From 2a1a5ce8eea20d39a2a5ad1f6a7feddfe290c713 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 10:47:04 +0100 Subject: [PATCH 01/13] wip --- python-overlay.nix | 3 +++ secrets/admin-password.age | Bin 570 -> 666 bytes secrets/database-root-password.age | 26 +++++++++++++------------- secrets/database-user-password.age | 25 ++++++++++++------------- secrets/secrets.nix | 2 +- 5 files changed, 29 insertions(+), 27 deletions(-) diff --git a/python-overlay.nix b/python-overlay.nix index 4708ae2..f2fd814 100644 --- a/python-overlay.nix +++ b/python-overlay.nix @@ -1,4 +1,7 @@ final: prev: { + # Without this, we may inadvertedly end up with old versions (if we happen to + # overlay a dependency for other packages) + python3Packages = final.python3.pkgs; python3 = prev.python3.override { packageOverrides = pyFinal: pyPrev: { bench = pyFinal.callPackage ./python/bench.nix {}; diff --git a/secrets/admin-password.age b/secrets/admin-password.age index 9b4139c95a199a74bfee74d67f89371575c00c92..0819b3dc8152f6e9f4bca0be1aad365bdf367a9c 100644 GIT binary patch literal 666 zcmZ|Lz0Q+R0LJmf#Dq9HYv09%R6fd~WidJBo3>C2EwqUyv`{!L9KKp8Bu1H;!-O_H4iWpCFEg5k6F1aX~qLnO8B@FvRfHpstf)6tVy?!oVvi zpRxyP+LtTJE-7E8sj$->b!pvrvFuVlr>Sj|M$+*@o_!W>iIyR&^Ks_^yo7ZyckmJ8 z9(bNzVO1zjSgoQUXoPKgiXUn~p_3gPOc;nJsxBeLGL6zoFN|2y>sWLfl{H#*kyesW zZ;B#AXM#zx`{@g$W$raugYHb8MFnO?B86siXOwN}US><34CIH}bW?XO9FUH;=fP%l zkg_7H9Y;`F-PyO?c%n^POW4nDY`B$MMME^<#0g*fBN8R~80i=)JCiQ)O&@#Wp)ef1 z+RFlqID6wC{-bTwiH@kAZTHtp!0zU=(}JACs~!LvEO(lFU#7uBaR6tT*uf|XUBtP^ z+%6~Xn5hy|F?mr1Xa5SURgy9$n4_b$_}3;5oOfo{xJF0f{9N%1mQ6(@GMDGudZ=bYQ?)RUH4p0PGjG*V^sOKx#0lF&*s3$G+N;x7V* zkdJN@XH9#w1`#nF4hIGsCkI#Bc7c_y9Ut_~Oia7FZXi8kk*kAbVZakRz1cMJ?cML^ nbf`VP`}+O$6VJV4KL7aj;n~M8Z(qEhFps!DKX;#=F5dhFN)FcW literal 570 zcmZ|IJFk;a003ZPoJjl+-3juz1=#`6?tIZ(<4nw#9j)j_xW3p8msWr}tV|B$sv$)NcnTapKMFXf`Php=k*1Vus z7C^+v)V8@N43T}_qiCh_kf}siMQs;adAfAFL*79-3llhE;_O9M)2__Y|(?u3`**2Oq zNHtt^ga5OgQeSYoBI4ad37Dh1_8W+uGj|CTIg1o~vzXgevd;xr6X}GHdf;UiC#;OQ zE-Wz@2i0ZbnSm2xeLVI?f`Vm~2E%__`uv(gr`WG!VzfK5Y5G?wY5=3HOtPy_#}%Eep~TS*eEl6po2kkDpp^?|y!$Y3=iucdc~${r96EUtfO=US8kB OPv7q4_iyfgJ^2Hm`Mvi5 diff --git a/secrets/database-root-password.age b/secrets/database-root-password.age index 598651a..2282928 100644 --- a/secrets/database-root-password.age +++ b/secrets/database-root-password.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q J/XqDE9oquq8xyPyMXcYtWVEeIczShbr2WZ6zpXVDFk -qsmZSC59mm8HUG72aqSdaVU2XaNMk5PumaE/r1+5Fzc --> ssh-ed25519 fLYf0Q +zjc/bQDGBgWSd3O2BugQBMx2Iq4UEUG5XauQMqzvmY -9TGVQ02H4Ofdwgju7zbRpfxanAUEbIb44nUZkFESLt4 --> ssh-ed25519 BVsyTA QE7uZCFJjDbhiQqvDgJeJevPqhYSEs6rswLdR/dU/gA -+B37NmGCNFnnDtkLkMbb9mRSvR7/6ohQTRN/VK6HCGE --> ssh-ed25519 BVsyTA QG+2eoqCbQzzQLF8uNX8Oj68SILAeWIUqcK0rtGT8nM -3NUYU+9Bv88r1VNDeZFNMnc3l9lsiWjzsYTczyntRac --> EMr"yt-grease -GNRgoRN98JvtS4Vc1CE1I0RXSwvt5RGiwxwPBVCHtU9NaBNxY7enwQKHN0cRcvku -oiA ---- lAr6xIM5wIjraqiC78485o9Od6N4ky54dCrcVc+ZECE -?bTg5'@v&4\1JZea \ No newline at end of file +-> ssh-ed25519 Wp/X/Q w6xebYlCcO/esVQ1Hlk/lB9bI1c1sJ/fmJg5GTedFxI +wjvnnPeIdw07TBbmI3wGZNDJ4LVTRZdwLAKedWjHK6Y +-> ssh-ed25519 5F0hZA 4Tx3AGXVBytOO0fgPDD8u5fR7E/4b+t8nLb/vKZI2iE +FXEGqrJLD/NiK/dxDUkBovgMP2DFAaUN6mA6dbjviFQ +-> ssh-ed25519 BVsyTA fqBlO0LGTfMJdSXGJOpTkrpv8C+cfUafXLcHYJ3rrBM +4+6LQbFW6mUgJnONmqW185udg7YPUd/GTi9jJQZMwqI +-> ssh-ed25519 BVsyTA Q/uuI7ubybZaVhmH8LMUH/3t2Lp4dNCX4kCzRZFrwRQ +ZqksJZHl76a3Rok6P7VXVjtrMQJ8nhllyzrvMH7KKOU +-> euQd%tA-grease avw` =r|11_w +C4Oiuqcf0SbvPj2zRCIrNdCzk2a4bgUADFr5pe0qv8vcxM6fzpdClKwEGWfO2KTy +LcbeIUnxSXqxCWrJwOAKcxuCm3XfWIhhE5brarYyUlQswDT8rCC2AiMKug +--- jMyBS5fBPH6puv2dAjgTlHlwZI1YUT6yCAwk3otNbgE +P8}U58=f) *m>}F~ ~R \ No newline at end of file diff --git a/secrets/database-user-password.age b/secrets/database-user-password.age index 079a004..313d5e2 100644 --- a/secrets/database-user-password.age +++ b/secrets/database-user-password.age @@ -1,14 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q XnUGBSLYyTTUjTiqQg4zZGeVvMqPocTk7uZRBhPguGk -TFf2vCef46WGwSSL9eQoWJw74fiUfymxaUxNf+Ty32Y --> ssh-ed25519 fLYf0Q rtQ/LRlEPw+V/71ptxLfhbjjKUKD3M/FitHxuIfb61I -iWDj8TXCJOf73MUcHZWhnhQjnuKqykxQ8UYYzeFs7FA --> ssh-ed25519 BVsyTA /5BemxhsClGZQAAF4apL2g37qjHjJ0VjPC1352NniFk -LCKyRK+JbZW1YFpZknB+HVCVjS2xxPwsbitJ3pztYO0 --> ssh-ed25519 BVsyTA r0UHDzJx01z6u5tC+KWvp/TrpvFaTAP6Nn2z9vv7kVU -/L+0zAITksGzHkdGneaEWgUGHcBfXUROCS8fQh1fAPg --> [>kC]3-grease -ZAw4x/KwujI8DlxyGsgjk8yu ---- LA8ePveqZ7SKE7WsfrX/dD37bU4VRgivUfSRDOpc14A -p>YxnP׺D>Fv! -~ᨀ:w \ No newline at end of file +-> ssh-ed25519 Wp/X/Q V1GaGyuGD+8WQ3RynjK/skaco/xbfhuNVrsn4TDKCQE +6fWJr03t44OCVUyhyXVV3NWgEsnMWh7BmHcKtEmHsKg +-> ssh-ed25519 5F0hZA fuPnPn6SdFVZLibkvxoAlxSToZjmeyD1ttGaoeOqzgM +gkDapRAvTAoFtSnBpbBPzJM5Iz8tfy77vzIVo3K/JKQ +-> ssh-ed25519 BVsyTA mfeHzD3s9LZ3p/X2B4deyytfGy10lPT7h6esL5kkUTE +tus9H87v9sYOPrVSKQw0m7Sh0a7aJxEFQ+ROOD21jf8 +-> ssh-ed25519 BVsyTA COt9omN4TCPsTXUfhKYB5qZzhp52gw76hUd6Zle7bgw +Z/zb5peHjRgfr49Nn3u++7AWrLOBMIbMUJJ7DVOzRP8 +-> 0}#)[g-grease `( ;BB8{=7F +EFjVeC+FW5uYWl/jSrvPdJBCViEZWY8Z9bhl8V3A6LTit4v4ZoGiDl5Z3Q +--- G5CoW9P0PAjvihQaqXHueWJA/oxp/wguZftuxkA4BPs +_Gn{h8!+ ݿڤ}毈 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e514c6b..5e01ce1 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,7 +2,7 @@ let # set ssh public keys here for your system and user machines = { dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILDATEWAgDZFfYs1ZPh33Kg4sqQ9tWMVKyk8XqFu3Koe host@dumpyourvms"; - test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7EsR4wT+bOaC/rafTZUqsR7z9SFM57Oabv+I0ar454 host@test-vm"; + test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/oRgbesMS5rTPGeP2PYtBC7bYCqrmDJxfWRRAAxN8Z host@test-vm"; }; users = { teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; From 19559562b24ea9e906c942206fc7d05bb34cd5af Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 11:49:51 +0100 Subject: [PATCH 02/13] feat: NixOS 23.11, fix python flit format --- flake.lock | 52 ++++++++++++++++++++++++++++++---------------- flake.nix | 3 ++- python/erpnext.nix | 5 +++-- python/frappe.nix | 5 +++-- 4 files changed, 42 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index ce6440f..8a15ee8 100644 --- a/flake.lock +++ b/flake.lock @@ -6,14 +6,15 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1689334118, - "narHash": "sha256-djk5AZv1yU84xlKFaVHqFWvH73U7kIRstXwUAnDJPsk=", + "lastModified": 1703433843, + "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", "owner": "ryantm", "repo": "agenix", - "rev": "0d8c5325fc81daf00532e3e26c6752f7bcde1143", + "rev": "417caa847f9383e111d1397039c9d4337d024bf0", "type": "github" }, "original": { @@ -30,11 +31,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -54,11 +55,11 @@ ] }, "locked": { - "lastModified": 1688380630, - "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=", + "lastModified": 1701787589, + "narHash": "sha256-ce+oQR4Zq9VOsLoh9bZT8Ip9PaMLcjjBUHVPzW5d7Cw=", "owner": "numtide", "repo": "devshell", - "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205", + "rev": "44ddedcbcfc2d52a76b64fb6122f209881bd3e1e", "type": "github" }, "original": { @@ -75,11 +76,11 @@ ] }, "locked": { - "lastModified": 1682203081, - "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -90,16 +91,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1689503327, - "narHash": "sha256-qVwzYLA8oT2oWNDXO0A3bZHOhoPOihIB9T677+Hor1E=", + "lastModified": 1704295289, + "narHash": "sha256-9WZDRfpMqCYL6g/HNWVvXF0hxdaAgwgIGeLYiOhmes8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f64b9738da8e86195766147e9752c67fccee006c", + "rev": "b0b2c5445c64191fd8d0b31f2b1a34e45a64547d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -109,7 +110,7 @@ "agenix": "agenix", "devshell": "devshell", "nixpkgs": "nixpkgs", - "systems": "systems" + "systems": "systems_2" } }, "systems": { @@ -126,6 +127,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index d5eeb9d..e0a0361 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Dev Setup"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; systems.url = "github:nix-systems/default"; @@ -44,6 +44,7 @@ # Add additional packages you'd like to be available in your devshell # PATH here devshell.packages = with pkgs; [ + jq ]; commands = [ { diff --git a/python/erpnext.nix b/python/erpnext.nix index 27f665a..3f45bd9 100644 --- a/python/erpnext.nix +++ b/python/erpnext.nix @@ -2,6 +2,7 @@ , buildPythonPackage , fetchFromGitHub , pythonRelaxDepsHook +, flit-core # Core dependencies , pycountry @@ -34,9 +35,9 @@ buildPythonPackage rec { sha256 = erpnextSrcHash; }; - format = "flit"; + format = "pyproject"; - nativeBuildInputs = [ pythonRelaxDepsHook ]; + nativeBuildInputs = [ pythonRelaxDepsHook flit-core ]; pythonRelaxDeps = [ "pycountry" "rapidfuzz" diff --git a/python/frappe.nix b/python/frappe.nix index d8a2ffc..9cf6fb3 100644 --- a/python/frappe.nix +++ b/python/frappe.nix @@ -2,6 +2,7 @@ , buildPythonPackage , pythonRelaxDepsHook , fetchFromGitHub +, flit-core # Core dependencies , babel @@ -96,9 +97,9 @@ buildPythonPackage rec { sha256 = frappeSrcHash; }; - format = "flit"; + format = "pyproject"; - nativeBuildInputs = [ pythonRelaxDepsHook ]; + nativeBuildInputs = [ pythonRelaxDepsHook flit-core ]; pythonRelaxDeps = [ "Babel" "beautifulsoup4" From 6c293138fdd4e2d0b3744e62e7dac3a763140430 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 13:05:51 +0100 Subject: [PATCH 03/13] fix: update script, use long options for commands --- srcs/update.sh | 36 ++++++++++++++----------- update.sh | 73 -------------------------------------------------- 2 files changed, 21 insertions(+), 88 deletions(-) delete mode 100644 update.sh diff --git a/srcs/update.sh b/srcs/update.sh index 4b3d313..0dceaba 100755 --- a/srcs/update.sh +++ b/srcs/update.sh @@ -1,5 +1,5 @@ #!/usr/bin/env nix-shell -#!nix-shell -i bash -p nix wget prefetch-yarn-deps nix-prefetch-github +#!nix-shell -i bash -p nix wget prefetch-yarn-deps nix-prefetch-github jq if [ "$#" -gt 3 ] || [[ "$1" == -* ]]; then echo "Regenerates packaging data for the ERPNext packages." @@ -14,13 +14,13 @@ frappe_version="$3" set -euo pipefail if [ -z "$bench_version" ]; then - bench_version="$(wget -q -O- "https://api.github.com/repos/frappe/bench/releases?per_page=1" | jq -r '.[0].tag_name')" + bench_version="$(wget --quiet --output-document=- "https://api.github.com/repos/frappe/bench/releases?per_page=1" | jq --raw-output '.[0].tag_name')" fi if [ -z "$erpnext_version" ]; then - erpnext_version="$(wget -q -O- "https://api.github.com/repos/frappe/erpnext/releases?per_page=1" | jq -r '.[0].tag_name')" + erpnext_version="$(wget --quiet --output-document=- "https://api.github.com/repos/frappe/erpnext/releases?per_page=1" | jq --raw-output '.[0].tag_name')" fi if [ -z "$frappe_version" ]; then - frappe_version="$(wget -q -O- "https://api.github.com/repos/frappe/frappe/releases?per_page=1" | jq -r '.[0].tag_name')" + frappe_version="$(wget --quiet --output-document=- "https://api.github.com/repos/frappe/frappe/releases?per_page=1" | jq --raw-output '.[0].tag_name')" fi # strip leading "v" @@ -29,32 +29,38 @@ erpnext_version="${erpnext_version#v}" frappe_version="${frappe_version#v}" # Bench -bench_src_hash=$(nix-prefetch-github frappe bench --rev "v${bench_version}" | jq -r .sha256) +echo "Prefetching bench source version $bench_version from GitHub ..." +bench_src_hash=$(nix-prefetch-github frappe bench --rev "v${bench_version}" | jq --raw-output .hash) # Erpnext +echo "Prefetching erpnext source version $erpnext_version from GitHub ..." erpnext_src="https://raw.githubusercontent.com/frappe/erpnext/v$erpnext_version" -erpnext_src_hash="$(nix-prefetch-github frappe erpnext --rev "v${erpnext_version}" | jq -r .sha256)" +erpnext_src_hash="$(nix-prefetch-github frappe erpnext --rev "v${erpnext_version}" | jq --raw-output .hash)" -erpnext_tmpdir=$(mktemp -d) +erpnext_tmpdir=$(mktemp --directory) trap 'rm -rf "$erpnext_tmpdir"' EXIT -pushd "$erpnext_tmpdir" -wget -q "$erpnext_src/yarn.lock" +pushd "$erpnext_tmpdir" &> /dev/null +wget --quiet "$erpnext_src/yarn.lock" +echo "Prefetching erpnext yarn dependencies ..." erpnext_yarn_hash=$(prefetch-yarn-deps yarn.lock) -popd +popd &> /dev/null # Frappe +echo "Prefetching frappe source version $frappe_version from GitHub ..." frappe_src="https://raw.githubusercontent.com/frappe/frappe/v$frappe_version" -frappe_src_hash="$(nix-prefetch-github frappe frappe --rev "v${frappe_version}" | jq -r .sha256)" +frappe_src_hash="$(nix-prefetch-github frappe frappe --rev "v${frappe_version}" | jq --raw-output .hash)" -frappe_tmpdir=$(mktemp -d) +frappe_tmpdir=$(mktemp --directory) trap 'rm -rf "$frappe_tmpdir"' EXIT -pushd "$frappe_tmpdir" -wget -q "$frappe_src/yarn.lock" +pushd "$frappe_tmpdir" &> /dev/null +wget --quiet "$frappe_src/yarn.lock" +echo "Prefetching frappe yarn dependencies ..." frappe_yarn_hash=$(prefetch-yarn-deps yarn.lock) -popd +popd &> /dev/null +echo "Saving updated versions and hashes to pin.nix file ..." cat > pin.nix << EOF { benchVersion = "$bench_version"; diff --git a/update.sh b/update.sh deleted file mode 100644 index 4a84c94..0000000 --- a/update.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -I nixpkgs=../../../../../ -i bash -p nix wget prefetch-yarn-deps nix-prefetch-github - -if [ "$#" -gt 1 ] || [[ "$1" == -* ]]; then - echo "Regenerates packaging data for the ERPNext packages." - echo "Usage: $0 [git bench release tag] $1 [git erpnext release tag] $2 [git frappe release tag]" - exit 1 -fi - -bench_version="$1" -erpnext_version="$3" -frappe_version="$2" - -set -euo pipefail - -if [ -z "$bench_version" ]; then - bench_version="$(wget -q -O- "https://api.github.com/repos/frappe/bench/releases?per_page=1" | jq -r '.