@@ -1,78 +0,0 @@
-{lib, ...}: {
- flake.modules.nixos."services/gotosocial" = {config, ...}: {
- services.gotosocial = {
- enable = true;
- settings = {
- # Basic
- host = "trin.one";
- bind-address = "localhost";
- port = 9291;
- protocol = "https"; # Final used protocol, should be `https` even when utilizing a reverse proxy.
- # Storage
- db-type = "sqlite";
- db-address = "/var/lib/gotosocial/sqlite.db";
- storage-backend = "s3";
- storage-s3-bucket = "trin-one";
- storage-s3-redirect-url = "https://asset.trin.one";
- media-remote-cache-days = 0;
- # Instance
- landing-page-user = "hpcesia";
- instance-languages = ["zh-Hans" "en"];
- instance-expose-public-timeline = true;
- instance-inject-mastodon-version = true;
- # SMTP
- smtp-host = "glacier.mxrouting.net";
- smtp-port = 587;
- smtp-username = "no-reply@trin.one";
- smtp-from = "no-reply@trin.one";
- # OIDC
- oidc-enabled = true;
- oidc-idp-name = "Authelia";
- oidc-issuer = "https://auth.trin.one";
- oidc-client-id = "gts-trinnon";
- oidc-scopes = ["openid" "email" "profile" "groups"];
- oidc-allowed-groups = [];
- oidc-admin-groups = ["admin"];
- # Log
- log-level = "info";
- log-timestamp-format = "2006-01-02T15:04:05.000Z07:00";
- };
- environmentFile = config.vaultix.templates.gotosocial-env.path;
- };
-
- services.caddy.virtualHosts."trin.one".extraConfig =
- lib.mkIf config.services.caddy.enable
- (let
- localAddress = "http://localhost:${toString config.services.gotosocial.settings.port}";
- in ''
- encode zstd gzip
- reverse_proxy ${localAddress}
- '');
-
- services.restic.backups."${config.networking.hostName}-backup".paths =
- lib.mkIf
- (builtins.hasAttr "${config.networking.hostName}-backup" config.services.restic.backups)
- ["/var/lib/gotosocial"];
-
- vaultix.secrets.gotosocial-s3-endpoint.file = ./s3-endpoint.age;
- vaultix.secrets.gotosocial-s3-access-key.file = ./s3-access-key.age;
- vaultix.secrets.gotosocial-s3-secret-key.file = ./s3-secret-key.age;
- vaultix.secrets.gotosocial-oidc-secret.file = ./oidc-secret.age;
- vaultix.secrets.gotosocial-smtp-password.file = ./smtp-password.age;
-
- vaultix.templates.gotosocial-env = {
- content = let
- cfg = config.vaultix;
- in ''
- GTS_STORAGE_S3_ENDPOINT=${cfg.placeholder.gotosocial-s3-endpoint}
- GTS_STORAGE_S3_ACCESS_KEY=${cfg.placeholder.gotosocial-s3-access-key}
- GTS_STORAGE_S3_SECRET_KEY=${cfg.placeholder.gotosocial-s3-secret-key}
- GTS_OIDC_CLIENT_SECRET=${cfg.placeholder.gotosocial-oidc-secret}
- GTS_SMTP_PASSWORD=${cfg.placeholder.gotosocial-smtp-password}
- '';
- owner = "root";
- group = "gotosocial";
- mode = "0440";
- };
- };
-}