1
0
Fork 0

Update deps
All checks were successful
Build / build-arm64-linux (push) Successful in 10m30s
Build / build-amd64-linux (push) Successful in 47m36s

This commit is contained in:
Daniel Kempkens 2023-11-15 19:57:22 +01:00
parent c712b6dada
commit 11878edd2b
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
4 changed files with 129 additions and 111 deletions

View file

@ -287,11 +287,11 @@
}, },
"locked": { "locked": {
"dir": "contrib", "dir": "contrib",
"lastModified": 1699924867, "lastModified": 1700037583,
"narHash": "sha256-+DNEe7KkmvOm9NK9j13fZY148DFv+f0E4aGbvURJUuE=", "narHash": "sha256-PR0CTwi1G23MrPUR6dT8U8hL6U6YogQPnfGTFDoBGbs=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "582d7f47905d82f315dc852a9d2937cd5b655e55", "rev": "d92dd2a0c05148154c353f0e7cd2099b2427308a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -312,11 +312,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1699956181, "lastModified": 1700054624,
"narHash": "sha256-gK+If1Wq/hCKhi4e2LCYeYXMr9+0BX4ycHhBibe4oNY=", "narHash": "sha256-keCn/xfYMYevyxoF+4B4NDIUy8sx8+greK8aEclWZNg=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "8ed6a3f95b23312e8ac526e682ad9f7d9c359e04", "rev": "30fc71e41e4ec0011a65b9188b31b2cb82e54134",
"revCount": 583, "revCount": 585,
"type": "git", "type": "git",
"url": "https://git.kempkens.io/daniel/nix-overlay" "url": "https://git.kempkens.io/daniel/nix-overlay"
}, },
@ -347,11 +347,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1699954245, "lastModified": 1699997707,
"narHash": "sha256-CSnfeOHc/wco8amdA0j268OaLrMcI5gGtK6Zm+y3lT0=", "narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "df9bb8a436607da124e8cfa0fd19e70e9d9e0b7b", "rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -363,11 +363,11 @@
}, },
"nixos-unstable": { "nixos-unstable": {
"locked": { "locked": {
"lastModified": 1699956859, "lastModified": 1700044047,
"narHash": "sha256-dmlFTx0svBi8Z26Cbqpg8ZF/7K5IwoFvFOfAZovO3Hw=", "narHash": "sha256-L7sCQsyETMknCztejhFCb7QXoa7k92Pv/e8X7OudAuk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "df4d6022db36b396fca38931afb41a626ef88e8a", "rev": "68baab123fc4f898ebb6191eca8ae9383604f5f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -379,11 +379,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1699725108, "lastModified": 1700014976,
"narHash": "sha256-NTiPW4jRC+9puakU4Vi8WpFEirhp92kTOSThuZke+FA=", "narHash": "sha256-dSGpS2YeJrXW5aH9y7Abd235gGufY3RuZFth6vuyVtU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "911ad1e67f458b6bcf0278fa85e33bb9924fed7e", "rev": "592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -454,11 +454,11 @@
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1699271226, "lastModified": 1700064067,
"narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=", "narHash": "sha256-1ZWNDzhu8UlVCK7+DUN9dVQfiHX1bv6OQP9VxstY/gs=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "ea758da1a6dcde6dc36db348ed690d09b9864128", "rev": "e558068cba67b23b4fbc5537173dbb43748a17e8",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -1,6 +1,7 @@
(let [rainbow-delimiters (require :rainbow-delimiters)] (let [rainbow-delimiters (require :rainbow-delimiters)]
(set vim.g.rainbow_delimiters (set vim.g.rainbow_delimiters
{:strategy {"" (. rainbow-delimiters :strategy :global) {:strategy {"" (. rainbow-delimiters :strategy :global)
:html (. rainbow-delimiters :strategy :local)
:vim (. rainbow-delimiters :strategy :local)} :vim (. rainbow-delimiters :strategy :local)}
:query {"" :rainbow-delimiters :lua :rainbow-blocks} :query {"" :rainbow-delimiters :lua :rainbow-blocks}
:highlight [:RainbowDelimiterRed :highlight [:RainbowDelimiterRed

View file

@ -117,12 +117,12 @@ in
}; };
nvim-treesitter = buildVimPlugin { nvim-treesitter = buildVimPlugin {
pname = "nvim-treesitter"; pname = "nvim-treesitter";
version = "2023-11-14"; version = "2023-11-15";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "nvim-treesitter"; owner = "nvim-treesitter";
repo = "nvim-treesitter"; repo = "nvim-treesitter";
rev = "c0da2013d1cef768c00f3f0b7f365fe19a10bca3"; rev = "8b9f99660294dcd11d42572c84ee33a1e284f70d";
sha256 = "19kvpxd4vssdrpznrp4prx7v5n7qy5v1mm5nnc8lmfbrp5qzls8m"; sha256 = "09mkkkirp922018dvci32p9mfsa2fqkv9b6nd1srwicxydx1wzp7";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -139,12 +139,12 @@ in
}; };
rainbow-delimiters-nvim = buildVimPlugin { rainbow-delimiters-nvim = buildVimPlugin {
pname = "rainbow-delimiters.nvim"; pname = "rainbow-delimiters.nvim";
version = "2023-11-12"; version = "2023-11-14";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "HiPhish"; owner = "HiPhish";
repo = "rainbow-delimiters.nvim"; repo = "rainbow-delimiters.nvim";
rev = "9515abd92ae0e42044d47716537f3997991a037b"; rev = "a3cfa42deb8ff13ef41e1fe81f2e60ab06150b7d";
sha256 = "1cg6v4fkps1gds2vgbwssjhqpw72jyq84i7hyl2prpiagdwss4gm"; sha256 = "1p0yxsdpyy6bvgwbj1k3ha45qv0z7h1rgkm4r2gcflg40gjh6k8g";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -161,12 +161,12 @@ in
}; };
telescope-nvim = buildVimPlugin { telescope-nvim = buildVimPlugin {
pname = "telescope.nvim"; pname = "telescope.nvim";
version = "2023-11-06"; version = "2023-11-15";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "nvim-telescope"; owner = "nvim-telescope";
repo = "telescope.nvim"; repo = "telescope.nvim";
rev = "20bf20500c95208c3ac0ef07245065bf94dcab15"; rev = "721cdcae134eb5c564cb6c9df6c317c3854528ad";
sha256 = "096vv98xxdqy96ipz6lbricfr74bkc3r58x1si1816lnm0j896r5"; sha256 = "12kizqyhknpp4931n2fkbdxhb04afpcnxyw6s4z7mf1vsfjz39w2";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -219,12 +219,12 @@ in
}; };
nvim-lspconfig = buildVimPlugin { nvim-lspconfig = buildVimPlugin {
pname = "nvim-lspconfig"; pname = "nvim-lspconfig";
version = "2023-11-14"; version = "2023-11-15";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "neovim"; owner = "neovim";
repo = "nvim-lspconfig"; repo = "nvim-lspconfig";
rev = "0a0682d4646a6869b85a4e4d0e30da5ef8b11f66"; rev = "d5d7412ff267b92a11a94e6559d5507c43670a52";
sha256 = "0i64ly4lgpvdywyczv39vnmljr6y445apvidz4db9cbrzzf39wd0"; sha256 = "1jqpsj2in41fv148zdvddpcwjzmll5kchzx9mnbas685xmzc4h0k";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -395,12 +395,12 @@ in
}; };
conform-nvim = buildVimPlugin { conform-nvim = buildVimPlugin {
pname = "conform.nvim"; pname = "conform.nvim";
version = "2023-11-12"; version = "2023-11-15";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "stevearc"; owner = "stevearc";
repo = "conform.nvim"; repo = "conform.nvim";
rev = "ca3dfba94600aa62bfc88ae37cbd4f17eaea2553"; rev = "4524a687107c6e598017dc7356b7cd1eb046aa71";
sha256 = "192r845pyszbl5jwxzs36pvjn4c4si4n0ywnqlia0w03vac4zz8g"; sha256 = "02waplka03ghpxhwsgjf0z4iv6dqkcrg2whlha334982q57gml1w";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -494,12 +494,12 @@ in
}; };
fidget-nvim = buildVimPlugin { fidget-nvim = buildVimPlugin {
pname = "fidget.nvim"; pname = "fidget.nvim";
version = "2023-11-14"; version = "2023-11-15";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "j-hui"; owner = "j-hui";
repo = "fidget.nvim"; repo = "fidget.nvim";
rev = "6c8274e13483de5782a5c6020a4fc837b81a7b49"; rev = "98047f30e454dd36da00eb354506517166cfec7d";
sha256 = "0nc8x1gh4z023pr04nw9rdpm5jncvq89sm6w9mya358mpd34sa6l"; sha256 = "08ib7dzcsn8rgnvfcsj5id6m1rhfd94fhh6s943k2631sc34kq0w";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };

View file

@ -1,4 +1,4 @@
{ pkgs, config, ... }: { pkgs, lib, config, ... }:
let let
web-domain = "mastodon.kempkens.io"; web-domain = "mastodon.kempkens.io";
@ -7,16 +7,16 @@ let
mastodonModules = pkgs.mastodon.mastodonModules.overrideAttrs (oldMods: mastodonModules = pkgs.mastodon.mastodonModules.overrideAttrs (oldMods:
let let
# https://github.com/ronilaukkarinen/mastodon-bird-ui # https://github.com/ronilaukkarinen/mastodon-bird-ui
birdui-version = "1.6.4"; birdui-version = "1.8.2";
birdui-single-column = builtins.fetchurl { birdui-single-column = builtins.fetchurl {
url = "https://raw.githubusercontent.com/ronilaukkarinen/mastodon-bird-ui/${birdui-version}/layout-single-column.css"; url = "https://raw.githubusercontent.com/ronilaukkarinen/mastodon-bird-ui/${birdui-version}/layout-single-column.css";
sha256 = "05wfq7v1vznq0jv12jm4h4nxg76rz6digjycc63rf3rh6jdz5dn9"; sha256 = "0xlnykliqm7qrkw6ym14mxdvx3mb1mmyvjyq7ly32kkx3i2mcc47";
}; };
birdui-multi-column = builtins.fetchurl { birdui-multi-column = builtins.fetchurl {
url = "https://raw.githubusercontent.com/ronilaukkarinen/mastodon-bird-ui/${birdui-version}/layout-multiple-columns.css"; url = "https://raw.githubusercontent.com/ronilaukkarinen/mastodon-bird-ui/${birdui-version}/layout-multiple-columns.css";
sha256 = "17p5mg09kwfpn0xfhwpqax32k7zzr660agkfp36b95333hdy4cwa"; sha256 = "0wz0kj3p1sa7lf00qj6l83hnl42zrfkb90s085m0q896hy42za9i";
}; };
in in
{ {
@ -74,7 +74,7 @@ in
localDomain = "kempkens.io"; localDomain = "kempkens.io";
streamingPort = 55000; streamingProcesses = 2;
webPort = 55001; webPort = 55001;
sidekiqPort = 55002; sidekiqPort = 55002;
enableUnixSocket = true; enableUnixSocket = true;
@ -138,85 +138,102 @@ in
}; };
}; };
services.nginx.virtualHosts."${web-domain}" = { services.nginx = {
quic = true; upstreams.mastodon-streaming = {
http3 = true;
root = "${config.services.mastodon.package}/public/";
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/system/" = {
extraConfig = '' extraConfig = ''
rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent; least_conn;
''; '';
servers = builtins.listToAttrs
(map
(i: {
name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
value = { };
})
(lib.range 1 config.services.mastodon.streamingProcesses));
}; };
locations."/" = { virtualHosts = {
tryFiles = "$uri @proxy"; "${web-domain}" = {
}; quic = true;
http3 = true;
locations."@proxy" = { root = "${config.services.mastodon.package}/public/";
recommendedProxySettings = true; forceSSL = true;
proxyPass = "http://unix:/run/mastodon-web/web.socket"; useACMEHost = "kempkens.io";
proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_hide_header Strict-Transport-Security; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
proxy_force_ranges on; '';
'';
};
locations."/api/v1/streaming/" = { locations."/system/" = {
recommendedProxySettings = true; extraConfig = ''
proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket"; rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
proxyWebsockets = true; '';
};
extraConfig = '' locations."/" = {
proxy_hide_header Strict-Transport-Security; tryFiles = "$uri @proxy";
proxy_force_ranges on; };
'';
locations."@proxy" = {
recommendedProxySettings = true;
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
extraConfig = ''
proxy_hide_header Strict-Transport-Security;
proxy_force_ranges on;
'';
};
locations."/api/v1/streaming/" = {
recommendedProxySettings = true;
proxyPass = "http://mastodon-streaming";
proxyWebsockets = true;
extraConfig = ''
proxy_hide_header Strict-Transport-Security;
proxy_force_ranges on;
'';
};
};
"mastodon-cdn.kempkens.io" =
let
lib-base = "/var/lib/mastodon/public-system";
in
{
quic = true;
http3 = true;
kTLS = true;
root = "${config.services.mastodon.package}/public/";
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Access-Control-Allow-Origin https://mastodon.kempkens.io;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/system/" = {
alias = "${lib-base}/";
extraConfig = ''
add_header Cache-Control "public, max-age=2419200, immutable";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
'';
};
# "Old" CDN paths
locations."/accounts/".alias = "${lib-base}/accounts/";
locations."/cache/".alias = "${lib-base}/cache/";
locations."/custom_emojis/".alias = "${lib-base}/custom_emojis/";
locations."/media_attachments/".alias = "${lib-base}/media_attachments/";
};
}; };
}; };
services.nginx.virtualHosts."mastodon-cdn.kempkens.io" =
let
lib-base = "/var/lib/mastodon/public-system";
in
{
quic = true;
http3 = true;
kTLS = true;
root = "${config.services.mastodon.package}/public/";
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Access-Control-Allow-Origin https://mastodon.kempkens.io;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/system/" = {
alias = "${lib-base}/";
extraConfig = ''
add_header Cache-Control "public, max-age=2419200, immutable";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
'';
};
# "Old" CDN paths
locations."/accounts/".alias = "${lib-base}/accounts/";
locations."/cache/".alias = "${lib-base}/cache/";
locations."/custom_emojis/".alias = "${lib-base}/custom_emojis/";
locations."/media_attachments/".alias = "${lib-base}/media_attachments/";
};
users.groups.mastodon.members = [ config.services.nginx.user ]; users.groups.mastodon.members = [ config.services.nginx.user ];
} }