1
0
Fork 0

Update deps
All checks were successful
Build / build-arm64-linux (push) Successful in 10m30s
Build / build-amd64-linux (push) Successful in 47m36s

This commit is contained in:
Daniel Kempkens 2023-11-15 19:57:22 +01:00
parent c712b6dada
commit 11878edd2b
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
4 changed files with 129 additions and 111 deletions

View file

@ -287,11 +287,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1699924867,
"narHash": "sha256-+DNEe7KkmvOm9NK9j13fZY148DFv+f0E4aGbvURJUuE=",
"lastModified": 1700037583,
"narHash": "sha256-PR0CTwi1G23MrPUR6dT8U8hL6U6YogQPnfGTFDoBGbs=",
"owner": "neovim",
"repo": "neovim",
"rev": "582d7f47905d82f315dc852a9d2937cd5b655e55",
"rev": "d92dd2a0c05148154c353f0e7cd2099b2427308a",
"type": "github"
},
"original": {
@ -312,11 +312,11 @@
]
},
"locked": {
"lastModified": 1699956181,
"narHash": "sha256-gK+If1Wq/hCKhi4e2LCYeYXMr9+0BX4ycHhBibe4oNY=",
"lastModified": 1700054624,
"narHash": "sha256-keCn/xfYMYevyxoF+4B4NDIUy8sx8+greK8aEclWZNg=",
"ref": "refs/heads/master",
"rev": "8ed6a3f95b23312e8ac526e682ad9f7d9c359e04",
"revCount": 583,
"rev": "30fc71e41e4ec0011a65b9188b31b2cb82e54134",
"revCount": 585,
"type": "git",
"url": "https://git.kempkens.io/daniel/nix-overlay"
},
@ -347,11 +347,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1699954245,
"narHash": "sha256-CSnfeOHc/wco8amdA0j268OaLrMcI5gGtK6Zm+y3lT0=",
"lastModified": 1699997707,
"narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "df9bb8a436607da124e8cfa0fd19e70e9d9e0b7b",
"rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9",
"type": "github"
},
"original": {
@ -363,11 +363,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1699956859,
"narHash": "sha256-dmlFTx0svBi8Z26Cbqpg8ZF/7K5IwoFvFOfAZovO3Hw=",
"lastModified": 1700044047,
"narHash": "sha256-L7sCQsyETMknCztejhFCb7QXoa7k92Pv/e8X7OudAuk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "df4d6022db36b396fca38931afb41a626ef88e8a",
"rev": "68baab123fc4f898ebb6191eca8ae9383604f5f5",
"type": "github"
},
"original": {
@ -379,11 +379,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1699725108,
"narHash": "sha256-NTiPW4jRC+9puakU4Vi8WpFEirhp92kTOSThuZke+FA=",
"lastModified": 1700014976,
"narHash": "sha256-dSGpS2YeJrXW5aH9y7Abd235gGufY3RuZFth6vuyVtU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "911ad1e67f458b6bcf0278fa85e33bb9924fed7e",
"rev": "592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3",
"type": "github"
},
"original": {
@ -454,11 +454,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1699271226,
"narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=",
"lastModified": 1700064067,
"narHash": "sha256-1ZWNDzhu8UlVCK7+DUN9dVQfiHX1bv6OQP9VxstY/gs=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "ea758da1a6dcde6dc36db348ed690d09b9864128",
"rev": "e558068cba67b23b4fbc5537173dbb43748a17e8",
"type": "github"
},
"original": {

View file

@ -1,6 +1,7 @@
(let [rainbow-delimiters (require :rainbow-delimiters)]
(set vim.g.rainbow_delimiters
{:strategy {"" (. rainbow-delimiters :strategy :global)
:html (. rainbow-delimiters :strategy :local)
:vim (. rainbow-delimiters :strategy :local)}
:query {"" :rainbow-delimiters :lua :rainbow-blocks}
:highlight [:RainbowDelimiterRed

