From d3024248d9b7a7a7ec78899a75ced30f161388e6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 25 Jan 2024 00:09:06 +0100 Subject: [PATCH] radicale path updates and updatekey command --- Justfile | 3 + nix/home-manager/programs/radicale.nix | 4 +- nix/pkgs/logseq/Containerfile | 59 +++++++++++++++++++ nix/pkgs/logseq/README.md | 6 ++ nix/pkgs/logseq/default.nix | 80 ++++++++++++++++++++++++++ nix/pkgs/logseq/flake.nix | 18 ++++++ secrets/desktop/radicale_htpasswd | 18 +++--- 7 files changed, 179 insertions(+), 9 deletions(-) create mode 100644 nix/pkgs/logseq/Containerfile create mode 100644 nix/pkgs/logseq/README.md create mode 100644 nix/pkgs/logseq/default.nix create mode 100644 nix/pkgs/logseq/flake.nix diff --git a/Justfile b/Justfile index 0b3bb36..1633cba 100755 --- a/Justfile +++ b/Justfile @@ -306,3 +306,6 @@ test-connection: cachix-use name: nix run nixpkgs/nixos-unstable#cachix -- use {{name}} -m nixos -d nix/os/ + +update-sops-keys: + for file in $(egrep -lr '"?sops"?:') secrets; do sops updatekeys -y $file; done diff --git a/nix/home-manager/programs/radicale.nix b/nix/home-manager/programs/radicale.nix index bcedd41..1a89d95 100644 --- a/nix/home-manager/programs/radicale.nix +++ b/nix/home-manager/programs/radicale.nix @@ -63,8 +63,8 @@ let [storage] type = radicale_storage_decsync - filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix} - decsync_dir = ${config.xdg.dataHome}/decsync-${suffix} + filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix} + decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix} ''; in { diff --git a/nix/pkgs/logseq/Containerfile b/nix/pkgs/logseq/Containerfile new file mode 100644 index 0000000..e61e2b9 --- /dev/null +++ b/nix/pkgs/logseq/Containerfile @@ -0,0 +1,59 @@ +# NOTE: please keep it in sync with .github pipelines +# NOTE: during testing make sure to change the branch below +# NOTE: before running the build-docker GH action edit +# build-docker.yml and change the release channel from :latest to :testing + +# Builder image +FROM clojure:temurin-11-tools-deps-1.11.1.1208-bullseye-slim as builder + +ARG DEBIAN_FRONTEND=noninteractive + +# Install reqs +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl \ + ca-certificates \ + apt-transport-https \ + gpg \ + build-essential libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev \ + zip + +# install NodeJS & yarn +RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - + +RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | \ + tee /etc/apt/trusted.gpg.d/yarn.gpg && \ + echo "deb https://dl.yarnpkg.com/debian/ stable main" | \ + tee /etc/apt/sources.list.d/yarn.list && \ + apt-get update && apt-get install -y nodejs yarn + +WORKDIR /data + +ENV VERSION=0.10.5 + +# build Logseq static resources +RUN git clone -b ${VERSION} https://github.com/logseq/logseq.git . + +RUN yarn config set network-timeout 240000 -g && yarn install +RUN yarn release-electron + +RUN mkdir /out +RUN mv /data/static/out/make/zip /out/${VERSION}.zip +RUN mv /data/static/out/make/*.AppImage /out/ + +FROM scratch as artifacts +COPY --from=builder /out / +# Logseq-${VERSION}.AppImage +# RUN mv zip /${VERSION}.zip + +# RUN \ +# mkdir -p builds +# # NOTE: save VERSION file to builds directory +# cp static/VERSION ./builds/VERSION +# mv static/out/make/*-*.AppImage ./builds/Logseq-linux-aarch64-${VERSION}.AppImage +# mv static/out/make/zip/linux/x64/*-linux-x64-*.zip ./builds/Logseq-linux-aarch64-${VERSION}.zip + +# # Web App Runner image +# FROM nginx:1.24.0-alpine3.17 +# +# COPY --from=builder /data/static /usr/share/nginx/html +# diff --git a/nix/pkgs/logseq/README.md b/nix/pkgs/logseq/README.md new file mode 100644 index 0000000..1ae1756 --- /dev/null +++ b/nix/pkgs/logseq/README.md @@ -0,0 +1,6 @@ +this is pseudocode that serves as a reminder + +1. podman build -f Containerfile +2. podman unshare +3. podman mount $CONTAINER_ID +4. upload the AppImaeg diff --git a/nix/pkgs/logseq/default.nix b/nix/pkgs/logseq/default.nix new file mode 100644 index 0000000..f93efb0 --- /dev/null +++ b/nix/pkgs/logseq/default.nix @@ -0,0 +1,80 @@ +{ lib +, pname ? "logseq" +, version ? "0.10.5" +, src ? fetchurl { + url = "https://github.com/logseq/logseq/releases/download/${ version}/logseq-linux-x64-${ version}.AppImage"; + hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; + name = "${ pname}-${ version}.AppImage"; + } +, stdenv +, fetchurl +, appimageTools +, makeWrapper + # graphs will not sync without matching upstream's major electron version +, electron_27 +, git +, nix-update-script +}: + +stdenv.mkDerivation + (finalAttrs: + let + inherit (finalAttrs) pname version src appimageContents; + + in + { + inherit version pname src; + + appimageContents = appimageTools.extract { + inherit pname src version; + }; + + dontUnpack = true; + dontConfigure = true; + dontBuild = true; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin $out/share/${pname} $out/share/applications + cp -a ${appimageContents}/{locales,resources} $out/share/${pname} + cp -a ${appimageContents}/Logseq.desktop $out/share/applications/${pname}.desktop + + # remove the `git` in `dugite` because we want the `git` in `nixpkgs` + chmod +w -R $out/share/${pname}/resources/app/node_modules/dugite/git + chmod +w $out/share/${pname}/resources/app/node_modules/dugite + rm -rf $out/share/${pname}/resources/app/node_modules/dugite/git + chmod -w $out/share/${pname}/resources/app/node_modules/dugite + + mkdir -p $out/share/pixmaps + ln -s $out/share/${pname}/resources/app/icons/logseq.png $out/share/pixmaps/${pname}.png + + substituteInPlace $out/share/applications/${pname}.desktop \ + --replace Exec=Logseq Exec=${pname} \ + --replace Icon=Logseq Icon=${pname} + + runHook postInstall + ''; + + postFixup = '' + # set the env "LOCAL_GIT_DIRECTORY" for dugite so that we can use the git in nixpkgs + makeWrapper ${electron_27}/bin/electron $out/bin/${pname} \ + --set "LOCAL_GIT_DIRECTORY" ${git} \ + --add-flags $out/share/${pname}/resources/app \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ + --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc.lib ]}" + ''; + + passthru.updateScript = nix-update-script { }; + + meta = { + description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; + homepage = "https://github.com/logseq/logseq"; + changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; + license = lib.licenses.agpl3Plus; + maintainers = with lib.maintainers; [ ]; + platforms = [ "x86_64-linux" ]; + }; + }) diff --git a/nix/pkgs/logseq/flake.nix b/nix/pkgs/logseq/flake.nix new file mode 100644 index 0000000..0ddb02e --- /dev/null +++ b/nix/pkgs/logseq/flake.nix @@ -0,0 +1,18 @@ +{ + inputs = { + utils.url = "github:numtide/flake-utils"; + # clj2nix.url = "github:hlolli/clj2nix"; + logseq.url = "github:logseq/logseq/0.5.9"; + }; + + outputs = { nixpkgs, self, utils }: utils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { inherit system; }; + # clj2nixBin = clj2nix.defaultPackage.${system}; + in + { + packages = pkgs.callPackage ./default.nix { inherit self; }; + nixpkgs = pkgs; + }); + +} diff --git a/secrets/desktop/radicale_htpasswd b/secrets/desktop/radicale_htpasswd index 10cda96..5b0f6b6 100644 --- a/secrets/desktop/radicale_htpasswd +++ b/secrets/desktop/radicale_htpasswd @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:4Sfp4HqBQ/gsdK1iIwVisHxXHB9ryuTcsxqa4pJMYPBkn0C/Z43TuvZnUpZyACAIL00h7sPMEqQbdvmiHoo2CVizl5hB0wT6QdBwjuSjjuNDwqqJTvistCNBGsTQrb8fdsmTMGEyQmC0yQ6eF3STIT2PP/M1NPZ30zqxQInscv0Mem3n1yT0S3xamwvXkJq+WQvEhJpggsp8,iv:B+KVrsWRHYhvNCkwWhHOF6CFTpF4/tI5wOD05aMf2JI=,tag:srnaV+etedgReXLZ9QBPCw==,type:str]", + "data": "ENC[AES256_GCM,data:rUTsNj5pW/7JhyfRWiEoOHVT06tmbAHarOEuMkWaP+jz9FX3Qvjtv2S767Be89RwBdZZPTyO5+DcWUH+m2AOoAFKZs8TgT7lmQCuweXE27HZe88y+mNvHYfExWbLaC3fxheHgy8BgZBQNdVMKhZlYr5nLxJBrUY+j2sRP/CuucUcbsCojoHqYmb9hpS03PZ7i6Uf7tImgvFc,iv:pnYzcggEWKAhRxJyOGYaXFrS6kN7uLHic+tO1PeHZmg=,tag:4eXlaWf7hJxcy6zlQC5U8Q==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -8,19 +8,23 @@ "age": [ { "recipient": "age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTVMxdkpjQllIZlRpQjEr\nc0RqNzNnOGplcDR6by9aL0JQY0ZmZjV3OUhrCm1sbHEvQ3hFZVg1YU5wOU5kaGpI\nK25zckJNaXhWd21kUHIyTm8yVW0reWsKLS0tIHVvbDhYZjRSbVRjOWZNaWkwcm1z\neVJyTTRNNTJBeVYxdDFCL1ozQjhQUkUK09k0LVNUugbxtZJB1JEXWmB2Q35mK1MW\nY12rpx4QwFUf1uhZDGmHMU0mrmaZRhkiTXTW+MtbHHtiGCxI8JrgLQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRG1PWnJpTjRCOFVXS21h\nTUxFb1ZsS1piTUxtdmRSVGFmNGlzZmZqWXo4CnhMY3hBZU93bE45MFBJSG9Nd3Zh\nNi9DQjZlb2FzQXplZXovOENBOWRUQ0kKLS0tIFJsNklCUWFZdzhNaXlFQ2lFTGd5\nREp5VFZaNFlZeWVTUXlJSWpUOXA0OEEKEO5EEvjKL2BdBd+eHxvicl3IhGV/WNRS\ni5065sFhraZ+6MAg91eHUcwcfwjhx0tr06v9xARtKzgEEpgxHLT6BQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1y9urllccdcemlv7g5z4peuzeh5ah0a8nu6cnkvym8v2vfhqjd5jql483c6", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWHZjdERBT0hHTVVnMzJJ\nSURhU0NrelB4b0FuTmM1VFIvRFRpQS9sMEQwClJsWGVTUE1hN0Y5c3dETUcyUllX\nSmIzR2ZhMDJDa1hsY0xBaGJrNXkrMUUKLS0tIHAwenJOOHZOSksrQ2dacVhKQVg5\ndEl6QVdkTHdGbG81OUUzOFprZHVRUm8KVYgQ5wUkCDZa9SUbmJgtpWY/LWruAg2t\nZFVYJUZ7B/Pd6rzvtOVjU8mEOaMbtq1cYkiAcuzhIdoTxu1TX11OPA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-01-22T17:03:08Z", - "mac": "ENC[AES256_GCM,data:BS4BPjzA663knjD53QWjjDKmYmT6GcOVJru0XBWDQakVvgZwrPnRSZWSuC+ubtTBiG+EMK8Zx7nY3i8S/T0AkO9FmxBR476m8oopkNvCQIIEOkOK0F5I2gd6W/SDqKBC8Wzb6qWxGYDeZBmnvjpapcyW+VvJvaXhjSJpOgff+LQ=,iv:mwa9p6YJPLDWUcPxgGErZUSd5afCdg3YmY3fL1/f6do=,tag:MQN6KPB0NwVakSps9/sLzw==,type:str]", + "lastmodified": "2024-01-24T22:45:02Z", + "mac": "ENC[AES256_GCM,data:70nJ8FwQqWKUs5tVZTdaUSnFdvzh7h7GG9lJU9IVuSW8GHs9N4srFRJ0DtJbrIYm4YasNsZqNUcWx/ptxzP0DG/IJs8Vpnb4U5SXKw+zN7B5GBM0Xnh6pZZcylAw7lcXevBfI4jw7Ymmj5zBIFyKTCKhietayfmxdIxyoaxNH34=,iv:XJgmRc0tONH9H6AQyfJvDdkfJgP3ugAxOPxMkBqhLMo=,tag:MBN8FJglHqTiS5nLjtMXiA==,type:str]", "pgp": [ { - "created_at": "2023-07-01T17:45:58Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nwcBMA0SHG/zF3227AQf/e3rEGHYLdAQ3t5Ye7EY8HGj3zplmEm6yX/OD6atnIH56\n1n+buBEsCnj6OMJ8IPBI1KMlR3agvrTcP1U428VaJKEqMAfAbmTxHvuYv17r4z3c\nuxtvnK4BUC0BIgf3b9FP1uQBvmwSR3bIV1JuD1or88j9iY3dO7KbwbAEF+HMqj9/\nz+NM9ZGi/mpdFHLCKp52FgKi+eiNyGiJS1a8VSda/X8GwcmQYUzSkUxOcjGVTmYr\nBzie319eutOq6zf9+8WGO+Jd8XDlFdmucXyb5kkJkKv0kUeEMKePktpxjh/SUH2E\nVWLDa3rLPEZWvvLtDeOgAWdxNVBsvAhFwyUl7hJ+INJRAbgK7jJpGJuNUmN48P/Y\nKj1/x5hKlBOQpqWyoB751Sq2hAITS/UyvpIEL7cH9ASq369SVa7tI6KL0Ut5wSDb\n1681kueTerz2szUe6DPcAC4U\n=Bu6s\n-----END PGP MESSAGE-----", + "created_at": "2024-01-24T22:48:30Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA0SHG/zF3227AQgAl7wj8pgA42CyZ+b0ykAVMIzfVsX5zfyLTL3fKRC78kGH\n7D6Lp6Fesp3dZ8c7awWEM3b1WEFOS8Yklo6bfZCnioJoqZhMtYhyTCi+KEBXdw7g\n+KAquXkrD6mYOVBXoKHUqUBoDjFjU/stfV2Pdnl5I7SGYFHtyv8jwdJXbBInDNI6\nmtVzpKoM7pCFHH0Vz+A1D1X4k+96znbSnjHVBgOFLjyZ2KGPKBKud4nM0idAO/tO\nH77ApV1qRBU7weI5yTbK7GeuUxFYrolxkqOCPUH6E5Z2eVQ8ACUFpvgX4ET91jeP\nYTbTuq9cfm/gPsFIGtZLgWSq7cCZHe12nPHT//ajK9JcASNmmTiJFvK19WmN7spg\nbfDJLZud80PNu6MVXthwRGJ50/yRSrO8e/5tCjVz7UlkOmVG5ClsGDfRCH5gJDqS\nMJ+UdOHZjqcZu6TkBmSNX+9fRS1hgCiGxOjT2mU=\n=q3es\n-----END PGP MESSAGE-----", "fp": "6F7069FE6B96E894E60EC45C6EEFA706CB17E89B" } ], "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" + "version": "3.8.1" } } \ No newline at end of file