bump nixos version

* adds omadad support
disassembler · Jul 25, 2023 · 20cc90d · 20cc90d
1 parent 529627a
commit 20cc90d
Show file tree

Hide file tree

Showing 12 changed files with 276 additions and 23 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/modules/services/omadad/default.nix b/modules/services/omadad/default.nix
@@ -17,7 +17,7 @@ in {
 
     user = mkOption {
       default = defaultUser;
-      example = "john";
+      example = "omadad";
       type = types.str;
       description = ''
         The name of an existing user account to use to own the omadad server
@@ -27,7 +27,7 @@ in {
 
     group = mkOption {
       default = defaultUser;
-      example = "john";
+      example = "omadad";
       type = types.str;
       description = ''
         Group to own the omadad server process.
@@ -36,7 +36,7 @@ in {
 
     dataDir = mkOption {
       default = "/var/lib/omadad/";
-      example = "/home/john/.omadad/";
+      example = "/home/omadad/.omadad/";
       type = types.path;
       description = ''
         The state directory for omadad.
@@ -69,6 +69,14 @@ in {
       '';
     };
 
+    mongodb = mkOption {
+      type = types.package;
+      default = pkgs.mongodb-4_4;
+      description = ''
+        mongodb package
+      '';
+    };
+
     openFirewall = mkOption {
       type = types.bool;
       default = false;
@@ -85,16 +93,16 @@ in {
       description = "Wifi access point controller";
       wantedBy = [ "multi-user.target" ];
       after = [ "network-online.target" ];
-      path = [ pkgs.bash pkgs.mongodb pkgs.nettools pkgs.curl pkgs.procps ];
+      path = [ pkgs.bash cfg.mongodb pkgs.nettools pkgs.curl pkgs.procps ];
 
       serviceConfig = let
-        java_opts = "-classpath '${cfg.dataDir}/lib/*' -server -Xms128m -Xmx1024m -XX:MaxHeapFreeRatio=60 -XX:MinHeapFreeRatio=30 -XX:+HeapDumpOnOutOfMemoryError -DhttpPort=${toString cfg.httpPort} -DhttpsPort=${toString cfg.httpsPort} -DmongoPort=${toString cfg.mongoPort} -DdataDir=${cfg.dataDir}/data -Deap.home=${cfg.dataDir} --add-opens=java.base/sun.security.x509=ALL-UNNAMED";
+        java_opts = "-classpath '${cfg.dataDir}/lib/*' -server -Xms128m -Xmx1024m -XX:MaxHeapFreeRatio=60 -XX:MinHeapFreeRatio=30 -XX:+HeapDumpOnOutOfMemoryError -DhttpPort=${toString cfg.httpPort} -DhttpsPort=${toString cfg.httpsPort} -DmongoPort=${toString cfg.mongoPort} -DdataDir=${cfg.dataDir}/data -Deap.home=${cfg.dataDir}";
         main_class = "com.tplink.smb.omada.starter.OmadaLinuxMain";
       in {
         Type = "simple";
         User = cfg.user;
         Group = cfg.group;
-        ExecStart = "${pkgs.jre}/bin/java ${java_opts} ${main_class}";
+        ExecStart = "${pkgs.openjdk8}/bin/java ${java_opts} ${main_class}";
         WorkingDirectory = "${cfg.dataDir}/data";
       };
 

