update, but keeping mastodon at 4.0 as 4.1 does not like custom db port

This commit is contained in:
Cyryl Płotnicki 2023-02-17 20:39:15 +00:00
parent e7e6be0f9e
commit 32d7ec8536
3 changed files with 63 additions and 80 deletions

View file

@ -9,11 +9,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1673815459, "lastModified": 1675787084,
"narHash": "sha256-KPKbTe7/S++vYhlmlNLqX+p9XGMadoZjVXGLscjHkXs=", "narHash": "sha256-mGYf2Fk6wt6BgA7nLfLmMo8oMA9i0vsc/quROF/bRx0=",
"owner": "kamadorueda", "owner": "kamadorueda",
"repo": "alejandra", "repo": "alejandra",
"rev": "1d27a950a85ad5c221439f3faee336344bfae460", "rev": "561283fcfd51a9df5ee153e9e6a4599f7bddf8f1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -176,16 +176,16 @@
}, },
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1676283394,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "numtide",
"ref": "master", "ref": "main",
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
@ -252,11 +252,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1674440933, "lastModified": 1676257154,
"narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=", "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "65c47ced082e3353113614f77b1bc18822dc731f", "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -304,11 +304,11 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1674921146, "lastModified": 1676390054,
"narHash": "sha256-PsDZsQ3EJUW5i4qiNZ3z5H+N+oQaKOqC7xNkd+aUqQw=", "narHash": "sha256-w0KvrM+9WIEYr0juDh4Vs39ed2IaT0T696fp9pZ7i1I=",
"owner": "oxalica", "owner": "oxalica",
"repo": "nil", "repo": "nil",
"rev": "dfd91e3b7e760559bd79226ad5ad41444078a882", "rev": "944d5c335531778a1d7b54a97bf7fb5ec0c3e976",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -320,11 +320,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1674550793, "lastModified": 1675933606,
"narHash": "sha256-ljJlIFQZwtBbzWqWTmmw2O5BFmQf1A/DspwMOQtGXHk=", "narHash": "sha256-y427VhPQHOKkYvkc9MMsL/2R7M11rQxzsRdRLM3htx8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "b7ac0a56029e4f9e6743b9993037a5aaafd57103", "rev": "44ae00e02e8036a66c08f4decdece7e3bbbefee2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -336,11 +336,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1675238674, "lastModified": 1676646628,
"narHash": "sha256-9vk/oa8JKSxBnxtMYs3k4AJn8tgUIYySeszDBQ7klEw=", "narHash": "sha256-eQLctyD1IbP3inHJ/ULsEXtWJNQ0Zt6mA96ZKQUJSpk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4e77e1592b61bdc6f441732c3b27ac68f9265248", "rev": "2f19ce62f8f72e3f469036124672191e71cba0cb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -352,11 +352,11 @@
}, },
"nixpkgs-nixos-unstable": { "nixpkgs-nixos-unstable": {
"locked": { "locked": {
"lastModified": 1675115703, "lastModified": 1676569297,
"narHash": "sha256-4zetAPSyY0D77x+Ww9QBe8RHn1akvIvHJ/kgg8kGDbk=", "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2caf4ef5005ecc68141ecb4aac271079f7371c44", "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -368,27 +368,27 @@
}, },
"nixpkgs-rust-analyzer": { "nixpkgs-rust-analyzer": {
"locked": { "locked": {
"lastModified": 1675238604, "lastModified": 1676330791,
"narHash": "sha256-K1gmrc1smFTn964DtGuDoBI4H7tneVe9wlDgR17kLe4=", "narHash": "sha256-XchfsxuwhE3BdzwyuifSTTB17NSQhecjscaQ/iWL6FQ=",
"owner": "cyplo", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "002f14a4b8520fc095b32abd377a65070d1231c1", "rev": "79046740da1bd46d0928bf76103d3226dddf5aa6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "cyplo", "owner": "NixOS",
"ref": "002f14a4b8520fc095b32abd377a65070d1231c1", "ref": "79046740da1bd46d0928bf76103d3226dddf5aa6",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1675154384, "lastModified": 1676546582,
"narHash": "sha256-gUXzyTS3WsO3g2Rz0qOYR2a26whkyL2UfTr1oPH9mm8=", "narHash": "sha256-MJ+PXNmUyxnMTFoss7G2lEcUY2cfYZM6RudBAL5aX1k=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0218941ea68b4c625533bead7bbb94ccce52dceb", "rev": "2fb7d749c084890192b2cd08ba264e5e4a14df1b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -400,11 +400,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1675226489, "lastModified": 1676636203,
"narHash": "sha256-hVOcAOcoP0jXEgenJ20U+VT0hCEAbtZuDH6ed8U4jjI=", "narHash": "sha256-1fxThinWfMdghwfMiXpYJ+BrTjkSoTnajQTdPmmsmJo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "2c0e8d17676de8f17b94688ffa2abc87e200830a", "rev": "a6b7602c5dc36102994d76e68be8d3bc930baab7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -483,11 +483,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1674095406, "lastModified": 1675391458,
"narHash": "sha256-RexH/1rZTiX4OhdYkuJP3MuANJ+JRgoLKL60iHm//T0=", "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "5f7315b9800e2e500e6834767a57e39f7dbfd495", "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -506,11 +506,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1674546403, "lastModified": 1676171095,
"narHash": "sha256-vkyNv0xzXuEnu9v52TUtRugNmQWIti8c2RhYnbLG71w=", "narHash": "sha256-2laeSjBAAJ9e/C3uTIPb287iX8qeVLtWiilw1uxqG+A=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "b6ab3c61e2ca5e07d1f4eb1b67304e2670ea230c", "rev": "c5dab21d8706afc7ceb05c23d4244dcb48d6aade",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -214,9 +214,9 @@
nixpkgs-rust-analyzer = { nixpkgs-rust-analyzer = {
type = "github"; type = "github";
owner = "cyplo"; owner = "NixOS";
repo = "nixpkgs"; repo = "nixpkgs";
ref = "002f14a4b8520fc095b32abd377a65070d1231c1"; ref = "79046740da1bd46d0928bf76103d3226dddf5aa6";
}; };
nixos-hardware = { nixos-hardware = {
@ -243,7 +243,7 @@
type = "github"; type = "github";
owner = "numtide"; owner = "numtide";
repo = "flake-utils"; repo = "flake-utils";
ref = "master"; ref = "main";
}; };
nur = { nur = {

View file

@ -1,10 +1,5 @@
{ { config, pkgs, inputs, lib, ... }:
config, let
pkgs,
inputs,
lib,
...
}: let
domain = "peninsula.industries"; domain = "peninsula.industries";
streamingPort = 55000; streamingPort = 55000;
webPort = 55001; webPort = 55001;
@ -27,7 +22,7 @@
}; };
groups."${systemGroupName}" = { groups."${systemGroupName}" = {
inherit gid; inherit gid;
members = ["${systemUserName}" "nginx"]; members = [ "${systemUserName}" "nginx" ];
}; };
}; };
secretSettings = { secretSettings = {
@ -35,10 +30,9 @@
group = systemGroupName; group = systemGroupName;
}; };
publicPath = "${path}/public-system/"; publicPath = "${path}/public-system/";
package = package = inputs.nixpkgs-stable.legacyPackages."${pkgs.system}".mastodon;
inputs.nixpkgs-nixos-unstable.legacyPackages."${pkgs.system}".mastodon;
in { in {
imports = [../nginx.nix]; imports = [ ../nginx.nix ];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
@ -47,7 +41,7 @@ in {
enableACME = true; enableACME = true;
root = "${package}/public/"; root = "${package}/public/";
locations."/" = {tryFiles = "$uri @proxy";}; locations."/" = { tryFiles = "$uri @proxy"; };
locations."/system/".alias = "${publicPath}"; locations."/system/".alias = "${publicPath}";
locations."@proxy" = { locations."@proxy" = {
@ -62,18 +56,14 @@ in {
}; };
}; };
sops.secrets."${mailgunSmtpSecretName}" = sops.secrets."${mailgunSmtpSecretName}" = {
{ sopsFile = ./mailgun.sops.yaml;
sopsFile = ./mailgun.sops.yaml; path = mailgunSmtpPasswordPath;
path = mailgunSmtpPasswordPath; } // secretSettings;
} sops.secrets."${mastodonDbSecretName}" = {
// secretSettings; sopsFile = ./mastodon-db.sops.yaml;
sops.secrets."${mastodonDbSecretName}" = path = mastodonDbSecretPath;
{ } // secretSettings;
sopsFile = ./mastodon-db.sops.yaml;
path = mastodonDbSecretPath;
}
// secretSettings;
inherit users; inherit users;
@ -93,7 +83,7 @@ in {
ProtectSystem = "strict"; ProtectSystem = "strict";
ReadWritePaths = path; ReadWritePaths = path;
}; };
before = ["container@mastodon.service"]; before = [ "container@mastodon.service" ];
}; };
containers.mastodon = { containers.mastodon = {
@ -122,20 +112,13 @@ in {
isReadOnly = true; isReadOnly = true;
}; };
}; };
config = { config = { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05"; system.stateVersion = "22.05";
services.postgresql.port = postgresPort; services.postgresql.port = postgresPort;
users = users = users // {
users mutableUsers = false;
// { allowNoPasswordLogin = true;
mutableUsers = false; };
allowNoPasswordLogin = true;
};
services.mastodon = { services.mastodon = {
enable = true; enable = true;
inherit package; inherit package;