Merge remote-tracking branch 'prism/master'

1 files changed, 40 insertions, 0 deletions

diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
new file mode 100644
index 000000000..d0c1943cc
--- /dev/null
+++ b/krebs/2configs/mastodon.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+{
+  services.postgresql = {
+    enable = true;
+    dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+    package = pkgs.postgresql_11;
+  };
+  systemd.tmpfiles.rules = [
+    "d /var/state/postgresql 0700 postgres postgres -"
+  ];
+
+  services.mastodon = {
+    enable = true;
+    localDomain = "social.krebsco.de";
+    configureNginx = true;
+    trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
+    smtp.createLocally = false;
+    smtp.fromAddress = "mastodon@social.krebsco.de";
+  };
+
+  services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+    forceSSL = lib.mkForce false;
+    enableACME = lib.mkForce false;
+    locations."@proxy".extraConfig = ''
+      proxy_redirect off;
+      proxy_pass_header Server;
+      proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+  ];
+
+  environment.systemPackages = [
+    (pkgs.writers.writeDashBin "tootctl" ''
+      sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+    '')
+  ];
+}