View file

@ -117,12 +117,12 @@ in
};
nvim-treesitter = buildVimPlugin {
pname = "nvim-treesitter";
version = "2023-11-14";
version = "2023-11-15";
src = fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter";
rev = "c0da2013d1cef768c00f3f0b7f365fe19a10bca3";
sha256 = "19kvpxd4vssdrpznrp4prx7v5n7qy5v1mm5nnc8lmfbrp5qzls8m";
rev = "8b9f99660294dcd11d42572c84ee33a1e284f70d";
sha256 = "09mkkkirp922018dvci32p9mfsa2fqkv9b6nd1srwicxydx1wzp7";
fetchSubmodules = false;
};
};
@ -139,12 +139,12 @@ in
};
rainbow-delimiters-nvim = buildVimPlugin {
pname = "rainbow-delimiters.nvim";
version = "2023-11-12";
version = "2023-11-14";
src = fetchFromGitHub {
owner = "HiPhish";
repo = "rainbow-delimiters.nvim";
rev = "9515abd92ae0e42044d47716537f3997991a037b";
sha256 = "1cg6v4fkps1gds2vgbwssjhqpw72jyq84i7hyl2prpiagdwss4gm";
rev = "a3cfa42deb8ff13ef41e1fe81f2e60ab06150b7d";
sha256 = "1p0yxsdpyy6bvgwbj1k3ha45qv0z7h1rgkm4r2gcflg40gjh6k8g";
fetchSubmodules = false;
};
};
@ -161,12 +161,12 @@ in
};
telescope-nvim = buildVimPlugin {
pname = "telescope.nvim";
version = "2023-11-06";
version = "2023-11-15";
src = fetchFromGitHub {
owner = "nvim-telescope";
repo = "telescope.nvim";
rev = "20bf20500c95208c3ac0ef07245065bf94dcab15";
sha256 = "096vv98xxdqy96ipz6lbricfr74bkc3r58x1si1816lnm0j896r5";
rev = "721cdcae134eb5c564cb6c9df6c317c3854528ad";
sha256 = "12kizqyhknpp4931n2fkbdxhb04afpcnxyw6s4z7mf1vsfjz39w2";
fetchSubmodules = false;
};
};
@ -219,12 +219,12 @@ in
};
nvim-lspconfig = buildVimPlugin {
pname = "nvim-lspconfig";
version = "2023-11-14";
version = "2023-11-15";
src = fetchFromGitHub {
owner = "neovim";
repo = "nvim-lspconfig";
rev = "0a0682d4646a6869b85a4e4d0e30da5ef8b11f66";
sha256 = "0i64ly4lgpvdywyczv39vnmljr6y445apvidz4db9cbrzzf39wd0";
rev = "d5d7412ff267b92a11a94e6559d5507c43670a52";
sha256 = "1jqpsj2in41fv148zdvddpcwjzmll5kchzx9mnbas685xmzc4h0k";
fetchSubmodules = false;
};
};
@ -395,12 +395,12 @@ in
};
conform-nvim = buildVimPlugin {
pname = "conform.nvim";
version = "2023-11-12";
version = "2023-11-15";
src = fetchFromGitHub {
owner = "stevearc";
repo = "conform.nvim";
rev = "ca3dfba94600aa62bfc88ae37cbd4f17eaea2553";
sha256 = "192r845pyszbl5jwxzs36pvjn4c4si4n0ywnqlia0w03vac4zz8g";
rev = "4524a687107c6e598017dc7356b7cd1eb046aa71";
sha256 = "02waplka03ghpxhwsgjf0z4iv6dqkcrg2whlha334982q57gml1w";
fetchSubmodules = false;
};
};
@ -494,12 +494,12 @@ in
};
fidget-nvim = buildVimPlugin {
pname = "fidget.nvim";
version = "2023-11-14";
version = "2023-11-15";
src = fetchFromGitHub {
owner = "j-hui";
repo = "fidget.nvim";
rev = "6c8274e13483de5782a5c6020a4fc837b81a7b49";
sha256 = "0nc8x1gh4z023pr04nw9rdpm5jncvq89sm6w9mya358mpd34sa6l";
rev = "98047f30e454dd36da00eb354506517166cfec7d";
sha256 = "08ib7dzcsn8rgnvfcsj5id6m1rhfd94fhh6s943k2631sc34kq0w";
fetchSubmodules = false;
};
};

View file

@ -1,4 +1,4 @@
{ pkgs, config, ... }:
{ pkgs, lib, config, ... }:
let
web-domain = "mastodon.kempkens.io";
@ -7,16 +7,16 @@ let
mastodonModules = pkgs.mastodon.mastodonModules.overrideAttrs (oldMods:
let
# https://github.com/ronilaukkarinen/mastodon-bird-ui
birdui-version = "1.6.4";
birdui-version = "1.8.2";
birdui-single-column = builtins.fetchurl {
url = "https://raw.githubusercontent.com/ronilaukkarinen/mastodon-bird-ui/${birdui-version}/layout-single-column.css";
sha256 = "05wfq7v1vznq0jv12jm4h4nxg76rz6digjycc63rf3rh6jdz5dn9";
sha256 = "0xlnykliqm7qrkw6ym14mxdvx3mb1mmyvjyq7ly32kkx3i2mcc47";
};
birdui-multi-column = builtins.fetchurl {
url = "https://raw.githubusercontent.com/ronilaukkarinen/mastodon-bird-ui/${birdui-version}/layout-multiple-columns.css";
sha256 = "17p5mg09kwfpn0xfhwpqax32k7zzr660agkfp36b95333hdy4cwa";
sha256 = "0wz0kj3p1sa7lf00qj6l83hnl42zrfkb90s085m0q896hy42za9i";
};
in
{
@ -74,7 +74,7 @@ in
localDomain = "kempkens.io";
streamingPort = 55000;
streamingProcesses = 2;
webPort = 55001;
sidekiqPort = 55002;
enableUnixSocket = true;
@ -138,85 +138,102 @@ in
};
};
services.nginx.virtualHosts."${web-domain}" = {
quic = true;
http3 = true;
root = "${config.services.mastodon.package}/public/";
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/system/" = {
services.nginx = {
upstreams.mastodon-streaming = {
extraConfig = ''
rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
least_conn;
'';
servers = builtins.listToAttrs
(map
(i: {
name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
value = { };
})
(lib.range 1 config.services.mastodon.streamingProcesses));
};
locations."/" = {
tryFiles = "$uri @proxy";
};
virtualHosts = {
"${web-domain}" = {
quic = true;
http3 = true;
locations."@proxy" = {
recommendedProxySettings = true;
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
root = "${config.services.mastodon.package}/public/";
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
proxy_hide_header Strict-Transport-Security;
proxy_force_ranges on;
'';
};
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/api/v1/streaming/" = {
recommendedProxySettings = true;
proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
proxyWebsockets = true;
locations."/system/" = {
extraConfig = ''
rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
'';
};
extraConfig = ''
proxy_hide_header Strict-Transport-Security;
proxy_force_ranges on;
'';
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = {
recommendedProxySettings = true;
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
extraConfig = ''
proxy_hide_header Strict-Transport-Security;
proxy_force_ranges on;
'';
};
locations."/api/v1/streaming/" = {
recommendedProxySettings = true;
proxyPass = "http://mastodon-streaming";
proxyWebsockets = true;
extraConfig = ''
proxy_hide_header Strict-Transport-Security;
proxy_force_ranges on;
'';
};
};
"mastodon-cdn.kempkens.io" =
let
lib-base = "/var/lib/mastodon/public-system";
in
{
quic = true;
http3 = true;
kTLS = true;
root = "${config.services.mastodon.package}/public/";
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Access-Control-Allow-Origin https://mastodon.kempkens.io;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/system/" = {
alias = "${lib-base}/";
extraConfig = ''
add_header Cache-Control "public, max-age=2419200, immutable";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
'';
};
# "Old" CDN paths
locations."/accounts/".alias = "${lib-base}/accounts/";
locations."/cache/".alias = "${lib-base}/cache/";
locations."/custom_emojis/".alias = "${lib-base}/custom_emojis/";
locations."/media_attachments/".alias = "${lib-base}/media_attachments/";
};
};
};
services.nginx.virtualHosts."mastodon-cdn.kempkens.io" =
let
lib-base = "/var/lib/mastodon/public-system";
in
{
quic = true;
http3 = true;
kTLS = true;
root = "${config.services.mastodon.package}/public/";
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Access-Control-Allow-Origin https://mastodon.kempkens.io;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/system/" = {
alias = "${lib-base}/";
extraConfig = ''
add_header Cache-Control "public, max-age=2419200, immutable";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
'';
};
# "Old" CDN paths
locations."/accounts/".alias = "${lib-base}/accounts/";
locations."/cache/".alias = "${lib-base}/cache/";
locations."/custom_emojis/".alias = "${lib-base}/custom_emojis/";
locations."/media_attachments/".alias = "${lib-base}/media_attachments/";
};
users.groups.mastodon.members = [ config.services.nginx.user ];
}