start moving masto to bolty
This commit is contained in:
parent
db580ad606
commit
04bb4c2ed0
6 changed files with 360 additions and 2 deletions
|
@ -13,6 +13,7 @@
|
||||||
./home-security.nix
|
./home-security.nix
|
||||||
./influxdb.nix
|
./influxdb.nix
|
||||||
./logs.nix
|
./logs.nix
|
||||||
|
./mastodon.nix
|
||||||
./nas.nix
|
./nas.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./nix-store-server.nix
|
./nix-store-server.nix
|
||||||
|
|
94
nixos/boxes/bolty/mailgun.sops.yaml
Normal file
94
nixos/boxes/bolty/mailgun.sops.yaml
Normal file
|
@ -0,0 +1,94 @@
|
||||||
|
gitea-mailgun-smtp-password: ENC[AES256_GCM,data:90aeGpoadDETlj3asOynIGFl0Fypsp0Eq7aKnGRR3+NGQr5DFg54gKrlX3KMZgddnSE=,iv:xjtVQEILVl+XFel+thoS8OvF/fpFYSNtt5MTRUhgyrI=,tag:8+KaSsB6/65TonpTl9Mi/A==,type:str]
|
||||||
|
mastodon-mailgun-smtp-password: ENC[AES256_GCM,data:Ln3rFbrddNtbnpqsG3i241BpT1B6sUXCPRpoV9QZxiKEF+E6AZjZw2LBXVcwgIm9Dd0=,iv:9BJuVSfOC48K69kDLUjr1oK3g0xSKAxlzDI/py3STt8=,tag:geLjytd+xC4dtf7hUMJ/8Q==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSeWVuY3Evcm1taWFSM3Jv
|
||||||
|
aFdUSGVCcXZ0MkFWbUhYMVlMKzNWbkw1WlVvClkrMUVrcjEzQ0tjN2hSOUdPdXNE
|
||||||
|
cnpnN3BqN1QwTVMvbklkL3B3ZlJOd00KLS0tIEdyMmp5VmpZdGZXRS9WdDBrWHE0
|
||||||
|
aXZ0ZFJLZUplQVltS0VkMCtlMGdleFEK0aAWEkyRzM0SdR+eNTurVvD70yhJJxC7
|
||||||
|
oRNuo5SD5XU4AMakCLffc1I4XkM8L6SwffS20yP+s9UY/D1n9FBZAg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWUFBaHBZdmVIWnRuaHpT
|
||||||
|
WVBOLzJKNERBQXhrNVEyWVcyZllPSFV6bG40CisrQWU4R3plcHJ3ODRTbXNvL2dr
|
||||||
|
TXV0R3loVjUxcFI2dnJqaURMOXJqQWsKLS0tIHhpMkNlckc3VDNRelBmMTVNZy94
|
||||||
|
T0hxY1hOLzNTYithQ0g0YlBuUExlK1UKOCUEwKPlXL+im23fxkbHY5iMD7tSaEq5
|
||||||
|
qF686lZHPJ9hil/8O+cmQ/qQPOiEqJBh9cvw9deWo+T65pp7aeixRQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVTBodlh0cXl4MEc3cXli
|
||||||
|
ZndJV21aV2U3OEJLZXkrNmVPNy93T2tXbURBCnhBQVRGSXVaMXJiWG9jbU5kR1Jk
|
||||||
|
Um1seVd5L1FkK3YxRmp2ZExUekwzMTAKLS0tIHoyK0FwVG1HQ3BFc0huRUZneGFR
|
||||||
|
QUh6NGdtZ2xkbUhXeXdpeVdjZTdHZ1kK/DeOe18HwJpoRNxo4JvdNGc8Ema61J4w
|
||||||
|
oxTZpqszWeNItmLtTvWJk9kahR1PhUwReG3zhVpxa+SzJTkLLy9amQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCaVVpeVphcENhN1RNV0JK
|
||||||
|
MUFDTFo0aEZuN0dYOGU4YmQwampPdTJQcUEwCld1WlhFUG11bzZTL3MzOVhNa1J6
|
||||||
|
RmhpeUN0Sm0xK1B6WTJsUjdCNXRzU2cKLS0tIHpNd1d4bVBXVlYyMG5hVjRkVi9Z
|
||||||
|
SFN5TUhqWWxHd2ZMeEdtUGV3SmljOUUKKPazmCwOsqYVLTW1wo6ie1+l910X5o6I
|
||||||
|
ygmi3TSv0ztwgqi94x3ma/1v82pPT/GCtGe22tCUOOiR+qn70mOGZw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRmFJMVJlMHBrNzltNDdq
|
||||||
|
RVZKYUJlMEcwVGtwaEI1RTloOHowbVNZREQ4CkFnSGlzM1VkWW5pcVNDWSsrQ1NI
|
||||||
|
dkVGaWhhaWd4VTA4RmplSUV0NTFpa0EKLS0tIEpqV1hWUEpvbytOOXNVeFhYWHNF
|
||||||
|
N0tHazQ3VEl2c1kwODNBd3lpS2NkM1kKt3uWMg2LuCeEquyYB5FNzEfI2qv7D1d2
|
||||||
|
8KD3X9mangmITwmLumdzcmxwEYmz0SD6im9fy413S1JZxDZonvZ8lA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaVI0N3JBbmFCdk9CMDk1
|
||||||
|
bTB0NTJLb1J3S3JKcjk2dzFzdmJmQkpvbFdJCklFSW9PL2NSSFRSeGlkZmJqR1Av
|
||||||
|
dDlrMmw2L21kZDFFT0ZTNG5aK1YvSncKLS0tIEFVZlNOSVduUHhOMDI2Z1Z5R2Uw
|
||||||
|
TytkQnZ5RXp3R1pCSThjM0VYdnkxcncKGM4ceBAfyXpgRGLAvTdEpE31uXJSCktR
|
||||||
|
KhfUZ/3lvuu7M12ju4ogqdoTND88IWDL2sewmgkyFRRbuBMHfEbKBg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRDhsU2tLRDU2Zm8zTkpy
|
||||||
|
d3Y4RGtPc3IzM1h3TVBHYi90eElDM25qZTBrCkdSL2I1SGxNaktZMzF0V0xiOHVy
|
||||||
|
ZXdGc095ZWRLWjNTdkMzVFlXMUNVY00KLS0tIFF2S3V2Y3hpMFN6Sm54dW9PVUVI
|
||||||
|
UjE1NXVYa2RzZHhmN2ZiTFltTERtd2sKmHDLboVclE9tn/2dtA21SWWQ8an27HEd
|
||||||
|
6iUOFVPQ7Yy3wd64CU7sd+vUq7w24NMORjj+ltQJXnpDfedmoecALQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVVlPeFkrdWN1aG9uWi9j
|
||||||
|
YVZacG1lRHA3VXpTWUlBSmFLbkxZemg0eFFvClZXcjJNLzVDVCtrZ3ZRNi92VWFM
|
||||||
|
VmJNeE1FWEVYWTZqQTdIYkYvUDhsZnMKLS0tIEg1RFNJUkJmNjVHMUQwMjBYb282
|
||||||
|
NmQrUk15LzZrcHQzV2c0K3VPOVc4V2cKXDggWmSB4WZbAqFoc+rGTRrpbG25L6Xz
|
||||||
|
7R3AD52Ul2dE60CdrPACoi7zJWKfr/QjJ5qfUi3xxhNn906qYRVQXQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBId1FBN0Y5dHY3S2c1cEhi
|
||||||
|
eFNGTkdrQ0luMEliYU0zOVJpdmFENy9iOHhrClNmTHdsK01EeFlTWGk3Y1R3YTMx
|
||||||
|
SERzbTZ2YUdreWFVaGlXdlh1aC91U1EKLS0tIFR3RzRJZHIyR1IxZG13SFlUeTdI
|
||||||
|
SVNKZ0psWE9LVG9qaVZ6cUJhYVFxVEkKEai4IXJstKRavu4hrV4PFWv69kjdvWit
|
||||||
|
Y7xHFrR5OS5/Elfg5uPk6fkF91H+niY5XPytuRAkNdkIJh29sDClvg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-12-03T22:10:58Z"
|
||||||
|
mac: ENC[AES256_GCM,data:gKoPQdINeMfQsofqxGLMRzikWfYqd9DFzR5JS7YQFHzlSrjxed6GFKr4YtKClBvfZU67AvE9OV6CyCweG9M5BFl9nDwjr8y85Lj0CvWrCtOVaQQ0nVloayrF4c1IKA2TH4BrXJA+kV9mSgc8eRYmwI6dY988nMLRsSp+oEgAJQk=,iv:d73wS8SaRao2L8MpRst1PXAtrjl8ViqiqoIFMzWKRv0=,tag:fMvq4Pp5BmM4A85VFBMlog==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
93
nixos/boxes/bolty/mastodon-db.sops.yaml
Normal file
93
nixos/boxes/bolty/mastodon-db.sops.yaml
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
mastodon-db: ""
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM2JVelR6K0Zjbm5ubjJD
|
||||||
|
MVV5NkdhaGl1eE5oUUp1bm1VQmEvTThPRkE0CkRtQ2k4WHhkTlhNQ25tN1V5VkR3
|
||||||
|
b3c0NzJuSFRLNnVRZUNkTml6dnRKMlUKLS0tIEt2UkFEVkFGbHFURkRONUlmMW0w
|
