commit 6942d1dcf2941604207404b416a524d5aad179ae
Author: Taeer Bar-Yam <taeer.bar-yam@tweag.io>
Date:   Thu Feb 22 04:56:31 2024 -0500

    mastodon vm

diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..3550a30
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b83e248
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+nixos.qcow2
+result*
+.direnv
+
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..60a31ec
--- /dev/null
+++ b/README.md
@@ -0,0 +1,29 @@
+# How to start up a mastodon VM
+
+```bash
+nixos-rebuild build-vm --flake .#mastodon 
+./result/bin/run-nixos-vm
+```
+
+Now you can access mastodon at <https://social.local.gd:44443>
+
+You will have to "accept the security risk".
+
+# TODOs
+
+- [ ] set up a domain name and a DNS service so we can do deploy this to an actual machine
+- [ ] set up an email service
+- [ ] add logging
+  - [ ] errors / logs
+  - [ ] performance
+- [ ] switch to garage / s3 storage
+  - SEE: https://docs.joinmastodon.org/admin/optional/object-storage/
+- [ ] decouple the postgres database from this machine
+- [ ] test with high use / throughput
+- [ ] configure scaling behaviour
+  - SEE: https://docs.joinmastodon.org/admin/scaling/
+- [ ] remove the need for "accept security risk" dialogue if possible
+
+# resources
+
+- Tutorial for setting up better logging: https://krisztianfekete.org/self-hosting-mastodon-on-nixos-a-proof-of-concept/
diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..33ee5ff
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,71 @@
+{ config, lib, pkgs, ... }: {
+
+  # open up access to the mastodon web interface
+  networking.firewall.allowedTCPPorts = [ 443 ];
+
+  services.mastodon = {
+    enable = true;
+
+    # TODO: set up a domain name, and a DNS service so that this can run not in a vm
+    # localDomain = "domain.social";
+    configureNginx = true;
+
+    # TODO: configure a mailserver so this works
+    smtp.fromAddress = "mastodon_vm";
+
+    # TODO: this is hardware-dependent. let's figure it out when we have hardware
+    # streamingProcesses = 1;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    preliminarySelfsigned = true;
+    # TODO: configure a mailserver so we can set up acme
+    # defaults.email = "test@example.com";
+  };
+
+  # let us log in
+  users.mutableUsers = false;
+  users.users.root.password = " ";
+
+  # access to convenient things
+  environment.systemPackages = with pkgs; [ w3m python3 ];
+  nix.extraOptions = ''
+    extra-experimental-features = nix-command flakes
+  '';
+  
+  # these configurations only apply when producing a VM (e.g. nixos-rebuild build-vm)
+  virtualisation.vmVariant = { config, ... }: {
+    services.mastodon = {
+      # redirects to localhost, but allows it to have a proper domain name
+      # SEE: local.gd
+      localDomain = "social.local.gd";
+
+      # from the documentation: recommended is the amount of your CPU cores minus one.
+      # but it also must be a positive integer
+      streamingProcesses = let
+        ncores = config.virtualistation.cores;
+        max = x: y: if x > y then x else y;
+      in
+        max 1 (ncores - 1);
+    };
+
+    security.acme = {
+      defaults = {
+        # invalid server; the systemd service will fail, and we won't get properly signed certificates
+        # but let's not spam the letsencrypt servers (and we don't own this domain anyways)
+        server = "https://127.0.0.1";
+        email = "none";
+      };
+    };
+
+    virtualisation.forwardPorts = [
+      {
+        from = "host";
+        host.port = 44443;
+        guest.port = 443;
+      }
+    ];
+  };
+}
+ 
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..419cf1d
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1708475490,
+        "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "0e74ca98a74bc7270d28838369593635a5db3260",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..71b9ce3
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,27 @@
+{
+  description = "Testing mastodon configurations";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs }: 
+  let
+    system = "x86_64-linux";
+    pkgs = nixpkgs.legacyPackages.${system};
+  in {
+
+    nixosConfigurations = {
+      mastodon = nixpkgs.lib.nixosSystem {
+        inherit system;
+        modules = [ ./configuration.nix ];
+      };
+    };
+
+    devShells.${system}.default = pkgs.mkShell {
+      inputs = with pkgs; [
+        nil
+      ];
+    };
+  };
+}