From ffc1fb8f5cff94c9518c1a369d908626d1e4cdab Mon Sep 17 00:00:00 2001 From: sterni Date: Thu, 3 Aug 2023 23:25:34 +0200 Subject: [PATCH] chore(3p/sources): Bump channels & overlays * //users/grfn: vendor ddclient module and package into depot //3p/ddclient now contains the removed package expression and NixOS module with the following changes: - Include former uid/gid settings from ids.nix which have been removed by upstream with the ddclient module. - Rename to deprecate-ddclient, since it is impossible at the moment to prevent the corresponding mkRemovedOptionModule from being imported (https://github.com/NixOS/nixpkgs/issues/245265). I wrote a patch for nixpkgs that would at least allow individual mkRemovedOptionModule to be disable, but it is stuck for now: https://github.com/NixOS/nixpkgs/pull/245274. * //tools/magrathea: We need to pass -host to csc due to https://github.com/NixOS/nixpkgs/pull/246923 now. I don't fully grasp what this means, but it works and we are hardly cross-compiling, so it should be fine until I can get some answers from the change author. * //3p/nixpkgs:nixos-option: provide latest Nix as input https://github.com/NixOS/nixpkgs/pull/237442 adapted nixos-option to API changes in Nix's libraries which means it needs to be built against Nix 2.15, not 2.3. Let's hope it stays up to date with the latest Nix version in the future, so we can keep this override as is. Sadly this means that machines in depot will depend on two versions of Nix going forward. * //3p/nixpkgs:tdlib: update to match emacs-overlay Change-Id: Iac4dba58a076ecf25e8647fd9a06cbabf2f7809e Reviewed-on: https://cl.tvl.fyi/c/depot/+/9004 Reviewed-by: grfn Autosubmit: sterni Reviewed-by: tazjin Tested-by: BuildkiteCI --- third_party/ddclient/default.nix | 7 + third_party/ddclient/module.nix | 230 ++++++++++++++++++ third_party/ddclient/pkg.nix | 45 ++++ third_party/overlays/tvl.nix | 14 +- third_party/sources/sources.json | 54 ++-- tools/magrathea/default.nix | 2 +- users/grfn/system/system/machines/mugwump.nix | 4 +- 7 files changed, 324 insertions(+), 32 deletions(-) create mode 100644 third_party/ddclient/default.nix create mode 100644 third_party/ddclient/module.nix create mode 100644 third_party/ddclient/pkg.nix diff --git a/third_party/ddclient/default.nix b/third_party/ddclient/default.nix new file mode 100644 index 000000000..a3fcd639a --- /dev/null +++ b/third_party/ddclient/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +(pkgs.callPackage ./pkg.nix { }).overrideAttrs (old: { + passthru = old.passthru // { + module = ./module.nix; + }; +}) diff --git a/third_party/ddclient/module.nix b/third_party/ddclient/module.nix new file mode 100644 index 000000000..c8d68f9be --- /dev/null +++ b/third_party/ddclient/module.nix @@ -0,0 +1,230 @@ +# SPDX-License-Identifier: MIT +# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors +{ config, pkgs, lib, ... }: + +let + cfg = config.services.deprecated-ddclient; + boolToStr = bool: if bool then "yes" else "no"; + dataDir = "/var/lib/ddclient"; + StateDirectory = builtins.baseNameOf dataDir; + RuntimeDirectory = StateDirectory; + + configFile' = pkgs.writeText "ddclient.conf" '' + # This file can be used as a template for configFile or is automatically generated by Nix options. + cache=${dataDir}/ddclient.cache + foreground=YES + use=${cfg.use} + login=${cfg.username} + password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"} + protocol=${cfg.protocol} + ${lib.optionalString (cfg.script != "") "script=${cfg.script}"} + ${lib.optionalString (cfg.server != "") "server=${cfg.server}"} + ${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"} + ssl=${boolToStr cfg.ssl} + wildcard=YES + quiet=${boolToStr cfg.quiet} + verbose=${boolToStr cfg.verbose} + ${cfg.extraConfig} + ${lib.concatStringsSep "," cfg.domains} + ''; + configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; + + preStart = '' + install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf + ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then '' + install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key + '' else if (cfg.passwordFile != null) then '' + "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf" + '' else '' + sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf + '')} + ''; + +in + +with