Add certificate social.c3d2.de
This commit is contained in:
parent
67a8de43f1
commit
759df9e927
|
@ -5,6 +5,7 @@
|
|||
vcpu = 16;
|
||||
needForSpeed = true;
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "mastodon";
|
||||
hosts = with zentralwerk.lib.config.site.net.serv; {
|
||||
|
@ -13,65 +14,75 @@
|
|||
};
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
nixpkgs.config.allowUnfreePredicate = pkg:
|
||||
lib.getName pkg == "elasticsearch";
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureUsers = [ {
|
||||
name = "collectd";
|
||||
ensurePermissions = {
|
||||
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
|
||||
services = {
|
||||
elasticsearch = {
|
||||
enable = true;
|
||||
package = pkgs.elasticsearch7;
|
||||
};
|
||||
|
||||
mastodon = {
|
||||
enable = true;
|
||||
localDomain = "c3d2.social";
|
||||
|
||||
smtp = {
|
||||
host = "mail.c3d2.de";
|
||||
port = 587;
|
||||
fromAddress = "mail@c3d2.social";
|
||||
authenticate = false;
|
||||
};
|
||||
} ];
|
||||
};
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
package = pkgs.elasticsearch7;
|
||||
};
|
||||
services.mastodon = {
|
||||
enable = true;
|
||||
localDomain = "c3d2.social";
|
||||
|
||||
smtp = {
|
||||
host = "mail.c3d2.de";
|
||||
port = 587;
|
||||
fromAddress = "mail@c3d2.social";
|
||||
authenticate = false;
|
||||
elasticsearch.host = "127.0.0.1";
|
||||
|
||||
extraConfig = {
|
||||
ALTERNATE_DOMAINS = lib.concatStringsSep "," config.security.acme.certs."c3d2.social".extraDomainNames;
|
||||
DEFAULT_LOCALE = "de";
|
||||
WEB_CONCURRENCY = toString config.deployment.vcpu;
|
||||
# MAX_THREADS = toString 5;
|
||||
|
||||
LDAP_ENABLED = "true";
|
||||
LDAP_METHOD = "simple_tls";
|
||||
LDAP_HOST = "auth.c3d2.de";
|
||||
LDAP_PORT = "636";
|
||||
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
|
||||
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
|
||||
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
|
||||
LDAP_UID = "uid";
|
||||
};
|
||||
|
||||
configureNginx = true;
|
||||
};
|
||||
|
||||
elasticsearch.host = "127.0.0.1";
|
||||
nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases = [
|
||||
"${config.networking.hostName}.flpk.zentralwerk.org"
|
||||
"social.c3d2.de"
|
||||
];
|
||||
|
||||
extraConfig = {
|
||||
ALTERNATE_DOMAINS = lib.concatStringsSep "," [
|
||||
"${config.networking.hostName}.flpk.zentralwerk.org"
|
||||
"social.c3d2.de"
|
||||
];
|
||||
DEFAULT_LOCALE = "de";
|
||||
WEB_CONCURRENCY = toString config.deployment.vcpu;
|
||||
# MAX_THREADS = toString 5;
|
||||
|
||||
LDAP_ENABLED = "true";
|
||||
LDAP_METHOD = "simple_tls";
|
||||
LDAP_HOST = "auth.c3d2.de";
|
||||
LDAP_PORT = "636";
|
||||
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
|
||||
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
|
||||
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
|
||||
LDAP_UID = "uid";
|
||||
postgresql = {
|
||||
enable = true;
|
||||
ensureUsers = [ {
|
||||
name = "collectd";
|
||||
ensurePermissions = {
|
||||
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
|
||||
};
|
||||
} ];
|
||||
};
|
||||
|
||||
configureNginx = true;
|
||||
};
|
||||
|
||||
# Inject LDAP secrets
|
||||
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
|
||||
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
||||
'';
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets."mastodon/env" = {
|
||||
owner = "mastodon";
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."mastodon/env" = {
|
||||
owner = "mastodon";
|
||||
};
|
||||
};
|
||||
|
||||
# Sidekiq monitoring
|
||||
|
|
Loading…
Reference in New Issue