Update deps

2023-11-15 19:57:22 +01:00 · 2023-11-15 19:57:22 +01:00 · 11878edd2b
parent c712b6dada
commit 11878edd2b
4 changed files with 129 additions and 111 deletions
--- a/flake.lock
+++ b/flake.lock
@ -287,11 +287,11 @@
      },
      "locked": {
        "dir": "contrib",
-        "lastModified": 1699924867,
+        "lastModified": 1700037583,
-        "narHash": "sha256-+DNEe7KkmvOm9NK9j13fZY148DFv+f0E4aGbvURJUuE=",
+        "narHash": "sha256-PR0CTwi1G23MrPUR6dT8U8hL6U6YogQPnfGTFDoBGbs=",
        "owner": "neovim",
        "repo": "neovim",
-        "rev": "582d7f47905d82f315dc852a9d2937cd5b655e55",
+        "rev": "d92dd2a0c05148154c353f0e7cd2099b2427308a",
        "type": "github"
      },
      "original": {
@ -312,11 +312,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1699956181,
+        "lastModified": 1700054624,
-        "narHash": "sha256-gK+If1Wq/hCKhi4e2LCYeYXMr9+0BX4ycHhBibe4oNY=",
+        "narHash": "sha256-keCn/xfYMYevyxoF+4B4NDIUy8sx8+greK8aEclWZNg=",
        "ref": "refs/heads/master",
-        "rev": "8ed6a3f95b23312e8ac526e682ad9f7d9c359e04",
+        "rev": "30fc71e41e4ec0011a65b9188b31b2cb82e54134",
-        "revCount": 583,
+        "revCount": 585,
        "type": "git",
        "url": "https://git.kempkens.io/daniel/nix-overlay"
      },
@ -347,11 +347,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1699954245,
+        "lastModified": 1699997707,
-        "narHash": "sha256-CSnfeOHc/wco8amdA0j268OaLrMcI5gGtK6Zm+y3lT0=",
+        "narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "df9bb8a436607da124e8cfa0fd19e70e9d9e0b7b",
+        "rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9",
        "type": "github"
      },
      "original": {
@ -363,11 +363,11 @@
    },
    "nixos-unstable": {
      "locked": {
-        "lastModified": 1699956859,
+        "lastModified": 1700044047,
-        "narHash": "sha256-dmlFTx0svBi8Z26Cbqpg8ZF/7K5IwoFvFOfAZovO3Hw=",
+        "narHash": "sha256-L7sCQsyETMknCztejhFCb7QXoa7k92Pv/e8X7OudAuk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "df4d6022db36b396fca38931afb41a626ef88e8a",
+        "rev": "68baab123fc4f898ebb6191eca8ae9383604f5f5",
        "type": "github"
      },
      "original": {
@ -379,11 +379,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1699725108,
+        "lastModified": 1700014976,
-        "narHash": "sha256-NTiPW4jRC+9puakU4Vi8WpFEirhp92kTOSThuZke+FA=",
+        "narHash": "sha256-dSGpS2YeJrXW5aH9y7Abd235gGufY3RuZFth6vuyVtU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "911ad1e67f458b6bcf0278fa85e33bb9924fed7e",
+        "rev": "592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3",
        "type": "github"
      },
      "original": {
@ -454,11 +454,11 @@
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
-        "lastModified": 1699271226,
+        "lastModified": 1700064067,
-        "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=",
+        "narHash": "sha256-1ZWNDzhu8UlVCK7+DUN9dVQfiHX1bv6OQP9VxstY/gs=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128",
+        "rev": "e558068cba67b23b4fbc5537173dbb43748a17e8",
        "type": "github"
      },
      "original": {
--- a/home/config/nvim/plugins/rainbow-delimiters.fnl
+++ b/home/config/nvim/plugins/rainbow-delimiters.fnl
@ -1,6 +1,7 @@
 (let [rainbow-delimiters (require :rainbow-delimiters)]
  (set vim.g.rainbow_delimiters
       {:strategy {"" (. rainbow-delimiters :strategy :global)
                   :html (. rainbow-delimiters :strategy :local)
                   :vim (. rainbow-delimiters :strategy :local)}
        :query {"" :rainbow-delimiters :lua :rainbow-blocks}
        :highlight [:RainbowDelimiterRed
--- a/home/programs/nvim/plugins.nix
+++ b/home/programs/nvim/plugins.nix
@ -117,12 +117,12 @@ in
  };
  nvim-treesitter = buildVimPlugin {
    pname = "nvim-treesitter";
-    version = "2023-11-14";
+    version = "2023-11-15";
    src = fetchFromGitHub {
      owner = "nvim-treesitter";
      repo = "nvim-treesitter";
-      rev = "c0da2013d1cef768c00f3f0b7f365fe19a10bca3";
+      rev = "8b9f99660294dcd11d42572c84ee33a1e284f70d";
-      sha256 = "19kvpxd4vssdrpznrp4prx7v5n7qy5v1mm5nnc8lmfbrp5qzls8m";
+      sha256 = "09mkkkirp922018dvci32p9mfsa2fqkv9b6nd1srwicxydx1wzp7";
      fetchSubmodules = false;
    };
  };
@ -139,12 +139,12 @@ in
  };
  rainbow-delimiters-nvim = buildVimPlugin {
    pname = "rainbow-delimiters.nvim";
