move to gts-02, change contact, updates

flake.lock

@@ -21,11 +21,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1701680307,
+        "lastModified": 1705309234,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
         "type": "github"
       },
       "original": {
@@ -45,11 +45,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1701095034,
+        "lastModified": 1705410953,
-        "narHash": "sha256-up8JguDsMgvf3umpcH6P9iD/R6TqCrcB3rhlsOTLKYU=",
+        "narHash": "sha256-c0IUoRKt5k2EprCbccRF7ohWEHlGTppalXAC6ZKpoNk=",
         "ref": "refs/heads/hungy",
-        "rev": "1cca07d244e18ea1c1c0d48016fa3e4b581bf224",
+        "rev": "db36355ce9eba4d0898ebd2490b5b35b923ac72e",
-        "revCount": 57,
+        "revCount": 58,
         "type": "git",
         "url": "https://forgejo.owo.monster/chaos/food-site"
       },
@@ -65,11 +65,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703072477,
+        "lastModified": 1705408632,
-        "narHash": "sha256-I2g7o+J26iK3sGk53iuaYiMWryzAYx0zhNQUFzTID/A=",
+        "narHash": "sha256-/AhkReVocTli5BLWA5WXxUlGYXn3Agi/uzX76TNrsbo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "433120e47d016c9960dd9c2b1821e97d223a6a39",
+        "rev": "37d6eeceee464adc03585404eebd68765b3c8615",
         "type": "github"
       },
       "original": {
@@ -89,11 +89,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1701094124,
+        "lastModified": 1705410918,
-        "narHash": "sha256-4nZrZe/rzxmp+H2JrfLWVkwNGzvx0nVVWcfcF1AEb9I=",
+        "narHash": "sha256-sSxVbpl0qW2Nd+iZXqurZoYoiZpHnaNy8R6h5hWyh64=",
         "ref": "refs/heads/main",
-        "rev": "8f935b84929eb6ea4577b015b9b4ef4e86ee69ce",
+        "rev": "d6359a1af8bed495482137dd9908e7407b8444db",
-        "revCount": 116,
+        "revCount": 117,
         "type": "git",
         "url": "https://forgejo.owo.monster/chaos/musicutil"
       },
@@ -115,11 +115,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1702867085,
+        "lastModified": 1705359964,
-        "narHash": "sha256-zcKtsexiTURppa7styWbMvrFiIYfoY5mBtWeIlh7YqU=",
+        "narHash": "sha256-ys1MDjIH6z5UP7gAciRfUAlf2FJV0t3yFib965N/S+I=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "86f3b26038b36603f51e260979a09e9c659415e9",
+        "rev": "bb3eeeb96ce059ae29309138874ccf58e796f4b1",
         "type": "github"
       },
       "original": {
@@ -130,11 +130,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1700794826,
+        "lastModified": 1705133751,
-        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
+        "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
+        "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
         "type": "github"
       },
       "original": {
@@ -146,11 +146,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1703013332,
+        "lastModified": 1705133751,
-        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+        "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+        "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
         "type": "github"
       },
       "original": {
@@ -162,11 +162,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1700794826,
+        "lastModified": 1705133751,
-        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
+        "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
+        "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
         "type": "github"
       },
       "original": {
@@ -178,11 +178,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1700794826,
+        "lastModified": 1705133751,
-        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
+        "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
+        "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1703085539,
+        "lastModified": 1705412701,
-        "narHash": "sha256-4YE7zXvzWUtnAyzV9+9VYrfr/o+Y/k4ka7yWO2MtAaI=",
+        "narHash": "sha256-C+xOfQHcc2eB2iq6qyFzReoDJSUYv513FFuluVu4Lr4=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "d19b0ed13ad371fe975f20872d7d198d50ecf763",
+        "rev": "63ffe98d833ec01b51ea43204a4e844e2fa39a5e",
         "type": "github"
       },
       "original": {
@@ -283,11 +283,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1701095009,
+        "lastModified": 1705413365,
-        "narHash": "sha256-hV9R/ZCXL9cZ78TZSkO6TUfuwx/E2K13k2kcoGDgGBc=",
+        "narHash": "sha256-C3CvdCebHM5RiGrRF4WGQLisQ0FYrPPeJBbCWNxHGAI=",
         "ref": "refs/heads/main",
-        "rev": "6b0eada62567711299750ae2b708ae30318c8ff9",
+        "rev": "ea11dd6514c51d524b5cdded260a4632c5cf3c9c",
-        "revCount": 462,
+        "revCount": 464,
         "type": "git",
         "url": "https://forgejo.owo.monster/chaos/VaultUI"
       },

