comparing 62401b9f2bc7808bbe51bfb816e3e1305b024f2e and refactor/move-global-system-config on soopy.moe/gensokyo

-4

.git-crypt/.gitattributes

···

       1
       1
       -
       # Do not edit this file.  To specify the files to encrypt, create your own

     

       2
       2
       -
       # .gitattributes file in the directory where your files are.

     

       3
       3
       -
       * !filter !diff

     

       4
       4
       -
       *.gpg binary

.git-crypt/keys/default/0/7595B36DF6C2E95E10E528662932BA0FA3DDD7D6.gpg

This is a binary file and will not be displayed.

-1

.gitattributes

···

       1
       1
       -
       *.cry filter=git-crypt diff=git-crypt

+29 -3

creds/sops/koumakan.yaml

···

       1
       1
        
       comment_unencrypted: See https://github.com/Mic92/sops-nix/issues/120 for synapse.yaml quirks

     

       2
       2
       -
       synapse.yaml: ENC[AES256_GCM,data:xc8HBDVconhPJHK/YKVSl62pCtnyca3LXcH/pidJkoTKBU5OCkbnYDjoY0O89SJUVTDVgdAw1ANxSWAT+fEjtKzJEZkFdO5EvuWUXAdjMVNrTDeYhoull21hPtBjXMV6jLWH+VjL5FfQiHhh7FkVXJb9B7GpUKTk0hR0vZ8JlfGizVWBnOSc22wl2nSVRXOu0zWST3wPPAqSIHFxBJQrFk/6LvCQ0xT7zw2dCQjK+sNK9OsPCg84AM/aWZrXPodYLAlFhma1TAIE79XRLJ6K+FIKEnCjI7gsw9NPttZESodOyeFCyZcLCY9Fo6/n3Cp/t+yqU6ZqmflM87FFx0HrUUUbQ4myK+BI1DOVf/4X8DprRVasFQkOkIFhL1aAkJorzmcOqMqjzB1kb62Agnrtnd28fQ83u1KXZPtlsvTBankrrPgUHyRUt7jyyBp2qWr9y36utAedcuv47oqGFrVqDZ+eux6Vd6ozfuma3zLla9Hah96ySR8O3gk/7We5/sN9ZlvXY0qysaNLxAxvlXeegSwDm8dYObWkyf+jswuBG8xReIOGkT6nt4PLobiacqwm2lKtzZtXhzLxiQGpq+hvTkLpfz3MxrcHcskPwOzjM/7CVXo3nqEPRSVyHnn5g+eJ9wnXEO50GMuIi7wNjpQPyNH5sljHU3M5SahDeW0G70yP3WBViG53i6+WrD9PuSz5GciXO3klIZhO5ljPaNcT19c/z8UcUdPDAuTpOl4UNcDqoVwl,iv:OAlQ+nweSZxW+Ybq2fKPxawikND/e3KcGgZGKMuaCKo=,tag:imghdy3fRkB+l5SpXC4/qg==,type:str]

     

       2
       2
       +
       synapse.yaml: ENC[AES256_GCM,data:eQsUW4mwbSPzsoi8HIEngfU5x/PEaqPxvx1AXXJJj7WDX9RsPtQOqQJjuTAEPtz32Hm1nob+VVYuzAXXfCO8Cd0CIHG+xlV4cWNc4JB8wj1YgtMJu9J3yC7iv3HMULT0TL8MxmwWYKqSPKIVarLVN5gQl1G1SAfxEK3ET6qtmkmCD8y6ZVM/84fTR5lxpLe82CaplbUHXEHKk51XwGYLSp5IZsPwtMMFhYuaoqCsEVr65IiSozbD4LKddYNQKUlYmkSfThQsoPpe9ixE7+HS11S+LklyP1q3usWTfOPsQS8k5NJdcGkrCH2A4ddjWkDBAzdav3qauYoQEvbMd8BpoDqD/67lKuvoyXqDoPf5sLrQcxcUl8ObTI1I8zWhabGa9uTuiaTd3wYdMhvMvs/KIfPXNDqcBuIY9sR6LQmY2Zb9+FtYiQVnrr0XmzjB59oN023y1xC/xqkgRyXysndhnj4P1Q+PYbOMQi7hwAjM5xMk/mLkpLn41Ju4u0MqDwHSxA/NXbsEBp/u3Tim2jsrMZqjRZwQHt1n/gtMjm2cMTminM99c/fV2fcvAmcNB9u1KWgEte1JjQSRftg7pkaznYlfrQLyCQYghVu3kgeAJCaSPMewHVWOF/onTauNHYFMlJ8VDUuYOnt2LNJUk1Wap5dGfKm7661mTeYB8aw0h3111YEViuGkSp+oM5A8X6CBI6YsYYOWq5Qd+A3fFJVpcf9hhhdx0JsRmR3EZOupIVx5Y4ruuA6ipj/xMDRNfTZjqukpn3Y1s5xTjUYEo3moLdgd1PYxAVIY/KjPn31pmRThGG1NZpYHZ1yjmptVydtqf/tTd32i3e0WjIjUEZD1NE7Z5AiWJ+XAEaE3S804C6QxN1jHZvqIokA9C4HO+R/es1uDyf2KDvxf1It0hMLg7CAnq1AQcbLCDqXXZaqibSRNfv09lO4jZ3vBe3owvd1wGbK513nqC6m2gh8YDYiHdw7UlXMbMP9+,iv:fvaZQ66VKU+uzvn5AwTIFgzz+F2kJ8/QR2AfmynRfGU=,tag:8c/cAMZ6c7h3J+shh7l7tw==,type:str]

     

       3
       3
       +
       matrix-signing-key: ENC[AES256_GCM,data:u6miE2oM3TUXaQ7wc776SwSMaOAxJOVlpl2kBW+AjI/aDH5vcGBp0L0uTpZbVfOtIe+RDNEv5E/mKA==,iv:abvwkrNe324QCbWLwiPY0UwqezS0wbyk2Fvi0vs3SI0=,tag:ZmpDB9LHbezQrxuwHNgpRg==,type:str]

     

       4
       4
       +
       akkoma:

     

       5
       5
       +
           dist:

     

       6
       6
       +
               cookie: ENC[AES256_GCM,data:5jpsa4KsOAoCMGAt9laK9ioVTJfuT9+viKva8wDWRnAimVY6jDoNr4+hxVty6yQAAfSJYA7ddTxaSCEjnJtneg==,iv:V8+MpX/IEc57zEfhNGX5f+eMyipraaXDKPDNDOy0Ieo=,tag:+xCy18Ni8F5wYkO/4NbSzw==,type:str]

     

       7
       7
       +
           endpoint:

     

       8
       8
       +
               secret_base: ENC[AES256_GCM,data:l34Rj4iIQIykgzTLJolqWLQQz5pcfa0o5U/ZMKeNc2CBQedxiMXYrLSNOx6OuV38aqoOolccJEOSiVjfbTawtg==,iv:/x0ydo2gOPrhIZI7at877bzfFgMpraauozfLq95aHCk=,tag:RQI4aeLiAkAcWYlwLaTj5w==,type:str]

     

       9
       9
       +
               salt: ENC[AES256_GCM,data:CP4805tG05A=,iv:aSun7ABJdbDQrFcrGQMM9H1/7d5lJqeMwO08gUYrD2A=,tag:ikhxbijsqyBFJs02j2j/vw==,type:str]

