diff --git a/docker-compose/all-in-one/docker-compose.yml b/docker-compose/all-in-one/docker-compose.yml
index e498352..04e9ab1 100644
--- a/docker-compose/all-in-one/docker-compose.yml
+++ b/docker-compose/all-in-one/docker-compose.yml
@@ -71,7 +71,7 @@ services:
# Password vault
bitwarden:
- image: vaultwarden/server:1.30.1
+ image: vaultwarden/server:1.30.3
container_name: bitwarden
volumes: [./bitwarden:/data]
ports: [8081:80]
@@ -136,7 +136,7 @@ services:
# Matrix homeserver
matrix:
- image: matrixdotorg/synapse:v1.99.0
+ image: matrixdotorg/synapse:v1.100.0
container_name: matrix
volumes: [./matrix/matrix:/data]
ports: [8008:8008]
@@ -163,7 +163,7 @@ services:
# Matrix web client
matrix_web:
- image: vectorim/element-web:v1.11.55
+ image: vectorim/element-web:v1.11.57
container_name: element_web
depends_on: [matrix]
volumes: [./matrix/element/config.json:/app/config.json]
diff --git a/docs/src/hosts/immortalis.md b/docs/src/hosts/immortalis.md
index 9886348..16f8954 100644
--- a/docs/src/hosts/immortalis.md
+++ b/docs/src/hosts/immortalis.md
@@ -9,21 +9,21 @@ All directories containing important data were mapped to `/data_1` and `/data_2`
The current line-up looks as follows:
```sh
-nico@immortalis ~ (main)> machinectl
+nico@immortalis ~> machinectl
MACHINE CLASS SERVICE OS VERSION ADDRESSES
-chaotic-kde container systemd-nspawn nixos 23.11 10.0.5.90
-docker container systemd-nspawn nixos 23.11 10.0.5.100
-docker-proxied container systemd-nspawn nixos 23.11 10.0.5.110
-forum container systemd-nspawn nixos 23.11 10.0.5.70
-github-runner container systemd-nspawn nixos 23.11 10.0.5.130
-iso-runner container systemd-nspawn nixos 23.11 10.0.5.40
-lemmy container systemd-nspawn nixos 23.11 10.0.5.120
-mastodon container systemd-nspawn nixos 23.11 10.0.5.80
-meshcentral container systemd-nspawn nixos 23.11 10.0.5.60
-postgres container systemd-nspawn nixos 23.11 10.0.5.50
-repo container systemd-nspawn nixos 23.11 10.0.5.30
-temeraire container systemd-nspawn nixos 23.11 10.0.5.20
-web-front container systemd-nspawn nixos 23.11 10.0.5.10
+chaotic-kde container systemd-nspawn nixos 24.05 10.0.5.90
+chaotic-v4 container systemd-nspawn nixos 24.05 10.0.5.140
+docker container systemd-nspawn nixos 24.05 10.0.5.100
+docker-proxied container systemd-nspawn nixos 24.05 10.0.5.110
+forum container systemd-nspawn nixos 24.05 10.0.5.70
+github-runner container systemd-nspawn nixos 24.05 10.0.5.130
+iso-runner container systemd-nspawn nixos 24.05 10.0.5.40
+lemmy container systemd-nspawn nixos 24.05 10.0.5.120
+mastodon container systemd-nspawn nixos 24.05 10.0.5.80
+meshcentral container systemd-nspawn nixos 24.05 10.0.5.60
+postgres container systemd-nspawn nixos 24.05 10.0.5.50
+temeraire container systemd-nspawn nixos 24.05 10.0.5.20
+web-front container systemd-nspawn nixos 24.05 10.0.5.10
```
We are seeing:
@@ -31,7 +31,7 @@ We are seeing:
- 1 ISO builder (`iso-runner`)
- 1 reverse proxy serving all the websites and services (`web-front`)
- 2 Docker dedicated nspawn containers (`docker` & `docker-proxied`)
-- 4 Chaotic-AUR builders (`chaotic-kde`, `github-runner`, `repo` & `temeraire`)
+- 4 Chaotic-AUR builders (`chaotic-kde`, `chaotic-v4`, `github-runner` & `temeraire`)
- 5 app dedicated containers (`forum`, `lemmy`, `mastodon`, `meshcentral` & `postgres`)
### Connecting to the server
@@ -39,13 +39,13 @@ We are seeing:
After connecting to the host via `ssh -p 666 $user@116.202.208.112`, containers can generally be entered by running `nixos-container login $containername`, eg. `nixos-container login web-front`. Some containers may also be connected via SSH using the following ports:
- 22: `temeraire` (needs to be 22 to allow pushing packages to the main Chaotic-AUR node via rsync)
-- 223: `repo`
- 224: `forum`
- 225: `docker`
- 226: `chaotic-kde`
- 227: `iso-runner`
- 228: `web-front`
-- 229: `postgres` (access the database in `127.0.0.1` via `ssh -p 229 nico@116.202.208.112 -L 5432:127.0.0.1:5432`)
+- 229: `postgres` (access the database in `127.0.0.1` via `ssh -p 229 $user@116.202.208.112 -L 5432:127.0.0.1:5432`)
+- 400: `chaotic-v4`
### Docker containers
diff --git a/docs/src/nixos-containers/repo.md b/docs/src/nixos-containers/repo.md
deleted file mode 100644
index 8dd81af..0000000
--- a/docs/src/nixos-containers/repo.md
+++ /dev/null
@@ -1,31 +0,0 @@
-# repo
-
-## General
-
-This is another package builder, that builds packages for our `[garuda]` repository.
-This builder is accessed by the [PKGBUILD repos](https://gitlab.com/garuda-linux/pkgbuilds) CI pipelines via SSH to trigger package deployments.
-
-## How to request a build via CI
-
-To lock down any possible action, access has been restricted to a command wrapper. Allowed actions for the `gitlab` user are:
-
-1. Building a specific package
-2. Building a full routine
-
-In order to trigger these actions, one needs to do the following:
-
-1. `ssh -p 223 gitlab@builds.garudalinux.org chaotictrigger $pkgname`
-2. `ssh -p 223 gitlab@builds.garudalinux.org chaotictrigger routine`
-
-For our PKGBUILD repo, it has been implemented via this [pipeline](https://gitlab.com/garuda-linux/pkgbuilds/-/blob/main/.gitlab-ci.yml?ref_type=heads#L69).
-
-## How packages get built
-
-We switched to a CI-driven workflow for deploying new packages of the `garuda` repository, more details on how to operate the process can be found in the [repository section](../repositories/general.md).
-The GitLab runner used to build the packages is located in the untrusted [github-runner](./github-runner.md) container.
-
-## Nix expression
-
-```nix
-{{#include ../../../nixos/hosts/repo.nix}}
-```
diff --git a/docs/theme/highlight.js b/docs/theme/highlight.js
index 52ab1cd..f50c69b 100644
--- a/docs/theme/highlight.js
+++ b/docs/theme/highlight.js
@@ -81,11 +81,11 @@ var hljs = (function () {
? e
: n
: "start" === n[0].event
- ? e
- : n
+ ? e
+ : n
: e.length
- ? e
- : n;
+ ? e
+ : n;
}
function c(e) {
s +=
@@ -348,10 +348,10 @@ var hljs = (function () {
return n
? +n
: (function (e) {
- return N.includes(e.toLowerCase());
- })(e)
- ? 0
- : 1;
