forked from Fediversity/Fediversity
revert submodule wrapper to align with module functions already doing types #2
7 changed files with 106 additions and 99 deletions
|
|
@ -10,6 +10,12 @@
|
|||
inputs.nixops4.packages.${pkgs.system}.default
|
||||
];
|
||||
|
||||
# FIXME: sad times
|
||||
system.extraDependencies = with pkgs; [
|
||||
jq
|
||||
jq.inputDerivation
|
||||
];
|
||||
|
||||
system.extraDependenciesFromModule =
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
|
|
|
|||
|
|
@ -14,6 +14,8 @@ let
|
|||
types
|
||||
;
|
||||
|
||||
sources = import ../../../npins;
|
||||
|
||||
in
|
||||
{
|
||||
imports = [ ./sharedOptions.nix ];
|
||||
|
|
@ -57,6 +59,8 @@ in
|
|||
"${inputs.nixops4-nixos}"
|
||||
"${inputs.nixpkgs}"
|
||||
|
||||
"${sources.flake-inputs}"
|
||||
|
||||
pkgs.stdenv
|
||||
pkgs.stdenvNoCC
|
||||
]
|
||||
|
|
|
|||
19
flake.lock
generated
19
flake.lock
generated
|
|
@ -596,22 +596,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1740463929,
|
||||
"narHash": "sha256-4Xhu/3aUdCKeLfdteEHMegx5ooKQvwPHNkOgNCXQrvc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5d7db4668d7a0c6cc5fc8cf6ef33b008b2b1ed8b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-24.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
|
|
@ -686,8 +670,7 @@
|
|||
"nixops4-nixos",
|
||||
"nixops4"
|
||||
],
|
||||
"nixops4-nixos": "nixops4-nixos",
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
"nixops4-nixos": "nixops4-nixos"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
|
|
|
|||
136
flake.nix
136
flake.nix
|
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; # consumed by flake-parts
|
||||
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||
git-hooks.url = "github:cachix/git-hooks.nix";
|
||||
nixops4.follows = "nixops4-nixos/nixops4";
|
||||
|
|
@ -8,65 +7,88 @@
|
|||
};
|
||||
|
||||
outputs =
|
||||
inputs@{ flake-parts, ... }:
|
||||
inputs@{ self, flake-parts, ... }:
|
||||
let
|
||||
sources = import ./npins;
|
||||
inherit (import sources.flake-inputs) import-flake;
|
||||
inherit (sources) git-hooks agenix;
|
||||
# XXX(@fricklerhandwerk): this atrocity is required to splice in a foreign Nixpkgs via flake-parts
|
||||
# XXX - this is just importing a flake
|
||||
nixpkgs = import-flake { src = sources.nixpkgs; };
|
||||
# XXX - this overrides the inputs attached to `self`
|
||||
inputs' = self.inputs // {
|
||||
nixpkgs = nixpkgs;
|
||||
};
|
||||
self' = self // {
|
||||
inputs = inputs';
|
||||
};
|
||||
in
|
||||
flake-parts.lib.mkFlake { inherit inputs; } {
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
"x86_64-darwin"
|
||||
"aarch64-darwin"
|
||||
];
|
||||
|
||||
imports = [
|
||||
(import "${git-hooks}/flake-module.nix")
|
||||
inputs.nixops4.modules.flake.default
|
||||
|
||||
./deployment/flake-part.nix
|
||||
./infra/flake-part.nix
|
||||
];
|
||||
|
||||
perSystem =
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
inputs',
|
||||
...
|
||||
}:
|
||||
{
|
||||
formatter = pkgs.nixfmt-rfc-style;
|
||||
|
||||
pre-commit.settings.hooks =
|
||||
let
|
||||
## Add a directory here if pre-commit hooks shouldn't apply to it.
|
||||
optout = [ "npins" ];
|
||||
excludes = map (dir: "^${dir}/") optout;
|
||||
addExcludes = lib.mapAttrs (_: c: c // { inherit excludes; });
|
||||
in
|
||||
addExcludes {
|
||||
nixfmt-rfc-style.enable = true;
|
||||
deadnix.enable = true;
|
||||
trim-trailing-whitespace.enable = true;
|
||||
shellcheck.enable = true;
|
||||
};
|
||||
|
||||
devShells.default = pkgs.mkShell {
|
||||
packages = [
|
||||
pkgs.npins
|
||||
pkgs.nil
|
||||
(pkgs.callPackage "${agenix}/pkgs/agenix.nix" { })
|
||||
pkgs.openssh
|
||||
pkgs.httpie
|
||||
pkgs.jq
|
||||
# exposing this env var as a hack to pass info in from form
|
||||
(inputs'.nixops4.packages.default.overrideAttrs {
|
||||
impureEnvVars = [ "DEPLOYMENT" ];
|
||||
})
|
||||
];
|
||||
};