-    version = "2023-11-12";
+    version = "2023-11-14";
    src = fetchFromGitHub {
      owner = "HiPhish";
      repo = "rainbow-delimiters.nvim";
-      rev = "9515abd92ae0e42044d47716537f3997991a037b";
+      rev = "a3cfa42deb8ff13ef41e1fe81f2e60ab06150b7d";
-      sha256 = "1cg6v4fkps1gds2vgbwssjhqpw72jyq84i7hyl2prpiagdwss4gm";
+      sha256 = "1p0yxsdpyy6bvgwbj1k3ha45qv0z7h1rgkm4r2gcflg40gjh6k8g";
      fetchSubmodules = false;
    };
  };
@ -161,12 +161,12 @@ in
  };
  telescope-nvim = buildVimPlugin {
    pname = "telescope.nvim";
-    version = "2023-11-06";
+    version = "2023-11-15";
    src = fetchFromGitHub {
      owner = "nvim-telescope";
      repo = "telescope.nvim";
-      rev = "20bf20500c95208c3ac0ef07245065bf94dcab15";
+      rev = "721cdcae134eb5c564cb6c9df6c317c3854528ad";
-      sha256 = "096vv98xxdqy96ipz6lbricfr74bkc3r58x1si1816lnm0j896r5";
+      sha256 = "12kizqyhknpp4931n2fkbdxhb04afpcnxyw6s4z7mf1vsfjz39w2";
      fetchSubmodules = false;
    };
  };
@ -219,12 +219,12 @@ in
  };
  nvim-lspconfig = buildVimPlugin {
    pname = "nvim-lspconfig";
-    version = "2023-11-14";
+    version = "2023-11-15";
    src = fetchFromGitHub {
      owner = "neovim";
      repo = "nvim-lspconfig";
-      rev = "0a0682d4646a6869b85a4e4d0e30da5ef8b11f66";
+      rev = "d5d7412ff267b92a11a94e6559d5507c43670a52";
-      sha256 = "0i64ly4lgpvdywyczv39vnmljr6y445apvidz4db9cbrzzf39wd0";
+      sha256 = "1jqpsj2in41fv148zdvddpcwjzmll5kchzx9mnbas685xmzc4h0k";
      fetchSubmodules = false;
    };
  };
@ -395,12 +395,12 @@ in
  };
  conform-nvim = buildVimPlugin {
    pname = "conform.nvim";
-    version = "2023-11-12";
+    version = "2023-11-15";
    src = fetchFromGitHub {
      owner = "stevearc";
      repo = "conform.nvim";
-      rev = "ca3dfba94600aa62bfc88ae37cbd4f17eaea2553";
+      rev = "4524a687107c6e598017dc7356b7cd1eb046aa71";
-      sha256 = "192r845pyszbl5jwxzs36pvjn4c4si4n0ywnqlia0w03vac4zz8g";
+      sha256 = "02waplka03ghpxhwsgjf0z4iv6dqkcrg2whlha334982q57gml1w";
      fetchSubmodules = false;
    };
  };
@ -494,12 +494,12 @@ in
  };
  fidget-nvim = buildVimPlugin {
    pname = "fidget.nvim";
-    version = "2023-11-14";
+    version = "2023-11-15";
    src = fetchFromGitHub {
      owner = "j-hui";
      repo = "fidget.nvim";
-      rev = "6c8274e13483de5782a5c6020a4fc837b81a7b49";
+      rev = "98047f30e454dd36da00eb354506517166cfec7d";
-      sha256 = "0nc8x1gh4z023pr04nw9rdpm5jncvq89sm6w9mya358mpd34sa6l";
+      sha256 = "08ib7dzcsn8rgnvfcsj5id6m1rhfd94fhh6s943k2631sc34kq0w";
      fetchSubmodules = false;
    };
  };
--- a/system/nixos/mastodon.nix
+++ b/system/nixos/mastodon.nix
@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ pkgs, lib, config, ... }:
 let
  web-domain = "mastodon.kempkens.io";
@ -7,16 +7,16 @@ let
    mastodonModules = pkgs.mastodon.mastodonModules.overrideAttrs (oldMods:
      let
        # https://github.com/ronilaukkarinen/mastodon-bird-ui
-        birdui-version = "1.6.4";
+        birdui-version = "1.8.2";
        birdui-single-column = builtins.fetchurl {
          url = "https://raw.githubusercontent.com/ronilaukkarinen/mastodon-bird-ui/${birdui-version}/layout-single-column.css";
-          sha256 = "05wfq7v1vznq0jv12jm4h4nxg76rz6digjycc63rf3rh6jdz5dn9";
+          sha256 = "0xlnykliqm7qrkw6ym14mxdvx3mb1mmyvjyq7ly32kkx3i2mcc47";
        };
        birdui-multi-column = builtins.fetchurl {
          url = "https://raw.githubusercontent.com/ronilaukkarinen/mastodon-bird-ui/${birdui-version}/layout-multiple-columns.css";
-          sha256 = "17p5mg09kwfpn0xfhwpqax32k7zzr660agkfp36b95333hdy4cwa";
+          sha256 = "0wz0kj3p1sa7lf00qj6l83hnl42zrfkb90s085m0q896hy42za9i";
        };
      in
      {
@ -74,7 +74,7 @@ in
    localDomain = "kempkens.io";
-    streamingPort = 55000;
+    streamingProcesses = 2;
    webPort = 55001;
    sidekiqPort = 55002;
    enableUnixSocket = true;
@ -138,85 +138,102 @@ in
    };
  };
-  services.nginx.virtualHosts."${web-domain}" = {
+  services.nginx = {
-    quic = true;
+    upstreams.mastodon-streaming = {
    http3 = true;
    root = "${config.services.mastodon.package}/public/";
    forceSSL = true;
    useACMEHost = "kempkens.io";
    extraConfig = ''
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    '';
    locations."/system/" = {
      extraConfig = ''
-        rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
+        least_conn;
