modules/mastodon.nix at 5621ee50786a96acd2a3561ce23febe4b5893a2b · ryan.freumh.org/eilean-nix

Self-host your own digital island
eilean-nix / modules / mastodon.nix
at 5621ee50786a96acd2a3561ce23febe4b5893a2b 2.3 kB view raw
 1{ pkgs, config, lib, ... }:
 2
 3let
 4  cfg = config.eilean;
 5  domain = config.networking.domain;
 6in {
 7  options.eilean.mastodon.enable = lib.mkEnableOption "mastodon";
 8
 9  config = lib.mkIf cfg.mastodon.enable {
10    services.mastodon = {
11      enable = true;
12      enableUnixSocket = false;
13      webProcesses = 1;
14      webThreads = 3;
15      sidekiqThreads = 5;
16      smtp = {
17        #createLocally = false;
18        user = "misc@${domain}";
19        port = 465;
20        host = "mail.${domain}";
21        authenticate = true;
22        passwordFile = "${config.eilean.secretsDir}/email-pswd-unhashed";
23        fromAddress = "mastodon@${domain}";
24      };
25      extraConfig = {
26        # override localDomain
27        LOCAL_DOMAIN = "${domain}";
28        WEB_DOMAIN = "mastodon.${domain}";
29
30        # https://peterbabic.dev/blog/setting-up-smtp-in-mastodon/
31        SMTP_SSL="true";
32        SMTP_ENABLE_STARTTLS="false";
33        SMTP_OPENSSL_VERIFY_MODE="none";
34      };
35    };
36
37    users.groups.${config.services.mastodon.group}.members = [ config.services.nginx.user ];
38
39    services.nginx = {
40      enable = true;
41      recommendedProxySettings = true;
42      virtualHosts = {
43        # relies on root domain being set up
44        "${domain}".locations."/.well-known/host-meta".extraConfig = ''
45          return 301 https://mastodon.${domain}$request_uri;
46        '';
47        "mastodon.${domain}" = {
48          root = "${config.services.mastodon.package}/public/";
49          forceSSL = true;
50          enableACME = true;
51
52          locations."/system/".alias = "/var/lib/mastodon/public-system/";
53
54          locations."/" = {
55            tryFiles = "$uri @proxy";
56          };
57
58          locations."@proxy" = {
59            proxyPass = "http://127.0.0.1:${builtins.toString config.services.mastodon.webPort}";
60            proxyWebsockets = true;
61          };
62
63          locations."/api/v1/streaming/" = {
64            proxyPass = "http://127.0.0.1:${builtins.toString config.services.mastodon.streamingPort}/";
65            proxyWebsockets = true;
66          };
67        };
68      };
69    };
70
71    eilean.dns.enable = true;
72    eilean.services.dns.zones.${config.networking.domain}.records = [
73      {
74        name = "mastodon";
75        type = "CNAME";
76        data = "vps";
77      }
78    ];
79  };
80}