70 lines
2.0 KiB
Nix
70 lines
2.0 KiB
Nix
{ zentralwerk, config, lib, pkgs, ... }:
|
|
{
|
|
deployment = {
|
|
mem = 4096;
|
|
vcpu = 8;
|
|
};
|
|
networking = {
|
|
hostName = "mastodon";
|
|
hosts = with zentralwerk.lib.config.site.net.serv; {
|
|
${hosts6.up4.auth} = [ "auth.c3d2.de" ];
|
|
${hosts4.auth} = [ "auth.c3d2.de" ];
|
|
};
|
|
firewall.allowedTCPPorts = [ 80 443 ];
|
|
};
|
|
c3d2.hq.statistics.enable = true;
|
|
system.stateVersion = "22.11";
|
|
nixpkgs.config.allowUnfreePredicate = pkg:
|
|
lib.getName pkg == "elasticsearch";
|
|
|
|
services.postgresql.enable = true;
|
|
services.elasticsearch = {
|
|
enable = true;
|
|
package = pkgs.elasticsearch7;
|
|
};
|
|
services.mastodon = {
|
|
enable = true;
|
|
localDomain = "c3d2.social";
|
|
|
|
smtp.host = "c3d2.social";
|
|
smtp.fromAddress = "mail@c3d2.social";
|
|
# smtp.authenticate = true;
|
|
# smtp.user = secrets.email.smtp-user;
|
|
# smtp.passwordFile = "${pkgs.runCommand "smtp-password" {} ''
|
|
# echo "${secrets.email.smtp-password}" > $out
|
|
# ''}";
|
|
|
|
elasticsearch.host = "127.0.0.1";
|
|
|
|
extraConfig = {
|
|
ALTERNATE_DOMAINS = lib.concatStringsSep "," [
|
|
"${config.networking.hostName}.serv.zentralwerk.org"
|
|
];
|
|
DEFAULT_LOCALE = "de";
|
|
TRUSTED_PROXY_IP = with zentralwerk.lib.config.site.net.serv;
|
|
hosts4.public-access-proxy;
|
|
WEB_CONCURRENCY = toString config.deployment.vcpu;
|
|
# MAX_THREADS = toString 5;
|
|
|
|
LDAP_ENABLED = "true";
|
|
LDAP_METHOD = "simple_tls";
|
|
LDAP_HOST = "auth.c3d2.de";
|
|
LDAP_PORT = "636";
|
|
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
|
|
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
|
|
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
|
|
LDAP_UID = "uid";
|
|
};
|
|
|
|
configureNginx = true;
|
|
};
|
|
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
|
|
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
|
'';
|
|
|
|
sops.defaultSopsFile = ./secrets.yaml;
|
|
sops.secrets."mastodon/env" = {
|
|
owner = "mastodon";
|
|
};
|
|
}
|