From 97f3022abe7736c7b287667616a04a668c6239f7 Mon Sep 17 00:00:00 2001 From: CherryKitten Date: Sat, 20 Apr 2024 13:26:44 +0200 Subject: [PATCH] nyanya --- flake.lock | 24 ++++++++++++------------ flake.nix | 2 +- hosts/ocelot/gotosocial.nix | 19 +++++++++++++------ modules/home/nvim/default.nix | 3 --- overlays/default.nix | 30 ++++++++++++++++++++++++++++++ users/sammy/default.nix | 3 ++- 6 files changed, 58 insertions(+), 23 deletions(-) create mode 100644 overlays/default.nix diff --git a/flake.lock b/flake.lock index 98190ce..4aaa6c1 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1706509311, - "narHash": "sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP+JTnOctDALErOw=", + "lastModified": 1711386353, + "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", "owner": "zhaofengli", "repo": "colmena", - "rev": "c84ccd0a7a712475e861c2b111574472b1a8d0cd", + "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1710888565, - "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", + "lastModified": 1712386041, + "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", + "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", "type": "github" }, "original": { @@ -77,11 +77,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1710951922, - "narHash": "sha256-FOOBJ3DQenLpTNdxMHR2CpGZmYuctb92gF0lpiirZ30=", + "lastModified": 1713344939, + "narHash": "sha256-jpHkAt0sG2/J7ueKnG7VvLLkBYUMQbXQ2L8OBpVG53s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f091af045dff8347d66d186a62d42aceff159456", + "rev": "e402c3eb6d88384ca6c52ef1c53e61bdc9b84ddd", "type": "github" }, "original": { @@ -92,11 +92,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1711106783, - "narHash": "sha256-PDwAcHahc6hEimyrgGmFdft75gmLrJOZ0txX7lFqq+I=", + "lastModified": 1713562564, + "narHash": "sha256-NQpYhgoy0M89g9whRixSwsHb8RFIbwlxeYiVSDwSXJg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a3ed7406349a9335cb4c2a71369b697cecd9d351", + "rev": "92d295f588631b0db2da509f381b4fb1e74173c5", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 791639a..018ceee 100644 --- a/flake.nix +++ b/flake.nix @@ -60,7 +60,7 @@ }; defaults = { lib, config, name, nodes, ... }: { - imports = [ ./hosts/${name} ./profiles/base ]; + imports = [ ./hosts/${name} ./profiles/base (import ./overlays) ]; options.cherrykitten = { primaryIPv4 = lib.mkOption { diff --git a/hosts/ocelot/gotosocial.nix b/hosts/ocelot/gotosocial.nix index 945f625..83aaa74 100644 --- a/hosts/ocelot/gotosocial.nix +++ b/hosts/ocelot/gotosocial.nix @@ -1,18 +1,22 @@ -{ pkgs-unstable, ... }: +{ ... }: let bind-address = "127.0.0.1"; - host = "gts-test.cherrykitten.xyz"; + host = "cherrykitten.gay"; port = 8553; in { + deployment.keys."gts_env" = { + destDir = "/root/keys/"; + keyCommand = [ "pass" "hosts/ocelot/gts/env" ]; + user = "gotosocial"; + }; services.gotosocial = { enable = true; setupPostgresqlDB = true; - package = pkgs-unstable.gotosocial; + environmentFile = "/root/keys/gts_env"; settings = { inherit bind-address host port; application-name = "CherryKitten"; - setupPostgresqlDB = true; landing-page-user = "sammy"; instance-expose-suspended = true; @@ -31,16 +35,19 @@ in statuses-poll-max-options = 10; statuses-poll-option-max-chars = 150; statuses-media-max-files = 16; + + storage-backend = "s3"; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; - clientMaxBodySize = "40M"; + clientMaxBodySize = "80M"; virtualHosts = { "${host}" = { - forceSSL = false; + forceSSL = true; + enableACME = true; locations = { "/" = { recommendedProxySettings = true; diff --git a/modules/home/nvim/default.nix b/modules/home/nvim/default.nix index 68a2207..c73f158 100644 --- a/modules/home/nvim/default.nix +++ b/modules/home/nvim/default.nix @@ -12,14 +12,11 @@ nil nixpkgs-fmt # rust - rustc - cargo rust-analyzer rustfmt # misc nodePackages.prettier marksman - haskell-language-server ]; plugins = with pkgs.vimPlugins; [ diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..2d10ba1 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: + +{ + nixpkgs.overlays = [ + (final: prev: { + gotosocial = + let + web-assets = prev.fetchurl { + url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v0.15.0/gotosocial_0.15.0_web-assets.tar.gz"; + hash = "sha256-vrSdFIdBcfj6+sxtvv1s/Mu85I1mKxjyUYS902oLKk4="; + }; + in + prev.gotosocial.overrideAttrs { + version = "0.15.0"; + doCheck = false; + src = prev.fetchFromGitHub { + owner = "superseriousbusiness"; + repo = "gotosocial"; + rev = "refs/tags/v0.15.0"; + hash = "sha256-z0iETddkw4C2R6ig9ZO8MTvhuWnmQ37/6q3oZ4WAzd4="; + }; + postInstall = '' + tar xf ${web-assets} + mkdir -p $out/share/gotosocial + mv web $out/share/gotosocial/ + ''; + }; + }) + ]; +} diff --git a/users/sammy/default.nix b/users/sammy/default.nix index e3209ad..fc49205 100644 --- a/users/sammy/default.nix +++ b/users/sammy/default.nix @@ -1,6 +1,7 @@ { pkgs, lib, ... }: { deployment.keys."sammy_password_hash" = { + destDir = "/home/sammy/.keys"; keyCommand = [ "pass" "users/sammy/hashedPassword" ]; }; @@ -9,7 +10,7 @@ extraGroups = [ "networkmanager" "wheel" "docker" ]; shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZyQSZw+pExsx2RXB+yxbaJGB9mtvudbQ/BP7E1yKvr openpgp:0x6068FEBB" ]; - hashedPasswordFile = lib.mkDefault "/run/keys/sammy_password_hash"; + hashedPasswordFile = lib.mkDefault "/home/sammy/.keys/sammy_password_hash"; }; home-manager.users.sammy = import ./home.nix;