diff --git a/services/fediversity/default.nix b/services/fediversity/default.nix
index d643c8df..16b0c261 100644
--- a/services/fediversity/default.nix
+++ b/services/fediversity/default.nix
@@ -8,7 +8,7 @@ in
 {
   imports = [
     ./garage
-    ./mastodon.nix
+    ./mastodon
     ./pixelfed.nix
     ./peertube.nix
   ];
@@ -27,7 +27,6 @@ in
         '';
       };
 
-      mastodon.enable = mkEnableOption "default Fediversity Mastodon configuration";
       pixelfed.enable = mkEnableOption "default Fediversity Pixelfed configuration";
       peertube.enable = mkEnableOption "default Fediversity PeerTube configuration";
 
@@ -62,10 +61,6 @@ in
               type = types.str;
               default = "pixelfed.${config.fediversity.domain}";
             };
-            mastodon.domain = mkOption {
-              type = types.str;
-              default = "mastodon.${config.fediversity.domain}";
-            };
             peertube.domain = mkOption {
               type = types.str;
               default = "peertube.${config.fediversity.domain}";
diff --git a/services/fediversity/mastodon.nix b/services/fediversity/mastodon.nix
deleted file mode 100644
index 1d0e8c63..00000000
--- a/services/fediversity/mastodon.nix
+++ /dev/null
@@ -1,87 +0,0 @@
-let
-  snakeoil_key = {
-    id = "GK3515373e4c851ebaad366558";
-    secret = "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
-  };
-in
-
-{ config, lib, ... }:
-
-lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) {
-  #### garage setup
-  fediversity.garage = {
-    ensureBuckets = {
-      mastodon = {
-        website = true;
-        corsRules = {
-          enable = true;
-          allowedHeaders = [ "*" ];
-          allowedMethods = [ "GET" ];
-          allowedOrigins = [ "*" ];
-        };
-      };
-    };
-    ensureKeys = {
-      mastodon = {
-        inherit (snakeoil_key) id secret;
-        ensureAccess = {
-          mastodon = {
-            read = true;
-            write = true;
-            owner = true;
-          };
-        };
-      };
-    };
-  };
-  services.mastodon = {
-    extraConfig = rec {
-      S3_ENABLED = "true";
-      # TODO: this shouldn't be hard-coded, it should come from the garage configuration
-      S3_ENDPOINT = config.fediversity.garage.api.url;
-      S3_REGION = "garage";
-      S3_BUCKET = "mastodon";
-      # use <S3_BUCKET>.<S3_ENDPOINT>
-      S3_OVERRIDE_PATH_STLE = "true";
-      AWS_ACCESS_KEY_ID = snakeoil_key.id;
-      AWS_SECRET_ACCESS_KEY = snakeoil_key.secret;
-      S3_PROTOCOL = "http";
-      S3_ALIAS_HOST = "${S3_BUCKET}.${config.fediversity.garage.web.rootDomain}";
-      # SEE: the last section in https://docs.joinmastodon.org/admin/optional/object-storage/
-      # TODO: can we set up ACLs with garage?
-      S3_PERMISSION = "";
-    };
-  };
-
-  #### mastodon setup
-
-  # open up access to the mastodon web interface. 80 is necessary if only for ACME
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
-
-  services.mastodon = {
-    enable = true;
-
-    localDomain = config.fediversity.internal.mastodon.domain;
-    configureNginx = true;
-
-    # from the documentation: recommended is the amount of your CPU cores minus
-    # one. but it also must be a positive integer
-    streamingProcesses = lib.max 1 (config.fediversity.temp.cores - 1);
-
-    # TODO: configure a mailserver so this works
-    smtp = {
-      fromAddress = "noreply@${config.fediversity.internal.mastodon.domain}";
-      createLocally = false;
-    };
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    preliminarySelfsigned = true;
-    # TODO: configure a mailserver so we can set up acme
-    # defaults.email = "test@example.com";
-  };
-}
diff --git a/services/fediversity/mastodon/default.nix b/services/fediversity/mastodon/default.nix
new file mode 100644
index 00000000..083cf91b
--- /dev/null
+++ b/services/fediversity/mastodon/default.nix
@@ -0,0 +1,91 @@
+let
+  snakeoil_key = {
+    id = "GK3515373e4c851ebaad366558";
+    secret = "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
+  };
+in
+
+{ config, lib, ... }:
+
+{
+  imports = [ ./options.nix ];
+
+  config = lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) {
+    #### garage setup
+    fediversity.garage = {
+      ensureBuckets = {
+        mastodon = {
+          website = true;
+          corsRules = {
+            enable = true;
+            allowedHeaders = [ "*" ];
+            allowedMethods = [ "GET" ];
+            allowedOrigins = [ "*" ];
+          };
+        };
+      };
+      ensureKeys = {
+        mastodon = {
+          inherit (snakeoil_key) id secret;
+          ensureAccess = {
+            mastodon = {
+              read = true;
+              write = true;
+              owner = true;
+            };
+          };
+        };
+      };
+    };
+    services.mastodon = {
+      extraConfig = rec {
+        S3_ENABLED = "true";
+        # TODO: this shouldn't be hard-coded, it should come from the garage configuration
+        S3_ENDPOINT = config.fediversity.garage.api.url;
+        S3_REGION = "garage";
+        S3_BUCKET = "mastodon";
+        # use <S3_BUCKET>.<S3_ENDPOINT>
+        S3_OVERRIDE_PATH_STLE = "true";
+        AWS_ACCESS_KEY_ID = snakeoil_key.id;
+        AWS_SECRET_ACCESS_KEY = snakeoil_key.secret;
+        S3_PROTOCOL = "http";
+        S3_ALIAS_HOST = "${S3_BUCKET}.${config.fediversity.garage.web.rootDomain}";
+        # SEE: the last section in https://docs.joinmastodon.org/admin/optional/object-storage/
+        # TODO: can we set up ACLs with garage?
+        S3_PERMISSION = "";
+      };
+    };
+
+    #### mastodon setup
+
+    # open up access to the mastodon web interface. 80 is necessary if only for ACME
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+
+    services.mastodon = {
+      enable = true;
+
+      localDomain = config.fediversity.mastodon.domain;
+      configureNginx = true;
+
+      # from the documentation: recommended is the amount of your CPU cores minus
+      # one. but it also must be a positive integer
+      streamingProcesses = lib.max 1 (config.fediversity.temp.cores - 1);
+
+      # TODO: configure a mailserver so this works
+      smtp = {
+        fromAddress = "noreply@${config.fediversity.mastodon.domain}";
+        createLocally = false;
+      };
+    };
+
+    security.acme = {
+      acceptTerms = true;
+      preliminarySelfsigned = true;
+      # TODO: configure a mailserver so we can set up acme
+      # defaults.email = "test@example.com";
+    };
+  };
+}
diff --git a/services/fediversity/mastodon/options.nix b/services/fediversity/mastodon/options.nix
new file mode 100644
index 00000000..882b96eb
--- /dev/null
+++ b/services/fediversity/mastodon/options.nix
@@ -0,0 +1,18 @@
+{ config, lib, ... }:
+
+let
+  inherit (lib) mkOption mkEnableOption;
+  inherit (lib.types) types;
+
+in
+{
+  options.fediversity.mastodon = {
+    enable = mkEnableOption "Enable a Mastodon server on the machine";
+
+    domain = mkOption {
+      type = types.str;
+      description = "Internal option — change at your own risk";
+      default = "mastodon.${config.fediversity.domain}";
+    };
+  };
+}