c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity
nix-config/hosts/mastodon/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

225 lines
6.6 KiB
Nix
Raw Normal View History

Deadnix
2023-01-03 03:04:24 +01:00
{ config, lib, pkgs, ... }:
mastodon:init
2022-11-30 00:34:54 +01:00
{
Format
2024-04-13 15:14:17 +02:00
c3d2 = {
deployment.server = "server10";
hq.statistics.enable = true;
};
mastodon: switch back to legacy microvm.nix for now
2022-12-23 12:26:44 +01:00
microvm = {
server10: free up some RAM
2023-12-16 18:59:12 +01:00
mem = 8 * 1024;
vcpu = 8;
mastodon:init
2022-11-30 00:34:54 +01:00
};
Add certificate social.c3d2.de
2022-12-02 00:33:14 +01:00
Replace copy pasted hosts entry with option
2022-12-22 21:25:53 +01:00
networking.hostName = "mastodon";
Add certificate social.c3d2.de
2022-12-02 00:33:14 +01:00
services = {
mastodon: ignore cache
2023-05-19 00:43:49 +02:00
backup = {
Explicitly enable backups
2023-11-11 04:27:22 +01:00
enable = true;
mastodon: ignore cache
2023-05-19 00:43:49 +02:00
exclude = [ "/var/lib/mastodon/public-system/cache/" ];
paths = [ "/var/lib/mastodon/" ];
};
Use options for restic backups
2023-05-18 01:55:16 +02:00
Format
2022-12-19 23:21:54 +01:00
# Sidekiq monitoring
collectd.plugins = {
redis =
let
queries = [{
command = "GET stat:processed";
type = "counter";
instance = "sidekiq_stat_processed";
}
{
command = "GET stat:failed";
type = "counter";
instance = "sidekiq_stat_failed";
}
{
command = "LLEN queue:#default";
type = "queue_length";
instance = "sidekiq_default_queue_len";
}
{
command = "LLEN queue:#ingress";
type = "queue_length";
instance = "sidekiq_ingress_queue_len";
}
{
command = "LLEN queue:#mailers";
type = "queue_length";
instance = "sidekiq_mailers_queue_len";
}
{
command = "LLEN queue:#pull";
type = "queue_length";
instance = "sidekiq_pull_queue_len";
}
{
command = "LLEN queue:#push";
type = "queue_length";
instance = "sidekiq_push_queue_len";
}
{
command = "LLEN queue:#scheduler";
type = "queue_length";
instance = "sidekiq_scheduler_queue_len";
}
{
command = "ZCARD schedule";
type = "count";
instance = "sidekiq_scheduled";
}
{
command = "ZCARD retry";
type = "count";
instance = "sidekiq_retries";
}
{
command = "ZCARD dead";
type = "count";
instance = "sidekiq_dead";
}
{
command = "SCARD processes";
type = "backends";
instance = "sidekiq_processes";
}];
in
''
<Node "mastodon">
Host "${config.services.mastodon.redis.host}"
Port "${toString config.services.mastodon.redis.port}"
Timeout 3000
${lib.concatMapStrings ({ command, type, instance }: ''
<Query "${command}">
Type "${type}"
Instance "${instance}"
</Query>
'') queries}
</Node>
'';
postgresql = ''
<Database "${config.services.mastodon.database.name}">
Param database "${config.services.mastodon.database.name}"
Query backends
Query transactions
Query queries
Query disk_io
Query disk_usage
</Database>
'';
};
Add certificate social.c3d2.de
2022-12-02 00:33:14 +01:00
elasticsearch = {
enable = true;
package = pkgs.elasticsearch7;
};
mastodon = {
enable = true;
mastodon: enable enableBirdUITheme
2023-07-02 23:34:27 +02:00
enableBirdUITheme = true;
mastodon: add secrets to sops
2022-12-19 22:35:21 +01:00
configureNginx = true;
Add certificate social.c3d2.de
2022-12-02 00:33:14 +01:00
elasticsearch.host = "127.0.0.1";
extraConfig = {
Fix ALTERNATE_DOMAINS
2022-12-02 01:00:45 +01:00
ALTERNATE_DOMAINS = lib.concatStringsSep "," config.services.nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases;
Add certificate social.c3d2.de
2022-12-02 00:33:14 +01:00
DEFAULT_LOCALE = "de";
};
mastodon: bump sidekey max open files, bump threads
2024-01-24 02:51:35 +01:00
ldap.enable = true;
streamingProcesses = config.microvm.vcpu - 1;
mastodon: add secrets to sops
2022-12-19 22:35:21 +01:00
localDomain = "c3d2.social";
otpSecretFile = config.sops.secrets."mastodon/otp-secret".path;
secretKeyBaseFile = config.sops.secrets."mastodon/secret-key".path;
mastodon: bump sidekey max open files, bump threads
2024-01-24 02:51:35 +01:00
sidekiqThreads = 40; # default 25 are just not doing it anymore, especially after issues
mastodon: add secrets to sops
2022-12-19 22:35:21 +01:00
smtp = {
host = "mail.c3d2.de";
port = 587;
fromAddress = "mail@c3d2.social";
authenticate = false;
};
vapidPrivateKeyFile = config.sops.secrets."mastodon/vapid-private-key".path;
vapidPublicKeyFile = config.sops.secrets."mastodon/vapid-public-key".path;
mastodon:init
2022-11-30 00:34:54 +01:00
};
mastodon: use nixos' mastodon nginx config
2022-11-30 01:13:23 +01:00
Add certificate social.c3d2.de
2022-12-02 00:33:14 +01:00
nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases = [
"${config.networking.hostName}.flpk.zentralwerk.org"
"social.c3d2.de"
];
Replace copy pasted hosts entry with option
2022-12-22 21:25:53 +01:00
portunus.addToHosts = true;
Add certificate social.c3d2.de
2022-12-02 00:33:14 +01:00
postgresql = {
enable = true;
Format
2022-12-19 23:21:54 +01:00
ensureUsers = [{
Add certificate social.c3d2.de
2022-12-02 00:33:14 +01:00
name = "collectd";
ensurePermissions = {
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
};
Format
2022-12-19 23:21:54 +01:00
}];
Update more postgres'
2023-09-27 00:01:22 +02:00
package = pkgs.postgresql_16;
upgrade.stopServices = [ "mastodon-sidekiq-all" "mastodon-streaming" "mastodon-web" ];
Add certificate social.c3d2.de
2022-12-02 00:33:14 +01:00
};
mastodon:init
2022-11-30 00:34:54 +01:00
};
Add certificate social.c3d2.de
2022-12-02 00:33:14 +01:00
sops = {
defaultSopsFile = ./secrets.yaml;
mastodon: add restic
2023-05-16 23:40:43 +02:00
secrets = {
Add fedifetcher
2023-12-21 00:28:42 +01:00
"fedifetcher/access-tokens/1".owner = "mastodon";
"fedifetcher/access-tokens/2".owner = "mastodon";
mastodon: add restic
2023-05-16 23:40:43 +02:00
"mastodon/env".owner = "mastodon";
"mastodon/otp-secret".owner = "mastodon";
"mastodon/secret-key".owner = "mastodon";
"mastodon/vapid-private-key".owner = "mastodon";
"mastodon/vapid-public-key".owner = "mastodon";
};
mastodon: enable ldap
2022-11-30 01:17:39 +01:00
};
mastodon: add collectd monitoring of sidekiq and postgresql
2022-11-30 22:07:56 +01:00
Add fedifetcher
2023-12-21 00:28:42 +01:00
systemd = {
services = {
fedifetcher = let
configFormat = pkgs.formats.json {};
configFile = configFormat.generate "fedifetcher.json" {
server = "c3d2.social";
home-timeline-length = 100;
max-bookmarks = 5;
max-favourites = 5;
max-followers = 10;
max-followings = 10;
from-notifications = 10;
};
in rec {
wants = [ "mastodon-web.service" ];
after = wants;
script = /* bash */ ''
mastodon: remove stale lock files
2024-03-08 21:47:13 +01:00
rm -f /var/lib/fedifetcher/lock.lock
Add fedifetcher
2023-12-21 00:28:42 +01:00
${lib.getExe pkgs.fedifetcher} --config "${configFile}" --state-dir "/var/lib/fedifetcher/" \
--access-token "$(cat ${config.sops.secrets."fedifetcher/access-tokens/1".path})" \
--access-token "$(cat ${config.sops.secrets."fedifetcher/access-tokens/2".path})"
'';
serviceConfig = {
User = config.services.mastodon.user;
StateDirectory = "fedifetcher";
WorkingDirectory = "%S/fedifetcher";
};
};
mastodon: add collectd monitoring of sidekiq and postgresql
2022-11-30 22:07:56 +01:00
Add fedifetcher
2023-12-21 00:28:42 +01:00
# Inject LDAP secrets
mastodon-init-dirs.script = lib.mkAfter ''
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
'';
};
timers.fedifetcher = {
wantedBy = [ "timers.target" ];
after = [ "network-online.target" ];
timerConfig = {
Persistent = true;
OnBootSec = "10min";
OnUnitActiveSec = "10min";
Unit = "fedifetcher.service";
};
};
};
system.stateVersion = "22.11";
mastodon:init
2022-11-30 00:34:54 +01:00
}