update, but keeping mastodon at 4.0 as 4.1 does not like custom db port
This commit is contained in:
parent
e7e6be0f9e
commit
32d7ec8536
3 changed files with 63 additions and 80 deletions
80
flake.lock
80
flake.lock
|
@ -9,11 +9,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673815459,
|
"lastModified": 1675787084,
|
||||||
"narHash": "sha256-KPKbTe7/S++vYhlmlNLqX+p9XGMadoZjVXGLscjHkXs=",
|
"narHash": "sha256-mGYf2Fk6wt6BgA7nLfLmMo8oMA9i0vsc/quROF/bRx0=",
|
||||||
"owner": "kamadorueda",
|
"owner": "kamadorueda",
|
||||||
"repo": "alejandra",
|
"repo": "alejandra",
|
||||||
"rev": "1d27a950a85ad5c221439f3faee336344bfae460",
|
"rev": "561283fcfd51a9df5ee153e9e6a4599f7bddf8f1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -176,16 +176,16 @@
|
||||||
},
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1667395993,
|
"lastModified": 1676283394,
|
||||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"ref": "master",
|
"ref": "main",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -252,11 +252,11 @@
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674440933,
|
"lastModified": 1676257154,
|
||||||
"narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=",
|
"narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "65c47ced082e3353113614f77b1bc18822dc731f",
|
"rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -304,11 +304,11 @@
|
||||||
"rust-overlay": "rust-overlay_2"
|
"rust-overlay": "rust-overlay_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674921146,
|
"lastModified": 1676390054,
|
||||||
"narHash": "sha256-PsDZsQ3EJUW5i4qiNZ3z5H+N+oQaKOqC7xNkd+aUqQw=",
|
"narHash": "sha256-w0KvrM+9WIEYr0juDh4Vs39ed2IaT0T696fp9pZ7i1I=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "nil",
|
"repo": "nil",
|
||||||
"rev": "dfd91e3b7e760559bd79226ad5ad41444078a882",
|
"rev": "944d5c335531778a1d7b54a97bf7fb5ec0c3e976",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -320,11 +320,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674550793,
|
"lastModified": 1675933606,
|
||||||
"narHash": "sha256-ljJlIFQZwtBbzWqWTmmw2O5BFmQf1A/DspwMOQtGXHk=",
|
"narHash": "sha256-y427VhPQHOKkYvkc9MMsL/2R7M11rQxzsRdRLM3htx8=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "b7ac0a56029e4f9e6743b9993037a5aaafd57103",
|
"rev": "44ae00e02e8036a66c08f4decdece7e3bbbefee2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -336,11 +336,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-master": {
|
"nixpkgs-master": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1675238674,
|
"lastModified": 1676646628,
|
||||||
"narHash": "sha256-9vk/oa8JKSxBnxtMYs3k4AJn8tgUIYySeszDBQ7klEw=",
|
"narHash": "sha256-eQLctyD1IbP3inHJ/ULsEXtWJNQ0Zt6mA96ZKQUJSpk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "4e77e1592b61bdc6f441732c3b27ac68f9265248",
|
"rev": "2f19ce62f8f72e3f469036124672191e71cba0cb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -352,11 +352,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-nixos-unstable": {
|
"nixpkgs-nixos-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1675115703,
|
"lastModified": 1676569297,
|
||||||
"narHash": "sha256-4zetAPSyY0D77x+Ww9QBe8RHn1akvIvHJ/kgg8kGDbk=",
|
"narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "2caf4ef5005ecc68141ecb4aac271079f7371c44",
|
"rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -368,27 +368,27 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-rust-analyzer": {
|
"nixpkgs-rust-analyzer": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1675238604,
|
"lastModified": 1676330791,
|
||||||
"narHash": "sha256-K1gmrc1smFTn964DtGuDoBI4H7tneVe9wlDgR17kLe4=",
|
"narHash": "sha256-XchfsxuwhE3BdzwyuifSTTB17NSQhecjscaQ/iWL6FQ=",
|
||||||
"owner": "cyplo",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "002f14a4b8520fc095b32abd377a65070d1231c1",
|
"rev": "79046740da1bd46d0928bf76103d3226dddf5aa6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "cyplo",
|
"owner": "NixOS",
|
||||||
"ref": "002f14a4b8520fc095b32abd377a65070d1231c1",
|
"ref": "79046740da1bd46d0928bf76103d3226dddf5aa6",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1675154384,
|
"lastModified": 1676546582,
|
||||||
"narHash": "sha256-gUXzyTS3WsO3g2Rz0qOYR2a26whkyL2UfTr1oPH9mm8=",
|
"narHash": "sha256-MJ+PXNmUyxnMTFoss7G2lEcUY2cfYZM6RudBAL5aX1k=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0218941ea68b4c625533bead7bbb94ccce52dceb",
|
"rev": "2fb7d749c084890192b2cd08ba264e5e4a14df1b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -400,11 +400,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1675226489,
|
"lastModified": 1676636203,
|
||||||
"narHash": "sha256-hVOcAOcoP0jXEgenJ20U+VT0hCEAbtZuDH6ed8U4jjI=",
|
"narHash": "sha256-1fxThinWfMdghwfMiXpYJ+BrTjkSoTnajQTdPmmsmJo=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "2c0e8d17676de8f17b94688ffa2abc87e200830a",
|
"rev": "a6b7602c5dc36102994d76e68be8d3bc930baab7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -483,11 +483,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674095406,
|
"lastModified": 1675391458,
|
||||||
"narHash": "sha256-RexH/1rZTiX4OhdYkuJP3MuANJ+JRgoLKL60iHm//T0=",
|
"narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "5f7315b9800e2e500e6834767a57e39f7dbfd495",
|
"rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -506,11 +506,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674546403,
|
"lastModified": 1676171095,
|
||||||
"narHash": "sha256-vkyNv0xzXuEnu9v52TUtRugNmQWIti8c2RhYnbLG71w=",
|
"narHash": "sha256-2laeSjBAAJ9e/C3uTIPb287iX8qeVLtWiilw1uxqG+A=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "b6ab3c61e2ca5e07d1f4eb1b67304e2670ea230c",
|
"rev": "c5dab21d8706afc7ceb05c23d4244dcb48d6aade",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -214,9 +214,9 @@
|
||||||
|
|
||||||
nixpkgs-rust-analyzer = {
|
nixpkgs-rust-analyzer = {
|
||||||
type = "github";
|
type = "github";
|
||||||
owner = "cyplo";
|
owner = "NixOS";
|
||||||
repo = "nixpkgs";
|
repo = "nixpkgs";
|
||||||
ref = "002f14a4b8520fc095b32abd377a65070d1231c1";
|
ref = "79046740da1bd46d0928bf76103d3226dddf5aa6";
|
||||||
};
|
};
|
||||||
|
|
||||||
nixos-hardware = {
|
nixos-hardware = {
|
||||||
|
@ -243,7 +243,7 @@
|
||||||
type = "github";
|
type = "github";
|
||||||
owner = "numtide";
|
owner = "numtide";
|
||||||
repo = "flake-utils";
|
repo = "flake-utils";
|
||||||
ref = "master";
|
ref = "main";
|
||||||
};
|
};
|
||||||
|
|
||||||
nur = {
|
nur = {
|
||||||
|
|
|
@ -1,10 +1,5 @@
|
||||||
{
|
{ config, pkgs, inputs, lib, ... }:
|
||||||
config,
|
let
|
||||||
pkgs,
|
|
||||||
inputs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