|
||||
# XXX - finally we override the overall set of `inputs` -- we need both:
|
||||
# `flake-parts obtains `nixpkgs` from `self.inputs` and not from `inputs`.
|
||||
flake-parts.lib.mkFlake
|
||||
{
|
||||
inputs = inputs // {
|
||||
inherit nixpkgs;
|
||||
};
|
||||
};
|
||||
self = self';
|
||||
}
|
||||
(
|
||||
{ inputs, ... }:
|
||||
{
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
"x86_64-darwin"
|
||||
"aarch64-darwin"
|
||||
];
|
||||
|
||||
imports = [
|
||||
(import "${git-hooks}/flake-module.nix")
|
||||
inputs.nixops4.modules.flake.default
|
||||
|
||||
./deployment/flake-part.nix
|
||||
./infra/flake-part.nix
|
||||
];
|
||||
|
||||
perSystem =
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
inputs',
|
||||
...
|
||||
}:
|
||||
{
|
||||
formatter = pkgs.nixfmt-rfc-style;
|
||||
|
||||
pre-commit.settings.hooks =
|
||||
let
|
||||
## Add a directory here if pre-commit hooks shouldn't apply to it.
|
||||
optout = [ "npins" ];
|
||||
excludes = map (dir: "^${dir}/") optout;
|
||||
addExcludes = lib.mapAttrs (_: c: c // { inherit excludes; });
|
||||
in
|
||||
addExcludes {
|
||||
nixfmt-rfc-style.enable = true;
|
||||
deadnix.enable = true;
|
||||
trim-trailing-whitespace.enable = true;
|
||||
shellcheck.enable = true;
|
||||
};
|
||||
|
||||
devShells.default = pkgs.mkShell {
|
||||
packages = [
|
||||
pkgs.npins
|
||||
pkgs.nil
|
||||
(pkgs.callPackage "${agenix}/pkgs/agenix.nix" { })
|
||||
pkgs.openssh
|
||||
pkgs.httpie
|
||||
pkgs.jq
|
||||
# exposing this env var as a hack to pass info in from form
|
||||
(inputs'.nixops4.packages.default.overrideAttrs {
|
||||
impureEnvVars = [ "DEPLOYMENT" ];
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,6 +25,22 @@
|
|||
"url": null,
|
||||
"hash": "1w2gsy6qwxa5abkv8clb435237iifndcxq0s79wihqw11a5yb938"
|
||||
},
|
||||
"flake-inputs": {
|
||||
"type": "GitRelease",
|
||||
"repository": {
|
||||
"type": "GitHub",
|
||||
"owner": "fricklerhandwerk",
|
||||
"repo": "flake-inputs"
|
||||
},
|
||||
"pre_releases": false,
|
||||
"version_upper_bound": null,
|
||||
"release_prefix": null,
|
||||
"submodules": false,
|
||||
"version": "4.1",
|
||||
"revision": "ad02792f7543754569fe2fd3d5787ee00ef40be2",
|
||||
"url": "https://api.github.com/repos/fricklerhandwerk/flake-inputs/tarball/4.1",
|
||||
"hash": "1j57avx2mqjnhrsgq3xl7ih8v7bdhz1kj3min6364f486ys048bm"
|
||||
},
|
||||
"flake-parts": {
|
||||
"type": "Git",
|
||||
"repository": {
|
||||
|
|
|
|||
|
|
@ -56,12 +56,6 @@ in
|
|||
)
|
||||
|
||||
(mkIf config.fediversity.pixelfed.enable {
|
||||
## NOTE: Pixelfed as packaged in nixpkgs has a permission issue that prevents Nginx
|
||||
## from being able to serving the images. We fix it here, but this should be
|
||||
## upstreamed. See https://github.com/NixOS/nixpkgs/issues/235147
|
||||
services.pixelfed.package = pkgs.pixelfed.overrideAttrs (old: {
|
||||
patches = (old.patches or [ ]) ++ [ ./group-permissions.patch ];
|
||||
});
|
||||
users.users.nginx.extraGroups = [ "pixelfed" ];
|
||||
|
||||
services.pixelfed = {
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
diff --git a/config/filesystems.php b/config/filesystems.php
|
||||
index 00254e93..fc1a58f3 100644
|
||||
--- a/config/filesystems.php
|
||||
+++ b/config/filesystems.php
|
||||
@@ -49,11 +49,11 @@ return [
|
||||
'permissions' => [
|
||||
'file' => [
|
||||
'public' => 0644,
|
||||
- 'private' => 0600,
|
||||
+ 'private' => 0640,
|
||||
],
|
||||
'dir' => [
|
||||
'public' => 0755,
|
||||
- 'private' => 0700,
|
||||
+ 'private' => 0750,
|
||||
],
|
||||
],
|
||||
],
|
||||
Loading…
Add table
Reference in a new issue