From 002f6945dc73e2adca2d83124be1b8629cfabf36 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 22 Jun 2024 20:35:27 +0200 Subject: [PATCH 1/4] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24) → 'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14) • Updated input 'deploy-rs': 'github:serokell/deploy-rs/b3ea6f333f9057b77efd9091119ba67089399ced' (2024-05-14) → 'github:serokell/deploy-rs/3867348fa92bc892eba5d9ddb2d7a97b9e127a8a' (2024-06-12) • Updated input 'element-themes': 'github:aaronraimist/element-themes/6ed3a981191cbd59f03ea530f16e096b9a4c278c' (2024-05-28) → 'github:aaronraimist/element-themes/3bc82abc3dd468dabc933f0f9d0b443ed97554a6' (2024-06-20) • Updated input 'maunium-stickerpicker': 'github:maunium/stickerpicker/47f17fde452b5e9f0c9e96ce0e2c878dd0574b7f?dir=web' (2024-05-18) → 'github:maunium/stickerpicker/333567f481e60443360aa7199d481e1a45b3a523?dir=web' (2024-06-19) • Updated input 'nix-darwin': 'github:lnl7/nix-darwin/c0d5b8c54d6828516c97f6be9f2d00c63a363df4' (2024-05-29) → 'github:lnl7/nix-darwin/29b3096a6e283d7e6779187244cb2a3942239fdf' (2024-06-17) • Updated input 'nixos-flake': 'github:srid/nixos-flake/aa9100167350cbdffaa272b0fd382d7c23606b86' (2024-05-22) → 'github:srid/nixos-flake/6335b2f05f007b95ac2438b0a55498f9f20e73f7' (2024-06-22) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446' (2024-05-31) → 'github:nixos/nixpkgs/03d771e513ce90147b65fe922d87d3a0356fc125' (2024-06-19) • Updated input 'unstable': 'github:nixos/nixpkgs/57610d2f8f0937f39dbd72251e9614b1561942d8' (2024-05-31) → 'github:nixos/nixpkgs/d603719ec6e294f034936c0d0dc06f689d91b6c3' (2024-06-20) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 3f09be94..5c9b4b6c 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1716561646, - "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", + "lastModified": 1718371084, + "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=", "owner": "ryantm", "repo": "agenix", - "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", + "rev": "3a56735779db467538fb2e577eda28a9daacaca6", "type": "github" }, "original": { @@ -52,11 +52,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1715699772, - "narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=", + "lastModified": 1718194053, + "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", "owner": "serokell", "repo": "deploy-rs", - "rev": "b3ea6f333f9057b77efd9091119ba67089399ced", + "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", "type": "github" }, "original": { @@ -114,11 +114,11 @@ "element-themes": { "flake": false, "locked": { - "lastModified": 1716915815, - "narHash": "sha256-5xOzatIJIzu/38TQAYWO8eFtYl0kaCBFJWrjLyyluU8=", + "lastModified": 1718859621, + "narHash": "sha256-ZOOm6UFGNSkGrdwbG5saLAYgAPYJ7E80ogA40CaW+E4=", "owner": "aaronraimist", "repo": "element-themes", - "rev": "6ed3a981191cbd59f03ea530f16e096b9a4c278c", + "rev": "3bc82abc3dd468dabc933f0f9d0b443ed97554a6", "type": "github" }, "original": { @@ -277,11 +277,11 @@ "flake": false, "locked": { "dir": "web", - "lastModified": 1716038335, - "narHash": "sha256-OjmeIkSds59i6lHG/M3Z+32k9nGgm/owJ4x+xwyx0Qs=", + "lastModified": 1718796561, + "narHash": "sha256-RKAAHve17lrJokgAPkM2k/E+f9djencwwg3Xcd70Yfw=", "owner": "maunium", "repo": "stickerpicker", - "rev": "47f17fde452b5e9f0c9e96ce0e2c878dd0574b7f", + "rev": "333567f481e60443360aa7199d481e1a45b3a523", "type": "github" }, "original": { @@ -299,11 +299,11 @@ ] }, "locked": { - "lastModified": 1716993688, - "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=", + "lastModified": 1718662658, + "narHash": "sha256-AKG7BsqtVWDlefgzyKz7vjaKTLi4+bmTSBhowbQoZtM=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4", + "rev": "29b3096a6e283d7e6779187244cb2a3942239fdf", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixos-flake": { "locked": { - "lastModified": 1716406291, - "narHash": "sha256-qHjJ6alc4o3p51hrPp3JGdC5Pbz5EjF+UZq1HbK8av0=", + "lastModified": 1719079946, + "narHash": "sha256-A3JUcPH00buqBgjmi0lWUZIql9+8Y7CMSXGoUXcm+yk=", "owner": "srid", "repo": "nixos-flake", - "rev": "aa9100167350cbdffaa272b0fd382d7c23606b86", + "rev": "6335b2f05f007b95ac2438b0a55498f9f20e73f7", "type": "github" }, "original": { @@ -330,11 +330,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717159533, - "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "lastModified": 1718811006, + "narHash": "sha256-0Y8IrGhRmBmT7HHXlxxepg2t8j1X90++qRN3lukGaIk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "rev": "03d771e513ce90147b65fe922d87d3a0356fc125", "type": "github" }, "original": { @@ -533,11 +533,11 @@ }, "unstable": { "locked": { - "lastModified": 1717196966, - "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", + "lastModified": 1718895438, + "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", + "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3", "type": "github" }, "original": { From aa244087d3df9a271bfa4d3cf1f544b53f38d13e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 22 Jun 2024 20:55:50 +0200 Subject: [PATCH 2/4] forgejo: use latest version from unstable for security fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit error: Package ‘forgejo-1.20.6-1-unstable-2024-04-18’ in /nix/store/qk1dpz44db85rhd8lr4j6i2hkn9j5hg4-source/pkgs/applications/version-management/forgejo/default.nix:147 is marked as insecure, refusing to evaluate. Known issues: - Forgejo v1.20.x is EOL - OAuth2 implementation does not always require authentication for public clients --- overlays/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/overlays/default.nix b/overlays/default.nix index d137603e..85fd3b3f 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -13,6 +13,7 @@ in { forgejo-runner = unstable.forgejo-runner; + forgejo = unstable.forgejo; prometheus-node-exporter = unstable.prometheus-node-exporter; element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; }; element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker { From f38aa289ea28b806c4b271d13b2c444dfc14fef2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 23 Jun 2024 15:00:40 +0200 Subject: [PATCH 3/4] matrix-synapse: enable more useful logging --- modules/matrix/default.nix | 2 -- modules/matrix/matrix-log-config.yaml | 40 --------------------------- 2 files changed, 42 deletions(-) delete mode 100644 modules/matrix/matrix-log-config.yaml diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index da6c49dd..f8b23554 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -108,8 +108,6 @@ in instance_map = { }; limit_profile_requests_to_users_who_share_rooms = false; - log_config = ./matrix-log-config.yaml; - max_spider_size = "10M"; max_upload_size = "50M"; media_storage_providers = [ ]; diff --git a/modules/matrix/matrix-log-config.yaml b/modules/matrix/matrix-log-config.yaml deleted file mode 100644 index c7465ae5..00000000 --- a/modules/matrix/matrix-log-config.yaml +++ /dev/null @@ -1,40 +0,0 @@ -version: 1 - -formatters: - precise: - format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" - -filters: - context: - (): synapse.util.logcontext.LoggingContextFilter - request: "" - -handlers: - console: - class: logging.StreamHandler - formatter: precise - filters: [context] - -loggers: - synapse: - level: WARNING - - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: WARNING - - synapse.http.matrixfederationclient: - level: CRITICAL - synapse.federation.sender.per_destination_queue: - level: CRITICAL - synapse.handlers.device: - level: CRITICAL - synapse.replication.tcp.handler: - level: CRITICAL - shared_secret_authenticator: - level: INFO - -root: - level: WARNING - handlers: [console] From 99f84268e7854e814b10dba663a7098e01e14fa2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 23 Jun 2024 15:01:37 +0200 Subject: [PATCH 4/4] nextcloud: fine tune for performance, following https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html --- modules/nextcloud/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix index dba197c3..8bf2c1dd 100644 --- a/modules/nextcloud/default.nix +++ b/modules/nextcloud/default.nix @@ -97,7 +97,8 @@ activity_expire_days = "14"; integrity.check.disabled = false; updater.release.channel = "stable"; - loglevel = 0; + loglevel = 2; + debug = false; maintenance_window_start = "1"; # maintenance = false; app_install_overwrite = [ @@ -111,6 +112,10 @@ phpOptions = { "opcache.interned_strings_buffer" = "32"; + "opcache.max_accelerated_files" = "16229"; + "opcache.memory_consumption" = "256"; + # https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache + "opcache.revalidate_freq" = "60"; # https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#:~:text=opcache.jit%20%3D%201255%20opcache.jit_buffer_size%20%3D%20128m "opcache.jit" = "1255"; "opcache.jit_buffer_size" = "128M";