From 74e9b18499217c8adc6ac6112a8cfc9c65c35b5d Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Wed, 13 Sep 2023 11:09:41 +0200 Subject: [PATCH] feat(compute01): Deploy mastodon on social.dgnum.eu --- machines/compute01/_configuration.nix | 1 + machines/compute01/mastodon.nix | 46 +++++++++++++++++++ .../compute01/secrets/mastodon-extra_env_file | 22 +++++++++ machines/compute01/secrets/secrets.nix | 1 + 4 files changed, 70 insertions(+) create mode 100644 machines/compute01/mastodon.nix create mode 100644 machines/compute01/secrets/mastodon-extra_env_file diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index a0a2cfd..84c56f1 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -13,6 +13,7 @@ let # List of services to enable enabledServices = [ + "mastodon" "nextcloud" ]; in diff --git a/machines/compute01/mastodon.nix b/machines/compute01/mastodon.nix new file mode 100644 index 0000000..dc34407 --- /dev/null +++ b/machines/compute01/mastodon.nix @@ -0,0 +1,46 @@ +{ config, lib, dgn-lib, ... }: + +let + inherit (dgn-lib) setDefault; + + host = "social.dgnum.eu"; +in { + services.mastodon = { + enable = true; + + localDomain = host; + smtp = { + # TODO: smtp setup + fromAddress = "social@services.dgnum.eu"; + + }; + + configureNginx = true; + + extraConfig = { + # https://docs.codeberg.org/codeberg-pages/redirects/ is not yet active + # LOCAL_DOMAIN = "dgnum.eu"; + WEB_DOMAIN = host; + + RAILS_LOG_LEVEL = "warn"; + + # ObjectStorage configuration + S3_ENABLED = "true"; + S3_BUCKET = "mastodon-dgnum"; + S3_REGION = "garage"; + S3_HOSTNAME = "s3.dgnum.eu"; + S3_ALIAS_HOST = "cdn.dgnum.eu"; + + # TODO: Setup SAML & OIDC + # OIDC_ENABLED = true; + # SAML_ENABLED = true; + }; + + extraEnvFiles = [ config.age.secrets."mastodon-extra_env_file".path ]; + }; + + dgn-secrets.options = [ + (setDefault { owner = "mastodon"; } + (builtins.filter (lib.hasPrefix "mastodon-") config.dgn-secrets.names)) + ]; +} diff --git a/machines/compute01/secrets/mastodon-extra_env_file b/machines/compute01/secrets/mastodon-extra_env_file new file mode 100644 index 0000000..b2fc2cb --- /dev/null +++ b/machines/compute01/secrets/mastodon-extra_env_file @@ -0,0 +1,22 @@ +age-encryption.org/v1 +-> ssh-ed25519 tDqJRg xNNldkifAQwLOkeNpg+xXdxCaLnH0ziL7KiX58Wdyk8 +irS6sJtxQ9MIsbdAFWgl/jK+fmzA9p3ryApL1ZIeCqc +-> ssh-ed25519 jIXfPA lQSpiHzk48aMknwBSmF5pOTbyw5glnB5ZUYcJl6qthY +/1MF+IlsT/CPV7nOnsl/Wyv6y5Ek2ZBPjLxvTFf4PTE +-> ssh-ed25519 QlRB9Q QipZpn7OE0MN15+eLJc0VJY2erbHJpFu3KEH3AVSs18 +FbF8C0xeapi38xPaIdWTJ+nilygdDrkF6zga3TqpXKQ +-> ssh-rsa krWCLQ +F8bCPw//P3fDNTFSw6Rz9/bfyGTzhfhDm5rFBH+55WxKgqjozdl2Jih4mEP+U//E +W/qu/w0dl/Ezsg6EVSfwvbr9yVkkEQ4fIjWrqOrA7vWTrjZEizuKc3+X5UL1ph6B +4E4ycTSG+8IztcJMkInxbVGFkKf1NzUd+cR7jyk7kHvEFA0KGQm+IbQXoqtTpDbC +WmgmXxl+YHAtO2a7WvtW4awTvhVIVyTT0Y80kB7qg41fhlCz3/g+ba1KSvYXeEcz +xJws4w2Q4vWBrdx6R+pZz474+9/xoNOHgQBHkaaPX/uLH4lR52/1s+FW9fU+dZb2 +3N4WgwUmqZFRzXjnnLOHug +-> ssh-ed25519 /vwQcQ GFlgw/L4yEP9rYDV3clED6J0P2zvxYEfpn68VbUnAzU +FlNYopCEnLrSOWTWrDVeniiie5Yyc3bz8R0AMRr2zT8 +-> ssh-ed25519 0R97PA tqjjGtFmabpyOA0HqHj+UQ3uuWCKNqphljKjExRNjEg +oe8v9P1kT/NkigmqEVc2Gnj819qwZWRYDl1kZdirHcw +-> ^"=JjR6L-grease x!Vh }L4 'D|=jT\ +mjg7e7m0a15qA22d5KgAmDLIr70ZG/zOFSIGatd9nYBy +--- y4n3JGSjNqSdna6V9lb9GaSBd72nQpOebNaPGwaduuo +h4ėru;zzBJQٰNUYXC t\qKւ u~++?Uﺶٿ^~Vߘv͎'v )wv~>Ŭ23rcwPn,ӈ\|A@TP؇ \ No newline at end of file diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix index f5f87a7..7a01886 100644 --- a/machines/compute01/secrets/secrets.nix +++ b/machines/compute01/secrets/secrets.nix @@ -4,6 +4,7 @@ let in lib.setDefault { inherit publicKeys; } [ + "mastodon-extra_env_file" "nextcloud-adminpass_file" "nextcloud-s3_secret_file" ]