nki/nix-home
1
0
Fork 0
Code Issues Pull requests 2 Packages Projects Releases Wiki Activity

Move stuff to various S3 stores instead of local minio #5

Merged
nki merged 10 commits from move-s3 into master 2024-10-31 13:05:04 +00:00
Conversation 0 Commits 10 Files changed 11 +23 -7
4 changed files with 23 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 05c13f7b22 - Show all commits

16
modules/cloud/gotosocial/default.nix
View file

@ -4,6 +4,7 @@ let
cfg = config.cloud.gotosocial;
dbUser = "gotosocial";
storageLocation = "/mnt/data/gotosocial";
in
{
options.cloud.gotosocial = {
@ -74,6 +75,9 @@ in
# Media
media-emoji-remote-max-size = 256 * 1024 /* bytes */;
media-emoji-local-max-size = 256 * 1024 /* bytes */;
media-remote-cache-days = 7;
media-cleanup-from = "00:00";
media-cleanup-every = "24h";
# OIDC
oidc-enabled = true;
oidc-idp-name = "DTTH";
@ -82,10 +86,22 @@ in
http-client.block-ips = [ "11.0.0.0/24" ];
# Advanced
advanced-rate-limit-requests = 0;
# Storage
storage-backend = "local";
storage-local-base-path = "${storageLocation}/storage";
# instance-inject-mastodon-version = true;
};
};
systemd.services.gotosocial.requires = mkAfter [ "postgresql.service" "arion-authentik.service" ];
systemd.services.gotosocial.after = mkAfter [ "postgresql.service" "arion-authentik.service" ];
systemd.services.gotosocial.unitConfig = {
RequiresMountsFor = [ storageLocation ];
ReadWritePaths = [ storageLocation ];
};
systemd.tmpfiles.settings."10-gotosocial".${storageLocation}.d = {
user = dbUser;
group = dbUser;
mode = "0700";
};
};
}

2
nki-personal-do/configuration.nix
View file

@ -193,7 +193,7 @@
};
# GoToSocial
sops.secrets.gts-env = { };
sops.secrets.gts-env = { restartUnits = [ "gotosocial.service" ]; };
cloud.gotosocial = {
enable = true;
envFile = config.sops.secrets.gts-env.path;

6
nki-personal-do/secrets/secrets.yaml
View file

@ -14,7 +14,7 @@ heisenbridge: ENC[AES256_GCM,data:rJY7gpcOY8nODR3KlYW1rEs54mKxr+AjNBeg1/2vTG0Gzp
matrix-discord-bridge: ENC[AES256_GCM,data:/rlSjD6inKfak7HKKghH5ays5RjKmb9czGsoIOYHyTZC4A5EMucCbfn8DL1gkYXgvRHJ+QglGX/BGo5ebaxSj6nF60+aW87UG31KggOt5kkMuWsPsjvrufoc5IlNfWnXIWmqf8cdC01hmHEp7biUpI8CcfEZiD9OkOxbZcRfYqW+ttnzplFniRBjGPVZfL5g4DBbuJen5MuOrrMDo5CT+78n,iv:r9VBbDCAAElisCaDehrB6PhJHsaaHjdrk3103lmBT7o=,tag:WoNMMfyMifsL56yWq3MUOg==,type:str]
authentik-env: ENC[AES256_GCM,data:CjxTaqIcpBX7ea9L3tgJDELr8HBPJdxXsrOfhsiH4cXwCEzktsNKHjF7l95ZFgI5O08q4Vlbln5Dg4xPEx33nwUesEbQrT5d+n+2YaAxmm/WInrYzF+jB7HYTXASb3rY9PWgd2C3v+YPBkJetHlTUc/k19Q7lOQRNw==,iv:cG8Bi2eCsS+v94tSJBsqp+bjVLzXZvvwX1QVVSYExL8=,tag:VmbfcxCcfi3IpKjg3f8QPw==,type:str]
firezone-env: ENC[AES256_GCM,data:Guwc3ovHJyr0m0gsvcJeYDXxOsccv6ZMBJSjWa87F7BZwCXLanMetz8b/GAxe/+0qT8IBKCDvLS7B5v2DM5SYOZD2tQWnrwjU90Pjji2RZhZZy7Pc1kAmhLA6ddpBKGJTLcGxWkTnWOcv8qWEwmfNpgT+kUIDLmjQz2pIMUXiXBpheQyPLWBvIIgrBT8QxkX81LHSUDNG29r7olJv1t4oox58r/PKxnfzUkX7lMhZdIpDMbxdWCU6/F2R483YIaFAaL1BuhCkK/QbuqOPRL7yIGID+W1a0JvKsRc2oPPU7WAWyGA3CLwmJka2sTvHrxosMgY/eZYfCWDtRno6q+OA+LI5ZfFu0weA9dpiUkWLGJ2auSZtiL0Sa5D0VHxZlG2m0iD7o3bcIWUi65cb2olcABn3NikMglw6PCWXxM7E5hqAbpvwcN5JeIkTTesI6xthzT9eoUak5SSvdThrwSlc3dvMqOvmRVGD/wR8T9GcKIZoNT7wOvgltecpDbYPNgwKimHhBloMON/qKXuIaYV1dP1XQ10MMpSM1vUZl/JD24pDjFXH8XkZK6owVI2tRTTRZajQT2uB73oVN8EMPFHPdI3uwyH72NycQojIzXmDvMI/UXNsYWArWZyTwGpHbE0pr+I9rXch78pJYKvlIVFTqicE/NceeOm8bMO1O7qofk1/yiIE8RVjs7YrNNahcBrNI+97lvBNLmk9zpWU0YFtfmyDb/XxBsepwj++QY+3gJ5331ohp9BK5Ypr9pp1WRt9syKv2cwFMBIcHKMCji43NW1MqBj/2bgKGfoNAyCUaJqZ9yRcb1TwHyulvEVhJUAOeUxPHdJeA==,iv:6kPPn4Zl1lhxaEtRqq2BcMW7d1zKy/HUJzXdAgkPv7E=,tag:VaVIWg4RbOE7tnimOuqhGw==,type:str]
gts-env: ENC[AES256_GCM,data:1IDVahbNHqoIod38nkNIrya0SgI5yYbE5LpcI3V/ZoTA1wPyi52eAmAp5RykqgsI59wUsMqIwiWsLLEWnn9E8vWyyK8YvsBTaIFboMwmjg4qp+MTdb17FBCkjzoP+ymgQQo7EQW34wwHhvWZGF1KgvqdC9WHQ2qg6+WZTIuBrY893pFneeMnslM4BReP1a9GB6Msbi1XZfAi4tZhgCG+9v3fEFfmPVPg7VqXdBZT65hiuagJWd9/oXrs6aK9RNeOo0+s6E05jLhUMiW6ROVKr7tPjKDLTbY3FT7WPsK5CWrzbmfizPAvGJuUFqBVfZoj9+V1UsePSOa/R3dE12Z+Ufv+vnuxdQM4D8c+BY+F0bZvNqYpqTWFnzGxV/GPMIwj0ZbrBJkjLpPnlvCtKTl/lA4a4SyWi/s+DB4sTqsdEdk7J5PdHaZNkVsVqA29fW4BZ6U3BLaWzDyCvv670dNQHEGTM03dq/bfSE3pbHT6VgZuCTzcNS/h5n6I6mev9dP+l9rlZdsrT+EBSP60nABmeTPDlBfGJZnkdmB8nxqLD0T4cwc0PJIVvVdBdolHm0jsqFrHpiJDB+BfhsOr585GWA6HUVmYLLBaJRtqw3hSAAUboGpPaOqfuHbPbVNFoUuCAV28+EwmUIGJQcrwHadePBl74xFpCuf96r3paDzHXlRpZj1q4ByTmstJ1Ce7NyuWL/iBa/h7sWNiY00o1n0OTPJhiFZzOfrF6bGpNR1GNnFLV2gqAoPXffVW5pwm4ra4KgamP+WHKbqwHMS0h0MNpa+T0waoB/lgcXgz0isy5jp1JXeD1vbZzjK7bzFFRSqTv9uVKaIUo3c5KX7INazJ2n038c80QNxLpJrtjQsGYv9lgtBpACWNx5WlgRK6wh6o/mB13xtFB/p3659BsEyOrMz87O3sCA6SeF+J7d3Jh6PiWG/C3yfOqKxc2bRB2MDzaWSYkEznlPL4SSa/h+QyFQ6yDtvewM/QpRKx8Oe9Sq8pfFiSo1hIKFQzNwbpHA7We6za8PJn/CilIaZKD0uLv+jYpbkn,iv:NSa+Gt0MROoBJdkK5CsWDWNLn1Ju/e9pX6hiYU5pKR4=,tag:rv1dwLNxdrjYliSjI/ojCg==,type:str]
gts-env: ENC[AES256_GCM,data:qcoDQh23XApyXPwvzMTGb2x2sMgis9SqFU2NRuR4O2puPYEb7ShTYCNSHBNje11w8WAsLmXnbY+kke7bIFIsgb7JOPBKvRvV5TumH2eBuiEAwW98erEU+s+7ArY68OIIhuyX+pViVlvj6rMHzS91zr5IE9hA3tWpdSQ5gb/LyZhcxJgK4cksLIkDNSZFn87qVGEpYChsM5jbbQq2zk39e0AmJpeLUVgLmydMhI6A6UnclW2n+43W+SOUMl9IwB1SrXA8sFphOLsyUfxG2Ne0L4QFtnywUxPln+COSHmC6Qd+yZdF7O9leQoWEWg7d0OvjFkZCrF4HryMIYIgRk7WGTuazcN6FtQHY4tiCePCx3DBy8TxDMg8vAd1WJsEca/9LeBNl6fzfJ/ZoTCbCvtI3SyiqNCxwIwpXrnUykwszs+KdnVKnfMSACs9aP0I1JCdxKyMWWFwCV5VGrRZh/3JQst/GLOiw58EbtwmavlGYjaaUM+JzcCDIWmZbF5G7P10SPgu/931FBchN1+r9jcbEUXemfE1Oit1J2pgAmRh/6Y7kSbj+8rtvOIxVVxoKidVETUJ/W92NsWRpgdSrcFy7W0nu55ufZOzEHLFKsEoSGZL1IlLh4iw0iC0xtCcgiR/cRZQNd7igkV6T+HT64kkjPy2WI3Ei60gkqjoxDT60Sxd1UlBr1ge0dI+SY8XOq4mgvBXWQynjNDdKZOzVIT0Z/o9cBjx1nZUA5Bw5fmTKw+sF/68lHqeRCyNNhUaOLOzH0SH5CbKUayRFYxvyjW3UAAFvqoFkOODAFOMtjDZ+vfHDtJ/I5GpR8HdeQ6ewMwltVc+8Hkn0PtSDRBN+e2Bh90pQdnzHn8OCFQrx3cnHK6r6g+Zvbq3nEKeEHXLSNw7Z5qUL35xhO7rOMteUdTVIrV4GE78jAKyCuKttcjkNao3HjDAA7RePxUJ90h4OU/fq2MLcSqV0Yo3DIXtTN8=,iv:B7VIq/i6RgqSC/aV5GrLazbnBeGtq3twisSf60VAjfM=,tag:V4eAGJqPbZQTEwS7ieZBog==,type:str]
headscale:
