Compare commits
7 Commits
f17f36bf61
...
1735e49157
Author | SHA1 | Date |
---|---|---|
Ryan Rix | 1735e49157 | |
Ryan Rix | bab132ad55 | |
Ryan Rix | 82b5a724dd | |
Ryan Rix | e05d51c871 | |
Ryan Rix | d52ebcd292 | |
Ryan Rix | 5b4e385006 | |
Ryan Rix | 1bff7c31a4 |
|
@ -0,0 +1,256 @@
|
||||||
|
:PROPERTIES:
|
||||||
|
:ID: 20221202T122017.620403
|
||||||
|
:ROAM_REFS: https://akkoma.dev/AkkomaGang/akkoma https://akkoma.social/
|
||||||
|
:END:
|
||||||
|
#+TITLE: Self-Hosting on the Fediverse with (Pleroma for now, eventually) Akkoma
|
||||||
|
#+FILETAGS: :Akkoma Social:
|
||||||
|
#+ARCOLOGY_KEY: cce/akkoma
|
||||||
|
|
||||||
|
Akkoma is a [[id:62538db5-d94a-47c3-9998-086ded91fd88][Fediverse]]/[[id:activitypub][ActivityPub]] server forked from [[roam:Pleroma]] written in [[id:cce/elixir][Elixir]], supporting the [[id:339daa8c-cc01-4654-aa89-330a4e62aafa][Mastodon Server]] API. This is a light-weight thing and I intend to self-publish to the Fediverse with an instance running on [[id:20211120T220054.226284][The Wobserver]].
|
||||||
|
|
||||||
|
* [[https://github.com/NixOS/nixpkgs/pull/192285][akkoma: init at 3.4.0 by illdefined · Pull Request #192285 · NixOS/nixpkgs]]
|
||||||
|
:PROPERTIES:
|
||||||
|
:ROAM_REF: [[https://github.com/NixOS/nixpkgs/pull/192285]]
|
||||||
|
:ID: 20221202T122230.525913
|
||||||
|
:END:
|
||||||
|
[2022-12-02 Fri 12:22]
|
||||||
|
|
||||||
|
* +Akkoma+ Pleroma on [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][NixOS]]
|
||||||
|
:PROPERTIES:
|
||||||
|
:ID: 20221202T122135.502628
|
||||||
|
:END:
|
||||||
|
:LOGBOOK:
|
||||||
|
CLOCK: [2022-12-02 Fri 12:22]--[2022-12-02 Fri 16:24] => 4:02
|
||||||
|
:END:
|
||||||
|
|
||||||
|
Akkoma is properly on its way to being integrated with NixOS through [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][nixpkgs]] in [[id:20221202T122230.525913][nixpkgs PR #192285]], but until then I will run pleroma after trying to get Akkoma to run in docker containers.
|
||||||
|
|
||||||
|
The [[https://docs.akkoma.dev/stable/installation/docker_en/][Docker installation]] instructions for Akkoma are built around [[roam:Docker Compose]] which is, fine, but I want to use my system [[id:cce/wobserver/postgres][PostgreSQL]] instead of one hidden in the Compose image so we'll have to do Some Work ourselves. I'll have to set up [[id:20221202T124113.404212][Docker on the Wobserver]] first...
|
||||||
|
|
||||||
|
This sucks though, i'll just wait for that nixos module and run Pleroma in the meantime. In theory it'll be easy enough to [[https://docs.akkoma.dev/stable/installation/migrating_to_akkoma/][migrate to akkoma]]...
|
||||||
|
|
||||||
|
It's not super complicated but we'll break it up in to multiple imports so that I can explain what is going on a bit:
|
||||||
|
|
||||||
|
#+ARROYO_NIXOS_ROLE: server
|
||||||
|
#+ARROYO_NIXOS_MODULE: nixos/akkoma.nix
|
||||||
|
#+AUTO_TANGLE: t
|
||||||
|
|
||||||
|
#+begin_src nix :tangle ~/arroyo-nix/nixos/akkoma.nix :noweb yes
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./akkoma-users.nix
|
||||||
|
./akkoma-statics.nix
|
||||||
|
./akkoma-frontends.nix
|
||||||
|
./akkoma-wobservability.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
services.postgresql.ensureDatabases = ["akkoma"];
|
||||||
|
# have to run psql for migrations to pass:
|
||||||
|
# ALTER DATABASE akkoma OWNER TO akkoma;
|
||||||
|
services.postgresql.ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "akkoma";
|
||||||
|
ensurePermissions = {
|
||||||
|
"DATABASE akkoma" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.services.pleroma.path = with pkgs; [exiftool ffmpeg imagemagick];
