From 2135a5e8415d9f7ceddd95ccd5ddc95724e5b9fb Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 28 Oct 2023 14:03:51 +0200 Subject: [PATCH 1/6] chore: move mastodon + postgres into apps directory --- hosts/nachtigall/{ => apps}/mastodon.nix | 0 hosts/nachtigall/{ => apps}/postgresql.nix | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename hosts/nachtigall/{ => apps}/mastodon.nix (100%) rename hosts/nachtigall/{ => apps}/postgresql.nix (100%) diff --git a/hosts/nachtigall/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix similarity index 100% rename from hosts/nachtigall/mastodon.nix rename to hosts/nachtigall/apps/mastodon.nix diff --git a/hosts/nachtigall/postgresql.nix b/hosts/nachtigall/apps/postgresql.nix similarity index 100% rename from hosts/nachtigall/postgresql.nix rename to hosts/nachtigall/apps/postgresql.nix From 65689ae5247922d0245f69e313ad4571621d8302 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 28 Oct 2023 15:23:40 +0200 Subject: [PATCH 2/6] chore: remove unused nachtigall user keys --- secrets/secrets.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c740098..4690a3d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,7 +7,6 @@ let teutat3s-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall"; - #nachtigall-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDuXuPPDXTyJgy4JRwbKcPbawvVB1Il2neyRWb4O5sJ root@nixos"; baseKeys = [ axeman-1 @@ -19,7 +18,6 @@ let nachtigallKeys = [ nachtigall-host - #nachtigall-user ]; in { From e43cb021ce200727f6a05f677aa6e31d8ab1e4a0 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 28 Oct 2023 15:36:13 +0200 Subject: [PATCH 3/6] feat: use mastodon version 4.2.1 from our fork This still needs updates in the NixOS module to account for the changes in https://github.com/mastodon/mastodon/pull/24655 that change how multiple streaming processes run. Hopefully this is fine for a single streaming process though. https://github.com/NixOS/nixpkgs/pull/251950 https://github.com/teutat3s/nixpkgs/tree/mastodon-4.2.1 --- flake.lock | 17 +++++++++++++++++ flake.nix | 3 +++ hosts/nachtigall/apps/mastodon.nix | 2 +- overlays/default.nix | 17 +++++++++++++++++ 4 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 overlays/default.nix diff --git a/flake.lock b/flake.lock index d3e72ee..56eb596 100644 --- a/flake.lock +++ b/flake.lock @@ -150,6 +150,22 @@ "type": "github" } }, + "mastodon-fork": { + "locked": { + "lastModified": 1698490885, + "narHash": "sha256-Ic2YgJ7vlAoiihho4pJgHewIubIZQpv1L8ePRB1wfG4=", + "owner": "teutat3s", + "repo": "nixpkgs", + "rev": "534d90c65614f05e543fd11b3f4acd748704a625", + "type": "github" + }, + "original": { + "owner": "teutat3s", + "ref": "mastodon-4.2.1", + "repo": "nixpkgs", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -226,6 +242,7 @@ "deploy-rs": "deploy-rs", "flake-parts": "flake-parts", "home-manager": "home-manager", + "mastodon-fork": "mastodon-fork", "nix-darwin": "nix-darwin", "nixos-flake": "nixos-flake", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 2703a1a..8b46b54 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ # Track channels with commits tested and built by hydra nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + mastodon-fork.url = "github:teutat3s/nixpkgs/mastodon-4.2.1"; nix-darwin.url = "github:lnl7/nix-darwin/master"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; @@ -34,6 +35,7 @@ # ./terraform.nix ./public-keys ./lib + ./overlays ]; perSystem = { system, pkgs, config, ... }: { @@ -79,6 +81,7 @@ self.pub-solar.lib.linux.unlockZFSOnBoot self.nixosModules.home-manager self.nixosModules.linux + self.nixosModules.overlays inputs.agenix.nixosModules.default { home-manager.users.${username} = { diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index a40d0cf..4f978ca 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -1,4 +1,4 @@ -{ config, pkgs, flake, ... }: +{ config, pkgs, flake, inputs, ... }: { age.secrets."mastodon-secret-key-base" = { diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..7bfa77b --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,17 @@ +{ + self, + inputs, + ... +}: { + flake = { + nixosModules = rec { + overlays = ({ ... }: { + nixpkgs.overlays = [ + (final: prev: { + mastodon = inputs.mastodon-fork.legacyPackages.${prev.system}.mastodon; + }) + ]; + }); + }; + }; +} From 0944b2d11c06d820898afd0a5bc37f4d49bfb419 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 28 Oct 2023 17:02:03 +0200 Subject: [PATCH 4/6] feat: enable nginx for mastodon https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/mastodon.nix#L762-L785 --- hosts/nachtigall/apps/mastodon.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index 4f978ca..12d9f89 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -39,7 +39,7 @@ # Different from WEB_DOMAIN in our case localDomain = "pub.solar"; # We use caddy, see caddy.nix - configureNginx = false; + configureNginx = true; enableUnixSocket = true; #streamingSocket = "/run/mastodon-streaming/streaming.socket"; #webSocket = "/run/mastodon-web/web.socket"; From 1e19efe20e213ec33bfeca5acc255065994e49a9 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 28 Oct 2023 18:07:29 +0200 Subject: [PATCH 5/6] docs: add comment about streaming processes --- hosts/nachtigall/apps/mastodon.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index 12d9f89..3cd0685 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -46,7 +46,9 @@ #sidekiqPort = 55002; # Processes used by the mastodon-streaming service. Defaults to the number # of CPU cores minus one - streamingProcesses = 5; + # This is without affect until this comment is addressed + # https://github.com/NixOS/nixpkgs/pull/251950#issuecomment-1732568492 + #streamingProcesses = 5; # Processes used by the mastodon-web service webProcesses = 2; # Threads per process used by the mastodon-web service From c162d460940979ec9ff82cb7433d3e12c5f6e0a3 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 28 Oct 2023 18:18:06 +0200 Subject: [PATCH 6/6] fix: address review comments --- hosts/nachtigall/apps/mastodon.nix | 9 ++------- hosts/nachtigall/apps/opensearch.nix | 5 +++++ hosts/nachtigall/default.nix | 3 ++- secrets/secrets.nix | 4 ++-- 4 files changed, 11 insertions(+), 10 deletions(-) create mode 100644 hosts/nachtigall/apps/opensearch.nix diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index 3cd0685..a71a521 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -32,23 +32,17 @@ owner = config.services.mastodon.user; }; - services.opensearch.enable = true; - services.mastodon = { enable = true; # Different from WEB_DOMAIN in our case localDomain = "pub.solar"; - # We use caddy, see caddy.nix configureNginx = true; enableUnixSocket = true; - #streamingSocket = "/run/mastodon-streaming/streaming.socket"; - #webSocket = "/run/mastodon-web/web.socket"; - #sidekiqPort = 55002; # Processes used by the mastodon-streaming service. Defaults to the number # of CPU cores minus one # This is without affect until this comment is addressed # https://github.com/NixOS/nixpkgs/pull/251950#issuecomment-1732568492 - #streamingProcesses = 5; + streamingProcesses = 5; # Processes used by the mastodon-web service webProcesses = 2; # Threads per process used by the mastodon-web service @@ -71,6 +65,7 @@ ]; extraConfig = { WEB_DOMAIN = "mastodon.pub.solar"; + # Defined in ./opensearch.nix ES_HOST = "127.0.0.1"; # S3 File storage (optional) # ----------------------- diff --git a/hosts/nachtigall/apps/opensearch.nix b/hosts/nachtigall/apps/opensearch.nix new file mode 100644 index 0000000..1b9c0f2 --- /dev/null +++ b/hosts/nachtigall/apps/opensearch.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + services.opensearch.enable = true; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index bf579d3..57535d4 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -8,10 +8,11 @@ ./networking.nix ./nix.nix - ./apps/nginx.nix + ./apps/nginx-website.nix ./apps/mastodon.nix + ./apps/opensearch.nix ./apps/postgresql.nix ]; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 4690a3d..6b7ba1d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,7 +1,7 @@ let # set ssh public keys here for your system and user axeman-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix"; - bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com"; + b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com"; hensoko-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb"; hensoko-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy"; teutat3s-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; @@ -10,7 +10,7 @@ let baseKeys = [ axeman-1 - bbcom + b12f-bbcom hensoko-1 hensoko-2 teutat3s-1