mastodon: initial setup
This commit is contained in:
parent
3188862fe9
commit
01675c85cb
@ -6,6 +6,7 @@
|
||||
./desktop/awesome/default.nix
|
||||
./locations.nix
|
||||
./resilio.nix
|
||||
./services/mastodon/default.nix
|
||||
./services/matrix.nix
|
||||
./tailscale.nix
|
||||
./www/global.nix
|
||||
|
@ -14,6 +14,7 @@ in
|
||||
default = {
|
||||
services = {
|
||||
matrix = "vm.strangervm.ts.hillion.co.uk";
|
||||
mastodon = "vm.strangervm.ts.hillion.co.uk";
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -21,5 +22,6 @@ in
|
||||
|
||||
config = lib.mkIf cfg.autoServe {
|
||||
custom.services.matrix.enable = cfg.locations.services.matrix == config.networking.fqdn;
|
||||
custom.services.mastodon.enable = cfg.locations.services.mastodon == config.networking.fqdn;
|
||||
};
|
||||
}
|
||||
|
58
modules/services/mastodon/default.nix
Normal file
58
modules/services/mastodon/default.nix
Normal file
@ -0,0 +1,58 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.services.mastodon;
|
||||
in
|
||||
{
|
||||
options.custom.services.mastodon = {
|
||||
enable = lib.mkEnableOption "mastodon";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets = {
|
||||
"mastodon/otp_secret_file" = {
|
||||
file = ../../../secrets/mastodon/social.hillion.co.uk/otp_secret_file.age;
|
||||
owner = config.services.mastodon.user;
|
||||
group = config.services.mastodon.group;
|
||||
};
|
||||
"mastodon/secret_key_base" = {
|
||||
file = ../../../secrets/mastodon/social.hillion.co.uk/secret_key_base.age;
|
||||
owner = config.services.mastodon.user;
|
||||
group = config.services.mastodon.group;
|
||||
};
|
||||
"mastodon/vapid_private_key" = {
|
||||
file = ../../../secrets/mastodon/social.hillion.co.uk/vapid_private_key.age;
|
||||
owner = config.services.mastodon.user;
|
||||
group = config.services.mastodon.group;
|
||||
};
|
||||
"mastodon/mastodon_at_social.hillion.co.uk" = {
|
||||
file = ../../../secrets/mastodon/social.hillion.co.uk/mastodon_at_social.hillion.co.uk.age;
|
||||
owner = config.services.mastodon.user;
|
||||
group = config.services.mastodon.group;
|
||||
};
|
||||
};
|
||||
|
||||
services.mastodon = {
|
||||
enable = true;
|
||||
localDomain = "social.hillion.co.uk";
|
||||
|
||||
vapidPublicKeyFile = builtins.path { path = ./vapid_public_key; };
|
||||
otpSecretFile = config.age.secrets."mastodon/otp_secret_file".path;
|
||||
secretKeyBaseFile = config.age.secrets."mastodon/secret_key_base".path;
|
||||
vapidPrivateKeyFile = config.age.secrets."mastodon/vapid_private_key".path;
|
||||
|
||||
smtp = {
|
||||
user = "mastodon@social.hillion.co.uk";
|
||||
port = 587;
|
||||
passwordFile = config.age.secrets."mastodon/mastodon_at_social.hillion.co.uk".path;
|
||||
host = "smtp.eu.mailgun.org";
|
||||
fromAddress = "mastodon@social.hillion.co.uk";
