bump to 0.15

.gitignore

@@ -1,2 +1,3 @@
 .terraform.lock.hcl
 .terraform
+*.vars

gotosocial.yaml

@@ -218,12 +218,12 @@ accounts-allow-custom-css: false
 # Int. Maximum allowed image upload size in bytes.
 # Examples: [2097152, 10485760]
 # Default: 10485760 -- aka 10MB
-media-image-max-size: 10485760
+media-image-max-size: 10MiB
 
 # Int. Maximum allowed video upload size in bytes.
 # Examples: [2097152, 10485760]
 # Default: 41943040 -- aka 40MB
-media-video-max-size: 41943040
+media-video-max-size: 40MiB
 
 # Int. Minimum amount of characters required as an image or video description.
 # Examples: [500, 1000, 1500]
@@ -233,7 +233,7 @@ media-description-min-chars: 0
 # Int. Maximum amount of characters permitted in an image or video description.
 # Examples: [500, 1000, 1500]
 # Default: 500
-media-description-max-chars: 500
+media-description-max-chars: 1500
 
 # Int. Number of days to cache media from remote instances before they are removed from the cache.
 # A job will run every day at midnight to clean up any remote media older than the given amount of days.
@@ -252,7 +252,7 @@ media-remote-cache-days: 30
 # of your emojis to other instances, so beware.
 # Examples: [51200, 102400]
 # Default: 51200
-media-emoji-local-max-size: 51200
+media-emoji-local-max-size: 50KiB
 
 # Int. Max size in bytes of emojis to download from other instances.
 # By default this is 100kb, or twice the size of the default for media-emoji-local-max-size.
@@ -260,7 +260,7 @@ media-emoji-local-max-size: 51200
 # higher emoji size limits, and not taking up too much space in storage.
 # Examples: [51200, 102400]
 # Default: 51200
-media-emoji-remote-max-size: 102400
+media-emoji-remote-max-size: 100KiB
 
 ##########################
 ##### STORAGE CONFIG #####
@@ -290,12 +290,6 @@ storage-s3-bucket: "{{ .Data.cdn.bucket }}"
 # Default: 5000
 statuses-max-chars: 1024
 
-# Int. Maximum amount of characters allowed in the CW/subject header of a status.
-# Note that going way higher than the default might break federation.
-# Examples: [100, 200]
-# Default: 100
-statuses-cw-max-chars: 100
-
 # Int. Maximum amount of options to permit when creating a new poll.
 # Note that going way higher than the default might break federation.
 # Examples: [4, 6, 10]

gts.nomad

@@ -1,13 +1,16 @@
+variable "package" {
+  type = map(object({
+    image   = string
+    version = string
+  }))
+  default = {}
+}
+
 job "club-patito" {
   datacenters = ["qro0"]
   region = "qro0"
+  namespace = "social"
 
-  vault {
-    policies = ["club-patito"]
-
-    change_mode   = "signal"
-    change_signal = "SIGHUP"
-  }
 
   group "club-patito" {
     reschedule {
@@ -39,6 +42,10 @@ job "club-patito" {
       driver = "docker"
       user = "nobody"
 
+      vault {
+        role = "club-patito"
+      }
+
       resources {
         cpu    = 128
         memory = 64
@@ -46,7 +53,7 @@ job "club-patito" {
       }
 
       config {
-        image = "litestream/litestream:0.3.12"
+        image = "${var.package.litestream.image}:${var.package.litestream.version}"
         args = ["restore", "/alloc/gotosocial.db"]
         volumes = ["secrets/litestream.yaml:/etc/litestream.yml"]
       }
@@ -66,6 +73,10 @@ job "club-patito" {
       driver = "docker"
       user = "nobody"
 
+      vault {
+        role = "club-patito"
+      }
+
       resources {
         cpu    = 256
         memory = 128
@@ -73,7 +84,7 @@ job "club-patito" {
       }
 
       config {
-        image = "litestream/litestream:0.3.12"
+        image = "${var.package.litestream.image}:${var.package.litestream.version}"
         args = ["replicate"]
         volumes = ["secrets/litestream.yaml:/etc/litestream.yml"]
       }
@@ -88,8 +99,12 @@ job "club-patito" {
       driver = "docker"
       user = "nobody"
 
+      vault {
+        role = "club-patito"
+      }
+
       config {
-        image = "superseriousbusiness/gotosocial:0.11.1"
+        image = "${var.package.self.image}:${var.package.self.version}"
         ports = ["gotosocial"]
         args = [
           "--config-path",

gts.spec.yaml

@@ -0,0 +1,20 @@
+_config: !!joao
+  vault: none
+  name: none
+description: activitypub server
+docs:
+  - https://docs.gotosocial.org/en/latest/
+  - https://litestream.io/
+packages:
+  self:
+    image: superseriousbusiness/gotosocial
+    source: https://github.com/superseriousbusiness/gotosocial
+    version: "0.15.0"
+    check: github-releases
+    comparison: suffix
+  litestream:
+    source: https://github.com/benbjohnson/litestream
+    image: litestream/litestream
+    check: github-releases
+    version: "0.3.13"
+    comparison: suffix

main.tf

@@ -16,7 +16,7 @@ terraform {
 
     vault = {
       source  = "hashicorp/vault"
-      version = "~> 3.18.0"
+      version = "~> 4.2.0"
     }
   }
 
@@ -72,6 +72,24 @@ resource "vault_policy" "service" {
   HCL
 }
 
+resource "vault_jwt_auth_backend_role" "service" {
+  backend = "nomad-workload"
+  role_type = "jwt"
+  role_name = "club-patito"
+  bound_audiences = ["vault.io"]
+  user_claim = "/nomad_job_id"
+  user_claim_json_pointer = true
+  claim_mappings = {
+    nomad_namespace = "nomad_namespace"
+    nomad_job_id = "nomad_job_id"
+    nomad_task = "nomad_task"
+  }
+  token_type = "service"
+  token_policies = [vault_policy.service.name]
+  token_period = 60 * 60 * 6
+  token_explicit_max_ttl = 0
+}
+
 resource "digitalocean_record" "to_pati_club" {
   domain = "pati.to"
   type   = "A"