diff --git a/hosts/hetzner-vm/containers/mail/mail.nix b/hosts/hetzner-vm/containers/mail/mail.nix index a986f06..be1886b 100644 --- a/hosts/hetzner-vm/containers/mail/mail.nix +++ b/hosts/hetzner-vm/containers/mail/mail.nix @@ -29,6 +29,7 @@ "private_mail_aliases" "chaos_mail_passwd" "system_mail_passwd" + "gotosocial_mail_passwd" ]; shared_files = [ "/var/lib/acme/mail.owo.monster/fullchain.pem" diff --git a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix index 59b49ae..bed2716 100644 --- a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix +++ b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix @@ -46,6 +46,13 @@ in { aliases = []; sieveScript = null; }; + + "gotosocial@owo.monster" = { + name = "gotosocial@owo.monster"; + passwordFile = "${secrets.gotosocial_mail_passwd.path}"; + aliases = []; + sieveScript = null; + }; }; }; diff --git a/hosts/hetzner-vm/containers/social/profiles/gotosocial.nix b/hosts/hetzner-vm/containers/social/profiles/gotosocial.nix index f8ede7b..5ffc957 100644 --- a/hosts/hetzner-vm/containers/social/profiles/gotosocial.nix +++ b/hosts/hetzner-vm/containers/social/profiles/gotosocial.nix @@ -1,17 +1,21 @@ -{...}: let +{host_secrets, ...}: let container-addresses = import ../../../data/container-addresses.nix {}; hostIP = container-addresses.host; containerIP = container-addresses.containers.social; + + secrets = host_secrets; in { services.gotosocial = { enable = true; setupPostgresqlDB = true; + environmentFile = host_secrets.social_env_secrets.path; + settings = { application-name = "chaos-gts"; host = "gts-01.owo.monster"; bind-address = "0.0.0.0"; - log-level = "verbose"; + log-level = "info"; log-client-ip = false; trusted-proxies = [ @@ -26,6 +30,12 @@ in { accounts-registration-open = false; + smtp-host = "mail.owo.monster"; + smtp-port = 587; + smtp-username = "gotosocial@owo.monster"; + smtp-password = ""; # set via env variables + smtp-from = "gotosocial@owo.monster"; + media-remote-cache-days = 2; media-image-max-size = 1000000 * 64; # MB diff --git a/hosts/hetzner-vm/containers/social/social.nix b/hosts/hetzner-vm/containers/social/social.nix index c3c4e7e..ec35989 100644 --- a/hosts/hetzner-vm/containers/social/social.nix +++ b/hosts/hetzner-vm/containers/social/social.nix @@ -23,6 +23,9 @@ in { "${secrets.social_restic_env.path}" = { hostPath = "${secrets.social_restic_env.path}"; }; + "${secrets.social_env_secrets.path}" = { + hostPath = "${secrets.social_env_secrets.path}"; + }; }; config = { diff --git a/hosts/hetzner-vm/secrets.nix b/hosts/hetzner-vm/secrets.nix index 09142d6..30e3f97 100644 --- a/hosts/hetzner-vm/secrets.nix +++ b/hosts/hetzner-vm/secrets.nix @@ -97,6 +97,14 @@ htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile ''; }; + gotosocial_mail_passwd = { + user = "dovecot2"; + group = "dovecot2"; + fetchScript = '' + password=$(simple_get "/api-keys/chaos_mail/gotosocial" .password) + htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile + ''; + }; # Container: social social_restic_password = { @@ -111,6 +119,14 @@ echo "RESTIC_REPOSITORY=rest:https://$RESTIC_USERNAME:$RESTIC_PASSWORD@storage-restic.owo.monster/Social" > $secretFile ''; }; + social_env_secrets = { + user = "root"; + group = "root"; + fetchScript = '' + smtp_password=$(simple_get "/api-keys/chaos_mail/gotosocial" .password) + echo "GTS_SMTP_PASSWORD=$smtp_password" > $secretFile + ''; + }; # Container: quassel quassel_restic_password = { diff --git a/profiles/nginx.nix b/profiles/nginx.nix index 4c554cc..5e38390 100644 --- a/profiles/nginx.nix +++ b/profiles/nginx.nix @@ -30,10 +30,12 @@ in { recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - commonHttpConfig = ""; clientMaxBodySize = lib.mkDefault "512m"; serverNamesHashBucketSize = 1024; - mapHashMaxSize = 512; + appendHttpConfig = '' + proxy_headers_hash_max_size 1024; + proxy_headers_hash_bucket_size 256; + ''; }; services.logrotate.settings.nginx = {