add mastodon

config/nas.nix

@@ -13,6 +13,7 @@
     nixos-hardware.nixosModules.common-gpu-nvidia
     nixos-hardware.nixosModules.common-pc-hdd
     ./services/hostapd.nix
+    ./services/mastodon.nix
   ];
 
   hardware.cpu.amd.updateMicrocode = true;

config/programs/vscode.nix

@@ -174,6 +174,7 @@
       "verilog.ctags.path" = "${pkgs.ctags}/bin/ctags";
       "verilog.languageServer" = "${pkgs.svls}/bin/svls";
       "verilog.linting.linter" = "${pkgs.verilator}/bin/verilator";
+      "redhat.telemetry.enabled" = false; # FUCK OFF
     };
   };
 }

config/services/elasticsearch.nix

@@ -0,0 +1,6 @@
+{ ... }: {
+  services.elasticsearch = {
+    enable = true;
+    cluster_name = "chir-rs";
+  };
+}

config/services/mastodon.nix

@@ -0,0 +1,45 @@
+{ config, ... }:
+let
+  sopsConfig = {
+    owner = "mastodon";
+    restartUnits = [
+      "mastodon-streaming.service"
+      "mastodon-web.service"
+      "mastodon-sidekiq.service"
+    ];
+  };
+in
+{
+  imports = [
+    ./elasticsearch.nix
+  ];
+  services.mastodon = {
+    enable = true;
+    elasticsearch = {
+      host = "127.0.0.1";
+    };
+    localDomain = "chir.rs";
+    extraConfig = {
+      WEB_DOMAIN = "mastodon.darkkirb.de";
+      REDIS_NAMESPACE = "mastodon";
+      SINGLE_USER_MODE = true;
+    };
+    otpSecretFile = config.secrets."services/mastodon/otpSecret".path;
+    secretKeyBaseFile = config.secrets."services/mastodon/secretKeyBase".path;
+    smtp = {
+      authenticate = true;
+      createLocally = false;
+      fromAddress = "mastodon@chir.rs";
+      host = "mail.chir.rs";
+      passwordFile = config.secrets."services/mastodon/smtpPassword".path;
+      user = "mastodon@chir.rs";
+    };
+    vapidPrivateKeyFile = config.secrets."services/mastodon/vapid/private".path;
+    vapidPublicKeyFile = config.secrets."services/mastodon/vapid/public".path;
+  };
+  sops.secrets."services/mastodon/otpSecret" = sopsConfig;
+  sops.secrets."services/mastodon/secretKeyBase" = sopsConfig;
+  sops.secrets."services/mastodon/smtpPassword" = sopsConfig;
+  sops.secrets."services/mastodon/vapid/private" = sopsConfig;
+  sops.secrets."services/mastodon/vapid/public" = sopsConfig;
+}

