set up gts
This commit is contained in:
parent
c95d21fcc0
commit
eeaa5d293d
|
@ -50,30 +50,12 @@
|
|||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "vivlim@pm.me";
|
||||
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging letsencrypt
|
||||
#security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging letsencrypt
|
||||
|
||||
services.nginx = {
|
||||
enable = false;
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
virtualHosts."gts.snoot.tube" = {
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
locations."/" = {
|
||||
proxyPass = "http://gts_backend_ssh"; # ssh forwarded
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_set_header Connection "";
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/robots.txt" = {
|
||||
extraConfig = ''
|
||||
return 200 'User-agent: *\nDisallow: /';
|
||||
add_header Content-Type text/plain;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
appendHttpConfig = ''
|
||||
log_format mylogformat '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
|
@ -216,5 +198,28 @@
|
|||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
#sops.defaultSopsFile = ../secrets/wob.yaml;
|
||||
#config.sops.secrets.borg_backup_repo_passphrase = { };
|
||||
#config.sops.secrets.borgbase_ssh_private_key =
|
||||
# { }; # it is extremely important for this to have a trailing newline, or connecting will fail
|
||||
|
||||
# services.borgbackup.jobs."borgbase" = {
|
||||
#
|
||||
# paths = [ "/var/lib" ];
|
||||
# exclude = [
|
||||
# "/var/lib/systemd"
|
||||
# ];
|
||||
#
|
||||
# repo = "h5g87o5w@h5g87o5w.repo.borgbase.com:repo";
|
||||
# encryption = {
|
||||
# mode = "repokey-blake2";
|
||||
# passCommand =
|
||||
# "cat ${config.sops.secrets.borg_backup_repo_passphrase.path}";
|
||||
# };
|
||||
# environment.BORG_RSH =
|
||||
# "ssh -i ${config.sops.secrets.borgbase_ssh_private_key.path}";
|
||||
# compression = "auto,lzma";
|
||||
# startAt = "daily";
|
||||
# };
|
||||
}
|
||||
|
||||
|
|
|
@ -96,6 +96,7 @@
|
|||
};
|
||||
wob = { name, nodes, pkgs, ... }: {
|
||||
deployment.targetHost = "wob.vvn.space";
|
||||
deployment.targetPort = 6922;
|
||||
deployment.targetUser = "root";
|
||||
|
||||
imports = [
|
||||
|
@ -105,6 +106,7 @@
|
|||
./configs/firewall.nix
|
||||
./configs/wob.nix
|
||||
./modules/prometheus_exporters.nix
|
||||
./modules/gotosocial.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,16 +1,57 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
let
|
||||
owner = "superseriousbusiness";
|
||||
repo = "gotosocial";
|
||||
|
||||
version = "0.13.1";
|
||||
|
||||
web-assets = pkgs.fetchurl {
|
||||
url = "https://github.com/${owner}/${repo}/releases/download/v${version}/${repo}_${version}_web-assets.tar.gz";
|
||||
hash = "sha256-I/vwAB5F1A2cGmu76CIAYioYoycTHt0RxPOsPr5uQas=";
|
||||
};
|
||||
goToSocialPkg = pkgs.buildGoModule rec {
|
||||
pname = "gotosocial";
|
||||
version = "0.5.2";
|
||||
src = fetchFromGitHub {
|
||||
owner = "superseriousbusiness";
|
||||
repo = "gotosocial";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-fQDxU2+sj0QhGOQQRVjKzlyi1PEm/O0B8/V4cac4Kdo=";
|
||||
inherit version;
|
||||
pname = repo;
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
inherit owner repo;
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-hqESRm+UOBFd+882Qfru1Dc4CnFaHFatX+K12meDODs=";
|
||||
};
|
||||
vendorSha256 = null;
|
||||
}
|
||||
|
||||
doCheck = false; # The tests take a long time to run.
|
||||
|
||||
vendorHash = null;
|
||||
|
||||
ldflags = [
|
||||
"-s"
|
||||
"-w"
|
||||
"-X main.Version=${version}"
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
tar xf ${web-assets}
|
||||
mkdir -p $out/share/gotosocial
|
||||
mv web $out/share/gotosocial/
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://gotosocial.org";
|
||||
changelog = "https://github.com/superseriousbusiness/gotosocial/releases/tag/v${version}";
|
||||
description = "Fast, fun, ActivityPub server, powered by Go";
|
||||
longDescription = ''
|
||||
ActivityPub social network server, written in Golang.
|
||||
You can keep in touch with your friends, post, read, and
|
||||
share images and articles. All without being tracked or
|
||||
advertised to! A light-weight alternative to Mastodon
|
||||
and Pleroma, with support for clients!
|
||||
'';
|
||||
maintainers = with maintainers; [ misuzu ];
|
||||
license = licenses.agpl3Only;
|
||||
};
|
||||
};
|
||||
|
||||
gtsPort = 8069;
|
||||
in {
|
||||
services.gotosocial = {
|
||||
enable = true;
|
||||
|
@ -20,7 +61,7 @@ in {
|
|||
application-name = "gotosocial";
|
||||
bind-address = "127.0.0.1";
|
||||
host = "gts.snoot.tube";
|
||||
port = 8069;
|
||||
port = gtsPort;
|
||||
protocol = "https";
|
||||
storage-local-base-path = "/var/lib/gotosocial/storage";
|
||||
trusted-proxies = [ "127.0.0.1/32" ];
|
||||
|
@ -29,4 +70,28 @@ in {
|
|||
accounts-allow-custom-css = true;
|
||||
};
|
||||
};
|
||||
environment.systemPackages = [
|
||||
goToSocialPkg
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."gts.snoot.tube" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString gtsPort}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_set_header Connection "";
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/robots.txt" = {
|
||||
extraConfig = ''
|
||||
return 200 'User-agent: *\nDisallow: /';
|
||||
add_header Content-Type text/plain;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue