2022-11-30 00:34:54 +01:00
|
|
|
{ zentralwerk, config, lib, pkgs, ... }:
|
|
|
|
{
|
|
|
|
deployment = {
|
|
|
|
mem = 4096;
|
|
|
|
vcpu = 8;
|
|
|
|
};
|
2022-11-30 01:17:39 +01:00
|
|
|
networking = {
|
|
|
|
hostName = "mastodon";
|
|
|
|
hosts = with zentralwerk.lib.config.site.net.serv; {
|
|
|
|
${hosts6.up4.auth} = [ "auth.c3d2.de" ];
|
|
|
|
${hosts4.auth} = [ "auth.c3d2.de" ];
|
|
|
|
};
|
|
|
|
firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
};
|
|
|
|
c3d2.hq.statistics.enable = true;
|
2022-11-30 00:34:54 +01:00
|
|
|
system.stateVersion = "22.11";
|
|
|
|
|
|
|
|
services.postgresql.enable = true;
|
|
|
|
services.mastodon = {
|
|
|
|
enable = true;
|
|
|
|
localDomain = "c3d2.social";
|
|
|
|
|
|
|
|
smtp.host = "c3d2.social";
|
|
|
|
smtp.fromAddress = "mail@c3d2.social";
|
|
|
|
# smtp.authenticate = true;
|
|
|
|
# smtp.user = secrets.email.smtp-user;
|
|
|
|
# smtp.passwordFile = "${pkgs.runCommand "smtp-password" {} ''
|
|
|
|
# echo "${secrets.email.smtp-password}" > $out
|
|
|
|
# ''}";
|
|
|
|
|
2022-11-30 01:17:39 +01:00
|
|
|
|
2022-11-30 01:13:23 +01:00
|
|
|
extraConfig = {
|
|
|
|
ALTERNATE_DOMAINS = lib.concatStringsSep "," [
|
|
|
|
"${config.networking.hostName}.serv.zentralwerk.org"
|
|
|
|
];
|
|
|
|
DEFAULT_LOCALE = "de";
|
2022-11-30 17:43:25 +01:00
|
|
|
TRUSTED_PROXY_IP = with zentralwerk.lib.config.site.net.serv;
|
|
|
|
hosts4.public-access-proxy;
|
|
|
|
WEB_CONCURRENCY = toString config.deployment.vcpu;
|
|
|
|
# MAX_THREADS = toString 5;
|
2022-11-30 00:34:54 +01:00
|
|
|
|
2022-11-30 01:17:39 +01:00
|
|
|
LDAP_ENABLED = "true";
|
|
|
|
LDAP_METHOD = "simple_tls";
|
|
|
|
LDAP_HOST = "auth.c3d2.de";
|
|
|
|
LDAP_PORT = "636";
|
|
|
|
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
|
|
|
|
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
|
|
|
|
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
|
|
|
|
LDAP_UID = "uid";
|
2022-11-30 00:34:54 +01:00
|
|
|
};
|
2022-11-30 01:13:23 +01:00
|
|
|
|
|
|
|
configureNginx = true;
|
2022-11-30 00:34:54 +01:00
|
|
|
};
|
2022-11-30 01:17:39 +01:00
|
|
|
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
|
|
|
|
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
|
|
|
'';
|
2022-11-30 00:34:54 +01:00
|
|
|
|
2022-11-30 01:17:39 +01:00
|
|
|
sops.defaultSopsFile = ./secrets.yaml;
|
|
|
|
sops.secrets."mastodon/env" = {
|
|
|
|
owner = "mastodon";
|
|
|
|
};
|
2022-11-30 00:34:54 +01:00
|
|
|
}
|