{ name, povSelf, hostConfig, config, pkgs, lib, ... }: let inherit (lib) types; cfg = lib.getAttrFromPath povSelf config; cfgWebsites = lib.getAttrFromPath (lib.remove name povSelf) config; in { options = { enable = { type = types.bool; default = false; }; domain = { type = types.str; default = "ctu.cx"; }; subdomain = { type = types.str; default = "fedi.home"; }; }; config = lib.mkIf cfg.enable { dns.zones."${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ]; sops.secrets = { "resticPasswords/gotosocial" = { }; }; systemd.tmpfiles.settings.gotosocial = { "/var/lib/gotosocial/storage".d = { user = config.modules.services.gotosocial.user; group = config.modules.services.gotosocial.group; mode = "750"; age = "-"; }; }; modules.services = { resticBackup.paths = { gotosocial = { enable = true; user = config.modules.services.gotosocial.user; passwordFile = config.sops.secrets."resticPasswords/gotosocial".path; sqliteDatabases = [ (lib.mkIf ( config.modules.services.gotosocial.settings.db-type == "sqlite" ) config.modules.services.gotosocial.settings.db-address) ]; paths = [ (lib.mkIf ( config.modules.services.gotosocial.settings.storage-backend == "local" ) config.modules.services.gotosocial.settings.storage-local-base-path) "${config.modules.services.gotosocial.stateDir}/backup.json" ]; runBeforeBackup = ''${pkgs.gotosocial}/bin/gotosocial --config-path /etc/gotosocial.yaml admin export --path ${config.modules.services.gotosocial.stateDir}/backup.json''; }; }; gotosocial = { enable = true; group = config.services.nginx.group; settings = { protocol = lib.mkDefault "https"; bind-address = lib.mkDefault "[::1]"; port = lib.mkDefault 8085; trusted-proxies = lib.mkDefault [ "::1/128" "172.17.0.0/24" ]; db-type = lib.mkDefault "sqlite"; db-address = lib.mkDefault "${config.modules.services.gotosocial.stateDir}/db.sqlite"; storage-backend = lib.mkDefault "local"; storage-local-base-path = "${config.modules.services.gotosocial.stateDir}/storage"; host = "${cfg.subdomain}.${cfg.domain}"; account-domain = cfg.domain; landing-page-user = "katja"; accounts-allow-custom-css = true; accounts-registration-open = false; instance-expose-peers = true; instance-expose-suspended = true; instance-expose-suspended-web = true; instance-languages = [ "de" "en-us" ]; media-local-max-size = "50MiB"; media-remote-max-size = "50MiB"; media-remote-cache-days = 3; media-cleanup-from = "01:00"; }; }; }; services.nginx = { appendHttpConfig = '' proxy_cache_path /var/cache/nginx keys_zone=gotosocial_ap_public_responses:10m inactive=1w; ''; virtualHosts = { "${config.modules.services.gotosocial.settings.host}" = { useACMEHost = lib.mkDefault "${config.networking.fqdn}"; forceSSL = lib.mkDefault true; kTLS = lib.mkDefault true; locations = { "/" = { proxyPass = "http://${toString config.modules.services.gotosocial.settings.bind-address}:${toString config.modules.services.gotosocial.settings.port}"; proxyWebsockets = true; }; "~ /.well-known/(webfinger|host-meta)$" = { proxyPass = "http://${toString config.modules.services.gotosocial.settings.bind-address}:${toString config.modules.services.gotosocial.settings.port}"; extraConfig = '' proxy_cache gotosocial_ap_public_responses; proxy_cache_background_update on; proxy_cache_key $scheme://$host$uri$is_args$query_string; proxy_cache_valid 200 10m; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; proxy_cache_lock on; add_header X-Cache-Status $upstream_cache_status; ''; }; "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = { proxyPass = "http://${toString config.modules.services.gotosocial.settings.bind-address}:${toString config.modules.services.gotosocial.settings.port}"; extraConfig = '' proxy_cache gotosocial_ap_public_responses; proxy_cache_background_update on; proxy_cache_key $scheme://$host$uri; proxy_cache_valid 200 604800s; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; proxy_cache_lock on; add_header X-Cache-Status $upstream_cache_status; ''; }; "/assets/".extraConfig = '' alias ${config.modules.services.gotosocial.package}/share/web/assets/; autoindex off; expires max; add_header Cache-Control "public, immutable"; ''; }; }; } // ( if ( config.modules.services.gotosocial.settings.account-domain != config.modules.services.gotosocial.settings.host ) then { "${config.modules.services.gotosocial.settings.account-domain}" = { locations = { "= /.well-known/host-meta".extraConfig = "return 301 https://${config.modules.services.gotosocial.settings.host}$request_uri;"; "= /.well-known/webfinger".extraConfig = "return 301 https://${config.modules.services.gotosocial.settings.host}$request_uri;"; "= /.well-known/nodeinfo".extraConfig = "return 301 https://${config.modules.services.gotosocial.settings.host}$request_uri;"; }; }; } else { } ); }; }; }