Upgrade NixOS. Use upstream libedgetpu, frigate, and gasket kernel module. Fix services broken by upgrade.

2024-11-19 21:11:13 -08:00
parent 89ce0f7fc0
commit eb6a50664c
22 changed files with 61 additions and 321 deletions
--- a/common/server/default.nix
+++ b/common/server/default.nix
@@ -10,7 +10,6 @@
    ./matrix.nix
    ./zerobin.nix
    ./gitea.nix
-    ./privatebin/privatebin.nix
    ./radio.nix
    ./samba.nix
    ./owncast.nix
--- a/common/server/privatebin/conf.php
+++ b/common/server/privatebin/conf.php
@@ -1,42 +0,0 @@
-;<?php http_response_code(403); /*
-[main]
-name = "Kode Paste"
-discussion = false
-opendiscussion = false
-password = true
-fileupload = false
-burnafterreadingselected = false
-defaultformatter = "plaintext"
-sizelimit = 10485760
-template = "bootstrap"
-languageselection = false
-
-[expire]
-default = "1week"
-
-[expire_options]
-5min = 300
-10min = 600
-1hour = 3600
-1day = 86400
-1week = 604800
-
-[formatter_options]
-plaintext = "Plain Text"
-syntaxhighlighting = "Source Code"
-markdown = "Markdown"
-
-[traffic]
-limit = 10
-dir = "/var/lib/privatebin"
-
-[purge]
-limit = 300
-batchsize = 10
-dir = "/var/lib/privatebin"
-
-[model]
-class = Filesystem
-
-[model_options]
-dir = "/var/lib/privatebin"
--- a/common/server/privatebin/privatebin.nix
+++ b/common/server/privatebin/privatebin.nix
@@ -1,74 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  cfg = config.services.privatebin;
-  privateBinSrc = pkgs.stdenv.mkDerivation {
-    name = "privatebin";
-    src = pkgs.fetchFromGitHub {
-      owner = "privatebin";
-      repo = "privatebin";
-      rev = "d65bf02d7819a530c3c2a88f6f9947651fe5258d";
-      sha256 = "7ttAvEDL1ab0cUZcqZzXFkXwB2rF2t4eNpPxt48ap94=";
-    };
-    installPhase = ''
-      cp -ar $src $out
-    '';
-  };
-in
-{
-  options.services.privatebin = {
-    enable = lib.mkEnableOption "enable privatebin";
-    host = lib.mkOption {
-      type = lib.types.str;
-      example = "example.com";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-
-    users.users.privatebin = {
-      description = "privatebin service user";
-      group = "privatebin";
-      isSystemUser = true;
-    };
-    users.groups.privatebin = { };
-
-    services.nginx.enable = true;
-    services.nginx.virtualHosts.${cfg.host} = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        root = privateBinSrc;
-        index = "index.php";
-      };
-      locations."~ \.php$" = {
-        root = privateBinSrc;
-        extraConfig = ''
-          fastcgi_pass  unix:${config.services.phpfpm.pools.privatebin.socket};
-          fastcgi_index index.php;
-        '';
-      };
-    };
-
-    systemd.tmpfiles.rules = [
-      "d '/var/lib/privatebin' 0750 privatebin privatebin - -"
-    ];
-
-    services.phpfpm.pools.privatebin = {
-      user = "privatebin";
-      group = "privatebin";
-      phpEnv = {
-        CONFIG_PATH = "${./conf.php}";
-      };
-      settings = {
-        pm = "dynamic";
-        "listen.owner" = config.services.nginx.user;
-        "pm.max_children" = 5;
-        "pm.start_servers" = 2;
-        "pm.min_spare_servers" = 1;
-        "pm.max_spare_servers" = 3;
-        "pm.max_requests" = 500;
-      };
-    };
-  };
-}
--- a/common/server/samba.nix
+++ b/common/server/samba.nix
@@ -5,30 +5,28 @@
    services.samba = {
      openFirewall = true;
      package = pkgs.sambaFull; # printer sharing
-      securityType = "user";

      # should this be on?
      nsswins = true;

-      extraConfig = ''
-        workgroup = HOME
-        server string = smbnix
-        netbios name = smbnix
-        security = user 
-        use sendfile = yes
-        min protocol = smb2
-        guest account = nobody
-        map to guest = bad user
+      settings = {
+        global = {
+          security = "user";
+          workgroup = "HOME";
+          "server string" = "smbnix";
+          "netbios name" = "smbnix";
+          "use sendfile" = "yes";
+          "min protocol" = "smb2";
+          "guest account" = "nobody";
+          "map to guest" = "bad user";

-        # printing
-        load printers = yes
-        printing = cups
-        printcap name = cups
+          # printing
+          "load printers" = "yes";
+          printing = "cups";
+          "printcap name" = "cups";

-        hide files = /.nobackup/.DS_Store/._.DS_Store/
-      '';
-
-      shares = {
+          "hide files" = "/.nobackup/.DS_Store/._.DS_Store/";
+        };
        public = {
          path = "/data/samba/Public";
          browseable = "yes";
@@ -77,9 +75,9 @@

    # backups
    backup.group."samba".paths = [
-      config.services.samba.shares.googlebot.path
-      config.services.samba.shares.cris.path
-      config.services.samba.shares.public.path
+      config.services.samba.settings.googlebot.path
+      config.services.samba.settings.cris.path
+      config.services.samba.settings.public.path
    ];

    # Windows discovery of samba server
--- a/common/server/unifi.nix
+++ b/common/server/unifi.nix
@@ -10,7 +10,8 @@ in
  };

  config = lib.mkIf cfg.enable {
-    services.unifi.unifiPackage = pkgs.unifi8;
+    services.unifi.unifiPackage = pkgs.unifi;
+    services.unifi.mongodbPackage = pkgs.mongodb-7_0;

    networking.firewall = lib.mkIf cfg.openMinimalFirewall {
      allowedUDPPorts = [