sercanto/mio-ops
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

mastodon: initial deployment

Browse source
This commit is contained in:
Serĉanto de Scio 2022-06-28 18:15:10 +10:00
parent c3ec689b9a
commit 91b65a04f9
Signed by: sercanto
GPG key ID: 7DBA9F5689EFB6AA
1 changed files with 72 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
profiles/mastodon.nix Normal file
View file

@ -0,0 +1,72 @@
# NixOps configuration for the hosts running a Mastodon server
{
config,
pkgs,
lib,
...
}: {
services = {
mastodon = {
enable = true; # Enable the Mastodon service
localDomain = "mcwhirter.io"; # Domain serving Mastodon
configureNginx = false; # Configure Nginx as a reverse proxy
smtp = {
fromAddress = "social@mcwhirter.io";
user = "social";
};
extraConfig = {
WEB_DOMAIN = "social.mcwhirter.io";
};
};
};
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
# Required to redirect requests to the mastodon service
"mcwhirter.io" = {
locations."/.well-known/host-meta".extraConfig = "return 301 $scheme://social.mcwhirter.io$request_uri;";
};
"social.mcwhirter.io" = {
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
root = "${pkgs.mastodon}/public/";
locations."/system/".alias = "/var/lib/mastodon/public-system/";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = {
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
};
locations."/api/v1/streaming/" = {
proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
proxyWebsockets = true;
};
};
};
};
users.groups.mastodon.members = [
"nginx"
];
security.acme = {
acceptTerms = true;
certs = {
"social.mcwhirter.io" = {
group = "mastodon";
postRun = "systemctl reload nginx.service; systemctl restart mastodon.service";
email = "acme@mcwhirter.io";
webroot = "/var/lib/acme/acme-challenge";
};
};
};
}