Compare commits

..

4 commits

Author SHA1 Message Date
Update Flake Lock PR
4a0c339cd6 update nixpkgs to 12999e6de169741f42aa0cc279588f809e98888c 2026-06-17 04:51:18 +00:00
Update Flake Lock PR
d0f876f70b update nixpkgs to a0fc42282c90f5e11a4f4157936a9e9dea33a5fb 2026-06-16 21:06:28 +00:00
Update Flake Lock PR
1765626e8b update nixpkgs to 3c8b62d1603c8f1252784f69804e489c382ae097 2026-06-16 17:13:18 +00:00
Update Flake Lock PR
f158654b06 update nixpkgs to 9ae611a455b90cf061d8f332b977e387bda8e1ca 2026-06-16 11:21:54 +00:00
14 changed files with 43 additions and 145 deletions

View file

@ -16,10 +16,6 @@ Template:
# Upcoming Release
# v0.9.0
Commits: https://github.com/ibizaman/selfhostblocks/compare/v0.8.0...v0.9.0
## Breaking Changes
- Updated simple-nixos-mailserver. Update all options following this pattern:
@ -32,28 +28,13 @@ Commits: https://github.com/ibizaman/selfhostblocks/compare/v0.8.0...v0.9.0
Note that simple-nixos-mailserver wanted to upgrade the location of the storage path
to include the ldap UID instead of the email but I kept the email address.
This means there is no migration to do.
- Update nixpkgs [from 6201e2 to abd1ea](https://github.com/ibizaman/selfhostblocks/compare/6201e203d09599479a3b3450ed24fa81537ebc4e...abd1ea17fdbedd48cbca770847b39e3a7a09ab5b).
## New Features
- Add `shb.zfs.snapshotBeforeActivation` option to take a ZFS snapshot of given datasets before activation.
See [the manual](https://shb.skarabox.com/blocks-zfs.html) for more details.
- Add [sanoid block](https://shb.skarabox.com/blocks-sanoid.html)
- Add option to take snapshot before activation with ZFS block.
## Fixes
- Fix oidc_login build for Nextcloud
- Fix mailserver build
## Other Changes
- Harden lldap configuration
- Convert ZFS block to system and [add documentation](https://shb.skarabox.com/blocks-zfs.html)
- Switch monitoring log fetching from deprecated promtail to fluent-bit
- Add test to catch drift for Let's Encrypt DNS provider
# [BROKEN] v0.8.0
# v0.8.0
## Breaking Changes

View file

@ -1 +1 @@
0.9.0
0.8.0

View file

@ -20,11 +20,11 @@
},
"nix-flake-tests": {
"locked": {
"lastModified": 1775571237,
"narHash": "sha256-1f5Uvgcy3gx/eyRp4rqfDRBjcZc9uiHoIlfcFIL7GvI=",
"lastModified": 1677844186,
"narHash": "sha256-ErJZ/Gs1rxh561CJeWP5bohA2IcTq1rDneu1WT6CVII=",
"owner": "antifuchs",
"repo": "nix-flake-tests",
"rev": "86b789cff8aecbd7c1bed7cd421dd837c3f62201",
"rev": "bbd9216bd0f6495bb961a8eb8392b7ef55c67afb",
"type": "github"
},
"original": {
@ -35,11 +35,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1781074563,
"narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=",
"owner": "nixos",
"lastModified": 1779344484,
"narHash": "sha256-7kuxpYP0hboqDsu9r1gdoZugvuQ21Ihkv9WL5uuLvvE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca",
"rev": "12999e6de169741f42aa0cc279588f809e98888c",
"type": "github"
},
"original": {

View file

@ -352,16 +352,12 @@ let
"expected"
"result"
];
nativeBuildInputs = [
(pkgs.python3.withPackages (ps: [ ps.deepdiff ] ++ ps.deepdiff.optional-dependencies.cli))
];
}
''
echo "${name} failed (- expected, + result)" > $out
cp ''${expectedPath} ''${expectedPath}.json
cp ''${resultPath} ''${resultPath}.json
deep diff ''${expectedPath}.json ''${resultPath}.json >> $out
${pkgs.deepdiff}/bin/deep diff ''${expectedPath}.json ''${resultPath}.json >> $out
''
);