domain = "peninsula.industries";
|
domain = "peninsula.industries";
|
||||||
streamingPort = 55000;
|
streamingPort = 55000;
|
||||||
webPort = 55001;
|
webPort = 55001;
|
||||||
|
@ -27,7 +22,7 @@
|
||||||
};
|
};
|
||||||
groups."${systemGroupName}" = {
|
groups."${systemGroupName}" = {
|
||||||
inherit gid;
|
inherit gid;
|
||||||
members = ["${systemUserName}" "nginx"];
|
members = [ "${systemUserName}" "nginx" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
secretSettings = {
|
secretSettings = {
|
||||||
|
@ -35,10 +30,9 @@
|
||||||
group = systemGroupName;
|
group = systemGroupName;
|
||||||
};
|
};
|
||||||
publicPath = "${path}/public-system/";
|
publicPath = "${path}/public-system/";
|
||||||
package =
|
package = inputs.nixpkgs-stable.legacyPackages."${pkgs.system}".mastodon;
|
||||||
inputs.nixpkgs-nixos-unstable.legacyPackages."${pkgs.system}".mastodon;
|
|
||||||
in {
|
in {
|
||||||
imports = [../nginx.nix];
|
imports = [ ../nginx.nix ];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
|
@ -47,7 +41,7 @@ in {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
root = "${package}/public/";
|
root = "${package}/public/";
|
||||||
|
|
||||||
locations."/" = {tryFiles = "$uri @proxy";};
|
locations."/" = { tryFiles = "$uri @proxy"; };
|
||||||
locations."/system/".alias = "${publicPath}";
|
locations."/system/".alias = "${publicPath}";
|
||||||
|
|
||||||
locations."@proxy" = {
|
locations."@proxy" = {
|
||||||
|
@ -62,18 +56,14 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."${mailgunSmtpSecretName}" =
|
sops.secrets."${mailgunSmtpSecretName}" = {
|
||||||
{
|
sopsFile = ./mailgun.sops.yaml;
|
||||||
sopsFile = ./mailgun.sops.yaml;
|
path = mailgunSmtpPasswordPath;
|
||||||
path = mailgunSmtpPasswordPath;
|
} // secretSettings;
|
||||||
}
|
sops.secrets."${mastodonDbSecretName}" = {
|
||||||
// secretSettings;
|
sopsFile = ./mastodon-db.sops.yaml;
|
||||||
sops.secrets."${mastodonDbSecretName}" =
|
path = mastodonDbSecretPath;
|
||||||
{
|
} // secretSettings;
|
||||||
sopsFile = ./mastodon-db.sops.yaml;
|
|
||||||
path = mastodonDbSecretPath;
|
|
||||||
}
|
|
||||||
// secretSettings;
|
|
||||||
|
|
||||||
inherit users;
|
inherit users;
|
||||||
|
|
||||||
|
@ -93,7 +83,7 @@ in {
|
||||||
ProtectSystem = "strict";
|
ProtectSystem = "strict";
|
||||||
ReadWritePaths = path;
|
ReadWritePaths = path;
|
||||||
};
|
};
|
||||||
before = ["container@mastodon.service"];
|
before = [ "container@mastodon.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
containers.mastodon = {
|
containers.mastodon = {
|
||||||
|
@ -122,20 +112,13 @@ in {
|
||||||
isReadOnly = true;
|
isReadOnly = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = {
|
config = { config, pkgs, lib, ... }: {
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
services.postgresql.port = postgresPort;
|
services.postgresql.port = postgresPort;
|
||||||
users =
|
users = users // {
|
||||||
users
|
mutableUsers = false;
|
||||||
// {
|
allowNoPasswordLogin = true;
|
||||||
mutableUsers = false;
|
};
|
||||||
allowNoPasswordLogin = true;
|
|
||||||
};
|
|
||||||
services.mastodon = {
|
services.mastodon = {
|
||||||
enable = true;
|
enable = true;
|
||||||
inherit package;
|
inherit package;
|
||||||
|
|
Loading…
Reference in a new issue