|
||||
authenticate = true;
|
||||
};
|
||||
|
||||
extraConfig = {
|
||||
EMAIL_DOMAIN_WHITELIST = "hillion.co.uk";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
1
modules/services/mastodon/vapid_public_key
Normal file
1
modules/services/mastodon/vapid_public_key
Normal file
@ -0,0 +1 @@
|
||||
BNC88033km7UbxwclsVwr8k8Fe0ndQzeEwc9v4IqEtnU2YMLDKBsZ9eGBPXOQwClnqa-PxxuHSkxeDRC_uQdzb0=
|
@ -10,6 +10,8 @@ in
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.users.caddy.extraGroups = [ "mastodon" ];
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
|
||||
@ -49,7 +51,41 @@ in
|
||||
virtualHosts."drone.hillion.co.uk".extraConfig = ''
|
||||
reverse_proxy http://vm.strangervm.ts.hillion.co.uk:18733
|
||||
'';
|
||||
virtualHosts."social.hillion.co.uk".extraConfig = ''
|
||||
handle_path /system/* {
|
||||
file_server * {
|
||||
root /var/lib/mastodon/public-system
|
||||
}
|
||||
}
|
||||
|
||||
handle /api/v1/streaming/* {
|
||||
reverse_proxy unix//run/mastodon-streaming/streaming.socket
|
||||
}
|
||||
|
||||
route * {
|
||||
file_server * {
|
||||
root ${pkgs.mastodon}/public
|
||||
pass_thru
|
||||
}
|
||||
reverse_proxy * unix//run/mastodon-web/web.socket
|
||||
}
|
||||
|
||||
handle_errors {
|
||||
root * ${pkgs.mastodon}/public
|
||||
rewrite 500.html
|
||||
file_server
|
||||
}
|
||||
|
||||
encode gzip
|
||||
|
||||
header /* {
|
||||
Strict-Transport-Security "max-age=31536000;"
|
||||
}
|
||||
header /emoji/* Cache-Control "public, max-age=31536000, immutable"
|
||||
header /packs/* Cache-Control "public, max-age=31536000, immutable"
|
||||
header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable"
|
||||
header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable"
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -0,0 +1,22 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
fR5abxPrwpYFhEty3T8Zx7u3K5HzIRujjj5aZP84+7gZlEE+Fjj7+F1cWk2QeM38
|
||||
x1YHA5psEsuWAqtAQ/v9Rp/JHFH+HcO6imEIaFv2Lg1tv8IswT995ynejr0E1wN/
|
||||
QKzVXhyqXbTHB6EsGKrzxHAK4GcqXwPFV4JWSYQ+Q2JSDkX4j7yM6kT7k7OI32ZO
|
||||
RmhezWUp5FfZp37NJAJdBQNTqp/nvYLc3X9Wq4kFrvWZNRrh1Yix7vIv0iaqvoHY
|
||||
JWLb9NLQA9RfSKnAVIlbbhNZzMBdCH2zPjNFPdRFHilqcGzxL5NZcEnPcvgwdLU3
|
||||
wrxCU0ZlDDVM6PPR4wnf6A
|
||||
-> ssh-rsa K9mW1w
|
||||
YMUoAeS+odaUTqNrPpUdno5+X2FEtYKJXoELKAV73FzEZPRGqx6QOW66T7I1T6Ta
|
||||
bI8DN0APAhw5iQLzyfQAqCTk+e9OpVMKhOz9aoOvTUMWQvzFnLPplUBrfqErKf0N
|
||||
ynivabBZDu4bYlveUxvDootS0BEGqMX521+GfHXXrnF1kswmQU9iBjaXOJ6ee5kA
|
||||
uuRXYjdvMCRdxt4IfPsmds5sxmQmb3TtqDTglYF/bGSJRvCuTFE2RJReqR0J7fI8
|
||||
7X/v1BXqZ4/USFcaAvDTejynzw7XbVd0QxF8pvyovnC8QAcNEOSW03ZTWa72SAyH
|
||||
sIN+E5WM8vByNDMM9SbtyQ
|
||||
-> ssh-ed25519 O0LMHg DyROBi4kg7STbIT2AQebM2l+PIxRVGHzIzeJNFCckwU
|
||||
tdNtu0iX9DbBcGO++S3FNpPi0bhs8VblZZ1vG+JAtpQ
|
||||
-> pp5-grease h K,g1$` -W-'z=\ PFC!
