Self-host your own digital island
ryan.freumh.org
1{ pkgs, config, lib, ... }:
2
3let
4 cfg = config.eilean;
5 domain = config.networking.domain;
6in {
7 options.eilean.mastodon.enable = lib.mkEnableOption "mastodon";
8
9 config = lib.mkIf cfg.mastodon.enable {
10 services.mastodon = {
11 enable = true;
12 enableUnixSocket = false;
13 webProcesses = 1;
14 webThreads = 3;
15 sidekiqThreads = 5;
16 streamingProcesses = 3;
17 smtp = {
18 #createLocally = false;
19 user = "misc@${domain}";
20 port = 465;
21 host = "mail.${domain}";
22 authenticate = true;
23 passwordFile = "${config.eilean.secretsDir}/email-pswd-unhashed";
24 fromAddress = "mastodon@${domain}";
25 };
26 extraConfig = {
27 # override localDomain
28 LOCAL_DOMAIN = "${domain}";
29 WEB_DOMAIN = "mastodon.${domain}";
30
31 # https://peterbabic.dev/blog/setting-up-smtp-in-mastodon/
32 SMTP_SSL="true";
33 SMTP_ENABLE_STARTTLS="false";
34 SMTP_OPENSSL_VERIFY_MODE="none";
35 };
36 };
37
38 users.groups.${config.services.mastodon.group}.members = [ config.services.nginx.user ];
39
40 services.nginx = {
41 enable = true;
42 recommendedProxySettings = true;
43 virtualHosts = {
44 # relies on root domain being set up
45 "${domain}".locations = {
46 "/.well-known/host-meta".extraConfig = ''
47 return 301 https://mastodon.${domain}$request_uri;
48 '';
49 "/.well-known/webfinger".extraConfig = ''
50 return 301 https://mastodon.${domain}$request_uri;
51 '';
52 };
53 "mastodon.${domain}" = {
54 root = "${config.services.mastodon.package}/public/";
55 forceSSL = true;
56 enableACME = true;
57
58 locations."/system/".alias = "/var/lib/mastodon/public-system/";
59
60 locations."/" = {
61 tryFiles = "$uri @proxy";
62 };
63
64 locations."@proxy" = {
65 proxyPass = "http://127.0.0.1:${builtins.toString config.services.mastodon.webPort}";
66 proxyWebsockets = true;
67 };
68 };
69 };
70 };
71
72 eilean.dns.enable = true;
73 eilean.services.dns.zones.${config.networking.domain}.records = [
74 {
75 name = "mastodon";
76 type = "CNAME";
77 data = "vps";
78 }
79 ];
80 };
81}