Add certificate social.c3d2.de
This commit is contained in:
parent
67a8de43f1
commit
759df9e927
|
@ -5,6 +5,7 @@
|
||||||
vcpu = 16;
|
vcpu = 16;
|
||||||
needForSpeed = true;
|
needForSpeed = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "mastodon";
|
hostName = "mastodon";
|
||||||
hosts = with zentralwerk.lib.config.site.net.serv; {
|
hosts = with zentralwerk.lib.config.site.net.serv; {
|
||||||
|
@ -13,65 +14,75 @@
|
||||||
};
|
};
|
||||||
firewall.allowedTCPPorts = [ 80 443 ];
|
firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg:
|
nixpkgs.config.allowUnfreePredicate = pkg:
|
||||||
lib.getName pkg == "elasticsearch";
|
lib.getName pkg == "elasticsearch";
|
||||||
|
|
||||||
services.postgresql = {
|
services = {
|
||||||
enable = true;
|
elasticsearch = {
|
||||||
ensureUsers = [ {
|
enable = true;
|
||||||
name = "collectd";
|
package = pkgs.elasticsearch7;
|
||||||
ensurePermissions = {
|
};
|
||||||
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
|
|
||||||
|
mastodon = {
|
||||||
|
enable = true;
|
||||||
|
localDomain = "c3d2.social";
|
||||||
|
|
||||||
|
smtp = {
|
||||||
|
host = "mail.c3d2.de";
|
||||||
|
port = 587;
|
||||||
|
fromAddress = "mail@c3d2.social";
|
||||||
|
authenticate = false;
|
||||||
};
|
};
|
||||||
} ];
|
|
||||||
};
|
|
||||||
services.elasticsearch = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.elasticsearch7;
|
|
||||||
};
|
|
||||||
services.mastodon = {
|
|
||||||
enable = true;
|
|
||||||
localDomain = "c3d2.social";
|
|
||||||
|
|
||||||
smtp = {
|
elasticsearch.host = "127.0.0.1";
|
||||||
host = "mail.c3d2.de";
|
|
||||||
port = 587;
|
extraConfig = {
|
||||||
fromAddress = "mail@c3d2.social";
|
ALTERNATE_DOMAINS = lib.concatStringsSep "," config.security.acme.certs."c3d2.social".extraDomainNames;
|
||||||
authenticate = false;
|
DEFAULT_LOCALE = "de";
|
||||||
|
WEB_CONCURRENCY = toString config.deployment.vcpu;
|
||||||
|
# MAX_THREADS = toString 5;
|
||||||
|
|
||||||
|
LDAP_ENABLED = "true";
|
||||||
|
LDAP_METHOD = "simple_tls";
|
||||||
|
LDAP_HOST = "auth.c3d2.de";
|
||||||
|
LDAP_PORT = "636";
|
||||||
|
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
|
||||||
|
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
|
||||||
|
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
|
||||||
|
LDAP_UID = "uid";
|
||||||
|
};
|
||||||
|
|
||||||
|
configureNginx = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
elasticsearch.host = "127.0.0.1";
|
nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases = [
|
||||||
|
"${config.networking.hostName}.flpk.zentralwerk.org"
|
||||||
|
"social.c3d2.de"
|
||||||
|
];
|
||||||
|
|
||||||
extraConfig = {
|
postgresql = {
|
||||||
ALTERNATE_DOMAINS = lib.concatStringsSep "," [
|
enable = true;
|
||||||
"${config.networking.hostName}.flpk.zentralwerk.org"
|
ensureUsers = [ {
|
||||||
"social.c3d2.de"
|
name = "collectd";
|
||||||
];
|
ensurePermissions = {
|
||||||
DEFAULT_LOCALE = "de";
|
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
|
||||||
WEB_CONCURRENCY = toString config.deployment.vcpu;
|
};
|
||||||
# MAX_THREADS = toString 5;
|
} ];
|
||||||
|
|
||||||
LDAP_ENABLED = "true";
|
|
||||||
LDAP_METHOD = "simple_tls";
|
|
||||||
LDAP_HOST = "auth.c3d2.de";
|
|
||||||
LDAP_PORT = "636";
|
|
||||||
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
|
|
||||||
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
|
|
||||||
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
|
|
||||||
LDAP_UID = "uid";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
configureNginx = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Inject LDAP secrets
|
# Inject LDAP secrets
|
||||||
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
|
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
|
||||||
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
||||||
'';
|
'';
|
||||||
|
|
||||||
sops.defaultSopsFile = ./secrets.yaml;
|
sops = {
|
||||||
sops.secrets."mastodon/env" = {
|
defaultSopsFile = ./secrets.yaml;
|
||||||
owner = "mastodon";
|
secrets."mastodon/env" = {
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Sidekiq monitoring
|
# Sidekiq monitoring
|
||||||
|
|
Loading…
Reference in New Issue