lib; + +{ + ###### interface + + options = { + + services.deprecated-ddclient = with lib.types; { + + enable = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org). + ''; + }; + + package = mkOption { + type = package; + default = pkgs.ddclient; + defaultText = lib.literalExpression "pkgs.ddclient"; + description = lib.mdDoc '' + The ddclient executable package run by the service. + ''; + }; + + domains = mkOption { + default = [ "" ]; + type = listOf str; + description = lib.mdDoc '' + Domain name(s) to synchronize. + ''; + }; + + username = mkOption { + # For `nsupdate` username contains the path to the nsupdate executable + default = lib.optionalString (cfg.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; + defaultText = ""; + type = str; + description = lib.mdDoc '' + User name. + ''; + }; + + passwordFile = mkOption { + default = null; + type = nullOr str; + description = lib.mdDoc '' + A file containing the password or a TSIG key in named format when using the nsupdate protocol. + ''; + }; + + interval = mkOption { + default = "10min"; + type = str; + description = lib.mdDoc '' + The interval at which to run the check and update. + See {command}`man 7 systemd.time` for the format. + ''; + }; + + configFile = mkOption { + default = null; + type = nullOr path; + description = lib.mdDoc '' + Path to configuration file. + When set this overrides the generated configuration from module options. + ''; + example = "/root/nixos/secrets/ddclient.conf"; + }; + + protocol = mkOption { + default = "dyndns2"; + type = str; + description = lib.mdDoc '' + Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols). + ''; + }; + + server = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + Server address. + ''; + }; + + ssl = mkOption { + default = true; + type = bool; + description = lib.mdDoc '' + Whether to use SSL/TLS to connect to dynamic DNS provider. + ''; + }; + + quiet = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Print no messages for unnecessary updates. + ''; + }; + + script = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + script as required by some providers. + ''; + }; + + use = mkOption { + default = "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '"; + type = str; + description = lib.mdDoc '' + Method to determine the IP address to send to the dynamic DNS provider. + ''; + }; + + verbose = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Print verbose information. + ''; + }; + + zone = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + zone as required by some providers. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = lines; + description = lib.mdDoc '' + Extra configuration. Contents will be added verbatim to the configuration file. + ::: {.note} + `daemon` should not be added here because it does not work great with the systemd-timer approach the service uses. + ::: + ''; + }; + }; + }; + + + ###### implementation + + config = mkMerge [ + (mkIf cfg.enable { + systemd.services.ddclient = { + description = "Dynamic DNS Client"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + restartTriggers = optional (cfg.configFile != null) cfg.configFile; + path = lib.optional (lib.hasPrefix "if," cfg.use) pkgs.iproute2; + + serviceConfig = { + DynamicUser = true; + RuntimeDirectoryMode = "0700"; + inherit RuntimeDirectory; + inherit StateDirectory; + Type = "oneshot"; + ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}"; + ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf"; + }; + }; + + systemd.timers.ddclient = { + description = "Run ddclient"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = cfg.interval; + OnUnitInactiveSec = cfg.interval; + }; + }; + }) + { + ids.uids.ddclient = 30; + ids.gids.ddclient = 30; + } + ]; +} diff --git a/third_party/ddclient/pkg.nix b/third_party/ddclient/pkg.nix new file mode 100644 index 000000000..586f3891a --- /dev/null +++ b/third_party/ddclient/pkg.nix @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: MIT +# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors +{ lib, fetchFromGitHub, perlPackages, autoreconfHook, iproute2, perl }: + +perlPackages.buildPerlPackage rec { + pname = "ddclient"; + version = "3.10.0"; + + outputs = [ "out" ]; + + src = fetchFromGitHub { + owner = "ddclient"; + repo = "ddclient"; + rev = "v${version}"; + sha256 = "sha256-wWUkjXwVNZRJR1rXPn3IkDRi9is9vsRuNC/zq8RpB1E="; + }; + + postPatch = '' + touch Makefile.PL + ''; + + nativeBuildInputs = [ autoreconfHook ]; + + buildInputs = with perlPackages; [ IOSocketINET6 IOSocketSSL JSONPP ]; + + installPhase = '' + runHook preInstall + # patch sheebang ddclient script which only exists after buildPhase + preConfigure + install -Dm755 ddclient $out/bin/ddclient + install -Dm644 -t $out/share/doc/ddclient COP* README.* ChangeLog.md + runHook postInstall + ''; + + # TODO: run upstream tests + doCheck = false; + + meta = with lib; { + description = "Client for updating dynamic DNS service entries"; + homepage = "https://ddclient.net/"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ SuperSandro2000 ]; + }; +} diff --git a/third_party/overlays/tvl.nix b/third_party/overlays/tvl.nix index c68ec8f26..2a99e66c7 100644 --- a/third_party/overlays/tvl.nix +++ b/third_party/overlays/tvl.nix @@ -39,14 +39,22 @@ depot.nix.readTree.drvTargets { nix = self.nix_2_3; nix_latest = super.nix; + # nixos-option now unfortunately depends on (at the time of writing) Nix 2.15 + # instead of Nix 2.3 as before. The intention seems to be to keep it in sync + # with the latest Nix and it uses unstable interfaces of Nix (the libraries). + # TODO(sterni): can we link it statically and avoid a second Nix store path? + nixos-option = super.nixos-option.override { + nix = self.nix_latest; + }; + # Too match telega in emacs-overlay or wherever tdlib = super.tdlib.overrideAttrs (_: { - version = "1.8.14"; + version = "1.8.15"; src = self.fetchFromGitHub { owner = "tdlib"; repo = "td"; - rev = "e8ee1c51498c060c6f9b8511bf25a6c025e72adf"; - sha256 = "0vm5j5kzvzf5gdmg2rg6hw3dyzn9dy0l256asyjipbnhk9302s0n"; + rev = "64264b0f775a027fa9e0bf72051a8b2a5a2df071"; + sha256 = "1qs8pizap7glm98kjjliph1s7dn4fffwvs5ml8nv9d55dispjc4f"; }; }); diff --git a/third_party/sources/sources.json b/third_party/sources/sources.json index d32fea592..7f067347c 100644 --- a/third_party/sources/sources.json +++ b/third_party/sources/sources.json @@ -5,10 +5,10 @@ "homepage": "https://matrix.to/#/#agenix:nixos.org", "owner": "ryantm", "repo": "agenix", - "rev": "db5637d10f797bb251b94ef9040b237f4702cde3", - "sha256": "07f60gvrc2ianxa3s4lzjmlpps1vbi8scjiyz45813dbgavxcmix", + "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", + "sha256": "01id7i7gw3r56b2p95411sbmbmmsarpzamig4h8rxbi4bljvnxzm", "type": "tarball", - "url": "https://github.com/ryantm/agenix/archive/db5637d10f797bb251b94ef9040b237f4702cde3.tar.gz", + "url": "https://github.com/ryantm/agenix/archive/d8c973fd228949736dedf61b7f8cc1ece3236792.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "emacs-overlay": { @@ -17,10 +17,10 @@ "homepage": "", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "44bffe245cd8ce2281cf0a60021a4dccb6e78148", - "sha256": "01baiqh073jwb0wapcm30ykcrf45j5iwr7b3ccqpndwr5bky44ga", + "rev": "712480410743739b4739652245a1fae4cf9ec38d", + "sha256": "133kvfdnl8k4jgvh6yr4rklf4na3zdcclr52si3hzfbza3p199ri", "type": "tarball", - "url": "https://github.com/nix-community/emacs-overlay/archive/44bffe245cd8ce2281cf0a60021a4dccb6e78148.tar.gz", + "url": "https://github.com/nix-community/emacs-overlay/archive/712480410743739b4739652245a1fae4cf9ec38d.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "home-manager": { @@ -29,10 +29,10 @@ "homepage": "https://nix-community.github.io/home-manager/", "owner": "nix-community", "repo": "home-manager", - "rev": "2f78e6fcba61ce81536d19e6c662e55ab272d539", - "sha256": "0dfnqf3ij1rb807vmambdmskawpnlcn9alqzp2hkmxj1ydvrsnbj", + "rev": "86dd48d70a2e2c17e84e747ba4faa92453e68d4a", + "sha256": "18rvn4m3p6xk72yc3cndskviyy0dnh07nylfcgslfzgga8kmkww8", "type": "tarball", - "url": "https://github.com/nix-community/home-manager/archive/2f78e6fcba61ce81536d19e6c662e55ab272d539.tar.gz", + "url": "https://github.com/nix-community/home-manager/archive/86dd48d70a2e2c17e84e747ba4faa92453e68d4a.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "impermanence": { @@ -41,10 +41,10 @@ "homepage": "", "owner": "nix-community", "repo": "impermanence", - "rev": "89253fb1518063556edd5e54509c30ac3089d5e6", - "sha256": "095q3c1kyj7lpnn1i53c0158jh02avsm6xmkvql045xppkxfnk1b", + "rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851", + "sha256": "1kypb376fyxqb1nn65j579nm5cl5cyrhghcbf2ajgpdpszbv728q", "type": "tarball", - "url": "https://github.com/nix-community/impermanence/archive/89253fb1518063556edd5e54509c30ac3089d5e6.tar.gz", + "url": "https://github.com/nix-community/impermanence/archive/e3a7acd113903269a1b5c8b527e84ce7ee859851.