diff --git a/flake.lock b/flake.lock index 06f91fe..7a570e5 100644 --- a/flake.lock +++ b/flake.lock @@ -287,11 +287,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1699924867, - "narHash": "sha256-+DNEe7KkmvOm9NK9j13fZY148DFv+f0E4aGbvURJUuE=", + "lastModified": 1700037583, + "narHash": "sha256-PR0CTwi1G23MrPUR6dT8U8hL6U6YogQPnfGTFDoBGbs=", "owner": "neovim", "repo": "neovim", - "rev": "582d7f47905d82f315dc852a9d2937cd5b655e55", + "rev": "d92dd2a0c05148154c353f0e7cd2099b2427308a", "type": "github" }, "original": { @@ -312,11 +312,11 @@ ] }, "locked": { - "lastModified": 1699956181, - "narHash": "sha256-gK+If1Wq/hCKhi4e2LCYeYXMr9+0BX4ycHhBibe4oNY=", + "lastModified": 1700054624, + "narHash": "sha256-keCn/xfYMYevyxoF+4B4NDIUy8sx8+greK8aEclWZNg=", "ref": "refs/heads/master", - "rev": "8ed6a3f95b23312e8ac526e682ad9f7d9c359e04", - "revCount": 583, + "rev": "30fc71e41e4ec0011a65b9188b31b2cb82e54134", + "revCount": 585, "type": "git", "url": "https://git.kempkens.io/daniel/nix-overlay" }, @@ -347,11 +347,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1699954245, - "narHash": "sha256-CSnfeOHc/wco8amdA0j268OaLrMcI5gGtK6Zm+y3lT0=", + "lastModified": 1699997707, + "narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "df9bb8a436607da124e8cfa0fd19e70e9d9e0b7b", + "rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9", "type": "github" }, "original": { @@ -363,11 +363,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1699956859, - "narHash": "sha256-dmlFTx0svBi8Z26Cbqpg8ZF/7K5IwoFvFOfAZovO3Hw=", + "lastModified": 1700044047, + "narHash": "sha256-L7sCQsyETMknCztejhFCb7QXoa7k92Pv/e8X7OudAuk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "df4d6022db36b396fca38931afb41a626ef88e8a", + "rev": "68baab123fc4f898ebb6191eca8ae9383604f5f5", "type": "github" }, "original": { @@ -379,11 +379,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1699725108, - "narHash": "sha256-NTiPW4jRC+9puakU4Vi8WpFEirhp92kTOSThuZke+FA=", + "lastModified": 1700014976, + "narHash": "sha256-dSGpS2YeJrXW5aH9y7Abd235gGufY3RuZFth6vuyVtU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "911ad1e67f458b6bcf0278fa85e33bb9924fed7e", + "rev": "592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3", "type": "github" }, "original": { @@ -454,11 +454,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1699271226, - "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=", + "lastModified": 1700064067, + "narHash": "sha256-1ZWNDzhu8UlVCK7+DUN9dVQfiHX1bv6OQP9VxstY/gs=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128", + "rev": "e558068cba67b23b4fbc5537173dbb43748a17e8", "type": "github" }, "original": { diff --git a/home/config/nvim/plugins/rainbow-delimiters.fnl b/home/config/nvim/plugins/rainbow-delimiters.fnl index 824c697..d6b3ae5 100644 --- a/home/config/nvim/plugins/rainbow-delimiters.fnl +++ b/home/config/nvim/plugins/rainbow-delimiters.fnl @@ -1,6 +1,7 @@ (let [rainbow-delimiters (require :rainbow-delimiters)] (set vim.g.rainbow_delimiters {:strategy {"" (. rainbow-delimiters :strategy :global) + :html (. rainbow-delimiters :strategy :local) :vim (. rainbow-delimiters :strategy :local)} :query {"" :rainbow-delimiters :lua :rainbow-blocks} :highlight [:RainbowDelimiterRed diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix index 025d51b..08fc757 100644 --- a/home/programs/nvim/plugins.nix +++ b/home/programs/nvim/plugins.nix @@ -117,12 +117,12 @@ in }; nvim-treesitter = buildVimPlugin { pname = "nvim-treesitter"; - version = "2023-11-14"; + version = "2023-11-15"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter"; - rev = "c0da2013d1cef768c00f3f0b7f365fe19a10bca3"; - sha256 = "19kvpxd4vssdrpznrp4prx7v5n7qy5v1mm5nnc8lmfbrp5qzls8m"; + rev = "8b9f99660294dcd11d42572c84ee33a1e284f70d"; + sha256 = "09mkkkirp922018dvci32p9mfsa2fqkv9b6nd1srwicxydx1wzp7"; fetchSubmodules = false; }; }; @@ -139,12 +139,12 @@ in }; rainbow-delimiters-nvim = buildVimPlugin { pname = "rainbow-delimiters.nvim"; - version = "2023-11-12"; + version = "2023-11-14"; src = fetchFromGitHub { owner = "HiPhish"; repo = "rainbow-delimiters.nvim"; - rev = "9515abd92ae0e42044d47716537f3997991a037b"; - sha256 = "1cg6v4fkps1gds2vgbwssjhqpw72jyq84i7hyl2prpiagdwss4gm"; + rev = "a3cfa42deb8ff13ef41e1fe81f2e60ab06150b7d"; + sha256 = "1p0yxsdpyy6bvgwbj1k3ha45qv0z7h1rgkm4r2gcflg40gjh6k8g"; fetchSubmodules = false; }; }; @@ -161,12 +161,12 @@ in }; telescope-nvim = buildVimPlugin { pname = "telescope.nvim"; - version = "2023-11-06"; + version = "2023-11-15"; src = fetchFromGitHub { owner = "nvim-telescope"; repo = "telescope.nvim"; - rev = "20bf20500c95208c3ac0ef07245065bf94dcab15"; - sha256 = "096vv98xxdqy96ipz6lbricfr74bkc3r58x1si1816lnm0j896r5"; + rev = "721cdcae134eb5c564cb6c9df6c317c3854528ad"; + sha256 = "12kizqyhknpp4931n2fkbdxhb04afpcnxyw6s4z7mf1vsfjz39w2"; fetchSubmodules = false; }; }; @@ -219,12 +219,12 @@ in }; nvim-lspconfig = buildVimPlugin { pname = "nvim-lspconfig"; - version = "2023-11-14"; + version = "2023-11-15"; src = fetchFromGitHub { owner = "neovim"; repo = "nvim-lspconfig"; - rev = "0a0682d4646a6869b85a4e4d0e30da5ef8b11f66"; - sha256 = "0i64ly4lgpvdywyczv39vnmljr6y445apvidz4db9cbrzzf39wd0"; + rev = "d5d7412ff267b92a11a94e6559d5507c43670a52"; + sha256 = "1jqpsj2in41fv148zdvddpcwjzmll5kchzx9mnbas685xmzc4h0k"; fetchSubmodules = false; }; }; @@ -395,12 +395,12 @@ in }; conform-nvim = buildVimPlugin { pname = "conform.nvim"; - version = "2023-11-12"; + version = "2023-11-15"; src = fetchFromGitHub { owner = "stevearc"; repo = "conform.nvim"; - rev = "ca3dfba94600aa62bfc88ae37cbd4f17eaea2553"; - sha256 = "192r845pyszbl5jwxzs36pvjn4c4si4n0ywnqlia0w03vac4zz8g"; + rev = "4524a687107c6e598017dc7356b7cd1eb046aa71"; + sha256 = "02waplka03ghpxhwsgjf0z4iv6dqkcrg2whlha334982q57gml1w"; fetchSubmodules = false; }; }; @@ -494,12 +494,12 @@ in }; fidget-nvim = buildVimPlugin { pname = "fidget.nvim"; - version = "2023-11-14"; + version = "2023-11-15"; src = fetchFromGitHub { owner = "j-hui"; repo = "fidget.nvim"; - rev = "6c8274e13483de5782a5c6020a4fc837b81a7b49"; - sha256 = "0nc8x1gh4z023pr04nw9rdpm5jncvq89sm6w9mya358mpd34sa6l"; + rev = "98047f30e454dd36da00eb354506517166cfec7d"; + sha256 = "08ib7dzcsn8rgnvfcsj5id6m1rhfd94fhh6s943k2631sc34kq0w"; fetchSubmodules = false; }; }; diff --git a/system/nixos/mastodon.nix b/system/nixos/mastodon.nix index 207bb4c..257e670 100644 --- a/system/nixos/mastodon.nix +++ b/system/nixos/mastodon.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: +{ pkgs, lib, config, ... }: let web-domain = "mastodon.kempkens.io"; @@ -7,16 +7,16 @@ let mastodonModules = pkgs.mastodon.mastodonModules.overrideAttrs (oldMods: let # https://github.com/ronilaukkarinen/mastodon-bird-ui - birdui-version = "1.6.4"; + birdui-version = "1.8.2"; birdui-single-column = builtins.fetchurl { url = "https://raw.githubusercontent.com/ronilaukkarinen/mastodon-bird-ui/${birdui-version}/layout-single-column.css"; - sha256 = "05wfq7v1vznq0jv12jm4h4nxg76rz6digjycc63rf3rh6jdz5dn9"; + sha256 = "0xlnykliqm7qrkw6ym14mxdvx3mb1mmyvjyq7ly32kkx3i2mcc47"; }; birdui-multi-column = builtins.fetchurl { url = "https://raw.githubusercontent.com/ronilaukkarinen/mastodon-bird-ui/${birdui-version}/layout-multiple-columns.css"; - sha256 = "17p5mg09kwfpn0xfhwpqax32k7zzr660agkfp36b95333hdy4cwa"; + sha256 = "0wz0kj3p1sa7lf00qj6l83hnl42zrfkb90s085m0q896hy42za9i"; }; in { @@ -74,7 +74,7 @@ in localDomain = "kempkens.io"; - streamingPort = 55000; + streamingProcesses = 2; webPort = 55001; sidekiqPort = 55002; enableUnixSocket = true; @@ -138,85 +138,102 @@ in }; }; - services.nginx.virtualHosts."${web-domain}" = { - quic = true; - http3 = true; - - root = "${config.services.mastodon.package}/public/"; - forceSSL = true; - useACMEHost = "kempkens.io"; - - extraConfig = '' - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ''; - - locations."