zaphyra's git: nixfiles

zaphyra's nixfiles

commit fc2d7b5b48f54e80f78b601655adb7952c708df1
parent 95e3d3415951e780379baf2b89dc8f559c85582d
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Mon, 29 Sep 2025 18:51:44 +0200

config/nixos/modules/websites: fix gotosocial

2 files changed, 70 insertions(+), 71 deletions(-)
M
config/nixos/modules/websites/fedi.ctu.cx.nix
|
131
+++++++++++++++++++++++++++++++++++++++----------------------------------------
M
config/nixos/modules/websites/gts.zaphyra.eu.nix
|
10
+++++-----
diff --git a/config/nixos/modules/websites/fedi.ctu.cx.nix b/config/nixos/modules/websites/fedi.ctu.cx.nix
@@ -25,7 +25,7 @@ in
   config = lib.mkIf cfg.enable {
     assertions = [
       {
-        assertion = cfgWebsites."ctu.cx}".enable == true;
+        assertion = cfgWebsites."ctu.cx".enable == true;
         message = "The option 'modules.websites.\"ctu.cx\"' must be enabled in order to use this module.";
       }
     ];

@@ -88,7 +88,7 @@ in
       settings = {
         protocol = "https";
 
-        bind-address = "[::1]";
+        bind-address = "::1";
         port = 8085;
 
         trusted-proxies = [

@@ -131,76 +131,75 @@ in
       appendHttpConfig = ''
         proxy_cache_path /var/cache/nginx keys_zone=gotosocial_ap_public_responses:10m inactive=1w;
       '';
-      virtualHosts =
-        {
-          "${config.tgc.services.gotosocial.settings.host}" = {
-            useACMEHost = lib.mkDefault "${config.networking.fqdn}";
-            forceSSL = lib.mkDefault true;
-            kTLS = lib.mkDefault true;
-            locations = {
-              "/" = {
-                proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}";
-                proxyWebsockets = true;
-              };
-
-              "~ /.well-known/(webfinger|host-meta)$" = {
-                proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}";
-                extraConfig = ''
-                  proxy_cache gotosocial_ap_public_responses;
-                  proxy_cache_background_update on;
-                  proxy_cache_key $scheme://$host$uri$is_args$query_string;
-                  proxy_cache_valid 200 10m;
-                  proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429;
-                  proxy_cache_lock on;
-                  add_header X-Cache-Status $upstream_cache_status;
-                '';
-              };
+      virtualHosts = {
+        "${config.tgc.services.gotosocial.settings.host}" = {
+          useACMEHost = lib.mkDefault "${config.networking.fqdn}";
+          forceSSL = lib.mkDefault true;
+          kTLS = lib.mkDefault true;
+          locations = {
+            "/" = {
+              proxyPass = "http://[${toString config.tgc.services.gotosocial.settings.bind-address}]:${toString config.tgc.services.gotosocial.settings.port}";
+              proxyWebsockets = true;
+            };
 
-              "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = {
-                proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}";
-                extraConfig = ''
-                  proxy_cache gotosocial_ap_public_responses;
-                  proxy_cache_background_update on;
-                  proxy_cache_key $scheme://$host$uri;
-                  proxy_cache_valid 200 604800s;
-                  proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429;
-                  proxy_cache_lock on;
-
-                  add_header X-Cache-Status $upstream_cache_status;
-                '';
-              };
+            "~ /.well-known/(webfinger|host-meta)$" = {
+              proxyPass = "http://[${toString config.tgc.services.gotosocial.settings.bind-address}]:${toString config.tgc.services.gotosocial.settings.port}";
+              extraConfig = ''
+                proxy_cache gotosocial_ap_public_responses;
+                proxy_cache_background_update on;
+                proxy_cache_key $scheme://$host$uri$is_args$query_string;
+                proxy_cache_valid 200 10m;
+                proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429;
+                proxy_cache_lock on;
+                add_header X-Cache-Status $upstream_cache_status;
+              '';
+            };
 
-              "/assets/".extraConfig = ''
-                alias ${config.tgc.services.gotosocial.package}/share/web/assets/;
-                autoindex off;
-                expires max;
-                add_header Cache-Control "public, immutable";
+            "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = {
+              proxyPass = "http://[${toString config.tgc.services.gotosocial.settings.bind-address}]:${toString config.tgc.services.gotosocial.settings.port}";
+              extraConfig = ''
+                proxy_cache gotosocial_ap_public_responses;
+                proxy_cache_background_update on;
+                proxy_cache_key $scheme://$host$uri;
+                proxy_cache_valid 200 604800s;
+                proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429;
+                proxy_cache_lock on;
+
+                add_header X-Cache-Status $upstream_cache_status;
               '';
             };
+
+            "/assets/".extraConfig = ''
+              alias ${config.tgc.services.gotosocial.package}/share/web/assets/;
+              autoindex off;
+              expires max;
+              add_header Cache-Control "public, immutable";
+            '';
           };
-        }
-        // (
-          if
-            (
-              config.tgc.services.gotosocial.settings.account-domain
-              != config.tgc.services.gotosocial.settings.host
-            )
-          then
-            {
-              "${config.tgc.services.gotosocial.settings.account-domain}" = {
-                locations = {
-                  "= /.well-known/host-meta".extraConfig =
-                    "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;";
-                  "= /.well-known/webfinger".extraConfig =
-                    "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;";
-                  "= /.well-known/nodeinfo".extraConfig =
-                    "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;";
-                };
+        };
+      }
+      // (
+        if
+          (
+            config.tgc.services.gotosocial.settings.account-domain
+            != config.tgc.services.gotosocial.settings.host
+          )
+        then
+          {
+            "${config.tgc.services.gotosocial.settings.account-domain}" = {
+              locations = {
+                "= /.well-known/host-meta".extraConfig =
+                  "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;";
+                "= /.well-known/webfinger".extraConfig =
+                  "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;";
+                "= /.well-known/nodeinfo".extraConfig =
+                  "return 301 https://${config.tgc.services.gotosocial.settings.host}$request_uri;";
               };
-            }
-          else
-            { }
-        );
+            };
+          }
+        else
+          { }
+      );
     };
   };
 

diff --git a/config/nixos/modules/websites/gts.zaphyra.eu.nix b/config/nixos/modules/websites/gts.zaphyra.eu.nix
@@ -91,7 +91,7 @@ in
       settings = {
         protocol = "https";
 
-        bind-address = "[::1]";
+        bind-address = "::1";
         port = 8085;
 
         trusted-proxies = [

@@ -118,8 +118,8 @@ in
         instance-expose-suspended-web = true;
 
         instance-languages = [
+          "en"
           "de"
-          "en-us"
         ];
 
         media-emoji-local-max-size = "100KiB";

@@ -150,7 +150,7 @@ in
           kTLS = lib.mkDefault true;
           locations = {
             "/" = {
-              proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}";
+              proxyPass = "http://[${toString config.tgc.services.gotosocial.settings.bind-address}]:${toString config.tgc.services.gotosocial.settings.port}";
               proxyWebsockets = true;
             };
 

@@ -165,7 +165,7 @@ in
               }/";
             };
             "~ /.well-known/(webfinger|host-meta)$" = {
-              proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}";
+              proxyPass = "http://[${toString config.tgc.services.gotosocial.settings.bind-address}]:${toString config.tgc.services.gotosocial.settings.port}";
               extraConfig = ''
                 proxy_cache gotosocial_ap_public_responses;
                 proxy_cache_background_update on;

@@ -178,7 +178,7 @@ in
             };
 
             "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = {
-              proxyPass = "http://${toString config.tgc.services.gotosocial.settings.bind-address}:${toString config.tgc.services.gotosocial.settings.port}";
+              proxyPass = "http://[${toString config.tgc.services.gotosocial.settings.bind-address}]:${toString config.tgc.services.gotosocial.settings.port}";
               extraConfig = ''
                 proxy_cache gotosocial_ap_public_responses;
                 proxy_cache_background_update on;