Compare commits
4 commits
main
...
ci/nixpkgs
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
4a0c339cd6 | ||
|
|
d0f876f70b | ||
|
|
1765626e8b | ||
|
|
f158654b06 |
14 changed files with 43 additions and 145 deletions
21
CHANGELOG.md
21
CHANGELOG.md
|
|
@ -16,10 +16,6 @@ Template:
|
||||||
|
|
||||||
# Upcoming Release
|
# Upcoming Release
|
||||||
|
|
||||||
# v0.9.0
|
|
||||||
|
|
||||||
Commits: https://github.com/ibizaman/selfhostblocks/compare/v0.8.0...v0.9.0
|
|
||||||
|
|
||||||
## Breaking Changes
|
## Breaking Changes
|
||||||
|
|
||||||
- Updated simple-nixos-mailserver. Update all options following this pattern:
|
- Updated simple-nixos-mailserver. Update all options following this pattern:
|
||||||
|
|
@ -32,28 +28,13 @@ Commits: https://github.com/ibizaman/selfhostblocks/compare/v0.8.0...v0.9.0
|
||||||
Note that simple-nixos-mailserver wanted to upgrade the location of the storage path
|
Note that simple-nixos-mailserver wanted to upgrade the location of the storage path
|
||||||
to include the ldap UID instead of the email but I kept the email address.
|
to include the ldap UID instead of the email but I kept the email address.
|
||||||
This means there is no migration to do.
|
This means there is no migration to do.
|
||||||
- Update nixpkgs [from 6201e2 to abd1ea](https://github.com/ibizaman/selfhostblocks/compare/6201e203d09599479a3b3450ed24fa81537ebc4e...abd1ea17fdbedd48cbca770847b39e3a7a09ab5b).
|
|
||||||
|
|
||||||
## New Features
|
## New Features
|
||||||
|
|
||||||
- Add `shb.zfs.snapshotBeforeActivation` option to take a ZFS snapshot of given datasets before activation.
|
- Add `shb.zfs.snapshotBeforeActivation` option to take a ZFS snapshot of given datasets before activation.
|
||||||
See [the manual](https://shb.skarabox.com/blocks-zfs.html) for more details.
|
See [the manual](https://shb.skarabox.com/blocks-zfs.html) for more details.
|
||||||
- Add [sanoid block](https://shb.skarabox.com/blocks-sanoid.html)
|
|
||||||
- Add option to take snapshot before activation with ZFS block.
|
|
||||||
|
|
||||||
## Fixes
|
# v0.8.0
|
||||||
|
|
||||||
- Fix oidc_login build for Nextcloud
|
|
||||||
- Fix mailserver build
|
|
||||||
|
|
||||||
## Other Changes
|
|
||||||
|
|
||||||
- Harden lldap configuration
|
|
||||||
- Convert ZFS block to system and [add documentation](https://shb.skarabox.com/blocks-zfs.html)
|
|
||||||
- Switch monitoring log fetching from deprecated promtail to fluent-bit
|
|
||||||
- Add test to catch drift for Let's Encrypt DNS provider
|
|
||||||
|
|
||||||
# [BROKEN] v0.8.0
|
|
||||||
|
|
||||||
## Breaking Changes
|
## Breaking Changes
|
||||||
|
|
||||||
|
|
|
||||||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
||||||
0.9.0
|
0.8.0
|
||||||
14
flake.lock
14
flake.lock
|
|
@ -20,11 +20,11 @@
|
||||||
},
|
},
|
||||||
"nix-flake-tests": {
|
"nix-flake-tests": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1775571237,
|
"lastModified": 1677844186,
|
||||||
"narHash": "sha256-1f5Uvgcy3gx/eyRp4rqfDRBjcZc9uiHoIlfcFIL7GvI=",
|
"narHash": "sha256-ErJZ/Gs1rxh561CJeWP5bohA2IcTq1rDneu1WT6CVII=",
|
||||||
"owner": "antifuchs",
|
"owner": "antifuchs",
|
||||||
"repo": "nix-flake-tests",
|
"repo": "nix-flake-tests",
|
||||||
"rev": "86b789cff8aecbd7c1bed7cd421dd837c3f62201",
|
"rev": "bbd9216bd0f6495bb961a8eb8392b7ef55c67afb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -35,11 +35,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1781074563,
|
"lastModified": 1779344484,
|
||||||
"narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=",
|
"narHash": "sha256-7kuxpYP0hboqDsu9r1gdoZugvuQ21Ihkv9WL5uuLvvE=",
|
||||||
"owner": "nixos",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca",
|
"rev": "12999e6de169741f42aa0cc279588f809e98888c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
|
|
@ -352,16 +352,12 @@ let
|
||||||
"expected"
|
"expected"
|
||||||
"result"
|
"result"
|
||||||
];
|
];
|
||||||
|
|
||||||
nativeBuildInputs = [
|
|
||||||
(pkgs.python3.withPackages (ps: [ ps.deepdiff ] ++ ps.deepdiff.optional-dependencies.cli))
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
''
|
''
|
||||||
echo "${name} failed (- expected, + result)" > $out
|
echo "${name} failed (- expected, + result)" > $out
|
||||||
cp ''${expectedPath} ''${expectedPath}.json
|
cp ''${expectedPath} ''${expectedPath}.json
|
||||||
cp ''${resultPath} ''${resultPath}.json
|
cp ''${resultPath} ''${resultPath}.json
|
||||||
deep diff ''${expectedPath}.json ''${resultPath}.json >> $out
|
${pkgs.deepdiff}/bin/deep diff ''${expectedPath}.json ''${resultPath}.json >> $out
|
||||||
''
|
''
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -75,30 +75,6 @@ in
|
||||||
config = {
|
config = {
|
||||||
services.davfs2.enable = builtins.length cfg.mounts > 0;
|
services.davfs2.enable = builtins.length cfg.mounts > 0;
|
||||||
|
|
||||||
systemd.services = lib.optionalAttrs (builtins.length cfg.mounts > 0) {
|
|
||||||
davfs2-password-generation = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig.Type = "oneshot";
|
|
||||||
script = ''
|
|
||||||
mkdir -p /etc/davfs2
|
|
||||||
[ -f /etc/davfs2/secrets ] && mv /etc/davfs2/secrets /etc/davfs2/secrets.prev
|
|
||||||
touch /etc/davfs2/secrets
|
|
||||||
chown root: /etc/davfs2
|
|
||||||
chown root: /etc/davfs2/secrets
|
|
||||||
chmod 700 /etc/davfs2
|
|
||||||
chmod 600 /etc/davfs2/secrets
|
|
||||||
''
|
|
||||||
+ (
|
|
||||||
let
|
|
||||||
mkPasswordCmd = cfg': ''
|
|
||||||
printf "%s %s %s\n" "${cfg'.mountPoint}" "${cfg'.username}" "$(cat ${cfg'.passwordFile})" >> /etc/davfs2/secrets
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
lib.concatStringsSep "\n" (map mkPasswordCmd cfg.mounts)
|
|
||||||
);
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.mounts =
|
systemd.mounts =
|
||||||
let
|
let
|
||||||
mkMountCfg = c: {
|
mkMountCfg = c: {
|
||||||
|
|
@ -106,7 +82,6 @@ in
|
||||||
description = "Webdav mount point";
|
description = "Webdav mount point";
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
wants = [ "network-online.target" ];
|
wants = [ "network-online.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
|
|
||||||
what = c.remoteUrl;
|
what = c.remoteUrl;
|
||||||
where = c.mountPoint;
|
where = c.mountPoint;
|
||||||
|
|
|
||||||
|
|
@ -249,10 +249,9 @@ in
|
||||||
let
|
let
|
||||||
recursiveFlag = lib.optionalString cfg.snapshotBeforeActivation.recursive "-r";
|
recursiveFlag = lib.optionalString cfg.snapshotBeforeActivation.recursive "-r";
|
||||||
in
|
in
|
||||||
lib.concatMapStringsSep "\n" (ds: ''
|
lib.concatMapStringsSep "\n" (ds: "zfs snapshot ${recursiveFlag} ${ds}@\"$name\"") (
|
||||||
echo "Taking ZFS snapshot of ${ds}@$name"
|
lib.uniqueStrings datasets
|
||||||
zfs snapshot ${recursiveFlag} ${ds}@"$name"
|
)
|
||||||
'') (lib.uniqueStrings datasets)
|
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -11,13 +11,23 @@ let
|
||||||
|
|
||||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||||
|
|
||||||
|
ldap_auth_script_repo = pkgs.fetchFromGitHub {
|
||||||
|
owner = "lldap";
|
||||||
|
repo = "lldap";
|
||||||
|
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
|
||||||
|
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
|
||||||
|
};
|
||||||
|
|
||||||
|
ldap_auth_script = pkgs.writeShellScriptBin "ldap_auth.sh" ''
|
||||||
|
export PATH=${pkgs.gnused}/bin:${pkgs.curl}/bin:${pkgs.jq}/bin
|
||||||
|
exec ${pkgs.bash}/bin/bash ${ldap_auth_script_repo}/example_configs/lldap-ha-auth.sh $@
|
||||||
|
'';
|
||||||
|
|
||||||
# Filter secrets from config. Secrets are those of the form { source = <path>; }
|
# Filter secrets from config. Secrets are those of the form { source = <path>; }
|
||||||
secrets = lib.attrsets.filterAttrs (k: v: builtins.isAttrs v) cfg.config;
|
secrets = lib.attrsets.filterAttrs (k: v: builtins.isAttrs v) cfg.config;
|
||||||
|
|
||||||
nonSecrets = (lib.attrsets.filterAttrs (k: v: !(builtins.isAttrs v)) cfg.config);
|
nonSecrets = (lib.attrsets.filterAttrs (k: v: !(builtins.isAttrs v)) cfg.config);
|
||||||
|
|
||||||
lldap_ha_auth = pkgs.callPackage ./home-assistant/lldap_ha_auth.nix { };
|
|
||||||
|
|
||||||
configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets);
|
configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
@ -270,10 +280,9 @@ in
|
||||||
}
|
}
|
||||||
])
|
])
|
||||||
++ (lib.optionals cfg.ldap.enable [
|
++ (lib.optionals cfg.ldap.enable [
|
||||||
# https://www.home-assistant.io/docs/authentication/providers/#command-line
|
|
||||||
{
|
{
|
||||||
type = "command_line";
|
type = "command_line";
|
||||||
command = lldap_ha_auth + "/bin/lldap-ha-auth";
|
command = ldap_auth_script + "/bin/ldap_auth.sh";
|
||||||
args = [
|
args = [
|
||||||
"http://${cfg.ldap.host}:${toString cfg.ldap.port}"
|
"http://${cfg.ldap.host}:${toString cfg.ldap.port}"
|
||||||
cfg.ldap.userGroup
|
cfg.ldap.userGroup
|
||||||
|
|
|
||||||
|
|
@ -1,37 +0,0 @@
|
||||||
{
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
stdenvNoCC,
|
|
||||||
}:
|
|
||||||
stdenvNoCC.mkDerivation {
|
|
||||||
name = "lldap-ha-auth";
|
|
||||||
|
|
||||||
src = pkgs.fetchFromGitHub {
|
|
||||||
owner = "lldap";
|
|
||||||
repo = "lldap";
|
|
||||||
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
|
|
||||||
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
|
|
||||||
};
|
|
||||||
|
|
||||||
nativeBuildInputs = [
|
|
||||||
pkgs.makeWrapper
|
|
||||||
];
|
|
||||||
|
|
||||||
buildPhase = ''
|
|
||||||
mkdir -p $out/bin
|
|
||||||
|
|
||||||
cp example_configs/lldap-ha-auth.sh $out/bin/lldap-ha-auth
|
|
||||||
chmod a+x $out/bin/lldap-ha-auth
|
|
||||||
'';
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
wrapProgram $out/bin/lldap-ha-auth \
|
|
||||||
--prefix PATH : ${
|
|
||||||
lib.makeBinPath [
|
|
||||||
pkgs.gnused
|
|
||||||
pkgs.curl
|
|
||||||
pkgs.jq
|
|
||||||
]
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
|
|
@ -59,12 +59,12 @@ in
|
||||||
WEBUI_NAME = "SelfHostBlocks";
|
WEBUI_NAME = "SelfHostBlocks";
|
||||||
|
|
||||||
OLLAMA_BASE_URL = "http://127.0.0.1:''${toString config.services.ollama.port}";
|
OLLAMA_BASE_URL = "http://127.0.0.1:''${toString config.services.ollama.port}";
|
||||||
RAG_EMBEDDING_ENGINE = "ollama";
|
|
||||||
RAG_EMBEDDING_MODEL = "nomic-embed-text:v1.5";
|
RAG_EMBEDDING_MODEL = "nomic-embed-text:v1.5";
|
||||||
|
|
||||||
ENABLE_OPENAI_API = "True";
|
ENABLE_OPENAI_API = "True";
|
||||||
OPENAI_API_BASE_URL = "http://127.0.0.1:''${toString config.services.llama-cpp.port}";
|
OPENAI_API_BASE_URL = "http://127.0.0.1:''${toString config.services.llama-cpp.port}";
|
||||||
ENABLE_WEB_SEARCH = "True";
|
ENABLE_WEB_SEARCH = "True";
|
||||||
|
RAG_EMBEDDING_ENGINE = "openai";
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,24 +1,28 @@
|
||||||
From 8d38721322bc47ce089f8d246513be610e22c187 Mon Sep 17 00:00:00 2001
|
From fa1659eeb26375677b19fa5c3b2393f3faa05234 Mon Sep 17 00:00:00 2001
|
||||||
From: ibizaman <ibizaman@tiserbox.com>
|
From: ibizaman <ibizaman@tiserbox.com>
|
||||||
Date: Sun, 10 May 2026 08:58:10 +0200
|
Date: Sun, 10 May 2026 08:58:10 +0200
|
||||||
Subject: [PATCH] never onboard
|
Subject: [PATCH] never onboard
|
||||||
|
|
||||||
---
|
---
|
||||||
backend/open_webui/main.py | 2 --
|
backend/open_webui/main.py | 4 +---
|
||||||
1 file changed, 2 deletions(-)
|
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||||
|
|
||||||
diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
|
diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
|
||||||
index e05497c..826af7b 100644
|
index ba7f74c83..d9bab576a 100644
|
||||||
--- a/backend/open_webui/main.py
|
--- a/backend/open_webui/main.py
|
||||||
+++ b/backend/open_webui/main.py
|
+++ b/backend/open_webui/main.py
|
||||||
@@ -2391,8 +2391,6 @@ async def get_app_config(request: Request):
|
@@ -2192,11 +2192,9 @@ async def get_app_config(request: Request):
|
||||||
user = await Users.get_user_by_id(data['id'])
|
user = await Users.get_user_by_id(data['id'])
|
||||||
|
|
||||||
|
user_count = await Users.get_num_users()
|
||||||
|
+ # Never onboard
|
||||||
onboarding = False
|
onboarding = False
|
||||||
|
|
||||||
- if user is None:
|
- if user is None:
|
||||||
- onboarding = not await Users.has_users()
|
- onboarding = user_count == 0
|
||||||
|
-
|
||||||
user_count = await Users.get_num_users() if app.state.LICENSE_METADATA else None
|
return {
|
||||||
|
**({'onboarding': True} if onboarding else {}),
|
||||||
|
'status': True,
|
||||||
--
|
--
|
||||||
2.53.0
|
2.53.0
|
||||||
|
|
|
||||||
|
|
@ -3,28 +3,6 @@ let
|
||||||
pkgs' = pkgs;
|
pkgs' = pkgs;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
letsencryptDnsProvider = shb.test.runNixOSTest {
|
|
||||||
name = "ssl-letsencrypt-dns-provider";
|
|
||||||
|
|
||||||
nodes.server =
|
|
||||||
{ config, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
shb.test.baseImports
|
|
||||||
../../modules/blocks/ssl.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
shb.certs.certs.letsencrypt.dns = {
|
|
||||||
domain = "dns.example.com";
|
|
||||||
dnsProvider = "namecheap";
|
|
||||||
credentialsFile = "/run/this-file-does-not-exist-acme-env";
|
|
||||||
adminEmail = "admin@example.com";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
testScript = "";
|
|
||||||
};
|
|
||||||
|
|
||||||
test = shb.test.runNixOSTest {
|
test = shb.test.runNixOSTest {
|
||||||
name = "ssl-test";
|
name = "ssl-test";
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -156,7 +156,7 @@ let
|
||||||
mkdir -p /tmp/shared/
|
mkdir -p /tmp/shared/
|
||||||
cp -r trace /tmp/shared/
|
cp -r trace /tmp/shared/
|
||||||
""")
|
""")
|
||||||
server.copy_from_machine("trace")
|
server.copy_from_vm("trace")
|
||||||
except:
|
except:
|
||||||
print("No trace found on server")
|
print("No trace found on server")
|
||||||
if code != 0:
|
if code != 0:
|
||||||
|
|
@ -171,7 +171,7 @@ let
|
||||||
mkdir -p /tmp/shared/
|
mkdir -p /tmp/shared/
|
||||||
cp -r trace /tmp/shared/
|
cp -r trace /tmp/shared/
|
||||||
""")
|
""")
|
||||||
client.copy_from_machine("trace")
|
client.copy_from_vm("trace")
|
||||||
except:
|
except:
|
||||||
print("No trace found on client")
|
print("No trace found on client")
|
||||||
if code != 0:
|
if code != 0:
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,6 @@ in
|
||||||
expected = {
|
expected = {
|
||||||
services.davfs2.enable = false;
|
services.davfs2.enable = false;
|
||||||
systemd.mounts = [ ];
|
systemd.mounts = [ ];
|
||||||
systemd.services = { };
|
|
||||||
};
|
};
|
||||||
expr = testConfig { };
|
expr = testConfig { };
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -35,13 +35,7 @@ let
|
||||||
inherit (config.test) subdomain domain;
|
inherit (config.test) subdomain domain;
|
||||||
};
|
};
|
||||||
# Speeds up tests because models can't be downloaded anyway and that leads to retries.
|
# Speeds up tests because models can't be downloaded anyway and that leads to retries.
|
||||||
services.open-webui.environment = {
|
services.open-webui.environment.OFFLINE_MODE = "true";
|
||||||
OFFLINE_MODE = "true";
|
|
||||||
BYPASS_EMBEDDING_AND_RETRIEVAL = "true";
|
|
||||||
RAG_EMBEDDING_ENGINE = "ollama";
|
|
||||||
RAG_EMBEDDING_MODEL = "dummy";
|
|
||||||
RAG_OLLAMA_BASE_URL = "http://127.0.0.1:9";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.hosts = {
|
networking.hosts = {
|
||||||
"127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ];
|
"127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ];
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue