From b57795bead2ad8baf78a853f2fa1cf44459b7425 Mon Sep 17 00:00:00 2001 From: noe Date: Fri, 29 Mar 2024 21:50:46 -0400 Subject: [PATCH 1/9] pdr: secrets?? --- nixos/hosts/porcelain-doll-repair/default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/nixos/hosts/porcelain-doll-repair/default.nix b/nixos/hosts/porcelain-doll-repair/default.nix index f421e13..8847d82 100644 --- a/nixos/hosts/porcelain-doll-repair/default.nix +++ b/nixos/hosts/porcelain-doll-repair/default.nix @@ -18,13 +18,26 @@ mode = "0444"; }; + sops.templates."secrets.yaml" = { + content = lib.generators.toYAML { + db = { + pass = config.sops.placeholder.db_password; + }; + }; + owner = config.services.iceshrimp.user; + group = config.services.iceshrimp.group; + }; + + services.iceshrimp = { enable = true; settings.url = "https://porcelain.doll.repair"; dbPasswordFile = config.sops.secrets.db_password.path; createDb = true; configureNginx.enable = false; + secretConfig = config.sops.templates."secrets.yaml".path; }; + services.postgresql.package = pkgs.postgresql_15; services.redis.servers.iceshrimp.logfile = "stdout"; } From 6d7417dfc768f1b40faf615468899c21e6c9295b Mon Sep 17 00:00:00 2001 From: noe Date: Fri, 29 Mar 2024 21:57:10 -0400 Subject: [PATCH 2/9] pdr: secret?? --- nixos/hosts/porcelain-doll-repair/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/hosts/porcelain-doll-repair/default.nix b/nixos/hosts/porcelain-doll-repair/default.nix index 8847d82..2ccd39d 100644 --- a/nixos/hosts/porcelain-doll-repair/default.nix +++ b/nixos/hosts/porcelain-doll-repair/default.nix @@ -19,11 +19,11 @@ }; sops.templates."secrets.yaml" = { - content = lib.generators.toYAML { + content = (builtins.toJSON { db = { pass = config.sops.placeholder.db_password; }; - }; + }); owner = config.services.iceshrimp.user; group = config.services.iceshrimp.group; }; @@ -35,7 +35,7 @@ dbPasswordFile = config.sops.secrets.db_password.path; createDb = true; configureNginx.enable = false; - secretConfig = config.sops.templates."secrets.yaml".path; + secretConfig = config.sops.templates."secrets.yaml".path; }; services.postgresql.package = pkgs.postgresql_15; From 0938c2fc886587f3f1f071316ac80e4f9423d5eb Mon Sep 17 00:00:00 2001 From: noe Date: Sat, 30 Mar 2024 01:04:01 -0400 Subject: [PATCH 3/9] pdr: attempt withdrawal --- flake.lock | 24 +++++++++++++++++++ flake.nix | 5 ++++ nixos/hosts/porcelain-doll-repair/default.nix | 3 +-- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index 97013e3..4fcbe6c 100644 --- a/flake.lock +++ b/flake.lock @@ -322,6 +322,29 @@ "url": "https://iceshrimp.dev/iceshrimp/packaging" } }, + "iceshrimp-withdrawal": { + "inputs": { + "iceshrimp": [ + "iceshrimp" + ], + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1711774883, + "narHash": "sha256-AyzeCcMCX5hxixvo2uTQkZ8hRGMi/m+3wQPknhaVzeU=", + "ref": "refs/heads/main", + "rev": "0539d4394620fb6016ca21423390b3012f553f2d", + "revCount": 37, + "type": "git", + "url": "https://iceshrimp.dev/noe/withdrawal" + }, + "original": { + "type": "git", + "url": "https://iceshrimp.dev/noe/withdrawal" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -625,6 +648,7 @@ "doll-repair": "doll-repair", "home-manager": "home-manager", "iceshrimp": "iceshrimp", + "iceshrimp-withdrawal": "iceshrimp-withdrawal", "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", diff --git a/flake.nix b/flake.nix index 315185a..9fbfbb3 100644 --- a/flake.nix +++ b/flake.nix @@ -39,6 +39,11 @@ url = "git+https://iceshrimp.dev/iceshrimp/packaging"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; + iceshrimp-withdrawal = { + url = "git+https://iceshrimp.dev/noe/withdrawal"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + inputs.iceshrimp.follows = "iceshrimp"; + }; # Self noe-sh = { diff --git a/nixos/hosts/porcelain-doll-repair/default.nix b/nixos/hosts/porcelain-doll-repair/default.nix index 2ccd39d..6234efd 100644 --- a/nixos/hosts/porcelain-doll-repair/default.nix +++ b/nixos/hosts/porcelain-doll-repair/default.nix @@ -2,8 +2,6 @@ imports = [ ../../templates/proxmox-lxc.nix ../../server.nix - #../../features/dns-cache.nix - #../../features/telemetry inputs.iceshrimp.nixosModules.iceshrimp {} ]; @@ -31,6 +29,7 @@ services.iceshrimp = { enable = true; + package = inputs.iceshrimp-withdrawal.packages.