+ return N.includes(e.toLowerCase());
+ })(e)
+ ? 0
+ : 1;
}
const R = t,
y = r,
@@ -718,12 +718,12 @@ var hljs = (function () {
e.cached_variants
? e.cached_variants
: (function e(n) {
- return !!n && (n.endsWithParent || e(n.starts));
- })(e)
- ? r(e, { starts: e.starts ? r(e.starts) : null })
- : Object.isFrozen(e)
- ? r(e)
- : e
+ return !!n && (n.endsWithParent || e(n.starts));
+ })(e)
+ ? r(e, { starts: e.starts ? r(e.starts) : null })
+ : Object.isFrozen(e)
+ ? r(e)
+ : e
);
})("self" === e ? s : e);
}),
@@ -847,8 +847,8 @@ var hljs = (function () {
? "
"
: e
: f.tabReplace
- ? e.replace(/\t/g, f.tabReplace)
- : e,
+ ? e.replace(/\t/g, f.tabReplace)
+ : e,
)
: e;
}
diff --git a/flake.lock b/flake.lock
index dd81bca..b8770dc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -78,11 +78,11 @@
]
},
"locked": {
- "lastModified": 1704982712,
- "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
+ "lastModified": 1706830856,
+ "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "07f6395285469419cf9d078f59b5b49993198c00",
+ "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
"type": "github"
},
"original": {
@@ -161,11 +161,11 @@
]
},
"locked": {
- "lastModified": 1705446327,
- "narHash": "sha256-n7FCuAR2BI1SvLjF6eFc8VE6WLZCMlbToyfqU2ihbkU=",
+ "lastModified": 1707029945,
+ "narHash": "sha256-GA6IOAKouQlTbile9PvAa3UUh7s5mi6NsZMX8lpgozg=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "16cefa78cc801911ebd4ff1faddc6280ab3c9228",
+ "rev": "230836bb7ca318aec7bad8442954da611d06a172",
"type": "github"
},
"original": {
@@ -325,16 +325,16 @@
"nixpkgs": [
"nixpkgs"
],
- "nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
+ "nixpkgs-23_11": "nixpkgs-23_11",
"utils": "utils"
},
"locked": {
- "lastModified": 1703666786,
- "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
+ "lastModified": 1706742486,
+ "narHash": "sha256-sv/MISTeD0rqeVivpZJpynboMWJp6i62OmrZX1rGl38=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
- "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
+ "rev": "9e36323ae3dde787f761420465c3ae560f3dbf29",
"type": "gitlab"
},
"original": {
@@ -344,6 +344,18 @@
"type": "gitlab"
}
},
+ "nixos-patch-mastodon-cve": {
+ "flake": false,
+ "locked": {
+ "narHash": "sha256-KMGXcNxYx5L7JEBc9j62hI9Ag879PsZtQiPU13tGBgY=",
+ "type": "file",
+ "url": "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/285558.patch"
+ },
+ "original": {
+ "type": "file",
+ "url": "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/285558.patch"
+ }
+ },
"nixos-patch-nat": {
"flake": false,
"locked": {
@@ -386,33 +398,33 @@
"type": "indirect"
}
},
- "nixpkgs-22_11": {
+ "nixpkgs-23_05": {
"locked": {
- "lastModified": 1669558522,
- "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
+ "lastModified": 1704290814,
+ "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
+ "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github"
},
"original": {
"id": "nixpkgs",
- "ref": "nixos-22.11",
+ "ref": "nixos-23.05",
"type": "indirect"
}
},
- "nixpkgs-23_05": {
+ "nixpkgs-23_11": {
"locked": {
