nix-config/hosts/mastodon/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

68 lines
1.9 KiB
Nix
Raw Normal View History

2022-11-30 00:34:54 +01:00
{ zentralwerk, config, lib, pkgs, ... }:
{
deployment = {
2022-11-30 20:42:23 +01:00
mem = 8192;
2022-11-30 00:34:54 +01:00
vcpu = 8;
};
2022-11-30 01:17:39 +01:00
networking = {
hostName = "mastodon";
hosts = with zentralwerk.lib.config.site.net.serv; {
${hosts6.up4.auth} = [ "auth.c3d2.de" ];
${hosts4.auth} = [ "auth.c3d2.de" ];
};
firewall.allowedTCPPorts = [ 80 443 ];
};
c3d2.hq.statistics.enable = true;
2022-11-30 00:34:54 +01:00
system.stateVersion = "22.11";
2022-11-30 17:44:34 +01:00
nixpkgs.config.allowUnfreePredicate = pkg:
lib.getName pkg == "elasticsearch";
2022-11-30 00:34:54 +01:00
services.postgresql.enable = true;
2022-11-30 17:44:34 +01:00
services.elasticsearch = {
enable = true;
package = pkgs.elasticsearch7;
};
2022-11-30 00:34:54 +01:00
services.mastodon = {
enable = true;
localDomain = "c3d2.social";
smtp.host = "c3d2.social";
smtp.fromAddress = "mail@c3d2.social";
# smtp.authenticate = true;
# smtp.user = secrets.email.smtp-user;
# smtp.passwordFile = "${pkgs.runCommand "smtp-password" {} ''
# echo "${secrets.email.smtp-password}" > $out
# ''}";
2022-11-30 17:44:34 +01:00
elasticsearch.host = "127.0.0.1";
2022-11-30 01:17:39 +01:00
extraConfig = {
ALTERNATE_DOMAINS = lib.concatStringsSep "," [
2022-11-30 21:15:23 +01:00
"${config.networking.hostName}.flpk.zentralwerk.org"
];
DEFAULT_LOCALE = "de";
2022-11-30 17:43:25 +01:00
WEB_CONCURRENCY = toString config.deployment.vcpu;
# MAX_THREADS = toString 5;
2022-11-30 00:34:54 +01:00
2022-11-30 01:17:39 +01:00
LDAP_ENABLED = "true";
LDAP_METHOD = "simple_tls";
LDAP_HOST = "auth.c3d2.de";
LDAP_PORT = "636";
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
LDAP_UID = "uid";
2022-11-30 00:34:54 +01:00
};
configureNginx = true;
2022-11-30 00:34:54 +01:00
};
2022-11-30 01:17:39 +01:00
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
'';
2022-11-30 00:34:54 +01:00
2022-11-30 01:17:39 +01:00
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets."mastodon/env" = {
owner = "mastodon";
};
2022-11-30 00:34:54 +01:00
}