Compare commits
11 commits
ci/nixpkgs
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
973c18edb2 | ||
|
|
271bc1dc0b | ||
|
|
3432df47f1 | ||
|
|
ba0d3cac4a | ||
|
|
798aa29b45 | ||
|
|
691b0d0bdd | ||
|
|
2e253267db | ||
|
|
508bc9844c | ||
|
|
bd9575783f | ||
|
|
3cb61ca908 | ||
|
|
24fdbb81df |
14 changed files with 145 additions and 43 deletions
21
CHANGELOG.md
21
CHANGELOG.md
|
|
@ -16,6 +16,10 @@ Template:
|
||||||
|
|
||||||
# Upcoming Release
|
# Upcoming Release
|
||||||
|
|
||||||
|
# v0.9.0
|
||||||
|
|
||||||
|
Commits: https://github.com/ibizaman/selfhostblocks/compare/v0.8.0...v0.9.0
|
||||||
|
|
||||||
## Breaking Changes
|
## Breaking Changes
|
||||||
|
|
||||||
- Updated simple-nixos-mailserver. Update all options following this pattern:
|
- Updated simple-nixos-mailserver. Update all options following this pattern:
|
||||||
|
|
@ -28,13 +32,28 @@ Template:
|
||||||
Note that simple-nixos-mailserver wanted to upgrade the location of the storage path
|
Note that simple-nixos-mailserver wanted to upgrade the location of the storage path
|
||||||
to include the ldap UID instead of the email but I kept the email address.
|
to include the ldap UID instead of the email but I kept the email address.
|
||||||
This means there is no migration to do.
|
This means there is no migration to do.
|
||||||
|
- Update nixpkgs [from 6201e2 to abd1ea](https://github.com/ibizaman/selfhostblocks/compare/6201e203d09599479a3b3450ed24fa81537ebc4e...abd1ea17fdbedd48cbca770847b39e3a7a09ab5b).
|
||||||
|
|
||||||
## New Features
|
## New Features
|
||||||
|
|
||||||
- Add `shb.zfs.snapshotBeforeActivation` option to take a ZFS snapshot of given datasets before activation.
|
- Add `shb.zfs.snapshotBeforeActivation` option to take a ZFS snapshot of given datasets before activation.
|
||||||
See [the manual](https://shb.skarabox.com/blocks-zfs.html) for more details.
|
See [the manual](https://shb.skarabox.com/blocks-zfs.html) for more details.
|
||||||
|
- Add [sanoid block](https://shb.skarabox.com/blocks-sanoid.html)
|
||||||
|
- Add option to take snapshot before activation with ZFS block.
|
||||||
|
|
||||||
# v0.8.0
|
## Fixes
|
||||||
|
|
||||||
|
- Fix oidc_login build for Nextcloud
|
||||||
|
- Fix mailserver build
|
||||||
|
|
||||||
|
## Other Changes
|
||||||
|
|
||||||
|
- Harden lldap configuration
|
||||||
|
- Convert ZFS block to system and [add documentation](https://shb.skarabox.com/blocks-zfs.html)
|
||||||
|
- Switch monitoring log fetching from deprecated promtail to fluent-bit
|
||||||
|
- Add test to catch drift for Let's Encrypt DNS provider
|
||||||
|
|
||||||
|
# [BROKEN] v0.8.0
|
||||||
|
|
||||||
## Breaking Changes
|
## Breaking Changes
|
||||||
|
|
||||||
|
|
|
||||||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
||||||
0.8.0
|
0.9.0
|
||||||
14
flake.lock
14
flake.lock
|
|
@ -20,11 +20,11 @@
|
||||||
},
|
},
|
||||||
"nix-flake-tests": {
|
"nix-flake-tests": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1677844186,
|
"lastModified": 1775571237,
|
||||||
"narHash": "sha256-ErJZ/Gs1rxh561CJeWP5bohA2IcTq1rDneu1WT6CVII=",
|
"narHash": "sha256-1f5Uvgcy3gx/eyRp4rqfDRBjcZc9uiHoIlfcFIL7GvI=",
|
||||||
"owner": "antifuchs",
|
"owner": "antifuchs",
|
||||||
"repo": "nix-flake-tests",
|
"repo": "nix-flake-tests",
|
||||||
"rev": "bbd9216bd0f6495bb961a8eb8392b7ef55c67afb",
|
"rev": "86b789cff8aecbd7c1bed7cd421dd837c3f62201",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -35,11 +35,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1779106008,
|
"lastModified": 1781074563,
|
||||||
"narHash": "sha256-69DUmukrvXPNjSgtI1TmsKQ5TwNlclhMDcIWbimdSGo=",
|
"narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=",
|
||||||
"owner": "NixOS",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "abd1ea17fdbedd48cbca770847b39e3a7a09ab5b",
|
"rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
