From 45fc46cb9f4bdae23180c8f3fa420e3dabce0674 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 26 Mar 2024 13:48:55 +0100 Subject: [PATCH 1/7] fcast --- pkgs/fcast/default.nix | 202 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 202 insertions(+) create mode 100644 pkgs/fcast/default.nix diff --git a/pkgs/fcast/default.nix b/pkgs/fcast/default.nix new file mode 100644 index 0000000..3919a72 --- /dev/null +++ b/pkgs/fcast/default.nix @@ -0,0 +1,202 @@ +{ + lib, + buildNpmPackage, + cargo, + copyDesktopItems, + dbus, + electron_28, + fetchFromGitLab, + glib, + gnome, + gtk3, + jq, + libsecret, + makeDesktopItem, + makeWrapper, + moreutils, + napi-rs-cli, + nodejs_18, + patchutils_0_4_2, + pkg-config, + python3, + runCommand, + rustc, + rustPlatform, +}: let + description = "A secure and free password manager for all of your devices"; + icon = "bitwarden"; + electron = electron_28; +in + buildNpmPackage rec { + pname = "bitwarden-desktop"; + version = "2024.3.0"; + + src = fetchFromGitLab { + owner = "videostreaming"; + repo = "fcast"; + rev = "b13d0f7e8150c279d377a78f89d338b7fc0f5539"; + hash = "sha256-XEZB95GnfSy/wtTWpF8KlUQwyephUZmSLtbOwbcvd7g="; + }; + + patches = [ + ./electron-builder-package-lock.patch + ]; + + # The nested package-lock.json from upstream is out-of-date, so copy the + # lock metadata from the root package-lock.json. + postPatch = '' + cat {,apps/desktop/src/}package-lock.json \ + | ${lib.getExe jq} -s ' + .[1].packages."".dependencies.argon2 = .[0].packages."".dependencies.argon2 + | .[0].packages."" = .[1].packages."" + | .[1].packages = .[0].packages + | .[1] + ' \ + | ${moreutils}/bin/sponge apps/desktop/src/package-lock.json + ''; + + nodejs = nodejs_18; + + makeCacheWritable = true; + npmFlags = ["--legacy-peer-deps"]; + npmWorkspace = "apps/desktop"; + npmDepsHash = "sha256-EpZXA+GkmHl5eqwIPTGHJZqrpr6k8gXneJG+GXumlkc="; + + cargoDeps = rustPlatform.fetchCargoTarball { + name = "${pname}-${version}"; + inherit src; + patches = + map + ( + patch: + runCommand + (builtins.baseNameOf patch) + {nativeBuildInputs = [patchutils_0_4_2];} + '' + < ${patch} filterdiff -p1 --include=${lib.escapeShellArg cargoRoot}'/*' > $out + '' + ) + patches; + patchFlags = ["-p4"]; + sourceRoot = "${src.name}/${cargoRoot}"; + hash = "sha256-qAqEFlUzT28fw6kLB8d7U8yXWevAU+q03zjN2xWsGyI="; + }; + cargoRoot = "apps/desktop/desktop_native"; + + env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; + + nativeBuildInputs = [ + cargo + copyDesktopItems + jq + makeWrapper + moreutils + napi-rs-cli + pkg-config + python3 + rustc + rustPlatform.cargoCheckHook + rustPlatform.cargoSetupHook + ]; + + buildInputs = [ + glib + gtk3 + libsecret + ]; + + preBuild = '' + if [[ $(jq --raw-output '.devDependencies.electron' < package.json | grep -E --only-matching '^[0-9]+') != ${lib.escapeShellArg (lib.versions.major electron.version)} ]]; then + echo 'ERROR: electron version mismatch' + exit 1 + fi + ''; + + postBuild = '' + pushd apps/desktop + + # desktop_native/index.js loads a file of that name regarldess of the libc being used + mv desktop_native/desktop_native.* desktop_native/desktop_native.linux-x64-musl.node + + npm exec electron-builder -- \ + --dir \ + -c.electronDist=${electron}/libexec/electron \ + -c.electronVersion=${electron.version} + + popd + ''; + + doCheck = true; + + nativeCheckInputs = [ + dbus + (gnome.gnome-keyring.override {useWrappedDaemon = false;}) + ]; + + checkFlags = [ + "--skip=password::password::tests::test" + ]; + + checkPhase = '' + runHook preCheck + + pushd ${cargoRoot} + export HOME=$(mktemp -d) + export -f cargoCheckHook runHook _eval _callImplicitHook + export cargoCheckType=release + dbus-run-session \ + --config-file=${dbus}/share/dbus-1/session.conf \ + -- bash -e -c cargoCheckHook + popd + + runHook postCheck + ''; + + installPhase = '' + runHook preInstall + + mkdir $out + + pushd