/system/" = { + services.nginx = { + upstreams.mastodon-streaming = { extraConfig = '' - rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent; + least_conn; ''; + servers = builtins.listToAttrs + (map + (i: { + name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket"; + value = { }; + }) + (lib.range 1 config.services.mastodon.streamingProcesses)); }; - locations."/" = { - tryFiles = "$uri @proxy"; - }; + virtualHosts = { + "${web-domain}" = { + quic = true; + http3 = true; - locations."@proxy" = { - recommendedProxySettings = true; - proxyPass = "http://unix:/run/mastodon-web/web.socket"; - proxyWebsockets = true; + root = "${config.services.mastodon.package}/public/"; + forceSSL = true; + useACMEHost = "kempkens.io"; - extraConfig = '' - proxy_hide_header Strict-Transport-Security; - proxy_force_ranges on; - ''; - }; + extraConfig = '' + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ''; - locations."/api/v1/streaming/" = { - recommendedProxySettings = true; - proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket"; - proxyWebsockets = true; + locations."/system/" = { + extraConfig = '' + rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent; + ''; + }; - extraConfig = '' - proxy_hide_header Strict-Transport-Security; - proxy_force_ranges on; - ''; + locations."/" = { + tryFiles = "$uri @proxy"; + }; + + locations."@proxy" = { + recommendedProxySettings = true; + proxyPass = "http://unix:/run/mastodon-web/web.socket"; + proxyWebsockets = true; + + extraConfig = '' + proxy_hide_header Strict-Transport-Security; + proxy_force_ranges on; + ''; + }; + + locations."/api/v1/streaming/" = { + recommendedProxySettings = true; + proxyPass = "http://mastodon-streaming"; + proxyWebsockets = true; + + extraConfig = '' + proxy_hide_header Strict-Transport-Security; + proxy_force_ranges on; + ''; + }; + }; + + "mastodon-cdn.kempkens.io" = + let + lib-base = "/var/lib/mastodon/public-system"; + in + { + quic = true; + http3 = true; + kTLS = true; + + root = "${config.services.mastodon.package}/public/"; + forceSSL = true; + useACMEHost = "kempkens.io"; + + extraConfig = '' + add_header Access-Control-Allow-Origin https://mastodon.kempkens.io; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ''; + + locations."/system/" = { + alias = "${lib-base}/"; + + extraConfig = '' + add_header Cache-Control "public, max-age=2419200, immutable"; + add_header X-Content-Type-Options nosniff; + add_header Content-Security-Policy "default-src 'none'; form-action 'none'"; + ''; + }; + + # "Old" CDN paths + locations."/accounts/".alias = "${lib-base}/accounts/"; + locations."/cache/".alias = "${lib-base}/cache/"; + locations."/custom_emojis/".alias = "${lib-base}/custom_emojis/"; + locations."/media_attachments/".alias = "${lib-base}/media_attachments/"; + }; }; }; - services.nginx.virtualHosts."mastodon-cdn.kempkens.io" = - let - lib-base = "/var/lib/mastodon/public-system"; - in - { - quic = true; - http3 = true; - kTLS = true; - - root = "${config.services.mastodon.package}/public/"; - forceSSL = true; - useACMEHost = "kempkens.io"; - - extraConfig = '' - add_header Access-Control-Allow-Origin https://mastodon.kempkens.io; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ''; - - locations."/system/" = { - alias = "${lib-base}/"; - - extraConfig = '' - add_header Cache-Control "public, max-age=2419200, immutable"; - add_header X-Content-Type-Options nosniff; - add_header Content-Security-Policy "default-src 'none'; form-action 'none'"; - ''; - }; - - # "Old" CDN paths - locations."/accounts/".alias = "${lib-base}/accounts/"; - locations."/cache/".alias = "${lib-base}/cache/"; - locations."/custom_emojis/".alias = "${lib-base}/custom_emojis/"; - locations."/media_attachments/".alias = "${lib-base}/media_attachments/"; - }; - users.groups.mastodon.members = [ config.services.nginx.user ]; }