hosts/hetzner-arm/containers/mail/modules/mailserver/dovecot.nix

@@ -57,14 +57,14 @@ in {
       protocols = ["sieve"];
 
       sieveScripts = {
-        after = builtins.toFile "spam.sieve" ''
+        # BROKEN: after: line 1: error: require command: unknown Sieve capability `fileinto'.
-          require "fileinto";
+        # after = builtins.toFile "spam.sieve" ''
-
+        #   require "fileinto";
-          if header :is "X-Spam" "Yes" {
+        #   if header :is "X-Spam" "Yes" {
-              fileinto "Junk";
+        #       fileinto "Junk";
-              stop;
+        #       stop;
-          }
+        #   }
-        '';
+        # '';
       };
 
       mailboxes = {

hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix

@@ -13,22 +13,28 @@ in {
     enableTCPIP = true;
     ensureDatabases = [
       "gotosocial"
+      "gotosocial_new"
       "quassel"
     ];
     ensureUsers = [
       {
         name = "gotosocial";
-        ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES";
+        ensureDBOwnership = true;
+      }
+      {
+        name = "gotosocial_new";
+        ensureDBOwnership = true;
       }
       {
         name = "quassel";
-        ensurePermissions."DATABASE quassel" = "ALL PRIVILEGES";
+        ensureDBOwnership = true;
       }
     ];
     # If the host is a local container then use the container's IP
     # otherwise use the host's IP
     authentication = ''
       host gotosocial gotosocial ${localContainersAddresses.containers."social"}/32 trust
+      host gotosocial_new gotosocial_new ${localContainersAddresses.containers."social-02"}/32 trust
       host quassel quassel ${localContainersAddresses.containers."quassel"}/32 trust
     '';
   };

hosts/hetzner-arm/containers/postgresql/profiles/restic.nix

@@ -8,6 +8,7 @@
   backupPrepareCommand = "${
     (pkgs.writeShellScriptBin "backupPrepareCommand" ''
       systemctl start remotePostgreSQLBackup-gotosocial --wait
+      systemctl start remotePostgreSQLBackup-gotosocial_new --wait
       systemctl start remotePostgreSQLBackup-quassel --wait
     '')
   }/bin/backupPrepareCommand";
@@ -51,6 +52,7 @@ in {
     backupUser = "postgres";
     databases = [
       "gotosocial"
+      "gotosocial_new"
       "quassel"
     ];
   };

hosts/hetzner-arm/containers/social-02/default.nix

@@ -0,0 +1,67 @@
+{
+  self,
+  hostPath,
+  tree,
+  inputs,
+  config,
+  pkgs,
+  ...
+}: let
+  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
+  hostIP = containerAddresses.host;
+  containerIP = containerAddresses.containers.social-02;
+in {
+  containers.social-02 = {
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = hostIP;
+    localAddress = containerIP;
+
+    specialArgs = {
+      inherit inputs;
+      inherit tree;
+      inherit self;
+      inherit hostPath;
+    };
+
+    config = {...}: {
+      nixpkgs.pkgs = pkgs;
+
+      imports = with tree;
+        [
+          presets.nixos.containerBase
+          ./secrets.nix
+        ]
+        ++ (with hosts.hetzner-arm.containers.social-02.profiles; [
+          gotosocial
+          #restic
+        ]);
+
+      networking.firewall = {
+        enable = true;
+        allowedTCPPorts = [8080];
+      };
+
+      home-manager.users.root.home.stateVersion = "23.05";
+      system.stateVersion = "23.05";
+    };
+  };
+
+  services.nginx.virtualHosts."gts-02.owo.monster" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://${containerIP}:8080";
+      proxyWebsockets = true;
+      extraConfig = ''
+        # uncomment if running nginx without recommendedProxySettings
+        # proxy_set_header Host $host;
+        # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # proxy_set_header X-Forwarded-Proto $scheme;
+      '';
+    };
+    extraConfig = ''
+      client_max_body_size 128M;
+    '';
+  };
+}