[0].tag_name')" -fi -if [ -z "$erpnext_version" ]; then - erpnext_version="$(wget -q -O- "https://api.github.com/repos/frappe/erpnext/releases?per_page=1" | jq -r '.[0].tag_name')" -fi -if [ -z "$frappe_version" ]; then - frappe_version="$(wget -q -O- "https://api.github.com/repos/frappe/frappe/releases?per_page=1" | jq -r '.[0].tag_name')" -fi - -# strip leading "v" -bench_version="${bench_version#v}" -erpnext_version="${erpnext_version#v}" -frappe_version="${frappe_version#v}" - -# Bench -bench_src_hash=$(nix-prefetch-github frappe bench --rev "v${bench_version}" | jq -r .sha256) - -popd - -# Erpnext -erpnext_src="https://raw.githubusercontent.com/frappe/erpnext/v$erpnext_version" -erpnext_src_hash="$(nix-prefetch-github frappe erpnext --rev "v${erpnext_version}" | jq -r .sha256)" - -erpnext_tmpdir=$(mktemp -d) -trap 'rm -rf "$erpnext_tmpdir"' EXIT - -pushd "$erpnext_tmpdir" -wget -q "$erpnext_src/yarn.lock" -erpnext_yarn_hash=$(prefetch-yarn-deps yarn.lock) -popd - -# Frappe -frappe_src="https://raw.githubusercontent.com/frappe/frappe/v$frappe_version" -frappe_src_hash="$(nix-prefetch-github frappe frappe --rev "v${frappe_version}" | jq -r .sha256)" - -frappe_tmpdir=$(mktemp -d) -trap 'rm -rf "$frappe_tmpdir"' EXIT - -pushd "$frappe_tmpdir" -wget -q "$frappe_src/yarn.lock" -frappe_yarn_hash=$(prefetch-yarn-deps yarn.lock) -popd - -cat > pin.nix << EOF -{ - benchVersion = "$bench_version"; - erpnextVersion = "$erpnext_version"; - frappeVersion = "$frappe_version"; - hashes = { - "benchSrcHash" = "$bench_src_hash"; - "erpnextSrcHash" = "$erpnext_src_hash"; - "erpnextYarnHash" = "$erpnext_yarn_hash"; - "frappeSrcHash" = "$frappe_src_hash"; - "frappeYarnHash" = "$frappe_yarn_hash"; - }; -} -EOF From 39b3da843335713e155127e5b564d7837b6150b5 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 13:06:20 +0100 Subject: [PATCH 04/13] chore: bump bench, erpnext, frappe versions --- srcs/pin.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/srcs/pin.nix b/srcs/pin.nix index cdfe786..174caf4 100644 --- a/srcs/pin.nix +++ b/srcs/pin.nix @@ -1,12 +1,12 @@ { - benchVersion = "5.16.4"; - erpnextVersion = "14.30.6"; - frappeVersion = "14.40.3"; + benchVersion = "5.19.0"; + erpnextVersion = "14.58.1"; + frappeVersion = "15.8.1"; hashes = { - "benchSrcHash" = "nIEFTCiyjfkCtpeeoQY+9zfoHQXZ5NOgXgLaz5ki150="; - "erpnextSrcHash" = "E+1vW73a3dp0YIVM0Ybt55DEi/7kDIKB4xTac+D49l4="; + "benchSrcHash" = "sha256-y8nx4vFVQggwGv2MWQ88WczgVbPxPybZV38FF5u5aWI="; + "erpnextSrcHash" = "sha256-HeeNd7dAlbppR2gPPmohKqpUUoMx5f0Kgsd7wZtUHp8="; "erpnextYarnHash" = "0rjqlw0lff1wwbzl62g8nnjlhz3km2km3vqj2dccawpi4q2kh6jn"; - "frappeSrcHash" = "byzPj4kJRgU1Fs5wyr9FZU2NyoxX0qePNY/KicEvGcY="; - "frappeYarnHash" = "0az1kdqcwmpzryrdg6ag4q5pqxy67vcns654d888l9307x9lq5rw"; + "frappeSrcHash" = "sha256-FDUUNbULPmMY6dDgbMHrxXD8pK1AP+T7kG7mY9MmMDg="; + "frappeYarnHash" = "0rj2v69siagwjz632hyaii5ni24fp434cznaxpi8978fq07qx6l9"; }; } From e8d06d76e16542ddb897b00400d32c88cfe5860b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 13:06:56 +0100 Subject: [PATCH 05/13] fix: remove some python overlays, these are now available in nixpkgs --- python-overlay.nix | 26 -------------------------- python/git-url-parse.nix | 14 -------------- python/posthog.nix | 22 ---------------------- python/premailer.nix | 22 ---------------------- python/pypdf2.nix | 13 ------------- python/pypika.nix | 15 --------------- python/python-youtube.nix | 27 --------------------------- python/rauth.nix | 14 -------------- 8 files changed, 153 deletions(-) delete mode 100644 python/git-url-parse.nix delete mode 100644 python/posthog.nix delete mode 100644 python/premailer.nix delete mode 100644 python/pypdf2.nix delete mode 100644 python/pypika.nix delete mode 100644 python/python-youtube.nix delete mode 100644 python/rauth.nix diff --git a/python-overlay.nix b/python-overlay.nix index f2fd814..8951ea3 100644 --- a/python-overlay.nix +++ b/python-overlay.nix @@ -13,20 +13,13 @@ final: prev: { # erpnext dependencies gocardless-pro = pyFinal.callPackage ./python/gocardless-pro.nix {}; - python-youtube = pyFinal.callPackage ./python/python-youtube.nix {}; redisearch = pyFinal.callPackage ./python/redisearch.nix {}; taxjar = pyFinal.callPackage ./python/taxjar.nix {}; # frappe dependencies email-reply-parser = pyFinal.callPackage ./python/email-reply-parser.nix {}; - git-url-parse = pyFinal.callPackage ./python/git-url-parse.nix {}; maxminddb-geolite2 = pyFinal.callPackage ./python/maxminddb-geolite2.nix {}; - posthog = pyFinal.callPackage ./python/posthog.nix {}; - premailer = pyFinal.callPackage ./python/premailer.nix {}; psycopg2-binary = pyFinal.callPackage ./python/psycopg2-binary.nix {}; - pypdf2 = pyFinal.callPackage ./python/pypdf2.nix {}; - pypika = pyFinal.callPackage ./python/pypika.nix {}; - rauth = pyFinal.callPackage ./python/rauth.nix {}; traceback-with-variables = pyFinal.callPackage ./python/traceback-with-variables.nix {}; # indirect dependencies @@ -36,15 +29,6 @@ final: prev: { rejson = pyFinal.callPackage ./python/rejson.nix {}; - - bleach = pyPrev.bleach.overridePythonAttrs (oldAttrs: (rec { - version = "3.3.1"; - src = pyPrev.fetchPypi { - inherit version; - inherit (oldAttrs) pname; - sha256 = "sha256-MGSDpal5VHQWCtV/zj3dG1BVHpge7Y4VpYLTTO8oqvo="; - }; - })); plaid-python = pyPrev.plaid-python.overridePythonAttrs (oldAttrs: (rec { version = "7.2.1"; src = pyPrev.fetchPypi { @@ -57,16 +41,6 @@ final: prev: { # Integration tests require API keys and internet access checkPhase = "pyPrev.test -rxs ./tests/unit"; })); - tweepy = pyPrev.tweepy.overridePythonAttrs (oldAttrs: (rec { - version = "3.10.0"; - src = pyPrev.fetchPypi { - inherit version; - inherit (oldAttrs) pname; - sha256 = "sha256-duaVS4BspHDdqHf1fbh5L/8GoL66DtQ+/DgFdx458Go="; - }; - doCheck = false; - pythonImportsCheck = []; - })); }; }; } diff --git a/python/git-url-parse.nix b/python/git-url-parse.nix deleted file mode 100644 index 8a50f97..0000000 --- a/python/git-url-parse.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, pbr -}: -buildPythonPackage rec { - pname = "git-url-parse"; - version = "1.2.2"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-e19OOusdaTr+7mejvUrAY/cgbC6ORuVZ8NoNqYRF8Rc="; - }; - propagatedBuildInputs = [pbr]; - doCheck = false; -} diff --git a/python/posthog.nix b/python/posthog.nix deleted file mode 100644 index a746f12..0000000 --- a/python/posthog.