${pkgs.system}.iceshrimp.withdrawal; settings.url = "https://porcelain.doll.repair"; dbPasswordFile = config.sops.secrets.db_password.path; createDb = true; From fae2463a4ddb2248cb96544bab2444ae91d1000d Mon Sep 17 00:00:00 2001 From: noe Date: Sat, 30 Mar 2024 01:08:39 -0400 Subject: [PATCH 4/9] pdr: no follows --- flake.lock | 48 ++++++++++++++++++++++++++++++++++++++++-------- flake.nix | 2 +- 2 files changed, 41 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 4fcbe6c..4e837ba 100644 --- a/flake.lock +++ b/flake.lock @@ -324,9 +324,7 @@ }, "iceshrimp-withdrawal": { "inputs": { - "iceshrimp": [ - "iceshrimp" - ], + "iceshrimp": "iceshrimp_2", "nixpkgs": [ "nixpkgs-unstable" ] @@ -345,6 +343,24 @@ "url": "https://iceshrimp.dev/noe/withdrawal" } }, + "iceshrimp_2": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1711449795, + "narHash": "sha256-xOms3CSFnPlq3IAd+vvImVAewm+5SOPU4Cmf3cmIjyE=", + "ref": "refs/heads/dev", + "rev": "4801c8f624b9dd64ba5d0d2c61bb30eb9d2bd7a1", + "revCount": 43, + "type": "git", + "url": "https://iceshrimp.dev/iceshrimp/packaging" + }, + "original": { + "type": "git", + "url": "https://iceshrimp.dev/iceshrimp/packaging" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -384,7 +400,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1711586832, @@ -519,6 +535,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1700108881, + "narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1711401922, "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", @@ -534,7 +566,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1711333969, "narHash": "sha256-5PiWGn10DQjMZee5NXzeA6ccsv60iLu+Xtw+mfvkUAs=", @@ -550,7 +582,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1711200738, "narHash": "sha256-dkJmk/ET/tRV4007O6kU101UEg1svUwiyk/zEEX9Tdg=", @@ -650,7 +682,7 @@ "iceshrimp": "iceshrimp", "iceshrimp-withdrawal": "iceshrimp-withdrawal", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "nixvim": "nixvim", @@ -677,7 +709,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { diff --git a/flake.nix b/flake.nix index 9fbfbb3..e58c1c3 100644 --- a/flake.nix +++ b/flake.nix @@ -42,7 +42,7 @@ iceshrimp-withdrawal = { url = "git+https://iceshrimp.dev/noe/withdrawal"; inputs.nixpkgs.follows = "nixpkgs-unstable"; - inputs.iceshrimp.follows = "iceshrimp"; + # inputs.iceshrimp.follows = "iceshrimp"; }; # Self From 7f4c0c08f38f01756cafaaf04106eb88081fe83d Mon Sep 17 00:00:00 2001 From: noe Date: Sat, 30 Mar 2024 01:25:47 -0400 Subject: [PATCH 5/9] update flake.lock --- flake.lock | 116 +++++++++++++++++++---------------------------------- 1 file changed, 42 insertions(+), 74 deletions(-) diff --git a/flake.lock b/flake.lock index 4e837ba..a624a18 100644 --- a/flake.lock +++ b/flake.lock @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1710717205, - "narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=", + "lastModified": 1711763326, + "narHash": "sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/+YZOq3sKviI=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3", + "rev": "36524adc31566655f2f4d55ad6b875fb5c1a4083", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1711554349, - "narHash": "sha256-RypwcWEIFePBI0Hubfj4chanbM/G2yzJzC6wgz+dmS4=", + "lastModified": 