feat(web01): Update web01 to 23.11

2023-12-06 16:55:51 +01:00 · 2023-12-06 16:55:51 +01:00 · a81c902d53
commit a81c902d53
parent a1deeed763
8 changed files with 594 additions and 682 deletions
--- a/machines/web01/castopod-head-proxy.nix
+++ b/machines/web01/castopod-head-proxy.nix
@ -0,0 +1,33 @@
 { config, lib, ... }:
 let
  cfg = config.services.castopod;
  fpm = config.services.phpfpm.pools.castopod;
 in
  {
  services.nginx = {
      resolver.addresses = [ "127.0.0.53" ];
      virtualHosts."${cfg.localDomain}" = {
        locations."@force_get" = {
          extraConfig = lib.mkForce ''
            recursive_error_pages on;
            proxy_method GET;
            proxy_pass https://podcasts.dgnum.eu/$request_uri;
          '';
        };
        locations."~ \.php$" = {
          extraConfig = lib.mkForce ''
            error_page 550 = @force_get;
            if ($request_method = HEAD) { return 550; }
            fastcgi_intercept_errors on;
            fastcgi_index index.php;
            fastcgi_pass unix:${fpm.socket};
            try_files $uri =404;
            fastcgi_read_timeout 3600;
            fastcgi_send_timeout 3600;
          '';
        };
      };
    };
  }
--- a/machines/web01/castopod.nix
+++ b/machines/web01/castopod.nix
@ -3,12 +3,14 @@ let
  host = "podcasts.dgnum.eu";
 in
 {
-  # Notes:
+  imports = [
-  # le paramètre analytics.salt est créé par le service
+    ./castopod-head-proxy.nix
  ];
  services.castopod = {
    enable = true;
    localDomain = host;
    environmentFile = config.age.secrets.castopod-environment_file.path;
    maxUploadSize = 512;
    settings = {
      "email.fromEmail"="noreply@infra.dgnum.eu";
      "email.SMTPHost"="kurisu.lahfa.xyz";
--- a/machines/web01/plausible.nix
+++ b/machines/web01/plausible.nix
@ -30,8 +30,6 @@ in
      secretKeybaseFile = config.age.secrets."plausible_secret-key-base-file".path;
    };
    releaseCookiePath = config.age.secrets."plausible_release-cookie-file".path;
    adminUser = {
      passwordFile = config.age.secrets."plausible_admin-user-password-file".path;
      email = "tom.hubrecht@dgnum.eu";
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@ -23,11 +23,8 @@ in
 builtins.mapAttrs mkNode {
  web01 = {
-    deployment = {
+    deployment.tags = [ "web" ];
      tags = [ "web" ];
    };
    nixpkgs = "23.05";
    stateVersion = "23.05";
  };
--- a/npins/sources.json
+++ b/npins/sources.json
@ -102,12 +102,6 @@
      "url": null,
      "hash": "14w7w327m8rf7yrjflqvbnmwx04l36n7j0nca5ilpvzrr8f2gg6l"
    },
    "nixos-23.05": {
      "type": "Channel",
      "name": "nixos-23.05",
      "url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.4981.5b528f99f73c/nixexprs.tar.xz",
      "hash": "1psdfcl5rjid66dhc8c0dfdrgqk5x76drwcads149pa45vbnri8k"
    },
    "nixos-23.11": {
      "type": "Channel",
      "name": "nixos-23.11",
--- a/patches/castopod.patch
+++ b/patches/castopod.patch
--- a/patches/default.nix
+++ b/patches/default.nix
@ -1,138 +1,13 @@
 {
  "nixos-23.11" = [
    # [Backport release-23.11] zfs_2_1: init at 2.1.13
-    { id = 270117; hash = "sha256-ot80XDtxDvPM0kW2gEeAs/z22jjkGOHog4Ue/JQEnZ8="; }
+    { id = 270117; hash = "sha256-In3sogw/8TGYQQFCeBvdljANR0ZLng4magQ/4uyVy1A="; }
-  ];
+    { id = 241542; revert = true; hash = "sha256-uiRokmJewTLURuQkPWRfb3jgxjaDwfkXntj8PWk6pi8="; }
-  "nixos-23.05" = [
+    # castopod: 1.6.4 -> 1.7.0 + ajout du support de loadcredentials
    # plausible: fix admin user password seed and SMTP passwords
    {
      id = 241126;
      hash = "sha256-TcGuB3k8SeA8PRb/OdZ8ESw9/7yYKPftR96boK7Hmvc=";
    }
    # fetchMixDeps: sha256 -> hash
    {
      id = 235733;
      hash = "sha256-oHGZFXwOJ9ngZNJBTd93abgI+eNPsCBJPgFxt41728o=";
      includes = [
        "pkgs/development/beam-modules/fetch-mix-deps.nix"
        "pkgs/servers/web-apps/plausible/default.nix"
      ];
    }
    # python3Packages.nix-prefetch-github: 6.0.1 -> 7.0.0
    # Only keep the files related to plausible
    {
      id = 243018;
      hash = "sha256-/7jid8tKo2JbVyEmeVxt+9VRqc/2YWkUeagyrMqqb70=";
      includes = [ "pkgs/servers/web-apps/plausible/*" ];
    }
    # plausible: 1.4.4 -> 1.5.1
    {
      id = 229201;
      hash = "sha256-wJ3qQbX5Yn7PZ5gpJYAeCIkblPaaVgUGg3XJb5C8ccY=";
    }
    # plausible: 1.5.1 -> 2.0.0
    {
      id = 253687;
      hash = "sha256-Of3YXCJcevr5Ab6S/TMDR1M6PhffN/osLPAlfo60LAk=";
    }
    # dbip-country-lite: init at 2023-06
    {
      id = 235774;
      hash = "sha256-M0oktrBKxezhBQh3gKHKXrWF7UjACX3PcpSzoq8HkW0=";
    }
    # kanidm: 1.1.0-alpha.12 -> 1.1.0-beta.13
    {
      id = 246564;
      hash = "sha256-Q/G6w4iXthhC6JI/erOx0HBJ25aLQLtZSusAOdT6dYc=";
    }
    # Forgejo v1.19.4-0 -> v1.20.4-1
    {
      _type = "static";
      path = ./forgejo.patch;
    }
    # nixos/forgejo: fork from nixos/gitea
    {
      id = 248310;
      hash = "sha256-6cLMDbzYRKZrFulkS48dPznAap4bVCLsb1APaud9nV8=";
    }
    # garage: add environmentFile
    {
      id = 257043;
      hash = "sha256-Z+WmDPuDoV1Ex+XzvUhvMPn8U+aw0tCRH3O5oR2qQrM=";
    }
    # outline: 0.68.1 -> 0.69.2
    {
      id = 232235;
      hash = "sha256-f+upHsuuYyLqd9Wv+9JHhB3HnP+mXWer6L/xi5eFpwE=";
    }
    # outline: 0.69.2 -> 0.70.2
    {
      id = 241667;
      excludes = [ "nixos/doc/manual/*" ];
      hash = "sha256-9bOjwaXN/4/ASpNfyhaby+nuIz23gDLDIqgTdApdj1U=";
    }
    # outline 0.70.2 -> 0.71.0
    {
      id = 252126;
      hash = "sha256-lH8xp5zG2fAaXS2gLF7UxqvuPlAigJ297hvlks0CG/U=";
    }
    # outline: use fetchYarnDeps
    {
      id = 253567;
      hash = "sha256-aR62vOuTfmJ7MIr3plDcBonQQH2+o2F6z/LAAgcKVHU=";
    }
    # outline: 0.71.0 -> 0.72.0
    {
      id = 259246;
      hash = "sha256-gRGsmqFjtQWWCCTRr9QHZDM3NxIbj5G9bFaFaTYTEYY=";
    }
    # nixos/outline: Add the possibility of using local storage instead of S3
    {
      id = 259254;
      excludes = [ "nixos/doc/manual/*" ];
      hash = "sha256-Hd3bRYncjnfHzEx+g6rb9cU3YmhF6W3QOtQUuDzw78U=";
    }
    # outline: 0.72.2 -> 0.73.1
    {
      id = 267752;
      hash = "sha256-7bydFe7uOK9JxjFgwO0ZjZmKe3uo9GYZiMy0NG7+qkQ=";
    }
    # nixos/ntfy.sh: use dynamic user + add defaults
    {
      id = 234811;
      hash = "sha256-Yz007dCmGl5OxRDMSHv63Ww+LzoQISm9Ttiw0p/6spY=";
    }
    # castopod: init
    # Ne pas mettre à jour sans savoir ce qu'on fait (patch un peu customisé par rapport à upstream)
    {
      _type = "static";
      path = ./castopod.patch;
    }
    # nixos/fail2ban: RFC42-ize
    {
      id = 201907;
      hash = "sha256-bkf37QTFgbnSz3s8QPm5Z+6rWVVOlDtISTR7FACEwMM=";
      excludes = [ "nixos/doc/manual/" ];
    }
  ];
 }
--- a/patches/forgejo.patch
+++ b/patches/forgejo.patch
@ -1,33 +0,0 @@
 diff --git a/pkgs/applications/version-management/forgejo/default.nix b/pkgs/applications/version-management/forgejo/default.nix
 index d21097df07b..2ee652d8785 100644
 --- a/pkgs/applications/version-management/forgejo/default.nix
 +++ b/pkgs/applications/version-management/forgejo/default.nix
@@ -23,7 +23,7 @@ let
     pname = "forgejo-frontend";
     inherit (forgejo) src version;
 -    npmDepsHash = "sha256-dB/uBuS0kgaTwsPYnqklT450ejLHcPAqBdDs3JT8Uxg=";
 +    npmDepsHash = "sha256-YZzVw+WWqTmJafqnZ5vrzb7P6V4DTMNQwW1/+wvZEM8=";
     patches = [
       ./package-json-npm-build-frontend.patch
@@ -38,17 +38,17 @@ let
 in
 buildGoModule rec {
   pname = "forgejo";
 -  version = "1.19.4-0";
 +  version = "1.20.5-0";
   src = fetchFromGitea {
     domain = "codeberg.org";
     owner = "forgejo";
     repo = "forgejo";
     rev = "v${version}";
 -    hash = "sha256-pTcnST8A4gADPBkNago9uwRFEmTx8vNONL/Emer4xLI=";
 +    hash = "sha256-tuwMvSWaMUc/GghmrbGLtyjixwOwiapWEOMD9QmMLic=";
   };
 -  vendorHash = "sha256-LKxhNbSIRaP4EGWX6mE26G9CWfoFTrPRjrL4ShpRHWo=";
 +  vendorHash = "sha256-dgtZjsLBwblhdge3BvdbK/mN/TeZKps9K5dJbqomtjo=";
   subPackages = [ "." ];