summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2022-12-02 09:05:42 +0100
committerlassulus <lassulus@lassul.us>2022-12-02 09:06:32 +0100
commit645c3564f75589531abcf17fd3c3f920d93a394a (patch)
tree27a35462d208c0eda46017eb1f81a677309a166e
parent2ea3b14cb5caa06f2d2972177a93cddb6d9d66f6 (diff)
init social.krebsco.de
-rw-r--r--kartei/lass/default.nix11
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/mastodon-proxy.nix24
-rw-r--r--krebs/2configs/mastodon.nix40
-rw-r--r--lass/1systems/prism/config.nix1
5 files changed, 72 insertions, 5 deletions
diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix
index 0c314e9ec..1452d4943 100644
--- a/kartei/lass/default.nix
+++ b/kartei/lass/default.nix
@@ -59,11 +59,12 @@ in {
cores = 4;
extraZones = {
"krebsco.de" = ''
- cache IN A ${nets.internet.ip4.addr}
- p IN A ${nets.internet.ip4.addr}
- c IN A ${nets.internet.ip4.addr}
- paste IN A ${nets.internet.ip4.addr}
- prism IN A ${nets.internet.ip4.addr}
+ cache 60 IN A ${nets.internet.ip4.addr}
+ p 60 IN A ${nets.internet.ip4.addr}
+ c 60 IN A ${nets.internet.ip4.addr}
+ paste 60 IN A ${nets.internet.ip4.addr}
+ prism 60 IN A ${nets.internet.ip4.addr}
+ social 60 IN A ${nets.internet.ip4.addr}
'';
"lassul.us" = ''
$TTL 3600
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 02749dafe..a34df4bdc 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -14,6 +14,7 @@
<stockholm/krebs/2configs/mud.nix>
<stockholm/krebs/2configs/cal.nix>
+ <stockholm/krebs/2configs/mastodon.nix>
## shackie irc bot
<stockholm/krebs/2configs/shack/reaktor.nix>
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix
new file mode 100644
index 000000000..4d359c3fe
--- /dev/null
+++ b/krebs/2configs/mastodon-proxy.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+{
+ services.nginx = {
+ enable = true;
+ virtualHosts."social.krebsco.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ # TODO use this in 22.11
+ # recommendedProxySettings = true;
+ proxyPass = "http://hotdog.r";
+ proxyWebsockets = true;
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ '';
+ };
+ };
+ };
+}
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
new file mode 100644
index 000000000..d0c1943cc
--- /dev/null
+++ b/krebs/2configs/mastodon.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+{
+ services.postgresql = {
+ enable = true;
+ dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+ package = pkgs.postgresql_11;
+ };
+ systemd.tmpfiles.rules = [
+ "d /var/state/postgresql 0700 postgres postgres -"
+ ];
+
+ services.mastodon = {
+ enable = true;
+ localDomain = "social.krebsco.de";
+ configureNginx = true;
+ trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
+ smtp.createLocally = false;
+ smtp.fromAddress = "mastodon@social.krebsco.de";
+ };
+
+ services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+ forceSSL = lib.mkForce false;
+ enableACME = lib.mkForce false;
+ locations."@proxy".extraConfig = ''
+ proxy_redirect off;
+ proxy_pass_header Server;
+ proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+ '';
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ 80
+ ];
+
+ environment.systemPackages = [
+ (pkgs.writers.writeDashBin "tootctl" ''
+ sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+ '')
+ ];
+}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 7bffc39aa..75f84bca9 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -111,6 +111,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/jitsi.nix>
<stockholm/lass/2configs/fysiirc.nix>
<stockholm/lass/2configs/bgt-bot>
+ <stockholm/krebs/2configs/mastodon-proxy.nix>
{
services.tor = {
enable = true;