     

       10
       10
       +
               live_view:

     

       11
       11
       +
                   salt: ENC[AES256_GCM,data:4fKLclucoV0=,iv:ZvWKutuMTOm2X8w8a0fOTq+ldrXemayIUY2PUcurY80=,tag:qkIB1gPCI5HO0G0mLEsV+w==,type:str]

     

       12
       12
       +
           joken_default_signer: ENC[AES256_GCM,data:myCEFUkf8s1YNQAigjxygRYvbwkpsv7cqgs00fARe9nxSFl2wveWM5JcfOnoVPwVBVV2GaAjFe4oMWXkaTPtqg==,iv:Yk1f/fzzbruW64mvTTeiyTlbrOO/G47CKKfr9BLtQ5g=,tag:QLpM22ec+VWtkjx5U/mzCw==,type:str]

     

       13
       13
       +
           search:

     

       14
       14
       +
               meili:

     

       15
       15
       +
                   host_unencrypted: https://megumin.soopy.moe/

     

       16
       16
       +
                   key: ENC[AES256_GCM,data:00TLCUneHn7NcSK1joURfIzxNFWyOBf/0/fceOn4RMcMt59dZz9LOvbs3F8B0vcH7tf/eUi3SnhYJNyRdPklyw==,iv:t0kQUCmjhFw8Z2CTmYOPUNFvyiYfsXETU8GSxhRR5KE=,tag:CPjtd7jQzgHJDrsIjHlVFQ==,type:str]

     

       17
       17
       +
           vapid:

     

       18
       18
       +
               pub: ENC[AES256_GCM,data:HYMKjhVCW/7DsMfPPssEduuwWnFezH4OOq4hfAovI82RUPsfVEKhgvkI9INY8hArAb/AIfyyxZhVx+bd2QkPlnASz51L7MxPtkPfZNUKqafjlMmK0nwH,iv:154BP5EmBqnKyf9BND2laKV3caVxa34MCRzrsg6/dik=,tag:wHLYdI6oQXPUzbw8dSxgwg==,type:str]

     

       19
       19
       +
               key: ENC[AES256_GCM,data:t+da4NLEPZBMvq3MQkFEr+Fsj3XMGPMFKUWwbHDWNJAyuUZuiVcn3zX0kw==,iv:yQLu5CFl73GCojMBa2II6OhLrNNinsiVG1aPOAx+HtM=,tag:n0oelXaNFvilyee+MRSB8A==,type:str]

     

       20
       20
       +
           postgres:

     

       21
       21
       +
               hostname: ENC[AES256_GCM,data:rFEnhnn/Bw85,iv:GM2SH4Gkvt8tLG8AYIKxfHTZvB1sT+hgIoqkiViH6Es=,tag:yyGY9/nS9WFcJTGXlYpz6Q==,type:str]

     

       22
       22
       +
               database_unencrypted: akkoma

     

       23
       23
       +
               username: ENC[AES256_GCM,data:6skzOqv1,iv:OQ6zNmDn0uqKqNKEqOHWY6VBuT/4/CHog7b0Pf0TAPM=,tag:8HLmGykXg2V4t4RHzB8yaA==,type:str]

     

       24
       24
       +
               password: ENC[AES256_GCM,data:J3OewVKr2A3TlT7ZUTk7tQr4olFs7bKx47Lus4LGbwGAZfNEmyk9coFTeQ8L/EJ0hpLfPfD1OcGBc+p0ZWK/XQ==,iv:UFe/3H/AfTgSlJikHqE1IED3zINjDuOs5niXpGWXGYE=,tag:MvT0z3TMs1dehg4gp54MyQ==,type:str]

     

       25
       25
       +
           smtp:

     

       26
       26
       +
               username: ENC[AES256_GCM,data:N7XbQkngWcUGzn/SR4AXCQ==,iv:wBXWtRYawOkjumsvTPcKfvL95CCB+RbsEyJv0YUG3WA=,tag:vGQREe+Cv0ITTxszl21J2g==,type:str]

     

       27
       27
       +
               password: ENC[AES256_GCM,data:oU/aWkVmDU8WJhmwqOcXJ/EngiF7hvfUzPwpdjwkyh7Dw50dyG5AY7b2+hh6LIv9RZrN4yU+fXPAYr1W21OG/A==,iv:ds8Bg9JSJdNHUXh0FvD5a4pquyRnIXowcsJcVV1TyB4=,tag:JoYqas2RGSv8xyvJT9wHAQ==,type:str]

     

       28
       28
       +
               relay: ENC[AES256_GCM,data:F2NnRLSTO5kmbWy4fx0=,iv:omnyn+Xa/cjqK+9l5bI573aR2p7UsUvqGX5ZQGf3CD0=,tag:t4u/jLQ1nZchyxf3WrhW6w==,type:str]

     

       3
       29
        
       sops:

     

       4
       30
        
           kms: []

     

       5
       31
        
           gcp_kms: []

     
···

       24
       50
        
                   cHJ5aWIrQ2Zrb1dhbC9yZ1lIMU1jbzgK4mx+S5bF6KBMe6+TrSZfaBcuWEg9cHyd

     

       25
       51
        
                   tbJty1zxS9pndA/u3qz5EJxDouiAODvyAR07yeegtEcbw1FlG6W/gA==

     

       26
       52
        
                   -----END AGE ENCRYPTED FILE-----

     

       27
       27
       -
           lastmodified: "2023-09-10T15:22:34Z"

     

       28
       28
       -
           mac: ENC[AES256_GCM,data:DDYjyGhk0Cl4V9SuiqQyTUXYJeIusHLACrEZKU8vVLcMw9R9xyTyWLECoKH/+CLUxbJiLf1q6p/GgnTHtJgf18b+FmuHq4H/GgZrqvnMFOGxV+o47lJ20OV14e1fWASF7qq+lVhrhvI3hzWe2QchHlop2TZ9kh2BnGtrAwP6txA=,iv:cA6Nz5yK3AdjNjavi/T+XJ91eO7igLOhXnc+Bm8MKUM=,tag:3Ap/2pOkF9vYnylrnR5qDg==,type:str]

     

       53
       53
       +
           lastmodified: "2023-09-14T17:13:38Z"

     

       54
       54
       +
           mac: ENC[AES256_GCM,data:Jyx0f+w9fJ+B1lz4jVVkcKxd1xUh3FzxDhk+KaxJLVh0BG/1d8Nx0/cOnxZV1FfJkn5Z2wYiLzBPSvJKe8MjlExOSH1mIAnuXcSP6dvXp21bgX17CXM6OP91Ny6IvwSZriqs6EIpWOkZNdxsEnySwtECoQfgs09ZnA4qmbtb01U=,iv:XHnY20d0WsnaECF1/68eu2/xcGLGeGnzba+/kBxDcc0=,tag:alo+8B2fVHon0lHGsQSUyQ==,type:str]

     

       29
       55
        
           pgp:

     

       30
       56
        
               - created_at: "2023-09-08T14:11:19Z"

     

       31
       57
        
                 enc: |-

+42 -2

docs/utils.md

···

       1
       1
        
       # utility functions

     

       2
       2
        
       

     

       3
       3
        
       ## `_utils.mkVhost`

     

       4
       4
       -
       make virtual host with sensible defaults

     

       4
       4
       +
       `attrset -> attrset`

     

       5
       5
       +
       make a virtual host with sensible defaults

     

       5
       6
        
       

     

       6
       7
        
       pass in a set to override the defaults.