diff --git a/modules/services/omadad/forget-build-dependencies.patch b/modules/services/omadad/forget-build-dependencies.patch
@@ -0,0 +1,16 @@
+# MongoDB keeps track of its build parameters, which tricks nix into
+# keeping dependencies to build inputs in the final output.
+# We remove the build flags from buildInfo data.
+--- a/site_scons/mongo/generators.py
++++ b/site_scons/mongo/generators.py
+@@ -18,10 +18,7 @@ def default_buildinfo_environment_data():
+         ('distmod', '$MONGO_DISTMOD', True, True,),
+         ('distarch', '$MONGO_DISTARCH', True, True,),
+         ('cc', '$CC_VERSION', True, False,),
+-        ('ccflags', '$CCFLAGS', True, False,),
+         ('cxx', '$CXX_VERSION', True, False,),
+-        ('cxxflags', '$CXXFLAGS', True, False,),
+-        ('linkflags', '$LINKFLAGS', True, False,),
+         ('target_arch', '$TARGET_ARCH', True, True,),
+         ('target_os', '$TARGET_OS', True, False,),
+     )
diff --git a/modules/services/omadad/mongodb.nix b/modules/services/omadad/mongodb.nix
@@ -0,0 +1,194 @@
+{ lib
+, stdenv
+, fetchurl
+, sconsPackages
+, boost
+, gperftools
+, pcre-cpp
+, snappy
+, zlib
+, yaml-cpp
+, sasl
+, openssl
+, libpcap
+, python3
+, curl
+, Security
+, CoreFoundation
+, cctools
+, xz
+}:
+
+# Note:
+#   The command line administrative tools are part of other packages:
+#   see pkgs.mongodb-tools and pkgs.mongosh.
+
+with lib;
+
+{ version, sha256, patches ? []
+, license ? lib.licenses.sspl
+}:
+
+let
+  variants =
+    if versionAtLeast version "6.0" then rec {
+      python = scons.python.withPackages (ps: with ps; [
+        pyyaml
+        cheetah3
+        psutil
+        setuptools
+        packaging
+        pymongo
+      ]);
+
+      scons = sconsPackages.scons_3_1_2;
+
+      mozjsVersion = "60";
+      mozjsReplace = "defined(HAVE___SINCOS)";
+
+    } else rec {
+      python = scons.python.withPackages (ps: with ps; [
+        pyyaml
+        cheetah3
+        psutil
+        setuptools
+      ]);
+
+      scons = sconsPackages.scons_3_1_2;
+
+      mozjsVersion = "60";
+      mozjsReplace = "defined(HAVE___SINCOS)";
+
+    };
+
+  system-libraries = [
+    "boost"
+    "pcre"
+    "snappy"
+    "yaml"
+    "zlib"
+    #"asio" -- XXX use package?
+    #"stemmer"  -- not nice to package yet (no versioning, no makefile, no shared libs).
+    #"valgrind" -- mongodb only requires valgrind.h, which is vendored in the source.
+    #"wiredtiger"
+  ] ++ optionals stdenv.isLinux [ "tcmalloc" ];
+  inherit (lib) systems subtractLists;
+
+in stdenv.mkDerivation rec {
+  inherit version;
+  pname = "mongodb";
+
+  src = fetchurl {
+    url = "https://fastdl.mongodb.org/src/mongodb-src-r${version}.tar.gz";
+    inherit sha256;
+  };
+
+  nativeBuildInputs = [ variants.scons ]
+    ++ lib.optionals (versionAtLeast version "4.4") [ xz ];
+
+  buildInputs = [
+    boost
+    curl
+    gperftools
+    libpcap
+    yaml-cpp
+    openssl
+    pcre-cpp
+    variants.python
+    sasl
+    snappy
+    zlib
+  ] ++ lib.optionals stdenv.isDarwin [ Security CoreFoundation cctools ];
+
+  # MongoDB keeps track of its build parameters, which tricks nix into
+  # keeping dependencies to build inputs in the final output.
+  # We remove the build flags from buildInfo data.
+  inherit patches;
+
+  postPatch = ''
+    # fix environment variable reading
+    substituteInPlace SConstruct \
+        --replace "env = Environment(" "env = Environment(ENV = os.environ,"
+   '' + lib.optionalString (versionAtLeast version "4.4") ''
+    # Fix debug gcc 11 and clang 12 builds on Fedora
