2023-01-03 03:04:24 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
2022-11-30 00:34:54 +01:00
|
|
|
{
|
2024-04-13 15:14:17 +02:00
|
|
|
c3d2 = {
|
|
|
|
deployment.server = "server10";
|
|
|
|
hq.statistics.enable = true;
|
|
|
|
};
|
|
|
|
|
2022-12-23 12:26:44 +01:00
|
|
|
microvm = {
|
2023-12-16 18:59:12 +01:00
|
|
|
mem = 8 * 1024;
|
|
|
|
vcpu = 8;
|
2022-11-30 00:34:54 +01:00
|
|
|
};
|
2022-12-02 00:33:14 +01:00
|
|
|
|
2022-12-22 21:25:53 +01:00
|
|
|
networking.hostName = "mastodon";
|
2022-12-02 00:33:14 +01:00
|
|
|
|
|
|
|
services = {
|
2023-05-19 00:43:49 +02:00
|
|
|
backup = {
|
2023-11-11 04:27:22 +01:00
|
|
|
enable = true;
|
2023-05-19 00:43:49 +02:00
|
|
|
exclude = [ "/var/lib/mastodon/public-system/cache/" ];
|
|
|
|
paths = [ "/var/lib/mastodon/" ];
|
|
|
|
};
|
2023-05-18 01:55:16 +02:00
|
|
|
|
2022-12-19 23:21:54 +01:00
|
|
|
# Sidekiq monitoring
|
|
|
|
collectd.plugins = {
|
|
|
|
redis =
|
|
|
|
let
|
|
|
|
queries = [{
|
|
|
|
command = "GET stat:processed";
|
|
|
|
type = "counter";
|
|
|
|
instance = "sidekiq_stat_processed";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "GET stat:failed";
|
|
|
|
type = "counter";
|
|
|
|
instance = "sidekiq_stat_failed";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#default";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_default_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#ingress";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_ingress_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#mailers";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_mailers_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#pull";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_pull_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#push";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_push_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#scheduler";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_scheduler_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "ZCARD schedule";
|
|
|
|
type = "count";
|
|
|
|
instance = "sidekiq_scheduled";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "ZCARD retry";
|
|
|
|
type = "count";
|
|
|
|
instance = "sidekiq_retries";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "ZCARD dead";
|
|
|
|
type = "count";
|
|
|
|
instance = "sidekiq_dead";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "SCARD processes";
|
|
|
|
type = "backends";
|
|
|
|
instance = "sidekiq_processes";
|
|
|
|
}];
|
|
|
|
in
|
|
|
|
''
|
|
|
|
<Node "mastodon">
|
|
|
|
Host "${config.services.mastodon.redis.host}"
|
|
|
|
Port "${toString config.services.mastodon.redis.port}"
|
|
|
|
Timeout 3000
|
|
|
|
|
|
|
|
${lib.concatMapStrings ({ command, type, instance }: ''
|
|
|
|
<Query "${command}">
|
|
|
|
Type "${type}"
|
|
|
|
Instance "${instance}"
|
|
|
|
</Query>
|
|
|
|
'') queries}
|
|
|
|
</Node>
|
|
|
|
'';
|
|
|
|
postgresql = ''
|
|
|
|
<Database "${config.services.mastodon.database.name}">
|
|
|
|
Param database "${config.services.mastodon.database.name}"
|
|
|
|
Query backends
|
|
|
|
Query transactions
|
|
|
|
Query queries
|
|
|
|
Query disk_io
|
|
|
|
Query disk_usage
|
|
|
|
</Database>
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2022-12-02 00:33:14 +01:00
|
|
|
elasticsearch = {
|
|
|
|
enable = true;
|
|
|
|
package = pkgs.elasticsearch7;
|
|
|
|
};
|
|
|
|
|
|
|
|
mastodon = {
|
|
|
|
enable = true;
|
2023-07-02 23:34:27 +02:00
|
|
|
enableBirdUITheme = true;
|
2022-12-19 22:35:21 +01:00
|
|
|
configureNginx = true;
|
2022-12-02 00:33:14 +01:00
|
|
|
elasticsearch.host = "127.0.0.1";
|
|
|
|
extraConfig = {
|
2022-12-02 01:00:45 +01:00
|
|
|
ALTERNATE_DOMAINS = lib.concatStringsSep "," config.services.nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases;
|
2022-12-02 00:33:14 +01:00
|
|
|
DEFAULT_LOCALE = "de";
|
|
|
|
};
|
2024-01-24 02:51:35 +01:00
|
|
|
ldap.enable = true;
|
|
|
|
streamingProcesses = config.microvm.vcpu - 1;
|
2022-12-19 22:35:21 +01:00
|
|
|
localDomain = "c3d2.social";
|
|
|
|
otpSecretFile = config.sops.secrets."mastodon/otp-secret".path;
|
|
|
|
secretKeyBaseFile = config.sops.secrets."mastodon/secret-key".path;
|
2024-01-24 02:51:35 +01:00
|
|
|
sidekiqThreads = 40; # default 25 are just not doing it anymore, especially after issues
|
2022-12-19 22:35:21 +01:00
|
|
|
smtp = {
|
|
|
|
host = "mail.c3d2.de";
|
|
|
|
port = 587;
|
|
|
|
fromAddress = "mail@c3d2.social";
|
|
|
|
authenticate = false;
|
|
|
|
};
|
|
|
|
vapidPrivateKeyFile = config.sops.secrets."mastodon/vapid-private-key".path;
|
|
|
|
vapidPublicKeyFile = config.sops.secrets."mastodon/vapid-public-key".path;
|
2022-11-30 00:34:54 +01:00
|
|
|
};
|
2022-11-30 01:13:23 +01:00
|
|
|
|
2022-12-02 00:33:14 +01:00
|
|
|
nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases = [
|
|
|
|
"${config.networking.hostName}.flpk.zentralwerk.org"
|
|
|
|
"social.c3d2.de"
|
|
|
|
];
|
|
|
|
|
2022-12-22 21:25:53 +01:00
|
|
|
portunus.addToHosts = true;
|
|
|
|
|
2022-12-02 00:33:14 +01:00
|
|
|
postgresql = {
|
|
|
|
enable = true;
|
2022-12-19 23:21:54 +01:00
|
|
|
ensureUsers = [{
|
2022-12-02 00:33:14 +01:00
|
|
|
name = "collectd";
|
|
|
|
ensurePermissions = {
|
|
|
|
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
|
|
|
|
};
|
2022-12-19 23:21:54 +01:00
|
|
|
}];
|
2023-09-27 00:01:22 +02:00
|
|
|
package = pkgs.postgresql_16;
|
|
|
|
upgrade.stopServices = [ "mastodon-sidekiq-all" "mastodon-streaming" "mastodon-web" ];
|
2022-12-02 00:33:14 +01:00
|
|
|
};
|
2022-11-30 00:34:54 +01:00
|
|
|
};
|
2022-12-02 00:33:14 +01:00
|
|
|
|
|
|
|
sops = {
|
|
|
|
defaultSopsFile = ./secrets.yaml;
|
2023-05-16 23:40:43 +02:00
|
|
|
secrets = {
|
2023-12-21 00:28:42 +01:00
|
|
|
"fedifetcher/access-tokens/1".owner = "mastodon";
|
|
|
|
"fedifetcher/access-tokens/2".owner = "mastodon";
|
2023-05-16 23:40:43 +02:00
|
|
|
"mastodon/env".owner = "mastodon";
|
|
|
|
"mastodon/otp-secret".owner = "mastodon";
|
|
|
|
"mastodon/secret-key".owner = "mastodon";
|
|
|
|
"mastodon/vapid-private-key".owner = "mastodon";
|
|
|
|
"mastodon/vapid-public-key".owner = "mastodon";
|
|
|
|
};
|
2022-11-30 01:17:39 +01:00
|
|
|
};
|
2022-11-30 22:07:56 +01:00
|
|
|
|
2023-12-21 00:28:42 +01:00
|
|
|
systemd = {
|
|
|
|
services = {
|
|
|
|
fedifetcher = let
|
|
|
|
configFormat = pkgs.formats.json {};
|
|
|
|
configFile = configFormat.generate "fedifetcher.json" {
|
|
|
|
server = "c3d2.social";
|
|
|
|
home-timeline-length = 100;
|
|
|
|
max-bookmarks = 5;
|
|
|
|
max-favourites = 5;
|
|
|
|
max-followers = 10;
|
|
|
|
max-followings = 10;
|
|
|
|
from-notifications = 10;
|
|
|
|
};
|
|
|
|
in rec {
|
|
|
|
wants = [ "mastodon-web.service" ];
|
|
|
|
after = wants;
|
|
|
|
script = /* bash */ ''
|
2024-03-08 21:47:13 +01:00
|
|
|
rm -f /var/lib/fedifetcher/lock.lock
|
2023-12-21 00:28:42 +01:00
|
|
|
${lib.getExe pkgs.fedifetcher} --config "${configFile}" --state-dir "/var/lib/fedifetcher/" \
|
|
|
|
--access-token "$(cat ${config.sops.secrets."fedifetcher/access-tokens/1".path})" \
|
|
|
|
--access-token "$(cat ${config.sops.secrets."fedifetcher/access-tokens/2".path})"
|
|
|
|
'';
|
|
|
|
serviceConfig = {
|
|
|
|
User = config.services.mastodon.user;
|
|
|
|
StateDirectory = "fedifetcher";
|
|
|
|
WorkingDirectory = "%S/fedifetcher";
|
|
|
|
};
|
|
|
|
};
|
2022-11-30 22:07:56 +01:00
|
|
|
|
2023-12-21 00:28:42 +01:00
|
|
|
# Inject LDAP secrets
|
|
|
|
mastodon-init-dirs.script = lib.mkAfter ''
|
|
|
|
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
timers.fedifetcher = {
|
|
|
|
wantedBy = [ "timers.target" ];
|
|
|
|
after = [ "network-online.target" ];
|
|
|
|
timerConfig = {
|
|
|
|
Persistent = true;
|
|
|
|
OnBootSec = "10min";
|
|
|
|
OnUnitActiveSec = "10min";
|
|
|
|
Unit = "fedifetcher.service";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
system.stateVersion = "22.11";
|
2022-11-30 00:34:54 +01:00
|
|
|
}
|