diff --git a/.sops.yaml b/.sops.yaml index cb717ff..e1d781a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -28,7 +28,3 @@ creation_rules: key_groups: - pgp: [*clara] age: [*vikunja] - - path_regex: secrets\/mastodon\/* - key_groups: - - pgp: [*clara] - age: [*mastodon] diff --git a/configs/services/mastodon.nix b/configs/services/mastodon.nix index ce6fe9d..b41e0e0 100644 --- a/configs/services/mastodon.nix +++ b/configs/services/mastodon.nix @@ -1,36 +1,44 @@ { lib, pkgs, config, ... }: +let + http_port = 3000; + dbuname = "misskey"; + dbport = 5432; +in { - security.acme = { - acceptTerms = true; - defaults.email = "fedi@cdaut.de"; - }; - - # set up smtp pass - sops = { - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - secrets.smtp_pass = { - sopsFile = ../../secrets/mastodon/secrets.yaml; - }; - }; - - services.mastodon = { - enable = true; - streamingProcesses = 1; - localDomain = "puppyplaypissparty.de"; - configureNginx = true; - - smtp = { - fromAddress = "fedi@cdaut.de"; - host = "mail.cdaut.de"; - user = "fedi@cdaut.de"; - port = 587; - authenticate = true; - passwordFile = config.sops.secrets.smtp_pass.path; + services = { + misskey = { + enable = true; + settings = { + url = "https://puppyplaypissparty.de"; + port = http_port; + }; + settings = { + db = { + user = dbuname; + port = dbport; + }; + setupPassword = "VMoV33ov$C6JxVVXHffuVxHaqf^Cbmr9V1GSNgkyF6pq939Wr@c1hgfN7iD9%$De"; + }; }; - database = { - createLocally = true; + postgresql = { + enable = true; + ensureUsers = [ + { + name = dbuname; + ensureDBOwnership = true; + } + ]; + ensureDatabases = [ + dbuname + ]; + settings.port = dbport; + }; + redis = { + servers."" = { + enable = true; + }; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ http_port ]; } diff --git a/configs/services/misskey.nix b/configs/services/misskey.nix deleted file mode 100644 index b41e0e0..0000000 --- a/configs/services/misskey.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ lib, pkgs, config, ... }: -let - http_port = 3000; - dbuname = "misskey"; - dbport = 5432; -in -{ - services = { - misskey = { - enable = true; - settings = { - url = "https://puppyplaypissparty.de"; - port = http_port; - }; - settings = { - db = { - user = dbuname; - port = dbport; - }; - setupPassword = "VMoV33ov$C6JxVVXHffuVxHaqf^Cbmr9V1GSNgkyF6pq939Wr@c1hgfN7iD9%$De"; - }; - }; - - postgresql = { - enable = true; - ensureUsers = [ - { - name = dbuname; - ensureDBOwnership = true; - } - ]; - ensureDatabases = [ - dbuname - ]; - settings.port = dbport; - }; - redis = { - servers."" = { - enable = true; - }; - }; - }; - networking.firewall.allowedTCPPorts = [ http_port ]; -} diff --git a/flake.lock b/flake.lock index 8446fb7..ba84dd6 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1758277210, - "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", + "lastModified": 1756787288, + "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", + "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "type": "github" }, "original": { @@ -18,11 +18,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1758262103, - "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=", + "lastModified": 