[Backport release-24.11] mastodon: 4.3.4 -> 4.3.6

nixos/modules/services/web-apps/mastodon.nix

@@ -195,7 +195,7 @@ in {
           affect other virtualHosts running on your nginx instance, if any.
           Alternatively you can configure a reverse-proxy of your choice to serve these paths:
 
-          `/ -> $(nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath)/public`
+          `/ -> ''${pkgs.mastodon}/public`
 
           `/ -> 127.0.0.1:{{ webPort }} `(If there was no file in the directory above.)
 
@@ -324,6 +324,21 @@ in {
         type = lib.types.str;
       };
 
+      vapidPrivateKeyFile = lib.mkOption {
+        description = ''
+          Path to file containing the private key used for Web Push
+          Voluntary Application Server Identification.  A new keypair can
+          be generated by running:
+
+          `nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys`
+
+          If this file does not exist, it will be created with a new
+          private key.
+        '';
+        default = "/var/lib/mastodon/secrets/vapid-private-key";
+        type = lib.types.str;
+      };
+
       localDomain = lib.mkOption {
         description = "The domain serving your Mastodon instance.";
         example = "social.example.org";
@@ -401,21 +416,6 @@ in {
         type = lib.types.str;
       };
 
-      vapidPrivateKeyFile = lib.mkOption {
-        description = ''
-          Path to file containing the private key used for Web Push
-          Voluntary Application Server Identification.  A new keypair can
-          be generated by running:
-
-          `nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys`
-
-          If this file does not exist, it will be created with a new
-          private key.
-        '';
-        default = "/var/lib/mastodon/secrets/vapid-private-key";
-        type = lib.types.str;
-      };
-
       trustedProxy = lib.mkOption {
         description = ''
           You need to set it to the IP from which your reverse proxy sends requests to Mastodon's web process,
@@ -945,6 +945,7 @@ in {
       enable = true;
       hostname = lib.mkDefault "${cfg.localDomain}";
     };
+
     services.redis.servers.mastodon = lib.mkIf redisActuallyCreateLocally (lib.mkMerge [
       {
         enable = true;
@@ -953,6 +954,7 @@ in {
         port = cfg.redis.port;
       })
     ]);
+
     services.postgresql = lib.mkIf databaseActuallyCreateLocally {
       enable = true;
       ensureUsers = [

pkgs/servers/mastodon/downgrade-bundler-version.patch

@@ -0,0 +1,23 @@
+From 02aa830dc7771978acd224a9ac7b7ad61fe446c2 Mon Sep 17 00:00:00 2001
+Date: Sat, 22 Mar 2025 11:51:47 +0100
+Subject: [PATCH] Downgrade bundler version
+
+NixOS stable does not need the support of Ruby 3.4 that was added in
+bcfd6ab3e44697f4df5fbdf8566a7c66fe00a353.
+---
+ Gemfile.lock | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Gemfile.lock b/Gemfile.lock
+index cdd6b15dc..7d19c11ef 100644
+--- a/Gemfile.lock
++++ b/Gemfile.lock
+@@ -1065,4 +1065,4 @@ RUBY VERSION
+    ruby 3.3.4p94
+
+ BUNDLED WITH
+-   2.6.5
++   2.5.18
+-- 
+2.49.0
+

pkgs/servers/mastodon/gemset.nix

@@ -1368,10 +1368,10 @@
     platforms = [ ];
     source = {
       remotes = [ "https://rubygems.org" ];
-      sha256 = "13wcwdpdx1asjxvqpyxwlcazzsjisls28jjn28d9cqw9zwszcm1p";
+      sha256 = "06yllpzx5ib7cv1ar03279gm2qywnzsqfiz42g5y9fmp7z24yiik";
       type = "gem";
     };
-    version = "2.3.3";
+    version = "2.3.4";
   };
   flatware-rspec = {
     dependencies = [
@@ -1382,10 +1382,10 @@
     platforms = [ ];
     source = {
       remotes = [ "https://rubygems.org" ];
-      sha256 = "0dgl20mi9a5iwcy6v9jq148ljy9rrvyjhp1rpd1sgadfw6kxzbhc";
+      sha256 = "1gqkjilaqbd6qq80rx3fbjppjbllndvhd629yyd29943lrp3m9nb";
       type = "gem";
     };
-    version = "2.3.3";
+    version = "2.3.4";
   };
   fog-core = {
     dependencies = [
@@ -2460,10 +2460,10 @@
     platforms = [ ];
     source = {
       remotes = [ "https://rubygems.org" ];
-      sha256 = "1km0wqx9pj609jidvrqfsvzbzfgdnlpdnv7i7xfqm3wb55vk5w6y";
+      sha256 = "1hjnb5b5m549irs0h1455ipzsv82pikdagx9wjb6r4j1bkjy494d";
       type = "gem";
     };
-    version = "2.1.2";
+    version = "2.1.3";
   };
   omniauth-cas = {
     dependencies = [
@@ -2503,10 +2503,10 @@
     platforms = [ ];
     source = {
       remotes = [ "https://rubygems.org" ];
-      sha256 = "00nn24s74miy7p65y8lwpjfwgcn7fwld61f9ghngal4asgw6pfwa";
+      sha256 = "1c2i8yry06qpqg4k8xps5aj0hfw7l7m5vdqf85sbpr04ngfdpq6l";
       type = "gem";
     };
-    version = "2.2.1";
+    version = "2.2.3";
   };
   omniauth_openid_connect = {
     dependencies = [
@@ -3204,10 +3204,10 @@
     platforms = [ ];
     source = {
       remotes = [ "https://rubygems.org" ];
-      sha256 = "12mv97fz3jp6nl4bc36wiqwdiivv5lgqcpfnan91w20rzapljk22";
+      sha256 = "1yzhcwvfkrlb8l79w24yjclv636jn6rnznp95shmssk934bi1vnc";
       type = "gem";
     };
-    version = "2.2.11";
+    version = "2.2.13";
   };
   rack-attack = {
     dependencies = [ "rack" ];
@@ -3970,10 +3970,10 @@
     platforms = [ ];
     source = {
       remotes = [ "https://rubygems.org" ];
-      sha256 = "1adq06m684gnpjp6qyb8shgj8jjy2npcfg7y6mg2ab9ilfdq6684";
+      sha256 = "0vgsvdaglz1spx9gxrr6xh7qqhi4qd8jd06h2ihwxmazj9ajld6y";
       type = "gem";
     };
-    version = "1.17.0";
+    version = "1.18.0";
   };
   ruby-vips = {
     dependencies = [

pkgs/servers/mastodon/source.nix

@@ -5,16 +5,16 @@
   patches ? [ ],
 }:
 let
-  version = "4.3.4";
+  version = "4.3.6";
 in
 (applyPatches {
   src = fetchFromGitHub {
     owner = "mastodon";
     repo = "mastodon";
     rev = "v${version}";
-    hash = "sha256-2FpiFSK9CBm7eHqVvV8pPp6fLc5jCcUektpSyxNnXtw=";
+    hash = "sha256-cTJmSrQ+xlDfrAyHKeiIvrUOgAh9DQT2NNizN8XT3P0=";
   };
-  patches = patches ++ [ ];
+  patches = patches ++ [ ./downgrade-bundler-version.patch ];
 })
 // {
   inherit version;