mastodon: decomission

2024-11-10 18:35:31 +01:00 · 2024-11-10 18:35:31 +01:00 · cf4fba0936
commit cf4fba0936
parent e5740af04b
9 changed files with 0 additions and 105 deletions
--- a/machines/lasting-integrity/default.nix
+++ b/machines/lasting-integrity/default.nix
@ -54,12 +54,6 @@
            fast = true;
            location = "192.168.0.1";
          }
          {
            path = "zdata/big-apps/mastodon";
            remotePath = "zdata/recv/lasting-integrity/big-apps/mastodon";
            fast = true;
            location = "192.168.0.1";
          }
          {
            path = "zdata/big-apps/nextcloud";
            remotePath = "zdata/recv/lasting-integrity/big-apps/nextcloud";
@ -74,7 +68,6 @@
    services = {
      git.enable = true;
      mail.enable = true;
      mastodon.enable = true;
      matrix.enable = true;
      nginx.hosts = [
        {
--- a/machines/lasting-integrity/hardware.nix
+++ b/machines/lasting-integrity/hardware.nix
@ -54,10 +54,6 @@
      device = "zdata/big-apps/influxdb2";
      fsType = "zfs";
    };
    "/var/lib/mastodon/public-system" = {
      device = "zdata/big-apps/mastodon";
      fsType = "zfs";
    };
    "/var/lib/git" = {
      device = "zdata/big-apps/git";
      fsType = "zfs";
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@ -7,7 +7,6 @@
    ./data-access
    ./git
    ./mail
    ./mastodon
    ./matrix
    ./nextcloud
    ./nginx
--- a/modules/nixos/services/mastodon/default.nix
+++ b/modules/nixos/services/mastodon/default.nix
@ -1,78 +0,0 @@
 { config, lib, pkgs, ... }:
 {
  options.chvp.services.mastodon.enable = lib.mkOption {
    default = false;
    example = true;
  };
  config = lib.mkIf config.chvp.services.mastodon.enable {
    chvp = {
      base.zfs.systemLinks = [{ path = "/var/lib/redis-mastodon"; type = "cache"; }];
      services.nginx.hosts = [{
        fqdn = "social.chvp.be";
        options = {
          root = "${pkgs.mastodon}/public/";
          locations = {
            "/system/".alias = "/var/lib/mastodon/public-system/";
            "/".tryFiles = "$uri @proxy";
            "@proxy" = {
              proxyPass = "http://unix:/run/mastodon-web/web.socket";
              proxyWebsockets = true;
            };
            "/api/v1/streaming" = {
              proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
              proxyWebsockets = true;
            };
          };
        };
      }];
    };
    users = {
      users = {
        mastodon.uid = 989;
        nginx.extraGroups = [ "mastodon" ];
      };
      groups.mastodon.gid = 985;
    };
    services.mastodon = {
      enable = true;
      configureNginx = false;
      localDomain = "social.chvp.be";
      enableUnixSocket = true;
      streamingProcesses = 4;
      database.createLocally = true;
      redis.createLocally = true;
      smtp = {
        fromAddress = "social@chvp.be";
        createLocally = false;
      };
      extraConfig = {
        SMTP_OPENSSL_VERIFY_MODE = "none";
      };
      otpSecretFile = config.age.secrets."passwords/services/mastodon/otp".path;
      secretKeyBaseFile = config.age.secrets."passwords/services/mastodon/key".path;
      vapidPublicKeyFile = config.age.secrets."passwords/services/mastodon/vapid-public".path;
      vapidPrivateKeyFile = config.age.secrets."passwords/services/mastodon/vapid-private".path;
    };
    age.secrets."passwords/services/mastodon/vapid-public" = {
      file = ../../../../secrets/passwords/services/mastodon/vapid-public.age;
      owner = "mastodon";
    };
    age.secrets."passwords/services/mastodon/vapid-private" = {
      file = ../../../../secrets/passwords/services/mastodon/vapid-private.age;
      owner = "mastodon";
    };
    age.secrets."passwords/services/mastodon/key" = {
      file = ../../../../secrets/passwords/services/mastodon/key.age;
      owner = "mastodon";
    };
    age.secrets."passwords/services/mastodon/otp" = {
      file = ../../../../secrets/passwords/services/mastodon/otp.age;
      owner = "mastodon";
    };
  };
 }
--- a/secrets.nix
+++ b/secrets.nix
@ -77,12 +77,6 @@ in
  "secrets/passwords/services/git/secret.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/passwords/services/gitlab-runner/registration.age".publicKeys = [ urithiru ] ++ users;
  "secrets/passwords/services/mastodon/otp.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/passwords/services/mastodon/key.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/passwords/services/mastodon/vapid-public.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/passwords/services/mastodon/vapid-private.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/passwords/services/garmin2influx-env.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/passwords/services/grafana/smtp.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/passwords/services/grafana/admin-password.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/passwords/services/grafana/secret-key.age".publicKeys = [ lasting-integrity ] ++ users;
--- a/secrets/passwords/services/mastodon/key.age
+++ b/secrets/passwords/services/mastodon/key.age
--- a/secrets/passwords/services/mastodon/otp.age
+++ b/secrets/passwords/services/mastodon/otp.age
--- a/secrets/passwords/services/mastodon/vapid-private.age
+++ b/secrets/passwords/services/mastodon/vapid-private.age
@ -1,9 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 hKAFvQ MOJSN3hq4H+2R84i4w/zLxlR1AU4y080IrCfcpyCnS8
 Gs3vTYjkNUe4WvVhg6TWRzEsyYMyeIYGwHAg7CqKwnE
 -> ssh-ed25519 s9rb8g mfSwXNjit2EG8HKjeszxeM6FcccRppnonKLlIWWoAHg
 JfoY4D3VmRba4YtlpVJC+1kL9IeLGsyQ06My/74/Fc0
 -> ssh-ed25519 +xxExQ aYnjsl9l+Vb4tLPqpElHcMzcHdXYkQsapDYGDDSMlxs
 klVSSRh52RwT51wI51N3kGyWOiBUa7UXdXre7+579n8
 --- M859YQAcXUn2JFJ/xZOGtGl4qomYoucqufTNpd4uKlQ
 ÌM»Œ ?_bÑNwˆp]YM¢®^VV®ç¥ÖNª[HV‰<E280B0>ÃÂéW¤_@á])-N»+È§è2ƒûE«{P¦¶˜Ax<>y<EFBFBD>ZÞ'Þ
--- a/secrets/passwords/services/mastodon/vapid-public.age
+++ b/secrets/passwords/services/mastodon/vapid-public.age