forked from emily/nixfiles
added girldick.gay
This commit is contained in:
parent
a9447f0b0b
commit
6d5f59d139
9 changed files with 3767 additions and 5 deletions
|
@ -72,12 +72,16 @@ with lib; {
|
||||||
boot.tmp.cleanOnBoot = mkDefault true;
|
boot.tmp.cleanOnBoot = mkDefault true;
|
||||||
services.journald.extraConfig = "SystemMaxUse=256M";
|
services.journald.extraConfig = "SystemMaxUse=256M";
|
||||||
|
|
||||||
security.sudo.enable = false;
|
security.sudo = {
|
||||||
security.sudo-rs = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
execWheelOnly = true;
|
execWheelOnly = true;
|
||||||
wheelNeedsPassword = false;
|
wheelNeedsPassword = false;
|
||||||
};
|
};
|
||||||
|
security.sudo-rs = {
|
||||||
|
enable = false;
|
||||||
|
execWheelOnly = true;
|
||||||
|
wheelNeedsPassword = false;
|
||||||
|
};
|
||||||
users.mutableUsers = mkDefault false;
|
users.mutableUsers = mkDefault false;
|
||||||
|
|
||||||
i18n.defaultLocale = mkDefault "en_EU.UTF-8";
|
i18n.defaultLocale = mkDefault "en_EU.UTF-8";
|
||||||
|
|
24
config/hosts/girldick/configuration.nix
Normal file
24
config/hosts/girldick/configuration.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{ config, lib, pkgs, inputs, ... }: {
|
||||||
|
imports = [
|
||||||
|
../../common
|
||||||
|
../../profiles/kartoffel.nix
|
||||||
|
../../profiles/headless.nix
|
||||||
|
../../profiles/lxc.nix
|
||||||
|
../../services/nginx.nix
|
||||||
|
../../services/nyastodon.nix
|
||||||
|
];
|
||||||
|
deployment = {
|
||||||
|
targetUser = lib.mkForce "emily";
|
||||||
|
};
|
||||||
|
networking = {
|
||||||
|
domain = lib.mkForce "girldick.gay";
|
||||||
|
hostName = "staging";
|
||||||
|
nftables.enable = lib.mkForce false;
|
||||||
|
firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
};
|
||||||
|
systemd.network.networks."98-eth-default" = {
|
||||||
|
address = [
|
||||||
|
"2a0f:be01:0:100::170/128"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -5,11 +5,8 @@
|
||||||
../../profiles/kartoffel.nix
|
../../profiles/kartoffel.nix
|
||||||
../../profiles/lxc.nix
|
../../profiles/lxc.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
||||||
|
|
||||||
deployment.targetUser = "emily";
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "seras";
|
hostName = "seras";
|
||||||
nftables.enable = lib.mkForce false;
|
nftables.enable = lib.mkForce false;
|
||||||
|
|
16
config/services/nyastodon.nix
Normal file
16
config/services/nyastodon.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, lib, pkgs, ... }: {
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
(final: prev: {
|
||||||
|
nyastodon = final.callPackage ../../pkgs/nyastodon/default.nix { };
|
||||||
|
})
|
||||||
|
];
|
||||||
|
services.mastodon = {
|
||||||
|
enable = true;
|
||||||
|
enableUnixSocket = false;
|
||||||
|
package = pkgs.nyastodon;
|
||||||
|
localDomain = config.networking.fqdn;
|
||||||
|
configureNginx = true;
|
||||||
|
smtp.fromAddress = "webmaster@girldick.gay";
|
||||||
|
streamingProcesses = 16;
|
||||||
|
};
|
||||||
|
}
|
161
pkgs/nyastodon/default.nix
Normal file
161
pkgs/nyastodon/default.nix
Normal file
|
@ -0,0 +1,161 @@
|
||||||
|
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests
|
||||||
|
, yarn-berry, callPackage, ruby, writeShellScript
|
||||||
|
, brotli
|
||||||
|
|
||||||
|
# Allow building a fork or custom version of Mastodon:
|
||||||
|
, pname ? "nyastodon"
|
||||||
|
, version ? srcOverride.version
|
||||||
|
, patches ? []
|
||||||
|
# src is a package
|
||||||
|
, srcOverride ? callPackage ./source.nix { inherit patches; }
|
||||||
|
, gemset ? ./. + "/gemset.nix"
|
||||||
|
, yarnHash ? srcOverride.yarnHash
|
||||||
|
}:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
inherit pname version;
|
||||||
|
|
||||||
|
src = srcOverride;
|
||||||
|
|
||||||
|
mastodonGems = bundlerEnv {
|
||||||
|
name = "${pname}-gems-${version}";
|
||||||
|
inherit version gemset ruby;
|
||||||
|
gemdir = src;
|
||||||
|
};
|
||||||
|
|
||||||
|
mastodonModules = stdenv.mkDerivation {
|
||||||
|
pname = "${pname}-modules";
|
||||||
|
inherit src version;
|
||||||
|
|
||||||
|
yarnOfflineCache = callPackage ./yarn.nix {
|
||||||
|
src = srcOverride;
|
||||||
|
hash = yarnHash;
|
||||||
|
};
|
||||||
|
|
||||||
|
nativeBuildInputs = [ nodejs-slim yarn-berry mastodonGems mastodonGems.wrappedRuby brotli ];
|
||||||
|
|
||||||
|
RAILS_ENV = "production";
|
||||||
|
NODE_ENV = "production";
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
runHook preBuild
|
||||||
|
|
||||||
|
export HOME=$PWD
|
||||||
|
# This option is needed for openssl-3 compatibility
|
||||||
|
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
|
||||||
|
export NODE_OPTIONS=--openssl-legacy-provider
|
||||||
|
|
||||||
|
export YARN_ENABLE_TELEMETRY=0
|
||||||
|
mkdir -p ~/.yarn/berry
|
||||||
|
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
|
||||||
|
|
||||||
|
yarn install --immutable --immutable-cache
|
||||||
|
|
||||||
|
patchShebangs ~/bin
|
||||||
|
patchShebangs ~/node_modules
|
||||||
|
|
||||||
|
# skip running yarn install
|
||||||
|
rm -rf ~/bin/yarn
|
||||||
|
|
||||||
|
OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
|
||||||
|
rails assets:precompile
|
||||||
|
yarn cache clean
|
||||||
|
rm -rf ~/node_modules/.cache
|
||||||
|
|
||||||
|
# Create missing static gzip and brotli files
|
||||||
|
gzip --best --keep ~/public/assets/500.html
|
||||||
|
gzip --best --keep ~/public/packs/report.html
|
||||||
|
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
|
||||||
|
-exec gzip --best --keep --force {} ';'
|
||||||
|
brotli --best --keep ~/public/packs/report.html
|
||||||
|
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
|
||||||
|
-exec brotli --best --keep {} ';'
|
||||||
|
|
||||||
|
runHook postBuild
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
runHook preInstall
|
||||||
|
|
||||||
|
mkdir -p $out/public
|
||||||
|
cp -r node_modules $out/node_modules
|
||||||
|
cp -r public/assets $out/public
|
||||||
|
cp -r public/packs $out/public
|
||||||
|
|
||||||
|
runHook postInstall
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
propagatedBuildInputs = [ mastodonGems.wrappedRuby ];
|
||||||
|
nativeBuildInputs = [ brotli ];
|
||||||
|
buildInputs = [ mastodonGems nodejs-slim ];
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
runHook preBuild
|
||||||
|
|
||||||
|
ln -s $mastodonModules/node_modules node_modules
|
||||||
|
ln -s $mastodonModules/public/assets public/assets
|
||||||
|
ln -s $mastodonModules/public/packs public/packs
|
||||||
|
|
||||||
|
patchShebangs bin/
|
||||||
|
for b in $(ls $mastodonGems/bin/)
|
||||||
|
do
|
||||||
|
if [ ! -f bin/$b ]; then
|
||||||
|
ln -s $mastodonGems/bin/$b bin/$b
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Remove execute permissions
|
||||||
|
chmod 0444 public/emoji/*.svg
|
||||||
|
|
||||||
|
# Create missing static gzip and brotli files
|
||||||
|
find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \
|
||||||
|
-exec gzip --best --keep --force {} ';' \
|
||||||
|
-exec brotli --best --keep {} ';'
|
||||||
|
find public/emoji -type f -name '.*.svg' \
|
||||||
|
-exec gzip --best --keep --force {} ';' \
|
||||||
|
-exec brotli --best --keep {} ';'
|
||||||
|
ln -s assets/500.html.gz public/500.html.gz
|
||||||
|
ln -s assets/500.html.br public/500.html.br
|
||||||
|
ln -s packs/sw.js.gz public/sw.js.gz
|
||||||
|
ln -s packs/sw.js.br public/sw.js.br
|
||||||
|
ln -s packs/sw.js.map.gz public/sw.js.map.gz
|
||||||
|
ln -s packs/sw.js.map.br public/sw.js.map.br
|
||||||
|
|
||||||
|
rm -rf log
|
||||||
|
ln -s /var/log/mastodon log
|
||||||
|
ln -s /tmp tmp
|
||||||
|
|
||||||
|
runHook postBuild
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = let
|
||||||
|
run-streaming = writeShellScript "run-streaming.sh" ''