- "lastModified": 1684782344,
- "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
+ "lastModified": 1706098335,
+ "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
+ "rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
"type": "github"
},
"original": {
"id": "nixpkgs",
- "ref": "nixos-23.05",
+ "ref": "nixos-23.11",
"type": "indirect"
}
},
@@ -434,11 +446,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1705316053,
- "narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
+ "lastModified": 1706732774,
+ "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
+ "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
"type": "github"
},
"original": {
@@ -467,11 +479,11 @@
]
},
"locked": {
- "lastModified": 1705229514,
- "narHash": "sha256-itILy0zimR/iyUGq5Dgg0fiW8plRDyxF153LWGsg3Cw=",
+ "lastModified": 1706424699,
+ "narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
- "rev": "ffa9a5b90b0acfaa03b1533b83eaf5dead819a05",
+ "rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
"type": "github"
},
"original": {
@@ -515,6 +527,7 @@
"meshagent_aarch64": "meshagent_aarch64",
"meshagent_x86_64": "meshagent_x86_64",
"nixos-mailserver": "nixos-mailserver",
+ "nixos-patch-mastodon-cve": "nixos-patch-mastodon-cve",
"nixos-patch-nat": "nixos-patch-nat",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable",
@@ -588,8 +601,8 @@
"src-garuda-website": {
"flake": false,
"locked": {
- "lastModified": 1704937455,
- "narHash": "sha256-DMmGd0opOAIn/luhbCV7yJc6sPPRsMXi9VrR24ClRb8=",
+ "lastModified": 1706592585,
+ "narHash": "sha256-V3sVHkST0cNW0KJFTlzhV8r1TGv1d9RhrNtiVmyINXE=",
"type": "tarball",
"url": "https://gitlab.com/garuda-linux/website/garuda/-/archive/master/garuda-master.tar.gz"
},
diff --git a/flake.nix b/flake.nix
index 9a261ae..c422471 100644
--- a/flake.nix
+++ b/flake.nix
@@ -91,6 +91,8 @@
# Patches for nixos, automatically applied if they follow this format
nixos-patch-nat.url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/277016.patch";
nixos-patch-nat.flake = false;
+ nixos-patch-mastodon-cve.url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/285558.patch";
+ nixos-patch-mastodon-cve.flake = false;
# Common input
systems.url = "github:nix-systems/default";
@@ -175,6 +177,7 @@
{ package = "rsync"; }
{ package = "commitizen"; }
{ package = "manix"; }
+ { package = "nodePackages.prettier"; }
{ package = "nixos-install-tools"; }
{ package = "pre-commit"; }
{
diff --git a/nixos/hosts/chaotic-kde.nix b/nixos/hosts/chaotic-kde.nix
index 62403af..d3e2c06 100644
--- a/nixos/hosts/chaotic-kde.nix
+++ b/nixos/hosts/chaotic-kde.nix
@@ -23,7 +23,7 @@
export NO_PROXY=mirror.rackspace.com,cloudflaremirrors.com,github.com,downloads.sentry-cdn.com
'';
services.chaotic.db-name = "chaotic-aur-kde";
- services.chaotic.routines = [ "hourly" "nightly" "afternoon" ];
+ services.chaotic.routines = [ "hourly" ];
services.chaotic.patches = [ ../services/chaotic/add-chaotic-repo.diff ../services/chaotic/prepend-repo.diff ];
services.chaotic.useACMEHost = "garudalinux.org";
