c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Add certificate social.c3d2.de

This commit is contained in:
Sandro - 2022-12-02 00:33:14 +01:00
parent 67a8de43f1
commit 759df9e927
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 54 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
hosts/mastodon/default.nix
View File

@ -5,6 +5,7 @@
vcpu = 16; vcpu = 16;
needForSpeed = true; needForSpeed = true;
}; };
networking = { networking = {
hostName = "mastodon"; hostName = "mastodon";
hosts = with zentralwerk.lib.config.site.net.serv; { hosts = with zentralwerk.lib.config.site.net.serv; {
@ -13,65 +14,75 @@
}; };
firewall.allowedTCPPorts = [ 80 443 ]; firewall.allowedTCPPorts = [ 80 443 ];
}; };
system.stateVersion = "22.11"; system.stateVersion = "22.11";
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
lib.getName pkg == "elasticsearch"; lib.getName pkg == "elasticsearch";
services.postgresql = { services = {
enable = true; elasticsearch = {
ensureUsers = [ { enable = true;
name = "collectd"; package = pkgs.elasticsearch7;
ensurePermissions = { };
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
mastodon = {
enable = true;
localDomain = "c3d2.social";
smtp = {
host = "mail.c3d2.de";
port = 587;
fromAddress = "mail@c3d2.social";
authenticate = false;
}; };
} ];
};
services.elasticsearch = {
enable = true;
package = pkgs.elasticsearch7;
};
services.mastodon = {
enable = true;
localDomain = "c3d2.social";
smtp = { elasticsearch.host = "127.0.0.1";
host = "mail.c3d2.de";
port = 587; extraConfig = {
fromAddress = "mail@c3d2.social"; ALTERNATE_DOMAINS = lib.concatStringsSep "," config.security.acme.certs."c3d2.social".extraDomainNames;
authenticate = false; DEFAULT_LOCALE = "de";
WEB_CONCURRENCY = toString config.deployment.vcpu;
# MAX_THREADS = toString 5;
LDAP_ENABLED = "true";
LDAP_METHOD = "simple_tls";
LDAP_HOST = "auth.c3d2.de";
LDAP_PORT = "636";
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
LDAP_UID = "uid";
};
configureNginx = true;
}; };
elasticsearch.host = "127.0.0.1"; nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases = [
"${config.networking.hostName}.flpk.zentralwerk.org"
"social.c3d2.de"
];
extraConfig = { postgresql = {
ALTERNATE_DOMAINS = lib.concatStringsSep "," [ enable = true;
"${config.networking.hostName}.flpk.zentralwerk.org" ensureUsers = [ {
"social.c3d2.de" name = "collectd";
]; ensurePermissions = {
DEFAULT_LOCALE = "de"; "DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
WEB_CONCURRENCY = toString config.deployment.vcpu; };
# MAX_THREADS = toString 5; } ];
LDAP_ENABLED = "true";
LDAP_METHOD = "simple_tls";
LDAP_HOST = "auth.c3d2.de";
LDAP_PORT = "636";
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
LDAP_UID = "uid";
}; };
configureNginx = true;
}; };
# Inject LDAP secrets # Inject LDAP secrets
systemd.services.mastodon-init-dirs.script = lib.mkAfter '' systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
''; '';
sops.defaultSopsFile = ./secrets.yaml; sops = {
sops.secrets."mastodon/env" = { defaultSopsFile = ./secrets.yaml;
owner = "mastodon"; secrets."mastodon/env" = {
owner = "mastodon";
};
}; };
# Sidekiq monitoring # Sidekiq monitoring