1
0
Fork 0
forked from emily/nixfiles

added girldick.gay

This commit is contained in:
emily 2024-04-16 22:17:16 +02:00
parent a9447f0b0b
commit 6d5f59d139
Signed by untrusted user: emily
GPG key ID: F6F4C66207FCF995
9 changed files with 3767 additions and 5 deletions

View file

@ -72,12 +72,16 @@ with lib; {
boot.tmp.cleanOnBoot = mkDefault true; boot.tmp.cleanOnBoot = mkDefault true;
services.journald.extraConfig = "SystemMaxUse=256M"; services.journald.extraConfig = "SystemMaxUse=256M";
security.sudo.enable = false; security.sudo = {
security.sudo-rs = {
enable = true; enable = true;
execWheelOnly = true; execWheelOnly = true;
wheelNeedsPassword = false; wheelNeedsPassword = false;
}; };
security.sudo-rs = {
enable = false;
execWheelOnly = true;
wheelNeedsPassword = false;
};
users.mutableUsers = mkDefault false; users.mutableUsers = mkDefault false;
i18n.defaultLocale = mkDefault "en_EU.UTF-8"; i18n.defaultLocale = mkDefault "en_EU.UTF-8";

View file

@ -0,0 +1,24 @@
{ config, lib, pkgs, inputs, ... }: {
imports = [
../../common
../../profiles/kartoffel.nix
../../profiles/headless.nix
../../profiles/lxc.nix
../../services/nginx.nix
../../services/nyastodon.nix
];
deployment = {
targetUser = lib.mkForce "emily";
};
networking = {
domain = lib.mkForce "girldick.gay";
hostName = "staging";
nftables.enable = lib.mkForce false;
firewall.allowedTCPPorts = [ 80 443 ];
};
systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::170/128"
];
};
}

View file

@ -5,11 +5,8 @@
../../profiles/kartoffel.nix ../../profiles/kartoffel.nix
../../profiles/lxc.nix ../../profiles/lxc.nix
]; ];
boot.binfmt.emulatedSystems = ["aarch64-linux"]; boot.binfmt.emulatedSystems = ["aarch64-linux"];
deployment.targetUser = "emily";
networking = { networking = {
hostName = "seras"; hostName = "seras";
nftables.enable = lib.mkForce false; nftables.enable = lib.mkForce false;

View file

@ -0,0 +1,16 @@
{ config, lib, pkgs, ... }: {
nixpkgs.overlays = [
(final: prev: {
nyastodon = final.callPackage ../../pkgs/nyastodon/default.nix { };
})
];
services.mastodon = {
enable = true;
enableUnixSocket = false;
package = pkgs.nyastodon;
localDomain = config.networking.fqdn;
configureNginx = true;
smtp.fromAddress = "webmaster@girldick.gay";
streamingProcesses = 16;
};
}

161
pkgs/nyastodon/default.nix Normal file
View file

@ -0,0 +1,161 @@
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests
, yarn-berry, callPackage, ruby, writeShellScript
, brotli
# Allow building a fork or custom version of Mastodon:
, pname ? "nyastodon"
, version ? srcOverride.version
, patches ? []
# src is a package
, srcOverride ? callPackage ./source.nix { inherit patches; }
, gemset ? ./. + "/gemset.nix"
, yarnHash ? srcOverride.yarnHash
}:
stdenv.mkDerivation rec {
inherit pname version;
src = srcOverride;
mastodonGems = bundlerEnv {
name = "${pname}-gems-${version}";
inherit version gemset ruby;
gemdir = src;
};
mastodonModules = stdenv.mkDerivation {
pname = "${pname}-modules";
inherit src version;
yarnOfflineCache = callPackage ./yarn.nix {
src = srcOverride;
hash = yarnHash;
};
nativeBuildInputs = [ nodejs-slim yarn-berry mastodonGems mastodonGems.wrappedRuby brotli ];
RAILS_ENV = "production";
NODE_ENV = "production";
buildPhase = ''
runHook preBuild
export HOME=$PWD
# This option is needed for openssl-3 compatibility
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
export NODE_OPTIONS=--openssl-legacy-provider
export YARN_ENABLE_TELEMETRY=0
mkdir -p ~/.yarn/berry
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
yarn install --immutable --immutable-cache
patchShebangs ~/bin
patchShebangs ~/node_modules
# skip running yarn install
rm -rf ~/bin/yarn
OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
rails assets:precompile
yarn cache clean
rm -rf ~/node_modules/.cache
# Create missing static gzip and brotli files
gzip --best --keep ~/public/assets/500.html
gzip --best --keep ~/public/packs/report.html
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
-exec gzip --best --keep --force {} ';'
brotli --best --keep ~/public/packs/report.html
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
-exec brotli --best --keep {} ';'
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/public
cp -r node_modules $out/node_modules
cp -r public/assets $out/public
cp -r public/packs $out/public
runHook postInstall
'';
};
propagatedBuildInputs = [ mastodonGems.wrappedRuby ];
nativeBuildInputs = [ brotli ];
buildInputs = [ mastodonGems nodejs-slim ];
buildPhase = ''
runHook preBuild
ln -s $mastodonModules/node_modules node_modules
ln -s $mastodonModules/public/assets public/assets
ln -s $mastodonModules/public/packs public/packs
patchShebangs bin/
for b in $(ls $mastodonGems/bin/)
do
if [ ! -f bin/$b ]; then
ln -s $mastodonGems/bin/$b bin/$b
fi
done
# Remove execute permissions
chmod 0444 public/emoji/*.svg
# Create missing static gzip and brotli files
find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
find public/emoji -type f -name '.*.svg' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
ln -s assets/500.html.gz public/500.html.gz
ln -s assets/500.html.br public/500.html.br
ln -s packs/sw.js.gz public/sw.js.gz
ln -s packs/sw.js.br public/sw.js.br
ln -s packs/sw.js.map.gz public/sw.js.map.gz
ln -s packs/sw.js.map.br public/sw.js.map.br
rm -rf log
ln -s /var/log/mastodon log
ln -s /tmp tmp
runHook postBuild
'';
installPhase = let
run-streaming = writeShellScript "run-streaming.sh" ''
# NixOS helper script to consistently use the same NodeJS version the package was built with.
${nodejs-slim}/bin/node ./streaming
'';
in ''
runHook preInstall
mkdir -p $out
cp -r * $out/
ln -s ${run-streaming} $out/run-streaming.sh
runHook postInstall
'';
passthru = {
tests.mastodon = nixosTests.mastodon;
# run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
updateScript = ./update.sh;
};
meta = with lib; {
description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
homepage = "https://joinmastodon.org";
license = licenses.agpl3Plus;
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ];
};
}

3389
pkgs/nyastodon/gemset.nix Normal file

File diff suppressed because it is too large Load diff

17
pkgs/nyastodon/source.nix Normal file
View file

@ -0,0 +1,17 @@
# This file was generated by pkgs.mastodon.updateScript.
{ fetchgit, applyPatches, patches ? [] }:
let
version = "v4.3.0-alpha.3+glitch+cat+1.0.0+nya-1.2.2";
in
(
applyPatches {
src = fetchgit {
url = "https://git.bsd.gay/fef/nyastodon.git";
rev = "refs/heads/develop";
hash = "sha256-YFQPzsqJxGOS4E/1+chB+C7vD+NlgFiRekDsGZdcL9c=";
};
patches = patches ++ [];
}) // {
inherit version;
yarnHash = "sha256-XYTQaeSCaws9pR2QAYX2Y4F4BXLdQdBwYV9rCE3tYRA=";
}

113
pkgs/nyastodon/update.sh Executable file
View file

@ -0,0 +1,113 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-git gnused jq prefetch-yarn-deps yarn-lock-converter
set -e
URL=https://git.bsd.gay/fef/nyastodon.git
POSITIONAL=()
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
--URL)
URL="$2"
shift # past argument
shift # past value
;;
--ver)
VERSION="$2"
shift # past argument
shift # past value
;;
--rev)
REVISION="$2"
shift # past argument
shift # past value
;;
--patches)
PATCHES="$2"
shift # past argument
shift # past value
;;
*) # unknown option
POSITIONAL+=("$1")
shift # past argument
;;
esac
done
if [[ -n "$POSITIONAL" ]]; then
echo "Usage: update.sh [--url URL] [--ver VERSION] [--rev REVISION] [--patches PATCHES]"
echo "If URL is not provided, it defaults to https://git.bsd.gay/fef/nyastodon.git"
echo "If VERSION is not provided, it defaults to the latest git revision."
echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces."
exit 1
fi
rm -f gemset.nix source.nix
cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
WORK_DIR=$(mktemp -d)
# Check that working directory was created.
if [[ -z "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
echo "Could not create temporary directory"
exit 1
fi
# Delete the working directory on exit.
function cleanup {
# Report errors, if any, from nix-prefetch-git
grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true
rm -rf "$WORK_DIR"
}
trap cleanup EXIT
if [[ -z "$REVISION" ]]; then
echo "Fetching latest source code from $URL"
JSON=$(nix-prefetch-git "$URL" 2> $WORK_DIR/nix-prefetch-git.out)
REVISION=$(echo "$JSON" | jq -r .rev)
else
echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-git "$URL" "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
fi
if [[ -z "$VERSION" ]]; then
VERSION=$REVISION
fi
HASH=$(echo "$JSON" | jq -r .hash)
cat > source.nix << EOF
# This file was generated by pkgs.mastodon.updateScript.
{ fetchgit, applyPatches, patches ? [] }:
let
version = "$VERSION";
in
(
applyPatches {
src = fetchgit {
url = "$URL";
rev = "$REVISION";
hash = "$HASH";
};
patches = patches ++ [$PATCHES];
}) // {
inherit version;
yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
}
EOF
SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks
#echo "Need to convert the yarn.lock, otherwise prefetch-yarn-deps will fail to parse it"
## HACK: run yarn-lock-converter, prefetch-yarn-deps doesn't handle versions that aren't quoted
#time yarn-lock-converter -i "$SOURCE_DIR/yarn.lock" -o "yarn-converted.lock"
#echo "done converting yarn.lock"
#
#echo "Creating yarn-hash.nix from yarn-converted.lock"
#YARN_HASH="$(prefetch-yarn-deps "yarn-converted.lock")"
#YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
#sed -i "s#sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=#$YARN_HASH#g" source.nix

41
pkgs/nyastodon/yarn.nix Normal file
View file

@ -0,0 +1,41 @@
/*
Stolen (without asking for permission (sorry)) from:
https://git.catgirl.cloud/999eagle/dotfiles-nix/-/blob/main/overlay/mastodon/glitch/yarn.nix
*/
{
stdenvNoCC,
yarn-berry,
cacert,
src,
hash,
}:
stdenvNoCC.mkDerivation {
name = "yarn-deps";
nativeBuildInputs = [yarn-berry cacert];
inherit src;
dontInstall = true;
NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
mkdir -p $out
export HOME=$(mktemp -d)
echo $HOME
export YARN_ENABLE_TELEMETRY=0
export YARN_COMPRESSION_LEVEL=0
cache="$(yarn config get cacheFolder)"
yarn install --immutable --mode skip-build
cp -r $cache/* $out/
'';
outputHashAlgo = "sha256";
outputHash = hash;
outputHashMode = "recursive";
}