diff --git a/nixos/hosts/immortalis.nix b/nixos/hosts/immortalis.nix
index d85fa0c..31ec236 100644
--- a/nixos/hosts/immortalis.nix
+++ b/nixos/hosts/immortalis.nix
@@ -39,43 +39,43 @@
ipv6.addresses = [
# Random outgoing
{
- address = "2a01:4f8:2200:30ac:3f42:e489:0fd1:8f7c";
+ address = "2a01:4f8:2200:30ac:9141:5338:3bbe:e6e4";
prefixLength = 64;
}
{
- address = "2a01:4f8:2200:30ac:ac70:d528:c670:6706";
+ address = "2a01:4f8:2200:30ac:b22c:1fcb:0ed0:4093";
prefixLength = 64;
}
{
- address = "2a01:4f8:2200:30ac:d8a4:d4ea:b263:8ecb";
+ address = "2a01:4f8:2200:30ac:7436:3445:712f:915a";
prefixLength = 64;
}
{
- address = "2a01:4f8:2200:30ac:a4e4:e8a6:113d:3c08";
+ address = "2a01:4f8:2200:30ac:1030:64db:7964:daeb";
prefixLength = 64;
}
{
- address = "2a01:4f8:2200:30ac:6704:a83f:55a9:3b15";
+ address = "2a01:4f8:2200:30ac:d98e:f81f:2d83:dd05";
prefixLength = 64;
}
{
- address = "2a01:4f8:2200:30ac:204c:d50a:a6f9:5af2";
+ address = "2a01:4f8:2200:30ac:a6a9:0a27:8387:9f03";
prefixLength = 64;
}
{
- address = "2a01:4f8:2200:30ac:353d:9cad:a1c5:5cdc";
+ address = "2a01:4f8:2200:30ac:06eb:ea0c:a8bb:76bc";
prefixLength = 64;
}
{
- address = "2a01:4f8:2200:30ac:b318:cd86:ac61:3896";
+ address = "2a01:4f8:2200:30ac:0b38:23e4:b6ad:89cd";
prefixLength = 64;
}
{
- address = "2a01:4f8:2200:30ac:95ec:f288:bf30:e392";
+ address = "2a01:4f8:2200:30ac:393b:4c26:9160:9afa";
prefixLength = 64;
}
{
- address = "2a01:4f8:2200:30ac:36ad:dde6:7a40:06cb";
+ address = "2a01:4f8:2200:30ac:1710:8521:9602:ab81";
prefixLength = 64;
}
];
@@ -112,13 +112,6 @@
proto = "tcp";
sourcePort = 8448;
}
- {
- # repo (SSH)
- destination = "10.0.5.30:22";
- loopbackIPs = [ "116.202.208.112" ];
- proto = "tcp";
- sourcePort = 223;
- }
{
# iso-runner (SSH)
destination = "10.0.5.40:22";
@@ -250,29 +243,29 @@
# Invalid IP
tcp_outgoing_address 10.254.254.254
- tcp_outgoing_address 2a01:4f8:2200:30ac:3f42:e489:0fd1:8f7c tenth
- tcp_outgoing_address 2a01:4f8:2200:30ac:ac70:d528:c670:6706 ninth
- tcp_outgoing_address 2a01:4f8:2200:30ac:d8a4:d4ea:b263:8ecb eighth
- tcp_outgoing_address 2a01:4f8:2200:30ac:a4e4:e8a6:113d:3c08 seventh
- tcp_outgoing_address 2a01:4f8:2200:30ac:6704:a83f:55a9:3b15 sixth
- tcp_outgoing_address 2a01:4f8:2200:30ac:204c:d50a:a6f9:5af2 fifth
- tcp_outgoing_address 2a01:4f8:2200:30ac:353d:9cad:a1c5:5cdc fourth
- tcp_outgoing_address 2a01:4f8:2200:30ac:b318:cd86:ac61:3896 third
- tcp_outgoing_address 2a01:4f8:2200:30ac:95ec:f288:bf30:e392 half
- tcp_outgoing_address 2a01:4f8:2200:30ac:36ad:dde6:7a40:06cb
+ tcp_outgoing_address 2a01:4f8:2200:30ac:9141:5338:3bbe:e6e4 tenth
+ tcp_outgoing_address 2a01:4f8:2200:30ac:b22c:1fcb:0ed0:4093 ninth
+ tcp_outgoing_address 2a01:4f8:2200:30ac:7436:3445:712f:915a eighth
+ tcp_outgoing_address 2a01:4f8:2200:30ac:1030:64db:7964:daeb seventh
+ tcp_outgoing_address 2a01:4f8:2200:30ac:d98e:f81f:2d83:dd05 sixth
+ tcp_outgoing_address 2a01:4f8:2200:30ac:a6a9:0a27:8387:9f03 fifth
+ tcp_outgoing_address 2a01:4f8:2200:30ac:06eb:ea0c:a8bb:76bc fourth
+ tcp_outgoing_address 2a01:4f8:2200:30ac:0b38:23e4:b6ad:89cd third