|
||||||
|
services.pleroma = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
# don't feel like needing to chown later on...
|
||||||
|
group = "akkoma";
|
||||||
|
user = "akkoma";
|
||||||
|
|
||||||
|
configs = [
|
||||||
|
''
|
||||||
|
<<initial-configuration>>
|
||||||
|
''
|
||||||
|
];
|
||||||
|
# manually populated
|
||||||
|
secretConfigFile = "/srv/akkoma/secrets.exs";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
** Initial =config.exs=
|
||||||
|
|
||||||
|
This configuration tells Pleroma that it's fine to be configured in the =admin-fe= interface and provides some defaults from the configuration generator:
|
||||||
|
|
||||||
|
#+begin_src elixir :noweb-ref initial-configuration
|
||||||
|
import Config
|
||||||
|
|
||||||
|
config :pleroma, Pleroma.Web.Endpoint,
|
||||||
|
url: [host: "notes.whatthefuck.computer", scheme: "https", port: 443],
|
||||||
|
http: [ip: {127, 0, 0, 1}, port: 4000]
|
||||||
|
|
||||||
|
config :pleroma, :instance,
|
||||||
|
name: "Computers :(",
|
||||||
|
email: "fedi@whatthefuck.computer",
|
||||||
|
notify_email: "fedi@whatthefuck.computer",
|
||||||
|
limit: 5000,
|
||||||
|
registrations_open: false
|
||||||
|
|
||||||
|
config :pleroma, :media_proxy,
|
||||||
|
enabled: false,
|
||||||
|
redirect_on_failure: true
|
||||||
|
|
||||||
|
config :pleroma, :database, rum_enabled: false
|
||||||
|
config :pleroma, :instance, static_dir: "/srv/akkoma/static"
|
||||||
|
config :pleroma, Pleroma.Uploaders.Local, uploads: "/srv/akkoma/uploads"
|
||||||
|
|
||||||
|
# Enable Strict-Transport-Security once SSL is working:
|
||||||
|
# config :pleroma, :http_security,
|
||||||
|
# sts: true
|
||||||
|
|
||||||
|
config :pleroma, configurable_from_database: true
|
||||||
|
|
||||||
|
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.Exiftool, Pleroma.Upload.Filter.Dedupe]
|
||||||
|
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
** System Users
|
||||||
|
|
||||||
|
I really would like to manage my uids and gids better, but alas.
|
||||||
|
|
||||||
|
#+begin_src nix :tangle ~/arroyo-nix/nixos/akkoma-users.nix
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
ids.uids.akkoma = 901;
|
||||||
|
ids.gids.akkoma = 901;
|
||||||
|
|
||||||
|
users.groups.akkoma = {
|
||||||
|
gid = config.ids.gids.akkoma;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.akkoma = {
|
||||||
|
group = "akkoma";
|
||||||
|
uid = config.ids.uids.akkoma;
|
||||||
|
shell = "${pkgs.bash}/bin/bash";
|
||||||
|
isSystemUser = true;
|
||||||
|
# ugh... services.pleroma.stateDir is readonly
|
||||||
|
home = "/var/lib/pleroma";
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
** Static Files
|
||||||
|
|
||||||
|
I could just splat this on to the filesystem but no harm in having it in the Nix store:
|
||||||
|
|
||||||
|
#+begin_src html :noweb-ref tos
|
||||||
|
<p>
|
||||||
|
Now look; this is a single-user
|
||||||
|
instance. <a href="https://notes.whatthefuck.computer/rrix">rrix</a>
|
||||||
|
posts inane bullshit here. Look at their profile if you care about
|
||||||
|
what is going on here.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This is a Pleroma instance. Not because I want it to be but because
|
||||||
|
Akkoma isn't natively packaged in NixOS yet.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<ul>
|
||||||
|
<li>I'm not a fascist.</li>
|
||||||
|
<li>I'm not a cop.</li>
|
||||||
|
<li>I'm not a narc.</li>
|
||||||
|
<li>I'm not a racist.</li>
|
||||||
|
<li>I'm not a transphobe.</li>
|
||||||
|
<li>I'm not gonna put up with bullshit.</li>
|
||||||
|
<li>I'm just a little computer goblin who wants to self-host.</li>
|
||||||
|
</ul>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If you care about the privacy policy if this instance, don't
|
||||||
|
federate with it. rrix is a consummate privacy professional, but
|
||||||
|
they're also just one person. I have no intention to do anything
|
||||||
|
untoward with posts federated to my instance, nor engage in
|
||||||
|
non-standard behavior on the fediverse. At the same time, I'm likely
|
||||||
|
not going to be able to go up against government requests for data
|
||||||
|
stored on this instace. As of [2022-12-04] this instance has not
|
||||||
|
been compelled to give data to any government or law enforcement
|
||||||
|
agency and has not done so voluntarily. I'm just one homie hanging
|
||||||
|
out making posts with my friends and trying to make new ones, and
|
||||||
|
you're here reading this. What's up?
|
||||||
|
</p>
|
||||||
|
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
#+begin_src nix :tangle ~/arroyo-nix/nixos/akkoma-statics.nix :noweb yes
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
system.activationScripts = let
|
||||||
|
tos = pkgs.writeTextFile {
|
||||||
|
name="pleroma-terms-of-service";
|
||||||
|
text = ''
|
||||||
|
<<tos>>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
install-pleroma-tos.text = ''
|
||||||
|
export DEST_DIR=/srv/akkoma/static/
|
||||||
|
mkdir -p $DEST_DIR
|
||||||
|
ln -sf ${tos} $DEST_DIR/terms-of-service.html
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
** Nginx Frontend for Akkoma
|
||||||
|
|
||||||
|
Nothing special here -- I have it split in to two blocks here because one of my old iterations of [[id:1d917282-ecf4-4d4c-ba49-628cbb4bb8cc][The Arcology Project]] used this domain to host short-form [[id:fa6cee69-dca0-45f5-ae9e-b71cad3702a6][IndieWeb]]/microformat notes. The old files still exist and can be resolved in the =try_files= block, and any failures will proxy through to the app backend. I also adjust the max body size for image uploads, etc. I might replace that with S3 in the future but for now the images can just go on to the file system.
|
||||||
|
|
||||||
|
#+begin_src nix :tangle ~/arroyo-nix/nixos/akkoma-frontends.nix
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.nginx.virtualHosts."notes.whatthefuck.computer" = {
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size 100M;
|
||||||
|
'';
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
try_files $uri @proxy;
|
||||||
|
'';
|
||||||
|
locations."@proxy" = {
|
||||||
|
proxyPass = "http://127.0.0.1:4000";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
** [[id:20220101T190353.843667][Wobservability]]
|
||||||
|
|
||||||
|
I would like to have some usage metrics emitted, this is just service-level stuff:
|
||||||
|
|
||||||
|
Enable =Pleroma.Web.Endpoint.MetricsExporter= in settings.
|
||||||
|
|
||||||
|
#+begin_src nix :tangle ~/arroyo-nix/nixos/akkoma-wobservability.nix
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.prometheus.scrapeConfigs = [
|
||||||
|
{
|
||||||
|
job_name = "akkoma";
|
||||||
|
metrics_path = "/api/pleroma/app_metrics";
|
||||||
|
static_configs = [{ targets = [ "127.0.0.1:4000" ]; }];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
#+end_src
|
|
@ -17,7 +17,8 @@
|
||||||
#+begin_src nix :tangle ~/arroyo-nix/hm/applications.nix :noweb yes
|
#+begin_src nix :tangle ~/arroyo-nix/hm/applications.nix :noweb yes
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let mkNixGLWrapper = pkgs.lib.mkNixGLWrapper;
|
with pkgs;
|
||||||
|
let mkNixGLWrapper = lib.mkNixGLWrapper;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
programs.htop = {
|
programs.htop = {
|
||||||
|
@ -41,16 +42,16 @@ in
|
||||||
"x-scheme-handler/sgnl" = ["signal-desktop.desktop"];
|
"x-scheme-handler/sgnl" = ["signal-desktop.desktop"];
|
||||||
};
|
};
|
||||||
|
|
||||||
home.file.".config/autostart/cantata.desktop".source = "${pkgs.cantata}/share/applications/cantata.desktop";
|
home.file.".config/autostart/cantata.desktop".source = "${cantata}/share/applications/cantata.desktop";