|
|
@ -352,12 +352,16 @@ let
|
||||||
"expected"
|
"expected"
|
||||||
"result"
|
"result"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
(pkgs.python3.withPackages (ps: [ ps.deepdiff ] ++ ps.deepdiff.optional-dependencies.cli))
|
||||||
|
];
|
||||||
}
|
}
|
||||||
''
|
''
|
||||||
echo "${name} failed (- expected, + result)" > $out
|
echo "${name} failed (- expected, + result)" > $out
|
||||||
cp ''${expectedPath} ''${expectedPath}.json
|
cp ''${expectedPath} ''${expectedPath}.json
|
||||||
cp ''${resultPath} ''${resultPath}.json
|
cp ''${resultPath} ''${resultPath}.json
|
||||||
${pkgs.deepdiff}/bin/deep diff ''${expectedPath}.json ''${resultPath}.json >> $out
|
deep diff ''${expectedPath}.json ''${resultPath}.json >> $out
|
||||||
''
|
''
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -75,6 +75,30 @@ in
|
||||||
config = {
|
config = {
|
||||||
services.davfs2.enable = builtins.length cfg.mounts > 0;
|
services.davfs2.enable = builtins.length cfg.mounts > 0;
|
||||||
|
|
||||||
|
systemd.services = lib.optionalAttrs (builtins.length cfg.mounts > 0) {
|
||||||
|
davfs2-password-generation = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
script = ''
|
||||||
|
mkdir -p /etc/davfs2
|
||||||
|
[ -f /etc/davfs2/secrets ] && mv /etc/davfs2/secrets /etc/davfs2/secrets.prev
|
||||||
|
touch /etc/davfs2/secrets
|
||||||
|
chown root: /etc/davfs2
|
||||||
|
chown root: /etc/davfs2/secrets
|
||||||
|
chmod 700 /etc/davfs2
|
||||||
|
chmod 600 /etc/davfs2/secrets
|
||||||
|
''
|
||||||
|
+ (
|
||||||
|
let
|
||||||
|
mkPasswordCmd = cfg': ''
|
||||||
|
printf "%s %s %s\n" "${cfg'.mountPoint}" "${cfg'.username}" "$(cat ${cfg'.passwordFile})" >> /etc/davfs2/secrets
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
lib.concatStringsSep "\n" (map mkPasswordCmd cfg.mounts)
|
||||||
|
);
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.mounts =
|
systemd.mounts =
|
||||||
let
|
let
|
||||||
mkMountCfg = c: {
|
mkMountCfg = c: {
|
||||||
|
|
@ -82,6 +106,7 @@ in
|
||||||
description = "Webdav mount point";
|
description = "Webdav mount point";
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
wants = [ "network-online.target" ];
|
wants = [ "network-online.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
what = c.remoteUrl;
|
what = c.remoteUrl;
|
||||||
where = c.mountPoint;
|
where = c.mountPoint;
|
||||||
|
|
|
||||||
|
|
@ -249,9 +249,10 @@ in
|
||||||
let
|
let
|
||||||
recursiveFlag = lib.optionalString cfg.snapshotBeforeActivation.recursive "-r";
|
recursiveFlag = lib.optionalString cfg.snapshotBeforeActivation.recursive "-r";
|
||||||
in
|
in
|
||||||
lib.concatMapStringsSep "\n" (ds: "zfs snapshot ${recursiveFlag} ${ds}@\"$name\"") (
|
lib.concatMapStringsSep "\n" (ds: ''
|
||||||
lib.uniqueStrings datasets
|
echo "Taking ZFS snapshot of ${ds}@$name"
|
||||||
)
|
zfs snapshot ${recursiveFlag} ${ds}@"$name"
|
||||||
|
'') (lib.uniqueStrings datasets)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -11,23 +11,13 @@ let
|
||||||
|
|
||||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||||
|
|
||||||
ldap_auth_script_repo = pkgs.fetchFromGitHub {
|
|
||||||
owner = "lldap";
|
|
||||||
repo = "lldap";
|
|
||||||
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
|
|
||||||
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
|
|
||||||
};
|
|
||||||
|
|
||||||
ldap_auth_script = pkgs.writeShellScriptBin "ldap_auth.sh" ''
|
|
||||||
export PATH=${pkgs.gnused}/bin:${pkgs.curl}/bin:${pkgs.jq}/bin
|
|
||||||
exec ${pkgs.bash}/bin/bash ${ldap_auth_script_repo}/example_configs/lldap-ha-auth.sh $@
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Filter secrets from config. Secrets are those of the form { source = <path>; }
|
# Filter secrets from config. Secrets are those of the form { source = <path>; }
|
||||||
secrets = lib.attrsets.filterAttrs (k: v: builtins.isAttrs v) cfg.config;
