set up gts

2024-02-03 02:36:39 -08:00 · 2024-02-03 02:36:39 -08:00 · eeaa5d293d
parent c95d21fcc0
commit eeaa5d293d
3 changed files with 102 additions and 30 deletions
--- a/configs/wob.nix
+++ b/configs/wob.nix
@ -50,30 +50,12 @@

  security.acme.acceptTerms = true;
  security.acme.defaults.email = "vivlim@pm.me";
-  security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging letsencrypt
+  #security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging letsencrypt

  services.nginx = {
-    enable = false;
+    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
-    virtualHosts."gts.snoot.tube" = {
-      forceSSL = false;
-      enableACME = false;
-      locations."/" = {
-        proxyPass = "http://gts_backend_ssh"; # ssh forwarded
-        proxyWebsockets = true;
-        extraConfig = ''
-          proxy_set_header Connection ""; 
-        '';
-      };
-
-      locations."/robots.txt" = {
-        extraConfig = ''
-        return 200 'User-agent: *\nDisallow: /';
-        add_header Content-Type text/plain;
-        '';
-      };
-    };

    appendHttpConfig = ''
      log_format  mylogformat  '$remote_addr - $remote_user [$time_local] "$request" '
@ -216,5 +198,28 @@
    (modulesPath + "/profiles/qemu-guest.nix")
  ];

+  #sops.defaultSopsFile = ../secrets/wob.yaml;
+  #config.sops.secrets.borg_backup_repo_passphrase = { };
+  #config.sops.secrets.borgbase_ssh_private_key =
+  # { }; # it is extremely important for this to have a trailing newline, or connecting will fail
+
+#  services.borgbackup.jobs."borgbase" = {
+#
+#    paths = [ "/var/lib" ];
+#    exclude = [
+#      "/var/lib/systemd"
+#    ];
+#
+#    repo = "h5g87o5w@h5g87o5w.repo.borgbase.com:repo";
+#    encryption = {
+#      mode = "repokey-blake2";
+#      passCommand =
+#        "cat ${config.sops.secrets.borg_backup_repo_passphrase.path}";
+#    };
+#    environment.BORG_RSH =
+#      "ssh -i ${config.sops.secrets.borgbase_ssh_private_key.path}";
+#    compression = "auto,lzma";
+#    startAt = "daily";
+#  };
 }
  
--- a/flake.nix
+++ b/flake.nix
@ -96,6 +96,7 @@
        };
        wob = { name, nodes, pkgs, ... }: {
          deployment.targetHost = "wob.vvn.space";
+          deployment.targetPort = 6922;
          deployment.targetUser = "root";

          imports = [
@ -105,6 +106,7 @@
            ./configs/firewall.nix
            ./configs/wob.nix
            ./modules/prometheus_exporters.nix
+            ./modules/gotosocial.nix
          ];
        };
      };
--- a/modules/gotosocial.nix
+++ b/modules/gotosocial.nix
@ -1,16 +1,57 @@
 { lib, pkgs, config, ... }:
 let
+  owner = "superseriousbusiness";
+  repo = "gotosocial";
+
+  version = "0.13.1";
+
+  web-assets = pkgs.fetchurl {
+    url = "https://github.com/${owner}/${repo}/releases/download/v${version}/${repo}_${version}_web-assets.tar.gz";
+    hash = "sha256-I/vwAB5F1A2cGmu76CIAYioYoycTHt0RxPOsPr5uQas=";
+  };
  goToSocialPkg = pkgs.buildGoModule rec {
-    pname = "gotosocial";
-    version = "0.5.2";
-    src = fetchFromGitHub {
-      owner = "superseriousbusiness";
-      repo = "gotosocial";
-      rev = "v${version}";
-      sha256 = "sha256-fQDxU2+sj0QhGOQQRVjKzlyi1PEm/O0B8/V4cac4Kdo=";
+    inherit version;
+    pname = repo;
+
+    src = pkgs.fetchFromGitHub {
+      inherit owner repo;
+      rev = "refs/tags/v${version}";
+      hash = "sha256-hqESRm+UOBFd+882Qfru1Dc4CnFaHFatX+K12meDODs=";
    };
-    vendorSha256 = null;
-  }
+
+    doCheck = false; # The tests take a long time to run.
+
+    vendorHash = null;
+
+    ldflags = [
+      "-s"
+      "-w"
+      "-X main.Version=${version}"
+    ];
+
+    postInstall = ''
+      tar xf ${web-assets}
+      mkdir -p $out/share/gotosocial
+      mv web $out/share/gotosocial/
+    '';
+
+    meta = with lib; {
+      homepage = "https://gotosocial.org";
+      changelog = "https://github.com/superseriousbusiness/gotosocial/releases/tag/v${version}";
+      description = "Fast, fun, ActivityPub server, powered by Go";
+      longDescription = ''
+        ActivityPub social network server, written in Golang.
+        You can keep in touch with your friends, post, read, and
+        share images and articles. All without being tracked or
+        advertised to! A light-weight alternative to Mastodon
+        and Pleroma, with support for clients!
+      '';
+      maintainers = with maintainers; [ misuzu ];
+      license = licenses.agpl3Only;
+    };
+  };
+
+  gtsPort = 8069;
 in {
  services.gotosocial = {
    enable = true;
@ -20,7 +61,7 @@ in {
      application-name = "gotosocial";
      bind-address = "127.0.0.1";
      host = "gts.snoot.tube";
-      port = 8069;
+      port = gtsPort;
      protocol = "https";
      storage-local-base-path = "/var/lib/gotosocial/storage";
      trusted-proxies = [ "127.0.0.1/32" ];
@ -29,4 +70,28 @@ in {
      accounts-allow-custom-css = true;
    };
  };
+  environment.systemPackages = [
+    goToSocialPkg
+  ];
+
+  services.nginx = {
+    virtualHosts."gts.snoot.tube" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString gtsPort}";
+        proxyWebsockets = true;
+        extraConfig = ''
+          proxy_set_header Connection ""; 
+        '';
+      };
+
+      locations."/robots.txt" = {
+        extraConfig = ''
+        return 200 'User-agent: *\nDisallow: /';
+        add_header Content-Type text/plain;
+        '';
+      };
+    };
+  };
 }