diff options
author | lassulus <lassulus@lassul.us> | 2022-12-02 09:05:42 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2022-12-02 09:06:32 +0100 |
commit | 645c3564f75589531abcf17fd3c3f920d93a394a (patch) | |
tree | 27a35462d208c0eda46017eb1f81a677309a166e | |
parent | 2ea3b14cb5caa06f2d2972177a93cddb6d9d66f6 (diff) |
init social.krebsco.de
-rw-r--r-- | kartei/lass/default.nix | 11 | ||||
-rw-r--r-- | krebs/1systems/hotdog/config.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/mastodon-proxy.nix | 24 | ||||
-rw-r--r-- | krebs/2configs/mastodon.nix | 40 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 1 |
5 files changed, 72 insertions, 5 deletions
diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix index 0c314e9ec..1452d4943 100644 --- a/kartei/lass/default.nix +++ b/kartei/lass/default.nix @@ -59,11 +59,12 @@ in { cores = 4; extraZones = { "krebsco.de" = '' - cache IN A ${nets.internet.ip4.addr} - p IN A ${nets.internet.ip4.addr} - c IN A ${nets.internet.ip4.addr} - paste IN A ${nets.internet.ip4.addr} - prism IN A ${nets.internet.ip4.addr} + cache 60 IN A ${nets.internet.ip4.addr} + p 60 IN A ${nets.internet.ip4.addr} + c 60 IN A ${nets.internet.ip4.addr} + paste 60 IN A ${nets.internet.ip4.addr} + prism 60 IN A ${nets.internet.ip4.addr} + social 60 IN A ${nets.internet.ip4.addr} ''; "lassul.us" = '' $TTL 3600 diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 02749dafe..a34df4bdc 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -14,6 +14,7 @@ <stockholm/krebs/2configs/mud.nix> <stockholm/krebs/2configs/cal.nix> + <stockholm/krebs/2configs/mastodon.nix> ## shackie irc bot <stockholm/krebs/2configs/shack/reaktor.nix> diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix new file mode 100644 index 000000000..4d359c3fe --- /dev/null +++ b/krebs/2configs/mastodon-proxy.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx = { + enable = true; + virtualHosts."social.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + # TODO use this in 22.11 + # recommendedProxySettings = true; + proxyPass = "http://hotdog.r"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + ''; + }; + }; + }; +} diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix new file mode 100644 index 000000000..d0c1943cc --- /dev/null +++ b/krebs/2configs/mastodon.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresql = { + enable = true; + dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}"; + package = pkgs.postgresql_11; + }; + systemd.tmpfiles.rules = [ + "d /var/state/postgresql 0700 postgres postgres -" + ]; + + services.mastodon = { + enable = true; + localDomain = "social.krebsco.de"; + configureNginx = true; + trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr; + smtp.createLocally = false; + smtp.fromAddress = "mastodon@social.krebsco.de"; + }; + + services.nginx.virtualHosts.${config.services.mastodon.localDomain} = { + forceSSL = lib.mkForce false; + enableACME = lib.mkForce false; + locations."@proxy".extraConfig = '' + proxy_redirect off; + proxy_pass_header Server; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + ''; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + ]; + + environment.systemPackages = [ + (pkgs.writers.writeDashBin "tootctl" '' + sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@" + '') + ]; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7bffc39aa..75f84bca9 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -111,6 +111,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/jitsi.nix> <stockholm/lass/2configs/fysiirc.nix> <stockholm/lass/2configs/bgt-bot> + <stockholm/krebs/2configs/mastodon-proxy.nix> { services.tor = { enable = true; |