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "naersk": { @@ -53,10 +53,10 @@ "homepage": "", "owner": "nmattia", "repo": "naersk", - "rev": "abca1fb7a6cfdd355231fc220c3d0302dbb4369a", - "sha256": "1f2vy2kpc6xbajjgxksrwdwz0xz4ax7iwznc9q8cfpm8r2z3kcpx", + "rev": "d9a33d69a9c421d64c8d925428864e93be895dcc", + "sha256": "1lhz5haibfnbxwir61mhymxfqfgs2q1nb4rk88va8bpv6j2zlpbv", "type": "tarball", - "url": "https://github.com/nmattia/naersk/archive/abca1fb7a6cfdd355231fc220c3d0302dbb4369a.tar.gz", + "url": "https://github.com/nmattia/naersk/archive/d9a33d69a9c421d64c8d925428864e93be895dcc.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "napalm": { @@ -77,10 +77,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78419edadf0fabbe5618643bd850b2f2198ed060", - "sha256": "10xp417avlhl3gp9h3a7pj12w5g88wmizlz9bjjr7k15is4ihdkn", + "rev": "66aedfd010204949cb225cf749be08cb13ce1813", + "sha256": "1jspq3g1wzdfgmnp4wzzrwh2cfn9q2w86b25bgwr7ygdcdap3fqd", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/78419edadf0fabbe5618643bd850b2f2198ed060.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/66aedfd010204949cb225cf749be08cb13ce1813.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs-stable": { @@ -89,10 +89,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7a18f89ef1dc423f57f3de9bd5d9355550a5d15", - "sha256": "1ggpzw4q52sh4sxmvdvz7q34n7nmdk2nc3ciaipw8zm05mh78dzp", + "rev": "bd836ac5e5a7358dea73cb74a013ca32864ccb86", + "sha256": "1xcg07nmzz74s99ln079rqzlxyiv2gzzz9g71h5337jf4il0560g", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/c7a18f89ef1dc423f57f3de9bd5d9355550a5d15.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/bd836ac5e5a7358dea73cb74a013ca32864ccb86.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "rust-overlay": { @@ -101,10 +101,10 @@ "homepage": "", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ab050286f18ea354bfe7a49ca8ddcbd633cae1ca", - "sha256": "153mczhjwp445g0y1lz5fldbanfnwny93xvb7m5b53cafalswmhh", + "rev": "99df4908445be37ddb2d332580365fce512a7dcf", + "sha256": "10v54n7ih64y9bc8pb58mhpk02w6gxjw7wmyk35pv00ksq9mw1a3", "type": "tarball", - "url": "https://github.com/oxalica/rust-overlay/archive/ab050286f18ea354bfe7a49ca8ddcbd633cae1ca.tar.gz", + "url": "https://github.com/oxalica/rust-overlay/archive/99df4908445be37ddb2d332580365fce512a7dcf.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "rustsec-advisory-db": { @@ -113,10 +113,10 @@ "homepage": "https://rustsec.org", "owner": "RustSec", "repo": "advisory-db", - "rev": "1f538e6f3b8ad37e89b1386e06be080fbe474b3c", - "sha256": "08yms64b4qfn60aa9ylay2fc06z5pwzr5p7l9g1zafjk4iclk297", + "rev": "98e8483ac17d42eeeeee51d4d02ad8a690bd12c7", + "sha256": "0c973phllqrjrfqbvccmnfyf9b0331s91p1g5cqpd8cvwx9dk86i", "type": "tarball", - "url": "https://github.com/RustSec/advisory-db/archive/1f538e6f3b8ad37e89b1386e06be080fbe474b3c.tar.gz", + "url": "https://github.com/RustSec/advisory-db/archive/98e8483ac17d42eeeeee51d4d02ad8a690bd12c7.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } } diff --git a/tools/magrathea/default.nix b/tools/magrathea/default.nix index fa0a5d89a..1d6dacf67 100644 --- a/tools/magrathea/default.nix +++ b/tools/magrathea/default.nix @@ -18,6 +18,6 @@ pkgs.stdenv.mkDerivation { buildPhase = '' mkdir -p $out/bin - csc -o $out/bin/mg -static ${./mg.scm} + csc -o $out/bin/mg -host -static ${./mg.scm} ''; } diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix index 3cb520b1a..208cc3264 100644 --- a/users/grfn/system/system/machines/mugwump.nix +++ b/users/grfn/system/system/machines/mugwump.nix @@ -9,6 +9,7 @@ with lib; (depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix") (depot.path.origSrc + "/users/grfn/xanthous/server/module.nix") (depot.third_party.agenix.src + "/modules/age.nix") + depot.third_party.ddclient.module ]; networking.hostName = "mugwump"; @@ -153,7 +154,8 @@ with lib; }; }; - services.ddclient = { + services.deprecated-ddclient = { + package = depot.third_party.ddclient; enable = true; domains = [ "home.gws.fyi" ]; interval = "1d";