diff --git a/hosts/common/security.nix b/hosts/common/security.nix index 6fbc1b5..76d45bb 100644 --- a/hosts/common/security.nix +++ b/hosts/common/security.nix @@ -37,6 +37,11 @@ wheelNeedsPassword = false; keepTerminfo = true; }; + + acme = { + acceptTerms = true; + defaults.email = "admin@cherrykitten.dev"; + }; }; services.fail2ban = { diff --git a/hosts/maine-coon/default.nix b/hosts/maine-coon/default.nix index 34da00a..ce3d9d5 100644 --- a/hosts/maine-coon/default.nix +++ b/hosts/maine-coon/default.nix @@ -1,6 +1,7 @@ { ... }: { imports = [ ./hardware-configuration.nix + ./gotosocial.nix ]; networking.hostName = "maine-coon"; diff --git a/hosts/maine-coon/gotosocial.nix b/hosts/maine-coon/gotosocial.nix new file mode 100644 index 0000000..f61c957 --- /dev/null +++ b/hosts/maine-coon/gotosocial.nix @@ -0,0 +1,53 @@ +{ ... }: +let + bind-address = "127.0.0.1"; + host = "cherrykitten.gay"; + port = 8553; +in +{ + services.gotosocial = { + enable = true; + settings = { + inherit bind-address host port; + application-name = "CherryKitten"; + setupPostgresqlDB = true; + landing-page-user = "sammy"; + + instance-expose-suspended = true; + instance-expose-suspended-web = true; + accounts-registration-open = false; + + media-image-max-size = 41943040; + media-video-max-size = 83886080; + media-description-max-chars = 3000; + media-remote-cache-days = 14; + media-emoji-local-max-size = 204800; + media-emoji-remote-max-size = 204800; + + statuses-max-chars = 69420; + statuses-cw-max-chars = 200; + statuses-poll-max-options = 10; + statuses-poll-option-max-chars = 150; + statuses-media-max-files = 16; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.nginx = { + enable = true; + clientMaxBodySize = "40M"; + virtualHosts = { + "${host}" = { + enableACME = true; + forceSSL = true; + locations = { + "/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://${bind-address}:${toString port}"; + }; + }; + }; + }; + }; +}