nixos-config/config/services/mastodon.nix

119 lines
3.8 KiB
Nix
Raw Normal View History

2022-06-12 15:39:15 +00:00
{
nix-packages,
system,
pkgs,
config,
lib,
...
}: let
2022-06-12 15:42:42 +00:00
inherit ((import ../../utils/getInternalIP.nix config)) listenIPs;
2022-06-12 15:39:15 +00:00
listenStatements =
lib.concatStringsSep "\n" (builtins.map (ip: "listen ${ip}:443 http3;") listenIPs)
+ ''
add_header Alt-Svc 'h3=":443"';
'';
2022-04-25 16:47:49 +00:00
sopsConfig = {
owner = "mastodon";
restartUnits = [
"mastodon-streaming.service"
"mastodon-web.service"
"mastodon-sidekiq.service"
];
};
2022-06-12 15:42:42 +00:00
inherit (nix-packages.packages.${system}) mastodon;
2022-06-12 15:39:15 +00:00
in {
2022-04-25 16:47:49 +00:00
imports = [
./elasticsearch.nix
2022-04-26 08:42:42 +00:00
../../modules/mastodon.nix
2022-05-03 09:31:27 +00:00
./statsd-exporter.nix
2022-04-25 16:47:49 +00:00
];
services.mastodon = {
enable = true;
2022-04-26 08:20:21 +00:00
enableUnixSocket = false;
2022-04-30 09:23:15 +00:00
package = mastodon;
2022-04-25 16:47:49 +00:00
elasticsearch = {
host = "127.0.0.1";
};
localDomain = "chir.rs";
extraConfig = {
WEB_DOMAIN = "mastodon.chir.rs";
2022-08-26 16:56:32 +00:00
ALTERNATE_DOMAINS = "mastodon.int.chir.rs";
2022-04-25 16:47:49 +00:00
REDIS_NAMESPACE = "mastodon";
2022-04-25 17:01:55 +00:00
SINGLE_USER_MODE = "true";
REDIS_HOST = "127.0.0.1";
REDIS_PORT = toString config.services.redis.servers.mastodon.port;
S3_ENABLED = "true";
S3_BUCKET = "mastodon-chir-rs";
S3_REGION = "us-west-000";
S3_PROTOCOL = "https";
S3_HOSTNAME = "s3.us-west-000.backblazeb2.com";
2022-04-26 11:34:53 +00:00
S3_ENDPOINT = "https://s3.us-west-000.backblazeb2.com/";
S3_ALIAS_HOST = "mastodon-assets.chir.rs";
S3_OPEN_TIMEOUT = "120";
S3_READ_TIMEOUT = "120";
S3_MULTIPART_THRESHOLD = "5242880";
2022-05-03 09:31:27 +00:00
STATSD_ADDR = "127.0.0.1:9125";
2022-05-09 18:47:52 +00:00
MAX_TOOT_CHARS = "58913";
2022-04-25 16:47:49 +00:00
};
2022-04-25 17:01:55 +00:00
redis.createLocally = false;
2022-04-25 16:51:53 +00:00
otpSecretFile = config.sops.secrets."services/mastodon/otpSecret".path;
secretKeyBaseFile = config.sops.secrets."services/mastodon/secretKeyBase".path;
2022-04-25 16:47:49 +00:00
smtp = {
authenticate = true;
createLocally = false;
fromAddress = "mastodon@chir.rs";
host = "mail.chir.rs";
2022-04-25 16:51:53 +00:00
passwordFile = config.sops.secrets."services/mastodon/smtpPassword".path;
2022-04-25 16:47:49 +00:00
user = "mastodon@chir.rs";
};
2022-04-25 16:51:53 +00:00
vapidPrivateKeyFile = config.sops.secrets."services/mastodon/vapid/private".path;
vapidPublicKeyFile = config.sops.secrets."services/mastodon/vapid/public".path;
s3AccessKeyIdFile = config.sops.secrets."services/mastodon/s3/key_id".path;
2022-04-26 08:45:29 +00:00
s3SecretAccessKeyFile = config.sops.secrets."services/mastodon/s3/secret_key".path;
2022-04-25 16:47:49 +00:00
};
sops.secrets."services/mastodon/otpSecret" = sopsConfig;
sops.secrets."services/mastodon/secretKeyBase" = sopsConfig;
sops.secrets."services/mastodon/smtpPassword" = sopsConfig;
sops.secrets."services/mastodon/vapid/private" = sopsConfig;
sops.secrets."services/mastodon/vapid/public" = sopsConfig;
sops.secrets."services/mastodon/s3/key_id" = sopsConfig;
sops.secrets."services/mastodon/s3/secret_key" = sopsConfig;
2022-04-25 16:51:21 +00:00
2022-08-26 15:28:14 +00:00
services.caddy.virtualHosts."mastodon.int.chir.rs" = {
useACMEHost = "int.chir.rs";
extraConfig = ''
import baseConfig
root * ${config.services.mastodon.package}/public
root /system/* /var/lib/mastodon/public-system
2022-04-25 16:51:21 +00:00
2022-08-26 15:28:14 +00:00
handle /api/v1/streaming/* {
reverse_proxy {
to http://127.0.0.1:${toString config.services.mastodon.streamingPort}
2022-08-26 18:16:32 +00:00
header_up Host mastodon.chir.rs # shut up
2022-08-26 16:45:19 +00:00
trusted_proxies private_ranges
2022-08-26 15:28:14 +00:00
}
}
handle {
file_server
}
handle_errors {
reverse_proxy {
to http://127.0.0.1:${toString config.services.mastodon.webPort}
2022-08-26 18:16:32 +00:00
header_up Host mastodon.chir.rs # shut up
2022-08-26 16:45:19 +00:00
trusted_proxies private_ranges
2022-08-26 15:28:14 +00:00
}
}
'';
2022-06-12 15:39:15 +00:00
};
2022-04-25 17:01:55 +00:00
services.redis.servers.mastodon = {
enable = true;
bind = "127.0.0.1";
databases = 1;
port = 6379;
};
2022-04-25 18:09:22 +00:00
users.users.mastodon.home = lib.mkForce (toString config.services.mastodon.package);
2022-04-26 12:14:40 +00:00
services.elasticsearch.package = pkgs.elasticsearch7;
2022-04-25 16:47:49 +00:00
}