|
||||||
home.file.".config/autostart/signal-desktop.desktop".source = "${pkgs.signal-desktop}/share/applications/signal-desktop.desktop";
|
home.file.".config/autostart/signal-desktop.desktop".source = "${signal-desktop}/share/applications/signal-desktop.desktop";
|
||||||
home.file.".config/autostart/discord.desktop".source = "${pkgs.discord}/share/applications/discord.desktop";
|
home.file.".config/autostart/discord.desktop".source = "${discord}/share/applications/discord.desktop";
|
||||||
home.file.".config/autostart/element-desktop.desktop".source = "${pkgs.element-desktop}/share/applications/element-desktop.desktop";
|
home.file.".config/autostart/element-desktop.desktop".source = "${element-desktop}/share/applications/element-desktop.desktop";
|
||||||
|
|
||||||
home.packages = [
|
home.packages = [
|
||||||
pkgs.ktorrent
|
ktorrent
|
||||||
(mkNixGLWrapper {
|
(mkNixGLWrapper {
|
||||||
name = "calibre";
|
name = "calibre";
|
||||||
pkg = (pkgs.calibre.override { unrarSupport = true; });
|
pkg = (calibre.override { unrarSupport = true; });
|
||||||
})
|
})
|
||||||
(mkNixGLWrapper { name="gimp"; })
|
(mkNixGLWrapper { name="gimp"; })
|
||||||
(mkNixGLWrapper { name="obs-studio"; })
|
(mkNixGLWrapper { name="obs-studio"; })
|
||||||
|
@ -66,46 +67,46 @@ in
|
||||||
(mkNixGLWrapper { name="signal-desktop"; })
|
(mkNixGLWrapper { name="signal-desktop"; })
|
||||||
# (mkNixGLWrapper { name="tdesktop"; }) # telegram-desktop
|
# (mkNixGLWrapper { name="tdesktop"; }) # telegram-desktop
|
||||||
|
|
||||||
pkgs.pavucontrol
|
pavucontrol
|
||||||
(mkNixGLWrapper { name="vlc"; })
|
(mkNixGLWrapper { name="vlc"; })
|
||||||
pkgs.youtube-dl
|
youtube-dl
|
||||||
pkgs.transmission-remote-gtk
|
transmission-remote-gtk
|
||||||
|
|
||||||
pkgs.cataclysm-dda
|
cataclysm-dda
|
||||||
(mkNixGLWrapper { name="runelite"; })
|
(mkNixGLWrapper { name="runelite"; })
|
||||||
|
|
||||||
pkgs.virt-manager
|
virt-manager
|
||||||
pkgs.libvirt
|
libvirt
|
||||||
pkgs.zbar
|
zbar
|
||||||
|
|
||||||
pkgs.plasma5Packages.qttools
|
plasma5Packages.qttools
|
||||||
|
|
||||||
pkgs.plasma5Packages.kontact
|
plasma5Packages.kontact
|
||||||
pkgs.plasma5Packages.kaccounts-integration
|
plasma5Packages.kaccounts-integration
|
||||||
pkgs.plasma5Packages.akonadi
|
plasma5Packages.akonadi
|
||||||
pkgs.plasma5Packages.akonadiconsole
|
plasma5Packages.akonadiconsole
|
||||||
pkgs.plasma5Packages.kdepim-runtime
|
plasma5Packages.kdepim-runtime
|
||||||
pkgs.plasma5Packages.kdepim-addons
|
plasma5Packages.kdepim-addons
|
||||||
pkgs.okteta
|
okteta
|
||||||
|
|
||||||
pkgs.plasma5Packages.kteatime
|
plasma5Packages.kteatime
|
||||||
|
|
||||||
(mkNixGLWrapper { name="endless-sky"; })
|
(mkNixGLWrapper { name="endless-sky"; })
|
||||||
pkgs.crawlTiles
|
crawlTiles
|
||||||
|
|
||||||
(mkNixGLWrapper { name="zoom-us"; })
|
(mkNixGLWrapper { name="zoom-us"; })
|
||||||
|
|
||||||
(mkNixGLWrapper { name="stellarium"; })
|
(mkNixGLWrapper { name="stellarium"; })
|
||||||
pkgs.kstars
|
kstars
|
||||||
|
|
||||||
pkgs.heroku
|
heroku
|
||||||
|
|
||||||
pkgs.graphviz
|
graphviz
|
||||||
|
|
||||||
# calibre de-drm plugin for kobo
|
# calibre de-drm plugin for kobo
|
||||||
