diff --git a/flake.lock b/flake.lock index df30c67..2b4de80 100644 --- a/flake.lock +++ b/flake.lock @@ -1,15 +1,68 @@ { "nodes": { + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs", + "stable": "stable" + }, + "locked": { + "lastModified": 1731527002, + "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -64,13 +117,50 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1728241625, - "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1731319897, + "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "rev": "dc460ec76cbff0e66e269457d7b728432263166c", "type": "github" }, "original": { @@ -82,10 +172,27 @@ }, "root": { "inputs": { - "flake-utils": "flake-utils", + "colmena": "colmena", + "flake-utils": "flake-utils_2", "meetbot": "meetbot", "mineshspc": "mineshspc", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" + } + }, + "stable": { + "locked": { + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" } }, "systems": { diff --git a/flake.nix b/flake.nix index 5a319df..a106550 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,7 @@ { description = "Nevarro Infrastructure NixOS deployments"; inputs = { + colmena.url = "github:zhaofengli/colmena"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; mineshspc = { @@ -15,8 +16,9 @@ }; }; - outputs = inputs@{ nixpkgs, flake-utils, ... }: + outputs = inputs@{ self, colmena, nixpkgs, flake-utils, ... }: { + colmenaHive = colmena.lib.makeHive self.outputs.colmena; colmena = import ./nixos/colmena.nix (inputs // { terraform-outputs = nixpkgs.lib.importJSON ./terraform-output.json; }); @@ -30,7 +32,7 @@ devShells.default = pkgs.mkShell { packages = with pkgs; [ cargo - colmena + colmena.packages.${system}.colmena git-crypt openssl pre-commit diff --git a/nixos/colmena.nix b/nixos/colmena.nix index 97312b6..f836f38 100644 --- a/nixos/colmena.nix +++ b/nixos/colmena.nix @@ -15,19 +15,19 @@ in { matrix-synapse-unwrapped = super.matrix-synapse-unwrapped.overridePythonAttrs (old: rec { pname = "matrix-synapse"; - version = "1.118.0"; + version = "1.119.0"; src = super.fetchFromGitHub { owner = "element-hq"; repo = "synapse"; rev = "v${version}"; - hash = "sha256-dMa1L1MYzt/XfCD8hGt+WupAwl5l4zwVcj5mQ8KtTp8="; + hash = "sha256-+3FrxSfQteIga5uiRNzAlV+xNESB9PUX/UkkL6UMETQ="; }; cargoDeps = super.rustPackages.rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - hash = "sha256-FJaj5T2wMIn/A0JNUGpXyNtPvXIAF8Ivkej4vS1S3dA="; + hash = "sha256-c/19RaBmtfKkFFQyDBwH+yqHp4YNQSqCu23WYbpOc98="; }; doInstallCheck = false; diff --git a/nixos/hosts/matrix/default.nix b/nixos/hosts/matrix/default.nix index a043562..f3ac902 100644 --- a/nixos/hosts/matrix/default.nix +++ b/nixos/hosts/matrix/default.nix @@ -30,8 +30,6 @@ keyFor "matrix/shared-secret-auth/nevarro.space" "matrix-synapse"; nevarro_space_cleanup_synapse_environment_file = keyFor "matrix/cleanup-synapse/nevarro.space" "root"; - nevarro_space_sliding_sync_environment_file = - keyFor "matrix/sliding-sync/nevarro.space" "root"; # App Service Secrets appservice_login_shared_secret_yaml = { diff --git a/nixos/modules/services/matrix/synapse/default.nix b/nixos/modules/services/matrix/synapse/default.nix index 214eeb7..ff7de27 100644 --- a/nixos/modules/services/matrix/synapse/default.nix +++ b/nixos/modules/services/matrix/synapse/default.nix @@ -331,17 +331,6 @@ in { ''; }; - # Run the sliding-sync proxy. - services.matrix-sliding-sync = { - enable = true; - createDatabase = true; - environmentFile = "/run/keys/nevarro_space_sliding_sync_environment_file"; - settings = { - SYNCV3_SERVER = "https://matrix.nevarro.space"; - SYNCV3_BINDADDR = "0.0.0.0:8012"; - }; - }; - # Ensure that Redis is setup for Synapse. services.redis.servers."".enable = true;