client_secret: ENC[AES256_GCM,data:MLW0z2stjhXgxb4poAYr7LzrLzTNj5HqJzsyzOvYpKpKbyfx7SEdeZidG+m3ROuaN4PVsdpJblFjsvozzQlDQYRJZo8q+kpPvUPvhU0Ejya/XBO/sFcJKzulpfr4j3rK7FSKh2V6PiB8m9mvLziHfDmgL30le0wDD9uCNWkaHVo=,iv:1hRwI1NG2yO6igBsEGCg2Qn/po97ZhsyAEZOMKP3EZc=,tag:FV+RXBKyq+EJRsKT+DZ6lQ==,type:str]
webui-env: ENC[AES256_GCM,data:F4fGd5szjEGYqseq15VF8Emdd5oXKAlj+O7jET7BpD/w0/M162KgXQ/xN/uzO5Bh/euzedMrair0c8SQKO/06Ko9cj35lclaSrnBiwHSDIkFvuoITvLeSVSR4W3dsui91Dh8GCCYO8JAZQnpqClls6kHBOO2FYVwF06zg8Coxli9cKkPdeJKLDEnPGUb2UpLoP0dieanNFc3YNIavlXwkgt4/hxEoKHJplTYrilekBtZjD998SyvubhhVKHTH/VhTgxodXgnbI3sV1a3uJCrUKWt79NwHu5TUd+C2/gZqAniCbo4AX8=,iv:87cme6ToLFR4eF5apZauIm3Q6HR3Z8EM3GkQxo06oNI=,tag:dbXLQhw6qn/DyYJ3/UeDiw==,type:str]
@ -75,8 +75,8 @@ sops:
by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-21T02:11:18Z"
mac: ENC[AES256_GCM,data:Tmt/MzVotCTNqMpcK/aZdudjjYppId88Wg7b/H8w2sC8I2wFMoz1srSneieV3gVJkpA/EWbnhmsQynwQh93dMhno92+EVQF9u04gu23DYzp5FVxHWNHp3rc0cPFwt6EnvKyHfevxJq49v06gpSiHSKpTqyiNvmxwJjn9xCAZHTU=,iv:z9pUp3yGt5IaNCaeVgV+Zq0vR2Xq5RTbWuSBvlpBUug=,tag:/8pn9UkZCmnpmMkoddtB9A==,type:str]
lastmodified: "2024-10-26T12:06:05Z"
mac: ENC[AES256_GCM,data:nici08Luubj2xDfsi1s16VCyG5oizIC6DRfvypmjWRpn0DSpcoWW1j32ya2poEwzpBJoVksFp7ijyjaJv8obExKx94ZYc790eOp/kp1f8lBaHDF8qrYYPL5penkt+UTKeb8xb7BPCJ7O89IVkIjAt7EoQOliMYrLpbiZGkMdHE0=,iv:qY5+MjU5VaXAesuFGt4SgmEdcJ6+vb/mk+NdOPLjCik=,tag:poRJZW3sAMv6EMi64SEQyA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

6
overlay.nix
View file

@ -25,7 +25,7 @@ let
overlay-versioning = final: prev: {
gotosocial = prev.gotosocial.overrideAttrs (attrs: rec {
version = "0.17.0";
version = "0.17.1";
ldflags = [
"-s"
"-w"
@ -35,13 +35,13 @@ let
web-assets = final.fetchurl {
url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${version}/gotosocial_${version}_web-assets.tar.gz";
hash = "sha256-ASqPIf98qdnkh3j72ifQN3mWnzNCTRcUegmrStvQ08Q=";
hash = "sha256-rGntLlIbgfCtdqpD7tnvAY8qwF+BpYbQWfAGMhdOTgY=";
};
src = final.fetchFromGitHub {
owner = "superseriousbusiness";
repo = "gotosocial";
rev = "v${version}";
hash = "sha256-uyqP3zhjcXKejGFAwZoTn2kY8IpX0QAAXNzb1VG6ve8=";
hash = "sha256-oWWsCs9jgd244yzWhgLkuHp7kY0BQ8+Ay6KpuBVG+U8=";
};
postInstall = ''
tar xf ${web-assets}