||||||
|
ZXNpZVh2eUpuRDZ3ZFhTcTAxU2FKWTAKuWxeWi10LGOBcDuruA1Nu2cbZ4ERN6B2
|
||||||
|
ujbcoKVN9nA+wy5+HgBxfOFQ78KvkuRmIKfbLvyRX/9Pg8v5o1Ybhg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSi9CNnFCQTdGTjlqWlY5
|
||||||
|
eS82NDV1WFpDOGNJZVJhblhVV0xPRGcwTmtzClFXQjVXNDZHVUFWVFNHQ1FOaGNM
|
||||||
|
SUxLTDZ0MXdrZVNsUUhkQUNWdStxUjgKLS0tIDlsNU9JUFFTOVdHcUxmMzVvNHUr
|
||||||
|
dnQ1T0FwMGtpdTBYODVBdHN5NjhtNHMKYb4+t8oyZ1lfFDIbjzGfiN7EihD7oef1
|
||||||
|
cna9lEwgfm19G1yiPjgszlPQwdjvSk6vlPNYcOT1KYisGnTtRHUCvw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZcEpFUGE3bnBXYzlsZGl5
|
||||||
|
RFR6bU56VVZRT3ZIaXc5cDYyd28vMUtoVkhVCjlwbmRBMngvWC9FQ1VsK1dxOXNo
|
||||||
|
UExONjFxZTE4S0dIeDR0VWFndEg5eUkKLS0tIHQxNWFGVHRHUGdTWTN5aVFsWGpj
|
||||||
|
TjYzVkkvUDlEOWZCM3Y3TUpHMWp1MXMKAxvbXIc0SgUdbzZvV53kqbLG8uDaSoOw
|
||||||
|
G1GWOJcruJ+WywsxoVcd6UA01GgUOYg9bAaeEJuzABfBG9u2WmL6DQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aTE3VFpZdmZYNVh4Rkw3
|
||||||
|
Y2pXRXdWSUw2eWhHcEo1OFNnMEpRNjZzbUc0ClVGZXB2aWxXRUdZVmFWR0JDSitk
|
||||||
|
L0svd2RLb3A3QlV3ZG02TXQ3UkdlRXcKLS0tIDhVZTRHdDhJQ2ViSC9YU3ZIdURN
|
||||||
|
U3l2bjhjdktwWnpDSXFtWkp2cEFQa1kKy74uyFJcUf9L2EHcQ5RrymRFn5AsOtpQ
|
||||||
|
Ar1Tb+TCXsyXwMlXwqX5jTdKFxwpsgiT/GuE8mHjGOM9XoJPEHaoMA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVzRnN2xtOWw2dWlYZWR3
|
||||||
|
b2g2WVlDcVk3eGRrQkV0ZER1a1ZLcDF2QWdjCnlMWDhMbkdFZVBkMXNwZFBKTW5z
|
||||||
|
QWxNSzRkRDdlT1FsUWpRNktYME5mcXcKLS0tIEh5UHpVb1gyeng1eXFjNnZlcTc1
|
||||||
|
cVBMNDR6VmxTRTUzYTlETCtqTUZ6Nm8KSSlzWikCyVZsd1yzC8sq8e9UQnZhhQgl
|
||||||
|
jljUQOvLjDtjvmRMpTaAdGQuArVONWrk8UJheawo33BNL0lWyDSCcg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvQlNrNG5kRG1YRXhmbFRl
|
||||||
|
Q2tMZ1RBbTFmaUg4TmtxWkFTM3VqUHhkR1c4CkJEVzFqZXRDRndJd1FuQ0t2aXNt
|
||||||
|
YkZMbkhER1FKcWNaUWhpbWxxaSt2ZHcKLS0tIEJnSk9yeFRhckN2cEpUc3VXMGps
|
||||||
|
cXVqRWpJZk5zM1VPTVNzcFBSaG5pMU0KjIni2nzw98OgER95cOdzBrvuM80CdCzb
|
||||||
|
46FU071PAWBpgAH5SvIsI85At6fl0B8rKrce1nBSUDhvlnq4RbQpJA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWGtnR2ltS2I0R0p0VlV1
|
||||||
|
MUJyRTZsNUV0M0l6N2QrYnIyTHRrUmlmdERVCnBMU0MzNG5WQmpFcXpkM1BETFhn
|
||||||
|
RTV5R2ZZNFh6bEhkaVArenFobUZSUWcKLS0tIDUyUnpkQ29nbXdIaVhmN1dZWHhl
|
||||||
|
TERUMWJycHhWYXN0YzEwajBBVy9tYkEKSPZUnP65cRFgZdD7uHOyaMnMzPvuwHNf
|
||||||
|
7Q2Y0vCevwmppPt6TsNWWMKJUjWkdgAeAmmkKcSuaDi2EthdnxlwCQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTS2FRbm1VUEFhN1NFc3RB
|
||||||
|
QVRSRHBvbGdXcDVuanluaFZuUmlxSkJ2NHhRCi92ZGpWV0d2Z2ZMYnhyUTJlcDZB
|
||||||
|
YlhsQzdCYWRmV3RZOXdiVlpWZzJtcEUKLS0tIDhqaHFwTUR1bi91SldFeXloUExY
|
||||||
|
dFhJU3RmT204SitRazVRVEE1Y1plb2MKMv1gUa7xMixd6GyJWgous6gd6u/TPNpo
|
||||||
|
9BKtmf4F9VQRdrghf+dZgExsbqD+14wdVMmncWXDBt2/G9++kxngUQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6SlVhOTBZZHQxNWV0SnZj
|
||||||
|
eGJJNFhnV2hyY0xqaWNEVmtJdWZjMkxUNEVvCnpaL0xvaEh4TG1sTWtRdWdPSk94
|
||||||
|
SzIrZUFwNktObVNQalozbmd3Wnd6SEkKLS0tIE1WYWNTc2Z4bmlzOTRRakgzN0hK
|
||||||
|
U0lzVDRnQVV2Q0h2OHVKRmVhcVE5U2MKDGo89QvLMEehTjUowAa4kTXsqauGvZeP
|
||||||
|
eTw2bqpOkpVwdtMroHcz3Su8ZqDb+ejGE6n3GcwEUUuyPNSn/iE+hQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-11-26T12:03:57Z"
|
||||||
|
mac: ENC[AES256_GCM,data:9istsKh21b1w5UNXJyjbR8FmjLyZL+QiBNtfFyVtLv6/rc90NSFfXzq8jVTUA/DHkMNhe6Zt+ieCucc2+MjZoKX77JFMcJgPYzdrhT7Fzk9U+7XMIUN+vKuh3RRV9f6zNiGSHAwjN3Gz0yvFWxlrvZ4W1hpjpKQ6LKXkW0c2l88=,iv:dZQeInjC96GJpSppAez0/Ovte+zns/FSP7KY/5+dcpE=,tag:wajCNA52jC+PCpUmF8ctOQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
168
nixos/boxes/bolty/mastodon.nix
Normal file
168
nixos/boxes/bolty/mastodon.nix
Normal file
|
@ -0,0 +1,168 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
inputs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
newestPackages = inputs.nixpkgs-master.legacyPackages.${pkgs.system};
|
||||||
|
package = newestPackages.mastodon;
|
||||||
|
domain = "peninsula.industries";
|
||||||
|
internalWebPort = 55002;
|
||||||
|
postgresPort = 5432;
|
||||||
|
path = "/data/mastodon";
|
||||||
|
mailgunSmtpSecretName = "mastodon-mailgun-smtp-password";
|
||||||
|
mailgunSmtpPasswordPath = "/run/secrets/${mailgunSmtpSecretName}";
|
||||||
|
mastodonDbSecretName = "mastodon-db";
|
||||||
|
mastodonDbSecretPath = "/run/secrets/${mastodonDbSecretName}";
|
||||||
|
uid = 2049;
|
||||||
|
gid = 3049;
|
||||||
|
systemUserName = "mastodon";
|
||||||
|
systemGroupName = "mastodon";
|
||||||
|
users = {
|
||||||
|
users."${systemUserName}" = {
|
||||||
|
inherit uid;
|
||||||
|
isSystemUser = true;
|
||||||
|
isNormalUser = false;
|
||||||
|
group = systemGroupName;
|
||||||
|
};
|
||||||
|
groups."${systemGroupName}" = {
|
||||||
|
inherit gid;
|
||||||
|
members = ["${systemUserName}" "nginx"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secretSettings = {
|
||||||
|
owner = systemUserName;
|
||||||
|
group = systemGroupName;
|
||||||
|
};
|
||||||
|
publicPath = "${path}/public-system/";
|
||||||
|
in {
|
||||||
|
imports = [../nginx.nix];
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [internalWebPort];
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"masto-system.internal.cyplo.dev" = {
|
