move to gts-02, change contact, updates

This commit is contained in:
chaos 2024-01-25 11:53:48 +00:00
parent eac4a8f630
commit 3e59864127
No known key found for this signature in database
16 changed files with 293 additions and 69 deletions

View file

@ -21,11 +21,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
@ -45,11 +45,11 @@
]
},
"locked": {
"lastModified": 1701095034,
"narHash": "sha256-up8JguDsMgvf3umpcH6P9iD/R6TqCrcB3rhlsOTLKYU=",
"lastModified": 1705410953,
"narHash": "sha256-c0IUoRKt5k2EprCbccRF7ohWEHlGTppalXAC6ZKpoNk=",
"ref": "refs/heads/hungy",
"rev": "1cca07d244e18ea1c1c0d48016fa3e4b581bf224",
"revCount": 57,
"rev": "db36355ce9eba4d0898ebd2490b5b35b923ac72e",
"revCount": 58,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/food-site"
},
@ -65,11 +65,11 @@
]
},
"locked": {
"lastModified": 1703072477,
"narHash": "sha256-I2g7o+J26iK3sGk53iuaYiMWryzAYx0zhNQUFzTID/A=",
"lastModified": 1705408632,
"narHash": "sha256-/AhkReVocTli5BLWA5WXxUlGYXn3Agi/uzX76TNrsbo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "433120e47d016c9960dd9c2b1821e97d223a6a39",
"rev": "37d6eeceee464adc03585404eebd68765b3c8615",
"type": "github"
},
"original": {
@ -89,11 +89,11 @@
]
},
"locked": {
"lastModified": 1701094124,
"narHash": "sha256-4nZrZe/rzxmp+H2JrfLWVkwNGzvx0nVVWcfcF1AEb9I=",
"lastModified": 1705410918,
"narHash": "sha256-sSxVbpl0qW2Nd+iZXqurZoYoiZpHnaNy8R6h5hWyh64=",
"ref": "refs/heads/main",
"rev": "8f935b84929eb6ea4577b015b9b4ef4e86ee69ce",
"revCount": 116,
"rev": "d6359a1af8bed495482137dd9908e7407b8444db",
"revCount": 117,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/musicutil"
},
@ -115,11 +115,11 @@
]
},
"locked": {
"lastModified": 1702867085,
"narHash": "sha256-zcKtsexiTURppa7styWbMvrFiIYfoY5mBtWeIlh7YqU=",
"lastModified": 1705359964,
"narHash": "sha256-ys1MDjIH6z5UP7gAciRfUAlf2FJV0t3yFib965N/S+I=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "86f3b26038b36603f51e260979a09e9c659415e9",
"rev": "bb3eeeb96ce059ae29309138874ccf58e796f4b1",
"type": "github"
},
"original": {
@ -130,11 +130,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"lastModified": 1705133751,
"narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
"type": "github"
},
"original": {
@ -146,11 +146,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"lastModified": 1705133751,
"narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
"type": "github"
},
"original": {
@ -162,11 +162,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"lastModified": 1705133751,
"narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
"type": "github"
},
"original": {
@ -178,11 +178,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"lastModified": 1705133751,
"narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
"type": "github"
},
"original": {
@ -194,11 +194,11 @@
},
"nur": {
"locked": {
"lastModified": 1703085539,
"narHash": "sha256-4YE7zXvzWUtnAyzV9+9VYrfr/o+Y/k4ka7yWO2MtAaI=",
"lastModified": 1705412701,
"narHash": "sha256-C+xOfQHcc2eB2iq6qyFzReoDJSUYv513FFuluVu4Lr4=",
"owner": "nix-community",
"repo": "NUR",
"rev": "d19b0ed13ad371fe975f20872d7d198d50ecf763",
"rev": "63ffe98d833ec01b51ea43204a4e844e2fa39a5e",
"type": "github"
},
"original": {
@ -283,11 +283,11 @@
]
},
"locked": {
"lastModified": 1701095009,
"narHash": "sha256-hV9R/ZCXL9cZ78TZSkO6TUfuwx/E2K13k2kcoGDgGBc=",
"lastModified": 1705413365,
"narHash": "sha256-C3CvdCebHM5RiGrRF4WGQLisQ0FYrPPeJBbCWNxHGAI=",
"ref": "refs/heads/main",
"rev": "6b0eada62567711299750ae2b708ae30318c8ff9",
"revCount": 462,
"rev": "ea11dd6514c51d524b5cdded260a4632c5cf3c9c",
"revCount": 464,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/VaultUI"
},

