diff --git a/flake.lock b/flake.lock
index 243434e..6b20e14 100644
--- a/flake.lock
+++ b/flake.lock
@@ -439,11 +439,11 @@
         "wlroots": "wlroots"
       },
       "locked": {
-        "lastModified": 1664617133,
-        "narHash": "sha256-ogDblDyvM8KgJEmidcmrQbBEFVYleAPLeoyuioCXYa4=",
+        "lastModified": 1664648355,
+        "narHash": "sha256-Qi7fh9jD0PeQw80YBjAv191Ye+MecudUOTYFwByH3CU=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "590fbf808b60baceef3b021050dae4c409121bf5",
+        "rev": "a97621b1cb203b0e3a7dd07d88c5422b798cbfd8",
         "type": "github"
       },
       "original": {
@@ -698,11 +698,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1664477516,
-        "narHash": "sha256-kdOex16l/HV0zDFXLcR1ksjQlZDaCZt8a7EXMybuirM=",
+        "lastModified": 1664708903,
+        "narHash": "sha256-JxJNpWBIvtO1RX4ENW2aKgmyCIr0CwxcxQNxc+NGqv4=",
         "owner": "NULLx76",
         "repo": "nixpkgs",
-        "rev": "dddab957d2cdae5a11b3104e5eaec28995ef2ebf",
+        "rev": "325d5202f74b9feea0ab59a3fce1076dd0f36298",
         "type": "github"
       },
       "original": {
diff --git a/nixos/hosts/hades/mastodon/configuration.nix b/nixos/hosts/hades/mastodon/configuration.nix
new file mode 100644
index 0000000..b695802
--- /dev/null
+++ b/nixos/hosts/hades/mastodon/configuration.nix
@@ -0,0 +1,84 @@
+{ config, pkgs, lib, ... }:
+let vs = config.vault-secrets.secrets;
+in {
+  system.stateVersion = "21.05";
+  # Use DHCP with static leases
+  networking.interfaces.eth0.useDHCP = true;
+
+  # Better cache hits
+  environment.noXlibs = lib.mkForce false;
+
+  services.elasticsearch = {
+    enable = true;
+    cluster_name = "mastodon-es";
+    package = pkgs.elasticsearch7;
+  };
+
+  vault-secrets.secrets.mastodon = { };
+
+  services.mastodon = {
+    enable = true;
+    package = pkgs.v.glitch-soc;
+    streamingPort = 55000;
+    webPort = 55001;
+    enableUnixSocket = false;
+    localDomain = "xirion.net";
+    trustedProxy = "192.168.0.123";
+
+    configureNginx = false;
+
+    redis = { createLocally = true; };
+
+    elasticsearch = {
+      host = "127.0.0.1";
+      port = config.services.elasticsearch.port;
+    };
+
+    database = {
+      createLocally = false;
+      user = "mastodon";
+      passwordFile = "${vs.mastodon}/db-password";
+      port = 5432;
+      name = "mastodon";
+      host = "192.168.0.126";
+    };
+
+    smtp = {
+      createLocally = false;
+      fromAddress = "mastodon@xirion.net";
+      host = "mail.xirion.net";
+      user = "mastodon@xirion.net";
+      authenticate = true;
+      port = 587;
+      passwordFile = "${vs.mastodon}/smtp-password";
+    };
+
+    extraConfig = {
+      BIND = "0.0.0.0";
+      SINGLE_USER_MODE = "false";
+      EMAIL_DOMAIN_ALLOWLIST = "xirion.net";
+      DEFAULT_LOCALE = "en";
+
+      WEB_DOMAIN = "fedi.xirion.net";
+
+      SMTP_AUTH_METHOD = "plain";
+      SMTP_OPENSSL_VERIFY_MODE = "none";
+
+      # TODO: Don't?
+      RAILS_SERVE_STATIC_FILES = "true";
+
+      # https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md;
+      # https://shivering-isles.com/Mastodon-and-Amazon-S3
+      S3_ENABLED = "true";
+      S3_BUCKET = "mastodon";
+      S3_PROTOCOL = "https";
+      AWS_ACCESS_KEY_ID = secrets.awsAccessKey;
+      AWS_SECRET_ACCESS_KEY = secrets.awsSecretKey;
+      S3_HOSTNAME = "o.xirion.net";
+      S3_ENDPOINT = "https://o.xirion.net/";
+    };
+  };
+
+  networking.firewall = let cfg = config.services.mastodon;
+  in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; };
+}