commit 74869bc300fb2c739e20ef2461b1a1c8184fe319
parent 949a0b67d40701f524d3091b67462dfd1264d465
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Sun, 26 Oct 2025 13:07:00 +0100
parent 949a0b67d40701f524d3091b67462dfd1264d465
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Sun, 26 Oct 2025 13:07:00 +0100
hosts/novus: move `fedi.ctu.cx` to `pratorum`
7 files changed, 85 insertions(+), 81 deletions(-)
M
|
133
+++++++++++++++++++++++++++++++++++++++----------------------------------------
diff --git a/config/nixos/modules/websites/fedi.ctu.cx.nix b/config/nixos/modules/websites/fedi.ctu.cx.nix @@ -170,7 +170,7 @@ in }; "/assets/".extraConfig = '' - alias ${config.tgc.services.gotosocial.package}/share/web/assets/; + alias ${config.tgc.services.gotosocial.package}/share/gotosocial/web/assets/; autoindex off; expires max; add_header Cache-Control "public, immutable";
diff --git a/config/nixos/modules/websites/fedi.home.ctu.cx.nix b/config/nixos/modules/websites/fedi.home.ctu.cx.nix @@ -49,7 +49,7 @@ in services.resticBackup.paths = { gotosocial = { enable = true; - package = pkgs.tgc.gotosocial-unstable; + #package = pkgs.tgc.gotosocial-unstable; user = config.tgc.services.gotosocial.user; passwordFile = config.sops.secrets."resticPasswords/gotosocial".path; sqliteDatabases = [ @@ -71,6 +71,7 @@ in tgc.services.gotosocial = { enable = true; group = config.services.nginx.group; + package = pkgs.tgc.gotosocial-unstable; settings = { protocol = "https"; @@ -82,9 +83,6 @@ in "172.17.0.0/24" ]; - db-type = lib.mkDefault "sqlite"; - db-address = lib.mkDefault "${config.tgc.services.gotosocial.stateDir}/db.sqlite"; - storage-backend = lib.mkDefault "local"; storage-local-base-path = "${config.tgc.services.gotosocial.stateDir}/storage"; @@ -117,76 +115,75 @@ in appendHttpConfig = '' proxy_cache_path /var/cache/nginx keys_zone=gotosocial_ap_public_responses:10m inactive=1w; ''; - virtualHosts = - { - "${config.tgc.services.gotosocial.settings.host}" = { - useACMEHost = lib.mkDefault "${config.networking.fqdn}"; - forceSSL = lib.mkDefault true; - kTLS = lib.mkDefault true; - locations = { - "/" = { - proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; - proxyWebsockets = true; - }; - - "~ /.well-known/(webfinger|host-meta)$" = { - proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; - extraConfig = '' - proxy_cache gotosocial_ap_public_responses; - proxy_cache_background_update on; - proxy_cache_key $scheme://$host$uri$is_args$query_string; - proxy_cache_valid 200 10m; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; - proxy_cache_lock on; - add_header X-Cache-Status $upstream_cache_status; - ''; - }; + virtualHosts = { + "${config.tgc.services.gotosocial.settings.host}" = { + useACMEHost = lib.mkDefault "${config.networking.fqdn}"; + forceSSL = lib.mkDefault true; + kTLS = lib.mkDefault true; + locations = { + "/" = { + proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; + proxyWebsockets = true; + }; - "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = { - proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; - extraConfig = '' - proxy_cache gotosocial_ap_public_responses; - proxy_cache_background_update on; - proxy_cache_key $scheme://$host$uri; - proxy_cache_valid 200 604800s; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; - proxy_cache_lock on; - - add_header X-Cache-Status $upstream_cache_status; - ''; - }; + "~ /.well-known/(webfinger|host-meta)$" = { + proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; + extraConfig = '' + proxy_cache gotosocial_ap_public_responses; + proxy_cache_background_update on; + proxy_cache_key $scheme://$host$uri$is_args$query_string; + proxy_cache_valid 200 10m; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; + proxy_cache_lock on; + add_header X-Cache-Status $upstream_cache_status; + ''; + }; - "/assets/".extraConfig = '' - alias ${config.tgc.services.gotosocial.package}/share/web/assets/; - autoindex off; - expires max; - add_header Cache-Control "public, immutable"; + "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = { + proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}"; + extraConfig = '' + proxy_cache gotosocial_ap_public_responses; + proxy_cache_background_update on; + proxy_cache_key $scheme://$host$uri; + proxy_cache_valid 200 604800s; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; + proxy_cache_lock on; + + add_header X-Cache-Status $upstream_cache_status; ''; }; + + "/assets/".extraConfig = '' + alias ${config.tgc.services.gotosocial.package}/share/web/assets/; + autoindex off; + expires max; + add_header Cache-Control "public, immutable"; + ''; }; - } - // ( - if - ( - config.tgc.services.gotosocial.settings.account-domain - != config.tgc.services.gotosocial.settings.host - ) - then - { - "${config.tgc.services.gotosocial.settings.account-domain}" = { - locations = { - "= /.well-known/host-meta".extraConfig = - "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; - "= /.well-known/webfinger".extraConfig = - "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; - "= /.well-known/nodeinfo".extraConfig = - "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; - }; + }; + } + // ( + if + ( + config.tgc.services.gotosocial.settings.account-domain + != config.tgc.services.gotosocial.settings.host + ) + then + { + "${config.tgc.services.gotosocial.settings.account-domain}" = { + locations = { + "= /.well-known/host-meta".extraConfig = + "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; + "= /.well-known/webfinger".extraConfig = + "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; + "= /.well-known/nodeinfo".extraConfig = + "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;"; }; - } - else - { } - ); + }; + } + else + { } + ); }; };
diff --git a/hosts/novus/default.nix b/hosts/novus/default.nix @@ -95,13 +95,8 @@ }; websites = { - "restic.novus.infra.zaphyra.eu".enable = true; "flauschehorn.zaphyra.eu".enable = true; "ip.zaphyra.eu".enable = true; - - #old fedi-instance - "ctu.cx".enable = true; - "fedi.ctu.cx".enable = true; }; users.zaphyra.enable = true;