apps/desktop/dist/linux-unpacked + mkdir -p $out/opt/Bitwarden + cp -r locales resources{,.pak} $out/opt/Bitwarden + popd + + makeWrapper '${electron}/bin/electron' "$out/bin/bitwarden" \ + --add-flags $out/opt/Bitwarden/resources/app.asar \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ + --set-default ELECTRON_IS_DEV 0 \ + --inherit-argv0 + + pushd apps/desktop/resources/icons + for icon in *.png; do + dir=$out/share/icons/hicolor/"''${icon%.png}"/apps + mkdir -p "$dir" + cp "$icon" "$dir"/${icon}.png + done + popd + + runHook postInstall + ''; + + desktopItems = [ + (makeDesktopItem { + name = "bitwarden"; + exec = "bitwarden %U"; + inherit icon; + comment = description; + desktopName = "Bitwarden"; + categories = ["Utility"]; + }) + ]; + + meta = { + changelog = "https://github.com/bitwarden/clients/releases/tag/${src.rev}"; + inherit description; + homepage = "https://bitwarden.com"; + license = lib.licenses.gpl3; + maintainers = with lib.maintainers; [amarshall kiwi]; + platforms = ["x86_64-linux"]; + mainProgram = "bitwarden"; + }; + } From b5be1009cf14167edb82a2bb2cb596de3f02e142 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 26 Mar 2024 14:13:35 +0100 Subject: [PATCH 2/7] added grafana to queen --- .../package-configs/dashboard/default.nix | 14 +++++++++++ .../dashboard/grafana/default.nix | 25 +++++++++++++++++++ nixos/server/package-configs/default.nix | 1 + 3 files changed, 40 insertions(+) create mode 100644 nixos/server/package-configs/dashboard/default.nix create mode 100644 nixos/server/package-configs/dashboard/grafana/default.nix diff --git a/nixos/server/package-configs/dashboard/default.nix b/nixos/server/package-configs/dashboard/default.nix new file mode 100644 index 0000000..71b377b --- /dev/null +++ b/nixos/server/package-configs/dashboard/default.nix @@ -0,0 +1,14 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + ./grafana + #./loki + #./prometheus + ]; +} diff --git a/nixos/server/package-configs/dashboard/grafana/default.nix b/nixos/server/package-configs/dashboard/grafana/default.nix new file mode 100644 index 0000000..11305d1 --- /dev/null +++ b/nixos/server/package-configs/dashboard/grafana/default.nix @@ -0,0 +1,25 @@ +{ + config, + pkgs, + ... +}: { + # grafana configuration + services.grafana = { + enable = true; + domain = "grafana.lillianviolet.dev"; + http_port = 2342; + http_addr = "127.0.0.1"; + }; + + # nginx reverse proxy + services.nginx.virtualHosts.${config.services.grafana.domain} = { + ## Force HTTP redirect to HTTPS + forceSSL = true; + ## LetsEncrypt + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}"; + proxyWebsockets = true; + }; + }; +} diff --git a/nixos/server/package-configs/default.nix b/nixos/server/package-configs/default.nix index b0104c5..ff7d535 100644 --- a/nixos/server/package-configs/default.nix +++ b/nixos/server/package-configs/default.nix @@ -15,5 +15,6 @@ ./postgres ./roundcube ./coturn + ./dashboard ]; } From fe1dbd4f95c03895fd73109aa94c7bbc90c55dc4 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 26 Mar 2024 14:34:28 +0100 Subject: [PATCH 3/7] Enable prometheus, add loki config example, we don't have a global log system so it's not useful though --- .../package-configs/dashboard/default.nix | 2 +- .../dashboard/grafana/default.nix | 18 +++++++++ .../dashboard/loki/default.nix | 10 +++++ .../package-configs/dashboard/loki/loki.yaml | 40 +++++++++++++++++++ .../dashboard/prometheus/default.nix | 38 ++++++++++++++++++ 5 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 nixos/server/package-configs/dashboard/loki/default.nix create mode 100644 nixos/server/package-configs/dashboard/loki/loki.yaml create mode 100644 nixos/server/package-configs/dashboard/prometheus/default.nix diff --git a/nixos/server/package-configs/dashboard/default.nix b/nixos/server/package-configs/dashboard/default.nix index 71b377b..5bbfb09 100644 --- a/nixos/server/package-configs/dashboard/default.nix +++ b/nixos/server/package-configs/dashboard/default.nix @@ -9,6 +9,6 @@ imports = [ ./grafana #./loki - #./prometheus + ./prometheus ]; } diff --git a/nixos/server/package-configs/dashboard/grafana/default.nix b/nixos/server/package-configs/dashboard/grafana/default.nix index 11305d1..e2f53ab 100644 --- a/nixos/server/package-configs/dashboard/grafana/default.nix +++ b/nixos/server/package-configs/dashboard/grafana/default.nix @@ -9,6 +9,24 @@ domain = "grafana.lillianviolet.dev"; http_port = 2342; http_addr = "127.0.0.1"; + provision = { + datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + access = "proxy"; + url = "http://localhost:${config.services.prometheus.port}"; + isDefault = true; + } + { + name = "Loki"; + type = "loki"; + access = "proxy"; + url = "http://localhost:${config.services.loki.port}"; + isDefault = true; + } + ]; + }; }; # nginx reverse proxy diff --git a/nixos/server/package-configs/dashboard/loki/default.nix b/nixos/server/package-configs/dashboard/loki/default.nix new file mode 100644 index 0000000..6e68716 --- /dev/null +++ b/nixos/server/package-configs/dashboard/loki/default.nix @@ -0,0 +1,10 @@ +{ + config, + pkgs, + ... +}: { + services.loki = { + enable = true; + configFile = ./loki.yaml; + }; +} diff --git a/nixos/server/package-configs/dashboard/loki/loki.yaml b/nixos/server/package-configs/dashboard/loki/loki.yaml new file mode 100644 index 0000000..d0e9699 --- /dev/null +++ b/nixos/server/package-configs/dashboard/loki/loki.yaml @@ -0,0 +1,40 @@ +# Enables authentication through the X-Scope-OrgID header, which must be present +# if true. If false, the OrgID will always be set to "fake". +auth_enabled: false + +server: + http_listen_address: "0.0.0.0" + http_listen_port: 3100 + +ingester: + lifecycler: + address: "127.0.0.1" + ring: + kvstore: + store: inmemory + replication_factor: 1 + final_sleep: 0s + chunk_idle_period: 5m + chunk_retain_period: 30s + +schema_config: + configs: + - from: 2020-05-15 + store: boltdb + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 168h + +storage_config: + boltdb: + directory: /tmp/loki/index + + filesystem: + directory: /tmp/loki/chunks + +limits_config: + enforce_metric_name: false + reject_old_samples: true + reject_old_samples_max_age: 168h \ No newline at end of file diff --git a/nixos/server/package-configs/dashboard/prometheus/default.nix b/nixos/server/package-configs/dashboard/prometheus/default.nix new file mode 100644 index 0000000..5ea9535 --- /dev/null +++ b/nixos/server/package-configs/dashboard/prometheus/default.nix @@ -0,0 +1,38 @@ +{ + config, + pkgs, + ... +}: { + services.prometheus = { + enable = true; + port = 9001; + # Export the current system metrics + exporters = { + node = { + enable = true; + enabledCollectors = ["systemd"]; + port = 9002; + }; + }; + scrapeConfigs = [ + # Scrape the current system + { + job_name = "GrafanaService system"; + static_configs = [ + { + targets = ["127.0.0.1:9002"]; + } + ]; + } + # Scrape the Loki service + # { + # job_name = "Loki service"; + # static_configs = [ + # { + # targets = ["127.0.0.1:3100"]; + # } + # ]; + # } + ]; + }; +} From ea9aa2eddd6a5341b8335c0c95a25ef93309b386 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 26 Mar 2024 14:35:54 +0100 Subject: [PATCH 4/7] That's where that is supposed to go for grafana --- .../server/package-configs/dashboard/grafana/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/nixos/server/package-configs/dashboard/grafana/default.nix b/nixos/server/package-configs/dashboard/grafana/default.nix index e2f53ab..de45e01 100644 --- a/nixos/server/package-configs/dashboard/grafana/default.nix +++ b/nixos/server/package-configs/dashboard/grafana/default.nix @@ -6,9 +6,11 @@ # grafana configuration services.grafana = { enable = true; - domain = "grafana.lillianviolet.dev"; - http_port = 2342; - http_addr = "127.0.0.1"; + server = { + domain = "grafana.lillianviolet.dev"; + http_port = 2342; + http_addr = "127.0.0.1"; + }; provision = { datasources = [ { From 2c33f7d0693a176213af0ae0de5b0b1df51e494c Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 26 Mar 2024 14:37:02 +0100 Subject: [PATCH 5/7] Disable loki in grafana, settings.server not just server --- .../dashboard/grafana/default.