# (pkgs.stdenv.mkDerivation {
|
# (stdenv.mkDerivation {
|
||||||
# name = "calibre_obok_dedrm";
|
# name = "calibre_obok_dedrm";
|
||||||
# src = pkgs.fetchFromGitHub {
|
# src = fetchFromGitHub {
|
||||||
# # https://github.com/lalmeras/DeDRM_tools/blob/Python3/make_release.py
|
# # https://github.com/lalmeras/DeDRM_tools/blob/Python3/make_release.py
|
||||||
# owner = "lalmeras";
|
# owner = "lalmeras";
|
||||||
# repo = "DeDRM_tools";
|
# repo = "DeDRM_tools";
|
||||||
|
@ -114,14 +115,17 @@ in
|
||||||
# };
|
# };
|
||||||
# installPhase = ''
|
# installPhase = ''
|
||||||
# export SOURCE_DATE_EPOCH=315532800;
|
# export SOURCE_DATE_EPOCH=315532800;
|
||||||
# ${pkgs.python3}/bin/python3 make_release.py Python3
|
# ${python3}/bin/python3 make_release.py Python3
|
||||||
# '';
|
# '';
|
||||||
# })
|
# })
|
||||||
pkgs.zip
|
] +++ [
|
||||||
pkgs.unzip
|
zip
|
||||||
pkgs.bind.dnsutils
|
unzip
|
||||||
|
bind.dnsutils
|
||||||
|
|
||||||
pkgs.cmark-gfm
|
cmark-gfm
|
||||||
|
|
||||||
|
file
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
|
@ -0,0 +1,77 @@
|
||||||
|
:PROPERTIES:
|
||||||
|
:ID: 20221211T141924.762816
|
||||||
|
:ROAM_REFS: https://drawingbotv3.ollielansdell.co.uk/ https://github.com/SonarSonic/DrawingBotV3/
|
||||||
|
:END:
|
||||||
|
#+TITLE: DrawingBot
|
||||||
|
#+FILETAGS: :Software:CCE:
|
||||||
|
|
||||||
|
#+begin_quote
|
||||||
|
DrawingBotV3 is a software for converting images to line drawings for Plotters / Drawing Machines / 3D printers. It also serves as an application for visual artists to create stylised line drawings from images / video
|
||||||
|
#+end_quote
|
||||||
|
|
||||||
|
* DrawingBot V3 on NixOS
|
||||||
|
|
||||||
|
#+ARROYO_HOME_MODULE: hm/drawingbot.nix
|
||||||
|
#+ARROYO_NIXOS_ROLE: endpoint
|
||||||
|
#+AUTO_TANGLE: t
|
||||||
|
|
||||||
|
DrawingBot uses JavaFX and is distributed as a JAR, rpm, deb, windows... The Premium version is just shoved in to my [[id:cce/syncthing][Syncthing]] directory and is provided in an override in [[id:20221021T121120.541960][rixpkgs]]. It should work just fine with the free/libre version which is =lib.license.gplv3=, but I use the proprietary version.
|
||||||
|
|
||||||
|
#+begin_src nix :tangle ~/arroyo-nix/pkgs/drawingbot.nix
|
||||||
|
{ pkgs,
|
||||||
|
name ? "drawingbotv3-free",
|
||||||
|
... }:
|
||||||
|
|
||||||
|
with pkgs;
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
inherit name;
|
||||||
|
version = "1.5.0-beta";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://github.com/SonarSonic/DrawingBotV3/releases/download/v${version}-free/DrawingBotV3-Free-${version}-all.jar";
|
||||||
|
sha256 = lib.fakeSha256;
|
||||||
|
};
|
||||||
|
nativeBuildInputs = [ wrapGAppsHook gtk3 ];
|
||||||
|
|
||||||
|
dontUnpack = true;
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
runHook preInstall
|
||||||
|
|
||||||
|
mkdir -p $out/share/java/
|
||||||
|
cp $src $out/share/java/${name}-${version}.jar
|
||||||
|
|
||||||
|
makeWrapper ${jre}/bin/java $out/bin/${name} \
|
||||||
|
''${gappsWrapperArgs[@]} \
|
||||||
|
--add-flags "-jar $out/share/java/${name}-${version}.jar"
|
||||||
|
|
||||||
|
runHook postInstall
|
||||||
|
'';
|
||||||
|
|
||||||
|
desktopItems = [
|
||||||
|
(makeDesktopItem {
|
||||||
|
inherit name;
|
||||||
|
exec = name;
|
||||||
|
comment = "Software for converting images to line drawings for Plotters / Drawing Machines / 3D printers";
|
||||||
|
desktopName = "DrawingBot V3";
|
||||||
|
categories = [ "Graphics" ];
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
homepage = "https://github.com/SonarSonic/DrawingBotV3";
|
||||||
|
description = "DrawingBotV3 is a software for converting images to line drawings";
|
||||||
|
license = lib.licenses.gplv3;
|
||||||
|
maintainers = with lib.maintainers; [ rrix ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
#+begin_src nix :tangle ~/arroyo-nix/hm/drawingbot.nix
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
home.packages = [ pkgs.drawingbot-premium ];
|
||||||
|
}
|
||||||
|
#+end_src
|
|
@ -0,0 +1,84 @@
|
||||||
|
:PROPERTIES:
|
||||||
|
:ID: 20221130T103851.207871
|
||||||
|
:END:
|
||||||
|
#+TITLE: Gitea on NixOS
|
||||||
|
#+FILETAGS: :CCE:NixOS:Wobserver:
|
||||||
|
|
||||||
|
#+ARROYO_NIXOS_MODULE: nixos/gitea.nix
|
||||||
|
#+ARROYO_NIXOS_ROLE: server
|
||||||
|
|
||||||
|
#+AUTO_TANGLE: t
|
||||||
|
|
||||||
|
#+begin_src nix :tangle ~/arroyo-nix/nixos/gitea.nix
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
let cfg = config.services.gitea;
|
||||||
|
in {
|
||||||
|
services.postgresql.ensureDatabases = ["gitea"];
|
||||||
|
services.postgresql.ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "gitea";
|
||||||
|
ensurePermissions = {
|
||||||
|
"DATABASE gitea" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 2222 ];
|
||||||
|
|
||||||
|
services.gitea = {
|
||||||
|
enable = true;
|
||||||
|
appName = "rrix's code with a cup of tea";
|
||||||
|
stateDir = "/srv/gitea";
|
||||||
|
|
||||||
|
domain = "code.rix.si";
|
||||||
|
rootUrl = "https://code.rix.si";
|
||||||
|
|
||||||
|
httpAddress = "127.0.0.1";
|
||||||
|
httpPort = 3009;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
DISABLE_REGISTRATION = true;
|
||||||
|
START_SSH_SERVER = true;
|
||||||
|
SSH_LISTEN_PORT = 2222;
|
||||||
|
SSH_PORT = 2222;
|
||||||
|
ENABLE_GZIP = true;
|
||||||
|
LANDING_PAGE = "explore";
|
||||||
|
};
|
||||||
|
ui.DEFAULT_THEME = "arc-green";
|
||||||
|
session.COOKIE_SECURE = true;
|
||||||
|
federation.ENABLED = true;
|
||||||
|
metrics.ENABLED = true;
|
||||||
|
packages.ENABLED = false;
|
||||||
|
picture.ENABLE_FEDERATED_AVATAR = true;
|
||||||
|
time.DEFAULT_UI_LOCATION = config.time.timeZone;
|
||||||
|
};
|
||||||
|
|
||||||
|
database = {
|
||||||
|
socket = "/run/postgresql/";
|
||||||
|
type = "postgres";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.prometheus.scrapeConfigs = [
|
||||||
|
{
|
||||||
|
job_name = "gitea";
|
||||||
|
static_configs = [{ targets = ["${cfg.httpAddress}:${toString cfg.httpPort}"]; }];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."code.rix.si" = {
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${cfg.httpAddress}:${toString cfg.httpPort}";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
#+end_src
|
|
@ -160,10 +160,14 @@ I use [[https://letsencrypt.org/][Lets Encrypt]] for my DNS, I really like 'em.
|
||||||
|
|
||||||
** NEXT move afd.fontkeming.fail vhost to [[id:d7d936ab-781c-4e04-88bb-af65b23c6c43][Area Forecast Discussion]]
|
** NEXT move afd.fontkeming.fail vhost to [[id:d7d936ab-781c-4e04-88bb-af65b23c6c43][Area Forecast Discussion]]
|
||||||
|
|
||||||
** INPROGRESS plumb these through on fontkeming
|
** DONE plumb these through on fontkeming
|
||||||
:LOGBOOK:
|
:LOGBOOK:
|
||||||
|
- State "DONE" from "INPROGRESS" [2022-12-20 Tue 10:29]
|
||||||
- State "INPROGRESS" from "NEXT" [2022-11-12 Sat 21:19]
|
- State "INPROGRESS" from "NEXT" [2022-11-12 Sat 21:19]
|
||||||
:END:
|
:END:
|
||||||
|
|
||||||
|
need to finish up [[id:20220101T190353.843667][Wobserver Observability]] to migrate =home.rix.si=
|
||||||
|
|
||||||
* INPROGRESS virtualHosts
|
* INPROGRESS virtualHosts
|
||||||
:LOGBOOK:
|
:LOGBOOK:
|
||||||
- State "INPROGRESS" from "NEXT" [2022-11-12 Sat 20:01]
|
- State "INPROGRESS" from "NEXT" [2022-11-12 Sat 20:01]
|
||||||
|
|
10
nixos.org
10
nixos.org
|
@ -30,6 +30,16 @@ Nix is a [[id:a7420bb9-395f-4afa-92fb-8eaa0b8a4cd8][Tool]] for building [[id:0d9
|
||||||
(make-local-variable 'company-backends)
|
(make-local-variable 'company-backends)
|
||||||
(add-to-list 'company-backends 'company-nixos-options))))
|
(add-to-list 'company-backends 'company-nixos-options))))
|
||||||
(use-package nix-sandbox)
|
(use-package nix-sandbox)
|
||||||
|
|
||||||
|
(defun cce-find-nix-output-at-point ()
|
||||||
|
(interactive)
|
||||||
|
(->>
|
||||||
|
(nix-store-path-at-point)
|
||||||
|
(make-instance 'nix-store-path :path )
|
||||||
|
(nix-store-fill-data )
|
||||||
|
(nix-store-path-outputs )
|
||||||
|
(completing-read "Select an output" )
|
||||||
|
(find-file)))
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
#+begin_src yaml
|
#+begin_src yaml
|
||||||
|
|
|
@ -0,0 +1,56 @@
|
||||||
|
:PROPERTIES:
|
||||||
|
:ID: 20221202T124113.404212
|
||||||
|
:END:
|
||||||
|
#+TITLE: Docker Containers on the Wobserver
|
||||||
|
#+FILETAGS: :CCE:
|
||||||
|
|
||||||
|
I don't really *want* to use [[roam:Docker]], but it's the most-supported way to get some services etc running on my server. This is kind of the Minimum Viable Docker...
|
||||||
|
|
||||||
|
The =htpasswd= file was generated locally and then copied to the server so that it doesn't make it in to any =nix store=... It has to be done with =apacheHttpd='s =htpasswd= like so: =sudo -u docker-registry htpasswd -B /srv/docker-registry/htpasswd rrix=.
|
||||||
|
|
||||||
|
#+ARROYO_NIXOS_MODULE: nixos/wobserver-docker.nix
|
||||||
|
#+ARROYO_NIXOS_ROLE: server
|
||||||
|
#+AUTO_TANGLE: t
|
||||||
|
|
||||||
|
#+begin_src nix :tangle ~/arroyo-nix/nixos/wobserver-docker.nix
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.dockerRegistry;
|
||||||
|
in{
|
||||||
|
virtualisation.containers = {
|
||||||
|
registries.search = ["docker.fontkeming.fail" "docker.io"];
|
||||||
|
storage.settings = {
|
||||||
|
storage.driver = "zfs";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
|
||||||
|
services.dockerRegistry = {
|
||||||
|
enable = true;
|
||||||
|
enableGarbageCollect = true;
|
||||||
|
storagePath = "/srv/docker-registry/";
|
||||||
|
extraConfig = {
|
||||||
|
auth.htpasswd = {
|
||||||
|
realm = "basic-realm";
|
||||||
|
path = "/srv/docker-registry/htpasswd";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."docker.fontkeming.fail" = {
|
||||||
|
locations."/".proxyPass = "http://${cfg.listenAddress}:${toString cfg.port}";
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto https; # workaround for double-proxying https://github.com/distribution/distribution/issues/2862 ???
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size 1G;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
There's a question of whether to set =virtualisation.oci-containers.backend= to docker or use Podman -- I'm tempted to just leave this until I don't need to.
