flake.lock: bump

kommode/gitea: skip some parts in the dumps
oppdatere nettsiden
2025-09-20 18:59:35 +02:00 · 2025-09-10 11:27:44 +02:00 · 2025-09-08 13:59:41 +02:00 · 2025-09-08 12:20:09 +02:00 · 2025-09-04 00:02:58 +02:00 · 2025-09-03 23:48:22 +02:00
4 changed files with 74 additions and 33 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752113600,
-        "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=",
+        "lastModified": 1758287904,
+        "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "79264292b7e3482e5702932949de9cbb69fedf6d",
+        "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
        "type": "github"
      },
      "original": {
@@ -27,11 +27,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736621371,
-        "narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=",
+        "lastModified": 1758384693,
+        "narHash": "sha256-zakdGo9micgEXGiC5Uq0gE5GkHtX12qaRYLcstKPek4=",
        "ref": "refs/heads/main",
-        "rev": "3729796c1213fe76e568ac28f1df8de4e596950b",
-        "revCount": 20,
+        "rev": "5f6a462d87cbe25834e8f31283f39fb46c9c3561",
+        "revCount": 21,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
      },
@@ -48,11 +48,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1752258704,
-        "narHash": "sha256-pRK99+MCgkeVptbJxXhVMXIXl8uwSdkZDpQzFi3OgkA=",
+        "lastModified": 1758386174,
+        "narHash": "sha256-iNDxHSDdb/LlqDbqP9BcZd1QEmks4iYiyN34UhUizZ8=",
        "ref": "refs/heads/main",
-        "rev": "9ff525339b62855d53a44b4dc0154a33ac19e44d",
-        "revCount": 48,
+        "rev": "a21fdfe56743afc7de1fb14597711fbd97ddef76",
+        "revCount": 50,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
      },
@@ -159,11 +159,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1752439653,
-        "narHash": "sha256-mG27U2CFuggpAuozOu/4XAMKaOtJxzJVzdEemjQEBgg=",
-        "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8",
+        "lastModified": 1758363343,
+        "narHash": "sha256-TWem5ajoX0vD7j1v/cg3XU7GHWW10HRUQbZL++QNXLk=",
+        "rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.806304.dfcd5b901dba/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.810175.b2a3852bd078/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -172,11 +172,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1752439402,
-        "narHash": "sha256-xDfOnjnKStgsgcn9SFPgOV6qzwac4JvGKYyfR++49Pw=",
-        "rev": "b47d4f01d4213715a1f09b999bab96bb6a5b675e",
+        "lastModified": 1758361324,
+        "narHash": "sha256-uCqhgJlmxP3UmyCNZ21ucc5Ic0I2le3rA7+Q61UH1YA=",
+        "rev": "0f3383ef02bc092d2f82afa4e556743c6e6b74d6",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre829909.b47d4f01d421/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre864278.0f3383ef02bc/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -210,11 +210,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1755475409,
-        "narHash": "sha256-9nzP3rpYNWNXtGQnGUS+WjeDkhFiTOBwxoJL9bMi1w0=",
+        "lastModified": 1757332682,
+        "narHash": "sha256-4p4aVQWs7jHu3xb6TJlGik20lqbUU/Fc0/EHpzoRlO0=",
        "ref": "refs/heads/main",
-        "rev": "617a799ad8e365192084e51de25cb6f8260668ae",
-        "revCount": 511,
+        "rev": "da1113341ad9881d8d333d1e29790317bd7701e7",
+        "revCount": 518,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
      },
@@ -248,11 +248,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752201818,
-        "narHash": "sha256-d8KczaVT8WFEZdWg//tMAbv8EDyn2YTWcJvSY8gqKBU=",
+        "lastModified": 1758335443,
+        "narHash": "sha256-2jaGMj32IckpZgBjn7kG4zyJl66T+2A1Fn2ppkHh91o=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "bd8f8329780b348fedcd37b53dbbee48c08c496d",
+        "rev": "f1ccb14649cf87e48051a6ac3a571b4a57d84ff3",
        "type": "github"
      },
      "original": {
@@ -268,11 +268,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751606940,
-        "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
+        "lastModified": 1758007585,
+        "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
+        "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
        "type": "github"
      },
      "original": {
--- a/hosts/bicep/services/minecraft-heatmap.nix
+++ b/hosts/bicep/services/minecraft-heatmap.nix
@@ -7,6 +7,10 @@ in
    mode = "600";
  };

+  sops.secrets."minecraft-heatmap/postgres-passwd" = {
+    mode = "600";
+  };
+
  services.minecraft-heatmap = {
    enable = true;
    database = {
@@ -14,7 +18,7 @@ in
      port = 5432;
      name = "minecraft_heatmap";
      user = "minecraft_heatmap";
-      passwordFile = pkgs.writeText "minecraft-heatmap-password.txt" "1234";
+      passwordFile = config.sops.secrets."minecraft-heatmap/postgres-passwd".path;
    };
  };

--- a/hosts/kommode/services/gitea/default.nix
+++ b/hosts/kommode/services/gitea/default.nix
@@ -1,4 +1,4 @@
-{ config, values, lib, unstablePkgs, ... }:
+{ config, values, lib, pkgs, unstablePkgs, ... }:
 let
  cfg = config.services.gitea;
  domain = "git.pvv.ntnu.no";
@@ -159,8 +159,17 @@ in {

  environment.systemPackages = [ cfg.package ];

+  systemd.services.gitea.serviceConfig.Type = lib.mkForce "notify";
+
+  systemd.services.gitea.serviceConfig.WatchdogSec = "60";
+
  systemd.services.gitea.serviceConfig.CPUSchedulingPolicy = "batch";

+  systemd.services.gitea.serviceConfig.CacheDirectory = "gitea/repo-archive";
+  systemd.services.gitea.serviceConfig.BindPaths = [
+    "%C/gitea/repo-archive:${cfg.stateDir}/data/repo-archive"
+  ];
+
  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
@@ -184,4 +193,31 @@ in {
  };

