emily/nixfiles
emily/nixfiles
1
0
Fork 0
Code Issues Pull requests Activity

Update from update-inputs-2024-08-15-04-20

Browse source
This commit is contained in:
Update Bot 2024-08-15 04:20:29 +02:00
parent 1b4b912e35 9d7a876ab3
commit d2b374fb1b
No known key found for this signature in database
13 changed files with 820 additions and 512 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml
View file

@ -2,6 +2,7 @@ keys:
- &emily B04F01A7A98A13020C39B4A68AB7B773A214ACE5
- &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
creation_rules:
- path_regex: secrets/services/dns-knot.yaml
key_groups:
@ -39,3 +40,9 @@ creation_rules:
- *emily
age:
- *seras
- path_regex: secrets/services/nyastodon.yaml
key_groups:
- pgp:
- *emily
age:
- *girldick

4
config/common/users/emily/default.nix
View file

@ -42,8 +42,8 @@
libnotify
slurp
grim
gnome.simple-scan
cinnamon.nemo
simple-scan
nemo
imagemagick_light
#ubuntu_font_family

5
config/hosts/ryuuko/configuration.nix
View file

@ -27,8 +27,9 @@
hardware.gpgSmartcards.enable = true;
hardware.nitrokey.enable = true;
hardware.opengl = {
driSupport32Bit = true;
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
libvdpau-va-gl

2
config/profiles/graphical/default.nix
View file

@ -10,8 +10,6 @@
kyouma.machine-type.graphical = true;
hardware.opengl.enable = true;
boot.plymouth.enable = true;
security.pam.services.hyprlock = {};

4
config/profiles/graphical/nixvim.nix
View file

@ -162,7 +162,7 @@
servers = {
bashls.enable = true;
lua-ls.enable = true;
nil_ls = {
nil-ls = {
enable = true;
settings.formatting.command = [ "nixfmt" "-w" "140" ];
};
@ -201,7 +201,7 @@
plugins.treesitter = {
enable = true;
nixGrammars = true;
indent = true;
settings.indent.enable = true;
};
plugins.airline.enable = true;
plugins.cmp-buffer.enable = true;

25
config/services/nyastodon.nix
View file

@ -1,4 +1,24 @@
{ config, pkgs, ... }: {
sops.secrets."services/nyastodon/extraEnvFile" = {
sopsFile = ../../secrets/services/nyastodon.yaml;
owner = "mastodon";
};
sops.secrets."services/nyastodon/secretKeyBaseFile" = {
sopsFile = ../../secrets/services/nyastodon.yaml;
owner = "mastodon";
};
sops.secrets."services/nyastodon/otpSecretFile" = {
sopsFile = ../../secrets/services/nyastodon.yaml;
owner = "mastodon";
};
sops.secrets."services/nyastodon/vapidPrivateKeyFile" = {
sopsFile = ../../secrets/services/nyastodon.yaml;
owner = "mastodon";
};
sops.secrets."services/nyastodon/vapidPublicKeyFile" = {
sopsFile = ../../secrets/services/nyastodon.yaml;
owner = "mastodon";
};
services.mastodon = {
enable = true;
package = pkgs.nyastodon;
@ -6,5 +26,10 @@
configureNginx = true;
smtp.fromAddress = "webmaster@girldick.gay";
streamingProcesses = 16;
extraEnvFiles = [ config.sops.secrets."services/nyastodon/extraEnvFile".path ];
secretKeyBaseFile = config.sops.secrets."services/nyastodon/secretKeyBaseFile".path;
otpSecretFile = config.sops.secrets."services/nyastodon/otpSecretFile".path;
vapidPrivateKeyFile = config.sops.secrets."services/nyastodon/vapidPrivateKeyFile".path;
vapidPublicKeyFile = config.sops.secrets."services/nyastodon/vapidPublicKeyFile".path;
};
}

12
flake.lock
View file

@ -205,11 +205,11 @@
]
},
"locked": {
"lastModified": 1723426710,
"narHash": "sha256-yrS9al6l3fYfFfvovnyBWnyELDQOdfKyai4K/jKgoBw=",
"lastModified": 1723685519,
"narHash": "sha256-GkXQIoZmW2zCPp1YFtAYGg/xHNyFH/Mgm79lcs81rq0=",
"owner": "nix-community",
"repo": "disko",
"rev": "0d510fe40b56ed74907a021d7e1ffd0042592914",
"rev": "276a0d055a720691912c6a34abb724e395c8e38a",
"type": "github"
},
"original": {
@ -651,11 +651,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1723481641,
"narHash": "sha256-9djT72/Ab2E3SpUbB3l0WmqZQ5mj05+LIVoorcjCWgE=",
"lastModified": 1723670331,
"narHash": "sha256-bQaWqflbYdOn28NJHMTMMPgswlQRXhZh+a3WQAeyaFE=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "dbf6f7bc997dc3a9ab1f014ea075600357226950",
"rev": "a96aa9730af8c85dd7ed15e359ac23e9686f0a9a",
"type": "github"
},
"original": {