||||||
|
root = "${publicPath}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets."${mailgunSmtpSecretName}" =
|
||||||
|
{
|
||||||
|
sopsFile = ./mailgun.sops.yaml;
|
||||||
|
path = mailgunSmtpPasswordPath;
|
||||||
|
}
|
||||||
|
// secretSettings;
|
||||||
|
sops.secrets."${mastodonDbSecretName}" =
|
||||||
|
{
|
||||||
|
sopsFile = ./mastodon-db.sops.yaml;
|
||||||
|
path = mastodonDbSecretPath;
|
||||||
|
}
|
||||||
|
// secretSettings;
|
||||||
|
|
||||||
|
inherit users;
|
||||||
|
|
||||||
|
systemd.services.mastodon-make-path = {
|
||||||
|
script = ''
|
||||||
|
mkdir -p ${path}
|
||||||
|
chown -R ${systemUserName}:${systemGroupName} ${path}
|
||||||
|
mkdir -p ${publicPath}
|
||||||
|
chmod -R o-rwx ${publicPath}
|
||||||
|
chmod -R g-rwx ${publicPath}
|
||||||
|
chmod -R g+X ${publicPath}
|
||||||
|
chmod -R g+r ${publicPath}
|
||||||
|
chmod -R u+rwX ${publicPath}
|
||||||
|
'';
|
||||||
|
serviceConfig = {Type = "oneshot";};
|
||||||
|
before = ["container@mastodon.service"];
|
||||||
|
};
|
||||||
|
|
||||||
|
containers.mastodon = {
|
||||||
|
autoStart = true;
|
||||||
|
hostAddress = "100.69.177.80";
|
||||||
|
forwardPorts = [
|
||||||
|
{
|
||||||
|
containerPort = internalWebPort;
|
||||||
|
hostPort = internalWebPort;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
bindMounts = {
|
||||||
|
"/var/lib/mastodon" = {
|
||||||
|
hostPath = "${path}";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
"${mailgunSmtpPasswordPath}" = {
|
||||||
|
hostPath = "${mailgunSmtpPasswordPath}";
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
"${mastodonDbSecretPath}" = {
|
||||||
|
hostPath = "${mastodonDbSecretPath}";
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = {
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
services.postgresql.port = postgresPort;
|
||||||
|
users =
|
||||||
|
users
|
||||||
|
// {
|
||||||
|
mutableUsers = false;
|
||||||
|
allowNoPasswordLogin = true;
|
||||||
|
};
|
||||||
|
systemd.services.mastodon-media-auto-remove = {
|
||||||
|
description = "Mastodon media auto remove";
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
EnvironmentFile = "/var/lib/mastodon/.secrets_env";
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
/run/current-system/sw/bin/mastodon-tootctl media remove --days=8 --prune-profiles --include-follows -c1
|
||||||
|
/run/current-system/sw/bin/mastodon-tootctl media remove --days=8 --remove-headers --include-follows -c1
|
||||||
|
/run/current-system/sw/bin/mastodon-tootctl preview_cards remove --days=8
|
||||||
|
'';
|
||||||
|
startAt = "daily";
|
||||||
|
};
|
||||||
|
services.mastodon = {
|
||||||
|
enable = true;
|
||||||
|
inherit package;
|
||||||
|
localDomain = "${domain}";
|
||||||
|
user = systemUserName;
|
||||||
|
group = systemGroupName;
|
||||||
|
mediaAutoRemove.enable = false;
|
||||||
|
streamingProcesses = 2;
|
||||||
|
smtp = {
|
||||||
|
host = "smtp.eu.mailgun.org";
|
||||||
|
port = 465;
|
||||||
|
authenticate = true;
|
||||||
|
user = "postmaster@${domain}";
|
||||||
|
fromAddress = "Peninsula Industries Mastodon <mastodon@${domain}>";
|
||||||
|
createLocally = false;
|
||||||
|
passwordFile = "${mailgunSmtpPasswordPath}";
|
||||||
|
};
|
||||||
|
sidekiqThreads = 8;
|
||||||
|
extraConfig = {
|
||||||
|
SMTP_TLS = "true";
|
||||||
|
SMTP_ENABLE_STARTTLS_AUTO = "true";
|
||||||
|
SINGLE_USER_MODE = "true";
|
||||||
|
RAILS_SERVE_STATIC_FILES = "true";
|
||||||
|
AUTHORIZED_FETCH = "true";
|
||||||
|
DISALLOW_UNAUTHENTICATED_API_ACCESS = "true";
|
||||||
|
};
|
||||||
|
webPort = internalWebPort;
|
||||||
|
configureNginx = false;
|
||||||
|
enableUnixSocket = false;
|
||||||
|
database = {
|
||||||
|
port = postgresPort;
|
||||||
|
passwordFile = mastodonDbSecretPath;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,13 +2,15 @@
|
||||||
domain = "vidyos.peninsula.industries";
|
domain = "vidyos.peninsula.industries";
|
||||||
port = 3876;
|
port = 3876;
|
||||||
in {
|
in {
|
||||||
|
services.postgresql.port = 5444;
|
||||||
services.invidious = {
|
services.invidious = {
|
||||||
package =
|
package =
|
||||||
inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".invidious;
|
inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".invidious;
|
||||||
enable = true;
|
enable = false;
|
||||||
inherit domain;
|
inherit domain;
|
||||||
inherit port;
|
inherit port;
|
||||||
database.createLocally = true;
|
database.createLocally = true;
|
||||||
|
database.port = 5444;
|
||||||
nginx.enable = false;
|
nginx.enable = false;
|
||||||
settings = {
|
settings = {
|
||||||
external_port = 443;
|
external_port = 443;
|
||||||
|
|
|
@ -154,7 +154,7 @@ in {
|
||||||
createLocally = false;
|
createLocally = false;
|
||||||
passwordFile = "${mailgunSmtpPasswordPath}";
|
passwordFile = "${mailgunSmtpPasswordPath}";
|
||||||
};
|
};
|
||||||
sidekiqThreads = 8;
|
sidekiqThreads = 2;
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
SMTP_TLS = "true";
|
SMTP_TLS = "true";
|
||||||
SMTP_ENABLE_STARTTLS_AUTO = "true";
|
SMTP_ENABLE_STARTTLS_AUTO = "true";
|
||||||
|
|
Loading…
Reference in a new issue