chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Mastodon

Browse source
This commit is contained in:
Charlotte Van Petegem 2022-11-02 11:45:07 +01:00
parent c32f685321
commit 6597734af7
No known key found for this signature in database
GPG key ID: 019E764B7184435A
9 changed files with 125 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
machines/lasting-integrity/default.nix
View file

@ -44,6 +44,12 @@
fast = true; fast = true;
location = "192.168.0.1"; location = "192.168.0.1";
} }
{
path = "zdata/big-apps/mastodon";
remotePath = "zdata/recv/lasting-integrity/big-apps/mastodon";
fast = true;
location = "192.168.0.1";
}
{ {
path = "zdata/big-apps/nextcloud"; path = "zdata/big-apps/nextcloud";
remotePath = "zdata/recv/lasting-integrity/big-apps/nextcloud"; remotePath = "zdata/recv/lasting-integrity/big-apps/nextcloud";
@ -62,6 +68,7 @@
garmin-scraper.enable = true; garmin-scraper.enable = true;
grafana.enable = true; grafana.enable = true;
mail.enable = true; mail.enable = true;
mastodon.enable = true;
matrix.enable = true; matrix.enable = true;
nginx.hosts = [ nginx.hosts = [
{ {

4
machines/lasting-integrity/hardware.nix
View file

@ -54,6 +54,10 @@
device = "zdata/big-apps/influxdb2"; device = "zdata/big-apps/influxdb2";
fsType = "zfs"; fsType = "zfs";
}; };
"/var/lib/mastodon/public-system" = {
device = "zdata/big-apps/mastodon";
fsType = "zfs";
};
"/cache" = { "/cache" = {
device = "zroot/safe/cache"; device = "zroot/safe/cache";
fsType = "zfs"; fsType = "zfs";

1
modules/services/default.nix
View file

@ -9,6 +9,7 @@
./garmin-scraper ./garmin-scraper
./grafana ./grafana
./mail ./mail
./mastodon
./matrix ./matrix
./nextcloud ./nextcloud
./nginx ./nginx

74
modules/services/mastodon/default.nix Normal file
View file

@ -0,0 +1,74 @@
{ config, lib, pkgs, ... }:
{
options.chvp.services.mastodon.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.services.mastodon.enable {
chvp.services.nginx.hosts = [{
fqdn = "social.chvp.be";
options = {
root = "${pkgs.mastodon}/public/";
locations = {
"/system/".alias = "/var/lib/mastodon/public-system/";
"/".tryFiles = "$uri @proxy";
"@proxy" = {
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
};
"/api/v1/streaming" = {
proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
proxyWebsockets = true;
};
};
};
}];
users = {
users = {
mastodon.uid = 989;
nginx.extraGroups = [ "mastodon" ];
};
groups.mastodon.gid = 985;
};
services.mastodon = {
enable = true;
configureNginx = false;
localDomain = "social.chvp.be";
enableUnixSocket = true;
database.createLocally = true;
redis.createLocally = true;
smtp = {
fromAddress = "social@chvp.be";
createLocally = false;
};
extraConfig = {
SMTP_OPENSSL_VERIFY_MODE = "none";
};
otpSecretFile = config.age.secrets."passwords/services/mastodon/otp".path;
secretKeyBaseFile = config.age.secrets."passwords/services/mastodon/key".path;
vapidPublicKeyFile = config.age.secrets."passwords/services/mastodon/vapid-public".path;
vapidPrivateKeyFile = config.age.secrets."passwords/services/mastodon/vapid-private".path;
};
age.secrets."passwords/services/mastodon/vapid-public" = {
file = ../../../secrets/passwords/services/mastodon/vapid-public.age;
owner = "mastodon";
};
age.secrets."passwords/services/mastodon/vapid-private" = {
file = ../../../secrets/passwords/services/mastodon/vapid-private.age;
owner = "mastodon";
};
age.secrets."passwords/services/mastodon/key" = {
file = ../../../secrets/passwords/services/mastodon/key.age;
owner = "mastodon";
};
age.secrets."passwords/services/mastodon/otp" = {
file = ../../../secrets/passwords/services/mastodon/otp.age;
owner = "mastodon";
};
};
}

5
secrets.nix
View file

@ -53,6 +53,11 @@ in
"secrets/passwords/services/acme.age".publicKeys = servers ++ users; "secrets/passwords/services/acme.age".publicKeys = servers ++ users;
"secrets/passwords/services/mastodon/otp.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/passwords/services/mastodon/key.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/passwords/services/mastodon/vapid-public.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/passwords/services/mastodon/vapid-private.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/passwords/services/garmin2influx-env.age".publicKeys = [ lasting-integrity ] ++ users; "secrets/passwords/services/garmin2influx-env.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/passwords/services/grafana/smtp.age".publicKeys = [ lasting-integrity ] ++ users; "secrets/passwords/services/grafana/smtp.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/passwords/services/grafana/admin-password.age".publicKeys = [ lasting-integrity ] ++ users; "secrets/passwords/services/grafana/admin-password.age".publicKeys = [ lasting-integrity ] ++ users;

BIN
secrets/passwords/services/mastodon/key.age Normal file
View file

Binary file not shown.