|
||||||
|
# NixOS helper script to consistently use the same NodeJS version the package was built with.
|
||||||
|
${nodejs-slim}/bin/node ./streaming
|
||||||
|
'';
|
||||||
|
in ''
|
||||||
|
runHook preInstall
|
||||||
|
|
||||||
|
mkdir -p $out
|
||||||
|
cp -r * $out/
|
||||||
|
ln -s ${run-streaming} $out/run-streaming.sh
|
||||||
|
|
||||||
|
runHook postInstall
|
||||||
|
'';
|
||||||
|
|
||||||
|
passthru = {
|
||||||
|
tests.mastodon = nixosTests.mastodon;
|
||||||
|
# run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
|
||||||
|
updateScript = ./update.sh;
|
||||||
|
};
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
|
||||||
|
homepage = "https://joinmastodon.org";
|
||||||
|
license = licenses.agpl3Plus;
|
||||||
|
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
|
||||||
|
maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
3389
pkgs/nyastodon/gemset.nix
Normal file
3389
pkgs/nyastodon/gemset.nix
Normal file
File diff suppressed because it is too large
Load diff
17
pkgs/nyastodon/source.nix
Normal file
17
pkgs/nyastodon/source.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# This file was generated by pkgs.mastodon.updateScript.
|
||||||
|
{ fetchgit, applyPatches, patches ? [] }:
|
||||||
|
let
|
||||||
|
version = "v4.3.0-alpha.3+glitch+cat+1.0.0+nya-1.2.2";
|
||||||
|
in
|
||||||
|
(
|
||||||
|
applyPatches {
|
||||||
|
src = fetchgit {
|
||||||
|
url = "https://git.bsd.gay/fef/nyastodon.git";
|
||||||
|
rev = "refs/heads/develop";
|
||||||
|
hash = "sha256-YFQPzsqJxGOS4E/1+chB+C7vD+NlgFiRekDsGZdcL9c=";
|
||||||
|
};
|
||||||
|
patches = patches ++ [];
|
||||||
|
}) // {
|
||||||
|
inherit version;
|
||||||
|
yarnHash = "sha256-XYTQaeSCaws9pR2QAYX2Y4F4BXLdQdBwYV9rCE3tYRA=";
|
||||||
|
}
|
113
pkgs/nyastodon/update.sh
Executable file
113
pkgs/nyastodon/update.sh
Executable file
|
@ -0,0 +1,113 @@
|
||||||
|
#!/usr/bin/env nix-shell
|
||||||
|
#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-git gnused jq prefetch-yarn-deps yarn-lock-converter
|
||||||
|
set -e
|
||||||
|
|
||||||
|
URL=https://git.bsd.gay/fef/nyastodon.git
|
||||||
|
|
||||||
|
POSITIONAL=()
|
||||||
|
while [[ $# -gt 0 ]]; do
|
||||||
|
key="$1"
|
||||||
|
|
||||||
|
case $key in
|
||||||
|
--URL)
|
||||||
|
URL="$2"
|
||||||
|
shift # past argument
|
||||||
|
shift # past value
|
||||||
|
;;
|
||||||
|
--ver)
|
||||||
|
VERSION="$2"
|
||||||
|
shift # past argument
|
||||||
|
shift # past value
|
||||||
|
;;
|
||||||
|
--rev)
|
||||||
|
REVISION="$2"
|
||||||
|
shift # past argument
|
||||||
|
shift # past value
|
||||||
|
;;
|
||||||
|
--patches)
|
||||||
|
PATCHES="$2"
|
||||||
|
shift # past argument
|
||||||
|
shift # past value
|
||||||
|
;;
|
||||||
|
*) # unknown option
|
||||||
|
POSITIONAL+=("$1")
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ -n "$POSITIONAL" ]]; then
|
||||||
|
echo "Usage: update.sh [--url URL] [--ver VERSION] [--rev REVISION] [--patches PATCHES]"
|
||||||
|
echo "If URL is not provided, it defaults to https://git.bsd.gay/fef/nyastodon.git"
|
||||||
|
echo "If VERSION is not provided, it defaults to the latest git revision."