1711625603, + "narHash": "sha256-W+9dfqA9bqUIBV5u7jaIARAzMe3kTq/Hp2SpSVXKRQw=", "owner": "nix-community", "repo": "home-manager", - "rev": "179f6acaf7c068c7870542cdae72afec9427a5b0", + "rev": "c0ef0dab55611c676ad7539bf4e41b3ec6fa87d2", "type": "github" }, "original": { @@ -289,11 +289,11 @@ ] }, "locked": { - "lastModified": 1711133180, - "narHash": "sha256-WJOahf+6115+GMl3wUfURu8fszuNeJLv9qAWFQl3Vmo=", + "lastModified": 1711604890, + "narHash": "sha256-vbI/gxRTq/gHW1Q8z6D/7JG/qGNl3JTimUDX+MwnC3A=", "owner": "nix-community", "repo": "home-manager", - "rev": "1c2c5e4cabba4c43504ef0f8cc3f3dfa284e2dbb", + "rev": "3142bdcc470e1e291e1fbe942fd69e06bd00c5df", "type": "github" }, "original": { @@ -324,17 +324,19 @@ }, "iceshrimp-withdrawal": { "inputs": { - "iceshrimp": "iceshrimp_2", + "iceshrimp": [ + "iceshrimp" + ], "nixpkgs": [ "nixpkgs-unstable" ] }, "locked": { - "lastModified": 1711774883, - "narHash": "sha256-AyzeCcMCX5hxixvo2uTQkZ8hRGMi/m+3wQPknhaVzeU=", + "lastModified": 1711776244, + "narHash": "sha256-8YWE9ddqJkHeX7UkLl+bv133j+RRJHtPHTJ1Lg0er9Q=", "ref": "refs/heads/main", - "rev": "0539d4394620fb6016ca21423390b3012f553f2d", - "revCount": 37, + "rev": "fe2d3a93aa71a7f1f7fdbe4af42fddbd4065881c", + "revCount": 38, "type": "git", "url": "https://iceshrimp.dev/noe/withdrawal" }, @@ -343,24 +345,6 @@ "url": "https://iceshrimp.dev/noe/withdrawal" } }, - "iceshrimp_2": { - "inputs": { - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1711449795, - "narHash": "sha256-xOms3CSFnPlq3IAd+vvImVAewm+5SOPU4Cmf3cmIjyE=", - "ref": "refs/heads/dev", - "rev": "4801c8f624b9dd64ba5d0d2c61bb30eb9d2bd7a1", - "revCount": 43, - "type": "git", - "url": "https://iceshrimp.dev/iceshrimp/packaging" - }, - "original": { - "type": "git", - "url": "https://iceshrimp.dev/iceshrimp/packaging" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -369,11 +353,11 @@ ] }, "locked": { - "lastModified": 1710717205, - "narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=", + "lastModified": 1711591334, + "narHash": "sha256-9d5ilxxq4CXw44eFw8VFrRneAKex7D8xjn95mwZjgf4=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3", + "rev": "f0dd0838c3558b59dc3b726d8ab89f5b5e35c297", "type": "github" }, "original": { @@ -400,14 +384,14 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1711586832, - "narHash": "sha256-qyizrMmDvLjL6oQaBeFQl3PqzTN9vkYkQIVzfiQvMrM=", + "lastModified": 1711626141, + "narHash": "sha256-0qV1pHeIyUZ18cp8ijQnMf7uV+Uk4+UqTCC6yGSGWvk=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "38beb364db84d00d2f0f48595511028aedca415c", + "rev": "63194fceafbfe583a9eb7d16ab499adc0a6c0bc2", "type": "github" }, "original": { @@ -488,11 +472,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "lastModified": 1711668574, + "narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659", "type": "github" }, "original": { @@ -520,11 +504,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1711333969, - "narHash": "sha256-5PiWGn10DQjMZee5NXzeA6ccsv60iLu+Xtw+mfvkUAs=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "57e6b3a9e4ebec5aa121188301f04a6b8c354c9b", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { @@ -535,22 +519,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1700108881, - "narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1711401922, "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", @@ -566,13 +534,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { - "lastModified": 1711333969, - "narHash": "sha256-5PiWGn10DQjMZee5NXzeA6ccsv60iLu+Xtw+mfvkUAs=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "57e6b3a9e4ebec5aa121188301f04a6b8c354c9b", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { @@ -582,7 +550,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1711200738, "narHash": "sha256-dkJmk/ET/tRV4007O6kU101UEg1svUwiyk/zEEX9Tdg=", @@ -611,11 +579,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1711572924, - "narHash": "sha256-JLDnh9TJXJ8iLRd3dNtS48pqU6LraWUntK8Z7M0W184=", + "lastModified": 1711745924, + "narHash": "sha256-ZYVrOg12pWNbY1hx1lOu3cwER6xalEHUUIXnfbkCtUY=", "owner": "nix-community", "repo": "nixvim", - "rev": "5fb9f0bb86edf08043ebf1cc3d16388469390c0a", + "rev": "4f83bcf2906c1c933316396221024f3482a7b086", "type": "github" }, "original": { @@ -660,11 +628,11 @@ ] }, "locked": { - "lastModified": 1711409088, - "narHash": "sha256-+rTCra8TY4vuSNTtQ0tcex1syCRPoKyb8vyHmoxkga4=", + "lastModified": 1711519547, + "narHash": "sha256-Q7YmSCUJmDl71fJv/zD9lrOCJ1/SE/okZ2DsrmRjzhY=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "db656fc3e34907000df26e8bc5cc3c94fb27f353", + "rev": "7d47a32e5cd1ea481fab33c516356ce27c8cef4a", "type": "github" }, "original": { @@ -682,7 +650,7 @@ "iceshrimp": "iceshrimp", "iceshrimp-withdrawal": "iceshrimp-withdrawal", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "nixvim": "nixvim", @@ -709,7 +677,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { From 7170f0c0b959d66e4d2820c8f8cbd20a8a247953 Mon Sep 17 00:00:00 2001 From: noe Date: Sat, 30 Mar 2024 01:26:30 -0400 Subject: [PATCH 6/9] update flake.lock --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e58c1c3..9fbfbb3 100644 --- a/flake.nix +++ b/flake.nix @@ -42,7 +42,7 @@ iceshrimp-withdrawal = { url = "git+https://iceshrimp.dev/noe/withdrawal"; inputs.nixpkgs.follows = "nixpkgs-unstable"; - # inputs.iceshrimp.follows = "iceshrimp"; + inputs.iceshrimp.follows = "iceshrimp"; }; # Self From 76c9018d34860ab0809e075d04ee1fd697887fe6 Mon Sep 17 00:00:00 2001 From: noe Date: Sat, 30 Mar 2024 01:31:35 -0400 Subject: [PATCH 7/9] pdr: dns-cache --- nixos/hosts/porcelain-doll-repair/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/hosts/porcelain-doll-repair/default.nix b/nixos/hosts/porcelain-doll-repair/default.nix index 6234efd..563bb58 100644 --- a/nixos/hosts/porcelain-doll-repair/default.nix +++ b/nixos/hosts/porcelain-doll-repair/default.nix @@ -2,6 +2,7 @@ imports = [ ../../templates/proxmox-lxc.nix ../../server.nix + ../../features/dns-cache.nix inputs.iceshrimp.nixosModules.iceshrimp {} ]; From 531bb9d7f2ea8ab03949996ecd2db3a5d37bc65f Mon Sep 17 00:00:00 2001 From: noe Date: Sat, 30 Mar 2024 01:32:34 -0400 Subject: [PATCH 8/9] pdr: default --- nixos/hosts/porcelain-doll-repair/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/hosts/porcelain-doll-repair/default.nix b/nixos/hosts/porcelain-doll-repair/default.nix index 563bb58..a8e843a 100644 --- a/nixos/hosts/porcelain-doll-repair/default.nix +++ b/nixos/hosts/porcelain-doll-repair/default.nix @@ -30,7 +30,7 @@ services.iceshrimp = { enable = true; - package = inputs.iceshrimp-withdrawal.packages.${pkgs.system}.iceshrimp.withdrawal; + # package = inputs.iceshrimp-withdrawal.packages.${pkgs.system}.iceshrimp.withdrawal; settings.url = "https://porcelain.doll.repair"; dbPasswordFile = config.sops.secrets.db_password.path; createDb = true; From c7be94384b97199face2a6cd75479a25ea00d72d Mon Sep 17 00:00:00 2001 From: noe Date: Sat, 30 Mar 2024 01:33:18 -0400 Subject: [PATCH 9/9] pdr: back to withdrawal --- nixos/hosts/porcelain-doll-repair/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/hosts/porcelain-doll-repair/default.nix b/nixos/hosts/porcelain-doll-repair/default.nix index a8e843a..563bb58 100644 --- a/nixos/hosts/porcelain-doll-repair/default.nix +++ b/nixos/hosts/porcelain-doll-repair/default.nix @@ -30,7 +30,7 @@ services.iceshrimp = { enable = true; - # package = inputs.iceshrimp-withdrawal.packages.${pkgs.system}.iceshrimp.withdrawal; + package = inputs.iceshrimp-withdrawal.packages.${pkgs.system}.iceshrimp.withdrawal; settings.url = "https://porcelain.doll.repair"; dbPasswordFile = config.sops.secrets.db_password.path; createDb = true;