From 5ce6087b57800aca90ee8babf456e76d5fe55a1f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 30 Dec 2022 15:08:20 +0100 Subject: [PATCH] update LoutreOS to 22.11 --- flake.lock | 22 +++++++++------ flake.nix | 12 ++++---- services/python-ci.nix | 2 +- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/hardware-configuration.nix | 2 +- systems/LoutreOS/monitoring.nix | 31 +++++++++++++-------- systems/LoutreOS/web.nix | 10 ++++--- systems/common-cli.nix | 5 ++-- 8 files changed, 52 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index f26b072..8f5449d 100644 --- a/flake.lock +++ b/flake.lock @@ -88,19 +88,20 @@ "type": "indirect" } }, - "nixpkgs-22_11": { + "nixpkgs-photoprism": { "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", + "lastModified": 1671922246, + "narHash": "sha256-Xh/pWG2mdheCtJZFmuuZIsvR9PVgs15Rn6yt/G1lINc=", + "owner": "Stunkymonkey", "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "rev": "6805f176fcc4b3673f23df5ee67caccc24bfba8c", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" + "owner": "Stunkymonkey", + "ref": "photoprism-module-init", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-unstable": { @@ -123,6 +124,7 @@ "dogetipbot-telegram": "dogetipbot-telegram", "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", + "nixpkgs-photoprism": "nixpkgs-photoprism", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver", "utils": "utils_2" @@ -134,7 +136,9 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-22_11": [ + "nixpkgs" + ], "utils": "utils" }, "locked": { diff --git a/flake.nix b/flake.nix index c7c1cf6..fe8260a 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,14 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-22.05"; + nixpkgs.url = "flake:nixpkgs/nixos-22.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; + nixpkgs-photoprism.url = "github:Stunkymonkey/nixpkgs/photoprism-module-init"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-22_05.follows = "nixpkgs"; + nixpkgs-22_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { @@ -20,7 +21,7 @@ }; }; - outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { + outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, nixpkgs-photoprism, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { inherit self inputs; @@ -32,7 +33,7 @@ # (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { # name = "electron-cash.patch"; # url = "https://github.com/NixOS/nixpkgs/pull/160607.patch"; - # sha256 = "sha256-oQbiyhVWYIkEuZEKqaPuIL00PNPnuTAw64wuqZ8YeDs="; + # sha256 = nixpkgs.lib.fakeHash; # }) # ]; @@ -46,6 +47,7 @@ ]; hosts.loutreos.modules = [ + "${nixpkgs-photoprism}/nixos/modules/services/web-apps/photoprism.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule diff --git a/services/python-ci.nix b/services/python-ci.nix index 5a6a4c4..ce957db 100644 --- a/services/python-ci.nix +++ b/services/python-ci.nix @@ -33,7 +33,7 @@ in RuntimeDirectoryPreserve = "yes"; ExecStart = with pkgs; let env = python3Packages.python.buildEnv.override { - extraLibs = with python3Packages;[ pyramid python-gitlab ]; + extraLibs = with python3Packages;[ pyramid python-gitlab setuptools ]; ignoreCollisions = true; }; in "${pkgs.writeShellScriptBin "run.sh" '' diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9cf6d06..d0adf48 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -12,7 +12,7 @@ ./services.nix ]; - nix.trustedUsers = [ "root" "paul" ]; + nix.settings.trusted-users = [ "root" "paul" ]; boot = { loader = { diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 4984718..2c3303b 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -176,6 +176,6 @@ } ]; - nix.maxJobs = lib.mkDefault 4; + nix.settings.max-jobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index 9910068..e02a4fa 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -87,18 +87,27 @@ in grafana = { enable = true; - addr = "127.0.0.1"; dataDir = "/var/lib/grafana"; - extraOptions = { - SERVER_ROOT_URL = "https://grafana.${domaine}"; - SMTP_ENABLED = "true"; - SMTP_FROM_ADDRESS = "grafana@${domaine}"; - SMTP_SKIP_VERIFY = "true"; - AUTH_DISABLE_LOGIN_FORM = "true"; - AUTH_DISABLE_SIGNOUT_MENU = "true"; - AUTH_ANONYMOUS_ENABLED = "true"; - AUTH_ANONYMOUS_ORG_ROLE = "Admin"; - AUTH_BASIC_ENABLED = "false"; + settings = { + server = { + http_addr = "127.0.0.1"; + root_url = "https://grafana.${domaine}"; + }; + smtp = { + enabled = true; + from_address = "grafana@${domaine}"; + skip_verify = true; + }; + auth = { + disable_signout_menu = true; + }; + "auth.basic" = { + enabled = false; + }; + "auth.proxy" = { + enabled = true; + header_name = "X-WEBAUTH-USER"; + }; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 9731dae..9469804 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -197,6 +197,8 @@ in proxyPass = "http://127.0.0.1:${toString(rport)}/"; extraConfig = '' auth_request_set $cookie $upstream_http_set_cookie; + auth_request_set $username $upstream_http_x_username; + proxy_set_header X-WEBAUTH-USER $username; add_header Set-Cookie $cookie; ''; }; @@ -243,7 +245,7 @@ in }; }; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; - "grafana.nyanlout.re" = authReverse config.services.grafana.port; + "grafana.nyanlout.re" = authReverse config.services.grafana.settings.server.http_port; "transmission.nyanlout.re" = authReverse config.services.transmission.settings.rpc-port; "radarr.nyanlout.re" = authReverse 7878; "sonarr.nyanlout.re" = authReverse 8989; @@ -376,7 +378,6 @@ in gitea = { enable = true; - cookieSecure = true; httpPort = 3001; rootUrl = "https://gitea.nyanlout.re/"; database = { @@ -384,10 +385,11 @@ in port = 5432; passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; - log.level = "Warn"; - disableRegistration = true; settings = { ui.DEFAULT_THEME = "arc-green"; + log.LEVEL = "Warn"; + service.DISABLE_REGISTRATION = true; + session.COOKIE_SECURE = true; }; }; diff --git a/systems/common-cli.nix b/systems/common-cli.nix index b0cdf52..d8359d9 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -11,12 +11,13 @@ vimAlias = true; configure = { customRC = '' - set tabstop=8 + set tabstop=8 set shiftwidth=4 set softtabstop=0 set expandtab - set smarttab + set smarttab set background=dark + set mouse= ''; packages.myVimPackage = with pkgs.vimPlugins; { start = [