update packages + patches that come w/ it

2026-04-17 19:16:39 -07:00 · 2026-04-17 19:16:39 -07:00 · 2621308fc0
commit 2621308fc0
parent 4304b5c887
7 changed files with 56 additions and 69 deletions
--- a/flake.lock
+++ b/flake.lock
@ -39,11 +39,11 @@
    },
    "hardware": {
      "locked": {
-        "lastModified": 1761933221,
-        "narHash": "sha256-rNHeoG3ZrA94jczyLSjxCtu67YYPYIlXXr0uhG3wNxM=",
+        "lastModified": 1775490113,
+        "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "7467f155fcba189eb088a7601f44fbef7688669b",
+        "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7",
        "type": "github"
      },
      "original": {
@ -59,11 +59,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1762041416,
-        "narHash": "sha256-rmJKABRXnhFjjI6RB/MnEvLTQa569zu684Th9y6UlOI=",
+        "lastModified": 1776454077,
+        "narHash": "sha256-7zSUFWsU0+jlD7WB3YAxQ84Z/iJurA5hKPm8EfEyGJk=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "c0016dd14773f4ca0b467b74c7cdcc501570df4b",
+        "rev": "565e5349208fe7d0831ef959103c9bafbeac0681",
        "type": "github"
      },
      "original": {
@ -90,11 +90,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1761907660,
-        "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
+        "lastModified": 1776169885,
+        "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15",
+        "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
        "type": "github"
      },
      "original": {
@ -179,11 +179,11 @@
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1753541826,
-        "narHash": "sha256-foGgZu8+bCNIGeuDqQ84jNbmKZpd+JvnrL2WlyU4tuU=",
+        "lastModified": 1770124655,
+        "narHash": "sha256-yHmd2B13EtBUPLJ+x0EaBwNkQr9LTne1arLVxT6hSnY=",
        "owner": "nix-community",
        "repo": "nixos-vscode-server",
-        "rev": "6d5f074e4811d143d44169ba4af09b20ddb6937d",
+        "rev": "92ce71c3ba5a94f854e02d57b14af4997ab54ef0",
        "type": "github"
      },
      "original": {
--- a/modules/security.nix
+++ b/modules/security.nix
@ -69,9 +69,6 @@ in {
    (mkIf cfg.useDoas {
      security.sudo.enable = false;
      security.doas.enable = true;
-      security.doas.extraRules = [
-        { users = [ config.user.name ]; noPass = true; persist = false; keepEnv = true; }
-      ];
      environment.systemPackages = with pkgs; [ doas-sudo-shim ];
    })
  ];
--- a/modules/services/amdl.nix
+++ b/modules/services/amdl.nix
@ -8,7 +8,7 @@ in {
    enable = mkEnableOption "enable amdl, an apple music download server";
    port = mkOption {
      type = types.int;
-      default = 3001;
+      default = 2001;
    };
    domain = mkOption {
      type = types.str;
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -8,7 +8,7 @@ in {
    enable = mkEnableOption "enable forgejo, a lightweight git server";
    port = mkOption {
      type = types.int;
-      default = 3000;
+      default = 2000;
    };
    domain = mkOption {
      type = types.str;
--- a/modules/services/metrics.nix
+++ b/modules/services/metrics.nix
@ -5,7 +5,7 @@ let
  cfg = config.modules.services.metrics;
 in {
  options.modules.services.metrics = {
-    enable = mkEnableOption "enable grafana with loki, prometheus, and promtail";
+    enable = mkEnableOption "enable grafana with prometheus, alloy, and loki";
    domain = mkOption {
      type = types.str;
      default = "grafana.reidlab.pink";
@ -16,15 +16,15 @@ in {
    };
    grafanaPort = mkOption {
      type = types.int;
-      default = 2000;
+      default = 3000;
    };
-    promtailPort = mkOption {
+    alloyPort = mkOption {
      type = types.int;
-      default = 2001;
+      default = 12345;
    };
    lokiPort = mkOption {
      type = types.int;
-      default = 2002;
+      default = 3100;
    };
    prometheusPort = mkOption {
      type = types.int;
@ -46,6 +46,10 @@ in {
          http_port = cfg.grafanaPort;
          http_addr = "127.0.0.1";
        };
+        database.type = "sqlite3"; # TODO: use postgres?
+        # use default secret key
+        # TODO: maybe don't do that idk 
+        security.secret_key = "SW2YcwTIb9zpOOhoPsMm";
      };

      provision.datasources.settings = {
@ -201,38 +205,40 @@ in {
      };
    };

-    services.promtail = {
+    services.alloy = {
      enable = true;

-      configuration = {
-        server = {
-          http_listen_port = cfg.promtailPort;
-          grpc_listen_port = 0;
-        };
-
-        positions.filename = "/tmp/positions.yaml";
-
-        client.url = "http://127.0.0.1:${toString cfg.lokiPort}/loki/api/v1/push";
-
-        scrape_configs = [
-          {
-            job_name = "journal";
-            journal = {
-              max_age = "12h";
-              labels = {
-                job = "systemd-journal";
-                hostname = config.networking.hostName;
-              };
-            };
-            relabel_configs = [
-              {
-                source_labels = [ "__journal__systemd_unit" ];
-                target_label = "unit";
-              }
-            ];
+      extraFlags = [
+        "--server.http.listen-addr=127.0.0.1:${toString cfg.alloyPort}"
+        "--disable-reporting" # disable telemetry
+      ];
+      configPath = pkgs.writeText "config.alloy" ''
+        loki.relabel "journal" {
+          forward_to = []
+          rule {
+            source_labels = ["__journal__systemd_unit"]
+            target_label = "unit"
          }
-        ];
-      };
+          rule {
+            source_labels = ["__journal__hostname"]
+            target_label = "hostname"
+          }
+        }
+
+        loki.source.journal "journal" {
+          forward_to = [loki.write.default.receiver]
+          max_age = "12h"
+
+          labels = {job = "systemd-journal"}
+          relabel_rules = loki.relabel.journal.rules
+        }
+
+        loki.write "default" {
+          endpoint {
+            url = "http://localhost:${toString cfg.lokiPort}/loki/api/v1/push"
+          }
+        }
+      '';
    };

    services.nginx.statusPage = true;
--- a/modules/services/staticSites.nix
+++ b/modules/services/staticSites.nix
@ -22,12 +22,6 @@ let
      default = {};
    };

-    disableLogsForMisc = mkOption {
-      type = types.bool;
-      description = "Disables access logs for /favicon.ico and /robots.txt";
-      default = true;
-    };
-
    denySensitivePaths = mkOption {
      type = types.bool;
      description = "Disables access to paths starting with a . (except well-known) to prevent leaking potentially sensitive data";
@ -63,17 +57,6 @@ in {
        locations = mkMerge [
          { "/".basicAuth = site.auth; }

-          ( mkIf site.disableLogsForMisc {
-            "= /favicon.ico".extraConfig = ''
-              access_log off;
-              log_not_found off;
-            '';
-            "= /robots.txt".extraConfig = ''
-              access_log off;
-              log_not_found off;
-            '';
-          })
-
          ( mkIf site.denySensitivePaths {
            "${''~ /\.(?!well-known).*''}".extraConfig = ''deny all;'';
          })
--- a/modules/services/uptime.nix
+++ b/modules/services/uptime.nix
@ -8,7 +8,7 @@ in {
    enable = mkEnableOption "enable uptime kuma, a self-hosted uptime website";
    port = mkOption {
     type = types.int;
-      default = 3002;
+      default = 2002;
    };
    domain = mkOption {
      type = types.str;
@ -20,6 +20,7 @@ in {
    services.uptime-kuma = {
      enable = true;
      settings.PORT = toString cfg.port;
+      # TODO: use postgres?
    };

    services.nginx.virtualHosts."${cfg.domain}" = {