commit 8e787adbd35715b8e637918623a134303e4cf3e9
parent 368f2a4c562c8b4e4b092c41325c042b75b4cf6b
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 28 Jun 2024 12:53:20 +0200
parent 368f2a4c562c8b4e4b092c41325c042b75b4cf6b
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 28 Jun 2024 12:53:20 +0200
machines/trabbi/fedi/gotosocial: add smtp-config
4 files changed, 34 insertions(+), 6 deletions(-)
diff --git a/machines/trabbi/fedi/gotosocial.nix b/machines/trabbi/fedi/gotosocial.nix @@ -7,7 +7,10 @@ in { dns.zones."ctu.cx".subdomains."fedi".CNAME = [ "${config.networking.fqdn}." ]; - age.secrets.restic-gotosocial.file = ./. + "/../../../secrets/${config.networking.hostName}/restic/gotosocial.age"; + age.secrets = { + restic-gotosocial.file = ./. + "/../../../secrets/${config.networking.hostName}/restic/gotosocial.age"; + gotosocial-env.file = ./. + "/../../../secrets/${config.networking.hostName}/gotosocial-env.age"; + }; systemd.services.restic-backup-gotosocial.serviceConfig.ReadWritePaths = [ "/var/lib/gotosocial" ]; @@ -25,10 +28,11 @@ in { systemd.services.gotosocial.serviceConfig.Group = lib.mkForce config.services.nginx.group; services.gotosocial = { - enable = true; - package = gotosocial; - group = "nginx"; - settings = { + enable = true; + package = gotosocial; + group = "nginx"; + environmentFile = config.age.secrets.gotosocial-env.path; + settings = { application-name = "ctucx.fedi"; host = "fedi.ctu.cx"; @@ -58,6 +62,12 @@ in { media-image-max-size = 10000000; media-remote-cache-days = 3; media-cleanup-from = "02:00"; + + + smtp-host = "trabbi.ctu.cx"; + smtp-port = 587; + smtp-username = "gts@ctu.cx"; + smtp-from = "gts@ctu.cx"; }; };
diff --git a/modules/linux/gotosocial.nix b/modules/linux/gotosocial.nix @@ -33,6 +33,11 @@ in { readOnly = true; }; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + }; + settings = lib.mkOption { type = lib.types.submodule { freeformType = settingsFormat.type; @@ -128,7 +133,8 @@ in { Restart = "always"; RestartSec = 3; - ExecStart = "${cfg.package}/bin/gotosocial --config-path ${configFile} server start"; + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; + ExecStart = "${cfg.package}/bin/gotosocial --config-path ${configFile} server start"; NoNewPrivileges = true; PrivateTmp = true;
diff --git a/secrets/secrets.nix b/secrets/secrets.nix @@ -77,6 +77,7 @@ in { "trabbi/radicale-users.age".publicKeys = [ leah trabbi ]; "trabbi/travelynx2fedi-env.age".publicKeys = [ leah trabbi ]; "trabbi/vaultwarden-secrets.age".publicKeys = [ leah trabbi ]; + "trabbi/gotosocial-env.age".publicKeys = [ leah trabbi ]; "trabbi/matrix-synapse/registration_shared_secret.age".publicKeys = [ leah trabbi ]; "trabbi/matrix-synapse/sliding-sync-env.age".publicKeys = [ leah trabbi ];
diff --git a/secrets/trabbi/gotosocial-env.age b/secrets/trabbi/gotosocial-env.age @@ -0,0 +1,11 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TUlLVFMwSzNmL0dNWGxO +dGE5dkV6YnozekVYWjZVcnZVRlM0Wk50MERVCktLSlV4UVRUVmpvT243QjZHcVU2 +SXNNcG5MT29vYVlXcEtXZDJYVmNSeWMKLT4gc3NoLWVkMjU1MTkgcThvY3pnIG92 +M0tlTU5hK3BUdDJHQ1A5Z3grU1pEeVhZTGdIODBvUG43Vm84M2lRU3cKc21VdjZk +L3NvdmI5NmFCSE0rdm95VDcxZkU0L3F2VjJQOEx3N3A2RUJZawotPiBOaUEtZ3Jl +YXNlIDtDPC5SMzogc2sKc1Q5U0FqVVllRUNpWWpqNlNZWUhMUGNOS1l5bzhVMzBH +Y2o1NHRMaUNnWFRpZSswa3lmQkpUVQotLS0gYkVzbWJleS93ZFpCS1l2TG16MG9D +QUlTT3pKRUh6NEEvUlVKSkFkMUcvbwoWRGN3LtjSe8G5LhZTFGW5Nzn049lZOCOE +wZwHKqeujgrsGIcawCqz//lLhPtKaSeCp56DqlpaBh9DBkWJeOgppomy/rY= +-----END AGE ENCRYPTED FILE-----