diff --git a/hosts/polaris/default.nix b/hosts/polaris/default.nix @@ -3,7 +3,7 @@ system = "x86_64-linux"; nixpkgsStable = true; - domain = "home.infra.zaphyra.eu"; + domain = "infra.zaphyra.eu"; sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA2bluHGMcdKEremjLq3aUEeJlWHlGSjL8nuAhkeEl1f"; @@ -18,8 +18,8 @@ ip4PrefixLength = 8; ip6IsPrivate = false; - ip6Address = "2a03:4000:4d:5e:acab::1"; - ip6PrefixLength = 112; + ip6Address = "2a03:4000:4d:5e:acab::2"; + ip6PrefixLength = 128; hasDN42 = true; dn42Address = "fd6b:6174:6a61::5"; @@ -81,7 +81,7 @@ zaphyra = { enable = true; router.enable = true; - smarthome.enable = true; + # smarthome.enable = true; }; };
diff --git a/hosts/pratorum/default.nix b/hosts/pratorum/default.nix @@ -37,6 +37,7 @@ imports = [ ./dn42.nix + ./floractl.nix ]; boot.initrd.systemd.emergencyAccess = true; @@ -169,8 +170,13 @@ }; websites = { + # "restic.pratorum.infra.zaphyra.eu".enable = true; "music.zaphyra.dn42".enable = true; "continuwuity-migration.zaphyra.eu".enable = true; + + #old fedi-instance + "ctu.cx".enable = true; + "fedi.ctu.cx".enable = true; }; users.zaphyra.enable = true;
diff --git a/secrets/pratorum.yaml b/secrets/pratorum.yaml @@ -2,6 +2,12 @@ acmeTSIGKey: ENC[AES256_GCM,data:qfY0SbY0rusU+vCr7oiHTLHjICZBU1lYlBn7D2BLY5IWJbg syncthing: cert: ENC[AES256_GCM,data:fOMcvmhu9QkF99SD95kzZEveMiwAR/R8GDffsqW0Nmp2gW2ThYG7pVi9TVnFwkPoncxEor5+vPDtDlTHuMHt3wAHvCZ7gftorvABrzkyhVEqNRLDln3JlgZ/YpAzjutXRCiuliE85AgOMB8WsniBSPQihCDIe2MolbYo8JlLJXL/5D6p9CGQqmRzlbmw2Unxzk7Xjw9Cm7RjaszK4SuB+loPdI3suVrCtfKQxQkCzDwQUdBnfeCyesYoPXJBBMDAtForu9i65LOXibDmvKj2rH5/zoUvvV5NO5wncMLED3X5Xyasz5ALJwxmOC+SR9u80emqoW6oN++V/IK8vG5/iiOSdTc7VYHjOgwzgfk47RMS9180cfP3c75Dap4uztdI3bMVYCt5UUkd4bqKI1IEOXG+TL2Ouorcti14G1JlIS17L+KLwnKsc4Ggend0fC7TQz/zAMkG95FmR30YK9G4dzsj7IKdQQeXBpMl7n/WY5byG3qAWqJbOK3EX8glZUHQjUlGCQSokk8CRGB9AhS66wisRNR7BQoYR2c9KjUD/xwVUCIeRDt+6ysUiFOhnhoGAgsnFTZtiuk+JOGhLx5LFWCV/l1kDzwtPa0lSUGeuoMb6rrnEc5HmFzmgKNAD+safXkuEt5ZoqjlCcI2XlnwLsLqQucroky6XhUomFqjesZj4cu2Y3OlkXB7sYQUGIOMBi/lvBKja0Bj0/MzSZp4Mj+8aiMXDdBgoTnIAhLVI3Y7E2x9E31z8I9SbxzxsN+aTyY/XRpF94m5bH3Z2P4MF4Ffk8k3UBPu0iFR89xgTq1gvrG/QMTDRWUtGBgWmf0g/u8St5Tb+Rb4xSew7pGGX6QAmcpsbcyAbEtDxgefnK6RXiPT6YjPJbtSmAxy3GMvOT0STy4Jh1mnqvZhCoxEsx2p8JglrdIe6JA2ShWaVxXkaLJpYZOxgVFJkjHi1xQxKPeC26Iqj3UlKNbmvcstYslhdLAEgmPTqurJoTUMQTvQI4zCe7/3IkVNfA+su269WpdK22Jk7QkHOyk0+BNJ9RF7kLDma54Rj7o=,iv:tO+qA9EMtzD4fCQjSlu0X5WqKZnsWmVBU0mKg6Cp1X0=,tag:N193+z2RwjSwruEsvwIBdA==,type:str] key: ENC[AES256_GCM,data:VvshG8n3LT/eWm18iCIQkHc9GRZQsBWdq066ttqI4JoTohEB9IXR7dQDOC6QwTg8LObLL6zSUFTk2NAS8LyVZfQ4VMmqa24Pf+amwQmkXEv7w4h9ZEaBiU5b8i2JYaV1KDJvr5d+Svt2ZIVnLrIuu+l7C684xHRkX2yFkMh/XBtKRYT/CdhJeM0F4wfVZheBxdokJUlJdDueABaPOoo6PBWyNy3hwFkqInSHC/3aSk7HvB2d6eVDTZN0r27hlozD+JxWMtGhteJbmDZX4fL8oeRyKnJLW74jfxdipVWGw2bp/mQMVzU0JsbdAACDy4Gw5HsEW3+3F0G8xzW+vPm1r60M4+frPO2FbkT9nD7RpSPRKaRy4mYQtHujSougQhn4,iv:MGOWNw1aGAoYCWWgliInm6u2Nu4178OHIgrlD1TeO7s=,tag:p81V6XQJ9K1ux/W2NpAIFA==,type:str] +resticServerHtpasswd: ENC[AES256_GCM,data:EhrJExZEIl9mWR3iDNdMHmh/UEDDJOhTaPUp0fATaM8z7lTPSMiSdFbeg5mmDNNy2CZzSHOORBgOytv6OJeWtERvEzUXOfiM8OxL2imb,iv:8A5QmY4jnfwY2yohjRxNTv7WhUBiPYeAObLkOc7xG14=,tag:yTFFd1sPPcEKimQ+qbyRSg==,type:str] +rcloneConfig: ENC[AES256_GCM,data:zC+TP+zVmtxABi9H99OSjn+IzTd16ub/QT9bqgsUpJKZSJiH1qC5z2gdnSIe2C/lcKFOSLk+MrBCYirtkQSrMYSTDmJU2AUJFtNJlkl199Z6mvLYFwBA8g+5H10Ka0bVPyAGKOew7fzFV5qTY3eqbTYffaiXflVOAusmTMc4Kq5/bdUv/HO4AepMUMWUuGOdl1Hz2OmEjj5iKamgppPZgylIU9pYs4HEtcDhPVvlqKK+3HDogRX245jRAf9N2dGkyMA7YA5JQ+xCWpRX9DhrtqseKuuXDD6wpaiHJWgmkFZle/J9zHJWqDZZLABjpHWAm+V7lFUxyPhnRnHhcTVnTNsDzMQVyyeJ3eIDN1RcyETCPbZUB95n/NJeI0fCOfM1MnFBCd1Tci2a4hOrlrii6mCAydLyv7R2CrUCk6h0wCba9+fkKxilBMk8oMST5C9jZwkZTtW8pc3IXAk3MzAkxk3BiIMk/nHUpG9RiF8EKFKXXGdwVCO6MYFLSGZTAlLrmqovISh8MD2V64IFSAVM6049Hn9JCyM7syqfRV6TvFesmtQ3u8om2e8B2NPGyiyq2RNYBHeElEjsOa0CVY/07s6xU7IeUbF+mlSKCz+3ArRQf5nw0s6M4P2br9aQCC/Jqj7joXpgroYkEgWcWV8kdd0GnP97IGWo/lXoyQ9GZF0u/HWNK8XMbslHcmlgHEYU6PoM5ZQMNs9IXUQdcTp58vPMiPrJDYSJAeAzQl69lDbDQrNWQA==,iv:S904FWeorSSZ5ZrBFubJ3FBn7zw/kxQmrpjSOlZzo4Y=,tag:qg7RXGli/TG7+Ps9nl9zRg==,type:str] +resticPasswords: + gotosocial: ENC[AES256_GCM,data:qfhk9u5XGjLA2TILO+t/jjOGsigM5Cxpgbpo8ONzda8=,iv:Z5TopDhdvGLxsr3/z2odz13FI6e/N0PChoDWLkvToQY=,tag:vqO3/OS7Ts3CStSkJMBQVA==,type:str] +environments: + gotosocial: "" zigbee2mqttSecrets: ENC[AES256_GCM,data:XuRVNV4gVr5FLgqGRXxgyaMAVJIt38adDOzJnY0GWaN52Lb9/E7Sx/TWB41cEO9D4/+LRlf0VbE2B0zehYjQGw1dHlf4rvS5OH8PefKdqBv6w+G0BKRXGh8daERsU8v2r+Vjw7kWtyiADzKP2NRJrVLnJiITwq8kmHHsrYNcs+/492Z1/ElDTe3B32Hq7ATHaP+G7xbfgxMuxIcf9z1EFl39krpgQaw/5eWq7WT7QZIHKD7tZqSpgAUxSDBSNjE+M3wq8PmaqecvO1h/+UtEq5MzxnzfpF0yopJa9cch5SwQqT6XHrxzbM2DldZctuGGmcTJrWpcqHkT4mcO4MfwlanJ/YaT70H25ukJEAHKG/rU86QCk5pIUwGSH15GSxi8ze83QFmJhskzMAoJuDJ6h1AoS9bRn5wY,iv:kZqhnTlwMhIvXg4deiC1D73Y+gspZwdu08yoyeAEngk=,tag:GuzryBSDNke+5jXOuDtwDw==,type:str] dn42: wgPrivateKey: ENC[AES256_GCM,data:CjFgiBZieQdWPyDPl6gcz3xarWR5GTYJ9Ruee7/9pQLlypm+RWRys/3WOFo=,iv:uC7A58MS0zvwKMc74x0xSTIAJS7GbvoJN5N9KfXFVyw=,tag:y9sNo65Qk1TxqN0ReKDCAQ==,type:str] @@ -16,8 +22,8 @@ sops: TndyejhxbVZDTVdaYWRXT1htMVVsOTgKWAOJekArzYzoJF/JcPTSWrhQnvQrl9bU A7H0mCdklZZ66jiUo4iKLwocBn7h9VJ4p3lBdRxyqXuN6dicdQfafg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-22T17:42:12Z" - mac: ENC[AES256_GCM,data:oN5xWdhk4JTJ9x6YjnIfuPlc/h59XKacSHZqPJPd6Q4b7M4zZqZ+SlZ+4E2UAI5w8eoqXHCJAGCSEOzYZ9MBW+zVu9oiWTWWDWBn0D6KRct+NAN+hDisGWBS1dL2uTNchdQfBsFp81Yc9HvLjQ8R40vqp2i/y03JjZChYexpl0I=,iv:Zj2Uj6cra7GXZzeJYj2z7Nc2KArPuf2/dUvYwCAZuO8=,tag:tb2a+0JqDz4u+i2/bAVXAA==,type:str] + lastmodified: "2025-10-26T09:31:13Z" + mac: ENC[AES256_GCM,data:KVjp50vGTtvOQOYRXbxmcEcbenJuWA4mqrsy0OVKS7MPtvmFBcQk+9joJG7yQrhMUxqndtM31md8JjvPRTOIfRVCwrsYAqwM4ZHOIeZp5fNFX7/QJvAMsc8kb1zQN2PB2KdxLIsqOoOuF6P2cjxTRMLdqjR2aMnzH/Cv++9iAus=,iv:KBzCCu5fSpz+T6rOCTgviGss1xvqrJLQapLwoo0brZA=,tag:ql35SeUmEHOjbMBdDWCTFA==,type:str] pgp: - created_at: "2025-09-21T19:21:14Z" enc: |- @@ -31,4 +37,4 @@ sops: -----END PGP MESSAGE----- fp: BFE6386C8D66BCD4DAE14FC895F0FE7CD7E6A022 unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0