View file

@ -57,14 +57,14 @@ in {
protocols = ["sieve"];
sieveScripts = {
after = builtins.toFile "spam.sieve" ''
require "fileinto";
if header :is "X-Spam" "Yes" {
fileinto "Junk";
stop;
}
'';
# BROKEN: after: line 1: error: require command: unknown Sieve capability `fileinto'.
# after = builtins.toFile "spam.sieve" ''
# require "fileinto";
# if header :is "X-Spam" "Yes" {
# fileinto "Junk";
# stop;
# }
# '';
};
mailboxes = {

View file

@ -13,22 +13,28 @@ in {
enableTCPIP = true;
ensureDatabases = [
"gotosocial"
"gotosocial_new"
"quassel"
];
ensureUsers = [
{
name = "gotosocial";
ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES";
ensureDBOwnership = true;
}
{
name = "gotosocial_new";
ensureDBOwnership = true;
}
{
name = "quassel";
ensurePermissions."DATABASE quassel" = "ALL PRIVILEGES";
ensureDBOwnership = true;
}
];
# If the host is a local container then use the container's IP
# otherwise use the host's IP
authentication = ''
host gotosocial gotosocial ${localContainersAddresses.containers."social"}/32 trust
host gotosocial_new gotosocial_new ${localContainersAddresses.containers."social-02"}/32 trust
host quassel quassel ${localContainersAddresses.containers."quassel"}/32 trust
'';
};

View file

@ -8,6 +8,7 @@
backupPrepareCommand = "${
(pkgs.writeShellScriptBin "backupPrepareCommand" ''
systemctl start remotePostgreSQLBackup-gotosocial --wait
systemctl start remotePostgreSQLBackup-gotosocial_new --wait
systemctl start remotePostgreSQLBackup-quassel --wait
'')
}/bin/backupPrepareCommand";
@ -51,6 +52,7 @@ in {
backupUser = "postgres";
databases = [
"gotosocial"
"gotosocial_new"
"quassel"
];
};

View file

@ -0,0 +1,67 @@
{
self,
hostPath,
tree,
inputs,
config,
pkgs,
...
}: let
containerAddresses = import "${hostPath}/data/containerAddresses.nix";
hostIP = containerAddresses.host;
containerIP = containerAddresses.containers.social-02;
in {
containers.social-02 = {
autoStart = true;
privateNetwork = true;
hostAddress = hostIP;
localAddress = containerIP;
specialArgs = {
inherit inputs;
inherit tree;
inherit self;
inherit hostPath;
};
config = {...}: {
nixpkgs.pkgs = pkgs;
imports = with tree;
[
presets.nixos.containerBase
./secrets.nix
]
++ (with hosts.hetzner-arm.containers.social-02.profiles; [
gotosocial
#restic
]);
networking.firewall = {
enable = true;
allowedTCPPorts = [8080];
};
home-manager.users.root.home.stateVersion = "23.05";
system.stateVersion = "23.05";
};
};
services.nginx.virtualHosts."gts-02.owo.monster" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${containerIP}:8080";
proxyWebsockets = true;
extraConfig = ''
# uncomment if running nginx without recommendedProxySettings
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
'';
};
extraConfig = ''
client_max_body_size 128M;
'';
};
}