|
||||||
|
echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -f gemset.nix source.nix
|
||||||
|
cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
|
||||||
|
|
||||||
|
WORK_DIR=$(mktemp -d)
|
||||||
|
|
||||||
|
# Check that working directory was created.
|
||||||
|
if [[ -z "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
|
||||||
|
echo "Could not create temporary directory"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Delete the working directory on exit.
|
||||||
|
function cleanup {
|
||||||
|
# Report errors, if any, from nix-prefetch-git
|
||||||
|
grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true
|
||||||
|
rm -rf "$WORK_DIR"
|
||||||
|
}
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
if [[ -z "$REVISION" ]]; then
|
||||||
|
echo "Fetching latest source code from $URL"
|
||||||
|
JSON=$(nix-prefetch-git "$URL" 2> $WORK_DIR/nix-prefetch-git.out)
|
||||||
|
REVISION=$(echo "$JSON" | jq -r .rev)
|
||||||
|
else
|
||||||
|
echo "Fetching source code $REVISION"
|
||||||
|
JSON=$(nix-prefetch-git "$URL" "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -z "$VERSION" ]]; then
|
||||||
|
VERSION=$REVISION
|
||||||
|
fi
|
||||||
|
HASH=$(echo "$JSON" | jq -r .hash)
|
||||||
|
|
||||||
|
cat > source.nix << EOF
|
||||||
|
# This file was generated by pkgs.mastodon.updateScript.
|
||||||
|
{ fetchgit, applyPatches, patches ? [] }:
|
||||||
|
let
|
||||||
|
version = "$VERSION";
|
||||||
|
in
|
||||||
|
(
|
||||||
|
applyPatches {
|
||||||
|
src = fetchgit {
|
||||||
|
url = "$URL";
|
||||||
|
rev = "$REVISION";
|
||||||
|
hash = "$HASH";
|
||||||
|
};
|
||||||
|
patches = patches ++ [$PATCHES];
|
||||||
|
}) // {
|
||||||
|
inherit version;
|
||||||
|
yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
|
||||||
|
|
||||||
|
echo "Creating gemset.nix"
|
||||||
|
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
|
||||||
|
echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks
|
||||||
|
|
||||||
|
#echo "Need to convert the yarn.lock, otherwise prefetch-yarn-deps will fail to parse it"
|
||||||
|
## HACK: run yarn-lock-converter, prefetch-yarn-deps doesn't handle versions that aren't quoted
|
||||||
|
#time yarn-lock-converter -i "$SOURCE_DIR/yarn.lock" -o "yarn-converted.lock"
|
||||||
|
#echo "done converting yarn.lock"
|
||||||
|
#
|
||||||
|
#echo "Creating yarn-hash.nix from yarn-converted.lock"
|
||||||
|
#YARN_HASH="$(prefetch-yarn-deps "yarn-converted.lock")"
|
||||||
|
#YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
|
||||||
|
#sed -i "s#sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=#$YARN_HASH#g" source.nix
|
41
pkgs/nyastodon/yarn.nix
Normal file
41
pkgs/nyastodon/yarn.nix
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
/*
|
||||||
|
Stolen (without asking for permission (sorry)) from:
|
||||||
|
https://git.catgirl.cloud/999eagle/dotfiles-nix/-/blob/main/overlay/mastodon/glitch/yarn.nix
|
||||||
|
*/
|
||||||
|
|
||||||
|
{
|
||||||
|
stdenvNoCC,
|
||||||
|
yarn-berry,
|
||||||
|
cacert,
|
||||||
|
src,
|
||||||
|
hash,
|
||||||
|
}:
|
||||||
|
stdenvNoCC.mkDerivation {
|
||||||
|
name = "yarn-deps";
|
||||||
|
nativeBuildInputs = [yarn-berry cacert];
|
||||||
|
inherit src;
|
||||||
|
|
||||||
|
dontInstall = true;
|
||||||
|
|
||||||
|
NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
mkdir -p $out
|
||||||
|
|
||||||
|
export HOME=$(mktemp -d)
|
||||||
|
echo $HOME
|
||||||
|
|
||||||
|
export YARN_ENABLE_TELEMETRY=0
|
||||||
|
export YARN_COMPRESSION_LEVEL=0
|
||||||
|
|
||||||
|
cache="$(yarn config get cacheFolder)"
|
||||||
|
yarn install --immutable --mode skip-build
|
||||||
|
|
||||||
|
cp -r $cache/* $out/
|
||||||
|
'';
|
||||||
|
|
||||||
|
outputHashAlgo = "sha256";
|
||||||
|
outputHash = hash;
|
||||||
|
outputHashMode = "recursive";
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue