Add mastodon

2024-09-20 03:40:29 +05:00 · 2023-08-18 09:59:23 +05:00 · 2023-08-18 09:59:23 +05:00 · 754a9d00fc
parent bf58473ff4
commit 754a9d00fc
4 changed files with 73 additions and 0 deletions
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -10,6 +10,8 @@
    ./programs/bash.nix
    ./programs/acme.nix
    ./programs/postgres.nix
+    ./programs/mastodon.nix
+    ./programs/redis.nix
  ];

  # Enable flakes
@ -33,6 +35,7 @@
    iptables
    cryptsetup
    ffmpeg
+    file
  ];

  # Enable the OpenSSH daemon.
--- a/nixos/programs/mastodon.nix
+++ b/nixos/programs/mastodon.nix
@ -0,0 +1,46 @@
+{ config, ... }:
+{
+  services.mastodon = {
+    enable = true;
+
+    database = {
+      createLocally = false;
+      user = "mastodon";
+      name = "mastodon";
+      host = "/run/postgresql/";
+      passwordFile = "/var/lib/secrets/mastodon/postgres.txt";
+    };
+
+    redis = {
+      createLocally = false;
+      host = "localhost";
+      port = 6379;
+    };
+
+    configureNginx = false;
+    webPort = 55001;
+    streamingPort = 55002;
+    sidekiqPort = 55003;
+
+    vapidPrivateKeyFile = "/var/lib/secrets/mastodon/vapid-private-key.txt";
+    vapidPublicKeyFile  = "/var/lib/secrets/mastodon/vapid-public-key.txt";
+    secretKeyBaseFile   = "/var/lib/secrets/mastodon/secret-key-base.txt";
+    otpSecretFile       = "/var/lib/secrets/mastodon/otp-secret.txt";
+
+    localDomain = "m.comfycamp.space";
+
+    mediaAutoRemove = {
+      olderThanDays = 14;
+    };
+
+    smtp = {
+      host = "comfycamp.space";
+      user = "mastodon@comfycamp.space";
+      port = 465;
+      passwordFile = "/var/lib/secrets/mastodon/smtp-password.txt";
+      fromAddress = "mastodon@comfycamp.space";
+      createLocally = false;
+      authenticate = true;
+    };
+  };
+}
--- a/nixos/programs/postgres.nix
+++ b/nixos/programs/postgres.nix
@ -4,6 +4,17 @@
    enable = true;
    package = pkgs.postgresql_15;
    ensureDatabases = [ "mastodon" "synapse" "nextcloud" ];
+    ensureUsers = [
+      {
+        name = "mastodon";
+        ensurePermissions = {
+          "DATABASE mastodon" = "ALL PRIVILEGES";
+        };
+        ensureClauses = {
+          login = true;
+        };
+      }
+    ];
    identMap = ''
       # ArbitraryMapName systemUser DBUser
       superuser_map      root       postgres
--- a/nixos/programs/redis.nix
+++ b/nixos/programs/redis.nix
@ -0,0 +1,13 @@
+{ config, ... }:
+{
+  services.redis = {
+    servers = {
+      mastodon = {
+        enable = true;
+        port = 6379;
+        save = [];
+        user = "mastodon";
+      };
+    };
+  };
+}