2022-10-02 13:18:32 +02:00
|
|
|
{ config, pkgs, lib, ... }:
|
2022-10-02 17:44:35 +02:00
|
|
|
let
|
|
|
|
vs = config.vault-secrets.secrets;
|
|
|
|
cfg = config.services.mastodon;
|
2022-12-01 22:13:05 +01:00
|
|
|
in {
|
2022-10-02 13:18:32 +02:00
|
|
|
system.stateVersion = "21.05";
|
|
|
|
# Use DHCP with static leases
|
|
|
|
networking.interfaces.eth0.useDHCP = true;
|
|
|
|
|
|
|
|
# Better cache hits
|
|
|
|
environment.noXlibs = lib.mkForce false;
|
|
|
|
|
|
|
|
services.elasticsearch = {
|
|
|
|
enable = true;
|
|
|
|
cluster_name = "mastodon-es";
|
|
|
|
package = pkgs.elasticsearch7;
|
|
|
|
};
|
|
|
|
|
2022-10-02 16:04:25 +02:00
|
|
|
vault-secrets.secrets.mastodon = {
|
2022-10-07 10:55:53 +02:00
|
|
|
services = [ "mastodon-init-dirs" "mastodon" "mastodon-media-prune" ];
|
2022-12-01 22:13:05 +01:00
|
|
|
inherit (cfg) user group;
|
2022-10-02 16:04:25 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
# Append the init-dirs script to add AWS/Minio secrets
|
|
|
|
systemd.services.mastodon-init-dirs.script = ''
|
|
|
|
cat >> /var/lib/mastodon/.secrets_env <<EOF
|
|
|
|
AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/awsAccessKeyId)"
|
|
|
|
AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/awsSecretAccessKey)"
|
2022-11-05 22:28:04 +01:00
|
|
|
DEEPL_API_KEY="$(cat ${vs.mastodon}/deeplAPIKey)"
|
2022-10-02 16:04:25 +02:00
|
|
|
EOF
|
|
|
|
'';
|
2022-10-02 13:18:32 +02:00
|
|
|
|
|
|
|
services.mastodon = {
|
|
|
|
enable = true;
|
|
|
|
package = pkgs.v.glitch-soc;
|
|
|
|
streamingPort = 55000;
|
|
|
|
webPort = 55001;
|
|
|
|
enableUnixSocket = false;
|
|
|
|
localDomain = "xirion.net";
|
2023-04-29 23:51:59 +02:00
|
|
|
trustedProxy = "192.168.0.122";
|
|
|
|
mediaAutoRemove = {
|
|
|
|
enable = true;
|
|
|
|
olderThanDays = 30;
|
|
|
|
startAt = "weekly";
|
|
|
|
};
|
2022-10-02 13:18:32 +02:00
|
|
|
|
|
|
|
configureNginx = false;
|
|
|
|
|
|
|
|
redis = { createLocally = true; };
|
|
|
|
|
|
|
|
elasticsearch = {
|
|
|
|
host = "127.0.0.1";
|
2022-12-01 22:13:05 +01:00
|
|
|
inherit (config.services.elasticsearch) port;
|
2022-10-02 13:18:32 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
database = {
|
|
|
|
createLocally = false;
|
|
|
|
user = "mastodon";
|
|
|
|
passwordFile = "${vs.mastodon}/db-password";
|
|
|
|
port = 5432;
|
|
|
|
name = "mastodon";
|
|
|
|
host = "192.168.0.126";
|
|
|
|
};
|
|
|
|
|
|
|
|
smtp = {
|
|
|
|
createLocally = false;
|
|
|
|
fromAddress = "mastodon@xirion.net";
|
|
|
|
host = "mail.xirion.net";
|
|
|
|
user = "mastodon@xirion.net";
|
|
|
|
authenticate = true;
|
|
|
|
port = 587;
|
|
|
|
passwordFile = "${vs.mastodon}/smtp-password";
|
|
|
|
};
|
|
|
|
|
|
|
|
extraConfig = {
|
|
|
|
BIND = "0.0.0.0";
|
|
|
|
SINGLE_USER_MODE = "false";
|
|
|
|
EMAIL_DOMAIN_ALLOWLIST = "xirion.net";
|
|
|
|
DEFAULT_LOCALE = "en";
|
|
|
|
|
|
|
|
WEB_DOMAIN = "fedi.xirion.net";
|
|
|
|
|
|
|
|
SMTP_AUTH_METHOD = "plain";
|
|
|
|
SMTP_OPENSSL_VERIFY_MODE = "none";
|
|
|
|
|
2023-04-29 23:51:59 +02:00
|
|
|
RAILS_SERVE_STATIC_FILES = "false";
|
2022-10-02 13:18:32 +02:00
|
|
|
|
2022-11-01 11:11:14 +01:00
|
|
|
AUTHORIZED_FETCH = "true";
|
|
|
|
|
2022-10-02 13:18:32 +02:00
|
|
|
# https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md;
|
|
|
|
# https://shivering-isles.com/Mastodon-and-Amazon-S3
|
|
|
|
S3_ENABLED = "true";
|
|
|
|
S3_BUCKET = "mastodon";
|
|
|
|
S3_PROTOCOL = "https";
|
|
|
|
S3_HOSTNAME = "o.xirion.net";
|
|
|
|
S3_ENDPOINT = "https://o.xirion.net/";
|
2022-11-05 22:28:04 +01:00
|
|
|
|
|
|
|
DEEPL_PLAN = "free";
|
2022-10-02 13:18:32 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2022-12-01 22:13:05 +01:00
|
|
|
networking.firewall = let cfg = config.services.mastodon;
|
|
|
|
in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; };
|
2022-10-02 13:18:32 +02:00
|
|
|
}
|