173
pkgs/nyastodon/default.nix
View file

@ -1,161 +1,28 @@
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests
, yarn-berry, callPackage, ruby, writeShellScript
, brotli
# Allow building a fork or custom version of Mastodon:
, pname ? "nyastodon"
, version ? srcOverride.version
, patches ? []
# src is a package
, srcOverride ? callPackage ./source.nix { inherit patches; }
, gemset ? ./. + "/gemset.nix"
, yarnHash ? srcOverride.yarnHash
{
callPackage,
mastodon,
patches ? [],
}:
stdenv.mkDerivation rec {
inherit pname version;
src = srcOverride;
mastodonGems = bundlerEnv {
name = "${pname}-gems-${version}";
inherit version gemset ruby;
gemdir = src;
let
src = callPackage ./source.nix {
inherit patches;
};
mastodonModules = stdenv.mkDerivation {
pname = "${pname}-modules";
inherit src version;
yarnOfflineCache = callPackage ./yarn.nix {
src = srcOverride;
hash = yarnHash;
};
nativeBuildInputs = [ nodejs-slim yarn-berry mastodonGems mastodonGems.wrappedRuby brotli ];
RAILS_ENV = "production";
NODE_ENV = "production";
buildPhase = ''
runHook preBuild
export HOME=$PWD
# This option is needed for openssl-3 compatibility
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
export NODE_OPTIONS=--openssl-legacy-provider
export YARN_ENABLE_TELEMETRY=0
mkdir -p ~/.yarn/berry
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
yarn install --immutable --immutable-cache
patchShebangs ~/bin
patchShebangs ~/node_modules
# skip running yarn install
rm -rf ~/bin/yarn
OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
rails assets:precompile
yarn cache clean
rm -rf ~/node_modules/.cache
# Create missing static gzip and brotli files
gzip --best --keep ~/public/assets/500.html
gzip --best --keep ~/public/packs/report.html
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
-exec gzip --best --keep --force {} ';'
brotli --best --keep ~/public/packs/report.html
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
-exec brotli --best --keep {} ';'
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/public
cp -r node_modules $out/node_modules
cp -r public/assets $out/public
cp -r public/packs $out/public
runHook postInstall
'';
yarn-deps = callPackage ./yarn.nix {
inherit src;
hash = src.yarnHash;
};
propagatedBuildInputs = [ mastodonGems.wrappedRuby ];
nativeBuildInputs = [ brotli ];
buildInputs = [ mastodonGems nodejs-slim ];
buildPhase = ''
runHook preBuild
ln -s $mastodonModules/node_modules node_modules
ln -s $mastodonModules/public/assets public/assets
ln -s $mastodonModules/public/packs public/packs
patchShebangs bin/
for b in $(ls $mastodonGems/bin/)
do
if [ ! -f bin/$b ]; then
ln -s $mastodonGems/bin/$b bin/$b
fi
done
# Remove execute permissions
chmod 0444 public/emoji/*.svg
# Create missing static gzip and brotli files
find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
find public/emoji -type f -name '.*.svg' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
ln -s assets/500.html.gz public/500.html.gz
ln -s assets/500.html.br public/500.html.br
ln -s packs/sw.js.gz public/sw.js.gz
ln -s packs/sw.js.br public/sw.js.br
ln -s packs/sw.js.map.gz public/sw.js.map.gz
ln -s packs/sw.js.map.br public/sw.js.map.br
rm -rf log
ln -s /var/log/mastodon log
ln -s /tmp tmp
runHook postBuild
'';
installPhase = let
run-streaming = writeShellScript "run-streaming.sh" ''
# NixOS helper script to consistently use the same NodeJS version the package was built with.
${nodejs-slim}/bin/node ./streaming
'';
in ''
runHook preInstall
mkdir -p $out
cp -r * $out/
ln -s ${run-streaming} $out/run-streaming.sh
runHook postInstall
'';
passthru = {
tests.mastodon = nixosTests.mastodon;
# run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
updateScript = ./update.sh;
nyastodon = mastodon.override {
pname = "nyastodon";
srcOverride = src;
gemset = ./gemset.nix;
};
meta = with lib; {
description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
homepage = "https://joinmastodon.org";
license = licenses.agpl3Plus;
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ];
modules = callPackage ./modules.nix {
inherit nyastodon yarn-deps;
};
}
in
nyastodon.overrideAttrs (_: {
mastodonModules = modules;
})