hosts/hetzner-arm/containers/social-02/profiles/gotosocial.nix

@@ -0,0 +1,74 @@
+{
+  hostPath,
+  config,
+  ...
+}: let
+  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
+  hostIP = containerAddresses.host;
+  containerIP = containerAddresses.containers.social-02;
+
+  secrets = config.services.secrets.secrets;
+in {
+  services.gotosocial = {
+    enable = true;
+    setupPostgresqlDB = false;
+    environmentFile = secrets.env_secrets.path;
+
+    settings = {
+      application-name = "chaos-gts";
+      host = "gts-02.owo.monster";
+      bind-address = "0.0.0.0";
+
+      log-level = "info";
+      log-client-ip = true;
+
+      db-type = "postgres";
+      db-user = "gotosocial_new";
+      db-database = "gotosocial_new";
+      db-address = "${containerAddresses.containers.postgresql}";
+
+      trusted-proxies = [
+        "127.0.0.1/32"
+        "::1"
+        hostIP
+        containerIP
+      ];
+
+      port = 8080;
+      letsencrypt-enabled = false;
+
+      accounts-registration-open = false;
+
+      smtp-host = "mail.owo.monster";
+      smtp-port = 587;
+      smtp-from = "gotosocial@owo.monster";
+      smtp-username = "gotosocial@owo.monster";
+      smtp-password = ""; # set via env variables
+
+      instance-languages = ["en" "de"];
+
+      media-image-max-size = 1000000 * 64; # MB
+      media-video-max-size = 1000000 * 1024; # MB
+      media-description-max-chars = 4000;
+      media-emoji-local-max-size = 102400;
+      media-emoji-remote-max-size = 102400;
+
+      media-remote-cache-days = 1;
+      media-cleanup-every = "6h";
+
+      statuses-cw-max-chars = 150;
+      statuses-poll-max-options = 10;
+      statuses-media-max-files = 8;
+
+      advanced-rate-limit-requests = 0;
+
+      # only enable when testing out mastodon-api applications
+      # that use instance version for api compatibility checks
+      # instance-inject-mastodon-version = true;
+
+      cache = {
+        memory-target = "512MiB";
+      };
+    };
+  };
+}

hosts/hetzner-arm/containers/social-02/secrets.nix

@@ -0,0 +1,46 @@
+{...}: {
+  services.secrets = {
+    enable = true;
+
+    vaultLogin = {
+      enable = true;
+      loginUsername = "hetzner-arm-container-social";
+    };
+
+    autoSecrets = {
+      enable = true;
+    };
+
+    requiredVaultPaths = [
+      "private-public-keys/data/restic/Social"
+
+      "api-keys/data/storage/restic/Social"
+
+      "api-keys/data/chaos_mail/gotosocial"
+    ];
+
+    secrets = {
+      vault_password = {
+        manual = true;
+      };
+
+      restic_password = {
+        fetchScript = ''
+          simple_get "/private-public-keys/restic/Social" .password > "$secretFile"
+        '';
+      };
+      restic_env = {
+        fetchScript = ''
+          RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/Social" .restic)
+          echo "RESTIC_REPOSITORY=rest:https://restic:$RESTIC_PASSWORD@storage-restic.owo.monster/Social" > "$secretFile"
+        '';
+      };
+      env_secrets = {
+        fetchScript = ''
+          smtp_password=$(simple_get "/api-keys/chaos_mail/gotosocial" .password)
+          echo "GTS_SMTP_PASSWORD=$smtp_password" > "$secretFile"
+        '';
+      };
+    };
+  };
+}

hosts/hetzner-arm/containers/social/default.nix

@@ -34,7 +34,6 @@ in {
         ]
         ++ (with hosts.hetzner-arm.containers.social.profiles; [
           gotosocial
-          restic
         ]);
 
       networking.firewall = {

hosts/hetzner-arm/containers/social/secrets.nix

@@ -12,10 +12,6 @@
     };
 
     requiredVaultPaths = [
-      "private-public-keys/data/restic/Social"
-
-      "api-keys/data/storage/restic/Social"
-
       "api-keys/data/chaos_mail/gotosocial"
     ];
 
@@ -24,17 +20,6 @@
         manual = true;
       };
 
-      restic_password = {
-        fetchScript = ''
-          simple_get "/private-public-keys/restic/Social" .password > "$secretFile"
-        '';
-      };
-      restic_env = {
-        fetchScript = ''
-          RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/Social" .restic)
-          echo "RESTIC_REPOSITORY=rest:https://restic:$RESTIC_PASSWORD@storage-restic.owo.monster/Social" > "$secretFile"
-        '';
-      };
       env_secrets = {
         fetchScript = ''
           smtp_password=$(simple_get "/api-keys/chaos_mail/gotosocial" .password)

hosts/hetzner-arm/data/containerAddresses.nix

@@ -10,5 +10,6 @@
     caldav = "10.0.1.8";
     owncast = "10.0.1.9";
     jellyfin = "10.0.1.10";
+    social-02 = "10.0.1.11";
   };
 }

hosts/hetzner-arm/hetzner-arm.nix

@@ -21,6 +21,7 @@ in {
     ]
     ++ (forEach [
       "social"
+      "social-02"
       "storage"
       "music"
       "quassel"

hosts/hetzner-arm/profiles/staticSiteData/contact/index.html

@@ -49,13 +49,13 @@
       <p>Telegram: <a href="https://t.me/chaoticryptidz"><code>chaoticryptidz</code></a></p>
       <p>Discord: <code>chaoticryptidz</code></p>
       <p>Matrix: <a href="https://matrix.to/#/@chaos:barr0w.net"><code>@chaos:barr0w.net</code></a></p>
-      <p>Fediverse: <a href="https://gts-01.owo.monster/@chaos"><code>@chaos@gts-01.owo.monster</code></a></p>
+      <p>Fediverse: <a href="https://gts-02.owo.monster/@chaos"><code>@chaos@gts-02.owo.monster</code></a></p>
       <p>Signal: Ask elsewhere for number</p>
       <p>Session: Ask elsewhere for ID</p>
       <p>IRC(liberachat, rarely active so ping me elsewhere): <code>chaoticryptidz</code></p>
       <p>Email: <a href="mailto:chaos@owo.monster"><code>chaos@owo.monster</code></a></p>
-      <p><a href="https://github.com/FiloSottile/age">Age</a> pubkey:
+      <p><a href="https://github.com/FiloSottile/age">Age</a> pubkey: <code>age1za8dy3n8lqtuwfy0np2h0alcezw97sunzz5ywfv0pg22x4lqys6sl33uc8</code></p>
-        <code>age1za8dy3n8lqtuwfy0np2h0alcezw97sunzz5ywfv0pg22x4lqys6sl33uc8</code></p>
+      <a href="https://ko-fi.com/chaoticryptidz">Donate (ko-fi / stripe)</a>
     </div>
   </div>
 </body>

overlay/default.nix

@@ -13,6 +13,49 @@ final: prev: rec {
     cp -r ${./kitty-terminfo}/* $out/share
   '';
 
+  # Remove when fixed in upstream
+  jellyfin-ffmpeg =
+    (prev.ffmpeg_6-headless.override {
+      withAribcaption = false; # FIXME remove when updating past version 6.1
+    })
+    .overrideAttrs (old: rec {
+      pname = "jellyfin-ffmpeg";
+      version = "6.0.1-1";
+
+      src = final.fetchFromGitHub {
+        owner = "jellyfin";
+        repo = "jellyfin-ffmpeg";
+        rev = "v${version}";
+        hash = "sha256-LMwGxx++z6TpZLnpeRGraid4653Mp8T4pY5EP4Z7GXY=";
+      };
+
+      buildInputs = old.buildInputs ++ [prev.chromaprint];
+
+      configureFlags =
+        old.configureFlags
+        ++ [
+          "--extra-version=Jellyfin"
+          "--disable-ptx-compression" # https://github.com/jellyfin/jellyfin/issues/7944#issuecomment-1156880067
+          "--enable-chromaprint"
+        ];
+
+      postPatch = ''
+        for file in $(cat debian/patches/series); do
+          patch -p1 < debian/patches/$file
+        done
+
+        ${old.postPatch or ""}
+      '';
+
+      meta = with final.lib; {
+        description = "${old.meta.description} (Jellyfin fork)";
+        homepage = "https://github.com/jellyfin/jellyfin-ffmpeg";
+        license = licenses.gpl3;
+        maintainers = with maintainers; [justinas];
+        pkgConfigModules = ["libavutil"];
+      };
+    });
+
   mpd-headless =
     (prev.mpdWithFeatures.override {
       ffmpeg = final.ffmpeg_6-headless;
@@ -51,9 +94,9 @@ final: prev: rec {
     owner = "superseriousbusiness";
     repo = "gotosocial";
 
-    version = "0.13.0";
+    version = "0.13.1";
-    source-hash = "sha256-+/x3CAGF/cjK1/7fHgC8EzlGR/Xmq3aFL5Ogc/QZCpA=";
+    source-hash = "sha256-hqESRm+UOBFd+882Qfru1Dc4CnFaHFatX+K12meDODs=";
-    web-assets-hash = "sha256-aPxjfe+0f4hUBfwBH67LsR1/Kv/42sPhlHwmVmDfp30=";
+    web-assets-hash = "sha256-I/vwAB5F1A2cGmu76CIAYioYoycTHt0RxPOsPr5uQas=";
 
     web-assets = final.fetchurl {
       url = "https://github.com/${owner}/${repo}/releases/download/v${version}/${repo}_${version}_web-assets.tar.gz";

profiles/gui/environments/gnome/default.nix

@@ -41,7 +41,7 @@ in {
     pkgs.gnome.cheese
     pkgs.gnome.gnome-music
     pkgs.gnome.gnome-terminal
-    pkgs.gnome.gedit
+    pkgs.gedit
     pkgs.epiphany
     pkgs.evince
     pkgs.gnome.gnome-characters