j00lz/strato-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update to nixpkgs 22.05

Browse source 
Add grafana and prometheus as well
Remove glitch-soc, maybe I'll try mastodon sometime in the future
but not now.
This commit is contained in:
Julius 2022-06-06 19:19:45 +02:00
parent 6577838ade
commit fa09bf933c
Signed by: j00lz
GPG key ID: AF241B0AA237BBA2
13 changed files with 124 additions and 3412 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
nixos/flake.lock
View file

@ -10,11 +10,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1653210933, "lastModified": 1654325492,
"narHash": "sha256-n6Hk/zPHcjloi0E/miKGnXrWROha90uan2CFQV7oaqI=", "narHash": "sha256-+eegOXTfWyVygrqWCid1pg5IdCjmh0G8o5uA93IQFdA=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "colmena", "repo": "colmena",
"rev": "429a0f5aa1d1bac06234e2f0c02d5b63a850d940", "rev": "b5629dca833fc0bd545898c2dd2d9d5ae1fd5066",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -77,16 +77,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1653229824, "lastModified": 1654360807,
"narHash": "sha256-klSCYMpR4TqWYoTD/xZ2qM9UIPRFC6pK+S/kJuVLbFw=", "narHash": "sha256-wYG86PUkPZ1P/oHsCpepTkb/U26poaEPPp1XFjRsgdA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "06db2e2197401b74fcf82d4e84be15b0b5851c7b", "rev": "d9794b04bffb468b886c553557489977ae5f4c65",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-21.11", "ref": "nixos-22.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -100,11 +100,11 @@
}, },
"stable": { "stable": {
"locked": { "locked": {
"lastModified": 1653087707, "lastModified": 1653996475,
"narHash": "sha256-zfno3snrzZTWQ2B7K53QHrGZwrjnJLTRPalymrSsziU=", "narHash": "sha256-r/UA7h3Dfgf4dlOCkakpqejf1Tagfb+6T+9OdT0qBgU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cbd40c72b2603ab54e7208f99f9b35fc158bc009", "rev": "ec6eaba9dfcfdd11547d75a193e91e26701bf7e3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -116,11 +116,11 @@
}, },
"utils": { "utils": {
"locked": { "locked": {
"lastModified": 1649676176, "lastModified": 1653893745,
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
"type": "github" "type": "github"
}, },
"original": { "original": {

30
nixos/flake.nix
View file

@ -2,7 +2,7 @@
description = "A very basic flake"; description = "A very basic flake";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
colmena = { colmena = {
url = "github:zhaofengli/colmena"; url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -14,7 +14,16 @@
}; };
outputs = { self, nixpkgs, colmena, nixos-generators, ... }: outputs = { self, nixpkgs, colmena, nixos-generators, ... }:
let pkgs = nixpkgs.legacyPackages.x86_64-linux; let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
machine = name: machineTagged name [ ];
machineTagged = name: tags: {
imports = [ "${./.}/machines/${name}" ];
deployment = {
targetHost = "${name}.lxd";
tags = tags;
};
};
in { in {
packages.x86_64-linux.hello = pkgs.hello; packages.x86_64-linux.hello = pkgs.hello;
@ -124,13 +133,22 @@
}; };
}; };
mastodon = { misskey = {
imports = [ ./machines/mastodon ]; imports = [ ./machines/misskey ];
deployment = { deployment = {
targetHost = "mastodon.lxd"; targetHost = "misskey.lxd";
tags = [ "mastodon" ]; tags = [ ];
}; };
}; };
grafana = {
imports = [ ./machines/grafana ];
deployment = {
targetHost = "grafana.lxd";
tags = [ ];
};
};
prometheus = machine "prometheus";
}; };
devShells.x86_64-linux.default = pkgs.mkShell { devShells.x86_64-linux.default = pkgs.mkShell {

