Commit 9560c7f

HPCesia <me@hpcesia.com>
2025-07-18 16:58:04
feat(service): add gotosocial on pardo
1 parent dc433c3
Changed files (4)
hosts
secrets
hosts/chaser-pardofelis/caddy.nix
@@ -21,6 +21,7 @@
           builtins.substring 6 (-1) config.services.authelia.instances.main.settings.server.address
         }";
         vaultwarden = "http://localhost:${builtins.toString config.services.vaultwarden.config.rocketPort}";
+        gotosocial = "http://localhost:${builtins.toString config.services.gotosocial.settings.port}";
         grafana = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
         homepage = "http://localhost:${builtins.toString config.services.homepage-dashboard.listenPort}";
         prometheus = "http://${config.services.victoriametrics.listenAddress}";
@@ -50,6 +51,10 @@
         encode zstd gzip
         reverse_proxy ${localAddress.prometheus}
       '';
+      "trin.one".extraConfig = ''
+        encode zstd gzip
+        reverse_proxy ${localAddress.gotosocial}
+      '';
     };
   };
 
hosts/chaser-pardofelis/gotosocial.nix
@@ -0,0 +1,34 @@
+{config, ...}: {
+  services.gotosocial = {
+    enable = true;
+    settings = {
+      # Basic
+      host = "trin.one";
+      bind-address = "localhost";
+      port = 9291;
+      protocol = "https"; # Final used protocol, should be `https` even when utilizing a reverse proxy.
+      # Storage
+      db-type = "sqlite";
+      db-address = "/var/lib/gotosocial/sqlite.db";
+      storage-backend = "s3";
+      storage-s3-bucket = "trin-one";
+      # Instance
+      landing-page-user = "hpcesia";
+      instance-languages = ["zh-Hans"];
+      instance-expose-public-timeline = true;
+      instance-inject-mastodon-version = true;
+    };
+    environmentFile = config.sops.templates.gotosocial-env.path;
+  };
+
+  sops.templates.gotosocial-env = {
+    content = ''
+      GTS_STORAGE_S3_ENDPOINT=${config.sops.placeholder.gotosocial-s3-endpoint}
+      GTS_STORAGE_S3_ACCESS_KEY=${config.sops.placeholder.gotosocial-s3-access-key}
+      GTS_STORAGE_S3_SECRET_KEY=${config.sops.placeholder.gotosocial-s3-secret-key}
+    '';
+    owner = "root";
+    group = "gotosocial";
+    mode = "0440";
+  };
+}
secrets/hosts/pardofelis/default.nix
@@ -56,6 +56,18 @@ in
             }
             // secretFileConf;
         }
+        {
+          name = "gotosocial-s3-endpoint";
+          value = {key = "services/gotosocial/s3Endpoint";} // secretFileConf;
+        }
+        {
+          name = "gotosocial-s3-access-key";
+          value = {key = "services/gotosocial/s3AccessKey";} // secretFileConf;
+        }
+        {
+          name = "gotosocial-s3-secret-key";
+          value = {key = "services/gotosocial/s3SecretKey";} // secretFileConf;
+        }
         {
           name = "authelia-main-oidc-hmac-secret";
           value =
secrets/hosts/pardofelis/secrets.yaml
@@ -7,6 +7,10 @@ services:
         defaultUserPassword: ENC[AES256_GCM,data:go37FcBdkPaI3o9ufWWSe4csncSBXl7Sna1lOU9xCxc=,iv:uslyMRqDLmJp9al4kz+F/f8tcyAzpBtnRHRNaz5E+1U=,tag:cs/laSyPWy0GHN3bMO8FRQ==,type:str]
     grafana:
         adminPassword: ENC[AES256_GCM,data:GSD4lXMBxnzbmWluPp0J4Y7EDOnutCZq,iv:MqyKSHZk2RkPEo07SQxYYYZir+DPwWSjwwWVfeP8kqQ=,tag:VVJFT5HQquF6fOp7aOINSA==,type:str]
+    gotosocial:
+        s3Endpoint: ENC[AES256_GCM,data:zUe0nDSW1T9i3YOq2Cao87nM4I05yquKMLsD7gMKYJ/M8bj9usBiFr3aAOW5mEiATzSy4VtupTDT,iv:UluVNVCcF1LUWYJWlCVS4y197TSuD34MNuUC7Mr+Tjg=,tag:AyLcTDPZoleKSMDX39ApBg==,type:str]
+        s3AccessKey: ENC[AES256_GCM,data:2hOwCwYROPZ/ZBs+QHjuaHZR8DZdBoz96Dh0g6ohFpg=,iv:6FGLKG+Y9/8tFqLsC+h7oBbT2HkMBDF1zobv61/a6j0=,tag:0OZ5KpK3P47ZqyEWdUEGRQ==,type:str]
+        s3SecretKey: ENC[AES256_GCM,data:zg0JEJvuGDLuEgm1clp7CI4tF47CtLsyR9kn9vr8YJvyDxPL9cSWgGMVffrGFf/AY9q4k7SSrNS047k5SB1nHQ==,iv:0LAatRgKfCrkdvQLfrCLl/BvdwkzH0SSRp17/6ssClA=,tag:U520Cp1+XZMjdW9RpwX2YQ==,type:str]
     authelia:
         main:
             jwtSecret: ENC[AES256_GCM,data:czKoD+m8bu0ioTjXYmGv8ZhQphTgsv3GEAvgY4JsxbhAEDgzR1U/Pm7n3FuoIbCCPI6TQcRN2cB4NrvNNUoqZg==,iv:MZbgnw3GkgkQQNk2i4wNFkqcrsyIqdB1GbfeN+NTlwQ=,tag:MN7dV2BDjXxI3AxOYNie1Q==,type:str]
@@ -34,8 +38,8 @@ sops:
             MmVobitCNUxvUGJmRUtWWEhZekdHaEEKcx1nN+bR2wsexYV/B5PC+Pu9Yi9w+KE8
             Kcy2S1Cyu7MEkE8it447yqixIA5l5mbFGRjfTvI8KZXZUGgLecAktQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-17T07:12:32Z"
-    mac: ENC[AES256_GCM,data:VHPb4QiRZ+kw3QS7EAYIjOVnmHNetSuOY4VsZPmf/iOAcsfiq6Nab5gb+pXGMPUBmHLt85auagx4e9ZbpSFcOX2yHdZkQ/UxR3ZW27aRk08+5HuZjAYfKmQyMHSBjo2AfywUkdkeTawqm8s6rlOdLeqY0hyGfCmKjEVcq37Swl0=,iv:FJRCKrSJwEyolbXQzpoEhFgZeKE5ZTzL6KQWftJ1G/A=,tag:TJ+OZ8vUhixv94KG/hiFKg==,type:str]
+    lastmodified: "2025-07-18T16:50:33Z"
+    mac: ENC[AES256_GCM,data:SizC8XKfRlcUitfJMzWUsD8Kio+Spg0Wt/nuxv+a0muV7TwSOpBQCyWgx/l2aSHVTFNST+ZbV+7oazI2iF0VF29CyaAlxfcyLfTdBZ8ODPciD6ceVjxsb2aHMexasrS6ZXJhLYJ98NdmIPYia8yQJGiU0H5zvmtsg2tbIN+cKFw=,iv:StjHLufE4p4X3YWJiG5LCMrQqrigfbU2eSArZDnVhfU=,tag:fJ6RTmvAaMb13AtkKkF6zg==,type:str]
     pgp:
         - created_at: "2025-07-15T13:47:27Z"
           enc: |-