     

       7
       8
        
       

     

       9
       9
       +
       ### Example

     

       10
       10
       +
       ```nix

     

       11
       11
       +
       services.nginx.virtualHosts."balls.example" = _utils.mkVhost {};

     

       12
       12
       +
       ```

     

       13
       13
       +
       

     

       8
       14
        
       ## `_utils.mkSimpleProxy`

     

       15
       15
       +
       `attrset -> attrset`

     

       16
       16
       +
       

     

       9
       17
        
       make a simple reverse proxy

     

       10
       18
        
       

     

       11
       19
        
       takes a set:

     
···

       14
       22
        
         port,

     

       15
       23
        
         protocol ? "http",

     

       16
       24
        
         location ? "/",

     

       17
       17
       -
         websockets ? false

     

       25
       25
       +
         websockets ? false,

     

       26
       26
       +
         extraConfig ? {}

     

       18
       27
        
       }

     

       19
       28
        
       ```

     

       29
       29
       +
       

     

       30
       30
       +
       It is recommended to override/add attributes with `extraConfig` to

     

       31
       31
       +
       preserve defaults.

     

       32
       32
       +
       

     

       33
       33
       +
       Items in `extraConfig` are merged verbatim to the base attrset with defaults.

     

       34
       34
       +
       They are overridden based on their order.

     

       35
       35
       +
       

     

       36
       36
       +
       ## `_utils.genSecrets`

     

       37
       37
       +
       `namespace[str] -> files[list[str]] -> value[attrset] -> attrset`

     

       38
       38
       +
       a

     

       39
       39
       +
       generate an attrset to be passed into sops.secrets.

     

       40
       40
       +
       

     

       41
       41
       +
       ### Example

     

       42
       42
       +
       ```nix

     

       43
       43
       +
       { _utils, ... }:

     

       44
       44
       +
       let

     

       45
       45
       +
         secrets = [

     

       46
       46
       +
           "secure_secret"

     

       47
       47
       +
           # this is a directory structure, so secrets will be stored as a file in /run/secrets/service/test/secret.

     

       48
       48
       +
           "service/test/secret"

     

       49
       49
       +
         ];

     

       50
       50
       +
       in {

     

       51
       51
       +
         sops.secrets = _utils.genSecrets "" secrets {}; # it's recommended to use a namespace, but having none is still fine.

     

       52
       52
       +
         # -> sops.secrets."secure_secret" = {};

     

       53
       53
       +
         #    sops.secrets."service/test/secret" = {};

     

       54
       54
       +
         sops.secrets = _utils.genSecrets "balls" ["balls_secret"] {owner = "balls"};

     

       55
       55
       +
         # -> sops.secrets."balls/balls_secret" = {owner = "balls";};

     

       56
       56
       +
       }

     

       57
       57
       +
       ```

     

       58
       58
       +
       

     

       59
       59
       +
       See https://github.com/soopyc/nix-on-koumakan/blob/b7983776143c15c91df69ef34ba4264a22047ec6/systems/koumakan/services/fedivese/akkoma.nix#L8-L34 for a more extensive example

+3 -3

flake.lock

···

       267
       267
        
               ]

     

       268
       268
        
             },

     

       269
       269
        
             "locked": {

     

       270
       270
       -
               "lastModified": 1693767481,

     

       271
       271
       -
               "narHash": "sha256-8B8f1RG5n9a2Tp0A3zzgCEVvtWjIDp+yNZfKxe73G10=",

     

       270
       270
       +
               "lastModified": 1694357290,

     

       271
       271
       +
               "narHash": "sha256-Mai5saiiuBWlQzTreLtIeUJQJN9zMH/UBIKJPOqnasM=",

     

       272
       272
        
               "owner": "soopyc",

     

       273
       273
        
               "repo": "mystia",

     

       274
       274
       -
               "rev": "baccc6213b5d6386e8b31ab39a9fde556ef9f082",

     

       274
       274
       +
               "rev": "cfe783698ccd18cb27fb2e422917f14b82f7afc4",

     

       275
       275
        
               "type": "github"

     

       276
       276
        
             },

     

       277
       277
        
             "original": {

+1 -8

global/core.nix

···

       1
       1
        
       {pkgs, ...}: {

     

       2
       2
        
         imports = [

     

       3
       3
        
           ./upgrade-diff.nix

     

       4
       4
       +
           ./system

     

       4
       5
        
         ];

     

       5
       6
        
         # Set default i18n configuration

     

       6
       7
        
         i18n.defaultLocale = "en_US.UTF-8";

     
···

       8
       9
        
           font = "Lat2-Terminus16";

     

       9
       10
        
           keyMap = "us";

     

       10
       11
        
         };

     

       11
       11
       -
       

     

       12
       12
       -
         hardware.enableRedistributableFirmware = true;

     

       13
       13
       -
       

     

       14
       14
       -
         # # Enable crash dumps globally

     

       15
       15
       -
         # boot.crashDump = {

     

       16
       16
       -
         #   enable = true;

     

       17
       17
       -
         #   reservedMemory = "128M";

     

       18
       18
       -
         # };

     

       19
       12
        
       

     

       20
       13
        
         time.timeZone = "Asia/Hong_Kong";

     

       21
       14

+1

global/programs/nix.nix

···

       5
       5
        
           experimental-features = [

     

       6
       6
        
             "nix-command"

     

       7
       7
        
             "flakes"

     

       8
       8
       +
             "repl-flake"

     

       8
       9
        
           ];

     

       9
       10
        
       

     

       10
       11
        
           substituters = [

+5

global/system/default.nix

···

       1
       1
       +
       {...}: {

     

       2
       2
       +
         imports = [

     

       3
       3
       +
           ./firmware.nix

     

       4
       4
       +
         ];

     

       5
       5
       +
       }

+4

global/system/firmware.nix

···

       1
       1
       +
       {...}: {

     

       2
       2
       +
         hardware.enableRedistributableFirmware = true;

     

       3
       3
       +
         services.fwupd.enable = true;

     

       4
       4
       +
       }

+38 -17

global/utils.nix

···

       1
       1
        
       # see /docs/utils.md for a usage guide

     

       2
       2
        
       {

     

       3
       3
       -
         # inputs,

     

       4
       4
       -
         # system,

     

       3
       3
       +
         inputs,

     

       4
       4
       +
         system,

     

       5
       5
        
         ...

     

       6
       6
       -
       }: rec {

     

       7
       7
       -
         mkVhost = {...} @ opts:

     

       8
       8
       -
           {

     

       9
       9
       -
             # ideally mkOverride/mkDefault would be used, but i have 0 idea how it works.

     

       10
       10
       -
             forceSSL = true;

     

       11
       11
       -
             useACMEHost = "global.c.soopy.moe";

     

       12
       12
       -
             kTLS = true;

     

       13
       13
       -
           }

     

       14
       14
       -
           // opts;

     

       6
       6
       +
       }: let

     

       7
       7
       +
         lib = inputs.nixpkgs.lib;

     

       8
       8
       +
       in rec {

     

       9
       9
       +
         mkVhost = opts:

     

       10
       10
       +
           lib.mkMerge [

     

       11
       11
       +
             {

     

       12
       12
       +
               forceSSL = lib.mkDefault true;

     

       13
       13
       +
               useACMEHost = lib.mkDefault "global.c.soopy.moe";

     

       14
       14
       +
               kTLS = lib.mkDefault true;

     

       15
       15
       +
       

     

       16
       16
       +
               locations."/_cgi/error/" = {

     

       17
       17
       +
                 alias = "${inputs.mystia.packages.${system}.staticly}/nginx_error_pages/";

     

       18
       18
       +
               };

     

       19
       19
       +
               extraConfig = ''

     

       20
       20
       +
                 error_page 503 /_cgi/error/503.html;

     

       21
       21
       +
                 error_page 502 /_cgi/error/502.html;

     

       22
       22
       +
                 error_page 404 /_cgi/error/404.html;

     

       23
       23
       +
               '';

     

       24
       24
       +
             }

     

       25
       25
       +
             opts

     

       26
       26
       +
           ];

     

       15
       27
        
       

     

       16
       28
        
         mkSimpleProxy = {

     

       17
       29
        
           port,

     

       18
       30
        
           protocol ? "http",

     

       19
       31
        
           location ? "/",

     

       20
       32
        
           websockets ? false,

     

       33
       33
       +
           extraConfig ? {},

     

       21
       34
        
         }:

     

       22
       22
       -
           mkVhost {

     

       23
       23
       -
             locations."${location}" = {

     

       24
       24
       -
               proxyPass = "${protocol}://localhost:${toString port}";

     

       25
       25
       -
               proxyWebsockets = websockets;

     

       26
       26
       -
             };

     

       27
       27
       -
           };

     

       35
       35
       +
           mkVhost (lib.mkMerge [

     

       36
       36
       +
             extraConfig

     

       37
       37
       +
             {

     

       38
       38
       +
               locations."${location}" = {

     

       39
       39
       +
                 proxyPass = "${protocol}://localhost:${toString port}";

     

       40
       40
       +
                 proxyWebsockets = websockets;

     

       41
       41
       +
               };

     

       42
       42
       +
             }

     

       43
       43
       +
           ]);

     

       44
       44
       +
       

     

       45
       45
       +
         genSecrets = namespace: files: value:

     

       46
       46
       +
           lib.genAttrs (

     

       47
       47
       +
             map (x: namespace + lib.optionalString (lib.stringLength namespace != 0) "/" + x) files

     

       48
       48
       +
           ) (_: value);

     

       28
       49
        
       }

+8 -4

justfile

···

       1
       1
        
       # friendship ended with Makefile

     

       2
       2
        
       # I LOVE justFILE!!!!!!

     

       3
       3
        
       

     

       4
       4
       -
       default: build

     

       4
       4
       +
       # build the current configuration

     

       5
       5
       +
       build:

     

       6
       6
       +
       	nixos-rebuild build --flake .#

     

       5
       7
        
       

     

       8
       8
       +
       # build and test the configuration, but don't switch

     

       6
       9
        
       test:

     

       7
       10
        
       	nixos-rebuild test --flake .#

     

       8
       11
        
       

     

       9
       9
       -
       build:

     

       10
       10
       -
       	nixos-rebuild build --flake .#

     

       11
       11
       -
       

     

       12
       12
       +
       # switch to the current configuration

     

       12
       13
        
       switch:

     

       13
       14
        
       	nixos-rebuild switch --flake .#

     

       14
       15
        
       

     

       16
       16
       +
       # run utility programs

     

       15
       17
        
       utils recipe="list":

     

       16
       18
        
         @echo "Running utils/{{recipe}}"

     

       17
       19
        
         @cd utils && just {{recipe}}

     

       18
       20
        
       

     

       21
       21
       +
       # update an input in the flake lockfile

     

       19
       22
        
       update-input input:

     

       20
       23
        
         nix flake lock --update-input {{input}}

     

       21
       24
        
       

     

       25
       25
       +
       # build the flake on a non-nixos platform

     

       22
       26
        
       ebuild system:

     

       23
       27
        
         nix build -j8 .#nixosConfigurations."{{system}}".config.system.build.toplevel

+1

systems/koumakan/certificates/default.nix

···

       2
       2
        
         imports = [

     

       3
       3
        
           ./global.nix

     

       4
       4
        
           ./postgresql.nix

     

       5
       5
       +
           ./fediverse.nix

     

       5
       6
        
         ];

     

       6
       7
        
       

     

       7
       8
        
         security.acme = {

+11

systems/koumakan/certificates/fediverse.nix

···

       1
       1
       +
       {...}: {

     

       2
       2
       +
         # Certificate for fedi services

     

       3
       3
       +
         security.acme.certs."fedi.c.soopy.moe" = {

     

       4
       4
       +
           group = "nginx";

     

       5
       5
       +
           extraDomainNames = [

     

       6
       6
       +
             "a.soopy.moe"

     

       7
       7
       +
             "m.soopy.moe"

     

       8
       8
       +
             "pixie.soopy.moe"

     

       9
       9
       +
           ];

     

       10
       10
       +
         };

     

       11
       11
       +
       }

-1

systems/koumakan/configuration.nix

···

       39
       39
        
       

     

       40
       40
        
         sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];

     

       41
       41
        
         sops.defaultSopsFile = ../../creds/sops/koumakan.yaml;

     

       42
       42
       -
         sops.secrets."synapse.yaml" = {}; # test only

     

       43
       42
        
       

     

       44
       43
        
         # Just don't change this :p

     

       45
       44
        
         system.stateVersion = "23.05"; # Did you read the comment?

+1 -1

systems/koumakan/networking/interface.nix

···

       1
       1
        
       {...}: {

     

       2
       2
       -
         networking.networkmanager.ethernet.macAddress = builtins.readFile ./nma.cry;

     

       2
       2
       +
         networking.networkmanager.ethernet.macAddress = "stable";

     

       3
       3
        
       }

systems/koumakan/networking/nma.cry

This is a binary file and will not be displayed.

+1 -1

systems/koumakan/security/pam.nix

···

       1
       1
        
       {...}: {

     

       2
       2
        
         security.pam.yubico = {

     

       3
       3
        
           enable = true;

     

       4
       4
       -
           id = builtins.readFile ./ykid.cry;

     

       4
       4
       +
           id = "91582";

     

       5
       5
        
           mode = "client";

     

       6
       6
        
           control = "requisite";

     

       7
       7
        
         };

systems/koumakan/security/ykid.cry

This is a binary file and will not be displayed.

+4 -3

systems/koumakan/services/attic.nix

···

       39
       39
        
           };

     

       40
       40
        
         };

     

       41
       41
        
       

     

       42
       42
       -
         services.nginx.virtualHosts."nonbunary.soopy.moe" =

     

       43
       43
       -
           _utils.mkSimpleProxy {port = 38191;}

     

       44
       44
       -
           // {

     

       42
       42
       +
         services.nginx.virtualHosts."nonbunary.soopy.moe" = _utils.mkSimpleProxy {

     

       43
       43
       +
           port = 38191;

     

       44
       44
       +
           extraConfig = {

     

       45
       45
        
             extraConfig = ''

     

       46
       46
        
               client_max_body_size 1G;

     

       47
       47
        
               proxy_read_timeout 3h;

     
···

       49
       49
        
               proxy_send_timeout 3h;

     

       50
       50
        
             '';

     

       51
       51
        
           };

     

       52
       52
       +
         };

     

       52
       53
        
       }

+6

systems/koumakan/services/databases/default.nix

···

       1
       1
       +
       {...}: {

     

       2
       2
       +
         imports = [

     

       3
       3
       +
           ./postgresql.nix

     

       4
       4
       +
           ./redis.nix

     

       5
       5
       +
         ];

     

       6
       6
       +
       }

+40

systems/koumakan/services/databases/postgresql.nix

···

       1
       1
       +
       {pkgs, ...}: {

     

       2
       2
       +
         services.postgresql = {

     

       3
       3
       +
           enable = true;

     

       4
       4
       +
       

     

       5
       5
       +
           package = pkgs.postgresql_15;

     

       6
       6
       +
           dataDir = "/var/lib/postgresql/15";

     

       7
       7
       +
           logLinePrefix = "%m [%p] %h ";

     

       8
       8
       +
       

     

       9
       9
       +
           authentication = ''

     

       10
       10
       +
             # unix socket connection

     

       11
       11
       +
             local   all             all                                     peer

     

       12
       12
       +
             # local ipv4/6 tcp connection

     

       13
       13
       +
             host    all             all             127.0.0.1/32            scram-sha-256

     

       14
       14
       +
             host    all             all             ::1/128                 scram-sha-256

     

       15
       15
       +
             # world (encrypted) tcp traffic

     

       16
       16
       +
             hostssl all             all             all                     scram-sha-256

     

       17
       17
       +
           '';

     

       18
       18
       +
       

     

       19
       19
       +
           settings = let

     

       20
       20
       +
             credsDir = "/run/credentials/postgresql.service";

     

       21
       21
       +
           in {

     

       22
       22
       +
             listen_addresses = pkgs.lib.mkForce "*";

     

       23
       23
       +
             max_connections = 200;

     

       24
       24
       +
             password_encryption = "scram-sha-256";

     

       25
       25
       +
       

     

       26
       26
       +
             ssl = "on";

     

       27
       27
       +
             ssl_cert_file = "${credsDir}/cert.pem";

     

       28
       28
       +
             ssl_key_file = "${credsDir}/key.pem";

     

       29
       29
       +
       

     

       30
       30
       +
             log_hostname = true;

     

       31
       31
       +
             datestyle = "iso, dmy";

     

       32
       32
       +
             log_timezone = "Asia/Hong_Kong";

     

       33
       33
       +
             timezone = "Asia/Hong_Kong";

     

       34
       34
       +
             default_text_search_config = "pc_catalog.english";

     

       35
       35
       +
       

     

       36
       36
       +
             max_wal_size = "2GB";

     

       37
       37
       +
             min_wal_size = "80MB";

     

       38
       38
       +
           };

     

       39
       39
       +
         };

     

       40
       40
       +
       }

+5

systems/koumakan/services/databases/redis.nix

···

       1
       1
       +
       {...}: {

     

       2
       2
       +
         services.redis.servers."" = {

     

       3
       3
       +
           enable = true;

     

       4
       4
       +
         };

     

       5
       5
       +
       }

+2 -3

systems/koumakan/services/default.nix

···

       2
       2
        
         imports = [

     

       3
       3
        
           ./nginx.nix

     

       4
       4
        
       

     

       5
       5
       -
           # databases

     

       6
       6
       -
           ./postgresql.nix

     

       7
       7
       -
           ./redis.nix

     

       5
       5
       +
           ./databases

     

       8
       6
        
       

     

       9
       7
        
           ./attic.nix

     

       10
       8
        
       

     

       11
       9
        
           # fediverse

     

       12
       10
        
           ./matrix

     

       11
       11
       +
           ./fediverse

     

       13
       12
        
       

     

       14
       13
        
           ./proxies

     

       15
       14
        
           ./static-sites

+150

systems/koumakan/services/fediverse/akkoma.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         _utils,

     

       3
       3
       +
         pkgs,

     

       4
       4
       +
         config,

     

       5
       5
       +
         lib,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }: let

     

       8
       8
       +
         mkRaw = (pkgs.formats.elixirConf {}).lib.mkRaw;

     

       9
       9
       +
         # I don't know what i did but i made this abomination

     

       10
       10
       +
         mkSecret = file:

     

       11
       11
       +
           if !lib.elem file secrets

     

       12
       12
       +
           then throw "Provided secret file ${file} is not in the list of defined secrets."

     

       13
       13
       +
           else {_secret = "/run/secrets/akkoma/${file}";};

     

       14
       14
       +
         secrets = [

     

       15
       15
       +
           "joken_default_signer" # can't think of any better name spacing

     

       16
       16
       +
           "dist/cookie"

     

       17
       17
       +
           "search/meili/host_unencrypted"

     

       18
       18
       +
           "search/meili/key"

     

       19
       19
       +
           "endpoint/secret_base"

     

       20
       20
       +
           "endpoint/salt"

     

       21
       21
       +
           "endpoint/live_view/salt"

     

       22
       22
       +
           "vapid/pub"

     

       23
       23
       +
           "vapid/key"

     

       24
       24
       +
           "postgres/hostname"

     

       25
       25
       +
           "postgres/database_unencrypted"

     

       26
       26
       +
           "postgres/username"

     

       27
       27
       +
           "postgres/password"

     

       28
       28
       +
           "smtp/username"

     

       29
       29
       +
           "smtp/password"

     

       30
       30
       +
           "smtp/relay"

     

       31
       31
       +
         ];

     

       32
       32
       +
       in {

     

       33
       33
       +
         # secrets definition

     

       34
       34
       +
         sops.secrets = _utils.genSecrets "akkoma" secrets {};

     

       35
       35
       +
       

     

       36
       36
       +
         services.akkoma = {

     

       37
       37
       +
           enable = true;

     

       38
       38
       +
           initSecrets = false;

     

       39
       39
       +
           initDb.enable = false;

     

       40
       40
       +
           # TODO: figure out how to add swagger ui

     

       41
       41
       +
           # frontends = {

     

       42
       42
       +
           #   swagger

     

       43
       43
       +
           # };

     

       44
       44
       +
       

     

       45
       45
       +
           # TODO: Issue #5

     

       46
       46
       +
           dist.cookie = mkSecret "dist/cookie";

     

       47
       47
       +
           config = {

     

       48
       48
       +
             ":joken".":default_signer" = mkSecret "joken_default_signer";

     

       49
       49
       +
       

     

       50
       50
       +
             ":pleroma" = {

     

       51
       51
       +
               ":http_security" = {

     

       52
       52
       +
                 sts = true;

     

       53
       53
       +
               };

     

       54
       54
       +
       

     

       55
       55
       +
               ":configurable_from_database" = true;

     

       56
       56
       +
               ":instance" = {

     

       57
       57
       +
                 name = "CassieAkko";

     

       58
       58
       +
                 description = "You should not see this here...";

     

       59
       59
       +
                 email = "me@soopy.moe";

     

       60
       60
       +
                 notify_email = "noreply@a.soopy.moe";

     

       61
       61
       +
                 limit = 5000;

     

       62
       62
       +
                 registrations_open = true;

     

       63
       63
       +
               };

     

       64
       64
       +
       

     

       65
       65
       +
               # TODO: add proper proxy support

     

       66
       66
       +
               # also refer to https://meta.akkoma.dev/t/another-vector-for-the-injection-vulnerability-found/483

     

       67
       67
       +
               ":media_proxy" = {

     

       68
       68
       +
                 enabled = true;

     

       69
       69
       +
                 redirect_on_failure = true;

     

       70
       70
       +
               };

     

       71
       71
       +
       

     

       72
       72
       +
               "Pleroma.Repo" = {

     

       73
       73
       +
                 adapter = mkRaw "Ecto.Adapters.Postgres";

     

       74
       74
       +
                 database = mkSecret "postgres/database_unencrypted";

     

       75
       75
       +
                 hostname = mkSecret "postgres/hostname";

     

       76
       76
       +
                 username = mkSecret "postgres/username";

     

       77
       77
       +
                 password = mkSecret "postgres/password";

     

       78
       78
       +
               };

     

       79
       79
       +
       

     

       80
       80
       +
               "Pleroma.Upload" = {

     

       81
       81
       +
                 filters = [

     

       82
       82
       +
                   (mkRaw "Pleroma.Upload.Filter.Exiftool")

     

       83
       83
       +
                   (mkRaw "Pleroma.Upload.Filter.Dedupe")

     

       84
       84
       +
                 ];

     

       85
       85
       +
               };

     

       86
       86
       +
       

     

       87
       87
       +
               "Pleroma.Web.Endpoint" = {

     

       88
       88
       +
                 # We don't need to specify http ip/ports here because we use unix sockets

     

       89
       89
       +
                 # ok we do because it's broken

     

       90
       90
       +
                 http = {

     

       91
       91
       +
                   ip = "127.0.0.1";

     

       92
       92
       +
                   port = 35378;

     

       93
       93
       +
                 };

     

       94
       94
       +
                 url = {

     

       95
       95
       +
                   host = "a.soopy.moe";

     

       96
       96
       +
                   scheme = "https";

     

       97
       97
       +
                   port = 443;

     

       98
       98
       +
                 };

     

       99
       99
       +
                 secure_cookie_flag = true;

     

       100
       100
       +
       

     

       101
       101
       +
                 secret_key_base = mkSecret "endpoint/secret_base";

     

       102
       102
       +
                 signing_salt = mkSecret "endpoint/salt";

     

       103
       103
       +
                 live_view = {

     

       104
       104
       +
                   signing_salt = mkSecret "endpoint/live_view/salt";

     

       105
       105
       +
                 };

     

       106
       106
       +
               };

     

       107
       107
       +
       

     

       108
       108
       +
               "Pleroma.Emails.Mailer" = {

     

       109
       109
       +
                 adapter = mkRaw "Swoosh.Adapters.SMTP";

     

       110
       110
       +
                 relay = mkSecret "smtp/relay";

     

       111
       111
       +
                 username = mkSecret "smtp/username";

     

       112
       112
       +
                 password = mkSecret "smtp/password";

     

       113
       113
       +
               };

     

       114
       114
       +
       

     

       115
       115
       +
               "Pleroma.Search.Meilisearch" = {

     

       116
       116
       +
                 url = mkSecret "search/meili/host_unencrypted";

     

       117
       117
       +
                 private_key = mkSecret "search/meili/key";

     

       118
       118
       +
                 initial_indexing_chunk_size = 100000;

     

       119
       119
       +
               };

     

       120
       120
       +
             };

     

       121
       121
       +
       

     

       122
       122
       +
             ":web_push_encryption".":vapid_details" = {

     

       123
       123
       +
               subject = "mailto:me@soopy.moe";

     

       124
       124
       +
               public_key = mkSecret "vapid/pub";

     

       125
       125
       +
               private_key = mkSecret "vapid/key";

     

       126
       126
       +
             };

     

       127
       127
       +
           };

     

       128
       128
       +
       

     

       129
       129
       +
           nginx = _utils.mkVhost {

     

       130
       130
       +
             useACMEHost = "fedi.c.soopy.moe";

     

       131
       131
       +
             extraConfig = ''

     

       132
       132
       +
               client_max_body_size 100M;

     

       133
       133
       +
             '';

     

       134
       134
       +
           };

     

       135
       135
       +
       

     

       136
       136
       +
           extraStatic = {

     

       137
       137
       +
             "static/terms-of-service.html" = pkgs.writeText "terms-of-service.html" ''

     

       138
       138
       +
               <h1>Terms of Service</h1><p>Please refer to this ToS:

     

       139
       139
       +
               <a href="https://m.soopy.moe/@admin/pages/tos" rel="noopener noreferrer nofollow">

     

       140
       140
       +
               https://m.soopy.moe/@admin/pages/tos</a></p>

     

       141
       141
       +
             '';

     

       142
       142
       +
             # refer to https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/servers/akkoma/emoji/blobs_gg.nix#L29

     

       143
       143
       +
             # "emoji/Cat_girls_Emoji" = ...

     

       144
       144
       +
           };

     

       145
       145
       +
         };

     

       146
       146
       +
       

     

       147
       147
       +
         systemd.services.akkoma-config = {

     

       148
       148
       +
           serviceConfig.SupplementaryGroups = [config.users.groups.keys.name];

     

       149
       149
       +
         };

     

       150
       150
       +
       }

+5

systems/koumakan/services/fediverse/default.nix

···

       1
       1
       +
       {...}: {

     

       2
       2
       +
         imports = [

     

       3
       3
       +
           ./akkoma.nix

     

       4
       4
       +
         ];

     

       5
       5
       +
       }

+12 -2

systems/koumakan/services/matrix/synapse.nix

···

       9
       9
        
           owner = config.users.users.matrix-synapse.name;

     

       10
       10
        
         };

     

       11
       11
        
       

     

       12
       12
       +
         sops.secrets.matrix-signing-key = {

     

       13
       13
       +
           mode = "0400";

     

       14
       14
       +
           owner = config.users.users.matrix-synapse.name;

     

       15
       15
       +
         };

     

       16
       16
       +
       

     

       12
       17
        
         users.users.matrix-synapse.extraGroups = [config.users.groups.keys.name];

     

       13
       18
        
       

     

       14
       19
        
         services.matrix-synapse = {

     
···

       34
       39
        
             # TODO: Setup opentracing

     

       35
       40
        
             url_preview_enabled = true;

     

       36
       41
        
             enable_registration = false;

     

       37
       37
       -
             session_lifetime = "infinite";

     

       42
       42
       +
             session_lifetime = "99y";

     

       38
       43
        
       

     

       39
       44
        
             max_upload_size = "100M";

     

       45
       45
       +
             signing_key_path = "/run/secrets/matrix-signing-key";

     

       40
       46
        
       

     

       41
       47
        
             server_notices = {

     

       42
       48
        
               system_mxid_localpart = "server";

     
···

       86
       92
        
             '';

     

       87
       93
        
           };

     

       88
       94
        
       

     

       95
       95
       +
           locations."= /.well-known/matrix/server" = {

     

       96
       96
       +
             return = "200 '{\"m.server\": \"nue.soopy.moe:443\"}'";

     

       97
       97
       +
           };

     

       98
       98
       +
       

     

       89
       99
        
           locations."~ ^(/_matrix|/_synapse/client)" = {

     

       90
       90
       -
             proxyPass = "http://localhost:8080";

     

       100
       100
       +
             proxyPass = "http://localhost:8008";

     

       91
       101
        
             extraConfig = ''

     

       92
       102
        
               client_max_body_size 100M;

     

       93
       103
        
             '';

-40

systems/koumakan/services/postgresql.nix

···

       1
       1
       -
       {pkgs, ...}: {

     

       2
       2
       -
         services.postgresql = {

     

       3
       3
       -
           enable = true;

     

       4
       4
       -
       

     

       5
       5
       -
           package = pkgs.postgresql_15;

     

       6
       6
       -
           dataDir = "/var/lib/postgresql/15";

     

       7
       7
       -
           logLinePrefix = "%m [%p] %h ";

     

       8
       8
       -
       

     

       9
       9
       -
           authentication = ''

     

       10
       10
       -
             # unix socket connection

     

       11
       11
       -
             local   all             all                                     peer

     

       12
       12
       -
             # local ipv4/6 tcp connection

     

       13
       13
       -
             host    all             all             127.0.0.1/32            scram-sha-256

     

       14
       14
       -
             host    all             all             ::1/128                 scram-sha-256

     

       15
       15
       -
             # world (encrypted) tcp traffic

     

       16
       16
       -
             hostssl all             all             all                     scram-sha-256

     

       17
       17
       -
           '';

     

       18
       18
       -
       

     

       19
       19
       -
           settings = let

     

       20
       20
       -
             credsDir = "/run/credentials/postgresql.service";

     

       21
       21
       -
           in {

     

       22
       22
       -
             listen_addresses = pkgs.lib.mkForce "*";

     

       23
       23
       -
             max_connections = 200;

     

       24
       24
       -
             password_encryption = "scram-sha-256";

     

       25
       25
       -
       

     

       26
       26
       -
             ssl = "on";

     

       27
       27
       -
             ssl_cert_file = "${credsDir}/cert.pem";

     

       28
       28
       -
             ssl_key_file = "${credsDir}/key.pem";

     

       29
       29
       -
       

     

       30
       30
       -
             log_hostname = true;

     

       31
       31
       -
             datestyle = "iso, dmy";

     

       32
       32
       -
             log_timezone = "Asia/Hong_Kong";

     

       33
       33
       -
             timezone = "Asia/Hong_Kong";

     

       34
       34
       -
             default_text_search_config = "pc_catalog.english";

     

       35
       35
       -
       

     

       36
       36
       -
             max_wal_size = "2GB";

     

       37
       37
       -
             min_wal_size = "80MB";

     

       38
       38
       -
           };

     

       39
       39
       -
         };

     

       40
       40
       -
       }

-5

systems/koumakan/services/redis.nix

···

       1
       1
       -
       {...}: {

     

       2
       2
       -
         services.redis.servers."" = {

     

       3
       3
       -
           enable = true;

     

       4
       4
       -
         };

     

       5
       5
       -
       }

+3 -3

systems/koumakan/services/static-sites/keine.nix

···

       1
       1
       -
       {...}: {

     

       2
       2
       -
         services.nginx.virtualHosts."keine.soopy.moe" = {

     

       3
       3
       -
           useACMEHost = "global.c.soopy.moe";

     

       1
       1
       +
       {_utils, ...}: {

     

       2
       2
       +
         services.nginx.virtualHosts."keine.soopy.moe" = _utils.mkVhost {

     

       3
       3
       +
           forceSSL = false;

     

       4
       4
        
           addSSL = true; # Don't force SSL on a mirror (implications TBD)

     

       5
       5
        
       

     

       6
       6
        
           root = "/srv/www/keine";

+1

utils/justfile

···

       3
       3
        
       list:

     

       4
       4
        
         just -l

     

       5
       5
        
       

     

       6
       6
       +
       # grab a new nitter guest account and save it

     

       6
       7
        
       nitter-token:

     

       7
       8
        
         {{python_executable}} nitter-guest-account.py tokens.json

+78 -64

utils/nitter-guest-account.py

···

       3
       3
        
       # thank you!

     

       4
       4
        
       import sys

     

       5
       5
        
       import json

     

       6
       6
       +
       import time

     

       7
       7
       +
       import random

     

       6
       8
        
       import typing

     

       7
       9
        
       import traceback

     

       8
       10
        
       from base64 import b64encode

     
···

       256
       258
        
       	success(f'flow token => {flow_token}')

     

       257
       259
        
       

     

       258
       260
        
       	info('Fetching final account object...')

     

       259
       259
       -
       	tasks = send_req('post', TASKS_ENDPOINT, headers=request_headers, json=get_tasks_body(flow_token)).json()

     

       260
       260
       -
       	try:

     

       261
       261
       +
       	backoff_time = 0

     

       262
       262
       +
       	exception = None

     

       263
       263
       +
       	for attempt in range(0, 6):

     

       264
       264
       +
       		debug(f"Attempt #{attempt + 1}")

     

       265
       265
       +
       		tasks = send_req('post', TASKS_ENDPOINT, headers=request_headers, json=get_tasks_body(flow_token)).json()

     

       261
       266
        
       		try:

     

       262
       262
       -
       			open_account_task = next(filter(lambda i: i.get('subtask_id') == "OpenAccount", tasks['subtasks']))

     

       263
       263
       -
       			account = open_account_task['open_account']

     

       264
       264
       -
       		except StopIteration:

     

       265
       265
       -
       			debug("resulting tasks =>", format_json(tasks), override=True)

     

       266
       266
       -
       			error("Unable to acquire guest account credentials as it isn't present in the API response.")

     

       267
       267
       -
       			error("This might be because of a wide variety of reasons, but it most likely is due to your IP being rate-limited.")

     

       268
       268
       -
       			error("Try again with a new IP address or in 24 hours after this attempt.")

     

       269
       269
       -
       			return 1

     

       267
       267
       +
       			try:

     

       268
       268
       +
       				open_account_task = next(filter(lambda i: i.get('subtask_id') == "OpenAccount", tasks['subtasks']))

     

       269
       269
       +
       				account = open_account_task['open_account']

     

       270
       270
       +
       			except StopIteration as e:

     

       271
       271
       +
       				backoff_time += random.randint(5000,10000) / 1000

     

       272
       272
       +
       				exception = e

     

       273
       273
       +
       				warn(f"attempt #{attempt + 1} failed to acquire token, retrying in {backoff_time}s.")

     

       274
       274
       +
       				time.sleep(backoff_time)

     

       275
       275
       +
       				continue

     

       270
       276
        
       

     

       271
       271
       -
       		if args.outfile == "-":

     

       272
       272
       -
       			debug("outfile is `-`, printing to stdout")

     

       273
       273
       -
       			print(format_json(account))

     

       274
       274
       -
       			return 0

     

       277
       277
       +
       			info(f"Attempt #{attempt + 1} succeeded")

     

       278
       278
       +
       			if args.outfile == "-":

     

       279
       279
       +
       				debug("outfile is `-`, printing to stdout")

     

       280
       280
       +
       				print(format_json(account))

     

       281
       281
       +
       				return 0

     

       275
       282
        
       

     

       276
       276
       -
       		# Sanity checks

     

       277
       277
       -
       		try:

     

       278
       278
       -
       			debug(f"attempting to read file: {args.outfile}")

     

       279
       279
       -
       			with open(args.outfile) as f:

     

       280
       280
       -
       				old_data = json.load(f)

     

       281
       281
       -
       		except FileNotFoundError:

     

       282
       282
       -
       			# that's okay, we might be able to create it later.

     

       283
       283
       -
       			old_data = []

     

       284
       284
       -
       		except PermissionError:

     

       285
       285
       -
       			# that's not okay. we will need to access the file later anyways.

     

       286
       286
       -
       			error("unable to read file due to a permission error.")

     

       287
       287
       -
       			error("please make sure this script has read and write access to the file.")

     

       288
       288
       -
       			print(format_json(account))

     

       289
       289
       -
       			return 1

     

       290
       290
       -
       		except json.JSONDecodeError:

     

       291
       291
       -
       			error("could not parse the provided JSON file.")

     

       292
       292
       -
       			if not prompt_bool("Do you want to overwrite the file?", default=None):

     

       293
       293
       -
       				warn("Not overwriting file, printing to stdout instead.")

     

       283
       283
       +
       			# Sanity checks

     

       284
       284
       +
       			try:

     

       285
       285
       +
       				debug(f"attempting to read file: {args.outfile}")

     

       286
       286
       +
       				with open(args.outfile) as f:

     

       287
       287
       +
       					old_data = json.load(f)

     

       288
       288
       +
       			except FileNotFoundError:

     

       289
       289
       +
       				# that's okay, we might be able to create it later.

     

       290
       290
       +
       				old_data = []

     

       291
       291
       +
       			except PermissionError:

     

       292
       292
       +
       				# that's not okay. we will need to access the file later anyways.

     

       293
       293
       +
       				error("unable to read file due to a permission error.")

     

       294
       294
       +
       				error("please make sure this script has read and write access to the file.")

     

       294
       295
        
       				print(format_json(account))

     

       295
       296
        
       				return 1

     

       296
       296
       -
       			debug('assuming old data is an empty array because we are overwriting')

     

       297
       297
       -
       			old_data = []

     

       298
       298
       -
       		if type(old_data) != list:

     

       299
       299
       -
       			error("top-level object of the existing JSON file is not a list.")

     

       300
       300
       -
       			error("due to the implementation, the file must be overwritten.")

     

       301
       301
       -
       			if not (prompt_bool("Do you want to overwrite?", default=None)):

     

       302
       302
       -
       				warn("Not overwriting existing data, printing to stdout instead.")

     

       297
       297
       +
       			except json.JSONDecodeError:

     

       298
       298
       +
       				error("could not parse the provided JSON file.")

     

       299
       299
       +
       				if not prompt_bool("Do you want to overwrite the file?", default=None):

     

       300
       300
       +
       					warn("Not overwriting file, printing to stdout instead.")

     

       301
       301
       +
       					print(format_json(account))

     

       302
       302
       +
       					return 1

     

       303
       303
       +
       				debug('assuming old data is an empty array because we are overwriting')

     

       304
       304
       +
       				old_data = []

     

       305
       305
       +
       			if type(old_data) != list:

     

       306
       306
       +
       				error("top-level object of the existing JSON file is not a list.")

     

       307
       307
       +
       				error("due to the implementation, the file must be overwritten.")

     

       308
       308
       +
       				if not (prompt_bool("Do you want to overwrite?", default=None)):

     

       309
       309
       +
       					warn("Not overwriting existing data, printing to stdout instead.")

     

       310
       310
       +
       					print(format_json(account))

     

       311
       311
       +
       					return 1

     

       312
       312
       +
       				debug("assuming old data is an empty array because we are overwriting")

     

       313
       313
       +
       				old_data = []

     

       314
       314
       +
       

     

       315
       315
       +
       			old_data.append(account)

     

       316
       316
       +
       

     

       317
       317
       +
       			try:

     

       318
       318
       +
       				debug("attempting to write file")

     

       319
       319
       +
       				with open(args.outfile, 'w+') as f:

     

       320
       320
       +
       					f.write(format_json(old_data))

     

       321
       321
       +
       				success(f"successfully written to file {args.outfile}")

     

       322
       322
       +
       				return 0

     

       323
       323
       +
       			except PermissionError:

     

       324
       324
       +
       				error("unable to write to file due to permission error.")

     

       325
       325
       +
       				error("please make sure this script has write access to the file.")

     

       303
       326
        
       				print(format_json(account))

     

       304
       327
        
       				return 1

     

       305
       305
       -
       			debug("assuming old data is an empty array because we are overwriting")

     

       306
       306
       -
       			old_data = []

     

       307
       307
       -
       

     

       308
       308
       -
       		old_data.append(account)

     

       328
       328
       +
       			except Exception as e:

     

       329
       329
       +
       				error("Unable to write to file due to an uncaught error:", e)

     

       330
       330
       +
       				tb = ''.join(traceback.TracebackException.from_exception(e).format())

     

       331
       331
       +
       				debug("exception stacktrace\n" + tb)

     

       332
       332
       +
       				print(format_json(account))

     

       309
       333
        
       

     

       310
       310
       -
       		try:

     

       311
       311
       -
       			debug("attempting to write file")

     

       312
       312
       -
       			with open(args.outfile, 'w+') as f:

     

       313
       313
       -
       				f.write(format_json(old_data))

     

       314
       314
       -
       			success(f"successfully written to file {args.outfile}")

     

       315
       315
       -
       			return 0

     

       316
       316
       -
       		except PermissionError:

     

       317
       317
       -
       			error("unable to write to file due to permission error.")

     

       318
       318
       -
       			error("please make sure this script has write access to the file.")

     

       319
       319
       -
       			print(format_json(account))

     

       320
       320
       -
       			return 1

     

       321
       321
       -
       		except Exception as e:

     

       322
       322
       -
       			error("Unable to write to file due to an uncaught error:", e)

     

       323
       323
       -
       			tb = ''.join(traceback.TracebackException.from_exception(e).format())

     

       324
       324
       -
       			debug("exception stacktrace\n" + tb)

     

       325
       325
       -
       			print(format_json(account))

     

       334
       334
       +
       		except Exception:

     

       335
       335
       +
       			debug("resulting tasks =>", format_json(tasks), override=True)

     

       336
       336
       +
       			error("an unhandled error occurred. the tasks object is printed to avoid losing otherwise successful data.")

     

       337
       337
       +
       			error("please file a bug report and attach the traceback below.")

     

       338
       338
       +
       			raise

     

       326
       339
        
       

     

       327
       327
       -
       	except Exception:

     

       328
       328
       -
       		debug("resulting tasks =>", format_json(tasks), override=True)

     

       329
       329
       -
       		error("an unhandled error occurred. the tasks object is printed to avoid losing otherwise successful data.")

     

       330
       330
       -
       		error("please file a bug report and attach the traceback below.")

     

       331
       331
       -
       		raise

     

       340
       340
       +
       	if exception != None:

     

       341
       341
       +
       		debug("resulting tasks =>", format_json(tasks))

     

       342
       342
       +
       		error("Unable to acquire guest account credentials with 5 attempts as it isn't present in any of the API responses.")

     

       343
       343
       +
       		error("This might be because of a wide variety of reasons, but it most likely is due to your IP being rate-limited.")

     

       344
       344
       +
       		error("Try again with a new IP address or in 24 hours after this attempt.")

     

       345
       345
       +
       		return 1

     

       332
       346
        
       

     

       333
       347
        
       	return 0

     

       334
       348

Compare changes