72 lines
1.8 KiB
Nix
72 lines
1.8 KiB
Nix
{ pkgs, lib, ... }:
|
|
|
|
let
|
|
mastodon = pkgs.mastodon.override {
|
|
version = import ./mastodon/version.nix;
|
|
srcOverride = pkgs.callPackage ./mastodon/source.nix {};
|
|
dependenciesDir = ./mastodon;
|
|
yarnSha256 = import ./mastodon/yarn-sha256.nix;
|
|
};
|
|
in
|
|
{
|
|
services = {
|
|
mastodon = {
|
|
enable = true;
|
|
package = mastodon;
|
|
configureNginx = true;
|
|
localDomain = "toot.cat";
|
|
|
|
smtp.fromAddress = "server2022@toot.cat";
|
|
|
|
extraConfig = {
|
|
S3_ENABLED = "true";
|
|
S3_BUCKET = "tootcat";
|
|
AWS_ACCESS_KEY_ID = "tootcat";
|
|
S3_REGION = "jort";
|
|
S3_PROTOCOL = "https";
|
|
S3_HOSTNAME = "pool-api.jortage.com";
|
|
S3_ENDPOINT = "https://pool-api.jortage.com";
|
|
S3_SIGNATURE_VERSION = "v4";
|
|
S3_ALIAS_HOST = "pool.jortage.com/tootcat";
|
|
EXTRA_DATA_HOSTS = "https://blob.jortage.com";
|
|
|
|
MAX_TOOT_CHARS = "1000000";
|
|
};
|
|
|
|
extraSecrets = {
|
|
AWS_SECRET_ACCESS_KEY = "/var/lib/mastodon/secrets/aws-secret-access-key";
|
|
};
|
|
};
|
|
|
|
postgresqlBackup = {
|
|
enable = true;
|
|
databases = [ "mastodon" ];
|
|
};
|
|
};
|
|
|
|
deployment.keys = let
|
|
mastodonSecret = name: {
|
|
inherit name;
|
|
value = {
|
|
keyFile = ./secrets/mastodon/${name};
|
|
destDir = "/var/lib/mastodon/secrets";
|
|
user = "mastodon";
|
|
group = "mastodon";
|
|
};
|
|
};
|
|
in builtins.listToAttrs (builtins.map mastodonSecret [
|
|
"otp-secret"
|
|
"secret-key-base"
|
|
"vapid-private-key"
|
|
"vapid-public-key"
|
|
"aws-secret-access-key"
|
|
]);
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "tc.certbot.2022@wooz.dev";
|
|
};
|
|
}
|