Add mastodon
This commit is contained in:
parent
3cc0fe3c3e
commit
f454d618c1
2 changed files with 90 additions and 29 deletions
36
caddy.nix
36
caddy.nix
|
|
@ -22,6 +22,42 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
email = "ssl@catnip.ee";
|
email = "ssl@catnip.ee";
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
|
"fedi.catnip.ee".extraConfig = ''
|
||||||
|
handle_path /system/* {
|
||||||
|
file_server * {
|
||||||
|
root /var/lib/mastodon/public-system
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
handle /api/v1/streaming/* {
|
||||||
|
reverse_proxy unix//run/mastodon-streaming/streaming.socket
|
||||||
|
}
|
||||||
|
|
||||||
|
route * {
|
||||||
|
file_server * {
|
||||||
|
root ${pkgs.mastodon}/public
|
||||||
|
pass_thru
|
||||||
|
}
|
||||||
|
reverse_proxy * unix//run/mastodon-web/web.socket
|
||||||
|
}
|
||||||
|
|
||||||
|
handle_errors {
|
||||||
|
root * ${pkgs.mastodon}/public
|
||||||
|
rewrite 500.html
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
|
||||||
|
encode gzip
|
||||||
|
|
||||||
|
header /* {
|
||||||
|
Strict-Transport-Security "max-age=31536000;"
|
||||||
|
}
|
||||||
|
header /emoji/* Cache-Control "public, max-age=31536000, immutable"
|
||||||
|
header /packs/* Cache-Control "public, max-age=31536000, immutable"
|
||||||
|
header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable"
|
||||||
|
header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable"
|
||||||
|
'';
|
||||||
|
|
||||||
${config.services.coturn.realm} = {
|
${config.services.coturn.realm} = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
root /.well-known/acme-challenge/* ${settings.turnAcmeDir}
|
root /.well-known/acme-challenge/* ${settings.turnAcmeDir}
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
inputs,
|
inputs,
|
||||||
system,
|
system,
|
||||||
|
lib,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
settings = import ./settings.nix {};
|
settings = import ./settings.nix {};
|
||||||
|
|
@ -64,6 +65,13 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services = {
|
systemd.services = {
|
||||||
|
caddy.serviceConfig.ReadWriteDirectories = lib.mkForce ["/var/lib/caddy" "/run/mastodon-web"];
|
||||||
|
|
||||||
|
mautrix-telegram.path = with pkgs; [
|
||||||
|
lottieconverter # for animated stickers conversion, unfree package
|
||||||
|
ffmpeg # if converting animated stickers to webm (very slow!)
|
||||||
|
];
|
||||||
|
|
||||||
tailscaled.environment = {
|
tailscaled.environment = {
|
||||||
TS_NO_LOGS_NO_SUPPORT = "true";
|
TS_NO_LOGS_NO_SUPPORT = "true";
|
||||||
};
|
};
|
||||||
|
|
@ -243,12 +251,25 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.mautrix-telegram.path = with pkgs; [
|
|
||||||
lottieconverter # for animated stickers conversion, unfree package
|
|
||||||
ffmpeg # if converting animated stickers to webm (very slow!)
|
|
||||||
];
|
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
mastodon = {
|
||||||
|
enable = true;
|
||||||
|
localDomain = "fedi.catnip.ee";
|
||||||
|
streamingProcesses = 10;
|
||||||
|
extraConfig = {
|
||||||
|
SMTP_TLS = "true";
|
||||||
|
};
|
||||||
|
smtp = {
|
||||||
|
authenticate = true;
|
||||||
|
user = "mastodon@catnip.ee";
|
||||||
|
passwordFile = "/etc/secrets/mastodon-smtp";
|
||||||
|
|
||||||
|
createLocally = false;
|
||||||
|
host = "mx1.sly.ee";
|
||||||
|
port = 465;
|
||||||
|
fromAddress = "mastodon@catnip.ee";
|
||||||
|
};
|
||||||
|
};
|
||||||
displayManager.sddm.enable = true;
|
displayManager.sddm.enable = true;
|
||||||
|
|
||||||
lastfm-status = {
|
lastfm-status = {
|
||||||
|
|
@ -620,6 +641,9 @@ in {
|
||||||
'';
|
'';
|
||||||
|
|
||||||
identMap = ''
|
identMap = ''
|
||||||
|
superuser_map root mastodon
|
||||||
|
superuser_map mastodon mastodon
|
||||||
|
|
||||||
superuser_map root matrix-synapse
|
superuser_map root matrix-synapse
