diff --git a/flake.lock b/flake.lock index a02ab571..b1b8f27c 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ ] }, "locked": { - "lastModified": 1673815459, - "narHash": "sha256-KPKbTe7/S++vYhlmlNLqX+p9XGMadoZjVXGLscjHkXs=", + "lastModified": 1675787084, + "narHash": "sha256-mGYf2Fk6wt6BgA7nLfLmMo8oMA9i0vsc/quROF/bRx0=", "owner": "kamadorueda", "repo": "alejandra", - "rev": "1d27a950a85ad5c221439f3faee336344bfae460", + "rev": "561283fcfd51a9df5ee153e9e6a4599f7bddf8f1", "type": "github" }, "original": { @@ -176,16 +176,16 @@ }, "flake-utils": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { "owner": "numtide", - "ref": "master", + "ref": "main", "repo": "flake-utils", "type": "github" } @@ -252,11 +252,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1674440933, - "narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=", + "lastModified": 1676257154, + "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=", "owner": "nix-community", "repo": "home-manager", - "rev": "65c47ced082e3353113614f77b1bc18822dc731f", + "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527", "type": "github" }, "original": { @@ -304,11 +304,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1674921146, - "narHash": "sha256-PsDZsQ3EJUW5i4qiNZ3z5H+N+oQaKOqC7xNkd+aUqQw=", + "lastModified": 1676390054, + "narHash": "sha256-w0KvrM+9WIEYr0juDh4Vs39ed2IaT0T696fp9pZ7i1I=", "owner": "oxalica", "repo": "nil", - "rev": "dfd91e3b7e760559bd79226ad5ad41444078a882", + "rev": "944d5c335531778a1d7b54a97bf7fb5ec0c3e976", "type": "github" }, "original": { @@ -320,11 +320,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1674550793, - "narHash": "sha256-ljJlIFQZwtBbzWqWTmmw2O5BFmQf1A/DspwMOQtGXHk=", + "lastModified": 1675933606, + "narHash": "sha256-y427VhPQHOKkYvkc9MMsL/2R7M11rQxzsRdRLM3htx8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b7ac0a56029e4f9e6743b9993037a5aaafd57103", + "rev": "44ae00e02e8036a66c08f4decdece7e3bbbefee2", "type": "github" }, "original": { @@ -336,11 +336,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1675238674, - "narHash": "sha256-9vk/oa8JKSxBnxtMYs3k4AJn8tgUIYySeszDBQ7klEw=", + "lastModified": 1676646628, + "narHash": "sha256-eQLctyD1IbP3inHJ/ULsEXtWJNQ0Zt6mA96ZKQUJSpk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e77e1592b61bdc6f441732c3b27ac68f9265248", + "rev": "2f19ce62f8f72e3f469036124672191e71cba0cb", "type": "github" }, "original": { @@ -352,11 +352,11 @@ }, "nixpkgs-nixos-unstable": { "locked": { - "lastModified": 1675115703, - "narHash": "sha256-4zetAPSyY0D77x+Ww9QBe8RHn1akvIvHJ/kgg8kGDbk=", + "lastModified": 1676569297, + "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2caf4ef5005ecc68141ecb4aac271079f7371c44", + "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37", "type": "github" }, "original": { @@ -368,27 +368,27 @@ }, "nixpkgs-rust-analyzer": { "locked": { - "lastModified": 1675238604, - "narHash": "sha256-K1gmrc1smFTn964DtGuDoBI4H7tneVe9wlDgR17kLe4=", - "owner": "cyplo", + "lastModified": 1676330791, + "narHash": "sha256-XchfsxuwhE3BdzwyuifSTTB17NSQhecjscaQ/iWL6FQ=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "002f14a4b8520fc095b32abd377a65070d1231c1", + "rev": "79046740da1bd46d0928bf76103d3226dddf5aa6", "type": "github" }, "original": { - "owner": "cyplo", - "ref": "002f14a4b8520fc095b32abd377a65070d1231c1", + "owner": "NixOS", + "ref": "79046740da1bd46d0928bf76103d3226dddf5aa6", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1675154384, - "narHash": "sha256-gUXzyTS3WsO3g2Rz0qOYR2a26whkyL2UfTr1oPH9mm8=", + "lastModified": 1676546582, + "narHash": "sha256-MJ+PXNmUyxnMTFoss7G2lEcUY2cfYZM6RudBAL5aX1k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0218941ea68b4c625533bead7bbb94ccce52dceb", + "rev": "2fb7d749c084890192b2cd08ba264e5e4a14df1b", "type": "github" }, "original": { @@ -400,11 +400,11 @@ }, "nur": { "locked": { - "lastModified": 1675226489, - "narHash": "sha256-hVOcAOcoP0jXEgenJ20U+VT0hCEAbtZuDH6ed8U4jjI=", + "lastModified": 1676636203, + "narHash": "sha256-1fxThinWfMdghwfMiXpYJ+BrTjkSoTnajQTdPmmsmJo=", "owner": "nix-community", "repo": "NUR", - "rev": "2c0e8d17676de8f17b94688ffa2abc87e200830a", + "rev": "a6b7602c5dc36102994d76e68be8d3bc930baab7", "type": "github" }, "original": { @@ -483,11 +483,11 @@ ] }, "locked": { - "lastModified": 1674095406, - "narHash": "sha256-RexH/1rZTiX4OhdYkuJP3MuANJ+JRgoLKL60iHm//T0=", + "lastModified": 1675391458, + "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "5f7315b9800e2e500e6834767a57e39f7dbfd495", + "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf", "type": "github" }, "original": { @@ -506,11 +506,11 @@ ] }, "locked": { - "lastModified": 1674546403, - "narHash": "sha256-vkyNv0xzXuEnu9v52TUtRugNmQWIti8c2RhYnbLG71w=", + "lastModified": 1676171095, + "narHash": "sha256-2laeSjBAAJ9e/C3uTIPb287iX8qeVLtWiilw1uxqG+A=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b6ab3c61e2ca5e07d1f4eb1b67304e2670ea230c", + "rev": "c5dab21d8706afc7ceb05c23d4244dcb48d6aade", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e62c9d85..317be714 100644 --- a/flake.nix +++ b/flake.nix @@ -214,9 +214,9 @@ nixpkgs-rust-analyzer = { type = "github"; - owner = "cyplo"; + owner = "NixOS"; repo = "nixpkgs"; - ref = "002f14a4b8520fc095b32abd377a65070d1231c1"; + ref = "79046740da1bd46d0928bf76103d3226dddf5aa6"; }; nixos-hardware = { @@ -243,7 +243,7 @@ type = "github"; owner = "numtide"; repo = "flake-utils"; - ref = "master"; + ref = "main"; }; nur = { diff --git a/nixos/boxes/vpsfree1/mastodon.nix b/nixos/boxes/vpsfree1/mastodon.nix index 50e48733..ff8333ad 100644 --- a/nixos/boxes/vpsfree1/mastodon.nix +++ b/nixos/boxes/vpsfree1/mastodon.nix @@ -1,10 +1,5 @@ -{ - config, - pkgs, - inputs, - lib, - ... -}: let +{ config, pkgs, inputs, lib, ... }: +let domain = "peninsula.industries"; streamingPort = 55000; webPort = 55001; @@ -27,7 +22,7 @@ }; groups."${systemGroupName}" = { inherit gid; - members = ["${systemUserName}" "nginx"]; + members = [ "${systemUserName}" "nginx" ]; }; }; secretSettings = { @@ -35,10 +30,9 @@ group = systemGroupName; }; publicPath = "${path}/public-system/"; - package = - inputs.nixpkgs-nixos-unstable.legacyPackages."${pkgs.system}".mastodon; + package = inputs.nixpkgs-stable.legacyPackages."${pkgs.system}".mastodon; in { - imports = [../nginx.nix]; + imports = [ ../nginx.nix ]; services.nginx = { virtualHosts = { @@ -47,7 +41,7 @@ in { enableACME = true; root = "${package}/public/"; - locations."/" = {tryFiles = "$uri @proxy";}; + locations."/" = { tryFiles = "$uri @proxy"; }; locations."/system/".alias = "${publicPath}"; locations."@proxy" = { @@ -62,18 +56,14 @@ in { }; }; - sops.secrets."${mailgunSmtpSecretName}" = - { - sopsFile = ./mailgun.sops.yaml; - path = mailgunSmtpPasswordPath; - } - // secretSettings; - sops.secrets."${mastodonDbSecretName}" = - { - sopsFile = ./mastodon-db.sops.yaml; - path = mastodonDbSecretPath; - } - // secretSettings; + sops.secrets."${mailgunSmtpSecretName}" = { + sopsFile = ./mailgun.sops.yaml; + path = mailgunSmtpPasswordPath; + } // secretSettings; + sops.secrets."${mastodonDbSecretName}" = { + sopsFile = ./mastodon-db.sops.yaml; + path = mastodonDbSecretPath; + } // secretSettings; inherit users; @@ -93,7 +83,7 @@ in { ProtectSystem = "strict"; ReadWritePaths = path; }; - before = ["container@mastodon.service"]; + before = [ "container@mastodon.service" ]; }; containers.mastodon = { @@ -122,20 +112,13 @@ in { isReadOnly = true; }; }; - config = { - config, - pkgs, - lib, - ... - }: { + config = { config, pkgs, lib, ... }: { system.stateVersion = "22.05"; services.postgresql.port = postgresPort; - users = - users - // { - mutableUsers = false; - allowNoPasswordLogin = true; - }; + users = users // { + mutableUsers = false; + allowNoPasswordLogin = true; + }; services.mastodon = { enable = true; inherit package;