19
nixos/machines/grafana/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, pkgs, ... }: {
imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "grafana";
system.stateVersion = "21.11";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 2345 ];
services.grafana = {
enable = true;
domain = "stats.asraphiel.dev";
rootUrl = "https://stats.asraphiel.dev/";
port = 2345;
addr = "0.0.0.0";
auth.anonymous.enable = true;
auth.anonymous.org_role = "Viewer";
auth.anonymous.org_name = "Asraphiel";
};
}

41
nixos/machines/nginx/default.nix
View file

@ -33,14 +33,22 @@ in {
networking.hostName = "nginx"; networking.hostName = "nginx";
system.stateVersion = "21.11"; system.stateVersion = "21.11";
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 9113 9117 ];
services.nginx = { services.nginx = {
enable = true; enable = true;
commonHttpConfig = ''
log_format custom '$remote_addr - $remote_user [$time_local] '
'"$host" "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log custom;
'';
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
package = pkgs.nginxMainline; package = pkgs.nginxMainline;
statusPage = true;
virtualHosts."asraphiel.dev" = { virtualHosts."asraphiel.dev" = {
forceSSL = true; forceSSL = true;
@ -67,6 +75,8 @@ in {
virtualHosts."ikaros.asraphiel.dev" = k8sProxy; virtualHosts."ikaros.asraphiel.dev" = k8sProxy;
virtualHosts."whoami.asraphiel.dev" = k8sProxy; virtualHosts."whoami.asraphiel.dev" = k8sProxy;
virtualHosts."stats.asraphiel.dev" = proxy "http://grafana.lxd:2345/";
virtualHosts."groenehartansichtkaarten.nl" = k8sProxy; virtualHosts."groenehartansichtkaarten.nl" = k8sProxy;
virtualHosts."ansichtkaarten.asraphiel.dev" = k8sProxy; virtualHosts."ansichtkaarten.asraphiel.dev" = k8sProxy;
@ -82,7 +92,34 @@ in {
}; };
}; };
security.acme.email = "acme@voidcorp.nl"; services.prometheus.exporters.nginx.enable = true;
services.prometheus.exporters.nginxlog.enable = true;
services.prometheus.exporters.nginxlog.user = config.services.nginx.user;
services.prometheus.exporters.nginxlog.settings = {
consul = { enable = false; };
namespaces = [{
name = "asraphiel";
format = ''
$remote_addr - $remote_user [$time_local] "$host" "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'';
source = {
files = [ "/var/log/nginx/access.log" ];
};
relabel_configs = [
{
target_label = "remote_addr";
from = "remote_addr";
}
{
target_label = "host";
from = "host";
}
];
}];
};
security.acme.defaults.email = "acme@voidcorp.nl";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
environment.etc."main/index.html" = { environment.etc."main/index.html" = {
enable = true; enable = true;

25
nixos/machines/prometheus/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, pkgs, ... }:
let
logSouce = name: target: {
job_name = name;
static_configs = [{ targets = [ target ]; }];
};
in {
imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "prometheus";
system.stateVersion = "21.11";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 9001 ];
services.prometheus = {
enable = true;
port = 9001;
scrapeConfigs = [
(logSouce "asraphiel" "asraphiel.dev:9100")
(logSouce "nginx_status_page" "nginx.lxd:9113")
(logSouce "nginx_logs" "nginx.lxd:9117")
];
};
}

5
nixos/pkgs/default.nix
View file

@ -1 +1,4 @@
self: super: { julius = { glitch-soc = super.callPackage ./glitch-soc { }; }; } self: super:
{
# maybe i'll add overlays here sometime
}

6
nixos/pkgs/glitch-soc/README.md
View file

@ -1,6 +0,0 @@
# How to update
1. Run `./update.sh --ver v3.5.2 --url https://github.com/glitch-soc/mastodon.git --rev latest-commit-on-main`
2. Set `yarnOfflineCache.sha256` in `default.nix` to `""`, wait for it to error, and replace the hash.
3. ???
4. Profit