      '';
      servers = builtins.listToAttrs
        (map
          (i: {
            name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
            value = { };
          })
          (lib.range 1 config.services.mastodon.streamingProcesses));
    };
-    locations."/" = {
+    virtualHosts = {
-      tryFiles = "$uri @proxy";
+      "${web-domain}" = {
-    };
+        quic = true;
        http3 = true;
-    locations."@proxy" = {
+        root = "${config.services.mastodon.package}/public/";
-      recommendedProxySettings = true;
+        forceSSL = true;
-      proxyPass = "http://unix:/run/mastodon-web/web.socket";
+        useACMEHost = "kempkens.io";
      proxyWebsockets = true;
-      extraConfig = ''
+        extraConfig = ''
-        proxy_hide_header Strict-Transport-Security;
+          add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-        proxy_force_ranges on;
+        '';
      '';
    };
-    locations."/api/v1/streaming/" = {
+        locations."/system/" = {
-      recommendedProxySettings = true;
+          extraConfig = ''
-      proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
+            rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
-      proxyWebsockets = true;
+          '';
        };
-      extraConfig = ''
+        locations."/" = {
-        proxy_hide_header Strict-Transport-Security;
+          tryFiles = "$uri @proxy";
-        proxy_force_ranges on;
+        };
-      '';
+
        locations."@proxy" = {
          recommendedProxySettings = true;
          proxyPass = "http://unix:/run/mastodon-web/web.socket";
          proxyWebsockets = true;
          extraConfig = ''
            proxy_hide_header Strict-Transport-Security;
            proxy_force_ranges on;
          '';
        };
        locations."/api/v1/streaming/" = {
          recommendedProxySettings = true;
          proxyPass = "http://mastodon-streaming";
          proxyWebsockets = true;
          extraConfig = ''
            proxy_hide_header Strict-Transport-Security;
            proxy_force_ranges on;
          '';
        };
      };
      "mastodon-cdn.kempkens.io" =
        let
          lib-base = "/var/lib/mastodon/public-system";
        in
        {
          quic = true;
          http3 = true;
          kTLS = true;
          root = "${config.services.mastodon.package}/public/";
          forceSSL = true;
          useACMEHost = "kempkens.io";
          extraConfig = ''
            add_header Access-Control-Allow-Origin https://mastodon.kempkens.io;
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
          '';
          locations."/system/" = {
            alias = "${lib-base}/";
            extraConfig = ''
              add_header Cache-Control "public, max-age=2419200, immutable";
              add_header X-Content-Type-Options nosniff;
              add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
            '';
          };
          # "Old" CDN paths
          locations."/accounts/".alias = "${lib-base}/accounts/";
          locations."/cache/".alias = "${lib-base}/cache/";
          locations."/custom_emojis/".alias = "${lib-base}/custom_emojis/";
          locations."/media_attachments/".alias = "${lib-base}/media_attachments/";
        };
    };
  };
  services.nginx.virtualHosts."mastodon-cdn.kempkens.io" =
    let
      lib-base = "/var/lib/mastodon/public-system";
    in
    {
      quic = true;
      http3 = true;
      kTLS = true;
      root = "${config.services.mastodon.package}/public/";
      forceSSL = true;
      useACMEHost = "kempkens.io";
      extraConfig = ''
        add_header Access-Control-Allow-Origin https://mastodon.kempkens.io;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
      '';
      locations."/system/" = {
        alias = "${lib-base}/";
        extraConfig = ''
          add_header Cache-Control "public, max-age=2419200, immutable";
          add_header X-Content-Type-Options nosniff;
          add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
        '';
      };
      # "Old" CDN paths
      locations."/accounts/".alias = "${lib-base}/accounts/";
      locations."/cache/".alias = "${lib-base}/cache/";
      locations."/custom_emojis/".alias = "${lib-base}/custom_emojis/";
      locations."/media_attachments/".alias = "${lib-base}/media_attachments/";
    };
  users.groups.mastodon.members = [ config.services.nginx.user ];
 }