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, backoff -, monotonic -, python-dateutil -, requests -}: -buildPythonPackage rec { - pname = "posthog"; - version = "3.0.1"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-V9J5H/V1LOVroPm7iHb688qSCPHCxs6utaJQTDRJN2c="; - }; - propagatedBuildInputs = [ - backoff - monotonic - python-dateutil - requests - ]; - doCheck = false; -} diff --git a/python/premailer.nix b/python/premailer.nix deleted file mode 100644 index 0489bc0..0000000 --- a/python/premailer.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, cssselect -, cssutils -, lxml -, mock -, nose -, requests -, cachetools -}: -buildPythonPackage rec { - pname = "premailer"; - version = "3.8.0"; - - buildInputs = [ mock nose ]; - propagatedBuildInputs = [ cachetools cssselect cssutils lxml requests ]; - - src = fetchPypi { - inherit pname version; - sha256 = "sha256-TU4VckTO6UWgDBT+qp5qOusvryYj/2qLoIr99QX6DyU="; - }; -} diff --git a/python/pypdf2.nix b/python/pypdf2.nix deleted file mode 100644 index 0a318a8..0000000 --- a/python/pypdf2.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, -}: -buildPythonPackage rec { - pname = "PyPDF2"; - version = "2.1.1"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-Vy8TFLZDMGed1vtwN4H+M9Dyi1n7LP661efrntypJzg="; - }; - propagatedBuildInputs = []; -} diff --git a/python/pypika.nix b/python/pypika.nix deleted file mode 100644 index da81dc3..0000000 --- a/python/pypika.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, -}: -buildPythonPackage rec { - pname = "pypika"; - version = "0.48.9"; - src = fetchPypi { - pname = "PyPika"; - inherit version; - sha256 = "sha256-g4g2phdH58g4DNG3/2OGlLenM1NF0PVZsEss2DKtU3g="; - }; - propagatedBuildInputs = []; - doCheck = false; -} diff --git a/python/python-youtube.nix b/python/python-youtube.nix deleted file mode 100644 index 08940f7..0000000 --- a/python/python-youtube.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, - - requests, - dataclasses-json, - isodate, - requests-oauthlib -}: -buildPythonPackage rec { - pname = "python-youtube"; - version = "0.8.0"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-Ud0Y+lmsK88SNh0uIjhOHgCgCG+SBv/FQkt3yc63tlo="; - }; - - # PyPI doesn't have test data in the source dist - doCheck = false; - - propagatedBuildInputs = [ - requests - dataclasses-json - isodate - requests-oauthlib - ]; -} diff --git a/python/rauth.nix b/python/rauth.nix deleted file mode 100644 index fb2b7f1..0000000 --- a/python/rauth.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, requests -}: -buildPythonPackage rec { - pname = "rauth"; - version = "0.7.3"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-UkzbwcKFYOrPyanUDFlSXrjQD98H+62GEH6iRBFHewo="; - }; - propagatedBuildInputs = [requests]; - doCheck = false; -} From bc8d34f238987067653f26344414296da891d23b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 13:07:28 +0100 Subject: [PATCH 06/13] fix: workaround for environment.noXlibs and nixos test VM See: https://github.com/NixOS/nixpkgs/issues/265675 --- flake.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/flake.nix b/flake.nix index e0a0361..aca39f7 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,10 @@ self.overlays.pythonOverlay agenix.overlays.default devshell.overlays.default + # https://github.com/NixOS/nixpkgs/issues/265675#issuecomment-1846591842 + (final: prev: { + pipewire = prev.pipewire.override { ffadoSupport = false; }; + }) ]; } ); From 1ea7d288c3a08a548910fc96c476cd155b3316d3 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 13:08:08 +0100 Subject: [PATCH 07/13] fix: add ryzensun SSH keys --- secrets/secrets.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5e01ce1..686a5f8 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,13 +2,15 @@ let # set ssh public keys here for your system and user machines = { dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILDATEWAgDZFfYs1ZPh33Kg4sqQ9tWMVKyk8XqFu3Koe host@dumpyourvms"; - test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/oRgbesMS5rTPGeP2PYtBC7bYCqrmDJxfWRRAAxN8Z host@test-vm"; + ryzensun = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/l7MfEmt510BMeNjuXNPmZ0brcQidvrrpcea+qJMjX host@ryzensun"; + test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIATdaeRzb/OE1P+lcRS/i9C4yIN11J5zpfVb7+v1D4d7"; }; users = { - teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; + teutat3s-dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; + teutat3s-ryzensun = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAsRdVYK0077cdtavmrRr6akrI68T1EDY4Hfv4+W86J teutat3s@ryzensun"; root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf root@test-vm"; }; - allKeys = [machines.dumpyourvms machines.test-vm users.root users.teutat3s]; + allKeys = [machines.dumpyourvms machines.ryzensun machines.test-vm users.root users.teutat3s-dumpyourvms users.teutat3s-ryzensun]; in { "admin-password.age".publicKeys = allKeys; "database-root-password.age".publicKeys = allKeys; From 7805dd720572c4e8f6b7603718303625caba1021 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 13:15:10 +0100 Subject: [PATCH 08/13] agenix: rekey secrets for ryzensun --- secrets/admin-password.age | 28 +++++++++++++++------------- secrets/database-root-password.age | 27 ++++++++++++++------------- secrets/database-user-password.age | 26 ++++++++++++++------------ 3 files changed, 43 insertions(+), 38 deletions(-) diff --git a/secrets/admin-password.age b/secrets/admin-password.age index 0819b3d..6e30764 100644 --- a/secrets/admin-password.age +++ b/secrets/admin-password.age @@ -1,14 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q GlzqR/Qq/XE0/dyISGPOx6Cqyl6o0/YvleDft+kX2AY -w1+rkfZW5nPAsaLSnfnnz5WWQrnG9pjnGreaav9Yljg --> ssh-ed25519 5F0hZA 81Ai8GIDiFONJqOlt1Cq0UgCTvG2JwGMlrD9sVppmik -1hmsVpX9+ONbHEHATKEKepn13C/iKLS3mY0zE2qI+aE --> ssh-ed25519 BVsyTA +SWb65V3cDmpmsSS9FwISbw478HBwO9bKx2dYEwFHi0 -Sgh6sX3+iho7iInAFZN0qnxI7WCcpJSIrbE92i4QVXc --> ssh-ed25519 BVsyTA VG8Ii/z2wbuta2ZLKjM+LAuIa505PZHTD9sHAcpc5kE -ZAehdTi4TfoQq8T71rhNFN6CG5kXu5ORhl1N5LifOME --> C-grease -1GJ7oyNmvTJy+nzfRWmJlUlCOaCCiMeEDWP+CtLGFSgS4BndExySkwuBWDPHom2Q -pvDrJzP4MjphdOlmOnRDA36t9nAA6ex/4OBziU5e ---- J2ghcTDYyaOlUSX5zvKClyssvA032iTI5hMJAj2BxQ0 -0dH!] WT!1}&814ZM^ \ No newline at end of file +-> ssh-ed25519 Wp/X/Q Y4Lc3UeDr+nNoBq9Wipyv1RohYX2BuXXhb7/BCEW304 +bi09luX45mj64j4kchsT0uRQXwK3IaM1tfeK+cHPFW4 +-> ssh-ed25519 8U1+ng Ldl1XJlahkPzLRsB7ETK1iAWr64nAi5Si/vu2ENaiDM +Hjrr3aoMXwKag51UERpGJpMLz6ocLbm+hQs/oj6bfNc +-> ssh-ed25519 B2/5FA w6pfvStnUtgnap0lqLZ4Sowfa548P/ljBWXAInNumAA +rbi9sBQCJ3ojMKz5M9XRbICVGurjzJ/+4fp+OQB9d8w +-> ssh-ed25519 BVsyTA TkfJgoXeItRmM/XcbVsjSWKroPRvwV4GOZbsfr+okg4 +xRjcIAHBDRlse1ObQ01FEFsE82xiOqVxE55D1h9si9c +-> ssh-ed25519 