test updated nixpkgs

test frame options
update
2024-02-19 15:21:27 +03:00 · 2024-02-19 15:12:17 +03:00 · 2024-02-12 18:58:38 +03:00 · 2024-02-12 18:54:42 +03:00 · 2024-02-12 18:53:25 +03:00 · 2024-02-12 18:47:54 +03:00
8 changed files with 35 additions and 70 deletions
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1714531828,
-        "narHash": "sha256-ILsf3bdY/hNNI/Hu5bSt2/KbmHaAVhBbNUOdGztTHEg=",
+        "lastModified": 1708161998,
+        "narHash": "sha256-6KnemmUorCvlcAvGziFosAVkrlWZGIc6UNT9GUYr0jQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "0638fe2715d998fa81d173aad264eb671ce2ebc1",
+        "rev": "84d981bae8b5e783b3b548de505b22880559515f",
        "type": "github"
      },
      "original": {
@ -28,11 +28,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709843377,
-        "narHash": "sha256-lQGd4xtKWsIlD5vVurrA/xtNYxYFGfLGyev4oOUeMmY=",
-        "ref": "master",
-        "rev": "1f1fcc223be4c6ae65eef1d50918aed0826e5ad1",
-        "revCount": 1259,
+        "lastModified": 1707753507,
+        "narHash": "sha256-kVxHN027PZeXk/EX2EPT2Mw+ozusRUwMjVBxgslsKAw=",
+        "ref": "system-rebuild-tracking",
+        "rev": "25c691104f323655c5e8ff4cf96fa2cdaa87193c",
+        "revCount": 1186,
        "type": "git",
        "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git"
      },
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@ -9,17 +9,12 @@ let
      CLOUDFLARE_ZONE_API_TOKEN=$TOKEN
      CLOUDFLARE_POLLING_INTERVAL=30
    '';
-    DESEC = ''
-      DESEC_TOKEN=$TOKEN
-      DESEC_POLLING_INTERVAL=30
-      DESEC_PROPAGATION_TIMEOUT=180
-      DESEC_TTL=3600
-    '';
+    DESEC = "DESEC_TOKEN=$TOKEN";
  };
  dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
  acme-env-filepath = "/var/lib/selfprivacy/acme-env";
  secrets-filepath = "/etc/selfprivacy/secrets.json";
-  dnsPropagationCheckExceptions = [ "DIGITALOCEAN" "DESEC" ];
+  dnsPropagationCheckExceptions = [ "DIGITALOCEAN" ];
 in
 {
  users.groups.acmereceivers.members = [ "nginx" ];
--- a/sp-modules/bitwarden/module.nix
+++ b/sp-modules/bitwarden/module.nix
@ -2,7 +2,6 @@
 let
  secrets-filepath = "/etc/selfprivacy/secrets.json";
  backup-dir = "/var/lib/bitwarden/backup";
-  cfg = sp.modules.bitwarden;
  inherit (import ./common.nix config) bitwarden-env sp;
 in
 {
@ -14,16 +13,12 @@ in
    location = lib.mkOption {
      type = lib.types.str;
    };
-    subdomain = lib.mkOption {
-      default = "password";
-      type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
-    };
  };

  config = lib.mkIf config.selfprivacy.modules.bitwarden.enable {
    fileSystems = lib.mkIf sp.useBinds {
      "/var/lib/bitwarden" = {
-        device = "/volumes/${cfg.location}/bitwarden";
+        device = "/volumes/${sp.modules.bitwarden.location}/bitwarden";
        options = [
          "bind"
          "x-systemd.required-by=bitwarden-secrets.service"
@ -35,7 +30,7 @@ in
        ];
      };
      "/var/lib/bitwarden_rs" = {
-        device = "/volumes/${cfg.location}/bitwarden_rs";
+        device = "/volumes/${sp.modules.bitwarden.location}/bitwarden_rs";
        options = [
          "bind"
          "x-systemd.required-by=bitwarden-secrets.service"
@ -53,7 +48,7 @@ in
      backupDir = backup-dir;
      environmentFile = "${bitwarden-env}";
      config = {
-        domain = "https://${cfg.subdomain}.${sp.domain}/";
+        domain = "https://password.${sp.domain}/";
        signupsAllowed = true;
        rocketPort = 8222;
      };
@ -81,7 +76,7 @@ in
        <(printf "%s" "$bitwarden_env") ${bitwarden-env}
      '';
    };
-    services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {
+    services.nginx.virtualHosts."password.${sp.domain}" = {
      useACMEHost = sp.domain;
      forceSSL = true;
      extraConfig = ''
--- a/sp-modules/gitea/module.nix
+++ b/sp-modules/gitea/module.nix
@ -3,9 +3,8 @@ let
  sp = config.selfprivacy;
  stateDir =
    if sp.useBinds
-    then "/volumes/${cfg.location}/gitea"
+    then "/volumes/${sp.modules.gitea.location}/gitea"
    else "/var/lib/gitea";
-  cfg = sp.modules.gitea;
 in
 {
  options.selfprivacy.modules.gitea = {
@ -16,16 +15,12 @@ in
    location = lib.mkOption {
      type = lib.types.str;
    };
-    subdomain = lib.mkOption {
-      default = "git";
-      type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
-    };
  };

