mastodon deployment
This commit is contained in:
parent
d08b876d14
commit
3613aea317
|
@ -0,0 +1 @@
|
|||
secrets/** filter=git-crypt diff=git-crypt
|
|
@ -2,12 +2,17 @@
|
|||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./networking.nix # generated at runtime by nixos-infect
|
||||
./mastodon.nix
|
||||
];
|
||||
|
||||
boot.cleanTmpDir = true;
|
||||
|
||||
zramSwap.enable = true;
|
||||
networking.hostName = "tootcat";
|
||||
|
||||
networking.hostName = "toot2022";
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbl5lj73KF0vqvpFoZrGf4RR2oYu9I9D8iNU+pgMpcQ woozle@SamEagle"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXSuH5z15JOGJs/XdTUutYHYE7XYOebhowdHFKddx1lY+3DI8QImaMuJd6rZu6aV1HMTkTDqM5a7CEJNhc52kWwsU64jlZFdAqlCaks12JanUEYf6sdYxKQIJE9Q7W6oOpGSSEb4eysd99lK5DlI4zG4mbm1j045lq9Npwu8ZVlF77HVMHeGMEQoGBoNt4eK2V3Y8RZ/+nLCbqUbOIGpeM7m87UyObXC9Bv2mrjvAOZAFsxVHS9X0AXCSJG7Gk4ie/gCM0Fi4kqJwI44X0SxKYoIMkyXMOx6w8yNeEFJ5fYP5PIsFRjcIEMkjt8vZZ7eBTpSi02RhnuQhwkRCP+cL7 woozle@gonzo"
|
||||
|
@ -16,5 +21,8 @@
|
|||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDl8q6PxrPYMaWPgT/vRqrP7dKVOgMXaQ/ABXk2tXykhpx8Vir19Q+baxeFI/Kg0G6mJvk6e2Fb9d9DNUWzwhaxBfU0IKeW63hgnz0L+jP+2jWcf0VoZa0YR55M7743O+h7GxBSbJ7glyVOb9/v1RAc/Ub//0PlS0NAqXezzpZBuwEbJBIon5XiDHE4TWEZ3En3hD7F0I0HX29AV9m456WbWrJIefbZyvvlX9tOSVVf8yi0Rvjm2+cPR2bWgEuKIsYVez3i1AzeNeiw/1zo3DLcASzIGCEp4ayf+cz9WgUmn3vTui63kAbSNferKT6K665hGa4Bgwf3i/DeM1XHx7EB woozle@HogThrob"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC77xf1sHhelcBYqgB7Hlh9v1yfdN91VoPrHa3QubT8gGVaJ5VSZA/njbkv4RaC/DuQHcXqck1IR8a0S+fb3OBDVH65417tML8aD0mrfnqzdfEWTI1yEzUxanBkCNKg2ltwEN3yoeFaHyvl10OGOKRJq0nfCraSfiSX+gCUIaboteVE4Br7ADRiAckWm9qIzJqNIsxgvSnlkXMjtD0hWnAHNjbLLyBWDl/nXQwoVGCtQm/BkMeahoiixWNrqCrLMXKoiLlGoHwAF8gR+/qWtpCwzvdjbZQrFTX+MXL7gNxCTS8o7KAErqQPMr6ea/DmhsP+PJ4MWQWi8RVDhXZI9zZn woozle@ForgetfulJones"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfEjFxICM8XxLy46DBGKFpb8qGelsGpNWBV8e0R0CpD ash@boson"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNGuXUltszKyBYVWH+sTsqk7erhV4oXO8cjPiVoNpDp ash@fucko"
|
||||
];
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
}
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
{
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1653345208,
|
||||
"narHash": "sha256-G/nZ3lg/y1PNg3OGTLU/cQXfVUoi6zkwiLtAK5BIFeI=",
|
||||
"owner": "ashkitten",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "faf2721604490531a48d29a44fd08cf96ad58bc8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ashkitten",
|
||||
"ref": "tootcat",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
# nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
nixpkgs.url = "github:ashkitten/nixpkgs/tootcat";
|
||||
};
|
||||
|
||||
outputs = { nixpkgs, ... }: {
|
||||
|
@ -12,12 +13,16 @@
|
|||
};
|
||||
|
||||
tootcat = { name, nodes, pkgs, ... }: {
|
||||
deployment.targetHost = "toot2022.vbz.ovh";
|
||||
deployment.targetHost = "toot.cat";
|
||||
|
||||
imports = [
|
||||
./configuration.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
devShells."x86_64-linux".default = import ./shell.nix {
|
||||
pkgs = nixpkgs.legacyPackages."x86_64-linux";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
{ pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
mastodon = pkgs.mastodon.override {
|
||||
version = import ./mastodon/version.nix;
|
||||
srcOverride = pkgs.callPackage ./mastodon/source.nix {};
|
||||
dependenciesDir = ./mastodon;
|
||||
yarnSha256 = "sha256-tcr/k5Hrg+VY0SVsOyqAXdgyuiJhto3Wy7XICaoQ29E=";
|
||||
};
|
||||
in
|
||||
{
|
||||
services = {
|
||||
mastodon = {
|
||||
enable = true;
|
||||
package = mastodon;
|
||||
configureNginx = true;
|
||||
localDomain = "toot.cat";
|
||||
|
||||
smtp.fromAddress = "server2022@toot.cat";
|
||||
|
||||
extraConfig = {
|
||||
S3_ENABLED = "true";
|
||||
S3_BUCKET = "tootcat";
|
||||
AWS_ACCESS_KEY_ID = "tootcat";
|
||||
S3_REGION = "jort";
|
||||
S3_PROTOCOL = "https";
|
||||
S3_HOSTNAME = "pool-api.jortage.com";
|
||||
S3_ENDPOINT = "https://pool-api.jortage.com";
|
||||
S3_SIGNATURE_VERSION = "v4";
|
||||
S3_ALIAS_HOST = "pool.jortage.com/tootcat";
|
||||
EXTRA_DATA_HOSTS = "https://blob.jortage.com";
|
||||
|
||||
MAX_TOOT_CHARS = "1000000";
|
||||
};
|
||||
|
||||
extraSecrets = {
|
||||
AWS_SECRET_ACCESS_KEY = "/var/lib/mastodon/secrets/aws-secret-access-key";
|
||||
};
|
||||
};
|
||||
|
||||
postgresqlBackup = {
|
||||
enable = true;
|
||||
databases = [ "mastodon" ];
|
||||
};
|
||||
};
|
||||
|
||||
deployment.keys = let
|
||||
mastodonSecret = name: {
|
||||
inherit name;
|
||||
value = {
|
||||
keyFile = ./secrets/mastodon/${name};
|
||||
destDir = "/var/lib/mastodon/secrets";
|
||||
user = "mastodon";
|
||||
group = "mastodon";
|
||||
};
|
||||
};
|
||||
in builtins.listToAttrs (builtins.map mastodonSecret [
|
||||
"otp-secret"
|
||||
"secret-key-base"
|
||||
"vapid-private-key"
|
||||
"vapid-public-key"
|
||||
"aws-secret-access-key"
|
||||
]);
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "tc.certbot.2022@wooz.dev";
|
||||
};
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,11 @@
|
|||
# This file was generated by pkgs.mastodon.updateScript.
|
||||
{ fetchgit, applyPatches }: let
|
||||
src = fetchgit {
|
||||
url = "https://github.com/glitch-soc/mastodon.git";
|
||||
rev = "06de3a17f89e0a781389354aea6a9e3f72316b7d";
|
||||
sha256 = "1p5fxswjwdycqwr6njzqn4klswsypq7vlknb146hfnbg1n9dn01h";
|
||||
};
|
||||
in applyPatches {
|
||||
inherit src;
|
||||
patches = [];
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
"3.5.2"
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue