diff --git a/flake.lock b/flake.lock index 70f32ab..b5da849 100644 --- a/flake.lock +++ b/flake.lock @@ -299,11 +299,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1688626666, - "narHash": "sha256-VGl0v0Edl42gtLSMtTgnjcX+kMwcFN9AJhvJ7+dPvuE=", + "lastModified": 1688694598, + "narHash": "sha256-AI3k+PwEp/1TCunUNg4mKhbkKEgkA9i0QYEjQlTih3I=", "owner": "neovim", "repo": "neovim", - "rev": "4e34ca8ae71d7dfac5c93ffe8e4e8d00f915c593", + "rev": "811140e276a6312775bfcf9b368de25386f7a356", "type": "github" }, "original": { @@ -324,11 +324,11 @@ "weewx-proxy-flake": "weewx-proxy-flake" }, "locked": { - "lastModified": 1688631852, - "narHash": "sha256-vLtJopCN+6UoWGh+bzrqJ/VKveXw3Kuh0xrAiNrcJm8=", + "lastModified": 1688718161, + "narHash": "sha256-O3s5asl7M7cm9zOz5p4ImyOFTx01sSzdf+6EQWswnsE=", "owner": "nifoc", "repo": "nix-overlay", - "rev": "590828c358ae90ea3982773b0433d6e309e9b479", + "rev": "d7dd851508f52577ca1962e98fc7b389c90f591f", "type": "github" }, "original": { @@ -387,6 +387,22 @@ "type": "github" } }, + "nixpkgs-master": { + "locked": { + "lastModified": 1688718598, + "narHash": "sha256-brBQ6kgCYQM1Xbtt84um96q5jptvTn+VGFKXNKL5Zkc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "54303b65ef01f701d3a727b0df9feba5ce0a0495", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1685004253, @@ -413,7 +429,8 @@ "home-manager": "home-manager_2", "nifoc-overlay": "nifoc-overlay", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "nixpkgs-master": "nixpkgs-master" } }, "rust-overlay": { diff --git a/flake.nix b/flake.nix index ec78bb1..e901bf0 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,8 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + nixpkgs-master.url = "github:nixos/nixpkgs/master"; + disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix index 3dc8a85..43da133 100644 --- a/home/programs/nvim/plugins.nix +++ b/home/programs/nvim/plugins.nix @@ -107,12 +107,12 @@ in }; nvim-treesitter = buildVimPluginFrom2Nix { pname = "nvim-treesitter"; - version = "2023-07-06"; + version = "2023-07-07"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter"; - rev = "e1ab5391e5c4820dd1ffc2566d29b01573ab52a9"; - sha256 = "1j75dlxir91wykm95w7l6df4svd791nwb5qczqr2hzgfm532pmxr"; + rev = "1ef286e5b0cfd17f56586a8445cd83d61647f851"; + sha256 = "0ani5vi127zyhznqzjs0ghr5x1xnlpv53443mcry1nj30wslgdia"; fetchSubmodules = false; }; }; @@ -140,12 +140,12 @@ in }; telescope-nvim = buildVimPluginFrom2Nix { pname = "telescope.nvim"; - version = "2023-07-02"; + version = "2023-07-07"; src = fetchFromGitHub { owner = "nvim-telescope"; repo = "telescope.nvim"; - rev = "0e0600908d1ad5ac4992fa0ab578e23e9d9d6f37"; - sha256 = "0nf1pc84mk6cncb120j6dwcynkbxf2s6crji30aq99zs92n3wi0w"; + rev = "276362a8020c6e94c7a76d49aa00d4923b0c02f3"; + sha256 = "043rrifqhg5bsksqhfdc20f96i2s2xyd6qyga4918fr75sf8hmib"; fetchSubmodules = false; }; }; @@ -220,12 +220,12 @@ in }; nvim-lspconfig = buildVimPluginFrom2Nix { pname = "nvim-lspconfig"; - version = "2023-07-06"; + version = "2023-07-07"; src = fetchFromGitHub { owner = "neovim"; repo = "nvim-lspconfig"; - rev = "a7ecaff3245ba4b9e5ed784ebefbedba54e7f0ad"; - sha256 = "0rx2yqdmyyv4pjmswvrarlbhiln323qdpjni6s3jvnm8lrc3lxqn"; + rev = "51739a8bc531542079698c58512feb68469f5d27"; + sha256 = "05xpc6zysb9ydkvsxjz3s7k0d5fq4ryg6fdgshfx81ns8mdrjqmh"; fetchSubmodules = false; }; }; @@ -312,8 +312,8 @@ in src = fetchFromGitHub { owner = "rafamadriz"; repo = "friendly-snippets"; - rev = "96c02045323a9e0b8936fc4dce42dc249495c4f1"; - sha256 = "1v4nnkbqa0183nml2ss2ykdq013d6bfzhnb8xjrfraxkfpmg1i97"; + rev = "a94db1ee6ddfd238e725b0f90163fdd65d382464"; + sha256 = "0y8lrwnrm3xza6mh329fd3xcnwmiqlvsycksiqr3am8gjmd3ir4z"; fetchSubmodules = false; }; }; @@ -495,12 +495,12 @@ in }; indent-blankline-nvim = buildVimPluginFrom2Nix { pname = "indent-blankline.nvim"; - version = "2023-07-06"; + version = "2023-07-07"; src = fetchFromGitHub { owner = "lukas-reineke"; repo = "indent-blankline.nvim"; - rev = "73640233cca0da8e01aced8c1f9e63fd892128b7"; - sha256 = "01n7fab1q5zzc64h9x9n9bahwqlpdd6bshshfv9hxnv4s103423c"; + rev = "fedad189e6ab1037939b79d32b7acaf05a0d4fb0"; + sha256 = "0v29jg8hm388r9w537ij1r96n4i8zh1y7yipdr875xdkdfrvia20"; fetchSubmodules = false; }; }; diff --git a/system/flakes/tanker.nix b/system/flakes/tanker.nix index 15c93e9..c43644b 100644 --- a/system/flakes/tanker.nix +++ b/system/flakes/tanker.nix @@ -3,11 +3,13 @@ let default-system = "x86_64-linux"; + overlay-master = _: _: { pkgs-master = import inputs.nixpkgs-master { system = default-system; }; }; overlay-deploy-rs = _: _: { inherit (deploy-rs.packages.${default-system}) deploy-rs; }; overlay-nifoc = inputs.nifoc-overlay.overlay; nixpkgsConfig = { overlays = [ + overlay-master overlay-deploy-rs overlay-nifoc ]; diff --git a/system/nixos/mastodon.nix b/system/nixos/mastodon.nix index 2a80c3b..61efe0a 100644 --- a/system/nixos/mastodon.nix +++ b/system/nixos/mastodon.nix @@ -7,6 +7,8 @@ in services.mastodon = { enable = true; + package = pkgs.pkgs-master.mastodon; + configureNginx = false; localDomain = "kempkens.io"; @@ -120,28 +122,40 @@ in }; }; - services.nginx.virtualHosts."mastodon-cdn.kempkens.io" = { - quic = true; - http3 = true; - kTLS = true; + services.nginx.virtualHosts."mastodon-cdn.kempkens.io" = + let + lib-base = "/var/lib/mastodon/public-system"; + in + { + quic = true; + http3 = true; + kTLS = true; - root = "${config.services.mastodon.package}/public/"; - forceSSL = true; - useACMEHost = "kempkens.io"; + root = "${config.services.mastodon.package}/public/"; + forceSSL = true; + useACMEHost = "kempkens.io"; - extraConfig = '' - add_header Access-Control-Allow-Origin https://mastodon.kempkens.io; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ''; + extraConfig = '' + add_header Access-Control-Allow-Origin https://mastodon.kempkens.io; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ''; - locations."/system/".alias = "/var/lib/mastodon/public-system/"; + locations."/system/" = { + alias = "${lib-base}/"; - # "Old" CDN paths - locations."/accounts/".alias = "/var/lib/mastodon/public-system/accounts/"; - locations."/cache/".alias = "/var/lib/mastodon/public-system/cache/"; - locations."/custom_emojis/".alias = "/var/lib/mastodon/public-system/custom_emojis/"; - locations."/media_attachments/".alias = "/var/lib/mastodon/public-system/media_attachments/"; - }; + extraConfig = '' + add_header Cache-Control "public, max-age=2419200, immutable"; + add_header X-Content-Type-Options nosniff; + add_header Content-Security-Policy "default-src 'none'; form-action 'none'"; + ''; + }; + + # "Old" CDN paths + locations."/accounts/".alias = "${lib-base}/accounts/"; + locations."/cache/".alias = "${lib-base}/cache/"; + locations."/custom_emojis/".alias = "${lib-base}/custom_emojis/"; + locations."/media_attachments/".alias = "${lib-base}/media_attachments/"; + }; users.groups.mastodon.members = [ config.services.nginx.user ]; }