-  config = lib.mkIf cfg.enable {
+  config = lib.mkIf config.selfprivacy.modules.gitea.enable {
    fileSystems = lib.mkIf sp.useBinds {
      "/var/lib/gitea" = {
-        device = "/volumes/${cfg.location}/gitea";
+        device = "/volumes/${sp.modules.gitea.location}/gitea";
        options = [ "bind" ];
      };
    };
@ -58,8 +53,8 @@ in
      #      cookieSecure = true;
      settings = {
        server = {
-          DOMAIN = "${cfg.subdomain}.${sp.domain}";
-          ROOT_URL = "https://${cfg.subdomain}.${sp.domain}/";
+          DOMAIN = "git.${sp.domain}";
+          ROOT_URL = "https://git.${sp.domain}/";
          HTTP_ADDR = "0.0.0.0";
          HTTP_PORT = 3000;
        };
@ -88,7 +83,7 @@ in
        };
      };
    };
-    services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {
+    services.nginx.virtualHosts."git.${sp.domain}" = {
      useACMEHost = sp.domain;
      forceSSL = true;
      extraConfig = ''
@ -108,6 +103,6 @@ in
      };
    };
    systemd.services.gitea.unitConfig.RequiresMountsFor =
-      lib.mkIf sp.useBinds "/volumes/${cfg.location}/gitea";
+      lib.mkIf sp.useBinds "/volumes/${sp.modules.gitea.location}/gitea";
  };
 }
--- a/sp-modules/jitsi-meet/module.nix
+++ b/sp-modules/jitsi-meet/module.nix
@ -1,7 +1,6 @@
 { config, lib, ... }:
 let
  domain = config.selfprivacy.domain;
-  cfg = config.selfprivacy.modules.jitsi-meet;
 in
 {
  options.selfprivacy.modules.jitsi-meet = {
@ -9,23 +8,19 @@ in
      default = false;
      type = lib.types.bool;
    };
-    subdomain = lib.mkOption {
-      default = "meet";
-      type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
-    };
  };

-  config = lib.mkIf cfg.enable {
+  config = lib.mkIf config.selfprivacy.modules.jitsi-meet.enable {
    services.jitsi-meet = {
      enable = true;
-      hostName = "${cfg.subdomain}.${domain}";
+      hostName = "meet.${domain}";
      nginx.enable = true;
      interfaceConfig = {
        SHOW_JITSI_WATERMARK = false;
        SHOW_WATERMARK_FOR_GUESTS = false;
      };
    };
-    services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = {
+    services.nginx.virtualHosts."meet.${domain}" = {
      forceSSL = true;
      useACMEHost = domain;
      enableACME = false;
--- a/sp-modules/nextcloud/module.nix
+++ b/sp-modules/nextcloud/module.nix
@ -8,23 +8,18 @@
    location = mkOption {
      type = types.str;
    };
-    subdomain = lib.mkOption {
-      default = "cloud";
-      type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
-    };
  };

  config =
    let
      inherit (import ./common.nix config)
        sp secrets-filepath db-pass-filepath admin-pass-filepath;
-      cfg = sp.modules.nextcloud;
-      hostName = "${cfg.subdomain}.${sp.domain}";
+      hostName = "cloud.${sp.domain}";
    in
    lib.mkIf sp.modules.nextcloud.enable {
      fileSystems = lib.mkIf sp.useBinds {
        "/var/lib/nextcloud" = {
-          device = "/volumes/${cfg.location}/nextcloud";
+          device = "/volumes/${sp.modules.nextcloud.location}/nextcloud";
          options = [
            "bind"
            "x-systemd.required-by=nextcloud-setup.service"
--- a/sp-modules/ocserv/module.nix
+++ b/sp-modules/ocserv/module.nix
@ -3,7 +3,6 @@ let
  domain = config.selfprivacy.domain;
  cert = "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
  key = "${config.security.acme.certs.${domain}.directory}/key.pem";
-  cfg = config.selfprivacy.modules.ocserv;
 in
 {
  options.selfprivacy.modules.ocserv = {
@ -11,13 +10,9 @@ in
      default = false;
      type = lib.types.bool;
    };
-    subdomain = lib.mkOption {
-      default = "vpn";
-      type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
-    };
  };

-  config = lib.mkIf cfg.enable {
+  config = lib.mkIf config.selfprivacy.modules.ocserv.enable {
    users.groups.ocserv.members = [ "ocserv" ];
    users.users.ocserv = {
      isNormalUser = false;
@ -48,7 +43,7 @@ in
        idle-timeout=1200
        mobile-idle-timeout=2400

-        default-domain = ${cfg.subdomain}.${domain}
+        default-domain = vpn.${domain}

        device = vpn0

@ -62,7 +57,7 @@ in
        route = default
      '';
    };
-    services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = {
+    services.nginx.virtualHosts."vpn.${domain}" = {
      useACMEHost = domain;
      forceSSL = true;
      extraConfig = ''
--- a/sp-modules/pleroma/module.nix
+++ b/sp-modules/pleroma/module.nix
@ -1,7 +1,6 @@
 { config, lib, pkgs, ... }:
 let
  secrets-filepath = "/etc/selfprivacy/secrets.json";
-  cfg = config.selfprivacy.modules.pleroma;
  inherit (import ./common.nix config) secrets-exs sp;
 in
 {
@ -13,15 +12,11 @@ in
    location = lib.mkOption {
      type = lib.types.str;
    };
-    subdomain = lib.mkOption {
-      default = "social";
-      type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
-    };
  };
-  config = lib.mkIf cfg.enable {
+  config = lib.mkIf config.selfprivacy.modules.pleroma.enable {
    fileSystems = lib.mkIf sp.useBinds {
      "/var/lib/pleroma" = {
-        device = "/volumes/${cfg.location}/pleroma";
+        device = "/volumes/${sp.modules.pleroma.location}/pleroma";
        options = [
          "bind"
          "x-systemd.required-by=pleroma-secrets.service"
@ -31,7 +26,7 @@ in
        ];
      };
      "/var/lib/postgresql" = {
-        device = "/volumes/${cfg.location}/postgresql";
+        device = "/volumes/${sp.modules.pleroma.location}/postgresql";
        options = [
          "bind"
          "x-systemd.required-by=pleroma-secrets.service"
@ -107,9 +102,9 @@ in
    };
    # seems to be an upstream nixpkgs/nixos bug (missing hexdump)
    systemd.services.pleroma.path = [ pkgs.util-linux ];
-    services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {
-      useACMEHost = sp.domain;
-      root = "/var/www/${cfg.subdomain}.${sp.domain}";
+    services.nginx.virtualHosts."social.${sp.domain}" = {
+      useACMEHost = config.selfprivacy.domain;
+      root = "/var/www/social.${sp.domain}";
      forceSSL = true;
      extraConfig = ''
        add_header Strict-Transport-Security $hsts_header;
Author	SHA1	Message	Date
Inex Code	6d4f85bb06	test updated nixpkgs	2024-02-19 15:21:27 +03:00
Inex Code	1dcf1f78ba	test frame options	2024-02-19 15:12:17 +03:00
Inex Code	cafcd697f9	update	2024-02-12 18:58:38 +03:00
Inex Code	7d4f3be89d	update	2024-02-12 18:54:42 +03:00
Inex Code	efe563372b	update	2024-02-12 18:53:25 +03:00
Inex Code	e52a6e4178	update	2024-02-12 18:47:54 +03:00
Inex Code	7ec11dd56f	update	2024-02-12 18:41:48 +03:00
Inex Code	42c11a39a3	update	2024-02-12 18:35:07 +03:00
Inex Code	2708dfa468	update	2024-02-12 18:27:42 +03:00
Inex Code	383c5371fc	update	2024-02-12 18:25:07 +03:00
Inex Code	7c4b85669d	test	2024-02-12 18:22:28 +03:00