feat(gustave): init glance

feat(gustave): init mastodon
2025-03-24 04:40:53 +01:00 · 2025-01-10 02:33:26 +01:00 · 2025-01-10 02:33:09 +01:00
6 changed files with 218 additions and 0 deletions
--- a/machines/biblios/garage.nix
+++ b/machines/biblios/garage.nix
@ -21,6 +21,12 @@ in
        api_bind_addr = "[::]:3900";
        root_domain = ".${api_domain}";
      };
+      s3_web = {
+        bind_addr = "127.0.0.1:3902";
+        root_domain = ".cdn.luj.fr";
+        index = "index.html";
+      };
+
      rpc_bind_addr = "[::]:3901";
      rpc_public_addr = "127.0.0.1:3901";

@ -43,4 +49,23 @@ in
      '';
    };
  };
+
+  services.nginx.virtualHosts."cdn.luj.fr" = {
+    enableACME = true;
+    forceSSL = true;
+    serverAliases = [ "cdn.social.luj.fr" ];
+    locations."/".extraConfig = ''
+      proxy_pass http://127.0.0.1:3902;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $host;
+    '';
+  };
+
+  machine.meta.zones."luj.fr".subdomains."social".subdomains."cdn".A = [
+    config.machine.meta.ips.public.ipv4
+  ];
+  machine.meta.zones."luj.fr".subdomains."social".subdomains."cdn".AAAA = [
+    config.machine.meta.ips.public.ipv6
+  ];
+
 }
--- a/machines/gustave/default.nix
+++ b/machines/gustave/default.nix
@ -15,6 +15,8 @@
    ./readeck.nix
    ./plausible.nix
    ./nextcloud.nix
+    ./glance.nix
+    ./mastodon.nix
  ];

  machine.meta = {
--- a/machines/gustave/glance.nix
+++ b/machines/gustave/glance.nix
@ -0,0 +1,144 @@
+{ config, ... }:
+{
+  services.glance = {
+    enable = true;
+    settings = {
+      pages = [
+        {
+          center-vertically = true;
+          columns = [
+            {
+              size = "full";
+              widgets = [
+                {
+                  autofocus = true;
+                  type = "search";
+                  search-engine = "google";
+                }
+                {
+                  cache = "1m";
+                  sites = [
+                    {
+                      icon = "si:jellyfin";
+                      title = "Jellyfin";
+                      url = "https://yourdomain.com/";
+                    }
+                    {
+                      icon = "si:gitea";
+                      title = "Gitea";
+                      url = "https://yourdomain.com/";
+                    }
+                    {
+                      icon = "si:qbittorrent";
+                      title = "qBittorrent";
+                      url = "https://yourdomain.com/";
+                    }
+                    {
+                      icon = "si:immich";
+                      title = "Immich";
+                      url = "https://yourdomain.com/";
+                    }
+                    {
+                      icon = "si:adguard";
+                      title = "AdGuard Home";
+                      url = "https://yourdomain.com/";
+                    }
+                    {
+                      icon = "si:vaultwarden";
+                      title = "Vaultwarden";
+                      url = "https://yourdomain.com/";
+                    }
+                  ];
+                  title = "Services";
+                  type = "monitor";
+                }
+                {
+                  type = "lobsters";
+                  sort-by = "hot";
+                  limit = 15;
+                  collapse-after = 5;
+                }
+                {
+                  type = "repository";
+                  repository = "SaumonNet/proxmox-nixos";
+                  pull-requests-limit = 5;
+                  issues-limit = 3;
+                }
+                {
+                  groups = [
+                    {
+                      links = [
+                        {
+                          title = "Gmail";
+                          url = "https://mail.google.com/mail/u/0/";
+                        }
+                        {
+                          title = "Amazon";
+                          url = "https://www.amazon.com/";
+                        }
+                        {
+                          title = "Github";
+                          url = "https://github.com/";
+                        }
+                      ];
+                      title = "General";
+                    }
+                    {
+                      links = [
+                        {
+                          title = "YouTube";
+                          url = "https://www.youtube.com/";
+                        }
+                        {
+                          title = "Prime Video";
+                          url = "https://www.primevideo.com/";
+                        }
+                        {
+                          title = "Disney+";
+                          url = "https://www.disneyplus.com/";
+                        }
+                      ];
+                      title = "Entertainment";
+                    }
+                    {
+                      links = [
+                        {
+                          title = "Reddit";
+                          url = "https://www.reddit.com/";
+                        }
+                        {
+                          title = "Twitter";
+                          url = "https://twitter.com/";
+                        }
+                        {
+                          title = "Instagram";
+                          url = "https://www.instagram.com/";
+                        }
+                      ];
+                      title = "Social";
+                    }
+                  ];
+                  type = "bookmarks";
+                }
+              ];
+            }
+          ];
+          hide-desktop-navigation = true;
+          name = "Startpage";
+          width = "slim";
+        }
+      ];
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "dashboard.luj" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.glance.settings.server.port}";
+      };
+    };
+  };
+
+}
--- a/machines/gustave/mastodon.nix
+++ b/machines/gustave/mastodon.nix
@ -0,0 +1,41 @@
+{ config, ... }:
+
+{
+
+  age.secrets."mastodon-env".file = ../../secrets/mastodon-env.age;
+
+  services.mastodon = {
+    enable = true;
+    localDomain = "social.luj.fr";
+    configureNginx = true;
+    extraConfig.SINGLE_USER_MODE = "true";
+    streamingProcesses = 10;
+    extraConfig = {
+      OIDC_ENABLED = "true";
+      OIDC_DISPLAY_NAME = "Luj - SSO";
+      OIDC_DISCOVERY = "true";
+      OIDC_ISSUER = "https://auth.luj.fr/oauth2/openid/mastodon";
+      OIDC_SCOPE = "openid,profile,email";
+      OIDC_UID_FIELD = "email";
+      OIDC_CLIENT_ID = "mastodon";
+      OIDC_REDIRECT_URI = "https://social.luj.fr/auth/auth/openid_connect/callback";
+      OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";
+      ONE_CLICK_SSO_LOGIN = "true";
+
+      # S3
+      S3_ENABLED = "true";
+      S3_BUCKET = "mastodon";
+      S3_REGION = "paris";
+      S3_ENDPOINT = "https://s3.luj.fr";
+      S3_HOSTNAME = "s3.luj.fr";
+      S3_ALIAS_HOST = "cdn.social.luj.fr";
+      SMTP_SERVER = "mail.luj.fr";
+      SMTP_PORT = "587";
+      SMTP_FROM_ADDRESS = "infra@luj.fr";
+      SMTP_LOGIN = "luj";
+    };
+    extraEnvFiles = [ config.age.secrets."mastodon-env".path ];
+
+  };
+
+}
--- a/secrets/mastodon-env.age
+++ b/secrets/mastodon-env.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -168,4 +168,10 @@ in
    gustave
  ];

+  "mastodon-env.age".publicKeys = [
+    tower
+    gallifrey
+    gustave
+  ];
+
 }
Author	SHA1	Message	Date
Julien Malka	fdada747e1	feat(gustave): init glance	2025-01-10 02:33:26 +01:00
Julien Malka	0bc6dc0ce8	feat(gustave): init mastodon	2025-01-10 02:33:09 +01:00