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nixos/server/package-configs/dashboard/grafana/default.nix b/nixos/server/package-configs/dashboard/grafana/default.nix index de45e01..2bde79a 100644 --- a/nixos/server/package-configs/dashboard/grafana/default.nix +++ b/nixos/server/package-configs/dashboard/grafana/default.nix @@ -6,7 +6,7 @@ # grafana configuration services.grafana = { enable = true; - server = { + settings.server = { domain = "grafana.lillianviolet.dev"; http_port = 2342; http_addr = "127.0.0.1"; @@ -20,13 +20,13 @@ url = "http://localhost:${config.services.prometheus.port}"; isDefault = true; } - { - name = "Loki"; - type = "loki"; - access = "proxy"; - url = "http://localhost:${config.services.loki.port}"; - isDefault = true; - } + # { + # name = "Loki"; + # type = "loki"; + # access = "proxy"; + # url = "http://localhost:${config.services.loki.port}"; + # isDefault = true; + # } ]; }; }; From 9dacc2172eb1d0f5aadd49a6ecd2fa46cc5a9284 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 26 Mar 2024 14:40:05 +0100 Subject: [PATCH 6/7] Let's change those in nginx too --- nixos/server/package-configs/dashboard/grafana/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/server/package-configs/dashboard/grafana/default.nix b/nixos/server/package-configs/dashboard/grafana/default.nix index 2bde79a..b952195 100644 --- a/nixos/server/package-configs/dashboard/grafana/default.nix +++ b/nixos/server/package-configs/dashboard/grafana/default.nix @@ -32,13 +32,13 @@ }; # nginx reverse proxy - services.nginx.virtualHosts.${config.services.grafana.domain} = { + services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = { ## Force HTTP redirect to HTTPS forceSSL = true; ## LetsEncrypt enableACME = true; locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}"; + proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.port}"; proxyWebsockets = true; }; }; From 3c830bc6c467f73d6e7aeb2d33b1405cdd6bdbe8 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 26 Mar 2024 14:52:15 +0100 Subject: [PATCH 7/7] Had to do a toString, thanks for the great error message nixos, fixed some other typos --- .../dashboard/grafana/default.nix | 37 ++++++++++--------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/nixos/server/package-configs/dashboard/grafana/default.nix b/nixos/server/package-configs/dashboard/grafana/default.nix index b952195..5589873 100644 --- a/nixos/server/package-configs/dashboard/grafana/default.nix +++ b/nixos/server/package-configs/dashboard/grafana/default.nix @@ -12,22 +12,25 @@ http_addr = "127.0.0.1"; }; provision = { - datasources = [ - { - name = "Prometheus"; - type = "prometheus"; - access = "proxy"; - url = "http://localhost:${config.services.prometheus.port}"; - isDefault = true; - } - # { - # name = "Loki"; - # type = "loki"; - # access = "proxy"; - # url = "http://localhost:${config.services.loki.port}"; - # isDefault = true; - # } - ]; + datasources.settings = { + apiVersion = 1; + datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + access = "proxy"; + url = "http://localhost:${toString config.services.prometheus.port}"; + isDefault = true; + } + # { + # name = "Loki"; + # type = "loki"; + # access = "proxy"; + # url = "http://localhost:${config.services.loki.port}"; + # isDefault = true; + # } + ]; + }; }; }; @@ -38,7 +41,7 @@ ## LetsEncrypt enableACME = true; locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.port}"; + proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}"; proxyWebsockets = true; }; };