1744868846, + "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "12bd230118a1901a4a5d393f9f56b6ad7e571d01", + "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", "type": "github" }, "original": { @@ -43,11 +43,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1758425756, - "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d425d61..47d2054 100644 --- a/flake.nix +++ b/flake.nix @@ -12,7 +12,7 @@ specialArgs = { inherit inputs; }; }; - #mcserver = import ./configs/containers/mc_container.nix; + mcserver = import ./configs/containers/mc_container.nix; wireguard = import ./configs/containers/wg_container.nix; @@ -22,7 +22,7 @@ mastodon = import ./configs/containers/mastodon_container.nix; - #paperless = import ./configs/containers/paperless_container.nix; + paperless = import ./configs/containers/paperless_container.nix; vikunja = import ./configs/containers/vikunja_container.nix; }; diff --git a/secrets/mastodon/secrets.yaml b/secrets/mastodon/secrets.yaml deleted file mode 100644 index 09c28b9..0000000 --- a/secrets/mastodon/secrets.yaml +++ /dev/null @@ -1,37 +0,0 @@ -smtp_pass: ENC[AES256_GCM,data:S1vB0GIb9c0Yov/wkGiqpt6goN/XmIWPFx0TYMvqhJUXtGgjKNtkmijYBsT0,iv:xnKh4edcHRDjxHRo84KxQKx6OrZlErla3yvLIZyqeUo=,tag:ftVNoc0qnRru+Z8TF3E0wQ==,type:str] -sops: - age: - - recipient: age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bkMvTUZKbkpCeFg2Z3I4 - L095TkFhVUNSWmNxWERicGdrZXF3dFFTcTFBCnhNTGxYSitrcGlYY2ZpTXNlQUhW - MmVocHFENmNGWXZ1QWxabG8xSTNWSmcKLS0tIFBkY1JXd3JuTVE4NEVFL2lLeUZT - YUdTMTk2V3QvN2NXWXlqbDh1SkNBZVUKI7aHgopbId8rjAKVXYstsXa36mLm1j4f - nknPOngq++hMoY/v3P2ipV+Ml0lgJt+Nk0BlA9RTBQ2FYg4cJhiOuA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-12T11:36:49Z" - mac: ENC[AES256_GCM,data:VWTDVy7Eoe71XNfKPcNUTZbfxH6BBkS+hHOCRImnZZnu8bEvdmrbvDFtKgvsmolijg870G4YVgdKiZc9REJAD2Egcq4rX6XXZi4F5AQISlU/vkQ5amUdvHAjbW9U+O67c1qxDsSOP489x3zDlR4LeoWALCXpnFNFCjBQwIIjKzM=,iv:uedmYsLS5TIMPprREzn5aRGXXJj8xKtr1mEocugiokA=,tag:jqXp8DCzqywu18gvfm5Qtw==,type:str] - pgp: - - created_at: "2025-09-12T10:53:07Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAzwtBoBqH5ZOAQ//ePQhgxIhAoV0FXav0+Z8i9I+hri/OAvN0Isrjohss1uj - TRruFq0fxVQuvlbA1qXixPL/7bxE5dV2YGQbw+SmzD+joAo0VMvKzQzxd2cM4XUy - +S4T97lH8MlziGOTTi82Uw31PCvMy7HfgTS5ftIVPbsJ7VegDcs2OtWyqXDmNR/q - 96gSGGGb0sIirVrv1mtSlmd2vKqN7pO72DNUsnJ8wTQ3h4ntH4LB3i859q1mwLSz - OSc7BQYY2GmtdFfhHrLT0b8abF19lD/JZEGRLgfOngPlR3aDJgtoh06x3zBcQ0Hp - aqLWr1HttJNEAET80zO38cdHUPe11G+3Vw7+7EgbRjOMKKORVpby0GSjZLWJJI3M - fR3er4CgVXSeCKkNuIQx/prwEMm5iHouKMN0fruy5R4eg07mZhIuGg7RsZs1T4Sr - ekPXHtK6HCD2XmXHM2dteWbO+DMOMKsF/lihM/ct5KAGHd+cLyHk98n3extmworv - PVzOTLE5xzGmAK87OtGL7DOlpxOfhgHYf1x9idLJorJMbg5MyAK/b8fjYtibN+nJ - sSQruHhBoc0ekyeyqIWY5vgd+oRf5Rma3CcJSMTEk09SlVYSN9n7ys+lSaD4DL3z - rck2N2FG+/L5cv3FfON3yJ+c4NUydehUzihWVGTE5LLSrwCMi8Lhp87Kse3vFmTS - XAFkdKenVseFcCGk271PCSThphSKdZYGJIuoRuyrVSFbhL/L7dTAHXRu6VHuXBTP - TfeUEyRqY6zaCOAEbS4K5NhcGbhVdXATWOgTSdLYGYVXPCtTYKrwEQPtzxyN - =cTu+ - -----END PGP MESSAGE----- - fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83 - unencrypted_suffix: _unencrypted - version: 3.10.2