View file

@ -75,30 +75,6 @@ in
config = {
services.davfs2.enable = builtins.length cfg.mounts > 0;
systemd.services = lib.optionalAttrs (builtins.length cfg.mounts > 0) {
davfs2-password-generation = {
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /etc/davfs2
[ -f /etc/davfs2/secrets ] && mv /etc/davfs2/secrets /etc/davfs2/secrets.prev
touch /etc/davfs2/secrets
chown root: /etc/davfs2
chown root: /etc/davfs2/secrets
chmod 700 /etc/davfs2
chmod 600 /etc/davfs2/secrets
''
+ (
let
mkPasswordCmd = cfg': ''
printf "%s %s %s\n" "${cfg'.mountPoint}" "${cfg'.username}" "$(cat ${cfg'.passwordFile})" >> /etc/davfs2/secrets
'';
in
lib.concatStringsSep "\n" (map mkPasswordCmd cfg.mounts)
);
};
};
systemd.mounts =
let
mkMountCfg = c: {
@ -106,7 +82,6 @@ in
description = "Webdav mount point";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
what = c.remoteUrl;
where = c.mountPoint;

View file

@ -249,10 +249,9 @@ in
let
recursiveFlag = lib.optionalString cfg.snapshotBeforeActivation.recursive "-r";
in
lib.concatMapStringsSep "\n" (ds: ''
echo "Taking ZFS snapshot of ${ds}@$name"
zfs snapshot ${recursiveFlag} ${ds}@"$name"
'') (lib.uniqueStrings datasets)
lib.concatMapStringsSep "\n" (ds: "zfs snapshot ${recursiveFlag} ${ds}@\"$name\"") (
lib.uniqueStrings datasets
)
)
);
};

View file

@ -11,13 +11,23 @@ let
fqdn = "${cfg.subdomain}.${cfg.domain}";
ldap_auth_script_repo = pkgs.fetchFromGitHub {
owner = "lldap";
repo = "lldap";
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
};
ldap_auth_script = pkgs.writeShellScriptBin "ldap_auth.sh" ''
export PATH=${pkgs.gnused}/bin:${pkgs.curl}/bin:${pkgs.jq}/bin
exec ${pkgs.bash}/bin/bash ${ldap_auth_script_repo}/example_configs/lldap-ha-auth.sh $@
'';
# Filter secrets from config. Secrets are those of the form { source = <path>; }
secrets = lib.attrsets.filterAttrs (k: v: builtins.isAttrs v) cfg.config;
nonSecrets = (lib.attrsets.filterAttrs (k: v: !(builtins.isAttrs v)) cfg.config);
lldap_ha_auth = pkgs.callPackage ./home-assistant/lldap_ha_auth.nix { };
configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets);
in
{
@ -270,10 +280,9 @@ in
}
])
++ (lib.optionals cfg.ldap.enable [
# https://www.home-assistant.io/docs/authentication/providers/#command-line
{
type = "command_line";
command = lldap_ha_auth + "/bin/lldap-ha-auth";
command = ldap_auth_script + "/bin/ldap_auth.sh";
args = [
"http://${cfg.ldap.host}:${toString cfg.ldap.port}"
cfg.ldap.userGroup

View file

@ -1,37 +0,0 @@
{
lib,
pkgs,
stdenvNoCC,
}:
stdenvNoCC.mkDerivation {
name = "lldap-ha-auth";
src = pkgs.fetchFromGitHub {
owner = "lldap";
repo = "lldap";
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
};
nativeBuildInputs = [
pkgs.makeWrapper
];
buildPhase = ''
mkdir -p $out/bin
cp example_configs/lldap-ha-auth.sh $out/bin/lldap-ha-auth
chmod a+x $out/bin/lldap-ha-auth
'';
installPhase = ''
wrapProgram $out/bin/lldap-ha-auth \
--prefix PATH : ${
lib.makeBinPath [
pkgs.gnused
pkgs.curl
pkgs.jq
]
}
'';
}

