Add certificate social.c3d2.de
This commit is contained in:
parent
67a8de43f1
commit
759df9e927
|
@ -5,6 +5,7 @@
|
|||
vcpu = 16;
|
||||
needForSpeed = true;
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "mastodon";
|
||||
hosts = with zentralwerk.lib.config.site.net.serv; {
|
||||
|
@ -13,24 +14,18 @@
|
|||
};
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
nixpkgs.config.allowUnfreePredicate = pkg:
|
||||
lib.getName pkg == "elasticsearch";
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureUsers = [ {
|
||||
name = "collectd";
|
||||
ensurePermissions = {
|
||||
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
|
||||
};
|
||||
} ];
|
||||
};
|
||||
services.elasticsearch = {
|
||||
services = {
|
||||
elasticsearch = {
|
||||
enable = true;
|
||||
package = pkgs.elasticsearch7;
|
||||
};
|
||||
services.mastodon = {
|
||||
|
||||
mastodon = {
|
||||
enable = true;
|
||||
localDomain = "c3d2.social";
|
||||
|
||||
|
@ -44,10 +39,7 @@
|
|||
elasticsearch.host = "127.0.0.1";
|
||||
|
||||
extraConfig = {
|
||||
ALTERNATE_DOMAINS = lib.concatStringsSep "," [
|
||||
"${config.networking.hostName}.flpk.zentralwerk.org"
|
||||
"social.c3d2.de"
|
||||
];
|
||||
ALTERNATE_DOMAINS = lib.concatStringsSep "," config.security.acme.certs."c3d2.social".extraDomainNames;
|
||||
DEFAULT_LOCALE = "de";
|
||||
WEB_CONCURRENCY = toString config.deployment.vcpu;
|
||||
# MAX_THREADS = toString 5;
|
||||
|
@ -64,15 +56,34 @@
|
|||
|
||||
configureNginx = true;
|
||||
};
|
||||
|
||||
nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases = [
|
||||
"${config.networking.hostName}.flpk.zentralwerk.org"
|
||||
"social.c3d2.de"
|
||||
];
|
||||
|
||||
postgresql = {
|
||||
enable = true;
|
||||
ensureUsers = [ {
|
||||
name = "collectd";
|
||||
ensurePermissions = {
|
||||
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
|
||||
};
|
||||
} ];
|
||||
};
|
||||
};
|
||||
|
||||
# Inject LDAP secrets
|
||||
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
|
||||
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
||||
'';
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets."mastodon/env" = {
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."mastodon/env" = {
|
||||
owner = "mastodon";
|
||||
};
|
||||
};
|
||||
|
||||
# Sidekiq monitoring
|
||||
c3d2.hq.statistics.enable = true;
|
||||
|
|
Loading…
Reference in New Issue