1 files changed, 62 insertions, 67 deletions

diff --git a/nix/hosts/corrino/www/social.emile.space.nix b/nix/hosts/corrino/www/social.emile.space.nix
index 9f9a6f1..47c5015 100644
--- a/nix/hosts/corrino/www/social.emile.space.nix
+++ b/nix/hosts/corrino/www/social.emile.space.nix
@@ -2,14 +2,14 @@
 
 {
 
-	# the reverse proxy to gotosocial
+  # the reverse proxy to gotosocial
   services.nginx.virtualHosts."social.emile.space" = {
     forceSSL = true;
     enableACME = true;
     locations = {
       "/" = {
         proxyPass = "http://127.0.0.1:${toString config.emile.ports.gotosocial}";
-				proxyWebsockets = true;
+        proxyWebsockets = true;
         extraConfig = ''
           client_max_body_size 40M;
         '';
@@ -18,79 +18,74 @@
     };
   };
 
-	# Redirects from emile.space to social.emile.space
-	# Without this, other instances have problems getting from the username
-	#   @hanemile@emile.space to the host social.emile.space
-	# https://docs.gotosocial.org/en/latest/advanced/host-account-domain/
+  # Redirects from emile.space to social.emile.space
+  # Without this, other instances have problems getting from the username
+  #   @hanemile@emile.space to the host social.emile.space
+  # https://docs.gotosocial.org/en/latest/advanced/host-account-domain/
   services.nginx.virtualHosts."emile.space" = {
     locations = {
-		  "/.well-known/webfinger".extraConfig = ''
-		    rewrite ^.*$ https://social.emile.space/.well-known/webfinger permanent;
+      "/.well-known/webfinger".extraConfig = ''
+        rewrite ^.*$ https://social.emile.space/.well-known/webfinger permanent;
       '';
 
-		  "/.well-known/host-meta".extraConfig = ''
-	      rewrite ^.*$ https://social.emile.space/.well-known/host-meta permanent;
-			'';
+      "/.well-known/host-meta".extraConfig = ''
+              rewrite ^.*$ https://social.emile.space/.well-known/host-meta permanent;
+        		'';
 
-		  "/.well-known/nodeinfo".extraConfig = ''
-	      rewrite ^.*$ https://social.emile.space/.well-known/nodeinfo permanent;
-			'';
-		};
-	};
+      "/.well-known/nodeinfo".extraConfig = ''
+              rewrite ^.*$ https://social.emile.space/.well-known/nodeinfo permanent;
+        		'';
+    };
+  };
 
+  # auth via authelia
+  services.authelia.instances.main.settings.identity_providers.oidc.clients = [
+    {
+      id = "gotosocial";
 
-	# auth via authelia
-	services.authelia.instances.main.settings.identity_providers.oidc.clients = [
-		{
-			id = "gotosocial";
+      # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
+      secret = "$pbkdf2-sha512$310000$oDpZ5FuO965TbjPoophJXw$dbkAwWFvLN1h1Zh9US2ZOE5ilPRdEHMdGF/x0uorou2UqURrXF0KQmXxsV38F2yYMS7u/ecramKlvfMwsqHOcg";
+      public = false;
+      authorization_policy = "two_factor";
+      redirect_uris = [ "https://social.emile.space/auth/callback" ];
+      scopes = [
+        "openid"
+        "email"
+        "profile"
+        "groups"
+      ];
+      grant_types = [
+        "refresh_token"
+        "authorization_code"
+      ];
+      response_types = [ "code" ];
+      response_modes = [
+        "form_post"
+        "query"
+        "fragment"
+      ];
+    }
+  ];
 
-			# ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
-			secret = "$pbkdf2-sha512$310000$oDpZ5FuO965TbjPoophJXw$dbkAwWFvLN1h1Zh9US2ZOE5ilPRdEHMdGF/x0uorou2UqURrXF0KQmXxsV38F2yYMS7u/ecramKlvfMwsqHOcg"; 
-			public = false;
-			authorization_policy = "two_factor";
-			redirect_uris = [
-				"https://social.emile.space/auth/callback"
-			];
-			scopes = [
-				"openid"
-				"email"
-				"profile"
-				"groups"
-			];
-			grant_types = [
-				"refresh_token"
-				"authorization_code"
-			];
-			response_types = [
-				"code"
-			];
-			response_modes = [
-				"form_post"
-				"query"
-				"fragment"
-			];
-		}
-	];
-					
-	services.gotosocial = {
-		enable = true;
-		package = pkgs.gotosocial;
-		settings = {
-			host = "social.emile.space";
-			port = config.emile.ports.gotosocial;
-			bind-address = "127.0.0.1";
-			account-domain = "emile.space";
-			db-type = "sqlite";
-			db-address = "/var/lib/gotosocial/database.sqlite";
-			protocol = "https";
-			storage-local-base-path = "/var/lib/gotosocial/storage";
-			oidc-idp-name = "authelia";
-			oidc-client-id = "gotosocial";
-			advanced-rate-limit-requests = 0;
-			accounts-allow-custom-css = true;
-		};
-		environmentFile = config.age.secrets.gotosocial_environment_file.path;
-	};
+  services.gotosocial = {
+    enable = true;
+    package = pkgs.gotosocial;
+    settings = {
+      host = "social.emile.space";
+      port = config.emile.ports.gotosocial;
+      bind-address = "127.0.0.1";
+      account-domain = "emile.space";
+      db-type = "sqlite";
+      db-address = "/var/lib/gotosocial/database.sqlite";
+      protocol = "https";
+      storage-local-base-path = "/var/lib/gotosocial/storage";
+      oidc-idp-name = "authelia";
+      oidc-client-id = "gotosocial";
+      advanced-rate-limit-requests = 0;
+      accounts-allow-custom-css = true;
+    };
+    environmentFile = config.age.secrets.gotosocial_environment_file.path;
+  };
 
   systemd.services.gotosocial = {
     after = [ "authelia-main.service" ];