fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: fi:0ec4c301083d0d3c0703b6147ff48cbdeb171b1b
Branches Tags
fi:main
fi:ikiwiki
fi:mas
..
compare: fi:b966bb235b6e459a3022e6d3d42bb991aeb8e1a5
Branches Tags
fi:main
fi:ikiwiki
fi:mas

No commits in common. "0ec4c301083d0d3c0703b6147ff48cbdeb171b1b" and "b966bb235b6e459a3022e6d3d42bb991aeb8e1a5" have entirely different histories.
0ec4c30108 ... b966bb235b

5 changed files with 34 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

21
config/hosts/mastodon/mastodon.nix
View file

@ -2,28 +2,28 @@
let
tangerineUI = pkgs.fetchgit {
url = "https://github.com/nileane/TangerineUI-for-Mastodon.git";
rev = "v2.4.3";
hash = "sha256-OThT3fp676RMfYY3ehzM4DnAlJOqdPoYIHpoBbN/RHQ=";
rev = "v2.3";
hash = "sha256-Yl5UOjcp0Q3WpiLgfjQFVVEQs4WlVUSBCS7kuO+39wQ=";
};
mastodonModern = pkgs.fetchgit {
url = "https://git.gay/freeplay/Mastodon-Modern.git";
rev = "9f8db85eda2a65aa020ab6b81d100a121d39d4c4";
hash = "sha256-W6zwjAjBGARiRPM0hWCnq63nIT2Or0SOQq82bpNtqAk=";
rev = "5dc82786107bfb4dc4786571160d63a59cc609d6";
hash = "sha256-0qr+PN1eTR2iqicJEEUskm0DchpZhocEVwoHfwOvHMw=";
};
mastodonNekoversePatches = pkgs.fetchgit {
url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";
hash = "sha256-NtdJWMi8/siduX2iFD+GAsK9J+Y6T/tZ/fXqb/QH284=";
hash = "sha256-3jWbKll5RGB1vfEmONVivzGYcoONEkBEHh/rOt9LXlU=";
};
mastodonNekoverseOverlay = final: prev: {
mastodon = (prev.mastodon.override rec {
version = "4.4.1";
version = "4.3.9";
srcOverride = final.applyPatches {
src = pkgs.stdenv.mkDerivation {
name = "mastodonWithThemes";
src = pkgs.fetchgit {
url = "https://github.com/mastodon/mastodon.git";
rev = "v${version}";
sha256 = "sha256-hu6AmR0CvI3lVixJ2UmWY3KAlWbqYULCQAjRGJcuIhc=";
sha256 = "sha256-A2WxVwaarT866s97uwfStBVtv7T5czF7ymRswtZ2K4M=";
};
# mastodon ships with broken symlinks, disable the check for that for now
dontCheckForBrokenSymlinks = true;
@ -49,8 +49,8 @@ let
"${mastodonNekoversePatches}/patches/006_increase_toot_character_limit.patch"
];
};
yarnHash = prev.mastodon.src.yarnHash;
yarnMissingHashes = prev.mastodon.src.yarnMissingHashes;
yarnHash = "sha256-IC4d/skIHEzJPuKlq4rMAqV+ydqquA6toq4WWCfuDxo=";
yarnMissingHashes = null;
});
};
pkgs-overlay = pkgs.extend mastodonNekoverseOverlay;
@ -62,6 +62,7 @@ in
package = pkgs-overlay.mastodon;
localDomain = "social.nekover.se";
secretKeyBaseFile = "/secrets/mastodon-secret-key-base.secret";
otpSecretFile = "/secrets/mastodon-otp-secret.secret";
vapidPublicKeyFile = "${vapidPublicKey}";
vapidPrivateKeyFile = "/secrets/mastodon-vapid-private-key.secret";
smtp = {
@ -90,8 +91,6 @@ in
OIDC_REDIRECT_URI = "https://social.nekover.se/auth/auth/openid_connect/callback";
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";
OIDC_END_SESSION_ENDPOINT = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/logout";
FETCH_REPLIES_ENABLED = "true";
AUTHORIZED_FETCH = "true";
};
extraEnvFiles = [
"/secrets/mastodon-keycloak-client-secret.secret"

8
config/hosts/mastodon/secrets.nix
View file

@ -9,6 +9,14 @@
permissions = "0640";
uploadAt = "pre-activation";
};
"mastodon-otp-secret.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "mastodon/otp-secret" ];
destDir = "/secrets";
user = "mastodon";
group = "mastodon";
permissions = "0640";
uploadAt = "pre-activation";
};
"mastodon-vapid-private-key.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "mastodon/vapid-private-key" ];
destDir = "/secrets";

2
config/hosts/matrix/matrix-authentication-service.nix
View file

@ -72,8 +72,10 @@ in
{
environment.systemPackages = with pkgs; [
matrix-authentication-service
syn2mas
];
systemd.services.matrix-authentication-service = {
description = "Matrix Authentication Service";
after = [ "network-online.target" "postgresql.service" ];

4
config/hosts/web-public-2/virtualHosts/element.nekover.se.nix
View file

@ -1,9 +1,9 @@
{ pkgs, ... }:
let
elementWebVersion = "1.11.106";
elementWebVersion = "1.11.96";
element-web = pkgs.fetchzip {
url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
sha256 = "sha256-5E6za7G7Olia5VzOnBjYMeGJ2Xifqx+vDmCFgNLaRZo=";
sha256 = "sha256-zm+mpcHF2rLk2ejwzCOpqHe2mnegHm3ZtJ2v7KC4oxU=";
};
elementWebSecurityHeaders = ''
# Configuration best practices

24
flake.lock generated
View file

@ -103,11 +103,11 @@
]
},
"locked": {
"lastModified": 1751903740,
"narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
"lastModified": 1747663185,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "032decf9db65efed428afd2fa39d80f7089085eb",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
"type": "github"
},
"original": {
@ -118,11 +118,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1752620740,
"narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=",
"lastModified": 1751582995,
"narHash": "sha256-u7ubvtxdTnFPpV27AHpgoKn7qHuE7sgWgza/1oj5nzA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e",
"rev": "7a732ed41ca0dd64b4b71b563ab9805a80a7d693",
"type": "github"
},
"original": {
@ -150,11 +150,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1752682292,
"narHash": "sha256-TRvw/iAyDqMoRe58kCE6d9FvlsXcdqCTt6w8qRio9U8=",
"lastModified": 1751655236,
"narHash": "sha256-2QDfhYjPFui9iQNTXBLcbffWVWbYLntm9EM/eFU3kX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a0b29e1b8d072a9f472500997c58252d064c5285",
"rev": "e1dca425c33650ae9ea15e577012d49586f29cef",
"type": "github"
},
"original": {
@ -166,11 +166,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1752644555,
"narHash": "sha256-oeRcp4VEyZ/3ZgfRRoq60/08l2zy0K53l8MdfSIYd24=",
"lastModified": 1751619433,
"narHash": "sha256-5aZFBHQNQzrfCisewtYBDNbiKcHbxPYChiP4dkEcSXQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9100a4f6bf446603b9575927c8585162f9ec9aa6",
"rev": "a2867cc3f8acc944cb19fe0b73c840e9fa1ba589",
"type": "github"
},
"original": {