|
|
@ -1,5 +1,6 @@
|
||||||
:PROPERTIES:
|
:PROPERTIES:
|
||||||
:ID: 20220101T190353.843667
|
:ID: 20220101T190353.843667
|
||||||
|
:ROAM_ALIASES: Wobservability
|
||||||
:END:
|
:END:
|
||||||
#+title: Wobserver Observability
|
#+title: Wobserver Observability
|
||||||
#+filetags: :Project:Wobserver:Development:
|
#+filetags: :Project:Wobserver:Development:
|
||||||
|
@ -28,17 +29,48 @@ I need to set up alerts and dashboards for the most common operations, and I'd l
|
||||||
#+begin_src nix :tangle ~/arroyo-nix/nixos/wobservability.nix
|
#+begin_src nix :tangle ~/arroyo-nix/nixos/wobservability.nix
|
||||||
{ pkgs, config, ... }:
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
|
with pkgs.lib;
|
||||||
|
|
||||||
|
let mkStaticScrape =
|
||||||
|
(name: cfg:
|
||||||
|
let addr =
|
||||||
|
if hasAttr "listenAddr" cfg then
|
||||||
|
cfg.listenAddr
|
||||||
|
else
|
||||||
|
"localhost";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
job_name = name;
|
||||||
|
static_configs = [
|
||||||
|
{ targets = ["${addr}:${toString cfg.port}"]; }
|
||||||
|
];
|
||||||
|
}
|
||||||
|
);
|
||||||
|
in
|
||||||
rec {
|
rec {
|
||||||
services.prometheus = {
|
services.prometheus = {
|
||||||
|
enable = true;
|
||||||
retentionTime = "60d";
|
retentionTime = "60d";
|
||||||
# scrapConfigs = [];
|
webExternalUrl = "https://home.rix.si/prom";
|
||||||
listenAddress = "127.0.0.1";
|
listenAddress = "127.0.0.1";
|
||||||
exporters = {
|
scrapeConfigs = [
|
||||||
node = {
|
(mkStaticScrape "node" config.services.prometheus.exporters.node)
|
||||||
enable = true;
|
(mkStaticScrape "process" config.services.prometheus.exporters.process)
|
||||||
enabledCollectors = [ "systemd" ];
|
(mkStaticScrape "smartctl" config.services.prometheus.exporters.smartctl)
|
||||||
};
|
(mkStaticScrape "postgres" config.services.prometheus.exporters.postgres)
|
||||||
};
|
(mkStaticScrape "zfs" config.services.prometheus.exporters.zfs)
|
||||||
|
{
|
||||||
|
job_name = "octopi";
|
||||||
|
metrics_path = "/plugin/prometheus_exporter/metrics";
|
||||||
|
params.apikey = ["27816EF9BA5C43749A022573B0862C71"];
|
||||||
|
static_configs = [{ targets = ["octopi:80"]; }];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
job_name = "arcology";
|
||||||
|
static_configs = [{ targets = ["localhost:8000"]; }];
|
||||||
|
}
|
||||||
|
# gitea
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# services.prometheus.exporters.pihole = {};
|
# services.prometheus.exporters.pihole = {};
|
||||||
|
@ -46,6 +78,11 @@ rec {
|
||||||
# services.prometheus.exporters.nginxlog = {};
|
# services.prometheus.exporters.nginxlog = {};
|
||||||
# services.prometheus.exporters.unifi = {};
|
# services.prometheus.exporters.unifi = {};
|
||||||
|
|
||||||
|
services.prometheus.exporters.node = {
|
||||||
|
enable = true;
|
||||||
|
enabledCollectors = [ "systemd" ];
|
||||||
|
};
|
||||||
|
|
||||||
services.prometheus.exporters.process = {
|
services.prometheus.exporters.process = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.process_names = [
|
settings.process_names = [
|
||||||
|
@ -54,6 +91,10 @@ rec {
|
||||||
name = "{{.Matches.Wrapped}} {{ .Matches.Args }}";
|
name = "{{.Matches.Wrapped}} {{ .Matches.Args }}";
|
||||||
cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ];
|
cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
name = "{{.Matches.Command}}: {{ .Matches.Specialization }}";
|
||||||
|
cmdline = [ "(?P<Command>[a-zA-Z0-9\-_+]+): (?P<Specialization>.*)" ];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -84,6 +125,7 @@ rec {
|
||||||
http_addr = "127.0.0.1";
|
http_addr = "127.0.0.1";
|
||||||
http_port = 3000;
|
http_port = 3000;
|
||||||
root_url = "https://home.rix.si/grafana";
|
root_url = "https://home.rix.si/grafana";
|
||||||
|
serve_from_sub_path = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -105,11 +147,15 @@ rec {
|
||||||
|
|
||||||
services.nginx.virtualHosts."home.rix.si" = {
|
services.nginx.virtualHosts."home.rix.si" = {
|
||||||
locations."/prom" = {
|
locations."/prom" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}";
|
proxyPass = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
|
||||||
|
extraConfig = ''
|
||||||
|
auth_basic "closed site";
|
||||||
|
auth_basic_user_file /etc/nginx-htpasswd;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
locations."/grafana" = {
|
locations."/grafana" = {
|
||||||
proxyPass = "http://${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
|
proxyPass = "http://${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}/grafana";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in New Issue