Self-host your own digital island
ryan.freumh.org
1{ pkgs, config, lib, ... }:
2
3with lib;
4let
5 cfg = config.eilean;
6 domain = config.networking.domain;
7in {
8 options.eilean.mastodon = {
9 enable = mkEnableOption "mastodon";
10 };
11
12 config = mkIf cfg.mastodon.enable {
13 services.mastodon = {
14 enable = true;
15 enableUnixSocket = false;
16 webProcesses = 1;
17 webThreads = 3;
18 sidekiqThreads = 5;
19 streamingProcesses = 3;
20 smtp = {
21 #createLocally = false;
22 user = "system@${domain}";
23 port = 465;
24 host = "mail.${domain}";
25 authenticate = true;
26 passwordFile = cfg.mailserver.systemAccountPasswordFile;
27 fromAddress = "mastodon@${domain}";
28 };
29 extraConfig = {
30 # override localDomain
31 LOCAL_DOMAIN = "${domain}";
32 WEB_DOMAIN = "mastodon.${domain}";
33
34 # https://peterbabic.dev/blog/setting-up-smtp-in-mastodon/
35 SMTP_SSL="true";
36 SMTP_ENABLE_STARTTLS="false";
37 SMTP_OPENSSL_VERIFY_MODE="none";
38 };
39 };
40
41 users.groups.${config.services.mastodon.group}.members = [ config.services.nginx.user ];
42
43 services.nginx = {
44 enable = true;
45 recommendedProxySettings = true;
46 virtualHosts = {
47 # relies on root domain being set up
48 "${domain}".locations = {
49 "/.well-known/host-meta".extraConfig = ''
50 return 301 https://mastodon.${domain}$request_uri;
51 '';
52 "/.well-known/webfinger".extraConfig = ''
53 return 301 https://mastodon.${domain}$request_uri;
54 '';
55 };
56 "mastodon.${domain}" = {
57 root = "${config.services.mastodon.package}/public/";
58 forceSSL = true;
59 enableACME = true;
60
61 locations."/system/".alias = "/var/lib/mastodon/public-system/";
62
63 locations."/" = {
64 tryFiles = "$uri @proxy";
65 };
66
67 locations."@proxy" = {
68 proxyPass = "http://127.0.0.1:${builtins.toString config.services.mastodon.webPort}";
69 proxyWebsockets = true;
70 };
71 };
72 };
73 };
74
75 eilean.dns.enable = true;
76 eilean.services.dns.zones.${config.networking.domain}.records = [
77 {
78 name = "mastodon";
79 type = "CNAME";
80 data = "vps";
81 }
82 ];
83 };
84}