secrets/nas.yaml

@@ -8,6 +8,13 @@ services:
         github_token: ENC[AES256_GCM,data:AWMeX+P8YHGpSuH+5KqvE9zNxkEPKGvdRaQjNysO4/XE4csGjCvmjA==,iv:MCRtws/SM7lWS2/2pp5tbeX7+I5h4LVd9bJp//ln9hs=,tag:LMEGWFAaOqH0fqfNgc87AQ==,type:str]
         aws_credentials: ENC[AES256_GCM,data:yxJU6d6BMi+LHUPimMkgr5h6accGXQXxFu9A0swdwKII/Xfo4ALAw4J4aEhpnNuK8JwmzuuDdTDGnilzuEATeaANa2cNXps6AWw8Hem8idw585xTcU1YBEOdbBSs/mKK6S+Da1OU5jC1atrCCWY7cg==,iv:tAEGsniZ7N/jBp7btLlD1pNcF4NvEmpO6zXji1H29t8=,tag:lmAB3QMfaT3ljDmr+8IBHA==,type:str]
     hostapd: ENC[AES256_GCM,data:KCOOPShBt6gs8TK0Ns6Kzw==,iv:haG+7w893r9w9XySav8n2MWIAOi8eehy61rQudpdjGU=,tag:yupv4fTLiOgTU7SKoAR3og==,type:str]
+    mastodon:
+        otpSecret: ENC[AES256_GCM,data:TD/Qt9E1ENvqjbmoDQwwsC1EbwgkaH0r8BP2qteomB0nnsPQjG0VWLhVSi71o/iKJa/XdnsEuVdkRiCzS6EfNshz0AoIHbBNaf8V809eSeFBxEDGEtjdulPLCuoRQd3NQxA9qd1itELQW67fvoBPWYBDWHzTC6wsC4oqUapMeUU=,iv:daJMGNJWFm2Vt29K0xmYhqccV+EX3B2fUSsSyXbhPMo=,tag:kPWtUYvoX9YaU16uPsL5eQ==,type:str]
+        secretKeyBase: ENC[AES256_GCM,data:EXcp0nio3RFsoxEIjS1c+ZCxXHaZ86XrTgoboPPgmYBRov85OnulYaIXHutwvqD9Q8RedpKw2f3AfPyoy7CQFGnyTLdIKmTgFGU3AnJskb4GHRzU6WskHgMMmk5ndz8BvHBwVfPgSN6Zm3MV/iCalSJzdSTDW7BnOOz1lUITYWA=,iv:5cXIvLaFiAMWiSQJw4KrtJBkADFYyN6047l8kg/OW9M=,tag:uEErhfZe9C13TZLUYlW9FA==,type:str]
+        smtpPassword: ENC[AES256_GCM,data:Ebz2hPGdW8YeU1NCRY+WtYPpnowp5Xf0CADZ+vhVMz8=,iv:XSZOstMOD7vJ10/fni9aAhVugzuHJ1ksi5Qqwxv1/qo=,tag:Lh3O+DJZIeC1z5XFeNmb+g==,type:str]
+        vapid:
+            private: ENC[AES256_GCM,data:h47YNhhrD4hCT/5Ckx5ERreV13vAurpQCgT/sgAW/4wVyOTT3LMGGgKOoVo=,iv:91q/+UzQnMUpOy57I8y0ugl6o0lojMxAGKE2jAuWYaQ=,tag:NqBbdu86G2JheQfz1N1esg==,type:str]
+            public: ENC[AES256_GCM,data:/KX8PQozWSDTc/cHhepFfGEXzAKFNf7805ExjvuQjgISmT3e0dCbDwaYGgGbLv91Zu2fRiCtm6C52KvBPoLRcdYHuXHP0eJ5Pv6NSHwHk3ZBubXk1wmp8A==,iv:/kHzyM+/FG2nBZnC0ncRR3Ye/x07jAEB31hf6g0JUZw=,tag:OwvhEwFrG19lkmvwXsYNjg==,type:str]
 security:
     restic:
         password: ENC[AES256_GCM,data:n+M6pfe0YrONaYo3HSnijHxhThg=,iv:0J2t+58tYRJD1GmnJa8w30U+RwOl67eWeHhvLk0eeks=,tag:ivuZqpGrU7ZHFZ4IiMvxBw==,type:str]
@@ -38,8 +45,8 @@ sops:
             WnV3QWxtalIzWFdoQmpDTmJsNGdNOW8K++rFGXy0G6Gcu2gQwSP6xfXInQ/y5nh5
             2oGp8sfOLFWnNI4SWL0ChP47K3C/9ysUHwQnUYPbRafZ/4X6cN40ZQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-04-24T20:52:45Z"
-    mac: ENC[AES256_GCM,data:Gsj0UURPKUp1DYxwptPPf1D2iQvPs5B3gfMnLnh2e0MARqBu1MS0qwY/icLr9FPece8HK+E08PdXPrEDXApd1cfuXS7ru42Oe8BKkjrbaIi3beE0bthDuptvPRc5ZZUbc72qt7kH3vRDkQCK6IWqawUTAe+DEZEbl6+IIr8zL1Y=,iv:L6ZC+Nl0O6/bmZuNg1ButdCswpoO2Vy16eO/I8fvLLg=,tag:dKk+GHZpxrWJ+wd343M0nQ==,type:str]
+    lastmodified: "2022-04-25T16:47:24Z"
+    mac: ENC[AES256_GCM,data:r6mgABN7lNnndt3vV1uWGpdtuFFGbUl+SlKwpOqAVbqDIqHGAFmErxEyz9S+EZYhrhG5BNa9Bih79sGOf4dPHsfZWJmx3YYKruQyJa8Z99qvNYFXHjiVn442z5mo2DJS3ViWPUhMcxvzD7RqeHTyYyMPKGoN2gQ5AzFCT7UxHtg=,iv:i8pzZpvOtbFyYG/42nCMZL8DAA6703UF/KInT9CCH4c=,tag:G7FpFMHwW6eSU+n8Px3HLw==,type:str]
     pgp:
         - created_at: "2022-04-24T10:34:20Z"
           enc: |