forked from DGNum/infrastructure
feat(web01): Update web01 to 23.11
This commit is contained in:
parent
a1deeed763
commit
a81c902d53
8 changed files with 594 additions and 682 deletions
33
machines/web01/castopod-head-proxy.nix
Normal file
33
machines/web01/castopod-head-proxy.nix
Normal file
|
@ -0,0 +1,33 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.services.castopod;
|
||||
fpm = config.services.phpfpm.pools.castopod;
|
||||
in
|
||||
{
|
||||
services.nginx = {
|
||||
resolver.addresses = [ "127.0.0.53" ];
|
||||
virtualHosts."${cfg.localDomain}" = {
|
||||
|
||||
locations."@force_get" = {
|
||||
extraConfig = lib.mkForce ''
|
||||
recursive_error_pages on;
|
||||
proxy_method GET;
|
||||
proxy_pass https://podcasts.dgnum.eu/$request_uri;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."~ \.php$" = {
|
||||
extraConfig = lib.mkForce ''
|
||||
error_page 550 = @force_get;
|
||||
if ($request_method = HEAD) { return 550; }
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_pass unix:${fpm.socket};
|
||||
try_files $uri =404;
|
||||
fastcgi_read_timeout 3600;
|
||||
fastcgi_send_timeout 3600;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -3,12 +3,14 @@ let
|
|||
host = "podcasts.dgnum.eu";
|
||||
in
|
||||
{
|
||||
# Notes:
|
||||
# le paramètre analytics.salt est créé par le service
|
||||
imports = [
|
||||
./castopod-head-proxy.nix
|
||||
];
|
||||
services.castopod = {
|
||||
enable = true;
|
||||
localDomain = host;
|
||||
environmentFile = config.age.secrets.castopod-environment_file.path;
|
||||
maxUploadSize = 512;
|
||||
settings = {
|
||||
"email.fromEmail"="noreply@infra.dgnum.eu";
|
||||
"email.SMTPHost"="kurisu.lahfa.xyz";
|
||||
|
|
|
@ -30,8 +30,6 @@ in
|
|||
secretKeybaseFile = config.age.secrets."plausible_secret-key-base-file".path;
|
||||
};
|
||||
|
||||
releaseCookiePath = config.age.secrets."plausible_release-cookie-file".path;
|
||||
|
||||
adminUser = {
|
||||
passwordFile = config.age.secrets."plausible_admin-user-password-file".path;
|
||||
email = "tom.hubrecht@dgnum.eu";
|
||||
|
|
|
@ -23,11 +23,8 @@ in
|
|||
|
||||
builtins.mapAttrs mkNode {
|
||||
web01 = {
|
||||
deployment = {
|
||||
tags = [ "web" ];
|
||||
};
|
||||
deployment.tags = [ "web" ];
|
||||
|
||||
nixpkgs = "23.05";
|
||||
stateVersion = "23.05";
|
||||
};
|
||||
|
||||
|
|
|
@ -102,12 +102,6 @@
|
|||
"url": null,
|
||||
"hash": "14w7w327m8rf7yrjflqvbnmwx04l36n7j0nca5ilpvzrr8f2gg6l"
|
||||
},
|
||||
"nixos-23.05": {
|
||||
"type": "Channel",
|
||||
"name": "nixos-23.05",
|
||||
"url": "https://releases.nixos.org/nixos/23.05/nixos-23.05.4981.5b528f99f73c/nixexprs.tar.xz",
|
||||
"hash": "1psdfcl5rjid66dhc8c0dfdrgqk5x76drwcads149pa45vbnri8k"
|
||||
},
|
||||
"nixos-23.11": {
|
||||
"type": "Channel",
