feat(compute01): Deploy mastodon on social.dgnum.eu

2023-09-13 11:09:41 +02:00 · 2023-09-13 11:09:41 +02:00 · 74e9b18499
commit 74e9b18499
parent 8ff860d3b8
4 changed files with 70 additions and 0 deletions
--- a/machines/compute01/_configuration.nix
+++ b/machines/compute01/_configuration.nix
@ -13,6 +13,7 @@ let

  # List of services to enable
  enabledServices = [
+    "mastodon"
    "nextcloud"
  ];
 in
--- a/machines/compute01/mastodon.nix
+++ b/machines/compute01/mastodon.nix
@ -0,0 +1,46 @@
+{ config, lib, dgn-lib, ... }:
+
+let
+  inherit (dgn-lib) setDefault;
+
+  host = "social.dgnum.eu";
+in {
+  services.mastodon = {
+    enable = true;
+
+    localDomain = host;
+    smtp = {
+      # TODO: smtp setup
+      fromAddress = "social@services.dgnum.eu";
+
+    };
+
+    configureNginx = true;
+
+    extraConfig = {
+      # https://docs.codeberg.org/codeberg-pages/redirects/ is not yet active
+      # LOCAL_DOMAIN = "dgnum.eu";
+      WEB_DOMAIN = host;
+
+      RAILS_LOG_LEVEL = "warn";
+
+      # ObjectStorage configuration
+      S3_ENABLED = "true";
+      S3_BUCKET = "mastodon-dgnum";
+      S3_REGION = "garage";
+      S3_HOSTNAME = "s3.dgnum.eu";
+      S3_ALIAS_HOST = "cdn.dgnum.eu";
+
+      # TODO: Setup SAML & OIDC
+      # OIDC_ENABLED = true;
+      # SAML_ENABLED = true;
+    };
+
+    extraEnvFiles = [ config.age.secrets."mastodon-extra_env_file".path ];
+  };
+
+  dgn-secrets.options = [
+    (setDefault { owner = "mastodon"; }
+      (builtins.filter (lib.hasPrefix "mastodon-") config.dgn-secrets.names))
+  ];
+}
--- a/machines/compute01/secrets/mastodon-extra_env_file
+++ b/machines/compute01/secrets/mastodon-extra_env_file
@ -0,0 +1,22 @@
+age-encryption.org/v1
+-> ssh-ed25519 tDqJRg xNNldkifAQwLOkeNpg+xXdxCaLnH0ziL7KiX58Wdyk8
+irS6sJtxQ9MIsbdAFWgl/jK+fmzA9p3ryApL1ZIeCqc
+-> ssh-ed25519 jIXfPA lQSpiHzk48aMknwBSmF5pOTbyw5glnB5ZUYcJl6qthY
+/1MF+IlsT/CPV7nOnsl/Wyv6y5Ek2ZBPjLxvTFf4PTE
+-> ssh-ed25519 QlRB9Q QipZpn7OE0MN15+eLJc0VJY2erbHJpFu3KEH3AVSs18
+FbF8C0xeapi38xPaIdWTJ+nilygdDrkF6zga3TqpXKQ
+-> ssh-rsa krWCLQ
+F8bCPw//P3fDNTFSw6Rz9/bfyGTzhfhDm5rFBH+55WxKgqjozdl2Jih4mEP+U//E
+W/qu/w0dl/Ezsg6EVSfwvbr9yVkkEQ4fIjWrqOrA7vWTrjZEizuKc3+X5UL1ph6B
+4E4ycTSG+8IztcJMkInxbVGFkKf1NzUd+cR7jyk7kHvEFA0KGQm+IbQXoqtTpDbC
+WmgmXxl+YHAtO2a7WvtW4awTvhVIVyTT0Y80kB7qg41fhlCz3/g+ba1KSvYXeEcz
+xJws4w2Q4vWBrdx6R+pZz474+9/xoNOHgQBHkaaPX/uLH4lR52/1s+FW9fU+dZb2
+3N4WgwUmqZFRzXjnnLOHug
+-> ssh-ed25519 /vwQcQ GFlgw/L4yEP9rYDV3clED6J0P2zvxYEfpn68VbUnAzU
+FlNYopCEnLrSOWTWrDVeniiie5Yyc3bz8R0AMRr2zT8
+-> ssh-ed25519 0R97PA tqjjGtFmabpyOA0HqHj+UQ3uuWCKNqphljKjExRNjEg
+oe8v9P1kT/NkigmqEVc2Gnj819qwZWRYDl1kZdirHcw
+-> ^"=JjR6L-grease x!Vh }L4 'D|=jT\
+mjg7e7m0a15qA22d5KgAmDLIr70ZG/zOFSIGatd9nYBy
+--- y4n3JGSjNqSdna6V9lb9GaSBd72nQpOebNaPGwaduuo
+Òh4„óï¡Ä—är¦u;zø²zÿñÈÌ–âBJ‰¢ŒQ›ŒÙ°üNUY‡‡ÆXCêÂtÜæÜ”øë\µqK¾ëÖ‚–u~ãÚ++?Uïº¶Ù¿^Úñ~Vß˜vÍŽ¤'‹Çèvû‡<C3BB>ðù)wµv~>ºÅ¬23rc’´‡¬õwÐØÇ<07>PnÝ,Óˆ•”\|âšA@¤TõƒPØ‡¯Â
--- a/machines/compute01/secrets/secrets.nix
+++ b/machines/compute01/secrets/secrets.nix
@ -4,6 +4,7 @@ let
 in

 lib.setDefault { inherit publicKeys; } [
+  "mastodon-extra_env_file"
  "nextcloud-adminpass_file"
  "nextcloud-s3_secret_file"
 ]