Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
This commit is contained in:
commit
891571a36d
23 changed files with 1240 additions and 1321 deletions
10
.github/workflows/nixos.yml
vendored
10
.github/workflows/nixos.yml
vendored
|
@ -21,7 +21,7 @@ jobs:
|
||||||
large-packages: true
|
large-packages: true
|
||||||
swap-storage: true
|
swap-storage: true
|
||||||
- name: "Install Nix ❄️"
|
- name: "Install Nix ❄️"
|
||||||
uses: cachix/install-nix-action@v20
|
uses: cachix/install-nix-action@v21
|
||||||
- name: "Install Cachix ❄️"
|
- name: "Install Cachix ❄️"
|
||||||
uses: cachix/cachix-action@v12
|
uses: cachix/cachix-action@v12
|
||||||
with:
|
with:
|
||||||
|
@ -37,7 +37,7 @@ jobs:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: "Install Nix ❄️"
|
- name: "Install Nix ❄️"
|
||||||
uses: cachix/install-nix-action@v20
|
uses: cachix/install-nix-action@v21
|
||||||
|
|
||||||
- name: "Install Cachix ❄️"
|
- name: "Install Cachix ❄️"
|
||||||
uses: cachix/cachix-action@v12
|
uses: cachix/cachix-action@v12
|
||||||
|
@ -54,7 +54,7 @@ jobs:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: "Install Nix ❄️"
|
- name: "Install Nix ❄️"
|
||||||
uses: cachix/install-nix-action@v20
|
uses: cachix/install-nix-action@v21
|
||||||
|
|
||||||
- name: "Install Cachix ❄️"
|
- name: "Install Cachix ❄️"
|
||||||
uses: cachix/cachix-action@v12
|
uses: cachix/cachix-action@v12
|
||||||
|
@ -85,7 +85,7 @@ jobs:
|
||||||
swap-storage: true
|
swap-storage: true
|
||||||
|
|
||||||
- name: "Install Nix ❄️"
|
- name: "Install Nix ❄️"
|
||||||
uses: cachix/install-nix-action@v20
|
uses: cachix/install-nix-action@v21
|
||||||
- name: "Install Cachix ❄️"
|
- name: "Install Cachix ❄️"
|
||||||
uses: cachix/cachix-action@v12
|
uses: cachix/cachix-action@v12
|
||||||
with:
|
with:
|
||||||
|
@ -116,7 +116,7 @@ jobs:
|
||||||
swap-storage: true
|
swap-storage: true
|
||||||
|
|
||||||
- name: "Install Nix ❄️"
|
- name: "Install Nix ❄️"
|
||||||
uses: cachix/install-nix-action@v20
|
uses: cachix/install-nix-action@v21
|
||||||
|
|
||||||
- name: "Install Cachix ❄️"
|
- name: "Install Cachix ❄️"
|
||||||
uses: cachix/cachix-action@v12
|
uses: cachix/cachix-action@v12
|
||||||
|
|
|
@ -1,11 +1,12 @@
|
||||||
pipeline:
|
pipeline:
|
||||||
check:
|
check:
|
||||||
image: nixos/nix:2.15.0
|
image: nixos/nix:2.15.1
|
||||||
commands:
|
commands:
|
||||||
- echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
|
- echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
|
||||||
- echo "store = unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt" >> /etc/nix/nix.conf
|
- echo "store = unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt" >> /etc/nix/nix.conf
|
||||||
- nix run 'nixpkgs#statix' check
|
- nix run 'nixpkgs#statix' check
|
||||||
- nix run 'nixpkgs#deadnix' -- -f
|
- nix run 'nixpkgs#deadnix' -- -f
|
||||||
- nix run 'nixpkgs#yamllint' .
|
- nix run 'nixpkgs#yamllint' .
