From 36a83a3bf1d5ff8df5dd3a001b58a2a6ed74349c Mon Sep 17 00:00:00 2001 From: Izorkin Date: Mon, 26 Aug 2024 23:05:56 +0300 Subject: [PATCH] mastodon: 4.2.13 -> 4.3.0 Changelog: https://github.com/mastodon/mastodon/releases/tag/v4.3.0 --- nixos/modules/services/web-apps/mastodon.nix | 97 +- pkgs/servers/mastodon/default.nix | 51 +- pkgs/servers/mastodon/gemset.nix | 1467 +++++++++++------- pkgs/servers/mastodon/source.nix | 6 +- pkgs/servers/mastodon/update.sh | 6 +- pkgs/servers/mastodon/yarn.nix | 34 + pkgs/top-level/all-packages.nix | 6 +- 7 files changed, 1050 insertions(+), 617 deletions(-) create mode 100644 pkgs/servers/mastodon/yarn.nix diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix index 5c383e9f16ab8..a3a2bbd1eca6d 100644 --- a/nixos/modules/services/web-apps/mastodon.nix +++ b/nixos/modules/services/web-apps/mastodon.nix @@ -12,9 +12,12 @@ let RAILS_ENV = "production"; NODE_ENV = "production"; + BOOTSNAP_CACHE_DIR="/var/cache/mastodon/precompile"; LD_PRELOAD = "${pkgs.jemalloc}/lib/libjemalloc.so"; - # mastodon-web concurrency. + MASTODON_USE_LIBVIPS = "true"; + + # Concurrency mastodon-web WEB_CONCURRENCY = toString cfg.webProcesses; MAX_THREADS = toString cfg.webThreads; @@ -24,7 +27,7 @@ let DB_NAME = cfg.database.name; LOCAL_DOMAIN = cfg.localDomain; SMTP_SERVER = cfg.smtp.host; - SMTP_PORT = toString(cfg.smtp.port); + SMTP_PORT = toString cfg.smtp.port; SMTP_FROM_ADDRESS = cfg.smtp.fromAddress; PAPERCLIP_ROOT_PATH = "/var/lib/mastodon/public-system"; PAPERCLIP_ROOT_URL = "/system"; @@ -33,12 +36,12 @@ let TRUSTED_PROXY_IP = cfg.trustedProxy; } // lib.optionalAttrs (cfg.redis.host != null) { REDIS_HOST = cfg.redis.host; } - // lib.optionalAttrs (cfg.redis.port != null) { REDIS_PORT = toString(cfg.redis.port); } + // lib.optionalAttrs (cfg.redis.port != null) { REDIS_PORT = toString cfg.redis.port; } // lib.optionalAttrs (cfg.redis.createLocally && cfg.redis.enableUnixSocket) { REDIS_URL = "unix://${config.services.redis.servers.mastodon.unixSocket}"; } // lib.optionalAttrs (cfg.database.host != "/run/postgresql" && cfg.database.port != null) { DB_PORT = toString cfg.database.port; } // lib.optionalAttrs cfg.smtp.authenticate { SMTP_LOGIN = cfg.smtp.user; } // lib.optionalAttrs (cfg.elasticsearch.host != null) { ES_HOST = cfg.elasticsearch.host; } - // lib.optionalAttrs (cfg.elasticsearch.host != null) { ES_PORT = toString(cfg.elasticsearch.port); } + // lib.optionalAttrs (cfg.elasticsearch.host != null) { ES_PORT = toString cfg.elasticsearch.port; } // lib.optionalAttrs (cfg.elasticsearch.host != null) { ES_PRESET = cfg.elasticsearch.preset; } // lib.optionalAttrs (cfg.elasticsearch.user != null) { ES_USER = cfg.elasticsearch.user; } // cfg.extraConfig; @@ -51,6 +54,9 @@ let Group = cfg.group; # Working directory WorkingDirectory = cfg.package; + # Cache directory and mode + CacheDirectory = "mastodon"; + CacheDirectoryMode = "0750"; # State directory and mode StateDirectory = "mastodon"; StateDirectoryMode = "0750"; @@ -127,7 +133,7 @@ let description = "Mastodon sidekiq${jobClassLabel}"; wantedBy = [ "mastodon.target" ]; environment = env // { - PORT = toString(cfg.sidekiqPort); + PORT = toString cfg.sidekiqPort; DB_POOL = threads; }; serviceConfig = { @@ -309,7 +315,7 @@ in { Voluntary Application Server Identification. A new keypair can be generated by running: - `nix build -f '' mastodon; cd result; bin/rake webpush:generate_keys` + `nix build -f '' mastodon; cd result; RAILS_ENV=production bin/rake webpush:generate_keys` If {option}`mastodon.vapidPrivateKeyFile`does not exist, it and this file will be created with a new keypair. @@ -324,12 +330,57 @@ in { type = lib.types.str; }; + activeRecordEncryptionDeterministicKeyFile = lib.mkOption { + description = '' + This key must be set to enable the Active Record Encryption feature within + Rails that Mastodon uses to encrypt and decrypt some database attributes. + A new Active Record keys can be generated by running: + + `nix build -f '' mastodon; cd result; RAILS_ENV=production ./bin/rails db:encryption:init` + + If this file does not exist, it will be created with a new Active Record + keys. + ''; + default = "/var/lib/mastodon/secrets/active-record-encryption-deterministic-key"; + type = lib.types.str; + }; + + activeRecordEncryptionKeyDerivationSaltFile = lib.mkOption { + description = '' + This key must be set to enable the Active Record Encryption feature within + Rails that Mastodon uses to encrypt and decrypt some database attributes. + A new Active Record keys can be generated by running: + + `nix build -f '' mastodon; cd result; RAILS_ENV=production ./bin/rails db:encryption:init` + + If this file does not exist, it will be created with a new Active Record + keys. + ''; + default = "/var/lib/mastodon/secrets/active-record-encryption-key-derivation-salt"; + type = lib.types.str; + }; + + activeRecordEncryptionPrimaryKeyFile = lib.mkOption { + description = '' + This key must be set to enable the Active Record Encryption feature within + Rails that Mastodon uses to encrypt and decrypt some database attributes. + A new Active Record keys can be generated by running: + + `nix build -f '' mastodon; cd result; RAILS_ENV=production ./bin/rails db:encryption:init` + + If this file does not exist, it will be created with a new Active Record + keys. + ''; + default = "/var/lib/mastodon/secrets/active-record-encryption-primary-key"; + type = lib.types.str; + }; + secretKeyBaseFile = lib.mkOption { description = '' Path to file containing the secret key base. A new secret key base can be generated by running: - `nix build -f '' mastodon; cd result; bin/rake secret` + `nix build -f '' mastodon; cd result; bin/bundle exec rails secret` If this file does not exist, it will be created with a new secret key base. ''; @@ -342,7 +393,7 @@ in { Path to file containing the OTP secret. A new OTP secret can be generated by running: - `nix build -f '' mastodon; cd result; bin/rake secret` + `nix build -f '' mastodon; cd result; bin/bundle exec rails secret` If this file does not exist, it will be created with a new OTP secret. ''; @@ -708,13 +759,28 @@ in { script = '' umask 077 + if ! test -d /var/cache/mastodon/precompile; then + ${cfg.package}/bin/bundle exec bootsnap precompile --gemfile ${cfg.package}/app ${cfg.package}/lib + fi + if ! test -f ${cfg.activeRecordEncryptionDeterministicKeyFile}; then + mkdir -p $(dirname ${cfg.activeRecordEncryptionDeterministicKeyFile}) + bin/rails db:encryption:init | grep --only-matching "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=[^ ]\+" | sed 's/^ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=//' > ${cfg.activeRecordEncryptionDeterministicKeyFile} + fi + if ! test -f ${cfg.activeRecordEncryptionKeyDerivationSaltFile}; then + mkdir -p $(dirname ${cfg.activeRecordEncryptionKeyDerivationSaltFile}) + bin/rails db:encryption:init | grep --only-matching "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=[^ ]\+" | sed 's/^ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=//' > ${cfg.activeRecordEncryptionKeyDerivationSaltFile} + fi + if ! test -f ${cfg.activeRecordEncryptionPrimaryKeyFile}; then + mkdir -p $(dirname ${cfg.activeRecordEncryptionPrimaryKeyFile}) + bin/rails db:encryption:init | grep --only-matching "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=[^ ]\+" | sed 's/^ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=//' > ${cfg.activeRecordEncryptionPrimaryKeyFile} + fi if ! test -f ${cfg.secretKeyBaseFile}; then mkdir -p $(dirname ${cfg.secretKeyBaseFile}) - bin/rake secret > ${cfg.secretKeyBaseFile} + bin/bundle exec rails secret > ${cfg.secretKeyBaseFile} fi if ! test -f ${cfg.otpSecretFile}; then mkdir -p $(dirname ${cfg.otpSecretFile}) - bin/rake secret > ${cfg.otpSecretFile} + bin/bundle exec rails secret > ${cfg.otpSecretFile} fi if ! test -f ${cfg.vapidPrivateKeyFile}; then mkdir -p $(dirname ${cfg.vapidPrivateKeyFile}) $(dirname ${cfg.vapidPublicKeyFile}) @@ -724,6 +790,9 @@ in { fi cat > /var/lib/mastodon/.secrets_env <> gemset.nix # Create trailing newline to please EditorConfig checks -echo "Creating yarn-hash.nix" -YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")" -YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")" -sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix +echo "Required manual update of yarn-hash" +exit 1 diff --git a/pkgs/servers/mastodon/yarn.nix b/pkgs/servers/mastodon/yarn.nix new file mode 100644 index 0000000000000..3fb4018906d25 --- /dev/null +++ b/pkgs/servers/mastodon/yarn.nix @@ -0,0 +1,34 @@ +{ + stdenvNoCC, + yarn-berry, + cacert, + version, + src, + hash, +}: +stdenvNoCC.mkDerivation { + pname = "yarn-deps"; + inherit version src; + + nativeBuildInputs = [ + yarn-berry + ]; + + dontInstall = true; + + NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt"; + + buildPhase = '' + export HOME=$(mktemp -d) + export YARN_ENABLE_TELEMETRY=0 + + cache="$(yarn config get cacheFolder)" + yarn install --immutable --mode skip-build + + mkdir -p $out + cp -r $cache/* $out/ + ''; + + outputHash = hash; + outputHashMode = "recursive"; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4c58aaa8b0f2f..e22700fb2d071 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24522,8 +24522,10 @@ with pkgs; maker-panel = callPackage ../tools/misc/maker-panel { }; mastodon = callPackage ../servers/mastodon { - nodejs-slim = nodejs-slim_20; - ruby = ruby_3_2; + nodejs-slim = nodejs-slim_22; + python3 = python311; + ruby = ruby_3_3; + yarn-berry = yarn-berry.override { nodejs = nodejs-slim_22; }; }; gotosocial = callPackage ../servers/gotosocial { };