diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 59e9856..571a6e9 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -10,6 +10,8 @@
     ./programs/bash.nix
     ./programs/acme.nix
     ./programs/postgres.nix
+    ./programs/mastodon.nix
+    ./programs/redis.nix
   ];
 
   # Enable flakes
@@ -33,6 +35,7 @@
     iptables
     cryptsetup
     ffmpeg
+    file
   ];
 
   # Enable the OpenSSH daemon.
diff --git a/nixos/programs/mastodon.nix b/nixos/programs/mastodon.nix
new file mode 100644
index 0000000..a0c943a
--- /dev/null
+++ b/nixos/programs/mastodon.nix
@@ -0,0 +1,46 @@
+{ config, ... }:
+{
+  services.mastodon = {
+    enable = true;
+
+    database = {
+      createLocally = false;
+      user = "mastodon";
+      name = "mastodon";
+      host = "/run/postgresql/";
+      passwordFile = "/var/lib/secrets/mastodon/postgres.txt";
+    };
+
+    redis = {
+      createLocally = false;
+      host = "localhost";
+      port = 6379;
+    };
+
+    configureNginx = false;
+    webPort = 55001;
+    streamingPort = 55002;
+    sidekiqPort = 55003;
+
+    vapidPrivateKeyFile = "/var/lib/secrets/mastodon/vapid-private-key.txt";
+    vapidPublicKeyFile  = "/var/lib/secrets/mastodon/vapid-public-key.txt";
+    secretKeyBaseFile   = "/var/lib/secrets/mastodon/secret-key-base.txt";
+    otpSecretFile       = "/var/lib/secrets/mastodon/otp-secret.txt";
+
+    localDomain = "m.comfycamp.space";
+
+    mediaAutoRemove = {
+      olderThanDays = 14;
+    };
+
+    smtp = {
+      host = "comfycamp.space";
+      user = "mastodon@comfycamp.space";
+      port = 465;
+      passwordFile = "/var/lib/secrets/mastodon/smtp-password.txt";
+      fromAddress = "mastodon@comfycamp.space";
+      createLocally = false;
+      authenticate = true;
+    };
+  };
+}
diff --git a/nixos/programs/postgres.nix b/nixos/programs/postgres.nix
index d406845..9bfce6a 100644
--- a/nixos/programs/postgres.nix
+++ b/nixos/programs/postgres.nix
@@ -4,6 +4,17 @@
     enable = true;
     package = pkgs.postgresql_15;
     ensureDatabases = [ "mastodon" "synapse" "nextcloud" ];
+    ensureUsers = [
+      {
+        name = "mastodon";
+        ensurePermissions = {
+          "DATABASE mastodon" = "ALL PRIVILEGES";
+        };
+        ensureClauses = {
+          login = true;
+        };
+      }
+    ];
     identMap = ''
        # ArbitraryMapName systemUser DBUser
        superuser_map      root       postgres
diff --git a/nixos/programs/redis.nix b/nixos/programs/redis.nix
new file mode 100644
index 0000000..a5a95e1
--- /dev/null
+++ b/nixos/programs/redis.nix
@@ -0,0 +1,13 @@
+{ config, ... }:
+{
+  services.redis = {
+    servers = {
+      mastodon = {
+        enable = true;
+        port = 6379;
+        save = [];
+        user = "mastodon";
+      };
+    };
+  };
+}