+ tcp_outgoing_address 2a01:4f8:2200:30ac:393b:4c26:9160:9afa half
+ tcp_outgoing_address 2a01:4f8:2200:30ac:1710:8521:9602:ab81
# Invalid IP
udp_outgoing_address 10.254.254.254
- udp_outgoing_address 2a01:4f8:2200:30ac:3f42:e489:0fd1:8f7c tenth
- udp_outgoing_address 2a01:4f8:2200:30ac:ac70:d528:c670:6706 ninth
- udp_outgoing_address 2a01:4f8:2200:30ac:d8a4:d4ea:b263:8ecb eighth
- udp_outgoing_address 2a01:4f8:2200:30ac:a4e4:e8a6:113d:3c08 seventh
- udp_outgoing_address 2a01:4f8:2200:30ac:6704:a83f:55a9:3b15 sixth
- udp_outgoing_address 2a01:4f8:2200:30ac:204c:d50a:a6f9:5af2 fifth
- udp_outgoing_address 2a01:4f8:2200:30ac:353d:9cad:a1c5:5cdc fourth
- udp_outgoing_address 2a01:4f8:2200:30ac:b318:cd86:ac61:3896 third
- udp_outgoing_address 2a01:4f8:2200:30ac:95ec:f288:bf30:e392 half
- udp_outgoing_address 2a01:4f8:2200:30ac:36ad:dde6:7a40:06cb
+ udp_outgoing_address 2a01:4f8:2200:30ac:9141:5338:3bbe:e6e4 tenth
+ udp_outgoing_address 2a01:4f8:2200:30ac:b22c:1fcb:0ed0:4093 ninth
+ udp_outgoing_address 2a01:4f8:2200:30ac:7436:3445:712f:915a eighth
+ udp_outgoing_address 2a01:4f8:2200:30ac:1030:64db:7964:daeb seventh
+ udp_outgoing_address 2a01:4f8:2200:30ac:d98e:f81f:2d83:dd05 sixth
+ udp_outgoing_address 2a01:4f8:2200:30ac:a6a9:0a27:8387:9f03 fifth
+ udp_outgoing_address 2a01:4f8:2200:30ac:06eb:ea0c:a8bb:76bc fourth
+ udp_outgoing_address 2a01:4f8:2200:30ac:0b38:23e4:b6ad:89cd third
+ udp_outgoing_address 2a01:4f8:2200:30ac:393b:4c26:9160:9afa half
+ udp_outgoing_address 2a01:4f8:2200:30ac:1710:8521:9602:ab81
# This does not rotate the logs, but asks squid to reopen the log file so that logrotate can rotate it
logfile_rotate 0
diff --git a/nixos/hosts/immortalis/containers.nix b/nixos/hosts/immortalis/containers.nix
index f4c16a5..be29379 100644
--- a/nixos/hosts/immortalis/containers.nix
+++ b/nixos/hosts/immortalis/containers.nix
@@ -271,23 +271,6 @@ in
};
ipAddress = "10.0.5.50";
};
- repo = {
- config = import ../repo.nix;
- extraOptions = {
- bindMounts = lib.mkMerge [{
- "garuda" = {
- hostPath = "/data_2/chaotic-aur/garuda";
- isReadOnly = false;
- mountPoint = "/srv/http/repos/garuda";
- };
- }
- chaotic_mounts];
- # Portforwarding happens via nat.forwardPorts so we
- # can access the container from within our own GitLab runner too
- };
- ipAddress = "10.0.5.30";
- needsNesting = true;
- };
temeraire = {
config = import ../temeraire.nix;
extraOptions = {
diff --git a/nixos/hosts/repo.nix b/nixos/hosts/repo.nix
deleted file mode 100644
index 1bbec58..0000000
--- a/nixos/hosts/repo.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{ pkgs
-, sources
-, ...
-}:
-let
- # Simple wrapper to dispatch SSH commands to NixOS
- chaotictrigger = pkgs.writeShellScriptBin "chaotictrigger" ''
- _PACKAGE=$(echo $SSH_ORIGINAL_COMMAND | cut -d' ' -f2)
- _BUILD_DIR=$(mktemp -d)
-
- case "$SSH_ORIGINAL_COMMAND" in
- "chaotictrigger routine")
- echo "Building a full routine.."
- chaotic -j 4 routine garuda || exit 1
- ;;
- "chaotictrigger "* )
- echo "Building $_PACKAGE in $_BUILD_DIR.."
