Add mastodon

caddy.nix

@@ -22,6 +22,42 @@ in {
     enable = true;
     email = "ssl@catnip.ee";
     virtualHosts = {
+      "fedi.catnip.ee".extraConfig = ''
+        handle_path /system/* {
+          file_server * {
+            root /var/lib/mastodon/public-system
+          }
+        }
+
+        handle /api/v1/streaming/* {
+          reverse_proxy  unix//run/mastodon-streaming/streaming.socket
+        }
+
+        route * {
+          file_server * {
+          root ${pkgs.mastodon}/public
+          pass_thru
+          }
+          reverse_proxy * unix//run/mastodon-web/web.socket
+        }
+
+        handle_errors {
+          root * ${pkgs.mastodon}/public
+          rewrite 500.html
+          file_server
+        }
+
+        encode gzip
+
+        header /* {
+          Strict-Transport-Security "max-age=31536000;"
+        }
+        header /emoji/* Cache-Control "public, max-age=31536000, immutable"
+        header /packs/* Cache-Control "public, max-age=31536000, immutable"
+        header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable"
+        header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable"
+      '';
+
       ${config.services.coturn.realm} = {
         extraConfig = ''
           root /.well-known/acme-challenge/* ${settings.turnAcmeDir}

configuration.nix

@@ -3,6 +3,7 @@
   pkgs,
   inputs,
   system,
+  lib,
   ...
 }: let
   settings = import ./settings.nix {};
@@ -64,6 +65,13 @@ in {
   };
 
   systemd.services = {
+    caddy.serviceConfig.ReadWriteDirectories = lib.mkForce ["/var/lib/caddy" "/run/mastodon-web"];
+
+    mautrix-telegram.path = with pkgs; [
+      lottieconverter # for animated stickers conversion, unfree package
+      ffmpeg # if converting animated stickers to webm (very slow!)
+    ];
+
     tailscaled.environment = {
       TS_NO_LOGS_NO_SUPPORT = "true";
     };
@@ -243,12 +251,25 @@ in {
     };
   };
 
-  systemd.services.mautrix-telegram.path = with pkgs; [
-    lottieconverter # for animated stickers conversion, unfree package
-    ffmpeg # if converting animated stickers to webm (very slow!)
-  ];
-
   services = {
+    mastodon = {
+      enable = true;
+      localDomain = "fedi.catnip.ee";
+      streamingProcesses = 10;
+      extraConfig = {
+        SMTP_TLS = "true";
+      };
+      smtp = {
+        authenticate = true;
+        user = "mastodon@catnip.ee";
+        passwordFile = "/etc/secrets/mastodon-smtp";
+
+        createLocally = false;
+        host = "mx1.sly.ee";
+        port = 465;
+        fromAddress = "mastodon@catnip.ee";
+      };
+    };
     displayManager.sddm.enable = true;
 
     lastfm-status = {
@@ -620,6 +641,9 @@ in {
       '';
 
       identMap = ''
+        superuser_map  root           mastodon
+        superuser_map  mastodon mastodon
+
         superuser_map  root           matrix-synapse
         superuser_map  matrix-synapse matrix-synapse
 
@@ -851,13 +875,13 @@ in {
   users = {
     defaultUserShell = pkgs.fish;
 
-    groups = {
-      # caddy user needs to be part of coturn's group for certs
-      ${config.systemd.services.coturn.serviceConfig.Group}.members = [
-        config.systemd.services.caddy.serviceConfig.User
+    users = {
+      caddy.extraGroups = [
+        config.services.mastodon.group # since caddy is serving mastodon files it needs access to it
+        config.systemd.services.coturn.serviceConfig.Group # caddy user needs to be part of coturn's group for certs
       ];
-    };
-    users.owo = {
+
+      owo = {
         isNormalUser = true;
         extraGroups = ["networkmanager" "wheel" "docker"];
         openssh.authorizedKeys.keys = [
@@ -878,6 +902,7 @@ in {
         ];
       };
     };
+  };
 
   system.stateVersion = "23.05";
 }