11
secrets/passwords/services/mastodon/otp.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 hKAFvQ qUX3kbBrSvD0TpzPo1FSvj2Y0XgiRuB85hJWLnSLyCE
xIS82BMrKIrdwyL9WmnUXu073kDrVd/R7VACiWBiiCw
-> ssh-ed25519 s9rb8g TpqLGfeBjfK15OdnH7vWBCrwn0EbapG3joeIXi5hp18
BuouswSPfGDMaXbpy/pC0pek66FBVBrQyFq32AxtStQ
-> ssh-ed25519 yad4VQ 2Jq/gVbABw1+xgBOYYHMqMR4N2ZQwk9xbK3/Xar55CA
IAbzT3BshmLho2psx08muvjc5ZU4DYpkmOkmHb7L+TI
-> )+G8u*-grease 4 (', `F?]U 9~.V_L
q7LbpDJis1PmlNyawx3MXxjXkrxUVBIUwoOuipvLi9TKDQ39KJxyOCIIZCIQwA
--- iQNO5W76cfj2k8NdTPqCdJHestSwPCdHDf58p8FcihA
„’éÔ$!m ‚çÍ“ÄPSÂ1ÿ$ÄÐõ¼•¬qp×ûf]5)<29>8+í$Ûn¢<6E>lçCjkËX<58>ÿÁWU/åÉnHÕƒˆ$¦ÁÈÿ%YÑ@ÙûSX7׫´ž7É âÐð:h½ÐW¼2ã´{pÐôË=<3D>½ÿ •G9Í3Âk€?þÁVl>†ÌlúŸ'.¹¬¯ˆ†Î$0iâ5Æk

12
secrets/passwords/services/mastodon/vapid-private.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 hKAFvQ dHxud0szOg7zaxwddGG1nUxCEny5jxKyQdYT7q/LGB8
AO+kc43zv9MBwAvrq3DSSeGGYoY8gSUaN3drhNN4OWQ
-> ssh-ed25519 s9rb8g JTm3AwLa4IO+rpWKA3J7yxk0vc4TRgSjk6j07XbNlyE
RDIeGxXne8byHbbil4zUOqKa4a96Woo5JT84Ui7KFdE
-> ssh-ed25519 yad4VQ RkizLgPPmAcyLRfRNrZZ83i9k1R8tRrfyH7AuBVrEV0
pIe3Jm7bpYEUosHQfKg7lRUZyt4Svp28yLz68XUoqlQ
-> `v$(@<Ud-grease | n[SSES [f*n{KB.
ZfJDK2yqb6EzTU8YMC8BNlfb5d+ARkfDgbCxLj9K4RE8LVP+AbxakGFi3yfqudsU
hKIXkY5KLcROde1/0JxxC14da0GbuhQg
--- JA0bFHlGA7JmzmHALLBuvne23JP8vtOjgNotc5jPhyA
óhGˆº<EFBFBD>­®MÿOŸTK ó•¥{ûy¾®.ÜÛÈ&BûDzOêËK£\äïC<C3AF>÷U<C3B7>zï(^gȸZ¬)ý3¿wí%¢€Ï+È

11
secrets/passwords/services/mastodon/vapid-public.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 hKAFvQ CI+BwPK0Bi3U6nloqCCD2zHm18PE9R9nz/lwjymUxBs
V8Ld8sfd8TkLnQCiCmVol92WJ66+zieQvHp6sqJXyNg
-> ssh-ed25519 s9rb8g r5vaMLdo3BC/SABXlDe4Rpv+EloYcPUUvlstX7w2cRM
sXGhO1qvNd7ekeLjYvkTgowcOoyfPrLybo5/mQhf5lw
-> ssh-ed25519 yad4VQ PmFz7XS6/YHOsdtAPWK1t+FWH2uo6UEa6RdFBcDqHgE
j9rItt2NBxV3C0+/d7Q/ikfhYqPgB0ebotg9grbrjiE
-> A7t.]-grease
VAC5XDxwmwsyufHKAMzR903+xqeBzw
--- g7TlBRUIxwFAlbYfZQguaZhJoYl/2gPlUpEZfcOmI6I
̽5ÑÍ×,~êl"Kqýé0 !ñ„&ÚÍY>²îÓäE(]ŲWé+²Ž¿<C5BD>bæÑý?-8|Ý%{¼cE°ø™Æúò˜)CÚÄçU¦‰öe+¬vÀZeФó{¤Ñ1¼ŒõK=Dy¤†Nv¨ÊÀÄV:j¹$5