ctucx.git: nixfiles

ctucx' nixfiles

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
{ secrets, ctucxConfig, dnsNix, node, pkgs, config, ... }:

{

  imports = [
    ctucxConfig.services.gotosocial
  ];

  #
  # these are just specific settings for this installation!
  # the settings in `../services/gotosical.nix` are also used!
  #

  dns.zones."zuggeschmack.de" = (dnsNix.combinators.host node.ip4Address node.ip6Address) // {
    subdomains."client".CNAME = [ "${config.networking.fqdn}." ];
  };

  age.secrets.gotosocialEnv.file = secrets."${config.networking.hostName}".gotosocialEnv;

  services.gotosocial = {
    environmentFile = config.age.secrets.gotosocialEnv.path;
    settings        = {
      application-name = "ZugGeschmack.de";

      host             = "zuggeschmack.de";
      account-domain   = "zuggeschmack.de";

      accounts-allow-custom-css  = true;
      accounts-registration-open = true;

      instance-expose-peers         = true;
      instance-expose-suspended     = true;
      instance-expose-suspended-web = true;

      instance-languages            = [ "de" "en-us" ];

      media-local-max-size       = "50MiB";
      media-remote-max-size      = "50MiB";

      media-remote-cache-days    = 3;
      media-cleanup-from         = "01:00";

      smtp-host     = "hector.ctu.cx";
      smtp-port     = 587;
      smtp-username = "gts@zuggeschmack.de";
      smtp-from     = "gts@zuggeschmack.de";
    };
  };

  services.nginx.virtualHosts."client.zuggeschmack.de" = {
    useACMEHost = "${config.networking.fqdn}";
    forceSSL    = true;
    kTLS        = true;
    root        = pkgs.masto-fe-standalone;
    extraConfig = ''
      try_files $uri $uri/ /index.html;
    '';
  };

}