move to gts-02 and shut down gts-01

hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix

@@ -13,7 +13,6 @@ in {
     enableTCPIP = true;
     ensureDatabases = [
       "gotosocial"
-      "gotosocial_new"
       "quassel"
     ];
     ensureUsers = [
@@ -21,10 +20,6 @@ in {
         name = "gotosocial";
         ensureDBOwnership = true;
       }
-      {
-        name = "gotosocial_new";
-        ensureDBOwnership = true;
-      }
       {
         name = "quassel";
         ensureDBOwnership = true;
@@ -34,7 +29,6 @@ in {
     # otherwise use the host's IP
     authentication = ''
       host gotosocial gotosocial ${localContainersAddresses.containers."social"}/32 trust
-      host gotosocial_new gotosocial_new ${localContainersAddresses.containers."social-02"}/32 trust
       host quassel quassel ${localContainersAddresses.containers."quassel"}/32 trust
     '';
   };

hosts/hetzner-arm/containers/postgresql/profiles/restic.nix

@@ -8,7 +8,6 @@
   backupPrepareCommand = "${
     (pkgs.writeShellScriptBin "backupPrepareCommand" ''
       systemctl start remotePostgreSQLBackup-gotosocial --wait
-      systemctl start remotePostgreSQLBackup-gotosocial_new --wait
       systemctl start remotePostgreSQLBackup-quassel --wait
     '')
   }/bin/backupPrepareCommand";
@@ -52,7 +51,6 @@ in {
     backupUser = "postgres";
     databases = [
       "gotosocial"
-      "gotosocial_new"
       "quassel"
     ];
   };

hosts/hetzner-arm/containers/social-02/default.nix

@@ -1,67 +0,0 @@
-{
-  self,
-  hostPath,
-  tree,
-  inputs,
-  config,
-  pkgs,
-  ...
-}: let
-  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
-  hostIP = containerAddresses.host;
-  containerIP = containerAddresses.containers.social-02;
-in {
-  containers.social-02 = {
-    autoStart = true;
-    privateNetwork = true;
-    hostAddress = hostIP;
-    localAddress = containerIP;
-
-    specialArgs = {
-      inherit inputs;
-      inherit tree;
-      inherit self;
-      inherit hostPath;
-    };
-
-    config = {...}: {
-      nixpkgs.pkgs = pkgs;
-
-      imports = with tree;
-        [
-          presets.nixos.containerBase
-          ./secrets.nix
-        ]
-        ++ (with hosts.hetzner-arm.containers.social-02.profiles; [
-          gotosocial
-          #restic
-        ]);
-
-      networking.firewall = {
-        enable = true;
-        allowedTCPPorts = [8080];
-      };
-
-      home-manager.users.root.home.stateVersion = "23.05";
-      system.stateVersion = "23.05";
-    };
-  };
-
-  services.nginx.virtualHosts."gts-02.owo.monster" = {
-    forceSSL = true;
-    enableACME = true;
-    locations."/" = {
-      proxyPass = "http://${containerIP}:8080";
-      proxyWebsockets = true;
-      extraConfig = ''
-        # uncomment if running nginx without recommendedProxySettings
-        # proxy_set_header Host $host;
-        # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        # proxy_set_header X-Forwarded-Proto $scheme;
-      '';
-    };
-    extraConfig = ''
-      client_max_body_size 128M;
-    '';
-  };
-}

hosts/hetzner-arm/containers/social-02/profiles/gotosocial.nix

@@ -1,74 +0,0 @@
-{
-  hostPath,
-  config,
-  ...
-}: let
-  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
-  hostIP = containerAddresses.host;
-  containerIP = containerAddresses.containers.social-02;
-
-  secrets = config.services.secrets.secrets;
-in {
-  services.gotosocial = {
-    enable = true;
-    setupPostgresqlDB = false;
-    environmentFile = secrets.env_secrets.path;
-
-    settings = {
-      application-name = "chaos-gts";
-      host = "gts-02.owo.monster";
-      bind-address = "0.0.0.0";
-
-      log-level = "info";
-      log-client-ip = true;
-
-      db-type = "postgres";
-      db-user = "gotosocial_new";
-      db-database = "gotosocial_new";
-      db-address = "${containerAddresses.containers.postgresql}";
-
-      trusted-proxies = [
-        "127.0.0.1/32"
-        "::1"
-        hostIP
-        containerIP
-      ];
-
-      port = 8080;
-      letsencrypt-enabled = false;
-
-      accounts-registration-open = false;
-
-      smtp-host = "mail.owo.monster";
-      smtp-port = 587;
-      smtp-from = "gotosocial@owo.monster";
-      smtp-username = "gotosocial@owo.monster";
-      smtp-password = ""; # set via env variables
-
-      instance-languages = ["en" "de"];
-
-      media-image-max-size = 1000000 * 64; # MB
-      media-video-max-size = 1000000 * 1024; # MB
-      media-description-max-chars = 4000;
-      media-emoji-local-max-size = 102400;
-      media-emoji-remote-max-size = 102400;
-
-      media-remote-cache-days = 1;
-      media-cleanup-every = "6h";
-
-      statuses-cw-max-chars = 150;
-      statuses-poll-max-options = 10;
-      statuses-media-max-files = 8;
-
-      advanced-rate-limit-requests = 0;
-
-      # only enable when testing out mastodon-api applications
-      # that use instance version for api compatibility checks
-      # instance-inject-mastodon-version = true;
-
-      cache = {
-        memory-target = "512MiB";
-      };
-    };
-  };
-}