- git clone https://gitlab.com/garuda-linux/pkgbuilds "$_BUILD_DIR"
- cd "$_BUILD_DIR"
- chaotic mkd "$_PACKAGE" || exit 2
- rm -rf "$_BUILD_DIR"
- ;;
- *)
- echo "Access only allowed for building purposes!"
- exit 666
- esac
- '';
-in
-{
- imports = sources.defaultModules ++ [ ../modules ];
-
- # Enable Chaotic-AUR building
- services.chaotic.enable = true;
- services.chaotic.cluster-name = "garuda-repo";
- services.chaotic.host = "repo.garudalinux.org";
- services.chaotic.extraConfig = ''
- export CAUR_DEPLOY_LABEL="Maximus 🐉"
- export CAUR_LOWER_PKGS+=(chaotic-mirrorlist chaotic-keyring)
- export CAUR_PACKAGER="Garuda Builder "
- export CAUR_SIGN_KEY=D6C9442437365605
- export CAUR_ROUTINES=/tmp/chaotic/routines
- export CAUR_SIGN_USER=root
- export CAUR_TELEGRAM_TAG="@dr460nf1r3"
-
- export GIT_SSH_COMMAND="ssh -i /var/garuda/secrets/chaotic/interfere_ed25519"
- export HTTP_PROXY=http://10.0.5.1:3128/
- export HTTPS_PROXY=http://10.0.5.1:3128/
- export NO_PROXY=mirror.rackspace.com,cloudflaremirrors.com,github.com,downloads.sentry-cdn.com
- '';
- services.chaotic.db-name = "garuda";
- services.chaotic.routines = [ "hourly" ];
- services.chaotic.patches = [ ../services/chaotic/add-chaotic-repo.diff ];
- services.chaotic.useACMEHost = "garudalinux.org";
-
- # Allow systemd-nspawn to create subcgroups (for Chaotic-AUR builders)
- systemd.services.remount-sysfscgroup = {
- description = "Remount cgroup2 to allow systemd-nspawn to create subcgroups";
- wantedBy = [ "multi-user.target" ];
- serviceConfig.Type = "oneshot";
- script = ''
- ${pkgs.mount}/bin/mount -t cgroup2 -o rw,nosuid,nodev,noexec,relatime none /sys/fs/cgroup
- '';
- };
-
- # Create locked down users for GitLab CI who can only access our wrapper
- users.users.gitlab = {
- isNormalUser = true;
- extraGroups = [ "chaotic_op" ];
- openssh.authorizedKeys.keys = [ "restrict,pty,command=\"${chaotictrigger}/bin/chaotictrigger\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7W5KtNH5nsjIHBN1zBwEc0BZMhg6HfFurMIJoWf39p" ];
- };
- users.users.package-deployer = {
- isNormalUser = true;
- extraGroups = [ "packaging" ];
- openssh.authorizedKeys.keys = [ "restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7W5KtNH5nsjIHBN1zBwEc0BZMhg6HfFurMIJoWf39p" ];
- };
- users.groups.packaging = { };
-
- system.stateVersion = "23.05";
-}
diff --git a/nixos/hosts/web-front.nix b/nixos/hosts/web-front.nix
index ac6cd8d..c8ce1d4 100644
--- a/nixos/hosts/web-front.nix
+++ b/nixos/hosts/web-front.nix
@@ -170,13 +170,6 @@ rec {
quic = true;
useACMEHost = "garudalinux.org";
};
- "repo.garudalinux.org" = {
- addSSL = true;
- http3 = true;
- locations = { "/" = { proxyPass = "http://10.0.5.30:80"; }; };
- quic = true;
- useACMEHost = "garudalinux.org";
- };
"start.garudalinux.org" = {
addSSL = true;
extraConfig = ''
diff --git a/playbooks/apply.yml b/playbooks/apply.yml
index a63645f..8f0a5c2 100644
--- a/playbooks/apply.yml
+++ b/playbooks/apply.yml
@@ -5,5 +5,5 @@
gather_facts: false
tasks:
- name: Build system
- ansible.builtin.command: nixos-rebuild switch
+ ansible.builtin.command: nixos-rebuild switch -j7
changed_when: false