123
nixos/pkgs/glitch-soc/default.nix
View file

@ -1,123 +0,0 @@
{ lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, bundlerEnv, nixosTests
, yarn, callPackage, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript
, fetchYarnDeps, fixup_yarn_lock
# Allow building a fork or custom version of Mastodon:
, pname ? "mastodon"
, version ? import ./version.nix
, srcOverride ? null
, dependenciesDir ? ./. # Should contain gemset.nix, yarn.nix and package.json.
}:
stdenv.mkDerivation rec {
inherit pname version;
# Using overrideAttrs on src does not build the gems and modules with the overridden src.
# Putting the callPackage up in the arguments list also does not work.
src = if srcOverride != null then srcOverride else callPackage ./source.nix {};
yarnOfflineCache = fetchYarnDeps {
yarnLock = "${src}/yarn.lock";
sha256 = "sha256-zx93a2oIXW65h617cj8JmvfVPddHi/Rw2ulKOrwqUVw=";
};
mastodon-gems = bundlerEnv {
name = "${pname}-gems-${version}";
inherit version;
ruby = ruby_3_0;
gemdir = src;
gemset = dependenciesDir + "/gemset.nix";
# This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem
# symlinks with directories, resolving this error when running rake:
# /nix/store/451rhxkggw53h7253izpbq55nrhs7iv0-mastodon-gems-3.0.1/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `<module:Bundler>': uninitialized constant Bundler::Settings (NameError)
postBuild = ''
for gem in "$out"/lib/ruby/gems/*/gems/*; do
cp -a "$gem/" "$gem.new"
rm "$gem"
# needed on macOS, otherwise the mv yields permission denied
chmod +w "$gem.new"
mv "$gem.new" "$gem"
done
'';
};
mastodon-modules = stdenv.mkDerivation {
pname = "${pname}-modules";
inherit src version;
nativeBuildInputs = [ fixup_yarn_lock nodejs-slim yarn mastodon-gems mastodon-gems.wrappedRuby ];
RAILS_ENV = "production";
NODE_ENV = "production";
buildPhase = ''
export HOME=$PWD
fixup_yarn_lock ~/yarn.lock
yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress
patchShebangs ~/bin
patchShebangs ~/node_modules
# skip running yarn install
rm -rf ~/bin/yarn
OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
rails assets:precompile
yarn cache clean --offline
rm -rf ~/node_modules/.cache
'';
installPhase = ''
mkdir -p $out/public
cp -r node_modules $out/node_modules
cp -r public/assets $out/public
cp -r public/packs $out/public
'';
};
propagatedBuildInputs = [ imagemagick ffmpeg file mastodon-gems.wrappedRuby ];
buildInputs = [ mastodon-gems nodejs-slim ];
buildPhase = ''
ln -s ${mastodon-modules}/node_modules node_modules
ln -s ${mastodon-modules}/public/assets public/assets
ln -s ${mastodon-modules}/public/packs public/packs
patchShebangs bin/
for b in $(ls ${mastodon-gems}/bin/)
do
if [ ! -f bin/$b ]; then
ln -s ${mastodon-gems}/bin/$b bin/$b
fi
done
rm -rf log
ln -s /var/log/mastodon log
ln -s /tmp tmp
'';
installPhase = let
run-streaming = writeShellScript "run-streaming.sh" ''
# NixOS helper script to consistently use the same NodeJS version the package was built with.
${nodejs-slim}/bin/node ./streaming
'';
in ''
mkdir -p $out
cp -r * $out/
ln -s ${run-streaming} $out/run-streaming.sh
'';
passthru = {
tests.mastodon = nixosTests.mastodon;
updateScript = callPackage ./update.nix {};
};
meta = with lib; {
description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
homepage = "https://joinmastodon.org";
license = licenses.agpl3Plus;
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
maintainers = with maintainers; [ petabyteboy happy-river erictapen izorkin ];
};
}

3121
nixos/pkgs/glitch-soc/gemset.nix
View file

File diff suppressed because it is too large Load diff

11
nixos/pkgs/glitch-soc/source.nix
View file

@ -1,11 +0,0 @@
# This file was generated by pkgs.mastodon.updateScript.
{ fetchgit, applyPatches }: let
src = fetchgit {
url = "https://github.com/glitch-soc/mastodon.git";
rev = "444b65009411a08ddab95ec60b86b3cf63086c2e";
sha256 = "1hb7ljzlsvfa8375lwdw7bfzn292miv03xgsgmfax1z9arjy55qn";
};
in applyPatches {
inherit src;
patches = [];
}

30
nixos/pkgs/glitch-soc/update.nix
View file

@ -1,30 +0,0 @@
{ pkgs
, runCommand
, lib
, makeWrapper
, yarn2nix
, bundix
, coreutils
, diffutils
, nix-prefetch-git
, gnused
, jq
}:
let
binPath = lib.makeBinPath [ yarn2nix bundix coreutils diffutils nix-prefetch-git gnused jq ];
in
runCommand "mastodon-update-script"
{
nativeBuildInputs = [ makeWrapper ];
meta = {
maintainers = with lib.maintainers; [ happy-river ];
description = "Utility to generate Nix expressions for Mastodon's dependencies";
platforms = lib.platforms.unix;
};
} ''
mkdir -p $out/bin
cp ${./update.sh} $out/bin/update.sh
patchShebangs $out/bin/update.sh
wrapProgram $out/bin/update.sh --prefix PATH : ${binPath}
''

98
nixos/pkgs/glitch-soc/update.sh
View file

@ -1,98 +0,0 @@
#!/usr/bin/env bash
set -e
URL=https://github.com/mastodon/mastodon.git
POSITIONAL=()
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
--url)
URL="$2"
shift # past argument
shift # past value
;;
--ver)
VERSION="$2"
shift # past argument
shift # past value
;;
--rev)
REVISION="$2"
shift # past argument
shift # past value
;;
--patches)
PATCHES="$2"
shift # past argument
shift # past value
;;
*) # unknown option
POSITIONAL+=("$1")
shift # past argument
;;
esac
done
if [[ -z "$VERSION" || -n "$POSITIONAL" ]]; then
echo "Usage: update.sh [--url URL] --ver VERSION [--rev REVISION] [--patches PATCHES]"
echo "URL may be any path acceptable to 'git clone' and VERSION the"
echo "semantic version number. If VERSION is not a revision acceptable to"
echo "'git checkout', you must provide one in REVISION. If URL is not"
echo "provided, it defaults to https://github.com/mastodon/mastodon.git."
echo "PATCHES, if provided, should be one or more Nix expressions"
echo "separated by spaces."
exit 1
fi
if [[ -z "$REVISION" ]]; then
REVISION="$VERSION"
fi
rm -f gemset.nix version.nix source.nix
TARGET_DIR="$PWD"
WORK_DIR=$(mktemp -d)
# Check that working directory was created.
if [[ ! "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
echo "Could not create temporary directory"
exit 1
fi
# Delete the working directory on exit.
function cleanup {
# Report errors, if any, from nix-prefetch-git
grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true
rm -rf "$WORK_DIR"
}
trap cleanup EXIT
echo "Fetching source code $REVISION from $URL"
JSON=$(nix-prefetch-git --url "$URL" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
SHA=$(echo $JSON | jq -r .sha256)
FETCHED_SOURCE_DIR=$(grep '^path is' $WORK_DIR/nix-prefetch-git.out | sed 's/^path is //')
echo "Creating version.nix"
echo \"$VERSION\" | sed 's/^"v/"/' > version.nix
cat > source.nix << EOF
# This file was generated by pkgs.mastodon.updateScript.
{ fetchgit, applyPatches }: let
src = fetchgit {
url = "$URL";
rev = "$REVISION";
sha256 = "$SHA";
};
in applyPatches {
inherit src;
patches = [$PATCHES];
}
EOF
SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
echo "" >> $TARGET_DIR/gemset.nix # Create trailing newline to please EditorConfig checks

1
nixos/pkgs/glitch-soc/version.nix
View file

@ -1 +0,0 @@
"3.5.2"