View file

@ -0,0 +1,74 @@
{
hostPath,
config,
...
}: let
containerAddresses = import "${hostPath}/data/containerAddresses.nix";
hostIP = containerAddresses.host;
containerIP = containerAddresses.containers.social-02;
secrets = config.services.secrets.secrets;
in {
services.gotosocial = {
enable = true;
setupPostgresqlDB = false;
environmentFile = secrets.env_secrets.path;
settings = {
application-name = "chaos-gts";
host = "gts-02.owo.monster";
bind-address = "0.0.0.0";
log-level = "info";
log-client-ip = true;
db-type = "postgres";
db-user = "gotosocial_new";
db-database = "gotosocial_new";
db-address = "${containerAddresses.containers.postgresql}";
trusted-proxies = [
"127.0.0.1/32"
"::1"
hostIP
containerIP
];
port = 8080;
letsencrypt-enabled = false;
accounts-registration-open = false;
smtp-host = "mail.owo.monster";
smtp-port = 587;
smtp-from = "gotosocial@owo.monster";
smtp-username = "gotosocial@owo.monster";
smtp-password = ""; # set via env variables
instance-languages = ["en" "de"];
media-image-max-size = 1000000 * 64; # MB
media-video-max-size = 1000000 * 1024; # MB
media-description-max-chars = 4000;
media-emoji-local-max-size = 102400;
media-emoji-remote-max-size = 102400;
media-remote-cache-days = 1;
media-cleanup-every = "6h";
statuses-cw-max-chars = 150;
statuses-poll-max-options = 10;
statuses-media-max-files = 8;
advanced-rate-limit-requests = 0;
# only enable when testing out mastodon-api applications
# that use instance version for api compatibility checks
# instance-inject-mastodon-version = true;
cache = {
memory-target = "512MiB";
};
};
};
}

View file

@ -0,0 +1,46 @@
{...}: {
services.secrets = {
enable = true;
vaultLogin = {
enable = true;
loginUsername = "hetzner-arm-container-social";
};
autoSecrets = {
enable = true;
};
requiredVaultPaths = [
"private-public-keys/data/restic/Social"
"api-keys/data/storage/restic/Social"
"api-keys/data/chaos_mail/gotosocial"
];
secrets = {
vault_password = {
manual = true;
};
restic_password = {
fetchScript = ''
simple_get "/private-public-keys/restic/Social" .password > "$secretFile"
'';
};
restic_env = {
fetchScript = ''
RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/Social" .restic)
echo "RESTIC_REPOSITORY=rest:https://restic:$RESTIC_PASSWORD@storage-restic.owo.monster/Social" > "$secretFile"
'';
};
env_secrets = {
fetchScript = ''
smtp_password=$(simple_get "/api-keys/chaos_mail/gotosocial" .password)
echo "GTS_SMTP_PASSWORD=$smtp_password" > "$secretFile"
'';
};
};
};
}

View file

@ -34,7 +34,6 @@ in {
]
++ (with hosts.hetzner-arm.containers.social.profiles; [
gotosocial
restic
]);
networking.firewall = {

View file

@ -12,10 +12,6 @@
};
requiredVaultPaths = [
"private-public-keys/data/restic/Social"
"api-keys/data/storage/restic/Social"
"api-keys/data/chaos_mail/gotosocial"
];
@ -24,17 +20,6 @@
manual = true;
};
restic_password = {
fetchScript = ''
simple_get "/private-public-keys/restic/Social" .password > "$secretFile"
'';
};
restic_env = {
fetchScript = ''
RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/Social" .restic)
echo "RESTIC_REPOSITORY=rest:https://restic:$RESTIC_PASSWORD@storage-restic.owo.monster/Social" > "$secretFile"
'';
};
env_secrets = {
fetchScript = ''
smtp_password=$(simple_get "/api-keys/chaos_mail/gotosocial" .password)

View file

@ -10,5 +10,6 @@
caldav = "10.0.1.8";
owncast = "10.0.1.9";
jellyfin = "10.0.1.10";
social-02 = "10.0.1.11";
};
}

View file

@ -21,6 +21,7 @@ in {
]
++ (forEach [
"social"
"social-02"
"storage"
"music"
"quassel"

