mastodon vm

This commit is contained in:
Taeer Bar-Yam 2024-02-22 04:56:31 -05:00
commit 6942d1dcf2
6 changed files with 159 additions and 0 deletions

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake

4
.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
nixos.qcow2
result*
.direnv

29
README.md Normal file
View file

@ -0,0 +1,29 @@
# How to start up a mastodon VM
```bash
nixos-rebuild build-vm --flake .#mastodon
./result/bin/run-nixos-vm
```
Now you can access mastodon at <https://social.local.gd:44443>
You will have to "accept the security risk".
# TODOs
- [ ] set up a domain name and a DNS service so we can do deploy this to an actual machine
- [ ] set up an email service
- [ ] add logging
- [ ] errors / logs
- [ ] performance
- [ ] switch to garage / s3 storage
- SEE: https://docs.joinmastodon.org/admin/optional/object-storage/
- [ ] decouple the postgres database from this machine
- [ ] test with high use / throughput
- [ ] configure scaling behaviour
- SEE: https://docs.joinmastodon.org/admin/scaling/
- [ ] remove the need for "accept security risk" dialogue if possible
# resources
- Tutorial for setting up better logging: https://krisztianfekete.org/self-hosting-mastodon-on-nixos-a-proof-of-concept/

71
configuration.nix Normal file
View file

@ -0,0 +1,71 @@
{ config, lib, pkgs, ... }: {
# open up access to the mastodon web interface
networking.firewall.allowedTCPPorts = [ 443 ];
services.mastodon = {
enable = true;
# TODO: set up a domain name, and a DNS service so that this can run not in a vm
# localDomain = "domain.social";
configureNginx = true;
# TODO: configure a mailserver so this works
smtp.fromAddress = "mastodon_vm";
# TODO: this is hardware-dependent. let's figure it out when we have hardware
# streamingProcesses = 1;
};
security.acme = {
acceptTerms = true;
preliminarySelfsigned = true;
# TODO: configure a mailserver so we can set up acme
# defaults.email = "test@example.com";
};
# let us log in
users.mutableUsers = false;
users.users.root.password = " ";
# access to convenient things
environment.systemPackages = with pkgs; [ w3m python3 ];
nix.extraOptions = ''
extra-experimental-features = nix-command flakes
'';
# these configurations only apply when producing a VM (e.g. nixos-rebuild build-vm)
virtualisation.vmVariant = { config, ... }: {
services.mastodon = {
# redirects to localhost, but allows it to have a proper domain name
# SEE: local.gd
localDomain = "social.local.gd";
# from the documentation: recommended is the amount of your CPU cores minus one.
# but it also must be a positive integer
streamingProcesses = let
ncores = config.virtualistation.cores;
max = x: y: if x > y then x else y;
in
max 1 (ncores - 1);
};
security.acme = {
defaults = {
# invalid server; the systemd service will fail, and we won't get properly signed certificates
# but let's not spam the letsencrypt servers (and we don't own this domain anyways)
server = "https://127.0.0.1";
email = "none";
};
};
virtualisation.forwardPorts = [
{
from = "host";
host.port = 44443;
guest.port = 443;
}
];
};
}

27
flake.lock Normal file
View file

@ -0,0 +1,27 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1708475490,
"narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0e74ca98a74bc7270d28838369593635a5db3260",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

27
flake.nix Normal file
View file

@ -0,0 +1,27 @@
{
description = "Testing mastodon configurations";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
};
outputs = { self, nixpkgs }:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
in {
nixosConfigurations = {
mastodon = nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./configuration.nix ];
};
};
devShells.${system}.default = pkgs.mkShell {
inputs = with pkgs; [
nil
];
};
};
}