{ zentralwerk, config, lib, pkgs, ... }:
{
deployment = {
mem = 8192;
vcpu = 16;
needForSpeed = true;
};
networking = {
hostName = "mastodon";
hosts = with zentralwerk.lib.config.site.net.serv; {
${hosts6.up4.auth} = [ "auth.c3d2.de" ];
${hosts4.auth} = [ "auth.c3d2.de" ];
};
firewall.allowedTCPPorts = [ 80 443 ];
};
system.stateVersion = "22.11";
nixpkgs.config.allowUnfreePredicate = pkg:
lib.getName pkg == "elasticsearch";
services.postgresql = {
enable = true;
ensureUsers = [ {
name = "collectd";
ensurePermissions = {
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
};
} ];
};
services.elasticsearch = {
enable = true;
package = pkgs.elasticsearch7;
};
services.mastodon = {
enable = true;
localDomain = "c3d2.social";
package = pkgs.mastodon.overrideAttrs (oa: {
# install chaos.social theme for eri
postPatch =
let
chaos_social_custom = pkgs.fetchzip {
url = "https://github.com/chaossocial/custom/archive/dadb72e258e56a4773d58d242d9fd1048d9560c7.zip";
sha256 = "sha256-0yfor0cpPGUZbZHP7RXs5Ls6uNzcXi8Zb3AMaNqPz5s=";
};
in ''
for F in {custom,custom_wide,mascot,mastodon-light}.scss ; do
cp ${chaos_social_custom}/themes/$F app/javascript/styles/
done
echo "chaos-social-wide: styles/custom_wide.scss" >> config/themes.yml
rm -fr public/packs tmp/
'';
});
smtp = {
host = "mail.c3d2.de";
port = 587;
fromAddress = "mail@c3d2.social";
authenticate = false;
};
elasticsearch.host = "127.0.0.1";
extraConfig = {
ALTERNATE_DOMAINS = lib.concatStringsSep "," [
"${config.networking.hostName}.flpk.zentralwerk.org"
"social.c3d2.de"
];
DEFAULT_LOCALE = "de";
WEB_CONCURRENCY = toString config.deployment.vcpu;
# MAX_THREADS = toString 5;
LDAP_ENABLED = "true";
LDAP_METHOD = "simple_tls";
LDAP_HOST = "auth.c3d2.de";
LDAP_PORT = "636";
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
LDAP_UID = "uid";
};
configureNginx = true;
};
# Inject LDAP secrets
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
'';
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets."mastodon/env" = {
owner = "mastodon";
};
# Sidekiq monitoring
c3d2.hq.statistics.enable = true;
services.collectd.plugins = {
redis =
let
queries = [ {
command = "GET stat:processed";
type = "counter";
instance = "sidekiq_stat_processed";
} {
command = "GET stat:failed";
type = "counter";
instance = "sidekiq_stat_failed";
} {
command = "LLEN queue:#default";
type = "queue_length";
instance = "sidekiq_default_queue_len";
} {
command = "LLEN queue:#ingress";
type = "queue_length";
instance = "sidekiq_ingress_queue_len";
} {
command = "LLEN queue:#mailers";
type = "queue_length";
instance = "sidekiq_mailers_queue_len";
} {
command = "LLEN queue:#pull";
type = "queue_length";
instance = "sidekiq_pull_queue_len";
} {
command = "LLEN queue:#push";
type = "queue_length";
instance = "sidekiq_push_queue_len";
} {
command = "LLEN queue:#scheduler";
type = "queue_length";
instance = "sidekiq_scheduler_queue_len";
} {
command = "ZCARD schedule";
type = "count";
instance = "sidekiq_scheduled";
} {
command = "ZCARD retry";
type = "count";
instance = "sidekiq_retries";
} {
command = "ZCARD dead";
type = "count";
instance = "sidekiq_dead";
} {
command = "SCARD processes";
type = "backends";
instance = "sidekiq_processes";
} ];
in ''
Host "${config.services.mastodon.redis.host}"
Port "${toString config.services.mastodon.redis.port}"
Timeout 3000
${lib.concatMapStrings ({ command, type, instance }: ''
Type "${type}"
Instance "${instance}"
'') queries}
'';
postgresql = ''
Param database "${config.services.mastodon.database.name}"
Query backends
Query transactions
Query queries
Query disk_io
Query disk_usage
'';
};
}