From 9c1343bfbd4d9a80aad5b68b128d53240632dcf1 Mon Sep 17 00:00:00 2001 From: Lucy Hochkamp Date: Thu, 4 Jan 2024 15:36:28 +0100 Subject: [PATCH] nosrebuild logging --- hm-imports/vscode/default.nix | 4 +-- hosts/picard/default.nix | 43 ++++++++++++++++++++----------- hosts/picard/xynospace-matrix.nix | 8 ++++++ packages/scripts/nosrebuild | 7 ++--- 4 files changed, 40 insertions(+), 22 deletions(-) diff --git a/hm-imports/vscode/default.nix b/hm-imports/vscode/default.nix index a03f2293..df375a33 100644 --- a/hm-imports/vscode/default.nix +++ b/hm-imports/vscode/default.nix @@ -11,7 +11,7 @@ in home.packages = with pkgs; [ nixd nixpkgs-fmt - # (unstable.quarto.overrideAttrs (curr: { meta.platforms = [ pkgs.system ]; })) + (unstable.quarto.overrideAttrs (curr: { meta.platforms = [ pkgs.system ]; })) ]; programs.vscode = { enable = true; @@ -32,7 +32,7 @@ in marketplace.james-yu.latex-workshop # latex, also provides pdf preview yzhang.markdown-all-in-one # markdown marketplace.davidanson.vscode-markdownlint - # marketplace.quarto.quarto + marketplace.quarto.quarto # marketplace.pokey.cursorless # too much xe exposure #marketplace.valentjn.vscode-ltex # languagetool valentjn.vscode-ltex diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index 1132f9c3..c2fce2c3 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -44,16 +44,20 @@ services.postgresql.package = pkgs.postgresql_13; systemd.services.caddy.serviceConfig.EnvironmentFile = config.age.secrets.desec.path; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.caddy = { + logFormat = "level INFO"; enable = true; package = (pkgs.callPackage ./custom-caddy.nix { externalPlugins = [ - { name = "dns-desec"; repo = "github.com/caddy-dns/desec"; version = "e1e64971fe34c29ce3f4176464adb84d6890aa50"; } + { name = "desec"; repo = "github.com/caddy-dns/desec"; version = "e1e64971fe34c29ce3f4176464adb84d6890aa50"; } ]; - vendorHash = lib.fakeSha256; + vendorHash = "sha256-WWMR4ZpUcDmIv355LBuN5TqVfiCc0+Byxw8LnYei4fs="; }); globalConfig = '' - acme_dns desec {$TOKEN} + acme_dns desec { + token "{$TOKEN}" + } ''; virtualHosts."*.ragon.xyz".extraConfig = '' @8081 host 8081.ragon.xyz @@ -67,9 +71,9 @@ @files host files.ragon.xyz handle @files { encode zstd gzip - root /srv/www + root * /srv/www file_server browse - basicauth /* { + basicauth * { {$BAUSER} {$BAPASSWD} } } @@ -95,20 +99,20 @@ '' encode zstd gzip handle /.well-known/matrix/server { - header Content-Type "application/json" - respond "${builtins.toJSON wkServer}" + header Content-Type application/json + respond `${builtins.toJSON wkServer}` 200 } handle /.well-known/matrix/client { - header Content-Type "application/json" + header Content-Type application/json header Access-Control-Allow-Origin "*" - respond "${builtins.toJSON wkClient}" + respond `${builtins.toJSON wkClient}` 200 } handle /gyakapyukawfyuokfgwtyutf.js { rewrite * /js/plausible.outbound-links.js - reverse_proxy http://[::1]:${toString config.services.plausible.server.port} + reverse_proxy http://127.0.0.1:${toString config.services.plausible.server.port} } handle /api/event { - reverse_proxy http://[::1]:${toString config.services.plausible.server.port} + reverse_proxy http://127.0.0.1:${toString config.services.plausible.server.port} } reverse_proxy http://[::1]${config.services.xynoblog.listen} @@ -116,11 +120,20 @@ virtualHosts."*.xyno.space".extraConfig = '' @stats host stats.xyno.space handle @stats { - reverse_proxy http://[::1]${toString config.services.plausible.server.port} + reverse_proxy http://127.0.0.1:${toString config.services.plausible.server.port} } @matrix host matrix.xyno.space handle @matrix { - handle /_matrix/* /notifications /_synapse/client/* /health { + handle /_matrix/* { + reverse_proxy http://192.168.100.11:8008 + } + handle /notifications { + reverse_proxy http://192.168.100.11:8008 + } + handle /_synapse/client/* { + reverse_proxy http://192.168.100.11:8008 + } + handle /health { reverse_proxy http://192.168.100.11:8008 } } @@ -131,7 +144,7 @@ virtualHosts."*.xyno.systems".extraConfig = '' @md host md.xyno.systems handle @md { - reverse_proxy http://[::1]${toString config.services.hedgedoc.settings.port} + reverse_proxy http://[::1]:${toString config.services.hedgedoc.settings.port} } @sso host sso.xyno.systems handle @sso { @@ -202,7 +215,7 @@ cli.enable = true; user.enable = true; persist.enable = true; - persist.extraDirectories = [ "/srv/www" config.services.caddy.dataDir "/var/lib/syncthing" "/var/lib/${config.services.xynoblog.stateDirectory}" ]; + persist.extraDirectories = [ "/srv/www" config.services.caddy.dataDir "/var/lib/syncthing" "/var/lib/${config.services.xynoblog.stateDirectory}" "/var/lib/postgresql" ]; services = { ssh.enable = true; diff --git a/hosts/picard/xynospace-matrix.nix b/hosts/picard/xynospace-matrix.nix index 5afd078d..a21ec284 100644 --- a/hosts/picard/xynospace-matrix.nix +++ b/hosts/picard/xynospace-matrix.nix @@ -7,6 +7,14 @@ let stateVer = config.system.stateVersion; in { + users.users.matrix-synapse = { + group = "matrix-synapse"; + shell = "${pkgs.bash}/bin/bash"; + uid = config.ids.uids.matrix-synapse; + }; + users.groups.matrix-synapse = { + gid = config.ids.gids.matrix-synapse; + }; ragon.agenix.secrets."matrixSecrets" = { owner = "matrix-synapse"; }; services.postgresql.enable = true; services.postgresql.initialScript = lib.mkForce (pkgs.writeText "synapse-init.sql" '' diff --git a/packages/scripts/nosrebuild b/packages/scripts/nosrebuild index 99335b11..44c2c20a 100755 --- a/packages/scripts/nosrebuild +++ b/packages/scripts/nosrebuild @@ -5,10 +5,7 @@ set -euo pipefail REV=$(curl https://api.github.com/repos/thexyno/nixos-config/branches/main | jq -r .commit.sha) if [[ $(uname) == "Linux" ]]; then - sudo nixos-rebuild switch --flake "github:thexyno/nixos-config?rev=$REV" + sudo nixos-rebuild switch --flake "github:thexyno/nixos-config?rev=$REV" -L else # Darwin - PRIVATEREV=$(git ls-remote ssh://git@github.com/thexyno/nixos-config-private.git HEAD | awk '{print($1)}') - darwin-rebuild switch \ - --flake "github:thexyno/nixos-config?rev=$REV" \ - --override-input private "git+ssh://git@github.com/thexyno/nixos-config-private?rev=$PRIVATEREV" + darwin-rebuild switch --flake "github:thexyno/nixos-config?rev=$REV" -L fi