From 1e4973049f23eab0b9a305ff14a41919b6254fb0 Mon Sep 17 00:00:00 2001 From: Noratrieb <48135649+Noratrieb@users.noreply.github.com> Date: Thu, 7 Aug 2025 19:54:43 +0200 Subject: [PATCH] cook --- nix/apps/hugo-chat/default.nix | 4 +- nix/apps/openolat/default.nix | 4 +- nix/modules/caddy/caddy-build.nix | 116 ------------------ .../caddy/caddy-static-prepare/default.nix | 13 -- .../caddy/caddy-static-prepare/prepare.py | 60 --------- nix/modules/caddy/default.nix | 16 +-- nix/modules/default/default.nix | 6 +- nix/modules/prometheus/default.nix | 53 ++++++-- shell.nix | 4 +- 9 files changed, 58 insertions(+), 218 deletions(-) delete mode 100644 nix/modules/caddy/caddy-build.nix delete mode 100644 nix/modules/caddy/caddy-static-prepare/default.nix delete mode 100644 nix/modules/caddy/caddy-static-prepare/prepare.py diff --git a/nix/apps/hugo-chat/default.nix b/nix/apps/hugo-chat/default.nix index 14d89c9..a62350c 100644 --- a/nix/apps/hugo-chat/default.nix +++ b/nix/apps/hugo-chat/default.nix @@ -5,7 +5,7 @@ let "https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/HugoServer.jar"; hash = "sha256-hCe2UPqrSR6u3/UxsURI2KzRxN5saeTteCRq5Zfay4M="; }; - hugo-chat-client = fetchTarball { + hugo-chat-client = pkgs.fetchzip { url = "https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/hugo-client.tar.xz"; sha256 = "sha256:121ai8q6bm7gp0pl1ajfk0k2nrfg05zid61i20z0j5gpb2qyhsib"; @@ -36,7 +36,7 @@ in environment = { PGDATA = "/var/lib/postgresql/data/pgdata"; }; - extraOptions = [ "--network=hugo-chat" ]; + extraOptions = [ "--cgroup-manager=cgroupfs" "--cgroup-parent=/system.slice/podman-hugo-chat-db.service" ]; environmentFiles = [ config.age.secrets.hugochat_db_password.path ]; }; }; diff --git a/nix/apps/openolat/default.nix b/nix/apps/openolat/default.nix index 6ad5c68..6fc898a 100644 --- a/nix/apps/openolat/default.nix +++ b/nix/apps/openolat/default.nix @@ -24,7 +24,7 @@ in OLAT_HOST = "olat.noratrieb.dev"; }; environmentFiles = [ config.age.secrets.openolat_db_password.path ]; - extraOptions = [ "--network=openolat" ]; + extraOptions = [ "--network=openolat" "--cgroup-manager=cgroupfs" "--cgroup-parent=/system.slice/podman-openolat.service" ]; dependsOn = [ "openolat-db" ]; login = dockerLogin; @@ -39,7 +39,7 @@ in # POSTGRES_PASSWORD = from openolat_db_password PGDATA = "/var/lib/postgresql/data/pgdata"; }; - extraOptions = [ "--network=openolat" ]; + extraOptions = [ "--network=openolat" "--cgroup-manager=cgroupfs" "--cgroup-parent=/system.slice/podman-openolat-db.service" ]; environmentFiles = [ config.age.secrets.openolat_db_password.path ]; }; }; diff --git a/nix/modules/caddy/caddy-build.nix b/nix/modules/caddy/caddy-build.nix deleted file mode 100644 index e82302e..0000000 --- a/nix/modules/caddy/caddy-build.nix +++ /dev/null @@ -1,116 +0,0 @@ -# Copied from https://github.com/NixOS/nixpkgs/pull/259275 and updated. - -{ lib -, buildGoModule -, fetchFromGitHub -, gnused -, nixosTests -, caddy -, stdenv -, testers -, installShellFiles -, externalPlugins ? [ ] -, vendorHash ? "sha256-1Api8bBZJ1/oYk4ZGIiwWCSraLzK9L+hsKXkFtk6iVM=" -}: - -let - attrsToModules = attrs: - builtins.map ({ name, repo, version }: "${repo}") attrs; - attrsToSources = attrs: - builtins.map ({ name, repo, version }: "${repo}@${version}") attrs; -in -buildGoModule rec { - pname = "caddy"; - version = "2.8.4"; - - dist = fetchFromGitHub { - owner = "caddyserver"; - repo = "dist"; - rev = "v${version}"; - hash = "sha256-O4s7PhSUTXoNEIi+zYASx8AgClMC5rs7se863G6w+l0="; - }; - - src = fetchFromGitHub { - owner = "caddyserver"; - repo = "caddy"; - rev = "v${version}"; - hash = "sha256-CBfyqtWp3gYsYwaIxbfXO3AYaBiM7LutLC7uZgYXfkQ="; - }; - - inherit vendorHash; - - subPackages = [ "cmd/caddy" ]; - - ldflags = [ - "-s" - "-w" - "-X github.com/caddyserver/caddy/v2.CustomVersion=${version}" - ]; - - # matches upstream since v2.8.0 - tags = [ "nobadger" ]; - - nativeBuildInputs = [ gnused installShellFiles ]; - - modBuildPhase = '' - for module in ${builtins.toString (attrsToModules externalPlugins)}; do - sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go - done - for plugin in ${builtins.toString (attrsToSources externalPlugins)}; do - go get $plugin - done - - go generate - go mod vendor - ''; - - modInstallPhase = '' - mv -t vendor go.mod go.sum - cp -r --reflink=auto vendor "$out" - ''; - - preBuild = '' - chmod -R u+w vendor - [ -f vendor/go.mod ] && mv -t . vendor/go.{mod,sum} - go generate - - for module in ${builtins.toString (attrsToModules externalPlugins)}; do - sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go - done - ''; - - postInstall = '' - install -Dm644 ${dist}/init/caddy.service ${dist}/init/caddy-api.service -t $out/lib/systemd/system - - substituteInPlace $out/lib/systemd/system/caddy.service \ - --replace-fail "/usr/bin/caddy" "$out/bin/caddy" - substituteInPlace $out/lib/systemd/system/caddy-api.service \ - --replace-fail "/usr/bin/caddy" "$out/bin/caddy" - '' + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' - # Generating man pages and completions fail on cross-compilation - # https://github.com/NixOS/nixpkgs/issues/308283 - - $out/bin/caddy manpage --directory manpages - installManPage manpages/* - - installShellCompletion --cmd caddy \ - --bash <($out/bin/caddy completion bash) \ - --fish <($out/bin/caddy completion fish) \ - --zsh <($out/bin/caddy completion zsh) - ''; - passthru.tests = { - inherit (nixosTests) caddy; - version = testers.testVersion { - command = "${caddy}/bin/caddy version"; - package = caddy; - }; - }; - - meta = with lib; { - homepage = "https://caddyserver.com"; - description = "Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS"; - license = licenses.asl20; - mainProgram = "caddy"; - maintainers = with maintainers; [ Br1ght0ne emilylange techknowlogick ]; - }; -} diff --git a/nix/modules/caddy/caddy-static-prepare/default.nix b/nix/modules/caddy/caddy-static-prepare/default.nix deleted file mode 100644 index da26ede..0000000 --- a/nix/modules/caddy/caddy-static-prepare/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, lib, name, src ? null, ... }: pkgs.stdenv.mkDerivation { - inherit name src; - - buildInputs = with pkgs; [ python311 python311Packages.zstandard python311Packages.brotli ]; - - buildPhase = '' - mkdir -p $out - cp -r $src/* $out/ - chmod -R +w $out - ${lib.getExe pkgs.python311} ${./prepare.py} $out - chmod -R -w $out - ''; -} diff --git a/nix/modules/caddy/caddy-static-prepare/prepare.py b/nix/modules/caddy/caddy-static-prepare/prepare.py deleted file mode 100644 index e87e3ac..0000000 --- a/nix/modules/caddy/caddy-static-prepare/prepare.py +++ /dev/null @@ -1,60 +0,0 @@ -import os -import sys -import gzip -import brotli -import zstandard -import hashlib - - -def usage(): - print("usage: prepare.py [SRC]") - - -def write_etag(path, content): - shasum = hashlib.sha256(content) - etag_path = path+".sha256" - with open(etag_path, "w") as f: - print(f"Writing ETag {etag_path}") - f.write(f'"{shasum.hexdigest()}"') - - -def main(): - if len(sys.argv) < 2: - usage() - exit(1) - - src_dir = sys.argv[1] - - for root, dirs, files in os.walk(src_dir): - for file in files: - path = os.path.join(root, file) - - # Ignore etags - if path.endswith(".sha256") or path.endswith(".b3sum"): - continue - - # Ignore already compressed files - if path.endswith(".gz") or path.endswith(".zst") or path.endswith(".br"): - continue - - with open(path, "rb") as f: - content = f.read() - - compressions = [ - (".gz", gzip), - (".zst", zstandard), - (".br", brotli), - ] - - for ext, alg in compressions: - new_path = path+ext - with open(new_path, "wb") as out: - print(f"Writing {new_path}") - compressed = alg.compress(content) - out.write(compressed) - write_etag(new_path, compressed) - - write_etag(path, content) - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/nix/modules/caddy/default.nix b/nix/modules/caddy/default.nix index f046d2c..dca8a96 100644 --- a/nix/modules/caddy/default.nix +++ b/nix/modules/caddy/default.nix @@ -1,15 +1,11 @@ { pkgs, config, lib, name, ... }: let - caddy = pkgs.callPackage ./caddy-build.nix { - externalPlugins = [ - { - name = "certmagic-s3"; - repo = "github.com/noratrieb-mirrors/certmagic-s3"; - version = "e48519f95173e982767cbb881d49335b6a00a599"; - } + caddy = pkgs.caddy.withPlugins { + plugins = [ + "github.com/noratrieb-mirrors/certmagic-s3@v1.0.0" ]; - vendorHash = "sha256-KP9bYitM/Pocw4DxOXPVBigWh4IykNf8yKJiBlTFZmI="; + hash = "sha256-O1SK13hacEkuSpWLhSdq+hu18Bi6+DqYUPu0lzBpvIE="; }; in { @@ -39,7 +35,7 @@ in format json ''; globalConfig = '' - email noratrieb@proton.me + email tls@noratrieb.dev auto_https disable_redirects storage s3 { @@ -73,7 +69,7 @@ in extraConfig = '' encode zstd gzip header -Last-Modified - root * ${import ./caddy-static-prepare { + root * ${import ../../packages/caddy-static-prepare { name = "debugging-page"; src = ./debugging-page; inherit pkgs lib; diff --git a/nix/modules/default/default.nix b/nix/modules/default/default.nix index cc9a8e6..316fba2 100644 --- a/nix/modules/default/default.nix +++ b/nix/modules/default/default.nix @@ -11,7 +11,7 @@ in }; imports = [ - "${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz"}/modules/age.nix" # main 2024-07-26 + "${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/9edb1787864c4f59ae5074ad498b6272b3ec308d.tar.gz"}/modules/age.nix" # main 2025-08-07 ]; nix = { @@ -129,9 +129,7 @@ in disable = true; }; clients = [ - { - url = "http://loki.internal:3100/loki/api/v1/push"; - } + { url = "http://loki.internal:3100/loki/api/v1/push"; } ]; scrape_configs = [ { diff --git a/nix/modules/prometheus/default.nix b/nix/modules/prometheus/default.nix index 3639986..65507fc 100644 --- a/nix/modules/prometheus/default.nix +++ b/nix/modules/prometheus/default.nix @@ -8,42 +8,77 @@ { job_name = "prometheus"; static_configs = [ - { targets = [ "localhost:9090" ]; } + { targets = [ "localhost:9090" ]; labels = { server = "vps3"; }; } ]; } { job_name = "node"; - static_configs = [{ targets = map (name: "${name}.local:9100") (builtins.attrNames networkingConfig); }]; + static_configs = map + (name: { + targets = [ "${name}.local:9100" ]; + labels = { server = name; }; + }) + (builtins.attrNames networkingConfig); } { job_name = "cadvisor"; - static_configs = [{ targets = map (name: "${name}.local:8080") (builtins.attrNames networkingConfig); }]; + static_configs = map + (name: { + targets = [ "${name}.local:8080" ]; + labels = { server = name; }; + }) + (builtins.attrNames networkingConfig); } { job_name = "systemd"; - static_configs = [{ targets = map (name: "${name}.local:9558") (builtins.attrNames networkingConfig); }]; + static_configs = map + (name: { + targets = [ "${name}.local:9558" ]; + labels = { server = name; }; + }) + (builtins.attrNames networkingConfig); } { job_name = "caddy"; - static_configs = [{ targets = map (name: "${name}.local:9010") (hostsWithTag "apps"); }]; + static_configs = map + (name: { + targets = [ "${name}.local:9010" ]; + labels = { server = name; }; + }) + (hostsWithTag "apps"); } { job_name = "docker-registry"; static_configs = [ - { targets = [ "vps1.local:9011" ]; } + { targets = [ "vps1.local:9011" ]; labels = { server = "vps1"; }; } ]; } { job_name = "garage"; - static_configs = [{ targets = map (name: "${name}.local:3903") (hostsWithTag "apps"); }]; + static_configs = map + (name: { + targets = [ "${name}.local:3903" ]; + labels = { server = name; }; + }) + (hostsWithTag "apps"); } { job_name = "knot"; - static_configs = [{ targets = map (name: "${name}.local:9433") (hostsWithTag "dns"); }]; + static_configs = map + (name: { + targets = [ "${name}.local:9433" ]; + labels = { server = name; }; + }) + (hostsWithTag "dns"); } { job_name = "pretense"; - static_configs = [{ targets = map (name: "${name}.local:9150") (builtins.attrNames networkingConfig); }]; + static_configs = map + (name: { + targets = [ "${name}.local:9150" ]; + labels = { server = name; }; + }) + (builtins.attrNames networkingConfig); } { job_name = "std-internal-docs-status"; diff --git a/shell.nix b/shell.nix index d7c22bc..bb70df0 100644 --- a/shell.nix +++ b/shell.nix @@ -16,8 +16,8 @@ (pkgs.fetchFromGitHub { owner = "ryantm"; repo = "agenix"; - rev = "531beac616433bac6f9e2a19feb8e99a22a66baf"; - hash = "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA="; + rev = "9edb1787864c4f59ae5074ad498b6272b3ec308d"; + hash = "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs="; }) { }).agenix ];