|
secrets = lib.attrsets.filterAttrs (k: v: builtins.isAttrs v) cfg.config;
|
||||||
|
|
||||||
nonSecrets = (lib.attrsets.filterAttrs (k: v: !(builtins.isAttrs v)) cfg.config);
|
nonSecrets = (lib.attrsets.filterAttrs (k: v: !(builtins.isAttrs v)) cfg.config);
|
||||||
|
|
||||||
|
lldap_ha_auth = pkgs.callPackage ./home-assistant/lldap_ha_auth.nix { };
|
||||||
|
|
||||||
configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets);
|
configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
@ -280,9 +270,10 @@ in
|
||||||
}
|
}
|
||||||
])
|
])
|
||||||
++ (lib.optionals cfg.ldap.enable [
|
++ (lib.optionals cfg.ldap.enable [
|
||||||
|
# https://www.home-assistant.io/docs/authentication/providers/#command-line
|
||||||
{
|
{
|
||||||
type = "command_line";
|
type = "command_line";
|
||||||
command = ldap_auth_script + "/bin/ldap_auth.sh";
|
command = lldap_ha_auth + "/bin/lldap-ha-auth";
|
||||||
args = [
|
args = [
|
||||||
"http://${cfg.ldap.host}:${toString cfg.ldap.port}"
|
"http://${cfg.ldap.host}:${toString cfg.ldap.port}"
|
||||||
cfg.ldap.userGroup
|
cfg.ldap.userGroup
|
||||||
|
|
|
||||||
37
modules/services/home-assistant/lldap_ha_auth.nix
Normal file
37
modules/services/home-assistant/lldap_ha_auth.nix
Normal file
|
|
@ -0,0 +1,37 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
stdenvNoCC,
|
||||||
|
}:
|
||||||
|
stdenvNoCC.mkDerivation {
|
||||||
|
name = "lldap-ha-auth";
|
||||||
|
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "lldap";
|
||||||
|
repo = "lldap";
|
||||||
|
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
|
||||||
|
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
|
||||||
|
};
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
pkgs.makeWrapper
|
||||||
|
];
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
|
||||||
|
cp example_configs/lldap-ha-auth.sh $out/bin/lldap-ha-auth
|
||||||
|
chmod a+x $out/bin/lldap-ha-auth
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
wrapProgram $out/bin/lldap-ha-auth \
|
||||||
|
--prefix PATH : ${
|
||||||
|
lib.makeBinPath [
|
||||||
|
pkgs.gnused
|
||||||
|
pkgs.curl
|
||||||
|
pkgs.jq
|
||||||
|
]
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
|
@ -59,12 +59,12 @@ in
|
||||||
WEBUI_NAME = "SelfHostBlocks";
|
WEBUI_NAME = "SelfHostBlocks";
|
||||||
|
|
||||||
OLLAMA_BASE_URL = "http://127.0.0.1:''${toString config.services.ollama.port}";
|
OLLAMA_BASE_URL = "http://127.0.0.1:''${toString config.services.ollama.port}";
|
||||||
|
RAG_EMBEDDING_ENGINE = "ollama";
|
||||||
RAG_EMBEDDING_MODEL = "nomic-embed-text:v1.5";
|
RAG_EMBEDDING_MODEL = "nomic-embed-text:v1.5";
|
||||||
|
|
||||||
ENABLE_OPENAI_API = "True";
|
ENABLE_OPENAI_API = "True";
|
||||||
OPENAI_API_BASE_URL = "http://127.0.0.1:''${toString config.services.llama-cpp.port}";
|
OPENAI_API_BASE_URL = "http://127.0.0.1:''${toString config.services.llama-cpp.port}";
|
||||||
ENABLE_WEB_SEARCH = "True";
|
ENABLE_WEB_SEARCH = "True";
|
||||||
RAG_EMBEDDING_ENGINE = "openai";
|
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,28 +1,24 @@
|
||||||
From fa1659eeb26375677b19fa5c3b2393f3faa05234 Mon Sep 17 00:00:00 2001
|
From 8d38721322bc47ce089f8d246513be610e22c187 Mon Sep 17 00:00:00 2001
|
||||||
From: ibizaman <ibizaman@tiserbox.com>
|
From: ibizaman <ibizaman@tiserbox.com>
|
||||||
Date: Sun, 10 May 2026 08:58:10 +0200
|
Date: Sun, 10 May 2026 08:58:10 +0200
|
||||||
Subject: [PATCH] never onboard
|
Subject: [PATCH] never onboard
|
||||||
|
|
||||||
---
|
---
|
||||||
backend/open_webui/main.py | 4 +---
|
backend/open_webui/main.py | 2 --
|
||||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
1 file changed, 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
|
diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
|
||||||
index ba7f74c83..d9bab576a 100644
|
index e05497c..826af7b 100644
|
||||||
--- a/backend/open_webui/main.py
|
--- a/backend/open_webui/main.py
|
||||||
+++ b/backend/open_webui/main.py
|
+++ b/backend/open_webui/main.py
|
||||||
@@ -2192,11 +2192,9 @@ async def get_app_config(request: Request):
|
@@ -2391,8 +2391,6 @@ async def get_app_config(request: Request):
|
||||||
user = await Users.get_user_by_id(data['id'])
|
user = await Users.get_user_by_id(data['id'])
|
||||||
|
|
||||||
user_count = await Users.get_num_users()
|
|
||||||
+ # Never onboard
|
|
||||||
onboarding = False
|
onboarding = False
|
||||||
|
|
||||||
- if user is None:
|
- if user is None:
|
||||||
- onboarding = user_count == 0
|
- onboarding = not await Users.has_users()
|
||||||
-
|
|
||||||
return {
|
user_count = await Users.get_num_users() if app.state.LICENSE_METADATA else None
|
||||||
**({'onboarding': True} if onboarding else {}),
|
|
||||||
'status': True,
|
|
||||||
--
|
--
|
||||||
2.53.0
|
2.53.0
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,28 @@ let
|
||||||
pkgs' = pkgs;
|
pkgs' = pkgs;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
letsencryptDnsProvider = shb.test.runNixOSTest {
|
||||||
|
name = "ssl-letsencrypt-dns-provider";
|
||||||
|
|
||||||
|
nodes.server =
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
shb.test.baseImports
|
||||||
|
../../modules/blocks/ssl.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
shb.certs.certs.letsencrypt.dns = {
|
||||||
|
domain = "dns.example.com";
|
||||||
|
dnsProvider = "namecheap";
|
||||||
|
credentialsFile = "/run/this-file-does-not-exist-acme-env";
|
||||||
|
adminEmail = "admin@example.com";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = "";
|
||||||
|
};
|
||||||
|
|
||||||
test = shb.test.runNixOSTest {
|
test = shb.test.runNixOSTest {
|
||||||
name = "ssl-test";
|
name = "ssl-test";
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -156,7 +156,7 @@ let
|
||||||
mkdir -p /tmp/shared/
|
mkdir -p /tmp/shared/
|
||||||
cp -r trace /tmp/shared/
|
cp -r trace /tmp/shared/
|
||||||
""")
|
""")
|
||||||
server.copy_from_vm("trace")
|
server.copy_from_machine("trace")
|
||||||
except:
|
except:
|
||||||
print("No trace found on server")
|
print("No trace found on server")
|
||||||
if code != 0:
|
if code != 0:
|
||||||
|
|
@ -171,7 +171,7 @@ let
|
||||||
mkdir -p /tmp/shared/
|
mkdir -p /tmp/shared/
|
||||||
cp -r trace /tmp/shared/
|
cp -r trace /tmp/shared/
|
||||||
""")
|
""")
|
||||||
client.copy_from_vm("trace")
|
client.copy_from_machine("trace")
|
||||||
except:
|
except:
|
||||||
print("No trace found on client")
|
print("No trace found on client")
|
||||||
if code != 0:
|
if code != 0:
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@ in
|
||||||
expected = {
|
expected = {
|
||||||
services.davfs2.enable = false;
|
services.davfs2.enable = false;
|
||||||
systemd.mounts = [ ];
|
systemd.mounts = [ ];
|
||||||
|
systemd.services = { };
|
||||||
};
|
};
|
||||||
expr = testConfig { };
|
expr = testConfig { };
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,13 @@ let
|
||||||
inherit (config.test) subdomain domain;
|
inherit (config.test) subdomain domain;
|
||||||
};
|
};
|
||||||
# Speeds up tests because models can't be downloaded anyway and that leads to retries.
|
# Speeds up tests because models can't be downloaded anyway and that leads to retries.
|
||||||
services.open-webui.environment.OFFLINE_MODE = "true";
|
services.open-webui.environment = {
|
||||||
|
OFFLINE_MODE = "true";
|
||||||
|
BYPASS_EMBEDDING_AND_RETRIEVAL = "true";
|
||||||
|
RAG_EMBEDDING_ENGINE = "ollama";
|
||||||
|
RAG_EMBEDDING_MODEL = "dummy";
|
||||||
|
RAG_OLLAMA_BASE_URL = "http://127.0.0.1:9";
|
||||||
|
};
|
||||||
|
|
||||||
networking.hosts = {
|
networking.hosts = {
|
||||||
"127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ];
|
"127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ];
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue