setup mastodon

2025-09-12 14:24:10 +02:00 · 2025-09-12 14:24:10 +02:00 · 96363ea213
commit 96363ea213
parent f7599b510a
4 changed files with 115 additions and 38 deletions
--- a/configs/services/mastodon.nix
+++ b/configs/services/mastodon.nix
@ -1,44 +1,36 @@
 { lib, pkgs, config, ... }:
-let
-  http_port = 3000;
-  dbuname = "misskey";
-  dbport = 5432;
-in
 {
-  services = {
-    misskey = {
-      enable = true;
-      settings = {
-        url = "https://puppyplaypissparty.de";
-        port = http_port;
-      };
-      settings = {
-        db = {
-          user = dbuname;
-          port = dbport;
-        };
-        setupPassword = "VMoV33ov$C6JxVVXHffuVxHaqf^Cbmr9V1GSNgkyF6pq939Wr@c1hgfN7iD9%$De";
-      };
-    };
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "fedi@cdaut.de";
+  };

-    postgresql = {
-      enable = true;
-      ensureUsers = [
-        {
-          name = dbuname;
-          ensureDBOwnership = true;
-        }
-      ];
-      ensureDatabases = [
-        dbuname
-      ];
-      settings.port = dbport;
-    };
-    redis = {
-      servers."" = {
-        enable = true;
-      };
+  # set up smtp pass
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    secrets.smtp_pass = {
+      sopsFile = ../../secrets/mastodon/secrets.yaml;
    };
  };
-  networking.firewall.allowedTCPPorts = [ http_port ];
+
+  services.mastodon = {
+    enable = true;
+    streamingProcesses = 1;
+    localDomain = "puppyplaypissparty.de";
+    configureNginx = true;
+
+    smtp = {
+      fromAddress = "fedi@cdaut.de";
+      host = "mail.cdaut.de";
+      user = "fedi@cdaut.de";
+      port = 587;
+      authenticate = true;
+      passwordFile = config.sops.secrets.smtp_pass.path;
+    };
+
+    database = {
+      createLocally = true;
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
--- a/configs/services/misskey.nix
+++ b/configs/services/misskey.nix
@ -0,0 +1,44 @@
+{ lib, pkgs, config, ... }:
+let
+  http_port = 3000;
+  dbuname = "misskey";
+  dbport = 5432;
+in
+{
+  services = {
+    misskey = {
+      enable = true;
+      settings = {
+        url = "https://puppyplaypissparty.de";
+        port = http_port;
+      };
+      settings = {
+        db = {
+          user = dbuname;
+          port = dbport;
+        };
+        setupPassword = "VMoV33ov$C6JxVVXHffuVxHaqf^Cbmr9V1GSNgkyF6pq939Wr@c1hgfN7iD9%$De";
+      };
+    };
+
+    postgresql = {
+      enable = true;
+      ensureUsers = [
+        {
+          name = dbuname;
+          ensureDBOwnership = true;
+        }
+      ];
+      ensureDatabases = [
+        dbuname
+      ];
+      settings.port = dbport;
+    };
+    redis = {
+      servers."" = {
+        enable = true;
+      };
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ http_port ];
+}