diff --git a/flake.lock b/flake.lock index b36bd34..7e0d6a7 100644 --- a/flake.lock +++ b/flake.lock @@ -57,14 +57,16 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils_2" + "utils": [ + "flake-utils" + ] }, "locked": { - "lastModified": 1679280255, - "narHash": "sha256-Z0LfAI9AfdhnPoT1TEFu5F11XgJ6UNwQIZILgYnrxfU=", + "lastModified": 1679280767, + "narHash": "sha256-h+mOKksNjbnvryPB28nWOeaGyFBAHqJ2Tu9BLeHMZgU=", "owner": "tlm-solutions", "repo": "data-accumulator", - "rev": "ae17cdbc7590f82a224301899be34c57ccee8811", + "rev": "fd14ca0586133027f695eba6ce3bc1be6667f701", "type": "github" }, "original": { @@ -84,7 +86,9 @@ "tlms-rs": [ "tlms-rs" ], - "utils": "utils_3" + "utils": [ + "flake-utils" + ] }, "locked": { "lastModified": 1678477361, @@ -156,11 +160,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", "owner": "numtide", "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", "type": "github" }, "original": { @@ -176,7 +180,9 @@ "nixpkgs" ], "tlms-rust": "tlms-rust", - "utils": "utils_4" + "utils": [ + "flake-utils" + ] }, "locked": { "lastModified": 1678020126, @@ -197,7 +203,9 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils_5" + "utils": [ + "flake-utils" + ] }, "locked": { "lastModified": 1678306615, @@ -234,7 +242,9 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils_6" + "utils": [ + "flake-utils" + ] }, "locked": { "lastModified": 1678484240, @@ -253,7 +263,9 @@ "microvm": { "inputs": { "fenix": "fenix", - "flake-utils": "flake-utils", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ] @@ -346,6 +358,7 @@ "data-accumulator": "data-accumulator", "datacare": "datacare", "documentation-src": "documentation-src", + "flake-utils": "flake-utils", "funnel": "funnel", "gnuradio-decoder": "gnuradio-decoder", "kindergarten": "kindergarten", @@ -434,7 +447,9 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils_7" + "utils": [ + "flake-utils" + ] }, "locked": { "lastModified": 1678547620, @@ -458,14 +473,16 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils_8" + "utils": [ + "flake-utils" + ] }, "locked": { - "lastModified": 1679279026, - "narHash": "sha256-ep22GpG1Bs+bJkk/T2odFlDMSYtsojn1hmfMBnCIlB0=", + "lastModified": 1679280726, + "narHash": "sha256-Q4AtmR9IeMRM9uLBIoet99MCm6YDCqE4SDZzx55WobU=", "owner": "tlm-solutions", "repo": "telegram-decoder", - "rev": "3a441f90c1dc02ffe3b1cc892e37d272f83efef6", + "rev": "2631bfffdc5a40f539e2a640961f115b760e5a85", "type": "github" }, "original": { @@ -481,11 +498,11 @@ ] }, "locked": { - "lastModified": 1679278853, - "narHash": "sha256-wGWZ1Cs0VRREms6/Yfdd70ECm7gsRWw6EQOet0MbWyg=", + "lastModified": 1679280626, + "narHash": "sha256-Im9VhJm99E6C2oI3u3ZG66EF/xTsoauv/JmbQu+Vk58=", "owner": "tlm-solutions", "repo": "tlms.rs", - "rev": "4b78be3caa74591928f93bc1219a18a0413a51cf", + "rev": "f9d6b514fb4165acd8c779bb0708f078cf3ecf94", "type": "github" }, "original": { @@ -521,7 +538,9 @@ "tlms-rs": [ "tlms-rs" ], - "utils": "utils_9" + "utils": [ + "flake-utils" + ] }, "locked": { "lastModified": 1678485606, @@ -552,156 +571,6 @@ "type": "github" } }, - "utils_10": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_11": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_2": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_3": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_4": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_5": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_6": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_7": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_8": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_9": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "wartrammer": { "inputs": { "naersk": [ @@ -711,7 +580,9 @@ "nixpkgs" ], "nixpkgs-unstable": "nixpkgs-unstable", - "utils": "utils_10" + "utils": [ + "flake-utils" + ] }, "locked": { "lastModified": 1677985694, @@ -732,7 +603,9 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils_11" + "utils": [ + "flake-utils" + ] }, "locked": { "lastModified": 1678530041, diff --git a/flake.nix b/flake.nix index 4f26ac4..073af13 100644 --- a/flake.nix +++ b/flake.nix @@ -9,9 +9,13 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # DO NOT remame this to utils + flake-utils.url = github:numtide/flake-utils; + microvm = { url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; }; sops-nix = { @@ -31,6 +35,7 @@ nixpkgs.follows = "nixpkgs"; naersk.follows = "naersk"; tlms-rs.follows = "tlms-rs"; + utils.follows = "flake-utils"; }; }; @@ -40,12 +45,14 @@ nixpkgs.follows = "nixpkgs"; naersk.follows = "naersk"; tlms-rs.follows = "tlms-rs"; + utils.follows = "flake-utils"; }; }; kindergarten = { url = "github:tlm-solutions/kindergarten"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.utils.follows = "flake-utils"; }; telegram-decoder = { @@ -53,40 +60,47 @@ inputs = { nixpkgs.follows = "nixpkgs"; naersk.follows = "naersk"; + utils.follows = "flake-utils"; }; }; gnuradio-decoder = { url = "github:tlm-solutions/gnuradio-decoder"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.utils.follows = "flake-utils"; }; data-accumulator = { url = "github:tlm-solutions/data-accumulator"; inputs.nixpkgs.follows = "nixpkgs"; inputs.naersk.follows = "naersk"; + inputs.utils.follows = "flake-utils"; }; state-api = { url = "github:tlm-solutions/state-api"; inputs.nixpkgs.follows = "nixpkgs"; inputs.naersk.follows = "naersk"; + inputs.utils.follows = "flake-utils"; }; funnel = { url = "github:tlm-solutions/funnel"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.utils.follows = "flake-utils"; }; windshield = { url = "github:tlm-solutions/windshield"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.utils.follows = "flake-utils"; }; wartrammer = { url = "github:tlm-solutions/wartrammer-40k"; inputs.nixpkgs.follows = "nixpkgs"; inputs.naersk.follows = "naersk"; + inputs.utils.follows = "flake-utils"; }; tlms-rs = { diff --git a/modules/TLMS/binary-cache.nix b/modules/TLMS/binary-cache.nix index 4395e4b..052ca7b 100644 --- a/modules/TLMS/binary-cache.nix +++ b/modules/TLMS/binary-cache.nix @@ -11,11 +11,11 @@ config = lib.mkIf config.TLMS.useBinaryCache { nix.settings = { substituters = [ - "https://dump-dvb.cachix.org" + "https://tlm-solutions.cachix.org" "https://hydra.hq.c3d2.de" ]; trusted-public-keys = [ - "dump-dvb.cachix.org-1:+Dq7gqpQG4YlLA2X3xJsG1v3BrlUGGpVtUKWk0dTyUU=" + "tlm-solutions.cachix.org-1:J7qT6AvoNWPSj+59ed5bNESj35DLJNaROqga1EjVIoA=" "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=" ]; }; diff --git a/modules/data-hoarder/postgres.nix b/modules/data-hoarder/postgres.nix index 5e3635f..b2d1a10 100644 --- a/modules/data-hoarder/postgres.nix +++ b/modules/data-hoarder/postgres.nix @@ -29,10 +29,7 @@ TimeoutSec = lib.mkForce 3000; }; postStart = lib.mkAfter '' - # TODO: make shure grafana can't read tokens... - $PSQL -c "GRANT CONNECT ON DATABASE tlms TO grafana;" - $PSQL -c "GRANT SELECT ON ALL TABLES IN SCHEMA public TO grafana"; - + # set pw for the users $PSQL -c "ALTER ROLE tlms WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password.path})';" $PSQL -c "ALTER ROLE grafana WITH PASSWORD '$(cat ${config.sops.secrets.postgres_password_grafana.path})';" @@ -40,23 +37,16 @@ ${inputs.tlms-rs.packages.x86_64-linux.run-migration-based}/bin/run-migration # fixup permissions + # tlms is practically root, we need to FIXME something about it $PSQL -c "GRANT ALL ON DATABASE tlms TO tlms;" $PSQL -d tlms -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO tlms;" $PSQL -d tlms -c "GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO tlms;" - unset DATABASE_URL - - export DATABASE_URL=postgres:///dvbdump - - ${inputs.tlms-rs.packages.x86_64-linux.run-migration}/bin/run-migration - - # fixup permissions - $PSQL -c "GRANT ALL ON DATABASE dvbdump TO dvbdump;" - $PSQL -d dvbdump -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO dvbdump;" - $PSQL -d dvbdump -c "GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO dvbdump;" + # Get graphana to SELECT from tables that might be interesting for it + $PSQL -c "GRANT CONNECT ON DATABASE tlms TO grafana;" + $PSQL -d tlms -c "GRANT SELECT ON r09_telegrams, raw_telegrams, gps_points, trekkie_runs, regions TO grafana;" unset DATABASE_URL - ''; };