From 1566fc21d13a62a4f29bf6374e1ae2541c94b89b Mon Sep 17 00:00:00 2001 From: Clara Dautermann Date: Sat, 19 Jul 2025 21:15:47 +0200 Subject: [PATCH 1/2] basic misskey setup --- .sops.yaml | 3 +- configs/containers/mastodon_container.nix | 19 +++++ configs/services/mastodon.nix | 43 +++++++++++ flake.nix | 2 + secrets/all/secrets.yaml | 87 +++++++++++++---------- 5 files changed, 114 insertions(+), 40 deletions(-) create mode 100644 configs/containers/mastodon_container.nix create mode 100644 configs/services/mastodon.nix diff --git a/.sops.yaml b/.sops.yaml index 4f59156..7b3ae50 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,12 +7,13 @@ keys: - &mcserver age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h - &zammad age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c - &forgejo age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh + - &mastodon age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r creation_rules: - path_regex: secrets\/all\/* key_groups: - pgp: [*clara] - age: [*wireguard, *mcserver, *zammad, *forgejo] + age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon] - path_regex: secrets\/wireguard\/* key_groups: - pgp: [*clara] diff --git a/configs/containers/mastodon_container.nix b/configs/containers/mastodon_container.nix new file mode 100644 index 0000000..4551e91 --- /dev/null +++ b/configs/containers/mastodon_container.nix @@ -0,0 +1,19 @@ +{ lib, pkgs, config, ... }: { + + deployment = { + targetHost = "192.168.178.80"; + targetPort = 22; + targetUser = "root"; + }; + networking.hostName = "mastodon"; + networking.interfaces.wgbr.ipv4.addresses = [ + { + address = "10.8.1.6"; + prefixLength = 24; + } + ]; + imports = [ + ../container_config.nix + ../services/mastodon.nix + ]; +} diff --git a/configs/services/mastodon.nix b/configs/services/mastodon.nix new file mode 100644 index 0000000..4ddb97c --- /dev/null +++ b/configs/services/mastodon.nix @@ -0,0 +1,43 @@ +{ lib, pkgs, config, ... }: +let + http_port = 3000; + dbuname = "misskey"; + dbport = 5432; +in +{ + services = { + misskey = { + enable = true; + settings = { + url = "http://puppyplaypissparty.de"; + port = http_port; + }; + settings = { + db = { + user = dbuname; + port = dbport; + }; + }; + }; + + postgresql = { + enable = true; + ensureUsers = [ + { + name = dbuname; + ensureDBOwnership = true; + } + ]; + ensureDatabases = [ + dbuname + ]; + settings.port = dbport; + }; + redis = { + servers."" = { + enable = true; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ http_port ]; +} diff --git a/flake.nix b/flake.nix index 3633fa9..e1bcb2c 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,8 @@ zammad = import ./configs/containers/zammad_container.nix; forgejo = import ./configs/containers/forgejo_container.nix; + + mastodon = import ./configs/containers/mastodon_container.nix; }; }; } diff --git a/secrets/all/secrets.yaml b/secrets/all/secrets.yaml index f4d7cba..496a58f 100644 --- a/secrets/all/secrets.yaml +++ b/secrets/all/secrets.yaml @@ -1,64 +1,73 @@ -initial_password_clara: ENC[AES256_GCM,data:ux8zKQbsw52SDMjX4wyXFp445vbCV4eFdvAJNzYSb3YMxbVWlBTV3KaEFYW0dKFwUvvserHPfyXmFgXJJ5Lx+D+49b8s8mVZqwVs,iv:2c8I40749+bXnwHJ2Gnjkv8a/AtV1P30sCE113jZcH4=,tag:b8kmLLZ80lytRH4dAl6tpg==,type:str] +initial_password_clara: ENC[AES256_GCM,data:TUXb6axbRcIL3IGk1JfvpAMNl03vR5IZuvcrYUKpbp2SS2vhVBtMOCff4lR1VZLoJG/0wskRKaMeiJWWJhq/WYwRi/Xzr+zOlD4c,iv:9vIt760Y6pv7S/EIrsy7KtTG1rtTSInCGHz0Rj3iIZk=,tag:levJuPx04XNX3saDfc61Mw==,type:str] sops: age: - recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweHFOQWNaTGxLTTVNWlpw - UUdZYklScktnL3QvM0xLMTkrTmpYTG1ocXdzCnlPNVdkQ1FwZ21wUlhiOXpCSmV2 - R0Q4RGlTNWRybTFRU1ZnK3VEU0NWUVkKLS0tIGFNRzVDMnkvRXhLTzMwVEpONGFr - RGFIVDZyL0dSTWNDMDZEWEJIamxRMDgKBeRdsbub+XhYKyCkpo9x1yXXqha7PP/s - /nzUyMNqDB7Fh5K9xY2BRxwpxIKYWpzFPjybt5mHL1NxbYheGle5hA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMG44OXJHQndpZjBubmRp + VDZGTldneFZzMEpUOWxmM1R6MGJnVkgxK0RVClNpTXFJeHd2NjdPOVdxa1RWLyth + bXROcEJ0cWlidDBuYmZNZGt5d3RocmMKLS0tIEhCWFJaUmo2MXlYMHpkS1pETmlW + cTJwbzZOaEJaQ0szcnlKeXZFaTBvdHMKM8nuq1/HG0Zo4XKQZcmGqnomDZFysrG2 + yiJZ1SMo9l6bxU94omee3SJbgWtmNzD0IH3YqgOuFwMDszcq1GpFxA== -----END AGE ENCRYPTED FILE----- - recipient: age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzaWxRVVd3bU84bGwrZk5F - blgyRnd3MmdSdGtaWHdnVVVIeUs5dGNkVDJVCmo1MU9PeVRrNEZzcHhKUVk1OXlG - MDNCRCtCOERnQmtmUmt4YXlWTVl1dmcKLS0tIGZiYnlveWlKd2VZaVhNaUtlWlVK - UXkzL3k4YW5ESGRza0hURC9wR0o3RGMKsvc9zCQ323d/eSP9vVDiYTNgZrNmVvfE - +GfDEc/4+OpG+RRmMrXvlvCYRof56ywWZJr9tpAlunZ/t8vHRCUJow== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQXQ1WHNkc2hqVWxzTGYz + UE9Ib3I2cUVRclpMdHEwdDQ5V2lXT20zNm53CmZONis1RmR1eU5BWkxWb09palFn + UlJoTkpLTmJtZHJvYkdIK3QwWXAxZmcKLS0tIFM1endNSkJBck15ZnRHUmxsSVht + VHZtWUV1ZFpQYjZ5T3dJR0o0QWt0akkK0TfTUe9syCY+oQcRztB0fDTqIQ3M364w + sEjx4wmpbJR/ommgybUla56CV58bvs/da6eJdJBqnTxBe9c3tTxkGg== -----END AGE ENCRYPTED FILE----- - recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0YjhORkRmWk9pOVV6cUpo - RVRpNmhzWS9pZDMxTXViMDFLSVNYR1F5NkZZCnFCb0Q3QjMzNk5WVkM3K1JYYjJ4 - c1VER25FVUtyWHFpcVpKdUJ0YlhSTEEKLS0tIEF6a1dJY2JmelQyVzd4Mk9SK0R2 - WFZHdVZiMVdaNHFhTVZGMzdYRTl3ZU0K6yMpKKXKIaYHxR1cAHam7jogZShH5xsK - c43sMBz/WxHjvmI9TCNyxnkvgwC6kJUpV9vABduJg2INjkLltjNc/Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBweGR1YlBWRElhV2ZqM2ww + SGlMWTByenVzY3hGTVc3OS9EMUFEekNIUlFvCmVxREZGUnMxNDNWajdCRXdlSkRK + WTVUWXBiT2JXNTMweXNCK2NPSUIwZEEKLS0tIHNXSkliOW1xRDcrOWVjSFNkYnhM + VkxDRHpKejdQSzhYSzIydDVsRkJTMTQKKrJAz4VllTLj1r+uLbUIUaeZUbxMMpBX + z7/zISKBKVBxc6Qs7md06QzGnMVKZ1QBGwNY3Mzhb/i7XKzT216X+A== -----END AGE ENCRYPTED FILE----- - recipient: age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPelBOdktOV3Naa1ZWdlFv - N1c1clFsZTlkbVlpYU81L3Y3L2UxTTJMaUdNCnJYd3Y0YWpRNTRsTkt4Q0ppblVB - K01HSzgvQ1lIaUNSR2lJZWY4NG1tL28KLS0tIGVjZ0svVlFrK1h1NFViVmV0bk5Q - MW5ZTWQwZy9iQnFNL2dRalM3VSswVkEKcE2M6Ph8d+7BafgjlARITRbxivOajQ3H - 7evjNzFDqga/AZ1rLG+5anuD2giAKVZGok10NvDroCKkobUpsXd6jQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWM0lxV3JaRUwvSmtnOGJW + UXdqczl5WlJ4SjhGbEF0elV1ZWxEaGYxVGx3CmdQZXVIYzVDWlkxN0NTcU5sZHVQ + M3hERm1WQmhrSE82ZHRza1lXSEtZcGMKLS0tIHNBb21oUXJmR2pqdWMyTjhUUGdX + c0U5TXFaTm5yYzhQZkNkenpTcWxiUFEK7eOsxRmOBMAABZGaafnl/wA18Xch2Jik + B0xXWfZ1ZGtWxtmLigFQidZuwhkI2fXRV1h8N+wHGw17rwPyHy/vUQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-17T14:15:59Z" - mac: ENC[AES256_GCM,data:QBoeoWS2eoUjbXm40OLk8vxpdZRUkLgVLPQ6AX9JaYVLl4+reefFw269yngF2ZATBniuYLBHNhkSjOYttC+J7M2Zt8cQhhj4G2TFt7JkYHQRtkbuoa9ZiP3Oi3Jaj6z0w3cHsyMT+fBBdr02winxf8QggYHGmvcK8QXoayccyl8=,iv:lG94yszjtq1tDYrNM+xt5ehdrNYO6M+oqZg/Qg/cO4g=,tag:K3Cr7DySQ02fgHOaVtYmDA==,type:str] + - recipient: age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZEFIVU8vY3JUVFg0RlB1 + d3pDbkNGZVhQQ0g2cnpTbnpkZm5McmkzMGpZClNIR3FlWjdNMXN6cW1SZUc5RmlN + THBTN3pRaFRWZ2ZaRVhScTBCeGZZWlEKLS0tIG5BaStoZ0J5L3hLQ1AvSzRpZHZI + YnVQM0FPV3g1M3dvbEhGRlhKU3hqd0EK/1qGFQ/WN/Fl4apNps+40aBErOCUOuug + 8YbBwmZDcCFupa6mSeqy4xim2fRw5AjSNMlG5cZthLBiT+HRfcBPww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-19T17:07:16Z" + mac: ENC[AES256_GCM,data:rXQlQVI6SOo5HXgZhCJAoMKqzmqwvAZdC9McZTaB6BAlAqBUkxmvNt0TsxfO/BngXUix/yIPZCmdWMiPoKuui0SnuZR/cutN4gZa9mwA7/LSqIuBUNdvOWrJCRQMPla3hrQEHPI//pAsAPlrzpYPhxi89fumGDcYSHW/tohJ0kA=,iv:s+l85/wml+uOEnz/yoJzsucj9tziHtpBamasVN2jG/g=,tag:z54uFmtOQw+Gs8nHbJ5Ovw==,type:str] pgp: - - created_at: "2025-04-17T14:15:33Z" + - created_at: "2025-07-19T17:07:09Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAzwtBoBqH5ZOAQ/9Gx1uySXuafWQT/xz2b4yY37t3ZKE5SE4LxKoyOPXRhWR - yVISxG9MBrYeDe7DR4QYJ5KVpKUui/TMKv5+SFiDvlxgQdWVA2PZ2KXgGK0KDDEk - cOn3YNGLHpZL4ZHwAlbgeNWFjT/A99logCnv7D4VocAX9k+AMSh5ZQqI5HLmBHfO - ZQOugRfGDI28D/iH/8LUXoK+l6VDX3CLt0xfQmNN81q2IQzb2NK9GZvj5qyILR3c - MMzGDMU1pw0OWCZWZDRCE5YA71mrvflGOQPo3/JPsVg1Qr8l6TbGjbFwKlYUgGDU - JTSsZ1ATKjzbWg7KSdrBgztWHcSDdrCW1yytUh9uoJks2UHGdfb060k9DH99IYXk - +u5DutiPqiz8xwn5YHetO3SaJjJA9uIODQ+Em7ElZ+XbY81NIlhbdT8DZKdDHmOx - ozFIs5r1glRaojo8Yc9fym0j8cZ6Dr6rkD+nbgwzRCuUucuzOILIPrutdUSgdpbp - LnK8ScJnOBsF3AhKuOB4Qhnb6Q0ooT8Zt+R2uDdezfACFMa6nW95MP4sPYPqy7ee - ZGuWOaMGQ1Cn9Ck3nBCn8hROzHwp9pv56mqVIKu+oWCGsFm9GUZ5XFvZxez6Kq// - SVhH/qbV3RElBj/Q8u4Xcbl3ZNnHbMhvi/Xe2Ji64orZkzjHrsViB6KXR6uzY/7S - XAF4UTbjzSVkqbZ+IKQbkhoM62YQpT1bOgMk9djNFilauKRqD5x3eKTyuooOnMGh - jVjxulE755eSO6qvATN/P7OIXzaPKI+HSPcdm0WH8ZXVTXrZjkeO7D7gCfh/ - =qTot + hQIMAzwtBoBqH5ZOAQ//ZhD72QA+bliRW0pWpMKe++KTkSmqu8Xc/e42FGGtT/JT + cUhA2KOuUGt4qjK7tCgvC6eTQsPWk224UG8gx5PsXreYzzxeAn6tHmxJd9ckJ63n + dOFN0yoo0JMwu6AJ2V+oaSZWgg4jFC6E/fJ+L8juWGVYwtfVIPF3PmZ94425Gxam + RftfePcEJPTMSCIZY81DAVpJkewwfl0AspprMJi9fjvsrV+1y6naQApsbcPoXjmQ + C8l7w4K79G9bdPFmeYE3O9nkwgDaFw/17XGZBg59KtawJqFg/tzDKOCwUretPafV + 11fNJs4pit83Z++8Nb4+QtyruK0LXrEkgAt1lFTN5EqoRVQ/iqp/bYokybJ2tltu + A7B5zTffazGvHUT3iMBLVYI7ICCC8a/LoroUA1ZOomfXn6zDgDpf5SCIi9SYTSHm + iYQ/EV+3dRU1byV87hHBfIRkcsHHo1wNU6rjIFIsGMt68uXCIltt2wetZPTWI0+A + /fOHKY7ouBj0+aPiA1lXQ19dvIX4AIYnCrnYAHVrJEqscWHw3uXjnESS3L9awZ5M + xFNWGO2Jb++h9xQ3IB8t/SwL1BG/qhPaN9ixdHjWrxg3O9cM5/PIOz9To4+46j7K + YxVB9d8Cay2uw1Hbm1bmJOHZWK47PZbBkAdnJIws6nWJVtzdEpOH3C/M1ISIKRfS + XgGhM3HvrPDEbrrlKD6ilUbOwNqRpN1jsWoGqfvSY9KPm46+E+iq9XzpCfo4YC23 + KBxKgMOe45Qf2llvF+bt9gNoQscG2lrxJCgmgNq/87zdz+zr9MB5MpMXY7ZaYUI= + =o3ND -----END PGP MESSAGE----- fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83 unencrypted_suffix: _unencrypted - version: 3.10.1 + version: 3.10.2 From ff577ae5a2737ed4724ca8e4121931db8315372f Mon Sep 17 00:00:00 2001 From: Clara Dautermann Date: Sun, 20 Jul 2025 00:13:40 +0200 Subject: [PATCH 2/2] finished misskey setup --- configs/services/mastodon.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configs/services/mastodon.nix b/configs/services/mastodon.nix index 4ddb97c..b41e0e0 100644 --- a/configs/services/mastodon.nix +++ b/configs/services/mastodon.nix @@ -9,7 +9,7 @@ in misskey = { enable = true; settings = { - url = "http://puppyplaypissparty.de"; + url = "https://puppyplaypissparty.de"; port = http_port; }; settings = { @@ -17,6 +17,7 @@ in user = dbuname; port = dbport; }; + setupPassword = "VMoV33ov$C6JxVVXHffuVxHaqf^Cbmr9V1GSNgkyF6pq939Wr@c1hgfN7iD9%$De"; }; };