+    # https://github.com/mongodb/mongo/commit/e78b2bf6eaa0c43bd76dbb841add167b443d2bb0.patch
+    substituteInPlace src/mongo/db/query/plan_summary_stats.h --replace '#include <string>' '#include <optional>
+    #include <string>'
+    substituteInPlace src/mongo/db/exec/plan_stats.h --replace '#include <string>' '#include <optional>
+    #include <string>'
+  '' + lib.optionalString (versionOlder version "5.0") ''
+    # remove -march overriding, we know better.
+    sed -i 's/env.Append.*-march=.*$/pass/' SConstruct
+  '' + lib.optionalString (stdenv.isDarwin && versionOlder version "6.0") ''
+    substituteInPlace src/third_party/mozjs-${variants.mozjsVersion}/extract/js/src/jsmath.cpp --replace '${variants.mozjsReplace}' 0
+  '' + lib.optionalString (stdenv.isDarwin && versionOlder version "3.6") ''
+    substituteInPlace src/third_party/s2/s1angle.cc --replace drem remainder
+    substituteInPlace src/third_party/s2/s1interval.cc --replace drem remainder
+    substituteInPlace src/third_party/s2/s2cap.cc --replace drem remainder
+    substituteInPlace src/third_party/s2/s2latlng.cc --replace drem remainder
+    substituteInPlace src/third_party/s2/s2latlngrect.cc --replace drem remainder
+  '' + lib.optionalString stdenv.isi686 ''
+
+    # don't fail by default on i686
+    substituteInPlace src/mongo/db/storage/storage_options.h \
+      --replace 'engine("wiredTiger")' 'engine("mmapv1")'
+  '';
+
+  env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang
+    "-Wno-unused-command-line-argument";
+
+  sconsFlags = [
+    "--release"
+    "--ssl"
+    #"--rocksdb" # Don't have this packaged yet
+    "--wiredtiger=on"
+    "--js-engine=mozjs"
+    "--use-sasl-client"
+    "--disable-warnings-as-errors"
+    "VARIANT_DIR=nixos" # Needed so we don't produce argument lists that are too long for gcc / ld
+  ] ++ lib.optionals (versionAtLeast version "4.4") [ "--link-model=static" ]
+    ++ map (lib: "--use-system-${lib}") system-libraries;
+
+  preBuild = ''
+    sconsFlags+=" CC=$CC"
+    sconsFlags+=" CXX=$CXX"
+  '' + optionalString stdenv.isAarch64 ''
+    sconsFlags+=" CCFLAGS='-march=armv8-a+crc'"
+  '';
+
+  preInstall = ''
+    mkdir -p "$out/lib"
+  '';
+
+  postInstall = ''
+    rm -f "$out/bin/install_compass" || true
+  '';
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+    "$out/bin/mongo" --version
+    runHook postInstallCheck
+  '';
+
+  installTargets =
+    if (versionAtLeast version "6.0") then "install-devcore"
+    else if (versionAtLeast version "4.4") then "install-core"
+    else "install";
+
+  prefixKey = if (versionAtLeast version "4.4") then "DESTDIR=" else "--prefix=";
+
+  enableParallelBuilding = true;
+
+  hardeningEnable = [ "pie" ];
+
+  meta = {
+    description = "A scalable, high-performance, open source NoSQL database";
+    homepage = "http://www.mongodb.org";
+    inherit license;
+
+    maintainers = with maintainers; [ bluescreen303 offline cstrahan ];
+    platforms = subtractLists systems.doubles.i686 systems.doubles.unix;
+    broken = (versionOlder version "6.0" && stdenv.system == "aarch64-darwin");
+  };
+}
diff --git a/modules/services/omadad/mongodb3.nix b/modules/services/omadad/mongodb3.nix
@@ -0,0 +1,11 @@
+{ stdenv, callPackage, lib, boost }:
+
+let
+  buildMongoDB = callPackage ./mongodb.nix {
+    inherit boost;
+  };
+in buildMongoDB {
+  version = "3.6.23";
+  sha256 = "sha256-EJpIerW4zcGJvHfqJ65fG8yNsLRlUnRkvYfC+jkoFJ4=";
+  patches = [ ./forget-build-dependencies.patch ];
+}
diff --git a/modules/services/omadad/package.nix b/modules/services/omadad/package.nix
@@ -1,13 +1,13 @@
 { stdenv, lib, fetchurl, mongodb }: let
 
-  version = "5.7.4";
-  year = "2022";
-  month = "11";
+  version = "5.9.31";
+  year = "2023";
+  month = "03";
   day = "21";
   url = "https://static.tp-link.com/upload/software/${year}/${year}${month}/${year}${month}${day}/Omada_SDN_Controller_v${version}_Linux_x64.tar.gz";
   src = fetchurl {
     inherit url;
-    sha256 = "sha256-6xG80bOFoJg3DXe00zw4t9QOfw/ADrHjowWHUtQtj0s=";
+    sha256 = "sha256-rSrioNDgzCJES5YneklHIYpropgvNsU141cqNZAghww=";
   };
 
 

diff --git a/nixos/colmena.nix b/nixos/colmena.nix
@@ -4,11 +4,11 @@
 , ...
 }:
 let
-  mkNode = server: ip: fast:
-    self.nixosConfigurations."${server}" // {
-      deployment.targetHost = ip;
-      deployment.targetPort = 22;
-      deployment.targetUser = "root";
+  mkNode = server: ip: fast: {
+    imports = [self.nixosConfigurations."${server}".config];
+    deployment.targetHost = ip;
+    deployment.targetPort = 22;
+    deployment.targetUser = "root";
     };
 in
 {

diff --git a/nixos/deploy.nix b/nixos/deploy.nix
@@ -16,7 +16,7 @@ in
   sshUser = "root";
   nodes = {
     optina = mkNode "optina" "10.40.33.20" true;
-    portal = mkNode "portal" "10.40.33.1" true;
+    portal = mkNode "portal" "prophet.samleathers.com" true;
     sarov  = mkNode "sarov" "10.40.33.183" true;
     valaam = mkNode "valaam" "10.40.33.21" true;
     prod01 = mkNode "prod01" "45.76.4.212" false;

diff --git a/nixos/optina/configuration.nix b/nixos/optina/configuration.nix
@@ -371,9 +371,9 @@ in
         passwordFile = config.sops.secrets.gitea_dbpass.path;
       };
     };
-    mongodb.enable = true;
+    #mongodb.enable = true;
     omadad = {
-      enable = false;
+      enable = true;
       httpPort = 8089;
       httpsPort = 10443;
     };

diff --git a/nixos/optina/minecraft-bedrock.nix b/nixos/optina/minecraft-bedrock.nix
@@ -1,8 +1,8 @@
 { stdenv, fetchurl, patchelf, openssl, unzip, lib, zlib, curl }:
 
 let
-  version = "1.19.51.01";
-  sha256 = "sha256-ZzSlPYM8On0xTsifQgC4GE14g0lBDAImYtYGM3/BYZ0=";
+  version = "1.20.0.01";
+  sha256 = "sha256-pm/bu8rcAUlNFlWsm1f4+RGWmF6LxOhMT8am0a1PNF4=";
   rpath = lib.makeLibraryPath [ zlib openssl stdenv.cc.cc curl ];
 in
 stdenv.mkDerivation rec {

diff --git a/nixos/portal/configuration.nix b/nixos/portal/configuration.nix
@@ -248,6 +248,10 @@ in
             publicKey = "PiXwxQyrMi7iCZvTrmd2V9OB6008aOIU1bOaWi9xOlI=";
             allowedIPs = [ "10.40.9.25/32" ];
           }
+          {
+            publicKey = "5f6TDkTVN8OS/xF7M12+rEUibIWljqMrMrBwXU34MUw=";
+            allowedIPs = [ "10.70.0.1/32" ];
+          }
           {
             publicKey = "mFn9gVTlPTEa+ZplilmKiZ0pYqzzof75IaDiG9q/pko=";
             allowedIPs = [ "10.40.9.39/32" "10.39.0.0/24" "2601:98a:4000:9ed0::1/64" "fd00::39/128" ];
@@ -376,6 +380,7 @@ in
         option space ubnt;
         option ubnt.UNIFI-IP-ADDRESS code 1 = ip-address;
         option ubnt.UNIFI-IP-ADDRESS 10.40.33.20;
+        option ovwma code 138 = ip-address;
 
         class "ubnt" {
           match if substring (option vendor-class-identifier, 0, 4) = "ubnt";
@@ -429,6 +434,7 @@ in
           option routers 10.40.3.1;
           option domain-name-servers 10.40.3.1;
           range 10.40.3.100 10.40.3.200;
+          option ovwma 10.40.33.20;
         }
       '';
     };