View file

@ -59,12 +59,12 @@ in
WEBUI_NAME = "SelfHostBlocks";
OLLAMA_BASE_URL = "http://127.0.0.1:''${toString config.services.ollama.port}";
RAG_EMBEDDING_ENGINE = "ollama";
RAG_EMBEDDING_MODEL = "nomic-embed-text:v1.5";
ENABLE_OPENAI_API = "True";
OPENAI_API_BASE_URL = "http://127.0.0.1:''${toString config.services.llama-cpp.port}";
ENABLE_WEB_SEARCH = "True";
RAG_EMBEDDING_ENGINE = "openai";
}
'';
};

View file

@ -1,24 +1,28 @@
From 8d38721322bc47ce089f8d246513be610e22c187 Mon Sep 17 00:00:00 2001
From fa1659eeb26375677b19fa5c3b2393f3faa05234 Mon Sep 17 00:00:00 2001
From: ibizaman <ibizaman@tiserbox.com>
Date: Sun, 10 May 2026 08:58:10 +0200
Subject: [PATCH] never onboard
---
backend/open_webui/main.py | 2 --
1 file changed, 2 deletions(-)
backend/open_webui/main.py | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
index e05497c..826af7b 100644
index ba7f74c83..d9bab576a 100644
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@@ -2391,8 +2391,6 @@ async def get_app_config(request: Request):
@@ -2192,11 +2192,9 @@ async def get_app_config(request: Request):
user = await Users.get_user_by_id(data['id'])
user_count = await Users.get_num_users()
+ # Never onboard
onboarding = False
- if user is None:
- onboarding = not await Users.has_users()
user_count = await Users.get_num_users() if app.state.LICENSE_METADATA else None
- onboarding = user_count == 0
-
return {
**({'onboarding': True} if onboarding else {}),
'status': True,
--
2.53.0

View file

@ -3,28 +3,6 @@ let
pkgs' = pkgs;
in
{
letsencryptDnsProvider = shb.test.runNixOSTest {
name = "ssl-letsencrypt-dns-provider";
nodes.server =
{ config, ... }:
{
imports = [
shb.test.baseImports
../../modules/blocks/ssl.nix
];
shb.certs.certs.letsencrypt.dns = {
domain = "dns.example.com";
dnsProvider = "namecheap";
credentialsFile = "/run/this-file-does-not-exist-acme-env";
adminEmail = "admin@example.com";
};
};
testScript = "";
};
test = shb.test.runNixOSTest {
name = "ssl-test";

View file

@ -156,7 +156,7 @@ let
mkdir -p /tmp/shared/
cp -r trace /tmp/shared/
""")
server.copy_from_machine("trace")
server.copy_from_vm("trace")
except:
print("No trace found on server")
if code != 0:
@ -171,7 +171,7 @@ let
mkdir -p /tmp/shared/
cp -r trace /tmp/shared/
""")
client.copy_from_machine("trace")
client.copy_from_vm("trace")
except:
print("No trace found on client")
if code != 0:

View file

@ -34,7 +34,6 @@ in
expected = {
services.davfs2.enable = false;
systemd.mounts = [ ];
systemd.services = { };
};
expr = testConfig { };
};

View file

@ -35,13 +35,7 @@ let
inherit (config.test) subdomain domain;
};
# Speeds up tests because models can't be downloaded anyway and that leads to retries.
services.open-webui.environment = {
OFFLINE_MODE = "true";
BYPASS_EMBEDDING_AND_RETRIEVAL = "true";
RAG_EMBEDDING_ENGINE = "ollama";
RAG_EMBEDDING_MODEL = "dummy";
RAG_OLLAMA_BASE_URL = "http://127.0.0.1:9";
};
services.open-webui.environment.OFFLINE_MODE = "true";
networking.hosts = {
"127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ];