Compare commits
4 commits
main
...
ci/nixpkgs
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
4a0c339cd6 | ||
|
|
d0f876f70b | ||
|
|
1765626e8b | ||
|
|
f158654b06 |
14 changed files with 43 additions and 145 deletions
21
CHANGELOG.md
21
CHANGELOG.md
|
|
@ -16,10 +16,6 @@ Template:
|
|||
|
||||
# Upcoming Release
|
||||
|
||||
# v0.9.0
|
||||
|
||||
Commits: https://github.com/ibizaman/selfhostblocks/compare/v0.8.0...v0.9.0
|
||||
|
||||
## Breaking Changes
|
||||
|
||||
- Updated simple-nixos-mailserver. Update all options following this pattern:
|
||||
|
|
@ -32,28 +28,13 @@ Commits: https://github.com/ibizaman/selfhostblocks/compare/v0.8.0...v0.9.0
|
|||
Note that simple-nixos-mailserver wanted to upgrade the location of the storage path
|
||||
to include the ldap UID instead of the email but I kept the email address.
|
||||
This means there is no migration to do.
|
||||
- Update nixpkgs [from 6201e2 to abd1ea](https://github.com/ibizaman/selfhostblocks/compare/6201e203d09599479a3b3450ed24fa81537ebc4e...abd1ea17fdbedd48cbca770847b39e3a7a09ab5b).
|
||||
|
||||
## New Features
|
||||
|
||||
- Add `shb.zfs.snapshotBeforeActivation` option to take a ZFS snapshot of given datasets before activation.
|
||||
See [the manual](https://shb.skarabox.com/blocks-zfs.html) for more details.
|
||||
- Add [sanoid block](https://shb.skarabox.com/blocks-sanoid.html)
|
||||
- Add option to take snapshot before activation with ZFS block.
|
||||
|
||||
## Fixes
|
||||
|
||||
- Fix oidc_login build for Nextcloud
|
||||
- Fix mailserver build
|
||||
|
||||
## Other Changes
|
||||
|
||||
- Harden lldap configuration
|
||||
- Convert ZFS block to system and [add documentation](https://shb.skarabox.com/blocks-zfs.html)
|
||||
- Switch monitoring log fetching from deprecated promtail to fluent-bit
|
||||
- Add test to catch drift for Let's Encrypt DNS provider
|
||||
|
||||
# [BROKEN] v0.8.0
|
||||
# v0.8.0
|
||||
|
||||
## Breaking Changes
|
||||
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
0.9.0
|
||||
0.8.0
|
||||
14
flake.lock
14
flake.lock
|
|
@ -20,11 +20,11 @@
|
|||
},
|
||||
"nix-flake-tests": {
|
||||
"locked": {
|
||||
"lastModified": 1775571237,
|
||||
"narHash": "sha256-1f5Uvgcy3gx/eyRp4rqfDRBjcZc9uiHoIlfcFIL7GvI=",
|
||||
"lastModified": 1677844186,
|
||||
"narHash": "sha256-ErJZ/Gs1rxh561CJeWP5bohA2IcTq1rDneu1WT6CVII=",
|
||||
"owner": "antifuchs",
|
||||
"repo": "nix-flake-tests",
|
||||
"rev": "86b789cff8aecbd7c1bed7cd421dd837c3f62201",
|
||||
"rev": "bbd9216bd0f6495bb961a8eb8392b7ef55c67afb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -35,11 +35,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1781074563,
|
||||
"narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=",
|
||||
"owner": "nixos",
|
||||
"lastModified": 1779344484,
|
||||
"narHash": "sha256-7kuxpYP0hboqDsu9r1gdoZugvuQ21Ihkv9WL5uuLvvE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca",
|
||||
"rev": "12999e6de169741f42aa0cc279588f809e98888c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
|
|
@ -352,16 +352,12 @@ let
|
|||
"expected"
|
||||
"result"
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
(pkgs.python3.withPackages (ps: [ ps.deepdiff ] ++ ps.deepdiff.optional-dependencies.cli))
|
||||
];
|
||||
}
|
||||
''
|
||||
echo "${name} failed (- expected, + result)" > $out
|
||||
cp ''${expectedPath} ''${expectedPath}.json
|
||||
cp ''${resultPath} ''${resultPath}.json
|
||||
deep diff ''${expectedPath}.json ''${resultPath}.json >> $out
|
||||
${pkgs.deepdiff}/bin/deep diff ''${expectedPath}.json ''${resultPath}.json >> $out
|
||||
''
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -75,30 +75,6 @@ in
|
|||
config = {
|
||||
services.davfs2.enable = builtins.length cfg.mounts > 0;
|
||||
|
||||
systemd.services = lib.optionalAttrs (builtins.length cfg.mounts > 0) {
|
||||
davfs2-password-generation = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = ''
|
||||
mkdir -p /etc/davfs2
|
||||
[ -f /etc/davfs2/secrets ] && mv /etc/davfs2/secrets /etc/davfs2/secrets.prev
|
||||
touch /etc/davfs2/secrets
|
||||
chown root: /etc/davfs2
|
||||
chown root: /etc/davfs2/secrets
|
||||
chmod 700 /etc/davfs2
|
||||
chmod 600 /etc/davfs2/secrets
|
||||
''
|
||||
+ (
|
||||
let
|
||||
mkPasswordCmd = cfg': ''
|
||||
printf "%s %s %s\n" "${cfg'.mountPoint}" "${cfg'.username}" "$(cat ${cfg'.passwordFile})" >> /etc/davfs2/secrets
|
||||
'';
|
||||
in
|
||||
lib.concatStringsSep "\n" (map mkPasswordCmd cfg.mounts)
|
||||
);
|
||||
};
|
||||
};
|
||||
|
||||
systemd.mounts =
|
||||
let
|
||||
mkMountCfg = c: {
|
||||
|
|
@ -106,7 +82,6 @@ in
|
|||
description = "Webdav mount point";
|
||||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
what = c.remoteUrl;
|
||||
where = c.mountPoint;
|
||||
|
|
|
|||
|
|
@ -249,10 +249,9 @@ in
|
|||
let
|
||||
recursiveFlag = lib.optionalString cfg.snapshotBeforeActivation.recursive "-r";
|
||||
in
|
||||
lib.concatMapStringsSep "\n" (ds: ''
|
||||
echo "Taking ZFS snapshot of ${ds}@$name"
|
||||
zfs snapshot ${recursiveFlag} ${ds}@"$name"
|
||||
'') (lib.uniqueStrings datasets)
|
||||
lib.concatMapStringsSep "\n" (ds: "zfs snapshot ${recursiveFlag} ${ds}@\"$name\"") (
|
||||
lib.uniqueStrings datasets
|
||||
)
|
||||
)
|
||||
);
|
||||
};
|
||||
|
|
|
|||
|
|
@ -11,13 +11,23 @@ let
|
|||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
|
||||
ldap_auth_script_repo = pkgs.fetchFromGitHub {
|
||||
owner = "lldap";
|
||||
repo = "lldap";
|
||||
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
|
||||
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
|
||||
};
|
||||
|
||||
ldap_auth_script = pkgs.writeShellScriptBin "ldap_auth.sh" ''
|
||||
export PATH=${pkgs.gnused}/bin:${pkgs.curl}/bin:${pkgs.jq}/bin
|
||||
exec ${pkgs.bash}/bin/bash ${ldap_auth_script_repo}/example_configs/lldap-ha-auth.sh $@
|
||||
'';
|
||||
|
||||
# Filter secrets from config. Secrets are those of the form { source = <path>; }
|
||||
secrets = lib.attrsets.filterAttrs (k: v: builtins.isAttrs v) cfg.config;
|
||||
|
||||
nonSecrets = (lib.attrsets.filterAttrs (k: v: !(builtins.isAttrs v)) cfg.config);
|
||||
|
||||
lldap_ha_auth = pkgs.callPackage ./home-assistant/lldap_ha_auth.nix { };
|
||||
|
||||
configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets);
|
||||
in
|
||||
{
|
||||
|
|
@ -270,10 +280,9 @@ in
|
|||
}
|
||||
])
|
||||
++ (lib.optionals cfg.ldap.enable [
|
||||
# https://www.home-assistant.io/docs/authentication/providers/#command-line
|
||||
{
|
||||
type = "command_line";
|
||||
command = lldap_ha_auth + "/bin/lldap-ha-auth";
|
||||
command = ldap_auth_script + "/bin/ldap_auth.sh";
|
||||
args = [
|
||||
"http://${cfg.ldap.host}:${toString cfg.ldap.port}"
|
||||
cfg.ldap.userGroup
|
||||
|
|
|
|||
|
|
@ -1,37 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
stdenvNoCC,
|
||||
}:
|
||||
stdenvNoCC.mkDerivation {
|
||||
name = "lldap-ha-auth";
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "lldap";
|
||||
repo = "lldap";
|
||||
rev = "7d1f5abc137821c500de99c94f7579761fc949d8";
|
||||
sha256 = "sha256-8D+7ww70Ja6Qwdfa+7MpjAAHewtCWNf/tuTAExoUrg0=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
pkgs.makeWrapper
|
||||
];
|
||||
|
||||
buildPhase = ''
|
||||
mkdir -p $out/bin
|
||||
|
||||
cp example_configs/lldap-ha-auth.sh $out/bin/lldap-ha-auth
|
||||
chmod a+x $out/bin/lldap-ha-auth
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
wrapProgram $out/bin/lldap-ha-auth \
|
||||
--prefix PATH : ${
|
||||
lib.makeBinPath [
|
||||
pkgs.gnused
|
||||
pkgs.curl
|
||||
pkgs.jq
|
||||
]
|
||||
}
|
||||
'';
|
||||
}
|
||||
|
|
@ -59,12 +59,12 @@ in
|
|||
WEBUI_NAME = "SelfHostBlocks";
|
||||
|
||||
OLLAMA_BASE_URL = "http://127.0.0.1:''${toString config.services.ollama.port}";
|
||||
RAG_EMBEDDING_ENGINE = "ollama";
|
||||
RAG_EMBEDDING_MODEL = "nomic-embed-text:v1.5";
|
||||
|
||||
ENABLE_OPENAI_API = "True";
|
||||
OPENAI_API_BASE_URL = "http://127.0.0.1:''${toString config.services.llama-cpp.port}";
|
||||
ENABLE_WEB_SEARCH = "True";
|
||||
RAG_EMBEDDING_ENGINE = "openai";
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,24 +1,28 @@
|
|||
From 8d38721322bc47ce089f8d246513be610e22c187 Mon Sep 17 00:00:00 2001
|
||||
From fa1659eeb26375677b19fa5c3b2393f3faa05234 Mon Sep 17 00:00:00 2001
|
||||
From: ibizaman <ibizaman@tiserbox.com>
|
||||
Date: Sun, 10 May 2026 08:58:10 +0200
|
||||
Subject: [PATCH] never onboard
|
||||
|
||||
---
|
||||
backend/open_webui/main.py | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
backend/open_webui/main.py | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
|
||||
index e05497c..826af7b 100644
|
||||
index ba7f74c83..d9bab576a 100644
|
||||
--- a/backend/open_webui/main.py
|
||||
+++ b/backend/open_webui/main.py
|
||||
@@ -2391,8 +2391,6 @@ async def get_app_config(request: Request):
|
||||
@@ -2192,11 +2192,9 @@ async def get_app_config(request: Request):
|
||||
user = await Users.get_user_by_id(data['id'])
|
||||
|
||||
user_count = await Users.get_num_users()
|
||||
+ # Never onboard
|
||||
onboarding = False
|
||||
|
||||
- if user is None:
|
||||
- onboarding = not await Users.has_users()
|
||||
|
||||
user_count = await Users.get_num_users() if app.state.LICENSE_METADATA else None
|
||||
|
||||
- onboarding = user_count == 0
|
||||
-
|
||||
return {
|
||||
**({'onboarding': True} if onboarding else {}),
|
||||
'status': True,
|
||||
--
|
||||
2.53.0
|
||||
|
|
|
|||
|
|
@ -3,28 +3,6 @@ let
|
|||
pkgs' = pkgs;
|
||||
in
|
||||
{
|
||||
letsencryptDnsProvider = shb.test.runNixOSTest {
|
||||
name = "ssl-letsencrypt-dns-provider";
|
||||
|
||||
nodes.server =
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
shb.test.baseImports
|
||||
../../modules/blocks/ssl.nix
|
||||
];
|
||||
|
||||
shb.certs.certs.letsencrypt.dns = {
|
||||
domain = "dns.example.com";
|
||||
dnsProvider = "namecheap";
|
||||
credentialsFile = "/run/this-file-does-not-exist-acme-env";
|
||||
adminEmail = "admin@example.com";
|
||||
};
|
||||
};
|
||||
|
||||
testScript = "";
|
||||
};
|
||||
|
||||
test = shb.test.runNixOSTest {
|
||||
name = "ssl-test";
|
||||
|
||||
|
|
|
|||
|
|
@ -156,7 +156,7 @@ let
|
|||
mkdir -p /tmp/shared/
|
||||
cp -r trace /tmp/shared/
|
||||
""")
|
||||
server.copy_from_machine("trace")
|
||||
server.copy_from_vm("trace")
|
||||
except:
|
||||
print("No trace found on server")
|
||||
if code != 0:
|
||||
|
|
@ -171,7 +171,7 @@ let
|
|||
mkdir -p /tmp/shared/
|
||||
cp -r trace /tmp/shared/
|
||||
""")
|
||||
client.copy_from_machine("trace")
|
||||
client.copy_from_vm("trace")
|
||||
except:
|
||||
print("No trace found on client")
|
||||
if code != 0:
|
||||
|
|
|
|||
|
|
@ -34,7 +34,6 @@ in
|
|||
expected = {
|
||||
services.davfs2.enable = false;
|
||||
systemd.mounts = [ ];
|
||||
systemd.services = { };
|
||||
};
|
||||
expr = testConfig { };
|
||||
};
|
||||
|
|
|
|||
|
|
@ -35,13 +35,7 @@ let
|
|||
inherit (config.test) subdomain domain;
|
||||
};
|
||||
# Speeds up tests because models can't be downloaded anyway and that leads to retries.
|
||||
services.open-webui.environment = {
|
||||
OFFLINE_MODE = "true";
|
||||
BYPASS_EMBEDDING_AND_RETRIEVAL = "true";
|
||||
RAG_EMBEDDING_ENGINE = "ollama";
|
||||
RAG_EMBEDDING_MODEL = "dummy";
|
||||
RAG_OLLAMA_BASE_URL = "http://127.0.0.1:9";
|
||||
};
|
||||
services.open-webui.environment.OFFLINE_MODE = "true";
|
||||
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ];
|
||||
|
|
|
|||
Loading…
Reference in a new issue