969
pkgs/nyastodon/gemset.nix
View file

File diff suppressed because it is too large Load diff

75
pkgs/nyastodon/modules.nix Normal file
View file

@ -0,0 +1,75 @@
# copied from https://git.catgirl.cloud/999eagle/dotfiles-nix/-/blob/main/overlay/mastodon/glitch/modules.nix
{
stdenv,
nodejs-slim,
yarn-berry,
brotli,
# previous inputs
nyastodon,
yarn-deps,
}:
stdenv.mkDerivation {
pname = "glitch-modules";
inherit (nyastodon) src version;
yarnOfflineCache = yarn-deps;
nativeBuildInputs = [nyastodon.mastodonGems nyastodon.mastodonGems.wrappedRuby] ++ [nodejs-slim yarn-berry brotli];
RAILS_ENV = "production";
NODE_ENV = "production";
buildPhase = ''
runHook preBuild
export HOME=$PWD
# This option is needed for openssl-3 compatibility
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
export NODE_OPTIONS=--openssl-legacy-provider
export YARN_ENABLE_TELEMETRY=0
# what the actual *fuck* https://github.com/yarnpkg/berry/issues/6309
export UV_USE_IO_URING=0
mkdir -p ~/.yarn/berry
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
yarn install --immutable --immutable-cache
patchShebangs ~/bin
patchShebangs ~/node_modules
# skip running yarn install
rm -rf ~/bin/yarn
OTP_SECRET=precompile_placeholder \
SECRET_KEY_BASE=precompile_placeholder \
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=precompile_placeholder \
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=precompile_placeholder \
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=precompile_placeholder \
rails assets:precompile
yarn cache clean
rm -rf ~/node_modules/.cache
# Create missing static gzip and brotli files
gzip --best --keep ~/public/assets/500.html
gzip --best --keep ~/public/packs/report.html
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
-exec gzip --best --keep --force {} ';'
brotli --best --keep ~/public/packs/report.html
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
-exec brotli --best --keep {} ';'
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/public
cp -r node_modules $out/node_modules
cp -r public/assets $out/public
cp -r public/packs $out/public
runHook postInstall
'';
}

12
pkgs/nyastodon/source.nix
View file

@ -1,17 +1,17 @@
# This file was generated by pkgs.mastodon.updateScript.
{ fetchgit, applyPatches, patches ? [] }:
{ lib, fetchgit, applyPatches, patches ? [] }:
let
version = "v4.3.0-alpha.3+glitch+cat+1.0.0+nya-1.2.2";
version = "4.3.0-alpha.5+glitch+cat+1.0.8";
in
(
applyPatches {
src = fetchgit {
url = "https://woof.rip/mirrors/nyastodon.git";
rev = "refs/heads/develop";
hash = "sha256-YFQPzsqJxGOS4E/1+chB+C7vD+NlgFiRekDsGZdcL9c=";
url = "https://woof.rip/mirrors/catstodon.git";
rev = "7d8714db8135f5c3dfc81964887248d76a797788";
hash = "sha256-VPXsIRAZxNOaLRI+g2gDy582BYx5t/SHv4xIrGAFTz0=";
};
patches = patches ++ [];
}) // {
inherit version;
yarnHash = "sha256-XYTQaeSCaws9pR2QAYX2Y4F4BXLdQdBwYV9rCE3tYRA=";
yarnHash = "sha256-kkjRYQPjWB1udlpIH2Q+a+bbiqXw1T/dgv3KmQk/YBY=";
}

6
pkgs/nyastodon/update.sh
View file

@ -2,7 +2,7 @@
#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-git gnused jq prefetch-yarn-deps yarn-lock-converter
set -e
URL=https://woof.rip/mirrors/nyastodon.git
URL=https://woof.rip/mirrors/catstodon.git
POSITIONAL=()
while [[ $# -gt 0 ]]; do
@ -79,7 +79,7 @@ HASH=$(echo "$JSON" | jq -r .hash)
cat > source.nix << EOF
# This file was generated by pkgs.mastodon.updateScript.
{ fetchgit, applyPatches, patches ? [] }:
{ lib, fetchgit, applyPatches, patches ? [] }:
let
version = "$VERSION";
in
@ -93,7 +93,7 @@ in
patches = patches ++ [$PATCHES];
}) // {
inherit version;
yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
yarnHash = lib.fakeHash;
}
EOF
SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"

38
secrets/services/nyastodon.yaml Normal file
View file

@ -0,0 +1,38 @@
services:
nyastodon:
secretKeyBaseFile: ENC[AES256_GCM,data:VywfWY41tcM6zDCMlCLnOh5hRCkb3dLCmfDgcT0QoKTqlV2QqlutQMOAG4DA06HuIyext6DGOkvAsDGLIHb7SWblU6UaQgpoUCp+WpHqCc/fxzg9EsOy9ApF4ESCj/Fb+l55eRS7QlC7isU9zxWW5H9ccMxbmZcGePN8aGyZbaU=,iv:GHg1/Q64uuxFmbt9X/+WbmuHUVlXcK7fd0W+flYoxVs=,tag:8tlsSUXfyb67Cx4Eejmg9A==,type:str]
otpSecretFile: ENC[AES256_GCM,data:Gu0MAnP4E+oTNtVeqeKpI3RceCotoqo2kVKJXiCEUtw3Sm206nDIyfdcX7r7Ho+nlpwe05gYFYSb+ISgmz8p8bTxmAc2J/1fFnmC+6V/3d5sNP+a0KIdA0xVZ+HRTqe+N8X1n8n0FzbBvps5IZ4Y02Jvf7dK5QQyxj6H5fFzdhs=,iv:QrO78qm4jCBbdDPqoprVUHMM6XC9YTQ+U4zAnMVaHcM=,tag:HIzQUwsYi3i+SoDbbuaMUg==,type:str]
vapidPrivateKeyFile: ENC[AES256_GCM,data:YhT0xABuEa8VIlpzl1IAd5Jkni9xKBazF0EJssDfRfry7RHvrj5qyMkK17w=,iv:cfbspnityKGgGOohXcwGY6h8k2VbW35wa+Lzc/Z71mc=,tag:bK02soRkqcmkPKB/n2w/ug==,type:str]
vapidPublicKeyFile: ENC[AES256_GCM,data:CIv5x7oG4oJ13suTlMUEDnih26rQ6XhHFiyXz3kRjVkNiWFylLxRvpmCRvgogFQoH05MRTTm50qPK7GTFc0N/XMucGSS4bHpZFc/g/OJJAfjHWUixamK0w==,iv:Vo9txxYAY0YOmv23w94S7K0vh8QntCKiK7/VwA439P8=,tag:UtJmMFnnyYPgypDFBtgKjQ==,type:str]
extraEnvFile: ENC[AES256_GCM,data:kaMYIkHq7TluFww4SnQiVrEgm0+yIbXFucbMWRzdpq0KSrBD2Wim014KljfnGC6udMGApzhACHCRx0K5HtjxUW0dtoasQOregHZQL8peuvm8hWwsvAm4Y+uNY4zz6XU+2vZgUFLFWkJdRjWngc4Va2lLn0rGGV1GtGHUJrvCjNz931XGjVERaSqfBbcJ5YzrevIreixCqcqTPWm5VlpGYtzS3dQptqRb/fu/x3ewZIRUV0pwDCZC4x0PNTI7I2fEyWrNEqwaA/7gPIwu600PGYf5gIP+1UNLhbhdGJjCl6PKL2srNs8=,iv:3Dfw5FEGvHzvCIslTFAoy0Y6Vzp/KjT4sAJq7nWgBSs=,tag:CZmVCBJrxVyCvtV03qaP7A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUTdsY1F6bXFtNWcvTlEw
YVBSUHFKOFVaUTBBNDQ1YURrTDcyTkMrcndzClRZbkw1a2xzU2lwZDM3QVE5dFhs
ay8rYmt5QUFVTGpNVzJkTzlTOElSZVUKLS0tIGYwUDFKazhNcFZvNVEwT3R3K2FM
Y0RKVmdleHJBZ0lkNzNJbVc2UzY5dU0KEK8p4FnlZ5LRXl4LAYBnhKssxS5wVOzn
sK+T3B6sduuFsCDtKj8PslRHqhqUzKx9zHnmEzVdknz5lMu3VR8dig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-14T18:02:20Z"
mac: ENC[AES256_GCM,data:M5jjc6EjOS07PEc36z5Bj5wKYcIILFH34AWgdQDWsST4xeyFl+I0nDBJNxfsHuh9j5DOiqVSQsgGVww5ldb491JC6CDwAbjU/vAU9qmncBU6QGH3li/iqUQgL5i6JRBwdiuaDG+MUG9uYuyJoQrFFY64ysKcZEu50Uz3ZFE4zzA=,iv:EIewnDy+oBC1x/TMLbF7qwrjvq/eRW6D5VXOpmWQUf0=,tag:E7OQfoVQFABZw6CrFpBb0g==,type:str]
pgp:
- created_at: "2024-08-14T17:48:29Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdAjC0ApM8rgWrRJZNhQp67X7SsTM3bR6eG39MKdzyDIXYw
pXMhu4F75V2X22ptlUfvIyCZWk2Xo4O3DvyjjTPXPucvgKDq3sCrUZ5s7PzuSPkL
0l4BybEwUNioL8xs8+Mft6kFAXiXQX3f4Y5IYNi2L5uboDEASyXpmwE14FAITeIO
XAsG0U6WAh/GtOtaP4R7samvM67e4CSbijxM4FaITZa1K4LcmSeVGl3SgiSAuDj2
=KquB
-----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted
version: 3.8.1