2023-01-03 03:04:24 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
2022-11-30 00:34:54 +01:00
|
|
|
{
|
2022-12-19 23:21:54 +01:00
|
|
|
c3d2.hq.statistics.enable = true;
|
2022-12-23 12:26:44 +01:00
|
|
|
c3d2.deployment.server = "server10";
|
|
|
|
microvm = {
|
2022-12-14 23:22:20 +01:00
|
|
|
mem = 16 * 1024;
|
2022-11-30 22:07:45 +01:00
|
|
|
vcpu = 16;
|
2022-11-30 00:34:54 +01:00
|
|
|
};
|
2022-12-02 00:33:14 +01:00
|
|
|
|
2022-12-22 21:25:53 +01:00
|
|
|
networking.hostName = "mastodon";
|
2022-12-02 00:33:14 +01:00
|
|
|
|
|
|
|
services = {
|
2022-12-19 23:21:54 +01:00
|
|
|
# Sidekiq monitoring
|
|
|
|
collectd.plugins = {
|
|
|
|
redis =
|
|
|
|
let
|
|
|
|
queries = [{
|
|
|
|
command = "GET stat:processed";
|
|
|
|
type = "counter";
|
|
|
|
instance = "sidekiq_stat_processed";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "GET stat:failed";
|
|
|
|
type = "counter";
|
|
|
|
instance = "sidekiq_stat_failed";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#default";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_default_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#ingress";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_ingress_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#mailers";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_mailers_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#pull";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_pull_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#push";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_push_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "LLEN queue:#scheduler";
|
|
|
|
type = "queue_length";
|
|
|
|
instance = "sidekiq_scheduler_queue_len";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "ZCARD schedule";
|
|
|
|
type = "count";
|
|
|
|
instance = "sidekiq_scheduled";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "ZCARD retry";
|
|
|
|
type = "count";
|
|
|
|
instance = "sidekiq_retries";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "ZCARD dead";
|
|
|
|
type = "count";
|
|
|
|
instance = "sidekiq_dead";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
command = "SCARD processes";
|
|
|
|
type = "backends";
|
|
|
|
instance = "sidekiq_processes";
|
|
|
|
}];
|
|
|
|
in
|
|
|
|
''
|
|
|
|
<Node "mastodon">
|
|
|
|
Host "${config.services.mastodon.redis.host}"
|
|
|
|
Port "${toString config.services.mastodon.redis.port}"
|
|
|
|
Timeout 3000
|
|
|
|
|
|
|
|
${lib.concatMapStrings ({ command, type, instance }: ''
|
|
|
|
<Query "${command}">
|
|
|
|
Type "${type}"
|
|
|
|
Instance "${instance}"
|
|
|
|
</Query>
|
|
|
|
'') queries}
|
|
|
|
</Node>
|
|
|
|
'';
|
|
|
|
postgresql = ''
|
|
|
|
<Database "${config.services.mastodon.database.name}">
|
|
|
|
Param database "${config.services.mastodon.database.name}"
|
|
|
|
Query backends
|
|
|
|
Query transactions
|
|
|
|
Query queries
|
|
|
|
Query disk_io
|
|
|
|
Query disk_usage
|
|
|
|
</Database>
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2022-12-02 00:33:14 +01:00
|
|
|
elasticsearch = {
|
|
|
|
enable = true;
|
|
|
|
package = pkgs.elasticsearch7;
|
|
|
|
};
|
|
|
|
|
|
|
|
mastodon = {
|
|
|
|
enable = true;
|
2022-12-19 22:35:21 +01:00
|
|
|
configureNginx = true;
|
2022-12-02 00:33:14 +01:00
|
|
|
elasticsearch.host = "127.0.0.1";
|
2023-05-05 00:57:50 +02:00
|
|
|
ldap.enable = true;
|
2022-12-02 00:33:14 +01:00
|
|
|
extraConfig = {
|
2022-12-02 01:00:45 +01:00
|
|
|
ALTERNATE_DOMAINS = lib.concatStringsSep "," config.services.nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases;
|
2022-12-02 00:33:14 +01:00
|
|
|
DEFAULT_LOCALE = "de";
|
2022-12-23 12:26:44 +01:00
|
|
|
WEB_CONCURRENCY = toString config.microvm.vcpu;
|
2022-12-24 00:12:17 +01:00
|
|
|
# MAX_THREADS = toString config.microvm.vcpu;
|
2022-12-02 00:33:14 +01:00
|
|
|
};
|
2022-12-19 22:35:21 +01:00
|
|
|
localDomain = "c3d2.social";
|
|
|
|
otpSecretFile = config.sops.secrets."mastodon/otp-secret".path;
|
|
|
|
secretKeyBaseFile = config.sops.secrets."mastodon/secret-key".path;
|
|
|
|
smtp = {
|
|
|
|
host = "mail.c3d2.de";
|
|
|
|
port = 587;
|
|
|
|
fromAddress = "mail@c3d2.social";
|
|
|
|
authenticate = false;
|
|
|
|
};
|
|
|
|
vapidPrivateKeyFile = config.sops.secrets."mastodon/vapid-private-key".path;
|
|
|
|
vapidPublicKeyFile = config.sops.secrets."mastodon/vapid-public-key".path;
|
2022-11-30 00:34:54 +01:00
|
|
|
};
|
2022-11-30 01:13:23 +01:00
|
|
|
|
2022-12-02 00:33:14 +01:00
|
|
|
nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases = [
|
|
|
|
"${config.networking.hostName}.flpk.zentralwerk.org"
|
|
|
|
"social.c3d2.de"
|
|
|
|
];
|
|
|
|
|
2022-12-22 21:25:53 +01:00
|
|
|
portunus.addToHosts = true;
|
|
|
|
|
2022-12-02 00:33:14 +01:00
|
|
|
postgresql = {
|
|
|
|
enable = true;
|
2022-12-19 23:21:54 +01:00
|
|
|
ensureUsers = [{
|
2022-12-02 00:33:14 +01:00
|
|
|
name = "collectd";
|
|
|
|
ensurePermissions = {
|
|
|
|
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
|
|
|
|
};
|
2022-12-19 23:21:54 +01:00
|
|
|
}];
|
2023-01-07 01:45:37 +01:00
|
|
|
package = pkgs.postgresql_15;
|
|
|
|
upgrade.stopServices = [ "mastodon-sidekiq" "mastodon-streaming" "mastodon-web" ];
|
2022-12-02 00:33:14 +01:00
|
|
|
};
|
2023-05-17 00:57:08 +02:00
|
|
|
|
|
|
|
restic.backups."remote-server8".paths = [ "/var/lib/mastodon/" ];
|
2022-11-30 00:34:54 +01:00
|
|
|
};
|
2022-12-02 00:33:14 +01:00
|
|
|
|
|
|
|
sops = {
|
|
|
|
defaultSopsFile = ./secrets.yaml;
|
2023-05-16 23:40:43 +02:00
|
|
|
secrets = {
|
|
|
|
"mastodon/env".owner = "mastodon";
|
|
|
|
"mastodon/otp-secret".owner = "mastodon";
|
|
|
|
"mastodon/secret-key".owner = "mastodon";
|
|
|
|
"mastodon/vapid-private-key".owner = "mastodon";
|
|
|
|
"mastodon/vapid-public-key".owner = "mastodon";
|
|
|
|
"restic/mastodon/password".owner = "root";
|
|
|
|
"restic/mastodon/repository".owner = "root";
|
|
|
|
};
|
2022-11-30 01:17:39 +01:00
|
|
|
};
|
2022-11-30 22:07:56 +01:00
|
|
|
|
2022-12-19 23:21:54 +01:00
|
|
|
system.stateVersion = "22.11";
|
2022-11-30 22:07:56 +01:00
|
|
|
|
2022-12-19 23:21:54 +01:00
|
|
|
# Inject LDAP secrets
|
|
|
|
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
|
|
|
|
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
|
|
|
'';
|
2022-11-30 00:34:54 +01:00
|
|
|
}
|