View file

@ -49,13 +49,13 @@
<p>Telegram: <a href="https://t.me/chaoticryptidz"><code>chaoticryptidz</code></a></p>
<p>Discord: <code>chaoticryptidz</code></p>
<p>Matrix: <a href="https://matrix.to/#/@chaos:barr0w.net"><code>@chaos:barr0w.net</code></a></p>
<p>Fediverse: <a href="https://gts-01.owo.monster/@chaos"><code>@chaos@gts-01.owo.monster</code></a></p>
<p>Fediverse: <a href="https://gts-02.owo.monster/@chaos"><code>@chaos@gts-02.owo.monster</code></a></p>
<p>Signal: Ask elsewhere for number</p>
<p>Session: Ask elsewhere for ID</p>
<p>IRC(liberachat, rarely active so ping me elsewhere): <code>chaoticryptidz</code></p>
<p>Email: <a href="mailto:chaos@owo.monster"><code>chaos@owo.monster</code></a></p>
<p><a href="https://github.com/FiloSottile/age">Age</a> pubkey:
<code>age1za8dy3n8lqtuwfy0np2h0alcezw97sunzz5ywfv0pg22x4lqys6sl33uc8</code></p>
<p><a href="https://github.com/FiloSottile/age">Age</a> pubkey: <code>age1za8dy3n8lqtuwfy0np2h0alcezw97sunzz5ywfv0pg22x4lqys6sl33uc8</code></p>
<a href="https://ko-fi.com/chaoticryptidz">Donate (ko-fi / stripe)</a>
</div>
</div>
</body>

View file

@ -13,6 +13,49 @@ final: prev: rec {
cp -r ${./kitty-terminfo}/* $out/share
'';
# Remove when fixed in upstream
jellyfin-ffmpeg =
(prev.ffmpeg_6-headless.override {
withAribcaption = false; # FIXME remove when updating past version 6.1
})
.overrideAttrs (old: rec {
pname = "jellyfin-ffmpeg";
version = "6.0.1-1";
src = final.fetchFromGitHub {
owner = "jellyfin";
repo = "jellyfin-ffmpeg";
rev = "v${version}";
hash = "sha256-LMwGxx++z6TpZLnpeRGraid4653Mp8T4pY5EP4Z7GXY=";
};
buildInputs = old.buildInputs ++ [prev.chromaprint];
configureFlags =
old.configureFlags
++ [
"--extra-version=Jellyfin"
"--disable-ptx-compression" # https://github.com/jellyfin/jellyfin/issues/7944#issuecomment-1156880067
"--enable-chromaprint"
];
postPatch = ''
for file in $(cat debian/patches/series); do
patch -p1 < debian/patches/$file
done
${old.postPatch or ""}
'';
meta = with final.lib; {
description = "${old.meta.description} (Jellyfin fork)";
homepage = "https://github.com/jellyfin/jellyfin-ffmpeg";
license = licenses.gpl3;
maintainers = with maintainers; [justinas];
pkgConfigModules = ["libavutil"];
};
});
mpd-headless =
(prev.mpdWithFeatures.override {
ffmpeg = final.ffmpeg_6-headless;
@ -51,9 +94,9 @@ final: prev: rec {
owner = "superseriousbusiness";
repo = "gotosocial";
version = "0.13.0";
source-hash = "sha256-+/x3CAGF/cjK1/7fHgC8EzlGR/Xmq3aFL5Ogc/QZCpA=";
web-assets-hash = "sha256-aPxjfe+0f4hUBfwBH67LsR1/Kv/42sPhlHwmVmDfp30=";
version = "0.13.1";
source-hash = "sha256-hqESRm+UOBFd+882Qfru1Dc4CnFaHFatX+K12meDODs=";
web-assets-hash = "sha256-I/vwAB5F1A2cGmu76CIAYioYoycTHt0RxPOsPr5uQas=";
web-assets = final.fetchurl {
url = "https://github.com/${owner}/${repo}/releases/download/v${version}/${repo}_${version}_web-assets.tar.gz";

View file

@ -41,7 +41,7 @@ in {
pkgs.gnome.cheese
pkgs.gnome.gnome-music
pkgs.gnome.gnome-terminal
pkgs.gnome.gedit
pkgs.gedit
pkgs.epiphany
pkgs.evince
pkgs.gnome.gnome-characters