diff --git a/flake.lock b/flake.lock index 9f9c01a..624d404 100644 --- a/flake.lock +++ b/flake.lock @@ -185,11 +185,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1695052866, - "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", + "lastModified": 1698921442, + "narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=", "owner": "serokell", "repo": "deploy-rs", - "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", + "rev": "660180bbbeae7d60dad5a92b30858306945fd427", "type": "github" }, "original": { @@ -474,16 +474,16 @@ ] }, "locked": { - "lastModified": 1695108154, - "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", + "lastModified": 1700814205, + "narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=", "owner": "nix-community", "repo": "home-manager", - "rev": "07682fff75d41f18327a871088d20af2710d4744", + "rev": "aeb2232d7a32530d3448318790534d196bf9427a", "type": "github" }, "original": { "id": "home-manager", - "ref": "release-23.05", + "ref": "release-23.11", "type": "indirect" } }, @@ -494,11 +494,11 @@ ] }, "locked": { - "lastModified": 1698670511, - "narHash": "sha256-jQIu3UhBMPHXzVkHQO1O2gg8SVo5lqAVoC6mOaLQcLQ=", + "lastModified": 1701433070, + "narHash": "sha256-Gf9JStfENaUQ7YWFz3V7x/srIwr4nlnVteqaAxtwpgM=", "owner": "nix-community", "repo": "home-manager", - "rev": "8e5416b478e465985eec274bc3a018024435c106", + "rev": "4a8545f5e737a6338814a4676dc8e18c7f43fc57", "type": "github" }, "original": { @@ -560,11 +560,11 @@ }, "nixpkgs-mine": { "locked": { - "lastModified": 1700347575, - "narHash": "sha256-wHdY7YFRepLNtPRh7gBP8EDJRbqC/hwYWupxTof7PQ8=", + "lastModified": 1701607327, + "narHash": "sha256-pHX6S1mrUSFVq6v0HiZuShfXLL01wiWvgivCabX2x+M=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "72cc1ce8a7e476a724de861bbd066a1cb700e39b", + "rev": "c8af66cb9046a65cbab33563f804b7bad46173af", "type": "github" }, "original": { @@ -576,11 +576,11 @@ }, "nixpkgs-mine-stable": { "locked": { - "lastModified": 1700347610, - "narHash": "sha256-NLRu2yPRc6BRIIcI0KG9csLGiAhmZG2JXLrJI+gLJQk=", + "lastModified": 1701607437, + "narHash": "sha256-ozMDOyJtxr/CznI6lrwtt9JkU32Y2cLr2B4vlW85Tfw=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "8b2769b59113858ecf4cf24ddae9ab1b8dd7920d", + "rev": "67ef05e2dd98d1fd856028eba1bb4edb847f6c6e", "type": "github" }, "original": { @@ -592,26 +592,26 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1698562188, - "narHash": "sha256-9nkxGnA/T+jLhHAMFRW157Qi/zfbf5dF1q7HfKROl3o=", + "lastModified": 1701389149, + "narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e10c80821dedb93592682379f476745f370a58e", + "rev": "5de0b32be6e85dc1a9404c75131316e4ffbc634c", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", + "lastModified": 1701253981, + "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", + "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 079945c..9612498 100644 --- a/flake.nix +++ b/flake.nix @@ -7,13 +7,13 @@ devshell.inputs.nixpkgs.follows = "nixpkgs-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "nixpkgs/nixos-23.05"; + nixpkgs-stable.url = "nixpkgs/nixos-23.11"; nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0"; nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable"; home-manager-unstable.url = "home-manager"; home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; - home-manager-stable.url = "home-manager/release-23.05"; + home-manager-stable.url = "home-manager/release-23.11"; home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; # Stuff used by the flake for build / deployment diff --git a/home-manager/modules/gui/default.nix b/home-manager/modules/gui/default.nix index fe3309f..20ddbab 100644 --- a/home-manager/modules/gui/default.nix +++ b/home-manager/modules/gui/default.nix @@ -61,6 +61,7 @@ in settings = { background_opacity = "0.8"; tab_bar_edge = "top"; + shell_integration = "no-sudo"; }; }; diff --git a/home-manager/modules/swaync.nix b/home-manager/modules/swaync.nix index 11ee4e4..7a35e09 100644 --- a/home-manager/modules/swaync.nix +++ b/home-manager/modules/swaync.nix @@ -70,13 +70,17 @@ in "swaync/config.json" = mkIf (cfg.settings != { }) { source = configSource; onChange = '' - ${cfg.package}/bin/swaync-client --reload-config + if ${pkgs.systemd}/bin/systemctl --user is-active --quiet swaync; then + ${cfg.package}/bin/swaync-client --reload-config + fi ''; }; "swaync/style.css" = mkIf (cfg.style != null) { source = styleSource; onChange = '' - ${cfg.package}/bin/swaync-client --reload-css + if ${pkgs.systemd}/bin/systemctl --user is-active --quiet swaync; then + ${cfg.package}/bin/swaync-client --reload-css + fi ''; }; }; diff --git a/lib/constants.nix b/lib/constants.nix index 3c6560f..17b4d94 100644 --- a/lib/constants.nix +++ b/lib/constants.nix @@ -19,6 +19,11 @@ rec { }; }; + kernel = { + lts = pkgs: pkgs.linuxKernel.packages.linux_6_1; + latest = pkgs: pkgs.linuxKernel.packages.linux_6_6; + }; + nginx = { proxyHeaders = '' # Setting any proxy_header in a child (e.g. location) will nuke the parents... diff --git a/nixos/boxes/castle/default.nix b/nixos/boxes/castle/default.nix index 45d03e1..204b69d 100644 --- a/nixos/boxes/castle/default.nix +++ b/nixos/boxes/castle/default.nix @@ -25,7 +25,7 @@ efi.canTouchEfiVariables = false; timeout = 10; }; - kernelPackages = pkgs.linuxKernel.packages.linux_6_5; + kernelPackages = lib.my.c.kernel.latest pkgs; kernelModules = [ "kvm-amd" ]; kernelParams = [ "amd_iommu=on" "amd_pstate=passive" ]; kernelPatches = [ diff --git a/nixos/boxes/colony/default.nix b/nixos/boxes/colony/default.nix index 1878fe4..0079056 100644 --- a/nixos/boxes/colony/default.nix +++ b/nixos/boxes/colony/default.nix @@ -57,7 +57,7 @@ in }; boot = { - kernelPackages = pkgs.linuxKernel.packages.linux_6_1.extend (self: super: { + kernelPackages = (lib.my.c.kernel.lts pkgs).extend (self: super: { kernel = super.kernel.override { structuredExtraConfig = with lib.kernel; { #SOME_OPT = yes; diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix index c45a2a3..d9261de 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -318,59 +318,12 @@ in useACMEHost = pubDomain; }; - "toot.nul.ie" = - let - mkAssetLoc = name: { - tryFiles = "$uri =404"; - extraConfig = '' - add_header Cache-Control "public, max-age=2419200, must-revalidate"; - add_header Strict-Transport-Security "max-age=63072000; includeSubpubDomains"; - ''; + "toot.nul.ie" = { + locations."/" = { + proxyPass = "http://toot-ctr.${domain}:80"; + proxyWebsockets = true; + extraConfig = proxyHeaders; }; - in - { - root = "${pkgs.mastodon}/public"; - locations = mkMerge [ - (genAttrs [ - "= /sw.js" - "~ ^/assets/" - "~ ^/avatars/" - "~ ^/emoji/" - "~ ^/headers/" - "~ ^/packs/" - "~ ^/shortcuts/" - "~ ^/sounds/" - ] mkAssetLoc) - { - "/".tryFiles = "$uri @proxy"; - - "^~ /api/v1/streaming" = { - proxyPass = "http://toot-ctr.${domain}:55000"; - proxyWebsockets = true; - extraConfig = '' - ${proxyHeaders} - proxy_set_header Proxy ""; - - add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; - ''; - }; - "@proxy" = { - proxyPass = "http://toot-ctr.${domain}:55001"; - proxyWebsockets = true; - extraConfig = '' - ${proxyHeaders} - proxy_set_header Proxy ""; - proxy_pass_header Server; - - proxy_cache CACHE; - proxy_cache_valid 200 7d; - proxy_cache_valid 410 24h; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - add_header X-Cached $upstream_cache_status; - ''; - }; - } - ]; useACMEHost = pubDomain; }; diff --git a/nixos/boxes/colony/vms/shill/containers/toot.nix b/nixos/boxes/colony/vms/shill/containers/toot.nix index 9bec2b2..098d443 100644 --- a/nixos/boxes/colony/vms/shill/containers/toot.nix +++ b/nixos/boxes/colony/vms/shill/containers/toot.nix @@ -1,5 +1,6 @@ { lib, ... }: let + inherit (lib) mkForce; inherit (lib.my) net; inherit (lib.my.c.colony) domain prefixes; in @@ -54,8 +55,7 @@ in tcp.allowed = [ 19999 - config.services.mastodon.webPort - config.services.mastodon.streamingPort + "http" ]; }; }; @@ -78,10 +78,13 @@ in services = { netdata.enable = true; mastodon = mkMerge [ - { + rec { enable = true; - localDomain = "nul.ie"; - extraConfig.WEB_DOMAIN = "toot.nul.ie"; + localDomain = extraConfig.WEB_DOMAIN; # for nginx config + extraConfig = { + LOCAL_DOMAIN = "nul.ie"; + WEB_DOMAIN = "toot.nul.ie"; + }; secretKeyBaseFile = config.age.secrets."toot/secret-key.txt".path; otpSecretFile = config.age.secrets."toot/otp-secret.txt".path; @@ -90,9 +93,8 @@ in "vapid-pubkey.txt" "BAyRyD2pnLQtMHr3J5AzjNMll_HDC6ra1ilOLAUmKyhkEdbm7_OwKZUgw1UefY4CHEcv4OOX9TnnN2DOYYuPZu8="); - enableUnixSocket = false; - configureNginx = false; - trustedProxy = allAssignments.middleman.internal.ipv6.address; + streamingProcesses = 4; + configureNginx = true; database = { createLocally = false; @@ -134,13 +136,31 @@ in }; } ]; + + # Override some stuff since we are proxying upstream + nginx = { + recommendedProxySettings = mkForce false; + virtualHosts."${config.services.mastodon.localDomain}" = + let + extraConfig = '' + proxy_set_header Host $host; + ''; + in + { + forceSSL = false; + enableACME = false; + locations = { + "@proxy" = { inherit extraConfig; }; + "/api/v1/streaming/" = { inherit extraConfig; }; + }; + }; + }; }; } (mkIf config.my.build.isDevVM { virtualisation = { forwardPorts = with config.services.mastodon; [ { from = "host"; guest.port = webPort; } - { from = "host"; guest.port = streamingPort; } ]; }; }) diff --git a/nixos/boxes/kelder/default.nix b/nixos/boxes/kelder/default.nix index d12e30c..83a5b1d 100644 --- a/nixos/boxes/kelder/default.nix +++ b/nixos/boxes/kelder/default.nix @@ -54,7 +54,7 @@ in efi.canTouchEfiVariables = true; timeout = 5; }; - kernelPackages = pkgs.linuxKernel.packages.linux_6_1; + kernelPackages = lib.my.c.kernel.lts pkgs; kernelModules = [ "kvm-intel" ]; kernelParams = [ "intel_iommu=on" ]; initrd = { diff --git a/nixos/boxes/tower/default.nix b/nixos/boxes/tower/default.nix index 7ed6d02..98f686c 100644 --- a/nixos/boxes/tower/default.nix +++ b/nixos/boxes/tower/default.nix @@ -25,7 +25,7 @@ efi.canTouchEfiVariables = true; timeout = 10; }; - kernelPackages = pkgs.linuxKernel.packages.linux_6_5; + kernelPackages = lib.my.c.kernel.latest pkgs; kernelModules = [ "kvm-intel" ]; kernelParams = [ "intel_iommu=on" ]; initrd = { diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index 339900b..f12d56c 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -88,7 +88,7 @@ in boot = { # Use latest LTS release by default - kernelPackages = mkDefault pkgs.linuxKernel.packages.linux_6_1; + kernelPackages = mkDefault (lib.my.c.kernel.lts pkgs); kernel = { sysctl = { "net.ipv6.route.max_size" = mkDefault 16384; diff --git a/nixos/modules/gui.nix b/nixos/modules/gui.nix index 6ef6790..5aced44 100644 --- a/nixos/modules/gui.nix +++ b/nixos/modules/gui.nix @@ -57,7 +57,7 @@ in programs.dconf.enable = true; - fonts.fonts = with pkgs; [ + fonts.packages = with pkgs; [ dejavu_fonts freefont_ttf gyre-fonts # TrueType substitutes for standard PostScript fonts @@ -69,8 +69,19 @@ in xdg = { portal = { enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + ]; # For sway wlr.enable = true; + configPackages = [ + (pkgs.writeTextDir "share/xdg-desktop-portal/sway-portals.conf" '' + [preferred] + default=gtk + org.freedesktop.impl.portal.Screenshot=wlr + org.freedesktop.impl.portal.ScreenCast=wlr + '') + ]; }; }; }; diff --git a/nixos/modules/user.nix b/nixos/modules/user.nix index 50164a4..a0b0c0a 100644 --- a/nixos/modules/user.nix +++ b/nixos/modules/user.nix @@ -99,7 +99,7 @@ in (mkIf (cfg.passwordSecret != null) { my = { secrets.files."${cfg.passwordSecret}" = {}; - user.config.passwordFile = config.age.secrets."${cfg.passwordSecret}".path; + user.config.hashedPasswordFile = config.age.secrets."${cfg.passwordSecret}".path; }; }) ]);