summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/default.nix6
-rw-r--r--krebs/2configs/mastodon-proxy.nix24
-rw-r--r--krebs/2configs/mastodon.nix46
-rw-r--r--krebs/nixpkgs.json8
-rwxr-xr-xkrebs/update-nixpkgs.sh2
6 files changed, 79 insertions, 8 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 02749dafe..a34df4bdc 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -14,6 +14,7 @@
<stockholm/krebs/2configs/mud.nix>
<stockholm/krebs/2configs/cal.nix>
+ <stockholm/krebs/2configs/mastodon.nix>
## shackie irc bot
<stockholm/krebs/2configs/shack/reaktor.nix>
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 38d770316..fffe128e6 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -27,9 +27,6 @@ with import <stockholm/lib>;
];
console.keyMap = "us";
- i18n = {
- defaultLocale = lib.mkForce "C";
- };
programs.ssh.startAgent = false;
@@ -60,4 +57,7 @@ with import <stockholm/lib>;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
+
+ # maybe fix Error: unsupported locales detected:
+ i18n.defaultLocale = mkDefault "C.UTF-8";
}
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix
new file mode 100644
index 000000000..4d359c3fe
--- /dev/null
+++ b/krebs/2configs/mastodon-proxy.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+{
+ services.nginx = {
+ enable = true;
+ virtualHosts."social.krebsco.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ # TODO use this in 22.11
+ # recommendedProxySettings = true;
+ proxyPass = "http://hotdog.r";
+ proxyWebsockets = true;
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ '';
+ };
+ };
+ };
+}
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
new file mode 100644
index 000000000..145b383ed
--- /dev/null
+++ b/krebs/2configs/mastodon.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+{
+ services.postgresql = {
+ enable = true;
+ dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+ package = pkgs.postgresql_11;
+ };
+ systemd.tmpfiles.rules = [
+ "d /var/state/postgresql 0700 postgres postgres -"
+ ];
+
+ services.mastodon = {
+ enable = true;
+ localDomain = "social.krebsco.de";
+ configureNginx = true;
+ trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
+ smtp.createLocally = false;
+ smtp.fromAddress = "derp";
+ };
+
+ services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+ forceSSL = lib.mkForce false;
+ enableACME = lib.mkForce false;
+ locations."@proxy".extraConfig = ''
+ proxy_redirect off;
+ proxy_pass_header Server;
+ proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+ '';
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ 80
+ ];
+
+ environment.systemPackages = [
+ (pkgs.writers.writeDashBin "tootctl" ''
+ sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+ '')
+ (pkgs.writers.writeDashBin "create-mastodon-user" ''
+ set -efu
+ nick=$1
+ /run/current-system/sw/bin/tootctl accounts create "$nick" --email "$nick"@krebsco.de --confirmed
+ /run/current-system/sw/bin/tootctl accounts approve "$nick"
+ '')
+ ];
+}
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index f836f63f9..b6d46f1f9 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "6474d93e007e4d165bcf48e7f87de2175c93d10b",
- "date": "2022-11-16T11:41:31+01:00",
- "path": "/nix/store/z86f31carhz3sf78kn3lkyq748drgp63-nixpkgs",
- "sha256": "00swm7hz3fjyzps75bjyqviw6dqg2cc126wc7lcc1rjkpdyk5iwg",
+ "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502",
+ "date": "2022-11-30T14:03:12-05:00",
+ "path": "/nix/store/vax0irdsk8gvczikw219vj079mck6j6r-nixpkgs",
+ "sha256": "1n524a44p2kprk65zx2v6793kmxjpz1qm1ilxk82vq0vg0c5jy32",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh
index 59dbd91b5..97c069d86 100755
--- a/krebs/update-nixpkgs.sh
+++ b/krebs/update-nixpkgs.sh
@@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \
- --rev refs/heads/nixos-22.05' \
+ --rev refs/heads/nixos-22.11' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 23:36:57 +0000