BVsyTA HjZJ4FRC5skEXji2Q+gUvK/a8n2Uiwtl23lk00mJs2U +N0JDJiQoLxFbduAFzIOB+oHIfTHRZxDNyPgvzgwFK8w +-> ssh-ed25519 +3V2lQ XUigj0pn4XshS6cldmb7RvvS05/m1gt4ILCB/gtXjQU +p/SJ9reKQntrnBebExW4jZJz1yMvRl6yGj3H8YPddc0 +--- dnd4fFVyltvaIlpnWY+XCHq7vEyLe1GfP8Uvm+YE31Y + +cQ5HcF&kLMP>*LSlîk@ \ No newline at end of file diff --git a/secrets/database-root-password.age b/secrets/database-root-password.age index 2282928..15ca1a8 100644 --- a/secrets/database-root-password.age +++ b/secrets/database-root-password.age @@ -1,14 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q w6xebYlCcO/esVQ1Hlk/lB9bI1c1sJ/fmJg5GTedFxI -wjvnnPeIdw07TBbmI3wGZNDJ4LVTRZdwLAKedWjHK6Y --> ssh-ed25519 5F0hZA 4Tx3AGXVBytOO0fgPDD8u5fR7E/4b+t8nLb/vKZI2iE -FXEGqrJLD/NiK/dxDUkBovgMP2DFAaUN6mA6dbjviFQ --> ssh-ed25519 BVsyTA fqBlO0LGTfMJdSXGJOpTkrpv8C+cfUafXLcHYJ3rrBM -4+6LQbFW6mUgJnONmqW185udg7YPUd/GTi9jJQZMwqI --> ssh-ed25519 BVsyTA Q/uuI7ubybZaVhmH8LMUH/3t2Lp4dNCX4kCzRZFrwRQ -ZqksJZHl76a3Rok6P7VXVjtrMQJ8nhllyzrvMH7KKOU --> euQd%tA-grease avw` =r|11_w -C4Oiuqcf0SbvPj2zRCIrNdCzk2a4bgUADFr5pe0qv8vcxM6fzpdClKwEGWfO2KTy -LcbeIUnxSXqxCWrJwOAKcxuCm3XfWIhhE5brarYyUlQswDT8rCC2AiMKug ---- jMyBS5fBPH6puv2dAjgTlHlwZI1YUT6yCAwk3otNbgE -P8}U58=f) *m>}F~ ~R \ No newline at end of file +-> ssh-ed25519 Wp/X/Q LvLq1RbFw1UNd5STTODl/hwCr/n2oyAYxsgaGqVXUFU +xP6XHSIyN3lRJ7QFwvOOOcss+kczRUFbepHojXbP/ms +-> ssh-ed25519 8U1+ng z7Yc4rmEXtpcBBx6hJmtVyiA6oHLVob8O8UhLgvo6mI +O1hCobMEM7TnbcozkOO7l0cZ3Ze4NEhb54v2h4/xV8c +-> ssh-ed25519 B2/5FA +8Odi4bm7mObdVGM2Pq6dkSSns6Y6QsxkCvgPGsPrC8 +eBLsH5HiEuRrbXNDMtUPwlPDAhYPmyWVl0AWho/82WI +-> ssh-ed25519 BVsyTA UFri/RzE0Fil4X6FFGTtVcVpzhJyQwUFamG+XEae/G0 +/+/9ocobQS/obt2WFazKSPIbPmhz4DQ3qxdz2Jg9CUw +-> ssh-ed25519 BVsyTA K5OTyhlw3+uw0uVXPfj0yy5qd76t2kZOA72AWFrxAls +36622K6od+FnkYXPDbBz6sFmhsbMWtvRo0RqY1suXX0 +-> ssh-ed25519 +3V2lQ I///pKJJdA+MMqk1pIIJXGt+ZrY4ZGr5cpmolRTCyUk ++xVxNBOQMHSQ6K0GGZk7WpGLuaIlu/PwmaPq897GKe8 +--- Vf09EgiFYwwnYRq3kcdJInzd8NCCd2OM6yy+lUxIUeA +e.@Sn$Gۈv]n;-wtL!Y \ No newline at end of file diff --git a/secrets/database-user-password.age b/secrets/database-user-password.age index 313d5e2..126c422 100644 --- a/secrets/database-user-password.age +++ b/secrets/database-user-password.age @@ -1,13 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q V1GaGyuGD+8WQ3RynjK/skaco/xbfhuNVrsn4TDKCQE -6fWJr03t44OCVUyhyXVV3NWgEsnMWh7BmHcKtEmHsKg --> ssh-ed25519 5F0hZA fuPnPn6SdFVZLibkvxoAlxSToZjmeyD1ttGaoeOqzgM -gkDapRAvTAoFtSnBpbBPzJM5Iz8tfy77vzIVo3K/JKQ --> ssh-ed25519 BVsyTA mfeHzD3s9LZ3p/X2B4deyytfGy10lPT7h6esL5kkUTE -tus9H87v9sYOPrVSKQw0m7Sh0a7aJxEFQ+ROOD21jf8 --> ssh-ed25519 BVsyTA COt9omN4TCPsTXUfhKYB5qZzhp52gw76hUd6Zle7bgw -Z/zb5peHjRgfr49Nn3u++7AWrLOBMIbMUJJ7DVOzRP8 --> 0}#)[g-grease `( ;BB8{=7F -EFjVeC+FW5uYWl/jSrvPdJBCViEZWY8Z9bhl8V3A6LTit4v4ZoGiDl5Z3Q ---- G5CoW9P0PAjvihQaqXHueWJA/oxp/wguZftuxkA4BPs -_Gn{h8!+ ݿڤ}毈 \ No newline at end of file +-> ssh-ed25519 Wp/X/Q XQcBb9T8zpib6nebbKw/BxSuiP4Q9zi9yLLODhx7Xwg +yOTDI9/ZMZq2vamIE6Q3GB8+lSt1SUfnJFVZ5Bu1rRM +-> ssh-ed25519 8U1+ng GlfaGP7lTV5xsh2Zib9wkFEn1CcFa/wdaHxI0RGl6X8 +E1jMN5PAQjv3hhSx9WU3xzd+kDJbl9cd4lOd++k5Cfc +-> ssh-ed25519 B2/5FA mCInZwQrNJNyRAvYjsLMOdNE9sM6iJn/GJlEQ+NJuDk +fDmVqofrz6SYaygI8umd6PVnuwik6PsThFV1HCK8Qb0 +-> ssh-ed25519 BVsyTA /9dbvKxQujZMPxjP1DajHOTSm+cFV8ghzoHuf2zvBDc +ZwXAI6SrvXgXzTz3JHjSmuYFQd70H8UxDoEpKZhbSys +-> ssh-ed25519 BVsyTA Y8ci67zC+EGxGNc+4LuhRt+3ImxitRHuL6fuaYWWu2g +3FkaZRqR3viPvkZDV+2aZUwYlPgtbmwEBIjrFwGBYps +-> ssh-ed25519 +3V2lQ P86iVYPu1CVqcNnbMy3DEuSGF3XZeeXHJWiByA5HpxY +0aQ/knr/8NYB/xa+YNFS9uHhpB3uG2Jm/jpq2gTeEaA +--- /D2NTCvXXfa2aDoaXL9qYSmRVfb2BVbOYx914H75c20 +/fJ[PaglzbϗyQ ;q&fd \ No newline at end of file From 508769f12e30d0d062073388670945da5521acb2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 17:14:55 +0100 Subject: [PATCH 09/13] chore: update erpnext version to 15+ --- modules/erpnext.nix | 57 +++++---------------------------------------- srcs/pin.nix | 6 ++--- 2 files changed, 9 insertions(+), 54 deletions(-) diff --git a/modules/erpnext.nix b/modules/erpnext.nix index ced0bba..1a347b1 100644 --- a/modules/erpnext.nix +++ b/modules/erpnext.nix @@ -114,12 +114,6 @@ in }; }; - socketIoPort = mkOption { - type = types.port; - default = 9000; - description = lib.mdDoc "Local socket.io HTTP server port."; - }; - webserver = { bindAddress = mkOption { type = types.str; @@ -199,10 +193,8 @@ in db_port = "${toString cfg.database.port}"; db_name = "${cfg.database.name}"; db_password = "#NIXOS_ERPNEXT_DB_USER_PASSWORD#"; - redis_cache = "redis://${cfg.redis.host}:${toString cfg.redis.port}?db=1"; - redis_queue = "redis://${cfg.redis.host}:${toString cfg.redis.port}?db=2"; - redis_socketio = "redis://${cfg.redis.host}:${toString cfg.redis.port}?db=0"; - socketio_port = "${toString cfg.socketIoPort}"; + redis_cache = "redis://${cfg.redis.host}:${toString cfg.redis.port}?db=0"; + redis_queue = "redis://${cfg.redis.host}:${toString cfg.redis.port}?db=1"; }; commonSiteConfigFile = pkgs.writeText "erpnext-common_site_config.json" (builtins.toJSON commonSiteConfig); @@ -286,23 +278,6 @@ in "d '${cfg.benchDir}/sites' 0750 ${cfg.user} ${config.users.users.${cfg.user}.group}" ]; - systemd.services.erpnext-nodejs-socketio = { - enable = true; - after = [ "erpnext-web.service" ]; - wantedBy = [ "erpnext-web.service" ]; - partOf = [ "erpnext-web.service" ]; - description = "ERPNext Node.js HTTP server for socket.io "; - confinement = { - enable = true; - packages = [ pkgs.nodejs ]; - }; - serviceConfig = defaultServiceConfig // { - ExecStart = '' - ${pkgs.nodejs}/bin/node ${cfg.benchDir}/apps/frappe/socketio.js - ''; - }; - }; - services.caddy.enable = mkIf (cfg.caddy != null) true; services.caddy.virtualHosts."${cfg.domain}" = mkIf (cfg.caddy != null) (lib.mkMerge [ cfg.caddy @@ -312,12 +287,6 @@ in root * ${pkgs.frappe-erpnext-assets}/share/sites file_server } - handle /socket.io/* { - reverse_proxy :${toString cfg.socketIoPort} { - header_up X-Frappe-Site-Name "${cfg.domain}" - header_up Origin "{scheme}://${cfg.domain}" - } - } reverse_proxy :${toString cfg.webserver.bindPort} ''; @@ -330,7 +299,6 @@ in after = [ "mysql.service" "redis.service" - "redis-socketio.service" "systemd-tmpfiles-setup.service" ]; description = "ERPNext web server"; @@ -347,6 +315,9 @@ in pkgs.replace-secret ]; }; + path = [ + pkgs.mariadb-client + ]; environment = { PYTHON_PATH = "${penv}/${pkgs.python3.sitePackages}"; }; @@ -387,7 +358,7 @@ in --chdir="${cfg.benchDir}/sites" \ --bind=${cfg.webserver.bindAddress}:${toString cfg.webserver.bindPort} \ --threads=4 \ - --workers=3 \ + --workers=2 \ --worker-class=gthread \ --worker-tmp-dir=/dev/shm \ --timeout=120 \ @@ -412,22 +383,6 @@ in ''; }; }; - systemd.services.erpnext-queue-default = { - enable = true; - after = [ "erpnext-web.service" ]; - wantedBy = [ "erpnext-web.service" ]; - partOf = [ "erpnext-web.service" ]; - description = "ERPNext default queue server"; - confinement = { - enable = true; - packages = [ penv ]; - }; - serviceConfig = defaultServiceConfig // { - ExecStart = '' - ${penv}/bin/bench worker --queue default - ''; - }; - }; systemd.services.erpnext-queue-long = { enable = true; after = [ "erpnext-web.service" ]; diff --git a/srcs/pin.nix b/srcs/pin.nix index 174caf4..dbb13ec 100644 --- a/srcs/pin.nix +++ b/srcs/pin.nix @@ -1,11 +1,11 @@ { benchVersion = "5.19.0"; - erpnextVersion = "14.58.1"; + erpnextVersion = "15.9.1"; frappeVersion = "15.8.1"; hashes = { "benchSrcHash" = "sha256-y8nx4vFVQggwGv2MWQ88WczgVbPxPybZV38FF5u5aWI="; - "erpnextSrcHash" = "sha256-HeeNd7dAlbppR2gPPmohKqpUUoMx5f0Kgsd7wZtUHp8="; - "erpnextYarnHash" = "0rjqlw0lff1wwbzl62g8nnjlhz3km2km3vqj2dccawpi4q2kh6jn"; + "erpnextSrcHash" = "sha256-nkXN0PTcWt1nSy3eRdBF2h0WMdAC79qWzaj9kXRsG2I="; + "erpnextYarnHash" = "1farnqrfnzshpbpx4nyarw13g8m3389ix3hrc4661xxm887lz5fv"; "frappeSrcHash" = "sha256-FDUUNbULPmMY6dDgbMHrxXD8pK1AP+T7kG7mY9MmMDg="; "frappeYarnHash" = "0rj2v69siagwjz632hyaii5ni24fp434cznaxpi8978fq07qx6l9"; }; From 139cc86d20ffdb3c888cc6a066a275e95fc1684d Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 17:15:26 +0100 Subject: [PATCH 10/13] fix: python deps cleanup --- python-overlay.nix | 24 +++++++---- python/barcodenumber.nix | 15 +++++++ python/erpnext.nix | 17 ++++---- python/frappe.nix | 55 ++++--------------------- python/gocardless-pro.nix | 19 --------- python/jsonobject.nix | 17 -------- python/pydantic.nix | 85 +++++++++++++++++++++++++++++++++++++++ python/redisearch.nix | 28 ------------- python/rejson.nix | 24 ----------- python/taxjar.nix | 22 ---------- 10 files changed, 131 insertions(+), 175 deletions(-) create mode 100644 python/barcodenumber.nix delete mode 100644 python/gocardless-pro.nix delete mode 100644 python/jsonobject.nix create mode 100644 python/pydantic.nix delete mode 100644 python/redisearch.nix delete mode 100644 python/rejson.nix delete mode 100644 python/taxjar.nix diff --git a/python-overlay.nix b/python-overlay.nix index 8951ea3..f521d65 100644 --- a/python-overlay.nix +++ b/python-overlay.nix @@ -12,22 +12,30 @@ final: prev: { honcho = pyFinal.callPackage ./python/honcho.nix {}; # erpnext dependencies - gocardless-pro = pyFinal.callPackage ./python/gocardless-pro.nix {}; - redisearch = pyFinal.callPackage ./python/redisearch.nix {}; - taxjar = pyFinal.callPackage ./python/taxjar.nix {}; + barcodenumber = pyFinal.callPackage ./python/barcodenumber.nix {}; # frappe dependencies email-reply-parser = pyFinal.callPackage ./python/email-reply-parser.nix {}; maxminddb-geolite2 = pyFinal.callPackage ./python/maxminddb-geolite2.nix {}; psycopg2-binary = pyFinal.callPackage ./python/psycopg2-binary.nix {}; traceback-with-variables = pyFinal.callPackage ./python/traceback-with-variables.nix {}; + pydantic = pyFinal.callPackage ./python/pydantic.nix {}; - # indirect dependencies - # taxjar - jsonobject = pyFinal.callPackage ./python/jsonobject.nix {}; - # redisearch - rejson = pyFinal.callPackage ./python/rejson.nix {}; + versioningit = pyPrev.versioningit.overridePythonAttrs (oldAttrs: (rec { + version = "2.2.1"; + src = pyPrev.fetchPypi { + inherit version; + inherit (oldAttrs) pname; + hash = "sha256-DlgkLXq9phrmNZalSUrp7WMayF2Ls8yOF24yU8pLy7U="; + }; + })); + fastapi = pyPrev.fastapi.overridePythonAttrs (oldAttrs: (rec { + propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ + pyPrev.pydantic-settings + pyPrev.pydantic-extra-types + ]; + })); plaid-python = pyPrev.plaid-python.overridePythonAttrs (oldAttrs: (rec { version = "7.2.1"; diff --git a/python/barcodenumber.nix b/python/barcodenumber.nix new file mode 100644 index 0000000..1dc0d58 --- /dev/null +++ b/python/barcodenumber.nix @@ -0,0 +1,15 @@ +{ + buildPythonPackage, + fetchPypi, +}: +buildPythonPackage rec { + pname = "barcodenumber"; + version = "0.2.1"; + src = fetchPypi { + inherit pname version; + sha256 = "sha256-nW8+m32i42kLR4oC4lrKoBkFYgKHgpZPGAFNJvtLMhc="; + }; + propagatedBuildInputs = [ ]; + nativeBuildInputs = [ ]; + doCheck = false; +} diff --git a/python/erpnext.nix b/python/erpnext.nix index 3f45bd9..093430d 100644 --- a/python/erpnext.nix +++ b/python/erpnext.nix @@ -6,18 +6,16 @@ # Core dependencies , pycountry -, python-stdnum , unidecode -, redisearch +, barcodenumber , rapidfuzz +, holidays # Integration dependencies -, gocardless-pro , googlemaps , plaid-python , python-youtube -, taxjar -, tweepy +, pypng }: let pinData = import ../srcs/pin.nix; @@ -47,17 +45,16 @@ buildPythonPackage rec { propagatedBuildInputs = [ # Core dependencies pycountry - python-stdnum unidecode - redisearch + barcodenumber rapidfuzz + holidays # Integration dependencies - gocardless-pro googlemaps plaid-python python-youtube - taxjar - tweepy + # used for QR code generation + pypng ]; } diff --git a/python/frappe.nix b/python/frappe.nix index 9cf6fb3..a36e516 100644 --- a/python/frappe.nix +++ b/python/frappe.nix @@ -8,12 +8,13 @@ , babel , click , filelock +, filetype , gitpython , jinja2 , pillow , pyjwt , pymysql -, pypdf2 +, pypdf , pypika , pyqrcode , pyyaml @@ -30,7 +31,6 @@ , cryptography , email-reply-parser , git-url-parse -, gitdb , gunicorn , html5lib , ipython @@ -47,12 +47,9 @@ , premailer , psutil , psycopg2-binary -, pyasn1 -, pycountry -, pycryptodome +, pydantic , pyopenssl , pyotp -, pypng , python-dateutil , pytz , rauth @@ -63,11 +60,11 @@ , rq , rsa , semantic-version +, sentry-sdk , sqlparse , tenacity , terminaltables , traceback-with-variables -, urllib3 , xlrd , zxcvbn , markdownify @@ -76,7 +73,6 @@ , boto3 , dropbox , google-api-python-client -, google-auth-httplib2 , google-auth-oauthlib , google-auth , posthog @@ -100,48 +96,18 @@ buildPythonPackage rec { format = "pyproject"; nativeBuildInputs = [ pythonRelaxDepsHook flit-core ]; - pythonRelaxDeps = [ - "Babel" - "beautifulsoup4" - "boto3" - "cairocffi" - "Click" - "croniter" - "cryptography" - "filelock" - "google-api-python-client" - "google-auth" - "hiredis" - "ipython" - "openpyxl" - "phonenumbers" - "Pillow" - "pyasn1" - "pycountry" - "pycryptodome" - "PyJWT" - "PyMySQL" - "pyOpenSSL" - "pyotp" - "pypng" - "pytz" - "redis" - "requests" - "rq" - "tenacity" - "WeasyPrint" - ]; propagatedBuildInputs = [ babel click filelock + filetype gitpython jinja2 pillow pyjwt pymysql - pypdf2 + pypdf pypika pyqrcode pyyaml @@ -158,7 +124,6 @@ buildPythonPackage rec { cryptography email-reply-parser git-url-parse - gitdb gunicorn html5lib ipython @@ -175,12 +140,9 @@ buildPythonPackage rec { premailer psutil psycopg2-binary - pyasn1 - pycountry - pycryptodome + pydantic pyopenssl pyotp - pypng python-dateutil pytz rauth @@ -191,11 +153,11 @@ buildPythonPackage rec { rq rsa semantic-version + sentry-sdk sqlparse tenacity terminaltables traceback-with-variables - urllib3 xlrd zxcvbn markdownify @@ -204,7 +166,6 @@ buildPythonPackage rec { boto3 dropbox google-api-python-client - google-auth-httplib2 google-auth-oauthlib google-auth posthog diff --git a/python/gocardless-pro.nix b/python/gocardless-pro.nix deleted file mode 100644 index 77907d0..0000000 --- a/python/gocardless-pro.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, - requests, - six -}: -buildPythonPackage rec { - pname = "gocardless-pro"; - version = "1.22.0"; - src = fetchPypi { - pname = "gocardless_pro"; - inherit version; - sha256 = "sha256-i4gBeJvl/aCujeXGvJG+z1Wp2aczKg8clnfMyK8fz/w="; - }; - propagatedBuildInputs = [ - requests - six - ]; -} diff --git a/python/jsonobject.nix b/python/jsonobject.nix deleted file mode 100644 index 8751792..0000000 --- a/python/jsonobject.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, - cython, - six -}: -buildPythonPackage rec { - pname = "jsonobject"; - version = "2.1.0"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-UpijeVA+Q+/Aq0AC10LA/LuhqWKO3azE6lR7cThRRGY="; - }; - propagatedBuildInputs = [ six ]; - nativeBuildInputs = [ cython ]; - doCheck = false; -} diff --git a/python/pydantic.nix b/python/pydantic.nix new file mode 100644 index 0000000..1370f58 --- /dev/null +++ b/python/pydantic.nix @@ -0,0 +1,85 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, pythonOlder +, hatchling +, hatch-fancy-pypi-readme +, libxcrypt +, annotated-types +, pydantic-core +, typing-extensions +, email-validator +, dirty-equals +, faker +, pytestCheckHook +, pytest-mock +}: + +buildPythonPackage rec { + pname = "pydantic"; + version = "2.3.0"; + pyproject = true; + + disabled = pythonOlder "3.7"; + + src = fetchFromGitHub { + owner = "pydantic"; + repo = "pydantic"; + rev = "refs/tags/v${version}"; + hash = "sha256-toqrWg8bYzc3UmvG/YmXawfmT8nqaA9fxy24k1cdj+M="; + }; + + buildInputs = lib.optionals (pythonOlder "3.9") [ + libxcrypt + ]; + + nativeBuildInputs = [ + hatch-fancy-pypi-readme + hatchling + ]; + + propagatedBuildInputs = [ + annotated-types + pydantic-core + typing-extensions + ]; + + passthru.optional-dependencies = { + email = [ + email-validator + ]; + }; + + nativeCheckInputs = [ + dirty-equals + faker + pytest-mock + pytestCheckHook + ] ++ lib.flatten (lib.attrValues passthru.optional-dependencies); + + preCheck = '' + export HOME=$(mktemp -d) + substituteInPlace pyproject.toml \ + --replace "'--benchmark-columns', 'min,mean,stddev,outliers,rounds,iterations'," "" \ + --replace "'--benchmark-group-by', 'group'," "" \ + --replace "'--benchmark-warmup', 'on'," "" \ + --replace "'--benchmark-disable'," "" + ''; + + disabledTestPaths = [ + "tests/benchmarks" + + # avoid cyclic dependency + "tests/test_docs.py" + ]; + + pythonImportsCheck = [ "pydantic" ]; + + meta = with lib; { + description = "Data validation and settings management using Python type hinting"; + homepage = "https://github.com/pydantic/pydantic"; + changelog = "https://github.com/pydantic/pydantic/blob/v${version}/HISTORY.md"; + license = licenses.mit; + maintainers = with maintainers; [ wd15 ]; + }; +} diff --git a/python/redisearch.nix b/python/redisearch.nix deleted file mode 100644 index 7c0c7a1..0000000 --- a/python/redisearch.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, pythonRelaxDepsHook -, unittestCheckHook -, redis -, rejson -, hiredis -}: -buildPythonPackage rec { - pname = "redisearch"; - version = "2.1.1"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-V1rNWhOhB/8AXUVyoTa1A7Evpb8mr8N70R9qkj8exzw="; - }; - nativeBuildInputs = [ pythonRelaxDepsHook ]; - pythonRelaxDeps = [ - "redis" - ]; - propagatedBuildInputs = [ - redis - rejson - hiredis - ]; - nativeCheckInputs = [ - unittestCheckHook - ]; -} diff --git a/python/rejson.nix b/python/rejson.nix deleted file mode 100644 index 3e72a45..0000000 --- a/python/rejson.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ buildPythonPackage -, pythonRelaxDepsHook -, unittestCheckHook -, fetchPypi -, redis -, six -}: -buildPythonPackage rec { - pname = "rejson"; - version = "0.5.6"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-vs3hNSAAUAi3ls5WyxKOsiUC18addIJv81HNQ79zvJc="; - }; - nativeBuildInputs = [ pythonRelaxDepsHook ]; - pythonRelaxDeps = [ - "redis" - ]; - propagatedBuildInputs = [ - redis - six - ]; - doCheck = false; -} diff --git a/python/taxjar.nix b/python/taxjar.nix deleted file mode 100644 index 611d28b..0000000 --- a/python/taxjar.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, - jsonobject, - requests, - mock -}: -buildPythonPackage rec { - pname = "taxjar"; - version = "1.9.2"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-c8lkCLzEmNTuBYLyVNRQq4SLSveDpNKKf6NHxHpg7Ec="; - }; - propagatedBuildInputs = [ - jsonobject - requests - ]; - checkInputs = [ - mock - ]; -} From eb990d3ec3cdd13b612af6013960a8ddfc27fd97 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 17:15:44 +0100 Subject: [PATCH 11/13] docs: improve SSH host key rebuild process --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index de48121..1ea447c 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,12 @@ nix build '.#nixosConfigurations.test-vm.config.system.build.vm' ./result/bin/run-nixos-vm # In another terminal, get the ed25519 SSH hostkey, then stop the VM with CTRL-c -ssh-keyscan -p 2222 127.0.0.1 | grep ssh-ed25519 -... -[127.0.0.1]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdCOs16W731ftPDqO+X6RZVSdwVVNw2Xfmcpk5pzbeO + +SSH_HOST_KEY=$(ssh-keyscan -p 2222 127.0.0.1 | grep '\[127.0.0.1\]:2222 ssh-ed25519' | awk '{print $2 " " $3}') # Edit secrets.nix and add the SSH hostkey to machine 'test-vm', starting with 'ssh-ed25519 ...' sed --in-place \ - 's|test-vm = .*|test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdCOs16W731ftPDqO+X6RZVSdwVVNw2Xfmcpk5pzbeO host@test-vm";|' \ + "s|test-vm = .*|test-vm = \"$SSH_HOST_KEY host@test-vm\";|" \ secrets/secrets.nix # Rekey the secrets with agenix From fc1813564cbf2511e363aa22d189db477598c2f6 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 17:16:13 +0100 Subject: [PATCH 12/13] fix: update test-vm --- test-vm/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test-vm/configuration.nix b/test-vm/configuration.nix index da35146..a33e397 100644 --- a/test-vm/configuration.nix +++ b/test-vm/configuration.nix @@ -9,7 +9,7 @@ config = { services.qemuGuest.enable = true; - system.stateVersion = "23.05"; + system.stateVersion = "23.11"; fileSystems."/" = { device = "/dev/disk/by-label/nixos"; @@ -50,6 +50,7 @@ users.extraUsers.root.password = ""; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAsRdVYK0077cdtavmrRr6akrI68T1EDY4Hfv4+W86J teutat3s@ryzensun" ]; users.mutableUsers = false; networking.firewall.enable = false; From 9cc83031d1e006a325200f0f155729f1427387cc Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 6 Jan 2024 17:16:27 +0100 Subject: [PATCH 13/13] chore: update secrets for test-vm --- secrets/admin-password.age | 29 ++++++++++++++--------------- secrets/database-root-password.age | 28 ++++++++++++++-------------- secrets/database-user-password.age | 28 ++++++++++++++-------------- secrets/secrets.nix | 2 +- 4 files changed, 43 insertions(+), 44 deletions(-) diff --git a/secrets/admin-password.age b/secrets/admin-password.age index 6e30764..e8e5753 100644 --- a/secrets/admin-password.age +++ b/secrets/admin-password.age @@ -1,16 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q Y4Lc3UeDr+nNoBq9Wipyv1RohYX2BuXXhb7/BCEW304 -bi09luX45mj64j4kchsT0uRQXwK3IaM1tfeK+cHPFW4 --> ssh-ed25519 8U1+ng Ldl1XJlahkPzLRsB7ETK1iAWr64nAi5Si/vu2ENaiDM -Hjrr3aoMXwKag51UERpGJpMLz6ocLbm+hQs/oj6bfNc --> ssh-ed25519 B2/5FA w6pfvStnUtgnap0lqLZ4Sowfa548P/ljBWXAInNumAA -rbi9sBQCJ3ojMKz5M9XRbICVGurjzJ/+4fp+OQB9d8w --> ssh-ed25519 BVsyTA TkfJgoXeItRmM/XcbVsjSWKroPRvwV4GOZbsfr+okg4 -xRjcIAHBDRlse1ObQ01FEFsE82xiOqVxE55D1h9si9c --> ssh-ed25519 BVsyTA HjZJ4FRC5skEXji2Q+gUvK/a8n2Uiwtl23lk00mJs2U -N0JDJiQoLxFbduAFzIOB+oHIfTHRZxDNyPgvzgwFK8w --> ssh-ed25519 +3V2lQ XUigj0pn4XshS6cldmb7RvvS05/m1gt4ILCB/gtXjQU -p/SJ9reKQntrnBebExW4jZJz1yMvRl6yGj3H8YPddc0 ---- dnd4fFVyltvaIlpnWY+XCHq7vEyLe1GfP8Uvm+YE31Y - -cQ5HcF&kLMP>*LSlîk@ \ No newline at end of file +-> ssh-ed25519 Wp/X/Q OKRD6ff60hQkUsFPULeon06oi10Yk3zw/PP5Pcbubn4 +OcRfSoapbylZww8RSWyxjZYshxvNaYL2HT9NZaCd+rs +-> ssh-ed25519 8U1+ng ZqHoM85W0RmEpUMMXqgYpWzoqHT9P3yenu0UIan9cVg +XGewg1J5ZguIitS/PRaJ5Pyzn/eIhPVn44rWCXlP4ck +-> ssh-ed25519 oOFZcQ 8rmuIPi4RXpysKp/qX0Jz/gz4+8UjQ6/1Zxv+6OP1QQ +aBe/QaWAUHYI5emqNcLgAutVyeWNqYF0QgcP7dC5Ejg +-> ssh-ed25519 BVsyTA mRMQn2xEn9jdWYLz6hauumTxs+cxRAHyxbRGywLgpEs +DRak/gLh93UprDXq4UXloKcx202uktSuTbkybAL3RLE +-> ssh-ed25519 BVsyTA RweUFPcMNhZlbBdqX1Lf5PedXm1bks8ABM+qaiJuNx8 +uN8PCsuTXuYUo29/SXiHD72rHYDlJo+YF8MpE0MKhrQ +-> ssh-ed25519 +3V2lQ xpoyHQwU78j8N0/xJTkQYmVw9p78zjBpLzR8IXRwVgA +tAddezv7vYPxn0saAtQgYrcCDn/NOKkRfsFNToYn9/8 +--- feYwI8yg3EoI7n53Z91W8qoS46j0ZdY+rjWvr++pHIU +26R?\lMYNEYꇄidLW \ No newline at end of file diff --git a/secrets/database-root-password.age b/secrets/database-root-password.age index 15ca1a8..6254fec 100644 --- a/secrets/database-root-password.age +++ b/secrets/database-root-password.age @@ -1,15 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q LvLq1RbFw1UNd5STTODl/hwCr/n2oyAYxsgaGqVXUFU -xP6XHSIyN3lRJ7QFwvOOOcss+kczRUFbepHojXbP/ms --> ssh-ed25519 8U1+ng z7Yc4rmEXtpcBBx6hJmtVyiA6oHLVob8O8UhLgvo6mI -O1hCobMEM7TnbcozkOO7l0cZ3Ze4NEhb54v2h4/xV8c --> ssh-ed25519 B2/5FA +8Odi4bm7mObdVGM2Pq6dkSSns6Y6QsxkCvgPGsPrC8 -eBLsH5HiEuRrbXNDMtUPwlPDAhYPmyWVl0AWho/82WI --> ssh-ed25519 BVsyTA UFri/RzE0Fil4X6FFGTtVcVpzhJyQwUFamG+XEae/G0 -/+/9ocobQS/obt2WFazKSPIbPmhz4DQ3qxdz2Jg9CUw --> ssh-ed25519 BVsyTA K5OTyhlw3+uw0uVXPfj0yy5qd76t2kZOA72AWFrxAls -36622K6od+FnkYXPDbBz6sFmhsbMWtvRo0RqY1suXX0 --> ssh-ed25519 +3V2lQ I///pKJJdA+MMqk1pIIJXGt+ZrY4ZGr5cpmolRTCyUk -+xVxNBOQMHSQ6K0GGZk7WpGLuaIlu/PwmaPq897GKe8 ---- Vf09EgiFYwwnYRq3kcdJInzd8NCCd2OM6yy+lUxIUeA -e.@Sn$Gۈv]n;-wtL!Y \ No newline at end of file +-> ssh-ed25519 Wp/X/Q JjeEJchHBwo2fIN05JQaDU5kuiCK2P+t/+vKpXpqzTk +I2CWfsw1rob5uAn0TMec7UW5YgB6+ZOa8XjhW1zTN6k +-> ssh-ed25519 8U1+ng iF25EtydJLTi7ETcI/mnnwGEEgJ2jzB+H1snIlOyIn0 +EYZMaBys1Ib9+9tyDiitoJZcRiYROKalLSw3+IkTYBE +-> ssh-ed25519 oOFZcQ 3rYmvML6iYeP+TryrfY1nuKpMsE3oK3aB2VGLFG+fGM +nhGu7dEr41l2Vc4wsoWj3Iv6prFGbd3L9aTtq0OWYJ4 +-> ssh-ed25519 BVsyTA GuseCoA9Q6j4Rh652hyaHkySE3vuhhmnh00jFrnduy0 +pt54rMN3hAnrgWgEEqWvdNmmv/jJy95uuZc77QIjBzk +-> ssh-ed25519 BVsyTA yKrgTRQhuLevVctFOy8XWtaI6KYwWS70ZzlT97xSAVg +wRrgGa4lH+NPkTqnfUtZRQGni4BRumHir70hQZVAPAA +-> ssh-ed25519 +3V2lQ RqMzBa5WjiE8JbbjF23b32VZZUgiD7R9mHJLTwTCXAQ +dQHjQIIydSjJe6hDJkHTHcM142cJWUHcgqVCfWgbbu8 +--- BsXgkqdDPJP/w8BrFTMxZSQOmmdydlNig/LubpRp1j8 +$KT RQ??l rBh;. \ No newline at end of file diff --git a/secrets/database-user-password.age b/secrets/database-user-password.age index 126c422..3cbef30 100644 --- a/secrets/database-user-password.age +++ b/secrets/database-user-password.age @@ -1,15 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q XQcBb9T8zpib6nebbKw/BxSuiP4Q9zi9yLLODhx7Xwg -yOTDI9/ZMZq2vamIE6Q3GB8+lSt1SUfnJFVZ5Bu1rRM --> ssh-ed25519 8U1+ng GlfaGP7lTV5xsh2Zib9wkFEn1CcFa/wdaHxI0RGl6X8 -E1jMN5PAQjv3hhSx9WU3xzd+kDJbl9cd4lOd++k5Cfc --> ssh-ed25519 B2/5FA mCInZwQrNJNyRAvYjsLMOdNE9sM6iJn/GJlEQ+NJuDk -fDmVqofrz6SYaygI8umd6PVnuwik6PsThFV1HCK8Qb0 --> ssh-ed25519 BVsyTA /9dbvKxQujZMPxjP1DajHOTSm+cFV8ghzoHuf2zvBDc -ZwXAI6SrvXgXzTz3JHjSmuYFQd70H8UxDoEpKZhbSys --> ssh-ed25519 BVsyTA Y8ci67zC+EGxGNc+4LuhRt+3ImxitRHuL6fuaYWWu2g -3FkaZRqR3viPvkZDV+2aZUwYlPgtbmwEBIjrFwGBYps --> ssh-ed25519 +3V2lQ P86iVYPu1CVqcNnbMy3DEuSGF3XZeeXHJWiByA5HpxY -0aQ/knr/8NYB/xa+YNFS9uHhpB3uG2Jm/jpq2gTeEaA ---- /D2NTCvXXfa2aDoaXL9qYSmRVfb2BVbOYx914H75c20 -/fJ[PaglzbϗyQ ;q&fd \ No newline at end of file +-> ssh-ed25519 Wp/X/Q AYajVfjNpeIzQa6gJS4WQ0FxeiG+E6ubvnMpUuhqRBE +iXBt2QFOSb0maN2/S6GpfmXKMFFbL+PqA9uIcB2CheY +-> ssh-ed25519 8U1+ng 5zraJOoaFPm11JUBcFlYvE4KwCMECg8SS1RcjRtQ90s +wp/PNpwftnpmU8OVHKn7RWlVI2gUJQAWje0L7WF8POY +-> ssh-ed25519 oOFZcQ H4DlziBiXcE54Dnuk3MfiNFF6iOE5eQUVL4npUjgfEM +BYK5wXV4evqtUanzJtAgTzHjQUkv6BMNDYhqhEN+LAE +-> ssh-ed25519 BVsyTA dyZ/zUHpYNxbo3GmtHXR4XXzV2gVdaku1chxE028JTA +1VRZgmsRV1CjQCVNJhDnOYOWl1V4OxCd/mNY+QhNbIw +-> ssh-ed25519 BVsyTA h3vgd5Gm49NW8kBYZ6cCW8qjSZ8thUpvNzoRGArnK0I +fL9vlAYUFW7IRhyerc7VpYfK+4ZQvMAs+rb1KHvi0Nw +-> ssh-ed25519 +3V2lQ V3SNRpH/u017gfpyrXRavZvHEeg7UrfmVgtacFNNwxE +Hk34+oa4HAWpCyKZzwq1TTkcivfKnoabgoPI0YVujiE +--- DYEoKE9rQw/OFgEWQq+DK9seMqLovJ4JCXb8a8pBGWE +MB:9T\'y"To \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 686a5f8..78b7d7d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -3,7 +3,7 @@ let machines = { dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILDATEWAgDZFfYs1ZPh33Kg4sqQ9tWMVKyk8XqFu3Koe host@dumpyourvms"; ryzensun = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/l7MfEmt510BMeNjuXNPmZ0brcQidvrrpcea+qJMjX host@ryzensun"; - test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIATdaeRzb/OE1P+lcRS/i9C4yIN11J5zpfVb7+v1D4d7"; + test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEM2z37ihd0zy9146EFDsvRhtTgBSPiB9OzhPgjmyuqX host@test-vm"; }; users = { teutat3s-dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";