2024-03-27 10:42:11 +01:00
|
|
|
let
|
|
|
|
snakeoil_key = {
|
|
|
|
id = "GK3515373e4c851ebaad366558";
|
|
|
|
secret = "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
|
|
|
|
};
|
|
|
|
in
|
2024-09-17 14:30:59 +02:00
|
|
|
|
2024-11-14 09:49:49 +01:00
|
|
|
{ config, lib, ... }:
|
2024-09-17 14:30:59 +02:00
|
|
|
|
|
|
|
lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) {
|
2024-11-11 17:25:42 +01:00
|
|
|
#### garage setup
|
2024-08-28 14:35:48 +02:00
|
|
|
services.garage = {
|
|
|
|
ensureBuckets = {
|
|
|
|
mastodon = {
|
|
|
|
website = true;
|
|
|
|
corsRules = {
|
|
|
|
enable = true;
|
|
|
|
allowedHeaders = [ "*" ];
|
|
|
|
allowedMethods = [ "GET" ];
|
|
|
|
allowedOrigins = [ "*" ];
|
2024-05-25 01:02:12 +02:00
|
|
|
};
|
2024-03-27 10:59:50 +01:00
|
|
|
};
|
2024-08-28 14:35:48 +02:00
|
|
|
};
|
|
|
|
ensureKeys = {
|
|
|
|
mastodon = {
|
|
|
|
inherit (snakeoil_key) id secret;
|
|
|
|
ensureAccess = {
|
|
|
|
mastodon = {
|
|
|
|
read = true;
|
|
|
|
write = true;
|
|
|
|
owner = true;
|
2024-03-27 10:59:50 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-08-28 14:35:48 +02:00
|
|
|
};
|
|
|
|
services.mastodon = {
|
|
|
|
extraConfig = rec {
|
|
|
|
S3_ENABLED = "true";
|
|
|
|
# TODO: this shouldn't be hard-coded, it should come from the garage configuration
|
2024-09-20 17:13:35 +02:00
|
|
|
S3_ENDPOINT = config.fediversity.internal.garage.api.url;
|
2024-08-28 14:35:48 +02:00
|
|
|
S3_REGION = "garage";
|
|
|
|
S3_BUCKET = "mastodon";
|
|
|
|
# use <S3_BUCKET>.<S3_ENDPOINT>
|
|
|
|
S3_OVERRIDE_PATH_STLE = "true";
|
|
|
|
AWS_ACCESS_KEY_ID = snakeoil_key.id;
|
|
|
|
AWS_SECRET_ACCESS_KEY = snakeoil_key.secret;
|
|
|
|
S3_PROTOCOL = "http";
|
2024-09-23 17:55:54 +02:00
|
|
|
S3_HOSTNAME = config.fediversity.internal.garage.web.rootDomain;
|
2024-08-28 14:35:48 +02:00
|
|
|
# by default it tries to use "<S3_HOSTNAME>/<S3_BUCKET>"
|
|
|
|
S3_ALIAS_HOST = "${S3_BUCKET}.${S3_HOSTNAME}";
|
|
|
|
# SEE: the last section in https://docs.joinmastodon.org/admin/optional/object-storage/
|
|
|
|
# TODO: can we set up ACLs with garage?
|
|
|
|
S3_PERMISSION = "";
|
2024-02-22 10:56:31 +01:00
|
|
|
};
|
2024-08-28 14:35:48 +02:00
|
|
|
};
|
2024-03-06 10:48:01 +01:00
|
|
|
|
2024-08-28 14:35:48 +02:00
|
|
|
#### mastodon setup
|
2024-02-22 10:56:31 +01:00
|
|
|
|
2024-11-11 16:34:24 +01:00
|
|
|
# open up access to the mastodon web interface. 80 is necessary if only for ACME
|
2024-11-11 17:25:42 +01:00
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
80
|
|
|
|
443
|
|
|
|
];
|
2024-03-06 10:40:22 +01:00
|
|
|
|
2024-08-28 14:35:48 +02:00
|
|
|
services.mastodon = {
|
|
|
|
enable = true;
|
2024-06-25 12:39:04 +02:00
|
|
|
|
2024-09-20 17:13:35 +02:00
|
|
|
localDomain = config.fediversity.internal.mastodon.domain;
|
2024-08-28 14:35:48 +02:00
|
|
|
configureNginx = true;
|
2024-06-25 12:39:04 +02:00
|
|
|
|
2024-11-11 16:16:27 +01:00
|
|
|
# from the documentation: recommended is the amount of your CPU cores minus
|
|
|
|
# one. but it also must be a positive integer
|
|
|
|
streamingProcesses = lib.max 1 (config.fediversity.temp.cores - 1);
|
|
|
|
|
2024-08-28 14:35:48 +02:00
|
|
|
# TODO: configure a mailserver so this works
|
2024-09-17 17:58:09 +02:00
|
|
|
smtp = {
|
2024-09-20 17:13:35 +02:00
|
|
|
fromAddress = "noreply@${config.fediversity.internal.mastodon.domain}";
|
2024-09-17 17:58:09 +02:00
|
|
|
createLocally = false;
|
|
|
|
};
|
2024-03-06 10:48:01 +01:00
|
|
|
|
2024-08-28 14:35:48 +02:00
|
|
|
# TODO: this is hardware-dependent. let's figure it out when we have hardware
|
|
|
|
# streamingProcesses = 1;
|
|
|
|
};
|
2024-02-22 10:56:31 +01:00
|
|
|
|
2024-08-28 14:35:48 +02:00
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
preliminarySelfsigned = true;
|
|
|
|
# TODO: configure a mailserver so we can set up acme
|
|
|
|
# defaults.email = "test@example.com";
|
|
|
|
};
|
|
|
|
}
|