|
||||||
|
- nix run '.#' -- build --on 'bastion*'
|
||||||
volumes:
|
volumes:
|
||||||
- /nix:/mnt/nix:ro
|
- /nix:/mnt/nix:ro
|
||||||
|
|
54
flake.lock
54
flake.lock
|
@ -502,11 +502,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684484967,
|
"lastModified": 1684824189,
|
||||||
"narHash": "sha256-P3ftCqeJmDYS9LSr2gGC4XGGcp5vv8TOasJX6fVHWsw=",
|
"narHash": "sha256-k3nCkn5Qy67rCguuw6YkGuL6hOUNRKxQoKOjnapk5sU=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "b9a52ad20e58ebd003444915e35e3dd2c18fc715",
|
"rev": "58eb968c21d309a6c2b020ea8d64e25c38ceebba",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -557,11 +557,11 @@
|
||||||
"utils": "utils_2"
|
"utils": "utils_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684048308,
|
"lastModified": 1684874496,
|
||||||
"narHash": "sha256-JcQe0Zmov/32L+GQ+O+H8Qoll+jjvkcrd8/TNtE6TBY=",
|
"narHash": "sha256-UinOcfH+PvkYsnpsty8uIUrag62Yre2jlBjP2h70dI8=",
|
||||||
"owner": "simple-nixos-mailserver",
|
"owner": "simple-nixos-mailserver",
|
||||||
"repo": "nixos-mailserver",
|
"repo": "nixos-mailserver",
|
||||||
"rev": "c04e4f22da48319d15593a2c942431744c12f27c",
|
"rev": "d8131ffc61553df6137b382eec380689596cae3d",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -671,11 +671,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1683530131,
|
"lastModified": 1684751352,
|
||||||
"narHash": "sha256-R0RSqj6JdZfru2x/cM19KJMHsU52OjtyxI5cccd+uFc=",
|
"narHash": "sha256-CI7V/2aSBXsefcqX+IhL9zYayL4dPLucymlMCzVxyP4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-generators",
|
"repo": "nixos-generators",
|
||||||
"rev": "10079333313ff62446e6f2b0e7c5231c7431d269",
|
"rev": "a9933ffcbc91688a4bc7dc427f454069a423343f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -799,11 +799,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_22-11": {
|
"nixpkgs_22-11": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684398685,
|
"lastModified": 1684858140,
|
||||||
"narHash": "sha256-TRE62m91iZ5ArVMgA+uj22Yda8JoQuuhc9uwZ+NoX+0=",
|
"narHash": "sha256-dQStox5GYrVlVNMvxxXs3xX9bXG7J7ttSjqUcVm8EaA=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c",
|
"rev": "a17f99dfcb9643200b3884ca195c69ae41d7f059",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -815,11 +815,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684502756,
|
"lastModified": 1684944540,
|
||||||
"narHash": "sha256-7ssIPaLW2ncTApmExLSoqomPBlubNyUWm/SZYVgKhpI=",
|
"narHash": "sha256-Ws79+cNBR/2tqEf3Md+Ok03avJOXAykpRRvkaerkTCQ=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a13191189f5d8a7e515155c24eb4e346aa4752f4",
|
"rev": "178b88e3aee997935c6a81a72f2726ae86dffa0d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -831,11 +831,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684385584,
|
"lastModified": 1684754342,
|
||||||
"narHash": "sha256-O7y0gK8OLIDqz+LaHJJyeu09IGiXlZIS3+JgEzGmmJA=",
|
"narHash": "sha256-plGnjnbnPLoZCTdQX21oT7xliQhFtgcWlkuDHgtEb1o=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a",
|
"rev": "7084250df3d7f9735087d3234407f3c1fc2400e3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -931,11 +931,11 @@
|
||||||
"pre-commit-hooks": "pre-commit-hooks"
|
"pre-commit-hooks": "pre-commit-hooks"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684488481,
|
"lastModified": 1684856421,
|
||||||
"narHash": "sha256-NLHSxDUxw/Epw8CRk2cDPt3Zaaw1Zvbgvr2axNGQHds=",
|
"narHash": "sha256-7iieAuQOeTo2FjGJjqpEhSFvZJDb9pSo7taAzNw4ZqI=",
|
||||||
"owner": "pta2002",
|
"owner": "pta2002",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "1d478841f8bf84f3b69095984aa74c56abb86ffa",
|
"rev": "55415979af3fb850e54663a3804848cdc87803ae",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -946,11 +946,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684500955,
|
"lastModified": 1684921791,
|
||||||
"narHash": "sha256-EJUdpm4lkMn+/HUl3NSHutK+jDLdOHvGBWgz8RlT6Ck=",
|
"narHash": "sha256-H0zNiMCtAUnRHyo06OaCpZEoP95WlEKVp+hpELTJXw0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "98294130adb4c09ac5f66e83bf98d80b7853f1d3",
|
"rev": "9cacf444463dc574f0e9f6c0bc748f939b34a958",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1015,11 +1015,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684195081,
|
"lastModified": 1684763926,
|
||||||
"narHash": "sha256-IKnQUSBhQTChFERxW2AzuauVpY1HRgeVzAjNMAA4B6I=",
|
"narHash": "sha256-1pSTzogoCmZc7JB3VrFFgFoj5lNXIIWwkVReFVMHDT8=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "pre-commit-hooks.nix",
|
"repo": "pre-commit-hooks.nix",
|
||||||
"rev": "96eabec58248ed8f4b0ad59e7ce9398018684fdc",
|
"rev": "df448ffc5d244f52261d05894c5a96af7f3758a1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -54,6 +54,7 @@
|
||||||
|
|
||||||
pkgs = import nixpkgs {
|
pkgs = import nixpkgs {
|
||||||
inherit system;
|
inherit system;
|
||||||
|
config.allowUnfree = true;
|
||||||
overlays = [ (import ./nixos/pkgs) vault-secrets.overlay nur.overlay ];
|
overlays = [ (import ./nixos/pkgs) vault-secrets.overlay nur.overlay ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -147,6 +148,7 @@
|
||||||
nil
|
nil
|
||||||
vault
|
vault
|
||||||
yamllint
|
yamllint
|
||||||
|
jq
|
||||||
(vault-push-approle-envs self { })
|
(vault-push-approle-envs self { })
|
||||||
(vault-push-approles self { })
|
(vault-push-approles self { })
|
||||||
fast-repl
|
fast-repl
|
||||||
|
|
|
@ -42,7 +42,7 @@ spec:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: ImplementationSpecific
|
pathType: ImplementationSpecific
|
||||||
adminUser:
|
adminUser:
|
||||||
create: false
|
create: true
|
||||||
passwordHash: $2a$10$uIY/YYe.CcRerpVvfk04muX86hLfXRH.K6jATZaVPqp.bnUIu/bsC
|
passwordHash: $2a$10$uIY/YYe.CcRerpVvfk04muX86hLfXRH.K6jATZaVPqp.bnUIu/bsC
|
||||||
username: admin
|
username: admin
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: external-secrets
|
chart: external-secrets
|
||||||
version: 0.8.1
|
version: 0.8.2
|
||||||
interval: 30m
|
interval: 30m
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
|
|
|
@ -57,6 +57,13 @@
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
|
"nodejs-14.21.3"
|
||||||
|
"openssl-1.1.1t"
|
||||||
|
"nodejs-16.20.0"
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
# Limit the systemd journal to 100 MB of disk or the
|
# Limit the systemd journal to 100 MB of disk or the
|
||||||
# last 7 days of logs, whichever happens first.
|
# last 7 days of logs, whichever happens first.
|
||||||
services.journald.extraConfig = ''
|
services.journald.extraConfig = ''
|
||||||
|
|
|
@ -16,8 +16,7 @@ in {
|
||||||
gimp
|
gimp
|
||||||
inputs.comma.packages.${pkgs.system}.default
|
inputs.comma.packages.${pkgs.system}.default
|
||||||
inputs.webcord.packages.${pkgs.system}.default
|
inputs.webcord.packages.${pkgs.system}.default
|
||||||
jetbrains.clion
|
# jetbrains.clion
|
||||||
jetbrains.idea-ultimate
|
|
||||||
kdenlive
|
kdenlive
|
||||||
mullvad-vpn
|
mullvad-vpn
|
||||||
neofetch
|
neofetch
|
||||||
|
|
|
@ -2,10 +2,10 @@
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ pkgs, config, lib, ... }:
|
{ pkgs, config, ... }:
|
||||||
let
|
let
|
||||||
# https://github.com/immich-app/immich/releases
|
# https://github.com/immich-app/immich/releases
|
||||||
version = "1.55.1";
|
# version = "1.55.1";
|
||||||
dataDir = "/var/lib/immich";
|
dataDir = "/var/lib/immich";
|
||||||
in {
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
|
@ -7,9 +7,17 @@ in {
|
||||||
# Use DHCP with static leases
|
# Use DHCP with static leases
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
|
"openssl-1.1.1t"
|
||||||
|
];
|
||||||
|
|
||||||
# Better cache hits
|
# Better cache hits
|
||||||
environment.noXlibs = lib.mkForce false;
|
environment.noXlibs = lib.mkForce false;
|
||||||
|
|
||||||
|
networking.hosts = {
|
||||||
|
"192.168.0.122" = [ "xirion.net" "o.xirion.net" ];
|
||||||
|
};
|
||||||
|
|
||||||
services.elasticsearch = {
|
services.elasticsearch = {
|
||||||
enable = true;
|
enable = true;
|
||||||
cluster_name = "mastodon-es";
|
cluster_name = "mastodon-es";
|
||||||
|
|
|
@ -15,6 +15,8 @@ let
|
||||||
in {
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1t" ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
@ -70,6 +72,7 @@ in {
|
||||||
allow 10.10.10.1/24;
|
allow 10.10.10.1/24;
|
||||||
allow 192.168.0.0/23;
|
allow 192.168.0.0/23;
|
||||||
allow 80.60.83.220;
|
allow 80.60.83.220;
|
||||||
|
allow 83.128.154.23;
|
||||||
allow 195.85.167.32/29;
|
allow 195.85.167.32/29;
|
||||||
deny all;
|
deny all;
|
||||||
'';
|
'';
|
||||||
|
@ -152,7 +155,7 @@ in {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
locations."api/v1/streaming" = {
|
locations."/api/v1/streaming" = {
|
||||||
proxyPass = "http://192.168.0.138:55000";
|
proxyPass = "http://192.168.0.138:55000";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,7 +5,7 @@ _: {
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.flaresolverr = {
|
virtualisation.oci-containers.containers.flaresolverr = {
|
||||||
image = "flaresolverr/flaresolverr:v3.1.2";
|
image = "flaresolverr/flaresolverr:v3.2.0";
|
||||||
ports = [ "8191:8191" ];
|
ports = [ "8191:8191" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -85,6 +85,7 @@ in {
|
||||||
allow 10.42.42.0/23;
|
allow 10.42.42.0/23;
|
||||||
allow 192.168.0.0/23;
|
allow 192.168.0.0/23;
|
||||||
allow 80.60.83.220;
|
allow 80.60.83.220;
|
||||||
|
allow 83.128.154.23;
|
||||||
allow 195.85.167.32/29;
|
allow 195.85.167.32/29;
|
||||||
deny all;
|
deny all;
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -77,7 +77,7 @@ in {
|
||||||
# https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
|
# https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
|
||||||
publicKey = "KgqLhmUMX6kyTjRoa/GOCrZOvXNE5HWYuOr/T3v8/VI=";
|
publicKey = "KgqLhmUMX6kyTjRoa/GOCrZOvXNE5HWYuOr/T3v8/VI=";
|
||||||
allowedIPs = [ "10.100.0.5/32" "192.168.0.0/23" "10.10.10.0/24" ];
|
allowedIPs = [ "10.100.0.5/32" "192.168.0.0/23" "10.10.10.0/24" ];
|
||||||
endpoint = "80.60.83.220:51820";
|
endpoint = "83.128.154.23:51820";
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
|
@ -21,5 +21,9 @@ _final: prev: {
|
||||||
platformio.platformio-ide =
|
platformio.platformio-ide =
|
||||||
prev.callPackage ./vscode-extensions/platformio.nix { };
|
prev.callPackage ./vscode-extensions/platformio.nix { };
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
plex-plexpass = prev.callPackage ./plex-pass { };
|
||||||
|
plexRaw-plexpass = prev.callPackage ./plex-pass/raw.nix { };
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
|
||||||
yarnOfflineCache = fetchYarnDeps {
|
yarnOfflineCache = fetchYarnDeps {
|
||||||
yarnLock = "${src}/yarn.lock";
|
yarnLock = "${src}/yarn.lock";
|
||||||
# sha256 = lib.fakeSha256;
|
# sha256 = lib.fakeSha256;
|
||||||
sha256 = "sha256-5KmPgKE1QRPoTjeSYidKt/z9vzWzTOoJVr5dNtofKJY=";
|
sha256 = "sha256-+i5vejb1XWwNQffg9gzRY8FVOt8MK6ht4cxSSrGAS/Q=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,12 +1,11 @@
|
||||||
# This file was generated by pkgs.mastodon.updateScript.
|
# This file was generated by pkgs.mastodon.updateScript.
|
||||||
{ fetchgit, applyPatches }:
|
{ fetchgit, applyPatches }: let
|
||||||
let
|
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
url = "https://github.com/glitch-soc/mastodon.git";
|
url = "https://github.com/glitch-soc/mastodon.git";
|
||||||
rev = "c18884de32b60152600ec95ed42cdf9c00fdab7a";
|
rev = "058898802a377877961ff3bfa7d5209a5e275545";
|
||||||
sha256 = "08b520wfs7hpi4jy9srynydkkh5b2wwnb2b3xxa843yialf0qmlh";
|
sha256 = "0rn7l94031yl1lyyz7yvky6bqshw4nllwissxlpyqcmii52gwp7y";
|
||||||
};
|
};
|
||||||
in applyPatches {
|
in applyPatches {
|
||||||
inherit src;
|
inherit src;
|
||||||
patches = [ ];
|
patches = [];
|
||||||
}
|
}
|
||||||
|
|
3
nixos/pkgs/plex-pass/default.nix
Normal file
3
nixos/pkgs/plex-pass/default.nix
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
{ plex, plexRaw-plexpass }:
|
||||||
|
# Copied from: https://github.com/tadfisher/flake/blob/ed949a619236ba30f0be614fed804abdf1e8005b/pkgs/plex-plexpass/default.nix
|
||||||
|
plex.override { plexRaw = plexRaw-plexpass; }
|
13
nixos/pkgs/plex-pass/raw.nix
Normal file
13
nixos/pkgs/plex-pass/raw.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ lib, stdenv, plexRaw, fetchurl }:
|
||||||
|
let
|
||||||
|
sources = builtins.fromJSON (builtins.readFile ./sources.json);
|
||||||
|
source = lib.findFirst (x: x.platform == stdenv.hostPlatform.system)
|
||||||
|
(throw "unsupported platform: ${stdenv.hostPlatform.system}") sources;
|
||||||
|
in plexRaw.overrideAttrs (attrs: {
|
||||||
|
pname = attrs.pname + "-plexpass";
|
||||||
|
inherit (source) version;
|
||||||
|
src = fetchurl {
|
||||||
|
inherit (source) url;
|
||||||
|
sha256 = source.hash;
|
||||||
|
};
|
||||||
|
})
|
14
nixos/pkgs/plex-pass/sources.json
Normal file
14
nixos/pkgs/plex-pass/sources.json
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"version": "1.32.2.7100",
|
||||||
|
"platform": "aarch64-linux",
|
||||||
|
"url": "https://downloads.plex.tv/plex-media-server-new/1.32.2.7100-248a2daf0/debian/plexmediaserver_1.32.2.7100-248a2daf0_arm64.deb",
|
||||||
|
"hash": "1rs967n4vli7gba2137l5z6vrdcdxfy3hni21lay3ayyds3xmavd"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"version": "1.32.2.7100",
|
||||||
|
"platform": "x86_64-linux",
|
||||||
|
"url": "https://downloads.plex.tv/plex-media-server-new/1.32.2.7100-248a2daf0/debian/plexmediaserver_1.32.2.7100-248a2daf0_amd64.deb",
|
||||||
|
"hash": "0myr0nws0dhhkp9cc5zwxs4pigs7bmyf582fwskzjqm3d7phlwmi"
|
||||||
|
}
|
||||||
|
]
|
32
nixos/pkgs/plex-pass/update.sh
Executable file
32
nixos/pkgs/plex-pass/update.sh
Executable file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -x
|
||||||
|
shopt -s extglob
|
||||||
|
set -eu -o pipefail
|
||||||
|
|
||||||
|
path="$(realpath "$(dirname "$0")")"
|
||||||
|
|
||||||
|
declare -A platforms=(
|
||||||
|
[linux-x86_64]=x86_64-linux
|
||||||
|
[linux-aarch64]=aarch64-linux
|
||||||
|
)
|
||||||
|
|
||||||
|
token=$(vault kv get -field=plex_token hades_secrets/nixos/plex)
|
||||||
|
manifest=$(curl -s "https://plex.tv/api/downloads/5.json?channel=plexpass" -H "X-Plex-Token: ${token}")
|
||||||
|
version=$(echo "$manifest" | jq -r '.computer.Linux.version | split("-") | .[0]')
|
||||||
|
|
||||||
|
tmp="$path/sources.tmp.json"
|
||||||
|
echo '' >$tmp
|
||||||
|
|
||||||
|
for arch in "${!platforms[@]}"; do
|
||||||
|
url="$(echo "$manifest" | jq --arg arch "$arch" -r '.computer.Linux.releases[] | select(.distro == "debian" and .build == $arch) .url')"
|
||||||
|
hash="$(nix-prefetch-url "$url")"
|
||||||
|
nixPlatform=${platforms[$arch]}
|
||||||
|
jq --arg version $version \
|
||||||
|
--arg platform $nixPlatform \
|
||||||
|
--arg url "$url" \
|
||||||
|
--arg hash $hash \
|
||||||
|
-n '$ARGS.named' >>$tmp
|
||||||
|
done
|
||||||
|
|
||||||
|
jq -s '.' $tmp >"$path/sources.json"
|
||||||
|
rm $tmp
|
|
@ -24,9 +24,10 @@ let
|
||||||
# Add to whatever realm a host belong to its list of tags
|
# Add to whatever realm a host belong to its list of tags
|
||||||
add_realm_to_tags = mapAttrs (realm:
|
add_realm_to_tags = mapAttrs (realm:
|
||||||
mapAttrs (_hostname:
|
mapAttrs (_hostname:
|
||||||
{ tags ? [ ], ... }@host:
|
{ type ? "lxc", tags ? [ ], ... }@host:
|
||||||
host // {
|
host // {
|
||||||
tags = [ realm ] ++ tags;
|
# Tags are for deployment, so don't add them to local machines
|
||||||
|
tags = tags ++ (if type == "local" then [ ] else [ realm ]);
|
||||||
inherit realm;
|
inherit realm;
|
||||||
}));
|
}));
|
||||||
|
|
||||||
|
@ -41,7 +42,8 @@ let
|
||||||
# outputs
|
# outputs
|
||||||
|
|
||||||
# Helper function to build a colmena host definition
|
# Helper function to build a colmena host definition
|
||||||
mkColmenaHost = { ip ? null, exposes ? null, hostname, tags, realm, type ? "lxc", ... }@host:
|
mkColmenaHost = { ip ? null, exposes ? null, hostname, tags, realm
|
||||||
|
, type ? "lxc", ... }@host:
|
||||||
let
|
let
|
||||||
# this makes local apply work a bit nicer
|
# this makes local apply work a bit nicer
|
||||||
name = if type == "local" then hostname else "${hostname}.${realm}";
|
name = if type == "local" then hostname else "${hostname}.${realm}";
|
||||||
|
@ -67,6 +69,4 @@ let
|
||||||
hosts = add_realm_to_tags (import ./hosts);
|
hosts = add_realm_to_tags (import ./hosts);
|
||||||
flat_hosts = flatten_hosts hosts;
|
flat_hosts = flatten_hosts hosts;
|
||||||
nixHosts = filter_nix_hosts flat_hosts;
|
nixHosts = filter_nix_hosts flat_hosts;
|
||||||
in {
|
in { inherit base_imports mkColmenaHost hosts flat_hosts nixHosts; }
|
||||||
inherit base_imports mkColmenaHost hosts flat_hosts nixHosts;
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue