Upgrade nixpkgs and NixOS stable to 23.11
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 26m58s
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 26m58s
This commit is contained in:
@@ -25,7 +25,7 @@
|
||||
efi.canTouchEfiVariables = false;
|
||||
timeout = 10;
|
||||
};
|
||||
kernelPackages = pkgs.linuxKernel.packages.linux_6_5;
|
||||
kernelPackages = lib.my.c.kernel.latest pkgs;
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
kernelParams = [ "amd_iommu=on" "amd_pstate=passive" ];
|
||||
kernelPatches = [
|
||||
|
||||
@@ -57,7 +57,7 @@ in
|
||||
};
|
||||
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxKernel.packages.linux_6_1.extend (self: super: {
|
||||
kernelPackages = (lib.my.c.kernel.lts pkgs).extend (self: super: {
|
||||
kernel = super.kernel.override {
|
||||
structuredExtraConfig = with lib.kernel; {
|
||||
#SOME_OPT = yes;
|
||||
|
||||
@@ -318,59 +318,12 @@ in
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
|
||||
"toot.nul.ie" =
|
||||
let
|
||||
mkAssetLoc = name: {
|
||||
tryFiles = "$uri =404";
|
||||
extraConfig = ''
|
||||
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubpubDomains";
|
||||
'';
|
||||
"toot.nul.ie" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://toot-ctr.${domain}:80";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = proxyHeaders;
|
||||
};
|
||||
in
|
||||
{
|
||||
root = "${pkgs.mastodon}/public";
|
||||
locations = mkMerge [
|
||||
(genAttrs [
|
||||
"= /sw.js"
|
||||
"~ ^/assets/"
|
||||
"~ ^/avatars/"
|
||||
"~ ^/emoji/"
|
||||
"~ ^/headers/"
|
||||
"~ ^/packs/"
|
||||
"~ ^/shortcuts/"
|
||||
"~ ^/sounds/"
|
||||
] mkAssetLoc)
|
||||
{
|
||||
"/".tryFiles = "$uri @proxy";
|
||||
|
||||
"^~ /api/v1/streaming" = {
|
||||
proxyPass = "http://toot-ctr.${domain}:55000";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
${proxyHeaders}
|
||||
proxy_set_header Proxy "";
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
|
||||
'';
|
||||
};
|
||||
"@proxy" = {
|
||||
proxyPass = "http://toot-ctr.${domain}:55001";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
${proxyHeaders}
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_cache CACHE;
|
||||
proxy_cache_valid 200 7d;
|
||||
proxy_cache_valid 410 24h;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
add_header X-Cached $upstream_cache_status;
|
||||
'';
|
||||
};
|
||||
}
|
||||
];
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib) mkForce;
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.c.colony) domain prefixes;
|
||||
in
|
||||
@@ -54,8 +55,7 @@ in
|
||||
tcp.allowed = [
|
||||
19999
|
||||
|
||||
config.services.mastodon.webPort
|
||||
config.services.mastodon.streamingPort
|
||||
"http"
|
||||
];
|
||||
};
|
||||
};
|
||||
@@ -78,10 +78,13 @@ in
|
||||
services = {
|
||||
netdata.enable = true;
|
||||
mastodon = mkMerge [
|
||||
{
|
||||
rec {
|
||||
enable = true;
|
||||
localDomain = "nul.ie";
|
||||
extraConfig.WEB_DOMAIN = "toot.nul.ie";
|
||||
localDomain = extraConfig.WEB_DOMAIN; # for nginx config
|
||||
extraConfig = {
|
||||
LOCAL_DOMAIN = "nul.ie";
|
||||
WEB_DOMAIN = "toot.nul.ie";
|
||||
};
|
||||
|
||||
secretKeyBaseFile = config.age.secrets."toot/secret-key.txt".path;
|
||||
otpSecretFile = config.age.secrets."toot/otp-secret.txt".path;
|
||||
@@ -90,9 +93,8 @@ in
|
||||
"vapid-pubkey.txt"
|
||||
"BAyRyD2pnLQtMHr3J5AzjNMll_HDC6ra1ilOLAUmKyhkEdbm7_OwKZUgw1UefY4CHEcv4OOX9TnnN2DOYYuPZu8=");
|
||||
|
||||
enableUnixSocket = false;
|
||||
configureNginx = false;
|
||||
trustedProxy = allAssignments.middleman.internal.ipv6.address;
|
||||
streamingProcesses = 4;
|
||||
configureNginx = true;
|
||||
|
||||
database = {
|
||||
createLocally = false;
|
||||
@@ -134,13 +136,31 @@ in
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
# Override some stuff since we are proxying upstream
|
||||
nginx = {
|
||||
recommendedProxySettings = mkForce false;
|
||||
virtualHosts."${config.services.mastodon.localDomain}" =
|
||||
let
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
in
|
||||
{
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
locations = {
|
||||
"@proxy" = { inherit extraConfig; };
|
||||
"/api/v1/streaming/" = { inherit extraConfig; };
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
(mkIf config.my.build.isDevVM {
|
||||
virtualisation = {
|
||||
forwardPorts = with config.services.mastodon; [
|
||||
{ from = "host"; guest.port = webPort; }
|
||||
{ from = "host"; guest.port = streamingPort; }
|
||||
];
|
||||
};
|
||||
})
|
||||
|
||||
@@ -54,7 +54,7 @@ in
|
||||
efi.canTouchEfiVariables = true;
|
||||
timeout = 5;
|
||||
};
|
||||
kernelPackages = pkgs.linuxKernel.packages.linux_6_1;
|
||||
kernelPackages = lib.my.c.kernel.lts pkgs;
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
kernelParams = [ "intel_iommu=on" ];
|
||||
initrd = {
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
efi.canTouchEfiVariables = true;
|
||||
timeout = 10;
|
||||
};
|
||||
kernelPackages = pkgs.linuxKernel.packages.linux_6_5;
|
||||
kernelPackages = lib.my.c.kernel.latest pkgs;
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
kernelParams = [ "intel_iommu=on" ];
|
||||
initrd = {
|
||||
|
||||
Reference in New Issue
Block a user