|
||||
b5JA7LoHsCfpp/rgBBETM+EOZSEqILdpmkWU2kmJdBvpFG+4oCUFD+el2azOiZpf
|
||||
VSgZiCfct2WDZuEEdZyWAcmRd+z7
|
||||
--- Wngnxun5npVjMmr9+LpV28g8T8nzIcDW8vm124DsbLU
|
||||
ÍêuëE€9ª´Ã]ùÚèÿxdcpyNüV´x×ôDl N¨j/Íò”Uœæè°)J|½ksea<65>ì
éG¡B¬›twZKÇÃÚ]d<>V<02>Ù
|
22
secrets/mastodon/social.hillion.co.uk/otp_secret_file.age
Normal file
22
secrets/mastodon/social.hillion.co.uk/otp_secret_file.age
Normal file
@ -0,0 +1,22 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
buJjlLdz+QJS/ltPEoSC1QIuc25yPA1faRy4oFcUDDMLGrfoH53V3r9S3ku0qOeV
|
||||
bb/VJoTRnmNK+ES1Z06dDlNHISCZzwhqO6Y67eb4AXsd4D+2L5c9fzmRhUph8U9a
|
||||
8bSJ5wdY6Be7+zd8+Jn8/+Vq24+hj5JxaznSjBPUGdfMd+wK7tFXZwHzab1FqYmu
|
||||
LBRVSxWcjZG+zWErt3+IxcxC051LtjbnfpZowAe9iYKjDgYU/JmF2ujz2AIN/ZX8
|
||||
heyzCA5BftAoavjcPMapVUnMU1jhQeiPfSG8NzgqaJDi7KPg/Ejujst3KfZdJg11
|
||||
3sKdUN9iT+kRG298JdIP2g
|
||||
-> ssh-rsa K9mW1w
|
||||
wmBPlRZqmkMhHxcjHqv1hBTt3C6oKX3aubI73gtAnO9wgA3vfkWiDtdPJA/yxWuv
|
||||
Uz62QxQv09bd9sQ0C+VOx3DHlmIxU8j4ZX9ZdxgBSKm3QGRsfZYNjuRKN4raKjbP
|
||||
qvjQ7OkmzgJKBK4abtsZOjTc0YVzmHb/DWc4Swbnlf5MNuB0sFk4n5sVWtmRcx41
|
||||
AC92COM1U9OjJbCry99v+iNGEYkqZJaqbv2cGnft68TMi+eKpDx2BQ5/FcEFJRTX
|
||||
AVeOsRdBpkx8MN8GOA1FwkJE1EAQSwPz2owUwScoCg8ynBk6e7rYtCFugEm7F+Kr
|
||||
TGqNvLd1Ej7t9nrV3VKO0Q
|
||||
-> ssh-ed25519 O0LMHg 82e9p3tOgjrQJ0OpjYIaY3Z3B4P4Va0OtoeQWUDNRi4
|
||||
+yL/wlDqhYM+XigMT1BVT+yz68df/1sj9R4mraTYA9w
|
||||
-> )-grease
|
||||
ks1I3lwsUUiYhDwrOZMVE/c0o7lGhmxx3GMpDQ
|
||||
--- CTOHTcdLxijAcutu0KPmmINx0jIdUZJL7YdLsLavBoY
|
||||
3+f©Ž%·(~ù!¥H§äµ\h7™ qUÛ{£d’œ—ˆO
ÕΕIŸò#êjJ8½‰ä›³šiØ~>ú¯ú™Þ—ï¥<C3AF>Ù%,f¬ù°VÐ$¬ÉA|óWo¢©/'ûba ;¶`:kÈ
|
||||
Å#˜7¯;úèŽö+ä?lò<œ!Žbút9q˜%0¼ù»ó¡b&€¶ƒÃ©úºDìÑ4Á8ˆ
|
22
secrets/mastodon/social.hillion.co.uk/secret_key_base.age
Normal file
22
secrets/mastodon/social.hillion.co.uk/secret_key_base.age
Normal file
@ -0,0 +1,22 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
lKGHm6g4g5VUSGPywFDxDUl15UbCu8cAxMDleH/LiMq4bqmgkSuEIqISRw04Bqgl
|
||||
xcPE5iaL/xHMAMOSQmGq6fuJDvKLkhNLdtIEzdOSZRtRwMmSnN3fgmdwgXIxhftn
|
||||
ZvcJJPLPjHJoPx1dN8beS5pPgVrRX4RbOWpeGrl57jJCF4Gdryq5SpeB2P6SU3iS
|
||||
jw16kj0/gRvjGyFarURCUbiXnoQ8yZBzm77fzQR7GlGmDw1ySFoxooFq6yyw8nqd
|
||||
xZMBBZ6mf6gYReGzQUvVGzlybTpgdCgCLu8vAGMZJmZ9nxUdRXJWhGfxctNH3Pn2
|
||||
5gR4jItiQPQbGDS3Nrbgxw
|
||||
-> ssh-rsa K9mW1w
|
||||
MYjQSBZfMCcSj5Io08+sa1p9MVt+kWvSsACyhZX1cC9iybD45zZare6zZBpPp1YL
|
||||
BxM0RnG7lPiNU4K8kqd325qnQudITaX4tBSDPprfdoa1LSB7nNMMfmFFSzGkfBri
|
||||
W5yJNYy7ECLguYbqCLSdjfQ/Da0sbpCeuYlTe3j1UH0eY6t0l3tMjBOIZHhiXMSB
|
||||
P5y6JxubQKG/VlNVHsrgD0IT0A0XVJFLWJ4iE36B0QfrsAUm+68qpxEJenuVIgaq
|
||||
TkGAJPauFDmAWfFMOKYyXJFLKQ2tVdNvTHIHxAQdzwosqYUdvXyU/ugT5UFddS7i
|
||||
RKIY+9U8RQAU9Qg8cpYGLw
|
||||
-> ssh-ed25519 O0LMHg w28mpV/lT2kZMgOPkRFbWUhos+2azTGn1XWWlcGQ5Xg
|
||||
5pjjuQbFaiSsT9Y1poh1R+yaEDWc+sNfTFikk86U5X0
|
||||
-> y-grease IcQ/&4 x [nL_
|
||||
m/JAUuy/7a7/k+qTDEuSDtJcjqAuum+2
|
||||
--- tZoksBLZWjbl7cH9Rmfz8Em9ZbDFQQgKVkxKJRx2V74
|
||||
wH ¸…šÏ^ÎÁ«¶µ€F_„ ›$“=…ñÝZmsE9uÓŒ<C393>^Öy¹<79>ÜñÚ#„šZ\wSê÷{~"I„®?IÁ;É6ó®*úÀl5-ÎõD2ël½ù4„/!‚Ðñ‚§}÷Pû´öiW¶7ÈiW|0´uq³mûWr¦Ë#ƒîéÚ<>;=AlÂgŒ*06Å {füK0¬aÍbMK/¶
|
||||
Ò
|
23
secrets/mastodon/social.hillion.co.uk/vapid_private_key.age
Normal file
23
secrets/mastodon/social.hillion.co.uk/vapid_private_key.age
Normal file
@ -0,0 +1,23 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
mdMhxMiuWstsWZ4wSiWcloDrP1sJrKOQFy1IwAEXjrXmWx+N9W2p93+gz9W3mTir
|
||||
ooLWTdj2g9tywRpFlLfZr8MDsZEpCxSLb2TG6/xOHuu7qfdsK2V/q+AdgmNZQemv
|
||||
KdIQoszcltG7tv1MyUgcCgusGqJIudLhJ8Sk5w0yPmKW6K/o0cRqX2IAxLWOts2m
|
||||
wlpieG2r35+OHTyaMC6HKDhZBM5Te9b9nQNwq8kj4n98Il3gEGkWYRK6eGiPoQNq
|
||||
ywQv4cmLVmPvuGRhRymzGOieMk2EeT8ZEs970t7SRgq58BFWI79hFZ1Mihr0pXyL
|
||||
wJgnEvaUey1rBj6Nlbdvcw
|
||||
-> ssh-rsa K9mW1w
|
||||
s29WasIMWE/iVZ2ESd3HpcMsZeC8K/99X/aopLCtK+c+ykXzbdXyHjCvtfvpvMF+
|
||||
GVgWLpPpTa/miLZX2ih7GDXBOI06cvs0Zy1eFvVBUsgID87hpHqfGbpFKvQrMPEc
|
||||
wvcINtOBVa4B9IQ5HNMrBtKQuJ2kOdyerosm93S7crOG2ioAt+FLCIjYYLRCteFN
|
||||
QIbD8vgcocpezAmY06WnepNM1Yi8yeHGi2m3HfPTNxKb6zxMGQ4RcW4a+CYiu0KO
|
||||
rtXFDcQyw82BHzgM+mbW1bZ94EwlVeJJRzrukfFi5zZxzr+Zisv8kK9aQZYvTaMS
|
||||
5ddMYrdpxJeGJAtO6ir3yw
|
||||
-> ssh-ed25519 O0LMHg yHLnNQMahSSgXtWmyAurXI7+bvlJhg4edg/G+AzGAkk
|
||||
PDbS4LjOhHY6GIfQAojtDYpUJV3xS4nAAnvhfhMui3I
|
||||
-> TQ~'V\-grease vuL/7@ .YbM/Fv$
|
||||
sJRsjd41yeR2gJRv567GFh9a6G55o7Jd00QYxPPp
|
||||
--- dClpo30O0AgOaIbkTeyPuuLgV5xCVwj9TpOMJ8fGUJo
|
||||
Œ˜:çÓ’UYÎ,7™D{µCÏÓö
|
||||
1
TÂCQɶ*f=„gCkú«<C3BA>]'šúeûWfìšÄ«~”†£E¸
|
||||
ÊãÍ:å²ÑA –”
|
@ -65,4 +65,10 @@ in
|
||||
# Drone Secrets
|
||||
"drone/gitea_client_secret.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
||||
"drone/rpc_secret.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
||||
|
||||
# Mastodon Secrets
|
||||
"mastodon/social.hillion.co.uk/otp_secret_file.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
||||
"mastodon/social.hillion.co.uk/secret_key_base.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
||||
"mastodon/social.hillion.co.uk/vapid_private_key.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
||||
"mastodon/social.hillion.co.uk/mastodon_at_social.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user