|
||||||
superuser_map matrix-synapse matrix-synapse
|
superuser_map matrix-synapse matrix-synapse
|
||||||
|
|
||||||
|
|
@ -851,31 +875,32 @@ in {
|
||||||
users = {
|
users = {
|
||||||
defaultUserShell = pkgs.fish;
|
defaultUserShell = pkgs.fish;
|
||||||
|
|
||||||
groups = {
|
users = {
|
||||||
# caddy user needs to be part of coturn's group for certs
|
caddy.extraGroups = [
|
||||||
${config.systemd.services.coturn.serviceConfig.Group}.members = [
|
config.services.mastodon.group # since caddy is serving mastodon files it needs access to it
|
||||||
config.systemd.services.caddy.serviceConfig.User
|
config.systemd.services.coturn.serviceConfig.Group # caddy user needs to be part of coturn's group for certs
|
||||||
];
|
|
||||||
};
|
|
||||||
users.owo = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["networkmanager" "wheel" "docker"];
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhXnulnINZ/hBBwHhzl35UsFcFUwxwaaFVFwCgIgOHmlJhknhpq5UQDbV6JoouFMgN48uBDD5/vcYjvS0UYFMBTox0MmJK+Yt4AnNusHkf8j1XCiXxHsicQilxJgu7yZJJRd2TAIqWlautW+VjuXOssN08x0pvtiupefDz6Li7A4SnS1iGsNTgypJaemquEYRge3hC043kaubuSgqNKknK65zA9aLp9h31r9W5K6N+k+ll+TPyyWZdsJMnaqWmoIS1+fpAdG5wMPZbR503dLPFzdprwy8FSoTzkD8aKyEdtzzQboS3b7s2DfFvOy3uoKy5bcMOl6Fm1dos90TFiOjCQmF9+WKG8qteeAtizd04Fmi8JRipODCgkvDFj8YAHaB2w5+xNpCYwJTOdHQZflOo25725aIDXZ2afg3evSdVZgJ0PPiWs6fnJMqbJCrzLsBxfN7vAbWzHHTBIuXrtidwY/x/XTs5n4mm4OukyOQF5YjYXy39WIlzjk3uMR0m8ec= lain@navi"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTbuZLmu2F2EWMl1cXwZqYQwuFDyMyPf+d6MospDs+UaFzKFJdtDlb5+uFkkz9gHf8rCBOnXi6bLGgZNxUhTgEBka0RQVCIqRDjOJAWtwG0zLg/mQ9c1Ug2/9kH/PRjy+GGGzz3GVw7HNZNUjAkNr/kIX4t0L8uBqqkgcM/woBH8S/rV3Xs30XWi9mNkx1J4Z5fqtBBeF2GAd02i2PsUMnGfZSwwJy3mhBhI+Vw5mtsS1QJWd9LrsRfLbtzVHWm4MGr3O0F34ij8BV1uzaHfopn0vKilI/dq8HfjuYjKr33CB5f3C1OdcuFfwqE3ZDxZcaOshqXimt9MrYLXaMv0i7I7a3r33ij2hl9d9oh3Z72yt+wAAdgTJ23Xrwzr4P9Iu4BsayG5bQC6IVLv3Eef5TcPKSXmmtCr2hFLYUMQmlPptrUOf1tmB/7oYo3vJe2cz07PxuxZZ20F3MXugoUTfsnuwAH2chT4xL/TnS4Kbs12QoPFjdG1v/0Z8fVD1ysoU= mina@navi"
|
|
||||||
];
|
|
||||||
packages = with pkgs; [
|
|
||||||
firefox
|
|
||||||
helix
|
|
||||||
mpv
|
|
||||||
croc
|
|
||||||
ffmpeg
|
|
||||||
speedtest-cli
|
|
||||||
htop
|
|
||||||
progress
|
|
||||||
duperemove
|
|
||||||
tmux
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
owo = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = ["networkmanager" "wheel" "docker"];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhXnulnINZ/hBBwHhzl35UsFcFUwxwaaFVFwCgIgOHmlJhknhpq5UQDbV6JoouFMgN48uBDD5/vcYjvS0UYFMBTox0MmJK+Yt4AnNusHkf8j1XCiXxHsicQilxJgu7yZJJRd2TAIqWlautW+VjuXOssN08x0pvtiupefDz6Li7A4SnS1iGsNTgypJaemquEYRge3hC043kaubuSgqNKknK65zA9aLp9h31r9W5K6N+k+ll+TPyyWZdsJMnaqWmoIS1+fpAdG5wMPZbR503dLPFzdprwy8FSoTzkD8aKyEdtzzQboS3b7s2DfFvOy3uoKy5bcMOl6Fm1dos90TFiOjCQmF9+WKG8qteeAtizd04Fmi8JRipODCgkvDFj8YAHaB2w5+xNpCYwJTOdHQZflOo25725aIDXZ2afg3evSdVZgJ0PPiWs6fnJMqbJCrzLsBxfN7vAbWzHHTBIuXrtidwY/x/XTs5n4mm4OukyOQF5YjYXy39WIlzjk3uMR0m8ec= lain@navi"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTbuZLmu2F2EWMl1cXwZqYQwuFDyMyPf+d6MospDs+UaFzKFJdtDlb5+uFkkz9gHf8rCBOnXi6bLGgZNxUhTgEBka0RQVCIqRDjOJAWtwG0zLg/mQ9c1Ug2/9kH/PRjy+GGGzz3GVw7HNZNUjAkNr/kIX4t0L8uBqqkgcM/woBH8S/rV3Xs30XWi9mNkx1J4Z5fqtBBeF2GAd02i2PsUMnGfZSwwJy3mhBhI+Vw5mtsS1QJWd9LrsRfLbtzVHWm4MGr3O0F34ij8BV1uzaHfopn0vKilI/dq8HfjuYjKr33CB5f3C1OdcuFfwqE3ZDxZcaOshqXimt9MrYLXaMv0i7I7a3r33ij2hl9d9oh3Z72yt+wAAdgTJ23Xrwzr4P9Iu4BsayG5bQC6IVLv3Eef5TcPKSXmmtCr2hFLYUMQmlPptrUOf1tmB/7oYo3vJe2cz07PxuxZZ20F3MXugoUTfsnuwAH2chT4xL/TnS4Kbs12QoPFjdG1v/0Z8fVD1ysoU= mina@navi"
|
||||||
|
];
|
||||||
|
packages = with pkgs; [
|
||||||
|
firefox
|
||||||
|
helix
|
||||||
|
mpv
|
||||||
|
croc
|
||||||
|
ffmpeg
|
||||||
|
speedtest-cli
|
||||||
|
htop
|
||||||
|
progress
|
||||||
|
duperemove
|
||||||
|
tmux
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue