use mastodon-glitch

config/services/mastodon.nix

@@ -12,6 +12,7 @@ let
       "mastodon-sidekiq.service"
     ];
   };
+  mastodon = pkgs.callPackage ../../packages/mastodon { };
 in
 {
   imports = [
@@ -21,6 +22,7 @@ in
   services.mastodon = {
     enable = true;
     enableUnixSocket = false;
+    package = mastodon;
     elasticsearch = {
       host = "127.0.0.1";
     };

config/services/reverse-proxy.nix

@@ -1,4 +1,4 @@
-{ config, ... }: {
+{ pkgs, config, ... }: {
   services.nginx.virtualHosts."hydra.chir.rs" = {
     sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
     sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
@@ -10,17 +10,23 @@
       '';
     };
   };
-  services.nginx.virtualHosts."mastodon.chir.rs" = {
-    sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
-    sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
-    locations."/" = {
-      proxyPass = "https://mastodon.int.chir.rs";
-      proxyWebsockets = true;
-      extraConfig = ''
-        proxy_ssl_server_name on;
-      '';
+  services.nginx.virtualHosts."mastodon.chir.rs" =
+    let mastodon = pkgs.callPackage ../../packages/mastodon { }; in
+    {
+      sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
+      sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
+      root = "${config.services.mastodon.package}/public/";
+      locations."/" = {
+        tryFiles = "$uri @proxy";
+      };
+      locations."@proxy" = {
+        proxyPass = "https://mastodon.int.chir.rs";
+        proxyWebsockets = true;
+        extraConfig = ''
+          proxy_ssl_server_name on;
+        '';
+      };
     };
-  };
   services.nginx.virtualHosts."mastodon-assets.chir.rs" = {
     sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
     sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";

flake.nix

@@ -87,10 +87,12 @@ rec {
           systems);
       devShell.x86_64-linux = let pkgs = import nixpkgs { system = "x86_64-linux"; }; in
         pkgs.mkShell {
-          nativeBuildInputs = [
-            pkgs.sops
-            pkgs.ssh-to-age
-            pkgs.nix-prefetch-git
+          nativeBuildInputs = with pkgs; [
+            sops
+            ssh-to-age
+            nix-prefetch-git
+            jq
+            bundix
           ];
         };
       hydraJobs = (builtins.listToAttrs (map

packages/mastodon/default.nix

@@ -0,0 +1,138 @@
+{ lib
+, stdenv
+, nodejs-slim
+, mkYarnPackage
+, fetchFromGitHub
+, bundlerEnv
+, nixosTests
+, yarn
+, callPackage
+, imagemagick
+, ffmpeg
+, file
+, ruby_3_0
+, writeShellScript
+, fetchYarnDeps
+, fixup_yarn_lock
+
+  # Allow building a fork or custom version of Mastodon:
+, pname ? "mastodon-glitch"
+, version ? import ./version.nix
+, srcOverride ? null
+, dependenciesDir ? ./.  # Should contain gemset.nix, yarn.nix and package.json.
+}:
+
+stdenv.mkDerivation rec {
+  inherit pname version;
+
+  # Using overrideAttrs on src does not build the gems and modules with the overridden src.
+  # Putting the callPackage up in the arguments list also does not work.
+  src = if srcOverride != null then srcOverride else callPackage ./source.nix { };
+
+  yarnOfflineCache = fetchYarnDeps {
+    yarnLock = "${src}/yarn.lock";
+    sha256 = "sha256-Swe7AH/j1+N1T20xaQ+U0Ajtoe9BGzsghAjN1QakUp8=";
+  };
+
+  mastodon-gems = bundlerEnv {
+    name = "${pname}-gems-${version}";
+    inherit version;
+    ruby = ruby_3_0;
+    gemdir = src;
+    gemset = dependenciesDir + "/gemset.nix";
+    # This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem
+    # symlinks with directories, resolving this error when running rake:
+    #   /nix/store/451rhxkggw53h7253izpbq55nrhs7iv0-mastodon-gems-3.0.1/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `<module:Bundler>': uninitialized constant Bundler::Settings (NameError)
+    postBuild = ''
+      for gem in "$out"/lib/ruby/gems/*/gems/*; do
+        cp -a "$gem/" "$gem.new"
+        rm "$gem"
+        # needed on macOS, otherwise the mv yields permission denied
+        chmod +w "$gem.new"
+        mv "$gem.new" "$gem"
+      done
+    '';
+  };
+
+  mastodon-modules = stdenv.mkDerivation {
+    pname = "${pname}-modules";
+    inherit src version;
+
+    nativeBuildInputs = [ fixup_yarn_lock nodejs-slim yarn mastodon-gems mastodon-gems.wrappedRuby ];
+
+    RAILS_ENV = "production";
+    NODE_ENV = "production";
+
+    buildPhase = ''
+      export HOME=$PWD
+      fixup_yarn_lock ~/yarn.lock
+      yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
+      yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress
+
+      patchShebangs ~/bin
+      patchShebangs ~/node_modules
+
+      # skip running yarn install
+      rm -rf ~/bin/yarn
+
+      OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
+        rails assets:precompile
+      yarn cache clean --offline
+      rm -rf ~/node_modules/.cache
+    '';
+
+    installPhase = ''
+      mkdir -p $out/public
+      cp -r node_modules $out/node_modules
+      cp -r public/assets $out/public
+      cp -r public/packs $out/public
+    '';
+  };
+
+  propagatedBuildInputs = [ imagemagick ffmpeg file mastodon-gems.wrappedRuby ];
+  buildInputs = [ mastodon-gems nodejs-slim ];
+
+  buildPhase = ''
+    ln -s ${mastodon-modules}/node_modules node_modules
+    ln -s ${mastodon-modules}/public/assets public/assets
+    ln -s ${mastodon-modules}/public/packs public/packs
+
+    patchShebangs bin/
+    for b in $(ls ${mastodon-gems}/bin/)
+    do
+      if [ ! -f bin/$b ]; then
+        ln -s ${mastodon-gems}/bin/$b bin/$b
+      fi
+    done
+
+    rm -rf log
+    ln -s /var/log/mastodon log
+    ln -s /tmp tmp
+  '';
+
+  installPhase =
+    let
+      run-streaming = writeShellScript "run-streaming.sh" ''
+        # NixOS helper script to consistently use the same NodeJS version the package was built with.
+        ${nodejs-slim}/bin/node ./streaming
+      '';
+    in
+    ''
+      mkdir -p $out
+      cp -r * $out/
+      ln -s ${run-streaming} $out/run-streaming.sh
+    '';
+
+  passthru = {
+    tests.mastodon = nixosTests.mastodon;
+    updateScript = callPackage ./update.nix { };
+  };
+
+  meta = with lib; {
+    description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
+    homepage = "https://joinmastodon.org";
+    license = licenses.agpl3Plus;
+    platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
+    maintainers = with maintainers; [ petabyteboy happy-river erictapen izorkin ];
+  };
+}

packages/mastodon/source.nix

@@ -0,0 +1,11 @@
+# This file was generated by pkgs.mastodon.updateScript.
+{ fetchgit, applyPatches }: let
+  src = fetchgit {
+    url = "https://github.com/glitch-soc/mastodon";
+    rev = "252deefe3433d0cedafd973becd0d85b5182eb49";
+    sha256 = "0ld2nadl48blwcabgrp9wjx3ha750s9dvvrdf0l5dv9qy6nipw4l";
+  };
+in applyPatches {
+  inherit src;
+  patches = [];
+}

packages/mastodon/update.nix

@@ -0,0 +1,30 @@
+{ pkgs
+, runCommand
+, lib
+, makeWrapper
+, yarn2nix
+, bundix
+, coreutils
+, diffutils
+, nix-prefetch-git
+, gnused
+, jq
+}:
+let
+  binPath = lib.makeBinPath [ yarn2nix bundix coreutils diffutils nix-prefetch-git gnused jq ];
+in
+runCommand "mastodon-update-script"
+{
+  nativeBuildInputs = [ makeWrapper ];
+
+  meta = {
+    maintainers = with lib.maintainers; [ happy-river ];
+    description = "Utility to generate Nix expressions for Mastodon's dependencies";
+    platforms = lib.platforms.unix;
+  };
+} ''
+  mkdir -p $out/bin
+  cp ${./update.sh} $out/bin/update.sh
+  patchShebangs $out/bin/update.sh
+  wrapProgram $out/bin/update.sh --prefix PATH : ${binPath}
+''

packages/mastodon/update.sh

@@ -0,0 +1,98 @@
+#!/usr/bin/env bash
+set -e
+
+URL=https://github.com/mastodon/mastodon.git
+
+POSITIONAL=()
+while [[ $# -gt 0 ]]; do
+    key="$1"
+
+    case $key in
+        --url)
+            URL="$2"
+            shift # past argument
+            shift # past value
+            ;;
+        --ver)
+            VERSION="$2"
+            shift # past argument
+            shift # past value
+            ;;
+        --rev)
+            REVISION="$2"
+            shift # past argument
+            shift # past value
+            ;;
+        --patches)
+            PATCHES="$2"
+            shift # past argument
+            shift # past value
+            ;;
+        *)  # unknown option
+            POSITIONAL+=("$1")
+            shift # past argument
+            ;;
+    esac
+done
+
+if [[ -z "$VERSION" || -n "$POSITIONAL" ]]; then
+    echo "Usage: update.sh [--url URL] --ver VERSION [--rev REVISION] [--patches PATCHES]"
+    echo "URL may be any path acceptable to 'git clone' and VERSION the"
+    echo "semantic version number.  If VERSION is not a revision acceptable to"
+    echo "'git checkout', you must provide one in REVISION.  If URL is not"
+    echo "provided, it defaults to https://github.com/mastodon/mastodon.git."
+    echo "PATCHES, if provided, should be one or more Nix expressions"
+    echo "separated by spaces."
+    exit 1
+fi
+
+if [[ -z "$REVISION" ]]; then
+    REVISION="$VERSION"
+fi
+
+rm -f gemset.nix version.nix source.nix
+TARGET_DIR="$PWD"
+
+
+WORK_DIR=$(mktemp -d)
+
+# Check that working directory was created.
+if [[ ! "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
+    echo "Could not create temporary directory"
+    exit 1
+fi
+
+# Delete the working directory on exit.
+function cleanup {
+    # Report errors, if any, from nix-prefetch-git
+    grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true
+    rm -rf "$WORK_DIR"
+}
+trap cleanup EXIT
+
+echo "Fetching source code $REVISION from $URL"
+JSON=$(nix-prefetch-git --url "$URL" --rev "$REVISION"  2> $WORK_DIR/nix-prefetch-git.out)
+SHA=$(echo $JSON | jq -r .sha256)
+FETCHED_SOURCE_DIR=$(grep '^path is' $WORK_DIR/nix-prefetch-git.out | sed 's/^path is //')
+
+echo "Creating version.nix"
+echo \"$VERSION\" | sed 's/^"v/"/' > version.nix
+
+cat > source.nix << EOF
+# This file was generated by pkgs.mastodon.updateScript.
+{ fetchgit, applyPatches }: let
+  src = fetchgit {
+    url = "$URL";
+    rev = "$REVISION";
+    sha256 = "$SHA";
+  };
+in applyPatches {
+  inherit src;
+  patches = [$PATCHES];
+}
+EOF
+SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
+
+echo "Creating gemset.nix"
+bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
+echo "" >> $TARGET_DIR/gemset.nix  # Create trailing newline to please EditorConfig checks

packages/mastodon/version.nix

@@ -0,0 +1 @@
+"3.5.1"