commit bbe9311419d83fd05c9f1a7bda6313d10e080cc6
parent d06f3de6855b4fe5bd310aea47092df75907f218
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 12 May 2023 15:26:24 +0200
parent d06f3de6855b4fe5bd310aea47092df75907f218
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 12 May 2023 15:26:24 +0200
machines/lollo/gotosocial -> machines/briefkasten/gotosocial
9 files changed, 130 insertions(+), 130 deletions(-)
A
|
99
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
D
|
99
-------------------------------------------------------------------------------
diff --git a/machines/briefkasten/configuration.nix b/machines/briefkasten/configuration.nix @@ -17,6 +17,9 @@ # cal- and card-dav server ./radicale.nix + # fedi server + ./gotosocial.nix + ./scanner-sftp.nix ];
diff --git a/machines/briefkasten/gotosocial.nix b/machines/briefkasten/gotosocial.nix @@ -0,0 +1,99 @@ +{ pkgs, lib, config, ... }: + +let + gotosocial = pkgs.callPackage ../../pkgs/gotosocial {}; + +in { + + dns.zones."ctu.cx".subdomains."fedi.home".CNAME = lib.mkIf config.networking.usePBBUplink [ "${config.networking.fqdn}." ]; + + age.secrets.restic-gotosocial.file = ./. + "/../../secrets/${config.networking.hostName}/restic/gotosocial.age"; + age.secrets.gotosocial-env.file = ./. + "/../../secrets/${config.networking.hostName}/gotosocial-env.age"; + + systemd.services.restic-backup-gotosocial.serviceConfig.ReadWritePaths = [ "/var/lib/gotosocial" ]; + + restic-backups.gotosocial = { + user = "gotosocial"; + passwordFile = config.age.secrets.restic-gotosocial.path; + sqliteDatabases = [ "/var/lib/gotosocial/db.sqlite" ]; + paths = [ "/var/lib/gotosocial/storage" "/var/lib/gotosocial/backup.json" ]; + runBeforeBackup = '' + ${gotosocial}/bin/gotosocial --config-path /etc/gotosocial.yaml admin export --path /var/lib/gotosocial/backup.json + ''; + }; + + systemd.services.gotosocial.serviceConfig = { + Group = lib.mkForce config.services.nginx.group; + EnvironmentFile = lib.mkIf (config.networking.usePBBUplink == false) config.age.secrets.gotosocial-env.path; + }; + + services.gotosocial = { + enable = true; + package = gotosocial; + group = "nginx"; + settings = { + application-name = "ctucx.gts"; + + host = "fedi.home.ctu.cx"; + account-domain = "fedi.home.ctu.cx"; + protocol = "https"; + + bind-address = "127.0.0.1"; + port = 8085; + + trusted-proxies = [ "127.0.0.1/32" "172.17.0.0/24" ]; + + db-type = "sqlite"; + db-address = "/var/lib/gotosocial/db.sqlite"; + + accounts-allow-custom-css = true; + accounts-registration-open = false; + + instance-expose-peers = true; + instance-expose-suspended = true; + instance-expose-suspended-web = true; + + storage-backend = "local"; + storage-local-base-path = "/var/lib/gotosocial/storage"; + + media-image-max-size = 10000000; + media-remote-cache-days = 3; + }; + }; + + services.nginx.virtualHosts."fedi.home.ctu.cx" = { + enableACME = lib.mkIf config.networking.usePBBUplink true; + forceSSL = lib.mkIf config.networking.usePBBUplink true; + kTLS = lib.mkIf config.networking.usePBBUplink true; + locations = { + "/.well-known/host-meta".extraConfig = ''return 200 '<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="https://fedi.home.ctu.cx/.well-known/webfinger?resource={uri}" type="application/xrd+xml" /></XRD>';''; + "= /".return = "307 /@leah"; + + "/assets/".extraConfig = '' + alias ${config.services.gotosocial.package}/share/web/assets/; + autoindex off; + expires max; + add_header Cache-Control "public, immutable"; + ''; + + # "/fileserver/".extraConfig = '' + # alias ${config.services.gotosocial.settings.storage-local-base-path}/; + # autoindex off; + # expires max; + # add_header Cache-Control "public, immutable"; + # ''; + + "/".extraConfig = '' + proxy_pass http://127.0.0.1:8085/; + + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + '' + lib.optionalString config.networking.usePBBUplink '' + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + }; + }; + +}
diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix @@ -12,9 +12,6 @@ #dns server ./bind.nix - # fedi server - ./gotosocial.nix - ../../configurations/linux/services/prometheus-exporters.nix ../../configurations/linux/services/restic-server.nix
diff --git a/machines/lollo/gotosocial.nix b/machines/lollo/gotosocial.nix @@ -1,99 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - gotosocial = pkgs.callPackage ../../pkgs/gotosocial {}; - -in { - - dns.zones."ctu.cx".subdomains."fedi.home".CNAME = lib.mkIf config.networking.usePBBUplink [ "${config.networking.fqdn}." ]; - - age.secrets.restic-gotosocial.file = ../../secrets/lollo/restic/gotosocial.age; - age.secrets.gotosocial-env.file = ../../secrets/lollo/gotosocial-env.age; - - systemd.services.restic-backup-gotosocial.serviceConfig.ReadWritePaths = [ "/var/lib/gotosocial" ]; - - restic-backups.gotosocial = { - user = "gotosocial"; - passwordFile = config.age.secrets.restic-gotosocial.path; - sqliteDatabases = [ "/var/lib/gotosocial/db.sqlite" ]; - paths = [ "/var/lib/gotosocial/storage" "/var/lib/gotosocial/backup.json" ]; - runBeforeBackup = '' - ${gotosocial}/bin/gotosocial --config-path /etc/gotosocial.yaml admin export --path /var/lib/gotosocial/backup.json - ''; - }; - - systemd.services.gotosocial.serviceConfig = { - Group = lib.mkForce config.services.nginx.group; - EnvironmentFile = lib.mkIf (config.networking.usePBBUplink == false) config.age.secrets.gotosocial-env.path; - }; - - services.gotosocial = { - enable = true; - package = gotosocial; - group = "nginx"; - settings = { - application-name = "ctucx.gts"; - - host = "fedi.home.ctu.cx"; - account-domain = "fedi.home.ctu.cx"; - protocol = "https"; - - bind-address = "127.0.0.1"; - port = 8085; - - trusted-proxies = [ "127.0.0.1/32" "172.17.0.0/24" ]; - - db-type = "sqlite"; - db-address = "/var/lib/gotosocial/db.sqlite"; - - accounts-allow-custom-css = true; - accounts-registration-open = false; - - instance-expose-peers = true; - instance-expose-suspended = true; - instance-expose-suspended-web = true; - - storage-backend = "local"; - storage-local-base-path = "/var/lib/gotosocial/storage"; - - media-image-max-size = 10000000; - media-remote-cache-days = 3; - }; - }; - - services.nginx.virtualHosts."fedi.home.ctu.cx" = { - enableACME = lib.mkIf config.networking.usePBBUplink true; - forceSSL = lib.mkIf config.networking.usePBBUplink true; - kTLS = lib.mkIf config.networking.usePBBUplink true; - locations = { - "/.well-known/host-meta".extraConfig = ''return 200 '<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="https://fedi.home.ctu.cx/.well-known/webfinger?resource={uri}" type="application/xrd+xml" /></XRD>';''; - "= /".return = "307 /@leah"; - - "/assets/".extraConfig = '' - alias ${config.services.gotosocial.package}/share/web/assets/; - autoindex off; - expires max; - add_header Cache-Control "public, immutable"; - ''; - - # "/fileserver/".extraConfig = '' - # alias ${config.services.gotosocial.settings.storage-local-base-path}/; - # autoindex off; - # expires max; - # add_header Cache-Control "public, immutable"; - # ''; - - "/".extraConfig = '' - proxy_pass http://127.0.0.1:8085/; - - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - '' + lib.optionalString config.networking.usePBBUplink '' - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - }; - -}
diff --git a/secrets/briefkasten/gotosocial-env.age b/secrets/briefkasten/gotosocial-env.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoK0pFS3hhYUVCN1hmdnlw +aGNGR3RDTzF2RS9ydkEycU9qYW1UbFpDMnpFCkdha1U4c25yQXRwYnNaUUVtSHpz +bzFjdGFBV0kxRVhmYytFbnI4VklYbDQKLT4gc3NoLWVkMjU1MTkgNGhLQ013IG03 +RUhOQTh4MVU3VFV2ZDdvaGtsTWNZUDVmYkZvL2hFVE51bGhJVEYwMGMKWU9saXBo +VmpobXkyOTBWbmdQd0N5MW9hZXRDMUhaQ0lEZVRTTWFnbkZlZwotPiApbko7cz8t +Z3JlYXNlIHJmU3MvIEdld1VSQUMKY3JrUTFXbmRjazVZZldndnRROAotLS0gUy9i +Wno1czVuLzRnZC85V0NYT3NURC9nUmNvR21sL0tDSGRUR2tYM2VOTQqQPugjPdwm +RrG7103u3FK2UMLykTtu+xHvj3n7jkYOwkmg1KECuKgmLxoaDnaJ5oIoYZpkCcX7 +/0HYd3l/GYAjzFt69RyXJDFwRnsGzwF+CQzg5Zw5pQ/Zpkga27eBxw0Yv8Ugs+C+ +PJbxVt6NgcuQlKwBHXZ85oRrzHVlLDNdswt6JwYoH2vZJEwM4QFRkb9GcpChF1oK +wm52ykw9bb+AZaxnDA== +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/briefkasten/restic/gotosocial.age b/secrets/briefkasten/restic/gotosocial.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHckUyRUEwNERBTUFsQUJm +WjQ5bjh3VUk0cVQzK0k5QzNmSW1MdjY4OHhNCkxjRFAxSXI0ZGhvQmNtNWNxM1Iz +ODQzQjdWR01sRzVGalhoSWhUNmRZWG8KLT4gc3NoLWVkMjU1MTkgNGhLQ013IERJ +a2dQTVZsQ3htbzNGVWFsZndIZ1ZvSEIzaUhBblhBTlFCZkZoT3E4RU0KeXFTL0E0 +Zk1ncjlCMmt6TTlSNThIL0tCeCszWld2WlE4TFFCM1MxZGR2NAotPiBvaE9nJFtc +Uy1ncmVhc2UgSjdOWy8gL2k6cyBENiBmd3hsCmxBVWJqcSt2b2lCdzRpRDduSFhm +ZFRMN0JrUjdGamlKZFV4bkpEMWZSL0pxdGxCbFZMTkZkZWlhMlBCTkJUZHcKV3N4 +TFlPUVZxZEd2azNPR2t4NHdrM2R1VTRPQ2xjcDZMTSswUTJiL2RscDAKLS0tIFlO +bTFGbjErekhlV1NwVFZMT3RYR2VRYkJEZ01iOHJ5K3dMQXNmWklNSWcKrHuZ3TY2 +R1vg8yOIyq0TUNr1wW2hcjUFpCIT0RJQXSR0LY0jxOn0i6T71cjTWH/USVFzFk5Y +h05rBMSrEmPeT9Y= +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/lollo/gotosocial-env.age b/secrets/lollo/gotosocial-env.age @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmN1N0TFFUOWV3OEh4NmZQ -N1VmVlJFT1c1QXJDZ3djejhqRmRWdXpWaUZFCnFmd0xWYStHY2lZUEdEU1puQnN6 -SGFuSzdFWk5Pb3o0WnlkaU81R1hzaU0KLT4gc3NoLWVkMjU1MTkgMXJjY0t3IFlv -cmtxYzVlR2ordnE0MHlQL3Rzd1k0RzRvNzFWaDl1bzQ0TE5RS3ZEQk0KRW5odjFs -enBXbStpWkswbzhpcjI1RXVBelVQQTZuT2dNaUhEaWp5YlBWWQotPiB9OmVqaS1n -cmVhc2UgW18kOmdoCjlsV1d4SzFCQmtWL0dOaHRHMmJnb1BUb0s1ZFBvdURtU2ln -RmlqSzVrcEZFZ0RLRGpNZ1dBNmVHNm5PcjhLSE4KZlc1dG9qc2tBcmJjL1VXbTRn -ZWRBK0N6Ykx2ZG5VaUFhWitjZHcKLS0tIGRTUUFoSmttaXIxK2ExRVpyM2xEb0Zj -djFWSGdVK0VwemFXTkt6Tnp0aEkKjmhThITdc6AtkcmxiZLNkie+tqB3dwT6zaUf -gs0aB9omUm5TDYdywDKsPKB3MtXNCWuqxSIXU3/EUOrAsKaEGUEQis3pP7IBIJ28 -u3A7Yz6wWNhrQhAVbZOl5/Dhzf7DcPQarvKJ8vc+WbqUanEwp4JhNA1BGdD8V2AN -lUcokscYLsS1MouM9GyfhmMA+Z4vrsD+pSIJg1Vfro2ZUaEU3w+pIYU= ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/lollo/restic/gotosocial.age b/secrets/lollo/restic/gotosocial.age @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMnFVUW5DS3RRc2NvenVU -STY2RnlrcXNsUW9haldhV0xJV2llTzBFclJzCkY0ejZZWmE3YzVSZFBNbXJKUWNI -S25xZCtDMzlWb2FUOVFudVoxUDJRc0kKLT4gc3NoLWVkMjU1MTkgMXJjY0t3IGhV -YVVjNkdnK2F5VTZuVDhVV0lrVWtXUVBKakxEa2RORkJlTDRHNzN3M2cKMU1YR2ly -ZVNQZWJWM1lRYWRyczVDNG9saUZtc2diSW9oWEpaK2FWeTRJbwotPiBdYlIrZWtA -Ji1ncmVhc2UgYjF9IERETy8tU3ViIGd1S3gKWjRWU2JrMXpoRy9oWDBOc0tsKzlL -OWhsQk1DT3F4VzZyMFY0YWRJRWZMS2JXUmJBYTgzSndRZnpuNnphNFc1NApQSnRK -ZXZIdXl2TVBEaHlRNGlBMithVFYKLS0tIFk0UTdTZ1FEUVlnY1hyUGhCZlBtck9U -ZFNpVmIzTWlyZkJWRXV4NS9ncTAK/S5R6unnk40WRCE2q1Xs+myg/ZexUvCxldIH -QB8f1LiA49/JP/yC6BW4+VYlTLCoMrKiDoa4f3teqTVkKCtH78o= ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix @@ -29,7 +29,6 @@ in { "briefkasten/syncthing/key.age".publicKeys = [ leah briefkasten ]; "briefkasten/syncthing/cert.age".publicKeys = [ leah briefkasten ]; - "lollo/gotosocial-env.age".publicKeys = [ leah lollo ]; "lollo/mosquitto/passwd-leah.age".publicKeys = [ leah lollo ]; "lollo/mosquitto/passwd-nrw.age".publicKeys = [ leah lollo ]; @@ -46,16 +45,17 @@ in { "lollo/restic-server-htpasswd.age".publicKeys = [ leah lollo ]; "lollo/restic/vnstat.age".publicKeys = [ leah lollo ]; - "lollo/restic/gotosocial.age".publicKeys = [ leah lollo ]; "lollo/restic/oeffisearch.age".publicKeys = [ leah lollo ]; "lollo/restic/influxdb.age".publicKeys = [ leah lollo ]; "lollo/restic/things.age".publicKeys = [ leah lollo ]; "briefkasten/radicale-users.age".publicKeys = [ leah briefkasten ]; + "briefkasten/gotosocial-env.age".publicKeys = [ leah briefkasten ]; "briefkasten/restic-server-htpasswd.age".publicKeys = [ leah briefkasten ]; "briefkasten/restic/radicale.age".publicKeys = [ leah briefkasten ]; + "briefkasten/restic/gotosocial.age".publicKeys = [ leah briefkasten ]; "lollo/solar-nrw/vpn-secrets.age".publicKeys = [ leah lollo ]; "lollo/solar-nrw/solax2mqtt.age".publicKeys = [ leah lollo ];