2022-06-28 08:15:10 +00:00
|
|
|
# NixOps configuration for the hosts running a Mastodon server
|
|
|
|
{
|
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
...
|
|
|
|
}: {
|
|
|
|
services = {
|
|
|
|
mastodon = {
|
|
|
|
enable = true; # Enable the Mastodon service
|
|
|
|
localDomain = "mcwhirter.io"; # Domain serving Mastodon
|
|
|
|
configureNginx = false; # Configure Nginx as a reverse proxy
|
|
|
|
smtp = {
|
|
|
|
fromAddress = "social@mcwhirter.io";
|
|
|
|
user = "social";
|
|
|
|
};
|
|
|
|
extraConfig = {
|
|
|
|
WEB_DOMAIN = "social.mcwhirter.io";
|
|
|
|
};
|
2024-02-06 14:15:59 +00:00
|
|
|
streamingProcesses = 5;
|
2022-06-28 08:15:10 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
enable = true; # Enable Nginx
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts = {
|
|
|
|
# Required to redirect requests to the mastodon service
|
|
|
|
"mcwhirter.io" = {
|
|
|
|
locations."/.well-known/host-meta".extraConfig = "return 301 $scheme://social.mcwhirter.io$request_uri;";
|
|
|
|
};
|
|
|
|
"social.mcwhirter.io" = {
|
|
|
|
enableACME = true; # Use ACME certs
|
|
|
|
forceSSL = true; # Force SSL
|
|
|
|
root = "${pkgs.mastodon}/public/";
|
|
|
|
locations."/system/".alias = "/var/lib/mastodon/public-system/";
|
|
|
|
|
|
|
|
locations."/" = {
|
|
|
|
tryFiles = "$uri @proxy";
|
|
|
|
};
|
|
|
|
|
|
|
|
locations."@proxy" = {
|
|
|
|
proxyPass = "http://unix:/run/mastodon-web/web.socket";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
locations."/api/v1/streaming/" = {
|
|
|
|
proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2022-06-28 22:43:18 +00:00
|
|
|
services.postgresqlBackup.databases = ["mastodon"];
|
|
|
|
|
2022-06-28 08:15:10 +00:00
|
|
|
users.groups.mastodon.members = [
|
|
|
|
"nginx"
|
|
|
|
];
|
|
|
|
|
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
certs = {
|
|
|
|
"social.mcwhirter.io" = {
|
|
|
|
group = "mastodon";
|
|
|
|
postRun = "systemctl reload nginx.service; systemctl restart mastodon.service";
|
|
|
|
email = "acme@mcwhirter.io";
|
|
|
|
webroot = "/var/lib/acme/acme-challenge";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|