nyanya

flake.lock

@@ -10,11 +10,11 @@
         "stable": "stable"
       },
       "locked": {
-        "lastModified": 1706509311,
-        "narHash": "sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP+JTnOctDALErOw=",
+        "lastModified": 1711386353,
+        "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=",
         "owner": "zhaofengli",
         "repo": "colmena",
-        "rev": "c84ccd0a7a712475e861c2b111574472b1a8d0cd",
+        "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db",
         "type": "github"
       },
       "original": {
@@ -61,11 +61,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710888565,
-        "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
+        "lastModified": 1712386041,
+        "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
+        "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
         "type": "github"
       },
       "original": {
@@ -77,11 +77,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1710951922,
-        "narHash": "sha256-FOOBJ3DQenLpTNdxMHR2CpGZmYuctb92gF0lpiirZ30=",
+        "lastModified": 1713344939,
+        "narHash": "sha256-jpHkAt0sG2/J7ueKnG7VvLLkBYUMQbXQ2L8OBpVG53s=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f091af045dff8347d66d186a62d42aceff159456",
+        "rev": "e402c3eb6d88384ca6c52ef1c53e61bdc9b84ddd",
         "type": "github"
       },
       "original": {
@@ -92,11 +92,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1711106783,
-        "narHash": "sha256-PDwAcHahc6hEimyrgGmFdft75gmLrJOZ0txX7lFqq+I=",
+        "lastModified": 1713562564,
+        "narHash": "sha256-NQpYhgoy0M89g9whRixSwsHb8RFIbwlxeYiVSDwSXJg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a3ed7406349a9335cb4c2a71369b697cecd9d351",
+        "rev": "92d295f588631b0db2da509f381b4fb1e74173c5",
         "type": "github"
       },
       "original": {

flake.nix

@@ -60,7 +60,7 @@
           };
 
           defaults = { lib, config, name, nodes, ... }: {
-            imports = [ ./hosts/${name} ./profiles/base ];
+            imports = [ ./hosts/${name} ./profiles/base (import ./overlays) ];
 
             options.cherrykitten = {
               primaryIPv4 = lib.mkOption {

hosts/ocelot/gotosocial.nix

@@ -1,18 +1,22 @@
-{ pkgs-unstable, ... }:
+{ ... }:
 let
   bind-address = "127.0.0.1";
-  host = "gts-test.cherrykitten.xyz";
+  host = "cherrykitten.gay";
   port = 8553;
 in
 {
+  deployment.keys."gts_env" = {
+    destDir = "/root/keys/";
+    keyCommand = [ "pass" "hosts/ocelot/gts/env" ];
+    user = "gotosocial";
+  };
   services.gotosocial = {
     enable = true;
     setupPostgresqlDB = true;
-    package = pkgs-unstable.gotosocial;
+    environmentFile = "/root/keys/gts_env";
     settings = {
       inherit bind-address host port;
       application-name = "CherryKitten";
-      setupPostgresqlDB = true;
       landing-page-user = "sammy";
 
       instance-expose-suspended = true;
@@ -31,16 +35,19 @@ in
       statuses-poll-max-options = 10;
       statuses-poll-option-max-chars = 150;
       statuses-media-max-files = 16;
+
+      storage-backend = "s3";
     };
   };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
   services.nginx = {
     enable = true;
-    clientMaxBodySize = "40M";
+    clientMaxBodySize = "80M";
     virtualHosts = {
       "${host}" = {
-        forceSSL = false;
+        forceSSL = true;
+        enableACME = true;
         locations = {
           "/" = {
             recommendedProxySettings = true;

modules/home/nvim/default.nix

@@ -12,14 +12,11 @@
       nil
       nixpkgs-fmt
       # rust
-      rustc
-      cargo
       rust-analyzer
       rustfmt
       # misc
       nodePackages.prettier
       marksman
-      haskell-language-server
     ];
 
     plugins = with pkgs.vimPlugins; [

overlays/default.nix

@@ -0,0 +1,30 @@
+{ config, pkgs, lib, ... }:
+
+{
+  nixpkgs.overlays = [
+    (final: prev: {
+      gotosocial =
+        let
+          web-assets = prev.fetchurl {
+            url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v0.15.0/gotosocial_0.15.0_web-assets.tar.gz";
+            hash = "sha256-vrSdFIdBcfj6+sxtvv1s/Mu85I1mKxjyUYS902oLKk4=";
+          };
+        in
+        prev.gotosocial.overrideAttrs {
+          version = "0.15.0";
+          doCheck = false;
+          src = prev.fetchFromGitHub {
+            owner = "superseriousbusiness";
+            repo = "gotosocial";
+            rev = "refs/tags/v0.15.0";
+            hash = "sha256-z0iETddkw4C2R6ig9ZO8MTvhuWnmQ37/6q3oZ4WAzd4=";
+          };
+          postInstall = ''
+            tar xf ${web-assets}
+            mkdir -p $out/share/gotosocial
+            mv web $out/share/gotosocial/
+          '';
+        };
+    })
+  ];
+}

users/sammy/default.nix

@@ -1,6 +1,7 @@
 { pkgs, lib, ... }:
 {
   deployment.keys."sammy_password_hash" = {
+    destDir = "/home/sammy/.keys";
     keyCommand = [ "pass" "users/sammy/hashedPassword" ];
   };
 
@@ -9,7 +10,7 @@
     extraGroups = [ "networkmanager" "wheel" "docker" ];
     shell = pkgs.fish;
     openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZyQSZw+pExsx2RXB+yxbaJGB9mtvudbQ/BP7E1yKvr openpgp:0x6068FEBB" ];
-    hashedPasswordFile = lib.mkDefault "/run/keys/sammy_password_hash";
+    hashedPasswordFile = lib.mkDefault "/home/sammy/.keys/sammy_password_hash";
   };
 
   home-manager.users.sammy = import ./home.nix;