|
||||
"name": "nixos-23.11",
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,138 +1,13 @@
|
|||
{
|
||||
"nixos-23.11" = [
|
||||
# [Backport release-23.11] zfs_2_1: init at 2.1.13
|
||||
{ id = 270117; hash = "sha256-ot80XDtxDvPM0kW2gEeAs/z22jjkGOHog4Ue/JQEnZ8="; }
|
||||
];
|
||||
{ id = 270117; hash = "sha256-In3sogw/8TGYQQFCeBvdljANR0ZLng4magQ/4uyVy1A="; }
|
||||
{ id = 241542; revert = true; hash = "sha256-uiRokmJewTLURuQkPWRfb3jgxjaDwfkXntj8PWk6pi8="; }
|
||||
|
||||
"nixos-23.05" = [
|
||||
# plausible: fix admin user password seed and SMTP passwords
|
||||
{
|
||||
id = 241126;
|
||||
hash = "sha256-TcGuB3k8SeA8PRb/OdZ8ESw9/7yYKPftR96boK7Hmvc=";
|
||||
}
|
||||
|
||||
# fetchMixDeps: sha256 -> hash
|
||||
{
|
||||
id = 235733;
|
||||
hash = "sha256-oHGZFXwOJ9ngZNJBTd93abgI+eNPsCBJPgFxt41728o=";
|
||||
includes = [
|
||||
"pkgs/development/beam-modules/fetch-mix-deps.nix"
|
||||
"pkgs/servers/web-apps/plausible/default.nix"
|
||||
];
|
||||
}
|
||||
|
||||
# python3Packages.nix-prefetch-github: 6.0.1 -> 7.0.0
|
||||
# Only keep the files related to plausible
|
||||
{
|
||||
id = 243018;
|
||||
hash = "sha256-/7jid8tKo2JbVyEmeVxt+9VRqc/2YWkUeagyrMqqb70=";
|
||||
includes = [ "pkgs/servers/web-apps/plausible/*" ];
|
||||
}
|
||||
|
||||
# plausible: 1.4.4 -> 1.5.1
|
||||
{
|
||||
id = 229201;
|
||||
hash = "sha256-wJ3qQbX5Yn7PZ5gpJYAeCIkblPaaVgUGg3XJb5C8ccY=";
|
||||
}
|
||||
|
||||
# plausible: 1.5.1 -> 2.0.0
|
||||
{
|
||||
id = 253687;
|
||||
hash = "sha256-Of3YXCJcevr5Ab6S/TMDR1M6PhffN/osLPAlfo60LAk=";
|
||||
}
|
||||
|
||||
# dbip-country-lite: init at 2023-06
|
||||
{
|
||||
id = 235774;
|
||||
hash = "sha256-M0oktrBKxezhBQh3gKHKXrWF7UjACX3PcpSzoq8HkW0=";
|
||||
}
|
||||
|
||||
# kanidm: 1.1.0-alpha.12 -> 1.1.0-beta.13
|
||||
{
|
||||
id = 246564;
|
||||
hash = "sha256-Q/G6w4iXthhC6JI/erOx0HBJ25aLQLtZSusAOdT6dYc=";
|
||||
}
|
||||
|
||||
# Forgejo v1.19.4-0 -> v1.20.4-1
|
||||
{
|
||||
_type = "static";
|
||||
path = ./forgejo.patch;
|
||||
}
|
||||
|
||||
# nixos/forgejo: fork from nixos/gitea
|
||||
{
|
||||
id = 248310;
|
||||
hash = "sha256-6cLMDbzYRKZrFulkS48dPznAap4bVCLsb1APaud9nV8=";
|
||||
}
|
||||
|
||||
# garage: add environmentFile
|
||||
{
|
||||
id = 257043;
|
||||
hash = "sha256-Z+WmDPuDoV1Ex+XzvUhvMPn8U+aw0tCRH3O5oR2qQrM=";
|
||||
}
|
||||
|
||||
# outline: 0.68.1 -> 0.69.2
|
||||
{
|
||||
id = 232235;
|
||||
hash = "sha256-f+upHsuuYyLqd9Wv+9JHhB3HnP+mXWer6L/xi5eFpwE=";
|
||||
}
|
||||
|
||||
# outline: 0.69.2 -> 0.70.2
|
||||
{
|
||||
id = 241667;
|
||||
excludes = [ "nixos/doc/manual/*" ];
|
||||
hash = "sha256-9bOjwaXN/4/ASpNfyhaby+nuIz23gDLDIqgTdApdj1U=";
|
||||
}
|
||||
|
||||
# outline 0.70.2 -> 0.71.0
|
||||
{
|
||||
id = 252126;
|
||||
hash = "sha256-lH8xp5zG2fAaXS2gLF7UxqvuPlAigJ297hvlks0CG/U=";