hosts/hetzner-arm/containers/social-02/secrets.nix

@@ -1,46 +0,0 @@
-{...}: {
-  services.secrets = {
-    enable = true;
-
-    vaultLogin = {
-      enable = true;
-      loginUsername = "hetzner-arm-container-social";
-    };
-
-    autoSecrets = {
-      enable = true;
-    };
-
-    requiredVaultPaths = [
-      "private-public-keys/data/restic/Social"
-
-      "api-keys/data/storage/restic/Social"
-
-      "api-keys/data/chaos_mail/gotosocial"
-    ];
-
-    secrets = {
-      vault_password = {
-        manual = true;
-      };
-
-      restic_password = {
-        fetchScript = ''
-          simple_get "/private-public-keys/restic/Social" .password > "$secretFile"
-        '';
-      };
-      restic_env = {
-        fetchScript = ''
-          RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/Social" .restic)
-          echo "RESTIC_REPOSITORY=rest:https://restic:$RESTIC_PASSWORD@storage-restic.owo.monster/Social" > "$secretFile"
-        '';
-      };
-      env_secrets = {
-        fetchScript = ''
-          smtp_password=$(simple_get "/api-keys/chaos_mail/gotosocial" .password)
-          echo "GTS_SMTP_PASSWORD=$smtp_password" > "$secretFile"
-        '';
-      };
-    };
-  };
-}

hosts/hetzner-arm/containers/social/default.nix

@@ -34,6 +34,7 @@ in {
         ]
         ++ (with hosts.hetzner-arm.containers.social.profiles; [
           gotosocial
+          restic
         ]);
 
       networking.firewall = {
@@ -46,7 +47,7 @@ in {
     };
   };
 
-  services.nginx.virtualHosts."gts-01.owo.monster" = {
+  services.nginx.virtualHosts."gts-02.owo.monster" = {
     forceSSL = true;
     enableACME = true;
     locations."/" = {

hosts/hetzner-arm/containers/social/profiles/gotosocial.nix

@@ -16,16 +16,16 @@ in {
 
     settings = {
       application-name = "chaos-gts";
-      host = "gts-01.owo.monster";
+      host = "gts-02.owo.monster";
       bind-address = "0.0.0.0";
 
       log-level = "info";
       log-client-ip = true;
 
       db-type = "postgres";
-      db-address = "${containerAddresses.containers.postgresql}";
-      db-database = "gotosocial";
       db-user = "gotosocial";
+      db-database = "gotosocial";
+      db-address = "${containerAddresses.containers.postgresql}";
 
       trusted-proxies = [
         "127.0.0.1/32"

hosts/hetzner-arm/containers/social/profiles/restic.nix

@@ -7,23 +7,23 @@
 
   # Because gotosocial-admin isn't a seporate package we need to generate a seperate config
   # and duplicate the wrapper for use in a systemd unit
-  goToSocialConfigFile = (pkgs.formats.yaml {}).generate "config.yml" config.services.gotosocial.settings;
-  goToSocialAdmin = "${(pkgs.writeShellScriptBin "goToSocialAdmin" ''
+  gotoSocialConfigFile = (pkgs.formats.yaml {}).generate "config.yml" config.services.gotosocial.settings;
+  gotoSocialAdmin = "${(pkgs.writeShellScriptBin "gts-admin" ''
     exec systemd-run \
       -u gotosocial-admin.service \
       -p Group=gotosocial \
       -p User=gotosocial \
       -q -t -G --wait --service-type=exec \
-      ${pkgs.gotosocial}/bin/gotosocial --config-path ${goToSocialConfigFile} admin "$@"
-  '')}/bin/goToSocialAdmin";
+      ${pkgs.gotosocial}/bin/gotosocial --config-path ${gotoSocialConfigFile} admin "$@"
+  '')}/bin/gts-admin";
 
   backupPrepareCommand = "${
     (pkgs.writeShellScriptBin "backupPrepareCommand" ''
       systemctl stop gotosocial
 
-      ${goToSocialAdmin} export --path /var/lib/gotosocial/gts-export.json
+      ${gotoSocialAdmin} export --path /var/lib/gotosocial/gts-export.json
 
-      ${goToSocialAdmin} media prune all --dry-run=false
+      ${gotoSocialAdmin} media prune all --dry-run=false
 
       systemctl start gotosocial
     '')

hosts/hetzner-arm/containers/social/secrets.nix

@@ -12,6 +12,10 @@
     };
 
     requiredVaultPaths = [
+      "private-public-keys/data/restic/Social"
+
+      "api-keys/data/storage/restic/Social"
+
       "api-keys/data/chaos_mail/gotosocial"
     ];
 
@@ -20,6 +24,17 @@
         manual = true;
       };
 
+      restic_password = {
+        fetchScript = ''
+          simple_get "/private-public-keys/restic/Social" .password > "$secretFile"
+        '';
+      };
+      restic_env = {
+        fetchScript = ''
+          RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/Social" .restic)
+          echo "RESTIC_REPOSITORY=rest:https://restic:$RESTIC_PASSWORD@storage-restic.owo.monster/Social" > "$secretFile"
+        '';
+      };
       env_secrets = {
         fetchScript = ''
           smtp_password=$(simple_get "/api-keys/chaos_mail/gotosocial" .password)

hosts/hetzner-arm/data/containerAddresses.nix

@@ -10,6 +10,5 @@
     caldav = "10.0.1.8";
     owncast = "10.0.1.9";
     jellyfin = "10.0.1.10";
-    social-02 = "10.0.1.11";
   };
 }

hosts/hetzner-arm/hetzner-arm.nix

@@ -21,7 +21,6 @@ in {
     ]
     ++ (forEach [
       "social"
-      "social-02"
       "storage"
       "music"
       "quassel"