hyl.st / helm
nix config
fork atom

break: wallabag is borked

Anish Lakhwara 861364d3 6fb6d4ca

+129 -51
+40 -22
flake.lock
··· 78 78 "utils": "utils" 79 79 }, 80 80 "locked": { 81 - "lastModified": 1686747123, 82 - "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=", 81 + "lastModified": 1704875591, 82 + "narHash": "sha256-eWRLbqRcrILgztU/m/k7CYLzETKNbv0OsT2GjkaNm8A=", 83 83 "owner": "serokell", 84 84 "repo": "deploy-rs", 85 - "rev": "724463b5a94daa810abfc64a4f87faef4e00f984", 85 + "rev": "1776009f1f3fb2b5d236b84d9815f2edee463a9b", 86 86 "type": "github" 87 87 }, 88 88 "original": { ··· 170 170 "flake-compat": { 171 171 "flake": false, 172 172 "locked": { 173 - "lastModified": 1668681692, 174 - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", 173 + "lastModified": 1696426674, 174 + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 175 175 "owner": "edolstra", 176 176 "repo": "flake-compat", 177 - "rev": "009399224d5e398d03b22badca40a37ac85412a1", 177 + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 178 178 "type": "github" 179 179 }, 180 180 "original": { ··· 247 247 }, 248 248 "flake-utils_3": { 249 249 "inputs": { 250 - "systems": "systems" 250 + "systems": "systems_2" 251 251 }, 252 252 "locked": { 253 253 "lastModified": 1685518550, ··· 265 265 }, 266 266 "flake-utils_4": { 267 267 "inputs": { 268 - "systems": "systems_2" 268 + "systems": "systems_3" 269 269 }, 270 270 "locked": { 271 271 "lastModified": 1681202837, ··· 346 346 ] 347 347 }, 348 348 "locked": { 349 - "lastModified": 1687871164, 350 - "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", 349 + "lastModified": 1704099619, 350 + "narHash": "sha256-QRVMkdxLmv+aKGjcgeEg31xtJEIsYq4i1Kbyw5EPS6g=", 351 351 "owner": "nix-community", 352 352 "repo": "home-manager", 353 - "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", 353 + "rev": "7e398b3d76bc1503171b1364c9d4a07ac06f3851", 354 354 "type": "github" 355 355 }, 356 356 "original": { 357 357 "owner": "nix-community", 358 - "ref": "release-23.05", 358 + "ref": "release-23.11", 359 359 "repo": "home-manager", 360 360 "type": "github" 361 361 } ··· 451 451 }, 452 452 "nixpkgs_2": { 453 453 "locked": { 454 - "lastModified": 1691155011, 455 - "narHash": "sha256-O15tC0ysw+fcacEbOzrDrkVNIR+SgtArSGvpgsEqpvA=", 454 + "lastModified": 1704874635, 455 + "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", 456 456 "owner": "nixos", 457 457 "repo": "nixpkgs", 458 - "rev": "9652a97d9738d3e65cf33c0bc24429e495a7868f", 458 + "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356", 459 459 "type": "github" 460 460 }, 461 461 "original": { 462 462 "owner": "nixos", 463 - "ref": "nixos-23.05", 463 + "ref": "nixos-23.11", 464 464 "repo": "nixpkgs", 465 465 "type": "github" 466 466 } ··· 591 591 "type": "github" 592 592 } 593 593 }, 594 + "systems_3": { 595 + "locked": { 596 + "lastModified": 1681028828, 597 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 598 + "owner": "nix-systems", 599 + "repo": "default", 600 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 601 + "type": "github" 602 + }, 603 + "original": { 604 + "owner": "nix-systems", 605 + "repo": "default", 606 + "type": "github" 607 + } 608 + }, 594 609 "tidal-src": { 595 610 "flake": false, 596 611 "locked": { ··· 636 651 }, 637 652 "unstable": { 638 653 "locked": { 639 - "lastModified": 1698611440, 640 - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", 654 + "lastModified": 1704194953, 655 + "narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=", 641 656 "owner": "nixos", 642 657 "repo": "nixpkgs", 643 - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", 658 + "rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6", 644 659 "type": "github" 645 660 }, 646 661 "original": { ··· 651 666 } 652 667 }, 653 668 "utils": { 669 + "inputs": { 670 + "systems": "systems" 671 + }, 654 672 "locked": { 655 - "lastModified": 1667395993, 656 - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", 673 + "lastModified": 1701680307, 674 + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", 657 675 "owner": "numtide", 658 676 "repo": "flake-utils", 659 - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", 677 + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", 660 678 "type": "github" 661 679 }, 662 680 "original": {
+7 -2
flake.nix
··· 8 8 nixos-hardware.url = "github:NixOS/nixos-hardware/master"; 9 9 10 10 # Home manager 11 - home-manager.url = "github:nix-community/home-manager/release-23.05"; 11 + home-manager.url = "github:nix-community/home-manager/release-23.11"; 12 12 home-manager.inputs.nixpkgs.follows = "nixpkgs"; 13 13 hardware.url = "github:nixos/nixos-hardware"; 14 14 ··· 127 127 # for when space matters 128 128 litePkgsFor = forAllSystems (system: import nixpkgs { 129 129 inherit system; 130 + # config.permittedInsecurePackages = [ 131 + # "forgejo-1.19.4-0" # Needed for archivebox deployments on curve 132 + # # Check when archive box updates it's dependeny 133 + # ]; 130 134 overlays = [ 131 - ag serviceenix.overlays.default 135 + agenix.overlays.default 132 136 tidalcycles.overlays.default # needed for nvim which comes pre-installed lol 133 137 ]; 134 138 }); ··· 283 287 helix = { 284 288 hostname = "git.sealight.xyz"; 285 289 autoRollback = false; 290 + magicRollback = false; 286 291 profiles.system = { 287 292 user = "root"; 288 293 path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.helix;
+9 -13
hosts/profiles/wallabag/default.nix
··· 7 7 # age.secrets.wallabag-secret.owner = "wallabag"; 8 8 services.postgresql = { 9 9 enable = true; 10 - package = pkgs.postgresql_11; 10 + package = pkgs.postgresql_15; 11 11 12 12 # Ensure the database, user, and permissions always exist 13 13 ensureDatabases = [ "wallabag" ]; 14 14 ensureUsers = [ 15 15 { 16 16 name = "wallabag"; 17 - ensureDBOwnership = true; 17 + # ensureDBOwnership = true; 18 18 } 19 19 ]; 20 + authentication = '' 21 + local wallabag all md5 22 + ''; 20 23 }; 21 24 22 25 services.wallabag = { ··· 39 42 # with PostgreSQL and SQLite, you must set "utf8" 40 43 database_charset: utf8 41 44 42 - domain_name: http://read.mossnet.lan 45 + domain_name: http://read.mossnet.lan/ 43 46 server_name: "mossnet wallabag instance" 44 47 45 - mailer_transport: smtp 46 - mailer_user: ~ 47 - mailer_password: ~ 48 - mailer_host: 127.0.0.1 49 - mailer_port: false 50 - mailer_encryption: ~ 51 - mailer_auth_mode: ~ 52 - 48 + mailer_dsn: null:// 53 49 locale: en 54 50 55 51 # A secret key that's used to generate certain security-related tokens 56 52 secret: SAFGOECRIlfal89oe6u0(*^dsaaih961 57 53 58 54 # two factor stuff 59 - twofactor_auth: true 55 + twofactor_auth: false 60 56 twofactor_sender: no-reply@wallabag.org 61 57 62 58 # fosuser stuff 63 - fosuser_registration: true 59 + fosuser_registration: false 64 60 fosuser_confirmation: true 65 61 66 62 # how long the access token should live in seconds for the API
+73 -14
modules/nixos/wallabag.nix
··· 9 9 configFile = pkgs.writeTextFile { 10 10 name = "wallabag-config"; 11 11 text = cfg.conf; 12 - destination = "/config/parameters.yml"; 12 + destination = "/app/config/parameters.yml"; 13 13 }; 14 14 15 15 appDir = pkgs.buildEnv { 16 16 name = "wallabag-app-dir"; 17 17 ignoreCollisions = true; 18 18 checkCollisionContents = false; 19 - paths = [ configFile "${cfg.package}/app" ]; 19 + paths = [ configFile "${cfg.package}" ]; 20 + pathsToLink = [ "/app" "/src" "/translations" ]; 20 21 }; 22 + 23 + # See there for available commands: 24 + # https://doc.wallabag.org/en/admin/console_commands.html 25 + # A user can be made admin with the fos:user:promote --super <user> command 26 + console = pkgs.writeShellScriptBin "wallabag-console" '' 27 + export WALLABAG_DATA="${cfg.dataDir}" 28 + cd "${cfg.dataDir}" 29 + ${pkgs.php}/bin/php ${pkgs.wallabag}/bin/console --env=prod $@ 30 + ''; 21 31 22 32 in 23 33 { ··· 90 100 user = "${cfg.user}"; 91 101 group = "nginx"; 92 102 phpPackage = pkgs.php; 103 + phpEnv = { 104 + WALLABAG_DATA = cfg.dataDir; 105 + PATH = lib.makeBinPath [pkgs.php]; 106 + }; 93 107 settings = { 94 108 "listen.owner" = "nginx"; 95 109 "listen.group" = "nginx"; 96 110 "listen.mode" = "0600"; 97 111 "user" = "${cfg.user}"; 98 112 "group" = "nginx"; 99 - "env[WALLABAG_DATA]" = "${cfg.dataDir}"; 100 113 "pm" = "dynamic"; 101 114 "pm.max_children" = "75"; 102 115 "pm.min_spare_servers" = "5"; 103 116 "pm.max_spare_servers" = "20"; 104 117 "pm.max_requests" = "10"; 105 118 "catch_workers_output" = "1"; 106 - "php_admin_value[error_log]" = "/var/log/nginx/${poolName}-phpfpm-error.log"; 119 + "php_admin_value[error_log]" = "stderr"; 120 + "php_admin_flag[log_errors]" = true; 107 121 }; 108 122 }; 109 123 services.phpfpm.phpOptions = '' ··· 111 125 ''; 112 126 113 127 services.nginx.enable = mkDefault true; 128 + environment.systemPackages = [ console ]; 129 + 130 + # services.nginx.virtualHosts."${cfg.hostName}" = { 131 + # forceSSL = false; 132 + # enableACME = false; 133 + # extraConfig = '' 134 + # error_log /var/log/nginx/wallabag_error.log; 135 + # access_log /var/log/nginx/wallabag_access.log; 136 + # ''; 137 + 138 + # root = "${cfg.package}/web"; 139 + # locations."/" = { 140 + # priority = 10; 141 + # tryFiles = "$uri /app.php$is_args$args"; 142 + # }; 143 + # locations."/assets".root = "${cfg.dataDir}/web"; 144 + # locations."~ ^/app\\.php(/|$)" = { 145 + # priority = 100; 146 + # fastcgiParams = { 147 + # SCRIPT_FILENAME = "$realpath_root$fastcgi_script_name"; 148 + # DOCUMENT_ROOT = "$realpath_root"; 149 + # }; 150 + # extraConfig = '' 151 + # fastcgi_pass unix:${config.services.phpfpm.pools."${poolName}".socket}; 152 + # include ${config.services.nginx.package}/conf/fastcgi_params; 153 + # include ${config.services.nginx.package}/conf/fastcgi.conf; 154 + # internal; 155 + # ''; 156 + # }; 157 + # locations."~ \\.php$" = { 158 + # priority = 1000; 159 + # return = "404"; 160 + # }; 161 + # }; 162 + 114 163 115 164 services.nginx.virtualHosts."${cfg.hostName}" = { 116 165 enableACME = false; ··· 124 173 ''; 125 174 126 175 locations."/" = { 127 - extraConfig = '' 128 - try_files $uri /app.php$is_args$args; 129 - ''; 176 + tryFiles = "$uri /app.php$is_args$args"; 130 177 }; 131 178 132 179 locations."/assets".root = "${cfg.dataDir}/web"; 133 180 134 181 locations."~ ^/app\\.php(/|$)" = { 182 + fastcgiParams = { 183 + SCRIPT_FILENAME = "$realpath_root$fastcgi_script_name"; 184 + DOCUMENT_ROOT = "$realpath_root"; 185 + }; 135 186 extraConfig = '' 136 187 fastcgi_pass unix:${config.services.phpfpm.pools."${poolName}".socket}; 137 - fastcgi_split_path_info ^(.+\.php)(/.*)$; 138 - include ${pkgs.nginx}/conf/fastcgi_params; 139 - fastcgi_param SCRIPT_FILENAME ${cfg.package}/web/$fastcgi_script_name; 140 - fastcgi_param DOCUMENT_ROOT ${cfg.package}/web; 141 - fastcgi_read_timeout 120; 188 + include ${config.services.nginx.package}/conf/fastcgi_params; 189 + include ${config.services.nginx.package}/conf/fastcgi.conf; 142 190 internal; 143 191 ''; 192 + # extraConfig = '' 193 + # fastcgi_pass unix:${config.services.phpfpm.pools."${poolName}".socket}; 194 + # fastcgi_split_path_info ^(.+\.php)(/.*)$; 195 + # include ${pkgs.nginx}/conf/fastcgi_params; 196 + # fastcgi_param SCRIPT_FILENAME ${cfg.package}/web/$fastcgi_script_name; 197 + # fastcgi_param DOCUMENT_ROOT ${cfg.package}/web; 198 + # fastcgi_read_timeout 120; 199 + # internal; 200 + # ''; 144 201 }; 145 202 146 203 locations."~ /(?!app)\\.php$" = { ··· 174 231 cd "${cfg.dataDir}" 175 232 176 233 rm -rf var/cache/* 177 - rm -f app 178 - ln -sf ${appDir} app 234 + rm -f app src translations 235 + ln -sf ${appDir}/app app 236 + ln -sf ${appDir}/src src 237 + ln -sf ${appDir}/translations translations 179 238 ln -sf ${cfg.package}/composer.{json,lock} . 180 239 181 240 export WALLABAG_DATA="${cfg.dataDir}"