|
||||
}
|
||||
|
||||
# outline: use fetchYarnDeps
|
||||
{
|
||||
id = 253567;
|
||||
hash = "sha256-aR62vOuTfmJ7MIr3plDcBonQQH2+o2F6z/LAAgcKVHU=";
|
||||
}
|
||||
|
||||
# outline: 0.71.0 -> 0.72.0
|
||||
{
|
||||
id = 259246;
|
||||
hash = "sha256-gRGsmqFjtQWWCCTRr9QHZDM3NxIbj5G9bFaFaTYTEYY=";
|
||||
}
|
||||
|
||||
# nixos/outline: Add the possibility of using local storage instead of S3
|
||||
{
|
||||
id = 259254;
|
||||
excludes = [ "nixos/doc/manual/*" ];
|
||||
hash = "sha256-Hd3bRYncjnfHzEx+g6rb9cU3YmhF6W3QOtQUuDzw78U=";
|
||||
}
|
||||
|
||||
# outline: 0.72.2 -> 0.73.1
|
||||
{
|
||||
id = 267752;
|
||||
hash = "sha256-7bydFe7uOK9JxjFgwO0ZjZmKe3uo9GYZiMy0NG7+qkQ=";
|
||||
}
|
||||
|
||||
# nixos/ntfy.sh: use dynamic user + add defaults
|
||||
{
|
||||
id = 234811;
|
||||
hash = "sha256-Yz007dCmGl5OxRDMSHv63Ww+LzoQISm9Ttiw0p/6spY=";
|
||||
}
|
||||
|
||||
# castopod: init
|
||||
# Ne pas mettre à jour sans savoir ce qu'on fait (patch un peu customisé par rapport à upstream)
|
||||
# castopod: 1.6.4 -> 1.7.0 + ajout du support de loadcredentials
|
||||
{
|
||||
_type = "static";
|
||||
path = ./castopod.patch;
|
||||
}
|
||||
|
||||
# nixos/fail2ban: RFC42-ize
|
||||
{
|
||||
id = 201907;
|
||||
hash = "sha256-bkf37QTFgbnSz3s8QPm5Z+6rWVVOlDtISTR7FACEwMM=";
|
||||
excludes = [ "nixos/doc/manual/" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,33 +0,0 @@
|
|||
diff --git a/pkgs/applications/version-management/forgejo/default.nix b/pkgs/applications/version-management/forgejo/default.nix
|
||||
index d21097df07b..2ee652d8785 100644
|
||||
--- a/pkgs/applications/version-management/forgejo/default.nix
|
||||
+++ b/pkgs/applications/version-management/forgejo/default.nix
|
||||
@@ -23,7 +23,7 @@ let
|
||||
pname = "forgejo-frontend";
|
||||
inherit (forgejo) src version;
|
||||
|
||||
- npmDepsHash = "sha256-dB/uBuS0kgaTwsPYnqklT450ejLHcPAqBdDs3JT8Uxg=";
|
||||
+ npmDepsHash = "sha256-YZzVw+WWqTmJafqnZ5vrzb7P6V4DTMNQwW1/+wvZEM8=";
|
||||
|
||||
patches = [
|
||||
./package-json-npm-build-frontend.patch
|
||||
@@ -38,17 +38,17 @@ let
|
||||
in
|
||||
buildGoModule rec {
|
||||
pname = "forgejo";
|
||||
- version = "1.19.4-0";
|
||||
+ version = "1.20.5-0";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "codeberg.org";
|
||||
owner = "forgejo";
|
||||
repo = "forgejo";
|
||||
rev = "v${version}";
|
||||
- hash = "sha256-pTcnST8A4gADPBkNago9uwRFEmTx8vNONL/Emer4xLI=";
|
||||
+ hash = "sha256-tuwMvSWaMUc/GghmrbGLtyjixwOwiapWEOMD9QmMLic=";
|
||||
};
|
||||
|
||||
- vendorHash = "sha256-LKxhNbSIRaP4EGWX6mE26G9CWfoFTrPRjrL4ShpRHWo=";
|
||||
+ vendorHash = "sha256-dgtZjsLBwblhdge3BvdbK/mN/TeZKps9K5dJbqomtjo=";
|
||||
|
||||
subPackages = [ "." ];
|
Loading…
Reference in a new issue