writeShellApplication {
+ name = "minecraft-server";
+ runtimeInputs = with pkgs; [ jdk17_headless ];
+
+ text = ''
+ exec /var/lib/minecraft/run.sh $@
+ '';
+ };
+ };
+
+ systemd.services.minecraft-server = {
+ path = with pkgs; [ jdk17_headless ];
+
+ # Since we read from our own HTTP server, we need to wait for it
+ # to be up
+ after = [ "nginx.service" ];
+
+ serviceConfig = {
+ # Use packwiz to install mods
+ ExecStartPre = [
+ "${pkgs.jdk17_headless}/bin/java -jar ${config.services.minecraft-server.dataDir}/packwiz-installer-bootstrap.jar -g -s server 'https://minecraft.${config.services.nginx.domain}/cobblemon-pack/pack.toml'"
+ ];
+ # Forge requires some bonus JVM options, which they include in a
+ # little `run.sh` script
+ ExecStart = lib.mkForce "${config.services.minecraft-server.dataDir}/run.sh --nogui";
+ };
+ };
+
+ systemd.tmpfiles.settings."10-minecraft" = {
+ "/srv/minecraft".d = {
+ user = "nginx";
+ group = "minecraft";
+ mode = "0775";
+ };
+ };
+
+ services.nginx.virtualHosts."minecraft.${config.services.nginx.domain}" = {
+ forceSSL = true;
+ useACMEHost = "tlater.net";
+ enableHSTS = true;
+
+ root = "/srv/minecraft";
+ };
+}