  networking.firewall.allowedTCPPorts = [ sshPort ];
+
+  systemd.services.gitea-dump = {
+    serviceConfig.ExecStart = let
+      args = lib.cli.toGNUCommandLineShell { } {
+        type = cfg.dump.type;
+
+        # This should be declarative on nixos, no need to backup.
+        skip-custom-dir = true;
+
+        # This can be regenerated, no need to backup
+        skip-index = true;
+
+        # Logs are stored in the systemd journal
+        skip-log = true;
+      };
+    in lib.mkForce "${lib.getExe cfg.package} ${args}";
+
+    # Only keep n backup files at a time
+    postStop = let
+      cu = prog: "'${lib.getExe' pkgs.coreutils prog}'";
+      backupCount = 3;
+    in ''
+      for file in $(${cu "ls"} -t1 '${cfg.dump.backupDir}' | ${cu "sort"} --reverse | ${cu "tail"} -n+${toString (backupCount + 1)}); do
+        ${cu "rm"} "$file"
+      done
+      '';
+  };
 }
--- a/secrets/bicep/bicep.yaml
+++ b/secrets/bicep/bicep.yaml
@@ -6,6 +6,7 @@ mysql:
 gickup:
    github-token: ENC[AES256_GCM,data:H/yBDLIvEXunmaUha3c2vUWKLRIbl9QrC0t13AQDRCTnrvhabeiUFLNxZ/F+4B6sZ2aPSgZoB69WwnHvh1wLdiFp1qLWKW/jQPvzZOxE4n+jXrnSOutUWktbPzVj,iv:KFW4jRru93JIl9doVFtcNkJDWp89NlzWjPDflHxcL/U=,tag:YtgyRxkoZO9MkuP3DJh7zA==,type:str]
 minecraft-heatmap:
+    postgres-passwd: ENC[AES256_GCM,data:T8s9xct07AJ4/Z6MQjNrqZQq7FerHz8Op+ea8zO2MDLPWWgU7/hBfrr+T4sc1TgT3e5vtE0dVcqCSbZCZj+6zQ==,iv:prx6d8c92OvbL8IjBLAvi1Vqk69D6ZIkAp7E8CSljok=,tag:UA5YS4YwViYZJ2PWzIIM3g==,type:str]
    ssh-key:
        private: ENC[AES256_GCM,data:h9OtD6hxrxyokFDe9bveAkMICrs3YrsAEqg0RVHV+xCkgkNAdoh85wb1QI8FJ0tga4Bfq8ZxZTdMnexQvbYWL8m/N/P6gWoPPJd7dwGuxaUZu5lqngVuHIhH0yWFWtPXjQ0Zyl5Q1aBKyjzJMvJc/H2iprgVH4YFs/fWf/KDEp17Plvvz0AoPGPrOZErDmne4MtLbW3pUm1r5ACo/41OyXYwjHk1Ywgsoz1CMxe/DrmkADnf7jSDWL6Q0mz8hIIYi8GbToJS4BIJ2plttraxV9sqpIPzS/1jMERNchItlkCppSYIy/eohVmskP8dAySm5Z7HNGGtzWSSGLxq15xKc7OVFYPMI+B35nPnp1LVOUWqBHAqVo7dwxc3VXOlVat7AMknUZnr67d4TIIl5BOdy/rvAxzXS/fDV0zntIs5o3phKStVvq07eZFaOVva45B7Pyyn0PdBhHBt2JcBtm+Xtg9i3xvZdwQgbeeJRhnYgDqK6BVhmtTuirwp1GOyslqaFCjg0MJj+W+d8R9gbbfyFR6YrZQAkcd/o/yZGg86z7Phe18=,iv:nt/+qPBwPZKQt43VJ9FbKjLYioFwCxD7VK9WNCJCmpQ=,tag:MuDfnTiro3VVJq9x5rkEQg==,type:str]
        public: ENC[AES256_GCM,data:+fiCO8VRSmV7tmyweYSpZJMOuMORLHkWetYbr20aTQ1vRYr927nYGes4E464t+Dv9OyJPCLmHBdgt7UvxJWuC3pZE8iStnBYnej3D4ebMzi2SMfOkJjGuQSplXtl8QeAYe1YvROmtQ==,iv:thgGQUyWdXfwUt1E/vudoNjl8JjnksFd1rb/asTry+g=,tag:t1iQPocvfI+JafuJycaLuw==,type:str]
@@ -65,8 +66,8 @@ sops:
            cTh5bnJ3WW90aXRCSUp6NHFYeU1tZ0kK4afdtJwGNu6wLRI0fuu+mBVeqVeB0rgX
            0q5hwyzjiRnHnyjF38CmcGgydSfDRmF6P+WIMbCwXC6LwfRhAmBGPg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-22T17:54:32Z"
-    mac: ENC[AES256_GCM,data:lUcE2bwdgDAAEZWSe9At8Rx5ieixboxJNw7xkXfBRo4OgnU/zp6660lwc7Q9uVQBKZxmdx9BJsGeoWh6eehbTxfJYNhUbAJB/7hnkD2HTiBR/0nJAL9iixlXxehn85QhWZ3KXWQDU9l26X4saYIF3rWvGXlM8oSkoPsPluxGfG4=,iv:0m7LpwOort5mKB0jzd4qnwOACuj/aE+8AoXSuv6Nx/s=,tag:LqxCKFYq+flQ/b361ZZSqw==,type:str]
+    lastmodified: "2025-08-25T12:27:53Z"
+    mac: ENC[AES256_GCM,data:GoJ2en7e+D4wjyPJqq7i1s8JPdgFO3wcxrtXOgSKTxi6HTibuIcP4KQcKrCMRAZmXOEL1vpnWFA2uk7S00Av7/QOnzP0Zrk3aPBM6lbB+p9XSabN0sOe1UpZDtAM3bzvS9JZzyztT5nHKvO/eV2rP71y/tYbsT6yvj7Y9zxpvKg=,iv:tQiCr7zpo7g5jZpt2VD9jtFKo32XUWs94Jay+T4XWys=,tag:npBqmlbUUfN+ztttajva3w==,type:str]
    pgp:
        - created_at: "2024-08-04T00:03:40Z"
          enc: |-
Author	SHA1	Message	Date
h7x4	dbe9dbe6f4	flake.lock: bump	2025-09-20 18:59:35 +02:00
h7x4	2e75f31d3e	kommode/gitea: skip some parts in the dumps	2025-09-10 11:27:44 +02:00
Vegard Matthey	1166161858	oppdatere nettsiden	2025-09-08 13:59:41 +02:00
Vegard Matthey	a0164a4038	oppdatere nettsiden	2025-09-08 12:20:09 +02:00
h7x4	470cc451e0	kommode/gitea: fix backup count Some checks failed Eval nix flake / evals (push) Failing after 1m30s Details	2025-09-04 00:02:58 +02:00
h7x4	a803de2b23	kommode/gitea: enable sd_notify, enable hardware watchdog Some checks failed Eval nix flake / evals (push) Failing after 1m23s Details	2025-09-03 23:48:22 +02:00
h7x4	1dc78b6101	kommode/gitea: bindmount repo-archives to `/var/cache/gitea` Some checks failed Eval nix flake / evals (push) Failing after 1m26s Details	2025-09-03 23:23:16 +02:00
h7x4	54434b7f93	kommode/gitea: only keep 3 backups	2025-09-03 22:46:13 +02:00
Felix Albrigtsen	736dc44008	flake: update input pvv-nettsiden (fadderuke -> normal events)	2025-09-01 20:16:50 +02:00
h7x4	9e68287f1b	bicep/minecraft-heatmap: change postgres password, add to sops Some checks failed Eval nix flake / evals (push) Failing after 26s Details	2025-08-25 14:38:25 +02:00