update, but keeping mastodon at 4.0 as 4.1 does not like custom db port

flake.lock

@@ -9,11 +9,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1673815459,
+        "lastModified": 1675787084,
-        "narHash": "sha256-KPKbTe7/S++vYhlmlNLqX+p9XGMadoZjVXGLscjHkXs=",
+        "narHash": "sha256-mGYf2Fk6wt6BgA7nLfLmMo8oMA9i0vsc/quROF/bRx0=",
         "owner": "kamadorueda",
         "repo": "alejandra",
-        "rev": "1d27a950a85ad5c221439f3faee336344bfae460",
+        "rev": "561283fcfd51a9df5ee153e9e6a4599f7bddf8f1",
         "type": "github"
       },
       "original": {
@@ -176,16 +176,16 @@
     },
     "flake-utils": {
       "locked": {
-        "lastModified": 1667395993,
+        "lastModified": 1676283394,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
         "type": "github"
       },
       "original": {
         "owner": "numtide",
-        "ref": "master",
+        "ref": "main",
         "repo": "flake-utils",
         "type": "github"
       }
@@ -252,11 +252,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1674440933,
+        "lastModified": 1676257154,
-        "narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=",
+        "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "65c47ced082e3353113614f77b1bc18822dc731f",
+        "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527",
         "type": "github"
       },
       "original": {
@@ -304,11 +304,11 @@
         "rust-overlay": "rust-overlay_2"
       },
       "locked": {
-        "lastModified": 1674921146,
+        "lastModified": 1676390054,
-        "narHash": "sha256-PsDZsQ3EJUW5i4qiNZ3z5H+N+oQaKOqC7xNkd+aUqQw=",
+        "narHash": "sha256-w0KvrM+9WIEYr0juDh4Vs39ed2IaT0T696fp9pZ7i1I=",
         "owner": "oxalica",
         "repo": "nil",
-        "rev": "dfd91e3b7e760559bd79226ad5ad41444078a882",
+        "rev": "944d5c335531778a1d7b54a97bf7fb5ec0c3e976",
         "type": "github"
       },
       "original": {
@@ -320,11 +320,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1674550793,
+        "lastModified": 1675933606,
-        "narHash": "sha256-ljJlIFQZwtBbzWqWTmmw2O5BFmQf1A/DspwMOQtGXHk=",
+        "narHash": "sha256-y427VhPQHOKkYvkc9MMsL/2R7M11rQxzsRdRLM3htx8=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "b7ac0a56029e4f9e6743b9993037a5aaafd57103",
+        "rev": "44ae00e02e8036a66c08f4decdece7e3bbbefee2",
         "type": "github"
       },
       "original": {
@@ -336,11 +336,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1675238674,
+        "lastModified": 1676646628,
-        "narHash": "sha256-9vk/oa8JKSxBnxtMYs3k4AJn8tgUIYySeszDBQ7klEw=",
+        "narHash": "sha256-eQLctyD1IbP3inHJ/ULsEXtWJNQ0Zt6mA96ZKQUJSpk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4e77e1592b61bdc6f441732c3b27ac68f9265248",
+        "rev": "2f19ce62f8f72e3f469036124672191e71cba0cb",
         "type": "github"
       },
       "original": {
@@ -352,11 +352,11 @@
     },
     "nixpkgs-nixos-unstable": {
       "locked": {
-        "lastModified": 1675115703,
+        "lastModified": 1676569297,
-        "narHash": "sha256-4zetAPSyY0D77x+Ww9QBe8RHn1akvIvHJ/kgg8kGDbk=",
+        "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2caf4ef5005ecc68141ecb4aac271079f7371c44",
+        "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37",
         "type": "github"
       },
       "original": {
@@ -368,27 +368,27 @@
     },
     "nixpkgs-rust-analyzer": {
       "locked": {
-        "lastModified": 1675238604,
+        "lastModified": 1676330791,
-        "narHash": "sha256-K1gmrc1smFTn964DtGuDoBI4H7tneVe9wlDgR17kLe4=",
+        "narHash": "sha256-XchfsxuwhE3BdzwyuifSTTB17NSQhecjscaQ/iWL6FQ=",
-        "owner": "cyplo",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "002f14a4b8520fc095b32abd377a65070d1231c1",
+        "rev": "79046740da1bd46d0928bf76103d3226dddf5aa6",
         "type": "github"
       },
       "original": {
-        "owner": "cyplo",
+        "owner": "NixOS",
-        "ref": "002f14a4b8520fc095b32abd377a65070d1231c1",
+        "ref": "79046740da1bd46d0928bf76103d3226dddf5aa6",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1675154384,
+        "lastModified": 1676546582,
-        "narHash": "sha256-gUXzyTS3WsO3g2Rz0qOYR2a26whkyL2UfTr1oPH9mm8=",
+        "narHash": "sha256-MJ+PXNmUyxnMTFoss7G2lEcUY2cfYZM6RudBAL5aX1k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0218941ea68b4c625533bead7bbb94ccce52dceb",
+        "rev": "2fb7d749c084890192b2cd08ba264e5e4a14df1b",
         "type": "github"
       },
       "original": {
@@ -400,11 +400,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1675226489,
+        "lastModified": 1676636203,
-        "narHash": "sha256-hVOcAOcoP0jXEgenJ20U+VT0hCEAbtZuDH6ed8U4jjI=",
+        "narHash": "sha256-1fxThinWfMdghwfMiXpYJ+BrTjkSoTnajQTdPmmsmJo=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "2c0e8d17676de8f17b94688ffa2abc87e200830a",
+        "rev": "a6b7602c5dc36102994d76e68be8d3bc930baab7",
         "type": "github"
       },
       "original": {
@@ -483,11 +483,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1674095406,
+        "lastModified": 1675391458,
-        "narHash": "sha256-RexH/1rZTiX4OhdYkuJP3MuANJ+JRgoLKL60iHm//T0=",
+        "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "5f7315b9800e2e500e6834767a57e39f7dbfd495",
+        "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf",
         "type": "github"
       },
       "original": {
@@ -506,11 +506,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1674546403,
+        "lastModified": 1676171095,
-        "narHash": "sha256-vkyNv0xzXuEnu9v52TUtRugNmQWIti8c2RhYnbLG71w=",
+        "narHash": "sha256-2laeSjBAAJ9e/C3uTIPb287iX8qeVLtWiilw1uxqG+A=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "b6ab3c61e2ca5e07d1f4eb1b67304e2670ea230c",
+        "rev": "c5dab21d8706afc7ceb05c23d4244dcb48d6aade",
         "type": "github"
       },
       "original": {

flake.nix

@@ -214,9 +214,9 @@
 
     nixpkgs-rust-analyzer = {
       type = "github";
-      owner = "cyplo";
+      owner = "NixOS";
       repo = "nixpkgs";
-      ref = "002f14a4b8520fc095b32abd377a65070d1231c1";
+      ref = "79046740da1bd46d0928bf76103d3226dddf5aa6";
     };
 
     nixos-hardware = {
@@ -243,7 +243,7 @@
       type = "github";
       owner = "numtide";
       repo = "flake-utils";
-      ref = "master";
+      ref = "main";
     };
 
     nur = {

nixos/boxes/vpsfree1/mastodon.nix

@@ -1,10 +1,5 @@
-{
+{ config, pkgs, inputs, lib, ... }:
-  config,
+let
-  pkgs,
-  inputs,
-  lib,
-  ...
-}: let
   domain = "peninsula.industries";
   streamingPort = 55000;
   webPort = 55001;
@@ -27,7 +22,7 @@
     };
     groups."${systemGroupName}" = {
       inherit gid;
-      members = ["${systemUserName}" "nginx"];
+      members = [ "${systemUserName}" "nginx" ];
     };
   };
   secretSettings = {
@@ -35,10 +30,9 @@
     group = systemGroupName;
   };
   publicPath = "${path}/public-system/";
-  package =
+  package = inputs.nixpkgs-stable.legacyPackages."${pkgs.system}".mastodon;
-    inputs.nixpkgs-nixos-unstable.legacyPackages."${pkgs.system}".mastodon;
 in {
-  imports = [../nginx.nix];
+  imports = [ ../nginx.nix ];
 
   services.nginx = {
     virtualHosts = {
@@ -47,7 +41,7 @@ in {
         enableACME = true;
         root = "${package}/public/";
 
-        locations."/" = {tryFiles = "$uri @proxy";};
+        locations."/" = { tryFiles = "$uri @proxy"; };
         locations."/system/".alias = "${publicPath}";
 
         locations."@proxy" = {
@@ -62,18 +56,14 @@ in {
     };
   };
 
-  sops.secrets."${mailgunSmtpSecretName}" =
+  sops.secrets."${mailgunSmtpSecretName}" = {
-    {
+    sopsFile = ./mailgun.sops.yaml;
-      sopsFile = ./mailgun.sops.yaml;
+    path = mailgunSmtpPasswordPath;
-      path = mailgunSmtpPasswordPath;
+  } // secretSettings;
-    }
+  sops.secrets."${mastodonDbSecretName}" = {
-    // secretSettings;
+    sopsFile = ./mastodon-db.sops.yaml;
-  sops.secrets."${mastodonDbSecretName}" =
+    path = mastodonDbSecretPath;
-    {
+  } // secretSettings;
-      sopsFile = ./mastodon-db.sops.yaml;
-      path = mastodonDbSecretPath;
-    }
-    // secretSettings;
 
   inherit users;
 
@@ -93,7 +83,7 @@ in {
       ProtectSystem = "strict";
       ReadWritePaths = path;
     };
-    before = ["container@mastodon.service"];
+    before = [ "container@mastodon.service" ];
   };
 
   containers.mastodon = {
@@ -122,20 +112,13 @@ in {
         isReadOnly = true;
       };
     };
-    config = {
+    config = { config, pkgs, lib, ... }: {
-      config,
-      pkgs,
-      lib,
-      ...
-    }: {
       system.stateVersion = "22.05";
       services.postgresql.port = postgresPort;
-      users =
+      users = users // {
-        users
+        mutableUsers = false;
-        // {
+        allowNoPasswordLogin = true;
-          mutableUsers = false;
+      };
-          allowNoPasswordLogin = true;
-        };
       services.mastodon = {
         enable = true;
         inherit package;